rebase: bump github.com/aws/aws-sdk-go from 1.44.146 to 1.44.172

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.146 to 1.44.172. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.146...v1.44.172) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
2024-09-19 15:09:56 +00:00 · 2023-01-04 17:04:56 +00:00 · 2023-01-04 17:04:56 +00:00 · bde65202e4
commit bde65202e4
parent f579125d63
10 changed files with 13119 additions and 890 deletions
--- a/go.mod
+++ b/go.mod
@ -4,7 +4,7 @@ go 1.18

 require (
 	github.com/IBM/keyprotect-go-client v0.9.2
-	github.com/aws/aws-sdk-go v1.44.146
+	github.com/aws/aws-sdk-go v1.44.172
 	github.com/aws/aws-sdk-go-v2/service/sts v1.17.7
 	github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
 	// TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag
--- a/go.sum
+++ b/go.sum
@ -140,8 +140,8 @@ github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:l
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go v1.44.146 h1:7YdGgPxDPRJu/yYffzZp/H7yHzQ6AqmuNFZPYraaN8I=
-github.com/aws/aws-sdk-go v1.44.146/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.172 h1:JwhHWVkU/UUq8b4kc2ETzoYg6UXlSslK1EthXcXY8kI=
+github.com/aws/aws-sdk-go v1.44.172/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY=
 github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 h1:I3cakv2Uy1vNmmhRQmFptYDxOvBnwCdNwyw63N0RaRU=
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"

 // SDKVersion is the version of this SDK
-const SDKVersion = "1.44.146"
+const SDKVersion = "1.44.172"
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
@ -13,10 +13,17 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
 )

+const (
+	awsQueryError = "x-amzn-query-error"
+	// A valid header example - "x-amzn-query-error": "<QueryErrorCode>;<ErrorType>"
+	awsQueryErrorPartsCount = 2
+)
+
 // UnmarshalTypedError provides unmarshaling errors API response errors
 // for both typed and untyped errors.
 type UnmarshalTypedError struct {
 	exceptions map[string]func(protocol.ResponseMetadata) error
+	queryExceptions map[string]func(protocol.ResponseMetadata, string) error
 }

 // NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the
@ -24,6 +31,21 @@ type UnmarshalTypedError struct {
 func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError {
 	return &UnmarshalTypedError{
 		exceptions: exceptions,
+		queryExceptions: map[string]func(protocol.ResponseMetadata, string) error{},
+	}
+}
+
+func NewUnmarshalTypedErrorWithOptions(exceptions map[string]func(protocol.ResponseMetadata) error, optFns ...func(*UnmarshalTypedError)) *UnmarshalTypedError {
+	unmarshaledError := NewUnmarshalTypedError(exceptions)
+	for _, fn := range optFns {
+		fn(unmarshaledError)
+	}
+	return unmarshaledError
+}
+
+func WithQueryCompatibility(queryExceptions map[string]func(protocol.ResponseMetadata, string) error) func(*UnmarshalTypedError) {
+	return func(typedError *UnmarshalTypedError) {
+		typedError.queryExceptions = queryExceptions
 	}
 }

@ -50,18 +72,32 @@ func (u *UnmarshalTypedError) UnmarshalError(
 	code := codeParts[len(codeParts)-1]
 	msg := jsonErr.Message

+	queryCodeParts := queryCodeParts(resp, u)
+
 	if fn, ok := u.exceptions[code]; ok {
-		// If exception code is know, use associated constructor to get a value
+		// If query-compatible exceptions are found and query-error-header is found,
+		// then use associated constructor to get exception with query error code.
+		//
+		// If exception code is known, use associated constructor to get a value
 		// for the exception that the JSON body can be unmarshaled into.
-		v := fn(respMeta)
+		var v error
+		queryErrFn, queryExceptionsFound := u.queryExceptions[code]
+		if len(queryCodeParts) == awsQueryErrorPartsCount && queryExceptionsFound {
+			v = queryErrFn(respMeta, queryCodeParts[0])
+		} else {
+			v = fn(respMeta)
+		}
 		err := jsonutil.UnmarshalJSONCaseInsensitive(v, body)
 		if err != nil {
 			return nil, err
 		}
-
 		return v, nil
 	}

+	if len(queryCodeParts) == awsQueryErrorPartsCount && len(u.queryExceptions) > 0 {
+		code = queryCodeParts[0]
+	}
+
 	// fallback to unmodeled generic exceptions
 	return awserr.NewRequestFailure(
 		awserr.New(code, msg, nil),
@ -70,6 +106,16 @@ func (u *UnmarshalTypedError) UnmarshalError(
 	), nil
 }

+// A valid header example - "x-amzn-query-error": "<QueryErrorCode>;<ErrorType>"
+func queryCodeParts(resp *http.Response, u *UnmarshalTypedError) []string {
+	queryCodeHeader := resp.Header.Get(awsQueryError)
+	var queryCodeParts []string
+	if queryCodeHeader != "" && len(u.queryExceptions) > 0 {
+		queryCodeParts = strings.Split(queryCodeHeader, ";")
+	}
+	return queryCodeParts
+}
+
 // UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc
 // protocol request errors
 var UnmarshalErrorHandler = request.NamedHandler{
--- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
--- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go
--- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go
@ -8,7 +8,7 @@
 // For general information about KMS, see the Key Management Service Developer
 // Guide (https://docs.aws.amazon.com/kms/latest/developerguide/).
 //
-// KMS is replacing the term customer master key (CMK) with KMS key and KMS
+// KMS has replaced the term customer master key (CMK) with KMS key and KMS
 // key. The concept has not changed. To prevent breaking changes, KMS is keeping
 // some variations of this term.
 //
@ -40,7 +40,7 @@
 //
 // Requests must be signed by using an access key ID and a secret access key.
 // We strongly recommend that you do not use your Amazon Web Services account
-// (root) access key ID and secret key for everyday work with KMS. Instead,
+// (root) access key ID and secret access key for everyday work with KMS. Instead,
 // use the access key ID and secret access key for an IAM user. You can also
 // use the Amazon Web Services Security Token Service to generate temporary
 // security credentials that you can use to sign requests.
--- a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go
@ -19,12 +19,13 @@ const (
 	// "CloudHsmClusterInUseException".
 	//
 	// The request was rejected because the specified CloudHSM cluster is already
-	// associated with a custom key store or it shares a backup history with a cluster
-	// that is associated with a custom key store. Each custom key store must be
-	// associated with a different CloudHSM cluster.
+	// associated with an CloudHSM key store in the account, or it shares a backup
+	// history with an CloudHSM key store in the account. Each CloudHSM key store
+	// in the account must be associated with a different CloudHSM cluster.
 	//
-	// Clusters that share a backup history have the same cluster certificate. To
-	// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+	// CloudHSM clusters that share a backup history have the same cluster certificate.
+	// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters
+	// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
 	// operation.
 	ErrCodeCloudHsmClusterInUseException = "CloudHsmClusterInUseException"

@ -32,29 +33,29 @@ const (
 	// "CloudHsmClusterInvalidConfigurationException".
 	//
 	// The request was rejected because the associated CloudHSM cluster did not
-	// meet the configuration requirements for a custom key store.
+	// meet the configuration requirements for an CloudHSM key store.
 	//
-	//    * The cluster must be configured with private subnets in at least two
-	//    different Availability Zones in the Region.
+	//    * The CloudHSM cluster must be configured with private subnets in at least
+	//    two different Availability Zones in the Region.
 	//
 	//    * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
 	//    (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound
 	//    rules that allow TCP traffic on ports 2223-2225. The Source in the inbound
 	//    rules and the Destination in the outbound rules must match the security
-	//    group ID. These rules are set by default when you create the cluster.
-	//    Do not delete or change them. To get information about a particular security
-	//    group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
+	//    group ID. These rules are set by default when you create the CloudHSM
+	//    cluster. Do not delete or change them. To get information about a particular
+	//    security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
 	//    operation.
 	//
-	//    * The cluster must contain at least as many HSMs as the operation requires.
-	//    To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+	//    * The CloudHSM cluster must contain at least as many HSMs as the operation
+	//    requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
 	//    operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
 	//    operations, the CloudHSM cluster must have at least two active HSMs, each
 	//    in a different Availability Zone. For the ConnectCustomKeyStore operation,
 	//    the CloudHSM must contain at least one active HSM.
 	//
 	// For information about the requirements for an CloudHSM cluster that is associated
-	// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+	// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
 	// in the Key Management Service Developer Guide. For information about creating
 	// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
 	// in the CloudHSM User Guide. For information about cluster security groups,
@ -65,10 +66,9 @@ const (
 	// ErrCodeCloudHsmClusterNotActiveException for service response error code
 	// "CloudHsmClusterNotActiveException".
 	//
-	// The request was rejected because the CloudHSM cluster that is associated
-	// with the custom key store is not active. Initialize and activate the cluster
-	// and try the command again. For detailed instructions, see Getting Started
-	// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
+	// The request was rejected because the CloudHSM cluster associated with the
+	// CloudHSM key store is not active. Initialize and activate the cluster and
+	// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
 	// in the CloudHSM User Guide.
 	ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException"

@ -84,15 +84,16 @@ const (
 	//
 	// The request was rejected because the specified CloudHSM cluster has a different
 	// cluster certificate than the original cluster. You cannot use the operation
-	// to specify an unrelated cluster.
+	// to specify an unrelated cluster for an CloudHSM key store.
 	//
-	// Specify a cluster that shares a backup history with the original cluster.
-	// This includes clusters that were created from a backup of the current cluster,
-	// and clusters that were created from the same backup that produced the current
-	// cluster.
+	// Specify an CloudHSM cluster that shares a backup history with the original
+	// cluster. This includes clusters that were created from a backup of the current
+	// cluster, and clusters that were created from the same backup that produced
+	// the current cluster.
 	//
-	// Clusters that share a backup history have the same cluster certificate. To
-	// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+	// CloudHSM clusters that share a backup history have the same cluster certificate.
+	// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters
+	// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
 	// operation.
 	ErrCodeCloudHsmClusterNotRelatedException = "CloudHsmClusterNotRelatedException"

@ -114,17 +115,27 @@ const (
 	//
 	// This exception is thrown under the following conditions:
 	//
-	//    * You requested the CreateKey or GenerateRandom operation in a custom
-	//    key store that is not connected. These operations are valid only when
-	//    the custom key store ConnectionState is CONNECTED.
+	//    * You requested the ConnectCustomKeyStore operation on a custom key store
+	//    with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
+	//    for all other ConnectionState values. To reconnect a custom key store
+	//    in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect
+	//    it (ConnectCustomKeyStore).
+	//
+	//    * You requested the CreateKey operation in a custom key store that is
+	//    not connected. This operations is valid only when the custom key store
+	//    ConnectionState is CONNECTED.
+	//
+	//    * You requested the DisconnectCustomKeyStore operation on a custom key
+	//    store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation
+	//    is valid for all other ConnectionState values.
 	//
 	//    * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
 	//    on a custom key store that is not disconnected. This operation is valid
 	//    only when the custom key store ConnectionState is DISCONNECTED.
 	//
-	//    * You requested the ConnectCustomKeyStore operation on a custom key store
-	//    with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
-	//    for all other ConnectionState values.
+	//    * You requested the GenerateRandom operation in an CloudHSM key store
+	//    that is not connected. This operation is valid only when the CloudHSM
+	//    key store ConnectionState is CONNECTED.
 	ErrCodeCustomKeyStoreInvalidStateException = "CustomKeyStoreInvalidStateException"

 	// ErrCodeCustomKeyStoreNameInUseException for service response error code
@ -145,8 +156,8 @@ const (
 	// ErrCodeDependencyTimeoutException for service response error code
 	// "DependencyTimeoutException".
 	//
-	// The system timed out while trying to fulfill the request. The request can
-	// be retried.
+	// The system timed out while trying to fulfill the request. You can retry the
+	// request.
 	ErrCodeDependencyTimeoutException = "DependencyTimeoutException"

 	// ErrCodeDisabledException for service response error code
@ -183,9 +194,10 @@ const (
 	// "IncorrectTrustAnchorException".
 	//
 	// The request was rejected because the trust anchor certificate in the request
-	// is not the trust anchor certificate for the specified CloudHSM cluster.
+	// to create an CloudHSM key store is not the trust anchor certificate for the
+	// specified CloudHSM cluster.
 	//
-	// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
+	// When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
 	// you create the trust anchor certificate and save it in the customerCA.crt
 	// file.
 	ErrCodeIncorrectTrustAnchorException = "IncorrectTrustAnchorException"
@ -274,9 +286,17 @@ const (
 	// The request was rejected because the state of the specified resource is not
 	// valid for this request.
 	//
-	// For more information about how key state affects the use of a KMS key, see
-	// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
-	// in the Key Management Service Developer Guide .
+	// This exceptions means one of the following:
+	//
+	//    * The key state of the KMS key is not compatible with the operation. To
+	//    find the key state, use the DescribeKey operation. For more information
+	//    about which key states are compatible with each KMS operation, see Key
+	//    states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+	//    in the Key Management Service Developer Guide .
+	//
+	//    * For cryptographic operations on KMS keys in custom key stores, this
+	//    exception represents a general failure with many possible causes. To identify
+	//    the cause, see the error message that accompanies the exception.
 	ErrCodeInvalidStateException = "KMSInvalidStateException"

 	// ErrCodeKMSInvalidMacException for service response error code
@ -336,41 +356,170 @@ const (
 	// The request was rejected because a specified parameter is not supported or
 	// a specified resource is not valid for this operation.
 	ErrCodeUnsupportedOperationException = "UnsupportedOperationException"
+
+	// ErrCodeXksKeyAlreadyInUseException for service response error code
+	// "XksKeyAlreadyInUseException".
+	//
+	// The request was rejected because the (XksKeyId) is already associated with
+	// a KMS key in this external key store. Each KMS key in an external key store
+	// must be associated with a different external key.
+	ErrCodeXksKeyAlreadyInUseException = "XksKeyAlreadyInUseException"
+
+	// ErrCodeXksKeyInvalidConfigurationException for service response error code
+	// "XksKeyInvalidConfigurationException".
+	//
+	// The request was rejected because the external key specified by the XksKeyId
+	// parameter did not meet the configuration requirements for an external key
+	// store.
+	//
+	// The external key must be an AES-256 symmetric key that is enabled and performs
+	// encryption and decryption.
+	ErrCodeXksKeyInvalidConfigurationException = "XksKeyInvalidConfigurationException"
+
+	// ErrCodeXksKeyNotFoundException for service response error code
+	// "XksKeyNotFoundException".
+	//
+	// The request was rejected because the external key store proxy could not find
+	// the external key. This exception is thrown when the value of the XksKeyId
+	// parameter doesn't identify a key in the external key manager associated with
+	// the external key proxy.
+	//
+	// Verify that the XksKeyId represents an existing key in the external key manager.
+	// Use the key identifier that the external key store proxy uses to identify
+	// the key. For details, see the documentation provided with your external key
+	// store proxy or key manager.
+	ErrCodeXksKeyNotFoundException = "XksKeyNotFoundException"
+
+	// ErrCodeXksProxyIncorrectAuthenticationCredentialException for service response error code
+	// "XksProxyIncorrectAuthenticationCredentialException".
+	//
+	// The request was rejected because the proxy credentials failed to authenticate
+	// to the specified external key store proxy. The specified external key store
+	// proxy rejected a status request from KMS due to invalid credentials. This
+	// can indicate an error in the credentials or in the identification of the
+	// external key store proxy.
+	ErrCodeXksProxyIncorrectAuthenticationCredentialException = "XksProxyIncorrectAuthenticationCredentialException"
+
+	// ErrCodeXksProxyInvalidConfigurationException for service response error code
+	// "XksProxyInvalidConfigurationException".
+	//
+	// The request was rejected because the Amazon VPC endpoint service configuration
+	// does not fulfill the requirements for an external key store proxy. For details,
+	// see the exception message.
+	ErrCodeXksProxyInvalidConfigurationException = "XksProxyInvalidConfigurationException"
+
+	// ErrCodeXksProxyInvalidResponseException for service response error code
+	// "XksProxyInvalidResponseException".
+	//
+	// KMS cannot interpret the response it received from the external key store
+	// proxy. The problem might be a poorly constructed response, but it could also
+	// be a transient network issue. If you see this error repeatedly, report it
+	// to the proxy vendor.
+	ErrCodeXksProxyInvalidResponseException = "XksProxyInvalidResponseException"
+
+	// ErrCodeXksProxyUriEndpointInUseException for service response error code
+	// "XksProxyUriEndpointInUseException".
+	//
+	// The request was rejected because the concatenation of the XksProxyUriEndpoint
+	// is already associated with an external key store in the Amazon Web Services
+	// account and Region. Each external key store in an account and Region must
+	// use a unique external key store proxy address.
+	ErrCodeXksProxyUriEndpointInUseException = "XksProxyUriEndpointInUseException"
+
+	// ErrCodeXksProxyUriInUseException for service response error code
+	// "XksProxyUriInUseException".
+	//
+	// The request was rejected because the concatenation of the XksProxyUriEndpoint
+	// and XksProxyUriPath is already associated with an external key store in the
+	// Amazon Web Services account and Region. Each external key store in an account
+	// and Region must use a unique external key store proxy API address.
+	ErrCodeXksProxyUriInUseException = "XksProxyUriInUseException"
+
+	// ErrCodeXksProxyUriUnreachableException for service response error code
+	// "XksProxyUriUnreachableException".
+	//
+	// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable
+	// before you create the external key store or update its settings.
+	//
+	// This exception is also thrown when the external key store proxy response
+	// to a GetHealthStatus request indicates that all external key manager instances
+	// are unavailable.
+	ErrCodeXksProxyUriUnreachableException = "XksProxyUriUnreachableException"
+
+	// ErrCodeXksProxyVpcEndpointServiceInUseException for service response error code
+	// "XksProxyVpcEndpointServiceInUseException".
+	//
+	// The request was rejected because the specified Amazon VPC endpoint service
+	// is already associated with an external key store in the Amazon Web Services
+	// account and Region. Each external key store in an Amazon Web Services account
+	// and Region must use a different Amazon VPC endpoint service.
+	ErrCodeXksProxyVpcEndpointServiceInUseException = "XksProxyVpcEndpointServiceInUseException"
+
+	// ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException for service response error code
+	// "XksProxyVpcEndpointServiceInvalidConfigurationException".
+	//
+	// The request was rejected because the Amazon VPC endpoint service configuration
+	// does not fulfill the requirements for an external key store proxy. For details,
+	// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
+	// for Amazon VPC endpoint service connectivity for an external key store.
+	ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException = "XksProxyVpcEndpointServiceInvalidConfigurationException"
+
+	// ErrCodeXksProxyVpcEndpointServiceNotFoundException for service response error code
+	// "XksProxyVpcEndpointServiceNotFoundException".
+	//
+	// The request was rejected because KMS could not find the specified VPC endpoint
+	// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name
+	// for the external key store. Also, confirm that the Allow principals list
+	// for the VPC endpoint service includes the KMS service principal for the Region,
+	// such as cks.kms.us-east-1.amazonaws.com.
+	ErrCodeXksProxyVpcEndpointServiceNotFoundException = "XksProxyVpcEndpointServiceNotFoundException"
 )

 var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
-	"AlreadyExistsException":                       newErrorAlreadyExistsException,
-	"CloudHsmClusterInUseException":                newErrorCloudHsmClusterInUseException,
-	"CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException,
-	"CloudHsmClusterNotActiveException":            newErrorCloudHsmClusterNotActiveException,
-	"CloudHsmClusterNotFoundException":             newErrorCloudHsmClusterNotFoundException,
-	"CloudHsmClusterNotRelatedException":           newErrorCloudHsmClusterNotRelatedException,
-	"CustomKeyStoreHasCMKsException":               newErrorCustomKeyStoreHasCMKsException,
-	"CustomKeyStoreInvalidStateException":          newErrorCustomKeyStoreInvalidStateException,
-	"CustomKeyStoreNameInUseException":             newErrorCustomKeyStoreNameInUseException,
-	"CustomKeyStoreNotFoundException":              newErrorCustomKeyStoreNotFoundException,
-	"DependencyTimeoutException":                   newErrorDependencyTimeoutException,
-	"DisabledException":                            newErrorDisabledException,
-	"ExpiredImportTokenException":                  newErrorExpiredImportTokenException,
-	"IncorrectKeyException":                        newErrorIncorrectKeyException,
-	"IncorrectKeyMaterialException":                newErrorIncorrectKeyMaterialException,
-	"IncorrectTrustAnchorException":                newErrorIncorrectTrustAnchorException,
-	"KMSInternalException":                         newErrorInternalException,
-	"InvalidAliasNameException":                    newErrorInvalidAliasNameException,
-	"InvalidArnException":                          newErrorInvalidArnException,
-	"InvalidCiphertextException":                   newErrorInvalidCiphertextException,
-	"InvalidGrantIdException":                      newErrorInvalidGrantIdException,
-	"InvalidGrantTokenException":                   newErrorInvalidGrantTokenException,
-	"InvalidImportTokenException":                  newErrorInvalidImportTokenException,
-	"InvalidKeyUsageException":                     newErrorInvalidKeyUsageException,
-	"InvalidMarkerException":                       newErrorInvalidMarkerException,
-	"KMSInvalidStateException":                     newErrorInvalidStateException,
-	"KMSInvalidMacException":                       newErrorKMSInvalidMacException,
-	"KMSInvalidSignatureException":                 newErrorKMSInvalidSignatureException,
-	"KeyUnavailableException":                      newErrorKeyUnavailableException,
-	"LimitExceededException":                       newErrorLimitExceededException,
-	"MalformedPolicyDocumentException":             newErrorMalformedPolicyDocumentException,
-	"NotFoundException":                            newErrorNotFoundException,
-	"TagException":                                 newErrorTagException,
-	"UnsupportedOperationException":                newErrorUnsupportedOperationException,
+	"AlreadyExistsException":                                  newErrorAlreadyExistsException,
+	"CloudHsmClusterInUseException":                           newErrorCloudHsmClusterInUseException,
+	"CloudHsmClusterInvalidConfigurationException":            newErrorCloudHsmClusterInvalidConfigurationException,
+	"CloudHsmClusterNotActiveException":                       newErrorCloudHsmClusterNotActiveException,
+	"CloudHsmClusterNotFoundException":                        newErrorCloudHsmClusterNotFoundException,
+	"CloudHsmClusterNotRelatedException":                      newErrorCloudHsmClusterNotRelatedException,
+	"CustomKeyStoreHasCMKsException":                          newErrorCustomKeyStoreHasCMKsException,
+	"CustomKeyStoreInvalidStateException":                     newErrorCustomKeyStoreInvalidStateException,
+	"CustomKeyStoreNameInUseException":                        newErrorCustomKeyStoreNameInUseException,
+	"CustomKeyStoreNotFoundException":                         newErrorCustomKeyStoreNotFoundException,
+	"DependencyTimeoutException":                              newErrorDependencyTimeoutException,
+	"DisabledException":                                       newErrorDisabledException,
+	"ExpiredImportTokenException":                             newErrorExpiredImportTokenException,
+	"IncorrectKeyException":                                   newErrorIncorrectKeyException,
+	"IncorrectKeyMaterialException":                           newErrorIncorrectKeyMaterialException,
+	"IncorrectTrustAnchorException":                           newErrorIncorrectTrustAnchorException,
+	"KMSInternalException":                                    newErrorInternalException,
+	"InvalidAliasNameException":                               newErrorInvalidAliasNameException,
+	"InvalidArnException":                                     newErrorInvalidArnException,
+	"InvalidCiphertextException":                              newErrorInvalidCiphertextException,
+	"InvalidGrantIdException":                                 newErrorInvalidGrantIdException,
+	"InvalidGrantTokenException":                              newErrorInvalidGrantTokenException,
+	"InvalidImportTokenException":                             newErrorInvalidImportTokenException,
+	"InvalidKeyUsageException":                                newErrorInvalidKeyUsageException,
+	"InvalidMarkerException":                                  newErrorInvalidMarkerException,
+	"KMSInvalidStateException":                                newErrorInvalidStateException,
+	"KMSInvalidMacException":                                  newErrorKMSInvalidMacException,
+	"KMSInvalidSignatureException":                            newErrorKMSInvalidSignatureException,
+	"KeyUnavailableException":                                 newErrorKeyUnavailableException,
+	"LimitExceededException":                                  newErrorLimitExceededException,
+	"MalformedPolicyDocumentException":                        newErrorMalformedPolicyDocumentException,
+	"NotFoundException":                                       newErrorNotFoundException,
+	"TagException":                                            newErrorTagException,
+	"UnsupportedOperationException":                           newErrorUnsupportedOperationException,
+	"XksKeyAlreadyInUseException":                             newErrorXksKeyAlreadyInUseException,
+	"XksKeyInvalidConfigurationException":                     newErrorXksKeyInvalidConfigurationException,
+	"XksKeyNotFoundException":                                 newErrorXksKeyNotFoundException,
+	"XksProxyIncorrectAuthenticationCredentialException":      newErrorXksProxyIncorrectAuthenticationCredentialException,
+	"XksProxyInvalidConfigurationException":                   newErrorXksProxyInvalidConfigurationException,
+	"XksProxyInvalidResponseException":                        newErrorXksProxyInvalidResponseException,
+	"XksProxyUriEndpointInUseException":                       newErrorXksProxyUriEndpointInUseException,
+	"XksProxyUriInUseException":                               newErrorXksProxyUriInUseException,
+	"XksProxyUriUnreachableException":                         newErrorXksProxyUriUnreachableException,
+	"XksProxyVpcEndpointServiceInUseException":                newErrorXksProxyVpcEndpointServiceInUseException,
+	"XksProxyVpcEndpointServiceInvalidConfigurationException": newErrorXksProxyVpcEndpointServiceInvalidConfigurationException,
+	"XksProxyVpcEndpointServiceNotFoundException":             newErrorXksProxyVpcEndpointServiceNotFoundException,
 }
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -14,7 +14,7 @@ github.com/armon/go-metrics
 # github.com/armon/go-radix v1.0.0
 ## explicit
 github.com/armon/go-radix
-# github.com/aws/aws-sdk-go v1.44.146
+# github.com/aws/aws-sdk-go v1.44.172
 ## explicit; go 1.11
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/awserr