rebase: bump github.com/aws/aws-sdk-go from 1.41.15 to 1.42.7

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.41.15 to 1.42.7.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.41.15...v1.42.7)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

go.mod

@@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi
 go 1.16
 
 require (
-	github.com/aws/aws-sdk-go v1.41.15
+	github.com/aws/aws-sdk-go v1.42.7
 	github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
 	github.com/ceph/go-ceph v0.12.0
 	github.com/container-storage-interface/spec v1.5.0

go.sum

@@ -130,8 +130,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
 github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.41.15 h1:lp3gLI0U+yQTB3w/BLcwTPGIXHsLNpE6y4yn85m9GXQ=
+github.com/aws/aws-sdk-go v1.42.7 h1:Ee7QC4Y/eGebVGO/5IGN3fSXXSrheesZYYj2pYJG7Zk=
-github.com/aws/aws-sdk-go v1.41.15/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
+github.com/aws/aws-sdk-go v1.42.7/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=

vendor/github.com/aws/aws-sdk-go/aws/client/client.go

@@ -16,6 +16,7 @@ type Config struct {
 	Endpoint       string
 	SigningRegion  string
 	SigningName    string
+	ResolvedRegion string
 
 	// States that the signing name did not come from a modeled source but
 	// was derived based on other data. Used by service client constructors

vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go

@@ -11,4 +11,5 @@ type ClientInfo struct {
 	SigningRegion  string
 	JSONVersion    string
 	TargetPrefix   string
+	ResolvedRegion string
 }

vendor/github.com/aws/aws-sdk-go/aws/config.go

@@ -208,8 +208,19 @@ type Config struct {
 	//     svc := s3.New(sess, &aws.Config{
 	//         UseDualStack: aws.Bool(true),
 	//     })
+	//
+	// Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility.
+	// UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients
+	// moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher
+	// precedence then this option.
 	UseDualStack *bool
 
+	// Sets the resolver to resolve a dual-stack endpoint for the service.
+	UseDualStackEndpoint endpoints.DualStackEndpointState
+
+	// UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint.
+	UseFIPSEndpoint endpoints.FIPSEndpointState
+
 	// SleepDelay is an override for the func the SDK will call when sleeping
 	// during the lifecycle of a request. Specifically this will be used for
 	// request delays. This value should only be used for testing. To adjust
@@ -554,6 +565,10 @@ func mergeInConfig(dst *Config, other *Config) {
 		dst.UseDualStack = other.UseDualStack
 	}
 
+	if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
+		dst.UseDualStackEndpoint = other.UseDualStackEndpoint
+	}
+
 	if other.EC2MetadataDisableTimeoutOverride != nil {
 		dst.EC2MetadataDisableTimeoutOverride = other.EC2MetadataDisableTimeoutOverride
 	}
@@ -589,6 +604,14 @@ func mergeInConfig(dst *Config, other *Config) {
 	if other.LowerCaseHeaderMaps != nil {
 		dst.LowerCaseHeaderMaps = other.LowerCaseHeaderMaps
 	}
+
+	if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
+		dst.UseDualStackEndpoint = other.UseDualStackEndpoint
+	}
+
+	if other.UseFIPSEndpoint != endpoints.FIPSEndpointStateUnset {
+		dst.UseFIPSEndpoint = other.UseFIPSEndpoint
+	}
 }
 
 // Copy will return a shallow copy of the Config object. If any additional

vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go

@@ -81,7 +81,6 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
 	// Customization
 	for i := 0; i < len(ps); i++ {
 		p := &ps[i]
-		custAddS3DualStack(p)
 		custRegionalS3(p)
 		custRmIotDataService(p)
 		custFixAppAutoscalingChina(p)
@@ -91,15 +90,6 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
 	return ps, nil
 }
 
-func custAddS3DualStack(p *partition) {
-	if !(p.ID == "aws" || p.ID == "aws-cn" || p.ID == "aws-us-gov") {
-		return
-	}
-
-	custAddDualstack(p, "s3")
-	custAddDualstack(p, "s3-control")
-}
-
 func custRegionalS3(p *partition) {
 	if p.ID != "aws" {
 		return
@@ -110,35 +100,28 @@ func custRegionalS3(p *partition) {
 		return
 	}
 
+	const awsGlobal = "aws-global"
+	const usEast1 = "us-east-1"
+
 	// If global endpoint already exists no customization needed.
-	if _, ok := service.Endpoints["aws-global"]; ok {
+	if _, ok := service.Endpoints[endpointKey{Region: awsGlobal}]; ok {
 		return
 	}
 
-	service.PartitionEndpoint = "aws-global"
+	service.PartitionEndpoint = awsGlobal
-	service.Endpoints["us-east-1"] = endpoint{}
+	if _, ok := service.Endpoints[endpointKey{Region: usEast1}]; !ok {
-	service.Endpoints["aws-global"] = endpoint{
+		service.Endpoints[endpointKey{Region: usEast1}] = endpoint{}
+	}
+	service.Endpoints[endpointKey{Region: awsGlobal}] = endpoint{
 		Hostname: "s3.amazonaws.com",
 		CredentialScope: credentialScope{
-			Region: "us-east-1",
+			Region: usEast1,
 		},
 	}
 
 	p.Services["s3"] = service
 }
 
-func custAddDualstack(p *partition, svcName string) {
-	s, ok := p.Services[svcName]
-	if !ok {
-		return
-	}
-
-	s.Defaults.HasDualStack = boxedTrue
-	s.Defaults.DualStackHostname = "{service}.dualstack.{region}.{dnsSuffix}"
-
-	p.Services[svcName] = s
-}
-
 func custRmIotDataService(p *partition) {
 	delete(p.Services, "data.iot")
 }
@@ -155,12 +138,13 @@ func custFixAppAutoscalingChina(p *partition) {
 	}
 
 	const expectHostname = `autoscaling.{region}.amazonaws.com`
-	if e, a := s.Defaults.Hostname, expectHostname; e != a {
+	serviceDefault := s.Defaults[defaultKey{}]
+	if e, a := expectHostname, serviceDefault.Hostname; e != a {
 		fmt.Printf("custFixAppAutoscalingChina: ignoring customization, expected %s, got %s\n", e, a)
 		return
 	}
-
+	serviceDefault.Hostname = expectHostname + ".cn"
-	s.Defaults.Hostname = expectHostname + ".cn"
+	s.Defaults[defaultKey{}] = serviceDefault
 	p.Services[serviceName] = s
 }
 
@@ -175,18 +159,25 @@ func custFixAppAutoscalingUsGov(p *partition) {
 		return
 	}
 
-	if a := s.Defaults.CredentialScope.Service; a != "" {
+	serviceDefault := s.Defaults[defaultKey{}]
+	if a := serviceDefault.CredentialScope.Service; a != "" {
 		fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty credential scope service, got %s\n", a)
 		return
 	}
 
-	if a := s.Defaults.Hostname; a != "" {
+	if a := serviceDefault.Hostname; a != "" {
 		fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty hostname, got %s\n", a)
 		return
 	}
 
-	s.Defaults.CredentialScope.Service = "application-autoscaling"
+	serviceDefault.CredentialScope.Service = "application-autoscaling"
-	s.Defaults.Hostname = "autoscaling.{region}.amazonaws.com"
+	serviceDefault.Hostname = "autoscaling.{region}.amazonaws.com"
+
+	if s.Defaults == nil {
+		s.Defaults = make(endpointDefaults)
+	}
+
+	s.Defaults[defaultKey{}] = serviceDefault
 
 	p.Services[serviceName] = s
 }

vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go

@@ -8,6 +8,41 @@ import (
 	"github.com/aws/aws-sdk-go/aws/awserr"
 )
 
+// A Logger is a minimalistic interface for the SDK to log messages to.
+type Logger interface {
+	Log(...interface{})
+}
+
+// DualStackEndpointState is a constant to describe the dual-stack endpoint resolution
+// behavior.
+type DualStackEndpointState uint
+
+const (
+	// DualStackEndpointStateUnset is the default value behavior for dual-stack endpoint
+	// resolution.
+	DualStackEndpointStateUnset DualStackEndpointState = iota
+
+	// DualStackEndpointStateEnabled enable dual-stack endpoint resolution for endpoints.
+	DualStackEndpointStateEnabled
+
+	// DualStackEndpointStateDisabled disables dual-stack endpoint resolution for endpoints.
+	DualStackEndpointStateDisabled
+)
+
+// FIPSEndpointState is a constant to describe the FIPS endpoint resolution behavior.
+type FIPSEndpointState uint
+
+const (
+	// FIPSEndpointStateUnset is the default value behavior for FIPS endpoint resolution.
+	FIPSEndpointStateUnset FIPSEndpointState = iota
+
+	// FIPSEndpointStateEnabled enables FIPS endpoint resolution for service endpoints.
+	FIPSEndpointStateEnabled
+
+	// FIPSEndpointStateDisabled disables FIPS endpoint resolution for endpoints.
+	FIPSEndpointStateDisabled
+)
+
 // Options provide the configuration needed to direct how the
 // endpoints will be resolved.
 type Options struct {
@@ -21,8 +56,19 @@ type Options struct {
 	// be returned. This endpoint may not be valid. If StrictMatching is
 	// enabled only services that are known to support dualstack will return
 	// dualstack endpoints.
+	//
+	// Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility.
+	// UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients
+	// moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher
+	// precedence then this option.
 	UseDualStack bool
 
+	// Sets the resolver to resolve a dual-stack endpoint for the service.
+	UseDualStackEndpoint DualStackEndpointState
+
+	// UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint.
+	UseFIPSEndpoint FIPSEndpointState
+
 	// Enables strict matching of services and regions resolved endpoints.
 	// If the partition doesn't enumerate the exact service and region an
 	// error will be returned. This option will prevent returning endpoints
@@ -56,6 +102,30 @@ type Options struct {
 
 	// S3 Regional Endpoint flag helps with resolving the S3 endpoint
 	S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint
+
+	// ResolvedRegion is the resolved region string. If provided (non-zero length) it takes priority
+	// over the region name passed to the ResolveEndpoint call.
+	ResolvedRegion string
+
+	// Logger is the logger that will be used to log messages.
+	Logger Logger
+
+	// Determines whether logging of deprecated endpoints usage is enabled.
+	LogDeprecated bool
+}
+
+func (o Options) getEndpointVariant(service string) (v endpointVariant) {
+	const s3 = "s3"
+	const s3Control = "s3-control"
+
+	if (o.UseDualStackEndpoint == DualStackEndpointStateEnabled) ||
+		((service == s3 || service == s3Control) && (o.UseDualStackEndpoint == DualStackEndpointStateUnset && o.UseDualStack)) {
+		v |= dualStackVariant
+	}
+	if o.UseFIPSEndpoint == FIPSEndpointStateEnabled {
+		v |= fipsVariant
+	}
+	return v
 }
 
 // EC2IMDSEndpointModeState is an enum configuration variable describing the client endpoint mode.
@@ -196,10 +266,25 @@ func DisableSSLOption(o *Options) {
 
 // UseDualStackOption sets the UseDualStack option. Can be used as a functional
 // option when resolving endpoints.
+//
+// Deprecated: UseDualStackEndpointOption should be used to enable usage of a service's dual-stack endpoint.
+// When DualStackEndpointState is set to a non-zero value it takes higher precedence then this option.
 func UseDualStackOption(o *Options) {
 	o.UseDualStack = true
 }
 
+// UseDualStackEndpointOption sets the UseDualStackEndpoint option to enabled. Can be used as a functional
+// option when resolving endpoints.
+func UseDualStackEndpointOption(o *Options) {
+	o.UseDualStackEndpoint = DualStackEndpointStateEnabled
+}
+
+// UseFIPSEndpointOption sets the UseFIPSEndpoint option to enabled. Can be used as a functional
+// option when resolving endpoints.
+func UseFIPSEndpointOption(o *Options) {
+	o.UseFIPSEndpoint = FIPSEndpointStateEnabled
+}
+
 // StrictMatchingOption sets the StrictMatching option. Can be used as a functional
 // option when resolving endpoints.
 func StrictMatchingOption(o *Options) {
@@ -407,7 +492,7 @@ func (r Region) ResolveEndpoint(service string, opts ...func(*Options)) (Resolve
 func (r Region) Services() map[string]Service {
 	ss := map[string]Service{}
 	for id, s := range r.p.Services {
-		if _, ok := s.Endpoints[r.id]; ok {
+		if _, ok := s.Endpoints[endpointKey{Region: r.id}]; ok {
 			ss[id] = Service{
 				id: id,
 				p:  r.p,
@@ -452,9 +537,12 @@ func (s Service) Regions() map[string]Region {
 	}
 
 	for id := range service.Endpoints {
-		if r, ok := s.p.Regions[id]; ok {
+		if id.Variant != 0 {
-			rs[id] = Region{
+			continue
-				id:   id,
+		}
+		if r, ok := s.p.Regions[id.Region]; ok {
+			rs[id.Region] = Region{
+				id:   id.Region,
 				desc: r.Description,
 				p:    s.p,
 			}
@@ -472,8 +560,11 @@ func (s Service) Regions() map[string]Region {
 func (s Service) Endpoints() map[string]Endpoint {
 	es := make(map[string]Endpoint, len(s.p.Services[s.id].Endpoints))
 	for id := range s.p.Services[s.id].Endpoints {
-		es[id] = Endpoint{
+		if id.Variant != 0 {
-			id:        id,
+			continue
+		}
+		es[id.Region] = Endpoint{
+			id:        id.Region,
 			serviceID: s.id,
 			p:         s.p,
 		}

vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go

@@ -1,6 +1,7 @@
 package endpoints
 
 import (
+	"encoding/json"
 	"fmt"
 	"regexp"
 	"strconv"
@@ -12,6 +13,34 @@ const (
 	ec2MetadataEndpointIPv4 = "http://169.254.169.254/latest"
 )
 
+const dnsSuffixTemplateKey = "{dnsSuffix}"
+
+// defaultKey is a compound map key of a variant and other values.
+type defaultKey struct {
+	Variant        endpointVariant
+	ServiceVariant serviceVariant
+}
+
+// endpointKey is a compound map key of a region and associated variant value.
+type endpointKey struct {
+	Region  string
+	Variant endpointVariant
+}
+
+// endpointVariant is a bit field to describe the endpoints attributes.
+type endpointVariant uint64
+
+// serviceVariant is a bit field to describe the service endpoint attributes.
+type serviceVariant uint64
+
+const (
+	// fipsVariant indicates that the endpoint is FIPS capable.
+	fipsVariant endpointVariant = 1 << (64 - 1 - iota)
+
+	// dualStackVariant indicates that the endpoint is DualStack capable.
+	dualStackVariant
+)
+
 var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`)
 
 type partitions []partition
@@ -20,8 +49,12 @@ func (ps partitions) EndpointFor(service, region string, opts ...func(*Options))
 	var opt Options
 	opt.Set(opts...)
 
+	if len(opt.ResolvedRegion) > 0 {
+		region = opt.ResolvedRegion
+	}
+
 	for i := 0; i < len(ps); i++ {
-		if !ps[i].canResolveEndpoint(service, region, opt.StrictMatching) {
+		if !ps[i].canResolveEndpoint(service, region, opt) {
 			continue
 		}
 
@@ -49,12 +82,74 @@ func (ps partitions) Partitions() []Partition {
 	return parts
 }
 
+type endpointWithVariants struct {
+	endpoint
+	Variants []endpointWithTags `json:"variants"`
+}
+
+type endpointWithTags struct {
+	endpoint
+	Tags []string `json:"tags"`
+}
+
+type endpointDefaults map[defaultKey]endpoint
+
+func (p *endpointDefaults) UnmarshalJSON(data []byte) error {
+	if *p == nil {
+		*p = make(endpointDefaults)
+	}
+
+	var e endpointWithVariants
+	if err := json.Unmarshal(data, &e); err != nil {
+		return err
+	}
+
+	(*p)[defaultKey{Variant: 0}] = e.endpoint
+
+	e.Hostname = ""
+	e.DNSSuffix = ""
+
+	for _, variant := range e.Variants {
+		endpointVariant, unknown := parseVariantTags(variant.Tags)
+		if unknown {
+			continue
+		}
+
+		var ve endpoint
+		ve.mergeIn(e.endpoint)
+		ve.mergeIn(variant.endpoint)
+
+		(*p)[defaultKey{Variant: endpointVariant}] = ve
+	}
+
+	return nil
+}
+
+func parseVariantTags(tags []string) (ev endpointVariant, unknown bool) {
+	if len(tags) == 0 {
+		unknown = true
+		return
+	}
+
+	for _, tag := range tags {
+		switch {
+		case strings.EqualFold("fips", tag):
+			ev |= fipsVariant
+		case strings.EqualFold("dualstack", tag):
+			ev |= dualStackVariant
+		default:
+			unknown = true
+		}
+	}
+	return ev, unknown
+}
+
 type partition struct {
 	ID          string           `json:"partition"`
 	Name        string           `json:"partitionName"`
 	DNSSuffix   string           `json:"dnsSuffix"`
 	RegionRegex regionRegex      `json:"regionRegex"`
-	Defaults    endpoint    `json:"defaults"`
+	Defaults    endpointDefaults `json:"defaults"`
 	Regions     regions          `json:"regions"`
 	Services    services         `json:"services"`
 }
@@ -67,15 +162,18 @@ func (p partition) Partition() Partition {
 	}
 }
 
-func (p partition) canResolveEndpoint(service, region string, strictMatch bool) bool {
+func (p partition) canResolveEndpoint(service, region string, options Options) bool {
 	s, hasService := p.Services[service]
-	_, hasEndpoint := s.Endpoints[region]
+	_, hasEndpoint := s.Endpoints[endpointKey{
+		Region:  region,
+		Variant: options.getEndpointVariant(service),
+	}]
 
 	if hasEndpoint && hasService {
 		return true
 	}
 
-	if strictMatch {
+	if options.StrictMatching {
 		return false
 	}
 
@@ -106,6 +204,10 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (
 	var opt Options
 	opt.Set(opts...)
 
+	if len(opt.ResolvedRegion) > 0 {
+		region = opt.ResolvedRegion
+	}
+
 	s, hasService := p.Services[service]
 
 	if service == Ec2metadataServiceID && !hasService {
@@ -123,21 +225,44 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (
 		region = s.PartitionEndpoint
 	}
 
-	if (service == "sts" && opt.STSRegionalEndpoint != RegionalSTSEndpoint) ||
+	if r, ok := isLegacyGlobalRegion(service, region, opt); ok {
-		(service == "s3" && opt.S3UsEast1RegionalEndpoint != RegionalS3UsEast1Endpoint) {
+		region = r
-		if _, ok := legacyGlobalRegions[service][region]; ok {
-			region = "aws-global"
-		}
 	}
 
-	e, hasEndpoint := s.endpointForRegion(region)
+	variant := opt.getEndpointVariant(service)
-	if len(region) == 0 || (!hasEndpoint && opt.StrictMatching) {
+
-		return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(s.Endpoints))
+	endpoints := s.Endpoints
+
+	serviceDefaults, hasServiceDefault := s.Defaults[defaultKey{Variant: variant}]
+	// If we searched for a variant which may have no explicit service defaults,
+	// then we need to inherit the standard service defaults except the hostname and dnsSuffix
+	if variant != 0 && !hasServiceDefault {
+		serviceDefaults = s.Defaults[defaultKey{}]
+		serviceDefaults.Hostname = ""
+		serviceDefaults.DNSSuffix = ""
 	}
 
-	defs := []endpoint{p.Defaults, s.Defaults}
+	partitionDefaults, hasPartitionDefault := p.Defaults[defaultKey{Variant: variant}]
 
-	return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt)
+	var dnsSuffix string
+	if len(serviceDefaults.DNSSuffix) > 0 {
+		dnsSuffix = serviceDefaults.DNSSuffix
+	} else if variant == 0 {
+		// For legacy reasons the partition dnsSuffix is not in the defaults, so if we looked for
+		// a non-variant endpoint then we need to set the dnsSuffix.
+		dnsSuffix = p.DNSSuffix
+	}
+
+	noDefaults := !hasServiceDefault && !hasPartitionDefault
+
+	e, hasEndpoint := s.endpointForRegion(region, endpoints, variant)
+	if len(region) == 0 || (!hasEndpoint && (opt.StrictMatching || noDefaults)) {
+		return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(endpoints, variant))
+	}
+
+	defs := []endpoint{partitionDefaults, serviceDefaults}
+
+	return e.resolve(service, p.ID, region, dnsSuffixTemplateKey, dnsSuffix, defs, opt)
 }
 
 func getEC2MetadataEndpoint(partitionID, service string, mode EC2IMDSEndpointModeState) ResolvedEndpoint {
@@ -165,6 +290,31 @@ func getEC2MetadataEndpoint(partitionID, service string, mode EC2IMDSEndpointMod
 	}
 }
 
+func isLegacyGlobalRegion(service string, region string, opt Options) (string, bool) {
+	if opt.getEndpointVariant(service) != 0 {
+		return "", false
+	}
+
+	const (
+		sts       = "sts"
+		s3        = "s3"
+		awsGlobal = "aws-global"
+	)
+
+	switch {
+	case service == sts && opt.STSRegionalEndpoint == RegionalSTSEndpoint:
+		return region, false
+	case service == s3 && opt.S3UsEast1RegionalEndpoint == RegionalS3UsEast1Endpoint:
+		return region, false
+	default:
+		if _, ok := legacyGlobalRegions[service][region]; ok {
+			return awsGlobal, true
+		}
+	}
+
+	return region, false
+}
+
 func serviceList(ss services) []string {
 	list := make([]string, 0, len(ss))
 	for k := range ss {
@@ -172,10 +322,13 @@ func serviceList(ss services) []string {
 	}
 	return list
 }
-func endpointList(es endpoints) []string {
+func endpointList(es serviceEndpoints, variant endpointVariant) []string {
 	list := make([]string, 0, len(es))
 	for k := range es {
-		list = append(list, k)
+		if k.Variant != variant {
+			continue
+		}
+		list = append(list, k.Region)
 	}
 	return list
 }
@@ -209,17 +362,17 @@ type services map[string]service
 type service struct {
 	PartitionEndpoint string           `json:"partitionEndpoint"`
 	IsRegionalized    boxedBool        `json:"isRegionalized,omitempty"`
-	Defaults          endpoint  `json:"defaults"`
+	Defaults          endpointDefaults `json:"defaults"`
-	Endpoints         endpoints `json:"endpoints"`
+	Endpoints         serviceEndpoints `json:"endpoints"`
 }
 
-func (s *service) endpointForRegion(region string) (endpoint, bool) {
+func (s *service) endpointForRegion(region string, endpoints serviceEndpoints, variant endpointVariant) (endpoint, bool) {
-	if e, ok := s.Endpoints[region]; ok {
+	if e, ok := endpoints[endpointKey{Region: region, Variant: variant}]; ok {
 		return e, true
 	}
 
 	if s.IsRegionalized == boxedFalse {
-		return s.Endpoints[s.PartitionEndpoint], region == s.PartitionEndpoint
+		return endpoints[endpointKey{Region: s.PartitionEndpoint, Variant: variant}], region == s.PartitionEndpoint
 	}
 
 	// Unable to find any matching endpoint, return
@@ -227,22 +380,73 @@ func (s *service) endpointForRegion(region string) (endpoint, bool) {
 	return endpoint{}, false
 }
 
-type endpoints map[string]endpoint
+type serviceEndpoints map[endpointKey]endpoint
+
+func (s *serviceEndpoints) UnmarshalJSON(data []byte) error {
+	if *s == nil {
+		*s = make(serviceEndpoints)
+	}
+
+	var regionToEndpoint map[string]endpointWithVariants
+
+	if err := json.Unmarshal(data, &regionToEndpoint); err != nil {
+		return err
+	}
+
+	for region, e := range regionToEndpoint {
+		(*s)[endpointKey{Region: region}] = e.endpoint
+
+		e.Hostname = ""
+		e.DNSSuffix = ""
+
+		for _, variant := range e.Variants {
+			endpointVariant, unknown := parseVariantTags(variant.Tags)
+			if unknown {
+				continue
+			}
+
+			var ve endpoint
+			ve.mergeIn(e.endpoint)
+			ve.mergeIn(variant.endpoint)
+
+			(*s)[endpointKey{Region: region, Variant: endpointVariant}] = ve
+		}
+	}
+
+	return nil
+}
 
 type endpoint struct {
 	Hostname        string          `json:"hostname"`
 	Protocols       []string        `json:"protocols"`
 	CredentialScope credentialScope `json:"credentialScope"`
 
-	// Custom fields not modeled
+	DNSSuffix string `json:"dnsSuffix"`
-	HasDualStack      boxedBool `json:"-"`
-	DualStackHostname string    `json:"-"`
 
 	// Signature Version not used
 	SignatureVersions []string `json:"signatureVersions"`
 
 	// SSLCommonName not used.
 	SSLCommonName string `json:"sslCommonName"`
+
+	Deprecated boxedBool `json:"deprecated"`
+}
+
+// isZero returns whether the endpoint structure is an empty (zero) value.
+func (e endpoint) isZero() bool {
+	switch {
+	case len(e.Hostname) != 0:
+		return false
+	case len(e.Protocols) != 0:
+		return false
+	case e.CredentialScope != (credentialScope{}):
+		return false
+	case len(e.SignatureVersions) != 0:
+		return false
+	case len(e.SSLCommonName) != 0:
+		return false
+	}
+	return true
 }
 
 const (
@@ -271,7 +475,7 @@ func getByPriority(s []string, p []string, def string) string {
 	return s[0]
 }
 
-func (e endpoint) resolve(service, partitionID, region, dnsSuffix string, defs []endpoint, opts Options) (ResolvedEndpoint, error) {
+func (e endpoint) resolve(service, partitionID, region, dnsSuffixTemplateVariable, dnsSuffix string, defs []endpoint, opts Options) (ResolvedEndpoint, error) {
 	var merged endpoint
 	for _, def := range defs {
 		merged.mergeIn(def)
@@ -292,23 +496,26 @@ func (e endpoint) resolve(service, partitionID, region, dnsSuffix string, defs [
 	}
 
 	hostname := e.Hostname
-	// Offset the hostname for dualstack if enabled
-	if opts.UseDualStack && e.HasDualStack == boxedTrue {
-		hostname = e.DualStackHostname
-		region = signingRegion
-	}
 
 	if !validateInputRegion(region) {
 		return ResolvedEndpoint{}, fmt.Errorf("invalid region identifier format provided")
 	}
 
+	if len(merged.DNSSuffix) > 0 {
+		dnsSuffix = merged.DNSSuffix
+	}
+
 	u := strings.Replace(hostname, "{service}", service, 1)
 	u = strings.Replace(u, "{region}", region, 1)
-	u = strings.Replace(u, "{dnsSuffix}", dnsSuffix, 1)
+	u = strings.Replace(u, dnsSuffixTemplateVariable, dnsSuffix, 1)
 
 	scheme := getEndpointScheme(e.Protocols, opts.DisableSSL)
 	u = fmt.Sprintf("%s://%s", scheme, u)
 
+	if e.Deprecated == boxedTrue && opts.LogDeprecated && opts.Logger != nil {
+		opts.Logger.Log(fmt.Sprintf("endpoint identifier %q, url %q marked as deprecated", region, u))
+	}
+
 	return ResolvedEndpoint{
 		URL:                u,
 		PartitionID:        partitionID,
@@ -346,11 +553,11 @@ func (e *endpoint) mergeIn(other endpoint) {
 	if len(other.SSLCommonName) > 0 {
 		e.SSLCommonName = other.SSLCommonName
 	}
-	if other.HasDualStack != boxedBoolUnset {
+	if len(other.DNSSuffix) > 0 {
-		e.HasDualStack = other.HasDualStack
+		e.DNSSuffix = other.DNSSuffix
 	}
-	if len(other.DualStackHostname) > 0 {
+	if other.Deprecated != boxedBoolUnset {
-		e.DualStackHostname = other.DualStackHostname
+		e.Deprecated = other.Deprecated
 	}
 }
 

vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go

@@ -155,6 +155,56 @@ func serviceSet(ps partitions) map[string]struct{} {
 	return set
 }
 
+func endpointVariantSetter(variant endpointVariant) (string, error) {
+	if variant == 0 {
+		return "0", nil
+	}
+
+	if variant > (fipsVariant | dualStackVariant) {
+		return "", fmt.Errorf("unknown endpoint variant")
+	}
+
+	var symbols []string
+	if variant&fipsVariant != 0 {
+		symbols = append(symbols, "fipsVariant")
+	}
+	if variant&dualStackVariant != 0 {
+		symbols = append(symbols, "dualStackVariant")
+	}
+	v := strings.Join(symbols, "|")
+
+	return v, nil
+}
+
+func endpointKeySetter(e endpointKey) (string, error) {
+	var sb strings.Builder
+	sb.WriteString("endpointKey{\n")
+	sb.WriteString(fmt.Sprintf("Region: %q,\n", e.Region))
+	if e.Variant != 0 {
+		variantSetter, err := endpointVariantSetter(e.Variant)
+		if err != nil {
+			return "", err
+		}
+		sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter))
+	}
+	sb.WriteString("}")
+	return sb.String(), nil
+}
+
+func defaultKeySetter(e defaultKey) (string, error) {
+	var sb strings.Builder
+	sb.WriteString("defaultKey{\n")
+	if e.Variant != 0 {
+		variantSetter, err := endpointVariantSetter(e.Variant)
+		if err != nil {
+			return "", err
+		}
+		sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter))
+	}
+	sb.WriteString("}")
+	return sb.String(), nil
+}
+
 var funcMap = template.FuncMap{
 	"ToSymbol":              toSymbol,
 	"QuoteString":           quoteString,
@@ -167,6 +217,9 @@ var funcMap = template.FuncMap{
 	"StringSliceIfSet":      stringSliceIfSet,
 	"EndpointIsSet":         endpointIsSet,
 	"ServicesSet":           serviceSet,
+	"EndpointVariantSetter": endpointVariantSetter,
+	"EndpointKeySetter":     endpointKeySetter,
+	"DefaultKeySetter":      defaultKeySetter,
 }
 
 const v3Tmpl = `
@@ -272,9 +325,9 @@ partition{
 	{{ StringIfSet "Name: %q,\n" .Name -}}
 	{{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}}
 	RegionRegex: {{ template "gocode RegionRegex" .RegionRegex }},
-	{{ if EndpointIsSet .Defaults -}}
+	{{ if (gt (len .Defaults) 0) -}}
-		Defaults: {{ template "gocode Endpoint" .Defaults }},
+		Defaults: {{ template "gocode Defaults" .Defaults -}},
-	{{- end }}
+	{{ end -}}
 	Regions:  {{ template "gocode Regions" .Regions }},
 	Services: {{ template "gocode Services" .Services }},
 }
@@ -315,19 +368,27 @@ services{
 service{
 	{{ StringIfSet "PartitionEndpoint: %q,\n" .PartitionEndpoint -}}
 	{{ BoxedBoolIfSet "IsRegionalized: %s,\n" .IsRegionalized -}}
-	{{ if EndpointIsSet .Defaults -}}
+	{{ if (gt (len .Defaults) 0) -}}
-		Defaults: {{ template "gocode Endpoint" .Defaults -}},
+		Defaults: {{ template "gocode Defaults" .Defaults -}},
-	{{- end }}
+	{{ end -}}
 	{{ if .Endpoints -}}
 		Endpoints: {{ template "gocode Endpoints" .Endpoints }},
 	{{- end }}
 }
 {{- end }}
 
-{{ define "gocode Endpoints" -}}
+{{ define "gocode Defaults" -}}
-endpoints{
+endpointDefaults{
 	{{ range $id, $endpoint := . -}}
-	"{{ $id }}": {{ template "gocode Endpoint" $endpoint }},
+	{{ DefaultKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }},
+	{{ end }}
+}
+{{- end }}
+
+{{ define "gocode Endpoints" -}}
+serviceEndpoints{
+	{{ range $id, $endpoint := . -}}
+	{{ EndpointKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }},
 	{{ end }}
 }
 {{- end }}
@@ -335,6 +396,7 @@ endpoints{
 {{ define "gocode Endpoint" -}}
 endpoint{
 	{{ StringIfSet "Hostname: %q,\n" .Hostname -}}
+	{{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}}
 	{{ StringIfSet "SSLCommonName: %q,\n" .SSLCommonName -}}
 	{{ StringSliceIfSet "Protocols: []string{%s},\n" .Protocols -}}
 	{{ StringSliceIfSet "SignatureVersions: []string{%s},\n" .SignatureVersions -}}
@@ -344,9 +406,7 @@ endpoint{
 		{{ StringIfSet "Service: %q,\n" .CredentialScope.Service -}}
 	},
 	{{- end }}
-	{{ BoxedBoolIfSet "HasDualStack: %s,\n" .HasDualStack -}}
+	{{ BoxedBoolIfSet "Deprecated: %s,\n" .Deprecated -}}
-	{{ StringIfSet "DualStackHostname: %q,\n" .DualStackHostname -}}
-
 }
 {{- end }}
 `

vendor/github.com/aws/aws-sdk-go/aws/logger.go

@@ -77,6 +77,9 @@ const (
 	// wire unmarshaled message content of requests and responses made while
 	// using the SDK Will also enable LogDebug.
 	LogDebugWithEventStreamBody
+
+	// LogDebugWithDeprecated states the SDK should log details about deprecated functionality.
+	LogDebugWithDeprecated
 )
 
 // A Logger is a minimalistic interface for the SDK to log messages to. Should

vendor/github.com/aws/aws-sdk-go/aws/session/doc.go

@@ -285,5 +285,83 @@ The custom EC2 IMDS endpoint can also be specified via the Session options.
   sess, err := session.NewSessionWithOptions(session.Options{
       EC2MetadataEndpoint: "http://[::1]",
   })
+
+FIPS and DualStack Endpoints
+
+The SDK can be configured to resolve an endpoint with certain capabilities such as FIPS and DualStack.
+
+You can configure a FIPS endpoint using an environment variable, shared config ($HOME/.aws/config),
+or programmatically.
+
+To configure a FIPS endpoint set the environment variable set the AWS_USE_FIPS_ENDPOINT to true or false to enable
+or disable FIPS endpoint resolution.
+
+  AWS_USE_FIPS_ENDPOINT=true
+
+To configure a FIPS endpoint using shared config, set use_fips_endpoint to true or false to enable
+or disable FIPS endpoint resolution.
+
+  [profile myprofile]
+  region=us-west-2
+  use_fips_endpoint=true
+
+To configure a FIPS endpoint programmatically
+
+  // Option 1: Configure it on a session for all clients
+  sess, err := session.NewSessionWithOptions(session.Options{
+      UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled,
+  })
+  if err != nil {
+      // handle error
+  }
+
+  client := s3.New(sess)
+
+  // Option 2: Configure it per client
+  sess, err := session.NewSession()
+  if err != nil {
+      // handle error
+  }
+
+  client := s3.New(sess, &aws.Config{
+      UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled,
+  })
+
+You can configure a DualStack endpoint using an environment variable, shared config ($HOME/.aws/config),
+or programmatically.
+
+To configure a DualStack endpoint set the environment variable set the AWS_USE_DUALSTACK_ENDPOINT to true or false to
+enable or disable DualStack endpoint resolution.
+
+  AWS_USE_DUALSTACK_ENDPOINT=true
+
+To configure a DualStack endpoint using shared config, set use_dualstack_endpoint to true or false to enable
+or disable DualStack endpoint resolution.
+
+  [profile myprofile]
+  region=us-west-2
+  use_dualstack_endpoint=true
+
+To configure a DualStack endpoint programmatically
+
+  // Option 1: Configure it on a session for all clients
+  sess, err := session.NewSessionWithOptions(session.Options{
+      UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled,
+  })
+  if err != nil {
+      // handle error
+  }
+
+  client := s3.New(sess)
+
+  // Option 2: Configure it per client
+  sess, err := session.NewSession()
+  if err != nil {
+      // handle error
+  }
+
+  client := s3.New(sess, &aws.Config{
+      UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled,
+  })
 */
 package session

vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go

@@ -170,6 +170,18 @@ type envConfig struct {
 	//
 	// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
 	EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
+
+	// Specifies that SDK clients must resolve a dual-stack endpoint for
+	// services.
+	//
+	// AWS_USE_DUALSTACK_ENDPOINT=true
+	UseDualStackEndpoint endpoints.DualStackEndpointState
+
+	// Specifies that SDK clients must resolve a FIPS endpoint for
+	// services.
+	//
+	// AWS_USE_FIPS_ENDPOINT=true
+	UseFIPSEndpoint endpoints.FIPSEndpointState
 }
 
 var (
@@ -248,6 +260,12 @@ var (
 	useClientTLSKey = []string{
 		"AWS_SDK_GO_CLIENT_TLS_KEY",
 	}
+	awsUseDualStackEndpoint = []string{
+		"AWS_USE_DUALSTACK_ENDPOINT",
+	}
+	awsUseFIPSEndpoint = []string{
+		"AWS_USE_FIPS_ENDPOINT",
+	}
 )
 
 // loadEnvConfig retrieves the SDK's environment configuration.
@@ -376,6 +394,14 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
 		return envConfig{}, err
 	}
 
+	if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil {
+		return cfg, err
+	}
+
+	if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, awsUseFIPSEndpoint); err != nil {
+		return cfg, err
+	}
+
 	return cfg, nil
 }
 
@@ -401,3 +427,45 @@ func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []str
 	}
 	return nil
 }
+
+func setUseDualStackEndpointFromEnvVal(dst *endpoints.DualStackEndpointState, keys []string) error {
+	for _, k := range keys {
+		value := os.Getenv(k)
+		if len(value) == 0 {
+			continue // skip if empty
+		}
+
+		switch {
+		case strings.EqualFold(value, "true"):
+			*dst = endpoints.DualStackEndpointStateEnabled
+		case strings.EqualFold(value, "false"):
+			*dst = endpoints.DualStackEndpointStateDisabled
+		default:
+			return fmt.Errorf(
+				"invalid value for environment variable, %s=%s, need true, false",
+				k, value)
+		}
+	}
+	return nil
+}
+
+func setUseFIPSEndpointFromEnvVal(dst *endpoints.FIPSEndpointState, keys []string) error {
+	for _, k := range keys {
+		value := os.Getenv(k)
+		if len(value) == 0 {
+			continue // skip if empty
+		}
+
+		switch {
+		case strings.EqualFold(value, "true"):
+			*dst = endpoints.FIPSEndpointStateEnabled
+		case strings.EqualFold(value, "false"):
+			*dst = endpoints.FIPSEndpointStateDisabled
+		default:
+			return fmt.Errorf(
+				"invalid value for environment variable, %s=%s, need true, false",
+				k, value)
+		}
+	}
+	return nil
+}

vendor/github.com/aws/aws-sdk-go/aws/session/session.go

@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -792,6 +793,20 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
 		cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion
 	}
 
+	for _, v := range []endpoints.DualStackEndpointState{userCfg.UseDualStackEndpoint, envCfg.UseDualStackEndpoint, sharedCfg.UseDualStackEndpoint} {
+		if v != endpoints.DualStackEndpointStateUnset {
+			cfg.UseDualStackEndpoint = v
+			break
+		}
+	}
+
+	for _, v := range []endpoints.FIPSEndpointState{userCfg.UseFIPSEndpoint, envCfg.UseFIPSEndpoint, sharedCfg.UseFIPSEndpoint} {
+		if v != endpoints.FIPSEndpointStateUnset {
+			cfg.UseFIPSEndpoint = v
+			break
+		}
+	}
+
 	return nil
 }
 
@@ -845,8 +860,10 @@ func (s *Session) Copy(cfgs ...*aws.Config) *Session {
 func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Config {
 	s = s.Copy(cfgs...)
 
+	resolvedRegion := normalizeRegion(s.Config)
+
 	region := aws.StringValue(s.Config.Region)
-	resolved, err := s.resolveEndpoint(service, region, s.Config)
+	resolved, err := s.resolveEndpoint(service, region, resolvedRegion, s.Config)
 	if err != nil {
 		s.Handlers.Validate.PushBack(func(r *request.Request) {
 			if len(r.ClientInfo.Endpoint) != 0 {
@@ -867,12 +884,13 @@ func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Confi
 		SigningRegion:      resolved.SigningRegion,
 		SigningNameDerived: resolved.SigningNameDerived,
 		SigningName:        resolved.SigningName,
+		ResolvedRegion:     resolvedRegion,
 	}
 }
 
 const ec2MetadataServiceID = "ec2metadata"
 
-func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) {
+func (s *Session) resolveEndpoint(service, region, resolvedRegion string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) {
 
 	if ep := aws.StringValue(cfg.Endpoint); len(ep) != 0 {
 		return endpoints.ResolvedEndpoint{
@@ -884,7 +902,12 @@ func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endp
 	resolved, err := cfg.EndpointResolver.EndpointFor(service, region,
 		func(opt *endpoints.Options) {
 			opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
+
 			opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
+			opt.UseDualStackEndpoint = cfg.UseDualStackEndpoint
+
+			opt.UseFIPSEndpoint = cfg.UseFIPSEndpoint
+
 			// Support for STSRegionalEndpoint where the STSRegionalEndpoint is
 			// provided in envConfig or sharedConfig with envConfig getting
 			// precedence.
@@ -898,6 +921,11 @@ func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endp
 			// Support the condition where the service is modeled but its
 			// endpoint metadata is not available.
 			opt.ResolveUnknownService = true
+
+			opt.ResolvedRegion = resolvedRegion
+
+			opt.Logger = cfg.Logger
+			opt.LogDeprecated = cfg.LogLevel.Matches(aws.LogDebugWithDeprecated)
 		},
 	)
 	if err != nil {
@@ -913,6 +941,8 @@ func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endp
 func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Config {
 	s = s.Copy(cfgs...)
 
+	resolvedRegion := normalizeRegion(s.Config)
+
 	var resolved endpoints.ResolvedEndpoint
 	if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 {
 		resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL))
@@ -926,6 +956,7 @@ func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Conf
 		SigningRegion:      resolved.SigningRegion,
 		SigningNameDerived: resolved.SigningNameDerived,
 		SigningName:        resolved.SigningName,
+		ResolvedRegion:     resolvedRegion,
 	}
 }
 
@@ -939,3 +970,23 @@ func (s *Session) logDeprecatedNewSessionError(msg string, err error, cfgs []*aw
 		r.Error = err
 	})
 }
+
+// normalizeRegion resolves / normalizes the configured region (converts pseudo fips regions), and modifies the provided
+// config to have the equivalent options for resolution and returns the resolved region name.
+func normalizeRegion(cfg *aws.Config) (resolved string) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "-fips"
+	const fipsSuffix = "fips-"
+
+	region := aws.StringValue(cfg.Region)
+
+	if strings.Contains(region, fipsInfix) ||
+		strings.Contains(region, fipsPrefix) ||
+		strings.Contains(region, fipsSuffix) {
+		resolved = strings.Replace(strings.Replace(strings.Replace(
+			region, fipsInfix, "-", -1), fipsPrefix, "", -1), fipsSuffix, "", -1)
+		cfg.UseFIPSEndpoint = endpoints.FIPSEndpointStateEnabled
+	}
+
+	return resolved
+}

vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go

@@ -72,6 +72,12 @@ const (
 
 	// EC2 IMDS Endpoint
 	ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
+
+	// Use DualStack Endpoint Resolution
+	useDualStackEndpoint = "use_dualstack_endpoint"
+
+	// Use FIPS Endpoint Resolution
+	useFIPSEndpointKey = "use_fips_endpoint"
 )
 
 // sharedConfig represents the configuration fields of the SDK config files.
@@ -161,6 +167,18 @@ type sharedConfig struct {
 	//
 	// ec2_metadata_service_endpoint=http://fd00:ec2::254
 	EC2IMDSEndpoint string
+
+	// Specifies that SDK clients must resolve a dual-stack endpoint for
+	// services.
+	//
+	// use_dualstack_endpoint=true
+	UseDualStackEndpoint endpoints.DualStackEndpointState
+
+	// Specifies that SDK clients must resolve a FIPS endpoint for
+	// services.
+	//
+	// use_fips_endpoint=true
+	UseFIPSEndpoint endpoints.FIPSEndpointState
 }
 
 type sharedConfigFile struct {
@@ -356,6 +374,10 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
 				ec2MetadataServiceEndpointModeKey, file.Filename, err)
 		}
 		updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
+
+		updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint)
+
+		updateUseFIPSEndpoint(&cfg.UseFIPSEndpoint, section, useFIPSEndpointKey)
 	}
 
 	updateString(&cfg.CredentialProcess, section, credentialProcessKey)
@@ -673,3 +695,35 @@ func (e CredentialRequiresARNError) OrigErr() error {
 func (e CredentialRequiresARNError) Error() string {
 	return awserr.SprintError(e.Code(), e.Message(), "", nil)
 }
+
+// updateEndpointDiscoveryType will only update the dst with the value in the section, if
+// a valid key and corresponding EndpointDiscoveryType is found.
+func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+
+	if section.Bool(key) {
+		*dst = endpoints.DualStackEndpointStateEnabled
+	} else {
+		*dst = endpoints.DualStackEndpointStateDisabled
+	}
+
+	return
+}
+
+// updateEndpointDiscoveryType will only update the dst with the value in the section, if
+// a valid key and corresponding EndpointDiscoveryType is found.
+func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+
+	if section.Bool(key) {
+		*dst = endpoints.FIPSEndpointStateEnabled
+	} else {
+		*dst = endpoints.FIPSEndpointStateDisabled
+	}
+
+	return
+}

vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go

@@ -634,21 +634,25 @@ func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) {
 		ctx.Query.Set("X-Amz-SignedHeaders", ctx.signedHeaders)
 	}
 
-	headerValues := make([]string, len(headers))
+	headerItems := make([]string, len(headers))
 	for i, k := range headers {
 		if k == "host" {
 			if ctx.Request.Host != "" {
-				headerValues[i] = "host:" + ctx.Request.Host
+				headerItems[i] = "host:" + ctx.Request.Host
 			} else {
-				headerValues[i] = "host:" + ctx.Request.URL.Host
+				headerItems[i] = "host:" + ctx.Request.URL.Host
 			}
 		} else {
-			headerValues[i] = k + ":" +
+			headerValues := make([]string, len(ctx.SignedHeaderVals[k]))
-				strings.Join(ctx.SignedHeaderVals[k], ",")
+			for i, v := range ctx.SignedHeaderVals[k] {
+				headerValues[i] = strings.TrimSpace(v)
+			}
+			headerItems[i] = k + ":" +
+				strings.Join(headerValues, ",")
 		}
 	}
-	stripExcessSpaces(headerValues)
+	stripExcessSpaces(headerItems)
-	ctx.canonicalHeaders = strings.Join(headerValues, "\n")
+	ctx.canonicalHeaders = strings.Join(headerItems, "\n")
 }
 
 func (ctx *signingCtx) buildCanonicalString() {

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.41.15"
+const SDKVersion = "1.42.7"

vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"unicode"
 )
 
 var (
@@ -18,7 +19,7 @@ var literalValues = [][]rune{
 
 func isBoolValue(b []rune) bool {
 	for _, lv := range literalValues {
-		if isLitValue(lv, b) {
+		if isCaselessLitValue(lv, b) {
 			return true
 		}
 	}
@@ -39,6 +40,21 @@ func isLitValue(want, have []rune) bool {
 	return true
 }
 
+// isCaselessLitValue is a caseless value comparison, assumes want is already lower-cased for efficiency.
+func isCaselessLitValue(want, have []rune) bool {
+	if len(have) < len(want) {
+		return false
+	}
+
+	for i := 0; i < len(want); i++ {
+		if want[i] != unicode.ToLower(have[i]) {
+			return false
+		}
+	}
+
+	return true
+}
+
 // isNumberValue will return whether not the leading characters in
 // a byte slice is a number. A number is delimited by whitespace or
 // the newline token.
@@ -177,7 +193,7 @@ func newValue(t ValueType, base int, raw []rune) (Value, error) {
 	case QuotedStringType:
 		v.str = string(raw[1 : len(raw)-1])
 	case BoolType:
-		v.boolean = runeCompare(v.raw, runesTrue)
+		v.boolean = isCaselessLitValue(runesTrue, v.raw)
 	}
 
 	// issue 2253

vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go

@@ -57,7 +57,7 @@ func getBoolValue(b []rune) (int, error) {
 			continue
 		}
 
-		if isLitValue(lv, b) {
+		if isCaselessLitValue(lv, b) {
 			n = len(lv)
 		}
 	}

vendor/github.com/aws/aws-sdk-go/service/ec2/api.go

@@ -59987,6 +59987,8 @@ type CreateRouteInput struct {
 	// with a Wavelength Zone.
 	CarrierGatewayId *string `type:"string"`
 
+	CoreNetworkArn *string `type:"string"`
+
 	// The IPv4 CIDR address block used for the destination match. Routing decisions
 	// are based on the most specific match. We modify the specified CIDR block
 	// to its canonical form; for example, if you specify 100.68.0.18/18, we modify
@@ -60078,6 +60080,12 @@ func (s *CreateRouteInput) SetCarrierGatewayId(v string) *CreateRouteInput {
 	return s
 }
 
+// SetCoreNetworkArn sets the CoreNetworkArn field's value.
+func (s *CreateRouteInput) SetCoreNetworkArn(v string) *CreateRouteInput {
+	s.CoreNetworkArn = &v
+	return s
+}
+
 // SetDestinationCidrBlock sets the DestinationCidrBlock field's value.
 func (s *CreateRouteInput) SetDestinationCidrBlock(v string) *CreateRouteInput {
 	s.DestinationCidrBlock = &v
@@ -96245,14 +96253,23 @@ func (s *FleetLaunchTemplateSpecificationRequest) SetVersion(v string) *FleetLau
 type FleetSpotCapacityRebalance struct {
 	_ struct{} `type:"structure"`
 
-	// To allow EC2 Fleet to launch a replacement Spot Instance when an instance
+	// The replacement strategy to use. Only available for fleets of type maintain.
-	// rebalance notification is emitted for an existing Spot Instance in the fleet,
-	// specify launch. Only available for fleets of type maintain.
 	//
-	// When a replacement instance is launched, the instance marked for rebalance
+	// launch - EC2 Fleet launches a new replacement Spot Instance when a rebalance
-	// is not automatically terminated. You can terminate it, or you can leave it
+	// notification is emitted for an existing Spot Instance in the fleet. EC2 Fleet
-	// running. You are charged for both instances while they are running.
+	// does not terminate the instances that receive a rebalance notification. You
+	// can terminate the old instances, or you can leave them running. You are charged
+	// for all instances while they are running.
+	//
+	// launch-before-terminate - EC2 Fleet launches a new replacement Spot Instance
+	// when a rebalance notification is emitted for an existing Spot Instance in
+	// the fleet, and then, after a delay that you specify (in TerminationDelay),
+	// terminates the instances that received a rebalance notification.
 	ReplacementStrategy *string `locationName:"replacementStrategy" type:"string" enum:"FleetReplacementStrategy"`
+
+	// The amount of time (in seconds) that Amazon EC2 waits before terminating
+	// the old Spot Instance after launching a new replacement Spot Instance.
+	TerminationDelay *int64 `locationName:"terminationDelay" type:"integer"`
 }
 
 // String returns the string representation.
@@ -96279,23 +96296,36 @@ func (s *FleetSpotCapacityRebalance) SetReplacementStrategy(v string) *FleetSpot
 	return s
 }
 
-// The Spot Instance replacement strategy to use when Amazon EC2 emits a signal
+// SetTerminationDelay sets the TerminationDelay field's value.
-// that your Spot Instance is at an elevated risk of being interrupted. For
+func (s *FleetSpotCapacityRebalance) SetTerminationDelay(v int64) *FleetSpotCapacityRebalance {
-// more information, see Capacity rebalancing (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-configuration-strategies.html#ec2-fleet-capacity-rebalance)
+	s.TerminationDelay = &v
+	return s
+}
+
+// The Spot Instance replacement strategy to use when Amazon EC2 emits a rebalance
+// notification signal that your Spot Instance is at an elevated risk of being
+// interrupted. For more information, see Capacity rebalancing (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-configuration-strategies.html#ec2-fleet-capacity-rebalance)
 // in the Amazon EC2 User Guide.
 type FleetSpotCapacityRebalanceRequest struct {
 	_ struct{} `type:"structure"`
 
 	// The replacement strategy to use. Only available for fleets of type maintain.
 	//
-	// To allow EC2 Fleet to launch a replacement Spot Instance when an instance
+	// launch - EC2 Fleet launches a replacement Spot Instance when a rebalance
-	// rebalance notification is emitted for an existing Spot Instance in the fleet,
+	// notification is emitted for an existing Spot Instance in the fleet. EC2 Fleet
-	// specify launch. You must specify a value, otherwise you get an error.
+	// does not terminate the instances that receive a rebalance notification. You
+	// can terminate the old instances, or you can leave them running. You are charged
+	// for all instances while they are running.
 	//
-	// When a replacement instance is launched, the instance marked for rebalance
+	// launch-before-terminate - EC2 Fleet launches a replacement Spot Instance
-	// is not automatically terminated. You can terminate it, or you can leave it
+	// when a rebalance notification is emitted for an existing Spot Instance in
-	// running. You are charged for all instances while they are running.
+	// the fleet, and then, after a delay that you specify (in TerminationDelay),
+	// terminates the instances that received a rebalance notification.
 	ReplacementStrategy *string `type:"string" enum:"FleetReplacementStrategy"`
+
+	// The amount of time (in seconds) that Amazon EC2 waits before terminating
+	// the old Spot Instance after launching a new replacement Spot Instance.
+	TerminationDelay *int64 `type:"integer"`
 }
 
 // String returns the string representation.
@@ -96322,6 +96352,12 @@ func (s *FleetSpotCapacityRebalanceRequest) SetReplacementStrategy(v string) *Fl
 	return s
 }
 
+// SetTerminationDelay sets the TerminationDelay field's value.
+func (s *FleetSpotCapacityRebalanceRequest) SetTerminationDelay(v int64) *FleetSpotCapacityRebalanceRequest {
+	s.TerminationDelay = &v
+	return s
+}
+
 // The strategies for managing your Spot Instances that are at an elevated risk
 // of being interrupted.
 type FleetSpotMaintenanceStrategies struct {
@@ -105729,6 +105765,9 @@ type InstanceNetworkInterfaceAssociation struct {
 	// The carrier IP address associated with the network interface.
 	CarrierIp *string `locationName:"carrierIp" type:"string"`
 
+	// The customer-owned IP address associated with the network interface.
+	CustomerOwnedIp *string `locationName:"customerOwnedIp" type:"string"`
+
 	// The ID of the owner of the Elastic IP address.
 	IpOwnerId *string `locationName:"ipOwnerId" type:"string"`
 
@@ -105763,6 +105802,12 @@ func (s *InstanceNetworkInterfaceAssociation) SetCarrierIp(v string) *InstanceNe
 	return s
 }
 
+// SetCustomerOwnedIp sets the CustomerOwnedIp field's value.
+func (s *InstanceNetworkInterfaceAssociation) SetCustomerOwnedIp(v string) *InstanceNetworkInterfaceAssociation {
+	s.CustomerOwnedIp = &v
+	return s
+}
+
 // SetIpOwnerId sets the IpOwnerId field's value.
 func (s *InstanceNetworkInterfaceAssociation) SetIpOwnerId(v string) *InstanceNetworkInterfaceAssociation {
 	s.IpOwnerId = &v
@@ -116332,6 +116377,10 @@ type ModifySubnetAttributeInput struct {
 	// You must set this value when you specify true for MapCustomerOwnedIpOnLaunch.
 	CustomerOwnedIpv4Pool *string `type:"string"`
 
+	// Indicates whether DNS queries made to the Amazon-provided DNS Resolver in
+	// this subnet should return synthetic IPv6 addresses for IPv4-only destinations.
+	EnableDns64 *AttributeBooleanValue `type:"structure"`
+
 	// Specify true to indicate that network interfaces attached to instances created
 	// in the specified subnet should be assigned a customer-owned IPv4 address.
 	//
@@ -116392,6 +116441,12 @@ func (s *ModifySubnetAttributeInput) SetCustomerOwnedIpv4Pool(v string) *ModifyS
 	return s
 }
 
+// SetEnableDns64 sets the EnableDns64 field's value.
+func (s *ModifySubnetAttributeInput) SetEnableDns64(v *AttributeBooleanValue) *ModifySubnetAttributeInput {
+	s.EnableDns64 = v
+	return s
+}
+
 // SetMapCustomerOwnedIpOnLaunch sets the MapCustomerOwnedIpOnLaunch field's value.
 func (s *ModifySubnetAttributeInput) SetMapCustomerOwnedIpOnLaunch(v *AttributeBooleanValue) *ModifySubnetAttributeInput {
 	s.MapCustomerOwnedIpOnLaunch = v
@@ -126096,6 +126151,8 @@ type ReplaceRouteInput struct {
 	// [IPv4 traffic only] The ID of a carrier gateway.
 	CarrierGatewayId *string `type:"string"`
 
+	CoreNetworkArn *string `type:"string"`
+
 	// The IPv4 CIDR address block used for the destination match. The value that
 	// you provide must match the CIDR of an existing route in the table.
 	DestinationCidrBlock *string `locationName:"destinationCidrBlock" type:"string"`
@@ -126186,6 +126243,12 @@ func (s *ReplaceRouteInput) SetCarrierGatewayId(v string) *ReplaceRouteInput {
 	return s
 }
 
+// SetCoreNetworkArn sets the CoreNetworkArn field's value.
+func (s *ReplaceRouteInput) SetCoreNetworkArn(v string) *ReplaceRouteInput {
+	s.CoreNetworkArn = &v
+	return s
+}
+
 // SetDestinationCidrBlock sets the DestinationCidrBlock field's value.
 func (s *ReplaceRouteInput) SetDestinationCidrBlock(v string) *ReplaceRouteInput {
 	s.DestinationCidrBlock = &v
@@ -130317,6 +130380,8 @@ type Route struct {
 	// The ID of the carrier gateway.
 	CarrierGatewayId *string `locationName:"carrierGatewayId" type:"string"`
 
+	CoreNetworkArn *string `locationName:"coreNetworkArn" type:"string"`
+
 	// The IPv4 CIDR block used for the destination match.
 	DestinationCidrBlock *string `locationName:"destinationCidrBlock" type:"string"`
 
@@ -130393,6 +130458,12 @@ func (s *Route) SetCarrierGatewayId(v string) *Route {
 	return s
 }
 
+// SetCoreNetworkArn sets the CoreNetworkArn field's value.
+func (s *Route) SetCoreNetworkArn(v string) *Route {
+	s.CoreNetworkArn = &v
+	return s
+}
+
 // SetDestinationCidrBlock sets the DestinationCidrBlock field's value.
 func (s *Route) SetDestinationCidrBlock(v string) *Route {
 	s.DestinationCidrBlock = &v
@@ -134710,16 +134781,22 @@ type SpotCapacityRebalance struct {
 	_ struct{} `type:"structure"`
 
 	// The replacement strategy to use. Only available for fleets of type maintain.
-	// You must specify a value, otherwise you get an error.
 	//
-	// To allow Spot Fleet to launch a replacement Spot Instance when an instance
+	// launch - Spot Fleet launches a new replacement Spot Instance when a rebalance
-	// rebalance notification is emitted for a Spot Instance in the fleet, specify
+	// notification is emitted for an existing Spot Instance in the fleet. Spot
-	// launch.
+	// Fleet does not terminate the instances that receive a rebalance notification.
+	// You can terminate the old instances, or you can leave them running. You are
+	// charged for all instances while they are running.
 	//
-	// When a replacement instance is launched, the instance marked for rebalance
+	// launch-before-terminate - Spot Fleet launches a new replacement Spot Instance
-	// is not automatically terminated. You can terminate it, or you can leave it
+	// when a rebalance notification is emitted for an existing Spot Instance in
-	// running. You are charged for all instances while they are running.
+	// the fleet, and then, after a delay that you specify (in TerminationDelay),
+	// terminates the instances that received a rebalance notification.
 	ReplacementStrategy *string `locationName:"replacementStrategy" type:"string" enum:"ReplacementStrategy"`
+
+	// The amount of time (in seconds) that Amazon EC2 waits before terminating
+	// the old Spot Instance after launching a new replacement Spot Instance.
+	TerminationDelay *int64 `locationName:"terminationDelay" type:"integer"`
 }
 
 // String returns the string representation.
@@ -134746,6 +134823,12 @@ func (s *SpotCapacityRebalance) SetReplacementStrategy(v string) *SpotCapacityRe
 	return s
 }
 
+// SetTerminationDelay sets the TerminationDelay field's value.
+func (s *SpotCapacityRebalance) SetTerminationDelay(v int64) *SpotCapacityRebalance {
+	s.TerminationDelay = &v
+	return s
+}
+
 // Describes the data feed for a Spot Instance.
 type SpotDatafeedSubscription struct {
 	_ struct{} `type:"structure"`
@@ -137299,6 +137382,10 @@ type Subnet struct {
 	// Indicates whether this is the default subnet for the Availability Zone.
 	DefaultForAz *bool `locationName:"defaultForAz" type:"boolean"`
 
+	// Indicates whether DNS queries made to the Amazon-provided DNS Resolver in
+	// this subnet should return synthetic IPv6 addresses for IPv4-only destinations.
+	EnableDns64 *bool `locationName:"enableDns64" type:"boolean"`
+
 	// Information about the IPv6 CIDR blocks associated with the subnet.
 	Ipv6CidrBlockAssociationSet []*SubnetIpv6CidrBlockAssociation `locationName:"ipv6CidrBlockAssociationSet" locationNameList:"item" type:"list"`
 
@@ -137393,6 +137480,12 @@ func (s *Subnet) SetDefaultForAz(v bool) *Subnet {
 	return s
 }
 
+// SetEnableDns64 sets the EnableDns64 field's value.
+func (s *Subnet) SetEnableDns64(v bool) *Subnet {
+	s.EnableDns64 = &v
+	return s
+}
+
 // SetIpv6CidrBlockAssociationSet sets the Ipv6CidrBlockAssociationSet field's value.
 func (s *Subnet) SetIpv6CidrBlockAssociationSet(v []*SubnetIpv6CidrBlockAssociation) *Subnet {
 	s.Ipv6CidrBlockAssociationSet = v
@@ -144773,7 +144866,7 @@ type VpnConnection struct {
 	CustomerGatewayId *string `locationName:"customerGatewayId" type:"string"`
 
 	// The current state of the gateway association.
-	GatewayAssociationState *string `locationName:"gatewayAssociationState" type:"string"`
+	GatewayAssociationState *string `locationName:"gatewayAssociationState" type:"string" enum:"GatewayAssociationState"`
 
 	// The VPN connection options.
 	Options *VpnConnectionOptions `locationName:"options" type:"structure"`
@@ -147467,12 +147560,16 @@ func FleetOnDemandAllocationStrategy_Values() []string {
 const (
 	// FleetReplacementStrategyLaunch is a FleetReplacementStrategy enum value
 	FleetReplacementStrategyLaunch = "launch"
+
+	// FleetReplacementStrategyLaunchBeforeTerminate is a FleetReplacementStrategy enum value
+	FleetReplacementStrategyLaunchBeforeTerminate = "launch-before-terminate"
 )
 
 // FleetReplacementStrategy_Values returns all elements of the FleetReplacementStrategy enum
 func FleetReplacementStrategy_Values() []string {
 	return []string{
 		FleetReplacementStrategyLaunch,
+		FleetReplacementStrategyLaunchBeforeTerminate,
 	}
 }
 
@@ -147600,6 +147697,30 @@ func FpgaImageStateCode_Values() []string {
 	}
 }
 
+const (
+	// GatewayAssociationStateAssociated is a GatewayAssociationState enum value
+	GatewayAssociationStateAssociated = "associated"
+
+	// GatewayAssociationStateNotAssociated is a GatewayAssociationState enum value
+	GatewayAssociationStateNotAssociated = "not-associated"
+
+	// GatewayAssociationStateAssociating is a GatewayAssociationState enum value
+	GatewayAssociationStateAssociating = "associating"
+
+	// GatewayAssociationStateDisassociating is a GatewayAssociationState enum value
+	GatewayAssociationStateDisassociating = "disassociating"
+)
+
+// GatewayAssociationState_Values returns all elements of the GatewayAssociationState enum
+func GatewayAssociationState_Values() []string {
+	return []string{
+		GatewayAssociationStateAssociated,
+		GatewayAssociationStateNotAssociated,
+		GatewayAssociationStateAssociating,
+		GatewayAssociationStateDisassociating,
+	}
+}
+
 const (
 	// GatewayTypeIpsec1 is a GatewayType enum value
 	GatewayTypeIpsec1 = "ipsec.1"
@@ -148782,6 +148903,33 @@ const (
 	// InstanceTypeC6gn16xlarge is a InstanceType enum value
 	InstanceTypeC6gn16xlarge = "c6gn.16xlarge"
 
+	// InstanceTypeC6iLarge is a InstanceType enum value
+	InstanceTypeC6iLarge = "c6i.large"
+
+	// InstanceTypeC6iXlarge is a InstanceType enum value
+	InstanceTypeC6iXlarge = "c6i.xlarge"
+
+	// InstanceTypeC6i2xlarge is a InstanceType enum value
+	InstanceTypeC6i2xlarge = "c6i.2xlarge"
+
+	// InstanceTypeC6i4xlarge is a InstanceType enum value
+	InstanceTypeC6i4xlarge = "c6i.4xlarge"
+
+	// InstanceTypeC6i8xlarge is a InstanceType enum value
+	InstanceTypeC6i8xlarge = "c6i.8xlarge"
+
+	// InstanceTypeC6i12xlarge is a InstanceType enum value
+	InstanceTypeC6i12xlarge = "c6i.12xlarge"
+
+	// InstanceTypeC6i16xlarge is a InstanceType enum value
+	InstanceTypeC6i16xlarge = "c6i.16xlarge"
+
+	// InstanceTypeC6i24xlarge is a InstanceType enum value
+	InstanceTypeC6i24xlarge = "c6i.24xlarge"
+
+	// InstanceTypeC6i32xlarge is a InstanceType enum value
+	InstanceTypeC6i32xlarge = "c6i.32xlarge"
+
 	// InstanceTypeCc14xlarge is a InstanceType enum value
 	InstanceTypeCc14xlarge = "cc1.4xlarge"
 
@@ -149363,6 +149511,30 @@ const (
 
 	// InstanceTypeVt124xlarge is a InstanceType enum value
 	InstanceTypeVt124xlarge = "vt1.24xlarge"
+
+	// InstanceTypeG5Xlarge is a InstanceType enum value
+	InstanceTypeG5Xlarge = "g5.xlarge"
+
+	// InstanceTypeG52xlarge is a InstanceType enum value
+	InstanceTypeG52xlarge = "g5.2xlarge"
+
+	// InstanceTypeG54xlarge is a InstanceType enum value
+	InstanceTypeG54xlarge = "g5.4xlarge"
+
+	// InstanceTypeG58xlarge is a InstanceType enum value
+	InstanceTypeG58xlarge = "g5.8xlarge"
+
+	// InstanceTypeG512xlarge is a InstanceType enum value
+	InstanceTypeG512xlarge = "g5.12xlarge"
+
+	// InstanceTypeG516xlarge is a InstanceType enum value
+	InstanceTypeG516xlarge = "g5.16xlarge"
+
+	// InstanceTypeG524xlarge is a InstanceType enum value
+	InstanceTypeG524xlarge = "g5.24xlarge"
+
+	// InstanceTypeG548xlarge is a InstanceType enum value
+	InstanceTypeG548xlarge = "g5.48xlarge"
 )
 
 // InstanceType_Values returns all elements of the InstanceType enum
@@ -149595,6 +149767,15 @@ func InstanceType_Values() []string {
 		InstanceTypeC6gn8xlarge,
 		InstanceTypeC6gn12xlarge,
 		InstanceTypeC6gn16xlarge,
+		InstanceTypeC6iLarge,
+		InstanceTypeC6iXlarge,
+		InstanceTypeC6i2xlarge,
+		InstanceTypeC6i4xlarge,
+		InstanceTypeC6i8xlarge,
+		InstanceTypeC6i12xlarge,
+		InstanceTypeC6i16xlarge,
+		InstanceTypeC6i24xlarge,
+		InstanceTypeC6i32xlarge,
 		InstanceTypeCc14xlarge,
 		InstanceTypeCc28xlarge,
 		InstanceTypeG22xlarge,
@@ -149789,6 +149970,14 @@ func InstanceType_Values() []string {
 		InstanceTypeVt13xlarge,
 		InstanceTypeVt16xlarge,
 		InstanceTypeVt124xlarge,
+		InstanceTypeG5Xlarge,
+		InstanceTypeG52xlarge,
+		InstanceTypeG54xlarge,
+		InstanceTypeG58xlarge,
+		InstanceTypeG512xlarge,
+		InstanceTypeG516xlarge,
+		InstanceTypeG524xlarge,
+		InstanceTypeG548xlarge,
 	}
 }
 
@@ -150795,12 +150984,16 @@ func ReplaceRootVolumeTaskState_Values() []string {
 const (
 	// ReplacementStrategyLaunch is a ReplacementStrategy enum value
 	ReplacementStrategyLaunch = "launch"
+
+	// ReplacementStrategyLaunchBeforeTerminate is a ReplacementStrategy enum value
+	ReplacementStrategyLaunchBeforeTerminate = "launch-before-terminate"
 )
 
 // ReplacementStrategy_Values returns all elements of the ReplacementStrategy enum
 func ReplacementStrategy_Values() []string {
 	return []string{
 		ReplacementStrategyLaunch,
+		ReplacementStrategyLaunchBeforeTerminate,
 	}
 }
 

vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go

@@ -68,6 +68,10 @@ func fillPresignedURL(r *request.Request) {
 		func(opt *endpoints.Options) {
 			opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
 			opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
+			opt.UseDualStackEndpoint = cfg.UseDualStackEndpoint
+			opt.UseFIPSEndpoint = cfg.UseFIPSEndpoint
+			opt.Logger = r.Config.Logger
+			opt.LogDeprecated = r.Config.LogLevel.Matches(aws.LogDebugWithDeprecated)
 		},
 	)
 	if err != nil {

vendor/github.com/aws/aws-sdk-go/service/ec2/service.go

@@ -48,11 +48,11 @@ const (
 //     svc := ec2.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2 {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *EC2 {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *EC2 {
 	svc := &EC2{
 		Client: client.New(
 			cfg,
@@ -64,6 +64,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint,
 				PartitionID:    partitionID,
 				Endpoint:       endpoint,
 				APIVersion:     "2016-11-15",
+				ResolvedRegion: resolvedRegion,
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/kms/service.go

@@ -49,11 +49,11 @@ const (
 //     svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *KMS {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *KMS {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *KMS {
 	svc := &KMS{
 		Client: client.New(
 			cfg,
@@ -65,6 +65,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint,
 				PartitionID:    partitionID,
 				Endpoint:       endpoint,
 				APIVersion:     "2014-11-01",
+				ResolvedRegion: resolvedRegion,
 				JSONVersion:    "1.1",
 				TargetPrefix:   "TrentService",
 			},

vendor/github.com/aws/aws-sdk-go/service/sso/service.go

@@ -52,11 +52,11 @@ func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO {
 	if c.SigningNameDerived || len(c.SigningName) == 0 {
 		c.SigningName = "awsssoportal"
 	}
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *SSO {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SSO {
 	svc := &SSO{
 		Client: client.New(
 			cfg,
@@ -68,6 +68,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint,
 				PartitionID:    partitionID,
 				Endpoint:       endpoint,
 				APIVersion:     "2019-06-10",
+				ResolvedRegion: resolvedRegion,
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/sts/service.go

@@ -48,11 +48,11 @@ const (
 //     svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *STS {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *STS {
 	svc := &STS{
 		Client: client.New(
 			cfg,
@@ -64,6 +64,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint,
 				PartitionID:    partitionID,
 				Endpoint:       endpoint,
 				APIVersion:     "2011-06-15",
+				ResolvedRegion: resolvedRegion,
 			},
 			handlers,
 		),

vendor/modules.txt

@@ -2,7 +2,7 @@
 github.com/armon/go-metrics
 # github.com/armon/go-radix v1.0.0
 github.com/armon/go-radix
-# github.com/aws/aws-sdk-go v1.41.15
+# github.com/aws/aws-sdk-go v1.42.7
 ## explicit
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/awserr