diff --git a/README.md b/README.md
index bd9d09919..1f00e43e8 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,8 @@ To install the DNS controller manager in your Kubernetes cluster, follow
# see https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html
AWS_ACCESS_KEY_ID: ...
AWS_SECRET_ACCESS_KEY: ...
+ # or if the chain of credential providers should be used:
+ #AWS_USE_CREDENTIALS_CHAIN: dHJ1ZQ==
EOF
```
diff --git a/charts/external-dns-management/templates/serviceaccount.yaml b/charts/external-dns-management/templates/serviceaccount.yaml
index 31c227ae8..4d6dbc443 100644
--- a/charts/external-dns-management/templates/serviceaccount.yaml
+++ b/charts/external-dns-management/templates/serviceaccount.yaml
@@ -9,3 +9,7 @@ metadata:
app.kubernetes.io/name: {{ include "external-dns-management.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.serviceAccountAnnotations }}
+ annotations:
+{{ toYaml .Values.serviceAccountAnnotations | indent 4 }}
+{{- end }}
diff --git a/charts/external-dns-management/values.yaml b/charts/external-dns-management/values.yaml
index 8a032f547..71b383a65 100644
--- a/charts/external-dns-management/values.yaml
+++ b/charts/external-dns-management/values.yaml
@@ -33,6 +33,10 @@ affinity: {}
createCRDs: true
+#serviceAccountAnnotations:
+# annotkey1: annotvalue1
+# annotkey2: annotvalue2
+
configuration:
# acceptedMaintainers: UNMANAGED
# alicloudDNSCacheTtl: 120
diff --git a/docs/aws-route53/README.md b/docs/aws-route53/README.md
index f034668bc..516b34c33 100644
--- a/docs/aws-route53/README.md
+++ b/docs/aws-route53/README.md
@@ -64,7 +64,35 @@ data:
# see https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html
AWS_ACCESS_KEY_ID: ...
AWS_SECRET_ACCESS_KEY: ...
+ # optionally specify the region
+ #AWS_REGION: ...
+ # optionally specify the token
+ #AWS_SESSION_TOKEN: ...
+
# Alternatively use Gardener cloud provider credentials convention
#accessKeyID: ...
#secretAccessKey: ...
-```
\ No newline at end of file
+```
+
+## Using the chain of credential providers
+
+Alternatively the credentials can be provided externally, i.e. by using the
+chain of credential providers to search for credentials in environment
+variables, shared credential file, and EC2 Instance Roles.
+
+In this case create a `Secret` with the data field `AWS_USE_CREDENTIALS_CHAIN` and set the value to
+`true` (encoded as base64). Typical examples are usage of an AWS Web Identity provider or
+[IAM role assigned to the service account](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aws-credentials
+ namespace: default
+type: Opaque
+data:
+ AWS_USE_CREDENTIALS_CHAIN: dHJ1ZQ==
+ # optionally specify the region
+ #AWS_REGION: ...
+```
diff --git a/examples/20-secret-aws-credentials.yaml b/examples/20-secret-aws-credentials.yaml
index 0ba8f2508..67e81d3d1 100644
--- a/examples/20-secret-aws-credentials.yaml
+++ b/examples/20-secret-aws-credentials.yaml
@@ -9,6 +9,15 @@ data:
# see https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html
AWS_ACCESS_KEY_ID: ...
AWS_SECRET_ACCESS_KEY: ...
+ # optionally specify the region
+ #AWS_REGION: ...
+ # optionally specify the token
+ #AWS_SESSION_TOKEN: ...
+
# Alternatively use Gardener cloud provider credentials convention
#accessKeyID: ...
#secretAccessKey: ...
+
+ # Alternatively an external credential provider can be used. In this case
+ # just set this value:
+ #AWS_USE_CREDENTIALS_CHAIN: dHJ1ZQ==
diff --git a/go.mod b/go.mod
index 7fb6f2998..d8a4f23bb 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
github.com/ahmetb/gen-crd-api-reference-docs v0.2.0
github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190603021944-12ad9f921c0b
- github.com/aws/aws-sdk-go v1.19.41
+ github.com/aws/aws-sdk-go v1.36.20
github.com/cloudflare/cloudflare-go v0.11.4
github.com/emicklei/go-restful v2.9.6+incompatible // indirect
github.com/gardener/controller-manager-library v0.2.1-0.20201009144316-bfa57b871e60
diff --git a/go.sum b/go.sum
index 457ac41ed..183507be9 100644
--- a/go.sum
+++ b/go.sum
@@ -62,8 +62,8 @@ github.com/appscode/jsonpatch v1.0.1/go.mod h1:4AJxUpXUhv4N+ziTvIcWWXgeorXpxPZOf
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-sdk-go v1.19.41 h1:veutzvQP/lOmYmtX26S9mTFJLO6sp7/UsxFcCjglu4A=
-github.com/aws/aws-sdk-go v1.19.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.36.20 h1:IQr81xegCd40Xq21ZjFToKw9llaCzO1LRE75CgnvJ1Q=
+github.com/aws/aws-sdk-go v1.36.20/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0=
@@ -264,6 +264,10 @@ github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NH
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@@ -455,6 +459,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495 h1:I6A9Ag9FpEKOjcKrRNjQkPHawoXIhKyTGfvvjFAiiAk=
@@ -489,6 +495,8 @@ golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dDLfdtbT/IVn4keq83P0=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
@@ -527,6 +535,8 @@ golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4=
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/pkg/controller/provider/aws/handler.go b/pkg/controller/provider/aws/handler.go
index 01781d337..eb25e41f7 100644
--- a/pkg/controller/provider/aws/handler.go
+++ b/pkg/controller/provider/aws/handler.go
@@ -63,17 +63,30 @@ func NewHandler(c *provider.DNSHandlerConfig) (provider.DNSHandler, error) {
config: *c,
awsConfig: awsConfig,
}
- accessKeyID, err := c.GetRequiredProperty("AWS_ACCESS_KEY_ID", "accessKeyID")
+
+ var creds *credentials.Credentials
+ useCredentialsChain, err := c.GetDefaultedBoolProperty("AWS_USE_CREDENTIALS_CHAIN", false)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("invalid value for AWS_USE_CREDENTIALS_CHAIN: %s", err)
}
- c.Logger.Infof("creating aws-route53 handler for %s", accessKeyID)
- secretAccessKey, err := c.GetRequiredProperty("AWS_SECRET_ACCESS_KEY", "secretAccessKey")
- if err != nil {
- return nil, err
+ if !useCredentialsChain {
+ accessKeyID, err := c.GetRequiredProperty("AWS_ACCESS_KEY_ID", "accessKeyID")
+ if err != nil {
+ return nil, err
+ }
+ c.Logger.Infof("creating aws-route53 handler for %s", accessKeyID)
+ secretAccessKey, err := c.GetRequiredProperty("AWS_SECRET_ACCESS_KEY", "secretAccessKey")
+ if err != nil {
+ return nil, err
+ }
+ token := c.GetProperty("AWS_SESSION_TOKEN")
+ creds = credentials.NewStaticCredentials(accessKeyID, secretAccessKey, token)
+ } else {
+ if c.GetProperty("AWS_ACCESS_KEY_ID", "accessKeyID") != "" {
+ return nil, fmt.Errorf("explicit credentials (AWS_ACCESS_KEY_ID or accessKeyID) cannot be used together with AWS_USE_CREDENTIALS_CHAIN=true")
+ }
+ c.Logger.Infof("creating aws-route53 handler using the chain of credential providers")
}
- token := c.GetProperty("AWS_SESSION_TOKEN")
- creds := credentials.NewStaticCredentials(accessKeyID, secretAccessKey, token)
region := c.GetProperty("AWS_REGION", "region")
var endpoint *string
@@ -87,7 +100,7 @@ func NewHandler(c *provider.DNSHandlerConfig) (provider.DNSHandler, error) {
sess, err := session.NewSession(&aws.Config{
Region: aws.String(region),
Credentials: creds,
- Endpoint: endpoint, // temporary workarround for AWS problem
+ Endpoint: endpoint, // temporary workaround for AWS problem
})
if err != nil {
return nil, err
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
index a2c5817c4..9cf7eaf40 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
@@ -208,7 +208,7 @@ func (e errorList) Error() string {
// How do we want to handle the array size being zero
if size := len(e); size > 0 {
for i := 0; i < size; i++ {
- msg += fmt.Sprintf("%s", e[i].Error())
+ msg += e[i].Error()
// We check the next index to see if it is within the slice.
// If it is, then we append a newline. We do this, because unit tests
// could be broken with the additional '\n'
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
index 11c52c389..a4eb6a7f4 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
@@ -70,7 +70,7 @@ func rValuesAtPath(v interface{}, path string, createPath, caseSensitive, nilTer
value = value.FieldByNameFunc(func(name string) bool {
if c == name {
return true
- } else if !caseSensitive && strings.ToLower(name) == strings.ToLower(c) {
+ } else if !caseSensitive && strings.EqualFold(name, c) {
return true
}
return false
@@ -185,13 +185,12 @@ func ValuesAtPath(i interface{}, path string) ([]interface{}, error) {
// SetValueAtPath sets a value at the case insensitive lexical path inside
// of a structure.
func SetValueAtPath(i interface{}, path string, v interface{}) {
- if rvals := rValuesAtPath(i, path, true, false, v == nil); rvals != nil {
- for _, rval := range rvals {
- if rval.Kind() == reflect.Ptr && rval.IsNil() {
- continue
- }
- setValue(rval, v)
+ rvals := rValuesAtPath(i, path, true, false, v == nil)
+ for _, rval := range rvals {
+ if rval.Kind() == reflect.Ptr && rval.IsNil() {
+ continue
}
+ setValue(rval, v)
}
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
index 709605384..03334d692 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
@@ -12,6 +12,7 @@ import (
type Config struct {
Config *aws.Config
Handlers request.Handlers
+ PartitionID string
Endpoint string
SigningRegion string
SigningName string
@@ -64,7 +65,7 @@ func New(cfg aws.Config, info metadata.ClientInfo, handlers request.Handlers, op
default:
maxRetries := aws.IntValue(cfg.MaxRetries)
if cfg.MaxRetries == nil || maxRetries == aws.UseServiceDefaultRetries {
- maxRetries = 3
+ maxRetries = DefaultRetryerMaxNumRetries
}
svc.Retryer = DefaultRetryer{NumMaxRetries: maxRetries}
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
index a397b0d04..9f6af19dd 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
@@ -1,6 +1,7 @@
package client
import (
+ "math"
"strconv"
"time"
@@ -9,82 +10,142 @@ import (
)
// DefaultRetryer implements basic retry logic using exponential backoff for
-// most services. If you want to implement custom retry logic, implement the
-// request.Retryer interface or create a structure type that composes this
-// struct and override the specific methods. For example, to override only
-// the MaxRetries method:
+// most services. If you want to implement custom retry logic, you can implement the
+// request.Retryer interface.
//
-// type retryer struct {
-// client.DefaultRetryer
-// }
-//
-// // This implementation always has 100 max retries
-// func (d retryer) MaxRetries() int { return 100 }
type DefaultRetryer struct {
+ // Num max Retries is the number of max retries that will be performed.
+ // By default, this is zero.
NumMaxRetries int
+
+ // MinRetryDelay is the minimum retry delay after which retry will be performed.
+ // If not set, the value is 0ns.
+ MinRetryDelay time.Duration
+
+ // MinThrottleRetryDelay is the minimum retry delay when throttled.
+ // If not set, the value is 0ns.
+ MinThrottleDelay time.Duration
+
+ // MaxRetryDelay is the maximum retry delay before which retry must be performed.
+ // If not set, the value is 0ns.
+ MaxRetryDelay time.Duration
+
+ // MaxThrottleDelay is the maximum retry delay when throttled.
+ // If not set, the value is 0ns.
+ MaxThrottleDelay time.Duration
}
+const (
+ // DefaultRetryerMaxNumRetries sets maximum number of retries
+ DefaultRetryerMaxNumRetries = 3
+
+ // DefaultRetryerMinRetryDelay sets minimum retry delay
+ DefaultRetryerMinRetryDelay = 30 * time.Millisecond
+
+ // DefaultRetryerMinThrottleDelay sets minimum delay when throttled
+ DefaultRetryerMinThrottleDelay = 500 * time.Millisecond
+
+ // DefaultRetryerMaxRetryDelay sets maximum retry delay
+ DefaultRetryerMaxRetryDelay = 300 * time.Second
+
+ // DefaultRetryerMaxThrottleDelay sets maximum delay when throttled
+ DefaultRetryerMaxThrottleDelay = 300 * time.Second
+)
+
// MaxRetries returns the number of maximum returns the service will use to make
// an individual API request.
func (d DefaultRetryer) MaxRetries() int {
return d.NumMaxRetries
}
+// setRetryerDefaults sets the default values of the retryer if not set
+func (d *DefaultRetryer) setRetryerDefaults() {
+ if d.MinRetryDelay == 0 {
+ d.MinRetryDelay = DefaultRetryerMinRetryDelay
+ }
+ if d.MaxRetryDelay == 0 {
+ d.MaxRetryDelay = DefaultRetryerMaxRetryDelay
+ }
+ if d.MinThrottleDelay == 0 {
+ d.MinThrottleDelay = DefaultRetryerMinThrottleDelay
+ }
+ if d.MaxThrottleDelay == 0 {
+ d.MaxThrottleDelay = DefaultRetryerMaxThrottleDelay
+ }
+}
+
// RetryRules returns the delay duration before retrying this request again
func (d DefaultRetryer) RetryRules(r *request.Request) time.Duration {
- // Set the upper limit of delay in retrying at ~five minutes
- minTime := 30
- throttle := d.shouldThrottle(r)
- if throttle {
- if delay, ok := getRetryDelay(r); ok {
- return delay
- }
- minTime = 500
+ // if number of max retries is zero, no retries will be performed.
+ if d.NumMaxRetries == 0 {
+ return 0
+ }
+
+ // Sets default value for retryer members
+ d.setRetryerDefaults()
+
+ // minDelay is the minimum retryer delay
+ minDelay := d.MinRetryDelay
+
+ var initialDelay time.Duration
+
+ isThrottle := r.IsErrorThrottle()
+ if isThrottle {
+ if delay, ok := getRetryAfterDelay(r); ok {
+ initialDelay = delay
+ }
+ minDelay = d.MinThrottleDelay
}
retryCount := r.RetryCount
- if throttle && retryCount > 8 {
- retryCount = 8
- } else if retryCount > 13 {
- retryCount = 13
+
+ // maxDelay the maximum retryer delay
+ maxDelay := d.MaxRetryDelay
+
+ if isThrottle {
+ maxDelay = d.MaxThrottleDelay
+ }
+
+ var delay time.Duration
+
+ // Logic to cap the retry count based on the minDelay provided
+ actualRetryCount := int(math.Log2(float64(minDelay))) + 1
+ if actualRetryCount < 63-retryCount {
+ delay = time.Duration(1< maxDelay {
+ delay = getJitterDelay(maxDelay / 2)
+ }
+ } else {
+ delay = getJitterDelay(maxDelay / 2)
}
+ return delay + initialDelay
+}
- delay := (1 << uint(retryCount)) * (sdkrand.SeededRand.Intn(minTime) + minTime)
- return time.Duration(delay) * time.Millisecond
+// getJitterDelay returns a jittered delay for retry
+func getJitterDelay(duration time.Duration) time.Duration {
+ return time.Duration(sdkrand.SeededRand.Int63n(int64(duration)) + int64(duration))
}
// ShouldRetry returns true if the request should be retried.
func (d DefaultRetryer) ShouldRetry(r *request.Request) bool {
+
+ // ShouldRetry returns false if number of max retries is 0.
+ if d.NumMaxRetries == 0 {
+ return false
+ }
+
// If one of the other handlers already set the retry state
// we don't want to override it based on the service's state
if r.Retryable != nil {
return *r.Retryable
}
-
- if r.HTTPResponse.StatusCode >= 500 && r.HTTPResponse.StatusCode != 501 {
- return true
- }
- return r.IsErrorRetryable() || d.shouldThrottle(r)
-}
-
-// ShouldThrottle returns true if the request should be throttled.
-func (d DefaultRetryer) shouldThrottle(r *request.Request) bool {
- switch r.HTTPResponse.StatusCode {
- case 429:
- case 502:
- case 503:
- case 504:
- default:
- return r.IsErrorThrottle()
- }
-
- return true
+ return r.IsErrorRetryable() || r.IsErrorThrottle()
}
// This will look in the Retry-After header, RFC 7231, for how long
// it will wait before attempting another request
-func getRetryDelay(r *request.Request) (time.Duration, bool) {
+func getRetryAfterDelay(r *request.Request) (time.Duration, bool) {
if !canUseRetryAfterHeader(r) {
return 0, false
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
index 7b5e1276a..8958c32d4 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
@@ -67,10 +67,14 @@ func logRequest(r *request.Request) {
if !bodySeekable {
r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body))
}
- // Reset the request body because dumpRequest will re-wrap the r.HTTPRequest's
- // Body as a NoOpCloser and will not be reset after read by the HTTP
- // client reader.
- r.ResetBody()
+ // Reset the request body because dumpRequest will re-wrap the
+ // r.HTTPRequest's Body as a NoOpCloser and will not be reset after
+ // read by the HTTP client reader.
+ if err := r.Error; err != nil {
+ r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
+ r.ClientInfo.ServiceName, r.Operation.Name, err))
+ return
+ }
}
r.Config.Logger.Log(fmt.Sprintf(logReqMsg,
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
index 920e9fddf..0c48f72e0 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
@@ -5,6 +5,7 @@ type ClientInfo struct {
ServiceName string
ServiceID string
APIVersion string
+ PartitionID string
Endpoint string
SigningName string
SigningRegion string
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
new file mode 100644
index 000000000..881d575f0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
@@ -0,0 +1,28 @@
+package client
+
+import (
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// NoOpRetryer provides a retryer that performs no retries.
+// It should be used when we do not want retries to be performed.
+type NoOpRetryer struct{}
+
+// MaxRetries returns the number of maximum returns the service will use to make
+// an individual API; For NoOpRetryer the MaxRetries will always be zero.
+func (d NoOpRetryer) MaxRetries() int {
+ return 0
+}
+
+// ShouldRetry will always return false for NoOpRetryer, as it should never retry.
+func (d NoOpRetryer) ShouldRetry(_ *request.Request) bool {
+ return false
+}
+
+// RetryRules returns the delay duration before retrying this request again;
+// since NoOpRetryer does not retry, RetryRules always returns 0.
+func (d NoOpRetryer) RetryRules(_ *request.Request) time.Duration {
+ return 0
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go
index 10634d173..3b809e847 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go
@@ -20,7 +20,7 @@ type RequestRetryer interface{}
// A Config provides service configuration for service clients. By default,
// all clients will use the defaults.DefaultConfig structure.
//
-// // Create Session with MaxRetry configuration to be shared by multiple
+// // Create Session with MaxRetries configuration to be shared by multiple
// // service clients.
// sess := session.Must(session.NewSession(&aws.Config{
// MaxRetries: aws.Int(3),
@@ -43,7 +43,7 @@ type Config struct {
// An optional endpoint URL (hostname only or fully qualified URI)
// that overrides the default generated endpoint for a client. Set this
- // to `""` to use the default generated endpoint.
+ // to `nil` or the value to `""` to use the default generated endpoint.
//
// Note: You must still provide a `Region` value when specifying an
// endpoint for a client.
@@ -138,7 +138,7 @@ type Config struct {
// `ExpectContinueTimeout` for information on adjusting the continue wait
// timeout. https://golang.org/pkg/net/http/#Transport
//
- // You should use this flag to disble 100-Continue if you experience issues
+ // You should use this flag to disable 100-Continue if you experience issues
// with proxies or third party S3 compatible services.
S3Disable100Continue *bool
@@ -161,6 +161,17 @@ type Config struct {
// on GetObject API calls.
S3DisableContentMD5Validation *bool
+ // Set this to `true` to have the S3 service client to use the region specified
+ // in the ARN, when an ARN is provided as an argument to a bucket parameter.
+ S3UseARNRegion *bool
+
+ // Set this to `true` to enable the SDK to unmarshal API response header maps to
+ // normalized lower case map keys.
+ //
+ // For example S3's X-Amz-Meta prefixed header will be unmarshaled to lower case
+ // Metadata member's map keys. The value of the header in the map is unaffected.
+ LowerCaseHeaderMaps *bool
+
// Set this to `true` to disable the EC2Metadata client from overriding the
// default http.Client's Timeout. This is helpful if you do not want the
// EC2Metadata client to create a new http.Client. This options is only
@@ -172,7 +183,7 @@ type Config struct {
//
// Example:
// sess := session.Must(session.NewSession(aws.NewConfig()
- // .WithEC2MetadataDiableTimeoutOverride(true)))
+ // .WithEC2MetadataDisableTimeoutOverride(true)))
//
// svc := s3.New(sess)
//
@@ -183,7 +194,7 @@ type Config struct {
// both IPv4 and IPv6 addressing.
//
// Setting this for a service which does not support dual stack will fail
- // to make requets. It is not recommended to set this value on the session
+ // to make requests. It is not recommended to set this value on the session
// as it will apply to all service clients created with the session. Even
// services which don't support dual stack endpoints.
//
@@ -227,6 +238,7 @@ type Config struct {
// EnableEndpointDiscovery will allow for endpoint discovery on operations that
// have the definition in its model. By default, endpoint discovery is off.
+ // To use EndpointDiscovery, Endpoint should be unset or set to an empty string.
//
// Example:
// sess := session.Must(session.NewSession(&aws.Config{
@@ -246,12 +258,18 @@ type Config struct {
// Disabling this feature is useful when you want to use local endpoints
// for testing that do not support the modeled host prefix pattern.
DisableEndpointHostPrefix *bool
+
+ // STSRegionalEndpoint will enable regional or legacy endpoint resolving
+ STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+ // S3UsEast1RegionalEndpoint will enable regional or legacy endpoint resolving
+ S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
}
// NewConfig returns a new Config pointer that can be chained with builder
// methods to set multiple configuration values inline without using pointers.
//
-// // Create Session with MaxRetry configuration to be shared by multiple
+// // Create Session with MaxRetries configuration to be shared by multiple
// // service clients.
// sess := session.Must(session.NewSession(aws.NewConfig().
// WithMaxRetries(3),
@@ -379,6 +397,13 @@ func (c *Config) WithS3DisableContentMD5Validation(enable bool) *Config {
}
+// WithS3UseARNRegion sets a config S3UseARNRegion value and
+// returning a Config pointer for chaining
+func (c *Config) WithS3UseARNRegion(enable bool) *Config {
+ c.S3UseARNRegion = &enable
+ return c
+}
+
// WithUseDualStack sets a config UseDualStack value returning a Config
// pointer for chaining.
func (c *Config) WithUseDualStack(enable bool) *Config {
@@ -420,6 +445,20 @@ func (c *Config) MergeIn(cfgs ...*Config) {
}
}
+// WithSTSRegionalEndpoint will set whether or not to use regional endpoint flag
+// when resolving the endpoint for a service
+func (c *Config) WithSTSRegionalEndpoint(sre endpoints.STSRegionalEndpoint) *Config {
+ c.STSRegionalEndpoint = sre
+ return c
+}
+
+// WithS3UsEast1RegionalEndpoint will set whether or not to use regional endpoint flag
+// when resolving the endpoint for a service
+func (c *Config) WithS3UsEast1RegionalEndpoint(sre endpoints.S3UsEast1RegionalEndpoint) *Config {
+ c.S3UsEast1RegionalEndpoint = sre
+ return c
+}
+
func mergeInConfig(dst *Config, other *Config) {
if other == nil {
return
@@ -493,6 +532,10 @@ func mergeInConfig(dst *Config, other *Config) {
dst.S3DisableContentMD5Validation = other.S3DisableContentMD5Validation
}
+ if other.S3UseARNRegion != nil {
+ dst.S3UseARNRegion = other.S3UseARNRegion
+ }
+
if other.UseDualStack != nil {
dst.UseDualStack = other.UseDualStack
}
@@ -520,6 +563,14 @@ func mergeInConfig(dst *Config, other *Config) {
if other.DisableEndpointHostPrefix != nil {
dst.DisableEndpointHostPrefix = other.DisableEndpointHostPrefix
}
+
+ if other.STSRegionalEndpoint != endpoints.UnsetSTSEndpoint {
+ dst.STSRegionalEndpoint = other.STSRegionalEndpoint
+ }
+
+ if other.S3UsEast1RegionalEndpoint != endpoints.UnsetS3UsEast1Endpoint {
+ dst.S3UsEast1RegionalEndpoint = other.S3UsEast1RegionalEndpoint
+ }
}
// Copy will return a shallow copy of the Config object. If any additional
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
index 66c5945db..2f9446333 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
@@ -2,42 +2,8 @@
package aws
-import "time"
-
-// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to
-// provide a 1.6 and 1.5 safe version of context that is compatible with Go
-// 1.7's Context.
-//
-// An emptyCtx is never canceled, has no values, and has no deadline. It is not
-// struct{}, since vars of this type must have distinct addresses.
-type emptyCtx int
-
-func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
- return
-}
-
-func (*emptyCtx) Done() <-chan struct{} {
- return nil
-}
-
-func (*emptyCtx) Err() error {
- return nil
-}
-
-func (*emptyCtx) Value(key interface{}) interface{} {
- return nil
-}
-
-func (e *emptyCtx) String() string {
- switch e {
- case backgroundCtx:
- return "aws.BackgroundContext"
- }
- return "unknown empty Context"
-}
-
-var (
- backgroundCtx = new(emptyCtx)
+import (
+ "github.com/aws/aws-sdk-go/internal/context"
)
// BackgroundContext returns a context that will never be canceled, has no
@@ -52,5 +18,5 @@ var (
//
// See https://golang.org/pkg/context for more information on Contexts.
func BackgroundContext() Context {
- return backgroundCtx
+ return context.BackgroundCtx
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go b/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
index ff5d58e06..4e076c183 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
@@ -179,6 +179,242 @@ func IntValueMap(src map[string]*int) map[string]int {
return dst
}
+// Uint returns a pointer to the uint value passed in.
+func Uint(v uint) *uint {
+ return &v
+}
+
+// UintValue returns the value of the uint pointer passed in or
+// 0 if the pointer is nil.
+func UintValue(v *uint) uint {
+ if v != nil {
+ return *v
+ }
+ return 0
+}
+
+// UintSlice converts a slice of uint values uinto a slice of
+// uint pointers
+func UintSlice(src []uint) []*uint {
+ dst := make([]*uint, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// UintValueSlice converts a slice of uint pointers uinto a slice of
+// uint values
+func UintValueSlice(src []*uint) []uint {
+ dst := make([]uint, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// UintMap converts a string map of uint values uinto a string
+// map of uint pointers
+func UintMap(src map[string]uint) map[string]*uint {
+ dst := make(map[string]*uint)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// UintValueMap converts a string map of uint pointers uinto a string
+// map of uint values
+func UintValueMap(src map[string]*uint) map[string]uint {
+ dst := make(map[string]uint)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
+
+// Int8 returns a pointer to the int8 value passed in.
+func Int8(v int8) *int8 {
+ return &v
+}
+
+// Int8Value returns the value of the int8 pointer passed in or
+// 0 if the pointer is nil.
+func Int8Value(v *int8) int8 {
+ if v != nil {
+ return *v
+ }
+ return 0
+}
+
+// Int8Slice converts a slice of int8 values into a slice of
+// int8 pointers
+func Int8Slice(src []int8) []*int8 {
+ dst := make([]*int8, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// Int8ValueSlice converts a slice of int8 pointers into a slice of
+// int8 values
+func Int8ValueSlice(src []*int8) []int8 {
+ dst := make([]int8, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// Int8Map converts a string map of int8 values into a string
+// map of int8 pointers
+func Int8Map(src map[string]int8) map[string]*int8 {
+ dst := make(map[string]*int8)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// Int8ValueMap converts a string map of int8 pointers into a string
+// map of int8 values
+func Int8ValueMap(src map[string]*int8) map[string]int8 {
+ dst := make(map[string]int8)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
+
+// Int16 returns a pointer to the int16 value passed in.
+func Int16(v int16) *int16 {
+ return &v
+}
+
+// Int16Value returns the value of the int16 pointer passed in or
+// 0 if the pointer is nil.
+func Int16Value(v *int16) int16 {
+ if v != nil {
+ return *v
+ }
+ return 0
+}
+
+// Int16Slice converts a slice of int16 values into a slice of
+// int16 pointers
+func Int16Slice(src []int16) []*int16 {
+ dst := make([]*int16, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// Int16ValueSlice converts a slice of int16 pointers into a slice of
+// int16 values
+func Int16ValueSlice(src []*int16) []int16 {
+ dst := make([]int16, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// Int16Map converts a string map of int16 values into a string
+// map of int16 pointers
+func Int16Map(src map[string]int16) map[string]*int16 {
+ dst := make(map[string]*int16)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// Int16ValueMap converts a string map of int16 pointers into a string
+// map of int16 values
+func Int16ValueMap(src map[string]*int16) map[string]int16 {
+ dst := make(map[string]int16)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
+
+// Int32 returns a pointer to the int32 value passed in.
+func Int32(v int32) *int32 {
+ return &v
+}
+
+// Int32Value returns the value of the int32 pointer passed in or
+// 0 if the pointer is nil.
+func Int32Value(v *int32) int32 {
+ if v != nil {
+ return *v
+ }
+ return 0
+}
+
+// Int32Slice converts a slice of int32 values into a slice of
+// int32 pointers
+func Int32Slice(src []int32) []*int32 {
+ dst := make([]*int32, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// Int32ValueSlice converts a slice of int32 pointers into a slice of
+// int32 values
+func Int32ValueSlice(src []*int32) []int32 {
+ dst := make([]int32, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// Int32Map converts a string map of int32 values into a string
+// map of int32 pointers
+func Int32Map(src map[string]int32) map[string]*int32 {
+ dst := make(map[string]*int32)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// Int32ValueMap converts a string map of int32 pointers into a string
+// map of int32 values
+func Int32ValueMap(src map[string]*int32) map[string]int32 {
+ dst := make(map[string]int32)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
+
// Int64 returns a pointer to the int64 value passed in.
func Int64(v int64) *int64 {
return &v
@@ -238,6 +474,301 @@ func Int64ValueMap(src map[string]*int64) map[string]int64 {
return dst
}
+// Uint8 returns a pointer to the uint8 value passed in.
+func Uint8(v uint8) *uint8 {
+ return &v
+}
+
+// Uint8Value returns the value of the uint8 pointer passed in or
+// 0 if the pointer is nil.
+func Uint8Value(v *uint8) uint8 {
+ if v != nil {
+ return *v
+ }
+ return 0
+}
+
+// Uint8Slice converts a slice of uint8 values into a slice of
+// uint8 pointers
+func Uint8Slice(src []uint8) []*uint8 {
+ dst := make([]*uint8, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// Uint8ValueSlice converts a slice of uint8 pointers into a slice of
+// uint8 values
+func Uint8ValueSlice(src []*uint8) []uint8 {
+ dst := make([]uint8, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// Uint8Map converts a string map of uint8 values into a string
+// map of uint8 pointers
+func Uint8Map(src map[string]uint8) map[string]*uint8 {
+ dst := make(map[string]*uint8)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// Uint8ValueMap converts a string map of uint8 pointers into a string
+// map of uint8 values
+func Uint8ValueMap(src map[string]*uint8) map[string]uint8 {
+ dst := make(map[string]uint8)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
+
+// Uint16 returns a pointer to the uint16 value passed in.
+func Uint16(v uint16) *uint16 {
+ return &v
+}
+
+// Uint16Value returns the value of the uint16 pointer passed in or
+// 0 if the pointer is nil.
+func Uint16Value(v *uint16) uint16 {
+ if v != nil {
+ return *v
+ }
+ return 0
+}
+
+// Uint16Slice converts a slice of uint16 values into a slice of
+// uint16 pointers
+func Uint16Slice(src []uint16) []*uint16 {
+ dst := make([]*uint16, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// Uint16ValueSlice converts a slice of uint16 pointers into a slice of
+// uint16 values
+func Uint16ValueSlice(src []*uint16) []uint16 {
+ dst := make([]uint16, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// Uint16Map converts a string map of uint16 values into a string
+// map of uint16 pointers
+func Uint16Map(src map[string]uint16) map[string]*uint16 {
+ dst := make(map[string]*uint16)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// Uint16ValueMap converts a string map of uint16 pointers into a string
+// map of uint16 values
+func Uint16ValueMap(src map[string]*uint16) map[string]uint16 {
+ dst := make(map[string]uint16)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
+
+// Uint32 returns a pointer to the uint32 value passed in.
+func Uint32(v uint32) *uint32 {
+ return &v
+}
+
+// Uint32Value returns the value of the uint32 pointer passed in or
+// 0 if the pointer is nil.
+func Uint32Value(v *uint32) uint32 {
+ if v != nil {
+ return *v
+ }
+ return 0
+}
+
+// Uint32Slice converts a slice of uint32 values into a slice of
+// uint32 pointers
+func Uint32Slice(src []uint32) []*uint32 {
+ dst := make([]*uint32, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// Uint32ValueSlice converts a slice of uint32 pointers into a slice of
+// uint32 values
+func Uint32ValueSlice(src []*uint32) []uint32 {
+ dst := make([]uint32, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// Uint32Map converts a string map of uint32 values into a string
+// map of uint32 pointers
+func Uint32Map(src map[string]uint32) map[string]*uint32 {
+ dst := make(map[string]*uint32)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// Uint32ValueMap converts a string map of uint32 pointers into a string
+// map of uint32 values
+func Uint32ValueMap(src map[string]*uint32) map[string]uint32 {
+ dst := make(map[string]uint32)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
+
+// Uint64 returns a pointer to the uint64 value passed in.
+func Uint64(v uint64) *uint64 {
+ return &v
+}
+
+// Uint64Value returns the value of the uint64 pointer passed in or
+// 0 if the pointer is nil.
+func Uint64Value(v *uint64) uint64 {
+ if v != nil {
+ return *v
+ }
+ return 0
+}
+
+// Uint64Slice converts a slice of uint64 values into a slice of
+// uint64 pointers
+func Uint64Slice(src []uint64) []*uint64 {
+ dst := make([]*uint64, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// Uint64ValueSlice converts a slice of uint64 pointers into a slice of
+// uint64 values
+func Uint64ValueSlice(src []*uint64) []uint64 {
+ dst := make([]uint64, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// Uint64Map converts a string map of uint64 values into a string
+// map of uint64 pointers
+func Uint64Map(src map[string]uint64) map[string]*uint64 {
+ dst := make(map[string]*uint64)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// Uint64ValueMap converts a string map of uint64 pointers into a string
+// map of uint64 values
+func Uint64ValueMap(src map[string]*uint64) map[string]uint64 {
+ dst := make(map[string]uint64)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
+
+// Float32 returns a pointer to the float32 value passed in.
+func Float32(v float32) *float32 {
+ return &v
+}
+
+// Float32Value returns the value of the float32 pointer passed in or
+// 0 if the pointer is nil.
+func Float32Value(v *float32) float32 {
+ if v != nil {
+ return *v
+ }
+ return 0
+}
+
+// Float32Slice converts a slice of float32 values into a slice of
+// float32 pointers
+func Float32Slice(src []float32) []*float32 {
+ dst := make([]*float32, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// Float32ValueSlice converts a slice of float32 pointers into a slice of
+// float32 values
+func Float32ValueSlice(src []*float32) []float32 {
+ dst := make([]float32, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// Float32Map converts a string map of float32 values into a string
+// map of float32 pointers
+func Float32Map(src map[string]float32) map[string]*float32 {
+ dst := make(map[string]*float32)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// Float32ValueMap converts a string map of float32 pointers into a string
+// map of float32 values
+func Float32ValueMap(src map[string]*float32) map[string]float32 {
+ dst := make(map[string]float32)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
+
// Float64 returns a pointer to the float64 value passed in.
func Float64(v float64) *float64 {
return &v
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
index f8853d78a..d95a5eb54 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
@@ -159,9 +159,9 @@ func handleSendError(r *request.Request, err error) {
Body: ioutil.NopCloser(bytes.NewReader([]byte{})),
}
}
- // Catch all other request errors.
- r.Error = awserr.New("RequestError", "send request failed", err)
- r.Retryable = aws.Bool(true) // network errors are retryable
+ // Catch all request errors, and let the default retrier determine
+ // if the error is retryable.
+ r.Error = awserr.New(request.ErrCodeRequestError, "send request failed", err)
// Override the error with a context canceled error, if that was canceled.
ctx := r.Context()
@@ -184,37 +184,39 @@ var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseH
// AfterRetryHandler performs final checks to determine if the request should
// be retried and how long to delay.
-var AfterRetryHandler = request.NamedHandler{Name: "core.AfterRetryHandler", Fn: func(r *request.Request) {
- // If one of the other handlers already set the retry state
- // we don't want to override it based on the service's state
- if r.Retryable == nil || aws.BoolValue(r.Config.EnforceShouldRetryCheck) {
- r.Retryable = aws.Bool(r.ShouldRetry(r))
- }
+var AfterRetryHandler = request.NamedHandler{
+ Name: "core.AfterRetryHandler",
+ Fn: func(r *request.Request) {
+ // If one of the other handlers already set the retry state
+ // we don't want to override it based on the service's state
+ if r.Retryable == nil || aws.BoolValue(r.Config.EnforceShouldRetryCheck) {
+ r.Retryable = aws.Bool(r.ShouldRetry(r))
+ }
- if r.WillRetry() {
- r.RetryDelay = r.RetryRules(r)
+ if r.WillRetry() {
+ r.RetryDelay = r.RetryRules(r)
- if sleepFn := r.Config.SleepDelay; sleepFn != nil {
- // Support SleepDelay for backwards compatibility and testing
- sleepFn(r.RetryDelay)
- } else if err := aws.SleepWithContext(r.Context(), r.RetryDelay); err != nil {
- r.Error = awserr.New(request.CanceledErrorCode,
- "request context canceled", err)
- r.Retryable = aws.Bool(false)
- return
- }
+ if sleepFn := r.Config.SleepDelay; sleepFn != nil {
+ // Support SleepDelay for backwards compatibility and testing
+ sleepFn(r.RetryDelay)
+ } else if err := aws.SleepWithContext(r.Context(), r.RetryDelay); err != nil {
+ r.Error = awserr.New(request.CanceledErrorCode,
+ "request context canceled", err)
+ r.Retryable = aws.Bool(false)
+ return
+ }
- // when the expired token exception occurs the credentials
- // need to be expired locally so that the next request to
- // get credentials will trigger a credentials refresh.
- if r.IsErrorExpired() {
- r.Config.Credentials.Expire()
- }
+ // when the expired token exception occurs the credentials
+ // need to be expired locally so that the next request to
+ // get credentials will trigger a credentials refresh.
+ if r.IsErrorExpired() {
+ r.Config.Credentials.Expire()
+ }
- r.RetryCount++
- r.Error = nil
- }
-}}
+ r.RetryCount++
+ r.Error = nil
+ }
+ }}
// ValidateEndpointHandler is a request handler to validate a request had the
// appropriate Region and Endpoint set. Will set r.Error if the endpoint or
@@ -223,6 +225,8 @@ var ValidateEndpointHandler = request.NamedHandler{Name: "core.ValidateEndpointH
if r.ClientInfo.SigningRegion == "" && aws.StringValue(r.Config.Region) == "" {
r.Error = aws.ErrMissingRegion
} else if r.ClientInfo.Endpoint == "" {
+ // Was any endpoint provided by the user, or one was derived by the
+ // SDK's endpoint resolver?
r.Error = aws.ErrMissingEndpoint
}
}}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
new file mode 100644
index 000000000..5852b2648
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
@@ -0,0 +1,22 @@
+// +build !go1.7
+
+package credentials
+
+import (
+ "github.com/aws/aws-sdk-go/internal/context"
+)
+
+// backgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func backgroundContext() Context {
+ return context.BackgroundCtx
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
new file mode 100644
index 000000000..388b21541
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
@@ -0,0 +1,20 @@
+// +build go1.7
+
+package credentials
+
+import "context"
+
+// backgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func backgroundContext() Context {
+ return context.Background()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
new file mode 100644
index 000000000..8152a864a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
@@ -0,0 +1,39 @@
+// +build !go1.9
+
+package credentials
+
+import "time"
+
+// Context is an copy of the Go v1.7 stdlib's context.Context interface.
+// It is represented as a SDK interface to enable you to use the "WithContext"
+// API methods with Go v1.6 and a Context type such as golang.org/x/net/context.
+//
+// This type, aws.Context, and context.Context are equivalent.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context interface {
+ // Deadline returns the time when work done on behalf of this context
+ // should be canceled. Deadline returns ok==false when no deadline is
+ // set. Successive calls to Deadline return the same results.
+ Deadline() (deadline time.Time, ok bool)
+
+ // Done returns a channel that's closed when work done on behalf of this
+ // context should be canceled. Done may return nil if this context can
+ // never be canceled. Successive calls to Done return the same value.
+ Done() <-chan struct{}
+
+ // Err returns a non-nil error value after Done is closed. Err returns
+ // Canceled if the context was canceled or DeadlineExceeded if the
+ // context's deadline passed. No other values for Err are defined.
+ // After Done is closed, successive calls to Err return the same value.
+ Err() error
+
+ // Value returns the value associated with this context for key, or nil
+ // if no value is associated with key. Successive calls to Value with
+ // the same key returns the same result.
+ //
+ // Use context values only for request-scoped data that transits
+ // processes and API boundaries, not for passing optional parameters to
+ // functions.
+ Value(key interface{}) interface{}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
new file mode 100644
index 000000000..4356edb3d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
@@ -0,0 +1,13 @@
+// +build go1.9
+
+package credentials
+
+import "context"
+
+// Context is an alias of the Go stdlib's context.Context interface.
+// It can be used within the SDK's API operation "WithContext" methods.
+//
+// This type, aws.Context, and context.Context are equivalent.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context = context.Context
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
index 894bbc7f8..a880a3de8 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
@@ -50,9 +50,11 @@ package credentials
import (
"fmt"
- "github.com/aws/aws-sdk-go/aws/awserr"
"sync"
"time"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/internal/sync/singleflight"
)
// AnonymousCredentials is an empty Credential object that can be used as
@@ -83,6 +85,12 @@ type Value struct {
ProviderName string
}
+// HasKeys returns if the credentials Value has both AccessKeyID and
+// SecretAccessKey value set.
+func (v Value) HasKeys() bool {
+ return len(v.AccessKeyID) != 0 && len(v.SecretAccessKey) != 0
+}
+
// A Provider is the interface for any component which will provide credentials
// Value. A provider is required to manage its own Expired state, and what to
// be expired means.
@@ -99,6 +107,13 @@ type Provider interface {
IsExpired() bool
}
+// ProviderWithContext is a Provider that can retrieve credentials with a Context
+type ProviderWithContext interface {
+ Provider
+
+ RetrieveWithContext(Context) (Value, error)
+}
+
// An Expirer is an interface that Providers can implement to expose the expiration
// time, if known. If the Provider cannot accurately provide this info,
// it should not implement this interface.
@@ -158,7 +173,9 @@ type Expiry struct {
// the expiration time given to ensure no requests are made with expired
// tokens.
func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
- e.expiration = expiration
+ // Passed in expirations should have the monotonic clock values stripped.
+ // This ensures time comparisons will be based on wall-time.
+ e.expiration = expiration.Round(0)
if window > 0 {
e.expiration = e.expiration.Add(-window)
}
@@ -190,24 +207,24 @@ func (e *Expiry) ExpiresAt() time.Time {
// first instance of the credentials Value. All calls to Get() after that
// will return the cached credentials Value until IsExpired() returns true.
type Credentials struct {
- creds Value
- forceRefresh bool
-
- m sync.RWMutex
+ sf singleflight.Group
+ m sync.RWMutex
+ creds Value
provider Provider
}
// NewCredentials returns a pointer to a new Credentials with the provider set.
func NewCredentials(provider Provider) *Credentials {
- return &Credentials{
- provider: provider,
- forceRefresh: true,
+ c := &Credentials{
+ provider: provider,
}
+ return c
}
-// Get returns the credentials value, or error if the credentials Value failed
-// to be retrieved.
+// GetWithContext returns the credentials value, or error if the credentials
+// Value failed to be retrieved. Will return early if the passed in context is
+// canceled.
//
// Will return the cached credentials Value if it has not expired. If the
// credentials Value has expired the Provider's Retrieve() will be called
@@ -215,31 +232,70 @@ func NewCredentials(provider Provider) *Credentials {
//
// If Credentials.Expire() was called the credentials Value will be force
// expired, and the next call to Get() will cause them to be refreshed.
-func (c *Credentials) Get() (Value, error) {
- // Check the cached credentials first with just the read lock.
- c.m.RLock()
- if !c.isExpired() {
- creds := c.creds
- c.m.RUnlock()
- return creds, nil
+//
+// Passed in Context is equivalent to aws.Context, and context.Context.
+func (c *Credentials) GetWithContext(ctx Context) (Value, error) {
+ // Check if credentials are cached, and not expired.
+ select {
+ case curCreds, ok := <-c.asyncIsExpired():
+ // ok will only be true, of the credentials were not expired. ok will
+ // be false and have no value if the credentials are expired.
+ if ok {
+ return curCreds, nil
+ }
+ case <-ctx.Done():
+ return Value{}, awserr.New("RequestCanceled",
+ "request context canceled", ctx.Err())
}
- c.m.RUnlock()
- // Credentials are expired need to retrieve the credentials taking the full
- // lock.
+ // Cannot pass context down to the actual retrieve, because the first
+ // context would cancel the whole group when there is not direct
+ // association of items in the group.
+ resCh := c.sf.DoChan("", func() (interface{}, error) {
+ return c.singleRetrieve(&suppressedContext{ctx})
+ })
+ select {
+ case res := <-resCh:
+ return res.Val.(Value), res.Err
+ case <-ctx.Done():
+ return Value{}, awserr.New("RequestCanceled",
+ "request context canceled", ctx.Err())
+ }
+}
+
+func (c *Credentials) singleRetrieve(ctx Context) (interface{}, error) {
c.m.Lock()
defer c.m.Unlock()
- if c.isExpired() {
- creds, err := c.provider.Retrieve()
- if err != nil {
- return Value{}, err
- }
+ if curCreds := c.creds; !c.isExpiredLocked(curCreds) {
+ return curCreds, nil
+ }
+
+ var creds Value
+ var err error
+ if p, ok := c.provider.(ProviderWithContext); ok {
+ creds, err = p.RetrieveWithContext(ctx)
+ } else {
+ creds, err = c.provider.Retrieve()
+ }
+ if err == nil {
c.creds = creds
- c.forceRefresh = false
}
- return c.creds, nil
+ return creds, err
+}
+
+// Get returns the credentials value, or error if the credentials Value failed
+// to be retrieved.
+//
+// Will return the cached credentials Value if it has not expired. If the
+// credentials Value has expired the Provider's Retrieve() will be called
+// to refresh the credentials.
+//
+// If Credentials.Expire() was called the credentials Value will be force
+// expired, and the next call to Get() will cause them to be refreshed.
+func (c *Credentials) Get() (Value, error) {
+ return c.GetWithContext(backgroundContext())
}
// Expire expires the credentials and forces them to be retrieved on the
@@ -251,7 +307,7 @@ func (c *Credentials) Expire() {
c.m.Lock()
defer c.m.Unlock()
- c.forceRefresh = true
+ c.creds = Value{}
}
// IsExpired returns if the credentials are no longer valid, and need
@@ -263,12 +319,30 @@ func (c *Credentials) IsExpired() bool {
c.m.RLock()
defer c.m.RUnlock()
- return c.isExpired()
+ return c.isExpiredLocked(c.creds)
+}
+
+// asyncIsExpired returns a channel of credentials Value. If the channel is
+// closed the credentials are expired and credentials value are not empty.
+func (c *Credentials) asyncIsExpired() <-chan Value {
+ ch := make(chan Value, 1)
+ go func() {
+ c.m.RLock()
+ defer c.m.RUnlock()
+
+ if curCreds := c.creds; !c.isExpiredLocked(curCreds) {
+ ch <- curCreds
+ }
+
+ close(ch)
+ }()
+
+ return ch
}
-// isExpired helper method wrapping the definition of expired credentials.
-func (c *Credentials) isExpired() bool {
- return c.forceRefresh || c.provider.IsExpired()
+// isExpiredLocked helper method wrapping the definition of expired credentials.
+func (c *Credentials) isExpiredLocked(creds interface{}) bool {
+ return creds == nil || creds.(Value) == Value{} || c.provider.IsExpired()
}
// ExpiresAt provides access to the functionality of the Expirer interface of
@@ -281,12 +355,29 @@ func (c *Credentials) ExpiresAt() (time.Time, error) {
expirer, ok := c.provider.(Expirer)
if !ok {
return time.Time{}, awserr.New("ProviderNotExpirer",
- fmt.Sprintf("provider %s does not support ExpiresAt()", c.creds.ProviderName),
+ fmt.Sprintf("provider %s does not support ExpiresAt()",
+ c.creds.ProviderName),
nil)
}
- if c.forceRefresh {
+ if c.creds == (Value{}) {
// set expiration time to the distant past
return time.Time{}, nil
}
return expirer.ExpiresAt(), nil
}
+
+type suppressedContext struct {
+ Context
+}
+
+func (s *suppressedContext) Deadline() (deadline time.Time, ok bool) {
+ return time.Time{}, false
+}
+
+func (s *suppressedContext) Done() <-chan struct{} {
+ return nil
+}
+
+func (s *suppressedContext) Err() error {
+ return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
index 43d4ed386..92af5b725 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
@@ -7,6 +7,7 @@ import (
"strings"
"time"
+ "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/credentials"
@@ -87,7 +88,14 @@ func NewCredentialsWithClient(client *ec2metadata.EC2Metadata, options ...func(*
// Error will be returned if the request fails, or unable to extract
// the desired credentials.
func (m *EC2RoleProvider) Retrieve() (credentials.Value, error) {
- credsList, err := requestCredList(m.Client)
+ return m.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext retrieves credentials from the EC2 service.
+// Error will be returned if the request fails, or unable to extract
+// the desired credentials.
+func (m *EC2RoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+ credsList, err := requestCredList(ctx, m.Client)
if err != nil {
return credentials.Value{ProviderName: ProviderName}, err
}
@@ -97,7 +105,7 @@ func (m *EC2RoleProvider) Retrieve() (credentials.Value, error) {
}
credsName := credsList[0]
- roleCreds, err := requestCred(m.Client, credsName)
+ roleCreds, err := requestCred(ctx, m.Client, credsName)
if err != nil {
return credentials.Value{ProviderName: ProviderName}, err
}
@@ -130,8 +138,8 @@ const iamSecurityCredsPath = "iam/security-credentials/"
// requestCredList requests a list of credentials from the EC2 service.
// If there are no credentials, or there is an error making or receiving the request
-func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) {
- resp, err := client.GetMetadata(iamSecurityCredsPath)
+func requestCredList(ctx aws.Context, client *ec2metadata.EC2Metadata) ([]string, error) {
+ resp, err := client.GetMetadataWithContext(ctx, iamSecurityCredsPath)
if err != nil {
return nil, awserr.New("EC2RoleRequestError", "no EC2 instance role found", err)
}
@@ -154,8 +162,8 @@ func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) {
//
// If the credentials cannot be found, or there is an error reading the response
// and error will be returned.
-func requestCred(client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCredRespBody, error) {
- resp, err := client.GetMetadata(sdkuri.PathJoin(iamSecurityCredsPath, credsName))
+func requestCred(ctx aws.Context, client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCredRespBody, error) {
+ resp, err := client.GetMetadataWithContext(ctx, sdkuri.PathJoin(iamSecurityCredsPath, credsName))
if err != nil {
return ec2RoleCredRespBody{},
awserr.New("EC2RoleRequestError",
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
index c2b2c5d65..785f30d8e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
@@ -98,8 +98,8 @@ func NewProviderClient(cfg aws.Config, handlers request.Handlers, endpoint strin
return p
}
-// NewCredentialsClient returns a Credentials wrapper for retrieving credentials
-// from an arbitrary endpoint concurrently. The client will request the
+// NewCredentialsClient returns a pointer to a new Credentials object
+// wrapping the endpoint credentials Provider.
func NewCredentialsClient(cfg aws.Config, handlers request.Handlers, endpoint string, options ...func(*Provider)) *credentials.Credentials {
return credentials.NewCredentials(NewProviderClient(cfg, handlers, endpoint, options...))
}
@@ -116,7 +116,13 @@ func (p *Provider) IsExpired() bool {
// Retrieve will attempt to request the credentials from the endpoint the Provider
// was configured for. And error will be returned if the retrieval fails.
func (p *Provider) Retrieve() (credentials.Value, error) {
- resp, err := p.getCredentials()
+ return p.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext will attempt to request the credentials from the endpoint the Provider
+// was configured for. And error will be returned if the retrieval fails.
+func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+ resp, err := p.getCredentials(ctx)
if err != nil {
return credentials.Value{ProviderName: ProviderName},
awserr.New("CredentialsEndpointError", "failed to load credentials", err)
@@ -148,7 +154,7 @@ type errorOutput struct {
Message string `json:"message"`
}
-func (p *Provider) getCredentials() (*getCredentialsOutput, error) {
+func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error) {
op := &request.Operation{
Name: "GetCredentials",
HTTPMethod: "GET",
@@ -156,6 +162,7 @@ func (p *Provider) getCredentials() (*getCredentialsOutput, error) {
out := &getCredentialsOutput{}
req := p.Client.NewRequest(op, nil, out)
+ req.SetContext(ctx)
req.HTTPRequest.Header.Set("Accept", "application/json")
if authToken := p.AuthorizationToken; len(authToken) != 0 {
req.HTTPRequest.Header.Set("Authorization", authToken)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
index 1980c8c14..e62483600 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
@@ -90,6 +90,7 @@ import (
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/internal/sdkio"
)
const (
@@ -142,7 +143,7 @@ const (
// DefaultBufSize limits buffer size from growing to an enormous
// amount due to a faulty process.
- DefaultBufSize = 1024
+ DefaultBufSize = int(8 * sdkio.KibiByte)
// DefaultTimeout default limit on time a process can run.
DefaultTimeout = time.Duration(1) * time.Minute
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
index e15514958..22b5c5d9f 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
@@ -17,8 +17,9 @@ var (
ErrSharedCredentialsHomeNotFound = awserr.New("UserHomeNotFound", "user home directory not found.", nil)
)
-// A SharedCredentialsProvider retrieves credentials from the current user's home
-// directory, and keeps track if those credentials are expired.
+// A SharedCredentialsProvider retrieves access key pair (access key ID,
+// secret access key, and session token if present) credentials from the current
+// user's home directory, and keeps track if those credentials are expired.
//
// Profile ini file example: $HOME/.aws/credentials
type SharedCredentialsProvider struct {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
index 531139e39..cbba1e3d5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
@@ -19,7 +19,9 @@ type StaticProvider struct {
}
// NewStaticCredentials returns a pointer to a new Credentials object
-// wrapping a static credentials value provider.
+// wrapping a static credentials value provider. Token is only required
+// for temporary security credentials retrieved via STS, otherwise an empty
+// string can be passed for this parameter.
func NewStaticCredentials(id, secret, token string) *Credentials {
return NewCredentials(&StaticProvider{Value: Value{
AccessKeyID: id,
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
index b6dbfd246..6846ef6f8 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
@@ -87,6 +87,7 @@ import (
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/internal/sdkrand"
"github.com/aws/aws-sdk-go/service/sts"
)
@@ -118,6 +119,10 @@ type AssumeRoler interface {
AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
}
+type assumeRolerWithContext interface {
+ AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
+}
+
// DefaultDuration is the default amount of time in minutes that the credentials
// will be valid for.
var DefaultDuration = time.Duration(15) * time.Minute
@@ -144,6 +149,13 @@ type AssumeRoleProvider struct {
// Session name, if you wish to reuse the credentials elsewhere.
RoleSessionName string
+ // Optional, you can pass tag key-value pairs to your session. These tags are called session tags.
+ Tags []*sts.Tag
+
+ // A list of keys for session tags that you want to set as transitive.
+ // If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
+ TransitiveTagKeys []*string
+
// Expiry duration of the STS credentials. Defaults to 15 minutes if not set.
Duration time.Duration
@@ -157,6 +169,29 @@ type AssumeRoleProvider struct {
// size.
Policy *string
+ // The ARNs of IAM managed policies you want to use as managed session policies.
+ // The policies must exist in the same account as the role.
+ //
+ // This parameter is optional. You can provide up to 10 managed policy ARNs.
+ // However, the plain text that you use for both inline and managed session
+ // policies can't exceed 2,048 characters.
+ //
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
+ //
+ // Passing policies to this operation returns new temporary credentials. The
+ // resulting session's permissions are the intersection of the role's identity-based
+ // policy and the session policies. You can use the role's temporary credentials
+ // in subsequent AWS API calls to access resources in the account that owns
+ // the role. You cannot use session policies to grant more permissions than
+ // those allowed by the identity-based policy of the role that is being assumed.
+ // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ PolicyArns []*sts.PolicyDescriptorType
+
// The identification number of the MFA device that is associated with the user
// who is making the AssumeRole call. Specify this value if the trust policy
// of the role being assumed includes a condition that requires MFA authentication.
@@ -200,7 +235,7 @@ type AssumeRoleProvider struct {
// by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must
// have a value between 0 and 1. Any other value may lead to expected behavior.
// With a MaxJitterFrac value of 0, default) will no jitter will be used.
- //
+ //
// For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the
// AssumeRole call will be made with an arbitrary Duration between 27m and
// 30m.
@@ -258,7 +293,11 @@ func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(*
// Retrieve generates a new set of temporary credentials using STS.
func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
+ return p.RetrieveWithContext(aws.BackgroundContext())
+}
+// RetrieveWithContext generates a new set of temporary credentials using STS.
+func (p *AssumeRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
// Apply defaults where parameters are not set.
if p.RoleSessionName == "" {
// Try to work out a role name that will hopefully end up unique.
@@ -270,10 +309,13 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
}
jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration))
input := &sts.AssumeRoleInput{
- DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)),
- RoleArn: aws.String(p.RoleARN),
- RoleSessionName: aws.String(p.RoleSessionName),
- ExternalId: p.ExternalID,
+ DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)),
+ RoleArn: aws.String(p.RoleARN),
+ RoleSessionName: aws.String(p.RoleSessionName),
+ ExternalId: p.ExternalID,
+ Tags: p.Tags,
+ PolicyArns: p.PolicyArns,
+ TransitiveTagKeys: p.TransitiveTagKeys,
}
if p.Policy != nil {
input.Policy = p.Policy
@@ -296,7 +338,15 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
}
}
- roleOutput, err := p.Client.AssumeRole(input)
+ var roleOutput *sts.AssumeRoleOutput
+ var err error
+
+ if c, ok := p.Client.(assumeRolerWithContext); ok {
+ roleOutput, err = c.AssumeRoleWithContext(ctx, input)
+ } else {
+ roleOutput, err = p.Client.AssumeRole(input)
+ }
+
if err != nil {
return credentials.Value{ProviderName: ProviderName}, err
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
new file mode 100644
index 000000000..cefe2a76d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
@@ -0,0 +1,154 @@
+package stscreds
+
+import (
+ "fmt"
+ "io/ioutil"
+ "strconv"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/service/sts"
+ "github.com/aws/aws-sdk-go/service/sts/stsiface"
+)
+
+const (
+ // ErrCodeWebIdentity will be used as an error code when constructing
+ // a new error to be returned during session creation or retrieval.
+ ErrCodeWebIdentity = "WebIdentityErr"
+
+ // WebIdentityProviderName is the web identity provider name
+ WebIdentityProviderName = "WebIdentityCredentials"
+)
+
+// now is used to return a time.Time object representing
+// the current time. This can be used to easily test and
+// compare test values.
+var now = time.Now
+
+// TokenFetcher shuold return WebIdentity token bytes or an error
+type TokenFetcher interface {
+ FetchToken(credentials.Context) ([]byte, error)
+}
+
+// FetchTokenPath is a path to a WebIdentity token file
+type FetchTokenPath string
+
+// FetchToken returns a token by reading from the filesystem
+func (f FetchTokenPath) FetchToken(ctx credentials.Context) ([]byte, error) {
+ data, err := ioutil.ReadFile(string(f))
+ if err != nil {
+ errMsg := fmt.Sprintf("unable to read file at %s", f)
+ return nil, awserr.New(ErrCodeWebIdentity, errMsg, err)
+ }
+ return data, nil
+}
+
+// WebIdentityRoleProvider is used to retrieve credentials using
+// an OIDC token.
+type WebIdentityRoleProvider struct {
+ credentials.Expiry
+ PolicyArns []*sts.PolicyDescriptorType
+
+ // Duration the STS credentials will be valid for. Truncated to seconds.
+ // If unset, the assumed role will use AssumeRoleWithWebIdentity's default
+ // expiry duration. See
+ // https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#STS.AssumeRoleWithWebIdentity
+ // for more information.
+ Duration time.Duration
+
+ // The amount of time the credentials will be refreshed before they expire.
+ // This is useful refresh credentials before they expire to reduce risk of
+ // using credentials as they expire. If unset, will default to no expiry
+ // window.
+ ExpiryWindow time.Duration
+
+ client stsiface.STSAPI
+
+ tokenFetcher TokenFetcher
+ roleARN string
+ roleSessionName string
+}
+
+// NewWebIdentityCredentials will return a new set of credentials with a given
+// configuration, role arn, and token file path.
+func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
+ svc := sts.New(c)
+ p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
+ return credentials.NewCredentials(p)
+}
+
+// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
+// provided stsiface.STSAPI
+func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
+ return NewWebIdentityRoleProviderWithToken(svc, roleARN, roleSessionName, FetchTokenPath(path))
+}
+
+// NewWebIdentityRoleProviderWithToken will return a new WebIdentityRoleProvider with the
+// provided stsiface.STSAPI and a TokenFetcher
+func NewWebIdentityRoleProviderWithToken(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher) *WebIdentityRoleProvider {
+ return &WebIdentityRoleProvider{
+ client: svc,
+ tokenFetcher: tokenFetcher,
+ roleARN: roleARN,
+ roleSessionName: roleSessionName,
+ }
+}
+
+// Retrieve will attempt to assume a role from a token which is located at
+// 'WebIdentityTokenFilePath' specified destination and if that is empty an
+// error will be returned.
+func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
+ return p.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext will attempt to assume a role from a token which is located at
+// 'WebIdentityTokenFilePath' specified destination and if that is empty an
+// error will be returned.
+func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+ b, err := p.tokenFetcher.FetchToken(ctx)
+ if err != nil {
+ return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed fetching WebIdentity token: ", err)
+ }
+
+ sessionName := p.roleSessionName
+ if len(sessionName) == 0 {
+ // session name is used to uniquely identify a session. This simply
+ // uses unix time in nanoseconds to uniquely identify sessions.
+ sessionName = strconv.FormatInt(now().UnixNano(), 10)
+ }
+
+ var duration *int64
+ if p.Duration != 0 {
+ duration = aws.Int64(int64(p.Duration / time.Second))
+ }
+
+ req, resp := p.client.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{
+ PolicyArns: p.PolicyArns,
+ RoleArn: &p.roleARN,
+ RoleSessionName: &sessionName,
+ WebIdentityToken: aws.String(string(b)),
+ DurationSeconds: duration,
+ })
+
+ req.SetContext(ctx)
+
+ // InvalidIdentityToken error is a temporary error that can occur
+ // when assuming an Role with a JWT web identity token.
+ req.RetryErrorCodes = append(req.RetryErrorCodes, sts.ErrCodeInvalidIdentityTokenException)
+ if err := req.Send(); err != nil {
+ return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err)
+ }
+
+ p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow)
+
+ value := credentials.Value{
+ AccessKeyID: aws.StringValue(resp.Credentials.AccessKeyId),
+ SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey),
+ SessionToken: aws.StringValue(resp.Credentials.SessionToken),
+ ProviderName: WebIdentityProviderName,
+ }
+ return value, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
index 152d785b3..25a66d1dd 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
@@ -1,30 +1,61 @@
-// Package csm provides Client Side Monitoring (CSM) which enables sending metrics
-// via UDP connection. Using the Start function will enable the reporting of
-// metrics on a given port. If Start is called, with different parameters, again,
-// a panic will occur.
+// Package csm provides the Client Side Monitoring (CSM) client which enables
+// sending metrics via UDP connection to the CSM agent. This package provides
+// control options, and configuration for the CSM client. The client can be
+// controlled manually, or automatically via the SDK's Session configuration.
//
-// Pause can be called to pause any metrics publishing on a given port. Sessions
-// that have had their handlers modified via InjectHandlers may still be used.
-// However, the handlers will act as a no-op meaning no metrics will be published.
+// Enabling CSM client via SDK's Session configuration
+//
+// The CSM client can be enabled automatically via SDK's Session configuration.
+// The SDK's session configuration enables the CSM client if the AWS_CSM_PORT
+// environment variable is set to a non-empty value.
+//
+// The configuration options for the CSM client via the SDK's session
+// configuration are:
+//
+// * AWS_CSM_PORT=
+// The port number the CSM agent will receive metrics on.
+//
+// * AWS_CSM_HOST=
+// The hostname, or IP address the CSM agent will receive metrics on.
+// Without port number.
+//
+// Manually enabling the CSM client
+//
+// The CSM client can be started, paused, and resumed manually. The Start
+// function will enable the CSM client to publish metrics to the CSM agent. It
+// is safe to call Start concurrently, but if Start is called additional times
+// with different ClientID or address it will panic.
//
-// Example:
// r, err := csm.Start("clientID", ":31000")
// if err != nil {
// panic(fmt.Errorf("failed starting CSM: %v", err))
// }
//
+// When controlling the CSM client manually, you must also inject its request
+// handlers into the SDK's Session configuration for the SDK's API clients to
+// publish metrics.
+//
// sess, err := session.NewSession(&aws.Config{})
// if err != nil {
// panic(fmt.Errorf("failed loading session: %v", err))
// }
//
+// // Add CSM client's metric publishing request handlers to the SDK's
+// // Session Configuration.
// r.InjectHandlers(&sess.Handlers)
//
-// client := s3.New(sess)
-// resp, err := client.GetObject(&s3.GetObjectInput{
-// Bucket: aws.String("bucket"),
-// Key: aws.String("key"),
-// })
+// Controlling CSM client
+//
+// Once the CSM client has been enabled the Get function will return a Reporter
+// value that you can use to pause and resume the metrics published to the CSM
+// agent. If Get function is called before the reporter is enabled with the
+// Start function or via SDK's Session configuration nil will be returned.
+//
+// The Pause method can be called to stop the CSM client publishing metrics to
+// the CSM agent. The Continue method will resume metric publishing.
+//
+// // Get the CSM client Reporter.
+// r := csm.Get()
//
// // Will pause monitoring
// r.Pause()
@@ -35,12 +66,4 @@
//
// // Resume monitoring
// r.Continue()
-//
-// Start returns a Reporter that is used to enable or disable monitoring. If
-// access to the Reporter is required later, calling Get will return the Reporter
-// singleton.
-//
-// Example:
-// r := csm.Get()
-// r.Continue()
package csm
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
index 2f0c6eac9..4b19e2800 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
@@ -2,6 +2,7 @@ package csm
import (
"fmt"
+ "strings"
"sync"
)
@@ -9,19 +10,40 @@ var (
lock sync.Mutex
)
-// Client side metric handler names
const (
- APICallMetricHandlerName = "awscsm.SendAPICallMetric"
- APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
+ // DefaultPort is used when no port is specified.
+ DefaultPort = "31000"
+
+ // DefaultHost is the host that will be used when none is specified.
+ DefaultHost = "127.0.0.1"
)
-// Start will start the a long running go routine to capture
+// AddressWithDefaults returns a CSM address built from the host and port
+// values. If the host or port is not set, default values will be used
+// instead. If host is "localhost" it will be replaced with "127.0.0.1".
+func AddressWithDefaults(host, port string) string {
+ if len(host) == 0 || strings.EqualFold(host, "localhost") {
+ host = DefaultHost
+ }
+
+ if len(port) == 0 {
+ port = DefaultPort
+ }
+
+ // Only IP6 host can contain a colon
+ if strings.Contains(host, ":") {
+ return "[" + host + "]:" + port
+ }
+
+ return host + ":" + port
+}
+
+// Start will start a long running go routine to capture
// client side metrics. Calling start multiple time will only
// start the metric listener once and will panic if a different
// client ID or port is passed in.
//
-// Example:
-// r, err := csm.Start("clientID", "127.0.0.1:8094")
+// r, err := csm.Start("clientID", "127.0.0.1:31000")
// if err != nil {
// panic(fmt.Errorf("expected no error, but received %v", err))
// }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
index 514fc3739..82a3e345e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
@@ -16,25 +16,26 @@ var (
type metricChan struct {
ch chan metric
- paused int64
+ paused *int64
}
func newMetricChan(size int) metricChan {
return metricChan{
- ch: make(chan metric, size),
+ ch: make(chan metric, size),
+ paused: new(int64),
}
}
func (ch *metricChan) Pause() {
- atomic.StoreInt64(&ch.paused, pausedEnum)
+ atomic.StoreInt64(ch.paused, pausedEnum)
}
func (ch *metricChan) Continue() {
- atomic.StoreInt64(&ch.paused, runningEnum)
+ atomic.StoreInt64(ch.paused, runningEnum)
}
func (ch *metricChan) IsPaused() bool {
- v := atomic.LoadInt64(&ch.paused)
+ v := atomic.LoadInt64(ch.paused)
return v == pausedEnum
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
index d9aa5b062..835bcd49c 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
@@ -10,11 +10,6 @@ import (
"github.com/aws/aws-sdk-go/aws/request"
)
-const (
- // DefaultPort is used when no port is specified
- DefaultPort = "31000"
-)
-
// Reporter will gather metrics of API requests made and
// send those metrics to the CSM endpoint.
type Reporter struct {
@@ -71,7 +66,6 @@ func (rep *Reporter) sendAPICallAttemptMetric(r *request.Request) {
XAmzRequestID: aws.String(r.RequestID),
- AttemptCount: aws.Int(r.RetryCount + 1),
AttemptLatency: aws.Int(int(now.Sub(r.AttemptTime).Nanoseconds() / int64(time.Millisecond))),
AccessKey: aws.String(creds.AccessKeyID),
}
@@ -95,7 +89,7 @@ func getMetricException(err awserr.Error) metricException {
code := err.Code()
switch code {
- case "RequestError",
+ case request.ErrCodeRequestError,
request.ErrCodeSerialization,
request.CanceledErrorCode:
return sdkException{
@@ -123,7 +117,7 @@ func (rep *Reporter) sendAPICallMetric(r *request.Request) {
Type: aws.String("ApiCall"),
AttemptCount: aws.Int(r.RetryCount + 1),
Region: r.Config.Region,
- Latency: aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)),
+ Latency: aws.Int(int(time.Since(r.Time) / time.Millisecond)),
XAmzRequestID: aws.String(r.RequestID),
MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())),
}
@@ -190,8 +184,9 @@ func (rep *Reporter) start() {
}
}
-// Pause will pause the metric channel preventing any new metrics from
-// being added.
+// Pause will pause the metric channel preventing any new metrics from being
+// added. It is safe to call concurrently with other calls to Pause, but if
+// called concurently with Continue can lead to unexpected state.
func (rep *Reporter) Pause() {
lock.Lock()
defer lock.Unlock()
@@ -203,8 +198,9 @@ func (rep *Reporter) Pause() {
rep.close()
}
-// Continue will reopen the metric channel and allow for monitoring
-// to be resumed.
+// Continue will reopen the metric channel and allow for monitoring to be
+// resumed. It is safe to call concurrently with other calls to Continue, but
+// if called concurently with Pause can lead to unexpected state.
func (rep *Reporter) Continue() {
lock.Lock()
defer lock.Unlock()
@@ -219,10 +215,18 @@ func (rep *Reporter) Continue() {
rep.metricsCh.Continue()
}
+// Client side metric handler names
+const (
+ APICallMetricHandlerName = "awscsm.SendAPICallMetric"
+ APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
+)
+
// InjectHandlers will will enable client side metrics and inject the proper
// handlers to handle how metrics are sent.
//
-// Example:
+// InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers
+// multiple times may lead to unexpected behavior, (e.g. duplicate metrics).
+//
// // Start must be called in order to inject the correct handlers
// r, err := csm.Start("clientID", "127.0.0.1:8094")
// if err != nil {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
index 2c8d5f56d..69fa63dc0 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
@@ -4,28 +4,73 @@ import (
"encoding/json"
"fmt"
"net/http"
+ "strconv"
"strings"
"time"
+ "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/internal/sdkuri"
)
+// getToken uses the duration to return a token for EC2 metadata service,
+// or an error if the request failed.
+func (c *EC2Metadata) getToken(ctx aws.Context, duration time.Duration) (tokenOutput, error) {
+ op := &request.Operation{
+ Name: "GetToken",
+ HTTPMethod: "PUT",
+ HTTPPath: "/latest/api/token",
+ }
+
+ var output tokenOutput
+ req := c.NewRequest(op, nil, &output)
+ req.SetContext(ctx)
+
+ // remove the fetch token handler from the request handlers to avoid infinite recursion
+ req.Handlers.Sign.RemoveByName(fetchTokenHandlerName)
+
+ // Swap the unmarshalMetadataHandler with unmarshalTokenHandler on this request.
+ req.Handlers.Unmarshal.Swap(unmarshalMetadataHandlerName, unmarshalTokenHandler)
+
+ ttl := strconv.FormatInt(int64(duration/time.Second), 10)
+ req.HTTPRequest.Header.Set(ttlHeader, ttl)
+
+ err := req.Send()
+
+ // Errors with bad request status should be returned.
+ if err != nil {
+ err = awserr.NewRequestFailure(
+ awserr.New(req.HTTPResponse.Status, http.StatusText(req.HTTPResponse.StatusCode), err),
+ req.HTTPResponse.StatusCode, req.RequestID)
+ }
+
+ return output, err
+}
+
// GetMetadata uses the path provided to request information from the EC2
-// instance metdata service. The content will be returned as a string, or
+// instance metadata service. The content will be returned as a string, or
// error if the request failed.
func (c *EC2Metadata) GetMetadata(p string) (string, error) {
+ return c.GetMetadataWithContext(aws.BackgroundContext(), p)
+}
+
+// GetMetadataWithContext uses the path provided to request information from the EC2
+// instance metadata service. The content will be returned as a string, or
+// error if the request failed.
+func (c *EC2Metadata) GetMetadataWithContext(ctx aws.Context, p string) (string, error) {
op := &request.Operation{
Name: "GetMetadata",
HTTPMethod: "GET",
- HTTPPath: sdkuri.PathJoin("/meta-data", p),
+ HTTPPath: sdkuri.PathJoin("/latest/meta-data", p),
}
-
output := &metadataOutput{}
+
req := c.NewRequest(op, nil, output)
- err := req.Send()
+ req.SetContext(ctx)
+
+ err := req.Send()
return output.Content, err
}
@@ -33,21 +78,24 @@ func (c *EC2Metadata) GetMetadata(p string) (string, error) {
// there is no user-data setup for the EC2 instance a "NotFoundError" error
// code will be returned.
func (c *EC2Metadata) GetUserData() (string, error) {
+ return c.GetUserDataWithContext(aws.BackgroundContext())
+}
+
+// GetUserDataWithContext returns the userdata that was configured for the service. If
+// there is no user-data setup for the EC2 instance a "NotFoundError" error
+// code will be returned.
+func (c *EC2Metadata) GetUserDataWithContext(ctx aws.Context) (string, error) {
op := &request.Operation{
Name: "GetUserData",
HTTPMethod: "GET",
- HTTPPath: "/user-data",
+ HTTPPath: "/latest/user-data",
}
output := &metadataOutput{}
req := c.NewRequest(op, nil, output)
- req.Handlers.UnmarshalError.PushBack(func(r *request.Request) {
- if r.HTTPResponse.StatusCode == http.StatusNotFound {
- r.Error = awserr.New("NotFoundError", "user-data not found", r.Error)
- }
- })
- err := req.Send()
+ req.SetContext(ctx)
+ err := req.Send()
return output.Content, err
}
@@ -55,16 +103,24 @@ func (c *EC2Metadata) GetUserData() (string, error) {
// instance metadata service for dynamic data. The content will be returned
// as a string, or error if the request failed.
func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
+ return c.GetDynamicDataWithContext(aws.BackgroundContext(), p)
+}
+
+// GetDynamicDataWithContext uses the path provided to request information from the EC2
+// instance metadata service for dynamic data. The content will be returned
+// as a string, or error if the request failed.
+func (c *EC2Metadata) GetDynamicDataWithContext(ctx aws.Context, p string) (string, error) {
op := &request.Operation{
Name: "GetDynamicData",
HTTPMethod: "GET",
- HTTPPath: sdkuri.PathJoin("/dynamic", p),
+ HTTPPath: sdkuri.PathJoin("/latest/dynamic", p),
}
output := &metadataOutput{}
req := c.NewRequest(op, nil, output)
- err := req.Send()
+ req.SetContext(ctx)
+ err := req.Send()
return output.Content, err
}
@@ -72,7 +128,14 @@ func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
// instance. Error is returned if the request fails or is unable to parse
// the response.
func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument, error) {
- resp, err := c.GetDynamicData("instance-identity/document")
+ return c.GetInstanceIdentityDocumentWithContext(aws.BackgroundContext())
+}
+
+// GetInstanceIdentityDocumentWithContext retrieves an identity document describing an
+// instance. Error is returned if the request fails or is unable to parse
+// the response.
+func (c *EC2Metadata) GetInstanceIdentityDocumentWithContext(ctx aws.Context) (EC2InstanceIdentityDocument, error) {
+ resp, err := c.GetDynamicDataWithContext(ctx, "instance-identity/document")
if err != nil {
return EC2InstanceIdentityDocument{},
awserr.New("EC2MetadataRequestError",
@@ -91,7 +154,12 @@ func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument
// IAMInfo retrieves IAM info from the metadata API
func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
- resp, err := c.GetMetadata("iam/info")
+ return c.IAMInfoWithContext(aws.BackgroundContext())
+}
+
+// IAMInfoWithContext retrieves IAM info from the metadata API
+func (c *EC2Metadata) IAMInfoWithContext(ctx aws.Context) (EC2IAMInfo, error) {
+ resp, err := c.GetMetadataWithContext(ctx, "iam/info")
if err != nil {
return EC2IAMInfo{},
awserr.New("EC2MetadataRequestError",
@@ -116,24 +184,36 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
// Region returns the region the instance is running in.
func (c *EC2Metadata) Region() (string, error) {
- resp, err := c.GetMetadata("placement/availability-zone")
+ return c.RegionWithContext(aws.BackgroundContext())
+}
+
+// RegionWithContext returns the region the instance is running in.
+func (c *EC2Metadata) RegionWithContext(ctx aws.Context) (string, error) {
+ ec2InstanceIdentityDocument, err := c.GetInstanceIdentityDocumentWithContext(ctx)
if err != nil {
return "", err
}
-
- if len(resp) == 0 {
- return "", awserr.New("EC2MetadataError", "invalid Region response", nil)
+ // extract region from the ec2InstanceIdentityDocument
+ region := ec2InstanceIdentityDocument.Region
+ if len(region) == 0 {
+ return "", awserr.New("EC2MetadataError", "invalid region received for ec2metadata instance", nil)
}
-
- // returns region without the suffix. Eg: us-west-2a becomes us-west-2
- return resp[:len(resp)-1], nil
+ // returns region
+ return region, nil
}
// Available returns if the application has access to the EC2 Metadata service.
// Can be used to determine if application is running within an EC2 Instance and
// the metadata service is available.
func (c *EC2Metadata) Available() bool {
- if _, err := c.GetMetadata("instance-id"); err != nil {
+ return c.AvailableWithContext(aws.BackgroundContext())
+}
+
+// AvailableWithContext returns if the application has access to the EC2 Metadata service.
+// Can be used to determine if application is running within an EC2 Instance and
+// the metadata service is available.
+func (c *EC2Metadata) AvailableWithContext(ctx aws.Context) bool {
+ if _, err := c.GetMetadataWithContext(ctx, "instance-id"); err != nil {
return false
}
@@ -152,18 +232,19 @@ type EC2IAMInfo struct {
// An EC2InstanceIdentityDocument provides the shape for unmarshaling
// an instance identity document
type EC2InstanceIdentityDocument struct {
- DevpayProductCodes []string `json:"devpayProductCodes"`
- AvailabilityZone string `json:"availabilityZone"`
- PrivateIP string `json:"privateIp"`
- Version string `json:"version"`
- Region string `json:"region"`
- InstanceID string `json:"instanceId"`
- BillingProducts []string `json:"billingProducts"`
- InstanceType string `json:"instanceType"`
- AccountID string `json:"accountId"`
- PendingTime time.Time `json:"pendingTime"`
- ImageID string `json:"imageId"`
- KernelID string `json:"kernelId"`
- RamdiskID string `json:"ramdiskId"`
- Architecture string `json:"architecture"`
+ DevpayProductCodes []string `json:"devpayProductCodes"`
+ MarketplaceProductCodes []string `json:"marketplaceProductCodes"`
+ AvailabilityZone string `json:"availabilityZone"`
+ PrivateIP string `json:"privateIp"`
+ Version string `json:"version"`
+ Region string `json:"region"`
+ InstanceID string `json:"instanceId"`
+ BillingProducts []string `json:"billingProducts"`
+ InstanceType string `json:"instanceType"`
+ AccountID string `json:"accountId"`
+ PendingTime time.Time `json:"pendingTime"`
+ ImageID string `json:"imageId"`
+ KernelID string `json:"kernelId"`
+ RamdiskID string `json:"ramdiskId"`
+ Architecture string `json:"architecture"`
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
index f0c1d31e7..8f35b3464 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
@@ -5,6 +5,10 @@
// variable "AWS_EC2_METADATA_DISABLED=true". This environment variable set to
// true instructs the SDK to disable the EC2 Metadata client. The client cannot
// be used while the environment variable is set to true, (case insensitive).
+//
+// The endpoint of the EC2 IMDS client can be configured via the environment
+// variable, AWS_EC2_METADATA_SERVICE_ENDPOINT when creating the client with a
+// Session. See aws/session#Options.EC2IMDSEndpoint for more details.
package ec2metadata
import (
@@ -12,7 +16,9 @@ import (
"errors"
"io"
"net/http"
+ "net/url"
"os"
+ "strconv"
"strings"
"time"
@@ -24,9 +30,25 @@ import (
"github.com/aws/aws-sdk-go/aws/request"
)
-// ServiceName is the name of the service.
-const ServiceName = "ec2metadata"
-const disableServiceEnvVar = "AWS_EC2_METADATA_DISABLED"
+const (
+ // ServiceName is the name of the service.
+ ServiceName = "ec2metadata"
+ disableServiceEnvVar = "AWS_EC2_METADATA_DISABLED"
+
+ // Headers for Token and TTL
+ ttlHeader = "x-aws-ec2-metadata-token-ttl-seconds"
+ tokenHeader = "x-aws-ec2-metadata-token"
+
+ // Named Handler constants
+ fetchTokenHandlerName = "FetchTokenHandler"
+ unmarshalMetadataHandlerName = "unmarshalMetadataHandler"
+ unmarshalTokenHandlerName = "unmarshalTokenHandler"
+ enableTokenProviderHandlerName = "enableTokenProviderHandler"
+
+ // TTL constants
+ defaultTTL = 21600 * time.Second
+ ttlExpirationWindow = 30 * time.Second
+)
// A EC2Metadata is an EC2 Metadata service Client.
type EC2Metadata struct {
@@ -52,6 +74,9 @@ func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2Metadata {
// a client when not using a session. Generally using just New with a session
// is preferred.
//
+// Will remove the URL path from the endpoint provided to ensure the EC2 IMDS
+// client is able to communicate with the EC2 IMDS API.
+//
// If an unmodified HTTP client is provided from the stdlib default, or no client
// the EC2RoleProvider's EC2Metadata HTTP client's timeout will be shortened.
// To disable this set Config.EC2MetadataDisableTimeoutOverride to false. Enabled by default.
@@ -63,8 +88,19 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
// use a shorter timeout than default because the metadata
// service is local if it is running, and to fail faster
// if not running on an ec2 instance.
- Timeout: 5 * time.Second,
+ Timeout: 1 * time.Second,
}
+ // max number of retries on the client operation
+ cfg.MaxRetries = aws.Int(2)
+ }
+
+ if u, err := url.Parse(endpoint); err == nil {
+ // Remove path from the endpoint since it will be added by requests.
+ // This is an artifact of the SDK adding `/latest` to the endpoint for
+ // EC2 IMDS, but this is now moved to the operation definition.
+ u.Path = ""
+ u.RawPath = ""
+ endpoint = u.String()
}
svc := &EC2Metadata{
@@ -80,13 +116,27 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
),
}
- svc.Handlers.Unmarshal.PushBack(unmarshalHandler)
+ // token provider instance
+ tp := newTokenProvider(svc, defaultTTL)
+
+ // NamedHandler for fetching token
+ svc.Handlers.Sign.PushBackNamed(request.NamedHandler{
+ Name: fetchTokenHandlerName,
+ Fn: tp.fetchTokenHandler,
+ })
+ // NamedHandler for enabling token provider
+ svc.Handlers.Complete.PushBackNamed(request.NamedHandler{
+ Name: enableTokenProviderHandlerName,
+ Fn: tp.enableTokenProviderHandler,
+ })
+
+ svc.Handlers.Unmarshal.PushBackNamed(unmarshalHandler)
svc.Handlers.UnmarshalError.PushBack(unmarshalError)
svc.Handlers.Validate.Clear()
svc.Handlers.Validate.PushBack(validateEndpointHandler)
// Disable the EC2 Metadata service if the environment variable is set.
- // This shortcirctes the service's functionality to always fail to send
+ // This short-circuits the service's functionality to always fail to send
// requests.
if strings.ToLower(os.Getenv(disableServiceEnvVar)) == "true" {
svc.Handlers.Send.SwapNamed(request.NamedHandler{
@@ -107,7 +157,6 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
for _, option := range opts {
option(svc.Client)
}
-
return svc
}
@@ -119,30 +168,74 @@ type metadataOutput struct {
Content string
}
-func unmarshalHandler(r *request.Request) {
- defer r.HTTPResponse.Body.Close()
- b := &bytes.Buffer{}
- if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata respose", err)
- return
- }
+type tokenOutput struct {
+ Token string
+ TTL time.Duration
+}
- if data, ok := r.Data.(*metadataOutput); ok {
- data.Content = b.String()
- }
+// unmarshal token handler is used to parse the response of a getToken operation
+var unmarshalTokenHandler = request.NamedHandler{
+ Name: unmarshalTokenHandlerName,
+ Fn: func(r *request.Request) {
+ defer r.HTTPResponse.Body.Close()
+ var b bytes.Buffer
+ if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+ r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
+ "unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
+ return
+ }
+
+ v := r.HTTPResponse.Header.Get(ttlHeader)
+ data, ok := r.Data.(*tokenOutput)
+ if !ok {
+ return
+ }
+
+ data.Token = b.String()
+ // TTL is in seconds
+ i, err := strconv.ParseInt(v, 10, 64)
+ if err != nil {
+ r.Error = awserr.NewRequestFailure(awserr.New(request.ParamFormatErrCode,
+ "unable to parse EC2 token TTL response", err), r.HTTPResponse.StatusCode, r.RequestID)
+ return
+ }
+ t := time.Duration(i) * time.Second
+ data.TTL = t
+ },
+}
+
+var unmarshalHandler = request.NamedHandler{
+ Name: unmarshalMetadataHandlerName,
+ Fn: func(r *request.Request) {
+ defer r.HTTPResponse.Body.Close()
+ var b bytes.Buffer
+ if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+ r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
+ "unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
+ return
+ }
+
+ if data, ok := r.Data.(*metadataOutput); ok {
+ data.Content = b.String()
+ }
+ },
}
func unmarshalError(r *request.Request) {
defer r.HTTPResponse.Body.Close()
- b := &bytes.Buffer{}
- if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error respose", err)
+ var b bytes.Buffer
+
+ if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+ r.Error = awserr.NewRequestFailure(
+ awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error response", err),
+ r.HTTPResponse.StatusCode, r.RequestID)
return
}
// Response body format is not consistent between metadata endpoints.
// Grab the error message as a string and include that as the source error
- r.Error = awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String()))
+ r.Error = awserr.NewRequestFailure(awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String())),
+ r.HTTPResponse.StatusCode, r.RequestID)
}
func validateEndpointHandler(r *request.Request) {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
new file mode 100644
index 000000000..4b29f190b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
@@ -0,0 +1,93 @@
+package ec2metadata
+
+import (
+ "net/http"
+ "sync/atomic"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// A tokenProvider struct provides access to EC2Metadata client
+// and atomic instance of a token, along with configuredTTL for it.
+// tokenProvider also provides an atomic flag to disable the
+// fetch token operation.
+// The disabled member will use 0 as false, and 1 as true.
+type tokenProvider struct {
+ client *EC2Metadata
+ token atomic.Value
+ configuredTTL time.Duration
+ disabled uint32
+}
+
+// A ec2Token struct helps use of token in EC2 Metadata service ops
+type ec2Token struct {
+ token string
+ credentials.Expiry
+}
+
+// newTokenProvider provides a pointer to a tokenProvider instance
+func newTokenProvider(c *EC2Metadata, duration time.Duration) *tokenProvider {
+ return &tokenProvider{client: c, configuredTTL: duration}
+}
+
+// fetchTokenHandler fetches token for EC2Metadata service client by default.
+func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
+
+ // short-circuits to insecure data flow if tokenProvider is disabled.
+ if v := atomic.LoadUint32(&t.disabled); v == 1 {
+ return
+ }
+
+ if ec2Token, ok := t.token.Load().(ec2Token); ok && !ec2Token.IsExpired() {
+ r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
+ return
+ }
+
+ output, err := t.client.getToken(r.Context(), t.configuredTTL)
+
+ if err != nil {
+
+ // change the disabled flag on token provider to true,
+ // when error is request timeout error.
+ if requestFailureError, ok := err.(awserr.RequestFailure); ok {
+ switch requestFailureError.StatusCode() {
+ case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
+ atomic.StoreUint32(&t.disabled, 1)
+ case http.StatusBadRequest:
+ r.Error = requestFailureError
+ }
+
+ // Check if request timed out while waiting for response
+ if e, ok := requestFailureError.OrigErr().(awserr.Error); ok {
+ if e.Code() == request.ErrCodeRequestError {
+ atomic.StoreUint32(&t.disabled, 1)
+ }
+ }
+ }
+ return
+ }
+
+ newToken := ec2Token{
+ token: output.Token,
+ }
+ newToken.SetExpiration(time.Now().Add(output.TTL), ttlExpirationWindow)
+ t.token.Store(newToken)
+
+ // Inject token header to the request.
+ if ec2Token, ok := t.token.Load().(ec2Token); ok {
+ r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
+ }
+}
+
+// enableTokenProviderHandler enables the token provider
+func (t *tokenProvider) enableTokenProviderHandler(r *request.Request) {
+ // If the error code status is 401, we enable the token provider
+ if e, ok := r.Error.(awserr.RequestFailure); ok && e != nil &&
+ e.StatusCode() == http.StatusUnauthorized {
+ t.token.Store(ec2Token{})
+ atomic.StoreUint32(&t.disabled, 0)
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
index 87b9ff3ff..654fb1ad5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
@@ -83,6 +83,7 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
p := &ps[i]
custAddEC2Metadata(p)
custAddS3DualStack(p)
+ custRegionalS3(p)
custRmIotDataService(p)
custFixAppAutoscalingChina(p)
custFixAppAutoscalingUsGov(p)
@@ -92,7 +93,7 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
}
func custAddS3DualStack(p *partition) {
- if p.ID != "aws" {
+ if !(p.ID == "aws" || p.ID == "aws-cn" || p.ID == "aws-us-gov") {
return
}
@@ -100,6 +101,33 @@ func custAddS3DualStack(p *partition) {
custAddDualstack(p, "s3-control")
}
+func custRegionalS3(p *partition) {
+ if p.ID != "aws" {
+ return
+ }
+
+ service, ok := p.Services["s3"]
+ if !ok {
+ return
+ }
+
+ // If global endpoint already exists no customization needed.
+ if _, ok := service.Endpoints["aws-global"]; ok {
+ return
+ }
+
+ service.PartitionEndpoint = "aws-global"
+ service.Endpoints["us-east-1"] = endpoint{}
+ service.Endpoints["aws-global"] = endpoint{
+ Hostname: "s3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ }
+
+ p.Services["s3"] = service
+}
+
func custAddDualstack(p *partition, svcName string) {
s, ok := p.Services[svcName]
if !ok {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index e315e7bdf..7ea175ecd 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -11,10 +11,13 @@ const (
AwsPartitionID = "aws" // AWS Standard partition.
AwsCnPartitionID = "aws-cn" // AWS China partition.
AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition.
+ AwsIsoPartitionID = "aws-iso" // AWS ISO (US) partition.
+ AwsIsoBPartitionID = "aws-iso-b" // AWS ISOB (US) partition.
)
// AWS Standard partition's regions.
const (
+ AfSouth1RegionID = "af-south-1" // Africa (Cape Town).
ApEast1RegionID = "ap-east-1" // Asia Pacific (Hong Kong).
ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo).
ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul).
@@ -22,11 +25,13 @@ const (
ApSoutheast1RegionID = "ap-southeast-1" // Asia Pacific (Singapore).
ApSoutheast2RegionID = "ap-southeast-2" // Asia Pacific (Sydney).
CaCentral1RegionID = "ca-central-1" // Canada (Central).
- EuCentral1RegionID = "eu-central-1" // EU (Frankfurt).
- EuNorth1RegionID = "eu-north-1" // EU (Stockholm).
- EuWest1RegionID = "eu-west-1" // EU (Ireland).
- EuWest2RegionID = "eu-west-2" // EU (London).
- EuWest3RegionID = "eu-west-3" // EU (Paris).
+ EuCentral1RegionID = "eu-central-1" // Europe (Frankfurt).
+ EuNorth1RegionID = "eu-north-1" // Europe (Stockholm).
+ EuSouth1RegionID = "eu-south-1" // Europe (Milan).
+ EuWest1RegionID = "eu-west-1" // Europe (Ireland).
+ EuWest2RegionID = "eu-west-2" // Europe (London).
+ EuWest3RegionID = "eu-west-3" // Europe (Paris).
+ MeSouth1RegionID = "me-south-1" // Middle East (Bahrain).
SaEast1RegionID = "sa-east-1" // South America (Sao Paulo).
UsEast1RegionID = "us-east-1" // US East (N. Virginia).
UsEast2RegionID = "us-east-2" // US East (Ohio).
@@ -43,11 +48,21 @@ const (
// AWS GovCloud (US) partition's regions.
const (
UsGovEast1RegionID = "us-gov-east-1" // AWS GovCloud (US-East).
- UsGovWest1RegionID = "us-gov-west-1" // AWS GovCloud (US).
+ UsGovWest1RegionID = "us-gov-west-1" // AWS GovCloud (US-West).
+)
+
+// AWS ISO (US) partition's regions.
+const (
+ UsIsoEast1RegionID = "us-iso-east-1" // US ISO East.
+)
+
+// AWS ISOB (US) partition's regions.
+const (
+ UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio).
)
// DefaultResolver returns an Endpoint resolver that will be able
-// to resolve endpoints for: AWS Standard, AWS China, and AWS GovCloud (US).
+// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US).
//
// Use DefaultPartitions() to get the list of the default partitions.
func DefaultResolver() Resolver {
@@ -55,7 +70,7 @@ func DefaultResolver() Resolver {
}
// DefaultPartitions returns a list of the partitions the SDK is bundled
-// with. The available partitions are: AWS Standard, AWS China, and AWS GovCloud (US).
+// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US).
//
// partitions := endpoints.DefaultPartitions
// for _, p := range partitions {
@@ -69,6 +84,8 @@ var defaultPartitions = partitions{
awsPartition,
awscnPartition,
awsusgovPartition,
+ awsisoPartition,
+ awsisobPartition,
}
// AwsPartition returns the Resolver for AWS Standard.
@@ -82,7 +99,7 @@ var awsPartition = partition{
DNSSuffix: "amazonaws.com",
RegionRegex: regionRegex{
Regexp: func() *regexp.Regexp {
- reg, _ := regexp.Compile("^(us|eu|ap|sa|ca)\\-\\w+\\-\\d+$")
+ reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$")
return reg
}(),
},
@@ -92,6 +109,9 @@ var awsPartition = partition{
SignatureVersions: []string{"v4"},
},
Regions: regions{
+ "af-south-1": region{
+ Description: "Africa (Cape Town)",
+ },
"ap-east-1": region{
Description: "Asia Pacific (Hong Kong)",
},
@@ -114,19 +134,25 @@ var awsPartition = partition{
Description: "Canada (Central)",
},
"eu-central-1": region{
- Description: "EU (Frankfurt)",
+ Description: "Europe (Frankfurt)",
},
"eu-north-1": region{
- Description: "EU (Stockholm)",
+ Description: "Europe (Stockholm)",
+ },
+ "eu-south-1": region{
+ Description: "Europe (Milan)",
},
"eu-west-1": region{
- Description: "EU (Ireland)",
+ Description: "Europe (Ireland)",
},
"eu-west-2": region{
- Description: "EU (London)",
+ Description: "Europe (London)",
},
"eu-west-3": region{
- Description: "EU (Paris)",
+ Description: "Europe (Paris)",
+ },
+ "me-south-1": region{
+ Description: "Middle East (Bahrain)",
},
"sa-east-1": region{
Description: "South America (Sao Paulo)",
@@ -151,9 +177,122 @@ var awsPartition = partition{
"us-east-1": endpoint{},
},
},
+ "access-analyzer": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "access-analyzer-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "access-analyzer-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "access-analyzer-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "access-analyzer-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "access-analyzer-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
"acm": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "ca-central-1-fips": endpoint{
+ Hostname: "acm-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "acm-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "acm-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "acm-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "acm-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "acm-pca": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -163,21 +302,69 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "acm-pca-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "acm-pca-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "acm-pca-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "acm-pca-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "acm-pca-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "airflow": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "acm-pca": service{
+ "api.detective": service{
Defaults: endpoint{
Protocols: []string{"https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -186,9 +373,12 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -198,6 +388,12 @@ var awsPartition = partition{
"api.ecr": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{
+ Hostname: "api.ecr.af-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "af-south-1",
+ },
+ },
"ap-east-1": endpoint{
Hostname: "api.ecr.ap-east-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -252,6 +448,12 @@ var awsPartition = partition{
Region: "eu-north-1",
},
},
+ "eu-south-1": endpoint{
+ Hostname: "api.ecr.eu-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-south-1",
+ },
+ },
"eu-west-1": endpoint{
Hostname: "api.ecr.eu-west-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -270,6 +472,60 @@ var awsPartition = partition{
Region: "eu-west-3",
},
},
+ "fips-dkr-us-east-1": endpoint{
+ Hostname: "ecr-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-dkr-us-east-2": endpoint{
+ Hostname: "ecr-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-dkr-us-west-1": endpoint{
+ Hostname: "ecr-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-dkr-us-west-2": endpoint{
+ Hostname: "ecr-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "ecr-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ecr-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ecr-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ecr-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{
+ Hostname: "api.ecr.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
"sa-east-1": endpoint{
Hostname: "api.ecr.sa-east-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -302,12 +558,36 @@ var awsPartition = partition{
},
},
},
+ "api.elastic-inference": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{
+ Hostname: "api.elastic-inference.ap-northeast-1.amazonaws.com",
+ },
+ "ap-northeast-2": endpoint{
+ Hostname: "api.elastic-inference.ap-northeast-2.amazonaws.com",
+ },
+ "eu-west-1": endpoint{
+ Hostname: "api.elastic-inference.eu-west-1.amazonaws.com",
+ },
+ "us-east-1": endpoint{
+ Hostname: "api.elastic-inference.us-east-1.amazonaws.com",
+ },
+ "us-east-2": endpoint{
+ Hostname: "api.elastic-inference.us-east-2.amazonaws.com",
+ },
+ "us-west-2": endpoint{
+ Hostname: "api.elastic-inference.us-west-2.amazonaws.com",
+ },
+ },
+ },
"api.mediatailor": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"us-east-1": endpoint{},
"us-west-2": endpoint{},
@@ -327,6 +607,8 @@ var awsPartition = partition{
"api.sagemaker": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -334,8 +616,13 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com",
@@ -369,6 +656,7 @@ var awsPartition = partition{
"apigateway": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -378,6 +666,40 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "app-integrations": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "appflow": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -390,13 +712,10 @@ var awsPartition = partition{
},
"application-autoscaling": service{
Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com",
Protocols: []string{"http", "https"},
- CredentialScope: credentialScope{
- Service: "application-autoscaling",
- },
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -406,9 +725,11 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -419,6 +740,7 @@ var awsPartition = partition{
"appmesh": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -426,8 +748,13 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -444,33 +771,50 @@ var awsPartition = partition{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips": endpoint{
+ Hostname: "appstream2-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"appsync": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
"athena": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -478,11 +822,41 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "athena-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "athena-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "athena-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "athena-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"autoscaling": service{
@@ -490,6 +864,7 @@ var awsPartition = partition{
Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -499,9 +874,11 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -511,13 +888,11 @@ var awsPartition = partition{
},
"autoscaling-plans": service{
Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com",
Protocols: []string{"http", "https"},
- CredentialScope: credentialScope{
- Service: "autoscaling-plans",
- },
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -525,17 +900,24 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "batch": service{
+ "backup": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -544,9 +926,11 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -554,6 +938,54 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
+ "batch": service{
+
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "fips.batch.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "fips.batch.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "fips.batch.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "fips.batch.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
"budgets": service{
PartitionEndpoint: "aws-global",
IsRegionalized: boxedFalse,
@@ -584,12 +1016,11 @@ var awsPartition = partition{
PartitionEndpoint: "aws-global",
IsRegionalized: boxedFalse,
Defaults: endpoint{
- SSLCommonName: "service.chime.aws.amazon.com",
- Protocols: []string{"https"},
+ Protocols: []string{"https"},
},
Endpoints: endpoints{
"aws-global": endpoint{
- Hostname: "service.chime.aws.amazon.com",
+ Hostname: "chime.us-east-1.amazonaws.com",
Protocols: []string{"https"},
CredentialScope: credentialScope{
Region: "us-east-1",
@@ -600,12 +1031,24 @@ var awsPartition = partition{
"cloud9": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
@@ -626,6 +1069,7 @@ var awsPartition = partition{
"cloudformation": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -635,14 +1079,40 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "cloudformation-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "cloudformation-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "cloudformation-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "cloudformation-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
},
},
"cloudfront": service{
@@ -681,6 +1151,7 @@ var awsPartition = partition{
},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -690,9 +1161,12 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -717,6 +1191,7 @@ var awsPartition = partition{
"cloudtrail": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -726,19 +1201,62 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "cloudtrail-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "cloudtrail-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "cloudtrail-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "cloudtrail-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "codeartifact": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
"codebuild": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -747,9 +1265,11 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
@@ -784,6 +1304,7 @@ var awsPartition = partition{
"codecommit": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -791,6 +1312,8 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -800,16 +1323,18 @@ var awsPartition = partition{
Region: "ca-central-1",
},
},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"codedeploy": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -819,9 +1344,11 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
@@ -853,61 +1380,92 @@ var awsPartition = partition{
},
},
},
- "codepipeline": service{
+ "codeguru-reviewer": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "codestar": service{
+ "codepipeline": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "codepipeline-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "codepipeline-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "codepipeline-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "codepipeline-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "codepipeline-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "cognito-identity": service{
+ "codestar": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "cognito-idp": service{
+ "codestar-connections": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
@@ -917,14 +1475,18 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "cognito-sync": service{
+ "cognito-identity": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
@@ -932,35 +1494,85 @@ var awsPartition = partition{
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "cognito-identity-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "cognito-identity-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "cognito-identity-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "comprehend": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
+ "cognito-idp": service{
+
Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "cognito-idp-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "cognito-idp-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "cognito-idp-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "comprehendmedical": service{
+ "cognito-sync": service{
Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"us-east-1": endpoint{},
@@ -968,10 +1580,11 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "config": service{
-
+ "comprehend": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
Endpoints: endpoints{
- "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -979,113 +1592,180 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "comprehend-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "comprehend-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "comprehend-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "cur": service{
+ "comprehendmedical": service{
Endpoints: endpoints{
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "comprehendmedical-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "comprehendmedical-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "comprehendmedical-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
"us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "data.mediastore": service{
+ "config": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "config-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "config-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "config-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "config-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "datapipeline": service{
+ "connect": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "eu-west-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "datasync": service{
+ "contact-lens": service{
Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "dax": service{
+ "cur": service{
+
+ Endpoints: endpoints{
+ "us-east-1": endpoint{},
+ },
+ },
+ "data.mediastore": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
- "sa-east-1": endpoint{},
+ "eu-west-2": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "devicefarm": service{
-
- Endpoints: endpoints{
- "us-west-2": endpoint{},
- },
- },
- "directconnect": service{
+ "dataexchange": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "discovery": service{
+ "datapipeline": service{
Endpoints: endpoints{
- "us-west-2": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "dms": service{
+ "datasync": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1095,75 +1775,59 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "docdb": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{
- Hostname: "rds.ap-northeast-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "ap-northeast-1",
- },
- },
- "ap-northeast-2": endpoint{
- Hostname: "rds.ap-northeast-2.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "ap-northeast-2",
- },
- },
- "eu-central-1": endpoint{
- Hostname: "rds.eu-central-1.amazonaws.com",
+ "fips-ca-central-1": endpoint{
+ Hostname: "datasync-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "eu-central-1",
+ Region: "ca-central-1",
},
},
- "eu-west-1": endpoint{
- Hostname: "rds.eu-west-1.amazonaws.com",
+ "fips-us-east-1": endpoint{
+ Hostname: "datasync-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "eu-west-1",
+ Region: "us-east-1",
},
},
- "us-east-1": endpoint{
- Hostname: "rds.us-east-1.amazonaws.com",
+ "fips-us-east-2": endpoint{
+ Hostname: "datasync-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
- Region: "us-east-1",
+ Region: "us-east-2",
},
},
- "us-east-2": endpoint{
- Hostname: "rds.us-east-2.amazonaws.com",
+ "fips-us-west-1": endpoint{
+ Hostname: "datasync-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "us-east-2",
+ Region: "us-west-1",
},
},
- "us-west-2": endpoint{
- Hostname: "rds.us-west-2.amazonaws.com",
+ "fips-us-west-2": endpoint{
+ Hostname: "datasync-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "ds": service{
+ "dax": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -1171,11 +1835,16 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "dynamodb": service{
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
+ "devicefarm": service{
+
+ Endpoints: endpoints{
+ "us-west-2": endpoint{},
},
+ },
+ "directconnect": service{
+
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1185,28 +1854,58 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "local": endpoint{
- Hostname: "localhost:8000",
- Protocols: []string{"http"},
+ "fips-us-east-1": endpoint{
+ Hostname: "directconnect-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-2": endpoint{
+ Hostname: "directconnect-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "directconnect-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "directconnect-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "ec2": service{
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
+ "discovery": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
+ },
+ "dms": service{
+
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1214,32 +1913,119 @@ var awsPartition = partition{
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "dms-fips": endpoint{
+ Hostname: "dms-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "ec2metadata": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
+ "docdb": service{
Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "169.254.169.254/latest",
- Protocols: []string{"http"},
+ "ap-northeast-1": endpoint{
+ Hostname: "rds.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "ap-northeast-2": endpoint{
+ Hostname: "rds.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "ap-south-1": endpoint{
+ Hostname: "rds.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "ap-southeast-1": endpoint{
+ Hostname: "rds.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "rds.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "ca-central-1": endpoint{
+ Hostname: "rds.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{
+ Hostname: "rds.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "eu-west-1": endpoint{
+ Hostname: "rds.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "eu-west-2": endpoint{
+ Hostname: "rds.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "eu-west-3": endpoint{
+ Hostname: "rds.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "sa-east-1": endpoint{
+ Hostname: "rds.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "rds.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{
+ Hostname: "rds.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-2": endpoint{
+ Hostname: "rds.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
},
},
},
- "ecs": service{
+ "ds": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1249,19 +2035,54 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "ds-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "ds-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ds-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ds-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ds-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "elasticache": service{
-
+ "dynamodb": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1269,27 +2090,61 @@ var awsPartition = partition{
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "fips": endpoint{
- Hostname: "elasticache-fips.us-west-1.amazonaws.com",
+ "ca-central-1-fips": endpoint{
+ Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "us-west-1",
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "local": endpoint{
+ Hostname: "localhost:8000",
+ Protocols: []string{"http"},
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
},
},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
"us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
"us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
"us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
},
},
- "elasticbeanstalk": service{
+ "ebs": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1299,38 +2154,54 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "elasticfilesystem": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "ebs-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "ebs-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ebs-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ebs-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ebs-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "elasticloadbalancing": service{
+ "ec2": service{
Defaults: endpoint{
- Protocols: []string{"https"},
+ Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1340,82 +2211,63 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "elasticmapreduce": service{
- Defaults: endpoint{
- SSLCommonName: "{region}.{service}.{dnsSuffix}",
- Protocols: []string{"https"},
- },
- Endpoints: endpoints{
- "ap-east-1": endpoint{},
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{
- SSLCommonName: "{service}.{region}.{dnsSuffix}",
+ "fips-ca-central-1": endpoint{
+ Hostname: "ec2-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{
- SSLCommonName: "{service}.{region}.{dnsSuffix}",
+ "fips-us-east-1": endpoint{
+ Hostname: "ec2-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "elastictranscoder": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-2": endpoint{
+ Hostname: "ec2-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ec2-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ec2-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "email": service{
+ "ec2metadata": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
Endpoints: endpoints{
- "ap-south-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "entitlement.marketplace": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "aws-marketplace",
+ "aws-global": endpoint{
+ Hostname: "169.254.169.254/latest",
+ Protocols: []string{"http"},
},
},
- Endpoints: endpoints{
- "us-east-1": endpoint{},
- },
},
- "es": service{
+ "ecs": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1425,25 +2277,48 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "fips": endpoint{
- Hostname: "es-fips.us-west-1.amazonaws.com",
+ "fips-us-east-1": endpoint{
+ Hostname: "ecs-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ecs-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ecs-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-west-2": endpoint{
+ Hostname: "ecs-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "events": service{
-
+ "eks": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1453,19 +2328,47 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "fips.eks.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "fips.eks.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "fips.eks.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "fips.eks.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "firehose": service{
+ "elasticache": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -1474,69 +2377,28 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "fms": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "fsx": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "fips": endpoint{
+ Hostname: "elasticache-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "gamelift": service{
+ "elasticbeanstalk": service{
Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "glacier": service{
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
- },
- Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1546,19 +2408,47 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "elasticbeanstalk-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "elasticbeanstalk-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "elasticbeanstalk-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "elasticbeanstalk-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "glue": service{
+ "elasticfilesystem": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -1566,42 +2456,146 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "greengrass": service{
- IsRegionalized: boxedTrue,
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "groundstation": service{
-
- Endpoints: endpoints{
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "fips-af-south-1": endpoint{
+ Hostname: "elasticfilesystem-fips.af-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "af-south-1",
+ },
+ },
+ "fips-ap-east-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-east-1",
+ },
+ },
+ "fips-ap-northeast-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "fips-ap-northeast-2": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "fips-ap-south-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "fips-ap-southeast-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "fips-ap-southeast-2": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "fips-ca-central-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-eu-central-1": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "fips-eu-north-1": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-north-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-north-1",
+ },
+ },
+ "fips-eu-south-1": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-south-1",
+ },
+ },
+ "fips-eu-west-1": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "fips-eu-west-2": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "fips-eu-west-3": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-me-south-1": endpoint{
+ Hostname: "elasticfilesystem-fips.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
+ "fips-sa-east-1": endpoint{
+ Hostname: "elasticfilesystem-fips.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "elasticfilesystem-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "elasticfilesystem-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "elasticfilesystem-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "elasticfilesystem-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "guardduty": service{
- IsRegionalized: boxedTrue,
+ "elasticloadbalancing": service{
Defaults: endpoint{
Protocols: []string{"https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -1610,125 +2604,181 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "health": service{
-
- Endpoints: endpoints{
- "us-east-1": endpoint{},
+ "elasticmapreduce": service{
+ Defaults: endpoint{
+ SSLCommonName: "{region}.{service}.{dnsSuffix}",
+ Protocols: []string{"https"},
},
- },
- "iam": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
-
Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "iam.amazonaws.com",
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{
+ SSLCommonName: "{service}.{region}.{dnsSuffix}",
+ },
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "elasticmapreduce-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
- },
- },
- "importexport": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
-
- Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "importexport.amazonaws.com",
- SignatureVersions: []string{"v2", "v4"},
+ "fips-us-east-2": endpoint{
+ Hostname: "elasticmapreduce-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
- Region: "us-east-1",
- Service: "IngestionService",
+ Region: "us-east-2",
},
},
+ "fips-us-west-1": endpoint{
+ Hostname: "elasticmapreduce-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "elasticmapreduce-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{
+ SSLCommonName: "{service}.{region}.{dnsSuffix}",
+ },
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "inspector": service{
+ "elastictranscoder": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "iot": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "execute-api",
- },
- },
+ "email": service{
+
Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
- "iotanalytics": service{
+ "emr-containers": service{
Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "iotthingsgraph": service{
+ "entitlement.marketplace": service{
Defaults: endpoint{
CredentialScope: credentialScope{
- Service: "iotthingsgraph",
+ Service: "aws-marketplace",
},
},
Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
+ "us-east-1": endpoint{},
},
},
- "kafka": service{
+ "es": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips": endpoint{
+ Hostname: "es-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "kinesis": service{
+ "events": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1738,51 +2788,46 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "kinesisanalytics": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "kinesisvideo": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "events-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "events-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "events-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "events-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "kms": service{
+ "firehose": service{
Endpoints: endpoints{
- "ProdFips": endpoint{
- Hostname: "kms-fips.ca-central-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "ca-central-1",
- },
- },
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1792,19 +2837,48 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "firehose-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "firehose-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "firehose-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "firehose-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "lambda": service{
-
+ "fms": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1814,17 +2888,133 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-af-south-1": endpoint{
+ Hostname: "fms-fips.af-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "af-south-1",
+ },
+ },
+ "fips-ap-east-1": endpoint{
+ Hostname: "fms-fips.ap-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-east-1",
+ },
+ },
+ "fips-ap-northeast-1": endpoint{
+ Hostname: "fms-fips.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "fips-ap-northeast-2": endpoint{
+ Hostname: "fms-fips.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "fips-ap-south-1": endpoint{
+ Hostname: "fms-fips.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "fips-ap-southeast-1": endpoint{
+ Hostname: "fms-fips.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "fips-ap-southeast-2": endpoint{
+ Hostname: "fms-fips.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "fips-ca-central-1": endpoint{
+ Hostname: "fms-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-eu-central-1": endpoint{
+ Hostname: "fms-fips.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "fips-eu-south-1": endpoint{
+ Hostname: "fms-fips.eu-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-south-1",
+ },
+ },
+ "fips-eu-west-1": endpoint{
+ Hostname: "fms-fips.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "fips-eu-west-2": endpoint{
+ Hostname: "fms-fips.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "fips-eu-west-3": endpoint{
+ Hostname: "fms-fips.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-me-south-1": endpoint{
+ Hostname: "fms-fips.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
+ "fips-sa-east-1": endpoint{
+ Hostname: "fms-fips.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "fms-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "fms-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "fms-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "fms-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "license-manager": service{
+ "forecast": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
@@ -1832,20 +3022,14 @@ var awsPartition = partition{
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "lightsail": service{
+ "forecastquery": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
@@ -1853,17 +3037,14 @@ var awsPartition = partition{
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
- "logs": service{
+ "fsx": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
@@ -1878,27 +3059,44 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "machinelearning": service{
-
- Endpoints: endpoints{
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- },
- },
- "marketplacecommerceanalytics": service{
-
- Endpoints: endpoints{
+ "fips-prod-ca-central-1": endpoint{
+ Hostname: "fsx-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-prod-us-east-1": endpoint{
+ Hostname: "fsx-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-prod-us-east-2": endpoint{
+ Hostname: "fsx-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-prod-us-west-1": endpoint{
+ Hostname: "fsx-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-prod-us-west-2": endpoint{
+ Hostname: "fsx-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "mediaconnect": service{
+ "gamelift": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
@@ -1906,10 +3104,10 @@ var awsPartition = partition{
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -1917,9 +3115,13 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "mediaconvert": service{
-
+ "glacier": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -1927,68 +3129,148 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "medialive": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "glacier-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "glacier-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "glacier-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "glacier-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "glacier-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "mediapackage": service{
+ "glue": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "glue-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "glue-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "glue-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "glue-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "mediastore": service{
-
+ "greengrass": service{
+ IsRegionalized: boxedTrue,
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
"us-east-1": endpoint{},
+ "us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
- "metering.marketplace": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "aws-marketplace",
+ "groundstation": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "fips-us-east-2": endpoint{
+ Hostname: "groundstation-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "groundstation-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
},
+ "me-south-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "guardduty": service{
+ IsRegionalized: boxedTrue,
+ Defaults: endpoint{
+ Protocols: []string{"https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1998,43 +3280,165 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "guardduty-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "guardduty-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "guardduty-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "guardduty-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
},
},
- "mgh": service{
+ "health": service{
+
+ Endpoints: endpoints{
+ "fips-us-east-2": endpoint{
+ Hostname: "health-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ },
+ },
+ "healthlake": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "us-east-1": endpoint{},
+ },
+ },
+ "honeycode": service{
Endpoints: endpoints{
"us-west-2": endpoint{},
},
},
- "mobileanalytics": service{
+ "iam": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
Endpoints: endpoints{
- "us-east-1": endpoint{},
+ "aws-global": endpoint{
+ Hostname: "iam.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "iam-fips": endpoint{
+ Hostname: "iam-fips.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
},
},
- "models.lex": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "lex",
+ "identitystore": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "importexport": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-global": endpoint{
+ Hostname: "importexport.amazonaws.com",
+ SignatureVersions: []string{"v2", "v4"},
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ Service: "IngestionService",
+ },
},
},
+ },
+ "inspector": service{
+
Endpoints: endpoints{
- "eu-west-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "inspector-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "inspector-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "inspector-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "inspector-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
"us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "monitoring": service{
+ "iot": service{
Defaults: endpoint{
- Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Service: "execute-api",
+ },
},
Endpoints: endpoints{
"ap-east-1": endpoint{},
@@ -2049,6 +3453,7 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -2056,106 +3461,102 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "mq": service{
+ "iotanalytics": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "mturk-requester": service{
- IsRegionalized: boxedFalse,
+ "iotevents": service{
Endpoints: endpoints{
- "sandbox": endpoint{
- Hostname: "mturk-requester-sandbox.us-east-1.amazonaws.com",
- },
- "us-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "neptune": service{
+ "ioteventsdata": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{
- Hostname: "rds.ap-northeast-1.amazonaws.com",
+ Hostname: "data.iotevents.ap-northeast-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-northeast-1",
},
},
"ap-northeast-2": endpoint{
- Hostname: "rds.ap-northeast-2.amazonaws.com",
+ Hostname: "data.iotevents.ap-northeast-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-northeast-2",
},
},
- "ap-south-1": endpoint{
- Hostname: "rds.ap-south-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "ap-south-1",
- },
- },
"ap-southeast-1": endpoint{
- Hostname: "rds.ap-southeast-1.amazonaws.com",
+ Hostname: "data.iotevents.ap-southeast-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-southeast-1",
},
},
"ap-southeast-2": endpoint{
- Hostname: "rds.ap-southeast-2.amazonaws.com",
+ Hostname: "data.iotevents.ap-southeast-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-southeast-2",
},
},
"eu-central-1": endpoint{
- Hostname: "rds.eu-central-1.amazonaws.com",
+ Hostname: "data.iotevents.eu-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "eu-central-1",
},
},
"eu-west-1": endpoint{
- Hostname: "rds.eu-west-1.amazonaws.com",
+ Hostname: "data.iotevents.eu-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "eu-west-1",
},
},
"eu-west-2": endpoint{
- Hostname: "rds.eu-west-2.amazonaws.com",
+ Hostname: "data.iotevents.eu-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "eu-west-2",
},
},
"us-east-1": endpoint{
- Hostname: "rds.us-east-1.amazonaws.com",
+ Hostname: "data.iotevents.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
"us-east-2": endpoint{
- Hostname: "rds.us-east-2.amazonaws.com",
+ Hostname: "data.iotevents.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
"us-west-2": endpoint{
- Hostname: "rds.us-west-2.amazonaws.com",
+ Hostname: "data.iotevents.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
},
},
- "opsworks": service{
+ "iotsecuredtunneling": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -2163,9 +3564,11 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -2173,51 +3576,42 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "opsworks-cm": service{
-
+ "iotthingsgraph": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "iotthingsgraph",
+ },
+ },
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
- "ap-southeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
"ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "organizations": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
+ "iotwireless": service{
Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "organizations.us-east-1.amazonaws.com",
+ "eu-west-1": endpoint{
+ Hostname: "api.iotwireless.eu-west-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "us-east-1",
+ Region: "eu-west-1",
},
},
- },
- },
- "pinpoint": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "mobiletargeting",
+ "us-east-1": endpoint{
+ Hostname: "api.iotwireless.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
},
},
- Endpoints: endpoints{
- "ap-south-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
- },
},
- "polly": service{
+ "kafka": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -2226,9 +3620,11 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -2236,21 +3632,59 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "projects.iot1click": service{
+ "kinesis": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "kinesis-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "kinesis-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "kinesis-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "kinesis-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "ram": service{
+ "kinesisanalytics": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -2258,16 +3692,20 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "rds": service{
+ "kinesisvideo": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
@@ -2278,22 +3716,19 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"sa-east-1": endpoint{},
- "us-east-1": endpoint{
- SSLCommonName: "{service}.{dnsSuffix}",
- },
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "redshift": service{
+ "kms": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2303,9 +3738,11 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -2313,22 +3750,56 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "rekognition": service{
+ "lakeformation": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "lakeformation-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "lakeformation-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "lakeformation-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "lakeformation-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "resource-groups": service{
+ "lambda": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2338,48 +3809,93 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "lambda-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "lambda-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "lambda-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "lambda-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "robomaker": service{
+ "license-manager": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "route53": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
-
- Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "route53.amazonaws.com",
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "license-manager-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
+ "fips-us-east-2": endpoint{
+ Hostname: "license-manager-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "license-manager-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "license-manager-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "route53domains": service{
+ "lightsail": service{
- Endpoints: endpoints{
- "us-east-1": endpoint{},
- },
- },
- "route53resolver": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2393,25 +3909,14 @@ var awsPartition = partition{
"eu-west-3": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "runtime.lex": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "lex",
- },
- },
- Endpoints: endpoints{
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "runtime.sagemaker": service{
+ "logs": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -2419,247 +3924,86 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "s3": service{
- PartitionEndpoint: "us-east-1",
- IsRegionalized: boxedTrue,
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
- SignatureVersions: []string{"s3v4"},
-
- HasDualStack: boxedTrue,
- DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
- },
- Endpoints: endpoints{
- "ap-east-1": endpoint{},
- "ap-northeast-1": endpoint{
- Hostname: "s3.ap-northeast-1.amazonaws.com",
- SignatureVersions: []string{"s3", "s3v4"},
- },
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{
- Hostname: "s3.ap-southeast-1.amazonaws.com",
- SignatureVersions: []string{"s3", "s3v4"},
- },
- "ap-southeast-2": endpoint{
- Hostname: "s3.ap-southeast-2.amazonaws.com",
- SignatureVersions: []string{"s3", "s3v4"},
- },
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{
- Hostname: "s3.eu-west-1.amazonaws.com",
- SignatureVersions: []string{"s3", "s3v4"},
- },
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "s3-external-1": endpoint{
- Hostname: "s3-external-1.amazonaws.com",
- SignatureVersions: []string{"s3", "s3v4"},
- CredentialScope: credentialScope{
- Region: "us-east-1",
- },
- },
- "sa-east-1": endpoint{
- Hostname: "s3.sa-east-1.amazonaws.com",
- SignatureVersions: []string{"s3", "s3v4"},
- },
- "us-east-1": endpoint{
- Hostname: "s3.amazonaws.com",
- SignatureVersions: []string{"s3", "s3v4"},
- },
- "us-east-2": endpoint{},
- "us-west-1": endpoint{
- Hostname: "s3.us-west-1.amazonaws.com",
- SignatureVersions: []string{"s3", "s3v4"},
- },
- "us-west-2": endpoint{
- Hostname: "s3.us-west-2.amazonaws.com",
- SignatureVersions: []string{"s3", "s3v4"},
- },
- },
- },
- "s3-control": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- SignatureVersions: []string{"s3v4"},
-
- HasDualStack: boxedTrue,
- DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
- },
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{
- Hostname: "s3-control.ap-northeast-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "ap-northeast-1",
- },
- },
- "ap-northeast-2": endpoint{
- Hostname: "s3-control.ap-northeast-2.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "ap-northeast-2",
- },
- },
- "ap-south-1": endpoint{
- Hostname: "s3-control.ap-south-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "ap-south-1",
- },
- },
- "ap-southeast-1": endpoint{
- Hostname: "s3-control.ap-southeast-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "ap-southeast-1",
- },
- },
- "ap-southeast-2": endpoint{
- Hostname: "s3-control.ap-southeast-2.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "ap-southeast-2",
- },
- },
- "ca-central-1": endpoint{
- Hostname: "s3-control.ca-central-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "ca-central-1",
- },
- },
- "eu-central-1": endpoint{
- Hostname: "s3-control.eu-central-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "eu-central-1",
- },
- },
- "eu-north-1": endpoint{
- Hostname: "s3-control.eu-north-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "eu-north-1",
- },
- },
- "eu-west-1": endpoint{
- Hostname: "s3-control.eu-west-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "eu-west-1",
- },
- },
- "eu-west-2": endpoint{
- Hostname: "s3-control.eu-west-2.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "eu-west-2",
- },
- },
- "eu-west-3": endpoint{
- Hostname: "s3-control.eu-west-3.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "eu-west-3",
- },
- },
- "sa-east-1": endpoint{
- Hostname: "s3-control.sa-east-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "sa-east-1",
- },
- },
- "us-east-1": endpoint{
- Hostname: "s3-control.us-east-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "us-east-1",
- },
- },
- "us-east-1-fips": endpoint{
- Hostname: "s3-control-fips.us-east-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "logs-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
- "us-east-2": endpoint{
- Hostname: "s3-control.us-east-2.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "us-east-2",
- },
- },
- "us-east-2-fips": endpoint{
- Hostname: "s3-control-fips.us-east-2.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
+ "fips-us-east-2": endpoint{
+ Hostname: "logs-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
- "us-west-1": endpoint{
- Hostname: "s3-control.us-west-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "us-west-1",
- },
- },
- "us-west-1-fips": endpoint{
- Hostname: "s3-control-fips.us-west-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
+ "fips-us-west-1": endpoint{
+ Hostname: "logs-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
},
- "us-west-2": endpoint{
- Hostname: "s3-control.us-west-2.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "us-west-2",
- },
- },
- "us-west-2-fips": endpoint{
- Hostname: "s3-control-fips.us-west-2.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
+ "fips-us-west-2": endpoint{
+ Hostname: "logs-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "sdb": service{
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
- SignatureVersions: []string{"v2"},
- },
+ "lookoutvision": service{
+
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "eu-central-1": endpoint{},
"eu-west-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{
- Hostname: "sdb.amazonaws.com",
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "machinelearning": service{
+
+ Endpoints: endpoints{
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ },
+ },
+ "macie": service{
+
+ Endpoints: endpoints{
+ "fips-us-east-1": endpoint{
+ Hostname: "macie-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
},
- "us-west-1": endpoint{},
+ "fips-us-west-2": endpoint{
+ Hostname: "macie-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "secretsmanager": service{
+ "macie2": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -2668,50 +4012,70 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-1-fips": endpoint{
- Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
+ "fips-us-east-1": endpoint{
+ Hostname: "macie2-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
- "us-east-2": endpoint{},
- "us-east-2-fips": endpoint{
- Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
+ "fips-us-east-2": endpoint{
+ Hostname: "macie2-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
- "us-west-1": endpoint{},
- "us-west-1-fips": endpoint{
- Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
+ "fips-us-west-1": endpoint{
+ Hostname: "macie2-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
},
- "us-west-2": endpoint{},
- "us-west-2-fips": endpoint{
- Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
+ "fips-us-west-2": endpoint{
+ Hostname: "macie2-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "securityhub": service{
+ "managedblockchain": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ },
+ },
+ "marketplacecommerceanalytics": service{
+
+ Endpoints: endpoints{
+ "us-east-1": endpoint{},
+ },
+ },
+ "mediaconnect": service{
+
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -2722,62 +4086,58 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "serverlessrepo": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
+ "mediaconvert": service{
+
Endpoints: endpoints{
- "ap-northeast-1": endpoint{
- Protocols: []string{"https"},
- },
- "ap-northeast-2": endpoint{
- Protocols: []string{"https"},
- },
- "ap-south-1": endpoint{
- Protocols: []string{"https"},
- },
- "ap-southeast-1": endpoint{
- Protocols: []string{"https"},
- },
- "ap-southeast-2": endpoint{
- Protocols: []string{"https"},
- },
- "ca-central-1": endpoint{
- Protocols: []string{"https"},
- },
- "eu-central-1": endpoint{
- Protocols: []string{"https"},
- },
- "eu-north-1": endpoint{
- Protocols: []string{"https"},
- },
- "eu-west-1": endpoint{
- Protocols: []string{"https"},
- },
- "eu-west-2": endpoint{
- Protocols: []string{"https"},
- },
- "eu-west-3": endpoint{
- Protocols: []string{"https"},
- },
- "sa-east-1": endpoint{
- Protocols: []string{"https"},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "mediaconvert-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
},
- "us-east-1": endpoint{
- Protocols: []string{"https"},
+ "fips-us-east-1": endpoint{
+ Hostname: "mediaconvert-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
},
- "us-east-2": endpoint{
- Protocols: []string{"https"},
+ "fips-us-east-2": endpoint{
+ Hostname: "mediaconvert-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
},
- "us-west-1": endpoint{
- Protocols: []string{"https"},
+ "fips-us-west-1": endpoint{
+ Hostname: "mediaconvert-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
},
- "us-west-2": endpoint{
- Protocols: []string{"https"},
+ "fips-us-west-2": endpoint{
+ Hostname: "mediaconvert-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "servicecatalog": service{
+ "medialive": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
@@ -2785,44 +4145,36 @@ var awsPartition = partition{
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-1-fips": endpoint{
- Hostname: "servicecatalog-fips.us-east-1.amazonaws.com",
+ "fips-us-east-1": endpoint{
+ Hostname: "medialive-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
- "us-east-2": endpoint{},
- "us-east-2-fips": endpoint{
- Hostname: "servicecatalog-fips.us-east-2.amazonaws.com",
+ "fips-us-east-2": endpoint{
+ Hostname: "medialive-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
- "us-west-1": endpoint{},
- "us-west-1-fips": endpoint{
- Hostname: "servicecatalog-fips.us-west-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-west-1",
- },
- },
- "us-west-2": endpoint{},
- "us-west-2-fips": endpoint{
- Hostname: "servicecatalog-fips.us-west-2.amazonaws.com",
+ "fips-us-west-2": endpoint{
+ Hostname: "medialive-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "servicediscovery": service{
+ "mediapackage": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
@@ -2830,31 +4182,40 @@ var awsPartition = partition{
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "shield": service{
- IsRegionalized: boxedFalse,
- Defaults: endpoint{
- SSLCommonName: "shield.us-east-1.amazonaws.com",
- Protocols: []string{"https"},
- },
+ "mediastore": service{
+
Endpoints: endpoints{
- "us-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "sms": service{
-
+ "metering.marketplace": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "aws-marketplace",
+ },
+ },
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -2863,9 +4224,11 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -2873,55 +4236,47 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "snowball": service{
+ "mgh": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "sns": service{
+ "mobileanalytics": service{
+
+ Endpoints: endpoints{
+ "us-east-1": endpoint{},
+ },
+ },
+ "models.lex": service{
Defaults: endpoint{
- Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Service: "lex",
+ },
},
Endpoints: endpoints{
- "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "sqs": service{
+ "monitoring": service{
Defaults: endpoint{
- SSLCommonName: "{region}.queue.{dnsSuffix}",
- Protocols: []string{"http", "https"},
+ Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2931,43 +4286,43 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"fips-us-east-1": endpoint{
- Hostname: "sqs-fips.us-east-1.amazonaws.com",
+ Hostname: "monitoring-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
"fips-us-east-2": endpoint{
- Hostname: "sqs-fips.us-east-2.amazonaws.com",
+ Hostname: "monitoring-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
"fips-us-west-1": endpoint{
- Hostname: "sqs-fips.us-west-1.amazonaws.com",
+ Hostname: "monitoring-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
},
"fips-us-west-2": endpoint{
- Hostname: "sqs-fips.us-west-2.amazonaws.com",
+ Hostname: "monitoring-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{
- SSLCommonName: "queue.{dnsSuffix}",
- },
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "ssm": service{
+ "mq": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
@@ -2979,165 +4334,251 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "mq-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "mq-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "mq-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "mq-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "states": service{
+ "mturk-requester": service{
+ IsRegionalized: boxedFalse,
Endpoints: endpoints{
- "ap-east-1": endpoint{},
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "storagegateway": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "streams.dynamodb": service{
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
- CredentialScope: credentialScope{
- Service: "dynamodb",
- },
- },
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "local": endpoint{
- Hostname: "localhost:8000",
- Protocols: []string{"http"},
- CredentialScope: credentialScope{
- Region: "us-east-1",
- },
+ "sandbox": endpoint{
+ Hostname: "mturk-requester-sandbox.us-east-1.amazonaws.com",
},
- "sa-east-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
},
},
- "sts": service{
- PartitionEndpoint: "aws-global",
- Defaults: endpoint{
- Hostname: "sts.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-east-1",
- },
- },
+ "neptune": service{
+
Endpoints: endpoints{
"ap-east-1": endpoint{
- Hostname: "sts.ap-east-1.amazonaws.com",
+ Hostname: "rds.ap-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-east-1",
},
},
- "ap-northeast-1": endpoint{},
+ "ap-northeast-1": endpoint{
+ Hostname: "rds.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
"ap-northeast-2": endpoint{
- Hostname: "sts.ap-northeast-2.amazonaws.com",
+ Hostname: "rds.ap-northeast-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-northeast-2",
},
},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "aws-global": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-1-fips": endpoint{
- Hostname: "sts-fips.us-east-1.amazonaws.com",
+ "ap-south-1": endpoint{
+ Hostname: "rds.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "ap-southeast-1": endpoint{
+ Hostname: "rds.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "rds.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "ca-central-1": endpoint{
+ Hostname: "rds.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{
+ Hostname: "rds.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "eu-north-1": endpoint{
+ Hostname: "rds.eu-north-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-north-1",
+ },
+ },
+ "eu-west-1": endpoint{
+ Hostname: "rds.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "eu-west-2": endpoint{
+ Hostname: "rds.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "eu-west-3": endpoint{
+ Hostname: "rds.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "me-south-1": endpoint{
+ Hostname: "rds.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
+ "sa-east-1": endpoint{
+ Hostname: "rds.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "rds.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
- "us-east-2": endpoint{},
- "us-east-2-fips": endpoint{
- Hostname: "sts-fips.us-east-2.amazonaws.com",
+ "us-east-2": endpoint{
+ Hostname: "rds.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
- "us-west-1": endpoint{},
- "us-west-1-fips": endpoint{
- Hostname: "sts-fips.us-west-1.amazonaws.com",
+ "us-west-1": endpoint{
+ Hostname: "rds.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
},
- "us-west-2": endpoint{},
- "us-west-2-fips": endpoint{
- Hostname: "sts-fips.us-west-2.amazonaws.com",
+ "us-west-2": endpoint{
+ Hostname: "rds.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
},
},
- "support": service{
+ "oidc": service{
Endpoints: endpoints{
- "us-east-1": endpoint{},
+ "ap-northeast-1": endpoint{
+ Hostname: "oidc.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "ap-northeast-2": endpoint{
+ Hostname: "oidc.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "ap-south-1": endpoint{
+ Hostname: "oidc.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "ap-southeast-1": endpoint{
+ Hostname: "oidc.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "oidc.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "ca-central-1": endpoint{
+ Hostname: "oidc.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{
+ Hostname: "oidc.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "eu-north-1": endpoint{
+ Hostname: "oidc.eu-north-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-north-1",
+ },
+ },
+ "eu-west-1": endpoint{
+ Hostname: "oidc.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "eu-west-2": endpoint{
+ Hostname: "oidc.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "oidc.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{
+ Hostname: "oidc.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-2": endpoint{
+ Hostname: "oidc.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
},
},
- "swf": service{
+ "opsworks": service{
Endpoints: endpoints{
- "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -3145,7 +4586,6 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -3156,152 +4596,310 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
- "tagging": service{
+ "opsworks-cm": service{
Endpoints: endpoints{
- "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "transfer": service{
+ "organizations": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
+ "aws-global": endpoint{
+ Hostname: "organizations.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-aws-global": endpoint{
+ Hostname: "organizations-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ },
+ },
+ "outposts": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "outposts-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "outposts-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "outposts-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "outposts-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "outposts-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "translate": service{
+ "pinpoint": service{
Defaults: endpoint{
- Protocols: []string{"https"},
+ CredentialScope: credentialScope{
+ Service: "mobiletargeting",
+ },
},
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-1-fips": endpoint{
- Hostname: "translate-fips.us-east-1.amazonaws.com",
+ "eu-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "pinpoint-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
- "us-east-2": endpoint{},
- "us-east-2-fips": endpoint{
- Hostname: "translate-fips.us-east-2.amazonaws.com",
+ "fips-us-west-2": endpoint{
+ Hostname: "pinpoint-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "pinpoint.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-west-2": endpoint{
+ Hostname: "pinpoint.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "polly": service{
+
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "polly-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "polly-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
- "us-west-2": endpoint{},
- "us-west-2-fips": endpoint{
- Hostname: "translate-fips.us-west-2.amazonaws.com",
+ "fips-us-west-1": endpoint{
+ Hostname: "polly-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "polly-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "waf": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
+ "portal.sso": service{
Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "waf.amazonaws.com",
+ "ap-southeast-1": endpoint{
+ Hostname: "portal.sso.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "portal.sso.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "ca-central-1": endpoint{
+ Hostname: "portal.sso.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{
+ Hostname: "portal.sso.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "eu-west-1": endpoint{
+ Hostname: "portal.sso.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "eu-west-2": endpoint{
+ Hostname: "portal.sso.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "portal.sso.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
+ "us-east-2": endpoint{
+ Hostname: "portal.sso.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-2": endpoint{
+ Hostname: "portal.sso.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
},
},
- "waf-regional": service{
+ "profile": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "projects.iot1click": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "workdocs": service{
+ "qldb": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"us-east-1": endpoint{},
+ "us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
- "workmail": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
- Endpoints: endpoints{
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "workspaces": service{
+ "ram": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "xray": service{
+ "rds": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -3310,1122 +4908,5391 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "me-south-1": endpoint{},
+ "rds-fips.ca-central-1": endpoint{
+ Hostname: "rds-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "rds-fips.us-east-1": endpoint{
+ Hostname: "rds-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "rds-fips.us-east-2": endpoint{
+ Hostname: "rds-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "rds-fips.us-west-1": endpoint{
+ Hostname: "rds-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "rds-fips.us-west-2": endpoint{
+ Hostname: "rds-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{
+ SSLCommonName: "{service}.{dnsSuffix}",
+ },
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- },
-}
-
-// AwsCnPartition returns the Resolver for AWS China.
-func AwsCnPartition() Partition {
- return awscnPartition.Partition()
-}
+ "redshift": service{
-var awscnPartition = partition{
- ID: "aws-cn",
- Name: "AWS China",
- DNSSuffix: "amazonaws.com.cn",
- RegionRegex: regionRegex{
- Regexp: func() *regexp.Regexp {
- reg, _ := regexp.Compile("^cn\\-\\w+\\-\\d+$")
- return reg
- }(),
- },
- Defaults: endpoint{
- Hostname: "{service}.{region}.{dnsSuffix}",
- Protocols: []string{"https"},
- SignatureVersions: []string{"v4"},
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "redshift-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "redshift-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "redshift-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "redshift-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "redshift-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "rekognition": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "rekognition-fips.ca-central-1": endpoint{
+ Hostname: "rekognition-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "rekognition-fips.us-east-1": endpoint{
+ Hostname: "rekognition-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "rekognition-fips.us-east-2": endpoint{
+ Hostname: "rekognition-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "rekognition-fips.us-west-1": endpoint{
+ Hostname: "rekognition-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "rekognition-fips.us-west-2": endpoint{
+ Hostname: "rekognition-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "resource-groups": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "resource-groups-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "resource-groups-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "resource-groups-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "resource-groups-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "robomaker": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "route53": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-global": endpoint{
+ Hostname: "route53.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-aws-global": endpoint{
+ Hostname: "route53-fips.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ },
+ },
+ "route53domains": service{
+
+ Endpoints: endpoints{
+ "us-east-1": endpoint{},
+ },
+ },
+ "route53resolver": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "runtime.lex": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "lex",
+ },
+ },
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "runtime.sagemaker": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "s3": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedTrue,
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ SignatureVersions: []string{"s3v4"},
+
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
+ },
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{
+ Hostname: "s3.ap-northeast-1.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ },
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{
+ Hostname: "s3.ap-southeast-1.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "s3.ap-southeast-2.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ },
+ "aws-global": endpoint{
+ Hostname: "s3.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{
+ Hostname: "s3.eu-west-1.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ },
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "s3-external-1": endpoint{
+ Hostname: "s3-external-1.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "sa-east-1": endpoint{
+ Hostname: "s3.sa-east-1.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ },
+ "us-east-1": endpoint{
+ Hostname: "s3.us-east-1.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ },
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{
+ Hostname: "s3.us-west-1.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ },
+ "us-west-2": endpoint{
+ Hostname: "s3.us-west-2.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ },
+ },
+ },
+ "s3-control": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ SignatureVersions: []string{"s3v4"},
+
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
+ },
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{
+ Hostname: "s3-control.ap-northeast-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "ap-northeast-2": endpoint{
+ Hostname: "s3-control.ap-northeast-2.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "ap-south-1": endpoint{
+ Hostname: "s3-control.ap-south-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "ap-southeast-1": endpoint{
+ Hostname: "s3-control.ap-southeast-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "s3-control.ap-southeast-2.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "ca-central-1": endpoint{
+ Hostname: "s3-control.ca-central-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "ca-central-1-fips": endpoint{
+ Hostname: "s3-control-fips.ca-central-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{
+ Hostname: "s3-control.eu-central-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "eu-north-1": endpoint{
+ Hostname: "s3-control.eu-north-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "eu-north-1",
+ },
+ },
+ "eu-west-1": endpoint{
+ Hostname: "s3-control.eu-west-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "eu-west-2": endpoint{
+ Hostname: "s3-control.eu-west-2.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "eu-west-3": endpoint{
+ Hostname: "s3-control.eu-west-3.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "sa-east-1": endpoint{
+ Hostname: "s3-control.sa-east-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "s3-control.us-east-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-1-fips": endpoint{
+ Hostname: "s3-control-fips.us-east-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{
+ Hostname: "s3-control.us-east-2.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-east-2-fips": endpoint{
+ Hostname: "s3-control-fips.us-east-2.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{
+ Hostname: "s3-control.us-west-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-1-fips": endpoint{
+ Hostname: "s3-control-fips.us-west-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{
+ Hostname: "s3-control.us-west-2.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-west-2-fips": endpoint{
+ Hostname: "s3-control-fips.us-west-2.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "savingsplans": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-global": endpoint{
+ Hostname: "savingsplans.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ },
+ },
+ "schemas": service{
+
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "sdb": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ SignatureVersions: []string{"v2"},
+ },
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-west-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{
+ Hostname: "sdb.amazonaws.com",
+ },
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "secretsmanager": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "securityhub": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "securityhub-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "securityhub-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "securityhub-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "securityhub-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "serverlessrepo": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "ap-northeast-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "ap-northeast-2": endpoint{
+ Protocols: []string{"https"},
+ },
+ "ap-south-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "ap-southeast-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "ap-southeast-2": endpoint{
+ Protocols: []string{"https"},
+ },
+ "ca-central-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "eu-central-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "eu-north-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "eu-west-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "eu-west-2": endpoint{
+ Protocols: []string{"https"},
+ },
+ "eu-west-3": endpoint{
+ Protocols: []string{"https"},
+ },
+ "me-south-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "sa-east-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "us-east-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "us-east-2": endpoint{
+ Protocols: []string{"https"},
+ },
+ "us-west-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "us-west-2": endpoint{
+ Protocols: []string{"https"},
+ },
+ },
+ },
+ "servicecatalog": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "servicecatalog-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "servicecatalog-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "servicecatalog-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "servicecatalog-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "servicediscovery": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "servicediscovery-fips": endpoint{
+ Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "servicequotas": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "session.qldb": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "shield": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+ Defaults: endpoint{
+ SSLCommonName: "shield.us-east-1.amazonaws.com",
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "aws-global": endpoint{
+ Hostname: "shield.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-aws-global": endpoint{
+ Hostname: "shield-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ },
+ },
+ "sms": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "sms-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "sms-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "sms-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "sms-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "snowball": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ap-northeast-1": endpoint{
+ Hostname: "snowball-fips.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "fips-ap-northeast-2": endpoint{
+ Hostname: "snowball-fips.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "fips-ap-northeast-3": endpoint{
+ Hostname: "snowball-fips.ap-northeast-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-3",
+ },
+ },
+ "fips-ap-south-1": endpoint{
+ Hostname: "snowball-fips.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "fips-ap-southeast-1": endpoint{
+ Hostname: "snowball-fips.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "fips-ap-southeast-2": endpoint{
+ Hostname: "snowball-fips.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "fips-ca-central-1": endpoint{
+ Hostname: "snowball-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-eu-central-1": endpoint{
+ Hostname: "snowball-fips.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "fips-eu-west-1": endpoint{
+ Hostname: "snowball-fips.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "fips-eu-west-2": endpoint{
+ Hostname: "snowball-fips.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "fips-eu-west-3": endpoint{
+ Hostname: "snowball-fips.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-sa-east-1": endpoint{
+ Hostname: "snowball-fips.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "snowball-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "snowball-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "snowball-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "snowball-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "sns": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "sns-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "sns-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "sns-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "sns-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "sqs": service{
+ Defaults: endpoint{
+ SSLCommonName: "{region}.queue.{dnsSuffix}",
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "sqs-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "sqs-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "sqs-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "sqs-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{
+ SSLCommonName: "queue.{dnsSuffix}",
+ },
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "ssm": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "ssm-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "ssm-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ssm-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ssm-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ssm-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "states": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "states-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "states-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "states-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "states-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "storagegateway": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips": endpoint{
+ Hostname: "storagegateway-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "streams.dynamodb": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Service: "dynamodb",
+ },
+ },
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "ca-central-1-fips": endpoint{
+ Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "local": endpoint{
+ Hostname: "localhost:8000",
+ Protocols: []string{"http"},
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "sts": service{
+ PartitionEndpoint: "aws-global",
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "aws-global": endpoint{
+ Hostname: "sts.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "sts-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "sts-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "sts-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "sts-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "support": service{
+ PartitionEndpoint: "aws-global",
+
+ Endpoints: endpoints{
+ "aws-global": endpoint{
+ Hostname: "support.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ },
+ },
+ "swf": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "swf-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "swf-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "swf-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "swf-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "tagging": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "transcribe": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "fips.transcribe.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "fips.transcribe.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "fips.transcribe.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "fips.transcribe.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "transcribestreaming": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "transfer": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "transfer-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "transfer-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "transfer-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "transfer-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "transfer-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "translate": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "translate-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "translate-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "translate-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "waf": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-fips": endpoint{
+ Hostname: "waf-fips.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "aws-global": endpoint{
+ Hostname: "waf.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ },
+ },
+ "waf-regional": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{
+ Hostname: "waf-regional.af-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "af-south-1",
+ },
+ },
+ "ap-east-1": endpoint{
+ Hostname: "waf-regional.ap-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-east-1",
+ },
+ },
+ "ap-northeast-1": endpoint{
+ Hostname: "waf-regional.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "ap-northeast-2": endpoint{
+ Hostname: "waf-regional.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "ap-south-1": endpoint{
+ Hostname: "waf-regional.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "ap-southeast-1": endpoint{
+ Hostname: "waf-regional.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "waf-regional.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "ca-central-1": endpoint{
+ Hostname: "waf-regional.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{
+ Hostname: "waf-regional.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "eu-north-1": endpoint{
+ Hostname: "waf-regional.eu-north-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-north-1",
+ },
+ },
+ "eu-south-1": endpoint{
+ Hostname: "waf-regional.eu-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-south-1",
+ },
+ },
+ "eu-west-1": endpoint{
+ Hostname: "waf-regional.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "eu-west-2": endpoint{
+ Hostname: "waf-regional.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "eu-west-3": endpoint{
+ Hostname: "waf-regional.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-af-south-1": endpoint{
+ Hostname: "waf-regional-fips.af-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "af-south-1",
+ },
+ },
+ "fips-ap-east-1": endpoint{
+ Hostname: "waf-regional-fips.ap-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-east-1",
+ },
+ },
+ "fips-ap-northeast-1": endpoint{
+ Hostname: "waf-regional-fips.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "fips-ap-northeast-2": endpoint{
+ Hostname: "waf-regional-fips.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "fips-ap-south-1": endpoint{
+ Hostname: "waf-regional-fips.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "fips-ap-southeast-1": endpoint{
+ Hostname: "waf-regional-fips.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "fips-ap-southeast-2": endpoint{
+ Hostname: "waf-regional-fips.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "fips-ca-central-1": endpoint{
+ Hostname: "waf-regional-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-eu-central-1": endpoint{
+ Hostname: "waf-regional-fips.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "fips-eu-north-1": endpoint{
+ Hostname: "waf-regional-fips.eu-north-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-north-1",
+ },
+ },
+ "fips-eu-south-1": endpoint{
+ Hostname: "waf-regional-fips.eu-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-south-1",
+ },
+ },
+ "fips-eu-west-1": endpoint{
+ Hostname: "waf-regional-fips.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "fips-eu-west-2": endpoint{
+ Hostname: "waf-regional-fips.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "fips-eu-west-3": endpoint{
+ Hostname: "waf-regional-fips.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-me-south-1": endpoint{
+ Hostname: "waf-regional-fips.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
+ "fips-sa-east-1": endpoint{
+ Hostname: "waf-regional-fips.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "waf-regional-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "waf-regional-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "waf-regional-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "waf-regional-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{
+ Hostname: "waf-regional.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
+ "sa-east-1": endpoint{
+ Hostname: "waf-regional.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "waf-regional.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{
+ Hostname: "waf-regional.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{
+ Hostname: "waf-regional.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{
+ Hostname: "waf-regional.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "workdocs": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-west-1": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "workdocs-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "workdocs-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "workmail": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "workspaces": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "workspaces-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "workspaces-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "xray": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "xray-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "xray-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "xray-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "xray-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ },
+}
+
+// AwsCnPartition returns the Resolver for AWS China.
+func AwsCnPartition() Partition {
+ return awscnPartition.Partition()
+}
+
+var awscnPartition = partition{
+ ID: "aws-cn",
+ Name: "AWS China",
+ DNSSuffix: "amazonaws.com.cn",
+ RegionRegex: regionRegex{
+ Regexp: func() *regexp.Regexp {
+ reg, _ := regexp.Compile("^cn\\-\\w+\\-\\d+$")
+ return reg
+ }(),
+ },
+ Defaults: endpoint{
+ Hostname: "{service}.{region}.{dnsSuffix}",
+ Protocols: []string{"https"},
+ SignatureVersions: []string{"v4"},
+ },
+ Regions: regions{
+ "cn-north-1": region{
+ Description: "China (Beijing)",
+ },
+ "cn-northwest-1": region{
+ Description: "China (Ningxia)",
+ },
+ },
+ Services: services{
+ "access-analyzer": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "acm": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "api.ecr": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{
+ Hostname: "api.ecr.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ "cn-northwest-1": endpoint{
+ Hostname: "api.ecr.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "api.sagemaker": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "apigateway": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "application-autoscaling": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "appsync": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "athena": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "autoscaling": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "autoscaling-plans": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "backup": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "batch": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "budgets": service{
+ PartitionEndpoint: "aws-cn-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-cn-global": endpoint{
+ Hostname: "budgets.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "ce": service{
+ PartitionEndpoint: "aws-cn-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-cn-global": endpoint{
+ Hostname: "ce.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "cloudformation": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "cloudfront": service{
+ PartitionEndpoint: "aws-cn-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-cn-global": endpoint{
+ Hostname: "cloudfront.cn-northwest-1.amazonaws.com.cn",
+ Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "cloudtrail": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "codebuild": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "codecommit": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "codedeploy": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "cognito-identity": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ },
+ },
+ "config": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "cur": service{
+
+ Endpoints: endpoints{
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "dax": service{
+
+ Endpoints: endpoints{
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "directconnect": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "dms": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "docdb": service{
+
+ Endpoints: endpoints{
+ "cn-northwest-1": endpoint{
+ Hostname: "rds.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "ds": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "dynamodb": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "ebs": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "ec2": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "ec2metadata": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-global": endpoint{
+ Hostname: "169.254.169.254/latest",
+ Protocols: []string{"http"},
+ },
+ },
+ },
+ "ecs": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "eks": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "elasticache": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "elasticbeanstalk": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "elasticfilesystem": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ "fips-cn-north-1": endpoint{
+ Hostname: "elasticfilesystem-fips.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ "fips-cn-northwest-1": endpoint{
+ Hostname: "elasticfilesystem-fips.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "elasticloadbalancing": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "elasticmapreduce": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "es": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "events": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "firehose": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "fsx": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "gamelift": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ },
+ },
+ "glacier": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "glue": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "greengrass": service{
+ IsRegionalized: boxedTrue,
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ },
+ },
+ "health": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "iam": service{
+ PartitionEndpoint: "aws-cn-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-cn-global": endpoint{
+ Hostname: "iam.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ },
+ },
+ "iot": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "execute-api",
+ },
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "iotanalytics": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ },
+ },
+ "iotevents": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ },
+ },
+ "ioteventsdata": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{
+ Hostname: "data.iotevents.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ },
+ },
+ "iotsecuredtunneling": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "kafka": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "kinesis": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "kinesisanalytics": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "kms": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "lakeformation": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ },
+ },
+ "lambda": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "license-manager": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "logs": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "mediaconvert": service{
+
+ Endpoints: endpoints{
+ "cn-northwest-1": endpoint{
+ Hostname: "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "monitoring": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "neptune": service{
+
+ Endpoints: endpoints{
+ "cn-northwest-1": endpoint{
+ Hostname: "rds.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "organizations": service{
+ PartitionEndpoint: "aws-cn-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-cn-global": endpoint{
+ Hostname: "organizations.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "polly": service{
+
+ Endpoints: endpoints{
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "ram": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "rds": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "redshift": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "resource-groups": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "route53": service{
+ PartitionEndpoint: "aws-cn-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-cn-global": endpoint{
+ Hostname: "route53.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "runtime.sagemaker": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "s3": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ SignatureVersions: []string{"s3v4"},
+
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "s3-control": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ SignatureVersions: []string{"s3v4"},
+
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{
+ Hostname: "s3-control.cn-north-1.amazonaws.com.cn",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ "cn-northwest-1": endpoint{
+ Hostname: "s3-control.cn-northwest-1.amazonaws.com.cn",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "secretsmanager": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "securityhub": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "serverlessrepo": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "cn-northwest-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ },
+ },
+ "servicediscovery": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "sms": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "snowball": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ "fips-cn-north-1": endpoint{
+ Hostname: "snowball-fips.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ "fips-cn-northwest-1": endpoint{
+ Hostname: "snowball-fips.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "sns": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "sqs": service{
+ Defaults: endpoint{
+ SSLCommonName: "{region}.queue.{dnsSuffix}",
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "ssm": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "states": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "storagegateway": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "streams.dynamodb": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Service: "dynamodb",
+ },
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "sts": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "support": service{
+ PartitionEndpoint: "aws-cn-global",
+
+ Endpoints: endpoints{
+ "aws-cn-global": endpoint{
+ Hostname: "support.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ },
+ },
+ "swf": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "tagging": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "transcribe": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{
+ Hostname: "cn.transcribe.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ "cn-northwest-1": endpoint{
+ Hostname: "cn.transcribe.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "workspaces": service{
+
+ Endpoints: endpoints{
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "xray": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ },
+}
+
+// AwsUsGovPartition returns the Resolver for AWS GovCloud (US).
+func AwsUsGovPartition() Partition {
+ return awsusgovPartition.Partition()
+}
+
+var awsusgovPartition = partition{
+ ID: "aws-us-gov",
+ Name: "AWS GovCloud (US)",
+ DNSSuffix: "amazonaws.com",
+ RegionRegex: regionRegex{
+ Regexp: func() *regexp.Regexp {
+ reg, _ := regexp.Compile("^us\\-gov\\-\\w+\\-\\d+$")
+ return reg
+ }(),
+ },
+ Defaults: endpoint{
+ Hostname: "{service}.{region}.{dnsSuffix}",
+ Protocols: []string{"https"},
+ SignatureVersions: []string{"v4"},
},
Regions: regions{
- "cn-north-1": region{
- Description: "China (Beijing)",
+ "us-gov-east-1": region{
+ Description: "AWS GovCloud (US-East)",
+ },
+ "us-gov-west-1": region{
+ Description: "AWS GovCloud (US-West)",
+ },
+ },
+ Services: services{
+ "access-analyzer": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "access-analyzer.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "access-analyzer.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "acm": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "acm.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "acm.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "acm-pca": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "acm-pca.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "acm-pca.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "api.ecr": service{
+
+ Endpoints: endpoints{
+ "fips-dkr-us-gov-east-1": endpoint{
+ Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-dkr-us-gov-west-1": endpoint{
+ Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{
+ Hostname: "api.ecr.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "api.ecr.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "api.sagemaker": service{
+
+ Endpoints: endpoints{
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "api-fips.sagemaker.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1-fips-secondary": endpoint{
+ Hostname: "api.sagemaker.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "apigateway": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "application-autoscaling": service{
+ Defaults: endpoint{
+ Hostname: "autoscaling.{region}.amazonaws.com",
+ Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Service: "application-autoscaling",
+ },
+ },
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ "us-gov-west-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ },
+ },
+ "appstream2": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ CredentialScope: credentialScope{
+ Service: "appstream",
+ },
+ },
+ Endpoints: endpoints{
+ "fips": endpoint{
+ Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "athena": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "athena-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "athena-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "autoscaling": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ "us-gov-west-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ },
+ },
+ "autoscaling-plans": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ "us-gov-west-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ },
+ },
+ "backup": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "batch": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "batch.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "batch.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "clouddirectory": service{
+
+ Endpoints: endpoints{
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "cloudformation": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "cloudformation.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "cloudformation.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "cloudhsm": service{
+
+ Endpoints: endpoints{
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "cloudhsmv2": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "cloudhsm",
+ },
+ },
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "cloudtrail": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "cloudtrail.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "cloudtrail.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "codebuild": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "codebuild-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "codebuild-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "codecommit": service{
+
+ Endpoints: endpoints{
+ "fips": endpoint{
+ Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "codedeploy": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "codepipeline": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "codepipeline-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "cognito-identity": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "cognito-identity-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "cognito-idp": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "cognito-idp-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "comprehend": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "comprehend-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "comprehendmedical": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "comprehendmedical-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "config": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "config.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "config.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "datasync": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "datasync-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "datasync-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "directconnect": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "directconnect.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "directconnect.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "dms": service{
+
+ Endpoints: endpoints{
+ "dms-fips": endpoint{
+ Hostname: "dms.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "docdb": service{
+
+ Endpoints: endpoints{
+ "us-gov-west-1": endpoint{
+ Hostname: "rds.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "ds": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "ds-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "ds-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "dynamodb": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "ebs": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "ec2": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "ec2.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "ec2.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "ec2metadata": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-global": endpoint{
+ Hostname: "169.254.169.254/latest",
+ Protocols: []string{"http"},
+ },
+ },
+ },
+ "ecs": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "ecs-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "ecs-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "eks": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "eks.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "eks.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "elasticache": service{
+
+ Endpoints: endpoints{
+ "fips": endpoint{
+ Hostname: "elasticache.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "elasticbeanstalk": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "elasticfilesystem": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "elasticfilesystem-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "elasticfilesystem-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "elasticloadbalancing": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "elasticloadbalancing.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "elasticloadbalancing.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ },
+ },
+ "elasticmapreduce": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "elasticmapreduce.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "elasticmapreduce.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ },
+ },
+ "email": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "email-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "es": service{
+
+ Endpoints: endpoints{
+ "fips": endpoint{
+ Hostname: "es-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "events": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "events.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "events.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "firehose": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "firehose-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "firehose-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "fsx": service{
+
+ Endpoints: endpoints{
+ "fips-prod-us-gov-east-1": endpoint{
+ Hostname: "fsx-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-prod-us-gov-west-1": endpoint{
+ Hostname: "fsx-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "glacier": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "glacier.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "glacier.us-gov-west-1.amazonaws.com",
+ Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "glue": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "glue-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "glue-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "greengrass": service{
+ IsRegionalized: boxedTrue,
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "dataplane-us-gov-east-1": endpoint{
+ Hostname: "greengrass-ats.iot.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "dataplane-us-gov-west-1": endpoint{
+ Hostname: "greengrass-ats.iot.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "greengrass-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{
+ Hostname: "greengrass.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "guardduty": service{
+ IsRegionalized: boxedTrue,
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "guardduty.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "guardduty.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "health": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "health-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "iam": service{
+ PartitionEndpoint: "aws-us-gov-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-us-gov-global": endpoint{
+ Hostname: "iam.us-gov.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "iam-govcloud-fips": endpoint{
+ Hostname: "iam.us-gov.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "inspector": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "inspector-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "inspector-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "iot": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "execute-api",
+ },
+ },
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "iotsecuredtunneling": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "kafka": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "kinesis": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "kinesis.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "kinesis.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "kinesisanalytics": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "kms": service{
+
+ Endpoints: endpoints{
+ "ProdFips": endpoint{
+ Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "lakeformation": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "lambda": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "lambda-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "lambda-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "license-manager": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "license-manager-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "license-manager-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "logs": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "logs.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "logs.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "mediaconvert": service{
+
+ Endpoints: endpoints{
+ "us-gov-west-1": endpoint{
+ Hostname: "mediaconvert.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "metering.marketplace": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "aws-marketplace",
+ },
+ },
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
},
- "cn-northwest-1": region{
- Description: "China (Ningxia)",
+ "monitoring": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "monitoring.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "monitoring.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
},
- },
- Services: services{
- "api.ecr": service{
+ "neptune": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{
- Hostname: "api.ecr.cn-north-1.amazonaws.com.cn",
+ "us-gov-east-1": endpoint{
+ Hostname: "rds.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "cn-north-1",
+ Region: "us-gov-east-1",
},
},
- "cn-northwest-1": endpoint{
- Hostname: "api.ecr.cn-northwest-1.amazonaws.com.cn",
+ "us-gov-west-1": endpoint{
+ Hostname: "rds.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "cn-northwest-1",
+ Region: "us-gov-west-1",
},
},
},
},
- "apigateway": service{
+ "organizations": service{
+ PartitionEndpoint: "aws-us-gov-global",
+ IsRegionalized: boxedFalse,
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "aws-us-gov-global": endpoint{
+ Hostname: "organizations.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "fips-aws-us-gov-global": endpoint{
+ Hostname: "organizations.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "application-autoscaling": service{
+ "outposts": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "outposts.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "outposts.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "pinpoint": service{
Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com.cn",
- Protocols: []string{"http", "https"},
CredentialScope: credentialScope{
- Service: "application-autoscaling",
+ Service: "mobiletargeting",
},
},
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "pinpoint-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "pinpoint.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "autoscaling": service{
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
+ "polly": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "polly-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
},
+ },
+ "ram": service{
+
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "cloudformation": service{
+ "rds": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "rds.us-gov-east-1": endpoint{
+ Hostname: "rds.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "rds.us-gov-west-1": endpoint{
+ Hostname: "rds.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "cloudfront": service{
- PartitionEndpoint: "aws-cn-global",
- IsRegionalized: boxedFalse,
+ "redshift": service{
Endpoints: endpoints{
- "aws-cn-global": endpoint{
- Hostname: "cloudfront.cn-northwest-1.amazonaws.com.cn",
- Protocols: []string{"http", "https"},
+ "us-gov-east-1": endpoint{
+ Hostname: "redshift.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "cn-northwest-1",
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "redshift.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
},
},
},
},
- "cloudtrail": service{
+ "rekognition": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "rekognition-fips.us-gov-west-1": endpoint{
+ Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
},
},
- "codebuild": service{
+ "resource-groups": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "resource-groups.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "resource-groups.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "codedeploy": service{
+ "route53": service{
+ PartitionEndpoint: "aws-us-gov-global",
+ IsRegionalized: boxedFalse,
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "aws-us-gov-global": endpoint{
+ Hostname: "route53.us-gov.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "fips-aws-us-gov-global": endpoint{
+ Hostname: "route53.us-gov.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "cognito-identity": service{
+ "route53resolver": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "config": service{
+ "runtime.sagemaker": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "directconnect": service{
+ "s3": service{
+ Defaults: endpoint{
+ SignatureVersions: []string{"s3", "s3v4"},
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
+ },
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "s3-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{
+ Hostname: "s3.us-gov-east-1.amazonaws.com",
+ Protocols: []string{"http", "https"},
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "s3.us-gov-west-1.amazonaws.com",
+ Protocols: []string{"http", "https"},
+ },
},
},
- "dms": service{
+ "s3-control": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ SignatureVersions: []string{"s3v4"},
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
+ },
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "s3-control.us-gov-east-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "s3-control-fips.us-gov-east-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "s3-control.us-gov-west-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "s3-control-fips.us-gov-west-1.amazonaws.com",
+ SignatureVersions: []string{"s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "secretsmanager": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "ds": service{
+ "securityhub": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
- },
- },
- "dynamodb": service{
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
- },
- Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "securityhub-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "securityhub-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "ec2": service{
+ "serverlessrepo": service{
Defaults: endpoint{
- Protocols: []string{"http", "https"},
+ Protocols: []string{"https"},
},
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com",
+ Protocols: []string{"https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com",
+ Protocols: []string{"https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "ec2metadata": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
+ "servicecatalog": service{
Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "169.254.169.254/latest",
- Protocols: []string{"http"},
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "servicecatalog-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
},
},
},
- "ecs": service{
+ "sms": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "sms-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "sms-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "elasticache": service{
+ "snowball": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "snowball-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "snowball-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "elasticbeanstalk": service{
+ "sns": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
- },
- },
- "elasticloadbalancing": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
- Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
- },
- },
- "elasticmapreduce": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
- Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "sns.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "sns.us-gov-west-1.amazonaws.com",
+ Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "es": service{
+ "sqs": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "sqs.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "sqs.us-gov-west-1.amazonaws.com",
+ SSLCommonName: "{region}.queue.{dnsSuffix}",
+ Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "events": service{
+ "ssm": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "ssm.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "ssm.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "firehose": service{
+ "states": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "states-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "states.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "gamelift": service{
+ "storagegateway": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
+ "fips": endpoint{
+ Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "glacier": service{
+ "streams.dynamodb": service{
Defaults: endpoint{
- Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Service: "dynamodb",
+ },
},
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "iam": service{
- PartitionEndpoint: "aws-cn-global",
- IsRegionalized: boxedFalse,
+ "sts": service{
Endpoints: endpoints{
- "aws-cn-global": endpoint{
- Hostname: "iam.cn-north-1.amazonaws.com.cn",
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "sts.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "cn-north-1",
+ Region: "us-gov-east-1",
},
},
- },
- },
- "iot": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "execute-api",
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "sts.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
},
},
+ },
+ "support": service{
+ PartitionEndpoint: "aws-us-gov-global",
+
Endpoints: endpoints{
- "cn-north-1": endpoint{},
+ "aws-us-gov-global": endpoint{
+ Hostname: "support.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "support.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "kinesis": service{
+ "swf": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "swf.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "swf.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "lambda": service{
+ "tagging": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "logs": service{
-
+ "transcribe": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "fips.transcribe.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "fips.transcribe.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "mediaconvert": service{
+ "transfer": service{
Endpoints: endpoints{
- "cn-northwest-1": endpoint{
- Hostname: "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn",
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "transfer-fips.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "cn-northwest-1",
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "transfer-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
},
},
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "monitoring": service{
+ "translate": service{
Defaults: endpoint{
- Protocols: []string{"http", "https"},
+ Protocols: []string{"https"},
},
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "translate-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "polly": service{
+ "waf-regional": service{
Endpoints: endpoints{
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "waf-regional-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{
+ Hostname: "waf-regional.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "waf-regional.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
- "rds": service{
+ "workspaces": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "workspaces-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
},
},
- "redshift": service{
+ "xray": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "xray-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "xray-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
},
},
- "s3": service{
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
- SignatureVersions: []string{"s3v4"},
- },
- Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
- },
+ },
+}
+
+// AwsIsoPartition returns the Resolver for AWS ISO (US).
+func AwsIsoPartition() Partition {
+ return awsisoPartition.Partition()
+}
+
+var awsisoPartition = partition{
+ ID: "aws-iso",
+ Name: "AWS ISO (US)",
+ DNSSuffix: "c2s.ic.gov",
+ RegionRegex: regionRegex{
+ Regexp: func() *regexp.Regexp {
+ reg, _ := regexp.Compile("^us\\-iso\\-\\w+\\-\\d+$")
+ return reg
+ }(),
+ },
+ Defaults: endpoint{
+ Hostname: "{service}.{region}.{dnsSuffix}",
+ Protocols: []string{"https"},
+ SignatureVersions: []string{"v4"},
+ },
+ Regions: regions{
+ "us-iso-east-1": region{
+ Description: "US ISO East",
},
- "s3-control": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- SignatureVersions: []string{"s3v4"},
- },
+ },
+ Services: services{
+ "api.ecr": service{
+
Endpoints: endpoints{
- "cn-north-1": endpoint{
- Hostname: "s3-control.cn-north-1.amazonaws.com.cn",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "cn-north-1",
- },
- },
- "cn-northwest-1": endpoint{
- Hostname: "s3-control.cn-northwest-1.amazonaws.com.cn",
- SignatureVersions: []string{"s3v4"},
+ "us-iso-east-1": endpoint{
+ Hostname: "api.ecr.us-iso-east-1.c2s.ic.gov",
CredentialScope: credentialScope{
- Region: "cn-northwest-1",
+ Region: "us-iso-east-1",
},
},
},
},
- "sms": service{
+ "api.sagemaker": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "snowball": service{
+ "apigateway": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "sns": service{
+ "application-autoscaling": service{
Defaults: endpoint{
Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "sqs": service{
- Defaults: endpoint{
- SSLCommonName: "{region}.queue.{dnsSuffix}",
- Protocols: []string{"http", "https"},
- },
+ "autoscaling": service{
+
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-iso-east-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
},
},
- "ssm": service{
+ "cloudformation": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "states": service{
+ "cloudtrail": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "storagegateway": service{
+ "codedeploy": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "streams.dynamodb": service{
+ "comprehend": service{
Defaults: endpoint{
- Protocols: []string{"http", "https"},
- CredentialScope: credentialScope{
- Service: "dynamodb",
- },
+ Protocols: []string{"https"},
},
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "sts": service{
+ "config": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "swf": service{
+ "datapipeline": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "tagging": service{
+ "directconnect": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
- "cn-northwest-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- },
-}
-
-// AwsUsGovPartition returns the Resolver for AWS GovCloud (US).
-func AwsUsGovPartition() Partition {
- return awsusgovPartition.Partition()
-}
+ "dms": service{
-var awsusgovPartition = partition{
- ID: "aws-us-gov",
- Name: "AWS GovCloud (US)",
- DNSSuffix: "amazonaws.com",
- RegionRegex: regionRegex{
- Regexp: func() *regexp.Regexp {
- reg, _ := regexp.Compile("^us\\-gov\\-\\w+\\-\\d+$")
- return reg
- }(),
- },
- Defaults: endpoint{
- Hostname: "{service}.{region}.{dnsSuffix}",
- Protocols: []string{"https"},
- SignatureVersions: []string{"v4"},
- },
- Regions: regions{
- "us-gov-east-1": region{
- Description: "AWS GovCloud (US-East)",
+ Endpoints: endpoints{
+ "dms-fips": endpoint{
+ Hostname: "dms.us-iso-east-1.c2s.ic.gov",
+ CredentialScope: credentialScope{
+ Region: "us-iso-east-1",
+ },
+ },
+ "us-iso-east-1": endpoint{},
+ },
},
- "us-gov-west-1": region{
- Description: "AWS GovCloud (US)",
+ "ds": service{
+
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{},
+ },
},
- },
- Services: services{
- "acm": service{
+ "dynamodb": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
},
},
- "acm-pca": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
+ "ec2": service{
+
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{},
},
+ },
+ "ec2metadata": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "aws-global": endpoint{
+ Hostname: "169.254.169.254/latest",
+ Protocols: []string{"http"},
+ },
},
},
- "api.ecr": service{
+ "ecs": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{
- Hostname: "api.ecr.us-gov-east-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-gov-east-1",
- },
- },
- "us-gov-west-1": endpoint{
- Hostname: "api.ecr.us-gov-west-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-gov-west-1",
- },
- },
+ "us-iso-east-1": endpoint{},
},
},
- "api.sagemaker": service{
+ "elasticache": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "apigateway": service{
+ "elasticloadbalancing": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
},
},
- "application-autoscaling": service{
- Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com",
- CredentialScope: credentialScope{
- Service: "application-autoscaling",
+ "elasticmapreduce": service{
+
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{
+ Protocols: []string{"https"},
},
},
+ },
+ "es": service{
+
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "athena": service{
+ "events": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "autoscaling": service{
+ "glacier": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{
+ "us-iso-east-1": endpoint{
Protocols: []string{"http", "https"},
},
},
},
- "clouddirectory": service{
+ "health": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "cloudformation": service{
+ "iam": service{
+ PartitionEndpoint: "aws-iso-global",
+ IsRegionalized: boxedFalse,
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "aws-iso-global": endpoint{
+ Hostname: "iam.us-iso-east-1.c2s.ic.gov",
+ CredentialScope: credentialScope{
+ Region: "us-iso-east-1",
+ },
+ },
},
},
- "cloudhsm": service{
+ "kinesis": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "cloudhsmv2": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "cloudhsm",
+ "kms": service{
+
+ Endpoints: endpoints{
+ "ProdFips": endpoint{
+ Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov",
+ CredentialScope: credentialScope{
+ Region: "us-iso-east-1",
+ },
},
+ "us-iso-east-1": endpoint{},
},
+ },
+ "lambda": service{
+
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "cloudtrail": service{
+ "logs": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "codecommit": service{
+ "monitoring": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "codedeploy": service{
+ "rds": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-east-1-fips": endpoint{
- Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-gov-east-1",
- },
- },
- "us-gov-west-1": endpoint{},
- "us-gov-west-1-fips": endpoint{
- Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com",
+ "us-iso-east-1": endpoint{},
+ },
+ },
+ "redshift": service{
+
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{},
+ },
+ },
+ "route53": service{
+ PartitionEndpoint: "aws-iso-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-iso-global": endpoint{
+ Hostname: "route53.c2s.ic.gov",
CredentialScope: credentialScope{
- Region: "us-gov-west-1",
+ Region: "us-iso-east-1",
},
},
},
},
- "comprehend": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
+ "runtime.sagemaker": service{
+
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "config": service{
-
+ "s3": service{
+ Defaults: endpoint{
+ SignatureVersions: []string{"s3v4"},
+ },
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{
+ Protocols: []string{"http", "https"},
+ SignatureVersions: []string{"s3v4"},
+ },
},
},
- "directconnect": service{
+ "secretsmanager": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "dms": service{
+ "snowball": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "ds": service{
+ "sns": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
},
},
- "dynamodb": service{
+ "sqs": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
- "us-gov-west-1-fips": endpoint{
- Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-gov-west-1",
- },
+ "us-iso-east-1": endpoint{
+ Protocols: []string{"http", "https"},
},
},
},
- "ec2": service{
+ "states": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "ec2metadata": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
-
+ "streams.dynamodb": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Service: "dynamodb",
+ },
+ },
Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "169.254.169.254/latest",
- Protocols: []string{"http"},
+ "us-iso-east-1": endpoint{
+ Protocols: []string{"http", "https"},
},
},
},
- "ecs": service{
+ "sts": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "elasticache": service{
+ "support": service{
+ PartitionEndpoint: "aws-iso-global",
Endpoints: endpoints{
- "fips": endpoint{
- Hostname: "elasticache-fips.us-gov-west-1.amazonaws.com",
+ "aws-iso-global": endpoint{
+ Hostname: "support.us-iso-east-1.c2s.ic.gov",
CredentialScope: credentialScope{
- Region: "us-gov-west-1",
+ Region: "us-iso-east-1",
},
},
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
},
},
- "elasticbeanstalk": service{
+ "swf": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "elasticfilesystem": service{
-
+ "transcribe": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-iso-east-1": endpoint{},
},
},
- "elasticloadbalancing": service{
+ "transcribestreaming": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{
- Protocols: []string{"http", "https"},
- },
+ "us-iso-east-1": endpoint{},
},
},
- "elasticmapreduce": service{
+ "translate": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{},
+ },
+ },
+ "workspaces": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{
- Protocols: []string{"https"},
- },
+ "us-iso-east-1": endpoint{},
},
},
- "es": service{
+ },
+}
+
+// AwsIsoBPartition returns the Resolver for AWS ISOB (US).
+func AwsIsoBPartition() Partition {
+ return awsisobPartition.Partition()
+}
+
+var awsisobPartition = partition{
+ ID: "aws-iso-b",
+ Name: "AWS ISOB (US)",
+ DNSSuffix: "sc2s.sgov.gov",
+ RegionRegex: regionRegex{
+ Regexp: func() *regexp.Regexp {
+ reg, _ := regexp.Compile("^us\\-isob\\-\\w+\\-\\d+$")
+ return reg
+ }(),
+ },
+ Defaults: endpoint{
+ Hostname: "{service}.{region}.{dnsSuffix}",
+ Protocols: []string{"https"},
+ SignatureVersions: []string{"v4"},
+ },
+ Regions: regions{
+ "us-isob-east-1": region{
+ Description: "US ISOB East (Ohio)",
+ },
+ },
+ Services: services{
+ "api.ecr": service{
Endpoints: endpoints{
- "fips": endpoint{
- Hostname: "es-fips.us-gov-west-1.amazonaws.com",
+ "us-isob-east-1": endpoint{
+ Hostname: "api.ecr.us-isob-east-1.sc2s.sgov.gov",
CredentialScope: credentialScope{
- Region: "us-gov-west-1",
+ Region: "us-isob-east-1",
},
},
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
},
},
- "events": service{
+ "application-autoscaling": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "us-isob-east-1": endpoint{},
+ },
+ },
+ "autoscaling": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "us-isob-east-1": endpoint{},
+ },
+ },
+ "cloudformation": service{
+
+ Endpoints: endpoints{
+ "us-isob-east-1": endpoint{},
+ },
+ },
+ "cloudtrail": service{
+
+ Endpoints: endpoints{
+ "us-isob-east-1": endpoint{},
+ },
+ },
+ "codedeploy": service{
+
+ Endpoints: endpoints{
+ "us-isob-east-1": endpoint{},
+ },
+ },
+ "config": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "firehose": service{
+ "directconnect": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "glacier": service{
+ "dms": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{
- Protocols: []string{"http", "https"},
+ "dms-fips": endpoint{
+ Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
+ CredentialScope: credentialScope{
+ Region: "us-isob-east-1",
+ },
},
+ "us-isob-east-1": endpoint{},
},
},
- "glue": service{
-
+ "dynamodb": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "guardduty": service{
- IsRegionalized: boxedTrue,
+ "ec2": service{
Defaults: endpoint{
- Protocols: []string{"https"},
+ Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "iam": service{
- PartitionEndpoint: "aws-us-gov-global",
+ "ec2metadata": service{
+ PartitionEndpoint: "aws-global",
IsRegionalized: boxedFalse,
Endpoints: endpoints{
- "aws-us-gov-global": endpoint{
- Hostname: "iam.us-gov.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-gov-west-1",
- },
+ "aws-global": endpoint{
+ Hostname: "169.254.169.254/latest",
+ Protocols: []string{"http"},
},
},
},
- "inspector": service{
+ "ecs": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "iot": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "execute-api",
- },
- },
+ "elasticache": service{
+
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "kinesis": service{
+ "elasticloadbalancing": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{
+ Protocols: []string{"https"},
+ },
},
},
- "kms": service{
+ "elasticmapreduce": service{
Endpoints: endpoints{
- "ProdFips": endpoint{
- Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-gov-west-1",
- },
- },
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "lambda": service{
+ "es": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "license-manager": service{
+ "events": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "logs": service{
+ "glacier": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "mediaconvert": service{
+ "health": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "metering.marketplace": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "aws-marketplace",
- },
- },
+ "iam": service{
+ PartitionEndpoint: "aws-iso-b-global",
+ IsRegionalized: boxedFalse,
+
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "aws-iso-b-global": endpoint{
+ Hostname: "iam.us-isob-east-1.sc2s.sgov.gov",
+ CredentialScope: credentialScope{
+ Region: "us-isob-east-1",
+ },
+ },
},
},
- "monitoring": service{
+ "kinesis": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "organizations": service{
- PartitionEndpoint: "aws-us-gov-global",
- IsRegionalized: boxedFalse,
+ "kms": service{
Endpoints: endpoints{
- "aws-us-gov-global": endpoint{
- Hostname: "organizations.us-gov-west-1.amazonaws.com",
+ "ProdFips": endpoint{
+ Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov",
CredentialScope: credentialScope{
- Region: "us-gov-west-1",
+ Region: "us-isob-east-1",
},
},
+ "us-isob-east-1": endpoint{},
},
},
- "polly": service{
+ "lambda": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "rds": service{
+ "license-manager": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "redshift": service{
+ "logs": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "rekognition": service{
+ "monitoring": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "runtime.sagemaker": service{
+ "rds": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "s3": service{
- Defaults: endpoint{
- SignatureVersions: []string{"s3", "s3v4"},
- },
+ "redshift": service{
+
Endpoints: endpoints{
- "fips-us-gov-west-1": endpoint{
- Hostname: "s3-fips-us-gov-west-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-gov-west-1",
- },
- },
- "us-gov-east-1": endpoint{
- Hostname: "s3.us-gov-east-1.amazonaws.com",
- Protocols: []string{"http", "https"},
- },
- "us-gov-west-1": endpoint{
- Hostname: "s3.us-gov-west-1.amazonaws.com",
- Protocols: []string{"http", "https"},
- },
+ "us-isob-east-1": endpoint{},
},
},
- "s3-control": service{
+ "s3": service{
Defaults: endpoint{
- Protocols: []string{"https"},
+ Protocols: []string{"http", "https"},
SignatureVersions: []string{"s3v4"},
},
Endpoints: endpoints{
- "us-gov-east-1": endpoint{
- Hostname: "s3-control.us-gov-east-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "us-gov-east-1",
- },
- },
- "us-gov-east-1-fips": endpoint{
- Hostname: "s3-control-fips.us-gov-east-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "us-gov-east-1",
- },
- },
- "us-gov-west-1": endpoint{
- Hostname: "s3-control.us-gov-west-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "us-gov-west-1",
- },
- },
- "us-gov-west-1-fips": endpoint{
- Hostname: "s3-control-fips.us-gov-west-1.amazonaws.com",
- SignatureVersions: []string{"s3v4"},
- CredentialScope: credentialScope{
- Region: "us-gov-west-1",
- },
- },
- },
- },
- "sms": service{
-
- Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
"snowball": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
"sns": service{
-
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{
- Protocols: []string{"http", "https"},
- },
+ "us-isob-east-1": endpoint{},
},
},
"sqs": service{
-
+ Defaults: endpoint{
+ SSLCommonName: "{region}.queue.{dnsSuffix}",
+ Protocols: []string{"http", "https"},
+ },
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{
- SSLCommonName: "{region}.queue.{dnsSuffix}",
- Protocols: []string{"http", "https"},
- },
+ "us-isob-east-1": endpoint{},
},
},
"ssm": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
"states": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
- },
- },
- "storagegateway": service{
-
- Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
"streams.dynamodb": service{
Defaults: endpoint{
+ Protocols: []string{"http", "https"},
CredentialScope: credentialScope{
Service: "dynamodb",
},
},
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
- "us-gov-west-1-fips": endpoint{
- Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-gov-west-1",
- },
- },
+ "us-isob-east-1": endpoint{},
},
},
"sts": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
- },
- },
- "swf": service{
-
- Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
- "tagging": service{
+ "support": service{
+ PartitionEndpoint: "aws-iso-b-global",
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
- },
- },
- "translate": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
- Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
- "us-gov-west-1-fips": endpoint{
- Hostname: "translate-fips.us-gov-west-1.amazonaws.com",
+ "aws-iso-b-global": endpoint{
+ Hostname: "support.us-isob-east-1.sc2s.sgov.gov",
CredentialScope: credentialScope{
- Region: "us-gov-west-1",
+ Region: "us-isob-east-1",
},
},
},
},
- "waf-regional": service{
-
- Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
- },
- },
- "workspaces": service{
+ "swf": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-isob-east-1": endpoint{},
},
},
},
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
index f82babf6f..ca956e5f1 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
@@ -3,6 +3,7 @@ package endpoints
import (
"fmt"
"regexp"
+ "strings"
"github.com/aws/aws-sdk-go/aws/awserr"
)
@@ -46,6 +47,108 @@ type Options struct {
//
// This option is ignored if StrictMatching is enabled.
ResolveUnknownService bool
+
+ // STS Regional Endpoint flag helps with resolving the STS endpoint
+ STSRegionalEndpoint STSRegionalEndpoint
+
+ // S3 Regional Endpoint flag helps with resolving the S3 endpoint
+ S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint
+}
+
+// STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint
+// options.
+type STSRegionalEndpoint int
+
+func (e STSRegionalEndpoint) String() string {
+ switch e {
+ case LegacySTSEndpoint:
+ return "legacy"
+ case RegionalSTSEndpoint:
+ return "regional"
+ case UnsetSTSEndpoint:
+ return ""
+ default:
+ return "unknown"
+ }
+}
+
+const (
+
+ // UnsetSTSEndpoint represents that STS Regional Endpoint flag is not specified.
+ UnsetSTSEndpoint STSRegionalEndpoint = iota
+
+ // LegacySTSEndpoint represents when STS Regional Endpoint flag is specified
+ // to use legacy endpoints.
+ LegacySTSEndpoint
+
+ // RegionalSTSEndpoint represents when STS Regional Endpoint flag is specified
+ // to use regional endpoints.
+ RegionalSTSEndpoint
+)
+
+// GetSTSRegionalEndpoint function returns the STSRegionalEndpointFlag based
+// on the input string provided in env config or shared config by the user.
+//
+// `legacy`, `regional` are the only case-insensitive valid strings for
+// resolving the STS regional Endpoint flag.
+func GetSTSRegionalEndpoint(s string) (STSRegionalEndpoint, error) {
+ switch {
+ case strings.EqualFold(s, "legacy"):
+ return LegacySTSEndpoint, nil
+ case strings.EqualFold(s, "regional"):
+ return RegionalSTSEndpoint, nil
+ default:
+ return UnsetSTSEndpoint, fmt.Errorf("unable to resolve the value of STSRegionalEndpoint for %v", s)
+ }
+}
+
+// S3UsEast1RegionalEndpoint is an enum for the states of the S3 us-east-1
+// Regional Endpoint options.
+type S3UsEast1RegionalEndpoint int
+
+func (e S3UsEast1RegionalEndpoint) String() string {
+ switch e {
+ case LegacyS3UsEast1Endpoint:
+ return "legacy"
+ case RegionalS3UsEast1Endpoint:
+ return "regional"
+ case UnsetS3UsEast1Endpoint:
+ return ""
+ default:
+ return "unknown"
+ }
+}
+
+const (
+
+ // UnsetS3UsEast1Endpoint represents that S3 Regional Endpoint flag is not
+ // specified.
+ UnsetS3UsEast1Endpoint S3UsEast1RegionalEndpoint = iota
+
+ // LegacyS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
+ // specified to use legacy endpoints.
+ LegacyS3UsEast1Endpoint
+
+ // RegionalS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
+ // specified to use regional endpoints.
+ RegionalS3UsEast1Endpoint
+)
+
+// GetS3UsEast1RegionalEndpoint function returns the S3UsEast1RegionalEndpointFlag based
+// on the input string provided in env config or shared config by the user.
+//
+// `legacy`, `regional` are the only case-insensitive valid strings for
+// resolving the S3 regional Endpoint flag.
+func GetS3UsEast1RegionalEndpoint(s string) (S3UsEast1RegionalEndpoint, error) {
+ switch {
+ case strings.EqualFold(s, "legacy"):
+ return LegacyS3UsEast1Endpoint, nil
+ case strings.EqualFold(s, "regional"):
+ return RegionalS3UsEast1Endpoint, nil
+ default:
+ return UnsetS3UsEast1Endpoint,
+ fmt.Errorf("unable to resolve the value of S3UsEast1RegionalEndpoint for %v", s)
+ }
}
// Set combines all of the option functions together.
@@ -79,6 +182,12 @@ func ResolveUnknownServiceOption(o *Options) {
o.ResolveUnknownService = true
}
+// STSRegionalEndpointOption enables the STS endpoint resolver behavior to resolve
+// STS endpoint to their regional endpoint, instead of the global endpoint.
+func STSRegionalEndpointOption(o *Options) {
+ o.STSRegionalEndpoint = RegionalSTSEndpoint
+}
+
// A Resolver provides the interface for functionality to resolve endpoints.
// The build in Partition and DefaultResolver return value satisfy this interface.
type Resolver interface {
@@ -170,10 +279,13 @@ func PartitionForRegion(ps []Partition, regionID string) (Partition, bool) {
// A Partition provides the ability to enumerate the partition's regions
// and services.
type Partition struct {
- id string
- p *partition
+ id, dnsSuffix string
+ p *partition
}
+// DNSSuffix returns the base domain name of the partition.
+func (p Partition) DNSSuffix() string { return p.dnsSuffix }
+
// ID returns the identifier of the partition.
func (p Partition) ID() string { return p.id }
@@ -191,7 +303,7 @@ func (p Partition) ID() string { return p.id }
// require the provided service and region to be known by the partition.
// If the endpoint cannot be strictly resolved an error will be returned. This
// mode is useful to ensure the endpoint resolved is valid. Without
-// StrictMatching enabled the endpoint returned my look valid but may not work.
+// StrictMatching enabled the endpoint returned may look valid but may not work.
// StrictMatching requires the SDK to be updated if you want to take advantage
// of new regions and services expansions.
//
@@ -205,7 +317,7 @@ func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (
// Regions returns a map of Regions indexed by their ID. This is useful for
// enumerating over the regions in a partition.
func (p Partition) Regions() map[string]Region {
- rs := map[string]Region{}
+ rs := make(map[string]Region, len(p.p.Regions))
for id, r := range p.p.Regions {
rs[id] = Region{
id: id,
@@ -220,7 +332,7 @@ func (p Partition) Regions() map[string]Region {
// Services returns a map of Service indexed by their ID. This is useful for
// enumerating over the services in a partition.
func (p Partition) Services() map[string]Service {
- ss := map[string]Service{}
+ ss := make(map[string]Service, len(p.p.Services))
for id := range p.p.Services {
ss[id] = Service{
id: id,
@@ -307,7 +419,7 @@ func (s Service) Regions() map[string]Region {
// A region is the AWS region the service exists in. Whereas a Endpoint is
// an URL that can be resolved to a instance of a service.
func (s Service) Endpoints() map[string]Endpoint {
- es := map[string]Endpoint{}
+ es := make(map[string]Endpoint, len(s.p.Services[s.id].Endpoints))
for id := range s.p.Services[s.id].Endpoints {
es[id] = Endpoint{
id: id,
@@ -347,6 +459,9 @@ type ResolvedEndpoint struct {
// The endpoint URL
URL string
+ // The endpoint partition
+ PartitionID string
+
// The region that should be used for signing requests.
SigningRegion string
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
new file mode 100644
index 000000000..df75e899a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
@@ -0,0 +1,24 @@
+package endpoints
+
+var legacyGlobalRegions = map[string]map[string]struct{}{
+ "sts": {
+ "ap-northeast-1": {},
+ "ap-south-1": {},
+ "ap-southeast-1": {},
+ "ap-southeast-2": {},
+ "ca-central-1": {},
+ "eu-central-1": {},
+ "eu-north-1": {},
+ "eu-west-1": {},
+ "eu-west-2": {},
+ "eu-west-3": {},
+ "sa-east-1": {},
+ "us-east-1": {},
+ "us-east-2": {},
+ "us-west-1": {},
+ "us-west-2": {},
+ },
+ "s3": {
+ "us-east-1": {},
+ },
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
index ff6f76db6..773613722 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
@@ -7,6 +7,8 @@ import (
"strings"
)
+var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`)
+
type partitions []partition
func (ps partitions) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
@@ -54,8 +56,9 @@ type partition struct {
func (p partition) Partition() Partition {
return Partition{
- id: p.ID,
- p: &p,
+ dnsSuffix: p.DNSSuffix,
+ id: p.ID,
+ p: &p,
}
}
@@ -74,24 +77,56 @@ func (p partition) canResolveEndpoint(service, region string, strictMatch bool)
return p.RegionRegex.MatchString(region)
}
+func allowLegacyEmptyRegion(service string) bool {
+ legacy := map[string]struct{}{
+ "budgets": {},
+ "ce": {},
+ "chime": {},
+ "cloudfront": {},
+ "ec2metadata": {},
+ "iam": {},
+ "importexport": {},
+ "organizations": {},
+ "route53": {},
+ "sts": {},
+ "support": {},
+ "waf": {},
+ }
+
+ _, allowed := legacy[service]
+ return allowed
+}
+
func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (resolved ResolvedEndpoint, err error) {
var opt Options
opt.Set(opts...)
s, hasService := p.Services[service]
- if !(hasService || opt.ResolveUnknownService) {
+ if len(service) == 0 || !(hasService || opt.ResolveUnknownService) {
// Only return error if the resolver will not fallback to creating
// endpoint based on service endpoint ID passed in.
return resolved, NewUnknownServiceError(p.ID, service, serviceList(p.Services))
}
+ if len(region) == 0 && allowLegacyEmptyRegion(service) && len(s.PartitionEndpoint) != 0 {
+ region = s.PartitionEndpoint
+ }
+
+ if (service == "sts" && opt.STSRegionalEndpoint != RegionalSTSEndpoint) ||
+ (service == "s3" && opt.S3UsEast1RegionalEndpoint != RegionalS3UsEast1Endpoint) {
+ if _, ok := legacyGlobalRegions[service][region]; ok {
+ region = "aws-global"
+ }
+ }
+
e, hasEndpoint := s.endpointForRegion(region)
- if !hasEndpoint && opt.StrictMatching {
+ if len(region) == 0 || (!hasEndpoint && opt.StrictMatching) {
return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(s.Endpoints))
}
defs := []endpoint{p.Defaults, s.Defaults}
- return e.resolve(service, region, p.DNSSuffix, defs, opt), nil
+
+ return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt)
}
func serviceList(ss services) []string {
@@ -200,7 +235,7 @@ func getByPriority(s []string, p []string, def string) string {
return s[0]
}
-func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, opts Options) ResolvedEndpoint {
+func (e endpoint) resolve(service, partitionID, region, dnsSuffix string, defs []endpoint, opts Options) (ResolvedEndpoint, error) {
var merged endpoint
for _, def := range defs {
merged.mergeIn(def)
@@ -208,11 +243,27 @@ func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, op
merged.mergeIn(e)
e = merged
- hostname := e.Hostname
+ signingRegion := e.CredentialScope.Region
+ if len(signingRegion) == 0 {
+ signingRegion = region
+ }
+ signingName := e.CredentialScope.Service
+ var signingNameDerived bool
+ if len(signingName) == 0 {
+ signingName = service
+ signingNameDerived = true
+ }
+
+ hostname := e.Hostname
// Offset the hostname for dualstack if enabled
if opts.UseDualStack && e.HasDualStack == boxedTrue {
hostname = e.DualStackHostname
+ region = signingRegion
+ }
+
+ if !validateInputRegion(region) {
+ return ResolvedEndpoint{}, fmt.Errorf("invalid region identifier format provided")
}
u := strings.Replace(hostname, "{service}", service, 1)
@@ -222,25 +273,14 @@ func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, op
scheme := getEndpointScheme(e.Protocols, opts.DisableSSL)
u = fmt.Sprintf("%s://%s", scheme, u)
- signingRegion := e.CredentialScope.Region
- if len(signingRegion) == 0 {
- signingRegion = region
- }
-
- signingName := e.CredentialScope.Service
- var signingNameDerived bool
- if len(signingName) == 0 {
- signingName = service
- signingNameDerived = true
- }
-
return ResolvedEndpoint{
URL: u,
+ PartitionID: partitionID,
SigningRegion: signingRegion,
SigningName: signingName,
SigningNameDerived: signingNameDerived,
SigningMethod: getByPriority(e.SignatureVersions, signerPriority, defaultSigner),
- }
+ }, nil
}
func getEndpointScheme(protocols []string, disableSSL bool) string {
@@ -305,3 +345,7 @@ const (
boxedFalse
boxedTrue
)
+
+func validateInputRegion(region string) bool {
+ return regionValidationRegex.MatchString(region)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
index 271da432c..2ba3c56c1 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
@@ -1,18 +1,18 @@
-// +build !appengine,!plan9
-
package request
import (
- "net"
- "os"
- "syscall"
+ "strings"
)
func isErrConnectionReset(err error) bool {
- if opErr, ok := err.(*net.OpError); ok {
- if sysErr, ok := opErr.Err.(*os.SyscallError); ok {
- return sysErr.Err == syscall.ECONNRESET
- }
+ if strings.Contains(err.Error(), "read: connection reset") {
+ return false
+ }
+
+ if strings.Contains(err.Error(), "use of closed network connection") ||
+ strings.Contains(err.Error(), "connection reset") ||
+ strings.Contains(err.Error(), "broken pipe") {
+ return true
}
return false
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go
deleted file mode 100644
index daf9eca43..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build appengine plan9
-
-package request
-
-import (
- "strings"
-)
-
-func isErrConnectionReset(err error) bool {
- return strings.Contains(err.Error(), "connection reset")
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
index 8ef8548a9..e819ab6c0 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
@@ -10,6 +10,7 @@ import (
type Handlers struct {
Validate HandlerList
Build HandlerList
+ BuildStream HandlerList
Sign HandlerList
Send HandlerList
ValidateResponse HandlerList
@@ -23,11 +24,12 @@ type Handlers struct {
Complete HandlerList
}
-// Copy returns of this handler's lists.
+// Copy returns a copy of this handler's lists.
func (h *Handlers) Copy() Handlers {
return Handlers{
Validate: h.Validate.copy(),
Build: h.Build.copy(),
+ BuildStream: h.BuildStream.copy(),
Sign: h.Sign.copy(),
Send: h.Send.copy(),
ValidateResponse: h.ValidateResponse.copy(),
@@ -42,10 +44,11 @@ func (h *Handlers) Copy() Handlers {
}
}
-// Clear removes callback functions for all handlers
+// Clear removes callback functions for all handlers.
func (h *Handlers) Clear() {
h.Validate.Clear()
h.Build.Clear()
+ h.BuildStream.Clear()
h.Send.Clear()
h.Sign.Clear()
h.Unmarshal.Clear()
@@ -59,6 +62,54 @@ func (h *Handlers) Clear() {
h.Complete.Clear()
}
+// IsEmpty returns if there are no handlers in any of the handlerlists.
+func (h *Handlers) IsEmpty() bool {
+ if h.Validate.Len() != 0 {
+ return false
+ }
+ if h.Build.Len() != 0 {
+ return false
+ }
+ if h.BuildStream.Len() != 0 {
+ return false
+ }
+ if h.Send.Len() != 0 {
+ return false
+ }
+ if h.Sign.Len() != 0 {
+ return false
+ }
+ if h.Unmarshal.Len() != 0 {
+ return false
+ }
+ if h.UnmarshalStream.Len() != 0 {
+ return false
+ }
+ if h.UnmarshalMeta.Len() != 0 {
+ return false
+ }
+ if h.UnmarshalError.Len() != 0 {
+ return false
+ }
+ if h.ValidateResponse.Len() != 0 {
+ return false
+ }
+ if h.Retry.Len() != 0 {
+ return false
+ }
+ if h.AfterRetry.Len() != 0 {
+ return false
+ }
+ if h.CompleteAttempt.Len() != 0 {
+ return false
+ }
+ if h.Complete.Len() != 0 {
+ return false
+ }
+
+ return true
+}
+
// A HandlerListRunItem represents an entry in the HandlerList which
// is being run.
type HandlerListRunItem struct {
@@ -275,3 +326,18 @@ func MakeAddToUserAgentFreeFormHandler(s string) func(*Request) {
AddToUserAgent(r, s)
}
}
+
+// WithSetRequestHeaders updates the operation request's HTTP header to contain
+// the header key value pairs provided. If the header key already exists in the
+// request's HTTP header set, the existing value(s) will be replaced.
+func WithSetRequestHeaders(h map[string]string) Option {
+ return withRequestHeader(h).SetRequestHeaders
+}
+
+type withRequestHeader map[string]string
+
+func (h withRequestHeader) SetRequestHeaders(r *Request) {
+ for k, v := range h {
+ r.HTTPRequest.Header[k] = []string{v}
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
index b0c2ef4fe..9370fa50c 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
@@ -15,12 +15,15 @@ type offsetReader struct {
closed bool
}
-func newOffsetReader(buf io.ReadSeeker, offset int64) *offsetReader {
+func newOffsetReader(buf io.ReadSeeker, offset int64) (*offsetReader, error) {
reader := &offsetReader{}
- buf.Seek(offset, sdkio.SeekStart)
+ _, err := buf.Seek(offset, sdkio.SeekStart)
+ if err != nil {
+ return nil, err
+ }
reader.buf = buf
- return reader
+ return reader, nil
}
// Close will close the instance of the offset reader's access to
@@ -54,7 +57,9 @@ func (o *offsetReader) Seek(offset int64, whence int) (int64, error) {
// CloseAndCopy will return a new offsetReader with a copy of the old buffer
// and close the old buffer.
-func (o *offsetReader) CloseAndCopy(offset int64) *offsetReader {
- o.Close()
+func (o *offsetReader) CloseAndCopy(offset int64) (*offsetReader, error) {
+ if err := o.Close(); err != nil {
+ return nil, err
+ }
return newOffsetReader(o.buf, offset)
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
index 19da3fcd8..d597c6ead 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
@@ -36,6 +36,10 @@ const (
// API request that was canceled. Requests given a aws.Context may
// return this error when canceled.
CanceledErrorCode = "RequestCanceled"
+
+ // ErrCodeRequestError is an error preventing the SDK from continuing to
+ // process the request.
+ ErrCodeRequestError = "RequestError"
)
// A Request is the service request to be made.
@@ -51,6 +55,7 @@ type Request struct {
HTTPRequest *http.Request
HTTPResponse *http.Response
Body io.ReadSeeker
+ streamingBody io.ReadCloser
BodyStart int64 // offset from beginning of Body that the request body starts
Params interface{}
Error error
@@ -64,6 +69,15 @@ type Request struct {
LastSignedAt time.Time
DisableFollowRedirects bool
+ // Additional API error codes that should be retried. IsErrorRetryable
+ // will consider these codes in addition to its built in cases.
+ RetryErrorCodes []string
+
+ // Additional API error codes that should be retried with throttle backoff
+ // delay. IsErrorThrottle will consider these codes in addition to its
+ // built in cases.
+ ThrottleErrorCodes []string
+
// A value greater than 0 instructs the request to be signed as Presigned URL
// You should not set this field directly. Instead use Request's
// Presign or PresignRequest methods.
@@ -90,8 +104,12 @@ type Operation struct {
BeforePresignFn func(r *Request) error
}
-// New returns a new Request pointer for the service API
-// operation and parameters.
+// New returns a new Request pointer for the service API operation and
+// parameters.
+//
+// A Retryer should be provided to direct how the request is retried. If
+// Retryer is nil, a default no retry value will be used. You can use
+// NoOpRetryer in the Client package to disable retry behavior directly.
//
// Params is any value of input parameters to be the request payload.
// Data is pointer value to an object which the request's response
@@ -99,6 +117,10 @@ type Operation struct {
func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
retryer Retryer, operation *Operation, params interface{}, data interface{}) *Request {
+ if retryer == nil {
+ retryer = noOpRetryer{}
+ }
+
method := operation.HTTPMethod
if method == "" {
method = "POST"
@@ -113,8 +135,6 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
err = awserr.New("InvalidEndpointURL", "invalid endpoint uri", err)
}
- SanitizeHostForHeader(httpReq)
-
r := &Request{
Config: cfg,
ClientInfo: clientInfo,
@@ -231,6 +251,10 @@ func (r *Request) WillRetry() bool {
return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries()
}
+func fmtAttemptCount(retryCount, maxRetries int) string {
+ return fmt.Sprintf("attempt %v/%v", retryCount, maxRetries)
+}
+
// ParamsFilled returns if the request's parameters have been populated
// and the parameters are valid. False is returned if no parameters are
// provided or invalid.
@@ -259,10 +283,28 @@ func (r *Request) SetStringBody(s string) {
// SetReaderBody will set the request's body reader.
func (r *Request) SetReaderBody(reader io.ReadSeeker) {
r.Body = reader
- r.BodyStart, _ = reader.Seek(0, sdkio.SeekCurrent) // Get the Bodies current offset.
+
+ if aws.IsReaderSeekable(reader) {
+ var err error
+ // Get the Bodies current offset so retries will start from the same
+ // initial position.
+ r.BodyStart, err = reader.Seek(0, sdkio.SeekCurrent)
+ if err != nil {
+ r.Error = awserr.New(ErrCodeSerialization,
+ "failed to determine start of request body", err)
+ return
+ }
+ }
r.ResetBody()
}
+// SetStreamingBody set the reader to be used for the request that will stream
+// bytes to the server. Request's Body must not be set to any reader.
+func (r *Request) SetStreamingBody(reader io.ReadCloser) {
+ r.streamingBody = reader
+ r.SetReaderBody(aws.ReadSeekCloser(reader))
+}
+
// Presign returns the request's signed URL. Error will be returned
// if the signing fails. The expire parameter is only used for presigned Amazon
// S3 API requests. All other AWS services will use a fixed expiration
@@ -330,16 +372,15 @@ func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, err
return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil
}
-func debugLogReqError(r *Request, stage string, retrying bool, err error) {
+const (
+ notRetrying = "not retrying"
+)
+
+func debugLogReqError(r *Request, stage, retryStr string, err error) {
if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) {
return
}
- retryStr := "not retrying"
- if retrying {
- retryStr = "will retry"
- }
-
r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v",
stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err))
}
@@ -358,12 +399,12 @@ func (r *Request) Build() error {
if !r.built {
r.Handlers.Validate.Run(r)
if r.Error != nil {
- debugLogReqError(r, "Validate Request", false, r.Error)
+ debugLogReqError(r, "Validate Request", notRetrying, r.Error)
return r.Error
}
r.Handlers.Build.Run(r)
if r.Error != nil {
- debugLogReqError(r, "Build Request", false, r.Error)
+ debugLogReqError(r, "Build Request", notRetrying, r.Error)
return r.Error
}
r.built = true
@@ -379,20 +420,30 @@ func (r *Request) Build() error {
func (r *Request) Sign() error {
r.Build()
if r.Error != nil {
- debugLogReqError(r, "Build Request", false, r.Error)
+ debugLogReqError(r, "Build Request", notRetrying, r.Error)
return r.Error
}
+ SanitizeHostForHeader(r.HTTPRequest)
+
r.Handlers.Sign.Run(r)
return r.Error
}
-func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
+func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) {
+ if r.streamingBody != nil {
+ return r.streamingBody, nil
+ }
+
if r.safeBody != nil {
r.safeBody.Close()
}
- r.safeBody = newOffsetReader(r.Body, r.BodyStart)
+ r.safeBody, err = newOffsetReader(r.Body, r.BodyStart)
+ if err != nil {
+ return nil, awserr.New(ErrCodeSerialization,
+ "failed to get next request body reader", err)
+ }
// Go 1.8 tightened and clarified the rules code needs to use when building
// requests with the http package. Go 1.8 removed the automatic detection
@@ -409,10 +460,10 @@ func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
// Related golang/go#18257
l, err := aws.SeekerLen(r.Body)
if err != nil {
- return nil, awserr.New(ErrCodeSerialization, "failed to compute request body size", err)
+ return nil, awserr.New(ErrCodeSerialization,
+ "failed to compute request body size", err)
}
- var body io.ReadCloser
if l == 0 {
body = NoBody
} else if l > 0 {
@@ -473,29 +524,28 @@ func (r *Request) Send() error {
r.AttemptTime = time.Now()
if err := r.Sign(); err != nil {
- debugLogReqError(r, "Sign Request", false, err)
+ debugLogReqError(r, "Sign Request", notRetrying, err)
return err
}
if err := r.sendRequest(); err == nil {
return nil
- } else if !shouldRetryCancel(r.Error) {
- return err
- } else {
- r.Handlers.Retry.Run(r)
- r.Handlers.AfterRetry.Run(r)
+ }
+ r.Handlers.Retry.Run(r)
+ r.Handlers.AfterRetry.Run(r)
- if r.Error != nil || !aws.BoolValue(r.Retryable) {
- return r.Error
- }
+ if r.Error != nil || !aws.BoolValue(r.Retryable) {
+ return r.Error
+ }
- r.prepareRetry()
- continue
+ if err := r.prepareRetry(); err != nil {
+ r.Error = err
+ return err
}
}
}
-func (r *Request) prepareRetry() {
+func (r *Request) prepareRetry() error {
if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
@@ -506,12 +556,19 @@ func (r *Request) prepareRetry() {
// the request's body even though the Client's Do returned.
r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
r.ResetBody()
+ if err := r.Error; err != nil {
+ return awserr.New(ErrCodeSerialization,
+ "failed to prepare body for retry", err)
+
+ }
// Closing response body to ensure that no response body is leaked
// between retry attempts.
if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
r.HTTPResponse.Body.Close()
}
+
+ return nil
}
func (r *Request) sendRequest() (sendErr error) {
@@ -520,7 +577,9 @@ func (r *Request) sendRequest() (sendErr error) {
r.Retryable = nil
r.Handlers.Send.Run(r)
if r.Error != nil {
- debugLogReqError(r, "Send Request", r.WillRetry(), r.Error)
+ debugLogReqError(r, "Send Request",
+ fmtAttemptCount(r.RetryCount, r.MaxRetries()),
+ r.Error)
return r.Error
}
@@ -528,13 +587,17 @@ func (r *Request) sendRequest() (sendErr error) {
r.Handlers.ValidateResponse.Run(r)
if r.Error != nil {
r.Handlers.UnmarshalError.Run(r)
- debugLogReqError(r, "Validate Response", r.WillRetry(), r.Error)
+ debugLogReqError(r, "Validate Response",
+ fmtAttemptCount(r.RetryCount, r.MaxRetries()),
+ r.Error)
return r.Error
}
r.Handlers.Unmarshal.Run(r)
if r.Error != nil {
- debugLogReqError(r, "Unmarshal Response", r.WillRetry(), r.Error)
+ debugLogReqError(r, "Unmarshal Response",
+ fmtAttemptCount(r.RetryCount, r.MaxRetries()),
+ r.Error)
return r.Error
}
@@ -561,48 +624,6 @@ func AddToUserAgent(r *Request, s string) {
r.HTTPRequest.Header.Set("User-Agent", s)
}
-type temporary interface {
- Temporary() bool
-}
-
-func shouldRetryCancel(err error) bool {
- switch err := err.(type) {
- case awserr.Error:
- if err.Code() == CanceledErrorCode {
- return false
- }
- return shouldRetryCancel(err.OrigErr())
- case *url.Error:
- if strings.Contains(err.Error(), "connection refused") {
- // Refused connections should be retried as the service may not yet
- // be running on the port. Go TCP dial considers refused
- // connections as not temporary.
- return true
- }
- // *url.Error only implements Temporary after golang 1.6 but since
- // url.Error only wraps the error:
- return shouldRetryCancel(err.Err)
- case temporary:
- // If the error is temporary, we want to allow continuation of the
- // retry process
- return err.Temporary()
- case nil:
- // `awserr.Error.OrigErr()` can be nil, meaning there was an error but
- // because we don't know the cause, it is marked as retryable. See
- // TestRequest4xxUnretryable for an example.
- return true
- default:
- switch err.Error() {
- case "net/http: request canceled",
- "net/http: request canceled while waiting for connection":
- // known 1.5 error case when an http request is cancelled
- return false
- }
- // here we don't know the error; so we allow a retry.
- return true
- }
-}
-
// SanitizeHostForHeader removes default port from host and updates request.Host
func SanitizeHostForHeader(r *http.Request) {
host := getHost(r)
@@ -618,6 +639,10 @@ func getHost(r *http.Request) string {
return r.Host
}
+ if r.URL == nil {
+ return ""
+ }
+
return r.URL.Host
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
index 7c6a8000f..de1292f45 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
@@ -4,6 +4,8 @@ package request
import (
"net/http"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
)
// NoBody is a http.NoBody reader instructing Go HTTP client to not include
@@ -24,7 +26,8 @@ var NoBody = http.NoBody
func (r *Request) ResetBody() {
body, err := r.getNextRequestBody()
if err != nil {
- r.Error = err
+ r.Error = awserr.New(ErrCodeSerialization,
+ "failed to reset request body", err)
return
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
index a633ed5ac..64784e16f 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
@@ -17,11 +17,13 @@ import (
// does the pagination between API operations, and Paginator defines the
// configuration that will be used per page request.
//
-// cont := true
-// for p.Next() && cont {
+// for p.Next() {
// data := p.Page().(*s3.ListObjectsOutput)
// // process the page's data
+// // ...
+// // break out of loop to stop fetching additional pages
// }
+//
// return p.Err()
//
// See service client API operation Pages methods for examples how the SDK will
@@ -146,7 +148,7 @@ func (r *Request) nextPageTokens() []interface{} {
return nil
}
case bool:
- if v == false {
+ if !v {
return nil
}
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
index d0aa54c6d..752ae47f8 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
@@ -1,32 +1,81 @@
package request
import (
+ "net"
+ "net/url"
+ "strings"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
)
-// Retryer is an interface to control retry logic for a given service.
-// The default implementation used by most services is the client.DefaultRetryer
-// structure, which contains basic retry logic using exponential backoff.
+// Retryer provides the interface drive the SDK's request retry behavior. The
+// Retryer implementation is responsible for implementing exponential backoff,
+// and determine if a request API error should be retried.
+//
+// client.DefaultRetryer is the SDK's default implementation of the Retryer. It
+// uses the which uses the Request.IsErrorRetryable and Request.IsErrorThrottle
+// methods to determine if the request is retried.
type Retryer interface {
+ // RetryRules return the retry delay that should be used by the SDK before
+ // making another request attempt for the failed request.
RetryRules(*Request) time.Duration
+
+ // ShouldRetry returns if the failed request is retryable.
+ //
+ // Implementations may consider request attempt count when determining if a
+ // request is retryable, but the SDK will use MaxRetries to limit the
+ // number of attempts a request are made.
ShouldRetry(*Request) bool
+
+ // MaxRetries is the number of times a request may be retried before
+ // failing.
MaxRetries() int
}
-// WithRetryer sets a config Retryer value to the given Config returning it
-// for chaining.
+// WithRetryer sets a Retryer value to the given Config returning the Config
+// value for chaining. The value must not be nil.
func WithRetryer(cfg *aws.Config, retryer Retryer) *aws.Config {
+ if retryer == nil {
+ if cfg.Logger != nil {
+ cfg.Logger.Log("ERROR: Request.WithRetryer called with nil retryer. Replacing with retry disabled Retryer.")
+ }
+ retryer = noOpRetryer{}
+ }
cfg.Retryer = retryer
return cfg
+
+}
+
+// noOpRetryer is a internal no op retryer used when a request is created
+// without a retryer.
+//
+// Provides a retryer that performs no retries.
+// It should be used when we do not want retries to be performed.
+type noOpRetryer struct{}
+
+// MaxRetries returns the number of maximum returns the service will use to make
+// an individual API; For NoOpRetryer the MaxRetries will always be zero.
+func (d noOpRetryer) MaxRetries() int {
+ return 0
+}
+
+// ShouldRetry will always return false for NoOpRetryer, as it should never retry.
+func (d noOpRetryer) ShouldRetry(_ *Request) bool {
+ return false
+}
+
+// RetryRules returns the delay duration before retrying this request again;
+// since NoOpRetryer does not retry, RetryRules always returns 0.
+func (d noOpRetryer) RetryRules(_ *Request) time.Duration {
+ return 0
}
// retryableCodes is a collection of service response codes which are retry-able
// without any further action.
var retryableCodes = map[string]struct{}{
- "RequestError": {},
+ ErrCodeRequestError: {},
"RequestTimeout": {},
ErrCodeResponseTimeout: {},
"RequestTimeoutException": {}, // Glacier's flavor of RequestTimeout
@@ -34,6 +83,7 @@ var retryableCodes = map[string]struct{}{
var throttleCodes = map[string]struct{}{
"ProvisionedThroughputExceededException": {},
+ "ThrottledException": {}, // SNS, XRay, ResourceGroupsTagging API
"Throttling": {},
"ThrottlingException": {},
"RequestLimitExceeded": {},
@@ -42,6 +92,7 @@ var throttleCodes = map[string]struct{}{
"TooManyRequestsException": {}, // Lambda functions
"PriorRequestNotComplete": {}, // Route53
"TransactionInProgressException": {},
+ "EC2ThrottledException": {}, // EC2
}
// credsExpiredCodes is a collection of error codes which signify the credentials
@@ -76,10 +127,6 @@ var validParentCodes = map[string]struct{}{
ErrCodeRead: {},
}
-type temporaryError interface {
- Temporary() bool
-}
-
func isNestedErrorRetryable(parentErr awserr.Error) bool {
if parentErr == nil {
return false
@@ -98,7 +145,7 @@ func isNestedErrorRetryable(parentErr awserr.Error) bool {
return isCodeRetryable(aerr.Code())
}
- if t, ok := err.(temporaryError); ok {
+ if t, ok := err.(temporary); ok {
return t.Temporary() || isErrConnectionReset(err)
}
@@ -108,32 +155,90 @@ func isNestedErrorRetryable(parentErr awserr.Error) bool {
// IsErrorRetryable returns whether the error is retryable, based on its Code.
// Returns false if error is nil.
func IsErrorRetryable(err error) bool {
- if err != nil {
- if aerr, ok := err.(awserr.Error); ok {
- return isCodeRetryable(aerr.Code()) || isNestedErrorRetryable(aerr)
+ if err == nil {
+ return false
+ }
+ return shouldRetryError(err)
+}
+
+type temporary interface {
+ Temporary() bool
+}
+
+func shouldRetryError(origErr error) bool {
+ switch err := origErr.(type) {
+ case awserr.Error:
+ if err.Code() == CanceledErrorCode {
+ return false
}
+ if isNestedErrorRetryable(err) {
+ return true
+ }
+
+ origErr := err.OrigErr()
+ var shouldRetry bool
+ if origErr != nil {
+ shouldRetry = shouldRetryError(origErr)
+ if err.Code() == ErrCodeRequestError && !shouldRetry {
+ return false
+ }
+ }
+ if isCodeRetryable(err.Code()) {
+ return true
+ }
+ return shouldRetry
+
+ case *url.Error:
+ if strings.Contains(err.Error(), "connection refused") {
+ // Refused connections should be retried as the service may not yet
+ // be running on the port. Go TCP dial considers refused
+ // connections as not temporary.
+ return true
+ }
+ // *url.Error only implements Temporary after golang 1.6 but since
+ // url.Error only wraps the error:
+ return shouldRetryError(err.Err)
+
+ case temporary:
+ if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" {
+ return true
+ }
+ // If the error is temporary, we want to allow continuation of the
+ // retry process
+ return err.Temporary() || isErrConnectionReset(origErr)
+
+ case nil:
+ // `awserr.Error.OrigErr()` can be nil, meaning there was an error but
+ // because we don't know the cause, it is marked as retryable. See
+ // TestRequest4xxUnretryable for an example.
+ return true
+
+ default:
+ switch err.Error() {
+ case "net/http: request canceled",
+ "net/http: request canceled while waiting for connection":
+ // known 1.5 error case when an http request is cancelled
+ return false
+ }
+ // here we don't know the error; so we allow a retry.
+ return true
}
- return false
}
// IsErrorThrottle returns whether the error is to be throttled based on its code.
// Returns false if error is nil.
func IsErrorThrottle(err error) bool {
- if err != nil {
- if aerr, ok := err.(awserr.Error); ok {
- return isCodeThrottle(aerr.Code())
- }
+ if aerr, ok := err.(awserr.Error); ok && aerr != nil {
+ return isCodeThrottle(aerr.Code())
}
return false
}
-// IsErrorExpiredCreds returns whether the error code is a credential expiry error.
-// Returns false if error is nil.
+// IsErrorExpiredCreds returns whether the error code is a credential expiry
+// error. Returns false if error is nil.
func IsErrorExpiredCreds(err error) bool {
- if err != nil {
- if aerr, ok := err.(awserr.Error); ok {
- return isCodeExpiredCreds(aerr.Code())
- }
+ if aerr, ok := err.(awserr.Error); ok && aerr != nil {
+ return isCodeExpiredCreds(aerr.Code())
}
return false
}
@@ -143,17 +248,58 @@ func IsErrorExpiredCreds(err error) bool {
//
// Alias for the utility function IsErrorRetryable
func (r *Request) IsErrorRetryable() bool {
+ if isErrCode(r.Error, r.RetryErrorCodes) {
+ return true
+ }
+
+ // HTTP response status code 501 should not be retried.
+ // 501 represents Not Implemented which means the request method is not
+ // supported by the server and cannot be handled.
+ if r.HTTPResponse != nil {
+ // HTTP response status code 500 represents internal server error and
+ // should be retried without any throttle.
+ if r.HTTPResponse.StatusCode == 500 {
+ return true
+ }
+ }
return IsErrorRetryable(r.Error)
}
-// IsErrorThrottle returns whether the error is to be throttled based on its code.
-// Returns false if the request has no Error set
+// IsErrorThrottle returns whether the error is to be throttled based on its
+// code. Returns false if the request has no Error set.
//
// Alias for the utility function IsErrorThrottle
func (r *Request) IsErrorThrottle() bool {
+ if isErrCode(r.Error, r.ThrottleErrorCodes) {
+ return true
+ }
+
+ if r.HTTPResponse != nil {
+ switch r.HTTPResponse.StatusCode {
+ case
+ 429, // error caused due to too many requests
+ 502, // Bad Gateway error should be throttled
+ 503, // caused when service is unavailable
+ 504: // error occurred due to gateway timeout
+ return true
+ }
+ }
+
return IsErrorThrottle(r.Error)
}
+func isErrCode(err error, codes []string) bool {
+ if aerr, ok := err.(awserr.Error); ok && aerr != nil {
+ for _, code := range codes {
+ if code == aerr.Code() {
+ return true
+ }
+ }
+ }
+
+ return false
+}
+
// IsErrorExpired returns whether the error code is a credential expiry error.
// Returns false if the request has no Error set.
//
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
new file mode 100644
index 000000000..fe6dac1f4
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
@@ -0,0 +1,267 @@
+package session
+
+import (
+ "fmt"
+ "os"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/credentials/processcreds"
+ "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+ "github.com/aws/aws-sdk-go/aws/defaults"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/internal/shareddefaults"
+)
+
+func resolveCredentials(cfg *aws.Config,
+ envCfg envConfig, sharedCfg sharedConfig,
+ handlers request.Handlers,
+ sessOpts Options,
+) (*credentials.Credentials, error) {
+
+ switch {
+ case len(sessOpts.Profile) != 0:
+ // User explicitly provided an Profile in the session's configuration
+ // so load that profile from shared config first.
+ // Github(aws/aws-sdk-go#2727)
+ return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
+
+ case envCfg.Creds.HasKeys():
+ // Environment credentials
+ return credentials.NewStaticCredentialsFromCreds(envCfg.Creds), nil
+
+ case len(envCfg.WebIdentityTokenFilePath) != 0:
+ // Web identity token from environment, RoleARN required to also be
+ // set.
+ return assumeWebIdentity(cfg, handlers,
+ envCfg.WebIdentityTokenFilePath,
+ envCfg.RoleARN,
+ envCfg.RoleSessionName,
+ )
+
+ default:
+ // Fallback to the "default" credential resolution chain.
+ return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
+ }
+}
+
+// WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but
+// 'AWS_ROLE_ARN' was not set.
+var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil)
+
+// WebIdentityEmptyTokenFilePathErr will occur if 'AWS_ROLE_ARN' was set but
+// 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set.
+var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil)
+
+func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
+ filepath string,
+ roleARN, sessionName string,
+) (*credentials.Credentials, error) {
+
+ if len(filepath) == 0 {
+ return nil, WebIdentityEmptyTokenFilePathErr
+ }
+
+ if len(roleARN) == 0 {
+ return nil, WebIdentityEmptyRoleARNErr
+ }
+
+ creds := stscreds.NewWebIdentityCredentials(
+ &Session{
+ Config: cfg,
+ Handlers: handlers.Copy(),
+ },
+ roleARN,
+ sessionName,
+ filepath,
+ )
+
+ return creds, nil
+}
+
+func resolveCredsFromProfile(cfg *aws.Config,
+ envCfg envConfig, sharedCfg sharedConfig,
+ handlers request.Handlers,
+ sessOpts Options,
+) (creds *credentials.Credentials, err error) {
+
+ switch {
+ case sharedCfg.SourceProfile != nil:
+ // Assume IAM role with credentials source from a different profile.
+ creds, err = resolveCredsFromProfile(cfg, envCfg,
+ *sharedCfg.SourceProfile, handlers, sessOpts,
+ )
+
+ case sharedCfg.Creds.HasKeys():
+ // Static Credentials from Shared Config/Credentials file.
+ creds = credentials.NewStaticCredentialsFromCreds(
+ sharedCfg.Creds,
+ )
+
+ case len(sharedCfg.CredentialProcess) != 0:
+ // Get credentials from CredentialProcess
+ creds = processcreds.NewCredentials(sharedCfg.CredentialProcess)
+
+ case len(sharedCfg.CredentialSource) != 0:
+ creds, err = resolveCredsFromSource(cfg, envCfg,
+ sharedCfg, handlers, sessOpts,
+ )
+
+ case len(sharedCfg.WebIdentityTokenFile) != 0:
+ // Credentials from Assume Web Identity token require an IAM Role, and
+ // that roll will be assumed. May be wrapped with another assume role
+ // via SourceProfile.
+ return assumeWebIdentity(cfg, handlers,
+ sharedCfg.WebIdentityTokenFile,
+ sharedCfg.RoleARN,
+ sharedCfg.RoleSessionName,
+ )
+
+ default:
+ // Fallback to default credentials provider, include mock errors for
+ // the credential chain so user can identify why credentials failed to
+ // be retrieved.
+ creds = credentials.NewCredentials(&credentials.ChainProvider{
+ VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
+ Providers: []credentials.Provider{
+ &credProviderError{
+ Err: awserr.New("EnvAccessKeyNotFound",
+ "failed to find credentials in the environment.", nil),
+ },
+ &credProviderError{
+ Err: awserr.New("SharedCredsLoad",
+ fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil),
+ },
+ defaults.RemoteCredProvider(*cfg, handlers),
+ },
+ })
+ }
+ if err != nil {
+ return nil, err
+ }
+
+ if len(sharedCfg.RoleARN) > 0 {
+ cfgCp := *cfg
+ cfgCp.Credentials = creds
+ return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts)
+ }
+
+ return creds, nil
+}
+
+// valid credential source values
+const (
+ credSourceEc2Metadata = "Ec2InstanceMetadata"
+ credSourceEnvironment = "Environment"
+ credSourceECSContainer = "EcsContainer"
+)
+
+func resolveCredsFromSource(cfg *aws.Config,
+ envCfg envConfig, sharedCfg sharedConfig,
+ handlers request.Handlers,
+ sessOpts Options,
+) (creds *credentials.Credentials, err error) {
+
+ switch sharedCfg.CredentialSource {
+ case credSourceEc2Metadata:
+ p := defaults.RemoteCredProvider(*cfg, handlers)
+ creds = credentials.NewCredentials(p)
+
+ case credSourceEnvironment:
+ creds = credentials.NewStaticCredentialsFromCreds(envCfg.Creds)
+
+ case credSourceECSContainer:
+ if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
+ return nil, ErrSharedConfigECSContainerEnvVarEmpty
+ }
+
+ p := defaults.RemoteCredProvider(*cfg, handlers)
+ creds = credentials.NewCredentials(p)
+
+ default:
+ return nil, ErrSharedConfigInvalidCredSource
+ }
+
+ return creds, nil
+}
+
+func credsFromAssumeRole(cfg aws.Config,
+ handlers request.Handlers,
+ sharedCfg sharedConfig,
+ sessOpts Options,
+) (*credentials.Credentials, error) {
+
+ if len(sharedCfg.MFASerial) != 0 && sessOpts.AssumeRoleTokenProvider == nil {
+ // AssumeRole Token provider is required if doing Assume Role
+ // with MFA.
+ return nil, AssumeRoleTokenProviderNotSetError{}
+ }
+
+ return stscreds.NewCredentials(
+ &Session{
+ Config: &cfg,
+ Handlers: handlers.Copy(),
+ },
+ sharedCfg.RoleARN,
+ func(opt *stscreds.AssumeRoleProvider) {
+ opt.RoleSessionName = sharedCfg.RoleSessionName
+
+ if sessOpts.AssumeRoleDuration == 0 &&
+ sharedCfg.AssumeRoleDuration != nil &&
+ *sharedCfg.AssumeRoleDuration/time.Minute > 15 {
+ opt.Duration = *sharedCfg.AssumeRoleDuration
+ } else if sessOpts.AssumeRoleDuration != 0 {
+ opt.Duration = sessOpts.AssumeRoleDuration
+ }
+
+ // Assume role with external ID
+ if len(sharedCfg.ExternalID) > 0 {
+ opt.ExternalID = aws.String(sharedCfg.ExternalID)
+ }
+
+ // Assume role with MFA
+ if len(sharedCfg.MFASerial) > 0 {
+ opt.SerialNumber = aws.String(sharedCfg.MFASerial)
+ opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
+ }
+ },
+ ), nil
+}
+
+// AssumeRoleTokenProviderNotSetError is an error returned when creating a
+// session when the MFAToken option is not set when shared config is configured
+// load assume a role with an MFA token.
+type AssumeRoleTokenProviderNotSetError struct{}
+
+// Code is the short id of the error.
+func (e AssumeRoleTokenProviderNotSetError) Code() string {
+ return "AssumeRoleTokenProviderNotSetError"
+}
+
+// Message is the description of the error
+func (e AssumeRoleTokenProviderNotSetError) Message() string {
+ return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
+ return nil
+}
+
+// Error satisfies the error interface.
+func (e AssumeRoleTokenProviderNotSetError) Error() string {
+ return awserr.SprintError(e.Code(), e.Message(), "", nil)
+}
+
+type credProviderError struct {
+ Err error
+}
+
+func (c credProviderError) Retrieve() (credentials.Value, error) {
+ return credentials.Value{}, c.Err
+}
+func (c credProviderError) IsExpired() bool {
+ return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
new file mode 100644
index 000000000..593aedc42
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
@@ -0,0 +1,27 @@
+// +build go1.13
+
+package session
+
+import (
+ "net"
+ "net/http"
+ "time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCustomTransport() *http.Transport {
+ return &http.Transport{
+ Proxy: http.ProxyFromEnvironment,
+ DialContext: (&net.Dialer{
+ Timeout: 30 * time.Second,
+ KeepAlive: 30 * time.Second,
+ DualStack: true,
+ }).DialContext,
+ ForceAttemptHTTP2: true,
+ MaxIdleConns: 100,
+ IdleConnTimeout: 90 * time.Second,
+ TLSHandshakeTimeout: 10 * time.Second,
+ ExpectContinueTimeout: 1 * time.Second,
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go
similarity index 88%
rename from vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go
rename to vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go
index ea9ebb6f6..1bf31cf8e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go
@@ -1,4 +1,4 @@
-// +build go1.7
+// +build !go1.13,go1.7
package session
@@ -10,7 +10,7 @@ import (
// Transport that should be used when a custom CA bundle is specified with the
// SDK.
-func getCABundleTransport() *http.Transport {
+func getCustomTransport() *http.Transport {
return &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go
similarity index 88%
rename from vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go
rename to vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go
index fec39dfc1..253d7bc9d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go
@@ -10,7 +10,7 @@ import (
// Transport that should be used when a custom CA bundle is specified with the
// SDK.
-func getCABundleTransport() *http.Transport {
+func getCustomTransport() *http.Transport {
return &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go
similarity index 90%
rename from vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go
rename to vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go
index 1c5a5391e..db2406054 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go
@@ -10,7 +10,7 @@ import (
// Transport that should be used when a custom CA bundle is specified with the
// SDK.
-func getCABundleTransport() *http.Transport {
+func getCustomTransport() *http.Transport {
return &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
index 38a7b05a6..9419b518d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
@@ -1,97 +1,93 @@
/*
-Package session provides configuration for the SDK's service clients.
-
-Sessions can be shared across all service clients that share the same base
-configuration. The Session is built from the SDK's default configuration and
-request handlers.
-
-Sessions should be cached when possible, because creating a new Session will
-load all configuration values from the environment, and config files each time
-the Session is created. Sharing the Session value across all of your service
-clients will ensure the configuration is loaded the fewest number of times possible.
-
-Concurrency
+Package session provides configuration for the SDK's service clients. Sessions
+can be shared across service clients that share the same base configuration.
Sessions are safe to use concurrently as long as the Session is not being
-modified. The SDK will not modify the Session once the Session has been created.
-Creating service clients concurrently from a shared Session is safe.
-
-Sessions from Shared Config
-
-Sessions can be created using the method above that will only load the
-additional config if the AWS_SDK_LOAD_CONFIG environment variable is set.
-Alternatively you can explicitly create a Session with shared config enabled.
-To do this you can use NewSessionWithOptions to configure how the Session will
-be created. Using the NewSessionWithOptions with SharedConfigState set to
-SharedConfigEnable will create the session as if the AWS_SDK_LOAD_CONFIG
-environment variable was set.
-
-Creating Sessions
+modified. Sessions should be cached when possible, because creating a new
+Session will load all configuration values from the environment, and config
+files each time the Session is created. Sharing the Session value across all of
+your service clients will ensure the configuration is loaded the fewest number
+of times possible.
-When creating Sessions optional aws.Config values can be passed in that will
-override the default, or loaded config values the Session is being created
-with. This allows you to provide additional, or case based, configuration
-as needed.
+Sessions options from Shared Config
By default NewSession will only load credentials from the shared credentials
file (~/.aws/credentials). If the AWS_SDK_LOAD_CONFIG environment variable is
set to a truthy value the Session will be created from the configuration
values from the shared config (~/.aws/config) and shared credentials
-(~/.aws/credentials) files. See the section Sessions from Shared Config for
-more information.
+(~/.aws/credentials) files. Using the NewSessionWithOptions with
+SharedConfigState set to SharedConfigEnable will create the session as if the
+AWS_SDK_LOAD_CONFIG environment variable was set.
-Create a Session with the default config and request handlers. With credentials
-region, and profile loaded from the environment and shared config automatically.
-Requires the AWS_PROFILE to be set, or "default" is used.
+Credential and config loading order
- // Create Session
- sess := session.Must(session.NewSession())
+The Session will attempt to load configuration and credentials from the
+environment, configuration files, and other credential sources. The order
+configuration is loaded in is:
- // Create a Session with a custom region
- sess := session.Must(session.NewSession(&aws.Config{
- Region: aws.String("us-east-1"),
- }))
+ * Environment Variables
+ * Shared Credentials file
+ * Shared Configuration file (if SharedConfig is enabled)
+ * EC2 Instance Metadata (credentials only)
- // Create a S3 client instance from a session
- sess := session.Must(session.NewSession())
+The Environment variables for credentials will have precedence over shared
+config even if SharedConfig is enabled. To override this behavior, and use
+shared config credentials instead specify the session.Options.Profile, (e.g.
+when using credential_source=Environment to assume a role).
- svc := s3.New(sess)
+ sess, err := session.NewSessionWithOptions(session.Options{
+ Profile: "myProfile",
+ })
-Create Session With Option Overrides
+Creating Sessions
+
+Creating a Session without additional options will load credentials region, and
+profile loaded from the environment and shared config automatically. See,
+"Environment Variables" section for information on environment variables used
+by Session.
+
+ // Create Session
+ sess, err := session.NewSession()
+
+
+When creating Sessions optional aws.Config values can be passed in that will
+override the default, or loaded, config values the Session is being created
+with. This allows you to provide additional, or case based, configuration
+as needed.
-In addition to NewSession, Sessions can be created using NewSessionWithOptions.
-This func allows you to control and override how the Session will be created
-through code instead of being driven by environment variables only.
+ // Create a Session with a custom region
+ sess, err := session.NewSession(&aws.Config{
+ Region: aws.String("us-west-2"),
+ })
-Use NewSessionWithOptions when you want to provide the config profile, or
-override the shared config state (AWS_SDK_LOAD_CONFIG).
+Use NewSessionWithOptions to provide additional configuration driving how the
+Session's configuration will be loaded. Such as, specifying shared config
+profile, or override the shared config state, (AWS_SDK_LOAD_CONFIG).
// Equivalent to session.NewSession()
- sess := session.Must(session.NewSessionWithOptions(session.Options{
+ sess, err := session.NewSessionWithOptions(session.Options{
// Options
- }))
+ })
- // Specify profile to load for the session's config
- sess := session.Must(session.NewSessionWithOptions(session.Options{
- Profile: "profile_name",
- }))
+ sess, err := session.NewSessionWithOptions(session.Options{
+ // Specify profile to load for the session's config
+ Profile: "profile_name",
- // Specify profile for config and region for requests
- sess := session.Must(session.NewSessionWithOptions(session.Options{
- Config: aws.Config{Region: aws.String("us-east-1")},
- Profile: "profile_name",
- }))
+ // Provide SDK Config options, such as Region.
+ Config: aws.Config{
+ Region: aws.String("us-west-2"),
+ },
- // Force enable Shared Config support
- sess := session.Must(session.NewSessionWithOptions(session.Options{
+ // Force enable Shared Config support
SharedConfigState: session.SharedConfigEnable,
- }))
+ })
Adding Handlers
-You can add handlers to a session for processing HTTP requests. All service
-clients that use the session inherit the handlers. For example, the following
-handler logs every request and its payload made by a service client:
+You can add handlers to a session to decorate API operation, (e.g. adding HTTP
+headers). All clients that use the Session receive a copy of the Session's
+handlers. For example, the following request handler added to the Session logs
+every requests made.
// Create a session, and add additional handlers for all service
// clients created with the Session to inherit. Adds logging handler.
@@ -99,22 +95,15 @@ handler logs every request and its payload made by a service client:
sess.Handlers.Send.PushFront(func(r *request.Request) {
// Log every request made and its payload
- logger.Printf("Request: %s/%s, Payload: %s",
+ logger.Printf("Request: %s/%s, Params: %s",
r.ClientInfo.ServiceName, r.Operation, r.Params)
})
-Deprecated "New" function
-
-The New session function has been deprecated because it does not provide good
-way to return errors that occur when loading the configuration files and values.
-Because of this, NewSession was created so errors can be retrieved when
-creating a session fails.
-
Shared Config Fields
-By default the SDK will only load the shared credentials file's (~/.aws/credentials)
-credentials values, and all other config is provided by the environment variables,
-SDK defaults, and user provided aws.Config values.
+By default the SDK will only load the shared credentials file's
+(~/.aws/credentials) credentials values, and all other config is provided by
+the environment variables, SDK defaults, and user provided aws.Config values.
If the AWS_SDK_LOAD_CONFIG environment variable is set, or SharedConfigEnable
option is used to create the Session the full shared config values will be
@@ -125,24 +114,31 @@ files have the same format.
If both config files are present the configuration from both files will be
read. The Session will be created from configuration values from the shared
-credentials file (~/.aws/credentials) over those in the shared config file (~/.aws/config).
+credentials file (~/.aws/credentials) over those in the shared config file
+(~/.aws/config).
-Credentials are the values the SDK should use for authenticating requests with
-AWS Services. They are from a configuration file will need to include both
-aws_access_key_id and aws_secret_access_key must be provided together in the
-same file to be considered valid. The values will be ignored if not a complete
-group. aws_session_token is an optional field that can be provided if both of
-the other two fields are also provided.
+Credentials are the values the SDK uses to authenticating requests with AWS
+Services. When specified in a file, both aws_access_key_id and
+aws_secret_access_key must be provided together in the same file to be
+considered valid. They will be ignored if both are not present.
+aws_session_token is an optional field that can be provided in addition to the
+other two fields.
aws_access_key_id = AKID
aws_secret_access_key = SECRET
aws_session_token = TOKEN
-Assume Role values allow you to configure the SDK to assume an IAM role using
-a set of credentials provided in a config file via the source_profile field.
-Both "role_arn" and "source_profile" are required. The SDK supports assuming
-a role with MFA token if the session option AssumeRoleTokenProvider
-is set.
+ ; region only supported if SharedConfigEnabled.
+ region = us-east-1
+
+Assume Role configuration
+
+The role_arn field allows you to configure the SDK to assume an IAM role using
+a set of credentials from another source. Such as when paired with static
+credentials, "profile_source", "credential_process", or "credential_source"
+fields. If "role_arn" is provided, a source of credentials must also be
+specified, such as "source_profile", "credential_source", or
+"credential_process".
role_arn = arn:aws:iam:::role/
source_profile = profile_with_creds
@@ -150,40 +146,16 @@ is set.
mfa_serial =
role_session_name = session_name
-Region is the region the SDK should use for looking up AWS service endpoints
-and signing requests.
-
- region = us-east-1
-
-Assume Role with MFA token
-To create a session with support for assuming an IAM role with MFA set the
-session option AssumeRoleTokenProvider to a function that will prompt for the
-MFA token code when the SDK assumes the role and refreshes the role's credentials.
-This allows you to configure the SDK via the shared config to assumea role
-with MFA tokens.
-
-In order for the SDK to assume a role with MFA the SharedConfigState
-session option must be set to SharedConfigEnable, or AWS_SDK_LOAD_CONFIG
-environment variable set.
-
-The shared configuration instructs the SDK to assume an IAM role with MFA
-when the mfa_serial configuration field is set in the shared config
-(~/.aws/config) or shared credentials (~/.aws/credentials) file.
-
-If mfa_serial is set in the configuration, the SDK will assume the role, and
-the AssumeRoleTokenProvider session option is not set an an error will
-be returned when creating the session.
+The SDK supports assuming a role with MFA token. If "mfa_serial" is set, you
+must also set the Session Option.AssumeRoleTokenProvider. The Session will fail
+to load if the AssumeRoleTokenProvider is not specified.
sess := session.Must(session.NewSessionWithOptions(session.Options{
AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
}))
- // Create service client value configured for credentials
- // from assumed role.
- svc := s3.New(sess)
-
-To setup assume role outside of a session see the stscreds.AssumeRoleProvider
+To setup Assume Role outside of a session see the stscreds.AssumeRoleProvider
documentation.
Environment Variables
@@ -236,6 +208,8 @@ env values as well.
AWS_SDK_LOAD_CONFIG=1
+Custom Shared Config and Credential Files
+
Shared credentials file path can be set to instruct the SDK to use an alternative
file for the shared credentials. If not set the file will be loaded from
$HOME/.aws/credentials on Linux/Unix based systems, and
@@ -250,6 +224,8 @@ $HOME/.aws/config on Linux/Unix based systems, and
AWS_CONFIG_FILE=$HOME/my_shared_config
+Custom CA Bundle
+
Path to a custom Credentials Authority (CA) bundle PEM file that the SDK
will use instead of the default system's root CA bundle. Use this only
if you want to replace the CA bundle the SDK uses for TLS requests.
@@ -269,5 +245,45 @@ over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
Setting a custom HTTPClient in the aws.Config options will override this setting.
To use this option and custom HTTP client, the HTTP client needs to be provided
when creating the session. Not the service client.
+
+Custom Client TLS Certificate
+
+The SDK supports the environment and session option being configured with
+Client TLS certificates that are sent as a part of the client's TLS handshake
+for client authentication. If used, both Cert and Key values are required. If
+one is missing, or either fail to load the contents of the file an error will
+be returned.
+
+HTTP Client's Transport concrete implementation must be a http.Transport
+or creating the session will fail.
+
+ AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
+ AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
+
+This can also be configured via the session.Options ClientTLSCert and ClientTLSKey.
+
+ sess, err := session.NewSessionWithOptions(session.Options{
+ ClientTLSCert: myCertFile,
+ ClientTLSKey: myKeyFile,
+ })
+
+Custom EC2 IMDS Endpoint
+
+The endpoint of the EC2 IMDS client can be configured via the environment
+variable, AWS_EC2_METADATA_SERVICE_ENDPOINT when creating the client with a
+Session. See Options.EC2IMDSEndpoint for more details.
+
+ AWS_EC2_METADATA_SERVICE_ENDPOINT=http://169.254.169.254
+
+If using an URL with an IPv6 address literal, the IPv6 address
+component must be enclosed in square brackets.
+
+ AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
+
+The custom EC2 IMDS endpoint can also be specified via the Session options.
+
+ sess, err := session.NewSessionWithOptions(session.Options{
+ EC2IMDSEndpoint: "http://[::1]",
+ })
*/
package session
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
index e3959b959..3cd5d4b5a 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
@@ -1,12 +1,15 @@
package session
import (
+ "fmt"
"os"
"strconv"
+ "strings"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/defaults"
+ "github.com/aws/aws-sdk-go/aws/endpoints"
)
// EnvProviderName provides a name of the provider when config is loaded from environment.
@@ -98,22 +101,79 @@ type envConfig struct {
// AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
CustomCABundle string
+ // Sets the TLC client certificate that should be used by the SDK's HTTP transport
+ // when making requests. The certificate must be paired with a TLS client key file.
+ //
+ // AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
+ ClientTLSCert string
+
+ // Sets the TLC client key that should be used by the SDK's HTTP transport
+ // when making requests. The key must be paired with a TLS client certificate file.
+ //
+ // AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
+ ClientTLSKey string
+
csmEnabled string
- CSMEnabled bool
+ CSMEnabled *bool
CSMPort string
+ CSMHost string
CSMClientID string
- enableEndpointDiscovery string
// Enables endpoint discovery via environment variables.
//
// AWS_ENABLE_ENDPOINT_DISCOVERY=true
EnableEndpointDiscovery *bool
+ enableEndpointDiscovery string
+
+ // Specifies the WebIdentity token the SDK should use to assume a role
+ // with.
+ //
+ // AWS_WEB_IDENTITY_TOKEN_FILE=file_path
+ WebIdentityTokenFilePath string
+
+ // Specifies the IAM role arn to use when assuming an role.
+ //
+ // AWS_ROLE_ARN=role_arn
+ RoleARN string
+
+ // Specifies the IAM role session name to use when assuming a role.
+ //
+ // AWS_ROLE_SESSION_NAME=session_name
+ RoleSessionName string
+
+ // Specifies the STS Regional Endpoint flag for the SDK to resolve the endpoint
+ // for a service.
+ //
+ // AWS_STS_REGIONAL_ENDPOINTS=regional
+ // This can take value as `regional` or `legacy`
+ STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+ // Specifies the S3 Regional Endpoint flag for the SDK to resolve the
+ // endpoint for a service.
+ //
+ // AWS_S3_US_EAST_1_REGIONAL_ENDPOINT=regional
+ // This can take value as `regional` or `legacy`
+ S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
+
+ // Specifies if the S3 service should allow ARNs to direct the region
+ // the client's requests are sent to.
+ //
+ // AWS_S3_USE_ARN_REGION=true
+ S3UseARNRegion bool
+
+ // Specifies the alternative endpoint to use for EC2 IMDS.
+ //
+ // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
+ EC2IMDSEndpoint string
}
var (
csmEnabledEnvKey = []string{
"AWS_CSM_ENABLED",
}
+ csmHostEnvKey = []string{
+ "AWS_CSM_HOST",
+ }
csmPortEnvKey = []string{
"AWS_CSM_PORT",
}
@@ -150,6 +210,36 @@ var (
sharedConfigFileEnvKey = []string{
"AWS_CONFIG_FILE",
}
+ webIdentityTokenFilePathEnvKey = []string{
+ "AWS_WEB_IDENTITY_TOKEN_FILE",
+ }
+ roleARNEnvKey = []string{
+ "AWS_ROLE_ARN",
+ }
+ roleSessionNameEnvKey = []string{
+ "AWS_ROLE_SESSION_NAME",
+ }
+ stsRegionalEndpointKey = []string{
+ "AWS_STS_REGIONAL_ENDPOINTS",
+ }
+ s3UsEast1RegionalEndpoint = []string{
+ "AWS_S3_US_EAST_1_REGIONAL_ENDPOINT",
+ }
+ s3UseARNRegionEnvKey = []string{
+ "AWS_S3_USE_ARN_REGION",
+ }
+ ec2IMDSEndpointEnvKey = []string{
+ "AWS_EC2_METADATA_SERVICE_ENDPOINT",
+ }
+ useCABundleKey = []string{
+ "AWS_CA_BUNDLE",
+ }
+ useClientTLSCert = []string{
+ "AWS_SDK_GO_CLIENT_TLS_CERT",
+ }
+ useClientTLSKey = []string{
+ "AWS_SDK_GO_CLIENT_TLS_KEY",
+ }
)
// loadEnvConfig retrieves the SDK's environment configuration.
@@ -158,7 +248,7 @@ var (
// If the environment variable `AWS_SDK_LOAD_CONFIG` is set to a truthy value
// the shared SDK config will be loaded in addition to the SDK's specific
// configuration values.
-func loadEnvConfig() envConfig {
+func loadEnvConfig() (envConfig, error) {
enableSharedConfig, _ := strconv.ParseBool(os.Getenv("AWS_SDK_LOAD_CONFIG"))
return envConfigLoad(enableSharedConfig)
}
@@ -169,30 +259,42 @@ func loadEnvConfig() envConfig {
// Loads the shared configuration in addition to the SDK's specific configuration.
// This will load the same values as `loadEnvConfig` if the `AWS_SDK_LOAD_CONFIG`
// environment variable is set.
-func loadSharedEnvConfig() envConfig {
+func loadSharedEnvConfig() (envConfig, error) {
return envConfigLoad(true)
}
-func envConfigLoad(enableSharedConfig bool) envConfig {
+func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
cfg := envConfig{}
cfg.EnableSharedConfig = enableSharedConfig
- setFromEnvVal(&cfg.Creds.AccessKeyID, credAccessEnvKey)
- setFromEnvVal(&cfg.Creds.SecretAccessKey, credSecretEnvKey)
- setFromEnvVal(&cfg.Creds.SessionToken, credSessionEnvKey)
+ // Static environment credentials
+ var creds credentials.Value
+ setFromEnvVal(&creds.AccessKeyID, credAccessEnvKey)
+ setFromEnvVal(&creds.SecretAccessKey, credSecretEnvKey)
+ setFromEnvVal(&creds.SessionToken, credSessionEnvKey)
+ if creds.HasKeys() {
+ // Require logical grouping of credentials
+ creds.ProviderName = EnvProviderName
+ cfg.Creds = creds
+ }
+
+ // Role Metadata
+ setFromEnvVal(&cfg.RoleARN, roleARNEnvKey)
+ setFromEnvVal(&cfg.RoleSessionName, roleSessionNameEnvKey)
+
+ // Web identity environment variables
+ setFromEnvVal(&cfg.WebIdentityTokenFilePath, webIdentityTokenFilePathEnvKey)
// CSM environment variables
setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey)
+ setFromEnvVal(&cfg.CSMHost, csmHostEnvKey)
setFromEnvVal(&cfg.CSMPort, csmPortEnvKey)
setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey)
- cfg.CSMEnabled = len(cfg.csmEnabled) > 0
- // Require logical grouping of credentials
- if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 {
- cfg.Creds = credentials.Value{}
- } else {
- cfg.Creds.ProviderName = EnvProviderName
+ if len(cfg.csmEnabled) != 0 {
+ v, _ := strconv.ParseBool(cfg.csmEnabled)
+ cfg.CSMEnabled = &v
}
regionKeys := regionEnvKeys
@@ -221,14 +323,54 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
cfg.SharedConfigFile = defaults.SharedConfigFilename()
}
- cfg.CustomCABundle = os.Getenv("AWS_CA_BUNDLE")
+ setFromEnvVal(&cfg.CustomCABundle, useCABundleKey)
+ setFromEnvVal(&cfg.ClientTLSCert, useClientTLSCert)
+ setFromEnvVal(&cfg.ClientTLSKey, useClientTLSKey)
+
+ var err error
+ // STS Regional Endpoint variable
+ for _, k := range stsRegionalEndpointKey {
+ if v := os.Getenv(k); len(v) != 0 {
+ cfg.STSRegionalEndpoint, err = endpoints.GetSTSRegionalEndpoint(v)
+ if err != nil {
+ return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
+ }
+ }
+ }
+
+ // S3 Regional Endpoint variable
+ for _, k := range s3UsEast1RegionalEndpoint {
+ if v := os.Getenv(k); len(v) != 0 {
+ cfg.S3UsEast1RegionalEndpoint, err = endpoints.GetS3UsEast1RegionalEndpoint(v)
+ if err != nil {
+ return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
+ }
+ }
+ }
+
+ var s3UseARNRegion string
+ setFromEnvVal(&s3UseARNRegion, s3UseARNRegionEnvKey)
+ if len(s3UseARNRegion) != 0 {
+ switch {
+ case strings.EqualFold(s3UseARNRegion, "false"):
+ cfg.S3UseARNRegion = false
+ case strings.EqualFold(s3UseARNRegion, "true"):
+ cfg.S3UseARNRegion = true
+ default:
+ return envConfig{}, fmt.Errorf(
+ "invalid value for environment variable, %s=%s, need true or false",
+ s3UseARNRegionEnvKey[0], s3UseARNRegion)
+ }
+ }
+
+ setFromEnvVal(&cfg.EC2IMDSEndpoint, ec2IMDSEndpointEnvKey)
- return cfg
+ return cfg, nil
}
func setFromEnvVal(dst *string, keys []string) {
for _, k := range keys {
- if v := os.Getenv(k); len(v) > 0 {
+ if v := os.Getenv(k); len(v) != 0 {
*dst = v
break
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
index be4b5f077..08713cc34 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
@@ -8,25 +8,30 @@ import (
"io/ioutil"
"net/http"
"os"
+ "time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/corehandlers"
"github.com/aws/aws-sdk-go/aws/credentials"
- "github.com/aws/aws-sdk-go/aws/credentials/processcreds"
- "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/csm"
"github.com/aws/aws-sdk-go/aws/defaults"
"github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/aws/aws-sdk-go/aws/request"
- "github.com/aws/aws-sdk-go/internal/shareddefaults"
)
const (
// ErrCodeSharedConfig represents an error that occurs in the shared
// configuration logic
ErrCodeSharedConfig = "SharedConfigErr"
+
+ // ErrCodeLoadCustomCABundle error code for unable to load custom CA bundle.
+ ErrCodeLoadCustomCABundle = "LoadCustomCABundleError"
+
+ // ErrCodeLoadClientTLSCert error code for unable to load client TLS
+ // certificate or key
+ ErrCodeLoadClientTLSCert = "LoadClientTLSCertError"
)
// ErrSharedConfigSourceCollision will be returned if a section contains both
@@ -50,6 +55,8 @@ var ErrSharedConfigInvalidCredSource = awserr.New(ErrCodeSharedConfig, "credenti
type Session struct {
Config *aws.Config
Handlers request.Handlers
+
+ options Options
}
// New creates a new instance of the handlers merging in the provided configs
@@ -75,7 +82,7 @@ type Session struct {
// func is called instead of waiting to receive an error until a request is made.
func New(cfgs ...*aws.Config) *Session {
// load initial config from environment
- envCfg := loadEnvConfig()
+ envCfg, envErr := loadEnvConfig()
if envCfg.EnableSharedConfig {
var cfg aws.Config
@@ -95,19 +102,28 @@ func New(cfgs ...*aws.Config) *Session {
// Session creation failed, need to report the error and prevent
// any requests from succeeding.
s = &Session{Config: defaults.Config()}
- s.Config.MergeIn(cfgs...)
- s.Config.Logger.Log("ERROR:", msg, "Error:", err)
- s.Handlers.Validate.PushBack(func(r *request.Request) {
- r.Error = err
- })
+ s.logDeprecatedNewSessionError(msg, err, cfgs)
}
return s
}
- s := deprecatedNewSession(cfgs...)
- if envCfg.CSMEnabled {
- enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger)
+ s := deprecatedNewSession(envCfg, cfgs...)
+ if envErr != nil {
+ msg := "failed to load env config"
+ s.logDeprecatedNewSessionError(msg, envErr, cfgs)
+ }
+
+ if csmCfg, err := loadCSMConfig(envCfg, []string{}); err != nil {
+ if l := s.Config.Logger; l != nil {
+ l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err))
+ }
+ } else if csmCfg.Enabled {
+ err := enableCSM(&s.Handlers, csmCfg, s.Config.Logger)
+ if err != nil {
+ msg := "failed to enable CSM"
+ s.logDeprecatedNewSessionError(msg, err, cfgs)
+ }
}
return s
@@ -126,7 +142,7 @@ func New(cfgs ...*aws.Config) *Session {
// to be built with retrieving credentials with AssumeRole set in the config.
//
// See the NewSessionWithOptions func for information on how to override or
-// control through code how the Session will be created. Such as specifying the
+// control through code how the Session will be created, such as specifying the
// config profile, and controlling if shared config is enabled or not.
func NewSession(cfgs ...*aws.Config) (*Session, error) {
opts := Options{}
@@ -210,20 +226,78 @@ type Options struct {
// the config enables assume role wit MFA via the mfa_serial field.
AssumeRoleTokenProvider func() (string, error)
+ // When the SDK's shared config is configured to assume a role this option
+ // may be provided to set the expiry duration of the STS credentials.
+ // Defaults to 15 minutes if not set as documented in the
+ // stscreds.AssumeRoleProvider.
+ AssumeRoleDuration time.Duration
+
// Reader for a custom Credentials Authority (CA) bundle in PEM format that
// the SDK will use instead of the default system's root CA bundle. Use this
// only if you want to replace the CA bundle the SDK uses for TLS requests.
//
- // Enabling this option will attempt to merge the Transport into the SDK's HTTP
- // client. If the client's Transport is not a http.Transport an error will be
- // returned. If the Transport's TLS config is set this option will cause the SDK
+ // HTTP Client's Transport concrete implementation must be a http.Transport
+ // or creating the session will fail.
+ //
+ // If the Transport's TLS config is set this option will cause the SDK
// to overwrite the Transport's TLS config's RootCAs value. If the CA
// bundle reader contains multiple certificates all of them will be loaded.
//
- // The Session option CustomCABundle is also available when creating sessions
- // to also enable this feature. CustomCABundle session option field has priority
- // over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
+ // Can also be specified via the environment variable:
+ //
+ // AWS_CA_BUNDLE=$HOME/ca_bundle
+ //
+ // Can also be specified via the shared config field:
+ //
+ // ca_bundle = $HOME/ca_bundle
CustomCABundle io.Reader
+
+ // Reader for the TLC client certificate that should be used by the SDK's
+ // HTTP transport when making requests. The certificate must be paired with
+ // a TLS client key file. Will be ignored if both are not provided.
+ //
+ // HTTP Client's Transport concrete implementation must be a http.Transport
+ // or creating the session will fail.
+ //
+ // Can also be specified via the environment variable:
+ //
+ // AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
+ ClientTLSCert io.Reader
+
+ // Reader for the TLC client key that should be used by the SDK's HTTP
+ // transport when making requests. The key must be paired with a TLS client
+ // certificate file. Will be ignored if both are not provided.
+ //
+ // HTTP Client's Transport concrete implementation must be a http.Transport
+ // or creating the session will fail.
+ //
+ // Can also be specified via the environment variable:
+ //
+ // AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
+ ClientTLSKey io.Reader
+
+ // The handlers that the session and all API clients will be created with.
+ // This must be a complete set of handlers. Use the defaults.Handlers()
+ // function to initialize this value before changing the handlers to be
+ // used by the SDK.
+ Handlers request.Handlers
+
+ // Allows specifying a custom endpoint to be used by the EC2 IMDS client
+ // when making requests to the EC2 IMDS API. The must endpoint value must
+ // include protocol prefix.
+ //
+ // If unset, will the EC2 IMDS client will use its default endpoint.
+ //
+ // Can also be specified via the environment variable,
+ // AWS_EC2_METADATA_SERVICE_ENDPOINT.
+ //
+ // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://169.254.169.254
+ //
+ // If using an URL with an IPv6 address literal, the IPv6 address
+ // component must be enclosed in square brackets.
+ //
+ // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
+ EC2IMDSEndpoint string
}
// NewSessionWithOptions returns a new Session created from SDK defaults, config files,
@@ -257,13 +331,20 @@ type Options struct {
// }))
func NewSessionWithOptions(opts Options) (*Session, error) {
var envCfg envConfig
+ var err error
if opts.SharedConfigState == SharedConfigEnable {
- envCfg = loadSharedEnvConfig()
+ envCfg, err = loadSharedEnvConfig()
+ if err != nil {
+ return nil, fmt.Errorf("failed to load shared config, %v", err)
+ }
} else {
- envCfg = loadEnvConfig()
+ envCfg, err = loadEnvConfig()
+ if err != nil {
+ return nil, fmt.Errorf("failed to load environment config, %v", err)
+ }
}
- if len(opts.Profile) > 0 {
+ if len(opts.Profile) != 0 {
envCfg.Profile = opts.Profile
}
@@ -274,17 +355,6 @@ func NewSessionWithOptions(opts Options) (*Session, error) {
envCfg.EnableSharedConfig = true
}
- // Only use AWS_CA_BUNDLE if session option is not provided.
- if len(envCfg.CustomCABundle) != 0 && opts.CustomCABundle == nil {
- f, err := os.Open(envCfg.CustomCABundle)
- if err != nil {
- return nil, awserr.New("LoadCustomCABundleError",
- "failed to open custom CA bundle PEM file", err)
- }
- defer f.Close()
- opts.CustomCABundle = f
- }
-
return newSession(opts, envCfg, &opts.Config)
}
@@ -303,7 +373,25 @@ func Must(sess *Session, err error) *Session {
return sess
}
-func deprecatedNewSession(cfgs ...*aws.Config) *Session {
+// Wraps the endpoint resolver with a resolver that will return a custom
+// endpoint for EC2 IMDS.
+func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string) endpoints.Resolver {
+ return endpoints.ResolverFunc(
+ func(service, region string, opts ...func(*endpoints.Options)) (
+ endpoints.ResolvedEndpoint, error,
+ ) {
+ if service == ec2MetadataServiceID {
+ return endpoints.ResolvedEndpoint{
+ URL: endpoint,
+ SigningName: ec2MetadataServiceID,
+ SigningRegion: region,
+ }, nil
+ }
+ return resolver.EndpointFor(service, region)
+ })
+}
+
+func deprecatedNewSession(envCfg envConfig, cfgs ...*aws.Config) *Session {
cfg := defaults.Config()
handlers := defaults.Handlers()
@@ -315,6 +403,11 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session {
// endpoints for service client configurations.
cfg.EndpointResolver = endpoints.DefaultResolver()
}
+
+ if len(envCfg.EC2IMDSEndpoint) != 0 {
+ cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint)
+ }
+
cfg.Credentials = defaults.CredChain(cfg, handlers)
// Reapply any passed in configs to override credentials if set
@@ -323,33 +416,42 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session {
s := &Session{
Config: cfg,
Handlers: handlers,
+ options: Options{
+ EC2IMDSEndpoint: envCfg.EC2IMDSEndpoint,
+ },
}
initHandlers(s)
return s
}
-func enableCSM(handlers *request.Handlers, clientID string, port string, logger aws.Logger) {
- logger.Log("Enabling CSM")
- if len(port) == 0 {
- port = csm.DefaultPort
+func enableCSM(handlers *request.Handlers, cfg csmConfig, logger aws.Logger) error {
+ if logger != nil {
+ logger.Log("Enabling CSM")
}
- r, err := csm.Start(clientID, "127.0.0.1:"+port)
+ r, err := csm.Start(cfg.ClientID, csm.AddressWithDefaults(cfg.Host, cfg.Port))
if err != nil {
- return
+ return err
}
r.InjectHandlers(handlers)
+
+ return nil
}
func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
cfg := defaults.Config()
- handlers := defaults.Handlers()
+
+ handlers := opts.Handlers
+ if handlers.IsEmpty() {
+ handlers = defaults.Handlers()
+ }
// Get a merged version of the user provided config to determine if
// credentials were.
userCfg := &aws.Config{}
userCfg.MergeIn(cfgs...)
+ cfg.MergeIn(userCfg)
// Ordered config files will be loaded in with later files overwriting
// previous config file values.
@@ -366,51 +468,166 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
}
// Load additional config from file(s)
- sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles)
+ sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles, envCfg.EnableSharedConfig)
if err != nil {
- return nil, err
+ if len(envCfg.Profile) == 0 && !envCfg.EnableSharedConfig && (envCfg.Creds.HasKeys() || userCfg.Credentials != nil) {
+ // Special case where the user has not explicitly specified an AWS_PROFILE,
+ // or session.Options.profile, shared config is not enabled, and the
+ // environment has credentials, allow the shared config file to fail to
+ // load since the user has already provided credentials, and nothing else
+ // is required to be read file. Github(aws/aws-sdk-go#2455)
+ } else if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
+ return nil, err
+ }
}
if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil {
return nil, err
}
+ if err := setTLSOptions(&opts, cfg, envCfg, sharedCfg); err != nil {
+ return nil, err
+ }
+
s := &Session{
Config: cfg,
Handlers: handlers,
+ options: opts,
}
initHandlers(s)
- if envCfg.CSMEnabled {
- enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger)
+
+ if csmCfg, err := loadCSMConfig(envCfg, cfgFiles); err != nil {
+ if l := s.Config.Logger; l != nil {
+ l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err))
+ }
+ } else if csmCfg.Enabled {
+ err = enableCSM(&s.Handlers, csmCfg, s.Config.Logger)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return s, nil
+}
+
+type csmConfig struct {
+ Enabled bool
+ Host string
+ Port string
+ ClientID string
+}
+
+var csmProfileName = "aws_csm"
+
+func loadCSMConfig(envCfg envConfig, cfgFiles []string) (csmConfig, error) {
+ if envCfg.CSMEnabled != nil {
+ if *envCfg.CSMEnabled {
+ return csmConfig{
+ Enabled: true,
+ ClientID: envCfg.CSMClientID,
+ Host: envCfg.CSMHost,
+ Port: envCfg.CSMPort,
+ }, nil
+ }
+ return csmConfig{}, nil
+ }
+
+ sharedCfg, err := loadSharedConfig(csmProfileName, cfgFiles, false)
+ if err != nil {
+ if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
+ return csmConfig{}, err
+ }
+ }
+ if sharedCfg.CSMEnabled != nil && *sharedCfg.CSMEnabled == true {
+ return csmConfig{
+ Enabled: true,
+ ClientID: sharedCfg.CSMClientID,
+ Host: sharedCfg.CSMHost,
+ Port: sharedCfg.CSMPort,
+ }, nil
+ }
+
+ return csmConfig{}, nil
+}
+
+func setTLSOptions(opts *Options, cfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig) error {
+ // CA Bundle can be specified in both environment variable shared config file.
+ var caBundleFilename = envCfg.CustomCABundle
+ if len(caBundleFilename) == 0 {
+ caBundleFilename = sharedCfg.CustomCABundle
+ }
+
+ // Only use environment value if session option is not provided.
+ customTLSOptions := map[string]struct {
+ filename string
+ field *io.Reader
+ errCode string
+ }{
+ "custom CA bundle PEM": {filename: caBundleFilename, field: &opts.CustomCABundle, errCode: ErrCodeLoadCustomCABundle},
+ "custom client TLS cert": {filename: envCfg.ClientTLSCert, field: &opts.ClientTLSCert, errCode: ErrCodeLoadClientTLSCert},
+ "custom client TLS key": {filename: envCfg.ClientTLSKey, field: &opts.ClientTLSKey, errCode: ErrCodeLoadClientTLSCert},
+ }
+ for name, v := range customTLSOptions {
+ if len(v.filename) != 0 && *v.field == nil {
+ f, err := os.Open(v.filename)
+ if err != nil {
+ return awserr.New(v.errCode, fmt.Sprintf("failed to open %s file", name), err)
+ }
+ defer f.Close()
+ *v.field = f
+ }
}
// Setup HTTP client with custom cert bundle if enabled
if opts.CustomCABundle != nil {
- if err := loadCustomCABundle(s, opts.CustomCABundle); err != nil {
- return nil, err
+ if err := loadCustomCABundle(cfg.HTTPClient, opts.CustomCABundle); err != nil {
+ return err
}
}
- return s, nil
+ // Setup HTTP client TLS certificate and key for client TLS authentication.
+ if opts.ClientTLSCert != nil && opts.ClientTLSKey != nil {
+ if err := loadClientTLSCert(cfg.HTTPClient, opts.ClientTLSCert, opts.ClientTLSKey); err != nil {
+ return err
+ }
+ } else if opts.ClientTLSCert == nil && opts.ClientTLSKey == nil {
+ // Do nothing if neither values are available.
+
+ } else {
+ return awserr.New(ErrCodeLoadClientTLSCert,
+ fmt.Sprintf("client TLS cert(%t) and key(%t) must both be provided",
+ opts.ClientTLSCert != nil, opts.ClientTLSKey != nil), nil)
+ }
+
+ return nil
}
-func loadCustomCABundle(s *Session, bundle io.Reader) error {
+func getHTTPTransport(client *http.Client) (*http.Transport, error) {
var t *http.Transport
- switch v := s.Config.HTTPClient.Transport.(type) {
+ switch v := client.Transport.(type) {
case *http.Transport:
t = v
default:
- if s.Config.HTTPClient.Transport != nil {
- return awserr.New("LoadCustomCABundleError",
- "unable to load custom CA bundle, HTTPClient's transport unsupported type", nil)
+ if client.Transport != nil {
+ return nil, fmt.Errorf("unsupported transport, %T", client.Transport)
}
}
if t == nil {
// Nil transport implies `http.DefaultTransport` should be used. Since
// the SDK cannot modify, nor copy the `DefaultTransport` specifying
// the values the next closest behavior.
- t = getCABundleTransport()
+ t = getCustomTransport()
+ }
+
+ return t, nil
+}
+
+func loadCustomCABundle(client *http.Client, bundle io.Reader) error {
+ t, err := getHTTPTransport(client)
+ if err != nil {
+ return awserr.New(ErrCodeLoadCustomCABundle,
+ "unable to load custom CA bundle, HTTPClient's transport unsupported type", err)
}
p, err := loadCertPool(bundle)
@@ -422,7 +639,7 @@ func loadCustomCABundle(s *Session, bundle io.Reader) error {
}
t.TLSClientConfig.RootCAs = p
- s.Config.HTTPClient.Transport = t
+ client.Transport = t
return nil
}
@@ -430,22 +647,62 @@ func loadCustomCABundle(s *Session, bundle io.Reader) error {
func loadCertPool(r io.Reader) (*x509.CertPool, error) {
b, err := ioutil.ReadAll(r)
if err != nil {
- return nil, awserr.New("LoadCustomCABundleError",
+ return nil, awserr.New(ErrCodeLoadCustomCABundle,
"failed to read custom CA bundle PEM file", err)
}
p := x509.NewCertPool()
if !p.AppendCertsFromPEM(b) {
- return nil, awserr.New("LoadCustomCABundleError",
+ return nil, awserr.New(ErrCodeLoadCustomCABundle,
"failed to load custom CA bundle PEM file", err)
}
return p, nil
}
-func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options) error {
- // Merge in user provided configuration
- cfg.MergeIn(userCfg)
+func loadClientTLSCert(client *http.Client, certFile, keyFile io.Reader) error {
+ t, err := getHTTPTransport(client)
+ if err != nil {
+ return awserr.New(ErrCodeLoadClientTLSCert,
+ "unable to get usable HTTP transport from client", err)
+ }
+
+ cert, err := ioutil.ReadAll(certFile)
+ if err != nil {
+ return awserr.New(ErrCodeLoadClientTLSCert,
+ "unable to get read client TLS cert file", err)
+ }
+
+ key, err := ioutil.ReadAll(keyFile)
+ if err != nil {
+ return awserr.New(ErrCodeLoadClientTLSCert,
+ "unable to get read client TLS key file", err)
+ }
+
+ clientCert, err := tls.X509KeyPair(cert, key)
+ if err != nil {
+ return awserr.New(ErrCodeLoadClientTLSCert,
+ "unable to load x509 key pair from client cert", err)
+ }
+
+ tlsCfg := t.TLSClientConfig
+ if tlsCfg == nil {
+ tlsCfg = &tls.Config{}
+ }
+
+ tlsCfg.Certificates = append(tlsCfg.Certificates, clientCert)
+
+ t.TLSClientConfig = tlsCfg
+ client.Transport = t
+
+ return nil
+}
+
+func mergeConfigSrcs(cfg, userCfg *aws.Config,
+ envCfg envConfig, sharedCfg sharedConfig,
+ handlers request.Handlers,
+ sessOpts Options,
+) error {
// Region if not already set by user
if len(aws.StringValue(cfg.Region)) == 0 {
@@ -464,162 +721,67 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
}
}
- // Configure credentials if not already set
- if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
-
- // inspect the profile to see if a credential source has been specified.
- if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 {
-
- // if both credential_source and source_profile have been set, return an error
- // as this is undefined behavior.
- if len(sharedCfg.AssumeRole.SourceProfile) > 0 {
- return ErrSharedConfigSourceCollision
- }
-
- // valid credential source values
- const (
- credSourceEc2Metadata = "Ec2InstanceMetadata"
- credSourceEnvironment = "Environment"
- credSourceECSContainer = "EcsContainer"
- )
-
- switch sharedCfg.AssumeRole.CredentialSource {
- case credSourceEc2Metadata:
- cfgCp := *cfg
- p := defaults.RemoteCredProvider(cfgCp, handlers)
- cfgCp.Credentials = credentials.NewCredentials(p)
-
- if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
- // AssumeRole Token provider is required if doing Assume Role
- // with MFA.
- return AssumeRoleTokenProviderNotSetError{}
- }
-
- cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
- case credSourceEnvironment:
- cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
- envCfg.Creds,
- )
- case credSourceECSContainer:
- if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
- return ErrSharedConfigECSContainerEnvVarEmpty
- }
-
- cfgCp := *cfg
- p := defaults.RemoteCredProvider(cfgCp, handlers)
- creds := credentials.NewCredentials(p)
-
- cfg.Credentials = creds
- default:
- return ErrSharedConfigInvalidCredSource
- }
-
- return nil
- }
-
- if len(envCfg.Creds.AccessKeyID) > 0 {
- cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
- envCfg.Creds,
- )
- } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil {
- cfgCp := *cfg
- cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds(
- sharedCfg.AssumeRoleSource.Creds,
- )
-
- if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
- // AssumeRole Token provider is required if doing Assume Role
- // with MFA.
- return AssumeRoleTokenProviderNotSetError{}
- }
+ // Regional Endpoint flag for STS endpoint resolving
+ mergeSTSRegionalEndpointConfig(cfg, []endpoints.STSRegionalEndpoint{
+ userCfg.STSRegionalEndpoint,
+ envCfg.STSRegionalEndpoint,
+ sharedCfg.STSRegionalEndpoint,
+ endpoints.LegacySTSEndpoint,
+ })
+
+ // Regional Endpoint flag for S3 endpoint resolving
+ mergeS3UsEast1RegionalEndpointConfig(cfg, []endpoints.S3UsEast1RegionalEndpoint{
+ userCfg.S3UsEast1RegionalEndpoint,
+ envCfg.S3UsEast1RegionalEndpoint,
+ sharedCfg.S3UsEast1RegionalEndpoint,
+ endpoints.LegacyS3UsEast1Endpoint,
+ })
+
+ ec2IMDSEndpoint := sessOpts.EC2IMDSEndpoint
+ if len(ec2IMDSEndpoint) == 0 {
+ ec2IMDSEndpoint = envCfg.EC2IMDSEndpoint
+ }
+ if len(ec2IMDSEndpoint) != 0 {
+ cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint)
+ }
- cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
- } else if len(sharedCfg.Creds.AccessKeyID) > 0 {
- cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
- sharedCfg.Creds,
- )
- } else if len(sharedCfg.CredentialProcess) > 0 {
- cfg.Credentials = processcreds.NewCredentials(
- sharedCfg.CredentialProcess,
- )
- } else {
- // Fallback to default credentials provider, include mock errors
- // for the credential chain so user can identify why credentials
- // failed to be retrieved.
- cfg.Credentials = credentials.NewCredentials(&credentials.ChainProvider{
- VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
- Providers: []credentials.Provider{
- &credProviderError{Err: awserr.New("EnvAccessKeyNotFound", "failed to find credentials in the environment.", nil)},
- &credProviderError{Err: awserr.New("SharedCredsLoad", fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil)},
- defaults.RemoteCredProvider(*cfg, handlers),
- },
- })
+ // Configure credentials if not already set by the user when creating the
+ // Session.
+ if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
+ creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts)
+ if err != nil {
+ return err
}
+ cfg.Credentials = creds
}
- return nil
-}
-
-func assumeRoleCredentials(cfg aws.Config, handlers request.Handlers, sharedCfg sharedConfig, sessOpts Options) *credentials.Credentials {
- return stscreds.NewCredentials(
- &Session{
- Config: &cfg,
- Handlers: handlers.Copy(),
- },
- sharedCfg.AssumeRole.RoleARN,
- func(opt *stscreds.AssumeRoleProvider) {
- opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName
-
- // Assume role with external ID
- if len(sharedCfg.AssumeRole.ExternalID) > 0 {
- opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID)
- }
-
- // Assume role with MFA
- if len(sharedCfg.AssumeRole.MFASerial) > 0 {
- opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial)
- opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
- }
- },
- )
-}
-
-// AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the
-// MFAToken option is not set when shared config is configured load assume a
-// role with an MFA token.
-type AssumeRoleTokenProviderNotSetError struct{}
-
-// Code is the short id of the error.
-func (e AssumeRoleTokenProviderNotSetError) Code() string {
- return "AssumeRoleTokenProviderNotSetError"
-}
-
-// Message is the description of the error
-func (e AssumeRoleTokenProviderNotSetError) Message() string {
- return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
-}
+ cfg.S3UseARNRegion = userCfg.S3UseARNRegion
+ if cfg.S3UseARNRegion == nil {
+ cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
+ }
+ if cfg.S3UseARNRegion == nil {
+ cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion
+ }
-// OrigErr is the underlying error that caused the failure.
-func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
return nil
}
-// Error satisfies the error interface.
-func (e AssumeRoleTokenProviderNotSetError) Error() string {
- return awserr.SprintError(e.Code(), e.Message(), "", nil)
-}
-
-type credProviderError struct {
- Err error
+func mergeSTSRegionalEndpointConfig(cfg *aws.Config, values []endpoints.STSRegionalEndpoint) {
+ for _, v := range values {
+ if v != endpoints.UnsetSTSEndpoint {
+ cfg.STSRegionalEndpoint = v
+ break
+ }
+ }
}
-var emptyCreds = credentials.Value{}
-
-func (c credProviderError) Retrieve() (credentials.Value, error) {
- return credentials.Value{}, c.Err
-}
-func (c credProviderError) IsExpired() bool {
- return true
+func mergeS3UsEast1RegionalEndpointConfig(cfg *aws.Config, values []endpoints.S3UsEast1RegionalEndpoint) {
+ for _, v := range values {
+ if v != endpoints.UnsetS3UsEast1Endpoint {
+ cfg.S3UsEast1RegionalEndpoint = v
+ break
+ }
+ }
}
func initHandlers(s *Session) {
@@ -630,7 +792,7 @@ func initHandlers(s *Session) {
}
}
-// Copy creates and returns a copy of the current Session, coping the config
+// Copy creates and returns a copy of the current Session, copying the config
// and handlers. If any additional configs are provided they will be merged
// on top of the Session's copied config.
//
@@ -640,6 +802,7 @@ func (s *Session) Copy(cfgs ...*aws.Config) *Session {
newSession := &Session{
Config: s.Config.Copy(cfgs...),
Handlers: s.Handlers.Copy(),
+ options: s.options,
}
initHandlers(newSession)
@@ -650,47 +813,69 @@ func (s *Session) Copy(cfgs ...*aws.Config) *Session {
// ClientConfig satisfies the client.ConfigProvider interface and is used to
// configure the service client instances. Passing the Session to the service
// client's constructor (New) will use this method to configure the client.
-func (s *Session) ClientConfig(serviceName string, cfgs ...*aws.Config) client.Config {
- // Backwards compatibility, the error will be eaten if user calls ClientConfig
- // directly. All SDK services will use ClientconfigWithError.
- cfg, _ := s.clientConfigWithErr(serviceName, cfgs...)
-
- return cfg
-}
-
-func (s *Session) clientConfigWithErr(serviceName string, cfgs ...*aws.Config) (client.Config, error) {
+func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Config {
s = s.Copy(cfgs...)
- var resolved endpoints.ResolvedEndpoint
- var err error
-
region := aws.StringValue(s.Config.Region)
-
- if endpoint := aws.StringValue(s.Config.Endpoint); len(endpoint) != 0 {
- resolved.URL = endpoints.AddScheme(endpoint, aws.BoolValue(s.Config.DisableSSL))
- resolved.SigningRegion = region
- } else {
- resolved, err = s.Config.EndpointResolver.EndpointFor(
- serviceName, region,
- func(opt *endpoints.Options) {
- opt.DisableSSL = aws.BoolValue(s.Config.DisableSSL)
- opt.UseDualStack = aws.BoolValue(s.Config.UseDualStack)
-
- // Support the condition where the service is modeled but its
- // endpoint metadata is not available.
- opt.ResolveUnknownService = true
- },
- )
+ resolved, err := s.resolveEndpoint(service, region, s.Config)
+ if err != nil {
+ s.Handlers.Validate.PushBack(func(r *request.Request) {
+ if len(r.ClientInfo.Endpoint) != 0 {
+ // Error occurred while resolving endpoint, but the request
+ // being invoked has had an endpoint specified after the client
+ // was created.
+ return
+ }
+ r.Error = err
+ })
}
return client.Config{
Config: s.Config,
Handlers: s.Handlers,
+ PartitionID: resolved.PartitionID,
Endpoint: resolved.URL,
SigningRegion: resolved.SigningRegion,
SigningNameDerived: resolved.SigningNameDerived,
SigningName: resolved.SigningName,
- }, err
+ }
+}
+
+const ec2MetadataServiceID = "ec2metadata"
+
+func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) {
+
+ if ep := aws.StringValue(cfg.Endpoint); len(ep) != 0 {
+ return endpoints.ResolvedEndpoint{
+ URL: endpoints.AddScheme(ep, aws.BoolValue(cfg.DisableSSL)),
+ SigningRegion: region,
+ }, nil
+ }
+
+ resolved, err := cfg.EndpointResolver.EndpointFor(service, region,
+ func(opt *endpoints.Options) {
+ opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
+ opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
+ // Support for STSRegionalEndpoint where the STSRegionalEndpoint is
+ // provided in envConfig or sharedConfig with envConfig getting
+ // precedence.
+ opt.STSRegionalEndpoint = cfg.STSRegionalEndpoint
+
+ // Support for S3UsEast1RegionalEndpoint where the S3UsEast1RegionalEndpoint is
+ // provided in envConfig or sharedConfig with envConfig getting
+ // precedence.
+ opt.S3UsEast1RegionalEndpoint = cfg.S3UsEast1RegionalEndpoint
+
+ // Support the condition where the service is modeled but its
+ // endpoint metadata is not available.
+ opt.ResolveUnknownService = true
+ },
+ )
+ if err != nil {
+ return endpoints.ResolvedEndpoint{}, err
+ }
+
+ return resolved, nil
}
// ClientConfigNoResolveEndpoint is the same as ClientConfig with the exception
@@ -700,12 +885,9 @@ func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Conf
s = s.Copy(cfgs...)
var resolved endpoints.ResolvedEndpoint
-
- region := aws.StringValue(s.Config.Region)
-
if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 {
resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL))
- resolved.SigningRegion = region
+ resolved.SigningRegion = aws.StringValue(s.Config.Region)
}
return client.Config{
@@ -717,3 +899,14 @@ func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Conf
SigningName: resolved.SigningName,
}
}
+
+// logDeprecatedNewSessionError function enables error handling for session
+func (s *Session) logDeprecatedNewSessionError(msg string, err error, cfgs []*aws.Config) {
+ // Session creation failed, need to report the error and prevent
+ // any requests from succeeding.
+ s.Config.MergeIn(cfgs...)
+ s.Config.Logger.Log("ERROR:", msg, "Error:", err)
+ s.Handlers.Validate.PushBack(func(r *request.Request) {
+ r.Error = err
+ })
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
index 7cb44021b..be7daacf3 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
@@ -2,10 +2,11 @@ package session
import (
"fmt"
+ "time"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials"
-
+ "github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/aws/aws-sdk-go/internal/ini"
)
@@ -16,66 +17,120 @@ const (
sessionTokenKey = `aws_session_token` // optional
// Assume Role Credentials group
- roleArnKey = `role_arn` // group required
- sourceProfileKey = `source_profile` // group required (or credential_source)
- credentialSourceKey = `credential_source` // group required (or source_profile)
- externalIDKey = `external_id` // optional
- mfaSerialKey = `mfa_serial` // optional
- roleSessionNameKey = `role_session_name` // optional
+ roleArnKey = `role_arn` // group required
+ sourceProfileKey = `source_profile` // group required (or credential_source)
+ credentialSourceKey = `credential_source` // group required (or source_profile)
+ externalIDKey = `external_id` // optional
+ mfaSerialKey = `mfa_serial` // optional
+ roleSessionNameKey = `role_session_name` // optional
+ roleDurationSecondsKey = "duration_seconds" // optional
+
+ // CSM options
+ csmEnabledKey = `csm_enabled`
+ csmHostKey = `csm_host`
+ csmPortKey = `csm_port`
+ csmClientIDKey = `csm_client_id`
// Additional Config fields
regionKey = `region`
+ // custom CA Bundle filename
+ customCABundleKey = `ca_bundle`
+
// endpoint discovery group
enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional
+
// External Credential Process
- credentialProcessKey = `credential_process`
+ credentialProcessKey = `credential_process` // optional
+
+ // Web Identity Token File
+ webIdentityTokenFileKey = `web_identity_token_file` // optional
+
+ // Additional config fields for regional or legacy endpoints
+ stsRegionalEndpointSharedKey = `sts_regional_endpoints`
+
+ // Additional config fields for regional or legacy endpoints
+ s3UsEast1RegionalSharedKey = `s3_us_east_1_regional_endpoint`
// DefaultSharedConfigProfile is the default profile to be used when
// loading configuration from the config files if another profile name
// is not provided.
DefaultSharedConfigProfile = `default`
-)
-type assumeRoleConfig struct {
- RoleARN string
- SourceProfile string
- CredentialSource string
- ExternalID string
- MFASerial string
- RoleSessionName string
-}
+ // S3 ARN Region Usage
+ s3UseARNRegionKey = "s3_use_arn_region"
+)
// sharedConfig represents the configuration fields of the SDK config files.
type sharedConfig struct {
- // Credentials values from the config file. Both aws_access_key_id
- // and aws_secret_access_key must be provided together in the same file
- // to be considered valid. The values will be ignored if not a complete group.
- // aws_session_token is an optional field that can be provided if both of the
- // other two fields are also provided.
+ // Credentials values from the config file. Both aws_access_key_id and
+ // aws_secret_access_key must be provided together in the same file to be
+ // considered valid. The values will be ignored if not a complete group.
+ // aws_session_token is an optional field that can be provided if both of
+ // the other two fields are also provided.
//
// aws_access_key_id
// aws_secret_access_key
// aws_session_token
Creds credentials.Value
- AssumeRole assumeRoleConfig
- AssumeRoleSource *sharedConfig
+ CredentialSource string
+ CredentialProcess string
+ WebIdentityTokenFile string
- // An external process to request credentials
- CredentialProcess string
+ RoleARN string
+ RoleSessionName string
+ ExternalID string
+ MFASerial string
+ AssumeRoleDuration *time.Duration
- // Region is the region the SDK should use for looking up AWS service endpoints
- // and signing requests.
+ SourceProfileName string
+ SourceProfile *sharedConfig
+
+ // Region is the region the SDK should use for looking up AWS service
+ // endpoints and signing requests.
//
// region
Region string
+ // CustomCABundle is the file path to a PEM file the SDK will read and
+ // use to configure the HTTP transport with additional CA certs that are
+ // not present in the platforms default CA store.
+ //
+ // This value will be ignored if the file does not exist.
+ //
+ // ca_bundle
+ CustomCABundle string
+
// EnableEndpointDiscovery can be enabled in the shared config by setting
// endpoint_discovery_enabled to true
//
// endpoint_discovery_enabled = true
EnableEndpointDiscovery *bool
+
+ // CSM Options
+ CSMEnabled *bool
+ CSMHost string
+ CSMPort string
+ CSMClientID string
+
+ // Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
+ //
+ // sts_regional_endpoints = regional
+ // This can take value as `LegacySTSEndpoint` or `RegionalSTSEndpoint`
+ STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+ // Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
+ //
+ // s3_us_east_1_regional_endpoint = regional
+ // This can take value as `LegacyS3UsEast1Endpoint` or `RegionalS3UsEast1Endpoint`
+ S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
+
+ // Specifies if the S3 service should allow ARNs to direct the region
+ // the client's requests are sent to.
+ //
+ // s3_use_arn_region=true
+ S3UseARNRegion bool
}
type sharedConfigFile struct {
@@ -83,17 +138,18 @@ type sharedConfigFile struct {
IniData ini.Sections
}
-// loadSharedConfig retrieves the configuration from the list of files
-// using the profile provided. The order the files are listed will determine
+// loadSharedConfig retrieves the configuration from the list of files using
+// the profile provided. The order the files are listed will determine
// precedence. Values in subsequent files will overwrite values defined in
// earlier files.
//
// For example, given two files A and B. Both define credentials. If the order
-// of the files are A then B, B's credential values will be used instead of A's.
+// of the files are A then B, B's credential values will be used instead of
+// A's.
//
// See sharedConfig.setFromFile for information how the config files
// will be loaded.
-func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) {
+func loadSharedConfig(profile string, filenames []string, exOpts bool) (sharedConfig, error) {
if len(profile) == 0 {
profile = DefaultSharedConfigProfile
}
@@ -104,16 +160,11 @@ func loadSharedConfig(profile string, filenames []string) (sharedConfig, error)
}
cfg := sharedConfig{}
- if err = cfg.setFromIniFiles(profile, files); err != nil {
+ profiles := map[string]struct{}{}
+ if err = cfg.setFromIniFiles(profiles, profile, files, exOpts); err != nil {
return sharedConfig{}, err
}
- if len(cfg.AssumeRole.SourceProfile) > 0 {
- if err := cfg.setAssumeRoleSource(profile, files); err != nil {
- return sharedConfig{}, err
- }
- }
-
return cfg, nil
}
@@ -137,60 +188,88 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
return files, nil
}
-func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedConfigFile) error {
- var assumeRoleSrc sharedConfig
-
- if len(cfg.AssumeRole.CredentialSource) > 0 {
- // setAssumeRoleSource is only called when source_profile is found.
- // If both source_profile and credential_source are set, then
- // ErrSharedConfigSourceCollision will be returned
- return ErrSharedConfigSourceCollision
+func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error {
+ // Trim files from the list that don't exist.
+ var skippedFiles int
+ var profileNotFoundErr error
+ for _, f := range files {
+ if err := cfg.setFromIniFile(profile, f, exOpts); err != nil {
+ if _, ok := err.(SharedConfigProfileNotExistsError); ok {
+ // Ignore profiles not defined in individual files.
+ profileNotFoundErr = err
+ skippedFiles++
+ continue
+ }
+ return err
+ }
+ }
+ if skippedFiles == len(files) {
+ // If all files were skipped because the profile is not found, return
+ // the original profile not found error.
+ return profileNotFoundErr
}
- // Multiple level assume role chains are not support
- if cfg.AssumeRole.SourceProfile == origProfile {
- assumeRoleSrc = *cfg
- assumeRoleSrc.AssumeRole = assumeRoleConfig{}
+ if _, ok := profiles[profile]; ok {
+ // if this is the second instance of the profile the Assume Role
+ // options must be cleared because they are only valid for the
+ // first reference of a profile. The self linked instance of the
+ // profile only have credential provider options.
+ cfg.clearAssumeRoleOptions()
} else {
- err := assumeRoleSrc.setFromIniFiles(cfg.AssumeRole.SourceProfile, files)
- if err != nil {
+ // First time a profile has been seen, It must either be a assume role
+ // or credentials. Assert if the credential type requires a role ARN,
+ // the ARN is also set.
+ if err := cfg.validateCredentialsRequireARN(profile); err != nil {
return err
}
}
+ profiles[profile] = struct{}{}
- if len(assumeRoleSrc.Creds.AccessKeyID) == 0 {
- return SharedConfigAssumeRoleError{RoleARN: cfg.AssumeRole.RoleARN}
+ if err := cfg.validateCredentialType(); err != nil {
+ return err
}
- cfg.AssumeRoleSource = &assumeRoleSrc
-
- return nil
-}
+ // Link source profiles for assume roles
+ if len(cfg.SourceProfileName) != 0 {
+ // Linked profile via source_profile ignore credential provider
+ // options, the source profile must provide the credentials.
+ cfg.clearCredentialOptions()
-func (cfg *sharedConfig) setFromIniFiles(profile string, files []sharedConfigFile) error {
- // Trim files from the list that don't exist.
- for _, f := range files {
- if err := cfg.setFromIniFile(profile, f); err != nil {
+ srcCfg := &sharedConfig{}
+ err := srcCfg.setFromIniFiles(profiles, cfg.SourceProfileName, files, exOpts)
+ if err != nil {
+ // SourceProfile that doesn't exist is an error in configuration.
if _, ok := err.(SharedConfigProfileNotExistsError); ok {
- // Ignore proviles missings
- continue
+ err = SharedConfigAssumeRoleError{
+ RoleARN: cfg.RoleARN,
+ SourceProfile: cfg.SourceProfileName,
+ }
}
return err
}
+
+ if !srcCfg.hasCredentials() {
+ return SharedConfigAssumeRoleError{
+ RoleARN: cfg.RoleARN,
+ SourceProfile: cfg.SourceProfileName,
+ }
+ }
+
+ cfg.SourceProfile = srcCfg
}
return nil
}
-// setFromFile loads the configuration from the file using
-// the profile provided. A sharedConfig pointer type value is used so that
-// multiple config file loadings can be chained.
+// setFromFile loads the configuration from the file using the profile
+// provided. A sharedConfig pointer type value is used so that multiple config
+// file loadings can be chained.
//
// Only loads complete logically grouped values, and will not set fields in cfg
-// for incomplete grouped values in the config. Such as credentials. For example
-// if a config file only includes aws_access_key_id but no aws_secret_access_key
-// the aws_access_key_id will be ignored.
-func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) error {
+// for incomplete grouped values in the config. Such as credentials. For
+// example if a config file only includes aws_access_key_id but no
+// aws_secret_access_key the aws_access_key_id will be ignored.
+func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, exOpts bool) error {
section, ok := file.IniData.GetSection(profile)
if !ok {
// Fallback to to alternate profile name: profile
@@ -200,53 +279,177 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e
}
}
- // Shared Credentials
- akid := section.String(accessKeyIDKey)
- secret := section.String(secretAccessKey)
- if len(akid) > 0 && len(secret) > 0 {
- cfg.Creds = credentials.Value{
- AccessKeyID: akid,
- SecretAccessKey: secret,
- SessionToken: section.String(sessionTokenKey),
- ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
+ if exOpts {
+ // Assume Role Parameters
+ updateString(&cfg.RoleARN, section, roleArnKey)
+ updateString(&cfg.ExternalID, section, externalIDKey)
+ updateString(&cfg.MFASerial, section, mfaSerialKey)
+ updateString(&cfg.RoleSessionName, section, roleSessionNameKey)
+ updateString(&cfg.SourceProfileName, section, sourceProfileKey)
+ updateString(&cfg.CredentialSource, section, credentialSourceKey)
+ updateString(&cfg.Region, section, regionKey)
+ updateString(&cfg.CustomCABundle, section, customCABundleKey)
+
+ if section.Has(roleDurationSecondsKey) {
+ d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second
+ cfg.AssumeRoleDuration = &d
}
- }
- // Assume Role
- roleArn := section.String(roleArnKey)
- srcProfile := section.String(sourceProfileKey)
- credentialSource := section.String(credentialSourceKey)
- hasSource := len(srcProfile) > 0 || len(credentialSource) > 0
- if len(roleArn) > 0 && hasSource {
- cfg.AssumeRole = assumeRoleConfig{
- RoleARN: roleArn,
- SourceProfile: srcProfile,
- CredentialSource: credentialSource,
- ExternalID: section.String(externalIDKey),
- MFASerial: section.String(mfaSerialKey),
- RoleSessionName: section.String(roleSessionNameKey),
+ if v := section.String(stsRegionalEndpointSharedKey); len(v) != 0 {
+ sre, err := endpoints.GetSTSRegionalEndpoint(v)
+ if err != nil {
+ return fmt.Errorf("failed to load %s from shared config, %s, %v",
+ stsRegionalEndpointSharedKey, file.Filename, err)
+ }
+ cfg.STSRegionalEndpoint = sre
}
- }
- // `credential_process`
- if credProc := section.String(credentialProcessKey); len(credProc) > 0 {
- cfg.CredentialProcess = credProc
+ if v := section.String(s3UsEast1RegionalSharedKey); len(v) != 0 {
+ sre, err := endpoints.GetS3UsEast1RegionalEndpoint(v)
+ if err != nil {
+ return fmt.Errorf("failed to load %s from shared config, %s, %v",
+ s3UsEast1RegionalSharedKey, file.Filename, err)
+ }
+ cfg.S3UsEast1RegionalEndpoint = sre
+ }
}
- // Region
- if v := section.String(regionKey); len(v) > 0 {
- cfg.Region = v
+ updateString(&cfg.CredentialProcess, section, credentialProcessKey)
+ updateString(&cfg.WebIdentityTokenFile, section, webIdentityTokenFileKey)
+
+ // Shared Credentials
+ creds := credentials.Value{
+ AccessKeyID: section.String(accessKeyIDKey),
+ SecretAccessKey: section.String(secretAccessKey),
+ SessionToken: section.String(sessionTokenKey),
+ ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
+ }
+ if creds.HasKeys() {
+ cfg.Creds = creds
}
// Endpoint discovery
- if section.Has(enableEndpointDiscoveryKey) {
- v := section.Bool(enableEndpointDiscoveryKey)
- cfg.EnableEndpointDiscovery = &v
+ updateBoolPtr(&cfg.EnableEndpointDiscovery, section, enableEndpointDiscoveryKey)
+
+ // CSM options
+ updateBoolPtr(&cfg.CSMEnabled, section, csmEnabledKey)
+ updateString(&cfg.CSMHost, section, csmHostKey)
+ updateString(&cfg.CSMPort, section, csmPortKey)
+ updateString(&cfg.CSMClientID, section, csmClientIDKey)
+
+ updateBool(&cfg.S3UseARNRegion, section, s3UseARNRegionKey)
+
+ return nil
+}
+
+func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error {
+ var credSource string
+
+ switch {
+ case len(cfg.SourceProfileName) != 0:
+ credSource = sourceProfileKey
+ case len(cfg.CredentialSource) != 0:
+ credSource = credentialSourceKey
+ case len(cfg.WebIdentityTokenFile) != 0:
+ credSource = webIdentityTokenFileKey
+ }
+
+ if len(credSource) != 0 && len(cfg.RoleARN) == 0 {
+ return CredentialRequiresARNError{
+ Type: credSource,
+ Profile: profile,
+ }
+ }
+
+ return nil
+}
+
+func (cfg *sharedConfig) validateCredentialType() error {
+ // Only one or no credential type can be defined.
+ if !oneOrNone(
+ len(cfg.SourceProfileName) != 0,
+ len(cfg.CredentialSource) != 0,
+ len(cfg.CredentialProcess) != 0,
+ len(cfg.WebIdentityTokenFile) != 0,
+ ) {
+ return ErrSharedConfigSourceCollision
}
return nil
}
+func (cfg *sharedConfig) hasCredentials() bool {
+ switch {
+ case len(cfg.SourceProfileName) != 0:
+ case len(cfg.CredentialSource) != 0:
+ case len(cfg.CredentialProcess) != 0:
+ case len(cfg.WebIdentityTokenFile) != 0:
+ case cfg.Creds.HasKeys():
+ default:
+ return false
+ }
+
+ return true
+}
+
+func (cfg *sharedConfig) clearCredentialOptions() {
+ cfg.CredentialSource = ""
+ cfg.CredentialProcess = ""
+ cfg.WebIdentityTokenFile = ""
+ cfg.Creds = credentials.Value{}
+}
+
+func (cfg *sharedConfig) clearAssumeRoleOptions() {
+ cfg.RoleARN = ""
+ cfg.ExternalID = ""
+ cfg.MFASerial = ""
+ cfg.RoleSessionName = ""
+ cfg.SourceProfileName = ""
+}
+
+func oneOrNone(bs ...bool) bool {
+ var count int
+
+ for _, b := range bs {
+ if b {
+ count++
+ if count > 1 {
+ return false
+ }
+ }
+ }
+
+ return true
+}
+
+// updateString will only update the dst with the value in the section key, key
+// is present in the section.
+func updateString(dst *string, section ini.Section, key string) {
+ if !section.Has(key) {
+ return
+ }
+ *dst = section.String(key)
+}
+
+// updateBool will only update the dst with the value in the section key, key
+// is present in the section.
+func updateBool(dst *bool, section ini.Section, key string) {
+ if !section.Has(key) {
+ return
+ }
+ *dst = section.Bool(key)
+}
+
+// updateBoolPtr will only update the dst with the value in the section key,
+// key is present in the section.
+func updateBoolPtr(dst **bool, section ini.Section, key string) {
+ if !section.Has(key) {
+ return
+ }
+ *dst = new(bool)
+ **dst = section.Bool(key)
+}
+
// SharedConfigLoadError is an error for the shared config file failed to load.
type SharedConfigLoadError struct {
Filename string
@@ -304,7 +507,8 @@ func (e SharedConfigProfileNotExistsError) Error() string {
// profile contains assume role information, but that information is invalid
// or not complete.
type SharedConfigAssumeRoleError struct {
- RoleARN string
+ RoleARN string
+ SourceProfile string
}
// Code is the short id of the error.
@@ -314,8 +518,10 @@ func (e SharedConfigAssumeRoleError) Code() string {
// Message is the description of the error
func (e SharedConfigAssumeRoleError) Message() string {
- return fmt.Sprintf("failed to load assume role for %s, source profile has no shared credentials",
- e.RoleARN)
+ return fmt.Sprintf(
+ "failed to load assume role for %s, source profile %s has no shared credentials",
+ e.RoleARN, e.SourceProfile,
+ )
}
// OrigErr is the underlying error that caused the failure.
@@ -327,3 +533,36 @@ func (e SharedConfigAssumeRoleError) OrigErr() error {
func (e SharedConfigAssumeRoleError) Error() string {
return awserr.SprintError(e.Code(), e.Message(), "", nil)
}
+
+// CredentialRequiresARNError provides the error for shared config credentials
+// that are incorrectly configured in the shared config or credentials file.
+type CredentialRequiresARNError struct {
+ // type of credentials that were configured.
+ Type string
+
+ // Profile name the credentials were in.
+ Profile string
+}
+
+// Code is the short id of the error.
+func (e CredentialRequiresARNError) Code() string {
+ return "CredentialRequiresARNError"
+}
+
+// Message is the description of the error
+func (e CredentialRequiresARNError) Message() string {
+ return fmt.Sprintf(
+ "credential type %s requires role_arn, profile %s",
+ e.Type, e.Profile,
+ )
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e CredentialRequiresARNError) OrigErr() error {
+ return nil
+}
+
+// Error satisfies the error interface.
+func (e CredentialRequiresARNError) Error() string {
+ return awserr.SprintError(e.Code(), e.Message(), "", nil)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
index 244c86da0..07ea799fb 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
@@ -1,8 +1,7 @@
package v4
import (
- "net/http"
- "strings"
+ "github.com/aws/aws-sdk-go/internal/strings"
)
// validator houses a set of rule needed for validation of a
@@ -61,7 +60,7 @@ type patterns []string
// been found
func (p patterns) IsValid(value string) bool {
for _, pattern := range p {
- if strings.HasPrefix(http.CanonicalHeaderKey(value), pattern) {
+ if strings.HasPrefixFold(value, pattern) {
return true
}
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
new file mode 100644
index 000000000..f35fc860b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
@@ -0,0 +1,13 @@
+// +build !go1.7
+
+package v4
+
+import (
+ "net/http"
+
+ "github.com/aws/aws-sdk-go/aws"
+)
+
+func requestContext(r *http.Request) aws.Context {
+ return aws.BackgroundContext()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
new file mode 100644
index 000000000..fed5c859c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
@@ -0,0 +1,13 @@
+// +build go1.7
+
+package v4
+
+import (
+ "net/http"
+
+ "github.com/aws/aws-sdk-go/aws"
+)
+
+func requestContext(r *http.Request) aws.Context {
+ return r.Context()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
new file mode 100644
index 000000000..02cbd97e2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
@@ -0,0 +1,63 @@
+package v4
+
+import (
+ "encoding/hex"
+ "strings"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws/credentials"
+)
+
+type credentialValueProvider interface {
+ Get() (credentials.Value, error)
+}
+
+// StreamSigner implements signing of event stream encoded payloads
+type StreamSigner struct {
+ region string
+ service string
+
+ credentials credentialValueProvider
+
+ prevSig []byte
+}
+
+// NewStreamSigner creates a SigV4 signer used to sign Event Stream encoded messages
+func NewStreamSigner(region, service string, seedSignature []byte, credentials *credentials.Credentials) *StreamSigner {
+ return &StreamSigner{
+ region: region,
+ service: service,
+ credentials: credentials,
+ prevSig: seedSignature,
+ }
+}
+
+// GetSignature takes an event stream encoded headers and payload and returns a signature
+func (s *StreamSigner) GetSignature(headers, payload []byte, date time.Time) ([]byte, error) {
+ credValue, err := s.credentials.Get()
+ if err != nil {
+ return nil, err
+ }
+
+ sigKey := deriveSigningKey(s.region, s.service, credValue.SecretAccessKey, date)
+
+ keyPath := buildSigningScope(s.region, s.service, date)
+
+ stringToSign := buildEventStreamStringToSign(headers, payload, s.prevSig, keyPath, date)
+
+ signature := hmacSHA256(sigKey, []byte(stringToSign))
+ s.prevSig = signature
+
+ return signature, nil
+}
+
+func buildEventStreamStringToSign(headers, payload, prevSig []byte, scope string, date time.Time) string {
+ return strings.Join([]string{
+ "AWS4-HMAC-SHA256-PAYLOAD",
+ formatTime(date),
+ scope,
+ hex.EncodeToString(prevSig),
+ hex.EncodeToString(hashSHA256(headers)),
+ hex.EncodeToString(hashSHA256(payload)),
+ }, "\n")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
index 523db79f8..d71f7b3f4 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
@@ -76,9 +76,14 @@ import (
)
const (
+ authorizationHeader = "Authorization"
+ authHeaderSignatureElem = "Signature="
+ signatureQueryKey = "X-Amz-Signature"
+
authHeaderPrefix = "AWS4-HMAC-SHA256"
timeFormat = "20060102T150405Z"
shortTimeFormat = "20060102"
+ awsV4Request = "aws4_request"
// emptyStringSHA256 is a SHA256 of an empty string
emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
@@ -87,9 +92,9 @@ const (
var ignoredHeaders = rules{
blacklist{
mapRule{
- "Authorization": struct{}{},
- "User-Agent": struct{}{},
- "X-Amzn-Trace-Id": struct{}{},
+ authorizationHeader: struct{}{},
+ "User-Agent": struct{}{},
+ "X-Amzn-Trace-Id": struct{}{},
},
},
}
@@ -229,11 +234,9 @@ type signingCtx struct {
DisableURIPathEscaping bool
- credValues credentials.Value
- isPresign bool
- formattedTime string
- formattedShortTime string
- unsignedPayload bool
+ credValues credentials.Value
+ isPresign bool
+ unsignedPayload bool
bodyDigest string
signedHeaders string
@@ -337,7 +340,7 @@ func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, regi
}
var err error
- ctx.credValues, err = v4.Credentials.Get()
+ ctx.credValues, err = v4.Credentials.GetWithContext(requestContext(r))
if err != nil {
return http.Header{}, err
}
@@ -532,39 +535,56 @@ func (ctx *signingCtx) build(disableHeaderHoisting bool) error {
ctx.buildSignature() // depends on string to sign
if ctx.isPresign {
- ctx.Request.URL.RawQuery += "&X-Amz-Signature=" + ctx.signature
+ ctx.Request.URL.RawQuery += "&" + signatureQueryKey + "=" + ctx.signature
} else {
parts := []string{
authHeaderPrefix + " Credential=" + ctx.credValues.AccessKeyID + "/" + ctx.credentialString,
"SignedHeaders=" + ctx.signedHeaders,
- "Signature=" + ctx.signature,
+ authHeaderSignatureElem + ctx.signature,
}
- ctx.Request.Header.Set("Authorization", strings.Join(parts, ", "))
+ ctx.Request.Header.Set(authorizationHeader, strings.Join(parts, ", "))
}
return nil
}
-func (ctx *signingCtx) buildTime() {
- ctx.formattedTime = ctx.Time.UTC().Format(timeFormat)
- ctx.formattedShortTime = ctx.Time.UTC().Format(shortTimeFormat)
+// GetSignedRequestSignature attempts to extract the signature of the request.
+// Returning an error if the request is unsigned, or unable to extract the
+// signature.
+func GetSignedRequestSignature(r *http.Request) ([]byte, error) {
+
+ if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
+ ps := strings.Split(auth, ", ")
+ for _, p := range ps {
+ if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
+ sig := p[len(authHeaderSignatureElem):]
+ if len(sig) == 0 {
+ return nil, fmt.Errorf("invalid request signature authorization header")
+ }
+ return hex.DecodeString(sig)
+ }
+ }
+ }
+ if sig := r.URL.Query().Get("X-Amz-Signature"); len(sig) != 0 {
+ return hex.DecodeString(sig)
+ }
+
+ return nil, fmt.Errorf("request not signed")
+}
+
+func (ctx *signingCtx) buildTime() {
if ctx.isPresign {
duration := int64(ctx.ExpireTime / time.Second)
- ctx.Query.Set("X-Amz-Date", ctx.formattedTime)
+ ctx.Query.Set("X-Amz-Date", formatTime(ctx.Time))
ctx.Query.Set("X-Amz-Expires", strconv.FormatInt(duration, 10))
} else {
- ctx.Request.Header.Set("X-Amz-Date", ctx.formattedTime)
+ ctx.Request.Header.Set("X-Amz-Date", formatTime(ctx.Time))
}
}
func (ctx *signingCtx) buildCredentialString() {
- ctx.credentialString = strings.Join([]string{
- ctx.formattedShortTime,
- ctx.Region,
- ctx.ServiceName,
- "aws4_request",
- }, "/")
+ ctx.credentialString = buildSigningScope(ctx.Region, ctx.ServiceName, ctx.Time)
if ctx.isPresign {
ctx.Query.Set("X-Amz-Credential", ctx.credValues.AccessKeyID+"/"+ctx.credentialString)
@@ -588,8 +608,7 @@ func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) {
var headers []string
headers = append(headers, "host")
for k, v := range header {
- canonicalKey := http.CanonicalHeaderKey(k)
- if !r.IsValid(canonicalKey) {
+ if !r.IsValid(k) {
continue // ignored header
}
if ctx.SignedHeaderVals == nil {
@@ -653,19 +672,15 @@ func (ctx *signingCtx) buildCanonicalString() {
func (ctx *signingCtx) buildStringToSign() {
ctx.stringToSign = strings.Join([]string{
authHeaderPrefix,
- ctx.formattedTime,
+ formatTime(ctx.Time),
ctx.credentialString,
- hex.EncodeToString(makeSha256([]byte(ctx.canonicalString))),
+ hex.EncodeToString(hashSHA256([]byte(ctx.canonicalString))),
}, "\n")
}
func (ctx *signingCtx) buildSignature() {
- secret := ctx.credValues.SecretAccessKey
- date := makeHmac([]byte("AWS4"+secret), []byte(ctx.formattedShortTime))
- region := makeHmac(date, []byte(ctx.Region))
- service := makeHmac(region, []byte(ctx.ServiceName))
- credentials := makeHmac(service, []byte("aws4_request"))
- signature := makeHmac(credentials, []byte(ctx.stringToSign))
+ creds := deriveSigningKey(ctx.Region, ctx.ServiceName, ctx.credValues.SecretAccessKey, ctx.Time)
+ signature := hmacSHA256(creds, []byte(ctx.stringToSign))
ctx.signature = hex.EncodeToString(signature)
}
@@ -687,7 +702,11 @@ func (ctx *signingCtx) buildBodyDigest() error {
if !aws.IsReaderSeekable(ctx.Body) {
return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body)
}
- hash = hex.EncodeToString(makeSha256Reader(ctx.Body))
+ hashBytes, err := makeSha256Reader(ctx.Body)
+ if err != nil {
+ return err
+ }
+ hash = hex.EncodeToString(hashBytes)
}
if includeSHA256Header {
@@ -722,22 +741,28 @@ func (ctx *signingCtx) removePresign() {
ctx.Query.Del("X-Amz-SignedHeaders")
}
-func makeHmac(key []byte, data []byte) []byte {
+func hmacSHA256(key []byte, data []byte) []byte {
hash := hmac.New(sha256.New, key)
hash.Write(data)
return hash.Sum(nil)
}
-func makeSha256(data []byte) []byte {
+func hashSHA256(data []byte) []byte {
hash := sha256.New()
hash.Write(data)
return hash.Sum(nil)
}
-func makeSha256Reader(reader io.ReadSeeker) []byte {
+func makeSha256Reader(reader io.ReadSeeker) (hashBytes []byte, err error) {
hash := sha256.New()
- start, _ := reader.Seek(0, sdkio.SeekCurrent)
- defer reader.Seek(start, sdkio.SeekStart)
+ start, err := reader.Seek(0, sdkio.SeekCurrent)
+ if err != nil {
+ return nil, err
+ }
+ defer func() {
+ // ensure error is return if unable to seek back to start of payload.
+ _, err = reader.Seek(start, sdkio.SeekStart)
+ }()
// Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies
// smaller than 32KB. Fall back to io.Copy if we fail to determine the size.
@@ -748,7 +773,7 @@ func makeSha256Reader(reader io.ReadSeeker) []byte {
io.CopyN(hash, reader, size)
}
- return hash.Sum(nil)
+ return hash.Sum(nil), nil
}
const doubleSpace = " "
@@ -794,3 +819,28 @@ func stripExcessSpaces(vals []string) {
vals[i] = string(buf[:m])
}
}
+
+func buildSigningScope(region, service string, dt time.Time) string {
+ return strings.Join([]string{
+ formatShortTime(dt),
+ region,
+ service,
+ awsV4Request,
+ }, "/")
+}
+
+func deriveSigningKey(region, service, secretKey string, dt time.Time) []byte {
+ kDate := hmacSHA256([]byte("AWS4"+secretKey), []byte(formatShortTime(dt)))
+ kRegion := hmacSHA256(kDate, []byte(region))
+ kService := hmacSHA256(kRegion, []byte(service))
+ signingKey := hmacSHA256(kService, []byte(awsV4Request))
+ return signingKey
+}
+
+func formatShortTime(dt time.Time) string {
+ return dt.UTC().Format(shortTimeFormat)
+}
+
+func formatTime(dt time.Time) string {
+ return dt.UTC().Format(timeFormat)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go
index 455091540..98751ee84 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go
@@ -2,6 +2,7 @@ package aws
import (
"io"
+ "strings"
"sync"
"github.com/aws/aws-sdk-go/internal/sdkio"
@@ -205,3 +206,59 @@ func (b *WriteAtBuffer) Bytes() []byte {
defer b.m.Unlock()
return b.buf
}
+
+// MultiCloser is a utility to close multiple io.Closers within a single
+// statement.
+type MultiCloser []io.Closer
+
+// Close closes all of the io.Closers making up the MultiClosers. Any
+// errors that occur while closing will be returned in the order they
+// occur.
+func (m MultiCloser) Close() error {
+ var errs errors
+ for _, c := range m {
+ err := c.Close()
+ if err != nil {
+ errs = append(errs, err)
+ }
+ }
+ if len(errs) != 0 {
+ return errs
+ }
+
+ return nil
+}
+
+type errors []error
+
+func (es errors) Error() string {
+ var parts []string
+ for _, e := range es {
+ parts = append(parts, e.Error())
+ }
+
+ return strings.Join(parts, "\n")
+}
+
+// CopySeekableBody copies the seekable body to an io.Writer
+func CopySeekableBody(dst io.Writer, src io.ReadSeeker) (int64, error) {
+ curPos, err := src.Seek(0, sdkio.SeekCurrent)
+ if err != nil {
+ return 0, err
+ }
+
+ // copy errors may be assumed to be from the body.
+ n, err := io.Copy(dst, src)
+ if err != nil {
+ return n, err
+ }
+
+ // seek back to the first position after reading to reset
+ // the body for transmission.
+ _, err = src.Seek(curPos, sdkio.SeekStart)
+ if err != nil {
+ return n, err
+ }
+
+ return n, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index 9ed1367db..6520fb025 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
-const SDKVersion = "1.19.41"
+const SDKVersion = "1.36.20"
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
new file mode 100644
index 000000000..876dcb3fd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
@@ -0,0 +1,40 @@
+// +build !go1.7
+
+package context
+
+import "time"
+
+// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to
+// provide a 1.6 and 1.5 safe version of context that is compatible with Go
+// 1.7's Context.
+//
+// An emptyCtx is never canceled, has no values, and has no deadline. It is not
+// struct{}, since vars of this type must have distinct addresses.
+type emptyCtx int
+
+func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
+ return
+}
+
+func (*emptyCtx) Done() <-chan struct{} {
+ return nil
+}
+
+func (*emptyCtx) Err() error {
+ return nil
+}
+
+func (*emptyCtx) Value(key interface{}) interface{} {
+ return nil
+}
+
+func (e *emptyCtx) String() string {
+ switch e {
+ case BackgroundCtx:
+ return "aws.BackgroundContext"
+ }
+ return "unknown empty Context"
+}
+
+// BackgroundCtx is the common base context.
+var BackgroundCtx = new(emptyCtx)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
index e56dcee2f..55fa73ebc 100644
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
@@ -63,9 +63,10 @@ var parseTable = map[ASTKind]map[TokenType]int{
TokenNone: MarkCompleteState,
},
ASTKindEqualExpr: map[TokenType]int{
- TokenLit: ValueState,
- TokenWS: SkipTokenState,
- TokenNL: SkipState,
+ TokenLit: ValueState,
+ TokenWS: SkipTokenState,
+ TokenNL: SkipState,
+ TokenNone: SkipState,
},
ASTKindStatement: map[TokenType]int{
TokenLit: SectionState,
@@ -162,7 +163,7 @@ loop:
if len(tokens) == 0 {
break loop
}
-
+ // if should skip is true, we skip the tokens until should skip is set to false.
step = SkipTokenState
}
@@ -218,7 +219,7 @@ loop:
// S -> equal_expr' expr_stmt'
switch k.Kind {
case ASTKindEqualExpr:
- // assiging a value to some key
+ // assigning a value to some key
k.AppendChild(newExpression(tok))
stack.Push(newExprStatement(k))
case ASTKindExpr:
@@ -250,6 +251,13 @@ loop:
if !runeCompare(tok.Raw(), openBrace) {
return nil, NewParseError("expected '['")
}
+ // If OpenScopeState is not at the start, we must mark the previous ast as complete
+ //
+ // for example: if previous ast was a skip statement;
+ // we should mark it as complete before we create a new statement
+ if k.Kind != ASTKindStart {
+ stack.MarkComplete(k)
+ }
stmt := newStatement()
stack.Push(stmt)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
index 6bb696447..da7a4049c 100644
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
@@ -22,24 +22,24 @@ func newSkipper() skipper {
}
func (s *skipper) ShouldSkip(tok Token) bool {
+ // should skip state will be modified only if previous token was new line (NL);
+ // and the current token is not WhiteSpace (WS).
if s.shouldSkip &&
s.prevTok.Type() == TokenNL &&
tok.Type() != TokenWS {
-
s.Continue()
return false
}
s.prevTok = tok
-
return s.shouldSkip
}
func (s *skipper) Skip() {
s.shouldSkip = true
- s.prevTok = emptyToken
}
func (s *skipper) Continue() {
s.shouldSkip = false
+ // empty token is assigned as we return to default state, when should skip is false
s.prevTok = emptyToken
}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
new file mode 100644
index 000000000..6c443988b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
@@ -0,0 +1,12 @@
+package sdkio
+
+const (
+ // Byte is 8 bits
+ Byte int64 = 1
+ // KibiByte (KiB) is 1024 Bytes
+ KibiByte = Byte * 1024
+ // MebiByte (MiB) is 1024 KiB
+ MebiByte = KibiByte * 1024
+ // GibiByte (GiB) is 1024 MiB
+ GibiByte = MebiByte * 1024
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
new file mode 100644
index 000000000..44898eed0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
@@ -0,0 +1,15 @@
+// +build go1.10
+
+package sdkmath
+
+import "math"
+
+// Round returns the nearest integer, rounding half away from zero.
+//
+// Special cases are:
+// Round(±0) = ±0
+// Round(±Inf) = ±Inf
+// Round(NaN) = NaN
+func Round(x float64) float64 {
+ return math.Round(x)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
new file mode 100644
index 000000000..810ec7f08
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
@@ -0,0 +1,56 @@
+// +build !go1.10
+
+package sdkmath
+
+import "math"
+
+// Copied from the Go standard library's (Go 1.12) math/floor.go for use in
+// Go version prior to Go 1.10.
+const (
+ uvone = 0x3FF0000000000000
+ mask = 0x7FF
+ shift = 64 - 11 - 1
+ bias = 1023
+ signMask = 1 << 63
+ fracMask = 1<= 0.5 {
+ // return t + Copysign(1, x)
+ // }
+ // return t
+ // }
+ bits := math.Float64bits(x)
+ e := uint(bits>>shift) & mask
+ if e < bias {
+ // Round abs(x) < 1 including denormals.
+ bits &= signMask // +-0
+ if e == bias-1 {
+ bits |= uvone // +-1
+ }
+ } else if e < bias+shift {
+ // Round any abs(x) >= 1 containing a fractional component [0,1).
+ //
+ // Numbers with larger exponents are returned unchanged since they
+ // must be either an integer, infinity, or NaN.
+ const half = 1 << (shift - 1)
+ e -= bias
+ bits += half >> e
+ bits &^= fracMask >> e
+ }
+ return math.Float64frombits(bits)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
new file mode 100644
index 000000000..f4651da2d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
@@ -0,0 +1,11 @@
+// +build go1.6
+
+package sdkrand
+
+import "math/rand"
+
+// Read provides the stub for math.Rand.Read method support for go version's
+// 1.6 and greater.
+func Read(r *rand.Rand, p []byte) (int, error) {
+ return r.Read(p)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
new file mode 100644
index 000000000..b1d93a33d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
@@ -0,0 +1,24 @@
+// +build !go1.6
+
+package sdkrand
+
+import "math/rand"
+
+// Read backfills Go 1.6's math.Rand.Reader for Go 1.5
+func Read(r *rand.Rand, p []byte) (n int, err error) {
+ // Copy of Go standard libraries math package's read function not added to
+ // standard library until Go 1.6.
+ var pos int8
+ var val int64
+ for n = 0; n < len(p); n++ {
+ if pos == 0 {
+ val = r.Int63()
+ pos = 7
+ }
+ p[n] = byte(val)
+ val >>= 8
+ pos--
+ }
+
+ return n, err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
new file mode 100644
index 000000000..d008ae27c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
@@ -0,0 +1,11 @@
+package strings
+
+import (
+ "strings"
+)
+
+// HasPrefixFold tests whether the string s begins with prefix, interpreted as UTF-8 strings,
+// under Unicode case-folding.
+func HasPrefixFold(s, prefix string) bool {
+ return len(s) >= len(prefix) && strings.EqualFold(s[0:len(prefix)], prefix)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
new file mode 100644
index 000000000..14ad0c589
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
@@ -0,0 +1,120 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package singleflight provides a duplicate function call suppression
+// mechanism.
+package singleflight
+
+import "sync"
+
+// call is an in-flight or completed singleflight.Do call
+type call struct {
+ wg sync.WaitGroup
+
+ // These fields are written once before the WaitGroup is done
+ // and are only read after the WaitGroup is done.
+ val interface{}
+ err error
+
+ // forgotten indicates whether Forget was called with this call's key
+ // while the call was still in flight.
+ forgotten bool
+
+ // These fields are read and written with the singleflight
+ // mutex held before the WaitGroup is done, and are read but
+ // not written after the WaitGroup is done.
+ dups int
+ chans []chan<- Result
+}
+
+// Group represents a class of work and forms a namespace in
+// which units of work can be executed with duplicate suppression.
+type Group struct {
+ mu sync.Mutex // protects m
+ m map[string]*call // lazily initialized
+}
+
+// Result holds the results of Do, so they can be passed
+// on a channel.
+type Result struct {
+ Val interface{}
+ Err error
+ Shared bool
+}
+
+// Do executes and returns the results of the given function, making
+// sure that only one execution is in-flight for a given key at a
+// time. If a duplicate comes in, the duplicate caller waits for the
+// original to complete and receives the same results.
+// The return value shared indicates whether v was given to multiple callers.
+func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, err error, shared bool) {
+ g.mu.Lock()
+ if g.m == nil {
+ g.m = make(map[string]*call)
+ }
+ if c, ok := g.m[key]; ok {
+ c.dups++
+ g.mu.Unlock()
+ c.wg.Wait()
+ return c.val, c.err, true
+ }
+ c := new(call)
+ c.wg.Add(1)
+ g.m[key] = c
+ g.mu.Unlock()
+
+ g.doCall(c, key, fn)
+ return c.val, c.err, c.dups > 0
+}
+
+// DoChan is like Do but returns a channel that will receive the
+// results when they are ready.
+func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result {
+ ch := make(chan Result, 1)
+ g.mu.Lock()
+ if g.m == nil {
+ g.m = make(map[string]*call)
+ }
+ if c, ok := g.m[key]; ok {
+ c.dups++
+ c.chans = append(c.chans, ch)
+ g.mu.Unlock()
+ return ch
+ }
+ c := &call{chans: []chan<- Result{ch}}
+ c.wg.Add(1)
+ g.m[key] = c
+ g.mu.Unlock()
+
+ go g.doCall(c, key, fn)
+
+ return ch
+}
+
+// doCall handles the single call for a key.
+func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
+ c.val, c.err = fn()
+ c.wg.Done()
+
+ g.mu.Lock()
+ if !c.forgotten {
+ delete(g.m, key)
+ }
+ for _, ch := range c.chans {
+ ch <- Result{c.val, c.err, c.dups > 0}
+ }
+ g.mu.Unlock()
+}
+
+// Forget tells the singleflight to forget about a key. Future calls
+// to Do for this key will call the function rather than waiting for
+// an earlier call to complete.
+func (g *Group) Forget(key string) {
+ g.mu.Lock()
+ if c, ok := g.m[key]; ok {
+ c.forgotten = true
+ }
+ delete(g.m, key)
+ g.mu.Unlock()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
index ea0da79a5..8b2c9bbeb 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
@@ -6,7 +6,9 @@ import (
"encoding/json"
"fmt"
"io"
+ "math/big"
"reflect"
+ "strings"
"time"
"github.com/aws/aws-sdk-go/aws"
@@ -14,6 +16,8 @@ import (
"github.com/aws/aws-sdk-go/private/protocol"
)
+var millisecondsFloat = new(big.Float).SetInt64(1e3)
+
// UnmarshalJSONError unmarshal's the reader's JSON document into the passed in
// type. The value to unmarshal the json document into must be a pointer to the
// type.
@@ -38,17 +42,42 @@ func UnmarshalJSONError(v interface{}, stream io.Reader) error {
func UnmarshalJSON(v interface{}, stream io.Reader) error {
var out interface{}
- err := json.NewDecoder(stream).Decode(&out)
+ decoder := json.NewDecoder(stream)
+ decoder.UseNumber()
+ err := decoder.Decode(&out)
+ if err == io.EOF {
+ return nil
+ } else if err != nil {
+ return err
+ }
+
+ return unmarshaler{}.unmarshalAny(reflect.ValueOf(v), out, "")
+}
+
+// UnmarshalJSONCaseInsensitive reads a stream and unmarshals the result into the
+// object v. Ignores casing for structure members.
+func UnmarshalJSONCaseInsensitive(v interface{}, stream io.Reader) error {
+ var out interface{}
+
+ decoder := json.NewDecoder(stream)
+ decoder.UseNumber()
+ err := decoder.Decode(&out)
if err == io.EOF {
return nil
} else if err != nil {
return err
}
- return unmarshalAny(reflect.ValueOf(v), out, "")
+ return unmarshaler{
+ caseInsensitive: true,
+ }.unmarshalAny(reflect.ValueOf(v), out, "")
}
-func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+type unmarshaler struct {
+ caseInsensitive bool
+}
+
+func (u unmarshaler) unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
vtype := value.Type()
if vtype.Kind() == reflect.Ptr {
vtype = vtype.Elem() // check kind of actual element type
@@ -80,17 +109,17 @@ func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag)
if field, ok := vtype.FieldByName("_"); ok {
tag = field.Tag
}
- return unmarshalStruct(value, data, tag)
+ return u.unmarshalStruct(value, data, tag)
case "list":
- return unmarshalList(value, data, tag)
+ return u.unmarshalList(value, data, tag)
case "map":
- return unmarshalMap(value, data, tag)
+ return u.unmarshalMap(value, data, tag)
default:
- return unmarshalScalar(value, data, tag)
+ return u.unmarshalScalar(value, data, tag)
}
}
-func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
if data == nil {
return nil
}
@@ -114,7 +143,7 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa
// unwrap any payloads
if payload := tag.Get("payload"); payload != "" {
field, _ := t.FieldByName(payload)
- return unmarshalAny(value.FieldByName(payload), data, field.Tag)
+ return u.unmarshalAny(value.FieldByName(payload), data, field.Tag)
}
for i := 0; i < t.NumField(); i++ {
@@ -128,9 +157,19 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa
if locName := field.Tag.Get("locationName"); locName != "" {
name = locName
}
+ if u.caseInsensitive {
+ if _, ok := mapData[name]; !ok {
+ // Fallback to uncased name search if the exact name didn't match.
+ for kn, v := range mapData {
+ if strings.EqualFold(kn, name) {
+ mapData[name] = v
+ }
+ }
+ }
+ }
member := value.FieldByIndex(field.Index)
- err := unmarshalAny(member, mapData[name], field.Tag)
+ err := u.unmarshalAny(member, mapData[name], field.Tag)
if err != nil {
return err
}
@@ -138,7 +177,7 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa
return nil
}
-func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
if data == nil {
return nil
}
@@ -153,7 +192,7 @@ func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag)
}
for i, c := range listData {
- err := unmarshalAny(value.Index(i), c, "")
+ err := u.unmarshalAny(value.Index(i), c, "")
if err != nil {
return err
}
@@ -162,7 +201,7 @@ func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag)
return nil
}
-func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
if data == nil {
return nil
}
@@ -179,14 +218,14 @@ func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag)
kvalue := reflect.ValueOf(k)
vvalue := reflect.New(value.Type().Elem()).Elem()
- unmarshalAny(vvalue, v, "")
+ u.unmarshalAny(vvalue, v, "")
value.SetMapIndex(kvalue, vvalue)
}
return nil
}
-func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
switch d := data.(type) {
case nil:
@@ -222,16 +261,31 @@ func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTa
default:
return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
}
- case float64:
+ case json.Number:
switch value.Interface().(type) {
case *int64:
- di := int64(d)
+ // Retain the old behavior where we would just truncate the float64
+ // calling d.Int64() here could cause an invalid syntax error due to the usage of strconv.ParseInt
+ f, err := d.Float64()
+ if err != nil {
+ return err
+ }
+ di := int64(f)
value.Set(reflect.ValueOf(&di))
case *float64:
- value.Set(reflect.ValueOf(&d))
+ f, err := d.Float64()
+ if err != nil {
+ return err
+ }
+ value.Set(reflect.ValueOf(&f))
case *time.Time:
- // Time unmarshaled from a float64 can only be epoch seconds
- t := time.Unix(int64(d), 0).UTC()
+ float, ok := new(big.Float).SetString(d.String())
+ if !ok {
+ return fmt.Errorf("unsupported float time representation: %v", d.String())
+ }
+ float = float.Mul(float, millisecondsFloat)
+ ms, _ := float.Int64()
+ t := time.Unix(0, ms*1e6).UTC()
value.Set(reflect.ValueOf(&t))
default:
return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
index e21614a12..0ea0647a5 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
@@ -64,7 +64,7 @@ func (h HandlerPayloadMarshal) MarshalPayload(w io.Writer, v interface{}) error
metadata.ClientInfo{},
request.Handlers{},
nil,
- &request.Operation{HTTPMethod: "GET"},
+ &request.Operation{HTTPMethod: "PUT"},
v,
nil,
)
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
new file mode 100644
index 000000000..9d521dcb9
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
@@ -0,0 +1,49 @@
+package protocol
+
+import (
+ "fmt"
+ "strings"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// RequireHTTPMinProtocol request handler is used to enforce that
+// the target endpoint supports the given major and minor HTTP protocol version.
+type RequireHTTPMinProtocol struct {
+ Major, Minor int
+}
+
+// Handler will mark the request.Request with an error if the
+// target endpoint did not connect with the required HTTP protocol
+// major and minor version.
+func (p RequireHTTPMinProtocol) Handler(r *request.Request) {
+ if r.Error != nil || r.HTTPResponse == nil {
+ return
+ }
+
+ if !strings.HasPrefix(r.HTTPResponse.Proto, "HTTP") {
+ r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
+ }
+
+ if r.HTTPResponse.ProtoMajor < p.Major || r.HTTPResponse.ProtoMinor < p.Minor {
+ r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
+ }
+}
+
+// ErrCodeMinimumHTTPProtocolError error code is returned when the target endpoint
+// did not match the required HTTP major and minor protocol version.
+const ErrCodeMinimumHTTPProtocolError = "MinimumHTTPProtocolError"
+
+func newMinHTTPProtoError(major, minor int, r *request.Request) error {
+ return awserr.NewRequestFailure(
+ awserr.New("MinimumHTTPProtocolError",
+ fmt.Sprintf(
+ "operation requires minimum HTTP protocol of HTTP/%d.%d, but was %s",
+ major, minor, r.HTTPResponse.Proto,
+ ),
+ nil,
+ ),
+ r.HTTPResponse.StatusCode, r.RequestID,
+ )
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
index 0cb99eb57..d40346a77 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
@@ -1,7 +1,7 @@
// Package query provides serialization of AWS query requests, and responses.
package query
-//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/input/query.json build_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/query.json build_test.go
import (
"net/url"
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
index f69c1efc9..9231e95d1 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
@@ -1,6 +1,6 @@
package query
-//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/query.json unmarshal_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/query.json unmarshal_test.go
import (
"encoding/xml"
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
index de021367d..92f8b4d9a 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
@@ -15,6 +15,7 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/request"
+ awsStrings "github.com/aws/aws-sdk-go/internal/strings"
"github.com/aws/aws-sdk-go/private/protocol"
)
@@ -28,7 +29,9 @@ var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.rest.UnmarshalMeta
func Unmarshal(r *request.Request) {
if r.DataFilled() {
v := reflect.Indirect(reflect.ValueOf(r.Data))
- unmarshalBody(r, v)
+ if err := unmarshalBody(r, v); err != nil {
+ r.Error = err
+ }
}
}
@@ -40,12 +43,21 @@ func UnmarshalMeta(r *request.Request) {
r.RequestID = r.HTTPResponse.Header.Get("X-Amz-Request-Id")
}
if r.DataFilled() {
- v := reflect.Indirect(reflect.ValueOf(r.Data))
- unmarshalLocationElements(r, v)
+ if err := UnmarshalResponse(r.HTTPResponse, r.Data, aws.BoolValue(r.Config.LowerCaseHeaderMaps)); err != nil {
+ r.Error = err
+ }
}
}
-func unmarshalBody(r *request.Request, v reflect.Value) {
+// UnmarshalResponse attempts to unmarshal the REST response headers to
+// the data type passed in. The type must be a pointer. An error is returned
+// with any error unmarshaling the response into the target datatype.
+func UnmarshalResponse(resp *http.Response, data interface{}, lowerCaseHeaderMaps bool) error {
+ v := reflect.Indirect(reflect.ValueOf(data))
+ return unmarshalLocationElements(resp, v, lowerCaseHeaderMaps)
+}
+
+func unmarshalBody(r *request.Request, v reflect.Value) error {
if field, ok := v.Type().FieldByName("_"); ok {
if payloadName := field.Tag.Get("payload"); payloadName != "" {
pfield, _ := v.Type().FieldByName(payloadName)
@@ -57,35 +69,38 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
defer r.HTTPResponse.Body.Close()
b, err := ioutil.ReadAll(r.HTTPResponse.Body)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
- } else {
- payload.Set(reflect.ValueOf(b))
+ return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
}
+
+ payload.Set(reflect.ValueOf(b))
+
case *string:
defer r.HTTPResponse.Body.Close()
b, err := ioutil.ReadAll(r.HTTPResponse.Body)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
- } else {
- str := string(b)
- payload.Set(reflect.ValueOf(&str))
+ return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
}
+
+ str := string(b)
+ payload.Set(reflect.ValueOf(&str))
+
default:
switch payload.Type().String() {
case "io.ReadCloser":
payload.Set(reflect.ValueOf(r.HTTPResponse.Body))
+
case "io.ReadSeeker":
b, err := ioutil.ReadAll(r.HTTPResponse.Body)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization,
+ return awserr.New(request.ErrCodeSerialization,
"failed to read response body", err)
- return
}
payload.Set(reflect.ValueOf(ioutil.NopCloser(bytes.NewReader(b))))
+
default:
io.Copy(ioutil.Discard, r.HTTPResponse.Body)
- defer r.HTTPResponse.Body.Close()
- r.Error = awserr.New(request.ErrCodeSerialization,
+ r.HTTPResponse.Body.Close()
+ return awserr.New(request.ErrCodeSerialization,
"failed to decode REST response",
fmt.Errorf("unknown payload type %s", payload.Type()))
}
@@ -94,9 +109,11 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
}
}
}
+
+ return nil
}
-func unmarshalLocationElements(r *request.Request, v reflect.Value) {
+func unmarshalLocationElements(resp *http.Response, v reflect.Value, lowerCaseHeaderMaps bool) error {
for i := 0; i < v.NumField(); i++ {
m, field := v.Field(i), v.Type().Field(i)
if n := field.Name; n[0:1] == strings.ToLower(n[0:1]) {
@@ -111,26 +128,25 @@ func unmarshalLocationElements(r *request.Request, v reflect.Value) {
switch field.Tag.Get("location") {
case "statusCode":
- unmarshalStatusCode(m, r.HTTPResponse.StatusCode)
+ unmarshalStatusCode(m, resp.StatusCode)
+
case "header":
- err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag)
+ err := unmarshalHeader(m, resp.Header.Get(name), field.Tag)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
- break
+ return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
}
+
case "headers":
prefix := field.Tag.Get("locationName")
- err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix)
+ err := unmarshalHeaderMap(m, resp.Header, prefix, lowerCaseHeaderMaps)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
- break
+ awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
}
}
}
- if r.Error != nil {
- return
- }
}
+
+ return nil
}
func unmarshalStatusCode(v reflect.Value, statusCode int) {
@@ -145,29 +161,45 @@ func unmarshalStatusCode(v reflect.Value, statusCode int) {
}
}
-func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string) error {
+func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string, normalize bool) error {
+ if len(headers) == 0 {
+ return nil
+ }
switch r.Interface().(type) {
case map[string]*string: // we only support string map value types
out := map[string]*string{}
for k, v := range headers {
- k = http.CanonicalHeaderKey(k)
- if strings.HasPrefix(strings.ToLower(k), strings.ToLower(prefix)) {
+ if awsStrings.HasPrefixFold(k, prefix) {
+ if normalize == true {
+ k = strings.ToLower(k)
+ } else {
+ k = http.CanonicalHeaderKey(k)
+ }
out[k[len(prefix):]] = &v[0]
}
}
- r.Set(reflect.ValueOf(out))
+ if len(out) != 0 {
+ r.Set(reflect.ValueOf(out))
+ }
+
}
return nil
}
func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) error {
- isJSONValue := tag.Get("type") == "jsonvalue"
- if isJSONValue {
+ switch tag.Get("type") {
+ case "jsonvalue":
if len(header) == 0 {
return nil
}
- } else if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) {
- return nil
+ case "blob":
+ if len(header) == 0 {
+ return nil
+ }
+ default:
+ if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) {
+ return nil
+ }
}
switch v.Interface().(type) {
@@ -178,7 +210,7 @@ func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) erro
if err != nil {
return err
}
- v.Set(reflect.ValueOf(&b))
+ v.Set(reflect.ValueOf(b))
case *bool:
b, err := strconv.ParseBool(header)
if err != nil {
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
index cf569645d..b1ae36487 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
@@ -2,8 +2,8 @@
// requests and responses.
package restxml
-//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/input/rest-xml.json build_test.go
-//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/rest-xml.json unmarshal_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-xml.json build_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-xml.json unmarshal_test.go
import (
"bytes"
@@ -39,7 +39,7 @@ func Build(r *request.Request) {
r.Error = awserr.NewRequestFailure(
awserr.New(request.ErrCodeSerialization,
"failed to encode rest XML request", err),
- r.HTTPResponse.StatusCode,
+ 0,
r.RequestID,
)
return
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
index b7ed6c6f8..98f4caed9 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
@@ -1,8 +1,11 @@
package protocol
import (
+ "math"
"strconv"
"time"
+
+ "github.com/aws/aws-sdk-go/internal/sdkmath"
)
// Names of time formats supported by the SDK
@@ -13,12 +16,19 @@ const (
)
// Time formats supported by the SDK
+// Output time is intended to not contain decimals
const (
// RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT
RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT"
+ // This format is used for output time without seconds precision
+ RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT"
+
// RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z
- ISO8601TimeFormat = "2006-01-02T15:04:05Z"
+ ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z"
+
+ // This format is used for output time with fractional second precision up to milliseconds
+ ISO8601OutputTimeFormat = "2006-01-02T15:04:05.999999999Z"
)
// IsKnownTimestampFormat returns if the timestamp format name
@@ -38,15 +48,16 @@ func IsKnownTimestampFormat(name string) bool {
// FormatTime returns a string value of the time.
func FormatTime(name string, t time.Time) string {
- t = t.UTC()
+ t = t.UTC().Truncate(time.Millisecond)
switch name {
case RFC822TimeFormatName:
- return t.Format(RFC822TimeFormat)
+ return t.Format(RFC822OutputTimeFormat)
case ISO8601TimeFormatName:
- return t.Format(ISO8601TimeFormat)
+ return t.Format(ISO8601OutputTimeFormat)
case UnixTimeFormatName:
- return strconv.FormatInt(t.Unix(), 10)
+ ms := t.UnixNano() / int64(time.Millisecond)
+ return strconv.FormatFloat(float64(ms)/1e3, 'f', -1, 64)
default:
panic("unknown timestamp format name, " + name)
}
@@ -62,10 +73,12 @@ func ParseTime(formatName, value string) (time.Time, error) {
return time.Parse(ISO8601TimeFormat, value)
case UnixTimeFormatName:
v, err := strconv.ParseFloat(value, 64)
+ _, dec := math.Modf(v)
+ dec = sdkmath.Round(dec*1e3) / 1e3 //Rounds 0.1229999 to 0.123
if err != nil {
return time.Time{}, err
}
- return time.Unix(int64(v), 0), nil
+ return time.Unix(int64(v), int64(dec*(1e9))), nil
default:
panic("unknown timestamp format name, " + formatName)
}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
index da1a68111..f614ef898 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
@@ -19,3 +19,9 @@ func UnmarshalDiscardBody(r *request.Request) {
io.Copy(ioutil.Discard, r.HTTPResponse.Body)
r.HTTPResponse.Body.Close()
}
+
+// ResponseMetadata provides the SDK response metadata attributes.
+type ResponseMetadata struct {
+ StatusCode int
+ RequestID string
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
new file mode 100644
index 000000000..cc857f136
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
@@ -0,0 +1,65 @@
+package protocol
+
+import (
+ "net/http"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// UnmarshalErrorHandler provides unmarshaling errors API response errors for
+// both typed and untyped errors.
+type UnmarshalErrorHandler struct {
+ unmarshaler ErrorUnmarshaler
+}
+
+// ErrorUnmarshaler is an abstract interface for concrete implementations to
+// unmarshal protocol specific response errors.
+type ErrorUnmarshaler interface {
+ UnmarshalError(*http.Response, ResponseMetadata) (error, error)
+}
+
+// NewUnmarshalErrorHandler returns an UnmarshalErrorHandler
+// initialized for the set of exception names to the error unmarshalers
+func NewUnmarshalErrorHandler(unmarshaler ErrorUnmarshaler) *UnmarshalErrorHandler {
+ return &UnmarshalErrorHandler{
+ unmarshaler: unmarshaler,
+ }
+}
+
+// UnmarshalErrorHandlerName is the name of the named handler.
+const UnmarshalErrorHandlerName = "awssdk.protocol.UnmarshalError"
+
+// NamedHandler returns a NamedHandler for the unmarshaler using the set of
+// errors the unmarshaler was initialized for.
+func (u *UnmarshalErrorHandler) NamedHandler() request.NamedHandler {
+ return request.NamedHandler{
+ Name: UnmarshalErrorHandlerName,
+ Fn: u.UnmarshalError,
+ }
+}
+
+// UnmarshalError will attempt to unmarshal the API response's error message
+// into either a generic SDK error type, or a typed error corresponding to the
+// errors exception name.
+func (u *UnmarshalErrorHandler) UnmarshalError(r *request.Request) {
+ defer r.HTTPResponse.Body.Close()
+
+ respMeta := ResponseMetadata{
+ StatusCode: r.HTTPResponse.StatusCode,
+ RequestID: r.RequestID,
+ }
+
+ v, err := u.unmarshaler.UnmarshalError(r.HTTPResponse, respMeta)
+ if err != nil {
+ r.Error = awserr.NewRequestFailure(
+ awserr.New(request.ErrCodeSerialization,
+ "failed to unmarshal response error", err),
+ respMeta.StatusCode,
+ respMeta.RequestID,
+ )
+ return
+ }
+
+ r.Error = v
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
index cf981fe95..09ad95159 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
@@ -8,6 +8,7 @@ import (
"reflect"
"sort"
"strconv"
+ "strings"
"time"
"github.com/aws/aws-sdk-go/private/protocol"
@@ -60,6 +61,14 @@ func (b *xmlBuilder) buildValue(value reflect.Value, current *XMLNode, tag refle
return nil
}
+ xml := tag.Get("xml")
+ if len(xml) != 0 {
+ name := strings.SplitAfterN(xml, ",", 2)[0]
+ if name == "-" {
+ return nil
+ }
+ }
+
t := tag.Get("type")
if t == "" {
switch value.Kind() {
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
new file mode 100644
index 000000000..c1a511851
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
@@ -0,0 +1,32 @@
+package xmlutil
+
+import (
+ "encoding/xml"
+ "strings"
+)
+
+type xmlAttrSlice []xml.Attr
+
+func (x xmlAttrSlice) Len() int {
+ return len(x)
+}
+
+func (x xmlAttrSlice) Less(i, j int) bool {
+ spaceI, spaceJ := x[i].Name.Space, x[j].Name.Space
+ localI, localJ := x[i].Name.Local, x[j].Name.Local
+ valueI, valueJ := x[i].Value, x[j].Value
+
+ spaceCmp := strings.Compare(spaceI, spaceJ)
+ localCmp := strings.Compare(localI, localJ)
+ valueCmp := strings.Compare(valueI, valueJ)
+
+ if spaceCmp == -1 || (spaceCmp == 0 && (localCmp == -1 || (localCmp == 0 && valueCmp == -1))) {
+ return true
+ }
+
+ return false
+}
+
+func (x xmlAttrSlice) Swap(i, j int) {
+ x[i], x[j] = x[j], x[i]
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
index 7108d3800..107c053f8 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
@@ -64,6 +64,14 @@ func UnmarshalXML(v interface{}, d *xml.Decoder, wrapper string) error {
// parse deserializes any value from the XMLNode. The type tag is used to infer the type, or reflect
// will be used to determine the type from r.
func parse(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
+ xml := tag.Get("xml")
+ if len(xml) != 0 {
+ name := strings.SplitAfterN(xml, ",", 2)[0]
+ if name == "-" {
+ return nil
+ }
+ }
+
rtype := r.Type()
if rtype.Kind() == reflect.Ptr {
rtype = rtype.Elem() // check kind of actual element type
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
index 515ce1521..42f71648e 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
@@ -119,7 +119,18 @@ func (n *XMLNode) findElem(name string) (string, bool) {
// StructToXML writes an XMLNode to a xml.Encoder as tokens.
func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error {
- e.EncodeToken(xml.StartElement{Name: node.Name, Attr: node.Attr})
+ // Sort Attributes
+ attrs := node.Attr
+ if sorted {
+ sortedAttrs := make([]xml.Attr, len(attrs))
+ for _, k := range node.Attr {
+ sortedAttrs = append(sortedAttrs, k)
+ }
+ sort.Sort(xmlAttrSlice(sortedAttrs))
+ attrs = sortedAttrs
+ }
+
+ e.EncodeToken(xml.StartElement{Name: node.Name, Attr: attrs})
if node.Text != "" {
e.EncodeToken(xml.CharData([]byte(node.Text)))
diff --git a/vendor/github.com/aws/aws-sdk-go/service/route53/api.go b/vendor/github.com/aws/aws-sdk-go/service/route53/api.go
index 25821d8c9..34ec3edaf 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/route53/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/route53/api.go
@@ -13,6 +13,102 @@ import (
"github.com/aws/aws-sdk-go/private/protocol/restxml"
)
+const opActivateKeySigningKey = "ActivateKeySigningKey"
+
+// ActivateKeySigningKeyRequest generates a "aws/request.Request" representing the
+// client's request for the ActivateKeySigningKey operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ActivateKeySigningKey for more information on using the ActivateKeySigningKey
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+// // Example sending a request using the ActivateKeySigningKeyRequest method.
+// req, resp := client.ActivateKeySigningKeyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/ActivateKeySigningKey
+func (c *Route53) ActivateKeySigningKeyRequest(input *ActivateKeySigningKeyInput) (req *request.Request, output *ActivateKeySigningKeyOutput) {
+ op := &request.Operation{
+ Name: opActivateKeySigningKey,
+ HTTPMethod: "POST",
+ HTTPPath: "/2013-04-01/keysigningkey/{HostedZoneId}/{Name}/activate",
+ }
+
+ if input == nil {
+ input = &ActivateKeySigningKeyInput{}
+ }
+
+ output = &ActivateKeySigningKeyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ActivateKeySigningKey API operation for Amazon Route 53.
+//
+// Activates a key signing key (KSK) so that it can be used for signing by DNSSEC.
+// This operation changes the KSK status to ACTIVE.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Route 53's
+// API operation ActivateKeySigningKey for usage and error information.
+//
+// Returned Error Codes:
+// * ErrCodeConcurrentModification "ConcurrentModification"
+// Another user submitted a request to create, update, or delete the object
+// at the same time that you did. Retry the request.
+//
+// * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey"
+// The specified key signing key (KSK) doesn't exist.
+//
+// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
+// The key signing key (KSK) status isn't valid or another KSK has the status
+// INTERNAL_FAILURE.
+//
+// * ErrCodeInvalidSigningStatus "InvalidSigningStatus"
+// Your hosted zone status isn't valid for this operation. In the hosted zone,
+// change the status to enable DNSSEC or disable DNSSEC.
+//
+// * ErrCodeInvalidKMSArn "InvalidKMSArn"
+// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC
+// signing.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/ActivateKeySigningKey
+func (c *Route53) ActivateKeySigningKey(input *ActivateKeySigningKeyInput) (*ActivateKeySigningKeyOutput, error) {
+ req, out := c.ActivateKeySigningKeyRequest(input)
+ return out, req.Send()
+}
+
+// ActivateKeySigningKeyWithContext is the same as ActivateKeySigningKey with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ActivateKeySigningKey for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Route53) ActivateKeySigningKeyWithContext(ctx aws.Context, input *ActivateKeySigningKeyInput, opts ...request.Option) (*ActivateKeySigningKeyOutput, error) {
+ req, out := c.ActivateKeySigningKeyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opAssociateVPCWithHostedZone = "AssociateVPCWithHostedZone"
// AssociateVPCWithHostedZoneRequest generates a "aws/request.Request" representing the
@@ -95,22 +191,22 @@ func (c *Route53) AssociateVPCWithHostedZoneRequest(input *AssociateVPCWithHoste
// 53 doesn't support associating a VPC with a public hosted zone.
//
// * ErrCodeConflictingDomainExists "ConflictingDomainExists"
-// The cause of this error depends on whether you're trying to create a public
-// or a private hosted zone:
-//
-// * Public hosted zone: Two hosted zones that have the same name or that
-// have a parent/child relationship (example.com and test.example.com) can't
-// have any common name servers. You tried to create a hosted zone that has
-// the same name as an existing hosted zone or that's the parent or child
-// of an existing hosted zone, and you specified a delegation set that shares
-// one or more name servers with the existing hosted zone. For more information,
-// see CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html).
-//
-// * Private hosted zone: You specified an Amazon VPC that you're already
-// using for another hosted zone, and the domain that you specified for one
-// of the hosted zones is a subdomain of the domain that you specified for
-// the other hosted zone. For example, you can't use the same Amazon VPC
-// for the hosted zones for example.com and test.example.com.
+// The cause of this error depends on the operation that you're performing:
+//
+// * Create a public hosted zone: Two hosted zones that have the same name
+// or that have a parent/child relationship (example.com and test.example.com)
+// can't have any common name servers. You tried to create a hosted zone
+// that has the same name as an existing hosted zone or that's the parent
+// or child of an existing hosted zone, and you specified a delegation set
+// that shares one or more name servers with the existing hosted zone. For
+// more information, see CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html).
+//
+// * Create a private hosted zone: A hosted zone with the specified name
+// already exists and is already associated with the Amazon VPC that you
+// specified.
+//
+// * Associate VPCs with a private hosted zone: The VPC that you specified
+// is already associated with another hosted zone that has the same name.
//
// * ErrCodeLimitsExceeded "LimitsExceeded"
// This operation can't be completed either because the current account has
@@ -123,6 +219,13 @@ func (c *Route53) AssociateVPCWithHostedZoneRequest(input *AssociateVPCWithHoste
// To request a higher limit, create a case (http://aws.amazon.com/route53-request)
// with the AWS Support Center.
//
+// * ErrCodePriorRequestNotComplete "PriorRequestNotComplete"
+// If Amazon Route 53 can't process a request before the next request arrives,
+// it will reject subsequent requests for the same hosted zone and return an
+// HTTP 400 error (Bad request). If Route 53 returns this error repeatedly for
+// the same request, we recommend that you wait, in intervals of increasing
+// duration, before you try the request again.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/AssociateVPCWithHostedZone
func (c *Route53) AssociateVPCWithHostedZone(input *AssociateVPCWithHostedZoneInput) (*AssociateVPCWithHostedZoneOutput, error) {
req, out := c.AssociateVPCWithHostedZoneRequest(input)
@@ -195,27 +298,30 @@ func (c *Route53) ChangeResourceRecordSetsRequest(input *ChangeResourceRecordSet
// routes traffic for test.example.com to a web server that has an IP address
// of 192.0.2.44.
//
+// Deleting Resource Record Sets
+//
+// To delete a resource record set, you must specify all the same values that
+// you specified when you created it.
+//
// Change Batches and Transactional Changes
//
// The request body must include a document with a ChangeResourceRecordSetsRequest
// element. The request body contains a list of change items, known as a change
-// batch. Change batches are considered transactional changes. When using the
-// Amazon Route 53 API to change resource record sets, Route 53 either makes
-// all or none of the changes in a change batch request. This ensures that Route
-// 53 never partially implements the intended changes to the resource record
-// sets in a hosted zone.
-//
-// For example, a change batch request that deletes the CNAME record for www.example.com
-// and creates an alias resource record set for www.example.com. Route 53 deletes
-// the first resource record set and creates the second resource record set
-// in a single operation. If either the DELETE or the CREATE action fails, then
-// both changes (plus any other changes in the batch) fail, and the original
-// CNAME record continues to exist.
-//
-// Due to the nature of transactional changes, you can't delete the same resource
-// record set more than once in a single change batch. If you attempt to delete
-// the same change batch more than once, Route 53 returns an InvalidChangeBatch
-// error.
+// batch. Change batches are considered transactional changes. Route 53 validates
+// the changes in the request and then either makes all or none of the changes
+// in the change batch request. This ensures that DNS routing isn't adversely
+// affected by partial changes to the resource record sets in a hosted zone.
+//
+// For example, suppose a change batch request contains two changes: it deletes
+// the CNAME resource record set for www.example.com and creates an alias resource
+// record set for www.example.com. If validation for both records succeeds,
+// Route 53 deletes the first resource record set and creates the second resource
+// record set in a single operation. If validation for either the DELETE or
+// the CREATE action fails, then the request is canceled, and the original CNAME
+// record continues to exist.
+//
+// If you try to delete the same resource record set more than once in a single
+// change batch, Route 53 returns an InvalidChangeBatch error.
//
// Traffic Flow
//
@@ -226,7 +332,7 @@ func (c *Route53) ChangeResourceRecordSetsRequest(input *ChangeResourceRecordSet
// names (such as example.com) or subdomain names (such as www.example.com),
// in the same hosted zone or in multiple hosted zones. You can roll back the
// updates if the new configuration isn't performing as expected. For more information,
-// see Using Traffic Flow to Route DNS Traffic (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/traffic-flow.html)
+// see Using Traffic Flow to Route DNS Traffic (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/traffic-flow.html)
// in the Amazon Route 53 Developer Guide.
//
// Create, Delete, and Upsert
@@ -495,7 +601,7 @@ func (c *Route53) CreateHealthCheckRequest(input *CreateHealthCheckInput) (req *
// of the Amazon EC2 StatusCheckFailed metric, add an alarm to the metric,
// and then create a health check that is based on the state of the alarm.
// For information about creating CloudWatch metrics and alarms by using
-// the CloudWatch console, see the Amazon CloudWatch User Guide (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatch.html).
+// the CloudWatch console, see the Amazon CloudWatch User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatch.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -620,10 +726,10 @@ func (c *Route53) CreateHostedZoneRequest(input *CreateHostedZoneInput) (req *re
// * You can't create a hosted zone for a top-level domain (TLD) such as
// .com.
//
-// * For public hosted zones, Amazon Route 53 automatically creates a default
-// SOA record and four NS records for the zone. For more information about
-// SOA and NS records, see NS and SOA Records that Route 53 Creates for a
-// Hosted Zone (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/SOA-NSrecords.html)
+// * For public hosted zones, Route 53 automatically creates a default SOA
+// record and four NS records for the zone. For more information about SOA
+// and NS records, see NS and SOA Records that Route 53 Creates for a Hosted
+// Zone (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/SOA-NSrecords.html)
// in the Amazon Route 53 Developer Guide. If you want to use the same name
// servers for multiple public hosted zones, you can optionally associate
// a reusable delegation set with the hosted zone. See the DelegationSetId
@@ -632,7 +738,7 @@ func (c *Route53) CreateHostedZoneRequest(input *CreateHostedZoneInput) (req *re
// * If your domain is registered with a registrar other than Route 53, you
// must update the name servers with your registrar to make Route 53 the
// DNS service for the domain. For more information, see Migrating DNS Service
-// for an Existing Domain to Amazon Route 53 (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html)
+// for an Existing Domain to Amazon Route 53 (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html)
// in the Amazon Route 53 Developer Guide.
//
// When you submit a CreateHostedZone request, the initial status of the hosted
@@ -689,22 +795,22 @@ func (c *Route53) CreateHostedZoneRequest(input *CreateHostedZoneInput) (req *re
// error, contact Customer Support.
//
// * ErrCodeConflictingDomainExists "ConflictingDomainExists"
-// The cause of this error depends on whether you're trying to create a public
-// or a private hosted zone:
-//
-// * Public hosted zone: Two hosted zones that have the same name or that
-// have a parent/child relationship (example.com and test.example.com) can't
-// have any common name servers. You tried to create a hosted zone that has
-// the same name as an existing hosted zone or that's the parent or child
-// of an existing hosted zone, and you specified a delegation set that shares
-// one or more name servers with the existing hosted zone. For more information,
-// see CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html).
-//
-// * Private hosted zone: You specified an Amazon VPC that you're already
-// using for another hosted zone, and the domain that you specified for one
-// of the hosted zones is a subdomain of the domain that you specified for
-// the other hosted zone. For example, you can't use the same Amazon VPC
-// for the hosted zones for example.com and test.example.com.
+// The cause of this error depends on the operation that you're performing:
+//
+// * Create a public hosted zone: Two hosted zones that have the same name
+// or that have a parent/child relationship (example.com and test.example.com)
+// can't have any common name servers. You tried to create a hosted zone
+// that has the same name as an existing hosted zone or that's the parent
+// or child of an existing hosted zone, and you specified a delegation set
+// that shares one or more name servers with the existing hosted zone. For
+// more information, see CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html).
+//
+// * Create a private hosted zone: A hosted zone with the specified name
+// already exists and is already associated with the Amazon VPC that you
+// specified.
+//
+// * Associate VPCs with a private hosted zone: The VPC that you specified
+// is already associated with another hosted zone that has the same name.
//
// * ErrCodeNoSuchDelegationSet "NoSuchDelegationSet"
// A reusable delegation set with the specified ID does not exist.
@@ -734,6 +840,119 @@ func (c *Route53) CreateHostedZoneWithContext(ctx aws.Context, input *CreateHost
return out, req.Send()
}
+const opCreateKeySigningKey = "CreateKeySigningKey"
+
+// CreateKeySigningKeyRequest generates a "aws/request.Request" representing the
+// client's request for the CreateKeySigningKey operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateKeySigningKey for more information on using the CreateKeySigningKey
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+// // Example sending a request using the CreateKeySigningKeyRequest method.
+// req, resp := client.CreateKeySigningKeyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/CreateKeySigningKey
+func (c *Route53) CreateKeySigningKeyRequest(input *CreateKeySigningKeyInput) (req *request.Request, output *CreateKeySigningKeyOutput) {
+ op := &request.Operation{
+ Name: opCreateKeySigningKey,
+ HTTPMethod: "POST",
+ HTTPPath: "/2013-04-01/keysigningkey",
+ }
+
+ if input == nil {
+ input = &CreateKeySigningKeyInput{}
+ }
+
+ output = &CreateKeySigningKeyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateKeySigningKey API operation for Amazon Route 53.
+//
+// Creates a new key signing key (KSK) associated with a hosted zone. You can
+// only have two KSKs per hosted zone.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Route 53's
+// API operation CreateKeySigningKey for usage and error information.
+//
+// Returned Error Codes:
+// * ErrCodeNoSuchHostedZone "NoSuchHostedZone"
+// No hosted zone exists with the ID that you specified.
+//
+// * ErrCodeInvalidArgument "InvalidArgument"
+// Parameter name is not valid.
+//
+// * ErrCodeInvalidInput "InvalidInput"
+// The input is not valid.
+//
+// * ErrCodeInvalidKMSArn "InvalidKMSArn"
+// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC
+// signing.
+//
+// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
+// The key signing key (KSK) status isn't valid or another KSK has the status
+// INTERNAL_FAILURE.
+//
+// * ErrCodeInvalidSigningStatus "InvalidSigningStatus"
+// Your hosted zone status isn't valid for this operation. In the hosted zone,
+// change the status to enable DNSSEC or disable DNSSEC.
+//
+// * ErrCodeInvalidKeySigningKeyName "InvalidKeySigningKeyName"
+// The key signing key (KSK) name that you specified isn't a valid name.
+//
+// * ErrCodeKeySigningKeyAlreadyExists "KeySigningKeyAlreadyExists"
+// You've already created a key signing key (KSK) with this name or with the
+// same customer managed key (CMK) ARN.
+//
+// * ErrCodeTooManyKeySigningKeys "TooManyKeySigningKeys"
+// You've reached the limit for the number of key signing keys (KSKs). Remove
+// at least one KSK, and then try again.
+//
+// * ErrCodeConcurrentModification "ConcurrentModification"
+// Another user submitted a request to create, update, or delete the object
+// at the same time that you did. Retry the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/CreateKeySigningKey
+func (c *Route53) CreateKeySigningKey(input *CreateKeySigningKeyInput) (*CreateKeySigningKeyOutput, error) {
+ req, out := c.CreateKeySigningKeyRequest(input)
+ return out, req.Send()
+}
+
+// CreateKeySigningKeyWithContext is the same as CreateKeySigningKey with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateKeySigningKey for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Route53) CreateKeySigningKeyWithContext(ctx aws.Context, input *CreateKeySigningKeyInput, opts ...request.Option) (*CreateKeySigningKeyOutput, error) {
+ req, out := c.CreateKeySigningKeyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opCreateQueryLoggingConfig = "CreateQueryLoggingConfig"
// CreateQueryLoggingConfigRequest generates a "aws/request.Request" representing the
@@ -987,13 +1206,16 @@ func (c *Route53) CreateReusableDelegationSetRequest(input *CreateReusableDelega
// CreateReusableDelegationSet API operation for Amazon Route 53.
//
// Creates a delegation set (a group of four name servers) that can be reused
-// by multiple hosted zones. If a hosted zoned ID is specified, CreateReusableDelegationSet
-// marks the delegation set associated with that zone as reusable.
+// by multiple hosted zones that were created by the same AWS account.
+//
+// You can also create a reusable delegation set that uses the four name servers
+// that are associated with an existing hosted zone. Specify the hosted zone
+// ID in the CreateReusableDelegationSet request.
//
// You can't associate a reusable delegation set with a private hosted zone.
//
// For information about using a reusable delegation set to configure white
-// label name servers, see Configuring White Label Name Servers (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/white-label-name-servers.html).
+// label name servers, see Configuring White Label Name Servers (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/white-label-name-servers.html).
//
// The process for migrating existing hosted zones to use a reusable delegation
// set is comparable to the process for configuring white label name servers.
@@ -1058,7 +1280,7 @@ func (c *Route53) CreateReusableDelegationSetRequest(input *CreateReusableDelega
// The specified HostedZone can't be found.
//
// * ErrCodeInvalidArgument "InvalidArgument"
-// Parameter name is invalid.
+// Parameter name is not valid.
//
// * ErrCodeInvalidInput "InvalidInput"
// The input is not valid.
@@ -1171,7 +1393,7 @@ func (c *Route53) CreateTrafficPolicyRequest(input *CreateTrafficPolicyInput) (r
//
// * ErrCodeInvalidTrafficPolicyDocument "InvalidTrafficPolicyDocument"
// The format of the traffic policy document that you specified in the Document
-// element is invalid.
+// element is not valid.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/CreateTrafficPolicy
func (c *Route53) CreateTrafficPolicy(input *CreateTrafficPolicyInput) (*CreateTrafficPolicyOutput, error) {
@@ -1384,7 +1606,7 @@ func (c *Route53) CreateTrafficPolicyVersionRequest(input *CreateTrafficPolicyVe
//
// * ErrCodeInvalidTrafficPolicyDocument "InvalidTrafficPolicyDocument"
// The format of the traffic policy document that you specified in the Document
-// element is invalid.
+// element is not valid.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/CreateTrafficPolicyVersion
func (c *Route53) CreateTrafficPolicyVersion(input *CreateTrafficPolicyVersionInput) (*CreateTrafficPolicyVersionOutput, error) {
@@ -1514,6 +1736,106 @@ func (c *Route53) CreateVPCAssociationAuthorizationWithContext(ctx aws.Context,
return out, req.Send()
}
+const opDeactivateKeySigningKey = "DeactivateKeySigningKey"
+
+// DeactivateKeySigningKeyRequest generates a "aws/request.Request" representing the
+// client's request for the DeactivateKeySigningKey operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeactivateKeySigningKey for more information on using the DeactivateKeySigningKey
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+// // Example sending a request using the DeactivateKeySigningKeyRequest method.
+// req, resp := client.DeactivateKeySigningKeyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeactivateKeySigningKey
+func (c *Route53) DeactivateKeySigningKeyRequest(input *DeactivateKeySigningKeyInput) (req *request.Request, output *DeactivateKeySigningKeyOutput) {
+ op := &request.Operation{
+ Name: opDeactivateKeySigningKey,
+ HTTPMethod: "POST",
+ HTTPPath: "/2013-04-01/keysigningkey/{HostedZoneId}/{Name}/deactivate",
+ }
+
+ if input == nil {
+ input = &DeactivateKeySigningKeyInput{}
+ }
+
+ output = &DeactivateKeySigningKeyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DeactivateKeySigningKey API operation for Amazon Route 53.
+//
+// Deactivates a key signing key (KSK) so that it will not be used for signing
+// by DNSSEC. This operation changes the KSK status to INACTIVE.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Route 53's
+// API operation DeactivateKeySigningKey for usage and error information.
+//
+// Returned Error Codes:
+// * ErrCodeConcurrentModification "ConcurrentModification"
+// Another user submitted a request to create, update, or delete the object
+// at the same time that you did. Retry the request.
+//
+// * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey"
+// The specified key signing key (KSK) doesn't exist.
+//
+// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
+// The key signing key (KSK) status isn't valid or another KSK has the status
+// INTERNAL_FAILURE.
+//
+// * ErrCodeInvalidSigningStatus "InvalidSigningStatus"
+// Your hosted zone status isn't valid for this operation. In the hosted zone,
+// change the status to enable DNSSEC or disable DNSSEC.
+//
+// * ErrCodeKeySigningKeyInUse "KeySigningKeyInUse"
+// The key signing key (KSK) that you specified can't be deactivated because
+// it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing,
+// or add or enable another KSK.
+//
+// * ErrCodeKeySigningKeyInParentDSRecord "KeySigningKeyInParentDSRecord"
+// The key signing key (KSK) is specified in a parent DS record.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeactivateKeySigningKey
+func (c *Route53) DeactivateKeySigningKey(input *DeactivateKeySigningKeyInput) (*DeactivateKeySigningKeyOutput, error) {
+ req, out := c.DeactivateKeySigningKeyRequest(input)
+ return out, req.Send()
+}
+
+// DeactivateKeySigningKeyWithContext is the same as DeactivateKeySigningKey with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeactivateKeySigningKey for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Route53) DeactivateKeySigningKeyWithContext(ctx aws.Context, input *DeactivateKeySigningKeyInput, opts ...request.Option) (*DeactivateKeySigningKeyOutput, error) {
+ req, out := c.DeactivateKeySigningKeyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opDeleteHealthCheck = "DeleteHealthCheck"
// DeleteHealthCheckRequest generates a "aws/request.Request" representing the
@@ -1566,9 +1888,15 @@ func (c *Route53) DeleteHealthCheckRequest(input *DeleteHealthCheckInput) (req *
// you delete a health check and you don't update the associated resource record
// sets, the future status of the health check can't be predicted and may change.
// This will affect the routing of DNS queries for your DNS failover configuration.
-// For more information, see Replacing and Deleting Health Checks (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/health-checks-creating-deleting.html#health-checks-deleting.html)
+// For more information, see Replacing and Deleting Health Checks (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/health-checks-creating-deleting.html#health-checks-deleting.html)
// in the Amazon Route 53 Developer Guide.
//
+// If you're using AWS Cloud Map and you configured Cloud Map to create a Route
+// 53 health check when you register an instance, you can't use the Route 53
+// DeleteHealthCheck command to delete the health check. The health check is
+// deleted automatically when you deregister the instance; there can be a delay
+// of several hours before the health check is deleted from Route 53.
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -1748,115 +2076,212 @@ func (c *Route53) DeleteHostedZoneWithContext(ctx aws.Context, input *DeleteHost
return out, req.Send()
}
-const opDeleteQueryLoggingConfig = "DeleteQueryLoggingConfig"
+const opDeleteKeySigningKey = "DeleteKeySigningKey"
-// DeleteQueryLoggingConfigRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteQueryLoggingConfig operation. The "output" return
+// DeleteKeySigningKeyRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteKeySigningKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See DeleteQueryLoggingConfig for more information on using the DeleteQueryLoggingConfig
+// See DeleteKeySigningKey for more information on using the DeleteKeySigningKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
-// // Example sending a request using the DeleteQueryLoggingConfigRequest method.
-// req, resp := client.DeleteQueryLoggingConfigRequest(params)
+// // Example sending a request using the DeleteKeySigningKeyRequest method.
+// req, resp := client.DeleteKeySigningKeyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeleteQueryLoggingConfig
-func (c *Route53) DeleteQueryLoggingConfigRequest(input *DeleteQueryLoggingConfigInput) (req *request.Request, output *DeleteQueryLoggingConfigOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeleteKeySigningKey
+func (c *Route53) DeleteKeySigningKeyRequest(input *DeleteKeySigningKeyInput) (req *request.Request, output *DeleteKeySigningKeyOutput) {
op := &request.Operation{
- Name: opDeleteQueryLoggingConfig,
+ Name: opDeleteKeySigningKey,
HTTPMethod: "DELETE",
- HTTPPath: "/2013-04-01/queryloggingconfig/{Id}",
+ HTTPPath: "/2013-04-01/keysigningkey/{HostedZoneId}/{Name}",
}
if input == nil {
- input = &DeleteQueryLoggingConfigInput{}
+ input = &DeleteKeySigningKeyInput{}
}
- output = &DeleteQueryLoggingConfigOutput{}
+ output = &DeleteKeySigningKeyOutput{}
req = c.newRequest(op, input, output)
- req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
-// DeleteQueryLoggingConfig API operation for Amazon Route 53.
-//
-// Deletes a configuration for DNS query logging. If you delete a configuration,
-// Amazon Route 53 stops sending query logs to CloudWatch Logs. Route 53 doesn't
-// delete any logs that are already in CloudWatch Logs.
+// DeleteKeySigningKey API operation for Amazon Route 53.
//
-// For more information about DNS query logs, see CreateQueryLoggingConfig (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateQueryLoggingConfig.html).
+// Deletes a key signing key (KSK). Before you can delete a KSK, you must deactivate
+// it. The KSK must be deactived before you can delete it regardless of whether
+// the hosted zone is enabled for DNSSEC signing.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Route 53's
-// API operation DeleteQueryLoggingConfig for usage and error information.
+// API operation DeleteKeySigningKey for usage and error information.
//
// Returned Error Codes:
// * ErrCodeConcurrentModification "ConcurrentModification"
// Another user submitted a request to create, update, or delete the object
// at the same time that you did. Retry the request.
//
-// * ErrCodeNoSuchQueryLoggingConfig "NoSuchQueryLoggingConfig"
-// There is no DNS query logging configuration with the specified ID.
+// * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey"
+// The specified key signing key (KSK) doesn't exist.
//
-// * ErrCodeInvalidInput "InvalidInput"
-// The input is not valid.
+// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
+// The key signing key (KSK) status isn't valid or another KSK has the status
+// INTERNAL_FAILURE.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeleteQueryLoggingConfig
-func (c *Route53) DeleteQueryLoggingConfig(input *DeleteQueryLoggingConfigInput) (*DeleteQueryLoggingConfigOutput, error) {
- req, out := c.DeleteQueryLoggingConfigRequest(input)
+// * ErrCodeInvalidSigningStatus "InvalidSigningStatus"
+// Your hosted zone status isn't valid for this operation. In the hosted zone,
+// change the status to enable DNSSEC or disable DNSSEC.
+//
+// * ErrCodeInvalidKMSArn "InvalidKMSArn"
+// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC
+// signing.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeleteKeySigningKey
+func (c *Route53) DeleteKeySigningKey(input *DeleteKeySigningKeyInput) (*DeleteKeySigningKeyOutput, error) {
+ req, out := c.DeleteKeySigningKeyRequest(input)
return out, req.Send()
}
-// DeleteQueryLoggingConfigWithContext is the same as DeleteQueryLoggingConfig with the addition of
+// DeleteKeySigningKeyWithContext is the same as DeleteKeySigningKey with the addition of
// the ability to pass a context and additional request options.
//
-// See DeleteQueryLoggingConfig for details on how to use this API operation.
+// See DeleteKeySigningKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *Route53) DeleteQueryLoggingConfigWithContext(ctx aws.Context, input *DeleteQueryLoggingConfigInput, opts ...request.Option) (*DeleteQueryLoggingConfigOutput, error) {
- req, out := c.DeleteQueryLoggingConfigRequest(input)
+func (c *Route53) DeleteKeySigningKeyWithContext(ctx aws.Context, input *DeleteKeySigningKeyInput, opts ...request.Option) (*DeleteKeySigningKeyOutput, error) {
+ req, out := c.DeleteKeySigningKeyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opDeleteReusableDelegationSet = "DeleteReusableDelegationSet"
+const opDeleteQueryLoggingConfig = "DeleteQueryLoggingConfig"
-// DeleteReusableDelegationSetRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteReusableDelegationSet operation. The "output" return
+// DeleteQueryLoggingConfigRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteQueryLoggingConfig operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See DeleteReusableDelegationSet for more information on using the DeleteReusableDelegationSet
+// See DeleteQueryLoggingConfig for more information on using the DeleteQueryLoggingConfig
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
-// // Example sending a request using the DeleteReusableDelegationSetRequest method.
+// // Example sending a request using the DeleteQueryLoggingConfigRequest method.
+// req, resp := client.DeleteQueryLoggingConfigRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeleteQueryLoggingConfig
+func (c *Route53) DeleteQueryLoggingConfigRequest(input *DeleteQueryLoggingConfigInput) (req *request.Request, output *DeleteQueryLoggingConfigOutput) {
+ op := &request.Operation{
+ Name: opDeleteQueryLoggingConfig,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/2013-04-01/queryloggingconfig/{Id}",
+ }
+
+ if input == nil {
+ input = &DeleteQueryLoggingConfigInput{}
+ }
+
+ output = &DeleteQueryLoggingConfigOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteQueryLoggingConfig API operation for Amazon Route 53.
+//
+// Deletes a configuration for DNS query logging. If you delete a configuration,
+// Amazon Route 53 stops sending query logs to CloudWatch Logs. Route 53 doesn't
+// delete any logs that are already in CloudWatch Logs.
+//
+// For more information about DNS query logs, see CreateQueryLoggingConfig (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateQueryLoggingConfig.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Route 53's
+// API operation DeleteQueryLoggingConfig for usage and error information.
+//
+// Returned Error Codes:
+// * ErrCodeConcurrentModification "ConcurrentModification"
+// Another user submitted a request to create, update, or delete the object
+// at the same time that you did. Retry the request.
+//
+// * ErrCodeNoSuchQueryLoggingConfig "NoSuchQueryLoggingConfig"
+// There is no DNS query logging configuration with the specified ID.
+//
+// * ErrCodeInvalidInput "InvalidInput"
+// The input is not valid.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeleteQueryLoggingConfig
+func (c *Route53) DeleteQueryLoggingConfig(input *DeleteQueryLoggingConfigInput) (*DeleteQueryLoggingConfigOutput, error) {
+ req, out := c.DeleteQueryLoggingConfigRequest(input)
+ return out, req.Send()
+}
+
+// DeleteQueryLoggingConfigWithContext is the same as DeleteQueryLoggingConfig with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteQueryLoggingConfig for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Route53) DeleteQueryLoggingConfigWithContext(ctx aws.Context, input *DeleteQueryLoggingConfigInput, opts ...request.Option) (*DeleteQueryLoggingConfigOutput, error) {
+ req, out := c.DeleteQueryLoggingConfigRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteReusableDelegationSet = "DeleteReusableDelegationSet"
+
+// DeleteReusableDelegationSetRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteReusableDelegationSet operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteReusableDelegationSet for more information on using the DeleteReusableDelegationSet
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+// // Example sending a request using the DeleteReusableDelegationSetRequest method.
// req, resp := client.DeleteReusableDelegationSetRequest(params)
//
// err := req.Send()
@@ -1984,6 +2409,19 @@ func (c *Route53) DeleteTrafficPolicyRequest(input *DeleteTrafficPolicyInput) (r
//
// Deletes a traffic policy.
//
+// When you delete a traffic policy, Route 53 sets a flag on the policy to indicate
+// that it has been deleted. However, Route 53 never fully deletes the traffic
+// policy. Note the following:
+//
+// * Deleted traffic policies aren't listed if you run ListTrafficPolicies
+// (https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListTrafficPolicies.html).
+//
+// * There's no way to get a list of deleted policies.
+//
+// * If you retain the ID of the policy, you can get information about the
+// policy, including the traffic policy document, by running GetTrafficPolicy
+// (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GetTrafficPolicy.html).
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -2225,6 +2663,107 @@ func (c *Route53) DeleteVPCAssociationAuthorizationWithContext(ctx aws.Context,
return out, req.Send()
}
+const opDisableHostedZoneDNSSEC = "DisableHostedZoneDNSSEC"
+
+// DisableHostedZoneDNSSECRequest generates a "aws/request.Request" representing the
+// client's request for the DisableHostedZoneDNSSEC operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DisableHostedZoneDNSSEC for more information on using the DisableHostedZoneDNSSEC
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+// // Example sending a request using the DisableHostedZoneDNSSECRequest method.
+// req, resp := client.DisableHostedZoneDNSSECRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DisableHostedZoneDNSSEC
+func (c *Route53) DisableHostedZoneDNSSECRequest(input *DisableHostedZoneDNSSECInput) (req *request.Request, output *DisableHostedZoneDNSSECOutput) {
+ op := &request.Operation{
+ Name: opDisableHostedZoneDNSSEC,
+ HTTPMethod: "POST",
+ HTTPPath: "/2013-04-01/hostedzone/{Id}/disable-dnssec",
+ }
+
+ if input == nil {
+ input = &DisableHostedZoneDNSSECInput{}
+ }
+
+ output = &DisableHostedZoneDNSSECOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DisableHostedZoneDNSSEC API operation for Amazon Route 53.
+//
+// Disables DNSSEC signing in a specific hosted zone. This action does not deactivate
+// any key signing keys (KSKs) that are active in the hosted zone.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Route 53's
+// API operation DisableHostedZoneDNSSEC for usage and error information.
+//
+// Returned Error Codes:
+// * ErrCodeNoSuchHostedZone "NoSuchHostedZone"
+// No hosted zone exists with the ID that you specified.
+//
+// * ErrCodeInvalidArgument "InvalidArgument"
+// Parameter name is not valid.
+//
+// * ErrCodeConcurrentModification "ConcurrentModification"
+// Another user submitted a request to create, update, or delete the object
+// at the same time that you did. Retry the request.
+//
+// * ErrCodeKeySigningKeyInParentDSRecord "KeySigningKeyInParentDSRecord"
+// The key signing key (KSK) is specified in a parent DS record.
+//
+// * ErrCodeDNSSECNotFound "DNSSECNotFound"
+// The hosted zone doesn't have any DNSSEC resources.
+//
+// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
+// The key signing key (KSK) status isn't valid or another KSK has the status
+// INTERNAL_FAILURE.
+//
+// * ErrCodeInvalidKMSArn "InvalidKMSArn"
+// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC
+// signing.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DisableHostedZoneDNSSEC
+func (c *Route53) DisableHostedZoneDNSSEC(input *DisableHostedZoneDNSSECInput) (*DisableHostedZoneDNSSECOutput, error) {
+ req, out := c.DisableHostedZoneDNSSECRequest(input)
+ return out, req.Send()
+}
+
+// DisableHostedZoneDNSSECWithContext is the same as DisableHostedZoneDNSSEC with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DisableHostedZoneDNSSEC for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Route53) DisableHostedZoneDNSSECWithContext(ctx aws.Context, input *DisableHostedZoneDNSSECInput, opts ...request.Option) (*DisableHostedZoneDNSSECOutput, error) {
+ req, out := c.DisableHostedZoneDNSSECRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opDisassociateVPCFromHostedZone = "DisassociateVPCFromHostedZone"
// DisassociateVPCFromHostedZoneRequest generates a "aws/request.Request" representing the
@@ -2269,16 +2808,25 @@ func (c *Route53) DisassociateVPCFromHostedZoneRequest(input *DisassociateVPCFro
// DisassociateVPCFromHostedZone API operation for Amazon Route 53.
//
-// Disassociates a VPC from a Amazon Route 53 private hosted zone. Note the
-// following:
+// Disassociates an Amazon Virtual Private Cloud (Amazon VPC) from an Amazon
+// Route 53 private hosted zone. Note the following:
//
-// * You can't disassociate the last VPC from a private hosted zone.
+// * You can't disassociate the last Amazon VPC from a private hosted zone.
//
// * You can't convert a private hosted zone into a public hosted zone.
//
// * You can submit a DisassociateVPCFromHostedZone request using either
// the account that created the hosted zone or the account that created the
-// VPC.
+// Amazon VPC.
+//
+// * Some services, such as AWS Cloud Map and Amazon Elastic File System
+// (Amazon EFS) automatically create hosted zones and associate VPCs with
+// the hosted zones. A service can create a hosted zone using your account
+// or using its own account. You can disassociate a VPC from a hosted zone
+// only if the service created the hosted zone using your account. When you
+// run DisassociateVPCFromHostedZone (https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListHostedZonesByVPC.html),
+// if the hosted zone has a value for OwningAccount, you can use DisassociateVPCFromHostedZone.
+// If the hosted zone has a value for OwningService, you can't use DisassociateVPCFromHostedZone.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2328,6 +2876,110 @@ func (c *Route53) DisassociateVPCFromHostedZoneWithContext(ctx aws.Context, inpu
return out, req.Send()
}
+const opEnableHostedZoneDNSSEC = "EnableHostedZoneDNSSEC"
+
+// EnableHostedZoneDNSSECRequest generates a "aws/request.Request" representing the
+// client's request for the EnableHostedZoneDNSSEC operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See EnableHostedZoneDNSSEC for more information on using the EnableHostedZoneDNSSEC
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+// // Example sending a request using the EnableHostedZoneDNSSECRequest method.
+// req, resp := client.EnableHostedZoneDNSSECRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/EnableHostedZoneDNSSEC
+func (c *Route53) EnableHostedZoneDNSSECRequest(input *EnableHostedZoneDNSSECInput) (req *request.Request, output *EnableHostedZoneDNSSECOutput) {
+ op := &request.Operation{
+ Name: opEnableHostedZoneDNSSEC,
+ HTTPMethod: "POST",
+ HTTPPath: "/2013-04-01/hostedzone/{Id}/enable-dnssec",
+ }
+
+ if input == nil {
+ input = &EnableHostedZoneDNSSECInput{}
+ }
+
+ output = &EnableHostedZoneDNSSECOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// EnableHostedZoneDNSSEC API operation for Amazon Route 53.
+//
+// Enables DNSSEC signing in a specific hosted zone.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Route 53's
+// API operation EnableHostedZoneDNSSEC for usage and error information.
+//
+// Returned Error Codes:
+// * ErrCodeNoSuchHostedZone "NoSuchHostedZone"
+// No hosted zone exists with the ID that you specified.
+//
+// * ErrCodeInvalidArgument "InvalidArgument"
+// Parameter name is not valid.
+//
+// * ErrCodeConcurrentModification "ConcurrentModification"
+// Another user submitted a request to create, update, or delete the object
+// at the same time that you did. Retry the request.
+//
+// * ErrCodeKeySigningKeyWithActiveStatusNotFound "KeySigningKeyWithActiveStatusNotFound"
+// A key signing key (KSK) with ACTIVE status wasn't found.
+//
+// * ErrCodeInvalidKMSArn "InvalidKMSArn"
+// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC
+// signing.
+//
+// * ErrCodeHostedZonePartiallyDelegated "HostedZonePartiallyDelegated"
+// The hosted zone nameservers don't match the parent nameservers. The hosted
+// zone and parent must have the same nameservers.
+//
+// * ErrCodeDNSSECNotFound "DNSSECNotFound"
+// The hosted zone doesn't have any DNSSEC resources.
+//
+// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
+// The key signing key (KSK) status isn't valid or another KSK has the status
+// INTERNAL_FAILURE.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/EnableHostedZoneDNSSEC
+func (c *Route53) EnableHostedZoneDNSSEC(input *EnableHostedZoneDNSSECInput) (*EnableHostedZoneDNSSECOutput, error) {
+ req, out := c.EnableHostedZoneDNSSECRequest(input)
+ return out, req.Send()
+}
+
+// EnableHostedZoneDNSSECWithContext is the same as EnableHostedZoneDNSSEC with the addition of
+// the ability to pass a context and additional request options.
+//
+// See EnableHostedZoneDNSSEC for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Route53) EnableHostedZoneDNSSECWithContext(ctx aws.Context, input *EnableHostedZoneDNSSECInput, opts ...request.Option) (*EnableHostedZoneDNSSECOutput, error) {
+ req, out := c.EnableHostedZoneDNSSECRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opGetAccountLimit = "GetAccountLimit"
// GetAccountLimitRequest generates a "aws/request.Request" representing the
@@ -2554,7 +3206,7 @@ func (c *Route53) GetCheckerIpRangesRequest(input *GetCheckerIpRangesInput) (req
//
// GetCheckerIpRanges still works, but we recommend that you download ip-ranges.json,
// which includes IP address ranges for all AWS services. For more information,
-// see IP Address Ranges of Amazon Route 53 Servers (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-ip-addresses.html)
+// see IP Address Ranges of Amazon Route 53 Servers (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-ip-addresses.html)
// in the Amazon Route 53 Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -2585,6 +3237,89 @@ func (c *Route53) GetCheckerIpRangesWithContext(ctx aws.Context, input *GetCheck
return out, req.Send()
}
+const opGetDNSSEC = "GetDNSSEC"
+
+// GetDNSSECRequest generates a "aws/request.Request" representing the
+// client's request for the GetDNSSEC operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetDNSSEC for more information on using the GetDNSSEC
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+// // Example sending a request using the GetDNSSECRequest method.
+// req, resp := client.GetDNSSECRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/GetDNSSEC
+func (c *Route53) GetDNSSECRequest(input *GetDNSSECInput) (req *request.Request, output *GetDNSSECOutput) {
+ op := &request.Operation{
+ Name: opGetDNSSEC,
+ HTTPMethod: "GET",
+ HTTPPath: "/2013-04-01/hostedzone/{Id}/dnssec",
+ }
+
+ if input == nil {
+ input = &GetDNSSECInput{}
+ }
+
+ output = &GetDNSSECOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetDNSSEC API operation for Amazon Route 53.
+//
+// Returns information about DNSSEC for a specific hosted zone, including the
+// key signing keys (KSKs) and zone signing keys (ZSKs) in the hosted zone.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Route 53's
+// API operation GetDNSSEC for usage and error information.
+//
+// Returned Error Codes:
+// * ErrCodeNoSuchHostedZone "NoSuchHostedZone"
+// No hosted zone exists with the ID that you specified.
+//
+// * ErrCodeInvalidArgument "InvalidArgument"
+// Parameter name is not valid.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/GetDNSSEC
+func (c *Route53) GetDNSSEC(input *GetDNSSECInput) (*GetDNSSECOutput, error) {
+ req, out := c.GetDNSSECRequest(input)
+ return out, req.Send()
+}
+
+// GetDNSSECWithContext is the same as GetDNSSEC with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetDNSSEC for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Route53) GetDNSSECWithContext(ctx aws.Context, input *GetDNSSECInput, opts ...request.Option) (*GetDNSSECOutput, error) {
+ req, out := c.GetDNSSECRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opGetGeoLocation = "GetGeoLocation"
// GetGeoLocationRequest generates a "aws/request.Request" representing the
@@ -2657,7 +3392,9 @@ func (c *Route53) GetGeoLocationRequest(input *GetGeoLocationInput) (req *reques
//
// Returned Error Codes:
// * ErrCodeNoSuchGeoLocation "NoSuchGeoLocation"
-// Amazon Route 53 doesn't support the specified geographic location.
+// Amazon Route 53 doesn't support the specified geographic location. For a
+// list of supported geolocation codes, see the GeoLocation (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GeoLocation.html)
+// data type.
//
// * ErrCodeInvalidInput "InvalidInput"
// The input is not valid.
@@ -3566,6 +4303,9 @@ func (c *Route53) GetTrafficPolicyRequest(input *GetTrafficPolicyInput) (req *re
//
// Gets information about a specific traffic policy version.
//
+// For information about how of deleting a traffic policy affects the response
+// from GetTrafficPolicy, see DeleteTrafficPolicy (https://docs.aws.amazon.com/Route53/latest/APIReference/API_DeleteTrafficPolicy.html).
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -3817,6 +4557,9 @@ func (c *Route53) ListGeoLocationsRequest(input *ListGeoLocationsInput) (req *re
// the subdivisions for that country are listed in alphabetical order immediately
// after the corresponding country.
//
+// For a list of supported geolocation codes, see the GeoLocation (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GeoLocation.html)
+// data type.
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -3983,10 +4726,12 @@ func (c *Route53) ListHealthChecksPagesWithContext(ctx aws.Context, input *ListH
},
}
- cont := true
- for p.Next() && cont {
- cont = fn(p.Page().(*ListHealthChecksOutput), !p.HasNextPage())
+ for p.Next() {
+ if !fn(p.Page().(*ListHealthChecksOutput), !p.HasNextPage()) {
+ break
+ }
}
+
return p.Err()
}
@@ -4130,10 +4875,12 @@ func (c *Route53) ListHostedZonesPagesWithContext(ctx aws.Context, input *ListHo
},
}
- cont := true
- for p.Next() && cont {
- cont = fn(p.Page().(*ListHostedZonesOutput), !p.HasNextPage())
+ for p.Next() {
+ if !fn(p.Page().(*ListHostedZonesOutput), !p.HasNextPage()) {
+ break
+ }
}
+
return p.Err()
}
@@ -4202,7 +4949,7 @@ func (c *Route53) ListHostedZonesByNameRequest(input *ListHostedZonesByNameInput
//
// The labels are reversed and alphabetized using the escaped value. For more
// information about valid domain name formats, including internationalized
-// domain names, see DNS Domain Name Format (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html)
+// domain names, see DNS Domain Name Format (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html)
// in the Amazon Route 53 Developer Guide.
//
// Route 53 returns up to 100 items in each response. If you have a lot of hosted
@@ -4267,6 +5014,99 @@ func (c *Route53) ListHostedZonesByNameWithContext(ctx aws.Context, input *ListH
return out, req.Send()
}
+const opListHostedZonesByVPC = "ListHostedZonesByVPC"
+
+// ListHostedZonesByVPCRequest generates a "aws/request.Request" representing the
+// client's request for the ListHostedZonesByVPC operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListHostedZonesByVPC for more information on using the ListHostedZonesByVPC
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+// // Example sending a request using the ListHostedZonesByVPCRequest method.
+// req, resp := client.ListHostedZonesByVPCRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/ListHostedZonesByVPC
+func (c *Route53) ListHostedZonesByVPCRequest(input *ListHostedZonesByVPCInput) (req *request.Request, output *ListHostedZonesByVPCOutput) {
+ op := &request.Operation{
+ Name: opListHostedZonesByVPC,
+ HTTPMethod: "GET",
+ HTTPPath: "/2013-04-01/hostedzonesbyvpc",
+ }
+
+ if input == nil {
+ input = &ListHostedZonesByVPCInput{}
+ }
+
+ output = &ListHostedZonesByVPCOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListHostedZonesByVPC API operation for Amazon Route 53.
+//
+// Lists all the private hosted zones that a specified VPC is associated with,
+// regardless of which AWS account or AWS service owns the hosted zones. The
+// HostedZoneOwner structure in the response contains one of the following values:
+//
+// * An OwningAccount element, which contains the account number of either
+// the current AWS account or another AWS account. Some services, such as
+// AWS Cloud Map, create hosted zones using the current account.
+//
+// * An OwningService element, which identifies the AWS service that created
+// and owns the hosted zone. For example, if a hosted zone was created by
+// Amazon Elastic File System (Amazon EFS), the value of Owner is efs.amazonaws.com.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Route 53's
+// API operation ListHostedZonesByVPC for usage and error information.
+//
+// Returned Error Codes:
+// * ErrCodeInvalidInput "InvalidInput"
+// The input is not valid.
+//
+// * ErrCodeInvalidPaginationToken "InvalidPaginationToken"
+// The value that you specified to get the second or subsequent page of results
+// is invalid.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/ListHostedZonesByVPC
+func (c *Route53) ListHostedZonesByVPC(input *ListHostedZonesByVPCInput) (*ListHostedZonesByVPCOutput, error) {
+ req, out := c.ListHostedZonesByVPCRequest(input)
+ return out, req.Send()
+}
+
+// ListHostedZonesByVPCWithContext is the same as ListHostedZonesByVPC with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListHostedZonesByVPC for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Route53) ListHostedZonesByVPCWithContext(ctx aws.Context, input *ListHostedZonesByVPCInput, opts ...request.Option) (*ListHostedZonesByVPCOutput, error) {
+ req, out := c.ListHostedZonesByVPCRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opListQueryLoggingConfigs = "ListQueryLoggingConfigs"
// ListQueryLoggingConfigsRequest generates a "aws/request.Request" representing the
@@ -4298,6 +5138,12 @@ func (c *Route53) ListQueryLoggingConfigsRequest(input *ListQueryLoggingConfigsI
Name: opListQueryLoggingConfigs,
HTTPMethod: "GET",
HTTPPath: "/2013-04-01/queryloggingconfig",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"NextToken"},
+ OutputTokens: []string{"NextToken"},
+ LimitToken: "MaxResults",
+ TruncationToken: "",
+ },
}
if input == nil {
@@ -4360,6 +5206,58 @@ func (c *Route53) ListQueryLoggingConfigsWithContext(ctx aws.Context, input *Lis
return out, req.Send()
}
+// ListQueryLoggingConfigsPages iterates over the pages of a ListQueryLoggingConfigs operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListQueryLoggingConfigs method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListQueryLoggingConfigs operation.
+// pageNum := 0
+// err := client.ListQueryLoggingConfigsPages(params,
+// func(page *route53.ListQueryLoggingConfigsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+//
+func (c *Route53) ListQueryLoggingConfigsPages(input *ListQueryLoggingConfigsInput, fn func(*ListQueryLoggingConfigsOutput, bool) bool) error {
+ return c.ListQueryLoggingConfigsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListQueryLoggingConfigsPagesWithContext same as ListQueryLoggingConfigsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Route53) ListQueryLoggingConfigsPagesWithContext(ctx aws.Context, input *ListQueryLoggingConfigsInput, fn func(*ListQueryLoggingConfigsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListQueryLoggingConfigsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListQueryLoggingConfigsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListQueryLoggingConfigsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
const opListResourceRecordSets = "ListResourceRecordSets"
// ListResourceRecordSetsRequest generates a "aws/request.Request" representing the
@@ -4555,10 +5453,12 @@ func (c *Route53) ListResourceRecordSetsPagesWithContext(ctx aws.Context, input
},
}
- cont := true
- for p.Next() && cont {
- cont = fn(p.Page().(*ListResourceRecordSetsOutput), !p.HasNextPage())
+ for p.Next() {
+ if !fn(p.Page().(*ListResourceRecordSetsOutput), !p.HasNextPage()) {
+ break
+ }
}
+
return p.Err()
}
@@ -4888,6 +5788,9 @@ func (c *Route53) ListTrafficPoliciesRequest(input *ListTrafficPoliciesInput) (r
// associated with the current AWS account. Policies are listed in the order
// that they were created in.
//
+// For information about how of deleting a traffic policy affects the response
+// from ListTrafficPolicies, see DeleteTrafficPolicy (https://docs.aws.amazon.com/Route53/latest/APIReference/API_DeleteTrafficPolicy.html).
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -5509,7 +6412,7 @@ func (c *Route53) UpdateHealthCheckRequest(input *UpdateHealthCheckInput) (req *
// Updates an existing health check. Note that some values can't be updated.
//
// For more information about updating health checks, see Creating, Updating,
-// and Deleting Health Checks (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/health-checks-creating-deleting.html)
+// and Deleting Health Checks (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/health-checks-creating-deleting.html)
// in the Amazon Route 53 Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -5890,6 +6793,90 @@ func (s *AccountLimit) SetValue(v int64) *AccountLimit {
return s
}
+type ActivateKeySigningKeyInput struct {
+ _ struct{} `locationName:"ActivateKeySigningKeyRequest" type:"structure"`
+
+ // A unique string used to identify a hosted zone.
+ //
+ // HostedZoneId is a required field
+ HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"`
+
+ // An alphanumeric string used to identify a key signing key (KSK).
+ //
+ // Name is a required field
+ Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s ActivateKeySigningKeyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ActivateKeySigningKeyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ActivateKeySigningKeyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ActivateKeySigningKeyInput"}
+ if s.HostedZoneId == nil {
+ invalidParams.Add(request.NewErrParamRequired("HostedZoneId"))
+ }
+ if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetHostedZoneId sets the HostedZoneId field's value.
+func (s *ActivateKeySigningKeyInput) SetHostedZoneId(v string) *ActivateKeySigningKeyInput {
+ s.HostedZoneId = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *ActivateKeySigningKeyInput) SetName(v string) *ActivateKeySigningKeyInput {
+ s.Name = &v
+ return s
+}
+
+type ActivateKeySigningKeyOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A complex type that describes change information about changes made to your
+ // hosted zone.
+ //
+ // ChangeInfo is a required field
+ ChangeInfo *ChangeInfo `type:"structure" required:"true"`
+}
+
+// String returns the string representation
+func (s ActivateKeySigningKeyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ActivateKeySigningKeyOutput) GoString() string {
+ return s.String()
+}
+
+// SetChangeInfo sets the ChangeInfo field's value.
+func (s *ActivateKeySigningKeyOutput) SetChangeInfo(v *ChangeInfo) *ActivateKeySigningKeyOutput {
+ s.ChangeInfo = v
+ return s
+}
+
// A complex type that identifies the CloudWatch alarm that you want Amazon
// Route 53 health checkers to use to determine whether the specified health
// check is healthy.
@@ -5902,7 +6889,7 @@ type AlarmIdentifier struct {
// Route 53 supports CloudWatch alarms with the following features:
//
// * Standard-resolution metrics. High-resolution metrics aren't supported.
- // For more information, see High-Resolution Metrics (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/publishingMetrics.html#high-resolution-metrics)
+ // For more information, see High-Resolution Metrics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/publishingMetrics.html#high-resolution-metrics)
// in the Amazon CloudWatch User Guide.
//
// * Statistics: Average, Minimum, Maximum, Sum, and SampleCount. Extended
@@ -5915,9 +6902,8 @@ type AlarmIdentifier struct {
// determine whether this health check is healthy, the region that the alarm
// was created in.
//
- // For the current list of CloudWatch regions, see Amazon CloudWatch (http://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region)
- // in the AWS Regions and Endpoints chapter of the Amazon Web Services General
- // Reference.
+ // For the current list of CloudWatch regions, see Amazon CloudWatch (https://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region)
+ // in the AWS Service Endpoints chapter of the Amazon Web Services General Reference.
//
// Region is a required field
Region *string `min:"1" type:"string" required:"true" enum:"CloudWatchRegion"`
@@ -5977,7 +6963,7 @@ func (s *AlarmIdentifier) SetRegion(v string) *AlarmIdentifier {
// record sets in a private hosted zone is unsupported.
//
// * For information about creating failover resource record sets in a private
-// hosted zone, see Configuring Failover in a Private Hosted Zone (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html).
+// hosted zone, see Configuring Failover in a Private Hosted Zone (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html).
type AliasTarget struct {
_ struct{} `type:"structure"`
@@ -6012,7 +6998,7 @@ type AliasTarget struct {
// the name of the resource record set. For example, if the name of the resource
// record set is acme.example.com, your CloudFront distribution must include
// acme.example.com as one of the alternate domain names. For more information,
- // see Using Alternate Domain Names (CNAMEs) (http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html)
+ // see Using Alternate Domain Names (CNAMEs) (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html)
// in the Amazon CloudFront Developer Guide.
//
// You can't create a resource record set in a private hosted zone to route
@@ -6045,17 +7031,17 @@ type AliasTarget struct {
//
// * AWS Management Console: For information about how to get the value by
// using the console, see Using Custom Domains with AWS Elastic Beanstalk
- // (http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html)
+ // (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html)
// in the AWS Elastic Beanstalk Developer Guide.
//
// * Elastic Beanstalk API: Use the DescribeEnvironments action to get the
// value of the CNAME attribute. For more information, see DescribeEnvironments
- // (http://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html)
+ // (https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html)
// in the AWS Elastic Beanstalk API Reference.
//
// * AWS CLI: Use the describe-environments command to get the value of the
- // CNAME attribute. For more information, see describe-environments (http://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html)
- // in the AWS Command Line Interface Reference.
+ // CNAME attribute. For more information, see describe-environments (https://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html)
+ // in the AWS CLI Command Reference.
//
// ELB load balancer
//
@@ -6071,22 +7057,31 @@ type AliasTarget struct {
//
// * Elastic Load Balancing API: Use DescribeLoadBalancers to get the value
// of DNSName. For more information, see the applicable guide: Classic Load
- // Balancers: DescribeLoadBalancers (http://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html)
- // Application and Network Load Balancers: DescribeLoadBalancers (http://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html)
+ // Balancers: DescribeLoadBalancers (https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html)
+ // Application and Network Load Balancers: DescribeLoadBalancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html)
//
// * AWS CLI: Use describe-load-balancers to get the value of DNSName. For
// more information, see the applicable guide: Classic Load Balancers: describe-load-balancers
// (http://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html)
// Application and Network Load Balancers: describe-load-balancers (http://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html)
//
+ // AWS Global Accelerator accelerator
+ //
+ // Specify the DNS name for your accelerator:
+ //
+ // * Global Accelerator API: To get the DNS name, use DescribeAccelerator
+ // (https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeAccelerator.html).
+ //
+ // * AWS CLI: To get the DNS name, use describe-accelerator (https://docs.aws.amazon.com/cli/latest/reference/globalaccelerator/describe-accelerator.html).
+ //
// Amazon S3 bucket that is configured as a static website
//
// Specify the domain name of the Amazon S3 website endpoint that you created
// the bucket in, for example, s3-website.us-east-2.amazonaws.com. For more
- // information about valid values, see the table Amazon Simple Storage Service
- // (S3) Website Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+ // information about valid values, see the table Amazon S3 Website Endpoints
+ // (https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints)
// in the Amazon Web Services General Reference. For more information about
- // using S3 buckets for websites, see Getting Started with Amazon Route 53 (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html)
+ // using S3 buckets for websites, see Getting Started with Amazon Route 53 (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html)
// in the Amazon Route 53 Developer Guide.
//
// Another Route 53 resource record set
@@ -6167,11 +7162,11 @@ type AliasTarget struct {
// records (for example, a group of weighted records) but is not another alias
// record, we recommend that you associate a health check with all of the records
// in the alias target. For more information, see What Happens When You Omit
- // Health Checks? (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting)
+ // Health Checks? (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting)
// in the Amazon Route 53 Developer Guide.
//
// For more information and examples, see Amazon Route 53 Health Checks and
- // DNS Failover (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)
+ // DNS Failover (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)
// in the Amazon Route 53 Developer Guide.
//
// EvaluateTargetHealth is a required field
@@ -6204,8 +7199,8 @@ type AliasTarget struct {
//
// Specify the hosted zone ID for the region that you created the environment
// in. The environment must have a regionalized subdomain. For a list of regions
- // and the corresponding hosted zone IDs, see AWS Elastic Beanstalk (http://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region)
- // in the "AWS Regions and Endpoints" chapter of the Amazon Web Services General
+ // and the corresponding hosted zone IDs, see AWS Elastic Beanstalk (https://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region)
+ // in the "AWS Service Endpoints" chapter of the Amazon Web Services General
// Reference.
//
// ELB load balancer
@@ -6213,11 +7208,12 @@ type AliasTarget struct {
// Specify the value of the hosted zone ID for the load balancer. Use the following
// methods to get the hosted zone ID:
//
- // * Elastic Load Balancing (https://docs.aws.amazon.com/general/latest/gr/rande.html#elb_region)
- // table in the "AWS Regions and Endpoints" chapter of the Amazon Web Services
- // General Reference: Use the value that corresponds with the region that
- // you created your load balancer in. Note that there are separate columns
- // for Application and Classic Load Balancers and for Network Load Balancers.
+ // * Service Endpoints (https://docs.aws.amazon.com/general/latest/gr/elb.html)
+ // table in the "Elastic Load Balancing Endpoints and Quotas" topic in the
+ // Amazon Web Services General Reference: Use the value that corresponds
+ // with the region that you created your load balancer in. Note that there
+ // are separate columns for Application and Classic Load Balancers and for
+ // Network Load Balancers.
//
// * AWS Management Console: Go to the Amazon EC2 page, choose Load Balancers
// in the navigation pane, select the load balancer, and get the value of
@@ -6225,9 +7221,9 @@ type AliasTarget struct {
//
// * Elastic Load Balancing API: Use DescribeLoadBalancers to get the applicable
// value. For more information, see the applicable guide: Classic Load Balancers:
- // Use DescribeLoadBalancers (http://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html)
+ // Use DescribeLoadBalancers (https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html)
// to get the value of CanonicalHostedZoneNameId. Application and Network
- // Load Balancers: Use DescribeLoadBalancers (http://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html)
+ // Load Balancers: Use DescribeLoadBalancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html)
// to get the value of CanonicalHostedZoneId.
//
// * AWS CLI: Use describe-load-balancers to get the applicable value. For
@@ -6237,13 +7233,16 @@ type AliasTarget struct {
// Load Balancers: Use describe-load-balancers (http://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html)
// to get the value of CanonicalHostedZoneId.
//
+ // AWS Global Accelerator accelerator
+ //
+ // Specify Z2BJ6XQ5FK7U4H.
+ //
// An Amazon S3 bucket configured as a static website
//
// Specify the hosted zone ID for the region that you created the bucket in.
- // For more information about valid values, see the Amazon Simple Storage Service
- // Website Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
- // table in the "AWS Regions and Endpoints" chapter of the Amazon Web Services
- // General Reference.
+ // For more information about valid values, see the table Amazon S3 Website
+ // Endpoints (https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints)
+ // in the Amazon Web Services General Reference.
//
// Another Route 53 resource record set in your hosted zone
//
@@ -6816,7 +7815,7 @@ type CloudWatchAlarmConfiguration struct {
// For the metric that the CloudWatch alarm is associated with, a complex type
// that contains information about the dimensions for the metric. For information,
- // see Amazon CloudWatch Namespaces, Dimensions, and Metrics Reference (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html)
+ // see Amazon CloudWatch Namespaces, Dimensions, and Metrics Reference (https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html)
// in the Amazon CloudWatch User Guide.
Dimensions []*Dimension `locationNameList:"Dimension" type:"list"`
@@ -6832,7 +7831,7 @@ type CloudWatchAlarmConfiguration struct {
MetricName *string `min:"1" type:"string" required:"true"`
// The namespace of the metric that the alarm is associated with. For more information,
- // see Amazon CloudWatch Namespaces, Dimensions, and Metrics Reference (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html)
+ // see Amazon CloudWatch Namespaces, Dimensions, and Metrics Reference (https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html)
// in the Amazon CloudWatch User Guide.
//
// Namespace is a required field
@@ -7046,71 +8045,281 @@ type CreateHostedZoneInput struct {
// CallerReference is a required field
CallerReference *string `min:"1" type:"string" required:"true"`
- // If you want to associate a reusable delegation set with this hosted zone,
- // the ID that Amazon Route 53 assigned to the reusable delegation set when
- // you created it. For more information about reusable delegation sets, see
- // CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html).
- DelegationSetId *string `type:"string"`
+ // If you want to associate a reusable delegation set with this hosted zone,
+ // the ID that Amazon Route 53 assigned to the reusable delegation set when
+ // you created it. For more information about reusable delegation sets, see
+ // CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html).
+ DelegationSetId *string `type:"string"`
+
+ // (Optional) A complex type that contains the following optional values:
+ //
+ // * For public and private hosted zones, an optional comment
+ //
+ // * For private hosted zones, an optional PrivateZone element
+ //
+ // If you don't specify a comment or the PrivateZone element, omit HostedZoneConfig
+ // and the other elements.
+ HostedZoneConfig *HostedZoneConfig `type:"structure"`
+
+ // The name of the domain. Specify a fully qualified domain name, for example,
+ // www.example.com. The trailing dot is optional; Amazon Route 53 assumes that
+ // the domain name is fully qualified. This means that Route 53 treats www.example.com
+ // (without a trailing dot) and www.example.com. (with a trailing dot) as identical.
+ //
+ // If you're creating a public hosted zone, this is the name you have registered
+ // with your DNS registrar. If your domain name is registered with a registrar
+ // other than Route 53, change the name servers for your domain to the set of
+ // NameServers that CreateHostedZone returns in DelegationSet.
+ //
+ // Name is a required field
+ Name *string `type:"string" required:"true"`
+
+ // (Private hosted zones only) A complex type that contains information about
+ // the Amazon VPC that you're associating with this hosted zone.
+ //
+ // You can specify only one Amazon VPC when you create a private hosted zone.
+ // To associate additional Amazon VPCs with the hosted zone, use AssociateVPCWithHostedZone
+ // (https://docs.aws.amazon.com/Route53/latest/APIReference/API_AssociateVPCWithHostedZone.html)
+ // after you create a hosted zone.
+ VPC *VPC `type:"structure"`
+}
+
+// String returns the string representation
+func (s CreateHostedZoneInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateHostedZoneInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateHostedZoneInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateHostedZoneInput"}
+ if s.CallerReference == nil {
+ invalidParams.Add(request.NewErrParamRequired("CallerReference"))
+ }
+ if s.CallerReference != nil && len(*s.CallerReference) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("CallerReference", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.VPC != nil {
+ if err := s.VPC.Validate(); err != nil {
+ invalidParams.AddNested("VPC", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetCallerReference sets the CallerReference field's value.
+func (s *CreateHostedZoneInput) SetCallerReference(v string) *CreateHostedZoneInput {
+ s.CallerReference = &v
+ return s
+}
+
+// SetDelegationSetId sets the DelegationSetId field's value.
+func (s *CreateHostedZoneInput) SetDelegationSetId(v string) *CreateHostedZoneInput {
+ s.DelegationSetId = &v
+ return s
+}
+
+// SetHostedZoneConfig sets the HostedZoneConfig field's value.
+func (s *CreateHostedZoneInput) SetHostedZoneConfig(v *HostedZoneConfig) *CreateHostedZoneInput {
+ s.HostedZoneConfig = v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateHostedZoneInput) SetName(v string) *CreateHostedZoneInput {
+ s.Name = &v
+ return s
+}
+
+// SetVPC sets the VPC field's value.
+func (s *CreateHostedZoneInput) SetVPC(v *VPC) *CreateHostedZoneInput {
+ s.VPC = v
+ return s
+}
+
+// A complex type containing the response information for the hosted zone.
+type CreateHostedZoneOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A complex type that contains information about the CreateHostedZone request.
+ //
+ // ChangeInfo is a required field
+ ChangeInfo *ChangeInfo `type:"structure" required:"true"`
+
+ // A complex type that describes the name servers for this hosted zone.
+ //
+ // DelegationSet is a required field
+ DelegationSet *DelegationSet `type:"structure" required:"true"`
+
+ // A complex type that contains general information about the hosted zone.
+ //
+ // HostedZone is a required field
+ HostedZone *HostedZone `type:"structure" required:"true"`
+
+ // The unique URL representing the new hosted zone.
+ //
+ // Location is a required field
+ Location *string `location:"header" locationName:"Location" type:"string" required:"true"`
+
+ // A complex type that contains information about an Amazon VPC that you associated
+ // with this hosted zone.
+ VPC *VPC `type:"structure"`
+}
+
+// String returns the string representation
+func (s CreateHostedZoneOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateHostedZoneOutput) GoString() string {
+ return s.String()
+}
+
+// SetChangeInfo sets the ChangeInfo field's value.
+func (s *CreateHostedZoneOutput) SetChangeInfo(v *ChangeInfo) *CreateHostedZoneOutput {
+ s.ChangeInfo = v
+ return s
+}
+
+// SetDelegationSet sets the DelegationSet field's value.
+func (s *CreateHostedZoneOutput) SetDelegationSet(v *DelegationSet) *CreateHostedZoneOutput {
+ s.DelegationSet = v
+ return s
+}
+
+// SetHostedZone sets the HostedZone field's value.
+func (s *CreateHostedZoneOutput) SetHostedZone(v *HostedZone) *CreateHostedZoneOutput {
+ s.HostedZone = v
+ return s
+}
+
+// SetLocation sets the Location field's value.
+func (s *CreateHostedZoneOutput) SetLocation(v string) *CreateHostedZoneOutput {
+ s.Location = &v
+ return s
+}
+
+// SetVPC sets the VPC field's value.
+func (s *CreateHostedZoneOutput) SetVPC(v *VPC) *CreateHostedZoneOutput {
+ s.VPC = v
+ return s
+}
+
+type CreateKeySigningKeyInput struct {
+ _ struct{} `locationName:"CreateKeySigningKeyRequest" type:"structure" xmlURI:"https://route53.amazonaws.com/doc/2013-04-01/"`
+
+ // A unique string that identifies the request.
+ //
+ // CallerReference is a required field
+ CallerReference *string `min:"1" type:"string" required:"true"`
+
+ // The unique string (ID) used to identify a hosted zone.
+ //
+ // HostedZoneId is a required field
+ HostedZoneId *string `type:"string" required:"true"`
- // (Optional) A complex type that contains the following optional values:
+ // The Amazon resource name (ARN) for a customer managed key (CMK) in AWS Key
+ // Management Service (KMS). The KeyManagementServiceArn must be unique for
+ // each key signing key (KSK) in a single hosted zone. To see an example of
+ // KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll
+ // down to Example.
//
- // * For public and private hosted zones, an optional comment
+ // You must configure the CMK as follows:
//
- // * For private hosted zones, an optional PrivateZone element
+ // Status
//
- // If you don't specify a comment or the PrivateZone element, omit HostedZoneConfig
- // and the other elements.
- HostedZoneConfig *HostedZoneConfig `type:"structure"`
-
- // The name of the domain. Specify a fully qualified domain name, for example,
- // www.example.com. The trailing dot is optional; Amazon Route 53 assumes that
- // the domain name is fully qualified. This means that Route 53 treats www.example.com
- // (without a trailing dot) and www.example.com. (with a trailing dot) as identical.
+ // Enabled
//
- // If you're creating a public hosted zone, this is the name you have registered
- // with your DNS registrar. If your domain name is registered with a registrar
- // other than Route 53, change the name servers for your domain to the set of
- // NameServers that CreateHostedZone returns in DelegationSet.
+ // Key spec
+ //
+ // ECC_NIST_P256
+ //
+ // Key usage
+ //
+ // Sign and verify
+ //
+ // Key policy
+ //
+ // The key policy must give permission for the following actions:
+ //
+ // * DescribeKey
+ //
+ // * GetPublicKey
+ //
+ // * Sign
+ //
+ // The key policy must also include the Amazon Route 53 service in the principal
+ // for your account. Specify the following:
+ //
+ // * "Service": "api-service.dnssec.route53.aws.internal"
+ //
+ // For more information about working with CMK in KMS, see AWS Key Management
+ // Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html).
+ //
+ // KeyManagementServiceArn is a required field
+ KeyManagementServiceArn *string `type:"string" required:"true"`
+
+ // An alphanumeric string used to identify a key signing key (KSK). Name must
+ // be unique for each key signing key in the same hosted zone.
//
// Name is a required field
- Name *string `type:"string" required:"true"`
+ Name *string `min:"3" type:"string" required:"true"`
- // (Private hosted zones only) A complex type that contains information about
- // the Amazon VPC that you're associating with this hosted zone.
+ // A string specifying the initial status of the key signing key (KSK). You
+ // can set the value to ACTIVE or INACTIVE.
//
- // You can specify only one Amazon VPC when you create a private hosted zone.
- // To associate additional Amazon VPCs with the hosted zone, use AssociateVPCWithHostedZone
- // (https://docs.aws.amazon.com/Route53/latest/APIReference/API_AssociateVPCWithHostedZone.html)
- // after you create a hosted zone.
- VPC *VPC `type:"structure"`
+ // Status is a required field
+ Status *string `min:"5" type:"string" required:"true"`
}
// String returns the string representation
-func (s CreateHostedZoneInput) String() string {
+func (s CreateKeySigningKeyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
-func (s CreateHostedZoneInput) GoString() string {
+func (s CreateKeySigningKeyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *CreateHostedZoneInput) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "CreateHostedZoneInput"}
+func (s *CreateKeySigningKeyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateKeySigningKeyInput"}
if s.CallerReference == nil {
invalidParams.Add(request.NewErrParamRequired("CallerReference"))
}
if s.CallerReference != nil && len(*s.CallerReference) < 1 {
invalidParams.Add(request.NewErrParamMinLen("CallerReference", 1))
}
+ if s.HostedZoneId == nil {
+ invalidParams.Add(request.NewErrParamRequired("HostedZoneId"))
+ }
+ if s.KeyManagementServiceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("KeyManagementServiceArn"))
+ }
if s.Name == nil {
invalidParams.Add(request.NewErrParamRequired("Name"))
}
- if s.VPC != nil {
- if err := s.VPC.Validate(); err != nil {
- invalidParams.AddNested("VPC", err.(request.ErrInvalidParams))
- }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Status == nil {
+ invalidParams.Add(request.NewErrParamRequired("Status"))
+ }
+ if s.Status != nil && len(*s.Status) < 5 {
+ invalidParams.Add(request.NewErrParamMinLen("Status", 5))
}
if invalidParams.Len() > 0 {
@@ -7120,104 +8329,83 @@ func (s *CreateHostedZoneInput) Validate() error {
}
// SetCallerReference sets the CallerReference field's value.
-func (s *CreateHostedZoneInput) SetCallerReference(v string) *CreateHostedZoneInput {
+func (s *CreateKeySigningKeyInput) SetCallerReference(v string) *CreateKeySigningKeyInput {
s.CallerReference = &v
return s
}
-// SetDelegationSetId sets the DelegationSetId field's value.
-func (s *CreateHostedZoneInput) SetDelegationSetId(v string) *CreateHostedZoneInput {
- s.DelegationSetId = &v
+// SetHostedZoneId sets the HostedZoneId field's value.
+func (s *CreateKeySigningKeyInput) SetHostedZoneId(v string) *CreateKeySigningKeyInput {
+ s.HostedZoneId = &v
return s
}
-// SetHostedZoneConfig sets the HostedZoneConfig field's value.
-func (s *CreateHostedZoneInput) SetHostedZoneConfig(v *HostedZoneConfig) *CreateHostedZoneInput {
- s.HostedZoneConfig = v
+// SetKeyManagementServiceArn sets the KeyManagementServiceArn field's value.
+func (s *CreateKeySigningKeyInput) SetKeyManagementServiceArn(v string) *CreateKeySigningKeyInput {
+ s.KeyManagementServiceArn = &v
return s
}
// SetName sets the Name field's value.
-func (s *CreateHostedZoneInput) SetName(v string) *CreateHostedZoneInput {
+func (s *CreateKeySigningKeyInput) SetName(v string) *CreateKeySigningKeyInput {
s.Name = &v
return s
}
-// SetVPC sets the VPC field's value.
-func (s *CreateHostedZoneInput) SetVPC(v *VPC) *CreateHostedZoneInput {
- s.VPC = v
+// SetStatus sets the Status field's value.
+func (s *CreateKeySigningKeyInput) SetStatus(v string) *CreateKeySigningKeyInput {
+ s.Status = &v
return s
}
-// A complex type containing the response information for the hosted zone.
-type CreateHostedZoneOutput struct {
+type CreateKeySigningKeyOutput struct {
_ struct{} `type:"structure"`
- // A complex type that contains information about the CreateHostedZone request.
+ // A complex type that describes change information about changes made to your
+ // hosted zone.
//
// ChangeInfo is a required field
ChangeInfo *ChangeInfo `type:"structure" required:"true"`
- // A complex type that describes the name servers for this hosted zone.
- //
- // DelegationSet is a required field
- DelegationSet *DelegationSet `type:"structure" required:"true"`
-
- // A complex type that contains general information about the hosted zone.
+ // The key signing key (KSK) that the request creates.
//
- // HostedZone is a required field
- HostedZone *HostedZone `type:"structure" required:"true"`
+ // KeySigningKey is a required field
+ KeySigningKey *KeySigningKey `type:"structure" required:"true"`
- // The unique URL representing the new hosted zone.
+ // The unique URL representing the new key signing key (KSK).
//
// Location is a required field
Location *string `location:"header" locationName:"Location" type:"string" required:"true"`
-
- // A complex type that contains information about an Amazon VPC that you associated
- // with this hosted zone.
- VPC *VPC `type:"structure"`
}
// String returns the string representation
-func (s CreateHostedZoneOutput) String() string {
+func (s CreateKeySigningKeyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
-func (s CreateHostedZoneOutput) GoString() string {
+func (s CreateKeySigningKeyOutput) GoString() string {
return s.String()
}
// SetChangeInfo sets the ChangeInfo field's value.
-func (s *CreateHostedZoneOutput) SetChangeInfo(v *ChangeInfo) *CreateHostedZoneOutput {
+func (s *CreateKeySigningKeyOutput) SetChangeInfo(v *ChangeInfo) *CreateKeySigningKeyOutput {
s.ChangeInfo = v
return s
}
-// SetDelegationSet sets the DelegationSet field's value.
-func (s *CreateHostedZoneOutput) SetDelegationSet(v *DelegationSet) *CreateHostedZoneOutput {
- s.DelegationSet = v
- return s
-}
-
-// SetHostedZone sets the HostedZone field's value.
-func (s *CreateHostedZoneOutput) SetHostedZone(v *HostedZone) *CreateHostedZoneOutput {
- s.HostedZone = v
+// SetKeySigningKey sets the KeySigningKey field's value.
+func (s *CreateKeySigningKeyOutput) SetKeySigningKey(v *KeySigningKey) *CreateKeySigningKeyOutput {
+ s.KeySigningKey = v
return s
}
// SetLocation sets the Location field's value.
-func (s *CreateHostedZoneOutput) SetLocation(v string) *CreateHostedZoneOutput {
+func (s *CreateKeySigningKeyOutput) SetLocation(v string) *CreateKeySigningKeyOutput {
s.Location = &v
return s
}
-// SetVPC sets the VPC field's value.
-func (s *CreateHostedZoneOutput) SetVPC(v *VPC) *CreateHostedZoneOutput {
- s.VPC = v
- return s
-}
-
type CreateQueryLoggingConfigInput struct {
_ struct{} `locationName:"CreateQueryLoggingConfigRequest" type:"structure" xmlURI:"https://route53.amazonaws.com/doc/2013-04-01/"`
@@ -7867,6 +9055,132 @@ func (s *CreateVPCAssociationAuthorizationOutput) SetVPC(v *VPC) *CreateVPCAssoc
return s
}
+// A string repesenting the status of DNSSEC signing.
+type DNSSECStatus struct {
+ _ struct{} `type:"structure"`
+
+ // Indicates your hosted zone signging status: SIGNING, NOT_SIGNING, or INTERNAL_FAILURE.
+ // If the status is INTERNAL_FAILURE, see StatusMessage for information about
+ // steps that you can take to correct the problem.
+ //
+ // A status INTERNAL_FAILURE means there was an error during a request. Before
+ // you can continue to work with DNSSEC signing, including working with key
+ // signing keys (KSKs), you must correct the problem by enabling or disabling
+ // DNSSEC signing for the hosted zone.
+ ServeSignature *string `min:"1" type:"string"`
+
+ // The status message provided for the following DNSSEC signing status: INTERNAL_FAILURE.
+ // The status message includes information about what the problem might be and
+ // steps that you can take to correct the issue.
+ StatusMessage *string `type:"string"`
+}
+
+// String returns the string representation
+func (s DNSSECStatus) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DNSSECStatus) GoString() string {
+ return s.String()
+}
+
+// SetServeSignature sets the ServeSignature field's value.
+func (s *DNSSECStatus) SetServeSignature(v string) *DNSSECStatus {
+ s.ServeSignature = &v
+ return s
+}
+
+// SetStatusMessage sets the StatusMessage field's value.
+func (s *DNSSECStatus) SetStatusMessage(v string) *DNSSECStatus {
+ s.StatusMessage = &v
+ return s
+}
+
+type DeactivateKeySigningKeyInput struct {
+ _ struct{} `locationName:"DeactivateKeySigningKeyRequest" type:"structure"`
+
+ // A unique string used to identify a hosted zone.
+ //
+ // HostedZoneId is a required field
+ HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"`
+
+ // An alphanumeric string used to identify a key signing key (KSK).
+ //
+ // Name is a required field
+ Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeactivateKeySigningKeyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeactivateKeySigningKeyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeactivateKeySigningKeyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeactivateKeySigningKeyInput"}
+ if s.HostedZoneId == nil {
+ invalidParams.Add(request.NewErrParamRequired("HostedZoneId"))
+ }
+ if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetHostedZoneId sets the HostedZoneId field's value.
+func (s *DeactivateKeySigningKeyInput) SetHostedZoneId(v string) *DeactivateKeySigningKeyInput {
+ s.HostedZoneId = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *DeactivateKeySigningKeyInput) SetName(v string) *DeactivateKeySigningKeyInput {
+ s.Name = &v
+ return s
+}
+
+type DeactivateKeySigningKeyOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A complex type that describes change information about changes made to your
+ // hosted zone.
+ //
+ // ChangeInfo is a required field
+ ChangeInfo *ChangeInfo `type:"structure" required:"true"`
+}
+
+// String returns the string representation
+func (s DeactivateKeySigningKeyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeactivateKeySigningKeyOutput) GoString() string {
+ return s.String()
+}
+
+// SetChangeInfo sets the ChangeInfo field's value.
+func (s *DeactivateKeySigningKeyOutput) SetChangeInfo(v *ChangeInfo) *DeactivateKeySigningKeyOutput {
+ s.ChangeInfo = v
+ return s
+}
+
// A complex type that lists the name servers in a delegation set, as well as
// the CallerReference and the ID for the delegation set.
type DelegationSet struct {
@@ -7916,7 +9230,7 @@ func (s *DelegationSet) SetNameServers(v []*string) *DelegationSet {
// This action deletes a health check.
type DeleteHealthCheckInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"DeleteHealthCheckRequest" type:"structure"`
// The ID of the health check that you want to delete.
//
@@ -7962,43 +9276,122 @@ type DeleteHealthCheckOutput struct {
}
// String returns the string representation
-func (s DeleteHealthCheckOutput) String() string {
+func (s DeleteHealthCheckOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteHealthCheckOutput) GoString() string {
+ return s.String()
+}
+
+// A request to delete a hosted zone.
+type DeleteHostedZoneInput struct {
+ _ struct{} `locationName:"DeleteHostedZoneRequest" type:"structure"`
+
+ // The ID of the hosted zone you want to delete.
+ //
+ // Id is a required field
+ Id *string `location:"uri" locationName:"Id" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteHostedZoneInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteHostedZoneInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteHostedZoneInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteHostedZoneInput"}
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteHostedZoneInput) SetId(v string) *DeleteHostedZoneInput {
+ s.Id = &v
+ return s
+}
+
+// A complex type that contains the response to a DeleteHostedZone request.
+type DeleteHostedZoneOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A complex type that contains the ID, the status, and the date and time of
+ // a request to delete a hosted zone.
+ //
+ // ChangeInfo is a required field
+ ChangeInfo *ChangeInfo `type:"structure" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteHostedZoneOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
-func (s DeleteHealthCheckOutput) GoString() string {
+func (s DeleteHostedZoneOutput) GoString() string {
return s.String()
}
-// A request to delete a hosted zone.
-type DeleteHostedZoneInput struct {
- _ struct{} `type:"structure"`
+// SetChangeInfo sets the ChangeInfo field's value.
+func (s *DeleteHostedZoneOutput) SetChangeInfo(v *ChangeInfo) *DeleteHostedZoneOutput {
+ s.ChangeInfo = v
+ return s
+}
- // The ID of the hosted zone you want to delete.
+type DeleteKeySigningKeyInput struct {
+ _ struct{} `locationName:"DeleteKeySigningKeyRequest" type:"structure"`
+
+ // A unique string used to identify a hosted zone.
//
- // Id is a required field
- Id *string `location:"uri" locationName:"Id" type:"string" required:"true"`
+ // HostedZoneId is a required field
+ HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"`
+
+ // An alphanumeric string used to identify a key signing key (KSK).
+ //
+ // Name is a required field
+ Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"`
}
// String returns the string representation
-func (s DeleteHostedZoneInput) String() string {
+func (s DeleteKeySigningKeyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
-func (s DeleteHostedZoneInput) GoString() string {
+func (s DeleteKeySigningKeyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteHostedZoneInput) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "DeleteHostedZoneInput"}
- if s.Id == nil {
- invalidParams.Add(request.NewErrParamRequired("Id"))
+func (s *DeleteKeySigningKeyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteKeySigningKeyInput"}
+ if s.HostedZoneId == nil {
+ invalidParams.Add(request.NewErrParamRequired("HostedZoneId"))
}
- if s.Id != nil && len(*s.Id) < 1 {
- invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
}
if invalidParams.Len() > 0 {
@@ -8007,41 +9400,46 @@ func (s *DeleteHostedZoneInput) Validate() error {
return nil
}
-// SetId sets the Id field's value.
-func (s *DeleteHostedZoneInput) SetId(v string) *DeleteHostedZoneInput {
- s.Id = &v
+// SetHostedZoneId sets the HostedZoneId field's value.
+func (s *DeleteKeySigningKeyInput) SetHostedZoneId(v string) *DeleteKeySigningKeyInput {
+ s.HostedZoneId = &v
return s
}
-// A complex type that contains the response to a DeleteHostedZone request.
-type DeleteHostedZoneOutput struct {
+// SetName sets the Name field's value.
+func (s *DeleteKeySigningKeyInput) SetName(v string) *DeleteKeySigningKeyInput {
+ s.Name = &v
+ return s
+}
+
+type DeleteKeySigningKeyOutput struct {
_ struct{} `type:"structure"`
- // A complex type that contains the ID, the status, and the date and time of
- // a request to delete a hosted zone.
+ // A complex type that describes change information about changes made to your
+ // hosted zone.
//
// ChangeInfo is a required field
ChangeInfo *ChangeInfo `type:"structure" required:"true"`
}
// String returns the string representation
-func (s DeleteHostedZoneOutput) String() string {
+func (s DeleteKeySigningKeyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
-func (s DeleteHostedZoneOutput) GoString() string {
+func (s DeleteKeySigningKeyOutput) GoString() string {
return s.String()
}
// SetChangeInfo sets the ChangeInfo field's value.
-func (s *DeleteHostedZoneOutput) SetChangeInfo(v *ChangeInfo) *DeleteHostedZoneOutput {
+func (s *DeleteKeySigningKeyOutput) SetChangeInfo(v *ChangeInfo) *DeleteKeySigningKeyOutput {
s.ChangeInfo = v
return s
}
type DeleteQueryLoggingConfigInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"DeleteQueryLoggingConfigRequest" type:"structure"`
// The ID of the configuration that you want to delete.
//
@@ -8097,7 +9495,7 @@ func (s DeleteQueryLoggingConfigOutput) GoString() string {
// A request to delete a reusable delegation set.
type DeleteReusableDelegationSetInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"DeleteReusableDelegationSetRequest" type:"structure"`
// The ID of the reusable delegation set that you want to delete.
//
@@ -8154,7 +9552,7 @@ func (s DeleteReusableDelegationSetOutput) GoString() string {
// A request to delete a specified traffic policy version.
type DeleteTrafficPolicyInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"DeleteTrafficPolicyRequest" type:"structure"`
// The ID of the traffic policy that you want to delete.
//
@@ -8213,7 +9611,7 @@ func (s *DeleteTrafficPolicyInput) SetVersion(v int64) *DeleteTrafficPolicyInput
// A request to delete a specified traffic policy instance.
type DeleteTrafficPolicyInstanceInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"DeleteTrafficPolicyInstanceRequest" type:"structure"`
// The ID of the traffic policy instance that you want to delete.
//
@@ -8409,6 +9807,73 @@ func (s *Dimension) SetValue(v string) *Dimension {
return s
}
+type DisableHostedZoneDNSSECInput struct {
+ _ struct{} `locationName:"DisableHostedZoneDNSSECRequest" type:"structure"`
+
+ // A unique string used to identify a hosted zone.
+ //
+ // HostedZoneId is a required field
+ HostedZoneId *string `location:"uri" locationName:"Id" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DisableHostedZoneDNSSECInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DisableHostedZoneDNSSECInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DisableHostedZoneDNSSECInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DisableHostedZoneDNSSECInput"}
+ if s.HostedZoneId == nil {
+ invalidParams.Add(request.NewErrParamRequired("HostedZoneId"))
+ }
+ if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetHostedZoneId sets the HostedZoneId field's value.
+func (s *DisableHostedZoneDNSSECInput) SetHostedZoneId(v string) *DisableHostedZoneDNSSECInput {
+ s.HostedZoneId = &v
+ return s
+}
+
+type DisableHostedZoneDNSSECOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A complex type that describes change information about changes made to your
+ // hosted zone.
+ //
+ // ChangeInfo is a required field
+ ChangeInfo *ChangeInfo `type:"structure" required:"true"`
+}
+
+// String returns the string representation
+func (s DisableHostedZoneDNSSECOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DisableHostedZoneDNSSECOutput) GoString() string {
+ return s.String()
+}
+
+// SetChangeInfo sets the ChangeInfo field's value.
+func (s *DisableHostedZoneDNSSECOutput) SetChangeInfo(v *ChangeInfo) *DisableHostedZoneDNSSECOutput {
+ s.ChangeInfo = v
+ return s
+}
+
// A complex type that contains information about the VPC that you want to disassociate
// from a specified private hosted zone.
type DisassociateVPCFromHostedZoneInput struct {
@@ -8509,23 +9974,112 @@ func (s *DisassociateVPCFromHostedZoneOutput) SetChangeInfo(v *ChangeInfo) *Disa
return s
}
+type EnableHostedZoneDNSSECInput struct {
+ _ struct{} `locationName:"EnableHostedZoneDNSSECRequest" type:"structure"`
+
+ // A unique string used to identify a hosted zone.
+ //
+ // HostedZoneId is a required field
+ HostedZoneId *string `location:"uri" locationName:"Id" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s EnableHostedZoneDNSSECInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s EnableHostedZoneDNSSECInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *EnableHostedZoneDNSSECInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "EnableHostedZoneDNSSECInput"}
+ if s.HostedZoneId == nil {
+ invalidParams.Add(request.NewErrParamRequired("HostedZoneId"))
+ }
+ if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetHostedZoneId sets the HostedZoneId field's value.
+func (s *EnableHostedZoneDNSSECInput) SetHostedZoneId(v string) *EnableHostedZoneDNSSECInput {
+ s.HostedZoneId = &v
+ return s
+}
+
+type EnableHostedZoneDNSSECOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A complex type that describes change information about changes made to your
+ // hosted zone.
+ //
+ // ChangeInfo is a required field
+ ChangeInfo *ChangeInfo `type:"structure" required:"true"`
+}
+
+// String returns the string representation
+func (s EnableHostedZoneDNSSECOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s EnableHostedZoneDNSSECOutput) GoString() string {
+ return s.String()
+}
+
+// SetChangeInfo sets the ChangeInfo field's value.
+func (s *EnableHostedZoneDNSSECOutput) SetChangeInfo(v *ChangeInfo) *EnableHostedZoneDNSSECOutput {
+ s.ChangeInfo = v
+ return s
+}
+
// A complex type that contains information about a geographic location.
type GeoLocation struct {
_ struct{} `type:"structure"`
// The two-letter code for the continent.
//
- // Valid values: AF | AN | AS | EU | OC | NA | SA
+ // Amazon Route 53 supports the following continent codes:
+ //
+ // * AF: Africa
+ //
+ // * AN: Antarctica
+ //
+ // * AS: Asia
+ //
+ // * EU: Europe
+ //
+ // * OC: Oceania
+ //
+ // * NA: North America
+ //
+ // * SA: South America
//
// Constraint: Specifying ContinentCode with either CountryCode or SubdivisionCode
// returns an InvalidInput error.
ContinentCode *string `min:"2" type:"string"`
- // The two-letter code for the country.
+ // For geolocation resource record sets, the two-letter code for a country.
+ //
+ // Amazon Route 53 uses the two-letter country codes that are specified in ISO
+ // standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
CountryCode *string `min:"1" type:"string"`
- // The code for the subdivision. Route 53 currently supports only states in
- // the United States.
+ // For geolocation resource record sets, the two-letter code for a state of
+ // the United States. Route 53 doesn't support any other values for SubdivisionCode.
+ // For a list of state abbreviations, see Appendix B: Two–Letter State and
+ // Possession Abbreviations (https://pe.usps.com/text/pub28/28apb.htm) on the
+ // United States Postal Service website.
+ //
+ // If you specify subdivisioncode, you must also specify US for CountryCode.
SubdivisionCode *string `min:"1" type:"string"`
}
@@ -8651,7 +10205,7 @@ func (s *GeoLocationDetails) SetSubdivisionName(v string) *GeoLocationDetails {
// A complex type that contains information about the request to create a hosted
// zone.
type GetAccountLimitInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetAccountLimitRequest" type:"structure"`
// The limit that you want to get. Valid values include the following:
//
@@ -8753,7 +10307,7 @@ func (s *GetAccountLimitOutput) SetLimit(v *AccountLimit) *GetAccountLimitOutput
// The input for a GetChange request.
type GetChangeInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetChangeRequest" type:"structure"`
// The ID of the change batch request. The value that you specify here is the
// value that ChangeResourceRecordSets returned in the Id element when you submitted
@@ -8823,7 +10377,7 @@ func (s *GetChangeOutput) SetChangeInfo(v *ChangeInfo) *GetChangeOutput {
// Empty request.
type GetCheckerIpRangesInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetCheckerIpRangesRequest" type:"structure"`
}
// String returns the string representation
@@ -8831,44 +10385,122 @@ func (s GetCheckerIpRangesInput) String() string {
return awsutil.Prettify(s)
}
-// GoString returns the string representation
-func (s GetCheckerIpRangesInput) GoString() string {
- return s.String()
+// GoString returns the string representation
+func (s GetCheckerIpRangesInput) GoString() string {
+ return s.String()
+}
+
+// A complex type that contains the CheckerIpRanges element.
+type GetCheckerIpRangesOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A complex type that contains sorted list of IP ranges in CIDR format for
+ // Amazon Route 53 health checkers.
+ //
+ // CheckerIpRanges is a required field
+ CheckerIpRanges []*string `type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s GetCheckerIpRangesOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetCheckerIpRangesOutput) GoString() string {
+ return s.String()
+}
+
+// SetCheckerIpRanges sets the CheckerIpRanges field's value.
+func (s *GetCheckerIpRangesOutput) SetCheckerIpRanges(v []*string) *GetCheckerIpRangesOutput {
+ s.CheckerIpRanges = v
+ return s
+}
+
+type GetDNSSECInput struct {
+ _ struct{} `locationName:"GetDNSSECRequest" type:"structure"`
+
+ // A unique string used to identify a hosted zone.
+ //
+ // HostedZoneId is a required field
+ HostedZoneId *string `location:"uri" locationName:"Id" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s GetDNSSECInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetDNSSECInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetDNSSECInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetDNSSECInput"}
+ if s.HostedZoneId == nil {
+ invalidParams.Add(request.NewErrParamRequired("HostedZoneId"))
+ }
+ if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetHostedZoneId sets the HostedZoneId field's value.
+func (s *GetDNSSECInput) SetHostedZoneId(v string) *GetDNSSECInput {
+ s.HostedZoneId = &v
+ return s
}
-// A complex type that contains the CheckerIpRanges element.
-type GetCheckerIpRangesOutput struct {
+type GetDNSSECOutput struct {
_ struct{} `type:"structure"`
- // A complex type that contains sorted list of IP ranges in CIDR format for
- // Amazon Route 53 health checkers.
+ // The key signing keys (KSKs) in your account.
//
- // CheckerIpRanges is a required field
- CheckerIpRanges []*string `type:"list" required:"true"`
+ // KeySigningKeys is a required field
+ KeySigningKeys []*KeySigningKey `type:"list" required:"true"`
+
+ // A string repesenting the status of DNSSEC.
+ //
+ // Status is a required field
+ Status *DNSSECStatus `type:"structure" required:"true"`
}
// String returns the string representation
-func (s GetCheckerIpRangesOutput) String() string {
+func (s GetDNSSECOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
-func (s GetCheckerIpRangesOutput) GoString() string {
+func (s GetDNSSECOutput) GoString() string {
return s.String()
}
-// SetCheckerIpRanges sets the CheckerIpRanges field's value.
-func (s *GetCheckerIpRangesOutput) SetCheckerIpRanges(v []*string) *GetCheckerIpRangesOutput {
- s.CheckerIpRanges = v
+// SetKeySigningKeys sets the KeySigningKeys field's value.
+func (s *GetDNSSECOutput) SetKeySigningKeys(v []*KeySigningKey) *GetDNSSECOutput {
+ s.KeySigningKeys = v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *GetDNSSECOutput) SetStatus(v *DNSSECStatus) *GetDNSSECOutput {
+ s.Status = v
return s
}
// A request for information about whether a specified geographic location is
// supported for Amazon Route 53 geolocation resource record sets.
type GetGeoLocationInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetGeoLocationRequest" type:"structure"`
- // Amazon Route 53 supports the following continent codes:
+ // For geolocation resource record sets, a two-letter abbreviation that identifies
+ // a continent. Amazon Route 53 supports the following continent codes:
//
// * AF: Africa
//
@@ -8889,10 +10521,12 @@ type GetGeoLocationInput struct {
// standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
CountryCode *string `location:"querystring" locationName:"countrycode" min:"1" type:"string"`
- // Amazon Route 53 uses the one- to three-letter subdivision codes that are
- // specified in ISO standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
- // Route 53 doesn't support subdivision codes for all countries. If you specify
- // subdivisioncode, you must also specify countrycode.
+ // For SubdivisionCode, Amazon Route 53 supports only states of the United States.
+ // For a list of state abbreviations, see Appendix B: Two–Letter State and
+ // Possession Abbreviations (https://pe.usps.com/text/pub28/28apb.htm) on the
+ // United States Postal Service website.
+ //
+ // If you specify subdivisioncode, you must also specify US for CountryCode.
SubdivisionCode *string `location:"querystring" locationName:"subdivisioncode" min:"1" type:"string"`
}
@@ -8974,7 +10608,7 @@ func (s *GetGeoLocationOutput) SetGeoLocationDetails(v *GeoLocationDetails) *Get
// A request for the number of health checks that are associated with the current
// AWS account.
type GetHealthCheckCountInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetHealthCheckCountRequest" type:"structure"`
}
// String returns the string representation
@@ -9015,7 +10649,7 @@ func (s *GetHealthCheckCountOutput) SetHealthCheckCount(v int64) *GetHealthCheck
// A request to get information about a specified health check.
type GetHealthCheckInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetHealthCheckRequest" type:"structure"`
// The identifier that Amazon Route 53 assigned to the health check when you
// created it. When you add or update a resource record set, you use this value
@@ -9060,7 +10694,7 @@ func (s *GetHealthCheckInput) SetHealthCheckId(v string) *GetHealthCheckInput {
// A request for the reason that a health check failed most recently.
type GetHealthCheckLastFailureReasonInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetHealthCheckLastFailureReasonRequest" type:"structure"`
// The ID for the health check for which you want the last failure reason. When
// you created the health check, CreateHealthCheck returned the ID in the response,
@@ -9163,7 +10797,7 @@ func (s *GetHealthCheckOutput) SetHealthCheck(v *HealthCheck) *GetHealthCheckOut
// A request to get the status for a health check.
type GetHealthCheckStatusInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetHealthCheckStatusRequest" type:"structure"`
// The ID for the health check that you want the current status for. When you
// created the health check, CreateHealthCheck returned the ID in the response,
@@ -9239,7 +10873,7 @@ func (s *GetHealthCheckStatusOutput) SetHealthCheckObservations(v []*HealthCheck
// A request to retrieve a count of all the hosted zones that are associated
// with the current AWS account.
type GetHostedZoneCountInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetHostedZoneCountRequest" type:"structure"`
}
// String returns the string representation
@@ -9281,7 +10915,7 @@ func (s *GetHostedZoneCountOutput) SetHostedZoneCount(v int64) *GetHostedZoneCou
// A request to get information about a specified hosted zone.
type GetHostedZoneInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetHostedZoneRequest" type:"structure"`
// The ID of the hosted zone that you want to get information about.
//
@@ -9324,7 +10958,7 @@ func (s *GetHostedZoneInput) SetId(v string) *GetHostedZoneInput {
// A complex type that contains information about the request to create a hosted
// zone.
type GetHostedZoneLimitInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetHostedZoneLimitRequest" type:"structure"`
// The ID of the hosted zone that you want to get a limit for.
//
@@ -9478,7 +11112,7 @@ func (s *GetHostedZoneOutput) SetVPCs(v []*VPC) *GetHostedZoneOutput {
}
type GetQueryLoggingConfigInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetQueryLoggingConfigRequest" type:"structure"`
// The ID of the configuration for DNS query logging that you want to get information
// about.
@@ -9548,7 +11182,7 @@ func (s *GetQueryLoggingConfigOutput) SetQueryLoggingConfig(v *QueryLoggingConfi
// A request to get information about a specified reusable delegation set.
type GetReusableDelegationSetInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetReusableDelegationSetRequest" type:"structure"`
// The ID of the reusable delegation set that you want to get a list of name
// servers for.
@@ -9592,7 +11226,7 @@ func (s *GetReusableDelegationSetInput) SetId(v string) *GetReusableDelegationSe
// A complex type that contains information about the request to create a hosted
// zone.
type GetReusableDelegationSetLimitInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetReusableDelegationSetLimitRequest" type:"structure"`
// The ID of the delegation set that you want to get the limit for.
//
@@ -9719,7 +11353,7 @@ func (s *GetReusableDelegationSetOutput) SetDelegationSet(v *DelegationSet) *Get
// Gets information about a specific traffic policy version.
type GetTrafficPolicyInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetTrafficPolicyRequest" type:"structure"`
// The ID of the traffic policy that you want to get information about.
//
@@ -9780,7 +11414,7 @@ func (s *GetTrafficPolicyInput) SetVersion(v int64) *GetTrafficPolicyInput {
// Request to get the number of traffic policy instances that are associated
// with the current AWS account.
type GetTrafficPolicyInstanceCountInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetTrafficPolicyInstanceCountRequest" type:"structure"`
}
// String returns the string representation
@@ -9823,7 +11457,7 @@ func (s *GetTrafficPolicyInstanceCountOutput) SetTrafficPolicyInstanceCount(v in
// Gets information about a specified traffic policy instance.
type GetTrafficPolicyInstanceInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"GetTrafficPolicyInstanceRequest" type:"structure"`
// The ID of the traffic policy instance that you want to get information about.
//
@@ -10062,7 +11696,7 @@ type HealthCheckConfig struct {
// The number of consecutive health checks that an endpoint must pass or fail
// for Amazon Route 53 to change the current status of the endpoint from unhealthy
// to healthy or vice versa. For more information, see How Amazon Route 53 Determines
- // Whether an Endpoint Is Healthy (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html)
+ // Whether an Endpoint Is Healthy (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html)
// in the Amazon Route 53 Developer Guide.
//
// If you don't specify a value for FailureThreshold, the default value is three
@@ -10206,8 +11840,11 @@ type HealthCheckConfig struct {
// You can't change the value of MeasureLatency after you create a health check.
MeasureLatency *bool `type:"boolean"`
- // The port on the endpoint on which you want Amazon Route 53 to perform health
- // checks. Specify a value for Port only when you specify a value for IPAddress.
+ // The port on the endpoint that you want Amazon Route 53 to perform health
+ // checks on.
+ //
+ // Don't specify a value for Port when you specify a value for Type of CLOUDWATCH_METRIC
+ // or CALCULATED.
Port *int64 `min:"1" type:"integer"`
// A complex type that contains one Region element for each region from which
@@ -10239,7 +11876,7 @@ type HealthCheckConfig struct {
// parameters, for example, /welcome.html?language=jp&login=y.
ResourcePath *string `type:"string"`
- // If the value of Type is HTTP_STR_MATCH or HTTP_STR_MATCH, the string that
+ // If the value of Type is HTTP_STR_MATCH or HTTPS_STR_MATCH, the string that
// you want Amazon Route 53 to search for in the response body from the specified
// resource. If the string appears in the response body, Route 53 considers
// the resource healthy.
@@ -10543,106 +12180,434 @@ func (s *HostedZone) SetConfig(v *HostedZoneConfig) *HostedZone {
return s
}
-// SetId sets the Id field's value.
-func (s *HostedZone) SetId(v string) *HostedZone {
- s.Id = &v
+// SetId sets the Id field's value.
+func (s *HostedZone) SetId(v string) *HostedZone {
+ s.Id = &v
+ return s
+}
+
+// SetLinkedService sets the LinkedService field's value.
+func (s *HostedZone) SetLinkedService(v *LinkedService) *HostedZone {
+ s.LinkedService = v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *HostedZone) SetName(v string) *HostedZone {
+ s.Name = &v
+ return s
+}
+
+// SetResourceRecordSetCount sets the ResourceRecordSetCount field's value.
+func (s *HostedZone) SetResourceRecordSetCount(v int64) *HostedZone {
+ s.ResourceRecordSetCount = &v
+ return s
+}
+
+// A complex type that contains an optional comment about your hosted zone.
+// If you don't want to specify a comment, omit both the HostedZoneConfig and
+// Comment elements.
+type HostedZoneConfig struct {
+ _ struct{} `type:"structure"`
+
+ // Any comments that you want to include about the hosted zone.
+ Comment *string `type:"string"`
+
+ // A value that indicates whether this is a private hosted zone.
+ PrivateZone *bool `type:"boolean"`
+}
+
+// String returns the string representation
+func (s HostedZoneConfig) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s HostedZoneConfig) GoString() string {
+ return s.String()
+}
+
+// SetComment sets the Comment field's value.
+func (s *HostedZoneConfig) SetComment(v string) *HostedZoneConfig {
+ s.Comment = &v
+ return s
+}
+
+// SetPrivateZone sets the PrivateZone field's value.
+func (s *HostedZoneConfig) SetPrivateZone(v bool) *HostedZoneConfig {
+ s.PrivateZone = &v
+ return s
+}
+
+// A complex type that contains the type of limit that you specified in the
+// request and the current value for that limit.
+type HostedZoneLimit struct {
+ _ struct{} `type:"structure"`
+
+ // The limit that you requested. Valid values include the following:
+ //
+ // * MAX_RRSETS_BY_ZONE: The maximum number of records that you can create
+ // in the specified hosted zone.
+ //
+ // * MAX_VPCS_ASSOCIATED_BY_ZONE: The maximum number of Amazon VPCs that
+ // you can associate with the specified private hosted zone.
+ //
+ // Type is a required field
+ Type *string `type:"string" required:"true" enum:"HostedZoneLimitType"`
+
+ // The current value for the limit that is specified by Type.
+ //
+ // Value is a required field
+ Value *int64 `min:"1" type:"long" required:"true"`
+}
+
+// String returns the string representation
+func (s HostedZoneLimit) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s HostedZoneLimit) GoString() string {
+ return s.String()
+}
+
+// SetType sets the Type field's value.
+func (s *HostedZoneLimit) SetType(v string) *HostedZoneLimit {
+ s.Type = &v
+ return s
+}
+
+// SetValue sets the Value field's value.
+func (s *HostedZoneLimit) SetValue(v int64) *HostedZoneLimit {
+ s.Value = &v
+ return s
+}
+
+// A complex type that identifies a hosted zone that a specified Amazon VPC
+// is associated with and the owner of the hosted zone. If there is a value
+// for OwningAccount, there is no value for OwningService, and vice versa.
+type HostedZoneOwner struct {
+ _ struct{} `type:"structure"`
+
+ // If the hosted zone was created by an AWS account, or was created by an AWS
+ // service that creates hosted zones using the current account, OwningAccount
+ // contains the account ID of that account. For example, when you use AWS Cloud
+ // Map to create a hosted zone, Cloud Map creates the hosted zone using the
+ // current AWS account.
+ OwningAccount *string `type:"string"`
+
+ // If an AWS service uses its own account to create a hosted zone and associate
+ // the specified VPC with that hosted zone, OwningService contains an abbreviation
+ // that identifies the service. For example, if Amazon Elastic File System (Amazon
+ // EFS) created a hosted zone and associated a VPC with the hosted zone, the
+ // value of OwningService is efs.amazonaws.com.
+ OwningService *string `type:"string"`
+}
+
+// String returns the string representation
+func (s HostedZoneOwner) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s HostedZoneOwner) GoString() string {
+ return s.String()
+}
+
+// SetOwningAccount sets the OwningAccount field's value.
+func (s *HostedZoneOwner) SetOwningAccount(v string) *HostedZoneOwner {
+ s.OwningAccount = &v
+ return s
+}
+
+// SetOwningService sets the OwningService field's value.
+func (s *HostedZoneOwner) SetOwningService(v string) *HostedZoneOwner {
+ s.OwningService = &v
+ return s
+}
+
+// In the response to a ListHostedZonesByVPC request, the HostedZoneSummaries
+// element contains one HostedZoneSummary element for each hosted zone that
+// the specified Amazon VPC is associated with. Each HostedZoneSummary element
+// contains the hosted zone name and ID, and information about who owns the
+// hosted zone.
+type HostedZoneSummary struct {
+ _ struct{} `type:"structure"`
+
+ // The Route 53 hosted zone ID of a private hosted zone that the specified VPC
+ // is associated with.
+ //
+ // HostedZoneId is a required field
+ HostedZoneId *string `type:"string" required:"true"`
+
+ // The name of the private hosted zone, such as example.com.
+ //
+ // Name is a required field
+ Name *string `type:"string" required:"true"`
+
+ // The owner of a private hosted zone that the specified VPC is associated with.
+ // The owner can be either an AWS account or an AWS service.
+ //
+ // Owner is a required field
+ Owner *HostedZoneOwner `type:"structure" required:"true"`
+}
+
+// String returns the string representation
+func (s HostedZoneSummary) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s HostedZoneSummary) GoString() string {
+ return s.String()
+}
+
+// SetHostedZoneId sets the HostedZoneId field's value.
+func (s *HostedZoneSummary) SetHostedZoneId(v string) *HostedZoneSummary {
+ s.HostedZoneId = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *HostedZoneSummary) SetName(v string) *HostedZoneSummary {
+ s.Name = &v
+ return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *HostedZoneSummary) SetOwner(v *HostedZoneOwner) *HostedZoneSummary {
+ s.Owner = v
+ return s
+}
+
+// A key signing key (KSK) is a complex type that represents a public/private
+// key pair. The private key is used to generate a digital signature for the
+// zone signing key (ZSK). The public key is stored in the DNS and is used to
+// authenticate the ZSK. A KSK is always associated with a hosted zone; it cannot
+// exist by itself.
+type KeySigningKey struct {
+ _ struct{} `type:"structure"`
+
+ // The date when the key signing key (KSK) was created.
+ CreatedDate *time.Time `type:"timestamp"`
+
+ // A string that represents a DNSKEY record.
+ DNSKEYRecord *string `type:"string"`
+
+ // A string that represents a delegation signer (DS) record.
+ DSRecord *string `type:"string"`
+
+ // A string used to represent the delegation signer digest algorithm. This value
+ // must follow the guidelines provided by RFC-8624 Section 3.3 (https://tools.ietf.org/html/rfc8624#section-3.3).
+ DigestAlgorithmMnemonic *string `type:"string"`
+
+ // An integer used to represent the delegation signer digest algorithm. This
+ // value must follow the guidelines provided by RFC-8624 Section 3.3 (https://tools.ietf.org/html/rfc8624#section-3.3).
+ DigestAlgorithmType *int64 `type:"integer"`
+
+ // A cryptographic digest of a DNSKEY resource record (RR). DNSKEY records are
+ // used to publish the public key that resolvers can use to verify DNSSEC signatures
+ // that are used to secure certain kinds of information provided by the DNS
+ // system.
+ DigestValue *string `type:"string"`
+
+ // An integer that specifies how the key is used. For key signing key (KSK),
+ // this value is always 257.
+ Flag *int64 `type:"integer"`
+
+ // An integer used to identify the DNSSEC record for the domain name. The process
+ // used to calculate the value is described in RFC-4034 Appendix B (https://tools.ietf.org/rfc/rfc4034.txt).
+ KeyTag *int64 `type:"integer"`
+
+ // The Amazon resource name (ARN) used to identify the customer managed key
+ // (CMK) in AWS Key Management Service (KMS). The KmsArn must be unique for
+ // each key signing key (KSK) in a single hosted zone.
+ //
+ // You must configure the CMK as follows:
+ //
+ // Status
+ //
+ // Enabled
+ //
+ // Key spec
+ //
+ // ECC_NIST_P256
+ //
+ // Key usage
+ //
+ // Sign and verify
+ //
+ // Key policy
+ //
+ // The key policy must give permission for the following actions:
+ //
+ // * DescribeKey
+ //
+ // * GetPublicKey
+ //
+ // * Sign
+ //
+ // The key policy must also include the Amazon Route 53 service in the principal
+ // for your account. Specify the following:
+ //
+ // * "Service": "api-service.dnssec.route53.aws.internal"
+ //
+ // For more information about working with the customer managed key (CMK) in
+ // KMS, see AWS Key Management Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html).
+ KmsArn *string `type:"string"`
+
+ // The last time that the key signing key (KSK) was changed.
+ LastModifiedDate *time.Time `type:"timestamp"`
+
+ // An alphanumeric string used to identify a key signing key (KSK). Name must
+ // be unique for each key signing key in the same hosted zone.
+ Name *string `min:"3" type:"string"`
+
+ // The public key, represented as a Base64 encoding, as required by RFC-4034
+ // Page 5 (https://tools.ietf.org/rfc/rfc4034.txt).
+ PublicKey *string `type:"string"`
+
+ // A string used to represent the signing algorithm. This value must follow
+ // the guidelines provided by RFC-8624 Section 3.1 (https://tools.ietf.org/html/rfc8624#section-3.1).
+ SigningAlgorithmMnemonic *string `type:"string"`
+
+ // An integer used to represent the signing algorithm. This value must follow
+ // the guidelines provided by RFC-8624 Section 3.1 (https://tools.ietf.org/html/rfc8624#section-3.1).
+ SigningAlgorithmType *int64 `type:"integer"`
+
+ // A string that represents the current key signing key (KSK) status.
+ //
+ // Status can have one of the following values:
+ //
+ // ACTIVE
+ //
+ // The KSK is being used for signing.
+ //
+ // INACTIVE
+ //
+ // The KSK is not being used for signing.
+ //
+ // ACTION_NEEDED
+ //
+ // There is an error in the KSK that requires you to take action to resolve.
+ //
+ // INTERNAL_FAILURE
+ //
+ // There was an error during a request. Before you can continue to work with
+ // DNSSEC signing, including actions that involve this KSK, you must correct
+ // the problem. For example, you may need to activate or deactivate the KSK.
+ Status *string `min:"5" type:"string"`
+
+ // The status message provided for the following key signing key (KSK) statuses:
+ // ACTION_NEEDED or INTERNAL_FAILURE. The status message includes information
+ // about what the problem might be and steps that you can take to correct the
+ // issue.
+ StatusMessage *string `type:"string"`
+}
+
+// String returns the string representation
+func (s KeySigningKey) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s KeySigningKey) GoString() string {
+ return s.String()
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *KeySigningKey) SetCreatedDate(v time.Time) *KeySigningKey {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDNSKEYRecord sets the DNSKEYRecord field's value.
+func (s *KeySigningKey) SetDNSKEYRecord(v string) *KeySigningKey {
+ s.DNSKEYRecord = &v
return s
}
-// SetLinkedService sets the LinkedService field's value.
-func (s *HostedZone) SetLinkedService(v *LinkedService) *HostedZone {
- s.LinkedService = v
+// SetDSRecord sets the DSRecord field's value.
+func (s *KeySigningKey) SetDSRecord(v string) *KeySigningKey {
+ s.DSRecord = &v
return s
}
-// SetName sets the Name field's value.
-func (s *HostedZone) SetName(v string) *HostedZone {
- s.Name = &v
+// SetDigestAlgorithmMnemonic sets the DigestAlgorithmMnemonic field's value.
+func (s *KeySigningKey) SetDigestAlgorithmMnemonic(v string) *KeySigningKey {
+ s.DigestAlgorithmMnemonic = &v
return s
}
-// SetResourceRecordSetCount sets the ResourceRecordSetCount field's value.
-func (s *HostedZone) SetResourceRecordSetCount(v int64) *HostedZone {
- s.ResourceRecordSetCount = &v
+// SetDigestAlgorithmType sets the DigestAlgorithmType field's value.
+func (s *KeySigningKey) SetDigestAlgorithmType(v int64) *KeySigningKey {
+ s.DigestAlgorithmType = &v
return s
}
-// A complex type that contains an optional comment about your hosted zone.
-// If you don't want to specify a comment, omit both the HostedZoneConfig and
-// Comment elements.
-type HostedZoneConfig struct {
- _ struct{} `type:"structure"`
-
- // Any comments that you want to include about the hosted zone.
- Comment *string `type:"string"`
-
- // A value that indicates whether this is a private hosted zone.
- PrivateZone *bool `type:"boolean"`
+// SetDigestValue sets the DigestValue field's value.
+func (s *KeySigningKey) SetDigestValue(v string) *KeySigningKey {
+ s.DigestValue = &v
+ return s
}
-// String returns the string representation
-func (s HostedZoneConfig) String() string {
- return awsutil.Prettify(s)
+// SetFlag sets the Flag field's value.
+func (s *KeySigningKey) SetFlag(v int64) *KeySigningKey {
+ s.Flag = &v
+ return s
}
-// GoString returns the string representation
-func (s HostedZoneConfig) GoString() string {
- return s.String()
+// SetKeyTag sets the KeyTag field's value.
+func (s *KeySigningKey) SetKeyTag(v int64) *KeySigningKey {
+ s.KeyTag = &v
+ return s
}
-// SetComment sets the Comment field's value.
-func (s *HostedZoneConfig) SetComment(v string) *HostedZoneConfig {
- s.Comment = &v
+// SetKmsArn sets the KmsArn field's value.
+func (s *KeySigningKey) SetKmsArn(v string) *KeySigningKey {
+ s.KmsArn = &v
return s
}
-// SetPrivateZone sets the PrivateZone field's value.
-func (s *HostedZoneConfig) SetPrivateZone(v bool) *HostedZoneConfig {
- s.PrivateZone = &v
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *KeySigningKey) SetLastModifiedDate(v time.Time) *KeySigningKey {
+ s.LastModifiedDate = &v
return s
}
-// A complex type that contains the type of limit that you specified in the
-// request and the current value for that limit.
-type HostedZoneLimit struct {
- _ struct{} `type:"structure"`
-
- // The limit that you requested. Valid values include the following:
- //
- // * MAX_RRSETS_BY_ZONE: The maximum number of records that you can create
- // in the specified hosted zone.
- //
- // * MAX_VPCS_ASSOCIATED_BY_ZONE: The maximum number of Amazon VPCs that
- // you can associate with the specified private hosted zone.
- //
- // Type is a required field
- Type *string `type:"string" required:"true" enum:"HostedZoneLimitType"`
+// SetName sets the Name field's value.
+func (s *KeySigningKey) SetName(v string) *KeySigningKey {
+ s.Name = &v
+ return s
+}
- // The current value for the limit that is specified by Type.
- //
- // Value is a required field
- Value *int64 `min:"1" type:"long" required:"true"`
+// SetPublicKey sets the PublicKey field's value.
+func (s *KeySigningKey) SetPublicKey(v string) *KeySigningKey {
+ s.PublicKey = &v
+ return s
}
-// String returns the string representation
-func (s HostedZoneLimit) String() string {
- return awsutil.Prettify(s)
+// SetSigningAlgorithmMnemonic sets the SigningAlgorithmMnemonic field's value.
+func (s *KeySigningKey) SetSigningAlgorithmMnemonic(v string) *KeySigningKey {
+ s.SigningAlgorithmMnemonic = &v
+ return s
}
-// GoString returns the string representation
-func (s HostedZoneLimit) GoString() string {
- return s.String()
+// SetSigningAlgorithmType sets the SigningAlgorithmType field's value.
+func (s *KeySigningKey) SetSigningAlgorithmType(v int64) *KeySigningKey {
+ s.SigningAlgorithmType = &v
+ return s
}
-// SetType sets the Type field's value.
-func (s *HostedZoneLimit) SetType(v string) *HostedZoneLimit {
- s.Type = &v
+// SetStatus sets the Status field's value.
+func (s *KeySigningKey) SetStatus(v string) *KeySigningKey {
+ s.Status = &v
return s
}
-// SetValue sets the Value field's value.
-func (s *HostedZoneLimit) SetValue(v int64) *HostedZoneLimit {
- s.Value = &v
+// SetStatusMessage sets the StatusMessage field's value.
+func (s *KeySigningKey) SetStatusMessage(v string) *KeySigningKey {
+ s.StatusMessage = &v
return s
}
@@ -10690,7 +12655,7 @@ func (s *LinkedService) SetServicePrincipal(v string) *LinkedService {
// A request to get a list of geographic locations that Amazon Route 53 supports
// for geolocation resource record sets.
type ListGeoLocationsInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListGeoLocationsRequest" type:"structure"`
// (Optional) The maximum number of geolocations to be included in the response
// body for this request. If more than maxitems geolocations remain to be listed,
@@ -10713,18 +12678,15 @@ type ListGeoLocationsInput struct {
// a page or more of results, if IsTruncated is true, and if NextCountryCode
// from the previous response has a value, enter that value in startcountrycode
// to return the next page of results.
- //
- // Route 53 uses the two-letter country codes that are specified in ISO standard
- // 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
StartCountryCode *string `location:"querystring" locationName:"startcountrycode" min:"1" type:"string"`
- // The code for the subdivision (for example, state or province) with which
- // you want to start listing locations that Amazon Route 53 supports for geolocation.
- // If Route 53 has already returned a page or more of results, if IsTruncated
- // is true, and if NextSubdivisionCode from the previous response has a value,
- // enter that value in startsubdivisioncode to return the next page of results.
+ // The code for the state of the United States with which you want to start
+ // listing locations that Amazon Route 53 supports for geolocation. If Route
+ // 53 has already returned a page or more of results, if IsTruncated is true,
+ // and if NextSubdivisionCode from the previous response has a value, enter
+ // that value in startsubdivisioncode to return the next page of results.
//
- // To list subdivisions of a country, you must include both startcountrycode
+ // To list subdivisions (U.S. states), you must include both startcountrycode
// and startsubdivisioncode.
StartSubdivisionCode *string `location:"querystring" locationName:"startsubdivisioncode" min:"1" type:"string"`
}
@@ -10871,7 +12833,7 @@ func (s *ListGeoLocationsOutput) SetNextSubdivisionCode(v string) *ListGeoLocati
// A request to retrieve a list of the health checks that are associated with
// the current AWS account.
type ListHealthChecksInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListHealthChecksRequest" type:"structure"`
// If the value of IsTruncated in the previous response was true, you have more
// health checks. To get another group, submit another ListHealthChecks request.
@@ -10992,7 +12954,7 @@ func (s *ListHealthChecksOutput) SetNextMarker(v string) *ListHealthChecksOutput
// Retrieves a list of the public and private hosted zones that are associated
// with the current AWS account in ASCII order by domain name.
type ListHostedZonesByNameInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListHostedZonesByNameRequest" type:"structure"`
// (Optional) For your first request to ListHostedZonesByName, include the dnsname
// parameter only if you want to specify the name of the first hosted zone in
@@ -11151,10 +13113,148 @@ func (s *ListHostedZonesByNameOutput) SetNextHostedZoneId(v string) *ListHostedZ
return s
}
+// Lists all the private hosted zones that a specified VPC is associated with,
+// regardless of which AWS account created the hosted zones.
+type ListHostedZonesByVPCInput struct {
+ _ struct{} `locationName:"ListHostedZonesByVPCRequest" type:"structure"`
+
+ // (Optional) The maximum number of hosted zones that you want Amazon Route
+ // 53 to return. If the specified VPC is associated with more than MaxItems
+ // hosted zones, the response includes a NextToken element. NextToken contains
+ // an encrypted token that identifies the first hosted zone that Route 53 will
+ // return if you submit another request.
+ MaxItems *string `location:"querystring" locationName:"maxitems" type:"string"`
+
+ // If the previous response included a NextToken element, the specified VPC
+ // is associated with more hosted zones. To get more hosted zones, submit another
+ // ListHostedZonesByVPC request.
+ //
+ // For the value of NextToken, specify the value of NextToken from the previous
+ // response.
+ //
+ // If the previous response didn't include a NextToken element, there are no
+ // more hosted zones to get.
+ NextToken *string `location:"querystring" locationName:"nexttoken" type:"string"`
+
+ // The ID of the Amazon VPC that you want to list hosted zones for.
+ //
+ // VPCId is a required field
+ VPCId *string `location:"querystring" locationName:"vpcid" type:"string" required:"true"`
+
+ // For the Amazon VPC that you specified for VPCId, the AWS Region that you
+ // created the VPC in.
+ //
+ // VPCRegion is a required field
+ VPCRegion *string `location:"querystring" locationName:"vpcregion" min:"1" type:"string" required:"true" enum:"VPCRegion"`
+}
+
+// String returns the string representation
+func (s ListHostedZonesByVPCInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListHostedZonesByVPCInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListHostedZonesByVPCInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListHostedZonesByVPCInput"}
+ if s.VPCId == nil {
+ invalidParams.Add(request.NewErrParamRequired("VPCId"))
+ }
+ if s.VPCRegion == nil {
+ invalidParams.Add(request.NewErrParamRequired("VPCRegion"))
+ }
+ if s.VPCRegion != nil && len(*s.VPCRegion) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("VPCRegion", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxItems sets the MaxItems field's value.
+func (s *ListHostedZonesByVPCInput) SetMaxItems(v string) *ListHostedZonesByVPCInput {
+ s.MaxItems = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListHostedZonesByVPCInput) SetNextToken(v string) *ListHostedZonesByVPCInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetVPCId sets the VPCId field's value.
+func (s *ListHostedZonesByVPCInput) SetVPCId(v string) *ListHostedZonesByVPCInput {
+ s.VPCId = &v
+ return s
+}
+
+// SetVPCRegion sets the VPCRegion field's value.
+func (s *ListHostedZonesByVPCInput) SetVPCRegion(v string) *ListHostedZonesByVPCInput {
+ s.VPCRegion = &v
+ return s
+}
+
+type ListHostedZonesByVPCOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A list that contains one HostedZoneSummary element for each hosted zone that
+ // the specified Amazon VPC is associated with. Each HostedZoneSummary element
+ // contains the hosted zone name and ID, and information about who owns the
+ // hosted zone.
+ //
+ // HostedZoneSummaries is a required field
+ HostedZoneSummaries []*HostedZoneSummary `locationNameList:"HostedZoneSummary" type:"list" required:"true"`
+
+ // The value that you specified for MaxItems in the most recent ListHostedZonesByVPC
+ // request.
+ //
+ // MaxItems is a required field
+ MaxItems *string `type:"string" required:"true"`
+
+ // The value that you specified for NextToken in the most recent ListHostedZonesByVPC
+ // request.
+ NextToken *string `type:"string"`
+}
+
+// String returns the string representation
+func (s ListHostedZonesByVPCOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListHostedZonesByVPCOutput) GoString() string {
+ return s.String()
+}
+
+// SetHostedZoneSummaries sets the HostedZoneSummaries field's value.
+func (s *ListHostedZonesByVPCOutput) SetHostedZoneSummaries(v []*HostedZoneSummary) *ListHostedZonesByVPCOutput {
+ s.HostedZoneSummaries = v
+ return s
+}
+
+// SetMaxItems sets the MaxItems field's value.
+func (s *ListHostedZonesByVPCOutput) SetMaxItems(v string) *ListHostedZonesByVPCOutput {
+ s.MaxItems = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListHostedZonesByVPCOutput) SetNextToken(v string) *ListHostedZonesByVPCOutput {
+ s.NextToken = &v
+ return s
+}
+
// A request to retrieve a list of the public and private hosted zones that
// are associated with the current AWS account.
type ListHostedZonesInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListHostedZonesRequest" type:"structure"`
// If you're using reusable delegation sets and you want to list all of the
// hosted zones that are associated with a reusable delegation set, specify
@@ -11286,7 +13386,7 @@ func (s *ListHostedZonesOutput) SetNextMarker(v string) *ListHostedZonesOutput {
}
type ListQueryLoggingConfigsInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListQueryLoggingConfigsRequest" type:"structure"`
// (Optional) If you want to list the query logging configuration that is associated
// with a hosted zone, specify the ID in HostedZoneId.
@@ -11388,7 +13488,7 @@ func (s *ListQueryLoggingConfigsOutput) SetQueryLoggingConfigs(v []*QueryLogging
// A request for the resource record sets that are associated with a specified
// hosted zone.
type ListResourceRecordSetsInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListResourceRecordSetsRequest" type:"structure"`
// The ID of the hosted zone that contains the resource record sets that you
// want to list.
@@ -11404,14 +13504,16 @@ type ListResourceRecordSetsInput struct {
// of maxitems resource record sets.
MaxItems *string `location:"querystring" locationName:"maxitems" type:"string"`
- // Weighted resource record sets only: If results were truncated for a given
- // DNS name and type, specify the value of NextRecordIdentifier from the previous
- // response to get the next resource record set that has the current DNS name
- // and type.
+ // Resource record sets that have a routing policy other than simple: If results
+ // were truncated for a given DNS name and type, specify the value of NextRecordIdentifier
+ // from the previous response to get the next resource record set that has the
+ // current DNS name and type.
StartRecordIdentifier *string `location:"querystring" locationName:"identifier" min:"1" type:"string"`
// The first name in the lexicographic ordering of resource record sets that
- // you want to list.
+ // you want to list. If the specified record name doesn't exist, the results
+ // begin with the first resource record set that has a name greater than the
+ // value of name.
StartRecordName *string `location:"querystring" locationName:"name" type:"string"`
// The type of resource record set to begin the record listing from.
@@ -11432,9 +13534,9 @@ type ListResourceRecordSetsInput struct {
//
// * Elastic Load Balancing load balancer: A | AAAA
//
- // * Amazon S3 bucket: A
+ // * S3 bucket: A
//
- // * Amazon VPC interface VPC endpoint: A
+ // * VPC interface VPC endpoint: A
//
// * Another resource record set in this hosted zone: The type of the resource
// record set that the alias references.
@@ -11592,7 +13694,7 @@ func (s *ListResourceRecordSetsOutput) SetResourceRecordSets(v []*ResourceRecord
// A request to get a list of the reusable delegation sets that are associated
// with the current AWS account.
type ListReusableDelegationSetsInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListReusableDelegationSetsRequest" type:"structure"`
// If the value of IsTruncated in the previous response was true, you have more
// reusable delegation sets. To get another group, submit another ListReusableDelegationSets
@@ -11713,7 +13815,7 @@ func (s *ListReusableDelegationSetsOutput) SetNextMarker(v string) *ListReusable
// A complex type containing information about a request for a list of the tags
// that are associated with an individual resource.
type ListTagsForResourceInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListTagsForResourceRequest" type:"structure"`
// The ID of the resource for which you want to retrieve tags.
//
@@ -11895,7 +13997,7 @@ func (s *ListTagsForResourcesOutput) SetResourceTagSets(v []*ResourceTagSet) *Li
// A complex type that contains the information about the request to list the
// traffic policies that are associated with the current AWS account.
type ListTrafficPoliciesInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListTrafficPoliciesRequest" type:"structure"`
// (Optional) The maximum number of traffic policies that you want Amazon Route
// 53 to return in response to this request. If you have more than MaxItems
@@ -12018,7 +14120,7 @@ func (s *ListTrafficPoliciesOutput) SetTrafficPolicySummaries(v []*TrafficPolicy
// A request for the traffic policy instances that you created in a specified
// hosted zone.
type ListTrafficPolicyInstancesByHostedZoneInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListTrafficPolicyInstancesByHostedZoneRequest" type:"structure"`
// The ID of the hosted zone that you want to list traffic policy instances
// for.
@@ -12182,7 +14284,7 @@ func (s *ListTrafficPolicyInstancesByHostedZoneOutput) SetTrafficPolicyInstances
// A complex type that contains the information about the request to list your
// traffic policy instances.
type ListTrafficPolicyInstancesByPolicyInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListTrafficPolicyInstancesByPolicyRequest" type:"structure"`
// If the value of IsTruncated in the previous response was true, you have more
// traffic policy instances. To get more traffic policy instances, submit another
@@ -12399,7 +14501,7 @@ func (s *ListTrafficPolicyInstancesByPolicyOutput) SetTrafficPolicyInstances(v [
// A request to get information about the traffic policy instances that you
// created by using the current AWS account.
type ListTrafficPolicyInstancesInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListTrafficPolicyInstancesRequest" type:"structure"`
// If the value of IsTruncated in the previous response was true, you have more
// traffic policy instances. To get more traffic policy instances, submit another
@@ -12568,7 +14670,7 @@ func (s *ListTrafficPolicyInstancesOutput) SetTrafficPolicyInstances(v []*Traffi
// A complex type that contains the information about the request to list your
// traffic policies.
type ListTrafficPolicyVersionsInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListTrafficPolicyVersionsRequest" type:"structure"`
// Specify the value of Id of the traffic policy for which you want to list
// all versions.
@@ -12710,7 +14812,7 @@ func (s *ListTrafficPolicyVersionsOutput) SetTrafficPolicyVersionMarker(v string
// A complex type that contains information about that can be associated with
// your hosted zone.
type ListVPCAssociationAuthorizationsInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"ListVPCAssociationAuthorizationsRequest" type:"structure"`
// The ID of the hosted zone for which you want a list of VPCs that can be associated
// with the hosted zone.
@@ -12944,7 +15046,7 @@ type ResourceRecordSet struct {
// record sets in a private hosted zone is unsupported.
//
// * For information about creating failover resource record sets in a private
- // hosted zone, see Configuring Failover in a Private Hosted Zone (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)
+ // hosted zone, see Configuring Failover in a Private Hosted Zone (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)
// in the Amazon Route 53 Developer Guide.
AliasTarget *AliasTarget `type:"structure"`
@@ -12984,9 +15086,9 @@ type ResourceRecordSet struct {
// For more information about configuring failover for Route 53, see the following
// topics in the Amazon Route 53 Developer Guide:
//
- // * Route 53 Health Checks and DNS Failover (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)
+ // * Route 53 Health Checks and DNS Failover (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)
//
- // * Configuring Failover in a Private Hosted Zone (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)
+ // * Configuring Failover in a Private Hosted Zone (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)
Failover *string `type:"string" enum:"ResourceRecordSetFailover"`
// Geolocation resource record sets only: A complex type that lets you control
@@ -12995,8 +15097,8 @@ type ResourceRecordSet struct {
// to a web server with an IP address of 192.0.2.111, create a resource record
// set with a Type of A and a ContinentCode of AF.
//
- // Creating geolocation and geolocation alias resource record sets in private
- // hosted zones is not supported.
+ // Although creating geolocation and geolocation alias resource record sets
+ // in a private hosted zone is allowed, it's not supported.
//
// If you create separate resource record sets for overlapping geographic regions
// (for example, one resource record set for a continent and one for a country
@@ -13015,11 +15117,12 @@ type ResourceRecordSet struct {
// addresses aren't mapped to geographic locations, so even if you create geolocation
// resource record sets that cover all seven continents, Route 53 will receive
// some DNS queries from locations that it can't identify. We recommend that
- // you create a resource record set for which the value of CountryCode is *,
- // which handles both queries that come from locations for which you haven't
- // created geolocation resource record sets and queries from IP addresses that
- // aren't mapped to a location. If you don't create a * resource record set,
- // Route 53 returns a "no answer" response for queries from those locations.
+ // you create a resource record set for which the value of CountryCode is *.
+ // Two groups of queries are routed to the resource that you specify in this
+ // record: queries that come from locations for which you haven't created geolocation
+ // resource record sets and queries from IP addresses that aren't mapped to
+ // a location. If you don't create a * resource record set, Route 53 returns
+ // a "no answer" response for queries from those locations.
//
// You can't create non-geolocation resource record sets that have the same
// values for the Name and Type elements as geolocation resource record sets.
@@ -13052,9 +15155,9 @@ type ResourceRecordSet struct {
//
// * How Amazon Route 53 Determines Whether an Endpoint Is Healthy (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html)
//
- // * Route 53 Health Checks and DNS Failover (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)
+ // * Route 53 Health Checks and DNS Failover (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)
//
- // * Configuring Failover in a Private Hosted Zone (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)
+ // * Configuring Failover in a Private Hosted Zone (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)
//
// When to Specify HealthCheckId
//
@@ -13167,7 +15270,7 @@ type ResourceRecordSet struct {
//
// For information about how to specify characters other than a-z, 0-9, and
// - (hyphen) and how to specify internationalized domain names, see DNS Domain
- // Name Format (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html)
+ // Name Format (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html)
// in the Amazon Route 53 Developer Guide.
//
// You can use the asterisk (*) wildcard to replace the leftmost label in a
@@ -13197,8 +15300,8 @@ type ResourceRecordSet struct {
// and is referred to by an IP address or a DNS domain name, depending on the
// record type.
//
- // Creating latency and latency alias resource record sets in private hosted
- // zones is not supported.
+ // Although creating latency and latency alias resource record sets in a private
+ // hosted zone is allowed, it's not supported.
//
// When Amazon Route 53 receives a DNS query for a domain name and type for
// which you have created latency resource record sets, Route 53 selects the
@@ -13272,7 +15375,7 @@ type ResourceRecordSet struct {
TrafficPolicyInstanceId *string `min:"1" type:"string"`
// The DNS record type. For information about different record types and how
- // data is encoded for them, see Supported DNS Resource Record Types (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html)
+ // data is encoded for them, see Supported DNS Resource Record Types (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html)
// in the Amazon Route 53 Developer Guide.
//
// Valid values for basic resource record sets: A | AAAA | CAA | CNAME | MX
@@ -13303,8 +15406,7 @@ type ResourceRecordSet struct {
// create two resource record sets to route traffic to your distribution,
// one with a value of A and one with a value of AAAA.
//
- // * AWS Elastic Beanstalk environment that has a regionalized subdomain:
- // A
+ // * Amazon API Gateway environment that has a regionalized subdomain: A
//
// * ELB load balancers: A | AAAA
//
@@ -13352,7 +15454,7 @@ type ResourceRecordSet struct {
// of DNS name and type, traffic is routed to all resources with equal probability.
// The effect of setting Weight to 0 is different when you associate health
// checks with weighted resource record sets. For more information, see Options
- // for Configuring Route 53 Active-Active and Active-Passive Failover (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html)
+ // for Configuring Route 53 Active-Active and Active-Passive Failover (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html)
// in the Amazon Route 53 Developer Guide.
Weight *int64 `type:"long"`
}
@@ -13672,7 +15774,7 @@ func (s *Tag) SetValue(v string) *Tag {
// for a specified record name and type. You can optionally specify the IP address
// of a DNS resolver, an EDNS0 client subnet IP address, and a subnet mask.
type TestDNSAnswerInput struct {
- _ struct{} `type:"structure"`
+ _ struct{} `locationName:"TestDNSAnswerRequest" type:"structure"`
// If the resolver that you specified for resolverip supports EDNS0, specify
// the IPv4 or IPv6 address of a client in the applicable location, for example,
@@ -14225,7 +16327,7 @@ type UpdateHealthCheckInput struct {
// The number of consecutive health checks that an endpoint must pass or fail
// for Amazon Route 53 to change the current status of the endpoint from unhealthy
// to healthy or vice versa. For more information, see How Amazon Route 53 Determines
- // Whether an Endpoint Is Healthy (http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html)
+ // Whether an Endpoint Is Healthy (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html)
// in the Amazon Route 53 Developer Guide.
//
// If you don't specify a value for FailureThreshold, the default value is three
@@ -14396,8 +16498,11 @@ type UpdateHealthCheckInput struct {
// would be considered healthy.
Inverted *bool `type:"boolean"`
- // The port on the endpoint on which you want Amazon Route 53 to perform health
- // checks.
+ // The port on the endpoint that you want Amazon Route 53 to perform health
+ // checks on.
+ //
+ // Don't specify a value for Port when you specify a value for Type of CLOUDWATCH_METRIC
+ // or CALCULATED.
Port *int64 `min:"1" type:"integer"`
// A complex type that contains one Region element for each region that you
@@ -14430,7 +16535,7 @@ type UpdateHealthCheckInput struct {
// Specify this value only if you want to change it.
ResourcePath *string `type:"string"`
- // If the value of Type is HTTP_STR_MATCH or HTTP_STR_MATCH, the string that
+ // If the value of Type is HTTP_STR_MATCH or HTTPS_STR_MATCH, the string that
// you want Amazon Route 53 to search for in the response body from the specified
// resource. If the string appears in the response body, Route 53 considers
// the resource healthy. (You can't change the value of Type when you update
@@ -14976,6 +17081,17 @@ const (
AccountLimitTypeMaxTrafficPoliciesByOwner = "MAX_TRAFFIC_POLICIES_BY_OWNER"
)
+// AccountLimitType_Values returns all elements of the AccountLimitType enum
+func AccountLimitType_Values() []string {
+ return []string{
+ AccountLimitTypeMaxHealthChecksByOwner,
+ AccountLimitTypeMaxHostedZonesByOwner,
+ AccountLimitTypeMaxTrafficPolicyInstancesByOwner,
+ AccountLimitTypeMaxReusableDelegationSetsByOwner,
+ AccountLimitTypeMaxTrafficPoliciesByOwner,
+ }
+}
+
const (
// ChangeActionCreate is a ChangeAction enum value
ChangeActionCreate = "CREATE"
@@ -14987,6 +17103,15 @@ const (
ChangeActionUpsert = "UPSERT"
)
+// ChangeAction_Values returns all elements of the ChangeAction enum
+func ChangeAction_Values() []string {
+ return []string{
+ ChangeActionCreate,
+ ChangeActionDelete,
+ ChangeActionUpsert,
+ }
+}
+
const (
// ChangeStatusPending is a ChangeStatus enum value
ChangeStatusPending = "PENDING"
@@ -14995,6 +17120,14 @@ const (
ChangeStatusInsync = "INSYNC"
)
+// ChangeStatus_Values returns all elements of the ChangeStatus enum
+func ChangeStatus_Values() []string {
+ return []string{
+ ChangeStatusPending,
+ ChangeStatusInsync,
+ }
+}
+
const (
// CloudWatchRegionUsEast1 is a CloudWatchRegion enum value
CloudWatchRegionUsEast1 = "us-east-1"
@@ -15026,6 +17159,9 @@ const (
// CloudWatchRegionApEast1 is a CloudWatchRegion enum value
CloudWatchRegionApEast1 = "ap-east-1"
+ // CloudWatchRegionMeSouth1 is a CloudWatchRegion enum value
+ CloudWatchRegionMeSouth1 = "me-south-1"
+
// CloudWatchRegionApSouth1 is a CloudWatchRegion enum value
CloudWatchRegionApSouth1 = "ap-south-1"
@@ -15055,8 +17191,59 @@ const (
// CloudWatchRegionCnNorth1 is a CloudWatchRegion enum value
CloudWatchRegionCnNorth1 = "cn-north-1"
+
+ // CloudWatchRegionAfSouth1 is a CloudWatchRegion enum value
+ CloudWatchRegionAfSouth1 = "af-south-1"
+
+ // CloudWatchRegionEuSouth1 is a CloudWatchRegion enum value
+ CloudWatchRegionEuSouth1 = "eu-south-1"
+
+ // CloudWatchRegionUsGovWest1 is a CloudWatchRegion enum value
+ CloudWatchRegionUsGovWest1 = "us-gov-west-1"
+
+ // CloudWatchRegionUsGovEast1 is a CloudWatchRegion enum value
+ CloudWatchRegionUsGovEast1 = "us-gov-east-1"
+
+ // CloudWatchRegionUsIsoEast1 is a CloudWatchRegion enum value
+ CloudWatchRegionUsIsoEast1 = "us-iso-east-1"
+
+ // CloudWatchRegionUsIsobEast1 is a CloudWatchRegion enum value
+ CloudWatchRegionUsIsobEast1 = "us-isob-east-1"
)
+// CloudWatchRegion_Values returns all elements of the CloudWatchRegion enum
+func CloudWatchRegion_Values() []string {
+ return []string{
+ CloudWatchRegionUsEast1,
+ CloudWatchRegionUsEast2,
+ CloudWatchRegionUsWest1,
+ CloudWatchRegionUsWest2,
+ CloudWatchRegionCaCentral1,
+ CloudWatchRegionEuCentral1,
+ CloudWatchRegionEuWest1,
+ CloudWatchRegionEuWest2,
+ CloudWatchRegionEuWest3,
+ CloudWatchRegionApEast1,
+ CloudWatchRegionMeSouth1,
+ CloudWatchRegionApSouth1,
+ CloudWatchRegionApSoutheast1,
+ CloudWatchRegionApSoutheast2,
+ CloudWatchRegionApNortheast1,
+ CloudWatchRegionApNortheast2,
+ CloudWatchRegionApNortheast3,
+ CloudWatchRegionEuNorth1,
+ CloudWatchRegionSaEast1,
+ CloudWatchRegionCnNorthwest1,
+ CloudWatchRegionCnNorth1,
+ CloudWatchRegionAfSouth1,
+ CloudWatchRegionEuSouth1,
+ CloudWatchRegionUsGovWest1,
+ CloudWatchRegionUsGovEast1,
+ CloudWatchRegionUsIsoEast1,
+ CloudWatchRegionUsIsobEast1,
+ }
+}
+
const (
// ComparisonOperatorGreaterThanOrEqualToThreshold is a ComparisonOperator enum value
ComparisonOperatorGreaterThanOrEqualToThreshold = "GreaterThanOrEqualToThreshold"
@@ -15071,6 +17258,16 @@ const (
ComparisonOperatorLessThanOrEqualToThreshold = "LessThanOrEqualToThreshold"
)
+// ComparisonOperator_Values returns all elements of the ComparisonOperator enum
+func ComparisonOperator_Values() []string {
+ return []string{
+ ComparisonOperatorGreaterThanOrEqualToThreshold,
+ ComparisonOperatorGreaterThanThreshold,
+ ComparisonOperatorLessThanThreshold,
+ ComparisonOperatorLessThanOrEqualToThreshold,
+ }
+}
+
const (
// HealthCheckRegionUsEast1 is a HealthCheckRegion enum value
HealthCheckRegionUsEast1 = "us-east-1"
@@ -15097,6 +17294,20 @@ const (
HealthCheckRegionSaEast1 = "sa-east-1"
)
+// HealthCheckRegion_Values returns all elements of the HealthCheckRegion enum
+func HealthCheckRegion_Values() []string {
+ return []string{
+ HealthCheckRegionUsEast1,
+ HealthCheckRegionUsWest1,
+ HealthCheckRegionUsWest2,
+ HealthCheckRegionEuWest1,
+ HealthCheckRegionApSoutheast1,
+ HealthCheckRegionApSoutheast2,
+ HealthCheckRegionApNortheast1,
+ HealthCheckRegionSaEast1,
+ }
+}
+
const (
// HealthCheckTypeHttp is a HealthCheckType enum value
HealthCheckTypeHttp = "HTTP"
@@ -15120,6 +17331,19 @@ const (
HealthCheckTypeCloudwatchMetric = "CLOUDWATCH_METRIC"
)
+// HealthCheckType_Values returns all elements of the HealthCheckType enum
+func HealthCheckType_Values() []string {
+ return []string{
+ HealthCheckTypeHttp,
+ HealthCheckTypeHttps,
+ HealthCheckTypeHttpStrMatch,
+ HealthCheckTypeHttpsStrMatch,
+ HealthCheckTypeTcp,
+ HealthCheckTypeCalculated,
+ HealthCheckTypeCloudwatchMetric,
+ }
+}
+
const (
// HostedZoneLimitTypeMaxRrsetsByZone is a HostedZoneLimitType enum value
HostedZoneLimitTypeMaxRrsetsByZone = "MAX_RRSETS_BY_ZONE"
@@ -15128,6 +17352,14 @@ const (
HostedZoneLimitTypeMaxVpcsAssociatedByZone = "MAX_VPCS_ASSOCIATED_BY_ZONE"
)
+// HostedZoneLimitType_Values returns all elements of the HostedZoneLimitType enum
+func HostedZoneLimitType_Values() []string {
+ return []string{
+ HostedZoneLimitTypeMaxRrsetsByZone,
+ HostedZoneLimitTypeMaxVpcsAssociatedByZone,
+ }
+}
+
const (
// InsufficientDataHealthStatusHealthy is a InsufficientDataHealthStatus enum value
InsufficientDataHealthStatusHealthy = "Healthy"
@@ -15139,6 +17371,15 @@ const (
InsufficientDataHealthStatusLastKnownStatus = "LastKnownStatus"
)
+// InsufficientDataHealthStatus_Values returns all elements of the InsufficientDataHealthStatus enum
+func InsufficientDataHealthStatus_Values() []string {
+ return []string{
+ InsufficientDataHealthStatusHealthy,
+ InsufficientDataHealthStatusUnhealthy,
+ InsufficientDataHealthStatusLastKnownStatus,
+ }
+}
+
const (
// RRTypeSoa is a RRType enum value
RRTypeSoa = "SOA"
@@ -15175,8 +17416,30 @@ const (
// RRTypeCaa is a RRType enum value
RRTypeCaa = "CAA"
+
+ // RRTypeDs is a RRType enum value
+ RRTypeDs = "DS"
)
+// RRType_Values returns all elements of the RRType enum
+func RRType_Values() []string {
+ return []string{
+ RRTypeSoa,
+ RRTypeA,
+ RRTypeTxt,
+ RRTypeNs,
+ RRTypeCname,
+ RRTypeMx,
+ RRTypeNaptr,
+ RRTypePtr,
+ RRTypeSrv,
+ RRTypeSpf,
+ RRTypeAaaa,
+ RRTypeCaa,
+ RRTypeDs,
+ }
+}
+
const (
// ResettableElementNameFullyQualifiedDomainName is a ResettableElementName enum value
ResettableElementNameFullyQualifiedDomainName = "FullyQualifiedDomainName"
@@ -15191,6 +17454,16 @@ const (
ResettableElementNameChildHealthChecks = "ChildHealthChecks"
)
+// ResettableElementName_Values returns all elements of the ResettableElementName enum
+func ResettableElementName_Values() []string {
+ return []string{
+ ResettableElementNameFullyQualifiedDomainName,
+ ResettableElementNameRegions,
+ ResettableElementNameResourcePath,
+ ResettableElementNameChildHealthChecks,
+ }
+}
+
const (
// ResourceRecordSetFailoverPrimary is a ResourceRecordSetFailover enum value
ResourceRecordSetFailoverPrimary = "PRIMARY"
@@ -15199,6 +17472,14 @@ const (
ResourceRecordSetFailoverSecondary = "SECONDARY"
)
+// ResourceRecordSetFailover_Values returns all elements of the ResourceRecordSetFailover enum
+func ResourceRecordSetFailover_Values() []string {
+ return []string{
+ ResourceRecordSetFailoverPrimary,
+ ResourceRecordSetFailoverSecondary,
+ }
+}
+
const (
// ResourceRecordSetRegionUsEast1 is a ResourceRecordSetRegion enum value
ResourceRecordSetRegionUsEast1 = "us-east-1"
@@ -15257,15 +17538,60 @@ const (
// ResourceRecordSetRegionApEast1 is a ResourceRecordSetRegion enum value
ResourceRecordSetRegionApEast1 = "ap-east-1"
+ // ResourceRecordSetRegionMeSouth1 is a ResourceRecordSetRegion enum value
+ ResourceRecordSetRegionMeSouth1 = "me-south-1"
+
// ResourceRecordSetRegionApSouth1 is a ResourceRecordSetRegion enum value
ResourceRecordSetRegionApSouth1 = "ap-south-1"
+
+ // ResourceRecordSetRegionAfSouth1 is a ResourceRecordSetRegion enum value
+ ResourceRecordSetRegionAfSouth1 = "af-south-1"
+
+ // ResourceRecordSetRegionEuSouth1 is a ResourceRecordSetRegion enum value
+ ResourceRecordSetRegionEuSouth1 = "eu-south-1"
)
+// ResourceRecordSetRegion_Values returns all elements of the ResourceRecordSetRegion enum
+func ResourceRecordSetRegion_Values() []string {
+ return []string{
+ ResourceRecordSetRegionUsEast1,
+ ResourceRecordSetRegionUsEast2,
+ ResourceRecordSetRegionUsWest1,
+ ResourceRecordSetRegionUsWest2,
+ ResourceRecordSetRegionCaCentral1,
+ ResourceRecordSetRegionEuWest1,
+ ResourceRecordSetRegionEuWest2,
+ ResourceRecordSetRegionEuWest3,
+ ResourceRecordSetRegionEuCentral1,
+ ResourceRecordSetRegionApSoutheast1,
+ ResourceRecordSetRegionApSoutheast2,
+ ResourceRecordSetRegionApNortheast1,
+ ResourceRecordSetRegionApNortheast2,
+ ResourceRecordSetRegionApNortheast3,
+ ResourceRecordSetRegionEuNorth1,
+ ResourceRecordSetRegionSaEast1,
+ ResourceRecordSetRegionCnNorth1,
+ ResourceRecordSetRegionCnNorthwest1,
+ ResourceRecordSetRegionApEast1,
+ ResourceRecordSetRegionMeSouth1,
+ ResourceRecordSetRegionApSouth1,
+ ResourceRecordSetRegionAfSouth1,
+ ResourceRecordSetRegionEuSouth1,
+ }
+}
+
const (
// ReusableDelegationSetLimitTypeMaxZonesByReusableDelegationSet is a ReusableDelegationSetLimitType enum value
ReusableDelegationSetLimitTypeMaxZonesByReusableDelegationSet = "MAX_ZONES_BY_REUSABLE_DELEGATION_SET"
)
+// ReusableDelegationSetLimitType_Values returns all elements of the ReusableDelegationSetLimitType enum
+func ReusableDelegationSetLimitType_Values() []string {
+ return []string{
+ ReusableDelegationSetLimitTypeMaxZonesByReusableDelegationSet,
+ }
+}
+
const (
// StatisticAverage is a Statistic enum value
StatisticAverage = "Average"
@@ -15283,6 +17609,17 @@ const (
StatisticMinimum = "Minimum"
)
+// Statistic_Values returns all elements of the Statistic enum
+func Statistic_Values() []string {
+ return []string{
+ StatisticAverage,
+ StatisticSum,
+ StatisticSampleCount,
+ StatisticMaximum,
+ StatisticMinimum,
+ }
+}
+
const (
// TagResourceTypeHealthcheck is a TagResourceType enum value
TagResourceTypeHealthcheck = "healthcheck"
@@ -15291,6 +17628,14 @@ const (
TagResourceTypeHostedzone = "hostedzone"
)
+// TagResourceType_Values returns all elements of the TagResourceType enum
+func TagResourceType_Values() []string {
+ return []string{
+ TagResourceTypeHealthcheck,
+ TagResourceTypeHostedzone,
+ }
+}
+
const (
// VPCRegionUsEast1 is a VPCRegion enum value
VPCRegionUsEast1 = "us-east-1"
@@ -15319,6 +17664,21 @@ const (
// VPCRegionApEast1 is a VPCRegion enum value
VPCRegionApEast1 = "ap-east-1"
+ // VPCRegionMeSouth1 is a VPCRegion enum value
+ VPCRegionMeSouth1 = "me-south-1"
+
+ // VPCRegionUsGovWest1 is a VPCRegion enum value
+ VPCRegionUsGovWest1 = "us-gov-west-1"
+
+ // VPCRegionUsGovEast1 is a VPCRegion enum value
+ VPCRegionUsGovEast1 = "us-gov-east-1"
+
+ // VPCRegionUsIsoEast1 is a VPCRegion enum value
+ VPCRegionUsIsoEast1 = "us-iso-east-1"
+
+ // VPCRegionUsIsobEast1 is a VPCRegion enum value
+ VPCRegionUsIsobEast1 = "us-isob-east-1"
+
// VPCRegionApSoutheast1 is a VPCRegion enum value
VPCRegionApSoutheast1 = "ap-southeast-1"
@@ -15348,4 +17708,42 @@ const (
// VPCRegionCnNorth1 is a VPCRegion enum value
VPCRegionCnNorth1 = "cn-north-1"
+
+ // VPCRegionAfSouth1 is a VPCRegion enum value
+ VPCRegionAfSouth1 = "af-south-1"
+
+ // VPCRegionEuSouth1 is a VPCRegion enum value
+ VPCRegionEuSouth1 = "eu-south-1"
)
+
+// VPCRegion_Values returns all elements of the VPCRegion enum
+func VPCRegion_Values() []string {
+ return []string{
+ VPCRegionUsEast1,
+ VPCRegionUsEast2,
+ VPCRegionUsWest1,
+ VPCRegionUsWest2,
+ VPCRegionEuWest1,
+ VPCRegionEuWest2,
+ VPCRegionEuWest3,
+ VPCRegionEuCentral1,
+ VPCRegionApEast1,
+ VPCRegionMeSouth1,
+ VPCRegionUsGovWest1,
+ VPCRegionUsGovEast1,
+ VPCRegionUsIsoEast1,
+ VPCRegionUsIsobEast1,
+ VPCRegionApSoutheast1,
+ VPCRegionApSoutheast2,
+ VPCRegionApSouth1,
+ VPCRegionApNortheast1,
+ VPCRegionApNortheast2,
+ VPCRegionApNortheast3,
+ VPCRegionEuNorth1,
+ VPCRegionSaEast1,
+ VPCRegionCaCentral1,
+ VPCRegionCnNorth1,
+ VPCRegionAfSouth1,
+ VPCRegionEuSouth1,
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/route53/errors.go b/vendor/github.com/aws/aws-sdk-go/service/route53/errors.go
index ce86bd613..1a3b3d1a3 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/route53/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/route53/errors.go
@@ -14,22 +14,22 @@ const (
// ErrCodeConflictingDomainExists for service response error code
// "ConflictingDomainExists".
//
- // The cause of this error depends on whether you're trying to create a public
- // or a private hosted zone:
- //
- // * Public hosted zone: Two hosted zones that have the same name or that
- // have a parent/child relationship (example.com and test.example.com) can't
- // have any common name servers. You tried to create a hosted zone that has
- // the same name as an existing hosted zone or that's the parent or child
- // of an existing hosted zone, and you specified a delegation set that shares
- // one or more name servers with the existing hosted zone. For more information,
- // see CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html).
- //
- // * Private hosted zone: You specified an Amazon VPC that you're already
- // using for another hosted zone, and the domain that you specified for one
- // of the hosted zones is a subdomain of the domain that you specified for
- // the other hosted zone. For example, you can't use the same Amazon VPC
- // for the hosted zones for example.com and test.example.com.
+ // The cause of this error depends on the operation that you're performing:
+ //
+ // * Create a public hosted zone: Two hosted zones that have the same name
+ // or that have a parent/child relationship (example.com and test.example.com)
+ // can't have any common name servers. You tried to create a hosted zone
+ // that has the same name as an existing hosted zone or that's the parent
+ // or child of an existing hosted zone, and you specified a delegation set
+ // that shares one or more name servers with the existing hosted zone. For
+ // more information, see CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html).
+ //
+ // * Create a private hosted zone: A hosted zone with the specified name
+ // already exists and is already associated with the Amazon VPC that you
+ // specified.
+ //
+ // * Associate VPCs with a private hosted zone: The VPC that you specified
+ // is already associated with another hosted zone that has the same name.
ErrCodeConflictingDomainExists = "ConflictingDomainExists"
// ErrCodeConflictingTypes for service response error code
@@ -40,6 +40,12 @@ const (
// specified the type in the JSON document in the CreateTrafficPolicy or CreateTrafficPolicyVersionrequest.
ErrCodeConflictingTypes = "ConflictingTypes"
+ // ErrCodeDNSSECNotFound for service response error code
+ // "DNSSECNotFound".
+ //
+ // The hosted zone doesn't have any DNSSEC resources.
+ ErrCodeDNSSECNotFound = "DNSSECNotFound"
+
// ErrCodeDelegationSetAlreadyCreated for service response error code
// "DelegationSetAlreadyCreated".
//
@@ -129,6 +135,13 @@ const (
// The specified hosted zone is a public hosted zone, not a private hosted zone.
ErrCodeHostedZoneNotPrivate = "HostedZoneNotPrivate"
+ // ErrCodeHostedZonePartiallyDelegated for service response error code
+ // "HostedZonePartiallyDelegated".
+ //
+ // The hosted zone nameservers don't match the parent nameservers. The hosted
+ // zone and parent must have the same nameservers.
+ ErrCodeHostedZonePartiallyDelegated = "HostedZonePartiallyDelegated"
+
// ErrCodeIncompatibleVersion for service response error code
// "IncompatibleVersion".
//
@@ -154,7 +167,7 @@ const (
// ErrCodeInvalidArgument for service response error code
// "InvalidArgument".
//
- // Parameter name is invalid.
+ // Parameter name is not valid.
ErrCodeInvalidArgument = "InvalidArgument"
// ErrCodeInvalidChangeBatch for service response error code
@@ -176,6 +189,26 @@ const (
// The input is not valid.
ErrCodeInvalidInput = "InvalidInput"
+ // ErrCodeInvalidKMSArn for service response error code
+ // "InvalidKMSArn".
+ //
+ // The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC
+ // signing.
+ ErrCodeInvalidKMSArn = "InvalidKMSArn"
+
+ // ErrCodeInvalidKeySigningKeyName for service response error code
+ // "InvalidKeySigningKeyName".
+ //
+ // The key signing key (KSK) name that you specified isn't a valid name.
+ ErrCodeInvalidKeySigningKeyName = "InvalidKeySigningKeyName"
+
+ // ErrCodeInvalidKeySigningKeyStatus for service response error code
+ // "InvalidKeySigningKeyStatus".
+ //
+ // The key signing key (KSK) status isn't valid or another KSK has the status
+ // INTERNAL_FAILURE.
+ ErrCodeInvalidKeySigningKeyStatus = "InvalidKeySigningKeyStatus"
+
// ErrCodeInvalidPaginationToken for service response error code
// "InvalidPaginationToken".
//
@@ -183,11 +216,18 @@ const (
// is invalid.
ErrCodeInvalidPaginationToken = "InvalidPaginationToken"
+ // ErrCodeInvalidSigningStatus for service response error code
+ // "InvalidSigningStatus".
+ //
+ // Your hosted zone status isn't valid for this operation. In the hosted zone,
+ // change the status to enable DNSSEC or disable DNSSEC.
+ ErrCodeInvalidSigningStatus = "InvalidSigningStatus"
+
// ErrCodeInvalidTrafficPolicyDocument for service response error code
// "InvalidTrafficPolicyDocument".
//
// The format of the traffic policy document that you specified in the Document
- // element is invalid.
+ // element is not valid.
ErrCodeInvalidTrafficPolicyDocument = "InvalidTrafficPolicyDocument"
// ErrCodeInvalidVPCId for service response error code
@@ -197,6 +237,33 @@ const (
// is not authorized to access this VPC.
ErrCodeInvalidVPCId = "InvalidVPCId"
+ // ErrCodeKeySigningKeyAlreadyExists for service response error code
+ // "KeySigningKeyAlreadyExists".
+ //
+ // You've already created a key signing key (KSK) with this name or with the
+ // same customer managed key (CMK) ARN.
+ ErrCodeKeySigningKeyAlreadyExists = "KeySigningKeyAlreadyExists"
+
+ // ErrCodeKeySigningKeyInParentDSRecord for service response error code
+ // "KeySigningKeyInParentDSRecord".
+ //
+ // The key signing key (KSK) is specified in a parent DS record.
+ ErrCodeKeySigningKeyInParentDSRecord = "KeySigningKeyInParentDSRecord"
+
+ // ErrCodeKeySigningKeyInUse for service response error code
+ // "KeySigningKeyInUse".
+ //
+ // The key signing key (KSK) that you specified can't be deactivated because
+ // it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing,
+ // or add or enable another KSK.
+ ErrCodeKeySigningKeyInUse = "KeySigningKeyInUse"
+
+ // ErrCodeKeySigningKeyWithActiveStatusNotFound for service response error code
+ // "KeySigningKeyWithActiveStatusNotFound".
+ //
+ // A key signing key (KSK) with ACTIVE status wasn't found.
+ ErrCodeKeySigningKeyWithActiveStatusNotFound = "KeySigningKeyWithActiveStatusNotFound"
+
// ErrCodeLastVPCAssociation for service response error code
// "LastVPCAssociation".
//
@@ -240,7 +307,9 @@ const (
// ErrCodeNoSuchGeoLocation for service response error code
// "NoSuchGeoLocation".
//
- // Amazon Route 53 doesn't support the specified geographic location.
+ // Amazon Route 53 doesn't support the specified geographic location. For a
+ // list of supported geolocation codes, see the GeoLocation (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GeoLocation.html)
+ // data type.
ErrCodeNoSuchGeoLocation = "NoSuchGeoLocation"
// ErrCodeNoSuchHealthCheck for service response error code
@@ -255,6 +324,12 @@ const (
// No hosted zone exists with the ID that you specified.
ErrCodeNoSuchHostedZone = "NoSuchHostedZone"
+ // ErrCodeNoSuchKeySigningKey for service response error code
+ // "NoSuchKeySigningKey".
+ //
+ // The specified key signing key (KSK) doesn't exist.
+ ErrCodeNoSuchKeySigningKey = "NoSuchKeySigningKey"
+
// ErrCodeNoSuchQueryLoggingConfig for service response error code
// "NoSuchQueryLoggingConfig".
//
@@ -350,6 +425,13 @@ const (
// with the AWS Support Center.
ErrCodeTooManyHostedZones = "TooManyHostedZones"
+ // ErrCodeTooManyKeySigningKeys for service response error code
+ // "TooManyKeySigningKeys".
+ //
+ // You've reached the limit for the number of key signing keys (KSKs). Remove
+ // at least one KSK, and then try again.
+ ErrCodeTooManyKeySigningKeys = "TooManyKeySigningKeys"
+
// ErrCodeTooManyTrafficPolicies for service response error code
// "TooManyTrafficPolicies".
//
diff --git a/vendor/github.com/aws/aws-sdk-go/service/route53/service.go b/vendor/github.com/aws/aws-sdk-go/service/route53/service.go
index dd22cb2cd..96f3e5fcc 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/route53/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/route53/service.go
@@ -31,7 +31,7 @@ var initRequest func(*request.Request)
const (
ServiceName = "route53" // Name of service.
EndpointsID = ServiceName // ID to lookup a service endpoint with.
- ServiceID = "Route 53" // ServiceID is a unique identifer of a specific service.
+ ServiceID = "Route 53" // ServiceID is a unique identifier of a specific service.
)
// New creates a new instance of the Route53 client with a session.
@@ -39,6 +39,8 @@ const (
// aws.Config parameter to add your extra config.
//
// Example:
+// mySession := session.Must(session.NewSession())
+//
// // Create a Route53 client from just a session.
// svc := route53.New(mySession)
//
@@ -46,11 +48,11 @@ const (
// svc := route53.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *Route53 {
c := p.ClientConfig(EndpointsID, cfgs...)
- return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
}
// newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *Route53 {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *Route53 {
svc := &Route53{
Client: client.New(
cfg,
@@ -59,6 +61,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
ServiceID: ServiceID,
SigningName: signingName,
SigningRegion: signingRegion,
+ PartitionID: partitionID,
Endpoint: endpoint,
APIVersion: "2013-04-01",
},
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
index 9e610591a..bfc4372f9 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@@ -78,6 +78,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
// in the IAM User Guide.
//
+// Session Duration
+//
// By default, the temporary security credentials created by AssumeRole last
// for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. You can provide a value from 900
@@ -91,6 +93,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
+// Permissions
+//
// The temporary security credentials created by AssumeRole can be used to make
// API calls to any AWS service with the following exception: You cannot call
// the AWS STS GetFederationToken or GetSessionToken API operations.
@@ -99,7 +103,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
-// and managed session policies shouldn't exceed 2048 characters. Passing policies
+// and managed session policies can't exceed 2,048 characters. Passing policies
// to this operation returns new temporary credentials. The resulting session's
// permissions are the intersection of the role's identity-based policy and
// the session policies. You can use the role's temporary credentials in subsequent
@@ -131,6 +135,24 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
// in the IAM User Guide.
//
+// Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These tags are
+// called session tags. For more information about session tags, see Passing
+// Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
// Using MFA with AssumeRole
//
// (Optional) You can include multi-factor authentication (MFA) information
@@ -165,9 +187,18 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// message describes the specific error.
//
// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-// The request was rejected because the policy document was too large. The error
-// message describes how big the policy document is, in packed form, as a percentage
-// of what the API allows.
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An AWS conversion compresses the
+// session policy document, session policy ARNs, and session tags into a packed
+// binary format that has a separate limit. The error message indicates by percentage
+// how close the policies and tags are to the upper size limit. For more information,
+// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
//
// * ErrCodeRegionDisabledException "RegionDisabledException"
// STS is not activated in the requested region for the account that is being
@@ -176,6 +207,10 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide.
//
+// * ErrCodeExpiredTokenException "ExpiredTokenException"
+// The web identity token that was passed is expired or is not valid. Get a
+// new identity token from the identity provider and then retry the request.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
func (c *STS) AssumeRole(input *AssumeRoleInput) (*AssumeRoleOutput, error) {
req, out := c.AssumeRoleRequest(input)
@@ -256,6 +291,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// an access key ID, a secret access key, and a security token. Applications
// can use these temporary security credentials to sign calls to AWS services.
//
+// Session Duration
+//
// By default, the temporary security credentials created by AssumeRoleWithSAML
// last for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. Your role session lasts for the
@@ -271,6 +308,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
+// Permissions
+//
// The temporary security credentials created by AssumeRoleWithSAML can be used
// to make API calls to any AWS service with the following exception: you cannot
// call the STS GetFederationToken or GetSessionToken API operations.
@@ -279,7 +318,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
-// and managed session policies shouldn't exceed 2048 characters. Passing policies
+// and managed session policies can't exceed 2,048 characters. Passing policies
// to this operation returns new temporary credentials. The resulting session's
// permissions are the intersection of the role's identity-based policy and
// the session policies. You can use the role's temporary credentials in subsequent
@@ -289,12 +328,6 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
-// Before your application can call AssumeRoleWithSAML, you must configure your
-// SAML identity provider (IdP) to issue the claims required by AWS. Additionally,
-// you must use AWS Identity and Access Management (IAM) to create a SAML provider
-// entity in your AWS account that represents your identity provider. You must
-// also create an IAM role that specifies this SAML provider in its trust policy.
-//
// Calling AssumeRoleWithSAML does not require the use of AWS security credentials.
// The identity of the caller is validated by using keys in the metadata document
// that is uploaded for the SAML provider entity for your identity provider.
@@ -302,8 +335,50 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail
// logs. The entry includes the value in the NameID element of the SAML assertion.
// We recommend that you use a NameIDType that is not associated with any personally
-// identifiable information (PII). For example, you could instead use the Persistent
-// Identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
+// identifiable information (PII). For example, you could instead use the persistent
+// identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
+//
+// Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your SAML assertion
+// as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can pass up to 50 session tags. The plain text session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An AWS conversion compresses the passed session policies and session tags
+// into a packed binary format that has a separate limit. Your request can fail
+// for this limit even if your plain text meets the other requirements. The
+// PackedPolicySize response element indicates by percentage how close the policies
+// and tags for your request are to the upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, session tags override the role's tags with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// SAML Configuration
+//
+// Before your application can call AssumeRoleWithSAML, you must configure your
+// SAML identity provider (IdP) to issue the claims required by AWS. Additionally,
+// you must use AWS Identity and Access Management (IAM) to create a SAML provider
+// entity in your AWS account that represents your identity provider. You must
+// also create an IAM role that specifies this SAML provider in its trust policy.
//
// For more information, see the following resources:
//
@@ -332,9 +407,18 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// message describes the specific error.
//
// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-// The request was rejected because the policy document was too large. The error
-// message describes how big the policy document is, in packed form, as a percentage
-// of what the API allows.
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An AWS conversion compresses the
+// session policy document, session policy ARNs, and session tags into a packed
+// binary format that has a separate limit. The error message indicates by percentage
+// how close the policies and tags are to the upper size limit. For more information,
+// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
//
// * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
// The identity provider (IdP) reported that authentication failed. This might
@@ -456,6 +540,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// key ID, a secret access key, and a security token. Applications can use these
// temporary security credentials to sign calls to AWS service API operations.
//
+// Session Duration
+//
// By default, the temporary security credentials created by AssumeRoleWithWebIdentity
// last for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. You can provide a value from 900
@@ -469,6 +555,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
+// Permissions
+//
// The temporary security credentials created by AssumeRoleWithWebIdentity can
// be used to make API calls to any AWS service with the following exception:
// you cannot call the STS GetFederationToken or GetSessionToken API operations.
@@ -477,7 +565,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
-// and managed session policies shouldn't exceed 2048 characters. Passing policies
+// and managed session policies can't exceed 2,048 characters. Passing policies
// to this operation returns new temporary credentials. The resulting session's
// permissions are the intersection of the role's identity-based policy and
// the session policies. You can use the role's temporary credentials in subsequent
@@ -487,6 +575,42 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
+// Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your web identity
+// token as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can pass up to 50 session tags. The plain text session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An AWS conversion compresses the passed session policies and session tags
+// into a packed binary format that has a separate limit. Your request can fail
+// for this limit even if your plain text meets the other requirements. The
+// PackedPolicySize response element indicates by percentage how close the policies
+// and tags for your request are to the upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, the session tag overrides the role tag with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// Identities
+//
// Before your application can call AssumeRoleWithWebIdentity, you must have
// an identity token from a supported identity provider and create a role that
// the application can assume. The role that your application assumes must trust
@@ -506,7 +630,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// * Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
//
-// * Web Identity Federation Playground (https://web-identity-federation-playground.s3.amazonaws.com/index.html).
+// * Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
// Walk through the process of authenticating through Login with Amazon,
// Facebook, or Google, getting temporary security credentials, and then
// using those credentials to make a request to AWS.
@@ -514,8 +638,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and
// AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
// These toolkits contain sample apps that show how to invoke the identity
-// providers, and then how to use the information from these providers to
-// get and use temporary security credentials.
+// providers. The toolkits then show how to use the information from these
+// providers to get and use temporary security credentials.
//
// * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
// This article discusses web identity federation and shows an example of
@@ -535,9 +659,18 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// message describes the specific error.
//
// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-// The request was rejected because the policy document was too large. The error
-// message describes how big the policy document is, in packed form, as a percentage
-// of what the API allows.
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An AWS conversion compresses the
+// session policy document, session policy ARNs, and session tags into a packed
+// binary format that has a separate limit. The error message indicates by percentage
+// how close the policies and tags are to the upper size limit. For more information,
+// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
//
// * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
// The identity provider (IdP) reported that authentication failed. This might
@@ -547,11 +680,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// can also mean that the claim has expired or has been explicitly revoked.
//
// * ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
-// The request could not be fulfilled because the non-AWS identity provider
-// (IDP) that was asked to verify the incoming identity token could not be reached.
-// This is often a transient error caused by network conditions. Retry the request
+// The request could not be fulfilled because the identity provider (IDP) that
+// was asked to verify the incoming identity token could not be reached. This
+// is often a transient error caused by network conditions. Retry the request
// a limited number of times so that you don't exceed the request rate. If the
-// error persists, the non-AWS identity provider might be down or not responding.
+// error persists, the identity provider might be down or not responding.
//
// * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
// The web identity token that was passed could not be validated by AWS. Get
@@ -702,6 +835,103 @@ func (c *STS) DecodeAuthorizationMessageWithContext(ctx aws.Context, input *Deco
return out, req.Send()
}
+const opGetAccessKeyInfo = "GetAccessKeyInfo"
+
+// GetAccessKeyInfoRequest generates a "aws/request.Request" representing the
+// client's request for the GetAccessKeyInfo operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetAccessKeyInfo for more information on using the GetAccessKeyInfo
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+// // Example sending a request using the GetAccessKeyInfoRequest method.
+// req, resp := client.GetAccessKeyInfoRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
+func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *request.Request, output *GetAccessKeyInfoOutput) {
+ op := &request.Operation{
+ Name: opGetAccessKeyInfo,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetAccessKeyInfoInput{}
+ }
+
+ output = &GetAccessKeyInfoOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetAccessKeyInfo API operation for AWS Security Token Service.
+//
+// Returns the account identifier for the specified access key ID.
+//
+// Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE)
+// and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
+// For more information about access keys, see Managing Access Keys for IAM
+// Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
+// in the IAM User Guide.
+//
+// When you pass an access key ID to this operation, it returns the ID of the
+// AWS account to which the keys belong. Access key IDs beginning with AKIA
+// are long-term credentials for an IAM user or the AWS account root user. Access
+// key IDs beginning with ASIA are temporary credentials that are created using
+// STS operations. If the account in the response belongs to you, you can sign
+// in as the root user and review your root user access keys. Then, you can
+// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
+// to learn which IAM user owns the keys. To learn who requested the temporary
+// credentials for an ASIA access key, view the STS events in your CloudTrail
+// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
+// in the IAM User Guide.
+//
+// This operation does not indicate the state of the access key. The key might
+// be active, inactive, or deleted. Active keys might not have permissions to
+// perform an operation. Providing a deleted access key might return an error
+// that the key doesn't exist.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetAccessKeyInfo for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
+func (c *STS) GetAccessKeyInfo(input *GetAccessKeyInfoInput) (*GetAccessKeyInfoOutput, error) {
+ req, out := c.GetAccessKeyInfoRequest(input)
+ return out, req.Send()
+}
+
+// GetAccessKeyInfoWithContext is the same as GetAccessKeyInfo with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetAccessKeyInfo for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetAccessKeyInfoWithContext(ctx aws.Context, input *GetAccessKeyInfoInput, opts ...request.Option) (*GetAccessKeyInfoOutput, error) {
+ req, out := c.GetAccessKeyInfoRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opGetCallerIdentity = "GetCallerIdentity"
// GetCallerIdentityRequest generates a "aws/request.Request" representing the
@@ -746,8 +976,16 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
// GetCallerIdentity API operation for AWS Security Token Service.
//
-// Returns details about the IAM identity whose credentials are used to call
-// the API.
+// Returns details about the IAM user or role whose credentials are used to
+// call the operation.
+//
+// No permissions are required to perform this operation. If an administrator
+// adds a policy to your IAM user or role that explicitly denies access to the
+// sts:GetCallerIdentity action, you can still perform this operation. Permissions
+// are not required because the same information is returned when an IAM user
+// or role is denied access. To view an example response, see I Am Not Authorized
+// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
+// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -839,7 +1077,8 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// or an OpenID Connect-compatible identity provider. In this case, we recommend
// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
// For more information, see Federation Through a Web-based Identity Provider
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
+// in the IAM User Guide.
//
// You can also call GetFederationToken using the security credentials of an
// AWS account root user, but we do not recommend it. Instead, we recommend
@@ -849,41 +1088,67 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
// in the IAM User Guide.
//
+// Session duration
+//
// The temporary credentials are valid for the specified duration, from 900
// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
-// is 43,200 seconds (12 hours). Temporary credentials that are obtained by
-// using AWS account root user credentials have a maximum duration of 3,600
-// seconds (1 hour).
+// session duration is 43,200 seconds (12 hours). Temporary credentials that
+// are obtained by using AWS account root user credentials have a maximum duration
+// of 3,600 seconds (1 hour).
//
-// The temporary security credentials created by GetFederationToken can be used
-// to make API calls to any AWS service with the following exceptions:
+// Permissions
//
-// * You cannot use these credentials to call any IAM API operations.
+// You can use the temporary credentials created by GetFederationToken in any
+// AWS service except the following:
//
-// * You cannot call any STS API operations except GetCallerIdentity.
+// * You cannot call any IAM operations using the AWS CLI or the AWS API.
//
-// Permissions
+// * You cannot call any STS operations except GetCallerIdentity.
//
// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
-// and managed session policies shouldn't exceed 2048 characters.
+// and managed session policies can't exceed 2,048 characters.
//
// Though the session policy parameters are optional, if you do not pass a policy,
-// then the resulting federated user session has no permissions. The only exception
-// is when the credentials are used to access a resource that has a resource-based
-// policy that specifically references the federated user session in the Principal
-// element of the policy. When you pass session policies, the session permissions
-// are the intersection of the IAM user policies and the session policies that
-// you pass. This gives you a way to further restrict the permissions for a
-// federated user. You cannot use session policies to grant more permissions
-// than those that are defined in the permissions policy of the IAM user. For
-// more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// then the resulting federated user session has no permissions. When you pass
+// session policies, the session permissions are the intersection of the IAM
+// user policies and the session policies that you pass. This gives you a way
+// to further restrict the permissions for a federated user. You cannot use
+// session policies to grant more permissions than those that are defined in
+// the permissions policy of the IAM user. For more information, see Session
+// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. For information about using GetFederationToken to
// create temporary security credentials, see GetFederationToken—Federation
// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
//
+// You can use the credentials to access a resource that has a resource-based
+// policy. If that policy specifically references the federated user session
+// in the Principal element of the policy, the session has the permissions allowed
+// by the policy. These permissions are granted in addition to the permissions
+// granted by the session policies.
+//
+// Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These are called
+// session tags. For more information about session tags, see Passing Session
+// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// Tag key–value pairs are not case sensitive, but case is preserved. This
+// means that you cannot have separate Department and department tag keys. Assume
+// that the user that you are federating has the Department=Marketing tag and
+// you pass the department=engineering session tag. Department and department
+// are not saved as separate tags, and the session tag passed in the request
+// takes precedence over the user tag.
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -897,9 +1162,18 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// message describes the specific error.
//
// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-// The request was rejected because the policy document was too large. The error
-// message describes how big the policy document is, in packed form, as a percentage
-// of what the API allows.
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An AWS conversion compresses the
+// session policy document, session policy ARNs, and session tags into a packed
+// binary format that has a separate limit. The error message indicates by percentage
+// how close the policies and tags are to the upper size limit. For more information,
+// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
//
// * ErrCodeRegionDisabledException "RegionDisabledException"
// STS is not activated in the requested region for the account that is being
@@ -988,6 +1262,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide.
//
+// Session Duration
+//
// The GetSessionToken operation must be called by using the long-term AWS security
// credentials of the AWS account root user or an IAM user. Credentials that
// are created by IAM users are valid for the duration that you specify. This
@@ -996,6 +1272,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
// based on account credentials can range from 900 seconds (15 minutes) up to
// 3,600 seconds (1 hour), with a default of 1 hour.
//
+// Permissions
+//
// The temporary security credentials created by GetSessionToken can be used
// to make API calls to any AWS service with the following exceptions:
//
@@ -1110,16 +1388,16 @@ type AssumeRoleInput struct {
// in the IAM User Guide.
//
// The plain text that you use for both inline and managed session policies
- // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
+ // can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@@ -1128,15 +1406,15 @@ type AssumeRoleInput struct {
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plain text that you use for both inline and managed session
- // policies shouldn't exceed 2048 characters. For more information about ARNs,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html)
+ // policies can't exceed 2,048 characters. For more information about ARNs,
+ // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's identity-based
@@ -1181,6 +1459,41 @@ type AssumeRoleInput struct {
// also include underscores or any of the following characters: =,.@-
SerialNumber *string `min:"9" type:"string"`
+ // A list of session tags that you want to pass. Each session tag consists of
+ // a key name and an associated value. For more information about session tags,
+ // see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+ // in the IAM User Guide.
+ //
+ // This parameter is optional. You can pass up to 50 session tags. The plain
+ // text session tag keys can’t exceed 128 characters, and the values can’t
+ // exceed 256 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
+ //
+ // You can pass a session tag with the same key as a tag that is already attached
+ // to the role. When you do, session tags override a role tag with the same
+ // key.
+ //
+ // Tag key–value pairs are not case sensitive, but case is preserved. This
+ // means that you cannot have separate Department and department tag keys. Assume
+ // that the role has the Department=Marketing tag and you pass the department=engineering
+ // session tag. Department and department are not saved as separate tags, and
+ // the session tag passed in the request takes precedence over the role tag.
+ //
+ // Additionally, if you used temporary credentials to perform this operation,
+ // the new session inherits any transitive session tags from the calling session.
+ // If you pass a session tag with the same key as an inherited tag, the operation
+ // fails. To view the inherited tags for a session, see the AWS CloudTrail logs.
+ // For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs)
+ // in the IAM User Guide.
+ Tags []*Tag `type:"list"`
+
// The value provided by the MFA device, if the trust policy of the role being
// assumed requires MFA (that is, if the policy includes a condition that tests
// for MFA). If the role being assumed requires MFA and if the TokenCode value
@@ -1189,6 +1502,19 @@ type AssumeRoleInput struct {
// The format for this parameter, as described by its regex pattern, is a sequence
// of six numeric digits.
TokenCode *string `min:"6" type:"string"`
+
+ // A list of keys for session tags that you want to set as transitive. If you
+ // set a tag key as transitive, the corresponding key and value passes to subsequent
+ // sessions in a role chain. For more information, see Chaining Roles with Session
+ // Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+ // in the IAM User Guide.
+ //
+ // This parameter is optional. When you set session tags as transitive, the
+ // session policy and session tags packed binary limit is not affected.
+ //
+ // If you choose not to specify a transitive tag key, then no tags are passed
+ // from this session to any subsequent sessions.
+ TransitiveTagKeys []*string `type:"list"`
}
// String returns the string representation
@@ -1241,6 +1567,16 @@ func (s *AssumeRoleInput) Validate() error {
}
}
}
+ if s.Tags != nil {
+ for i, v := range s.Tags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -1290,12 +1626,24 @@ func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput {
return s
}
+// SetTags sets the Tags field's value.
+func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput {
+ s.Tags = v
+ return s
+}
+
// SetTokenCode sets the TokenCode field's value.
func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput {
s.TokenCode = &v
return s
}
+// SetTransitiveTagKeys sets the TransitiveTagKeys field's value.
+func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput {
+ s.TransitiveTagKeys = v
+ return s
+}
+
// Contains the response to a successful AssumeRole request, including temporary
// AWS credentials that can be used to make AWS requests.
type AssumeRoleOutput struct {
@@ -1315,9 +1663,10 @@ type AssumeRoleOutput struct {
// We strongly recommend that you make no assumptions about the maximum size.
Credentials *Credentials `type:"structure"`
- // A percentage value that indicates the size of the policy in packed form.
- // The service rejects any policy with a packed size greater than 100 percent,
- // which means the policy exceeded the allowed space.
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
}
@@ -1388,16 +1737,16 @@ type AssumeRoleWithSAMLInput struct {
// in the IAM User Guide.
//
// The plain text that you use for both inline and managed session policies
- // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
+ // can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@@ -1406,15 +1755,15 @@ type AssumeRoleWithSAMLInput struct {
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plain text that you use for both inline and managed session
- // policies shouldn't exceed 2048 characters. For more information about ARNs,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html)
+ // policies can't exceed 2,048 characters. For more information about ARNs,
+ // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's identity-based
@@ -1570,9 +1919,10 @@ type AssumeRoleWithSAMLOutput struct {
// ) )
NameQualifier *string `type:"string"`
- // A percentage value that indicates the size of the policy in packed form.
- // The service rejects any policy with a packed size greater than 100 percent,
- // which means the policy exceeded the allowed space.
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
// The value of the NameID element in the Subject element of the SAML assertion.
@@ -1683,16 +2033,16 @@ type AssumeRoleWithWebIdentityInput struct {
// in the IAM User Guide.
//
// The plain text that you use for both inline and managed session policies
- // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
+ // can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@@ -1701,15 +2051,15 @@ type AssumeRoleWithWebIdentityInput struct {
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plain text that you use for both inline and managed session
- // policies shouldn't exceed 2048 characters. For more information about ARNs,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html)
+ // policies can't exceed 2,048 characters. For more information about ARNs,
+ // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's identity-based
@@ -1880,9 +2230,10 @@ type AssumeRoleWithWebIdentityOutput struct {
// We strongly recommend that you make no assumptions about the maximum size.
Credentials *Credentials `type:"structure"`
- // A percentage value that indicates the size of the policy in packed form.
- // The service rejects any policy with a packed size greater than 100 percent,
- // which means the policy exceeded the allowed space.
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
// The issuing authority of the web identity token presented. For OpenID Connect
@@ -1954,7 +2305,7 @@ type AssumedRoleUser struct {
// The ARN of the temporary security credentials that are returned from the
// AssumeRole action. For more information about ARNs and how to use them in
// policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
- // in Using IAM.
+ // in the IAM User Guide.
//
// Arn is a required field
Arn *string `min:"20" type:"string" required:"true"`
@@ -2122,7 +2473,7 @@ type FederatedUser struct {
// The ARN that specifies the federated user that is associated with the credentials.
// For more information about ARNs and how to use them in policies, see IAM
// Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
- // in Using IAM.
+ // in the IAM User Guide.
//
// Arn is a required field
Arn *string `min:"20" type:"string" required:"true"`
@@ -2156,6 +2507,73 @@ func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser {
return s
}
+type GetAccessKeyInfoInput struct {
+ _ struct{} `type:"structure"`
+
+ // The identifier of an access key.
+ //
+ // This parameter allows (through its regex pattern) a string of characters
+ // that can consist of any upper- or lowercase letter or digit.
+ //
+ // AccessKeyId is a required field
+ AccessKeyId *string `min:"16" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s GetAccessKeyInfoInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetAccessKeyInfoInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetAccessKeyInfoInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyInfoInput"}
+ if s.AccessKeyId == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
+ }
+ if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
+ invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput {
+ s.AccessKeyId = &v
+ return s
+}
+
+type GetAccessKeyInfoOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The number used to identify the AWS account.
+ Account *string `type:"string"`
+}
+
+// String returns the string representation
+func (s GetAccessKeyInfoOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetAccessKeyInfoOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccount sets the Account field's value.
+func (s *GetAccessKeyInfoOutput) SetAccount(v string) *GetAccessKeyInfoOutput {
+ s.Account = &v
+ return s
+}
+
type GetCallerIdentityInput struct {
_ struct{} `type:"structure"`
}
@@ -2248,10 +2666,7 @@ type GetFederationTokenInput struct {
// use as managed session policies.
//
// This parameter is optional. However, if you do not pass any session policies,
- // then the resulting federated user session has no permissions. The only exception
- // is when the credentials are used to access a resource that has a resource-based
- // policy that specifically references the federated user session in the Principal
- // element of the policy.
+ // then the resulting federated user session has no permissions.
//
// When you pass session policies, the session permissions are the intersection
// of the IAM user policies and the session policies that you pass. This gives
@@ -2261,17 +2676,23 @@ type GetFederationTokenInput struct {
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
+ // The resulting credentials can be used to access a resource that has a resource-based
+ // policy. If that policy specifically references the federated user session
+ // in the Principal element of the policy, the session has the permissions allowed
+ // by the policy. These permissions are granted in addition to the permissions
+ // that are granted by the session policies.
+ //
// The plain text that you use for both inline and managed session policies
- // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
+ // can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@@ -2282,16 +2703,13 @@ type GetFederationTokenInput struct {
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
- // and managed session policies shouldn't exceed 2048 characters. You can provide
+ // and managed session policies can't exceed 2,048 characters. You can provide
// up to 10 managed policy ARNs. For more information about ARNs, see Amazon
- // Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html)
+ // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
// This parameter is optional. However, if you do not pass any session policies,
- // then the resulting federated user session has no permissions. The only exception
- // is when the credentials are used to access a resource that has a resource-based
- // policy that specifically references the federated user session in the Principal
- // element of the policy.
+ // then the resulting federated user session has no permissions.
//
// When you pass session policies, the session permissions are the intersection
// of the IAM user policies and the session policies that you pass. This gives
@@ -2301,12 +2719,46 @@ type GetFederationTokenInput struct {
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // The resulting credentials can be used to access a resource that has a resource-based
+ // policy. If that policy specifically references the federated user session
+ // in the Principal element of the policy, the session has the permissions allowed
+ // by the policy. These permissions are granted in addition to the permissions
+ // that are granted by the session policies.
+ //
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
PolicyArns []*PolicyDescriptorType `type:"list"`
+
+ // A list of session tags. Each session tag consists of a key name and an associated
+ // value. For more information about session tags, see Passing Session Tags
+ // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+ // in the IAM User Guide.
+ //
+ // This parameter is optional. You can pass up to 50 session tags. The plain
+ // text session tag keys can’t exceed 128 characters and the values can’t
+ // exceed 256 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
+ //
+ // You can pass a session tag with the same key as a tag that is already attached
+ // to the user you are federating. When you do, session tags override a user
+ // tag with the same key.
+ //
+ // Tag key–value pairs are not case sensitive, but case is preserved. This
+ // means that you cannot have separate Department and department tag keys. Assume
+ // that the role has the Department=Marketing tag and you pass the department=engineering
+ // session tag. Department and department are not saved as separate tags, and
+ // the session tag passed in the request takes precedence over the role tag.
+ Tags []*Tag `type:"list"`
}
// String returns the string representation
@@ -2344,6 +2796,16 @@ func (s *GetFederationTokenInput) Validate() error {
}
}
}
+ if s.Tags != nil {
+ for i, v := range s.Tags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -2375,6 +2837,12 @@ func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetF
return s
}
+// SetTags sets the Tags field's value.
+func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput {
+ s.Tags = v
+ return s
+}
+
// Contains the response to a successful GetFederationToken request, including
// temporary AWS credentials that can be used to make AWS requests.
type GetFederationTokenOutput struct {
@@ -2393,9 +2861,10 @@ type GetFederationTokenOutput struct {
// an Amazon S3 bucket policy.
FederatedUser *FederatedUser `type:"structure"`
- // A percentage value indicating the size of the policy in packed form. The
- // service rejects policies for which the packed size is greater than 100 percent
- // of the allowed value.
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
}
@@ -2545,7 +3014,7 @@ type PolicyDescriptorType struct {
// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
// policy for the role. For more information about ARNs, see Amazon Resource
- // Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html)
+ // Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
Arn *string `locationName:"arn" min:"20" type:"string"`
}
@@ -2578,3 +3047,73 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
s.Arn = &v
return s
}
+
+// You can pass custom key-value pair attributes when you assume a role or federate
+// a user. These are called session tags. You can then use the session tags
+// to control access to resources. For more information, see Tagging AWS STS
+// Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+type Tag struct {
+ _ struct{} `type:"structure"`
+
+ // The key for a session tag.
+ //
+ // You can pass up to 50 session tags. The plain text session tag keys can’t
+ // exceed 128 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // Key is a required field
+ Key *string `min:"1" type:"string" required:"true"`
+
+ // The value for a session tag.
+ //
+ // You can pass up to 50 session tags. The plain text session tag values can’t
+ // exceed 256 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // Value is a required field
+ Value *string `type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s Tag) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s Tag) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tag) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "Tag"}
+ if s.Key == nil {
+ invalidParams.Add(request.NewErrParamRequired("Key"))
+ }
+ if s.Key != nil && len(*s.Key) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+ }
+ if s.Value == nil {
+ invalidParams.Add(request.NewErrParamRequired("Value"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *Tag) SetKey(v string) *Tag {
+ s.Key = &v
+ return s
+}
+
+// SetValue sets the Value field's value.
+func (s *Tag) SetValue(v string) *Tag {
+ s.Value = &v
+ return s
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
new file mode 100644
index 000000000..d5307fcaa
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
@@ -0,0 +1,11 @@
+package sts
+
+import "github.com/aws/aws-sdk-go/aws/request"
+
+func init() {
+ initRequest = customizeRequest
+}
+
+func customizeRequest(r *request.Request) {
+ r.RetryErrorCodes = append(r.RetryErrorCodes, ErrCodeIDPCommunicationErrorException)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
index fcb720dca..cb1debbaa 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
@@ -3,87 +3,11 @@
// Package sts provides the client and types for making API
// requests to AWS Security Token Service.
//
-// The AWS Security Token Service (STS) is a web service that enables you to
-// request temporary, limited-privilege credentials for AWS Identity and Access
-// Management (IAM) users or for users that you authenticate (federated users).
-// This guide provides descriptions of the STS API. For more detailed information
-// about using this service, go to Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
-//
-// For information about setting up signatures and authorization through the
-// API, go to Signing AWS API Requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
-// in the AWS General Reference. For general information about the Query API,
-// go to Making Query Requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
-// in Using IAM. For information about using security tokens with other AWS
-// products, go to AWS Services That Work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
-// in the IAM User Guide.
-//
-// If you're new to AWS and need additional technical information about a specific
-// AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/
-// (http://aws.amazon.com/documentation/).
-//
-// Endpoints
-//
-// By default, AWS Security Token Service (STS) is available as a global service,
-// and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com.
-// Global requests map to the US East (N. Virginia) region. AWS recommends using
-// Regional AWS STS endpoints instead of the global endpoint to reduce latency,
-// build in redundancy, and increase session token validity. For more information,
-// see Managing AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
-// in the IAM User Guide.
-//
-// Most AWS Regions are enabled for operations in all AWS services by default.
-// Those Regions are automatically activated for use with AWS STS. Some Regions,
-// such as Asia Pacific (Hong Kong), must be manually enabled. To learn more
-// about enabling and disabling AWS Regions, see Managing AWS Regions (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html)
-// in the AWS General Reference. When you enable these AWS Regions, they are
-// automatically activated for use with AWS STS. You cannot activate the STS
-// endpoint for a Region that is disabled. Tokens that are valid in all AWS
-// Regions are longer than tokens that are valid in Regions that are enabled
-// by default. Changing this setting might affect existing systems where you
-// temporarily store tokens. For more information, see Managing Global Endpoint
-// Session Tokens (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-manage-tokens)
-// in the IAM User Guide.
-//
-// After you activate a Region for use with AWS STS, you can direct AWS STS
-// API calls to that Region. AWS STS recommends that you provide both the Region
-// and endpoint when you make calls to a Regional endpoint. You can provide
-// the Region alone for manually enabled Regions, such as Asia Pacific (Hong
-// Kong). In this case, the calls are directed to the STS Regional endpoint.
-// However, if you provide the Region alone for Regions enabled by default,
-// the calls are directed to the global endpoint of https://sts.amazonaws.com.
-//
-// To view the list of AWS STS endpoints and whether they are active by default,
-// see Writing Code to Use AWS STS Regions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#id_credentials_temp_enable-regions_writing_code)
-// in the IAM User Guide.
-//
-// Recording API requests
-//
-// STS supports AWS CloudTrail, which is a service that records AWS calls for
-// your AWS account and delivers log files to an Amazon S3 bucket. By using
-// information collected by CloudTrail, you can determine what requests were
-// successfully made to STS, who made the request, when it was made, and so
-// on.
-//
-// If you activate AWS STS endpoints in Regions other than the default global
-// endpoint, then you must also turn on CloudTrail logging in those Regions.
-// This is necessary to record any AWS STS API calls that are made in those
-// Regions. For more information, see Turning On CloudTrail in Additional Regions
-// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/aggregating_logs_regions_turn_on_ct.html)
-// in the AWS CloudTrail User Guide.
-//
-// AWS Security Token Service (STS) is a global service with a single endpoint
-// at https://sts.amazonaws.com. Calls to this endpoint are logged as calls
-// to a global service. However, because this endpoint is physically located
-// in the US East (N. Virginia) Region, your logs list us-east-1 as the event
-// Region. CloudTrail does not write these logs to the US East (Ohio) Region
-// unless you choose to include global service logs in that Region. CloudTrail
-// writes calls to all Regional endpoints to their respective Regions. For example,
-// calls to sts.us-east-2.amazonaws.com are published to the US East (Ohio)
-// Region and calls to sts.eu-central-1.amazonaws.com are published to the EU
-// (Frankfurt) Region.
-//
-// To learn more about CloudTrail, including how to turn it on and find your
-// log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
+// AWS Security Token Service (STS) enables you to request temporary, limited-privilege
+// credentials for AWS Identity and Access Management (IAM) users or for users
+// that you authenticate (federated users). This guide provides descriptions
+// of the STS API. For more information about using this service, see Temporary
+// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
//
// See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
//
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
index 41ea09c35..a233f542e 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
@@ -14,11 +14,11 @@ const (
// ErrCodeIDPCommunicationErrorException for service response error code
// "IDPCommunicationError".
//
- // The request could not be fulfilled because the non-AWS identity provider
- // (IDP) that was asked to verify the incoming identity token could not be reached.
- // This is often a transient error caused by network conditions. Retry the request
+ // The request could not be fulfilled because the identity provider (IDP) that
+ // was asked to verify the incoming identity token could not be reached. This
+ // is often a transient error caused by network conditions. Retry the request
// a limited number of times so that you don't exceed the request rate. If the
- // error persists, the non-AWS identity provider might be down or not responding.
+ // error persists, the identity provider might be down or not responding.
ErrCodeIDPCommunicationErrorException = "IDPCommunicationError"
// ErrCodeIDPRejectedClaimException for service response error code
@@ -56,9 +56,18 @@ const (
// ErrCodePackedPolicyTooLargeException for service response error code
// "PackedPolicyTooLarge".
//
- // The request was rejected because the policy document was too large. The error
- // message describes how big the policy document is, in packed form, as a percentage
- // of what the API allows.
+ // The request was rejected because the total packed size of the session policies
+ // and session tags combined was too large. An AWS conversion compresses the
+ // session policy document, session policy ARNs, and session tags into a packed
+ // binary format that has a separate limit. The error message indicates by percentage
+ // how close the policies and tags are to the upper size limit. For more information,
+ // see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+ // in the IAM User Guide.
+ //
+ // You could receive this error even though you meet other defined session policy
+ // and session tag limits. For more information, see IAM and STS Entity Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+ // in the IAM User Guide.
ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
// ErrCodeRegionDisabledException for service response error code
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
index 185c914d1..d34a68553 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
@@ -31,7 +31,7 @@ var initRequest func(*request.Request)
const (
ServiceName = "sts" // Name of service.
EndpointsID = ServiceName // ID to lookup a service endpoint with.
- ServiceID = "STS" // ServiceID is a unique identifer of a specific service.
+ ServiceID = "STS" // ServiceID is a unique identifier of a specific service.
)
// New creates a new instance of the STS client with a session.
@@ -39,6 +39,8 @@ const (
// aws.Config parameter to add your extra config.
//
// Example:
+// mySession := session.Must(session.NewSession())
+//
// // Create a STS client from just a session.
// svc := sts.New(mySession)
//
@@ -46,11 +48,11 @@ const (
// svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
c := p.ClientConfig(EndpointsID, cfgs...)
- return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
}
// newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *STS {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *STS {
svc := &STS{
Client: client.New(
cfg,
@@ -59,6 +61,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
ServiceID: ServiceID,
SigningName: signingName,
SigningRegion: signingRegion,
+ PartitionID: partitionID,
Endpoint: endpoint,
APIVersion: "2011-06-15",
},
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
new file mode 100644
index 000000000..e2e1d6efe
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
@@ -0,0 +1,96 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package stsiface provides an interface to enable mocking the AWS Security Token Service service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package stsiface
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/service/sts"
+)
+
+// STSAPI provides an interface to enable mocking the
+// sts.STS service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+// // myFunc uses an SDK service client to make a request to
+// // AWS Security Token Service.
+// func myFunc(svc stsiface.STSAPI) bool {
+// // Make svc.AssumeRole request
+// }
+//
+// func main() {
+// sess := session.New()
+// svc := sts.New(sess)
+//
+// myFunc(svc)
+// }
+//
+// In your _test.go file:
+//
+// // Define a mock struct to be used in your unit tests of myFunc.
+// type mockSTSClient struct {
+// stsiface.STSAPI
+// }
+// func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+// // mock response/functionality
+// }
+//
+// func TestMyFunc(t *testing.T) {
+// // Setup Test
+// mockSvc := &mockSTSClient{}
+//
+// myfunc(mockSvc)
+//
+// // Verify myFunc's functionality
+// }
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type STSAPI interface {
+ AssumeRole(*sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
+ AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
+ AssumeRoleRequest(*sts.AssumeRoleInput) (*request.Request, *sts.AssumeRoleOutput)
+
+ AssumeRoleWithSAML(*sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error)
+ AssumeRoleWithSAMLWithContext(aws.Context, *sts.AssumeRoleWithSAMLInput, ...request.Option) (*sts.AssumeRoleWithSAMLOutput, error)
+ AssumeRoleWithSAMLRequest(*sts.AssumeRoleWithSAMLInput) (*request.Request, *sts.AssumeRoleWithSAMLOutput)
+
+ AssumeRoleWithWebIdentity(*sts.AssumeRoleWithWebIdentityInput) (*sts.AssumeRoleWithWebIdentityOutput, error)
+ AssumeRoleWithWebIdentityWithContext(aws.Context, *sts.AssumeRoleWithWebIdentityInput, ...request.Option) (*sts.AssumeRoleWithWebIdentityOutput, error)
+ AssumeRoleWithWebIdentityRequest(*sts.AssumeRoleWithWebIdentityInput) (*request.Request, *sts.AssumeRoleWithWebIdentityOutput)
+
+ DecodeAuthorizationMessage(*sts.DecodeAuthorizationMessageInput) (*sts.DecodeAuthorizationMessageOutput, error)
+ DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error)
+ DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput)
+
+ GetAccessKeyInfo(*sts.GetAccessKeyInfoInput) (*sts.GetAccessKeyInfoOutput, error)
+ GetAccessKeyInfoWithContext(aws.Context, *sts.GetAccessKeyInfoInput, ...request.Option) (*sts.GetAccessKeyInfoOutput, error)
+ GetAccessKeyInfoRequest(*sts.GetAccessKeyInfoInput) (*request.Request, *sts.GetAccessKeyInfoOutput)
+
+ GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error)
+ GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error)
+ GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput)
+
+ GetFederationToken(*sts.GetFederationTokenInput) (*sts.GetFederationTokenOutput, error)
+ GetFederationTokenWithContext(aws.Context, *sts.GetFederationTokenInput, ...request.Option) (*sts.GetFederationTokenOutput, error)
+ GetFederationTokenRequest(*sts.GetFederationTokenInput) (*request.Request, *sts.GetFederationTokenOutput)
+
+ GetSessionToken(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error)
+ GetSessionTokenWithContext(aws.Context, *sts.GetSessionTokenInput, ...request.Option) (*sts.GetSessionTokenOutput, error)
+ GetSessionTokenRequest(*sts.GetSessionTokenInput) (*request.Request, *sts.GetSessionTokenOutput)
+}
+
+var _ STSAPI = (*sts.STS)(nil)
diff --git a/vendor/github.com/gardener/controller-manager-library/hack/run-in.sh b/vendor/github.com/gardener/controller-manager-library/hack/run-in.sh
old mode 100755
new mode 100644
diff --git a/vendor/github.com/jmespath/go-jmespath/.travis.yml b/vendor/github.com/jmespath/go-jmespath/.travis.yml
index 1f9807757..c56f37c0c 100644
--- a/vendor/github.com/jmespath/go-jmespath/.travis.yml
+++ b/vendor/github.com/jmespath/go-jmespath/.travis.yml
@@ -3,7 +3,26 @@ language: go
sudo: false
go:
- - 1.4
+ - 1.5.x
+ - 1.6.x
+ - 1.7.x
+ - 1.8.x
+ - 1.9.x
+ - 1.10.x
+ - 1.11.x
+ - 1.12.x
+ - 1.13.x
+ - 1.14.x
+ - 1.15.x
+ - tip
-install: go get -v -t ./...
-script: make test
+allow_failures:
+ - go: tip
+
+script: make build
+
+matrix:
+ include:
+ - language: go
+ go: 1.15.x
+ script: make test
diff --git a/vendor/github.com/jmespath/go-jmespath/Makefile b/vendor/github.com/jmespath/go-jmespath/Makefile
index a828d2848..fb38ec276 100644
--- a/vendor/github.com/jmespath/go-jmespath/Makefile
+++ b/vendor/github.com/jmespath/go-jmespath/Makefile
@@ -1,6 +1,8 @@
CMD = jpgo
+SRC_PKGS=./ ./cmd/... ./fuzz/...
+
help:
@echo "Please use \`make ' where is one of"
@echo " test to run all the tests"
@@ -9,21 +11,22 @@ help:
generate:
- go generate ./...
+ go generate ${SRC_PKGS}
build:
rm -f $(CMD)
- go build ./...
+ go build ${SRC_PKGS}
rm -f cmd/$(CMD)/$(CMD) && cd cmd/$(CMD)/ && go build ./...
mv cmd/$(CMD)/$(CMD) .
-test:
- go test -v ./...
+test: test-internal-testify
+ echo "making tests ${SRC_PKGS}"
+ go test -v ${SRC_PKGS}
check:
- go vet ./...
- @echo "golint ./..."
- @lint=`golint ./...`; \
+ go vet ${SRC_PKGS}
+ @echo "golint ${SRC_PKGS}"
+ @lint=`golint ${SRC_PKGS}`; \
lint=`echo "$$lint" | grep -v "astnodetype_string.go" | grep -v "toktype_string.go"`; \
echo "$$lint"; \
if [ "$$lint" != "" ]; then exit 1; fi
@@ -42,3 +45,7 @@ bench:
pprof-cpu:
go tool pprof ./go-jmespath.test ./cpu.out
+
+test-internal-testify:
+ cd internal/testify && go test ./...
+
diff --git a/vendor/github.com/jmespath/go-jmespath/README.md b/vendor/github.com/jmespath/go-jmespath/README.md
index 187ef676d..110ad7999 100644
--- a/vendor/github.com/jmespath/go-jmespath/README.md
+++ b/vendor/github.com/jmespath/go-jmespath/README.md
@@ -4,4 +4,84 @@
-See http://jmespath.org for more info.
+go-jmespath is a GO implementation of JMESPath,
+which is a query language for JSON. It will take a JSON
+document and transform it into another JSON document
+through a JMESPath expression.
+
+Using go-jmespath is really easy. There's a single function
+you use, `jmespath.search`:
+
+
+```go
+> import "github.com/jmespath/go-jmespath"
+>
+> var jsondata = []byte(`{"foo": {"bar": {"baz": [0, 1, 2, 3, 4]}}}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.Search("foo.bar.baz[2]", data)
+result = 2
+```
+
+In the example we gave the ``search`` function input data of
+`{"foo": {"bar": {"baz": [0, 1, 2, 3, 4]}}}` as well as the JMESPath
+expression `foo.bar.baz[2]`, and the `search` function evaluated
+the expression against the input data to produce the result ``2``.
+
+The JMESPath language can do a lot more than select an element
+from a list. Here are a few more examples:
+
+```go
+> var jsondata = []byte(`{"foo": {"bar": {"baz": [0, 1, 2, 3, 4]}}}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.search("foo.bar", data)
+result = { "baz": [ 0, 1, 2, 3, 4 ] }
+
+
+> var jsondata = []byte(`{"foo": [{"first": "a", "last": "b"},
+ {"first": "c", "last": "d"}]}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.search({"foo[*].first", data)
+result [ 'a', 'c' ]
+
+
+> var jsondata = []byte(`{"foo": [{"age": 20}, {"age": 25},
+ {"age": 30}, {"age": 35},
+ {"age": 40}]}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.search("foo[?age > `30`]")
+result = [ { age: 35 }, { age: 40 } ]
+```
+
+You can also pre-compile your query. This is usefull if
+you are going to run multiple searches with it:
+
+```go
+ > var jsondata = []byte(`{"foo": "bar"}`)
+ > var data interface{}
+ > err := json.Unmarshal(jsondata, &data)
+ > precompiled, err := Compile("foo")
+ > if err != nil{
+ > // ... handle the error
+ > }
+ > result, err := precompiled.Search(data)
+ result = "bar"
+```
+
+## More Resources
+
+The example above only show a small amount of what
+a JMESPath expression can do. If you want to take a
+tour of the language, the *best* place to go is the
+[JMESPath Tutorial](http://jmespath.org/tutorial.html).
+
+One of the best things about JMESPath is that it is
+implemented in many different programming languages including
+python, ruby, php, lua, etc. To see a complete list of libraries,
+check out the [JMESPath libraries page](http://jmespath.org/libraries.html).
+
+And finally, the full JMESPath specification can be found
+on the [JMESPath site](http://jmespath.org/specification.html).
diff --git a/vendor/github.com/jmespath/go-jmespath/api.go b/vendor/github.com/jmespath/go-jmespath/api.go
index 8e26ffeec..010efe9bf 100644
--- a/vendor/github.com/jmespath/go-jmespath/api.go
+++ b/vendor/github.com/jmespath/go-jmespath/api.go
@@ -2,7 +2,7 @@ package jmespath
import "strconv"
-// JMESPath is the epresentation of a compiled JMES path query. A JMESPath is
+// JMESPath is the representation of a compiled JMES path query. A JMESPath is
// safe for concurrent use by multiple goroutines.
type JMESPath struct {
ast ASTNode
diff --git a/vendor/github.com/jmespath/go-jmespath/go.mod b/vendor/github.com/jmespath/go-jmespath/go.mod
new file mode 100644
index 000000000..4d448e88b
--- /dev/null
+++ b/vendor/github.com/jmespath/go-jmespath/go.mod
@@ -0,0 +1,5 @@
+module github.com/jmespath/go-jmespath
+
+go 1.14
+
+require github.com/jmespath/go-jmespath/internal/testify v1.5.1
diff --git a/vendor/github.com/jmespath/go-jmespath/go.sum b/vendor/github.com/jmespath/go-jmespath/go.sum
new file mode 100644
index 000000000..d2db411e5
--- /dev/null
+++ b/vendor/github.com/jmespath/go-jmespath/go.sum
@@ -0,0 +1,11 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/vendor/github.com/jmespath/go-jmespath/parser.go b/vendor/github.com/jmespath/go-jmespath/parser.go
index 1240a1755..4abc303ab 100644
--- a/vendor/github.com/jmespath/go-jmespath/parser.go
+++ b/vendor/github.com/jmespath/go-jmespath/parser.go
@@ -137,7 +137,7 @@ func (p *Parser) Parse(expression string) (ASTNode, error) {
}
if p.current() != tEOF {
return ASTNode{}, p.syntaxError(fmt.Sprintf(
- "Unexpected token at the end of the expresssion: %s", p.current()))
+ "Unexpected token at the end of the expression: %s", p.current()))
}
return parsed, nil
}
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
index d1b4fca3a..2ffb97bfb 100644
--- a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
@@ -113,6 +113,7 @@ func NewTerminal(c io.ReadWriter, prompt string) *Terminal {
}
const (
+ keyCtrlC = 3
keyCtrlD = 4
keyCtrlU = 21
keyEnter = '\r'
@@ -151,8 +152,12 @@ func bytesToKey(b []byte, pasteActive bool) (rune, []byte) {
switch b[0] {
case 1: // ^A
return keyHome, b[1:]
+ case 2: // ^B
+ return keyLeft, b[1:]
case 5: // ^E
return keyEnd, b[1:]
+ case 6: // ^F
+ return keyRight, b[1:]
case 8: // ^H
return keyBackspace, b[1:]
case 11: // ^K
@@ -738,6 +743,9 @@ func (t *Terminal) readLine() (line string, err error) {
return "", io.EOF
}
}
+ if key == keyCtrlC {
+ return "", io.EOF
+ }
if key == keyPasteStart {
t.pasteActive = true
if len(t.line) == 0 {
diff --git a/vendor/golang.org/x/net/html/const.go b/vendor/golang.org/x/net/html/const.go
index 73804d347..ff7acf2d5 100644
--- a/vendor/golang.org/x/net/html/const.go
+++ b/vendor/golang.org/x/net/html/const.go
@@ -52,7 +52,7 @@ var isSpecialElementMap = map[string]bool{
"iframe": true,
"img": true,
"input": true,
- "keygen": true,
+ "keygen": true, // "keygen" has been removed from the spec, but are kept here for backwards compatibility.
"li": true,
"link": true,
"listing": true,
diff --git a/vendor/golang.org/x/net/html/foreign.go b/vendor/golang.org/x/net/html/foreign.go
index 74774c458..9da9e9dc4 100644
--- a/vendor/golang.org/x/net/html/foreign.go
+++ b/vendor/golang.org/x/net/html/foreign.go
@@ -161,65 +161,62 @@ var mathMLAttributeAdjustments = map[string]string{
}
var svgAttributeAdjustments = map[string]string{
- "attributename": "attributeName",
- "attributetype": "attributeType",
- "basefrequency": "baseFrequency",
- "baseprofile": "baseProfile",
- "calcmode": "calcMode",
- "clippathunits": "clipPathUnits",
- "contentscripttype": "contentScriptType",
- "contentstyletype": "contentStyleType",
- "diffuseconstant": "diffuseConstant",
- "edgemode": "edgeMode",
- "externalresourcesrequired": "externalResourcesRequired",
- "filterunits": "filterUnits",
- "glyphref": "glyphRef",
- "gradienttransform": "gradientTransform",
- "gradientunits": "gradientUnits",
- "kernelmatrix": "kernelMatrix",
- "kernelunitlength": "kernelUnitLength",
- "keypoints": "keyPoints",
- "keysplines": "keySplines",
- "keytimes": "keyTimes",
- "lengthadjust": "lengthAdjust",
- "limitingconeangle": "limitingConeAngle",
- "markerheight": "markerHeight",
- "markerunits": "markerUnits",
- "markerwidth": "markerWidth",
- "maskcontentunits": "maskContentUnits",
- "maskunits": "maskUnits",
- "numoctaves": "numOctaves",
- "pathlength": "pathLength",
- "patterncontentunits": "patternContentUnits",
- "patterntransform": "patternTransform",
- "patternunits": "patternUnits",
- "pointsatx": "pointsAtX",
- "pointsaty": "pointsAtY",
- "pointsatz": "pointsAtZ",
- "preservealpha": "preserveAlpha",
- "preserveaspectratio": "preserveAspectRatio",
- "primitiveunits": "primitiveUnits",
- "refx": "refX",
- "refy": "refY",
- "repeatcount": "repeatCount",
- "repeatdur": "repeatDur",
- "requiredextensions": "requiredExtensions",
- "requiredfeatures": "requiredFeatures",
- "specularconstant": "specularConstant",
- "specularexponent": "specularExponent",
- "spreadmethod": "spreadMethod",
- "startoffset": "startOffset",
- "stddeviation": "stdDeviation",
- "stitchtiles": "stitchTiles",
- "surfacescale": "surfaceScale",
- "systemlanguage": "systemLanguage",
- "tablevalues": "tableValues",
- "targetx": "targetX",
- "targety": "targetY",
- "textlength": "textLength",
- "viewbox": "viewBox",
- "viewtarget": "viewTarget",
- "xchannelselector": "xChannelSelector",
- "ychannelselector": "yChannelSelector",
- "zoomandpan": "zoomAndPan",
+ "attributename": "attributeName",
+ "attributetype": "attributeType",
+ "basefrequency": "baseFrequency",
+ "baseprofile": "baseProfile",
+ "calcmode": "calcMode",
+ "clippathunits": "clipPathUnits",
+ "diffuseconstant": "diffuseConstant",
+ "edgemode": "edgeMode",
+ "filterunits": "filterUnits",
+ "glyphref": "glyphRef",
+ "gradienttransform": "gradientTransform",
+ "gradientunits": "gradientUnits",
+ "kernelmatrix": "kernelMatrix",
+ "kernelunitlength": "kernelUnitLength",
+ "keypoints": "keyPoints",
+ "keysplines": "keySplines",
+ "keytimes": "keyTimes",
+ "lengthadjust": "lengthAdjust",
+ "limitingconeangle": "limitingConeAngle",
+ "markerheight": "markerHeight",
+ "markerunits": "markerUnits",
+ "markerwidth": "markerWidth",
+ "maskcontentunits": "maskContentUnits",
+ "maskunits": "maskUnits",
+ "numoctaves": "numOctaves",
+ "pathlength": "pathLength",
+ "patterncontentunits": "patternContentUnits",
+ "patterntransform": "patternTransform",
+ "patternunits": "patternUnits",
+ "pointsatx": "pointsAtX",
+ "pointsaty": "pointsAtY",
+ "pointsatz": "pointsAtZ",
+ "preservealpha": "preserveAlpha",
+ "preserveaspectratio": "preserveAspectRatio",
+ "primitiveunits": "primitiveUnits",
+ "refx": "refX",
+ "refy": "refY",
+ "repeatcount": "repeatCount",
+ "repeatdur": "repeatDur",
+ "requiredextensions": "requiredExtensions",
+ "requiredfeatures": "requiredFeatures",
+ "specularconstant": "specularConstant",
+ "specularexponent": "specularExponent",
+ "spreadmethod": "spreadMethod",
+ "startoffset": "startOffset",
+ "stddeviation": "stdDeviation",
+ "stitchtiles": "stitchTiles",
+ "surfacescale": "surfaceScale",
+ "systemlanguage": "systemLanguage",
+ "tablevalues": "tableValues",
+ "targetx": "targetX",
+ "targety": "targetY",
+ "textlength": "textLength",
+ "viewbox": "viewBox",
+ "viewtarget": "viewTarget",
+ "xchannelselector": "xChannelSelector",
+ "ychannelselector": "yChannelSelector",
+ "zoomandpan": "zoomAndPan",
}
diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go
index 2cd12fc81..f91466f7c 100644
--- a/vendor/golang.org/x/net/html/parse.go
+++ b/vendor/golang.org/x/net/html/parse.go
@@ -728,7 +728,13 @@ func inHeadNoscriptIM(p *parser) bool {
return inBodyIM(p)
case a.Basefont, a.Bgsound, a.Link, a.Meta, a.Noframes, a.Style:
return inHeadIM(p)
- case a.Head, a.Noscript:
+ case a.Head:
+ // Ignore the token.
+ return true
+ case a.Noscript:
+ // Don't let the tokenizer go into raw text mode even when a