rebase: bump github.com/aws/aws-sdk-go from 1.44.254 to 1.44.259

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.254 to 1.44.259.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.254...v1.44.259)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

go.mod

@@ -4,7 +4,7 @@ go 1.19
 
 require (
 	github.com/IBM/keyprotect-go-client v0.10.0
-	github.com/aws/aws-sdk-go v1.44.254
+	github.com/aws/aws-sdk-go v1.44.259
 	github.com/aws/aws-sdk-go-v2/service/sts v1.18.10
 	github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
 	// TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag

go.sum

@@ -155,8 +155,8 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go v1.44.254 h1:8baW4yal2xGiM/Wm5/ZU10drS8sd+BVjMjPFjJx2ooc=
+github.com/aws/aws-sdk-go v1.44.259 h1:7yDn1dcv4DZFMKpu+2exIH5O6ipNj9qXrKfdMUaIJwY=
-github.com/aws/aws-sdk-go v1.44.254/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.259/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
 github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=

vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go

@@ -13,6 +13,7 @@ const (
 	AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition.
 	AwsIsoPartitionID   = "aws-iso"    // AWS ISO (US) partition.
 	AwsIsoBPartitionID  = "aws-iso-b"  // AWS ISOB (US) partition.
+	AwsIsoEPartitionID  = "aws-iso-e"  // AWS ISOE (Europe) partition.
 )
 
 // AWS Standard partition's regions.
@@ -69,8 +70,11 @@ const (
 	UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio).
 )
 
+// AWS ISOE (Europe) partition's regions.
+const ()
+
 // DefaultResolver returns an Endpoint resolver that will be able
-// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US).
+// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), and AWS ISOE (Europe).
 //
 // Use DefaultPartitions() to get the list of the default partitions.
 func DefaultResolver() Resolver {
@@ -78,7 +82,7 @@ func DefaultResolver() Resolver {
 }
 
 // DefaultPartitions returns a list of the partitions the SDK is bundled
-// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US).
+// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), and AWS ISOE (Europe).
 //
 //    partitions := endpoints.DefaultPartitions
 //    for _, p := range partitions {
@@ -94,6 +98,7 @@ var defaultPartitions = partitions{
 	awsusgovPartition,
 	awsisoPartition,
 	awsisobPartition,
+	awsisoePartition,
 }
 
 // AwsPartition returns the Resolver for AWS Standard.
@@ -13696,21 +13701,11 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.ap-northeast-2.api.aws",
 				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-northeast-3.api.aws",
-				},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{
 					Hostname: "internetmonitor.ap-south-1.api.aws",
 				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-south-2.api.aws",
-				},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{
@@ -13721,16 +13716,6 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.ap-southeast-2.api.aws",
 				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-southeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-southeast-4.api.aws",
-				},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{
@@ -13741,11 +13726,6 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.eu-central-1.api.aws",
 				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-central-2.api.aws",
-				},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{
@@ -13756,11 +13736,6 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.eu-south-1.api.aws",
 				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-south-2.api.aws",
-				},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{
@@ -13776,11 +13751,6 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.eu-west-3.api.aws",
 				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{
-					Hostname: "internetmonitor.me-central-1.api.aws",
-				},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{
@@ -15316,6 +15286,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -18035,6 +18008,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -25210,6 +25186,130 @@ var awsPartition = partition{
 				},
 			},
 		},
+		"signer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "signer-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "signer-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "signer-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "signer-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
 		"simspaceweaver": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -31761,6 +31861,16 @@ var awscnPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"signer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
 		"sms": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -33320,6 +33430,9 @@ var awsusgovPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{},
@@ -37228,14 +37341,14 @@ var awsusgovPartition = partition{
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{
-					Protocols: []string{"http", "https"},
+					Protocols: []string{"https"},
 				},
 				endpointKey{
 					Region:  "us-gov-west-1",
 					Variant: fipsVariant,
 				}: endpoint{
 					Hostname:  "sns.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
+					Protocols: []string{"https"},
 				},
 			},
 		},
@@ -37976,6 +38089,9 @@ var awsusgovPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{},
@@ -39477,3 +39593,37 @@ var awsisobPartition = partition{
 		},
 	},
 }
+
+// AwsIsoEPartition returns the Resolver for AWS ISOE (Europe).
+func AwsIsoEPartition() Partition {
+	return awsisoePartition.Partition()
+}
+
+var awsisoePartition = partition{
+	ID:        "aws-iso-e",
+	Name:      "AWS ISOE (Europe)",
+	DNSSuffix: "cloud.adc-e.uk",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^eu\\-isoe\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpointDefaults{
+		defaultKey{}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "cloud.adc-e.uk",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+	},
+	Regions:  regions{},
+	Services: services{},
+}

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.44.254"
+const SDKVersion = "1.44.259"

vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go

@@ -2,6 +2,7 @@ package restjson
 
 import (
 	"bytes"
+	"encoding/json"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -40,54 +41,30 @@ func (u *UnmarshalTypedError) UnmarshalError(
 	resp *http.Response,
 	respMeta protocol.ResponseMetadata,
 ) (error, error) {
-
+	code, msg, err := unmarshalErrorInfo(resp)
-	code := resp.Header.Get(errorTypeHeader)
+	if err != nil {
-	msg := resp.Header.Get(errorMessageHeader)
+		return nil, err
-
-	body := resp.Body
-	if len(code) == 0 || len(msg) == 0 {
-		// If unable to get code from HTTP headers have to parse JSON message
-		// to determine what kind of exception this will be.
-		var buf bytes.Buffer
-		var jsonErr jsonErrorResponse
-		teeReader := io.TeeReader(resp.Body, &buf)
-		err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader)
-		if err != nil {
-			return nil, err
-		}
-
-		body = ioutil.NopCloser(&buf)
-		if len(code) == 0 {
-			code = jsonErr.Code
-		}
-		msg = jsonErr.Message
 	}
 
-	// If code has colon separators remove them so can compare against modeled
+	fn, ok := u.exceptions[code]
-	// exception names.
+	if !ok {
-	code = strings.SplitN(code, ":", 2)[0]
+		return awserr.NewRequestFailure(
-
+			awserr.New(code, msg, nil),
-	if fn, ok := u.exceptions[code]; ok {
+			respMeta.StatusCode,
-		// If exception code is know, use associated constructor to get a value
+			respMeta.RequestID,
-		// for the exception that the JSON body can be unmarshaled into.
+		), nil
-		v := fn(respMeta)
-		if err := jsonutil.UnmarshalJSONCaseInsensitive(v, body); err != nil {
-			return nil, err
-		}
-
-		if err := rest.UnmarshalResponse(resp, v, true); err != nil {
-			return nil, err
-		}
-
-		return v, nil
 	}
 
-	// fallback to unmodeled generic exceptions
+	v := fn(respMeta)
-	return awserr.NewRequestFailure(
+	if err := jsonutil.UnmarshalJSONCaseInsensitive(v, resp.Body); err != nil {
-		awserr.New(code, msg, nil),
+		return nil, err
-		respMeta.StatusCode,
+	}
-		respMeta.RequestID,
+
-	), nil
+	if err := rest.UnmarshalResponse(resp, v, true); err != nil {
+		return nil, err
+	}
+
+	return v, nil
 }
 
 // UnmarshalErrorHandler is a named request handler for unmarshaling restjson
@@ -101,36 +78,80 @@ var UnmarshalErrorHandler = request.NamedHandler{
 func UnmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
 
-	var jsonErr jsonErrorResponse
+	code, msg, err := unmarshalErrorInfo(r.HTTPResponse)
-	err := jsonutil.UnmarshalJSONError(&jsonErr, r.HTTPResponse.Body)
 	if err != nil {
 		r.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization,
+			awserr.New(request.ErrCodeSerialization, "failed to unmarshal response error", err),
-				"failed to unmarshal response error", err),
 			r.HTTPResponse.StatusCode,
 			r.RequestID,
 		)
 		return
 	}
 
-	code := r.HTTPResponse.Header.Get(errorTypeHeader)
-	if code == "" {
-		code = jsonErr.Code
-	}
-	msg := r.HTTPResponse.Header.Get(errorMessageHeader)
-	if msg == "" {
-		msg = jsonErr.Message
-	}
-
-	code = strings.SplitN(code, ":", 2)[0]
 	r.Error = awserr.NewRequestFailure(
-		awserr.New(code, jsonErr.Message, nil),
+		awserr.New(code, msg, nil),
 		r.HTTPResponse.StatusCode,
 		r.RequestID,
 	)
 }
 
 type jsonErrorResponse struct {
+	Type    string `json:"__type"`
 	Code    string `json:"code"`
 	Message string `json:"message"`
 }
+
+func (j *jsonErrorResponse) SanitizedCode() string {
+	code := j.Code
+	if len(j.Type) > 0 {
+		code = j.Type
+	}
+	return sanitizeCode(code)
+}
+
+// Remove superfluous components from a restJson error code.
+//   - If a : character is present, then take only the contents before the
+//     first : character in the value.
+//   - If a # character is present, then take only the contents after the first
+//     # character in the value.
+//
+// All of the following error values resolve to FooError:
+//   - FooError
+//   - FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/
+//   - aws.protocoltests.restjson#FooError
+//   - aws.protocoltests.restjson#FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/
+func sanitizeCode(code string) string {
+	noColon := strings.SplitN(code, ":", 2)[0]
+	hashSplit := strings.SplitN(noColon, "#", 2)
+	return hashSplit[len(hashSplit)-1]
+}
+
+// attempt to garner error details from the response, preferring header values
+// when present
+func unmarshalErrorInfo(resp *http.Response) (code string, msg string, err error) {
+	code = sanitizeCode(resp.Header.Get(errorTypeHeader))
+	msg = resp.Header.Get(errorMessageHeader)
+	if len(code) > 0 && len(msg) > 0 {
+		return
+	}
+
+	// a modeled error will have to be re-deserialized later, so the body must
+	// be preserved
+	var buf bytes.Buffer
+	tee := io.TeeReader(resp.Body, &buf)
+	defer func() { resp.Body = ioutil.NopCloser(&buf) }()
+
+	var jsonErr jsonErrorResponse
+	if decodeErr := json.NewDecoder(tee).Decode(&jsonErr); decodeErr != nil && decodeErr != io.EOF {
+		err = awserr.NewUnmarshalError(decodeErr, "failed to decode response body", buf.Bytes())
+		return
+	}
+
+	if len(code) == 0 {
+		code = jsonErr.SanitizedCode()
+	}
+	if len(msg) == 0 {
+		msg = jsonErr.Message
+	}
+	return
+}

vendor/github.com/aws/aws-sdk-go/service/ec2/api.go

@@ -40885,6 +40885,12 @@ func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsRequest(input *GetNet
 		Name:       opGetNetworkInsightsAccessScopeAnalysisFindings,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"NextToken"},
+			OutputTokens:    []string{"NextToken"},
+			LimitToken:      "MaxResults",
+			TruncationToken: "",
+		},
 	}
 
 	if input == nil {
@@ -40928,6 +40934,57 @@ func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsWithContext(ctx aws.C
 	return out, req.Send()
 }
 
+// GetNetworkInsightsAccessScopeAnalysisFindingsPages iterates over the pages of a GetNetworkInsightsAccessScopeAnalysisFindings operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See GetNetworkInsightsAccessScopeAnalysisFindings method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//	// Example iterating over at most 3 pages of a GetNetworkInsightsAccessScopeAnalysisFindings operation.
+//	pageNum := 0
+//	err := client.GetNetworkInsightsAccessScopeAnalysisFindingsPages(params,
+//	    func(page *ec2.GetNetworkInsightsAccessScopeAnalysisFindingsOutput, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
+func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsPages(input *GetNetworkInsightsAccessScopeAnalysisFindingsInput, fn func(*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, bool) bool) error {
+	return c.GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext same as GetNetworkInsightsAccessScopeAnalysisFindingsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext(ctx aws.Context, input *GetNetworkInsightsAccessScopeAnalysisFindingsInput, fn func(*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *GetNetworkInsightsAccessScopeAnalysisFindingsInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.GetNetworkInsightsAccessScopeAnalysisFindingsRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	for p.Next() {
+		if !fn(p.Page().(*GetNetworkInsightsAccessScopeAnalysisFindingsOutput), !p.HasNextPage()) {
+			break
+		}
+	}
+
+	return p.Err()
+}
+
 const opGetNetworkInsightsAccessScopeContent = "GetNetworkInsightsAccessScopeContent"
 
 // GetNetworkInsightsAccessScopeContentRequest generates a "aws/request.Request" representing the
@@ -185691,6 +185748,21 @@ const (
 
 	// InstanceTypeR6idnMetal is a InstanceType enum value
 	InstanceTypeR6idnMetal = "r6idn.metal"
+
+	// InstanceTypeInf2Xlarge is a InstanceType enum value
+	InstanceTypeInf2Xlarge = "inf2.xlarge"
+
+	// InstanceTypeInf28xlarge is a InstanceType enum value
+	InstanceTypeInf28xlarge = "inf2.8xlarge"
+
+	// InstanceTypeInf224xlarge is a InstanceType enum value
+	InstanceTypeInf224xlarge = "inf2.24xlarge"
+
+	// InstanceTypeInf248xlarge is a InstanceType enum value
+	InstanceTypeInf248xlarge = "inf2.48xlarge"
+
+	// InstanceTypeTrn1n32xlarge is a InstanceType enum value
+	InstanceTypeTrn1n32xlarge = "trn1n.32xlarge"
 )
 
 // InstanceType_Values returns all elements of the InstanceType enum
@@ -186339,6 +186411,11 @@ func InstanceType_Values() []string {
 		InstanceTypeM6idnMetal,
 		InstanceTypeR6inMetal,
 		InstanceTypeR6idnMetal,
+		InstanceTypeInf2Xlarge,
+		InstanceTypeInf28xlarge,
+		InstanceTypeInf224xlarge,
+		InstanceTypeInf248xlarge,
+		InstanceTypeTrn1n32xlarge,
 	}
 }
 

vendor/github.com/aws/aws-sdk-go/service/sts/api.go

@@ -85,9 +85,9 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide.
 //
-// When you create a role, you create two policies: A role trust policy that
+// When you create a role, you create two policies: a role trust policy that
-// specifies who can assume the role and a permissions policy that specifies
+// specifies who can assume the role, and a permissions policy that specifies
-// what can be done with the role. You specify the trusted principal who is
+// what can be done with the role. You specify the trusted principal that is
 // allowed to assume the role in the role trust policy.
 //
 // To assume a role from a different account, your Amazon Web Services account
@@ -96,9 +96,9 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // are allowed to delegate that access to users in the account.
 //
 // A user who wants to access a role in a different account must also have permissions
-// that are delegated from the user account administrator. The administrator
+// that are delegated from the account administrator. The administrator must
-// must attach a policy that allows the user to call AssumeRole for the ARN
+// attach a policy that allows the user to call AssumeRole for the ARN of the
-// of the role in the other account.
+// role in the other account.
 //
 // To allow a user to assume a role in the same account, you can do either of
 // the following:
@@ -517,10 +517,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // a user. You can also supply the user with a consistent identity throughout
 // the lifetime of an application.
 //
-// To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
+// To learn more about Amazon Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
-// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito
+// in Amazon Cognito Developer Guide.
-// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
-// in the Amazon Web Services SDK for iOS Developer Guide.
 //
 // Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web
 // Services security credentials. Therefore, you can distribute an application
@@ -984,11 +982,11 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
 // call the operation.
 //
 // No permissions are required to perform this operation. If an administrator
-// adds a policy to your IAM user or role that explicitly denies access to the
+// attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity
-// sts:GetCallerIdentity action, you can still perform this operation. Permissions
+// action, you can still perform this operation. Permissions are not required
-// are not required because the same information is returned when an IAM user
+// because the same information is returned when access is denied. To view an
-// or role is denied access. To view an example response, see I Am Not Authorized
+// example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice
-// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
 // in the IAM User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -1063,18 +1061,26 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // GetFederationToken API operation for AWS Security Token Service.
 //
 // Returns a set of temporary security credentials (consisting of an access
-// key ID, a secret access key, and a security token) for a federated user.
+// key ID, a secret access key, and a security token) for a user. A typical
-// A typical use is in a proxy application that gets temporary security credentials
+// use is in a proxy application that gets temporary security credentials on
-// on behalf of distributed applications inside a corporate network. You must
+// behalf of distributed applications inside a corporate network.
-// call the GetFederationToken operation using the long-term security credentials
+//
-// of an IAM user. As a result, this call is appropriate in contexts where those
+// You must call the GetFederationToken operation using the long-term security
-// credentials can be safely stored, usually in a server-based application.
+// credentials of an IAM user. As a result, this call is appropriate in contexts
+// where those credentials can be safeguarded, usually in a server-based application.
 // For a comparison of GetFederationToken with the other API operations that
 // produce temporary credentials, see Requesting Temporary Security Credentials
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
 // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
+// Although it is possible to call GetFederationToken using the security credentials
+// of an Amazon Web Services account root user rather than an IAM user that
+// you create for the purpose of a proxy application, we do not recommend it.
+// For more information, see Safeguard your root user credentials and don't
+// use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
+// in the IAM User Guide.
+//
 // You can create a mobile-based or browser-based app that can authenticate
 // users using a web identity provider like Login with Amazon, Facebook, Google,
 // or an OpenID Connect-compatible identity provider. In this case, we recommend
@@ -1083,21 +1089,13 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
 // in the IAM User Guide.
 //
-// You can also call GetFederationToken using the security credentials of an
-// Amazon Web Services account root user, but we do not recommend it. Instead,
-// we recommend that you create an IAM user for the purpose of the proxy application.
-// Then attach a policy to the IAM user that limits federated users to only
-// the actions and resources that they need to access. For more information,
-// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
-// in the IAM User Guide.
-//
 // # Session duration
 //
 // The temporary credentials are valid for the specified duration, from 900
 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
 // session duration is 43,200 seconds (12 hours). Temporary credentials obtained
-// by using the Amazon Web Services account root user credentials have a maximum
+// by using the root user credentials have a maximum duration of 3,600 seconds
-// duration of 3,600 seconds (1 hour).
+// (1 hour).
 //
 // # Permissions
 //
@@ -1267,12 +1265,13 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // or IAM user. The credentials consist of an access key ID, a secret access
 // key, and a security token. Typically, you use GetSessionToken if you want
 // to use MFA to protect programmatic calls to specific Amazon Web Services
-// API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would
+// API operations like Amazon EC2 StopInstances.
-// need to call GetSessionToken and submit an MFA code that is associated with
+//
-// their MFA device. Using the temporary security credentials that are returned
+// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that
-// from the call, IAM users can then make programmatic calls to API operations
+// is associated with their MFA device. Using the temporary security credentials
-// that require MFA authentication. If you do not supply a correct MFA code,
+// that the call returns, IAM users can then make programmatic calls to API
-// then the API returns an access denied error. For a comparison of GetSessionToken
+// operations that require MFA authentication. An incorrect MFA code causes
+// the API to return an access denied error. For a comparison of GetSessionToken
 // with the other API operations that produce temporary credentials, see Requesting
 // Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
 // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
@@ -1287,13 +1286,12 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // # Session Duration
 //
 // The GetSessionToken operation must be called by using the long-term Amazon
-// Web Services security credentials of the Amazon Web Services account root
+// Web Services security credentials of an IAM user. Credentials that are created
-// user or an IAM user. Credentials that are created by IAM users are valid
+// by IAM users are valid for the duration that you specify. This duration can
-// for the duration that you specify. This duration can range from 900 seconds
+// range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
-// (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default
+// hours), with a default of 43,200 seconds (12 hours). Credentials based on
-// of 43,200 seconds (12 hours). Credentials based on account credentials can
+// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
-// range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a
+// (1 hour), with a default of 1 hour.
-// default of 1 hour.
 //
 // # Permissions
 //
@@ -1305,20 +1303,20 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 //
 //   - You cannot call any STS API except AssumeRole or GetCallerIdentity.
 //
-// We recommend that you do not call GetSessionToken with Amazon Web Services
+// The credentials that GetSessionToken returns are based on permissions associated
-// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
+// with the IAM user whose credentials were used to call the operation. The
-// by creating one or more IAM users, giving them the necessary permissions,
+// temporary credentials have the same permissions as the IAM user.
-// and using IAM users for everyday interaction with Amazon Web Services.
 //
-// The credentials that are returned by GetSessionToken are based on permissions
+// Although it is possible to call GetSessionToken using the security credentials
-// associated with the user whose credentials were used to call the operation.
+// of an Amazon Web Services account root user rather than an IAM user, we do
-// If GetSessionToken is called using Amazon Web Services account root user
+// not recommend it. If GetSessionToken is called using root user credentials,
-// credentials, the temporary credentials have root user permissions. Similarly,
+// the temporary credentials have root user permissions. For more information,
-// if GetSessionToken is called using the credentials of an IAM user, the temporary
+// see Safeguard your root user credentials and don't use them for everyday
-// credentials have the same permissions as the IAM user.
+// tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
+// in the IAM User Guide
 //
 // For more information about using GetSessionToken to create temporary credentials,
-// go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
+// see Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
 // in the IAM User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -2036,7 +2034,7 @@ type AssumeRoleWithSAMLOutput struct {
 	//    IAM.
 	//
 	// The combination of NameQualifier and Subject can be used to uniquely identify
-	// a federated user.
+	// a user.
 	//
 	// The following pseudocode shows how the hash value is calculated:
 	//
@@ -2922,10 +2920,9 @@ type GetFederationTokenInput struct {
 	// The duration, in seconds, that the session should last. Acceptable durations
 	// for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
 	// (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
-	// using Amazon Web Services account root user credentials are restricted to
+	// using root user credentials are restricted to a maximum of 3,600 seconds
-	// a maximum of 3,600 seconds (one hour). If the specified duration is longer
+	// (one hour). If the specified duration is longer than one hour, the session
-	// than one hour, the session obtained by using root user credentials defaults
+	// obtained by using root user credentials defaults to one hour.
-	// to one hour.
 	DurationSeconds *int64 `min:"900" type:"integer"`
 
 	// The name of the federated user. The name is used as an identifier for the

vendor/github.com/aws/aws-sdk-go/service/sts/doc.go

@@ -4,10 +4,9 @@
 // requests to AWS Security Token Service.
 //
 // Security Token Service (STS) enables you to request temporary, limited-privilege
-// credentials for Identity and Access Management (IAM) users or for users that
+// credentials for users. This guide provides descriptions of the STS API. For
-// you authenticate (federated users). This guide provides descriptions of the
+// more information about using this service, see Temporary Security Credentials
-// STS API. For more information about using this service, see Temporary Security
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
-// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
 //

vendor/modules.txt

@@ -8,7 +8,7 @@ github.com/ansel1/merry
 # github.com/ansel1/merry/v2 v2.0.1
 ## explicit; go 1.12
 github.com/ansel1/merry/v2
-# github.com/aws/aws-sdk-go v1.44.254
+# github.com/aws/aws-sdk-go v1.44.259
 ## explicit; go 1.11
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/awserr