rebase: bump github.com/aws/aws-sdk-go from 1.44.10 to 1.44.16

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.10 to 1.44.16. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.10...v1.44.16) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
2024-09-19 15:09:56 +00:00 · 2022-05-18 05:37:10 +00:00 · 2022-05-18 05:37:10 +00:00 · 9d3086e211
commit 9d3086e211
parent 952105e551
8 changed files with 719 additions and 74 deletions
--- a/go.mod
+++ b/go.mod
@ -4,7 +4,7 @@ go 1.17

 require (
 	github.com/IBM/keyprotect-go-client v0.7.0
-	github.com/aws/aws-sdk-go v1.44.10
+	github.com/aws/aws-sdk-go v1.44.16
 	github.com/aws/aws-sdk-go-v2/service/sts v1.16.5
 	github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
 	// TODO: API for managing NFS-exports requires `ceph_ci_untested` build-tag
--- a/go.sum
+++ b/go.sum
@ -141,8 +141,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
 github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.10 h1:ohCdgQpJ9ojzm0fOk7ykrMTgTpHJBk5nnA7X+HzmnOA=
-github.com/aws/aws-sdk-go v1.44.10/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.16 h1:6voHuNZZNWo71MdNlym4eRlcogTeTSk9Ipo6qDJWzoU=
+github.com/aws/aws-sdk-go v1.44.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go-v2 v1.16.3 h1:0W1TSJ7O6OzwuEvIXAtJGvOeQ0SGAhcpxPN2/NK5EhM=
 github.com/aws/aws-sdk-go-v2 v1.16.3/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10 h1:uFWgo6mGJI1n17nbcvSc6fxVuR3xLNqvXt12JCnEcT8=
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"

 // SDKVersion is the version of this SDK
-const SDKVersion = "1.44.10"
+const SDKVersion = "1.44.16"
--- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
@ -8216,7 +8216,8 @@ func (c *EC2) CreateTrafficMirrorTargetRequest(input *CreateTrafficMirrorTargetI
 // in the same VPC, or in different VPCs connected via VPC peering or a transit
 // gateway.
 //
-// A Traffic Mirror target can be a network interface, or a Network Load Balancer.
+// A Traffic Mirror target can be a network interface, a Network Load Balancer,
+// or a Gateway Load Balancer endpoint.
 //
 // To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession
 // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.htm).
@ -35562,6 +35563,93 @@ func (c *EC2) GetInstanceTypesFromInstanceRequirementsPagesWithContext(ctx aws.C
 	return p.Err()
 }

+const opGetInstanceUefiData = "GetInstanceUefiData"
+
+// GetInstanceUefiDataRequest generates a "aws/request.Request" representing the
+// client's request for the GetInstanceUefiData operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetInstanceUefiData for more information on using the GetInstanceUefiData
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetInstanceUefiDataRequest method.
+//    req, resp := client.GetInstanceUefiDataRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetInstanceUefiData
+func (c *EC2) GetInstanceUefiDataRequest(input *GetInstanceUefiDataInput) (req *request.Request, output *GetInstanceUefiDataOutput) {
+	op := &request.Operation{
+		Name:       opGetInstanceUefiData,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &GetInstanceUefiDataInput{}
+	}
+
+	output = &GetInstanceUefiDataOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetInstanceUefiData API operation for Amazon Elastic Compute Cloud.
+//
+// A binary representation of the UEFI variable store. Only non-volatile variables
+// are stored. This is a base64 encoded and zlib compressed binary value that
+// must be properly encoded.
+//
+// When you use register-image (https://docs.aws.amazon.com/cli/latest/reference/ec2/register-image.html)
+// to create an AMI, you can create an exact copy of your variable store by
+// passing the UEFI data in the UefiData parameter. You can modify the UEFI
+// data by using the python-uefivars tool (https://github.com/awslabs/python-uefivars)
+// on GitHub. You can use the tool to convert the UEFI data into a human-readable
+// format (JSON), which you can inspect and modify, and then convert back into
+// the binary format to use with register-image.
+//
+// For more information, see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html)
+// in the Amazon EC2 User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Compute Cloud's
+// API operation GetInstanceUefiData for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetInstanceUefiData
+func (c *EC2) GetInstanceUefiData(input *GetInstanceUefiDataInput) (*GetInstanceUefiDataOutput, error) {
+	req, out := c.GetInstanceUefiDataRequest(input)
+	return out, req.Send()
+}
+
+// GetInstanceUefiDataWithContext is the same as GetInstanceUefiData with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetInstanceUefiData for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) GetInstanceUefiDataWithContext(ctx aws.Context, input *GetInstanceUefiDataInput, opts ...request.Option) (*GetInstanceUefiDataOutput, error) {
+	req, out := c.GetInstanceUefiDataRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opGetIpamAddressHistory = "GetIpamAddressHistory"

 // GetIpamAddressHistoryRequest generates a "aws/request.Request" representing the
@ -67710,6 +67798,9 @@ type CreateTrafficMirrorTargetInput struct {
 	// it is UnauthorizedOperation.
 	DryRun *bool `type:"boolean"`

+	// The ID of the Gateway Load Balancer endpoint.
+	GatewayLoadBalancerEndpointId *string `type:"string"`
+
 	// The network interface ID that is associated with the target.
 	NetworkInterfaceId *string `type:"string"`

@ -67757,6 +67848,12 @@ func (s *CreateTrafficMirrorTargetInput) SetDryRun(v bool) *CreateTrafficMirrorT
 	return s
 }

+// SetGatewayLoadBalancerEndpointId sets the GatewayLoadBalancerEndpointId field's value.
+func (s *CreateTrafficMirrorTargetInput) SetGatewayLoadBalancerEndpointId(v string) *CreateTrafficMirrorTargetInput {
+	s.GatewayLoadBalancerEndpointId = &v
+	return s
+}
+
 // SetNetworkInterfaceId sets the NetworkInterfaceId field's value.
 func (s *CreateTrafficMirrorTargetInput) SetNetworkInterfaceId(v string) *CreateTrafficMirrorTargetInput {
 	s.NetworkInterfaceId = &v
@ -69527,12 +69624,18 @@ type CreateVpcEndpointInput struct {
 	// of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html).
 	ClientToken *string `type:"string"`

+	// The DNS options for the endpoint.
+	DnsOptions *DnsOptionsSpecification `type:"structure"`
+
 	// Checks whether you have the required permissions for the action, without
 	// actually making the request, and provides an error response. If you have
 	// the required permissions, the error response is DryRunOperation. Otherwise,
 	// it is UnauthorizedOperation.
 	DryRun *bool `type:"boolean"`

+	// The IP address type for the endpoint.
+	IpAddressType *string `type:"string" enum:"IpAddressType"`
+
 	// (Interface and gateway endpoints) A policy to attach to the endpoint that
 	// controls access to the service. The policy must be in valid JSON format.
 	// If this parameter is not specified, we attach a default policy that allows
@ -69626,12 +69729,24 @@ func (s *CreateVpcEndpointInput) SetClientToken(v string) *CreateVpcEndpointInpu
 	return s
 }

+// SetDnsOptions sets the DnsOptions field's value.
+func (s *CreateVpcEndpointInput) SetDnsOptions(v *DnsOptionsSpecification) *CreateVpcEndpointInput {
+	s.DnsOptions = v
+	return s
+}
+
 // SetDryRun sets the DryRun field's value.
 func (s *CreateVpcEndpointInput) SetDryRun(v bool) *CreateVpcEndpointInput {
 	s.DryRun = &v
 	return s
 }

+// SetIpAddressType sets the IpAddressType field's value.
+func (s *CreateVpcEndpointInput) SetIpAddressType(v string) *CreateVpcEndpointInput {
+	s.IpAddressType = &v
+	return s
+}
+
 // SetPolicyDocument sets the PolicyDocument field's value.
 func (s *CreateVpcEndpointInput) SetPolicyDocument(v string) *CreateVpcEndpointInput {
 	s.PolicyDocument = &v
@ -69756,6 +69871,9 @@ type CreateVpcEndpointServiceConfigurationInput struct {
 	// VPC endpoint service.
 	PrivateDnsName *string `type:"string"`

+	// The supported IP address types. The possible values are ipv4 and ipv6.
+	SupportedIpAddressTypes []*string `locationName:"SupportedIpAddressType" locationNameList:"item" type:"list"`
+
 	// The tags to associate with the service.
 	TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"`
 }
@ -69814,6 +69932,12 @@ func (s *CreateVpcEndpointServiceConfigurationInput) SetPrivateDnsName(v string)
 	return s
 }

+// SetSupportedIpAddressTypes sets the SupportedIpAddressTypes field's value.
+func (s *CreateVpcEndpointServiceConfigurationInput) SetSupportedIpAddressTypes(v []*string) *CreateVpcEndpointServiceConfigurationInput {
+	s.SupportedIpAddressTypes = v
+	return s
+}
+
 // SetTagSpecifications sets the TagSpecifications field's value.
 func (s *CreateVpcEndpointServiceConfigurationInput) SetTagSpecifications(v []*TagSpecification) *CreateVpcEndpointServiceConfigurationInput {
 	s.TagSpecifications = v
@ -82502,6 +82626,17 @@ type DescribeImageAttributeOutput struct {
 	// Indicates whether enhanced networking with the Intel 82599 Virtual Function
 	// interface is enabled.
 	SriovNetSupport *AttributeValue `locationName:"sriovNetSupport" type:"structure"`
+
+	// If the image is configured for NitroTPM support, the value is v2.0.
+	TpmSupport *AttributeValue `locationName:"tpmSupport" type:"structure"`
+
+	// Base64 representation of the non-volatile UEFI variable store. To retrieve
+	// the UEFI data, use the GetInstanceUefiData (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceUefiData)
+	// command. You can inspect and modify the UEFI data by using the python-uefivars
+	// tool (https://github.com/awslabs/python-uefivars) on GitHub. For more information,
+	// see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html)
+	// in the Amazon Elastic Compute Cloud User Guide.
+	UefiData *AttributeValue `locationName:"uefiData" type:"structure"`
 }

 // String returns the string representation.
@ -82582,6 +82717,18 @@ func (s *DescribeImageAttributeOutput) SetSriovNetSupport(v *AttributeValue) *De
 	return s
 }

+// SetTpmSupport sets the TpmSupport field's value.
+func (s *DescribeImageAttributeOutput) SetTpmSupport(v *AttributeValue) *DescribeImageAttributeOutput {
+	s.TpmSupport = v
+	return s
+}
+
+// SetUefiData sets the UefiData field's value.
+func (s *DescribeImageAttributeOutput) SetUefiData(v *AttributeValue) *DescribeImageAttributeOutput {
+	s.UefiData = v
+	return s
+}
+
 type DescribeImagesInput struct {
 	_ struct{} `type:"structure"`

@ -95059,6 +95206,8 @@ type DescribeVpcEndpointConnectionsInput struct {

 	// One or more filters.
 	//
+	//    * ip-address-type - The IP address type (ipv4 | ipv6).
+	//
 	//    * service-id - The ID of the service.
 	//
 	//    * vpc-endpoint-owner - The ID of the Amazon Web Services account ID that
@ -95182,6 +95331,8 @@ type DescribeVpcEndpointServiceConfigurationsInput struct {
 	//    * service-state - The state of the service (Pending | Available | Deleting
 	//    | Deleted | Failed).
 	//
+	//    * supported-ip-address-types - The IP address type (ipv4 | ipv6).
+	//
 	//    * tag:<key> - The key/value combination of a tag assigned to the resource.
 	//    Use the tag key in the filter name and the tag value as the filter value.
 	//    For example, to find all resources that have a tag with the key Owner
@ -95447,6 +95598,8 @@ type DescribeVpcEndpointServicesInput struct {
 	//
 	//    * service-type - The type of service (Interface | Gateway).
 	//
+	//    * supported-ip-address-types - The IP address type (ipv4 | ipv6).
+	//
 	//    * tag:<key> - The key/value combination of a tag assigned to the resource.
 	//    Use the tag key in the filter name and the tag value as the filter value.
 	//    For example, to find all resources that have a tag with the key Owner
@ -95584,6 +95737,8 @@ type DescribeVpcEndpointsInput struct {

 	// One or more filters.
 	//
+	//    * ip-address-type - The IP address type (ipv4 | ipv6).
+	//
 	//    * service-name - The name of the service.
 	//
 	//    * vpc-id - The ID of the VPC in which the endpoint resides.
@ -99629,6 +99784,70 @@ func (s *DnsEntry) SetHostedZoneId(v string) *DnsEntry {
 	return s
 }

+// Describes the DNS options for an endpoint.
+type DnsOptions struct {
+	_ struct{} `type:"structure"`
+
+	// The DNS records created for the endpoint.
+	DnsRecordIpType *string `locationName:"dnsRecordIpType" type:"string" enum:"DnsRecordIpType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DnsOptions) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DnsOptions) GoString() string {
+	return s.String()
+}
+
+// SetDnsRecordIpType sets the DnsRecordIpType field's value.
+func (s *DnsOptions) SetDnsRecordIpType(v string) *DnsOptions {
+	s.DnsRecordIpType = &v
+	return s
+}
+
+// Describes the DNS options for an endpoint.
+type DnsOptionsSpecification struct {
+	_ struct{} `type:"structure"`
+
+	// The DNS records created for the endpoint.
+	DnsRecordIpType *string `type:"string" enum:"DnsRecordIpType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DnsOptionsSpecification) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DnsOptionsSpecification) GoString() string {
+	return s.String()
+}
+
+// SetDnsRecordIpType sets the DnsRecordIpType field's value.
+func (s *DnsOptionsSpecification) SetDnsRecordIpType(v string) *DnsOptionsSpecification {
+	s.DnsRecordIpType = &v
+	return s
+}
+
 // Information about the DNS server to be used.
 type DnsServersOptionsModifyStructure struct {
 	_ struct{} `type:"structure"`
@ -107106,6 +107325,104 @@ func (s *GetInstanceTypesFromInstanceRequirementsOutput) SetNextToken(v string)
 	return s
 }

+type GetInstanceUefiDataInput struct {
+	_ struct{} `type:"structure"`
+
+	// Checks whether you have the required permissions for the action, without
+	// actually making the request, and provides an error response. If you have
+	// the required permissions, the error response is DryRunOperation. Otherwise,
+	// it is UnauthorizedOperation.
+	DryRun *bool `type:"boolean"`
+
+	// The ID of the instance from which to retrieve the UEFI data.
+	//
+	// InstanceId is a required field
+	InstanceId *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetInstanceUefiDataInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetInstanceUefiDataInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetInstanceUefiDataInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetInstanceUefiDataInput"}
+	if s.InstanceId == nil {
+		invalidParams.Add(request.NewErrParamRequired("InstanceId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDryRun sets the DryRun field's value.
+func (s *GetInstanceUefiDataInput) SetDryRun(v bool) *GetInstanceUefiDataInput {
+	s.DryRun = &v
+	return s
+}
+
+// SetInstanceId sets the InstanceId field's value.
+func (s *GetInstanceUefiDataInput) SetInstanceId(v string) *GetInstanceUefiDataInput {
+	s.InstanceId = &v
+	return s
+}
+
+type GetInstanceUefiDataOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the instance from which to retrieve the UEFI data.
+	InstanceId *string `locationName:"instanceId" type:"string"`
+
+	// Base64 representation of the non-volatile UEFI variable store.
+	UefiData *string `locationName:"uefiData" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetInstanceUefiDataOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetInstanceUefiDataOutput) GoString() string {
+	return s.String()
+}
+
+// SetInstanceId sets the InstanceId field's value.
+func (s *GetInstanceUefiDataOutput) SetInstanceId(v string) *GetInstanceUefiDataOutput {
+	s.InstanceId = &v
+	return s
+}
+
+// SetUefiData sets the UefiData field's value.
+func (s *GetInstanceUefiDataOutput) SetUefiData(v string) *GetInstanceUefiDataOutput {
+	s.UefiData = &v
+	return s
+}
+
 type GetIpamAddressHistoryInput struct {
 	_ struct{} `type:"structure"`

@ -111241,6 +111558,11 @@ type Image struct {
 	// Any tags assigned to the image.
 	Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`

+	// If the image is configured for NitroTPM support, the value is v2.0. For more
+	// information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html)
+	// in the Amazon Elastic Compute Cloud User Guide.
+	TpmSupport *string `locationName:"tpmSupport" type:"string" enum:"TpmSupportValues"`
+
 	// The operation of the Amazon EC2 instance and the billing code that is associated
 	// with the AMI. usageOperation corresponds to the lineitem/Operation (https://docs.aws.amazon.com/cur/latest/userguide/Lineitem-columns.html#Lineitem-details-O-Operation)
 	// column on your Amazon Web Services Cost and Usage Report and in the Amazon
@ -111429,6 +111751,12 @@ func (s *Image) SetTags(v []*Tag) *Image {
 	return s
 }

+// SetTpmSupport sets the TpmSupport field's value.
+func (s *Image) SetTpmSupport(v string) *Image {
+	s.TpmSupport = &v
+	return s
+}
+
 // SetUsageOperation sets the UsageOperation field's value.
 func (s *Image) SetUsageOperation(v string) *Image {
 	s.UsageOperation = &v
@ -113594,6 +113922,11 @@ type Instance struct {
 	// Any tags assigned to the instance.
 	Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`

+	// If the instance is configured for NitroTPM support, the value is v2.0. For
+	// more information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html)
+	// in the Amazon EC2 User Guide.
+	TpmSupport *string `locationName:"tpmSupport" type:"string"`
+
 	// The usage operation value for the instance. For more information, see AMI
 	// billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html)
 	// in the Amazon EC2 User Guide.
@ -113933,6 +114266,12 @@ func (s *Instance) SetTags(v []*Tag) *Instance {
 	return s
 }

+// SetTpmSupport sets the TpmSupport field's value.
+func (s *Instance) SetTpmSupport(v string) *Instance {
+	s.TpmSupport = &v
+	return s
+}
+
 // SetUsageOperation sets the UsageOperation field's value.
 func (s *Instance) SetUsageOperation(v string) *Instance {
 	s.UsageOperation = &v
@ -130153,12 +130492,18 @@ type ModifyVpcEndpointInput struct {
 	// specify only one subnet.
 	AddSubnetIds []*string `locationName:"AddSubnetId" locationNameList:"item" type:"list"`

+	// The DNS options for the endpoint.
+	DnsOptions *DnsOptionsSpecification `type:"structure"`
+
 	// Checks whether you have the required permissions for the action, without
 	// actually making the request, and provides an error response. If you have
 	// the required permissions, the error response is DryRunOperation. Otherwise,
 	// it is UnauthorizedOperation.
 	DryRun *bool `type:"boolean"`

+	// The IP address type for the endpoint.
+	IpAddressType *string `type:"string" enum:"IpAddressType"`
+
 	// (Interface and gateway endpoints) A policy to attach to the endpoint that
 	// controls access to the service. The policy must be in valid JSON format.
 	PolicyDocument *string `type:"string"`
@ -130236,12 +130581,24 @@ func (s *ModifyVpcEndpointInput) SetAddSubnetIds(v []*string) *ModifyVpcEndpoint
 	return s
 }

+// SetDnsOptions sets the DnsOptions field's value.
+func (s *ModifyVpcEndpointInput) SetDnsOptions(v *DnsOptionsSpecification) *ModifyVpcEndpointInput {
+	s.DnsOptions = v
+	return s
+}
+
 // SetDryRun sets the DryRun field's value.
 func (s *ModifyVpcEndpointInput) SetDryRun(v bool) *ModifyVpcEndpointInput {
 	s.DryRun = &v
 	return s
 }

+// SetIpAddressType sets the IpAddressType field's value.
+func (s *ModifyVpcEndpointInput) SetIpAddressType(v string) *ModifyVpcEndpointInput {
+	s.IpAddressType = &v
+	return s
+}
+
 // SetPolicyDocument sets the PolicyDocument field's value.
 func (s *ModifyVpcEndpointInput) SetPolicyDocument(v string) *ModifyVpcEndpointInput {
 	s.PolicyDocument = &v
@ -130330,6 +130687,9 @@ type ModifyVpcEndpointServiceConfigurationInput struct {
 	// service configuration.
 	AddNetworkLoadBalancerArns []*string `locationName:"AddNetworkLoadBalancerArn" locationNameList:"item" type:"list"`

+	// The IP address types to add to your service configuration.
+	AddSupportedIpAddressTypes []*string `locationName:"AddSupportedIpAddressType" locationNameList:"item" type:"list"`
+
 	// Checks whether you have the required permissions for the action, without
 	// actually making the request, and provides an error response. If you have
 	// the required permissions, the error response is DryRunOperation. Otherwise,
@ -130352,6 +130712,9 @@ type ModifyVpcEndpointServiceConfigurationInput struct {
 	// service.
 	RemovePrivateDnsName *bool `type:"boolean"`

+	// The IP address types to remove from your service configuration.
+	RemoveSupportedIpAddressTypes []*string `locationName:"RemoveSupportedIpAddressType" locationNameList:"item" type:"list"`
+
 	// The ID of the service.
 	//
 	// ServiceId is a required field
@ -130407,6 +130770,12 @@ func (s *ModifyVpcEndpointServiceConfigurationInput) SetAddNetworkLoadBalancerAr
 	return s
 }

+// SetAddSupportedIpAddressTypes sets the AddSupportedIpAddressTypes field's value.
+func (s *ModifyVpcEndpointServiceConfigurationInput) SetAddSupportedIpAddressTypes(v []*string) *ModifyVpcEndpointServiceConfigurationInput {
+	s.AddSupportedIpAddressTypes = v
+	return s
+}
+
 // SetDryRun sets the DryRun field's value.
 func (s *ModifyVpcEndpointServiceConfigurationInput) SetDryRun(v bool) *ModifyVpcEndpointServiceConfigurationInput {
 	s.DryRun = &v
@ -130437,6 +130806,12 @@ func (s *ModifyVpcEndpointServiceConfigurationInput) SetRemovePrivateDnsName(v b
 	return s
 }

+// SetRemoveSupportedIpAddressTypes sets the RemoveSupportedIpAddressTypes field's value.
+func (s *ModifyVpcEndpointServiceConfigurationInput) SetRemoveSupportedIpAddressTypes(v []*string) *ModifyVpcEndpointServiceConfigurationInput {
+	s.RemoveSupportedIpAddressTypes = v
+	return s
+}
+
 // SetServiceId sets the ServiceId field's value.
 func (s *ModifyVpcEndpointServiceConfigurationInput) SetServiceId(v string) *ModifyVpcEndpointServiceConfigurationInput {
 	s.ServiceId = &v
@ -137967,6 +138342,19 @@ type RegisterImageInput struct {
 	// PV AMI can make instances launched from the AMI unreachable.
 	SriovNetSupport *string `locationName:"sriovNetSupport" type:"string"`

+	// Set to v2.0 to enable Trusted Platform Module (TPM) support. For more information,
+	// see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html)
+	// in the Amazon Elastic Compute Cloud User Guide.
+	TpmSupport *string `type:"string" enum:"TpmSupportValues"`
+
+	// Base64 representation of the non-volatile UEFI variable store. To retrieve
+	// the UEFI data, use the GetInstanceUefiData (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceUefiData)
+	// command. You can inspect and modify the UEFI data by using the python-uefivars
+	// tool (https://github.com/awslabs/python-uefivars) on GitHub. For more information,
+	// see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html)
+	// in the Amazon Elastic Compute Cloud User Guide.
+	UefiData *string `type:"string"`
+
 	// The type of virtualization (hvm | paravirtual).
 	//
 	// Default: paravirtual
@ -138082,6 +138470,18 @@ func (s *RegisterImageInput) SetSriovNetSupport(v string) *RegisterImageInput {
 	return s
 }

+// SetTpmSupport sets the TpmSupport field's value.
+func (s *RegisterImageInput) SetTpmSupport(v string) *RegisterImageInput {
+	s.TpmSupport = &v
+	return s
+}
+
+// SetUefiData sets the UefiData field's value.
+func (s *RegisterImageInput) SetUefiData(v string) *RegisterImageInput {
+	s.UefiData = &v
+	return s
+}
+
 // SetVirtualizationType sets the VirtualizationType field's value.
 func (s *RegisterImageInput) SetVirtualizationType(v string) *RegisterImageInput {
 	s.VirtualizationType = &v
@ -147998,6 +148398,9 @@ type ServiceConfiguration struct {
 	// The type of service.
 	ServiceType []*ServiceTypeDetail `locationName:"serviceType" locationNameList:"item" type:"list"`

+	// The supported IP address types.
+	SupportedIpAddressTypes []*string `locationName:"supportedIpAddressTypeSet" locationNameList:"item" type:"list" enum:"ServiceConnectivityType"`
+
 	// Any tags assigned to the service.
 	Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`
 }
@ -148098,6 +148501,12 @@ func (s *ServiceConfiguration) SetServiceType(v []*ServiceTypeDetail) *ServiceCo
 	return s
 }

+// SetSupportedIpAddressTypes sets the SupportedIpAddressTypes field's value.
+func (s *ServiceConfiguration) SetSupportedIpAddressTypes(v []*string) *ServiceConfiguration {
+	s.SupportedIpAddressTypes = v
+	return s
+}
+
 // SetTags sets the Tags field's value.
 func (s *ServiceConfiguration) SetTags(v []*Tag) *ServiceConfiguration {
 	s.Tags = v
@ -148149,6 +148558,9 @@ type ServiceDetail struct {
 	// The type of service.
 	ServiceType []*ServiceTypeDetail `locationName:"serviceType" locationNameList:"item" type:"list"`

+	// The supported IP address types.
+	SupportedIpAddressTypes []*string `locationName:"supportedIpAddressTypeSet" locationNameList:"item" type:"list" enum:"ServiceConnectivityType"`
+
 	// Any tags assigned to the service.
 	Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`

@ -148246,6 +148658,12 @@ func (s *ServiceDetail) SetServiceType(v []*ServiceTypeDetail) *ServiceDetail {
 	return s
 }

+// SetSupportedIpAddressTypes sets the SupportedIpAddressTypes field's value.
+func (s *ServiceDetail) SetSupportedIpAddressTypes(v []*string) *ServiceDetail {
+	s.SupportedIpAddressTypes = v
+	return s
+}
+
 // SetTags sets the Tags field's value.
 func (s *ServiceDetail) SetTags(v []*Tag) *ServiceDetail {
 	s.Tags = v
@ -153913,6 +154331,9 @@ type TrafficMirrorTarget struct {
 	// Information about the Traffic Mirror target.
 	Description *string `locationName:"description" type:"string"`

+	// The ID of the Gateway Load Balancer endpoint.
+	GatewayLoadBalancerEndpointId *string `locationName:"gatewayLoadBalancerEndpointId" type:"string"`
+
 	// The network interface ID that is attached to the target.
 	NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"`

@ -153956,6 +154377,12 @@ func (s *TrafficMirrorTarget) SetDescription(v string) *TrafficMirrorTarget {
 	return s
 }

+// SetGatewayLoadBalancerEndpointId sets the GatewayLoadBalancerEndpointId field's value.
+func (s *TrafficMirrorTarget) SetGatewayLoadBalancerEndpointId(v string) *TrafficMirrorTarget {
+	s.GatewayLoadBalancerEndpointId = &v
+	return s
+}
+
 // SetNetworkInterfaceId sets the NetworkInterfaceId field's value.
 func (s *TrafficMirrorTarget) SetNetworkInterfaceId(v string) *TrafficMirrorTarget {
 	s.NetworkInterfaceId = &v
@ -159016,23 +159443,29 @@ func (s *VpcClassicLink) SetVpcId(v string) *VpcClassicLink {
 type VpcEndpoint struct {
 	_ struct{} `type:"structure"`

-	// The date and time that the VPC endpoint was created.
+	// The date and time that the endpoint was created.
 	CreationTimestamp *time.Time `locationName:"creationTimestamp" type:"timestamp"`

 	// (Interface endpoint) The DNS entries for the endpoint.
 	DnsEntries []*DnsEntry `locationName:"dnsEntrySet" locationNameList:"item" type:"list"`

+	// The DNS options for the endpoint.
+	DnsOptions *DnsOptions `locationName:"dnsOptions" type:"structure"`
+
 	// (Interface endpoint) Information about the security groups that are associated
 	// with the network interface.
 	Groups []*SecurityGroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"`

-	// The last error that occurred for VPC endpoint.
+	// The IP address type for the endpoint.
+	IpAddressType *string `locationName:"ipAddressType" type:"string" enum:"IpAddressType"`
+
+	// The last error that occurred for endpoint.
 	LastError *LastError `locationName:"lastError" type:"structure"`

 	// (Interface endpoint) One or more network interfaces for the endpoint.
 	NetworkInterfaceIds []*string `locationName:"networkInterfaceIdSet" locationNameList:"item" type:"list"`

-	// The ID of the Amazon Web Services account that owns the VPC endpoint.
+	// The ID of the Amazon Web Services account that owns the endpoint.
 	OwnerId *string `locationName:"ownerId" type:"string"`

 	// The policy document associated with the endpoint, if applicable.
@ -159042,7 +159475,7 @@ type VpcEndpoint struct {
 	// hosted zone.
 	PrivateDnsEnabled *bool `locationName:"privateDnsEnabled" type:"boolean"`

-	// Indicates whether the VPC endpoint is being managed by its service.
+	// Indicates whether the endpoint is being managed by its service.
 	RequesterManaged *bool `locationName:"requesterManaged" type:"boolean"`

 	// (Gateway endpoint) One or more route tables associated with the endpoint.
@ -159051,16 +159484,16 @@ type VpcEndpoint struct {
 	// The name of the service to which the endpoint is associated.
 	ServiceName *string `locationName:"serviceName" type:"string"`

-	// The state of the VPC endpoint.
+	// The state of the endpoint.
 	State *string `locationName:"state" type:"string" enum:"State"`

-	// (Interface endpoint) One or more subnets in which the endpoint is located.
+	// (Interface endpoint) The subnets for the endpoint.
 	SubnetIds []*string `locationName:"subnetIdSet" locationNameList:"item" type:"list"`

-	// Any tags assigned to the VPC endpoint.
+	// Any tags assigned to the endpoint.
 	Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`

-	// The ID of the VPC endpoint.
+	// The ID of the endpoint.
 	VpcEndpointId *string `locationName:"vpcEndpointId" type:"string"`

 	// The type of endpoint.
@ -159100,12 +159533,24 @@ func (s *VpcEndpoint) SetDnsEntries(v []*DnsEntry) *VpcEndpoint {
 	return s
 }

+// SetDnsOptions sets the DnsOptions field's value.
+func (s *VpcEndpoint) SetDnsOptions(v *DnsOptions) *VpcEndpoint {
+	s.DnsOptions = v
+	return s
+}
+
 // SetGroups sets the Groups field's value.
 func (s *VpcEndpoint) SetGroups(v []*SecurityGroupIdentifier) *VpcEndpoint {
 	s.Groups = v
 	return s
 }

+// SetIpAddressType sets the IpAddressType field's value.
+func (s *VpcEndpoint) SetIpAddressType(v string) *VpcEndpoint {
+	s.IpAddressType = &v
+	return s
+}
+
 // SetLastError sets the LastError field's value.
 func (s *VpcEndpoint) SetLastError(v *LastError) *VpcEndpoint {
 	s.LastError = v
@ -159203,6 +159648,9 @@ type VpcEndpointConnection struct {
 	// The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service.
 	GatewayLoadBalancerArns []*string `locationName:"gatewayLoadBalancerArnSet" locationNameList:"item" type:"list"`

+	// The IP address type for the endpoint.
+	IpAddressType *string `locationName:"ipAddressType" type:"string" enum:"IpAddressType"`
+
 	// The Amazon Resource Names (ARNs) of the network load balancers for the service.
 	NetworkLoadBalancerArns []*string `locationName:"networkLoadBalancerArnSet" locationNameList:"item" type:"list"`

@ -159255,6 +159703,12 @@ func (s *VpcEndpointConnection) SetGatewayLoadBalancerArns(v []*string) *VpcEndp
 	return s
 }

+// SetIpAddressType sets the IpAddressType field's value.
+func (s *VpcEndpointConnection) SetIpAddressType(v string) *VpcEndpointConnection {
+	s.IpAddressType = &v
+	return s
+}
+
 // SetNetworkLoadBalancerArns sets the NetworkLoadBalancerArns field's value.
 func (s *VpcEndpointConnection) SetNetworkLoadBalancerArns(v []*string) *VpcEndpointConnection {
 	s.NetworkLoadBalancerArns = v
@ -161947,6 +162401,30 @@ func DnsNameState_Values() []string {
 	}
 }

+const (
+	// DnsRecordIpTypeIpv4 is a DnsRecordIpType enum value
+	DnsRecordIpTypeIpv4 = "ipv4"
+
+	// DnsRecordIpTypeDualstack is a DnsRecordIpType enum value
+	DnsRecordIpTypeDualstack = "dualstack"
+
+	// DnsRecordIpTypeIpv6 is a DnsRecordIpType enum value
+	DnsRecordIpTypeIpv6 = "ipv6"
+
+	// DnsRecordIpTypeServiceDefined is a DnsRecordIpType enum value
+	DnsRecordIpTypeServiceDefined = "service-defined"
+)
+
+// DnsRecordIpType_Values returns all elements of the DnsRecordIpType enum
+func DnsRecordIpType_Values() []string {
+	return []string{
+		DnsRecordIpTypeIpv4,
+		DnsRecordIpTypeDualstack,
+		DnsRecordIpTypeIpv6,
+		DnsRecordIpTypeServiceDefined,
+	}
+}
+
 const (
 	// DnsSupportValueEnable is a DnsSupportValue enum value
 	DnsSupportValueEnable = "enable"
@ -162756,6 +163234,12 @@ const (
 	// ImageAttributeNameBootMode is a ImageAttributeName enum value
 	ImageAttributeNameBootMode = "bootMode"

+	// ImageAttributeNameTpmSupport is a ImageAttributeName enum value
+	ImageAttributeNameTpmSupport = "tpmSupport"
+
+	// ImageAttributeNameUefiData is a ImageAttributeName enum value
+	ImageAttributeNameUefiData = "uefiData"
+
 	// ImageAttributeNameLastLaunchedTime is a ImageAttributeName enum value
 	ImageAttributeNameLastLaunchedTime = "lastLaunchedTime"
 )
@ -162771,6 +163255,8 @@ func ImageAttributeName_Values() []string {
 		ImageAttributeNameBlockDeviceMapping,
 		ImageAttributeNameSriovNetSupport,
 		ImageAttributeNameBootMode,
+		ImageAttributeNameTpmSupport,
+		ImageAttributeNameUefiData,
 		ImageAttributeNameLastLaunchedTime,
 	}
 }
@ -165263,6 +165749,26 @@ func InterfaceProtocolType_Values() []string {
 	}
 }

+const (
+	// IpAddressTypeIpv4 is a IpAddressType enum value
+	IpAddressTypeIpv4 = "ipv4"
+
+	// IpAddressTypeDualstack is a IpAddressType enum value
+	IpAddressTypeDualstack = "dualstack"
+
+	// IpAddressTypeIpv6 is a IpAddressType enum value
+	IpAddressTypeIpv6 = "ipv6"
+)
+
+// IpAddressType_Values returns all elements of the IpAddressType enum
+func IpAddressType_Values() []string {
+	return []string{
+		IpAddressTypeIpv4,
+		IpAddressTypeDualstack,
+		IpAddressTypeIpv6,
+	}
+}
+
 const (
 	// IpamAddressHistoryResourceTypeEip is a IpamAddressHistoryResourceType enum value
 	IpamAddressHistoryResourceTypeEip = "eip"
@ -167283,6 +167789,22 @@ func SelfServicePortal_Values() []string {
 	}
 }

+const (
+	// ServiceConnectivityTypeIpv4 is a ServiceConnectivityType enum value
+	ServiceConnectivityTypeIpv4 = "ipv4"
+
+	// ServiceConnectivityTypeIpv6 is a ServiceConnectivityType enum value
+	ServiceConnectivityTypeIpv6 = "ipv6"
+)
+
+// ServiceConnectivityType_Values returns all elements of the ServiceConnectivityType enum
+func ServiceConnectivityType_Values() []string {
+	return []string{
+		ServiceConnectivityTypeIpv4,
+		ServiceConnectivityTypeIpv6,
+	}
+}
+
 const (
 	// ServiceStatePending is a ServiceState enum value
 	ServiceStatePending = "Pending"
@ -167811,6 +168333,18 @@ func TieringOperationStatus_Values() []string {
 	}
 }

+const (
+	// TpmSupportValuesV20 is a TpmSupportValues enum value
+	TpmSupportValuesV20 = "v2.0"
+)
+
+// TpmSupportValues_Values returns all elements of the TpmSupportValues enum
+func TpmSupportValues_Values() []string {
+	return []string{
+		TpmSupportValuesV20,
+	}
+}
+
 const (
 	// TrafficDirectionIngress is a TrafficDirection enum value
 	TrafficDirectionIngress = "ingress"
@ -167905,6 +168439,9 @@ const (

 	// TrafficMirrorTargetTypeNetworkLoadBalancer is a TrafficMirrorTargetType enum value
 	TrafficMirrorTargetTypeNetworkLoadBalancer = "network-load-balancer"
+
+	// TrafficMirrorTargetTypeGatewayLoadBalancerEndpoint is a TrafficMirrorTargetType enum value
+	TrafficMirrorTargetTypeGatewayLoadBalancerEndpoint = "gateway-load-balancer-endpoint"
 )

 // TrafficMirrorTargetType_Values returns all elements of the TrafficMirrorTargetType enum
@ -167912,6 +168449,7 @@ func TrafficMirrorTargetType_Values() []string {
 	return []string{
 		TrafficMirrorTargetTypeNetworkInterface,
 		TrafficMirrorTargetTypeNetworkLoadBalancer,
+		TrafficMirrorTargetTypeGatewayLoadBalancerEndpoint,
 	}
 }

--- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go
@ -912,12 +912,12 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
 // and verify. You can't change these properties after the KMS key is created.
 //
 // Asymmetric KMS keys contain an RSA key pair or an Elliptic Curve (ECC) key
-// pair. The private key in an asymmetric KMS key never leaves AWS KMS unencrypted.
+// pair. The private key in an asymmetric KMS key never leaves KMS unencrypted.
 // However, you can use the GetPublicKey operation to download the public key
-// so it can be used outside of AWS KMS. KMS keys with RSA key pairs can be
-// used to encrypt or decrypt data or sign and verify messages (but not both).
-// KMS keys with ECC key pairs can be used only to sign and verify messages.
-// For information about asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+// so it can be used outside of KMS. KMS keys with RSA key pairs can be used
+// to encrypt or decrypt data or sign and verify messages (but not both). KMS
+// keys with ECC key pairs can be used only to sign and verify messages. For
+// information about asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
 // in the Key Management Service Developer Guide.
 //
 // HMAC KMS key
@ -1191,8 +1191,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output
 //
 // The Decrypt operation also decrypts ciphertext that was encrypted outside
 // of KMS by the public key in an KMS asymmetric KMS key. However, it cannot
-// decrypt symmetric ciphertext produced by other libraries, such as the Amazon
-// Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/)
+// decrypt ciphertext produced by other libraries, such as the Amazon Web Services
+// Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/)
 // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html).
 // These libraries return a ciphertext format that is incompatible with KMS.
 //
@ -2195,16 +2195,27 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re
 // DisableKeyRotation API operation for AWS Key Management Service.
 //
 // Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
-// for the specified symmetric encryption KMS key.
+// of the specified symmetric encryption KMS key.
 //
-// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
+// Automatic key rotation is supported only on symmetric encryption KMS keys.
+// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
 // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
 // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
 // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
-// To enable or disable automatic rotation of a set of related multi-Region
-// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
+// The key rotation status of these KMS keys is always false. To enable or disable
+// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
 // set the property on the primary key.
 //
+// You can enable (EnableKeyRotation) and disable automatic rotation of the
+// key material in customer managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk).
+// Key material rotation of Amazon Web Services managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk)
+// is not configurable. KMS always rotates the key material for every year.
+// Rotation of Amazon Web Services owned KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk)
+// varies.
+//
+// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed
+// keys from every three years to every year. For details, see EnableKeyRotation.
+//
 // The KMS key that you use for this operation must be in a compatible key state.
 // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
 // in the Key Management Service Developer Guide.
@ -2589,16 +2600,41 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ
 // EnableKeyRotation API operation for AWS Key Management Service.
 //
 // Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
-// for the specified symmetric encryption KMS key.
+// of the specified symmetric encryption KMS key.
 //
-// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
+// When you enable automatic rotation of acustomer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk),
+// KMS rotates the key material of the KMS key one year (approximately 365 days)
+// from the enable date and every year thereafter. You can monitor rotation
+// of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.
+// To disable rotation of the key material in a customer managed KMS key, use
+// the DisableKeyRotation operation.
+//
+// Automatic key rotation is supported only on symmetric encryption KMS keys
+// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks).
+// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
 // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
 // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
 // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
-// To enable or disable automatic rotation of a set of related multi-Region
-// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
+// The key rotation status of these KMS keys is always false. To enable or disable
+// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
 // set the property on the primary key.
 //
+// You cannot enable or disable automatic rotation Amazon Web Services managed
+// KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
+// KMS always rotates the key material of Amazon Web Services managed keys every
+// year. Rotation of Amazon Web Services owned KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk)
+// varies.
+//
+// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed
+// keys from every three years (approximately 1,095 days) to every year (approximately
+// 365 days).
+//
+// New Amazon Web Services managed keys are automatically rotated one year after
+// they are created, and approximately every year thereafter.
+//
+// Existing Amazon Web Services managed keys are automatically rotated one year
+// after their most recent rotation, and every year thereafter.
+//
 // The KMS key that you use for this operation must be in a compatible key state.
 // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
 // in the Key Management Service Developer Guide.
@ -3490,14 +3526,16 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho
 //
 // This operation is useful for systems that need to encrypt data at some point,
 // but not immediately. When you need to encrypt the data, you call the Decrypt
-// operation on the encrypted copy of the key. It's also useful in distributed
-// systems with different levels of trust. For example, you might store encrypted
-// data in containers. One component of your system creates new containers and
-// stores an encrypted data key with each container. Then, a different component
-// puts the data into the containers. That component first decrypts the data
-// key, uses the plaintext data key to encrypt data, puts the encrypted data
-// into the container, and then destroys the plaintext data key. In this system,
-// the component that creates the containers never sees the plaintext data key.
+// operation on the encrypted copy of the key.
+//
+// It's also useful in distributed systems with different levels of trust. For
+// example, you might store encrypted data in containers. One component of your
+// system creates new containers and stores an encrypted data key with each
+// container. Then, a different component puts the data into the containers.
+// That component first decrypts the data key, uses the plaintext data key to
+// encrypt data, puts the encrypted data into the container, and then destroys
+// the plaintext data key. In this system, the component that creates the containers
+// never sees the plaintext data key.
 //
 // To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext
 // operations.
@ -3672,6 +3710,13 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request,
 // KMS support for HMAC KMS keys. For details, see HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html)
 // in the Key Management Service Developer Guide .
 //
+// Best practices recommend that you limit the time during which any signing
+// mechanism, including an HMAC, is effective. This deters an attack where the
+// actor uses a signed message to establish validity repeatedly or long after
+// the message is superseded. HMAC tags do not include a timestamp, but you
+// can include a timestamp in the token or message to help you detect when its
+// time to refresh the HMAC.
+//
 // The KMS key that you use for this operation must be in a compatible key state.
 // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
 // in the Key Management Service Developer Guide.
@ -4038,14 +4083,30 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req
 // material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
 // is enabled for the specified KMS key.
 //
-// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
+// When you enable automatic rotation for customer managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk),
+// KMS rotates the key material of the KMS key one year (approximately 365 days)
+// from the enable date and every year thereafter. You can monitor rotation
+// of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.
+//
+// Automatic key rotation is supported only on symmetric encryption KMS keys
+// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks).
+// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
 // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
 // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
 // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
-// To enable or disable automatic rotation of a set of related multi-Region
-// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
-// set the property on the primary key. The key rotation status for these KMS
-// keys is always false.
+// The key rotation status of these KMS keys is always false. To enable or disable
+// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
+// set the property on the primary key..
+//
+// You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation)
+// of the key material in customer managed KMS keys. Key material rotation of
+// Amazon Web Services managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk)
+// is not configurable. KMS always rotates the key material in Amazon Web Services
+// managed KMS keys every year. The key rotation status for Amazon Web Services
+// managed KMS keys is always true.
+//
+// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed
+// keys from every three years to every year. For details, see EnableKeyRotation.
 //
 // The KMS key that you use for this operation must be in a compatible key state.
 // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
@ -4053,11 +4114,15 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req
 //
 //    * Disabled: The key rotation status does not change when you disable a
 //    KMS key. However, while the KMS key is disabled, KMS does not rotate the
-//    key material.
+//    key material. When you re-enable the KMS key, rotation resumes. If the
+//    key material in the re-enabled KMS key hasn't been rotated in one year,
+//    KMS rotates it immediately, and every year thereafter. If it's been less
+//    than a year since the key material in the re-enabled KMS key was rotated,
+//    the KMS key resumes its prior rotation schedule.
 //
 //    * Pending deletion: While a KMS key is pending deletion, its key rotation
 //    status is false and KMS does not rotate the key material. If you cancel
-//    the deletion, the original key rotation status is restored.
+//    the deletion, the original key rotation status returns to true.
 //
 // Cross-account use: Yes. To perform this operation on a KMS key in a different
 // Amazon Web Services account, specify the key ARN in the value of the KeyId
@ -6644,6 +6709,12 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO
 // When signing a message, be sure to record the KMS key and the signing algorithm.
 // This information is required to verify the signature.
 //
+// Best practices recommend that you limit the time during which any signature
+// is effective. This deters an attack where the actor uses a signed message
+// to establish validity repeatedly or long after the message is superseded.
+// Signatures do not include a timestamp, but you can include a timestamp in
+// the signed message to help you detect when its time to refresh the signature.
+//
 // To verify the signature that this operation generates, use the Verify operation.
 // Or use the GetPublicKey operation to download the public key and then use
 // the public key to verify the signature outside of KMS.
@ -9242,11 +9313,11 @@ type CreateKeyInput struct {
 	// in the Key Management Service Developer Guide .
 	//
 	// The KeySpec determines whether the KMS key contains a symmetric key or an
-	// asymmetric key pair. It also determines the algorithms that the KMS key supports.
-	// You can't change the KeySpec after the KMS key is created. To further restrict
-	// the algorithms that can be used with the KMS key, use a condition key in
-	// its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm
-	// (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm),
+	// asymmetric key pair. It also determines the cryptographic algorithms that
+	// the KMS key supports. You can't change the KeySpec after the KMS key is created.
+	// To further restrict the algorithms that can be used with the KMS key, use
+	// a condition key in its key policy or IAM policy. For more information, see
+	// kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm),
 	// kms:MacAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm)
 	// or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm)
 	// in the Key Management Service Developer Guide .
@ -9307,9 +9378,9 @@ type CreateKeyInput struct {
 	// This value creates a primary key, not a replica. To create a replica key,
 	// use the ReplicateKey operation.
 	//
-	// You can create a symmetric or asymmetric multi-Region key, and you can create
-	// a multi-Region key with imported key material. However, you cannot create
-	// a multi-Region key in a custom key store.
+	// You can create a multi-Region version of a symmetric encryption KMS key,
+	// an HMAC KMS key, an asymmetric KMS key, or a KMS key with imported key material.
+	// However, you cannot create a multi-Region key in a custom key store.
 	MultiRegion *bool `type:"boolean"`

 	// The source of the key material for the KMS key. You cannot change the origin
@ -9329,11 +9400,14 @@ type CreateKeyInput struct {
 	// KMS keys.
 	Origin *string `type:"string" enum:"OriginType"`

-	// The key policy to attach to the KMS key.
+	// The key policy to attach to the KMS key. If you do not specify a key policy,
+	// KMS attaches a default key policy to the KMS key. For more information, see
+	// Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
+	// in the Key Management Service Developer Guide.
 	//
 	// If you provide a key policy, it must meet the following criteria:
 	//
-	//    * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy
+	//    * If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy
 	//    must allow the principal that is making the CreateKey request to make
 	//    a subsequent PutKeyPolicy request on the KMS key. This reduces the risk
 	//    that the KMS key becomes unmanageable. For more information, refer to
@ -9349,11 +9423,18 @@ type CreateKeyInput struct {
 	//    visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
 	//    in the Amazon Web Services Identity and Access Management User Guide.
 	//
-	// If you do not provide a key policy, KMS attaches a default key policy to
-	// the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
-	// in the Key Management Service Developer Guide.
+	// A key policy document must conform to the following rules.
 	//
-	// The key policy size quota is 32 kilobytes (32768 bytes).
+	//    * Up to 32 kilobytes (32768 bytes)
+	//
+	//    * Must be UTF-8 encoded
+	//
+	//    * The only Unicode characters that are permitted in a key policy document
+	//    are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D),
+	//    and characters in the range U+0020 to U+00FF.
+	//
+	//    * The Sid element in a key policy statement can include spaces. (Spaces
+	//    are prohibited in the Sid element of an IAM policy document.)
 	//
 	// For help writing and formatting a JSON policy document, see the IAM JSON
 	// Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html)
@ -11098,13 +11179,13 @@ func (s EnableKeyOutput) GoString() string {
 type EnableKeyRotationInput struct {
 	_ struct{} `type:"structure"`

-	// Identifies a symmetric encryption KMS key. You cannot enable automatic rotation
-	// of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
+	// Identifies a symmetric encryption KMS key. You cannot enable or disable automatic
+	// rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
 	// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
 	// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
 	// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
-	// To enable or disable automatic rotation of a set of related multi-Region
-	// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
+	// The key rotation status of these KMS keys is always false. To enable or disable
+	// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
 	// set the property on the primary key.
 	//
 	// Specify the key ID or key ARN of the KMS key.
@ -15929,9 +16010,18 @@ type PutKeyPolicyInput struct {
 	//    visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
 	//    in the Amazon Web Services Identity and Access Management User Guide.
 	//
-	// The key policy cannot exceed 32 kilobytes (32768 bytes). For more information,
-	// see Resource Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html)
-	// in the Key Management Service Developer Guide.
+	// A key policy document must conform to the following rules.
+	//
+	//    * Up to 32 kilobytes (32768 bytes)
+	//
+	//    * Must be UTF-8 encoded
+	//
+	//    * The only Unicode characters that are permitted in a key policy document
+	//    are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D),
+	//    and characters in the range U+0020 to U+00FF.
+	//
+	//    * The Sid element in a key policy statement can include spaces. (Spaces
+	//    are prohibited in the Sid element of an IAM policy document.)
 	//
 	// Policy is a required field
 	Policy *string `min:"1" type:"string" required:"true"`
@ -16391,7 +16481,18 @@ type ReplicateKeyInput struct {
 	//    visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
 	//    in the Identity and Access Management User Guide .
 	//
-	//    * The key policy size quota is 32 kilobytes (32768 bytes).
+	// A key policy document must conform to the following rules.
+	//
+	//    * Up to 32 kilobytes (32768 bytes)
+	//
+	//    * Must be UTF-8 encoded
+	//
+	//    * The only Unicode characters that are permitted in a key policy document
+	//    are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D),
+	//    and characters in the range U+0020 to U+00FF.
+	//
+	//    * The Sid element in a key policy statement can include spaces. (Spaces
+	//    are prohibited in the Sid element of an IAM policy document.)
 	Policy *string `min:"1" type:"string"`

 	// The Region ID of the Amazon Web Services Region for this replica key.
@ -16818,9 +16919,9 @@ type ScheduleKeyDeletionInput struct {
 	// The waiting period, specified in number of days. After the waiting period
 	// ends, KMS deletes the KMS key.
 	//
-	// If the KMS key is a multi-Region primary key with replicas, the waiting period
-	// begins when the last of its replica keys is deleted. Otherwise, the waiting
-	// period begins immediately.
+	// If the KMS key is a multi-Region primary key with replica keys, the waiting
+	// period begins when the last of its replica keys is deleted. Otherwise, the
+	// waiting period begins immediately.
 	//
 	// This value is optional. If you include a value, it must be between 7 and
 	// 30, inclusive. If you do not include a value, it defaults to 30.
--- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go
@ -30,11 +30,11 @@
 // see Service endpoints (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region)
 // in the Key Management Service topic of the Amazon Web Services General Reference.
 //
-// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS
-// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy
-// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
-// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support
-// these modes.
+// All KMS API calls must be signed and be transmitted using Transport Layer
+// Security (TLS). KMS recommends you always use the latest supported TLS version.
+// Clients must also support cipher suites with Perfect Forward Secrecy (PFS)
+// such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman
+// (ECDHE). Most modern systems such as Java 7 and later support these modes.
 //
 // Signing Requests
 //
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@ -1279,6 +1279,12 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
+// No permissions are required for users to perform this operation. The purpose
+// of the sts:GetSessionToken operation is to authenticate the user using MFA.
+// You cannot use policies to control authentication operations. For more information,
+// see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
+// in the IAM User Guide.
+//
 // Session Duration
 //
 // The GetSessionToken operation must be called by using the long-term Amazon
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -14,7 +14,7 @@ github.com/armon/go-metrics
 # github.com/armon/go-radix v1.0.0
 ## explicit
 github.com/armon/go-radix
-# github.com/aws/aws-sdk-go v1.44.10
+# github.com/aws/aws-sdk-go v1.44.16
 ## explicit; go 1.11
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/awserr