rebase: bump github.com/aws/aws-sdk-go from 1.44.249 to 1.44.254

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.249 to 1.44.254.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.249...v1.44.254)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2023-05-02 18:02:00 +00:00 committed by mergify[bot]
parent 6a4f847af6
commit 3d6cdce353
7 changed files with 788 additions and 259 deletions

2
go.mod
View File

@ -4,7 +4,7 @@ go 1.19
require ( require (
github.com/IBM/keyprotect-go-client v0.10.0 github.com/IBM/keyprotect-go-client v0.10.0
github.com/aws/aws-sdk-go v1.44.249 github.com/aws/aws-sdk-go v1.44.254
github.com/aws/aws-sdk-go-v2/service/sts v1.18.10 github.com/aws/aws-sdk-go-v2/service/sts v1.18.10
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000 github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
// TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag // TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag

4
go.sum
View File

@ -155,8 +155,8 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.44.249 h1:UbUvh/oYHdAD3vZjNi316M0NIupJsrqAcJckVuhaCB8= github.com/aws/aws-sdk-go v1.44.254 h1:8baW4yal2xGiM/Wm5/ZU10drS8sd+BVjMjPFjJx2ooc=
github.com/aws/aws-sdk-go v1.44.249/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.254/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY= github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=

View File

@ -3365,6 +3365,9 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "us-east-2", Region: "us-east-2",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-west-1",
}: endpoint{},
endpointKey{ endpointKey{
Region: "us-west-2", Region: "us-west-2",
}: endpoint{}, }: endpoint{},
@ -3715,12 +3718,6 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "ca-central-1", Region: "ca-central-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "ca-central-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.ca-central-1.amazonaws.com",
},
endpointKey{ endpointKey{
Region: "eu-central-1", Region: "eu-central-1",
}: endpoint{}, }: endpoint{},
@ -3745,51 +3742,6 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "eu-west-3", Region: "eu-west-3",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "fips-ca-central-1",
}: endpoint{
Hostname: "autoscaling-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ca-central-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-east-1",
}: endpoint{
Hostname: "autoscaling-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-east-2",
}: endpoint{
Hostname: "autoscaling-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-1",
}: endpoint{
Hostname: "autoscaling-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-2",
}: endpoint{
Hostname: "autoscaling-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
Deprecated: boxedTrue,
},
endpointKey{ endpointKey{
Region: "me-central-1", Region: "me-central-1",
}: endpoint{}, }: endpoint{},
@ -3802,39 +3754,15 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "us-east-1", Region: "us-east-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.us-east-1.amazonaws.com",
},
endpointKey{ endpointKey{
Region: "us-east-2", Region: "us-east-2",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-east-2",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.us-east-2.amazonaws.com",
},
endpointKey{ endpointKey{
Region: "us-west-1", Region: "us-west-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.us-west-1.amazonaws.com",
},
endpointKey{ endpointKey{
Region: "us-west-2", Region: "us-west-2",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-west-2",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.us-west-2.amazonaws.com",
},
}, },
}, },
"autoscaling-plans": service{ "autoscaling-plans": service{
@ -10877,6 +10805,9 @@ var awsPartition = partition{
}, },
"emr-serverless": service{ "emr-serverless": service{
Endpoints: serviceEndpoints{ Endpoints: serviceEndpoints{
endpointKey{
Region: "ap-east-1",
}: endpoint{},
endpointKey{ endpointKey{
Region: "ap-northeast-1", Region: "ap-northeast-1",
}: endpoint{}, }: endpoint{},
@ -10961,6 +10892,9 @@ var awsPartition = partition{
}, },
Deprecated: boxedTrue, Deprecated: boxedTrue,
}, },
endpointKey{
Region: "me-south-1",
}: endpoint{},
endpointKey{ endpointKey{
Region: "sa-east-1", Region: "sa-east-1",
}: endpoint{}, }: endpoint{},
@ -14815,6 +14749,12 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "ca-central-1", Region: "ca-central-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "ca-central-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "kafka-fips.ca-central-1.amazonaws.com",
},
endpointKey{ endpointKey{
Region: "eu-central-1", Region: "eu-central-1",
}: endpoint{}, }: endpoint{},
@ -14839,6 +14779,51 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "eu-west-3", Region: "eu-west-3",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "fips-ca-central-1",
}: endpoint{
Hostname: "kafka-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ca-central-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-east-1",
}: endpoint{
Hostname: "kafka-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-east-2",
}: endpoint{
Hostname: "kafka-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-1",
}: endpoint{
Hostname: "kafka-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-2",
}: endpoint{
Hostname: "kafka-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
Deprecated: boxedTrue,
},
endpointKey{ endpointKey{
Region: "me-central-1", Region: "me-central-1",
}: endpoint{}, }: endpoint{},
@ -14851,15 +14836,39 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "us-east-1", Region: "us-east-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "kafka-fips.us-east-1.amazonaws.com",
},
endpointKey{ endpointKey{
Region: "us-east-2", Region: "us-east-2",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-east-2",
Variant: fipsVariant,
}: endpoint{
Hostname: "kafka-fips.us-east-2.amazonaws.com",
},
endpointKey{ endpointKey{
Region: "us-west-1", Region: "us-west-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "kafka-fips.us-west-1.amazonaws.com",
},
endpointKey{ endpointKey{
Region: "us-west-2", Region: "us-west-2",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-west-2",
Variant: fipsVariant,
}: endpoint{
Hostname: "kafka-fips.us-west-2.amazonaws.com",
},
}, },
}, },
"kafkaconnect": service{ "kafkaconnect": service{
@ -19503,6 +19512,40 @@ var awsPartition = partition{
}, },
}, },
}, },
"osis": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "ap-northeast-1",
}: endpoint{},
endpointKey{
Region: "ap-southeast-1",
}: endpoint{},
endpointKey{
Region: "ap-southeast-2",
}: endpoint{},
endpointKey{
Region: "eu-central-1",
}: endpoint{},
endpointKey{
Region: "eu-west-1",
}: endpoint{},
endpointKey{
Region: "eu-west-2",
}: endpoint{},
endpointKey{
Region: "us-east-1",
}: endpoint{},
endpointKey{
Region: "us-east-2",
}: endpoint{},
endpointKey{
Region: "us-west-1",
}: endpoint{},
endpointKey{
Region: "us-west-2",
}: endpoint{},
},
},
"outposts": service{ "outposts": service{
Endpoints: serviceEndpoints{ Endpoints: serviceEndpoints{
endpointKey{ endpointKey{
@ -21855,16 +21898,6 @@ var awsPartition = partition{
}, },
}, },
Endpoints: serviceEndpoints{ Endpoints: serviceEndpoints{
endpointKey{
Region: "af-south-1",
}: endpoint{
Hostname: "resource-explorer-2.af-south-1.api.aws",
},
endpointKey{
Region: "ap-east-1",
}: endpoint{
Hostname: "resource-explorer-2.ap-east-1.api.aws",
},
endpointKey{ endpointKey{
Region: "ap-northeast-1", Region: "ap-northeast-1",
}: endpoint{ }: endpoint{
@ -22295,6 +22328,9 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "ap-southeast-3", Region: "ap-southeast-3",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{},
endpointKey{ endpointKey{
Region: "ca-central-1", Region: "ca-central-1",
}: endpoint{}, }: endpoint{},
@ -28832,6 +28868,14 @@ var awsPartition = partition{
}, },
Deprecated: boxedTrue, Deprecated: boxedTrue,
}, },
endpointKey{
Region: "fips-il-central-1",
}: endpoint{
Hostname: "waf-regional-fips.il-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "il-central-1",
},
},
endpointKey{ endpointKey{
Region: "fips-me-central-1", Region: "fips-me-central-1",
}: endpoint{ }: endpoint{
@ -29538,6 +29582,14 @@ var awsPartition = partition{
}, },
Deprecated: boxedTrue, Deprecated: boxedTrue,
}, },
endpointKey{
Region: "fips-il-central-1",
}: endpoint{
Hostname: "wafv2-fips.il-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "il-central-1",
},
},
endpointKey{ endpointKey{
Region: "fips-me-central-1", Region: "fips-me-central-1",
}: endpoint{ }: endpoint{
@ -31262,6 +31314,16 @@ var awscnPartition = partition{
}: endpoint{}, }: endpoint{},
}, },
}, },
"license-manager-linux-subscriptions": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "cn-north-1",
}: endpoint{},
endpointKey{
Region: "cn-northwest-1",
}: endpoint{},
},
},
"logs": service{ "logs": service{
Endpoints: serviceEndpoints{ Endpoints: serviceEndpoints{
endpointKey{ endpointKey{
@ -35161,10 +35223,56 @@ var awsusgovPartition = partition{
Endpoints: serviceEndpoints{ Endpoints: serviceEndpoints{
endpointKey{ endpointKey{
Region: "us-gov-east-1", Region: "us-gov-east-1",
}: endpoint{}, }: endpoint{
Hostname: "kafka.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "kafka.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
},
endpointKey{
Region: "us-gov-east-1-fips",
}: endpoint{
Hostname: "kafka.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{ endpointKey{
Region: "us-gov-west-1", Region: "us-gov-west-1",
}: endpoint{}, }: endpoint{
Hostname: "kafka.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
},
endpointKey{
Region: "us-gov-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "kafka.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
},
endpointKey{
Region: "us-gov-west-1-fips",
}: endpoint{
Hostname: "kafka.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
Deprecated: boxedTrue,
},
}, },
}, },
"kendra": service{ "kendra": service{
@ -38030,6 +38138,13 @@ var awsisoPartition = partition{
}: endpoint{}, }: endpoint{},
}, },
}, },
"athena": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "us-iso-east-1",
}: endpoint{},
},
},
"autoscaling": service{ "autoscaling": service{
Endpoints: serviceEndpoints{ Endpoints: serviceEndpoints{
endpointKey{ endpointKey{
@ -39244,6 +39359,13 @@ var awsisobPartition = partition{
}: endpoint{}, }: endpoint{},
}, },
}, },
"secretsmanager": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "us-isob-east-1",
}: endpoint{},
},
},
"snowball": service{ "snowball": service{
Endpoints: serviceEndpoints{ Endpoints: serviceEndpoints{
endpointKey{ endpointKey{

View File

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go" const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK // SDKVersion is the version of this SDK
const SDKVersion = "1.44.249" const SDKVersion = "1.44.254"

View File

@ -44635,10 +44635,10 @@ func (c *EC2) ModifyInstanceAttributeRequest(input *ModifyInstanceAttributeInput
// only one attribute at a time. // only one attribute at a time.
// //
// Note: Using this action to change the security groups associated with an // Note: Using this action to change the security groups associated with an
// elastic network interface (ENI) attached to an instance in a VPC can result // elastic network interface (ENI) attached to an instance can result in an
// in an error if the instance has more than one ENI. To change the security // error if the instance has more than one ENI. To change the security groups
// groups associated with an ENI attached to an instance that has multiple ENIs, // associated with an ENI attached to an instance that has multiple ENIs, we
// we recommend that you use the ModifyNetworkInterfaceAttribute action. // recommend that you use the ModifyNetworkInterfaceAttribute action.
// //
// To modify some attributes, the instance must be stopped. For more information, // To modify some attributes, the instance must be stopped. For more information,
// see Modify a stopped instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html) // see Modify a stopped instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html)
@ -46037,10 +46037,6 @@ func (c *EC2) ModifyReservedInstancesRequest(input *ModifyReservedInstancesInput
// For more information, see Modifying Reserved Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) // For more information, see Modifying Reserved Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html)
// in the Amazon EC2 User Guide. // in the Amazon EC2 User Guide.
// //
// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic
// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html)
// in the Amazon Elastic Compute Cloud User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about // with awserr.Error's Code and Message methods to get detailed information about
// the error. // the error.
@ -49242,10 +49238,6 @@ func (c *EC2) PurchaseReservedInstancesOfferingRequest(input *PurchaseReservedIn
// and Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) // and Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html)
// in the Amazon EC2 User Guide. // in the Amazon EC2 User Guide.
// //
// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic
// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html)
// in the Amazon Elastic Compute Cloud User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about // with awserr.Error's Code and Message methods to get detailed information about
// the error. // the error.
@ -51216,10 +51208,6 @@ func (c *EC2) RequestSpotInstancesRequest(input *RequestSpotInstancesInput) (req
// see Which is the best Spot request method to use? (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) // see Which is the best Spot request method to use? (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use)
// in the Amazon EC2 User Guide for Linux Instances. // in the Amazon EC2 User Guide for Linux Instances.
// //
// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic
// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html)
// in the Amazon EC2 User Guide for Linux Instances.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about // with awserr.Error's Code and Message methods to get detailed information about
// the error. // the error.
@ -52481,20 +52469,13 @@ func (c *EC2) RunInstancesRequest(input *RunInstancesInput) (req *request.Reques
// You can specify a number of options, or leave the default options. The following // You can specify a number of options, or leave the default options. The following
// rules apply: // rules apply:
// //
// - [EC2-VPC] If you don't specify a subnet ID, we choose a default subnet // - If you don't specify a subnet ID, we choose a default subnet from your
// from your default VPC for you. If you don't have a default VPC, you must // default VPC for you. If you don't have a default VPC, you must specify
// specify a subnet ID in the request. // a subnet ID in the request.
// //
// - [EC2-Classic] If don't specify an Availability Zone, we choose one for // - All instances have a network interface with a primary private IPv4 address.
// you. // If you don't specify this address, we choose one from the IPv4 range of
// // your subnet.
// - Some instance types must be launched into a VPC. If you do not have
// a default VPC, or if you do not specify a subnet ID, the request fails.
// For more information, see Instance types available only in a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html#vpc-only-instance-types).
//
// - [EC2-VPC] All instances have a network interface with a primary private
// IPv4 address. If you don't specify this address, we choose one from the
// IPv4 range of your subnet.
// //
// - Not all instance types support IPv6 addresses. For more information, // - Not all instance types support IPv6 addresses. For more information,
// see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html). // see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html).
@ -52528,10 +52509,6 @@ func (c *EC2) RunInstancesRequest(input *RunInstancesInput) (req *request.Reques
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html), // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html),
// and Troubleshooting connecting to your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html). // and Troubleshooting connecting to your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html).
// //
// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic
// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html)
// in the Amazon EC2 User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about // with awserr.Error's Code and Message methods to get detailed information about
// the error. // the error.
@ -62958,7 +62935,7 @@ type CancelSpotInstanceRequestsInput struct {
// it is UnauthorizedOperation. // it is UnauthorizedOperation.
DryRun *bool `locationName:"dryRun" type:"boolean"` DryRun *bool `locationName:"dryRun" type:"boolean"`
// One or more Spot Instance request IDs. // The IDs of the Spot Instance requests.
// //
// SpotInstanceRequestIds is a required field // SpotInstanceRequestIds is a required field
SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list" required:"true"` SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list" required:"true"`
@ -63011,7 +62988,7 @@ func (s *CancelSpotInstanceRequestsInput) SetSpotInstanceRequestIds(v []*string)
type CancelSpotInstanceRequestsOutput struct { type CancelSpotInstanceRequestsOutput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// One or more Spot Instance requests. // The Spot Instance requests.
CancelledSpotInstanceRequests []*CancelledSpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` CancelledSpotInstanceRequests []*CancelledSpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"`
} }
@ -66780,6 +66757,9 @@ func (s *CopySnapshotOutput) SetTags(v []*Tag) *CopySnapshotOutput {
type CpuOptions struct { type CpuOptions struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// Indicates whether the instance is enabled for AMD SEV-SNP.
AmdSevSnp *string `locationName:"amdSevSnp" type:"string" enum:"AmdSevSnpSpecification"`
// The number of CPU cores for the instance. // The number of CPU cores for the instance.
CoreCount *int64 `locationName:"coreCount" type:"integer"` CoreCount *int64 `locationName:"coreCount" type:"integer"`
@ -66805,6 +66785,12 @@ func (s CpuOptions) GoString() string {
return s.String() return s.String()
} }
// SetAmdSevSnp sets the AmdSevSnp field's value.
func (s *CpuOptions) SetAmdSevSnp(v string) *CpuOptions {
s.AmdSevSnp = &v
return s
}
// SetCoreCount sets the CoreCount field's value. // SetCoreCount sets the CoreCount field's value.
func (s *CpuOptions) SetCoreCount(v int64) *CpuOptions { func (s *CpuOptions) SetCoreCount(v int64) *CpuOptions {
s.CoreCount = &v s.CoreCount = &v
@ -66822,6 +66808,10 @@ func (s *CpuOptions) SetThreadsPerCore(v int64) *CpuOptions {
type CpuOptionsRequest struct { type CpuOptionsRequest struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is
// supported with M6a, R6a, and C6a instance types only.
AmdSevSnp *string `type:"string" enum:"AmdSevSnpSpecification"`
// The number of CPU cores for the instance. // The number of CPU cores for the instance.
CoreCount *int64 `type:"integer"` CoreCount *int64 `type:"integer"`
@ -66848,6 +66838,12 @@ func (s CpuOptionsRequest) GoString() string {
return s.String() return s.String()
} }
// SetAmdSevSnp sets the AmdSevSnp field's value.
func (s *CpuOptionsRequest) SetAmdSevSnp(v string) *CpuOptionsRequest {
s.AmdSevSnp = &v
return s
}
// SetCoreCount sets the CoreCount field's value. // SetCoreCount sets the CoreCount field's value.
func (s *CpuOptionsRequest) SetCoreCount(v int64) *CpuOptionsRequest { func (s *CpuOptionsRequest) SetCoreCount(v int64) *CpuOptionsRequest {
s.CoreCount = &v s.CoreCount = &v
@ -94409,8 +94405,8 @@ type DescribeInstanceTypesInput struct {
// One or more filters. Filter names and values are case-sensitive. // One or more filters. Filter names and values are case-sensitive.
// //
// * auto-recovery-supported - Indicates whether auto recovery is supported // * auto-recovery-supported - Indicates whether Amazon CloudWatch action
// (true | false). // based recovery is supported (true | false).
// //
// * bare-metal - Indicates whether it is a bare metal instance type (true // * bare-metal - Indicates whether it is a bare metal instance type (true
// | false). // | false).
@ -94699,12 +94695,6 @@ type DescribeInstancesInput struct {
// //
// * dns-name - The public DNS name of the instance. // * dns-name - The public DNS name of the instance.
// //
// * group-id - The ID of the security group for the instance. EC2-Classic
// only.
//
// * group-name - The name of the security group for the instance. EC2-Classic
// only.
//
// * hibernation-options.configured - A Boolean that indicates whether the // * hibernation-options.configured - A Boolean that indicates whether the
// instance is enabled for hibernation. A value of true means that the instance // instance is enabled for hibernation. A value of true means that the instance
// is enabled for hibernation. // is enabled for hibernation.
@ -99709,16 +99699,11 @@ type DescribeReservedInstancesInput struct {
// //
// * scope - The scope of the Reserved Instance (Region or Availability Zone). // * scope - The scope of the Reserved Instance (Region or Availability Zone).
// //
// * product-description - The Reserved Instance product platform description. // * product-description - The Reserved Instance product platform description
// Instances that include (Amazon VPC) in the product platform description // (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web
// will only be displayed to EC2-Classic account holders and are for use // | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux
// with Amazon VPC (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | SUSE // | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server
// Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise Linux // Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise).
// (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows
// | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with
// SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows
// with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise
// | Windows with SQL Server Enterprise (Amazon VPC)).
// //
// * reserved-instances-id - The ID of the Reserved Instance. // * reserved-instances-id - The ID of the Reserved Instance.
// //
@ -99920,9 +99905,6 @@ type DescribeReservedInstancesModificationsInput struct {
// * modification-result.target-configuration.instance-type - The instance // * modification-result.target-configuration.instance-type - The instance
// type of the new Reserved Instances. // type of the new Reserved Instances.
// //
// * modification-result.target-configuration.platform - The network platform
// of the new Reserved Instances (EC2-Classic | EC2-VPC).
//
// * reserved-instances-id - The ID of the Reserved Instances modified. // * reserved-instances-id - The ID of the Reserved Instances modified.
// //
// * reserved-instances-modification-id - The ID of the modification request. // * reserved-instances-modification-id - The ID of the modification request.
@ -100051,16 +100033,11 @@ type DescribeReservedInstancesOfferingsInput struct {
// all offerings from both Amazon Web Services and the Reserved Instance // all offerings from both Amazon Web Services and the Reserved Instance
// Marketplace are listed. // Marketplace are listed.
// //
// * product-description - The Reserved Instance product platform description. // * product-description - The Reserved Instance product platform description
// Instances that include (Amazon VPC) in the product platform description // (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web
// will only be displayed to EC2-Classic account holders and are for use // | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux
// with Amazon VPC. (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | // | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server
// SUSE Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise // Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise).
// Linux (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows
// | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with
// SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows
// with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise
// | Windows with SQL Server Enterprise (Amazon VPC))
// //
// * reserved-instances-offering-id - The Reserved Instances offering ID. // * reserved-instances-offering-id - The Reserved Instances offering ID.
// //
@ -100521,8 +100498,6 @@ type DescribeScheduledInstanceAvailabilityInput struct {
// //
// * instance-type - The instance type (for example, c4.large). // * instance-type - The instance type (for example, c4.large).
// //
// * network-platform - The network platform (EC2-Classic or EC2-VPC).
//
// * platform - The platform (Linux/UNIX or Windows). // * platform - The platform (Linux/UNIX or Windows).
Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
@ -100703,8 +100678,6 @@ type DescribeScheduledInstancesInput struct {
// //
// * instance-type - The instance type (for example, c4.large). // * instance-type - The instance type (for example, c4.large).
// //
// * network-platform - The network platform (EC2-Classic or EC2-VPC).
//
// * platform - The platform (Linux/UNIX or Windows). // * platform - The platform (Linux/UNIX or Windows).
Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
@ -102176,7 +102149,7 @@ type DescribeSpotInstanceRequestsInput struct {
// it is UnauthorizedOperation. // it is UnauthorizedOperation.
DryRun *bool `locationName:"dryRun" type:"boolean"` DryRun *bool `locationName:"dryRun" type:"boolean"`
// One or more filters. // The filters.
// //
// * availability-zone-group - The Availability Zone group. // * availability-zone-group - The Availability Zone group.
// //
@ -102293,7 +102266,7 @@ type DescribeSpotInstanceRequestsInput struct {
// from the end of the items returned by the previous request. // from the end of the items returned by the previous request.
NextToken *string `type:"string"` NextToken *string `type:"string"`
// One or more Spot Instance request IDs. // The IDs of the Spot Instance requests.
SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list"` SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list"`
} }
@ -102353,7 +102326,7 @@ type DescribeSpotInstanceRequestsOutput struct {
// value is null when there are no more items to return. // value is null when there are no more items to return.
NextToken *string `locationName:"nextToken" type:"string"` NextToken *string `locationName:"nextToken" type:"string"`
// One or more Spot Instance requests. // The Spot Instance requests.
SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"`
} }
@ -102404,7 +102377,7 @@ type DescribeSpotPriceHistoryInput struct {
// the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). // the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
EndTime *time.Time `locationName:"endTime" type:"timestamp"` EndTime *time.Time `locationName:"endTime" type:"timestamp"`
// One or more filters. // The filters.
// //
// * availability-zone - The Availability Zone for which prices should be // * availability-zone - The Availability Zone for which prices should be
// returned. // returned.
@ -127925,7 +127898,7 @@ type Instance struct {
// The monitoring for the instance. // The monitoring for the instance.
Monitoring *Monitoring `locationName:"monitoring" type:"structure"` Monitoring *Monitoring `locationName:"monitoring" type:"structure"`
// [EC2-VPC] The network interfaces for the instance. // The network interfaces for the instance.
NetworkInterfaces []*InstanceNetworkInterface `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` NetworkInterfaces []*InstanceNetworkInterface `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"`
// The Amazon Resource Name (ARN) of the Outpost. // The Amazon Resource Name (ARN) of the Outpost.
@ -127942,14 +127915,14 @@ type Instance struct {
// in the Amazon EC2 User Guide. // in the Amazon EC2 User Guide.
PlatformDetails *string `locationName:"platformDetails" type:"string"` PlatformDetails *string `locationName:"platformDetails" type:"string"`
// (IPv4 only) The private DNS hostname name assigned to the instance. This // [IPv4 only] The private DNS hostname name assigned to the instance. This
// DNS hostname can only be used inside the Amazon EC2 network. This name is // DNS hostname can only be used inside the Amazon EC2 network. This name is
// not available until the instance enters the running state. // not available until the instance enters the running state.
// //
// [EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private // The Amazon-provided DNS server resolves Amazon-provided private DNS hostnames
// DNS hostnames if you've enabled DNS resolution and DNS hostnames in your // if you've enabled DNS resolution and DNS hostnames in your VPC. If you are
// VPC. If you are not using the Amazon-provided DNS server in your VPC, your // not using the Amazon-provided DNS server in your VPC, your custom domain
// custom domain name servers must resolve the hostname as appropriate. // name servers must resolve the hostname as appropriate.
PrivateDnsName *string `locationName:"privateDnsName" type:"string"` PrivateDnsName *string `locationName:"privateDnsName" type:"string"`
// The options for the instance hostname. // The options for the instance hostname.
@ -127961,9 +127934,9 @@ type Instance struct {
// The product codes attached to this instance, if applicable. // The product codes attached to this instance, if applicable.
ProductCodes []*ProductCode `locationName:"productCodes" locationNameList:"item" type:"list"` ProductCodes []*ProductCode `locationName:"productCodes" locationNameList:"item" type:"list"`
// (IPv4 only) The public DNS name assigned to the instance. This name is not // [IPv4 only] The public DNS name assigned to the instance. This name is not
// available until the instance enters the running state. For EC2-VPC, this // available until the instance enters the running state. This name is only
// name is only available if you've enabled DNS hostnames for your VPC. // available if you've enabled DNS hostnames for your VPC.
PublicDnsName *string `locationName:"dnsName" type:"string"` PublicDnsName *string `locationName:"dnsName" type:"string"`
// The public IPv4 address, or the Carrier IP address assigned to the instance, // The public IPv4 address, or the Carrier IP address assigned to the instance,
@ -128005,7 +127978,7 @@ type Instance struct {
// The reason for the most recent state transition. This might be an empty string. // The reason for the most recent state transition. This might be an empty string.
StateTransitionReason *string `locationName:"reason" type:"string"` StateTransitionReason *string `locationName:"reason" type:"string"`
// [EC2-VPC] The ID of the subnet in which the instance is running. // The ID of the subnet in which the instance is running.
SubnetId *string `locationName:"subnetId" type:"string"` SubnetId *string `locationName:"subnetId" type:"string"`
// Any tags assigned to the instance. // Any tags assigned to the instance.
@ -128027,7 +128000,7 @@ type Instance struct {
// The virtualization type of the instance. // The virtualization type of the instance.
VirtualizationType *string `locationName:"virtualizationType" type:"string" enum:"VirtualizationType"` VirtualizationType *string `locationName:"virtualizationType" type:"string" enum:"VirtualizationType"`
// [EC2-VPC] The ID of the VPC in which the instance is running. // The ID of the VPC in which the instance is running.
VpcId *string `locationName:"vpcId" type:"string"` VpcId *string `locationName:"vpcId" type:"string"`
} }
@ -131820,7 +131793,7 @@ func (s *InstanceTagNotificationAttribute) SetInstanceTagKeys(v []*string) *Inst
type InstanceTypeInfo struct { type InstanceTypeInfo struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// Indicates whether auto recovery is supported. // Indicates whether Amazon CloudWatch action based recovery is supported.
AutoRecoverySupported *bool `locationName:"autoRecoverySupported" type:"boolean"` AutoRecoverySupported *bool `locationName:"autoRecoverySupported" type:"boolean"`
// Indicates whether the instance is a bare metal instance type. // Indicates whether the instance is a bare metal instance type.
@ -134896,7 +134869,7 @@ type LaunchSpecification struct {
// Deprecated. // Deprecated.
AddressingType *string `locationName:"addressingType" type:"string"` AddressingType *string `locationName:"addressingType" type:"string"`
// One or more block device mapping entries. // The block device mapping entries.
BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"`
// Indicates whether the instance is optimized for EBS I/O. This optimization // Indicates whether the instance is optimized for EBS I/O. This optimization
@ -134926,8 +134899,8 @@ type LaunchSpecification struct {
// Describes the monitoring of an instance. // Describes the monitoring of an instance.
Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"` Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"`
// One or more network interfaces. If you specify a network interface, you must // The network interfaces. If you specify a network interface, you must specify
// specify subnet IDs and security group IDs using the network interface. // subnet IDs and security group IDs using the network interface.
NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"`
// The placement information for the instance. // The placement information for the instance.
@ -134936,9 +134909,7 @@ type LaunchSpecification struct {
// The ID of the RAM disk. // The ID of the RAM disk.
RamdiskId *string `locationName:"ramdiskId" type:"string"` RamdiskId *string `locationName:"ramdiskId" type:"string"`
// One or more security groups. When requesting instances in a VPC, you must // The IDs of the security groups.
// specify the IDs of the security groups. When requesting instances in EC2-Classic,
// you can specify the names or the IDs of the security groups.
SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"`
// The ID of the subnet in which to launch the instance. // The ID of the subnet in which to launch the instance.
@ -135476,6 +135447,9 @@ func (s *LaunchTemplateConfig) SetOverrides(v []*LaunchTemplateOverrides) *Launc
type LaunchTemplateCpuOptions struct { type LaunchTemplateCpuOptions struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// Indicates whether the instance is enabled for AMD SEV-SNP.
AmdSevSnp *string `locationName:"amdSevSnp" type:"string" enum:"AmdSevSnpSpecification"`
// The number of CPU cores for the instance. // The number of CPU cores for the instance.
CoreCount *int64 `locationName:"coreCount" type:"integer"` CoreCount *int64 `locationName:"coreCount" type:"integer"`
@ -135501,6 +135475,12 @@ func (s LaunchTemplateCpuOptions) GoString() string {
return s.String() return s.String()
} }
// SetAmdSevSnp sets the AmdSevSnp field's value.
func (s *LaunchTemplateCpuOptions) SetAmdSevSnp(v string) *LaunchTemplateCpuOptions {
s.AmdSevSnp = &v
return s
}
// SetCoreCount sets the CoreCount field's value. // SetCoreCount sets the CoreCount field's value.
func (s *LaunchTemplateCpuOptions) SetCoreCount(v int64) *LaunchTemplateCpuOptions { func (s *LaunchTemplateCpuOptions) SetCoreCount(v int64) *LaunchTemplateCpuOptions {
s.CoreCount = &v s.CoreCount = &v
@ -135518,6 +135498,10 @@ func (s *LaunchTemplateCpuOptions) SetThreadsPerCore(v int64) *LaunchTemplateCpu
type LaunchTemplateCpuOptionsRequest struct { type LaunchTemplateCpuOptionsRequest struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is
// supported with M6a, R6a, and C6a instance types only.
AmdSevSnp *string `type:"string" enum:"AmdSevSnpSpecification"`
// The number of CPU cores for the instance. // The number of CPU cores for the instance.
CoreCount *int64 `type:"integer"` CoreCount *int64 `type:"integer"`
@ -135544,6 +135528,12 @@ func (s LaunchTemplateCpuOptionsRequest) GoString() string {
return s.String() return s.String()
} }
// SetAmdSevSnp sets the AmdSevSnp field's value.
func (s *LaunchTemplateCpuOptionsRequest) SetAmdSevSnp(v string) *LaunchTemplateCpuOptionsRequest {
s.AmdSevSnp = &v
return s
}
// SetCoreCount sets the CoreCount field's value. // SetCoreCount sets the CoreCount field's value.
func (s *LaunchTemplateCpuOptionsRequest) SetCoreCount(v int64) *LaunchTemplateCpuOptionsRequest { func (s *LaunchTemplateCpuOptionsRequest) SetCoreCount(v int64) *LaunchTemplateCpuOptionsRequest {
s.CoreCount = &v s.CoreCount = &v
@ -137087,8 +137077,8 @@ type LaunchTemplatePlacement struct {
// Reserved for future use. // Reserved for future use.
SpreadDomain *string `locationName:"spreadDomain" type:"string"` SpreadDomain *string `locationName:"spreadDomain" type:"string"`
// The tenancy of the instance (if the instance is running in a VPC). An instance // The tenancy of the instance. An instance with a tenancy of dedicated runs
// with a tenancy of dedicated runs on single-tenant hardware. // on single-tenant hardware.
Tenancy *string `locationName:"tenancy" type:"string" enum:"Tenancy"` Tenancy *string `locationName:"tenancy" type:"string" enum:"Tenancy"`
} }
@ -137196,8 +137186,8 @@ type LaunchTemplatePlacementRequest struct {
// Reserved for future use. // Reserved for future use.
SpreadDomain *string `type:"string"` SpreadDomain *string `type:"string"`
// The tenancy of the instance (if the instance is running in a VPC). An instance // The tenancy of the instance. An instance with a tenancy of dedicated runs
// with a tenancy of dedicated runs on single-tenant hardware. // on single-tenant hardware.
Tenancy *string `type:"string" enum:"Tenancy"` Tenancy *string `type:"string" enum:"Tenancy"`
} }
@ -141282,10 +141272,9 @@ type ModifyInstanceAttributeInput struct {
// a PV instance can make it unreachable. // a PV instance can make it unreachable.
EnaSupport *AttributeBooleanValue `locationName:"enaSupport" type:"structure"` EnaSupport *AttributeBooleanValue `locationName:"enaSupport" type:"structure"`
// [EC2-VPC] Replaces the security groups of the instance with the specified // Replaces the security groups of the instance with the specified security
// security groups. You must specify at least one security group, even if it's // groups. You must specify the ID of at least one security group, even if it's
// just the default security group for the VPC. You must specify the security // just the default security group for the VPC.
// group ID, not the security group name.
Groups []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` Groups []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"`
// The ID of the instance. // The ID of the instance.
@ -152800,8 +152789,8 @@ type Placement struct {
// Reserved for future use. // Reserved for future use.
SpreadDomain *string `locationName:"spreadDomain" type:"string"` SpreadDomain *string `locationName:"spreadDomain" type:"string"`
// The tenancy of the instance (if the instance is running in a VPC). An instance // The tenancy of the instance. An instance with a tenancy of dedicated runs
// with a tenancy of dedicated runs on single-tenant hardware. // on single-tenant hardware.
// //
// This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet).
// The host tenancy is not supported for ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) // The host tenancy is not supported for ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html)
@ -153804,6 +153793,10 @@ type ProcessorInfo struct {
// The architectures supported by the instance type. // The architectures supported by the instance type.
SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list" enum:"ArchitectureType"` SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list" enum:"ArchitectureType"`
// Indicates whether the instance type supports AMD SEV-SNP. If the request
// returns amd-sev-snp, AMD SEV-SNP is supported. Otherwise, it is not supported.
SupportedFeatures []*string `locationName:"supportedFeatures" locationNameList:"item" type:"list" enum:"SupportedAdditionalProcessorFeature"`
// The speed of the processor, in GHz. // The speed of the processor, in GHz.
SustainedClockSpeedInGhz *float64 `locationName:"sustainedClockSpeedInGhz" type:"double"` SustainedClockSpeedInGhz *float64 `locationName:"sustainedClockSpeedInGhz" type:"double"`
} }
@ -153832,6 +153825,12 @@ func (s *ProcessorInfo) SetSupportedArchitectures(v []*string) *ProcessorInfo {
return s return s
} }
// SetSupportedFeatures sets the SupportedFeatures field's value.
func (s *ProcessorInfo) SetSupportedFeatures(v []*string) *ProcessorInfo {
s.SupportedFeatures = v
return s
}
// SetSustainedClockSpeedInGhz sets the SustainedClockSpeedInGhz field's value. // SetSustainedClockSpeedInGhz sets the SustainedClockSpeedInGhz field's value.
func (s *ProcessorInfo) SetSustainedClockSpeedInGhz(v float64) *ProcessorInfo { func (s *ProcessorInfo) SetSustainedClockSpeedInGhz(v float64) *ProcessorInfo {
s.SustainedClockSpeedInGhz = &v s.SustainedClockSpeedInGhz = &v
@ -158263,8 +158262,14 @@ type RequestLaunchTemplateData struct {
// //
// * resolve:ssm:parameter-name:label // * resolve:ssm:parameter-name:label
// //
// For more information, see Use a Systems Manager parameter to find an AMI // * resolve:ssm:public-parameter
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI) //
// Currently, EC2 Fleet and Spot Fleet do not support specifying a Systems Manager
// parameter. If the launch template will be used by an EC2 Fleet or Spot Fleet,
// you must specify the AMI ID.
//
// For more information, see Use a Systems Manager parameter instead of an AMI
// ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id)
// in the Amazon Elastic Compute Cloud User Guide. // in the Amazon Elastic Compute Cloud User Guide.
ImageId *string `type:"string"` ImageId *string `type:"string"`
@ -158934,7 +158939,7 @@ func (s *RequestSpotInstancesInput) SetValidUntil(v time.Time) *RequestSpotInsta
type RequestSpotInstancesOutput struct { type RequestSpotInstancesOutput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// One or more Spot Instance requests. // The Spot Instance requests.
SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"`
} }
@ -158969,8 +158974,8 @@ type RequestSpotLaunchSpecification struct {
// Deprecated. // Deprecated.
AddressingType *string `locationName:"addressingType" type:"string"` AddressingType *string `locationName:"addressingType" type:"string"`
// One or more block device mapping entries. You can't specify both a snapshot // The block device mapping entries. You can't specify both a snapshot ID and
// ID and an encryption value. This is because only blank volumes can be encrypted // an encryption value. This is because only blank volumes can be encrypted
// on creation. If a snapshot is the basis for a volume, it is not blank and // on creation. If a snapshot is the basis for a volume, it is not blank and
// its encryption status is used for the volume encryption status. // its encryption status is used for the volume encryption status.
BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"`
@ -159004,8 +159009,8 @@ type RequestSpotLaunchSpecification struct {
// Default: Disabled // Default: Disabled
Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"` Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"`
// One or more network interfaces. If you specify a network interface, you must // The network interfaces. If you specify a network interface, you must specify
// specify subnet IDs and security group IDs using the network interface. // subnet IDs and security group IDs using the network interface.
NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"NetworkInterface" locationNameList:"item" type:"list"` NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"NetworkInterface" locationNameList:"item" type:"list"`
// The placement information for the instance. // The placement information for the instance.
@ -159014,12 +159019,10 @@ type RequestSpotLaunchSpecification struct {
// The ID of the RAM disk. // The ID of the RAM disk.
RamdiskId *string `locationName:"ramdiskId" type:"string"` RamdiskId *string `locationName:"ramdiskId" type:"string"`
// One or more security group IDs. // The IDs of the security groups.
SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"`
// One or more security groups. When requesting instances in a VPC, you must // Not supported.
// specify the IDs of the security groups. When requesting instances in EC2-Classic,
// you can specify the names or the IDs of the security groups.
SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"item" type:"list"` SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"item" type:"list"`
// The ID of the subnet in which to launch the instance. // The ID of the subnet in which to launch the instance.
@ -159169,7 +159172,7 @@ func (s *RequestSpotLaunchSpecification) SetUserData(v string) *RequestSpotLaunc
type Reservation struct { type Reservation struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// [EC2-Classic only] The security groups. // Not supported.
Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"`
// The instances. // The instances.
@ -159689,8 +159692,7 @@ type ReservedInstancesConfiguration struct {
// The instance type for the modified Reserved Instances. // The instance type for the modified Reserved Instances.
InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"`
// The network platform of the modified Reserved Instances, which is either // The network platform of the modified Reserved Instances.
// EC2-Classic or EC2-VPC.
Platform *string `locationName:"platform" type:"string"` Platform *string `locationName:"platform" type:"string"`
// Whether the Reserved Instance is applied to instances in a Region or instances // Whether the Reserved Instance is applied to instances in a Region or instances
@ -163052,9 +163054,9 @@ type RunInstancesInput struct {
// Default: m1.small // Default: m1.small
InstanceType *string `type:"string" enum:"InstanceType"` InstanceType *string `type:"string" enum:"InstanceType"`
// [EC2-VPC] The number of IPv6 addresses to associate with the primary network // The number of IPv6 addresses to associate with the primary network interface.
// interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. // Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You
// You cannot specify this option and the option to assign specific IPv6 addresses // cannot specify this option and the option to assign specific IPv6 addresses
// in the same request. You can specify this option if you've specified a minimum // in the same request. You can specify this option if you've specified a minimum
// number of instances to launch. // number of instances to launch.
// //
@ -163062,10 +163064,10 @@ type RunInstancesInput struct {
// request. // request.
Ipv6AddressCount *int64 `type:"integer"` Ipv6AddressCount *int64 `type:"integer"`
// [EC2-VPC] The IPv6 addresses from the range of the subnet to associate with // The IPv6 addresses from the range of the subnet to associate with the primary
// the primary network interface. You cannot specify this option and the option // network interface. You cannot specify this option and the option to assign
// to assign a number of IPv6 addresses in the same request. You cannot specify // a number of IPv6 addresses in the same request. You cannot specify this option
// this option if you've specified a minimum number of instances to launch. // if you've specified a minimum number of instances to launch.
// //
// You cannot specify this option and the network interfaces option in the same // You cannot specify this option and the network interfaces option in the same
// request. // request.
@ -163139,8 +163141,8 @@ type RunInstancesInput struct {
// the subnet. // the subnet.
PrivateDnsNameOptions *PrivateDnsNameOptionsRequest `type:"structure"` PrivateDnsNameOptions *PrivateDnsNameOptionsRequest `type:"structure"`
// [EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 // The primary IPv4 address. You must specify a value from the IPv4 address
// address range of the subnet. // range of the subnet.
// //
// Only one private IP address can be designated as primary. You can't specify // Only one private IP address can be designated as primary. You can't specify
// this option if you've specified the option to designate a private IP address // this option if you've specified the option to designate a private IP address
@ -163168,7 +163170,7 @@ type RunInstancesInput struct {
// as part of the network interface. // as part of the network interface.
SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"`
// [EC2-Classic, default VPC] The names of the security groups. // [Default VPC] The names of the security groups.
// //
// If you specify a network interface, you must specify any security groups // If you specify a network interface, you must specify any security groups
// as part of the network interface. // as part of the network interface.
@ -163176,7 +163178,7 @@ type RunInstancesInput struct {
// Default: Amazon EC2 uses the default security group. // Default: Amazon EC2 uses the default security group.
SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"SecurityGroup" type:"list"` SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"SecurityGroup" type:"list"`
// [EC2-VPC] The ID of the subnet to launch the instance into. // The ID of the subnet to launch the instance into.
// //
// If you specify a network interface, you must specify any subnets as part // If you specify a network interface, you must specify any subnets as part
// of the network interface. // of the network interface.
@ -163844,7 +163846,7 @@ type ScheduledInstance struct {
// The instance type. // The instance type.
InstanceType *string `locationName:"instanceType" type:"string"` InstanceType *string `locationName:"instanceType" type:"string"`
// The network platform (EC2-Classic or EC2-VPC). // The network platform.
NetworkPlatform *string `locationName:"networkPlatform" type:"string"` NetworkPlatform *string `locationName:"networkPlatform" type:"string"`
// The time for the next schedule to start. // The time for the next schedule to start.
@ -164009,7 +164011,7 @@ type ScheduledInstanceAvailability struct {
// The minimum term. The only possible value is 365 days. // The minimum term. The only possible value is 365 days.
MinTermDurationInDays *int64 `locationName:"minTermDurationInDays" type:"integer"` MinTermDurationInDays *int64 `locationName:"minTermDurationInDays" type:"integer"`
// The network platform (EC2-Classic or EC2-VPC). // The network platform.
NetworkPlatform *string `locationName:"networkPlatform" type:"string"` NetworkPlatform *string `locationName:"networkPlatform" type:"string"`
// The platform (Linux/UNIX or Windows). // The platform (Linux/UNIX or Windows).
@ -167498,9 +167500,7 @@ type SpotFleetLaunchSpecification struct {
// Resource Center and search for the kernel ID. // Resource Center and search for the kernel ID.
RamdiskId *string `locationName:"ramdiskId" type:"string"` RamdiskId *string `locationName:"ramdiskId" type:"string"`
// One or more security groups. When requesting instances in a VPC, you must // The security groups.
// specify the IDs of the security groups. When requesting instances in EC2-Classic,
// you can specify the names or the IDs of the security groups.
SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"`
// The maximum price per unit hour that you are willing to pay for a Spot Instance. // The maximum price per unit hour that you are willing to pay for a Spot Instance.
@ -181242,6 +181242,22 @@ func AllowsMultipleInstanceTypes_Values() []string {
} }
} }
const (
// AmdSevSnpSpecificationEnabled is a AmdSevSnpSpecification enum value
AmdSevSnpSpecificationEnabled = "enabled"
// AmdSevSnpSpecificationDisabled is a AmdSevSnpSpecification enum value
AmdSevSnpSpecificationDisabled = "disabled"
)
// AmdSevSnpSpecification_Values returns all elements of the AmdSevSnpSpecification enum
func AmdSevSnpSpecification_Values() []string {
return []string{
AmdSevSnpSpecificationEnabled,
AmdSevSnpSpecificationDisabled,
}
}
const ( const (
// AnalysisStatusRunning is a AnalysisStatus enum value // AnalysisStatusRunning is a AnalysisStatus enum value
AnalysisStatusRunning = "running" AnalysisStatusRunning = "running"
@ -189198,6 +189214,18 @@ func SummaryStatus_Values() []string {
} }
} }
const (
// SupportedAdditionalProcessorFeatureAmdSevSnp is a SupportedAdditionalProcessorFeature enum value
SupportedAdditionalProcessorFeatureAmdSevSnp = "amd-sev-snp"
)
// SupportedAdditionalProcessorFeature_Values returns all elements of the SupportedAdditionalProcessorFeature enum
func SupportedAdditionalProcessorFeature_Values() []string {
return []string{
SupportedAdditionalProcessorFeatureAmdSevSnp,
}
}
const ( const (
// TargetCapacityUnitTypeVcpu is a TargetCapacityUnitType enum value // TargetCapacityUnitTypeVcpu is a TargetCapacityUnitType enum value
TargetCapacityUnitTypeVcpu = "vcpu" TargetCapacityUnitTypeVcpu = "vcpu"

View File

@ -1458,11 +1458,16 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output
// see Best practices for IAM policies (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices) // see Best practices for IAM policies (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
// //
// Applications in Amazon Web Services Nitro Enclaves can call this operation // Decrypt also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html),
// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). // which provide an isolated compute environment in Amazon EC2. To call Decrypt
// For information about the supporting parameters, see How Amazon Web Services // for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) // or any Amazon Web Services SDK. Use the Recipient parameter to provide the
// in the Key Management Service Developer Guide. // attestation document for the enclave. Instead of the plaintext data, the
// response includes the plaintext data encrypted with the public key from the
// attestation document (CiphertextForRecipient).For information about the interaction
// between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services
// Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide..
// //
// The KMS key that you use for this operation must be in a compatible key state. // The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
@ -3375,11 +3380,18 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.
// For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
// //
// Applications in Amazon Web Services Nitro Enclaves can call this operation // GenerateDataKey also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html),
// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). // which provide an isolated compute environment in Amazon EC2. To call GenerateDataKey
// For information about the supporting parameters, see How Amazon Web Services // for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro
// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
// in the Key Management Service Developer Guide. // or any Amazon Web Services SDK. Use the Recipient parameter to provide the
// attestation document for the enclave. GenerateDataKey returns a copy of the
// data key encrypted under the specified KMS key, as usual. But instead of
// a plaintext copy of the data key, the response includes a copy of the data
// key encrypted under the public key from the attestation document (CiphertextForRecipient).
// For information about the interaction between KMS and Amazon Web Services
// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide..
// //
// The KMS key that you use for this operation must be in a compatible key state. // The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
@ -3599,6 +3611,20 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req *
// The private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC // The private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC
// 5958 (https://tools.ietf.org/html/rfc5958). // 5958 (https://tools.ietf.org/html/rfc5958).
// //
// GenerateDataKeyPair also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html),
// which provide an isolated compute environment in Amazon EC2. To call GenerateDataKeyPair
// for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro
// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
// or any Amazon Web Services SDK. Use the Recipient parameter to provide the
// attestation document for the enclave. GenerateDataKeyPair returns the public
// data key and a copy of the private data key encrypted under the specified
// KMS key, as usual. But instead of a plaintext copy of the private data key
// (PrivateKeyPlaintext), the response includes a copy of the private data key
// encrypted under the public key from the attestation document (CiphertextForRecipient).
// For information about the interaction between KMS and Amazon Web Services
// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide..
//
// You can use an optional encryption context to add additional security to // You can use an optional encryption context to add additional security to
// the encryption operation. If you specify an EncryptionContext, you must specify // the encryption operation. If you specify an EncryptionContext, you must specify
// the same encryption context (a case-sensitive exact match) when decrypting // the same encryption context (a case-sensitive exact match) when decrypting
@ -3987,7 +4013,7 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho
// keys, use the KeySpec parameter. // keys, use the KeySpec parameter.
// //
// To generate an SM4 data key (China Regions only), specify a KeySpec value // To generate an SM4 data key (China Regions only), specify a KeySpec value
// of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used // of AES_128 or NumberOfBytes value of 16. The symmetric encryption key used
// in China Regions to encrypt your data key is an SM4 encryption key. // in China Regions to encrypt your data key is an SM4 encryption key.
// //
// If the operation succeeds, you will find the encrypted copy of the data key // If the operation succeeds, you will find the encrypted copy of the data key
@ -4320,10 +4346,15 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re
// string in the CloudHSM cluster associated with an CloudHSM key store, use // string in the CloudHSM cluster associated with an CloudHSM key store, use
// the CustomKeyStoreId parameter. // the CustomKeyStoreId parameter.
// //
// Applications in Amazon Web Services Nitro Enclaves can call this operation // GenerateRandom also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html),
// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). // which provide an isolated compute environment in Amazon EC2. To call GenerateRandom
// For information about the supporting parameters, see How Amazon Web Services // for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) // or any Amazon Web Services SDK. Use the Recipient parameter to provide the
// attestation document for the enclave. Instead of plaintext bytes, the response
// includes the plaintext bytes encrypted under the public key from the attestation
// document (CiphertextForRecipient).For information about the interaction between
// KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro
// Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
// //
// For more information about entropy and random number generation, see Key // For more information about entropy and random number generation, see Key
@ -9620,6 +9651,9 @@ type CreateAliasInput struct {
// Specifies the alias name. This value must begin with alias/ followed by a // Specifies the alias name. This value must begin with alias/ followed by a
// name, such as alias/ExampleAlias. // name, such as alias/ExampleAlias.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// The AliasName value must be string of 1-256 characters. It can contain only // The AliasName value must be string of 1-256 characters. It can contain only
// alphanumeric characters, forward slashes (/), underscores (_), and dashes // alphanumeric characters, forward slashes (/), underscores (_), and dashes
// (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is // (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is
@ -9741,6 +9775,9 @@ type CreateCustomKeyStoreInput struct {
// in your Amazon Web Services account and Region. This parameter is required // in your Amazon Web Services account and Region. This parameter is required
// for all custom key stores. // for all custom key stores.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// CustomKeyStoreName is a required field // CustomKeyStoreName is a required field
CustomKeyStoreName *string `min:"1" type:"string" required:"true"` CustomKeyStoreName *string `min:"1" type:"string" required:"true"`
@ -10036,19 +10073,13 @@ type CreateGrantInput struct {
// Specifies a grant constraint. // Specifies a grant constraint.
// //
// KMS supports the EncryptionContextEquals and EncryptionContextSubset grant // Do not include confidential or sensitive information in this field. This
// constraints. Each constraint value can include up to 8 encryption context // field may be displayed in plaintext in CloudTrail logs and other output.
// pairs. The encryption context value in each constraint cannot exceed 384
// characters. For information about grant constraints, see Using grant constraints
// (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints)
// in the Key Management Service Developer Guide. For more information about
// encryption context, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context)
// in the Key Management Service Developer Guide .
// //
// The encryption context grant constraints allow the permissions in the grant // KMS supports the EncryptionContextEquals and EncryptionContextSubset grant
// only when the encryption context in the request matches (EncryptionContextEquals) // constraints, which allow the permissions in the grant only when the encryption
// or includes (EncryptionContextSubset) the encryption context specified in // context in the request matches (EncryptionContextEquals) or includes (EncryptionContextSubset)
// this structure. // the encryption context specified in the constraint.
// //
// The encryption context grant constraints are supported only on grant operations // The encryption context grant constraints are supported only on grant operations
// (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations) // (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations)
@ -10060,8 +10091,15 @@ type CreateGrantInput struct {
// permission have an equally strict or stricter encryption context constraint. // permission have an equally strict or stricter encryption context constraint.
// //
// You cannot use an encryption context grant constraint for cryptographic operations // You cannot use an encryption context grant constraint for cryptographic operations
// with asymmetric KMS keys or HMAC KMS keys. These keys don't support an encryption // with asymmetric KMS keys or HMAC KMS keys. Operations with these keys don't
// context. // support an encryption context.
//
// Each constraint value can include up to 8 encryption context pairs. The encryption
// context value in each constraint cannot exceed 384 characters. For information
// about grant constraints, see Using grant constraints (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints)
// in the Key Management Service Developer Guide. For more information about
// encryption context, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context)
// in the Key Management Service Developer Guide .
Constraints *GrantConstraints `type:"structure"` Constraints *GrantConstraints `type:"structure"`
// A list of grant tokens. // A list of grant tokens.
@ -10104,6 +10142,9 @@ type CreateGrantInput struct {
// A friendly name for the grant. Use this value to prevent the unintended creation // A friendly name for the grant. Use this value to prevent the unintended creation
// of duplicate grants when retrying this request. // of duplicate grants when retrying this request.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// When this value is absent, all CreateGrant requests result in a new grant // When this value is absent, all CreateGrant requests result in a new grant
// with a unique GrantId even if all the supplied parameters are identical. // with a unique GrantId even if all the supplied parameters are identical.
// This can result in unintended duplicates when you retry the CreateGrant request. // This can result in unintended duplicates when you retry the CreateGrant request.
@ -10323,10 +10364,12 @@ type CreateKeyInput struct {
// Deprecated: This parameter has been deprecated. Instead, use the KeySpec parameter. // Deprecated: This parameter has been deprecated. Instead, use the KeySpec parameter.
CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"`
// A description of the KMS key. // A description of the KMS key. Use a description that helps you decide whether
// the KMS key is appropriate for a task. The default value is an empty string
// (no description).
// //
// Use a description that helps you decide whether the KMS key is appropriate // Do not include confidential or sensitive information in this field. This
// for a task. The default value is an empty string (no description). // field may be displayed in plaintext in CloudTrail logs and other output.
// //
// To set or change the description after the key is created, use UpdateKeyDescription. // To set or change the description after the key is created, use UpdateKeyDescription.
Description *string `type:"string"` Description *string `type:"string"`
@ -10468,6 +10511,9 @@ type CreateKeyInput struct {
// Assigns one or more tags to the KMS key. Use this parameter to tag the KMS // Assigns one or more tags to the KMS key. Use this parameter to tag the KMS
// key when it is created. To tag an existing KMS key, use the TagResource operation. // key when it is created. To tag an existing KMS key, use the TagResource operation.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// Tagging or untagging a KMS key can allow or deny permission to the KMS key. // Tagging or untagging a KMS key can allow or deny permission to the KMS key.
// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
@ -11288,6 +11334,27 @@ type DecryptInput struct {
// To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
// To get the alias name and alias ARN, use ListAliases. // To get the alias name and alias ARN, use ListAliases.
KeyId *string `min:"1" type:"string"` KeyId *string `min:"1" type:"string"`
// A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc)
// from an Amazon Web Services Nitro enclave and the encryption algorithm to
// use with the enclave's public key. The only valid encryption algorithm is
// RSAES_OAEP_SHA_256.
//
// This parameter only supports attestation documents for Amazon Web Services
// Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro
// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
// or any Amazon Web Services SDK.
//
// When you use this parameter, instead of returning the plaintext data, KMS
// encrypts the plaintext data with the public key in the attestation document,
// and returns the resulting ciphertext in the CiphertextForRecipient field
// in the response. This ciphertext can be decrypted only with the private key
// in the enclave. The Plaintext field in the response is null or empty.
//
// For information about the interaction between KMS and Amazon Web Services
// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide.
Recipient *RecipientInfo `type:"structure"`
} }
// String returns the string representation. // String returns the string representation.
@ -11320,6 +11387,11 @@ func (s *DecryptInput) Validate() error {
if s.KeyId != nil && len(*s.KeyId) < 1 { if s.KeyId != nil && len(*s.KeyId) < 1 {
invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) invalidParams.Add(request.NewErrParamMinLen("KeyId", 1))
} }
if s.Recipient != nil {
if err := s.Recipient.Validate(); err != nil {
invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 { if invalidParams.Len() > 0 {
return invalidParams return invalidParams
@ -11357,9 +11429,26 @@ func (s *DecryptInput) SetKeyId(v string) *DecryptInput {
return s return s
} }
// SetRecipient sets the Recipient field's value.
func (s *DecryptInput) SetRecipient(v *RecipientInfo) *DecryptInput {
s.Recipient = v
return s
}
type DecryptOutput struct { type DecryptOutput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// The plaintext data encrypted with the public key in the attestation document.
//
// This field is included in the response only when the Recipient parameter
// in the request includes a valid attestation document from an Amazon Web Services
// Nitro enclave. For information about the interaction between KMS and Amazon
// Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses
// KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide.
// CiphertextForRecipient is automatically base64 encoded/decoded by the SDK.
CiphertextForRecipient []byte `min:"1" type:"blob"`
// The encryption algorithm that was used to decrypt the ciphertext. // The encryption algorithm that was used to decrypt the ciphertext.
EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"`
@ -11370,6 +11459,9 @@ type DecryptOutput struct {
// Decrypted plaintext data. When you use the HTTP API or the Amazon Web Services // Decrypted plaintext data. When you use the HTTP API or the Amazon Web Services
// CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.
// //
// If the response includes the CiphertextForRecipient field, the Plaintext
// field is null or empty.
//
// Plaintext is a sensitive parameter and its value will be // Plaintext is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by DecryptOutput's // replaced with "sensitive" in string returned by DecryptOutput's
// String and GoString methods. // String and GoString methods.
@ -11396,6 +11488,12 @@ func (s DecryptOutput) GoString() string {
return s.String() return s.String()
} }
// SetCiphertextForRecipient sets the CiphertextForRecipient field's value.
func (s *DecryptOutput) SetCiphertextForRecipient(v []byte) *DecryptOutput {
s.CiphertextForRecipient = v
return s
}
// SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. // SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.
func (s *DecryptOutput) SetEncryptionAlgorithm(v string) *DecryptOutput { func (s *DecryptOutput) SetEncryptionAlgorithm(v string) *DecryptOutput {
s.EncryptionAlgorithm = &v s.EncryptionAlgorithm = &v
@ -12461,6 +12559,9 @@ type EncryptInput struct {
// with a symmetric encryption KMS key. The standard asymmetric encryption algorithms // with a symmetric encryption KMS key. The standard asymmetric encryption algorithms
// and HMAC algorithms that KMS uses do not support an encryption context. // and HMAC algorithms that KMS uses do not support an encryption context.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// An encryption context is a collection of non-secret key-value pairs that // An encryption context is a collection of non-secret key-value pairs that
// represent additional authenticated data. When you use an encryption context // represent additional authenticated data. When you use an encryption context
// to encrypt data, you must specify the same (an exact case-sensitive match) // to encrypt data, you must specify the same (an exact case-sensitive match)
@ -12713,6 +12814,9 @@ type GenerateDataKeyInput struct {
// Specifies the encryption context that will be used when encrypting the data // Specifies the encryption context that will be used when encrypting the data
// key. // key.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// An encryption context is a collection of non-secret key-value pairs that // An encryption context is a collection of non-secret key-value pairs that
// represent additional authenticated data. When you use an encryption context // represent additional authenticated data. When you use an encryption context
// to encrypt data, you must specify the same (an exact case-sensitive match) // to encrypt data, you must specify the same (an exact case-sensitive match)
@ -12773,6 +12877,29 @@ type GenerateDataKeyInput struct {
// You must specify either the KeySpec or the NumberOfBytes parameter (but not // You must specify either the KeySpec or the NumberOfBytes parameter (but not
// both) in every GenerateDataKey request. // both) in every GenerateDataKey request.
NumberOfBytes *int64 `min:"1" type:"integer"` NumberOfBytes *int64 `min:"1" type:"integer"`
// A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc)
// from an Amazon Web Services Nitro enclave and the encryption algorithm to
// use with the enclave's public key. The only valid encryption algorithm is
// RSAES_OAEP_SHA_256.
//
// This parameter only supports attestation documents for Amazon Web Services
// Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro
// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
// or any Amazon Web Services SDK.
//
// When you use this parameter, instead of returning the plaintext data key,
// KMS encrypts the plaintext data key under the public key in the attestation
// document, and returns the resulting ciphertext in the CiphertextForRecipient
// field in the response. This ciphertext can be decrypted only with the private
// key in the enclave. The CiphertextBlob field in the response contains a copy
// of the data key encrypted under the KMS key specified by the KeyId parameter.
// The Plaintext field in the response is null or empty.
//
// For information about the interaction between KMS and Amazon Web Services
// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide.
Recipient *RecipientInfo `type:"structure"`
} }
// String returns the string representation. // String returns the string representation.
@ -12805,6 +12932,11 @@ func (s *GenerateDataKeyInput) Validate() error {
if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 {
invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1))
} }
if s.Recipient != nil {
if err := s.Recipient.Validate(); err != nil {
invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 { if invalidParams.Len() > 0 {
return invalidParams return invalidParams
@ -12842,6 +12974,12 @@ func (s *GenerateDataKeyInput) SetNumberOfBytes(v int64) *GenerateDataKeyInput {
return s return s
} }
// SetRecipient sets the Recipient field's value.
func (s *GenerateDataKeyInput) SetRecipient(v *RecipientInfo) *GenerateDataKeyInput {
s.Recipient = v
return s
}
type GenerateDataKeyOutput struct { type GenerateDataKeyOutput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
@ -12850,6 +12988,19 @@ type GenerateDataKeyOutput struct {
// CiphertextBlob is automatically base64 encoded/decoded by the SDK. // CiphertextBlob is automatically base64 encoded/decoded by the SDK.
CiphertextBlob []byte `min:"1" type:"blob"` CiphertextBlob []byte `min:"1" type:"blob"`
// The plaintext data key encrypted with the public key from the Nitro enclave.
// This ciphertext can be decrypted only by using a private key in the Nitro
// enclave.
//
// This field is included in the response only when the Recipient parameter
// in the request includes a valid attestation document from an Amazon Web Services
// Nitro enclave. For information about the interaction between KMS and Amazon
// Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses
// KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide.
// CiphertextForRecipient is automatically base64 encoded/decoded by the SDK.
CiphertextForRecipient []byte `min:"1" type:"blob"`
// The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN))
// of the KMS key that encrypted the data key. // of the KMS key that encrypted the data key.
KeyId *string `min:"1" type:"string"` KeyId *string `min:"1" type:"string"`
@ -12859,6 +13010,9 @@ type GenerateDataKeyOutput struct {
// this data key to encrypt your data outside of KMS. Then, remove it from memory // this data key to encrypt your data outside of KMS. Then, remove it from memory
// as soon as possible. // as soon as possible.
// //
// If the response includes the CiphertextForRecipient field, the Plaintext
// field is null or empty.
//
// Plaintext is a sensitive parameter and its value will be // Plaintext is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by GenerateDataKeyOutput's // replaced with "sensitive" in string returned by GenerateDataKeyOutput's
// String and GoString methods. // String and GoString methods.
@ -12891,6 +13045,12 @@ func (s *GenerateDataKeyOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyOutp
return s return s
} }
// SetCiphertextForRecipient sets the CiphertextForRecipient field's value.
func (s *GenerateDataKeyOutput) SetCiphertextForRecipient(v []byte) *GenerateDataKeyOutput {
s.CiphertextForRecipient = v
return s
}
// SetKeyId sets the KeyId field's value. // SetKeyId sets the KeyId field's value.
func (s *GenerateDataKeyOutput) SetKeyId(v string) *GenerateDataKeyOutput { func (s *GenerateDataKeyOutput) SetKeyId(v string) *GenerateDataKeyOutput {
s.KeyId = &v s.KeyId = &v
@ -12909,6 +13069,9 @@ type GenerateDataKeyPairInput struct {
// Specifies the encryption context that will be used when encrypting the private // Specifies the encryption context that will be used when encrypting the private
// key in the data key pair. // key in the data key pair.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// An encryption context is a collection of non-secret key-value pairs that // An encryption context is a collection of non-secret key-value pairs that
// represent additional authenticated data. When you use an encryption context // represent additional authenticated data. When you use an encryption context
// to encrypt data, you must specify the same (an exact case-sensitive match) // to encrypt data, you must specify the same (an exact case-sensitive match)
@ -12966,6 +13129,30 @@ type GenerateDataKeyPairInput struct {
// //
// KeyPairSpec is a required field // KeyPairSpec is a required field
KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"`
// A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc)
// from an Amazon Web Services Nitro enclave and the encryption algorithm to
// use with the enclave's public key. The only valid encryption algorithm is
// RSAES_OAEP_SHA_256.
//
// This parameter only supports attestation documents for Amazon Web Services
// Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro
// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
// or any Amazon Web Services SDK.
//
// When you use this parameter, instead of returning a plaintext copy of the
// private data key, KMS encrypts the plaintext private data key under the public
// key in the attestation document, and returns the resulting ciphertext in
// the CiphertextForRecipient field in the response. This ciphertext can be
// decrypted only with the private key in the enclave. The CiphertextBlob field
// in the response contains a copy of the private data key encrypted under the
// KMS key specified by the KeyId parameter. The PrivateKeyPlaintext field in
// the response is null or empty.
//
// For information about the interaction between KMS and Amazon Web Services
// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide.
Recipient *RecipientInfo `type:"structure"`
} }
// String returns the string representation. // String returns the string representation.
@ -12998,6 +13185,11 @@ func (s *GenerateDataKeyPairInput) Validate() error {
if s.KeyPairSpec == nil { if s.KeyPairSpec == nil {
invalidParams.Add(request.NewErrParamRequired("KeyPairSpec")) invalidParams.Add(request.NewErrParamRequired("KeyPairSpec"))
} }
if s.Recipient != nil {
if err := s.Recipient.Validate(); err != nil {
invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 { if invalidParams.Len() > 0 {
return invalidParams return invalidParams
@ -13029,9 +13221,28 @@ func (s *GenerateDataKeyPairInput) SetKeyPairSpec(v string) *GenerateDataKeyPair
return s return s
} }
// SetRecipient sets the Recipient field's value.
func (s *GenerateDataKeyPairInput) SetRecipient(v *RecipientInfo) *GenerateDataKeyPairInput {
s.Recipient = v
return s
}
type GenerateDataKeyPairOutput struct { type GenerateDataKeyPairOutput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// The plaintext private data key encrypted with the public key from the Nitro
// enclave. This ciphertext can be decrypted only by using a private key in
// the Nitro enclave.
//
// This field is included in the response only when the Recipient parameter
// in the request includes a valid attestation document from an Amazon Web Services
// Nitro enclave. For information about the interaction between KMS and Amazon
// Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses
// KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide.
// CiphertextForRecipient is automatically base64 encoded/decoded by the SDK.
CiphertextForRecipient []byte `min:"1" type:"blob"`
// The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN))
// of the KMS key that encrypted the private key. // of the KMS key that encrypted the private key.
KeyId *string `min:"1" type:"string"` KeyId *string `min:"1" type:"string"`
@ -13047,6 +13258,9 @@ type GenerateDataKeyPairOutput struct {
// The plaintext copy of the private key. When you use the HTTP API or the Amazon // The plaintext copy of the private key. When you use the HTTP API or the Amazon
// Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.
// //
// If the response includes the CiphertextForRecipient field, the PrivateKeyPlaintext
// field is null or empty.
//
// PrivateKeyPlaintext is a sensitive parameter and its value will be // PrivateKeyPlaintext is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by GenerateDataKeyPairOutput's // replaced with "sensitive" in string returned by GenerateDataKeyPairOutput's
// String and GoString methods. // String and GoString methods.
@ -13078,6 +13292,12 @@ func (s GenerateDataKeyPairOutput) GoString() string {
return s.String() return s.String()
} }
// SetCiphertextForRecipient sets the CiphertextForRecipient field's value.
func (s *GenerateDataKeyPairOutput) SetCiphertextForRecipient(v []byte) *GenerateDataKeyPairOutput {
s.CiphertextForRecipient = v
return s
}
// SetKeyId sets the KeyId field's value. // SetKeyId sets the KeyId field's value.
func (s *GenerateDataKeyPairOutput) SetKeyId(v string) *GenerateDataKeyPairOutput { func (s *GenerateDataKeyPairOutput) SetKeyId(v string) *GenerateDataKeyPairOutput {
s.KeyId = &v s.KeyId = &v
@ -13114,6 +13334,9 @@ type GenerateDataKeyPairWithoutPlaintextInput struct {
// Specifies the encryption context that will be used when encrypting the private // Specifies the encryption context that will be used when encrypting the private
// key in the data key pair. // key in the data key pair.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// An encryption context is a collection of non-secret key-value pairs that // An encryption context is a collection of non-secret key-value pairs that
// represent additional authenticated data. When you use an encryption context // represent additional authenticated data. When you use an encryption context
// to encrypt data, you must specify the same (an exact case-sensitive match) // to encrypt data, you must specify the same (an exact case-sensitive match)
@ -13303,6 +13526,9 @@ type GenerateDataKeyWithoutPlaintextInput struct {
// Specifies the encryption context that will be used when encrypting the data // Specifies the encryption context that will be used when encrypting the data
// key. // key.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// An encryption context is a collection of non-secret key-value pairs that // An encryption context is a collection of non-secret key-value pairs that
// represent additional authenticated data. When you use an encryption context // represent additional authenticated data. When you use an encryption context
// to encrypt data, you must specify the same (an exact case-sensitive match) // to encrypt data, you must specify the same (an exact case-sensitive match)
@ -13649,6 +13875,27 @@ type GenerateRandomInput struct {
// The length of the random byte string. This parameter is required. // The length of the random byte string. This parameter is required.
NumberOfBytes *int64 `min:"1" type:"integer"` NumberOfBytes *int64 `min:"1" type:"integer"`
// A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc)
// from an Amazon Web Services Nitro enclave and the encryption algorithm to
// use with the enclave's public key. The only valid encryption algorithm is
// RSAES_OAEP_SHA_256.
//
// This parameter only supports attestation documents for Amazon Web Services
// Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro
// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
// or any Amazon Web Services SDK.
//
// When you use this parameter, instead of returning plaintext bytes, KMS encrypts
// the plaintext bytes under the public key in the attestation document, and
// returns the resulting ciphertext in the CiphertextForRecipient field in the
// response. This ciphertext can be decrypted only with the private key in the
// enclave. The Plaintext field in the response is null or empty.
//
// For information about the interaction between KMS and Amazon Web Services
// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide.
Recipient *RecipientInfo `type:"structure"`
} }
// String returns the string representation. // String returns the string representation.
@ -13678,6 +13925,11 @@ func (s *GenerateRandomInput) Validate() error {
if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 {
invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1))
} }
if s.Recipient != nil {
if err := s.Recipient.Validate(); err != nil {
invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 { if invalidParams.Len() > 0 {
return invalidParams return invalidParams
@ -13697,12 +13949,34 @@ func (s *GenerateRandomInput) SetNumberOfBytes(v int64) *GenerateRandomInput {
return s return s
} }
// SetRecipient sets the Recipient field's value.
func (s *GenerateRandomInput) SetRecipient(v *RecipientInfo) *GenerateRandomInput {
s.Recipient = v
return s
}
type GenerateRandomOutput struct { type GenerateRandomOutput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// The plaintext random bytes encrypted with the public key from the Nitro enclave.
// This ciphertext can be decrypted only by using a private key in the Nitro
// enclave.
//
// This field is included in the response only when the Recipient parameter
// in the request includes a valid attestation document from an Amazon Web Services
// Nitro enclave. For information about the interaction between KMS and Amazon
// Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses
// KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide.
// CiphertextForRecipient is automatically base64 encoded/decoded by the SDK.
CiphertextForRecipient []byte `min:"1" type:"blob"`
// The random byte string. When you use the HTTP API or the Amazon Web Services // The random byte string. When you use the HTTP API or the Amazon Web Services
// CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.
// //
// If the response includes the CiphertextForRecipient field, the Plaintext
// field is null or empty.
//
// Plaintext is a sensitive parameter and its value will be // Plaintext is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by GenerateRandomOutput's // replaced with "sensitive" in string returned by GenerateRandomOutput's
// String and GoString methods. // String and GoString methods.
@ -13729,6 +14003,12 @@ func (s GenerateRandomOutput) GoString() string {
return s.String() return s.String()
} }
// SetCiphertextForRecipient sets the CiphertextForRecipient field's value.
func (s *GenerateRandomOutput) SetCiphertextForRecipient(v []byte) *GenerateRandomOutput {
s.CiphertextForRecipient = v
return s
}
// SetPlaintext sets the Plaintext field's value. // SetPlaintext sets the Plaintext field's value.
func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput {
s.Plaintext = v s.Plaintext = v
@ -17376,6 +17656,9 @@ type ReEncryptInput struct {
// Specifies that encryption context to use when the reencrypting the data. // Specifies that encryption context to use when the reencrypting the data.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// A destination encryption context is valid only when the destination KMS key // A destination encryption context is valid only when the destination KMS key
// is a symmetric encryption KMS key. The standard ciphertext format for asymmetric // is a symmetric encryption KMS key. The standard ciphertext format for asymmetric
// KMS keys does not include fields for metadata. // KMS keys does not include fields for metadata.
@ -17647,6 +17930,71 @@ func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput {
return s return s
} }
// Contains information about the party that receives the response from the
// API operation.
//
// This data type is designed to support Amazon Web Services Nitro Enclaves,
// which lets you create an isolated compute environment in Amazon EC2. For
// information about the interaction between KMS and Amazon Web Services Nitro
// Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
// in the Key Management Service Developer Guide.
type RecipientInfo struct {
_ struct{} `type:"structure"`
// The attestation document for an Amazon Web Services Nitro Enclave. This document
// includes the enclave's public key.
// AttestationDocument is automatically base64 encoded/decoded by the SDK.
AttestationDocument []byte `min:"1" type:"blob"`
// The encryption algorithm that KMS should use with the public key for an Amazon
// Web Services Nitro Enclave to encrypt plaintext values for the response.
// The only valid value is RSAES_OAEP_SHA_256.
KeyEncryptionAlgorithm *string `type:"string" enum:"KeyEncryptionMechanism"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RecipientInfo) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RecipientInfo) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *RecipientInfo) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RecipientInfo"}
if s.AttestationDocument != nil && len(s.AttestationDocument) < 1 {
invalidParams.Add(request.NewErrParamMinLen("AttestationDocument", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAttestationDocument sets the AttestationDocument field's value.
func (s *RecipientInfo) SetAttestationDocument(v []byte) *RecipientInfo {
s.AttestationDocument = v
return s
}
// SetKeyEncryptionAlgorithm sets the KeyEncryptionAlgorithm field's value.
func (s *RecipientInfo) SetKeyEncryptionAlgorithm(v string) *RecipientInfo {
s.KeyEncryptionAlgorithm = &v
return s
}
type ReplicateKeyInput struct { type ReplicateKeyInput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
@ -17666,6 +18014,9 @@ type ReplicateKeyInput struct {
// A description of the KMS key. The default value is an empty string (no description). // A description of the KMS key. The default value is an empty string (no description).
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// The description is not a shared property of multi-Region keys. You can specify // The description is not a shared property of multi-Region keys. You can specify
// the same description or a different description for each key in a set of // the same description or a different description for each key in a set of
// related multi-Region keys. KMS does not synchronize this property. // related multi-Region keys. KMS does not synchronize this property.
@ -17762,6 +18113,9 @@ type ReplicateKeyInput struct {
// KMS key when it is created. To tag an existing KMS key, use the TagResource // KMS key when it is created. To tag an existing KMS key, use the TagResource
// operation. // operation.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// Tagging or untagging a KMS key can allow or deny permission to the KMS key. // Tagging or untagging a KMS key can allow or deny permission to the KMS key.
// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
@ -18517,6 +18871,9 @@ func (s *SignOutput) SetSigningAlgorithm(v string) *SignOutput {
// A key-value pair. A tag consists of a tag key and a tag value. Tag keys and // A key-value pair. A tag consists of a tag key and a tag value. Tag keys and
// tag values are both required, but tag values can be empty (null) strings. // tag values are both required, but tag values can be empty (null) strings.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// For information about the rules that apply to tag keys and tag values, see // For information about the rules that apply to tag keys and tag values, see
// User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) // User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
// in the Amazon Web Services Billing and Cost Management User Guide. // in the Amazon Web Services Billing and Cost Management User Guide.
@ -18665,10 +19022,11 @@ type TagResourceInput struct {
// KeyId is a required field // KeyId is a required field
KeyId *string `min:"1" type:"string" required:"true"` KeyId *string `min:"1" type:"string" required:"true"`
// One or more tags. // One or more tags. Each tag consists of a tag key and a tag value. The tag
// value can be an empty (null) string.
// //
// Each tag consists of a tag key and a tag value. The tag value can be an empty // Do not include confidential or sensitive information in this field. This
// (null) string. // field may be displayed in plaintext in CloudTrail logs and other output.
// //
// You cannot have more than one tag on a KMS key with the same tag key. If // You cannot have more than one tag on a KMS key with the same tag key. If
// you specify an existing tag key with a different tag value, KMS replaces // you specify an existing tag key with a different tag value, KMS replaces
@ -18926,6 +19284,9 @@ type UpdateAliasInput struct {
// with alias/ followed by the alias name, such as alias/ExampleAlias. You cannot // with alias/ followed by the alias name, such as alias/ExampleAlias. You cannot
// use UpdateAlias to change the alias name. // use UpdateAlias to change the alias name.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// AliasName is a required field // AliasName is a required field
AliasName *string `min:"1" type:"string" required:"true"` AliasName *string `min:"1" type:"string" required:"true"`
@ -19071,6 +19432,9 @@ type UpdateCustomKeyStoreInput struct {
// Changes the friendly name of the custom key store to the value that you specify. // Changes the friendly name of the custom key store to the value that you specify.
// The custom key store name must be unique in the Amazon Web Services account. // The custom key store name must be unique in the Amazon Web Services account.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// To change this value, an CloudHSM key store must be disconnected. An external // To change this value, an CloudHSM key store must be disconnected. An external
// key store can be connected or disconnected. // key store can be connected or disconnected.
NewCustomKeyStoreName *string `min:"1" type:"string"` NewCustomKeyStoreName *string `min:"1" type:"string"`
@ -19286,6 +19650,9 @@ type UpdateKeyDescriptionInput struct {
// New description for the KMS key. // New description for the KMS key.
// //
// Do not include confidential or sensitive information in this field. This
// field may be displayed in plaintext in CloudTrail logs and other output.
//
// Description is a required field // Description is a required field
Description *string `type:"string" required:"true"` Description *string `type:"string" required:"true"`
@ -21298,6 +21665,18 @@ func GrantOperation_Values() []string {
} }
} }
const (
// KeyEncryptionMechanismRsaesOaepSha256 is a KeyEncryptionMechanism enum value
KeyEncryptionMechanismRsaesOaepSha256 = "RSAES_OAEP_SHA_256"
)
// KeyEncryptionMechanism_Values returns all elements of the KeyEncryptionMechanism enum
func KeyEncryptionMechanism_Values() []string {
return []string{
KeyEncryptionMechanismRsaesOaepSha256,
}
}
const ( const (
// KeyManagerTypeAws is a KeyManagerType enum value // KeyManagerTypeAws is a KeyManagerType enum value
KeyManagerTypeAws = "AWS" KeyManagerTypeAws = "AWS"

2
vendor/modules.txt vendored
View File

@ -8,7 +8,7 @@ github.com/ansel1/merry
# github.com/ansel1/merry/v2 v2.0.1 # github.com/ansel1/merry/v2 v2.0.1
## explicit; go 1.12 ## explicit; go 1.12
github.com/ansel1/merry/v2 github.com/ansel1/merry/v2
# github.com/aws/aws-sdk-go v1.44.249 # github.com/aws/aws-sdk-go v1.44.254
## explicit; go 1.11 ## explicit; go 1.11
github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/awserr github.com/aws/aws-sdk-go/aws/awserr