From 3d6cdce353a47a3f9b0965164f0f8479ac2514e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 May 2023 18:02:00 +0000 Subject: [PATCH] rebase: bump github.com/aws/aws-sdk-go from 1.44.249 to 1.44.254 Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.249 to 1.44.254. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.249...v1.44.254) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 296 ++++++++---- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/service/ec2/api.go | 292 +++++++----- .../aws/aws-sdk-go/service/kms/api.go | 449 ++++++++++++++++-- vendor/modules.txt | 2 +- 7 files changed, 788 insertions(+), 259 deletions(-) diff --git a/go.mod b/go.mod index 2cb319cf1..e5b026b7f 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/IBM/keyprotect-go-client v0.10.0 - github.com/aws/aws-sdk-go v1.44.249 + github.com/aws/aws-sdk-go v1.44.254 github.com/aws/aws-sdk-go-v2/service/sts v1.18.10 github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000 // TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag diff --git a/go.sum b/go.sum index d9f60b11e..1bbf3e5b7 100644 --- a/go.sum +++ b/go.sum @@ -155,8 +155,8 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.44.249 h1:UbUvh/oYHdAD3vZjNi316M0NIupJsrqAcJckVuhaCB8= -github.com/aws/aws-sdk-go v1.44.249/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.254 h1:8baW4yal2xGiM/Wm5/ZU10drS8sd+BVjMjPFjJx2ooc= +github.com/aws/aws-sdk-go v1.44.254/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY= github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 33271e457..7c855e1d2 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -3365,6 +3365,9 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -3715,12 +3718,6 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, - endpointKey{ - Region: "ca-central-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", - }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -3745,51 +3742,6 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, - endpointKey{ - Region: "fips-ca-central-1", - }: endpoint{ - Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-east-1", - }: endpoint{ - Hostname: "autoscaling-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-east-2", - }: endpoint{ - Hostname: "autoscaling-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-1", - }: endpoint{ - Hostname: "autoscaling-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-2", - }: endpoint{ - Hostname: "autoscaling-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - Deprecated: boxedTrue, - }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -3802,39 +3754,15 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, - endpointKey{ - Region: "us-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "autoscaling-fips.us-east-1.amazonaws.com", - }, endpointKey{ Region: "us-east-2", }: endpoint{}, - endpointKey{ - Region: "us-east-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "autoscaling-fips.us-east-2.amazonaws.com", - }, endpointKey{ Region: "us-west-1", }: endpoint{}, - endpointKey{ - Region: "us-west-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "autoscaling-fips.us-west-1.amazonaws.com", - }, endpointKey{ Region: "us-west-2", }: endpoint{}, - endpointKey{ - Region: "us-west-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "autoscaling-fips.us-west-2.amazonaws.com", - }, }, }, "autoscaling-plans": service{ @@ -10877,6 +10805,9 @@ var awsPartition = partition{ }, "emr-serverless": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, @@ -10961,6 +10892,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -14815,6 +14749,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -14839,6 +14779,51 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "kafka-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "kafka-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "kafka-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "kafka-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "kafka-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -14851,15 +14836,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-west-2.amazonaws.com", + }, }, }, "kafkaconnect": service{ @@ -19503,6 +19512,40 @@ var awsPartition = partition{ }, }, }, + "osis": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "outposts": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -21855,16 +21898,6 @@ var awsPartition = partition{ }, }, Endpoints: serviceEndpoints{ - endpointKey{ - Region: "af-south-1", - }: endpoint{ - Hostname: "resource-explorer-2.af-south-1.api.aws", - }, - endpointKey{ - Region: "ap-east-1", - }: endpoint{ - Hostname: "resource-explorer-2.ap-east-1.api.aws", - }, endpointKey{ Region: "ap-northeast-1", }: endpoint{ @@ -22295,6 +22328,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -28832,6 +28868,14 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "waf-regional-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "fips-me-central-1", }: endpoint{ @@ -29538,6 +29582,14 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "wafv2-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "fips-me-central-1", }: endpoint{ @@ -31262,6 +31314,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "license-manager-linux-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "logs": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -35161,10 +35223,56 @@ var awsusgovPartition = partition{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-gov-east-1", - }: endpoint{}, + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", - }: endpoint{}, + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "kendra": service{ @@ -38030,6 +38138,13 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "athena": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, "autoscaling": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -39244,6 +39359,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "secretsmanager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "snowball": service{ Endpoints: serviceEndpoints{ endpointKey{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 31c451d30..83cc222db 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.249" +const SDKVersion = "1.44.254" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index b209126f8..ccfe72bbc 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -44635,10 +44635,10 @@ func (c *EC2) ModifyInstanceAttributeRequest(input *ModifyInstanceAttributeInput // only one attribute at a time. // // Note: Using this action to change the security groups associated with an -// elastic network interface (ENI) attached to an instance in a VPC can result -// in an error if the instance has more than one ENI. To change the security -// groups associated with an ENI attached to an instance that has multiple ENIs, -// we recommend that you use the ModifyNetworkInterfaceAttribute action. +// elastic network interface (ENI) attached to an instance can result in an +// error if the instance has more than one ENI. To change the security groups +// associated with an ENI attached to an instance that has multiple ENIs, we +// recommend that you use the ModifyNetworkInterfaceAttribute action. // // To modify some attributes, the instance must be stopped. For more information, // see Modify a stopped instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html) @@ -46037,10 +46037,6 @@ func (c *EC2) ModifyReservedInstancesRequest(input *ModifyReservedInstancesInput // For more information, see Modifying Reserved Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) // in the Amazon EC2 User Guide. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -49242,10 +49238,6 @@ func (c *EC2) PurchaseReservedInstancesOfferingRequest(input *PurchaseReservedIn // and Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) // in the Amazon EC2 User Guide. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -51216,10 +51208,6 @@ func (c *EC2) RequestSpotInstancesRequest(input *RequestSpotInstancesInput) (req // see Which is the best Spot request method to use? (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) // in the Amazon EC2 User Guide for Linux Instances. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon EC2 User Guide for Linux Instances. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -52481,20 +52469,13 @@ func (c *EC2) RunInstancesRequest(input *RunInstancesInput) (req *request.Reques // You can specify a number of options, or leave the default options. The following // rules apply: // -// - [EC2-VPC] If you don't specify a subnet ID, we choose a default subnet -// from your default VPC for you. If you don't have a default VPC, you must -// specify a subnet ID in the request. +// - If you don't specify a subnet ID, we choose a default subnet from your +// default VPC for you. If you don't have a default VPC, you must specify +// a subnet ID in the request. // -// - [EC2-Classic] If don't specify an Availability Zone, we choose one for -// you. -// -// - Some instance types must be launched into a VPC. If you do not have -// a default VPC, or if you do not specify a subnet ID, the request fails. -// For more information, see Instance types available only in a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html#vpc-only-instance-types). -// -// - [EC2-VPC] All instances have a network interface with a primary private -// IPv4 address. If you don't specify this address, we choose one from the -// IPv4 range of your subnet. +// - All instances have a network interface with a primary private IPv4 address. +// If you don't specify this address, we choose one from the IPv4 range of +// your subnet. // // - Not all instance types support IPv6 addresses. For more information, // see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html). @@ -52528,10 +52509,6 @@ func (c *EC2) RunInstancesRequest(input *RunInstancesInput) (req *request.Reques // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html), // and Troubleshooting connecting to your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon EC2 User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -62958,7 +62935,7 @@ type CancelSpotInstanceRequestsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more Spot Instance request IDs. + // The IDs of the Spot Instance requests. // // SpotInstanceRequestIds is a required field SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list" required:"true"` @@ -63011,7 +62988,7 @@ func (s *CancelSpotInstanceRequestsInput) SetSpotInstanceRequestIds(v []*string) type CancelSpotInstanceRequestsOutput struct { _ struct{} `type:"structure"` - // One or more Spot Instance requests. + // The Spot Instance requests. CancelledSpotInstanceRequests []*CancelledSpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` } @@ -66780,6 +66757,9 @@ func (s *CopySnapshotOutput) SetTags(v []*Tag) *CopySnapshotOutput { type CpuOptions struct { _ struct{} `type:"structure"` + // Indicates whether the instance is enabled for AMD SEV-SNP. + AmdSevSnp *string `locationName:"amdSevSnp" type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `locationName:"coreCount" type:"integer"` @@ -66805,6 +66785,12 @@ func (s CpuOptions) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *CpuOptions) SetAmdSevSnp(v string) *CpuOptions { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *CpuOptions) SetCoreCount(v int64) *CpuOptions { s.CoreCount = &v @@ -66822,6 +66808,10 @@ func (s *CpuOptions) SetThreadsPerCore(v int64) *CpuOptions { type CpuOptionsRequest struct { _ struct{} `type:"structure"` + // Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is + // supported with M6a, R6a, and C6a instance types only. + AmdSevSnp *string `type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `type:"integer"` @@ -66848,6 +66838,12 @@ func (s CpuOptionsRequest) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *CpuOptionsRequest) SetAmdSevSnp(v string) *CpuOptionsRequest { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *CpuOptionsRequest) SetCoreCount(v int64) *CpuOptionsRequest { s.CoreCount = &v @@ -94409,8 +94405,8 @@ type DescribeInstanceTypesInput struct { // One or more filters. Filter names and values are case-sensitive. // - // * auto-recovery-supported - Indicates whether auto recovery is supported - // (true | false). + // * auto-recovery-supported - Indicates whether Amazon CloudWatch action + // based recovery is supported (true | false). // // * bare-metal - Indicates whether it is a bare metal instance type (true // | false). @@ -94699,12 +94695,6 @@ type DescribeInstancesInput struct { // // * dns-name - The public DNS name of the instance. // - // * group-id - The ID of the security group for the instance. EC2-Classic - // only. - // - // * group-name - The name of the security group for the instance. EC2-Classic - // only. - // // * hibernation-options.configured - A Boolean that indicates whether the // instance is enabled for hibernation. A value of true means that the instance // is enabled for hibernation. @@ -99709,16 +99699,11 @@ type DescribeReservedInstancesInput struct { // // * scope - The scope of the Reserved Instance (Region or Availability Zone). // - // * product-description - The Reserved Instance product platform description. - // Instances that include (Amazon VPC) in the product platform description - // will only be displayed to EC2-Classic account holders and are for use - // with Amazon VPC (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | SUSE - // Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise Linux - // (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows - // | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with - // SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows - // with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise - // | Windows with SQL Server Enterprise (Amazon VPC)). + // * product-description - The Reserved Instance product platform description + // (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web + // | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux + // | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server + // Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise). // // * reserved-instances-id - The ID of the Reserved Instance. // @@ -99920,9 +99905,6 @@ type DescribeReservedInstancesModificationsInput struct { // * modification-result.target-configuration.instance-type - The instance // type of the new Reserved Instances. // - // * modification-result.target-configuration.platform - The network platform - // of the new Reserved Instances (EC2-Classic | EC2-VPC). - // // * reserved-instances-id - The ID of the Reserved Instances modified. // // * reserved-instances-modification-id - The ID of the modification request. @@ -100051,16 +100033,11 @@ type DescribeReservedInstancesOfferingsInput struct { // all offerings from both Amazon Web Services and the Reserved Instance // Marketplace are listed. // - // * product-description - The Reserved Instance product platform description. - // Instances that include (Amazon VPC) in the product platform description - // will only be displayed to EC2-Classic account holders and are for use - // with Amazon VPC. (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | - // SUSE Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise - // Linux (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows - // | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with - // SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows - // with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise - // | Windows with SQL Server Enterprise (Amazon VPC)) + // * product-description - The Reserved Instance product platform description + // (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web + // | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux + // | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server + // Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise). // // * reserved-instances-offering-id - The Reserved Instances offering ID. // @@ -100521,8 +100498,6 @@ type DescribeScheduledInstanceAvailabilityInput struct { // // * instance-type - The instance type (for example, c4.large). // - // * network-platform - The network platform (EC2-Classic or EC2-VPC). - // // * platform - The platform (Linux/UNIX or Windows). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -100703,8 +100678,6 @@ type DescribeScheduledInstancesInput struct { // // * instance-type - The instance type (for example, c4.large). // - // * network-platform - The network platform (EC2-Classic or EC2-VPC). - // // * platform - The platform (Linux/UNIX or Windows). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -102176,7 +102149,7 @@ type DescribeSpotInstanceRequestsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * availability-zone-group - The Availability Zone group. // @@ -102293,7 +102266,7 @@ type DescribeSpotInstanceRequestsInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more Spot Instance request IDs. + // The IDs of the Spot Instance requests. SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list"` } @@ -102353,7 +102326,7 @@ type DescribeSpotInstanceRequestsOutput struct { // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` - // One or more Spot Instance requests. + // The Spot Instance requests. SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` } @@ -102404,7 +102377,7 @@ type DescribeSpotPriceHistoryInput struct { // the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). EndTime *time.Time `locationName:"endTime" type:"timestamp"` - // One or more filters. + // The filters. // // * availability-zone - The Availability Zone for which prices should be // returned. @@ -127925,7 +127898,7 @@ type Instance struct { // The monitoring for the instance. Monitoring *Monitoring `locationName:"monitoring" type:"structure"` - // [EC2-VPC] The network interfaces for the instance. + // The network interfaces for the instance. NetworkInterfaces []*InstanceNetworkInterface `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` // The Amazon Resource Name (ARN) of the Outpost. @@ -127942,14 +127915,14 @@ type Instance struct { // in the Amazon EC2 User Guide. PlatformDetails *string `locationName:"platformDetails" type:"string"` - // (IPv4 only) The private DNS hostname name assigned to the instance. This + // [IPv4 only] The private DNS hostname name assigned to the instance. This // DNS hostname can only be used inside the Amazon EC2 network. This name is // not available until the instance enters the running state. // - // [EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private - // DNS hostnames if you've enabled DNS resolution and DNS hostnames in your - // VPC. If you are not using the Amazon-provided DNS server in your VPC, your - // custom domain name servers must resolve the hostname as appropriate. + // The Amazon-provided DNS server resolves Amazon-provided private DNS hostnames + // if you've enabled DNS resolution and DNS hostnames in your VPC. If you are + // not using the Amazon-provided DNS server in your VPC, your custom domain + // name servers must resolve the hostname as appropriate. PrivateDnsName *string `locationName:"privateDnsName" type:"string"` // The options for the instance hostname. @@ -127961,9 +127934,9 @@ type Instance struct { // The product codes attached to this instance, if applicable. ProductCodes []*ProductCode `locationName:"productCodes" locationNameList:"item" type:"list"` - // (IPv4 only) The public DNS name assigned to the instance. This name is not - // available until the instance enters the running state. For EC2-VPC, this - // name is only available if you've enabled DNS hostnames for your VPC. + // [IPv4 only] The public DNS name assigned to the instance. This name is not + // available until the instance enters the running state. This name is only + // available if you've enabled DNS hostnames for your VPC. PublicDnsName *string `locationName:"dnsName" type:"string"` // The public IPv4 address, or the Carrier IP address assigned to the instance, @@ -128005,7 +127978,7 @@ type Instance struct { // The reason for the most recent state transition. This might be an empty string. StateTransitionReason *string `locationName:"reason" type:"string"` - // [EC2-VPC] The ID of the subnet in which the instance is running. + // The ID of the subnet in which the instance is running. SubnetId *string `locationName:"subnetId" type:"string"` // Any tags assigned to the instance. @@ -128027,7 +128000,7 @@ type Instance struct { // The virtualization type of the instance. VirtualizationType *string `locationName:"virtualizationType" type:"string" enum:"VirtualizationType"` - // [EC2-VPC] The ID of the VPC in which the instance is running. + // The ID of the VPC in which the instance is running. VpcId *string `locationName:"vpcId" type:"string"` } @@ -131820,7 +131793,7 @@ func (s *InstanceTagNotificationAttribute) SetInstanceTagKeys(v []*string) *Inst type InstanceTypeInfo struct { _ struct{} `type:"structure"` - // Indicates whether auto recovery is supported. + // Indicates whether Amazon CloudWatch action based recovery is supported. AutoRecoverySupported *bool `locationName:"autoRecoverySupported" type:"boolean"` // Indicates whether the instance is a bare metal instance type. @@ -134896,7 +134869,7 @@ type LaunchSpecification struct { // Deprecated. AddressingType *string `locationName:"addressingType" type:"string"` - // One or more block device mapping entries. + // The block device mapping entries. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` // Indicates whether the instance is optimized for EBS I/O. This optimization @@ -134926,8 +134899,8 @@ type LaunchSpecification struct { // Describes the monitoring of an instance. Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"` - // One or more network interfaces. If you specify a network interface, you must - // specify subnet IDs and security group IDs using the network interface. + // The network interfaces. If you specify a network interface, you must specify + // subnet IDs and security group IDs using the network interface. NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` // The placement information for the instance. @@ -134936,9 +134909,7 @@ type LaunchSpecification struct { // The ID of the RAM disk. RamdiskId *string `locationName:"ramdiskId" type:"string"` - // One or more security groups. When requesting instances in a VPC, you must - // specify the IDs of the security groups. When requesting instances in EC2-Classic, - // you can specify the names or the IDs of the security groups. + // The IDs of the security groups. SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The ID of the subnet in which to launch the instance. @@ -135476,6 +135447,9 @@ func (s *LaunchTemplateConfig) SetOverrides(v []*LaunchTemplateOverrides) *Launc type LaunchTemplateCpuOptions struct { _ struct{} `type:"structure"` + // Indicates whether the instance is enabled for AMD SEV-SNP. + AmdSevSnp *string `locationName:"amdSevSnp" type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `locationName:"coreCount" type:"integer"` @@ -135501,6 +135475,12 @@ func (s LaunchTemplateCpuOptions) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *LaunchTemplateCpuOptions) SetAmdSevSnp(v string) *LaunchTemplateCpuOptions { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *LaunchTemplateCpuOptions) SetCoreCount(v int64) *LaunchTemplateCpuOptions { s.CoreCount = &v @@ -135518,6 +135498,10 @@ func (s *LaunchTemplateCpuOptions) SetThreadsPerCore(v int64) *LaunchTemplateCpu type LaunchTemplateCpuOptionsRequest struct { _ struct{} `type:"structure"` + // Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is + // supported with M6a, R6a, and C6a instance types only. + AmdSevSnp *string `type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `type:"integer"` @@ -135544,6 +135528,12 @@ func (s LaunchTemplateCpuOptionsRequest) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *LaunchTemplateCpuOptionsRequest) SetAmdSevSnp(v string) *LaunchTemplateCpuOptionsRequest { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *LaunchTemplateCpuOptionsRequest) SetCoreCount(v int64) *LaunchTemplateCpuOptionsRequest { s.CoreCount = &v @@ -137087,8 +137077,8 @@ type LaunchTemplatePlacement struct { // Reserved for future use. SpreadDomain *string `locationName:"spreadDomain" type:"string"` - // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. + // The tenancy of the instance. An instance with a tenancy of dedicated runs + // on single-tenant hardware. Tenancy *string `locationName:"tenancy" type:"string" enum:"Tenancy"` } @@ -137196,8 +137186,8 @@ type LaunchTemplatePlacementRequest struct { // Reserved for future use. SpreadDomain *string `type:"string"` - // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. + // The tenancy of the instance. An instance with a tenancy of dedicated runs + // on single-tenant hardware. Tenancy *string `type:"string" enum:"Tenancy"` } @@ -141282,10 +141272,9 @@ type ModifyInstanceAttributeInput struct { // a PV instance can make it unreachable. EnaSupport *AttributeBooleanValue `locationName:"enaSupport" type:"structure"` - // [EC2-VPC] Replaces the security groups of the instance with the specified - // security groups. You must specify at least one security group, even if it's - // just the default security group for the VPC. You must specify the security - // group ID, not the security group name. + // Replaces the security groups of the instance with the specified security + // groups. You must specify the ID of at least one security group, even if it's + // just the default security group for the VPC. Groups []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` // The ID of the instance. @@ -152800,8 +152789,8 @@ type Placement struct { // Reserved for future use. SpreadDomain *string `locationName:"spreadDomain" type:"string"` - // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. + // The tenancy of the instance. An instance with a tenancy of dedicated runs + // on single-tenant hardware. // // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). // The host tenancy is not supported for ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) @@ -153804,6 +153793,10 @@ type ProcessorInfo struct { // The architectures supported by the instance type. SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list" enum:"ArchitectureType"` + // Indicates whether the instance type supports AMD SEV-SNP. If the request + // returns amd-sev-snp, AMD SEV-SNP is supported. Otherwise, it is not supported. + SupportedFeatures []*string `locationName:"supportedFeatures" locationNameList:"item" type:"list" enum:"SupportedAdditionalProcessorFeature"` + // The speed of the processor, in GHz. SustainedClockSpeedInGhz *float64 `locationName:"sustainedClockSpeedInGhz" type:"double"` } @@ -153832,6 +153825,12 @@ func (s *ProcessorInfo) SetSupportedArchitectures(v []*string) *ProcessorInfo { return s } +// SetSupportedFeatures sets the SupportedFeatures field's value. +func (s *ProcessorInfo) SetSupportedFeatures(v []*string) *ProcessorInfo { + s.SupportedFeatures = v + return s +} + // SetSustainedClockSpeedInGhz sets the SustainedClockSpeedInGhz field's value. func (s *ProcessorInfo) SetSustainedClockSpeedInGhz(v float64) *ProcessorInfo { s.SustainedClockSpeedInGhz = &v @@ -158263,8 +158262,14 @@ type RequestLaunchTemplateData struct { // // * resolve:ssm:parameter-name:label // - // For more information, see Use a Systems Manager parameter to find an AMI - // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI) + // * resolve:ssm:public-parameter + // + // Currently, EC2 Fleet and Spot Fleet do not support specifying a Systems Manager + // parameter. If the launch template will be used by an EC2 Fleet or Spot Fleet, + // you must specify the AMI ID. + // + // For more information, see Use a Systems Manager parameter instead of an AMI + // ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id) // in the Amazon Elastic Compute Cloud User Guide. ImageId *string `type:"string"` @@ -158934,7 +158939,7 @@ func (s *RequestSpotInstancesInput) SetValidUntil(v time.Time) *RequestSpotInsta type RequestSpotInstancesOutput struct { _ struct{} `type:"structure"` - // One or more Spot Instance requests. + // The Spot Instance requests. SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` } @@ -158969,8 +158974,8 @@ type RequestSpotLaunchSpecification struct { // Deprecated. AddressingType *string `locationName:"addressingType" type:"string"` - // One or more block device mapping entries. You can't specify both a snapshot - // ID and an encryption value. This is because only blank volumes can be encrypted + // The block device mapping entries. You can't specify both a snapshot ID and + // an encryption value. This is because only blank volumes can be encrypted // on creation. If a snapshot is the basis for a volume, it is not blank and // its encryption status is used for the volume encryption status. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` @@ -159004,8 +159009,8 @@ type RequestSpotLaunchSpecification struct { // Default: Disabled Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"` - // One or more network interfaces. If you specify a network interface, you must - // specify subnet IDs and security group IDs using the network interface. + // The network interfaces. If you specify a network interface, you must specify + // subnet IDs and security group IDs using the network interface. NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"NetworkInterface" locationNameList:"item" type:"list"` // The placement information for the instance. @@ -159014,12 +159019,10 @@ type RequestSpotLaunchSpecification struct { // The ID of the RAM disk. RamdiskId *string `locationName:"ramdiskId" type:"string"` - // One or more security group IDs. + // The IDs of the security groups. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` - // One or more security groups. When requesting instances in a VPC, you must - // specify the IDs of the security groups. When requesting instances in EC2-Classic, - // you can specify the names or the IDs of the security groups. + // Not supported. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"item" type:"list"` // The ID of the subnet in which to launch the instance. @@ -159169,7 +159172,7 @@ func (s *RequestSpotLaunchSpecification) SetUserData(v string) *RequestSpotLaunc type Reservation struct { _ struct{} `type:"structure"` - // [EC2-Classic only] The security groups. + // Not supported. Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The instances. @@ -159689,8 +159692,7 @@ type ReservedInstancesConfiguration struct { // The instance type for the modified Reserved Instances. InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` - // The network platform of the modified Reserved Instances, which is either - // EC2-Classic or EC2-VPC. + // The network platform of the modified Reserved Instances. Platform *string `locationName:"platform" type:"string"` // Whether the Reserved Instance is applied to instances in a Region or instances @@ -163052,9 +163054,9 @@ type RunInstancesInput struct { // Default: m1.small InstanceType *string `type:"string" enum:"InstanceType"` - // [EC2-VPC] The number of IPv6 addresses to associate with the primary network - // interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. - // You cannot specify this option and the option to assign specific IPv6 addresses + // The number of IPv6 addresses to associate with the primary network interface. + // Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You + // cannot specify this option and the option to assign specific IPv6 addresses // in the same request. You can specify this option if you've specified a minimum // number of instances to launch. // @@ -163062,10 +163064,10 @@ type RunInstancesInput struct { // request. Ipv6AddressCount *int64 `type:"integer"` - // [EC2-VPC] The IPv6 addresses from the range of the subnet to associate with - // the primary network interface. You cannot specify this option and the option - // to assign a number of IPv6 addresses in the same request. You cannot specify - // this option if you've specified a minimum number of instances to launch. + // The IPv6 addresses from the range of the subnet to associate with the primary + // network interface. You cannot specify this option and the option to assign + // a number of IPv6 addresses in the same request. You cannot specify this option + // if you've specified a minimum number of instances to launch. // // You cannot specify this option and the network interfaces option in the same // request. @@ -163139,8 +163141,8 @@ type RunInstancesInput struct { // the subnet. PrivateDnsNameOptions *PrivateDnsNameOptionsRequest `type:"structure"` - // [EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 - // address range of the subnet. + // The primary IPv4 address. You must specify a value from the IPv4 address + // range of the subnet. // // Only one private IP address can be designated as primary. You can't specify // this option if you've specified the option to designate a private IP address @@ -163168,7 +163170,7 @@ type RunInstancesInput struct { // as part of the network interface. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` - // [EC2-Classic, default VPC] The names of the security groups. + // [Default VPC] The names of the security groups. // // If you specify a network interface, you must specify any security groups // as part of the network interface. @@ -163176,7 +163178,7 @@ type RunInstancesInput struct { // Default: Amazon EC2 uses the default security group. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"SecurityGroup" type:"list"` - // [EC2-VPC] The ID of the subnet to launch the instance into. + // The ID of the subnet to launch the instance into. // // If you specify a network interface, you must specify any subnets as part // of the network interface. @@ -163844,7 +163846,7 @@ type ScheduledInstance struct { // The instance type. InstanceType *string `locationName:"instanceType" type:"string"` - // The network platform (EC2-Classic or EC2-VPC). + // The network platform. NetworkPlatform *string `locationName:"networkPlatform" type:"string"` // The time for the next schedule to start. @@ -164009,7 +164011,7 @@ type ScheduledInstanceAvailability struct { // The minimum term. The only possible value is 365 days. MinTermDurationInDays *int64 `locationName:"minTermDurationInDays" type:"integer"` - // The network platform (EC2-Classic or EC2-VPC). + // The network platform. NetworkPlatform *string `locationName:"networkPlatform" type:"string"` // The platform (Linux/UNIX or Windows). @@ -167498,9 +167500,7 @@ type SpotFleetLaunchSpecification struct { // Resource Center and search for the kernel ID. RamdiskId *string `locationName:"ramdiskId" type:"string"` - // One or more security groups. When requesting instances in a VPC, you must - // specify the IDs of the security groups. When requesting instances in EC2-Classic, - // you can specify the names or the IDs of the security groups. + // The security groups. SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The maximum price per unit hour that you are willing to pay for a Spot Instance. @@ -181242,6 +181242,22 @@ func AllowsMultipleInstanceTypes_Values() []string { } } +const ( + // AmdSevSnpSpecificationEnabled is a AmdSevSnpSpecification enum value + AmdSevSnpSpecificationEnabled = "enabled" + + // AmdSevSnpSpecificationDisabled is a AmdSevSnpSpecification enum value + AmdSevSnpSpecificationDisabled = "disabled" +) + +// AmdSevSnpSpecification_Values returns all elements of the AmdSevSnpSpecification enum +func AmdSevSnpSpecification_Values() []string { + return []string{ + AmdSevSnpSpecificationEnabled, + AmdSevSnpSpecificationDisabled, + } +} + const ( // AnalysisStatusRunning is a AnalysisStatus enum value AnalysisStatusRunning = "running" @@ -189198,6 +189214,18 @@ func SummaryStatus_Values() []string { } } +const ( + // SupportedAdditionalProcessorFeatureAmdSevSnp is a SupportedAdditionalProcessorFeature enum value + SupportedAdditionalProcessorFeatureAmdSevSnp = "amd-sev-snp" +) + +// SupportedAdditionalProcessorFeature_Values returns all elements of the SupportedAdditionalProcessorFeature enum +func SupportedAdditionalProcessorFeature_Values() []string { + return []string{ + SupportedAdditionalProcessorFeatureAmdSevSnp, + } +} + const ( // TargetCapacityUnitTypeVcpu is a TargetCapacityUnitType enum value TargetCapacityUnitTypeVcpu = "vcpu" diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index 8f594ac0d..fed9c2368 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -1458,11 +1458,16 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // see Best practices for IAM policies (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices) // in the Key Management Service Developer Guide. // -// Applications in Amazon Web Services Nitro Enclaves can call this operation -// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). -// For information about the supporting parameters, see How Amazon Web Services -// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) -// in the Key Management Service Developer Guide. +// Decrypt also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call Decrypt +// for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. Instead of the plaintext data, the +// response includes the plaintext data encrypted with the public key from the +// attestation document (CiphertextForRecipient).For information about the interaction +// between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services +// Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide.. // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -3375,11 +3380,18 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the Key Management Service Developer Guide. // -// Applications in Amazon Web Services Nitro Enclaves can call this operation -// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). -// For information about the supporting parameters, see How Amazon Web Services -// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) -// in the Key Management Service Developer Guide. +// GenerateDataKey also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call GenerateDataKey +// for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro +// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. GenerateDataKey returns a copy of the +// data key encrypted under the specified KMS key, as usual. But instead of +// a plaintext copy of the data key, the response includes a copy of the data +// key encrypted under the public key from the attestation document (CiphertextForRecipient). +// For information about the interaction between KMS and Amazon Web Services +// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide.. // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -3599,6 +3611,20 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // The private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC // 5958 (https://tools.ietf.org/html/rfc5958). // +// GenerateDataKeyPair also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call GenerateDataKeyPair +// for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro +// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. GenerateDataKeyPair returns the public +// data key and a copy of the private data key encrypted under the specified +// KMS key, as usual. But instead of a plaintext copy of the private data key +// (PrivateKeyPlaintext), the response includes a copy of the private data key +// encrypted under the public key from the attestation document (CiphertextForRecipient). +// For information about the interaction between KMS and Amazon Web Services +// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide.. +// // You can use an optional encryption context to add additional security to // the encryption operation. If you specify an EncryptionContext, you must specify // the same encryption context (a case-sensitive exact match) when decrypting @@ -3987,7 +4013,7 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // keys, use the KeySpec parameter. // // To generate an SM4 data key (China Regions only), specify a KeySpec value -// of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used +// of AES_128 or NumberOfBytes value of 16. The symmetric encryption key used // in China Regions to encrypt your data key is an SM4 encryption key. // // If the operation succeeds, you will find the encrypted copy of the data key @@ -4320,10 +4346,15 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // string in the CloudHSM cluster associated with an CloudHSM key store, use // the CustomKeyStoreId parameter. // -// Applications in Amazon Web Services Nitro Enclaves can call this operation -// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). -// For information about the supporting parameters, see How Amazon Web Services -// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// GenerateRandom also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call GenerateRandom +// for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. Instead of plaintext bytes, the response +// includes the plaintext bytes encrypted under the public key from the attestation +// document (CiphertextForRecipient).For information about the interaction between +// KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro +// Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) // in the Key Management Service Developer Guide. // // For more information about entropy and random number generation, see Key @@ -9620,6 +9651,9 @@ type CreateAliasInput struct { // Specifies the alias name. This value must begin with alias/ followed by a // name, such as alias/ExampleAlias. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // The AliasName value must be string of 1-256 characters. It can contain only // alphanumeric characters, forward slashes (/), underscores (_), and dashes // (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is @@ -9741,6 +9775,9 @@ type CreateCustomKeyStoreInput struct { // in your Amazon Web Services account and Region. This parameter is required // for all custom key stores. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // CustomKeyStoreName is a required field CustomKeyStoreName *string `min:"1" type:"string" required:"true"` @@ -10036,19 +10073,13 @@ type CreateGrantInput struct { // Specifies a grant constraint. // - // KMS supports the EncryptionContextEquals and EncryptionContextSubset grant - // constraints. Each constraint value can include up to 8 encryption context - // pairs. The encryption context value in each constraint cannot exceed 384 - // characters. For information about grant constraints, see Using grant constraints - // (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints) - // in the Key Management Service Developer Guide. For more information about - // encryption context, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the Key Management Service Developer Guide . + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. // - // The encryption context grant constraints allow the permissions in the grant - // only when the encryption context in the request matches (EncryptionContextEquals) - // or includes (EncryptionContextSubset) the encryption context specified in - // this structure. + // KMS supports the EncryptionContextEquals and EncryptionContextSubset grant + // constraints, which allow the permissions in the grant only when the encryption + // context in the request matches (EncryptionContextEquals) or includes (EncryptionContextSubset) + // the encryption context specified in the constraint. // // The encryption context grant constraints are supported only on grant operations // (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations) @@ -10060,8 +10091,15 @@ type CreateGrantInput struct { // permission have an equally strict or stricter encryption context constraint. // // You cannot use an encryption context grant constraint for cryptographic operations - // with asymmetric KMS keys or HMAC KMS keys. These keys don't support an encryption - // context. + // with asymmetric KMS keys or HMAC KMS keys. Operations with these keys don't + // support an encryption context. + // + // Each constraint value can include up to 8 encryption context pairs. The encryption + // context value in each constraint cannot exceed 384 characters. For information + // about grant constraints, see Using grant constraints (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints) + // in the Key Management Service Developer Guide. For more information about + // encryption context, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide . Constraints *GrantConstraints `type:"structure"` // A list of grant tokens. @@ -10104,6 +10142,9 @@ type CreateGrantInput struct { // A friendly name for the grant. Use this value to prevent the unintended creation // of duplicate grants when retrying this request. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // When this value is absent, all CreateGrant requests result in a new grant // with a unique GrantId even if all the supplied parameters are identical. // This can result in unintended duplicates when you retry the CreateGrant request. @@ -10323,10 +10364,12 @@ type CreateKeyInput struct { // Deprecated: This parameter has been deprecated. Instead, use the KeySpec parameter. CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` - // A description of the KMS key. + // A description of the KMS key. Use a description that helps you decide whether + // the KMS key is appropriate for a task. The default value is an empty string + // (no description). // - // Use a description that helps you decide whether the KMS key is appropriate - // for a task. The default value is an empty string (no description). + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. // // To set or change the description after the key is created, use UpdateKeyDescription. Description *string `type:"string"` @@ -10468,6 +10511,9 @@ type CreateKeyInput struct { // Assigns one or more tags to the KMS key. Use this parameter to tag the KMS // key when it is created. To tag an existing KMS key, use the TagResource operation. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. @@ -11288,6 +11334,27 @@ type DecryptInput struct { // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // To get the alias name and alias ARN, use ListAliases. KeyId *string `min:"1" type:"string"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning the plaintext data, KMS + // encrypts the plaintext data with the public key in the attestation document, + // and returns the resulting ciphertext in the CiphertextForRecipient field + // in the response. This ciphertext can be decrypted only with the private key + // in the enclave. The Plaintext field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } // String returns the string representation. @@ -11320,6 +11387,11 @@ func (s *DecryptInput) Validate() error { if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -11357,9 +11429,26 @@ func (s *DecryptInput) SetKeyId(v string) *DecryptInput { return s } +// SetRecipient sets the Recipient field's value. +func (s *DecryptInput) SetRecipient(v *RecipientInfo) *DecryptInput { + s.Recipient = v + return s +} + type DecryptOutput struct { _ struct{} `type:"structure"` + // The plaintext data encrypted with the public key in the attestation document. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The encryption algorithm that was used to decrypt the ciphertext. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` @@ -11370,6 +11459,9 @@ type DecryptOutput struct { // Decrypted plaintext data. When you use the HTTP API or the Amazon Web Services // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // + // If the response includes the CiphertextForRecipient field, the Plaintext + // field is null or empty. + // // Plaintext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by DecryptOutput's // String and GoString methods. @@ -11396,6 +11488,12 @@ func (s DecryptOutput) GoString() string { return s.String() } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *DecryptOutput) SetCiphertextForRecipient(v []byte) *DecryptOutput { + s.CiphertextForRecipient = v + return s +} + // SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. func (s *DecryptOutput) SetEncryptionAlgorithm(v string) *DecryptOutput { s.EncryptionAlgorithm = &v @@ -12461,6 +12559,9 @@ type EncryptInput struct { // with a symmetric encryption KMS key. The standard asymmetric encryption algorithms // and HMAC algorithms that KMS uses do not support an encryption context. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -12713,6 +12814,9 @@ type GenerateDataKeyInput struct { // Specifies the encryption context that will be used when encrypting the data // key. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -12773,6 +12877,29 @@ type GenerateDataKeyInput struct { // You must specify either the KeySpec or the NumberOfBytes parameter (but not // both) in every GenerateDataKey request. NumberOfBytes *int64 `min:"1" type:"integer"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning the plaintext data key, + // KMS encrypts the plaintext data key under the public key in the attestation + // document, and returns the resulting ciphertext in the CiphertextForRecipient + // field in the response. This ciphertext can be decrypted only with the private + // key in the enclave. The CiphertextBlob field in the response contains a copy + // of the data key encrypted under the KMS key specified by the KeyId parameter. + // The Plaintext field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } // String returns the string representation. @@ -12805,6 +12932,11 @@ func (s *GenerateDataKeyInput) Validate() error { if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -12842,6 +12974,12 @@ func (s *GenerateDataKeyInput) SetNumberOfBytes(v int64) *GenerateDataKeyInput { return s } +// SetRecipient sets the Recipient field's value. +func (s *GenerateDataKeyInput) SetRecipient(v *RecipientInfo) *GenerateDataKeyInput { + s.Recipient = v + return s +} + type GenerateDataKeyOutput struct { _ struct{} `type:"structure"` @@ -12850,6 +12988,19 @@ type GenerateDataKeyOutput struct { // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` + // The plaintext data key encrypted with the public key from the Nitro enclave. + // This ciphertext can be decrypted only by using a private key in the Nitro + // enclave. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) // of the KMS key that encrypted the data key. KeyId *string `min:"1" type:"string"` @@ -12859,6 +13010,9 @@ type GenerateDataKeyOutput struct { // this data key to encrypt your data outside of KMS. Then, remove it from memory // as soon as possible. // + // If the response includes the CiphertextForRecipient field, the Plaintext + // field is null or empty. + // // Plaintext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GenerateDataKeyOutput's // String and GoString methods. @@ -12891,6 +13045,12 @@ func (s *GenerateDataKeyOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyOutp return s } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *GenerateDataKeyOutput) SetCiphertextForRecipient(v []byte) *GenerateDataKeyOutput { + s.CiphertextForRecipient = v + return s +} + // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyOutput) SetKeyId(v string) *GenerateDataKeyOutput { s.KeyId = &v @@ -12909,6 +13069,9 @@ type GenerateDataKeyPairInput struct { // Specifies the encryption context that will be used when encrypting the private // key in the data key pair. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -12966,6 +13129,30 @@ type GenerateDataKeyPairInput struct { // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning a plaintext copy of the + // private data key, KMS encrypts the plaintext private data key under the public + // key in the attestation document, and returns the resulting ciphertext in + // the CiphertextForRecipient field in the response. This ciphertext can be + // decrypted only with the private key in the enclave. The CiphertextBlob field + // in the response contains a copy of the private data key encrypted under the + // KMS key specified by the KeyId parameter. The PrivateKeyPlaintext field in + // the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } // String returns the string representation. @@ -12998,6 +13185,11 @@ func (s *GenerateDataKeyPairInput) Validate() error { if s.KeyPairSpec == nil { invalidParams.Add(request.NewErrParamRequired("KeyPairSpec")) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -13029,9 +13221,28 @@ func (s *GenerateDataKeyPairInput) SetKeyPairSpec(v string) *GenerateDataKeyPair return s } +// SetRecipient sets the Recipient field's value. +func (s *GenerateDataKeyPairInput) SetRecipient(v *RecipientInfo) *GenerateDataKeyPairInput { + s.Recipient = v + return s +} + type GenerateDataKeyPairOutput struct { _ struct{} `type:"structure"` + // The plaintext private data key encrypted with the public key from the Nitro + // enclave. This ciphertext can be decrypted only by using a private key in + // the Nitro enclave. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) // of the KMS key that encrypted the private key. KeyId *string `min:"1" type:"string"` @@ -13047,6 +13258,9 @@ type GenerateDataKeyPairOutput struct { // The plaintext copy of the private key. When you use the HTTP API or the Amazon // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // + // If the response includes the CiphertextForRecipient field, the PrivateKeyPlaintext + // field is null or empty. + // // PrivateKeyPlaintext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GenerateDataKeyPairOutput's // String and GoString methods. @@ -13078,6 +13292,12 @@ func (s GenerateDataKeyPairOutput) GoString() string { return s.String() } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *GenerateDataKeyPairOutput) SetCiphertextForRecipient(v []byte) *GenerateDataKeyPairOutput { + s.CiphertextForRecipient = v + return s +} + // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyPairOutput) SetKeyId(v string) *GenerateDataKeyPairOutput { s.KeyId = &v @@ -13114,6 +13334,9 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // Specifies the encryption context that will be used when encrypting the private // key in the data key pair. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -13303,6 +13526,9 @@ type GenerateDataKeyWithoutPlaintextInput struct { // Specifies the encryption context that will be used when encrypting the data // key. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -13649,6 +13875,27 @@ type GenerateRandomInput struct { // The length of the random byte string. This parameter is required. NumberOfBytes *int64 `min:"1" type:"integer"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning plaintext bytes, KMS encrypts + // the plaintext bytes under the public key in the attestation document, and + // returns the resulting ciphertext in the CiphertextForRecipient field in the + // response. This ciphertext can be decrypted only with the private key in the + // enclave. The Plaintext field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } // String returns the string representation. @@ -13678,6 +13925,11 @@ func (s *GenerateRandomInput) Validate() error { if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -13697,12 +13949,34 @@ func (s *GenerateRandomInput) SetNumberOfBytes(v int64) *GenerateRandomInput { return s } +// SetRecipient sets the Recipient field's value. +func (s *GenerateRandomInput) SetRecipient(v *RecipientInfo) *GenerateRandomInput { + s.Recipient = v + return s +} + type GenerateRandomOutput struct { _ struct{} `type:"structure"` + // The plaintext random bytes encrypted with the public key from the Nitro enclave. + // This ciphertext can be decrypted only by using a private key in the Nitro + // enclave. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The random byte string. When you use the HTTP API or the Amazon Web Services // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // + // If the response includes the CiphertextForRecipient field, the Plaintext + // field is null or empty. + // // Plaintext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GenerateRandomOutput's // String and GoString methods. @@ -13729,6 +14003,12 @@ func (s GenerateRandomOutput) GoString() string { return s.String() } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *GenerateRandomOutput) SetCiphertextForRecipient(v []byte) *GenerateRandomOutput { + s.CiphertextForRecipient = v + return s +} + // SetPlaintext sets the Plaintext field's value. func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { s.Plaintext = v @@ -17376,6 +17656,9 @@ type ReEncryptInput struct { // Specifies that encryption context to use when the reencrypting the data. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // A destination encryption context is valid only when the destination KMS key // is a symmetric encryption KMS key. The standard ciphertext format for asymmetric // KMS keys does not include fields for metadata. @@ -17647,6 +17930,71 @@ func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput { return s } +// Contains information about the party that receives the response from the +// API operation. +// +// This data type is designed to support Amazon Web Services Nitro Enclaves, +// which lets you create an isolated compute environment in Amazon EC2. For +// information about the interaction between KMS and Amazon Web Services Nitro +// Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide. +type RecipientInfo struct { + _ struct{} `type:"structure"` + + // The attestation document for an Amazon Web Services Nitro Enclave. This document + // includes the enclave's public key. + // AttestationDocument is automatically base64 encoded/decoded by the SDK. + AttestationDocument []byte `min:"1" type:"blob"` + + // The encryption algorithm that KMS should use with the public key for an Amazon + // Web Services Nitro Enclave to encrypt plaintext values for the response. + // The only valid value is RSAES_OAEP_SHA_256. + KeyEncryptionAlgorithm *string `type:"string" enum:"KeyEncryptionMechanism"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecipientInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecipientInfo) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RecipientInfo) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RecipientInfo"} + if s.AttestationDocument != nil && len(s.AttestationDocument) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AttestationDocument", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAttestationDocument sets the AttestationDocument field's value. +func (s *RecipientInfo) SetAttestationDocument(v []byte) *RecipientInfo { + s.AttestationDocument = v + return s +} + +// SetKeyEncryptionAlgorithm sets the KeyEncryptionAlgorithm field's value. +func (s *RecipientInfo) SetKeyEncryptionAlgorithm(v string) *RecipientInfo { + s.KeyEncryptionAlgorithm = &v + return s +} + type ReplicateKeyInput struct { _ struct{} `type:"structure"` @@ -17666,6 +18014,9 @@ type ReplicateKeyInput struct { // A description of the KMS key. The default value is an empty string (no description). // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // The description is not a shared property of multi-Region keys. You can specify // the same description or a different description for each key in a set of // related multi-Region keys. KMS does not synchronize this property. @@ -17762,6 +18113,9 @@ type ReplicateKeyInput struct { // KMS key when it is created. To tag an existing KMS key, use the TagResource // operation. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. @@ -18517,6 +18871,9 @@ func (s *SignOutput) SetSigningAlgorithm(v string) *SignOutput { // A key-value pair. A tag consists of a tag key and a tag value. Tag keys and // tag values are both required, but tag values can be empty (null) strings. // +// Do not include confidential or sensitive information in this field. This +// field may be displayed in plaintext in CloudTrail logs and other output. +// // For information about the rules that apply to tag keys and tag values, see // User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) // in the Amazon Web Services Billing and Cost Management User Guide. @@ -18665,10 +19022,11 @@ type TagResourceInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // One or more tags. + // One or more tags. Each tag consists of a tag key and a tag value. The tag + // value can be an empty (null) string. // - // Each tag consists of a tag key and a tag value. The tag value can be an empty - // (null) string. + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. // // You cannot have more than one tag on a KMS key with the same tag key. If // you specify an existing tag key with a different tag value, KMS replaces @@ -18926,6 +19284,9 @@ type UpdateAliasInput struct { // with alias/ followed by the alias name, such as alias/ExampleAlias. You cannot // use UpdateAlias to change the alias name. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` @@ -19071,6 +19432,9 @@ type UpdateCustomKeyStoreInput struct { // Changes the friendly name of the custom key store to the value that you specify. // The custom key store name must be unique in the Amazon Web Services account. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // To change this value, an CloudHSM key store must be disconnected. An external // key store can be connected or disconnected. NewCustomKeyStoreName *string `min:"1" type:"string"` @@ -19286,6 +19650,9 @@ type UpdateKeyDescriptionInput struct { // New description for the KMS key. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // Description is a required field Description *string `type:"string" required:"true"` @@ -21298,6 +21665,18 @@ func GrantOperation_Values() []string { } } +const ( + // KeyEncryptionMechanismRsaesOaepSha256 is a KeyEncryptionMechanism enum value + KeyEncryptionMechanismRsaesOaepSha256 = "RSAES_OAEP_SHA_256" +) + +// KeyEncryptionMechanism_Values returns all elements of the KeyEncryptionMechanism enum +func KeyEncryptionMechanism_Values() []string { + return []string{ + KeyEncryptionMechanismRsaesOaepSha256, + } +} + const ( // KeyManagerTypeAws is a KeyManagerType enum value KeyManagerTypeAws = "AWS" diff --git a/vendor/modules.txt b/vendor/modules.txt index e131104f4..bb1aab0de 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -8,7 +8,7 @@ github.com/ansel1/merry # github.com/ansel1/merry/v2 v2.0.1 ## explicit; go 1.12 github.com/ansel1/merry/v2 -# github.com/aws/aws-sdk-go v1.44.249 +# github.com/aws/aws-sdk-go v1.44.254 ## explicit; go 1.11 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/awserr