Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ASG ¶ added in v0.92.0
type ASG interface {
// Attaches one or more EC2 instances to the specified Auto Scaling group. When
// you attach instances, Amazon EC2 Auto Scaling increases the desired capacity of
// the group by the number of instances being attached. If the number of instances
// being attached plus the desired capacity of the group exceeds the maximum size
// of the group, the operation fails. If there is a Classic Load Balancer attached
// to your Auto Scaling group, the instances are also registered with the load
// balancer. If there are target groups attached to your Auto Scaling group, the
// instances are also registered with the target groups. For more information, see
// Attach EC2 instances to your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-instance-asg.html)
// in the Amazon EC2 Auto Scaling User Guide.
AttachInstances(ctx context.Context, params *AttachInstancesInput, optFns ...func(*Options)) (*AttachInstancesOutput, error)
// This API operation is superseded by AttachTrafficSources , which can attach
// multiple traffic sources types. We recommend using AttachTrafficSources to
// simplify how you manage traffic sources. However, we continue to support
// AttachLoadBalancerTargetGroups . You can use both the original
// AttachLoadBalancerTargetGroups API operation and AttachTrafficSources on the
// same Auto Scaling group. Attaches one or more target groups to the specified
// Auto Scaling group. This operation is used with the following load balancer
// types:
// - Application Load Balancer - Operates at the application layer (layer 7) and
// supports HTTP and HTTPS.
// - Network Load Balancer - Operates at the transport layer (layer 4) and
// supports TCP, TLS, and UDP.
// - Gateway Load Balancer - Operates at the network layer (layer 3).
//
// To describe the target groups for an Auto Scaling group, call the
// DescribeLoadBalancerTargetGroups API. To detach the target group from the Auto
// Scaling group, call the DetachLoadBalancerTargetGroups API. This operation is
// additive and does not detach existing target groups or Classic Load Balancers
// from the Auto Scaling group. For more information, see Use Elastic Load
// Balancing to distribute traffic across the instances in your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html)
// in the Amazon EC2 Auto Scaling User Guide.
AttachLoadBalancerTargetGroups(ctx context.Context, params *AttachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*AttachLoadBalancerTargetGroupsOutput, error)
// This API operation is superseded by AttachTrafficSources , which can attach
// multiple traffic sources types. We recommend using AttachTrafficSources to
// simplify how you manage traffic sources. However, we continue to support
// AttachLoadBalancers . You can use both the original AttachLoadBalancers API
// operation and AttachTrafficSources on the same Auto Scaling group. Attaches one
// or more Classic Load Balancers to the specified Auto Scaling group. Amazon EC2
// Auto Scaling registers the running instances with these Classic Load Balancers.
// To describe the load balancers for an Auto Scaling group, call the
// DescribeLoadBalancers API. To detach a load balancer from the Auto Scaling
// group, call the DetachLoadBalancers API. This operation is additive and does
// not detach existing Classic Load Balancers or target groups from the Auto
// Scaling group. For more information, see Use Elastic Load Balancing to
// distribute traffic across the instances in your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html)
// in the Amazon EC2 Auto Scaling User Guide.
AttachLoadBalancers(ctx context.Context, params *AttachLoadBalancersInput, optFns ...func(*Options)) (*AttachLoadBalancersOutput, error)
// Attaches one or more traffic sources to the specified Auto Scaling group. You
// can use any of the following as traffic sources for an Auto Scaling group:
// - Application Load Balancer
// - Classic Load Balancer
// - Gateway Load Balancer
// - Network Load Balancer
// - VPC Lattice
//
// This operation is additive and does not detach existing traffic sources from
// the Auto Scaling group. After the operation completes, use the
// DescribeTrafficSources API to return details about the state of the attachments
// between traffic sources and your Auto Scaling group. To detach a traffic source
// from the Auto Scaling group, call the DetachTrafficSources API.
AttachTrafficSources(ctx context.Context, params *AttachTrafficSourcesInput, optFns ...func(*Options)) (*AttachTrafficSourcesOutput, error)
// Deletes one or more scheduled actions for the specified Auto Scaling group.
BatchDeleteScheduledAction(ctx context.Context, params *BatchDeleteScheduledActionInput, optFns ...func(*Options)) (*BatchDeleteScheduledActionOutput, error)
// Creates or updates one or more scheduled scaling actions for an Auto Scaling
// group.
BatchPutScheduledUpdateGroupAction(ctx context.Context, params *BatchPutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*BatchPutScheduledUpdateGroupActionOutput, error)
// Cancels an instance refresh or rollback that is in progress. If an instance
// refresh or rollback is not in progress, an ActiveInstanceRefreshNotFound error
// occurs. This operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)
// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto
// Scaling group after you make configuration changes. When you cancel an instance
// refresh, this does not roll back any changes that it made. Use the
// RollbackInstanceRefresh API to roll back instead.
CancelInstanceRefresh(ctx context.Context, params *CancelInstanceRefreshInput, optFns ...func(*Options)) (*CancelInstanceRefreshOutput, error)
// Completes the lifecycle action for the specified token or instance with the
// specified result. This step is a part of the procedure for adding a lifecycle
// hook to an Auto Scaling group:
// - (Optional) Create a launch template or launch configuration with a user
// data script that runs while an instance is in a wait state due to a lifecycle
// hook.
// - (Optional) Create a Lambda function and a rule that allows Amazon
// EventBridge to invoke your Lambda function when an instance is put into a wait
// state due to a lifecycle hook.
// - (Optional) Create a notification target and an IAM role. The target can be
// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
// Auto Scaling to publish lifecycle notifications to the target.
// - Create the lifecycle hook. Specify whether the hook is used when the
// instances launch or terminate.
// - If you need more time, record the lifecycle action heartbeat to keep the
// instance in a wait state.
// - If you finish before the timeout period ends, send a callback by using the
// CompleteLifecycleAction API call.
//
// For more information, see Amazon EC2 Auto Scaling lifecycle hooks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html)
// in the Amazon EC2 Auto Scaling User Guide.
CompleteLifecycleAction(ctx context.Context, params *CompleteLifecycleActionInput, optFns ...func(*Options)) (*CompleteLifecycleActionOutput, error)
// We strongly recommend using a launch template when calling this operation to
// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2. Creates an
// Auto Scaling group with the specified name and attributes. If you exceed your
// maximum limit of Auto Scaling groups, the call fails. To query this limit, call
// the DescribeAccountLimits API. For information about updating this limit, see
// Quotas for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html)
// in the Amazon EC2 Auto Scaling User Guide. For introductory exercises for
// creating an Auto Scaling group, see Getting started with Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/GettingStartedTutorial.html)
// and Tutorial: Set up a scaled and load-balanced application (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-register-lbs-with-asg.html)
// in the Amazon EC2 Auto Scaling User Guide. For more information, see Auto
// Scaling groups (https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html)
// in the Amazon EC2 Auto Scaling User Guide. Every Auto Scaling group has three
// size properties ( DesiredCapacity , MaxSize , and MinSize ). Usually, you set
// these sizes based on a specific number of instances. However, if you configure a
// mixed instances policy that defines weights for the instance types, you must
// specify these sizes with the same units that you use for weighting instances.
CreateAutoScalingGroup(ctx context.Context, params *CreateAutoScalingGroupInput, optFns ...func(*Options)) (*CreateAutoScalingGroupOutput, error)
// Creates a launch configuration. If you exceed your maximum limit of launch
// configurations, the call fails. To query this limit, call the
// DescribeAccountLimits API. For information about updating this limit, see
// Quotas for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html)
// in the Amazon EC2 Auto Scaling User Guide. For more information, see Launch
// configurations (https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html)
// in the Amazon EC2 Auto Scaling User Guide. Amazon EC2 Auto Scaling configures
// instances launched as part of an Auto Scaling group using either a launch
// template or a launch configuration. We strongly recommend that you do not use
// launch configurations. They do not provide full functionality for Amazon EC2
// Auto Scaling or Amazon EC2. For information about using launch templates, see
// Launch templates (https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-templates.html)
// in the Amazon EC2 Auto Scaling User Guide.
CreateLaunchConfiguration(ctx context.Context, params *CreateLaunchConfigurationInput, optFns ...func(*Options)) (*CreateLaunchConfigurationOutput, error)
// Creates or updates tags for the specified Auto Scaling group. When you specify
// a tag with a key that already exists, the operation overwrites the previous tag
// definition, and you do not get an error message. For more information, see Tag
// Auto Scaling groups and instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html)
// in the Amazon EC2 Auto Scaling User Guide.
CreateOrUpdateTags(ctx context.Context, params *CreateOrUpdateTagsInput, optFns ...func(*Options)) (*CreateOrUpdateTagsOutput, error)
// Deletes the specified Auto Scaling group. If the group has instances or scaling
// activities in progress, you must specify the option to force the deletion in
// order for it to succeed. The force delete operation will also terminate the EC2
// instances. If the group has a warm pool, the force delete option also deletes
// the warm pool. To remove instances from the Auto Scaling group before deleting
// it, call the DetachInstances API with the list of instances and the option to
// decrement the desired capacity. This ensures that Amazon EC2 Auto Scaling does
// not launch replacement instances. To terminate all instances before deleting the
// Auto Scaling group, call the UpdateAutoScalingGroup API and set the minimum
// size and desired capacity of the Auto Scaling group to zero. If the group has
// scaling policies, deleting the group deletes the policies, the underlying alarm
// actions, and any alarm that no longer has an associated action. For more
// information, see Delete your Auto Scaling infrastructure (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-process-shutdown.html)
// in the Amazon EC2 Auto Scaling User Guide.
DeleteAutoScalingGroup(ctx context.Context, params *DeleteAutoScalingGroupInput, optFns ...func(*Options)) (*DeleteAutoScalingGroupOutput, error)
// Deletes the specified launch configuration. The launch configuration must not
// be attached to an Auto Scaling group. When this call completes, the launch
// configuration is no longer available for use.
DeleteLaunchConfiguration(ctx context.Context, params *DeleteLaunchConfigurationInput, optFns ...func(*Options)) (*DeleteLaunchConfigurationOutput, error)
// Deletes the specified lifecycle hook. If there are any outstanding lifecycle
// actions, they are completed first ( ABANDON for launching instances, CONTINUE
// for terminating instances).
DeleteLifecycleHook(ctx context.Context, params *DeleteLifecycleHookInput, optFns ...func(*Options)) (*DeleteLifecycleHookOutput, error)
// Deletes the specified notification.
DeleteNotificationConfiguration(ctx context.Context, params *DeleteNotificationConfigurationInput, optFns ...func(*Options)) (*DeleteNotificationConfigurationOutput, error)
// Deletes the specified scaling policy. Deleting either a step scaling policy or
// a simple scaling policy deletes the underlying alarm action, but does not delete
// the alarm, even if it no longer has an associated action. For more information,
// see Deleting a scaling policy (https://docs.aws.amazon.com/autoscaling/ec2/userguide/deleting-scaling-policy.html)
// in the Amazon EC2 Auto Scaling User Guide.
DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error)
// Deletes the specified scheduled action.
DeleteScheduledAction(ctx context.Context, params *DeleteScheduledActionInput, optFns ...func(*Options)) (*DeleteScheduledActionOutput, error)
// Deletes the specified tags.
DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error)
// Deletes the warm pool for the specified Auto Scaling group. For more
// information, see Warm pools for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)
// in the Amazon EC2 Auto Scaling User Guide.
DeleteWarmPool(ctx context.Context, params *DeleteWarmPoolInput, optFns ...func(*Options)) (*DeleteWarmPoolOutput, error)
// Describes the current Amazon EC2 Auto Scaling resource quotas for your account.
// When you establish an Amazon Web Services account, the account has initial
// quotas on the maximum number of Auto Scaling groups and launch configurations
// that you can create in a given Region. For more information, see Quotas for
// Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html)
// in the Amazon EC2 Auto Scaling User Guide.
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Describes the available adjustment types for step scaling and simple scaling
// policies. The following adjustment types are supported:
// - ChangeInCapacity
// - ExactCapacity
// - PercentChangeInCapacity
DescribeAdjustmentTypes(ctx context.Context, params *DescribeAdjustmentTypesInput, optFns ...func(*Options)) (*DescribeAdjustmentTypesOutput, error)
// Gets information about the Auto Scaling groups in the account and Region. If
// you specify Auto Scaling group names, the output includes information for only
// the specified Auto Scaling groups. If you specify filters, the output includes
// information for only those Auto Scaling groups that meet the filter criteria. If
// you do not specify group names or filters, the output includes information for
// all Auto Scaling groups. This operation also returns information about instances
// in Auto Scaling groups. To retrieve information about the instances in a warm
// pool, you must call the DescribeWarmPool API.
DescribeAutoScalingGroups(ctx context.Context, params *DescribeAutoScalingGroupsInput, optFns ...func(*Options)) (*DescribeAutoScalingGroupsOutput, error)
// Gets information about the Auto Scaling instances in the account and Region.
DescribeAutoScalingInstances(ctx context.Context, params *DescribeAutoScalingInstancesInput, optFns ...func(*Options)) (*DescribeAutoScalingInstancesOutput, error)
// Describes the notification types that are supported by Amazon EC2 Auto Scaling.
DescribeAutoScalingNotificationTypes(ctx context.Context, params *DescribeAutoScalingNotificationTypesInput, optFns ...func(*Options)) (*DescribeAutoScalingNotificationTypesOutput, error)
// Gets information about the instance refreshes for the specified Auto Scaling
// group. This operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)
// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto
// Scaling group after you make configuration changes. To help you determine the
// status of an instance refresh, Amazon EC2 Auto Scaling returns information about
// the instance refreshes you previously initiated, including their status, start
// time, end time, the percentage of the instance refresh that is complete, and the
// number of instances remaining to update before the instance refresh is complete.
// If a rollback is initiated while an instance refresh is in progress, Amazon EC2
// Auto Scaling also returns information about the rollback of the instance
// refresh.
DescribeInstanceRefreshes(ctx context.Context, params *DescribeInstanceRefreshesInput, optFns ...func(*Options)) (*DescribeInstanceRefreshesOutput, error)
// Gets information about the launch configurations in the account and Region.
DescribeLaunchConfigurations(ctx context.Context, params *DescribeLaunchConfigurationsInput, optFns ...func(*Options)) (*DescribeLaunchConfigurationsOutput, error)
// Describes the available types of lifecycle hooks. The following hook types are
// supported:
// - autoscaling:EC2_INSTANCE_LAUNCHING
// - autoscaling:EC2_INSTANCE_TERMINATING
DescribeLifecycleHookTypes(ctx context.Context, params *DescribeLifecycleHookTypesInput, optFns ...func(*Options)) (*DescribeLifecycleHookTypesOutput, error)
// Gets information about the lifecycle hooks for the specified Auto Scaling group.
DescribeLifecycleHooks(ctx context.Context, params *DescribeLifecycleHooksInput, optFns ...func(*Options)) (*DescribeLifecycleHooksOutput, error)
// This API operation is superseded by DescribeTrafficSources , which can describe
// multiple traffic sources types. We recommend using DetachTrafficSources to
// simplify how you manage traffic sources. However, we continue to support
// DescribeLoadBalancerTargetGroups . You can use both the original
// DescribeLoadBalancerTargetGroups API operation and DescribeTrafficSources on
// the same Auto Scaling group. Gets information about the Elastic Load Balancing
// target groups for the specified Auto Scaling group. To determine the attachment
// status of the target group, use the State element in the response. When you
// attach a target group to an Auto Scaling group, the initial State value is
// Adding . The state transitions to Added after all Auto Scaling instances are
// registered with the target group. If Elastic Load Balancing health checks are
// enabled for the Auto Scaling group, the state transitions to InService after at
// least one Auto Scaling instance passes the health check. When the target group
// is in the InService state, Amazon EC2 Auto Scaling can terminate and replace
// any instances that are reported as unhealthy. If no registered instances pass
// the health checks, the target group doesn't enter the InService state. Target
// groups also have an InService state if you attach them in the
// CreateAutoScalingGroup API call. If your target group state is InService , but
// it is not working properly, check the scaling activities by calling
// DescribeScalingActivities and take any corrective actions necessary. For help
// with failed health checks, see Troubleshooting Amazon EC2 Auto Scaling: Health
// checks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html)
// in the Amazon EC2 Auto Scaling User Guide. For more information, see Use
// Elastic Load Balancing to distribute traffic across the instances in your Auto
// Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html)
// in the Amazon EC2 Auto Scaling User Guide. You can use this operation to
// describe target groups that were attached by using
// AttachLoadBalancerTargetGroups , but not for target groups that were attached by
// using AttachTrafficSources .
DescribeLoadBalancerTargetGroups(ctx context.Context, params *DescribeLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DescribeLoadBalancerTargetGroupsOutput, error)
// This API operation is superseded by DescribeTrafficSources , which can describe
// multiple traffic sources types. We recommend using DescribeTrafficSources to
// simplify how you manage traffic sources. However, we continue to support
// DescribeLoadBalancers . You can use both the original DescribeLoadBalancers API
// operation and DescribeTrafficSources on the same Auto Scaling group. Gets
// information about the load balancers for the specified Auto Scaling group. This
// operation describes only Classic Load Balancers. If you have Application Load
// Balancers, Network Load Balancers, or Gateway Load Balancers, use the
// DescribeLoadBalancerTargetGroups API instead. To determine the attachment status
// of the load balancer, use the State element in the response. When you attach a
// load balancer to an Auto Scaling group, the initial State value is Adding . The
// state transitions to Added after all Auto Scaling instances are registered with
// the load balancer. If Elastic Load Balancing health checks are enabled for the
// Auto Scaling group, the state transitions to InService after at least one Auto
// Scaling instance passes the health check. When the load balancer is in the
// InService state, Amazon EC2 Auto Scaling can terminate and replace any instances
// that are reported as unhealthy. If no registered instances pass the health
// checks, the load balancer doesn't enter the InService state. Load balancers
// also have an InService state if you attach them in the CreateAutoScalingGroup
// API call. If your load balancer state is InService , but it is not working
// properly, check the scaling activities by calling DescribeScalingActivities and
// take any corrective actions necessary. For help with failed health checks, see
// Troubleshooting Amazon EC2 Auto Scaling: Health checks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html)
// in the Amazon EC2 Auto Scaling User Guide. For more information, see Use
// Elastic Load Balancing to distribute traffic across the instances in your Auto
// Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html)
// in the Amazon EC2 Auto Scaling User Guide.
DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
// Describes the available CloudWatch metrics for Amazon EC2 Auto Scaling.
DescribeMetricCollectionTypes(ctx context.Context, params *DescribeMetricCollectionTypesInput, optFns ...func(*Options)) (*DescribeMetricCollectionTypesOutput, error)
// Gets information about the Amazon SNS notifications that are configured for one
// or more Auto Scaling groups.
DescribeNotificationConfigurations(ctx context.Context, params *DescribeNotificationConfigurationsInput, optFns ...func(*Options)) (*DescribeNotificationConfigurationsOutput, error)
// Gets information about the scaling policies in the account and Region.
DescribePolicies(ctx context.Context, params *DescribePoliciesInput, optFns ...func(*Options)) (*DescribePoliciesOutput, error)
// Gets information about the scaling activities in the account and Region. When
// scaling events occur, you see a record of the scaling activity in the scaling
// activities. For more information, see Verifying a scaling activity for an Auto
// Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html)
// in the Amazon EC2 Auto Scaling User Guide. If the scaling event succeeds, the
// value of the StatusCode element in the response is Successful . If an attempt to
// launch instances failed, the StatusCode value is Failed or Cancelled and the
// StatusMessage element in the response indicates the cause of the failure. For
// help interpreting the StatusMessage , see Troubleshooting Amazon EC2 Auto
// Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/CHAP_Troubleshooting.html)
// in the Amazon EC2 Auto Scaling User Guide.
DescribeScalingActivities(ctx context.Context, params *DescribeScalingActivitiesInput, optFns ...func(*Options)) (*DescribeScalingActivitiesOutput, error)
// Describes the scaling process types for use with the ResumeProcesses and
// SuspendProcesses APIs.
DescribeScalingProcessTypes(ctx context.Context, params *DescribeScalingProcessTypesInput, optFns ...func(*Options)) (*DescribeScalingProcessTypesOutput, error)
// Gets information about the scheduled actions that haven't run or that have not
// reached their end time. To describe the scaling activities for scheduled actions
// that have already run, call the DescribeScalingActivities API.
DescribeScheduledActions(ctx context.Context, params *DescribeScheduledActionsInput, optFns ...func(*Options)) (*DescribeScheduledActionsOutput, error)
// Describes the specified tags. You can use filters to limit the results. For
// example, you can query for the tags for a specific Auto Scaling group. You can
// specify multiple values for a filter. A tag must match at least one of the
// specified values for it to be included in the results. You can also specify
// multiple filters. The result includes information for a particular tag only if
// it matches all the filters. If there's no match, no special message is returned.
// For more information, see Tag Auto Scaling groups and instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html)
// in the Amazon EC2 Auto Scaling User Guide.
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Describes the termination policies supported by Amazon EC2 Auto Scaling. For
// more information, see Work with Amazon EC2 Auto Scaling termination policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html)
// in the Amazon EC2 Auto Scaling User Guide.
DescribeTerminationPolicyTypes(ctx context.Context, params *DescribeTerminationPolicyTypesInput, optFns ...func(*Options)) (*DescribeTerminationPolicyTypesOutput, error)
// Gets information about the traffic sources for the specified Auto Scaling
// group. You can optionally provide a traffic source type. If you provide a
// traffic source type, then the results only include that traffic source type. If
// you do not provide a traffic source type, then the results include all the
// traffic sources for the specified Auto Scaling group.
DescribeTrafficSources(ctx context.Context, params *DescribeTrafficSourcesInput, optFns ...func(*Options)) (*DescribeTrafficSourcesOutput, error)
// Gets information about a warm pool and its instances. For more information, see
// Warm pools for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)
// in the Amazon EC2 Auto Scaling User Guide.
DescribeWarmPool(ctx context.Context, params *DescribeWarmPoolInput, optFns ...func(*Options)) (*DescribeWarmPoolOutput, error)
// Removes one or more instances from the specified Auto Scaling group. After the
// instances are detached, you can manage them independent of the Auto Scaling
// group. If you do not specify the option to decrement the desired capacity,
// Amazon EC2 Auto Scaling launches instances to replace the ones that are
// detached. If there is a Classic Load Balancer attached to the Auto Scaling
// group, the instances are deregistered from the load balancer. If there are
// target groups attached to the Auto Scaling group, the instances are deregistered
// from the target groups. For more information, see Detach EC2 instances from
// your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/detach-instance-asg.html)
// in the Amazon EC2 Auto Scaling User Guide.
DetachInstances(ctx context.Context, params *DetachInstancesInput, optFns ...func(*Options)) (*DetachInstancesOutput, error)
// This API operation is superseded by DetachTrafficSources , which can detach
// multiple traffic sources types. We recommend using DetachTrafficSources to
// simplify how you manage traffic sources. However, we continue to support
// DetachLoadBalancerTargetGroups . You can use both the original
// DetachLoadBalancerTargetGroups API operation and DetachTrafficSources on the
// same Auto Scaling group. Detaches one or more target groups from the specified
// Auto Scaling group. When you detach a target group, it enters the Removing
// state while deregistering the instances in the group. When all instances are
// deregistered, then you can no longer describe the target group using the
// DescribeLoadBalancerTargetGroups API call. The instances remain running. You can
// use this operation to detach target groups that were attached by using
// AttachLoadBalancerTargetGroups , but not for target groups that were attached by
// using AttachTrafficSources .
DetachLoadBalancerTargetGroups(ctx context.Context, params *DetachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DetachLoadBalancerTargetGroupsOutput, error)
// This API operation is superseded by DetachTrafficSources , which can detach
// multiple traffic sources types. We recommend using DetachTrafficSources to
// simplify how you manage traffic sources. However, we continue to support
// DetachLoadBalancers . You can use both the original DetachLoadBalancers API
// operation and DetachTrafficSources on the same Auto Scaling group. Detaches one
// or more Classic Load Balancers from the specified Auto Scaling group. This
// operation detaches only Classic Load Balancers. If you have Application Load
// Balancers, Network Load Balancers, or Gateway Load Balancers, use the
// DetachLoadBalancerTargetGroups API instead. When you detach a load balancer, it
// enters the Removing state while deregistering the instances in the group. When
// all instances are deregistered, then you can no longer describe the load
// balancer using the DescribeLoadBalancers API call. The instances remain running.
DetachLoadBalancers(ctx context.Context, params *DetachLoadBalancersInput, optFns ...func(*Options)) (*DetachLoadBalancersOutput, error)
// Detaches one or more traffic sources from the specified Auto Scaling group.
// When you detach a taffic, it enters the Removing state while deregistering the
// instances in the group. When all instances are deregistered, then you can no
// longer describe the traffic source using the DescribeTrafficSources API call.
// The instances continue to run.
DetachTrafficSources(ctx context.Context, params *DetachTrafficSourcesInput, optFns ...func(*Options)) (*DetachTrafficSourcesOutput, error)
// Disables group metrics collection for the specified Auto Scaling group.
DisableMetricsCollection(ctx context.Context, params *DisableMetricsCollectionInput, optFns ...func(*Options)) (*DisableMetricsCollectionOutput, error)
// Enables group metrics collection for the specified Auto Scaling group. You can
// use these metrics to track changes in an Auto Scaling group and to set alarms on
// threshold values. You can view group metrics using the Amazon EC2 Auto Scaling
// console or the CloudWatch console. For more information, see Monitor CloudWatch
// metrics for your Auto Scaling groups and instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-cloudwatch-monitoring.html)
// in the Amazon EC2 Auto Scaling User Guide.
EnableMetricsCollection(ctx context.Context, params *EnableMetricsCollectionInput, optFns ...func(*Options)) (*EnableMetricsCollectionOutput, error)
// Moves the specified instances into the standby state. If you choose to
// decrement the desired capacity of the Auto Scaling group, the instances can
// enter standby as long as the desired capacity of the Auto Scaling group after
// the instances are placed into standby is equal to or greater than the minimum
// capacity of the group. If you choose not to decrement the desired capacity of
// the Auto Scaling group, the Auto Scaling group launches new instances to replace
// the instances on standby. For more information, see Temporarily removing
// instances from your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html)
// in the Amazon EC2 Auto Scaling User Guide.
EnterStandby(ctx context.Context, params *EnterStandbyInput, optFns ...func(*Options)) (*EnterStandbyOutput, error)
// Executes the specified policy. This can be useful for testing the design of
// your scaling policy.
ExecutePolicy(ctx context.Context, params *ExecutePolicyInput, optFns ...func(*Options)) (*ExecutePolicyOutput, error)
// Moves the specified instances out of the standby state. After you put the
// instances back in service, the desired capacity is incremented. For more
// information, see Temporarily removing instances from your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html)
// in the Amazon EC2 Auto Scaling User Guide.
ExitStandby(ctx context.Context, params *ExitStandbyInput, optFns ...func(*Options)) (*ExitStandbyOutput, error)
// Retrieves the forecast data for a predictive scaling policy. Load forecasts are
// predictions of the hourly load values using historical load data from CloudWatch
// and an analysis of historical trends. Capacity forecasts are represented as
// predicted values for the minimum capacity that is needed on an hourly basis,
// based on the hourly load forecast. A minimum of 24 hours of data is required to
// create the initial forecasts. However, having a full 14 days of historical data
// results in more accurate forecasts. For more information, see Predictive
// scaling for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html)
// in the Amazon EC2 Auto Scaling User Guide.
GetPredictiveScalingForecast(ctx context.Context, params *GetPredictiveScalingForecastInput, optFns ...func(*Options)) (*GetPredictiveScalingForecastOutput, error)
// Creates or updates a lifecycle hook for the specified Auto Scaling group.
// Lifecycle hooks let you create solutions that are aware of events in the Auto
// Scaling instance lifecycle, and then perform a custom action on instances when
// the corresponding lifecycle event occurs. This step is a part of the procedure
// for adding a lifecycle hook to an Auto Scaling group:
// - (Optional) Create a launch template or launch configuration with a user
// data script that runs while an instance is in a wait state due to a lifecycle
// hook.
// - (Optional) Create a Lambda function and a rule that allows Amazon
// EventBridge to invoke your Lambda function when an instance is put into a wait
// state due to a lifecycle hook.
// - (Optional) Create a notification target and an IAM role. The target can be
// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
// Auto Scaling to publish lifecycle notifications to the target.
// - Create the lifecycle hook. Specify whether the hook is used when the
// instances launch or terminate.
// - If you need more time, record the lifecycle action heartbeat to keep the
// instance in a wait state using the RecordLifecycleActionHeartbeat API call.
// - If you finish before the timeout period ends, send a callback by using the
// CompleteLifecycleAction API call.
//
// For more information, see Amazon EC2 Auto Scaling lifecycle hooks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html)
// in the Amazon EC2 Auto Scaling User Guide. If you exceed your maximum limit of
// lifecycle hooks, which by default is 50 per Auto Scaling group, the call fails.
// You can view the lifecycle hooks for an Auto Scaling group using the
// DescribeLifecycleHooks API call. If you are no longer using a lifecycle hook,
// you can delete it by calling the DeleteLifecycleHook API.
PutLifecycleHook(ctx context.Context, params *PutLifecycleHookInput, optFns ...func(*Options)) (*PutLifecycleHookOutput, error)
// Configures an Auto Scaling group to send notifications when specified events
// take place. Subscribers to the specified topic can have messages delivered to an
// endpoint such as a web server or an email address. This configuration overwrites
// any existing configuration. For more information, see Getting Amazon SNS
// notifications when your Auto Scaling group scales (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ASGettingNotifications.html)
// in the Amazon EC2 Auto Scaling User Guide. If you exceed your maximum limit of
// SNS topics, which is 10 per Auto Scaling group, the call fails.
PutNotificationConfiguration(ctx context.Context, params *PutNotificationConfigurationInput, optFns ...func(*Options)) (*PutNotificationConfigurationOutput, error)
// Creates or updates a scaling policy for an Auto Scaling group. Scaling policies
// are used to scale an Auto Scaling group based on configurable metrics. If no
// policies are defined, the dynamic scaling and predictive scaling features are
// not used. For more information about using dynamic scaling, see Target tracking
// scaling policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html)
// and Step and simple scaling policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html)
// in the Amazon EC2 Auto Scaling User Guide. For more information about using
// predictive scaling, see Predictive scaling for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html)
// in the Amazon EC2 Auto Scaling User Guide. You can view the scaling policies for
// an Auto Scaling group using the DescribePolicies API call. If you are no longer
// using a scaling policy, you can delete it by calling the DeletePolicy API.
PutScalingPolicy(ctx context.Context, params *PutScalingPolicyInput, optFns ...func(*Options)) (*PutScalingPolicyOutput, error)
// Creates or updates a scheduled scaling action for an Auto Scaling group. For
// more information, see Scheduled scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html)
// in the Amazon EC2 Auto Scaling User Guide. You can view the scheduled actions
// for an Auto Scaling group using the DescribeScheduledActions API call. If you
// are no longer using a scheduled action, you can delete it by calling the
// DeleteScheduledAction API. If you try to schedule your action in the past,
// Amazon EC2 Auto Scaling returns an error message.
PutScheduledUpdateGroupAction(ctx context.Context, params *PutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*PutScheduledUpdateGroupActionOutput, error)
// Creates or updates a warm pool for the specified Auto Scaling group. A warm
// pool is a pool of pre-initialized EC2 instances that sits alongside the Auto
// Scaling group. Whenever your application needs to scale out, the Auto Scaling
// group can draw on the warm pool to meet its new desired capacity. For more
// information and example configurations, see Warm pools for Amazon EC2 Auto
// Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)
// in the Amazon EC2 Auto Scaling User Guide. This operation must be called from
// the Region in which the Auto Scaling group was created. This operation cannot be
// called on an Auto Scaling group that has a mixed instances policy or a launch
// template or launch configuration that requests Spot Instances. You can view the
// instances in the warm pool using the DescribeWarmPool API call. If you are no
// longer using a warm pool, you can delete it by calling the DeleteWarmPool API.
PutWarmPool(ctx context.Context, params *PutWarmPoolInput, optFns ...func(*Options)) (*PutWarmPoolOutput, error)
// Records a heartbeat for the lifecycle action associated with the specified
// token or instance. This extends the timeout by the length of time defined using
// the PutLifecycleHook API call. This step is a part of the procedure for adding
// a lifecycle hook to an Auto Scaling group:
// - (Optional) Create a launch template or launch configuration with a user
// data script that runs while an instance is in a wait state due to a lifecycle
// hook.
// - (Optional) Create a Lambda function and a rule that allows Amazon
// EventBridge to invoke your Lambda function when an instance is put into a wait
// state due to a lifecycle hook.
// - (Optional) Create a notification target and an IAM role. The target can be
// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
// Auto Scaling to publish lifecycle notifications to the target.
// - Create the lifecycle hook. Specify whether the hook is used when the
// instances launch or terminate.
// - If you need more time, record the lifecycle action heartbeat to keep the
// instance in a wait state.
// - If you finish before the timeout period ends, send a callback by using the
// CompleteLifecycleAction API call.
//
// For more information, see Amazon EC2 Auto Scaling lifecycle hooks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html)
// in the Amazon EC2 Auto Scaling User Guide.
RecordLifecycleActionHeartbeat(ctx context.Context, params *RecordLifecycleActionHeartbeatInput, optFns ...func(*Options)) (*RecordLifecycleActionHeartbeatOutput, error)
// Resumes the specified suspended auto scaling processes, or all suspended
// process, for the specified Auto Scaling group. For more information, see
// Suspending and resuming scaling processes (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html)
// in the Amazon EC2 Auto Scaling User Guide.
ResumeProcesses(ctx context.Context, params *ResumeProcessesInput, optFns ...func(*Options)) (*ResumeProcessesOutput, error)
// Cancels an instance refresh that is in progress and rolls back any changes that
// it made. Amazon EC2 Auto Scaling replaces any instances that were replaced
// during the instance refresh. This restores your Auto Scaling group to the
// configuration that it was using before the start of the instance refresh. This
// operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)
// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto
// Scaling group after you make configuration changes. A rollback is not supported
// in the following situations:
// - There is no desired configuration specified for the instance refresh.
// - The Auto Scaling group has a launch template that uses an Amazon Web
// Services Systems Manager parameter instead of an AMI ID for the ImageId
// property.
// - The Auto Scaling group uses the launch template's $Latest or $Default
// version.
//
// When you receive a successful response from this operation, Amazon EC2 Auto
// Scaling immediately begins replacing instances. You can check the status of this
// operation through the DescribeInstanceRefreshes API operation.
RollbackInstanceRefresh(ctx context.Context, params *RollbackInstanceRefreshInput, optFns ...func(*Options)) (*RollbackInstanceRefreshOutput, error)
// Sets the size of the specified Auto Scaling group. If a scale-in activity
// occurs as a result of a new DesiredCapacity value that is lower than the
// current size of the group, the Auto Scaling group uses its termination policy to
// determine which instances to terminate. For more information, see Manual scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-manual-scaling.html)
// in the Amazon EC2 Auto Scaling User Guide.
SetDesiredCapacity(ctx context.Context, params *SetDesiredCapacityInput, optFns ...func(*Options)) (*SetDesiredCapacityOutput, error)
// Sets the health status of the specified instance. For more information, see
// Health checks for Auto Scaling instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html)
// in the Amazon EC2 Auto Scaling User Guide.
SetInstanceHealth(ctx context.Context, params *SetInstanceHealthInput, optFns ...func(*Options)) (*SetInstanceHealthOutput, error)
// Updates the instance protection settings of the specified instances. This
// operation cannot be called on instances in a warm pool. For more information
// about preventing instances that are part of an Auto Scaling group from
// terminating on scale in, see Using instance scale-in protection (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html)
// in the Amazon EC2 Auto Scaling User Guide. If you exceed your maximum limit of
// instance IDs, which is 50 per Auto Scaling group, the call fails.
SetInstanceProtection(ctx context.Context, params *SetInstanceProtectionInput, optFns ...func(*Options)) (*SetInstanceProtectionOutput, error)
// Starts an instance refresh. During an instance refresh, Amazon EC2 Auto Scaling
// performs a rolling update of instances in an Auto Scaling group. Instances are
// terminated first and then replaced, which temporarily reduces the capacity
// available within your Auto Scaling group. This operation is part of the
// instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)
// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto
// Scaling group. This feature is helpful, for example, when you have a new AMI or
// a new user data script. You just need to create a new launch template that
// specifies the new AMI or user data script. Then start an instance refresh to
// immediately begin the process of updating instances in the group. If successful,
// the request's response contains a unique ID that you can use to track the
// progress of the instance refresh. To query its status, call the
// DescribeInstanceRefreshes API. To describe the instance refreshes that have
// already run, call the DescribeInstanceRefreshes API. To cancel an instance
// refresh that is in progress, use the CancelInstanceRefresh API. An instance
// refresh might fail for several reasons, such as EC2 launch failures,
// misconfigured health checks, or not ignoring or allowing the termination of
// instances that are in Standby state or protected from scale in. You can monitor
// for failed EC2 launches using the scaling activities. To find the scaling
// activities, call the DescribeScalingActivities API. If you enable auto
// rollback, your Auto Scaling group will be rolled back automatically when the
// instance refresh fails. You can enable this feature before starting an instance
// refresh by specifying the AutoRollback property in the instance refresh
// preferences. Otherwise, to roll back an instance refresh before it finishes, use
// the RollbackInstanceRefresh API.
StartInstanceRefresh(ctx context.Context, params *StartInstanceRefreshInput, optFns ...func(*Options)) (*StartInstanceRefreshOutput, error)
// Suspends the specified auto scaling processes, or all processes, for the
// specified Auto Scaling group. If you suspend either the Launch or Terminate
// process types, it can prevent other process types from functioning properly. For
// more information, see Suspending and resuming scaling processes (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html)
// in the Amazon EC2 Auto Scaling User Guide. To resume processes that have been
// suspended, call the ResumeProcesses API.
SuspendProcesses(ctx context.Context, params *SuspendProcessesInput, optFns ...func(*Options)) (*SuspendProcessesOutput, error)
// Terminates the specified instance and optionally adjusts the desired group
// size. This operation cannot be called on instances in a warm pool. This call
// simply makes a termination request. The instance is not terminated immediately.
// When an instance is terminated, the instance status changes to terminated . You
// can't connect to or start an instance after you've terminated it. If you do not
// specify the option to decrement the desired capacity, Amazon EC2 Auto Scaling
// launches instances to replace the ones that are terminated. By default, Amazon
// EC2 Auto Scaling balances instances across all Availability Zones. If you
// decrement the desired capacity, your Auto Scaling group can become unbalanced
// between Availability Zones. Amazon EC2 Auto Scaling tries to rebalance the
// group, and rebalancing might terminate instances in other zones. For more
// information, see Rebalancing activities (https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html#AutoScalingBehavior.InstanceUsage)
// in the Amazon EC2 Auto Scaling User Guide.
TerminateInstanceInAutoScalingGroup(ctx context.Context, params *TerminateInstanceInAutoScalingGroupInput, optFns ...func(*Options)) (*TerminateInstanceInAutoScalingGroupOutput, error)
// We strongly recommend that all Auto Scaling groups use launch templates to
// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2. Updates
// the configuration for the specified Auto Scaling group. To update an Auto
// Scaling group, specify the name of the group and the property that you want to
// change. Any properties that you don't specify are not changed by this update
// request. The new settings take effect on any scaling activities after this call
// returns. If you associate a new launch configuration or template with an Auto
// Scaling group, all new instances will get the updated configuration. Existing
// instances continue to run with the configuration that they were originally
// launched with. When you update a group to specify a mixed instances policy
// instead of a launch configuration or template, existing instances may be
// replaced to match the new purchasing options that you specified in the policy.
// For example, if the group currently has 100% On-Demand capacity and the policy
// specifies 50% Spot capacity, this means that half of your instances will be
// gradually terminated and relaunched as Spot Instances. When replacing instances,
// Amazon EC2 Auto Scaling launches new instances before terminating the old ones,
// so that updating your group does not compromise the performance or availability
// of your application. Note the following about changing DesiredCapacity , MaxSize
// , or MinSize :
// - If a scale-in activity occurs as a result of a new DesiredCapacity value
// that is lower than the current size of the group, the Auto Scaling group uses
// its termination policy to determine which instances to terminate.
// - If you specify a new value for MinSize without specifying a value for
// DesiredCapacity , and the new MinSize is larger than the current size of the
// group, this sets the group's DesiredCapacity to the new MinSize value.
// - If you specify a new value for MaxSize without specifying a value for
// DesiredCapacity , and the new MaxSize is smaller than the current size of the
// group, this sets the group's DesiredCapacity to the new MaxSize value.
//
// To see which properties have been set, call the DescribeAutoScalingGroups API.
// To view the scaling policies for an Auto Scaling group, call the
// DescribePolicies API. If the group has scaling policies, you can update them by
// calling the PutScalingPolicy API.
UpdateAutoScalingGroup(ctx context.Context, params *UpdateAutoScalingGroupInput, optFns ...func(*Options)) (*UpdateAutoScalingGroupOutput, error)
}
ASG provides an interface to the AWS ASG service.
type CloudFormation ¶
type CloudFormation interface {
// Activates a public third-party extension, making it available for use in stack
// templates. For more information, see Using public extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html)
// in the CloudFormation User Guide. Once you have activated a public third-party
// extension in your account and region, use SetTypeConfiguration to specify
// configuration properties for the extension. For more information, see
// Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
// in the CloudFormation User Guide.
ActivateType(ctx context.Context, params *ActivateTypeInput, optFns ...func(*Options)) (*ActivateTypeOutput, error)
// Returns configuration data for the specified CloudFormation extensions, from
// the CloudFormation registry for the account and region. For more information,
// see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
// in the CloudFormation User Guide.
BatchDescribeTypeConfigurations(ctx context.Context, params *BatchDescribeTypeConfigurationsInput, optFns ...func(*Options)) (*BatchDescribeTypeConfigurationsOutput, error)
// Cancels an update on the specified stack. If the call completes successfully,
// the stack rolls back the update and reverts to the previous stack configuration.
// You can cancel only stacks that are in the UPDATE_IN_PROGRESS state.
CancelUpdateStack(ctx context.Context, params *CancelUpdateStackInput, optFns ...func(*Options)) (*CancelUpdateStackOutput, error)
// For a specified stack that's in the UPDATE_ROLLBACK_FAILED state, continues
// rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause
// of the failure, you can manually fix the error (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed)
// and continue the rollback. By continuing the rollback, you can return your stack
// to a working state (the UPDATE_ROLLBACK_COMPLETE state), and then try to update
// the stack again. A stack goes into the UPDATE_ROLLBACK_FAILED state when
// CloudFormation can't roll back all changes after a failed stack update. For
// example, you might have a stack that's rolling back to an old database instance
// that was deleted outside of CloudFormation. Because CloudFormation doesn't know
// the database was deleted, it assumes that the database instance still exists and
// attempts to roll back to it, causing the update rollback to fail.
ContinueUpdateRollback(ctx context.Context, params *ContinueUpdateRollbackInput, optFns ...func(*Options)) (*ContinueUpdateRollbackOutput, error)
// Creates a list of changes that will be applied to a stack so that you can
// review the changes before executing them. You can create a change set for a
// stack that doesn't exist or an existing stack. If you create a change set for a
// stack that doesn't exist, the change set shows all of the resources that
// CloudFormation will create. If you create a change set for an existing stack,
// CloudFormation compares the stack's information with the information that you
// submit in the change set and lists the differences. Use change sets to
// understand which resources CloudFormation will create or change, and how it will
// change resources in an existing stack, before you create or update a stack. To
// create a change set for a stack that doesn't exist, for the ChangeSetType
// parameter, specify CREATE . To create a change set for an existing stack,
// specify UPDATE for the ChangeSetType parameter. To create a change set for an
// import operation, specify IMPORT for the ChangeSetType parameter. After the
// CreateChangeSet call successfully completes, CloudFormation starts creating the
// change set. To check the status of the change set or to review it, use the
// DescribeChangeSet action. When you are satisfied with the changes the change set
// will make, execute the change set by using the ExecuteChangeSet action.
// CloudFormation doesn't make changes until you execute the change set. To create
// a change set for the entire stack hierarchy, set IncludeNestedStacks to True .
CreateChangeSet(ctx context.Context, params *CreateChangeSetInput, optFns ...func(*Options)) (*CreateChangeSetOutput, error)
// Creates a stack as specified in the template. After the call completes
// successfully, the stack creation starts. You can check the status of the stack
// through the DescribeStacks operation.
CreateStack(ctx context.Context, params *CreateStackInput, optFns ...func(*Options)) (*CreateStackOutput, error)
// Creates stack instances for the specified accounts, within the specified Amazon
// Web Services Regions. A stack instance refers to a stack in a specific account
// and Region. You must specify at least one value for either Accounts or
// DeploymentTargets , and you must specify at least one value for Regions .
CreateStackInstances(ctx context.Context, params *CreateStackInstancesInput, optFns ...func(*Options)) (*CreateStackInstancesOutput, error)
// Creates a stack set.
CreateStackSet(ctx context.Context, params *CreateStackSetInput, optFns ...func(*Options)) (*CreateStackSetOutput, error)
// Deactivates a public extension that was previously activated in this account
// and region. Once deactivated, an extension can't be used in any CloudFormation
// operation. This includes stack update operations where the stack template
// includes the extension, even if no updates are being made to the extension. In
// addition, deactivated extensions aren't automatically updated if a new version
// of the extension is released.
DeactivateType(ctx context.Context, params *DeactivateTypeInput, optFns ...func(*Options)) (*DeactivateTypeOutput, error)
// Deletes the specified change set. Deleting change sets ensures that no one
// executes the wrong change set. If the call successfully completes,
// CloudFormation successfully deleted the change set. If IncludeNestedStacks
// specifies True during the creation of the nested change set, then
// DeleteChangeSet will delete all change sets that belong to the stacks hierarchy
// and will also delete all change sets for nested stacks with the status of
// REVIEW_IN_PROGRESS .
DeleteChangeSet(ctx context.Context, params *DeleteChangeSetInput, optFns ...func(*Options)) (*DeleteChangeSetOutput, error)
// Deletes a specified stack. Once the call completes successfully, stack deletion
// starts. Deleted stacks don't show up in the DescribeStacks operation if the
// deletion has been completed successfully.
DeleteStack(ctx context.Context, params *DeleteStackInput, optFns ...func(*Options)) (*DeleteStackOutput, error)
// Deletes stack instances for the specified accounts, in the specified Amazon Web
// Services Regions.
DeleteStackInstances(ctx context.Context, params *DeleteStackInstancesInput, optFns ...func(*Options)) (*DeleteStackInstancesOutput, error)
// Deletes a stack set. Before you can delete a stack set, all its member stack
// instances must be deleted. For more information about how to complete this, see
// DeleteStackInstances .
DeleteStackSet(ctx context.Context, params *DeleteStackSetInput, optFns ...func(*Options)) (*DeleteStackSetOutput, error)
// Marks an extension or extension version as DEPRECATED in the CloudFormation
// registry, removing it from active use. Deprecated extensions or extension
// versions cannot be used in CloudFormation operations. To deregister an entire
// extension, you must individually deregister all active versions of that
// extension. If an extension has only a single active version, deregistering that
// version results in the extension itself being deregistered and marked as
// deprecated in the registry. You can't deregister the default version of an
// extension if there are other active version of that extension. If you do
// deregister the default version of an extension, the extension type itself is
// deregistered as well and marked as deprecated. To view the deprecation status of
// an extension or extension version, use DescribeType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html)
// .
DeregisterType(ctx context.Context, params *DeregisterTypeInput, optFns ...func(*Options)) (*DeregisterTypeOutput, error)
// Retrieves your account's CloudFormation limits, such as the maximum number of
// stacks that you can create in your account. For more information about account
// limits, see CloudFormation Quotas (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html)
// in the CloudFormation User Guide.
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Returns the inputs for the change set and a list of changes that CloudFormation
// will make if you execute the change set. For more information, see Updating
// Stacks Using Change Sets (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html)
// in the CloudFormation User Guide.
DescribeChangeSet(ctx context.Context, params *DescribeChangeSetInput, optFns ...func(*Options)) (*DescribeChangeSetOutput, error)
// Returns hook-related information for the change set and a list of changes that
// CloudFormation makes when you run the change set.
DescribeChangeSetHooks(ctx context.Context, params *DescribeChangeSetHooksInput, optFns ...func(*Options)) (*DescribeChangeSetHooksOutput, error)
// Returns information about a CloudFormation extension publisher. If you don't
// supply a PublisherId , and you have registered as an extension publisher,
// DescribePublisher returns information about your own publisher account. For more
// information about registering as a publisher, see:
// - RegisterPublisher (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html)
// - Publishing extensions to make them available for public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html)
// in the CloudFormation CLI User Guide
DescribePublisher(ctx context.Context, params *DescribePublisherInput, optFns ...func(*Options)) (*DescribePublisherOutput, error)
// Returns information about a stack drift detection operation. A stack drift
// detection operation detects whether a stack's actual configuration differs, or
// has drifted, from it's expected configuration, as defined in the stack template
// and any values specified as template parameters. A stack is considered to have
// drifted if one or more of its resources have drifted. For more information about
// stack and resource drift, see Detecting Unregulated Configuration Changes to
// Stacks and Resources (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html)
// . Use DetectStackDrift to initiate a stack drift detection operation.
// DetectStackDrift returns a StackDriftDetectionId you can use to monitor the
// progress of the operation using DescribeStackDriftDetectionStatus . Once the
// drift detection operation has completed, use DescribeStackResourceDrifts to
// return drift information about the stack and its resources.
DescribeStackDriftDetectionStatus(ctx context.Context, params *DescribeStackDriftDetectionStatusInput, optFns ...func(*Options)) (*DescribeStackDriftDetectionStatusOutput, error)
// Returns all stack related events for a specified stack in reverse chronological
// order. For more information about a stack's event history, go to Stacks (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/concept-stack.html)
// in the CloudFormation User Guide. You can list events for stacks that have
// failed to create or have been deleted by specifying the unique stack identifier
// (stack ID).
DescribeStackEvents(ctx context.Context, params *DescribeStackEventsInput, optFns ...func(*Options)) (*DescribeStackEventsOutput, error)
// Returns the stack instance that's associated with the specified stack set,
// Amazon Web Services account, and Region. For a list of stack instances that are
// associated with a specific stack set, use ListStackInstances .
DescribeStackInstance(ctx context.Context, params *DescribeStackInstanceInput, optFns ...func(*Options)) (*DescribeStackInstanceOutput, error)
// Returns a description of the specified resource in the specified stack. For
// deleted stacks, DescribeStackResource returns resource information for up to 90
// days after the stack has been deleted.
DescribeStackResource(ctx context.Context, params *DescribeStackResourceInput, optFns ...func(*Options)) (*DescribeStackResourceOutput, error)
// Returns drift information for the resources that have been checked for drift in
// the specified stack. This includes actual and expected configuration values for
// resources where CloudFormation detects configuration drift. For a given stack,
// there will be one StackResourceDrift for each stack resource that has been
// checked for drift. Resources that haven't yet been checked for drift aren't
// included. Resources that don't currently support drift detection aren't checked,
// and so not included. For a list of resources that support drift detection, see
// Resources that Support Drift Detection (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html)
// . Use DetectStackResourceDrift to detect drift on individual resources, or
// DetectStackDrift to detect drift on all supported resources for a given stack.
DescribeStackResourceDrifts(ctx context.Context, params *DescribeStackResourceDriftsInput, optFns ...func(*Options)) (*DescribeStackResourceDriftsOutput, error)
// Returns Amazon Web Services resource descriptions for running and deleted
// stacks. If StackName is specified, all the associated resources that are part
// of the stack are returned. If PhysicalResourceId is specified, the associated
// resources of the stack that the resource belongs to are returned. Only the first
// 100 resources will be returned. If your stack has more resources than this, you
// should use ListStackResources instead. For deleted stacks,
// DescribeStackResources returns resource information for up to 90 days after the
// stack has been deleted. You must specify either StackName or PhysicalResourceId
// , but not both. In addition, you can specify LogicalResourceId to filter the
// returned result. For more information about resources, the LogicalResourceId
// and PhysicalResourceId , go to the CloudFormation User Guide (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/)
// . A ValidationError is returned if you specify both StackName and
// PhysicalResourceId in the same request.
DescribeStackResources(ctx context.Context, params *DescribeStackResourcesInput, optFns ...func(*Options)) (*DescribeStackResourcesOutput, error)
// Returns the description of the specified stack set.
DescribeStackSet(ctx context.Context, params *DescribeStackSetInput, optFns ...func(*Options)) (*DescribeStackSetOutput, error)
// Returns the description of the specified stack set operation.
DescribeStackSetOperation(ctx context.Context, params *DescribeStackSetOperationInput, optFns ...func(*Options)) (*DescribeStackSetOperationOutput, error)
// Returns the description for the specified stack; if no stack name was
// specified, then it returns the description for all the stacks created. If the
// stack doesn't exist, an ValidationError is returned.
DescribeStacks(ctx context.Context, params *DescribeStacksInput, optFns ...func(*Options)) (*DescribeStacksOutput, error)
// Returns detailed information about an extension that has been registered. If
// you specify a VersionId , DescribeType returns information about that specific
// extension version. Otherwise, it returns information about the default extension
// version.
DescribeType(ctx context.Context, params *DescribeTypeInput, optFns ...func(*Options)) (*DescribeTypeOutput, error)
// Returns information about an extension's registration, including its current
// status and type and version identifiers. When you initiate a registration
// request using RegisterType , you can then use DescribeTypeRegistration to
// monitor the progress of that registration request. Once the registration request
// has completed, use DescribeType to return detailed information about an
// extension.
DescribeTypeRegistration(ctx context.Context, params *DescribeTypeRegistrationInput, optFns ...func(*Options)) (*DescribeTypeRegistrationOutput, error)
// Detects whether a stack's actual configuration differs, or has drifted, from
// it's expected configuration, as defined in the stack template and any values
// specified as template parameters. For each resource in the stack that supports
// drift detection, CloudFormation compares the actual configuration of the
// resource with its expected template configuration. Only resource properties
// explicitly defined in the stack template are checked for drift. A stack is
// considered to have drifted if one or more of its resources differ from their
// expected template configurations. For more information, see Detecting
// Unregulated Configuration Changes to Stacks and Resources (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html)
// . Use DetectStackDrift to detect drift on all supported resources for a given
// stack, or DetectStackResourceDrift to detect drift on individual resources. For
// a list of stack resources that currently support drift detection, see Resources
// that Support Drift Detection (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html)
// . DetectStackDrift can take up to several minutes, depending on the number of
// resources contained within the stack. Use DescribeStackDriftDetectionStatus to
// monitor the progress of a detect stack drift operation. Once the drift detection
// operation has completed, use DescribeStackResourceDrifts to return drift
// information about the stack and its resources. When detecting drift on a stack,
// CloudFormation doesn't detect drift on any nested stacks belonging to that
// stack. Perform DetectStackDrift directly on the nested stack itself.
DetectStackDrift(ctx context.Context, params *DetectStackDriftInput, optFns ...func(*Options)) (*DetectStackDriftOutput, error)
// Returns information about whether a resource's actual configuration differs, or
// has drifted, from it's expected configuration, as defined in the stack template
// and any values specified as template parameters. This information includes
// actual and expected property values for resources in which CloudFormation
// detects drift. Only resource properties explicitly defined in the stack template
// are checked for drift. For more information about stack and resource drift, see
// Detecting Unregulated Configuration Changes to Stacks and Resources (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html)
// . Use DetectStackResourceDrift to detect drift on individual resources, or
// DetectStackDrift to detect drift on all resources in a given stack that support
// drift detection. Resources that don't currently support drift detection can't be
// checked. For a list of resources that support drift detection, see Resources
// that Support Drift Detection (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html)
// .
DetectStackResourceDrift(ctx context.Context, params *DetectStackResourceDriftInput, optFns ...func(*Options)) (*DetectStackResourceDriftOutput, error)
// Detect drift on a stack set. When CloudFormation performs drift detection on a
// stack set, it performs drift detection on the stack associated with each stack
// instance in the stack set. For more information, see How CloudFormation
// performs drift detection on a stack set (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html)
// . DetectStackSetDrift returns the OperationId of the stack set drift detection
// operation. Use this operation id with DescribeStackSetOperation to monitor the
// progress of the drift detection operation. The drift detection operation may
// take some time, depending on the number of stack instances included in the stack
// set, in addition to the number of resources included in each stack. Once the
// operation has completed, use the following actions to return drift information:
// - Use DescribeStackSet to return detailed information about the stack set,
// including detailed information about the last completed drift operation
// performed on the stack set. (Information about drift operations that are in
// progress isn't included.)
// - Use ListStackInstances to return a list of stack instances belonging to the
// stack set, including the drift status and last drift time checked of each
// instance.
// - Use DescribeStackInstance to return detailed information about a specific
// stack instance, including its drift status and last drift time checked.
//
// For more information about performing a drift detection operation on a stack
// set, see Detecting unmanaged changes in stack sets (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html)
// . You can only run a single drift detection operation on a given stack set at
// one time. To stop a drift detection stack set operation, use
// StopStackSetOperation .
DetectStackSetDrift(ctx context.Context, params *DetectStackSetDriftInput, optFns ...func(*Options)) (*DetectStackSetDriftOutput, error)
// Returns the estimated monthly cost of a template. The return value is an Amazon
// Web Services Simple Monthly Calculator URL with a query string that describes
// the resources required to run the template.
EstimateTemplateCost(ctx context.Context, params *EstimateTemplateCostInput, optFns ...func(*Options)) (*EstimateTemplateCostOutput, error)
// Updates a stack using the input information that was provided when the
// specified change set was created. After the call successfully completes,
// CloudFormation starts updating the stack. Use the DescribeStacks action to view
// the status of the update. When you execute a change set, CloudFormation deletes
// all other change sets associated with the stack because they aren't valid for
// the updated stack. If a stack policy is associated with the stack,
// CloudFormation enforces the policy during the update. You can't specify a
// temporary stack policy that overrides the current policy. To create a change set
// for the entire stack hierarchy, IncludeNestedStacks must have been set to True .
ExecuteChangeSet(ctx context.Context, params *ExecuteChangeSetInput, optFns ...func(*Options)) (*ExecuteChangeSetOutput, error)
// Returns the stack policy for a specified stack. If a stack doesn't have a
// policy, a null value is returned.
GetStackPolicy(ctx context.Context, params *GetStackPolicyInput, optFns ...func(*Options)) (*GetStackPolicyOutput, error)
// Returns the template body for a specified stack. You can get the template for
// running or deleted stacks. For deleted stacks, GetTemplate returns the template
// for up to 90 days after the stack has been deleted. If the template doesn't
// exist, a ValidationError is returned.
GetTemplate(ctx context.Context, params *GetTemplateInput, optFns ...func(*Options)) (*GetTemplateOutput, error)
// Returns information about a new or existing template. The GetTemplateSummary
// action is useful for viewing parameter information, such as default parameter
// values and parameter types, before you create or update a stack or stack set.
// You can use the GetTemplateSummary action when you submit a template, or you
// can get template information for a stack set, or a running or deleted stack. For
// deleted stacks, GetTemplateSummary returns the template information for up to
// 90 days after the stack has been deleted. If the template doesn't exist, a
// ValidationError is returned.
GetTemplateSummary(ctx context.Context, params *GetTemplateSummaryInput, optFns ...func(*Options)) (*GetTemplateSummaryOutput, error)
// Import existing stacks into a new stack sets. Use the stack import operation to
// import up to 10 stacks into a new stack set in the same account as the source
// stack or in a different administrator account and Region, by specifying the
// stack ID of the stack you intend to import. ImportStacksToStackSet is only
// supported by self-managed permissions.
ImportStacksToStackSet(ctx context.Context, params *ImportStacksToStackSetInput, optFns ...func(*Options)) (*ImportStacksToStackSetOutput, error)
// Returns the ID and status of each active change set for a stack. For example,
// CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or
// CREATE_PENDING state.
ListChangeSets(ctx context.Context, params *ListChangeSetsInput, optFns ...func(*Options)) (*ListChangeSetsOutput, error)
// Lists all exported output values in the account and Region in which you call
// this action. Use this action to see the exported output values that you can
// import into other stacks. To import values, use the Fn::ImportValue (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)
// function. For more information, see CloudFormation export stack output values (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html)
// .
ListExports(ctx context.Context, params *ListExportsInput, optFns ...func(*Options)) (*ListExportsOutput, error)
// Lists all stacks that are importing an exported output value. To modify or
// remove an exported output value, first use this action to see which stacks are
// using it. To see the exported output values in your account, see ListExports .
// For more information about importing an exported output value, see the
// Fn::ImportValue (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)
// function.
ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error)
// Returns summary information about stack instances that are associated with the
// specified stack set. You can filter for stack instances that are associated with
// a specific Amazon Web Services account name or Region, or that have a specific
// status.
ListStackInstances(ctx context.Context, params *ListStackInstancesInput, optFns ...func(*Options)) (*ListStackInstancesOutput, error)
// Returns descriptions of all resources of the specified stack. For deleted
// stacks, ListStackResources returns resource information for up to 90 days after
// the stack has been deleted.
ListStackResources(ctx context.Context, params *ListStackResourcesInput, optFns ...func(*Options)) (*ListStackResourcesOutput, error)
// Returns summary information about the results of a stack set operation.
ListStackSetOperationResults(ctx context.Context, params *ListStackSetOperationResultsInput, optFns ...func(*Options)) (*ListStackSetOperationResultsOutput, error)
// Returns summary information about operations performed on a stack set.
ListStackSetOperations(ctx context.Context, params *ListStackSetOperationsInput, optFns ...func(*Options)) (*ListStackSetOperationsOutput, error)
// Returns summary information about stack sets that are associated with the user.
// - [Self-managed permissions] If you set the CallAs parameter to SELF while
// signed in to your Amazon Web Services account, ListStackSets returns all
// self-managed stack sets in your Amazon Web Services account.
// - [Service-managed permissions] If you set the CallAs parameter to SELF while
// signed in to the organization's management account, ListStackSets returns all
// stack sets in the management account.
// - [Service-managed permissions] If you set the CallAs parameter to
// DELEGATED_ADMIN while signed in to your member account, ListStackSets returns
// all stack sets with service-managed permissions in the management account.
ListStackSets(ctx context.Context, params *ListStackSetsInput, optFns ...func(*Options)) (*ListStackSetsOutput, error)
// Returns the summary information for stacks whose status matches the specified
// StackStatusFilter. Summary information for stacks that have been deleted is kept
// for 90 days after the stack is deleted. If no StackStatusFilter is specified,
// summary information for all stacks is returned (including existing stacks and
// stacks that have been deleted).
ListStacks(ctx context.Context, params *ListStacksInput, optFns ...func(*Options)) (*ListStacksOutput, error)
// Returns a list of registration tokens for the specified extension(s).
ListTypeRegistrations(ctx context.Context, params *ListTypeRegistrationsInput, optFns ...func(*Options)) (*ListTypeRegistrationsOutput, error)
// Returns summary information about the versions of an extension.
ListTypeVersions(ctx context.Context, params *ListTypeVersionsInput, optFns ...func(*Options)) (*ListTypeVersionsOutput, error)
// Returns summary information about extension that have been registered with
// CloudFormation.
ListTypes(ctx context.Context, params *ListTypesInput, optFns ...func(*Options)) (*ListTypesOutput, error)
// Publishes the specified extension to the CloudFormation registry as a public
// extension in this region. Public extensions are available for use by all
// CloudFormation users. For more information about publishing extensions, see
// Publishing extensions to make them available for public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html)
// in the CloudFormation CLI User Guide. To publish an extension, you must be
// registered as a publisher with CloudFormation. For more information, see
// RegisterPublisher (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html)
// .
PublishType(ctx context.Context, params *PublishTypeInput, optFns ...func(*Options)) (*PublishTypeOutput, error)
// Reports progress of a resource handler to CloudFormation. Reserved for use by
// the CloudFormation CLI (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html)
// . Don't use this API in your code.
RecordHandlerProgress(ctx context.Context, params *RecordHandlerProgressInput, optFns ...func(*Options)) (*RecordHandlerProgressOutput, error)
// Registers your account as a publisher of public extensions in the
// CloudFormation registry. Public extensions are available for use by all
// CloudFormation users. This publisher ID applies to your account in all Amazon
// Web Services Regions. For information about requirements for registering as a
// public extension publisher, see Registering your account to publish
// CloudFormation extensions (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs)
// in the CloudFormation CLI User Guide.
RegisterPublisher(ctx context.Context, params *RegisterPublisherInput, optFns ...func(*Options)) (*RegisterPublisherOutput, error)
// Registers an extension with the CloudFormation service. Registering an
// extension makes it available for use in CloudFormation templates in your Amazon
// Web Services account, and includes:
// - Validating the extension schema.
// - Determining which handlers, if any, have been specified for the extension.
// - Making the extension available for use in your account.
//
// For more information about how to develop extensions and ready them for
// registration, see Creating Resource Providers (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html)
// in the CloudFormation CLI User Guide. You can have a maximum of 50 resource
// extension versions registered at a time. This maximum is per account and per
// region. Use DeregisterType to deregister specific extension versions if
// necessary. Once you have initiated a registration request using RegisterType ,
// you can use DescribeTypeRegistration to monitor the progress of the
// registration request. Once you have registered a private extension in your
// account and region, use SetTypeConfiguration to specify configuration
// properties for the extension. For more information, see Configuring extensions
// at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
// in the CloudFormation User Guide.
RegisterType(ctx context.Context, params *RegisterTypeInput, optFns ...func(*Options)) (*RegisterTypeOutput, error)
// When specifying RollbackStack , you preserve the state of previously provisioned
// resources when an operation fails. You can check the status of the stack through
// the DescribeStacks operation. Rolls back the specified stack to the last known
// stable state from CREATE_FAILED or UPDATE_FAILED stack statuses. This operation
// will delete a stack if it doesn't contain a last known stable state. A last
// known stable state includes any status in a *_COMPLETE . This includes the
// following stack statuses.
// - CREATE_COMPLETE
// - UPDATE_COMPLETE
// - UPDATE_ROLLBACK_COMPLETE
// - IMPORT_COMPLETE
// - IMPORT_ROLLBACK_COMPLETE
RollbackStack(ctx context.Context, params *RollbackStackInput, optFns ...func(*Options)) (*RollbackStackOutput, error)
// Sets a stack policy for a specified stack.
SetStackPolicy(ctx context.Context, params *SetStackPolicyInput, optFns ...func(*Options)) (*SetStackPolicyOutput, error)
// Specifies the configuration data for a registered CloudFormation extension, in
// the given account and region. To view the current configuration data for an
// extension, refer to the ConfigurationSchema element of DescribeType . For more
// information, see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
// in the CloudFormation User Guide. It's strongly recommended that you use dynamic
// references to restrict sensitive configuration definitions, such as third-party
// credentials. For more details on dynamic references, see Using dynamic
// references to specify template values (https://docs.aws.amazon.com/) in the
// CloudFormation User Guide.
SetTypeConfiguration(ctx context.Context, params *SetTypeConfigurationInput, optFns ...func(*Options)) (*SetTypeConfigurationOutput, error)
// Specify the default version of an extension. The default version of an
// extension will be used in CloudFormation operations.
SetTypeDefaultVersion(ctx context.Context, params *SetTypeDefaultVersionInput, optFns ...func(*Options)) (*SetTypeDefaultVersionOutput, error)
// Sends a signal to the specified resource with a success or failure status. You
// can use the SignalResource operation in conjunction with a creation policy or
// update policy. CloudFormation doesn't proceed with a stack creation or update
// until resources receive the required number of signals or the timeout period is
// exceeded. The SignalResource operation is useful in cases where you want to
// send signals from anywhere other than an Amazon EC2 instance.
SignalResource(ctx context.Context, params *SignalResourceInput, optFns ...func(*Options)) (*SignalResourceOutput, error)
// Stops an in-progress operation on a stack set and its associated stack
// instances. StackSets will cancel all the unstarted stack instance deployments
// and wait for those are in-progress to complete.
StopStackSetOperation(ctx context.Context, params *StopStackSetOperationInput, optFns ...func(*Options)) (*StopStackSetOperationOutput, error)
// Tests a registered extension to make sure it meets all necessary requirements
// for being published in the CloudFormation registry.
// - For resource types, this includes passing all contracts tests defined for
// the type.
// - For modules, this includes determining if the module's model meets all
// necessary requirements.
//
// For more information, see Testing your public extension prior to publishing (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing)
// in the CloudFormation CLI User Guide. If you don't specify a version,
// CloudFormation uses the default version of the extension in your account and
// region for testing. To perform testing, CloudFormation assumes the execution
// role specified when the type was registered. For more information, see
// RegisterType . Once you've initiated testing on an extension using TestType ,
// you can pass the returned TypeVersionArn into DescribeType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html)
// to monitor the current test status and test status description for the
// extension. An extension must have a test status of PASSED before it can be
// published. For more information, see Publishing extensions to make them
// available for public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html)
// in the CloudFormation CLI User Guide.
TestType(ctx context.Context, params *TestTypeInput, optFns ...func(*Options)) (*TestTypeOutput, error)
// Updates a stack as specified in the template. After the call completes
// successfully, the stack update starts. You can check the status of the stack
// through the DescribeStacks action. To get a copy of the template for an
// existing stack, you can use the GetTemplate action. For more information about
// creating an update template, updating a stack, and monitoring the progress of
// the update, see Updating a Stack (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html)
// .
UpdateStack(ctx context.Context, params *UpdateStackInput, optFns ...func(*Options)) (*UpdateStackOutput, error)
// Updates the parameter values for stack instances for the specified accounts,
// within the specified Amazon Web Services Regions. A stack instance refers to a
// stack in a specific account and Region. You can only update stack instances in
// Amazon Web Services Regions and accounts where they already exist; to create
// additional stack instances, use CreateStackInstances (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStackInstances.html)
// . During stack set updates, any parameters overridden for a stack instance
// aren't updated, but retain their overridden value. You can only update the
// parameter values that are specified in the stack set; to add or delete a
// parameter itself, use UpdateStackSet (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html)
// to update the stack set template. If you add a parameter to a template, before
// you can override the parameter value specified in the stack set you must first
// use UpdateStackSet (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html)
// to update all stack instances with the updated template and parameter value
// specified in the stack set. Once a stack instance has been updated with the new
// parameter, you can then override the parameter value using UpdateStackInstances .
UpdateStackInstances(ctx context.Context, params *UpdateStackInstancesInput, optFns ...func(*Options)) (*UpdateStackInstancesOutput, error)
// Updates the stack set, and associated stack instances in the specified accounts
// and Amazon Web Services Regions. Even if the stack set operation created by
// updating the stack set fails (completely or partially, below or above a
// specified failure tolerance), the stack set is updated with your changes.
// Subsequent CreateStackInstances calls on the specified stack set use the
// updated stack set.
UpdateStackSet(ctx context.Context, params *UpdateStackSetInput, optFns ...func(*Options)) (*UpdateStackSetOutput, error)
// Updates termination protection for the specified stack. If a user attempts to
// delete a stack with termination protection enabled, the operation fails and the
// stack remains unchanged. For more information, see Protecting a Stack From
// Being Deleted (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html)
// in the CloudFormation User Guide. For nested stacks (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html)
// , termination protection is set on the root stack and can't be changed directly
// on the nested stack.
UpdateTerminationProtection(ctx context.Context, params *UpdateTerminationProtectionInput, optFns ...func(*Options)) (*UpdateTerminationProtectionOutput, error)
// Validates a specified template. CloudFormation first checks if the template is
// valid JSON. If it isn't, CloudFormation checks if the template is valid YAML. If
// both these checks fail, CloudFormation returns a template validation error.
ValidateTemplate(ctx context.Context, params *ValidateTemplateInput, optFns ...func(*Options)) (*ValidateTemplateOutput, error)
}
CloudFormation provides an interface to the AWS CloudFormation service.
type CloudTrail ¶ added in v0.92.0
type CloudTrail interface {
// Adds one or more tags to a trail, event data store, or channel, up to a limit
// of 50. Overwrites an existing tag's value when a new value is specified for an
// existing tag key. Tag key names must be unique; you cannot have two keys with
// the same name but different values. If you specify a key without a value, the
// tag will be created with the specified key and a value of null. You can tag a
// trail or event data store that applies to all Amazon Web Services Regions only
// from the Region in which the trail or event data store was created (also known
// as its home region).
AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
// Cancels a query if the query is not in a terminated state, such as CANCELLED ,
// FAILED , TIMED_OUT , or FINISHED . You must specify an ARN value for
// EventDataStore . The ID of the query that you want to cancel is also required.
// When you run CancelQuery , the query status might show as CANCELLED even if the
// operation is not yet finished.
CancelQuery(ctx context.Context, params *CancelQueryInput, optFns ...func(*Options)) (*CancelQueryOutput, error)
// Creates a channel for CloudTrail to ingest events from a partner or external
// source. After you create a channel, a CloudTrail Lake event data store can log
// events from the partner or source that you specify.
CreateChannel(ctx context.Context, params *CreateChannelInput, optFns ...func(*Options)) (*CreateChannelOutput, error)
// Creates a new event data store.
CreateEventDataStore(ctx context.Context, params *CreateEventDataStoreInput, optFns ...func(*Options)) (*CreateEventDataStoreOutput, error)
// Creates a trail that specifies the settings for delivery of log data to an
// Amazon S3 bucket.
CreateTrail(ctx context.Context, params *CreateTrailInput, optFns ...func(*Options)) (*CreateTrailOutput, error)
// Deletes a channel.
DeleteChannel(ctx context.Context, params *DeleteChannelInput, optFns ...func(*Options)) (*DeleteChannelOutput, error)
// Disables the event data store specified by EventDataStore , which accepts an
// event data store ARN. After you run DeleteEventDataStore , the event data store
// enters a PENDING_DELETION state, and is automatically deleted after a wait
// period of seven days. TerminationProtectionEnabled must be set to False on the
// event data store; this operation cannot work if TerminationProtectionEnabled is
// True . After you run DeleteEventDataStore on an event data store, you cannot
// run ListQueries , DescribeQuery , or GetQueryResults on queries that are using
// an event data store in a PENDING_DELETION state. An event data store in the
// PENDING_DELETION state does not incur costs.
DeleteEventDataStore(ctx context.Context, params *DeleteEventDataStoreInput, optFns ...func(*Options)) (*DeleteEventDataStoreOutput, error)
// Deletes the resource-based policy attached to the CloudTrail channel.
DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
// Deletes a trail. This operation must be called from the region in which the
// trail was created. DeleteTrail cannot be called on the shadow trails
// (replicated trails in other regions) of a trail that is enabled in all regions.
DeleteTrail(ctx context.Context, params *DeleteTrailInput, optFns ...func(*Options)) (*DeleteTrailOutput, error)
// Removes CloudTrail delegated administrator permissions from a member account in
// an organization.
DeregisterOrganizationDelegatedAdmin(ctx context.Context, params *DeregisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*DeregisterOrganizationDelegatedAdminOutput, error)
// Returns metadata about a query, including query run time in milliseconds,
// number of events scanned and matched, and query status. You must specify an ARN
// for EventDataStore , and a value for QueryID .
DescribeQuery(ctx context.Context, params *DescribeQueryInput, optFns ...func(*Options)) (*DescribeQueryOutput, error)
// Retrieves settings for one or more trails associated with the current region
// for your account.
DescribeTrails(ctx context.Context, params *DescribeTrailsInput, optFns ...func(*Options)) (*DescribeTrailsOutput, error)
// Returns information about a specific channel.
GetChannel(ctx context.Context, params *GetChannelInput, optFns ...func(*Options)) (*GetChannelOutput, error)
// Returns information about an event data store specified as either an ARN or the
// ID portion of the ARN.
GetEventDataStore(ctx context.Context, params *GetEventDataStoreInput, optFns ...func(*Options)) (*GetEventDataStoreOutput, error)
// Describes the settings for the event selectors that you configured for your
// trail. The information returned for your event selectors includes the following:
//
// - If your event selector includes read-only events, write-only events, or all
// events. This applies to both management events and data events.
// - If your event selector includes management events.
// - If your event selector includes data events, the resources on which you are
// logging data events.
//
// For more information about logging management and data events, see the
// following topics in the CloudTrail User Guide:
// - Logging management events for trails (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html)
// - Logging data events for trails (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html)
GetEventSelectors(ctx context.Context, params *GetEventSelectorsInput, optFns ...func(*Options)) (*GetEventSelectorsOutput, error)
// Returns information about a specific import.
GetImport(ctx context.Context, params *GetImportInput, optFns ...func(*Options)) (*GetImportOutput, error)
// Describes the settings for the Insights event selectors that you configured for
// your trail. GetInsightSelectors shows if CloudTrail Insights event logging is
// enabled on the trail, and if it is, which insight types are enabled. If you run
// GetInsightSelectors on a trail that does not have Insights events enabled, the
// operation throws the exception InsightNotEnabledException For more information,
// see Logging CloudTrail Insights Events for Trails (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html)
// in the CloudTrail User Guide.
GetInsightSelectors(ctx context.Context, params *GetInsightSelectorsInput, optFns ...func(*Options)) (*GetInsightSelectorsOutput, error)
// Gets event data results of a query. You must specify the QueryID value returned
// by the StartQuery operation, and an ARN for EventDataStore .
GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error)
// Retrieves the JSON text of the resource-based policy document attached to the
// CloudTrail channel.
GetResourcePolicy(ctx context.Context, params *GetResourcePolicyInput, optFns ...func(*Options)) (*GetResourcePolicyOutput, error)
// Returns settings information for a specified trail.
GetTrail(ctx context.Context, params *GetTrailInput, optFns ...func(*Options)) (*GetTrailOutput, error)
// Returns a JSON-formatted list of information about the specified trail. Fields
// include information on delivery errors, Amazon SNS and Amazon S3 errors, and
// start and stop logging times for each trail. This operation returns trail status
// from a single region. To return trail status from all regions, you must call the
// operation on each region.
GetTrailStatus(ctx context.Context, params *GetTrailStatusInput, optFns ...func(*Options)) (*GetTrailStatusOutput, error)
// Lists the channels in the current account, and their source names.
ListChannels(ctx context.Context, params *ListChannelsInput, optFns ...func(*Options)) (*ListChannelsOutput, error)
// Returns information about all event data stores in the account, in the current
// region.
ListEventDataStores(ctx context.Context, params *ListEventDataStoresInput, optFns ...func(*Options)) (*ListEventDataStoresOutput, error)
// Returns a list of failures for the specified import.
ListImportFailures(ctx context.Context, params *ListImportFailuresInput, optFns ...func(*Options)) (*ListImportFailuresOutput, error)
// Returns information on all imports, or a select set of imports by ImportStatus
// or Destination .
ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error)
// Returns all public keys whose private keys were used to sign the digest files
// within the specified time range. The public key is needed to validate digest
// files that were signed with its corresponding private key. CloudTrail uses
// different private and public key pairs per region. Each digest file is signed
// with a private key unique to its region. When you validate a digest file from a
// specific region, you must look in the same region for its corresponding public
// key.
ListPublicKeys(ctx context.Context, params *ListPublicKeysInput, optFns ...func(*Options)) (*ListPublicKeysOutput, error)
// Returns a list of queries and query statuses for the past seven days. You must
// specify an ARN value for EventDataStore . Optionally, to shorten the list of
// results, you can specify a time range, formatted as timestamps, by adding
// StartTime and EndTime parameters, and a QueryStatus value. Valid values for
// QueryStatus include QUEUED , RUNNING , FINISHED , FAILED , TIMED_OUT , or
// CANCELLED .
ListQueries(ctx context.Context, params *ListQueriesInput, optFns ...func(*Options)) (*ListQueriesOutput, error)
// Lists the tags for the trail, event data store, or channel in the current
// region.
ListTags(ctx context.Context, params *ListTagsInput, optFns ...func(*Options)) (*ListTagsOutput, error)
// Lists trails that are in the current account.
ListTrails(ctx context.Context, params *ListTrailsInput, optFns ...func(*Options)) (*ListTrailsOutput, error)
// Looks up management events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events)
// or CloudTrail Insights events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-insights-events)
// that are captured by CloudTrail. You can look up events that occurred in a
// region within the last 90 days. Lookup supports the following attributes for
// management events:
// - Amazon Web Services access key
// - Event ID
// - Event name
// - Event source
// - Read only
// - Resource name
// - Resource type
// - User name
//
// Lookup supports the following attributes for Insights events:
// - Event ID
// - Event name
// - Event source
//
// All attributes are optional. The default number of results returned is 50, with
// a maximum of 50 possible. The response includes a token that you can use to get
// the next page of results. The rate of lookup requests is limited to two per
// second, per account, per region. If this limit is exceeded, a throttling error
// occurs.
LookupEvents(ctx context.Context, params *LookupEventsInput, optFns ...func(*Options)) (*LookupEventsOutput, error)
// Configures an event selector or advanced event selectors for your trail. Use
// event selectors or advanced event selectors to specify management and data event
// settings for your trail. By default, trails created without specific event
// selectors are configured to log all read and write management events, and no
// data events. When an event occurs in your account, CloudTrail evaluates the
// event selectors or advanced event selectors in all trails. For each trail, if
// the event matches any event selector, the trail processes and logs the event. If
// the event doesn't match any event selector, the trail doesn't log the event.
// Example
// - You create an event selector for a trail and specify that you want
// write-only events.
// - The EC2 GetConsoleOutput and RunInstances API operations occur in your
// account.
// - CloudTrail evaluates whether the events match your event selectors.
// - The RunInstances is a write-only event and it matches your event selector.
// The trail logs the event.
// - The GetConsoleOutput is a read-only event that doesn't match your event
// selector. The trail doesn't log the event.
//
// The PutEventSelectors operation must be called from the region in which the
// trail was created; otherwise, an InvalidHomeRegionException exception is
// thrown. You can configure up to five event selectors for each trail. For more
// information, see Logging management events for trails (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html)
// , Logging data events for trails (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html)
// , and Quotas in CloudTrail (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html)
// in the CloudTrail User Guide. You can add advanced event selectors, and
// conditions for your advanced event selectors, up to a maximum of 500 values for
// all conditions and selectors on a trail. You can use either
// AdvancedEventSelectors or EventSelectors , but not both. If you apply
// AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten.
// For more information about advanced event selectors, see Logging data events
// for trails (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html)
// in the CloudTrail User Guide.
PutEventSelectors(ctx context.Context, params *PutEventSelectorsInput, optFns ...func(*Options)) (*PutEventSelectorsOutput, error)
// Lets you enable Insights event logging by specifying the Insights selectors
// that you want to enable on an existing trail. You also use PutInsightSelectors
// to turn off Insights event logging, by passing an empty list of insight types.
// The valid Insights event types in this release are ApiErrorRateInsight and
// ApiCallRateInsight .
PutInsightSelectors(ctx context.Context, params *PutInsightSelectorsInput, optFns ...func(*Options)) (*PutInsightSelectorsOutput, error)
// Attaches a resource-based permission policy to a CloudTrail channel that is
// used for an integration with an event source outside of Amazon Web Services. For
// more information about resource-based policies, see CloudTrail resource-based
// policy examples (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html)
// in the CloudTrail User Guide.
PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
// Registers an organization’s member account as the CloudTrail delegated
// administrator.
RegisterOrganizationDelegatedAdmin(ctx context.Context, params *RegisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*RegisterOrganizationDelegatedAdminOutput, error)
// Removes the specified tags from a trail, event data store, or channel.
RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
// Restores a deleted event data store specified by EventDataStore , which accepts
// an event data store ARN. You can only restore a deleted event data store within
// the seven-day wait period after deletion. Restoring an event data store can take
// several minutes, depending on the size of the event data store.
RestoreEventDataStore(ctx context.Context, params *RestoreEventDataStoreInput, optFns ...func(*Options)) (*RestoreEventDataStoreOutput, error)
// Starts an import of logged trail events from a source S3 bucket to a
// destination event data store. By default, CloudTrail only imports events
// contained in the S3 bucket's CloudTrail prefix and the prefixes inside the
// CloudTrail prefix, and does not check prefixes for other Amazon Web Services
// services. If you want to import CloudTrail events contained in another prefix,
// you must include the prefix in the S3LocationUri . For more considerations about
// importing trail events, see Considerations (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-copy-trail-to-lake.html#cloudtrail-trail-copy-considerations)
// . When you start a new import, the Destinations and ImportSource parameters are
// required. Before starting a new import, disable any access control lists (ACLs)
// attached to the source S3 bucket. For more information about disabling ACLs, see
// Controlling ownership of objects and disabling ACLs for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
// . When you retry an import, the ImportID parameter is required. If the
// destination event data store is for an organization, you must use the management
// account to import trail events. You cannot use the delegated administrator
// account for the organization.
StartImport(ctx context.Context, params *StartImportInput, optFns ...func(*Options)) (*StartImportOutput, error)
// Starts the recording of Amazon Web Services API calls and log file delivery for
// a trail. For a trail that is enabled in all regions, this operation must be
// called from the region in which the trail was created. This operation cannot be
// called on the shadow trails (replicated trails in other regions) of a trail that
// is enabled in all regions.
StartLogging(ctx context.Context, params *StartLoggingInput, optFns ...func(*Options)) (*StartLoggingOutput, error)
// Starts a CloudTrail Lake query. The required QueryStatement parameter provides
// your SQL query, enclosed in single quotation marks. Use the optional
// DeliveryS3Uri parameter to deliver the query results to an S3 bucket.
StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error)
// Stops a specified import.
StopImport(ctx context.Context, params *StopImportInput, optFns ...func(*Options)) (*StopImportOutput, error)
// Suspends the recording of Amazon Web Services API calls and log file delivery
// for the specified trail. Under most circumstances, there is no need to use this
// action. You can update a trail without stopping it first. This action is the
// only way to stop recording. For a trail enabled in all regions, this operation
// must be called from the region in which the trail was created, or an
// InvalidHomeRegionException will occur. This operation cannot be called on the
// shadow trails (replicated trails in other regions) of a trail enabled in all
// regions.
StopLogging(ctx context.Context, params *StopLoggingInput, optFns ...func(*Options)) (*StopLoggingOutput, error)
// Updates a channel specified by a required channel ARN or UUID.
UpdateChannel(ctx context.Context, params *UpdateChannelInput, optFns ...func(*Options)) (*UpdateChannelOutput, error)
// Updates an event data store. The required EventDataStore value is an ARN or the
// ID portion of the ARN. Other parameters are optional, but at least one optional
// parameter must be specified, or CloudTrail throws an error. RetentionPeriod is
// in days, and valid values are integers between 90 and 2557. By default,
// TerminationProtection is enabled. For event data stores for CloudTrail events,
// AdvancedEventSelectors includes or excludes management and data events in your
// event data store. For more information about AdvancedEventSelectors , see
// PutEventSelectorsRequest$AdvancedEventSelectors . For event data stores for
// Config configuration items, Audit Manager evidence, or non-Amazon Web Services
// events, AdvancedEventSelectors includes events of that type in your event data
// store.
UpdateEventDataStore(ctx context.Context, params *UpdateEventDataStoreInput, optFns ...func(*Options)) (*UpdateEventDataStoreOutput, error)
// Updates trail settings that control what events you are logging, and how to
// handle log files. Changes to a trail do not require stopping the CloudTrail
// service. Use this action to designate an existing bucket for log delivery. If
// the existing bucket has previously been a target for CloudTrail log files, an
// IAM policy exists for the bucket. UpdateTrail must be called from the region in
// which the trail was created; otherwise, an InvalidHomeRegionException is thrown.
UpdateTrail(ctx context.Context, params *UpdateTrailInput, optFns ...func(*Options)) (*UpdateTrailOutput, error)
}
CloudTrail provides an interface to the AWS CloudTrail service.
type CloudWatchLogs ¶ added in v0.92.0
type CloudWatchLogs interface {
// Associates the specified KMS key with the specified log group. Associating a
// KMS key with a log group overrides any existing associations between the log
// group and a KMS key. After a KMS key is associated with a log group, all newly
// ingested data for the log group is encrypted using the KMS key. This association
// is stored as long as the data encrypted with the KMS keyis still within
// CloudWatch Logs. This enables CloudWatch Logs to decrypt this data whenever it
// is requested. CloudWatch Logs supports only symmetric KMS keys. Do not use an
// associate an asymmetric KMS key with your log group. For more information, see
// Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
// . It can take up to 5 minutes for this operation to take effect. If you attempt
// to associate a KMS key with a log group but the KMS key does not exist or the
// KMS key is disabled, you receive an InvalidParameterException error.
AssociateKmsKey(ctx context.Context, params *AssociateKmsKeyInput, optFns ...func(*Options)) (*AssociateKmsKeyOutput, error)
// Cancels the specified export task. The task must be in the PENDING or RUNNING
// state.
CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error)
// Creates an export task so that you can efficiently export data from a log group
// to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must
// use credentials that have permission to write to the S3 bucket that you specify
// as the destination. Exporting log data to S3 buckets that are encrypted by KMS
// is supported. Exporting log data to Amazon S3 buckets that have S3 Object Lock
// enabled with a retention period is also supported. Exporting to S3 buckets that
// are encrypted with AES-256 is supported. This is an asynchronous call. If all
// the required information is provided, this operation initiates an export task
// and responds with the ID of the task. After the task has started, you can use
// DescribeExportTasks (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html)
// to get the status of the export task. Each account can only have one active (
// RUNNING or PENDING ) export task at a time. To cancel an export task, use
// CancelExportTask (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html)
// . You can export logs from multiple log groups or multiple time ranges to the
// same S3 bucket. To separate log data for each export task, specify a prefix to
// be used as the Amazon S3 key prefix for all exported objects. Time-based sorting
// on chunks of log data inside an exported file is not guaranteed. You can sort
// the exported log field data by using Linux utilities.
CreateExportTask(ctx context.Context, params *CreateExportTaskInput, optFns ...func(*Options)) (*CreateExportTaskOutput, error)
// Creates a log group with the specified name. You can create up to 20,000 log
// groups per account. You must use the following guidelines when naming a log
// group:
// - Log group names must be unique within a Region for an Amazon Web Services
// account.
// - Log group names can be between 1 and 512 characters long.
// - Log group names consist of the following characters: a-z, A-Z, 0-9, '_'
// (underscore), '-' (hyphen), '/' (forward slash), '.' (period), and '#' (number
// sign)
//
// When you create a log group, by default the log events in the log group do not
// expire. To set a retention policy so that events expire and are deleted after a
// specified time, use PutRetentionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html)
// . If you associate an KMS key with the log group, ingested data is encrypted
// using the KMS key. This association is stored as long as the data encrypted with
// the KMS key is still within CloudWatch Logs. This enables CloudWatch Logs to
// decrypt this data whenever it is requested. If you attempt to associate a KMS
// key with the log group but the KMS keydoes not exist or the KMS key is disabled,
// you receive an InvalidParameterException error. CloudWatch Logs supports only
// symmetric KMS keys. Do not associate an asymmetric KMS key with your log group.
// For more information, see Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
// .
CreateLogGroup(ctx context.Context, params *CreateLogGroupInput, optFns ...func(*Options)) (*CreateLogGroupOutput, error)
// Creates a log stream for the specified log group. A log stream is a sequence of
// log events that originate from a single source, such as an application instance
// or a resource that is being monitored. There is no limit on the number of log
// streams that you can create for a log group. There is a limit of 50 TPS on
// CreateLogStream operations, after which transactions are throttled. You must use
// the following guidelines when naming a log stream:
// - Log stream names must be unique within the log group.
// - Log stream names can be between 1 and 512 characters long.
// - Don't use ':' (colon) or '*' (asterisk) characters.
CreateLogStream(ctx context.Context, params *CreateLogStreamInput, optFns ...func(*Options)) (*CreateLogStreamOutput, error)
// Deletes the data protection policy from the specified log group. For more
// information about data protection policies, see PutDataProtectionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html)
// .
DeleteDataProtectionPolicy(ctx context.Context, params *DeleteDataProtectionPolicyInput, optFns ...func(*Options)) (*DeleteDataProtectionPolicyOutput, error)
// Deletes the specified destination, and eventually disables all the subscription
// filters that publish to it. This operation does not delete the physical resource
// encapsulated by the destination.
DeleteDestination(ctx context.Context, params *DeleteDestinationInput, optFns ...func(*Options)) (*DeleteDestinationOutput, error)
// Deletes the specified log group and permanently deletes all the archived log
// events associated with the log group.
DeleteLogGroup(ctx context.Context, params *DeleteLogGroupInput, optFns ...func(*Options)) (*DeleteLogGroupOutput, error)
// Deletes the specified log stream and permanently deletes all the archived log
// events associated with the log stream.
DeleteLogStream(ctx context.Context, params *DeleteLogStreamInput, optFns ...func(*Options)) (*DeleteLogStreamOutput, error)
// Deletes the specified metric filter.
DeleteMetricFilter(ctx context.Context, params *DeleteMetricFilterInput, optFns ...func(*Options)) (*DeleteMetricFilterOutput, error)
// Deletes a saved CloudWatch Logs Insights query definition. A query definition
// contains details about a saved CloudWatch Logs Insights query. Each
// DeleteQueryDefinition operation can delete one query definition. You must have
// the logs:DeleteQueryDefinition permission to be able to perform this operation.
DeleteQueryDefinition(ctx context.Context, params *DeleteQueryDefinitionInput, optFns ...func(*Options)) (*DeleteQueryDefinitionOutput, error)
// Deletes a resource policy from this account. This revokes the access of the
// identities in that policy to put log events to this account.
DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
// Deletes the specified retention policy. Log events do not expire if they belong
// to log groups without a retention policy.
DeleteRetentionPolicy(ctx context.Context, params *DeleteRetentionPolicyInput, optFns ...func(*Options)) (*DeleteRetentionPolicyOutput, error)
// Deletes the specified subscription filter.
DeleteSubscriptionFilter(ctx context.Context, params *DeleteSubscriptionFilterInput, optFns ...func(*Options)) (*DeleteSubscriptionFilterOutput, error)
// Lists all your destinations. The results are ASCII-sorted by destination name.
DescribeDestinations(ctx context.Context, params *DescribeDestinationsInput, optFns ...func(*Options)) (*DescribeDestinationsOutput, error)
// Lists the specified export tasks. You can list all your export tasks or filter
// the results based on task ID or task status.
DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error)
// Lists the specified log groups. You can list all your log groups or filter the
// results by prefix. The results are ASCII-sorted by log group name. CloudWatch
// Logs doesn’t support IAM policies that control access to the DescribeLogGroups
// action by using the aws:ResourceTag/key-name condition key. Other CloudWatch
// Logs actions do support the use of the aws:ResourceTag/key-name condition key
// to control access. For more information about using tags to control access, see
// Controlling access to Amazon Web Services resources using tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// . If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html)
// .
DescribeLogGroups(ctx context.Context, params *DescribeLogGroupsInput, optFns ...func(*Options)) (*DescribeLogGroupsOutput, error)
// Lists the log streams for the specified log group. You can list all the log
// streams or filter the results by prefix. You can also control how the results
// are ordered. You can specify the log group to search by using either
// logGroupIdentifier or logGroupName . You must include one of these two
// parameters, but you can't include both. This operation has a limit of five
// transactions per second, after which transactions are throttled. If you are
// using CloudWatch cross-account observability, you can use this operation in a
// monitoring account and view data from the linked source accounts. For more
// information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html)
// .
DescribeLogStreams(ctx context.Context, params *DescribeLogStreamsInput, optFns ...func(*Options)) (*DescribeLogStreamsOutput, error)
// Lists the specified metric filters. You can list all of the metric filters or
// filter the results by log name, prefix, metric name, or metric namespace. The
// results are ASCII-sorted by filter name.
DescribeMetricFilters(ctx context.Context, params *DescribeMetricFiltersInput, optFns ...func(*Options)) (*DescribeMetricFiltersOutput, error)
// Returns a list of CloudWatch Logs Insights queries that are scheduled, running,
// or have been run recently in this account. You can request all queries or limit
// it to queries of a specific log group or queries with a certain status.
DescribeQueries(ctx context.Context, params *DescribeQueriesInput, optFns ...func(*Options)) (*DescribeQueriesOutput, error)
// This operation returns a paginated list of your saved CloudWatch Logs Insights
// query definitions. You can use the queryDefinitionNamePrefix parameter to limit
// the results to only the query definitions that have names that start with a
// certain string.
DescribeQueryDefinitions(ctx context.Context, params *DescribeQueryDefinitionsInput, optFns ...func(*Options)) (*DescribeQueryDefinitionsOutput, error)
// Lists the resource policies in this account.
DescribeResourcePolicies(ctx context.Context, params *DescribeResourcePoliciesInput, optFns ...func(*Options)) (*DescribeResourcePoliciesOutput, error)
// Lists the subscription filters for the specified log group. You can list all
// the subscription filters or filter the results by prefix. The results are
// ASCII-sorted by filter name.
DescribeSubscriptionFilters(ctx context.Context, params *DescribeSubscriptionFiltersInput, optFns ...func(*Options)) (*DescribeSubscriptionFiltersOutput, error)
// Disassociates the associated KMS key from the specified log group. After the
// KMS key is disassociated from the log group, CloudWatch Logs stops encrypting
// newly ingested data for the log group. All previously ingested data remains
// encrypted, and CloudWatch Logs requires permissions for the KMS key whenever the
// encrypted data is requested. Note that it can take up to 5 minutes for this
// operation to take effect.
DisassociateKmsKey(ctx context.Context, params *DisassociateKmsKeyInput, optFns ...func(*Options)) (*DisassociateKmsKeyOutput, error)
// Lists log events from the specified log group. You can list all the log events
// or filter the results using a filter pattern, a time range, and the name of the
// log stream. You must have the logs;FilterLogEvents permission to perform this
// operation. You can specify the log group to search by using either
// logGroupIdentifier or logGroupName . You must include one of these two
// parameters, but you can't include both. By default, this operation returns as
// many log events as can fit in 1 MB (up to 10,000 log events) or all the events
// found within the specified time range. If the results include a token, that
// means there are more log events available. You can get additional results by
// specifying the token in a subsequent call. This operation can return empty
// results while there are more log events available through the token. The
// returned log events are sorted by event timestamp, the timestamp when the event
// was ingested by CloudWatch Logs, and the ID of the PutLogEvents request. If you
// are using CloudWatch cross-account observability, you can use this operation in
// a monitoring account and view data from the linked source accounts. For more
// information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html)
// .
FilterLogEvents(ctx context.Context, params *FilterLogEventsInput, optFns ...func(*Options)) (*FilterLogEventsOutput, error)
// Returns information about a log group data protection policy.
GetDataProtectionPolicy(ctx context.Context, params *GetDataProtectionPolicyInput, optFns ...func(*Options)) (*GetDataProtectionPolicyOutput, error)
// Lists log events from the specified log stream. You can list all of the log
// events or filter using a time range. By default, this operation returns as many
// log events as can fit in a response size of 1MB (up to 10,000 log events). You
// can get additional log events by specifying one of the tokens in a subsequent
// call. This operation can return empty results while there are more log events
// available through the token. If you are using CloudWatch cross-account
// observability, you can use this operation in a monitoring account and view data
// from the linked source accounts. For more information, see CloudWatch
// cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html)
// . You can specify the log group to search by using either logGroupIdentifier or
// logGroupName . You must include one of these two parameters, but you can't
// include both.
GetLogEvents(ctx context.Context, params *GetLogEventsInput, optFns ...func(*Options)) (*GetLogEventsOutput, error)
// Returns a list of the fields that are included in log events in the specified
// log group. Includes the percentage of log events that contain each field. The
// search is limited to a time period that you specify. You can specify the log
// group to search by using either logGroupIdentifier or logGroupName . You must
// specify one of these parameters, but you can't specify both. In the results,
// fields that start with @ are fields generated by CloudWatch Logs. For example,
// @timestamp is the timestamp of each log event. For more information about the
// fields that are generated by CloudWatch logs, see Supported Logs and Discovered
// Fields (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html)
// . The response results are sorted by the frequency percentage, starting with the
// highest percentage. If you are using CloudWatch cross-account observability, you
// can use this operation in a monitoring account and view data from the linked
// source accounts. For more information, see CloudWatch cross-account
// observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html)
// .
GetLogGroupFields(ctx context.Context, params *GetLogGroupFieldsInput, optFns ...func(*Options)) (*GetLogGroupFieldsOutput, error)
// Retrieves all of the fields and values of a single log event. All fields are
// retrieved, even if the original query that produced the logRecordPointer
// retrieved only a subset of fields. Fields are returned as field name/field value
// pairs. The full unparsed log event is returned within @message .
GetLogRecord(ctx context.Context, params *GetLogRecordInput, optFns ...func(*Options)) (*GetLogRecordOutput, error)
// Returns the results from the specified query. Only the fields requested in the
// query are returned, along with a @ptr field, which is the identifier for the
// log record. You can use the value of @ptr in a GetLogRecord (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html)
// operation to get the full log record. GetQueryResults does not start running a
// query. To run a query, use StartQuery (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html)
// . If the value of the Status field in the output is Running , this operation
// returns only partial results. If you see a value of Scheduled or Running for
// the status, you can retry the operation later to see the final results. If you
// are using CloudWatch cross-account observability, you can use this operation in
// a monitoring account to start queries in linked source accounts. For more
// information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html)
// .
GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error)
// Displays the tags associated with a CloudWatch Logs resource. Currently, log
// groups and destinations support tagging.
ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
// The ListTagsLogGroup operation is on the path to deprecation. We recommend that
// you use ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html)
// instead. Lists the tags for the specified log group.
//
// Deprecated: Please use the generic tagging API ListTagsForResource
ListTagsLogGroup(ctx context.Context, params *ListTagsLogGroupInput, optFns ...func(*Options)) (*ListTagsLogGroupOutput, error)
// Creates a data protection policy for the specified log group. A data protection
// policy can help safeguard sensitive data that's ingested by the log group by
// auditing and masking the sensitive log data. Sensitive data is detected and
// masked when it is ingested into the log group. When you set a data protection
// policy, log events ingested into the log group before that time are not masked.
// By default, when a user views a log event that includes masked data, the
// sensitive data is replaced by asterisks. A user who has the logs:Unmask
// permission can use a GetLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html)
// or FilterLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html)
// operation with the unmask parameter set to true to view the unmasked log
// events. Users with the logs:Unmask can also view unmasked data in the
// CloudWatch Logs console by running a CloudWatch Logs Insights query with the
// unmask query command. For more information, including a list of types of data
// that can be audited and masked, see Protect sensitive log data with masking (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html)
// .
PutDataProtectionPolicy(ctx context.Context, params *PutDataProtectionPolicyInput, optFns ...func(*Options)) (*PutDataProtectionPolicyOutput, error)
// Creates or updates a destination. This operation is used only to create
// destinations for cross-account subscriptions. A destination encapsulates a
// physical resource (such as an Amazon Kinesis stream). With a destination, you
// can subscribe to a real-time stream of log events for a different account,
// ingested using PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html)
// . Through an access policy, a destination controls what is written to it. By
// default, PutDestination does not set any access policy with the destination,
// which means a cross-account user cannot call PutSubscriptionFilter (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html)
// against this destination. To enable this, the destination owner must call
// PutDestinationPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html)
// after PutDestination . To perform a PutDestination operation, you must also
// have the iam:PassRole permission.
PutDestination(ctx context.Context, params *PutDestinationInput, optFns ...func(*Options)) (*PutDestinationOutput, error)
// Creates or updates an access policy associated with an existing destination. An
// access policy is an IAM policy document (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html)
// that is used to authorize claims to register a subscription filter against a
// given destination.
PutDestinationPolicy(ctx context.Context, params *PutDestinationPolicyInput, optFns ...func(*Options)) (*PutDestinationPolicyOutput, error)
// Uploads a batch of log events to the specified log stream. The sequence token
// is now ignored in PutLogEvents actions. PutLogEvents actions are always
// accepted and never return InvalidSequenceTokenException or
// DataAlreadyAcceptedException even if the sequence token is not valid. You can
// use parallel PutLogEvents actions on the same log stream. The batch of events
// must satisfy the following constraints:
// - The maximum batch size is 1,048,576 bytes. This size is calculated as the
// sum of all event messages in UTF-8, plus 26 bytes for each log event.
// - None of the log events in the batch can be more than 2 hours in the future.
// - None of the log events in the batch can be more than 14 days in the past.
// Also, none of the log events can be from earlier than the retention period of
// the log group.
// - The log events in the batch must be in chronological order by their
// timestamp. The timestamp is the time that the event occurred, expressed as the
// number of milliseconds after Jan 1, 1970 00:00:00 UTC . (In Amazon Web
// Services Tools for PowerShell and the Amazon Web Services SDK for .NET, the
// timestamp is specified in .NET format: yyyy-mm-ddThh:mm:ss . For example,
// 2017-09-15T13:45:30 .)
// - A batch of log events in a single request cannot span more than 24 hours.
// Otherwise, the operation fails.
// - The maximum number of log events in a batch is 10,000.
// - The quota of five requests per second per log stream has been removed.
// Instead, PutLogEvents actions are throttled based on a per-second per-account
// quota. You can request an increase to the per-second throttling quota by using
// the Service Quotas service.
//
// If a call to PutLogEvents returns "UnrecognizedClientException" the most likely
// cause is a non-valid Amazon Web Services access key ID or secret key.
PutLogEvents(ctx context.Context, params *PutLogEventsInput, optFns ...func(*Options)) (*PutLogEventsOutput, error)
// Creates or updates a metric filter and associates it with the specified log
// group. With metric filters, you can configure rules to extract metric data from
// log events ingested through PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html)
// . The maximum number of metric filters that can be associated with a log group
// is 100. When you create a metric filter, you can also optionally assign a unit
// and dimensions to the metric that is created. Metrics extracted from log events
// are charged as custom metrics. To prevent unexpected high charges, do not
// specify high-cardinality fields such as IPAddress or requestID as dimensions.
// Each different value found for a dimension is treated as a separate metric and
// accrues charges as a separate custom metric. CloudWatch Logs disables a metric
// filter if it generates 1,000 different name/value pairs for your specified
// dimensions within a certain amount of time. This helps to prevent accidental
// high charges. You can also set up a billing alarm to alert you if your charges
// are higher than expected. For more information, see Creating a Billing Alarm to
// Monitor Your Estimated Amazon Web Services Charges (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html)
// .
PutMetricFilter(ctx context.Context, params *PutMetricFilterInput, optFns ...func(*Options)) (*PutMetricFilterOutput, error)
// Creates or updates a query definition for CloudWatch Logs Insights. For more
// information, see Analyzing Log Data with CloudWatch Logs Insights (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html)
// . To update a query definition, specify its queryDefinitionId in your request.
// The values of name , queryString , and logGroupNames are changed to the values
// that you specify in your update operation. No current values are retained from
// the current query definition. For example, imagine updating a current query
// definition that includes log groups. If you don't specify the logGroupNames
// parameter in your update operation, the query definition changes to contain no
// log groups. You must have the logs:PutQueryDefinition permission to be able to
// perform this operation.
PutQueryDefinition(ctx context.Context, params *PutQueryDefinitionInput, optFns ...func(*Options)) (*PutQueryDefinitionOutput, error)
// Creates or updates a resource policy allowing other Amazon Web Services
// services to put log events to this account, such as Amazon Route 53. An account
// can have up to 10 resource policies per Amazon Web Services Region.
PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
// Sets the retention of the specified log group. With a retention policy, you can
// configure the number of days for which to retain log events in the specified log
// group. CloudWatch Logs doesn’t immediately delete log events when they reach
// their retention setting. It typically takes up to 72 hours after that before log
// events are deleted, but in rare situations might take longer. To illustrate,
// imagine that you change a log group to have a longer retention setting when it
// contains log events that are past the expiration date, but haven’t been deleted.
// Those log events will take up to 72 hours to be deleted after the new retention
// date is reached. To make sure that log data is deleted permanently, keep a log
// group at its lower retention setting until 72 hours after the previous retention
// period ends. Alternatively, wait to change the retention setting until you
// confirm that the earlier log events are deleted.
PutRetentionPolicy(ctx context.Context, params *PutRetentionPolicyInput, optFns ...func(*Options)) (*PutRetentionPolicyOutput, error)
// Creates or updates a subscription filter and associates it with the specified
// log group. With subscription filters, you can subscribe to a real-time stream of
// log events ingested through PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html)
// and have them delivered to a specific destination. When log events are sent to
// the receiving service, they are Base64 encoded and compressed with the GZIP
// format. The following destinations are supported for subscription filters:
// - An Amazon Kinesis data stream belonging to the same account as the
// subscription filter, for same-account delivery.
// - A logical destination that belongs to a different account, for
// cross-account delivery.
// - An Amazon Kinesis Data Firehose delivery stream that belongs to the same
// account as the subscription filter, for same-account delivery.
// - An Lambda function that belongs to the same account as the subscription
// filter, for same-account delivery.
//
// Each log group can have up to two subscription filters associated with it. If
// you are updating an existing filter, you must specify the correct name in
// filterName . To perform a PutSubscriptionFilter operation, you must also have
// the iam:PassRole permission.
PutSubscriptionFilter(ctx context.Context, params *PutSubscriptionFilterInput, optFns ...func(*Options)) (*PutSubscriptionFilterOutput, error)
// Schedules a query of a log group using CloudWatch Logs Insights. You specify
// the log group and time range to query and the query string to use. For more
// information, see CloudWatch Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html)
// . Queries time out after 15 minutes of runtime. If your queries are timing out,
// reduce the time range being searched or partition your query into a number of
// queries. If you are using CloudWatch cross-account observability, you can use
// this operation in a monitoring account to start a query in a linked source
// account. For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html)
// . For a cross-account StartQuery operation, the query definition must be
// defined in the monitoring account. You can have up to 20 concurrent CloudWatch
// Logs insights queries, including queries that have been added to dashboards.
StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error)
// Stops a CloudWatch Logs Insights query that is in progress. If the query has
// already ended, the operation returns an error indicating that the specified
// query is not running.
StopQuery(ctx context.Context, params *StopQueryInput, optFns ...func(*Options)) (*StopQueryOutput, error)
// The TagLogGroup operation is on the path to deprecation. We recommend that you
// use TagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html)
// instead. Adds or updates the specified tags for the specified log group. To list
// the tags for a log group, use ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html)
// . To remove tags, use UntagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html)
// . For more information about tags, see Tag Log Groups in Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#log-group-tagging)
// in the Amazon CloudWatch Logs User Guide. CloudWatch Logs doesn’t support IAM
// policies that prevent users from assigning specified tags to log groups using
// the aws:Resource/key-name or aws:TagKeys condition keys. For more information
// about using tags to control access, see Controlling access to Amazon Web
// Services resources using tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// .
//
// Deprecated: Please use the generic tagging API TagResource
TagLogGroup(ctx context.Context, params *TagLogGroupInput, optFns ...func(*Options)) (*TagLogGroupOutput, error)
// Assigns one or more tags (key-value pairs) to the specified CloudWatch Logs
// resource. Currently, the only CloudWatch Logs resources that can be tagged are
// log groups and destinations. Tags can help you organize and categorize your
// resources. You can also use them to scope user permissions by granting a user
// permission to access or change only resources with certain tag values. Tags
// don't have any semantic meaning to Amazon Web Services and are interpreted
// strictly as strings of characters. You can use the TagResource action with a
// resource that already has tags. If you specify a new tag key for the alarm, this
// tag is appended to the list of tags associated with the alarm. If you specify a
// tag key that is already associated with the alarm, the new tag value that you
// specify replaces the previous value for that tag. You can associate as many as
// 50 tags with a CloudWatch Logs resource.
TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
// Tests the filter pattern of a metric filter against a sample of log event
// messages. You can use this operation to validate the correctness of a metric
// filter pattern.
TestMetricFilter(ctx context.Context, params *TestMetricFilterInput, optFns ...func(*Options)) (*TestMetricFilterOutput, error)
// The UntagLogGroup operation is on the path to deprecation. We recommend that
// you use UntagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html)
// instead. Removes the specified tags from the specified log group. To list the
// tags for a log group, use ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html)
// . To add tags, use TagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html)
// . CloudWatch Logs doesn’t support IAM policies that prevent users from assigning
// specified tags to log groups using the aws:Resource/key-name or aws:TagKeys
// condition keys.
//
// Deprecated: Please use the generic tagging API UntagResource
UntagLogGroup(ctx context.Context, params *UntagLogGroupInput, optFns ...func(*Options)) (*UntagLogGroupOutput, error)
// Removes one or more tags from the specified resource.
UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
}
CloudWatchLogs provides an interface to the AWS CloudWatchLogs service.
type EC2 ¶ added in v0.94.0
type EC2 interface {
// Accepts the Convertible Reserved Instance exchange quote described in the
// GetReservedInstancesExchangeQuote call.
AcceptReservedInstancesExchangeQuote(ctx context.Context, params *AcceptReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*AcceptReservedInstancesExchangeQuoteOutput, error)
// Accepts a request to associate subnets with a transit gateway multicast domain.
AcceptTransitGatewayMulticastDomainAssociations(ctx context.Context, params *AcceptTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*AcceptTransitGatewayMulticastDomainAssociationsOutput, error)
// Accepts a transit gateway peering attachment request. The peering attachment
// must be in the pendingAcceptance state.
AcceptTransitGatewayPeeringAttachment(ctx context.Context, params *AcceptTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayPeeringAttachmentOutput, error)
// Accepts a request to attach a VPC to a transit gateway. The VPC attachment must
// be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to
// view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment
// to reject a VPC attachment request.
AcceptTransitGatewayVpcAttachment(ctx context.Context, params *AcceptTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayVpcAttachmentOutput, error)
// Accepts one or more interface VPC endpoint connection requests to your VPC
// endpoint service.
AcceptVpcEndpointConnections(ctx context.Context, params *AcceptVpcEndpointConnectionsInput, optFns ...func(*Options)) (*AcceptVpcEndpointConnectionsOutput, error)
// Accept a VPC peering connection request. To accept a request, the VPC peering
// connection must be in the pending-acceptance state, and you must be the owner of
// the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC
// peering connection requests. For an inter-Region VPC peering connection request,
// you must accept the VPC peering connection in the Region of the accepter VPC.
AcceptVpcPeeringConnection(ctx context.Context, params *AcceptVpcPeeringConnectionInput, optFns ...func(*Options)) (*AcceptVpcPeeringConnectionOutput, error)
// Advertises an IPv4 or IPv6 address range that is provisioned for use with your
// Amazon Web Services resources through bring your own IP addresses (BYOIP). You
// can perform this operation at most once every 10 seconds, even if you specify
// different address ranges each time. We recommend that you stop advertising the
// BYOIP CIDR from other locations when you advertise it from Amazon Web Services.
// To minimize down time, you can configure your Amazon Web Services resources to
// use an address from a BYOIP CIDR before it is advertised, and then
// simultaneously stop advertising it from the current location and start
// advertising it through Amazon Web Services. It can take a few minutes before
// traffic to the specified addresses starts routing to Amazon Web Services because
// of BGP propagation delays. To stop advertising the BYOIP CIDR, use
// WithdrawByoipCidr.
AdvertiseByoipCidr(ctx context.Context, params *AdvertiseByoipCidrInput, optFns ...func(*Options)) (*AdvertiseByoipCidrOutput, error)
// Allocates an Elastic IP address to your Amazon Web Services account. After you
// allocate the Elastic IP address you can associate it with an instance or network
// interface. After you release an Elastic IP address, it is released to the IP
// address pool and can be allocated to a different Amazon Web Services account.
// You can allocate an Elastic IP address from an address pool owned by Amazon Web
// Services or from an address pool created from a public IPv4 address range that
// you have brought to Amazon Web Services for use with your Amazon Web Services
// resources using bring your own IP addresses (BYOIP). For more information, see
// Bring Your Own IP Addresses (BYOIP)
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the
// Amazon Elastic Compute Cloud User Guide. [EC2-VPC] If you release an Elastic IP
// address, you might be able to recover it. You cannot recover an Elastic IP
// address that you released after it is allocated to another Amazon Web Services
// account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to
// recover an Elastic IP address that you released, specify it in this operation.
// An Elastic IP address is for use either in the EC2-Classic platform or in a VPC.
// By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region
// and 5 Elastic IP addresses for EC2-VPC per Region. For more information, see
// Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide. You can allocate a carrier IP
// address which is a public IP address from a telecommunication carrier, to a
// network interface which resides in a subnet in a Wavelength Zone (for example an
// EC2 instance).
AllocateAddress(ctx context.Context, params *AllocateAddressInput, optFns ...func(*Options)) (*AllocateAddressOutput, error)
// Allocates a Dedicated Host to your account. At a minimum, specify the supported
// instance type or instance family, the Availability Zone in which to allocate the
// host, and the number of hosts to allocate.
AllocateHosts(ctx context.Context, params *AllocateHostsInput, optFns ...func(*Options)) (*AllocateHostsOutput, error)
// Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment
// from an IPAM pool to another resource or IPAM pool. For more information, see
// Allocate CIDRs in the Amazon VPC IPAM User Guide.
AllocateIpamPoolCidr(ctx context.Context, params *AllocateIpamPoolCidrInput, optFns ...func(*Options)) (*AllocateIpamPoolCidrOutput, error)
// Applies a security group to the association between the target network and the
// Client VPN endpoint. This action replaces the existing security groups with the
// specified security groups.
ApplySecurityGroupsToClientVpnTargetNetwork(ctx context.Context, params *ApplySecurityGroupsToClientVpnTargetNetworkInput, optFns ...func(*Options)) (*ApplySecurityGroupsToClientVpnTargetNetworkOutput, error)
// Assigns one or more IPv6 addresses to the specified network interface. You can
// specify one or more specific IPv6 addresses, or you can specify the number of
// IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR
// block range. You can assign as many IPv6 addresses to a network interface as you
// can assign private IPv4 addresses, and the limit varies per instance type. For
// information, see IP Addresses Per Network Interface Per Instance Type
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI)
// in the Amazon Elastic Compute Cloud User Guide. You must specify either the IPv6
// addresses or the IPv6 address count in the request. You can optionally use
// Prefix Delegation on the network interface. You must specify either the IPV6
// Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For
// information, see Assigning prefixes to Amazon EC2 network interfaces
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the
// Amazon Elastic Compute Cloud User Guide.
AssignIpv6Addresses(ctx context.Context, params *AssignIpv6AddressesInput, optFns ...func(*Options)) (*AssignIpv6AddressesOutput, error)
// Assigns one or more secondary private IP addresses to the specified network
// interface. You can specify one or more specific secondary IP addresses, or you
// can specify the number of secondary IP addresses to be automatically assigned
// within the subnet's CIDR block range. The number of secondary IP addresses that
// you can assign to an instance varies by instance type. For information about
// instance types, see Instance Types
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the
// Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP
// addresses, see Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide. When you move a secondary
// private IP address to another network interface, any Elastic IP address that is
// associated with the IP address is also moved. Remapping an IP address is an
// asynchronous operation. When you move an IP address from one network interface
// to another, check network/interfaces/macs/mac/local-ipv4s in the instance
// metadata to confirm that the remapping is complete. You must specify either the
// IP addresses or the IP address count in the request. You can optionally use
// Prefix Delegation on the network interface. You must specify either the IPv4
// Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For
// information, see Assigning prefixes to Amazon EC2 network interfaces
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the
// Amazon Elastic Compute Cloud User Guide.
AssignPrivateIpAddresses(ctx context.Context, params *AssignPrivateIpAddressesInput, optFns ...func(*Options)) (*AssignPrivateIpAddressesOutput, error)
// Associates an Elastic IP address, or carrier IP address (for instances that are
// in subnets in Wavelength Zones) with an instance or a network interface. Before
// you can use an Elastic IP address, you must allocate it to your account. An
// Elastic IP address is for use in either the EC2-Classic platform or in a VPC.
// For more information, see Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide. [EC2-Classic, VPC in an
// EC2-VPC-only account] If the Elastic IP address is already associated with a
// different instance, it is disassociated from that instance and associated with
// the specified instance. If you associate an Elastic IP address with an instance
// that has an existing Elastic IP address, the existing address is disassociated
// from the instance, but remains allocated to your account. [VPC in an EC2-Classic
// account] If you don't specify a private IP address, the Elastic IP address is
// associated with the primary IP address. If the Elastic IP address is already
// associated with a different instance or a network interface, you get an error
// unless you allow reassociation. You cannot associate an Elastic IP address with
// an instance or network interface that has an existing Elastic IP address.
// [Subnets in Wavelength Zones] You can associate an IP address from the
// telecommunication carrier to the instance or network interface. You cannot
// associate an Elastic IP address with an interface in a different network border
// group. This is an idempotent operation. If you perform the operation more than
// once, Amazon EC2 doesn't return an error, and you may be charged for each time
// the Elastic IP address is remapped to the same instance. For more information,
// see the Elastic IP Addresses section of Amazon EC2 Pricing
// (http://aws.amazon.com/ec2/pricing/).
AssociateAddress(ctx context.Context, params *AssociateAddressInput, optFns ...func(*Options)) (*AssociateAddressOutput, error)
// Associates a target network with a Client VPN endpoint. A target network is a
// subnet in a VPC. You can associate multiple subnets from the same VPC with a
// Client VPN endpoint. You can associate only one subnet in each Availability
// Zone. We recommend that you associate at least two subnets to provide
// Availability Zone redundancy. If you specified a VPC when you created the Client
// VPN endpoint or if you have previous subnet associations, the specified subnet
// must be in the same VPC. To specify a subnet that's in a different VPC, you must
// first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the
// VPC that's associated with it.
AssociateClientVpnTargetNetwork(ctx context.Context, params *AssociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*AssociateClientVpnTargetNetworkOutput, error)
// Associates a set of DHCP options (that you've previously created) with the
// specified VPC, or associates no DHCP options with the VPC. After you associate
// the options with the VPC, any existing instances and all new instances that you
// launch in that VPC use the options. You don't need to restart or relaunch the
// instances. They automatically pick up the changes within a few hours, depending
// on how frequently the instance renews its DHCP lease. You can explicitly renew
// the lease using the operating system on the instance. For more information, see
// DHCP options sets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
// Amazon Virtual Private Cloud User Guide.
AssociateDhcpOptions(ctx context.Context, params *AssociateDhcpOptionsInput, optFns ...func(*Options)) (*AssociateDhcpOptionsOutput, error)
// Associates an Identity and Access Management (IAM) role with an Certificate
// Manager (ACM) certificate. This enables the certificate to be used by the ACM
// for Nitro Enclaves application inside an enclave. For more information, see
// Certificate Manager for Nitro Enclaves
// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) in
// the Amazon Web Services Nitro Enclaves User Guide. When the IAM role is
// associated with the ACM certificate, the certificate, certificate chain, and
// encrypted private key are placed in an Amazon S3 bucket that only the associated
// IAM role can access. The private key of the certificate is encrypted with an
// Amazon Web Services managed key that has an attached attestation-based key
// policy. To enable the IAM role to access the Amazon S3 object, you must grant it
// permission to call s3:GetObject on the Amazon S3 bucket returned by the command.
// To enable the IAM role to access the KMS key, you must grant it permission to
// call kms:Decrypt on the KMS key returned by the command. For more information,
// see Grant the role permission to access the certificate and encryption key
// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy)
// in the Amazon Web Services Nitro Enclaves User Guide.
AssociateEnclaveCertificateIamRole(ctx context.Context, params *AssociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*AssociateEnclaveCertificateIamRoleOutput, error)
// Associates an IAM instance profile with a running or stopped instance. You
// cannot associate more than one IAM instance profile with an instance.
AssociateIamInstanceProfile(ctx context.Context, params *AssociateIamInstanceProfileInput, optFns ...func(*Options)) (*AssociateIamInstanceProfileOutput, error)
// Associates one or more targets with an event window. Only one type of target
// (instance IDs, Dedicated Host IDs, or tags) can be specified with an event
// window. For more information, see Define event windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
AssociateInstanceEventWindow(ctx context.Context, params *AssociateInstanceEventWindowInput, optFns ...func(*Options)) (*AssociateInstanceEventWindowOutput, error)
// Associates a subnet in your VPC or an internet gateway or virtual private
// gateway attached to your VPC with a route table in your VPC. This association
// causes traffic from the subnet or gateway to be routed according to the routes
// in the route table. The action returns an association ID, which you need in
// order to disassociate the route table later. A route table can be associated
// with multiple subnets. For more information, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
AssociateRouteTable(ctx context.Context, params *AssociateRouteTableInput, optFns ...func(*Options)) (*AssociateRouteTableOutput, error)
// Associates a CIDR block with your subnet. You can only associate a single IPv6
// CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of
// /64.
AssociateSubnetCidrBlock(ctx context.Context, params *AssociateSubnetCidrBlockInput, optFns ...func(*Options)) (*AssociateSubnetCidrBlockOutput, error)
// Associates the specified subnets and transit gateway attachments with the
// specified transit gateway multicast domain. The transit gateway attachment must
// be in the available state before you can add a resource. Use
// DescribeTransitGatewayAttachments
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html)
// to see the state of the attachment.
AssociateTransitGatewayMulticastDomain(ctx context.Context, params *AssociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*AssociateTransitGatewayMulticastDomainOutput, error)
// Associates the specified attachment with the specified transit gateway route
// table. You can associate only one route table with an attachment.
AssociateTransitGatewayRouteTable(ctx context.Context, params *AssociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*AssociateTransitGatewayRouteTableOutput, error)
// This API action is currently in limited preview only. If you are interested in
// using this feature, contact your account manager. Associates a branch network
// interface with a trunk network interface. Before you create the association, run
// the create-network-interface
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html)
// command and set --interface-type to trunk. You must also create a network
// interface for each branch network interface that you want to associate with the
// trunk network interface.
AssociateTrunkInterface(ctx context.Context, params *AssociateTrunkInterfaceInput, optFns ...func(*Options)) (*AssociateTrunkInterfaceOutput, error)
// Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR
// block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6
// address pool that you provisioned through bring your own IP addresses (BYOIP
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). The IPv6
// CIDR block size is fixed at /56. You must specify one of the following in the
// request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR
// block. For more information about associating CIDR blocks with your VPC and
// applicable restrictions, see VPC and subnet sizing
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing)
// in the Amazon Virtual Private Cloud User Guide.
AssociateVpcCidrBlock(ctx context.Context, params *AssociateVpcCidrBlockInput, optFns ...func(*Options)) (*AssociateVpcCidrBlockOutput, error)
// Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more
// of the VPC's security groups. You cannot link an EC2-Classic instance to more
// than one VPC at a time. You can only link an instance that's in the running
// state. An instance is automatically unlinked from a VPC when it's stopped - you
// can link it to the VPC again when you restart it. After you've linked an
// instance, you cannot change the VPC security groups that are associated with it.
// To change the security groups, you must first unlink the instance, and then link
// it again. Linking your instance to a VPC is sometimes referred to as attaching
// your instance.
AttachClassicLinkVpc(ctx context.Context, params *AttachClassicLinkVpcInput, optFns ...func(*Options)) (*AttachClassicLinkVpcOutput, error)
// Attaches an internet gateway or a virtual private gateway to a VPC, enabling
// connectivity between the internet and the VPC. For more information about your
// VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide
// (https://docs.aws.amazon.com/vpc/latest/userguide/).
AttachInternetGateway(ctx context.Context, params *AttachInternetGatewayInput, optFns ...func(*Options)) (*AttachInternetGatewayOutput, error)
// Attaches a network interface to an instance.
AttachNetworkInterface(ctx context.Context, params *AttachNetworkInterfaceInput, optFns ...func(*Options)) (*AttachNetworkInterfaceOutput, error)
// Attaches an EBS volume to a running or stopped instance and exposes it to the
// instance with the specified device name. Encrypted EBS volumes must be attached
// to instances that support Amazon EBS encryption. For more information, see
// Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide. After you attach an EBS volume, you
// must make it available. For more information, see Make an EBS volume available
// for use
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html). If
// a volume has an Amazon Web Services Marketplace product code:
//
// * The volume can
// be attached only to a stopped instance.
//
// * Amazon Web Services Marketplace
// product codes are copied from the volume to the instance.
//
// * You must be
// subscribed to the product.
//
// * The instance type and operating system of the
// instance must support the product. For example, you can't detach a volume from a
// Windows instance and attach it to a Linux instance.
//
// For more information, see
// Attach an Amazon EBS volume to an instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html)
// in the Amazon Elastic Compute Cloud User Guide.
AttachVolume(ctx context.Context, params *AttachVolumeInput, optFns ...func(*Options)) (*AttachVolumeOutput, error)
// Attaches a virtual private gateway to a VPC. You can attach one virtual private
// gateway to one VPC at a time. For more information, see Amazon Web Services
// Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in
// the Amazon Web Services Site-to-Site VPN User Guide.
AttachVpnGateway(ctx context.Context, params *AttachVpnGatewayInput, optFns ...func(*Options)) (*AttachVpnGatewayOutput, error)
// Adds an ingress authorization rule to a Client VPN endpoint. Ingress
// authorization rules act as firewall rules that grant access to networks. You
// must configure ingress authorization rules to enable clients to access resources
// in Amazon Web Services or on-premises networks.
AuthorizeClientVpnIngress(ctx context.Context, params *AuthorizeClientVpnIngressInput, optFns ...func(*Options)) (*AuthorizeClientVpnIngressOutput, error)
// [VPC only] Adds the specified outbound (egress) rules to a security group for
// use with a VPC. An outbound rule permits instances to send traffic to the
// specified IPv4 or IPv6 CIDR address ranges, or to the instances that are
// associated with the specified source security groups. You specify a protocol for
// each rule (for example, TCP). For the TCP and UDP protocols, you must also
// specify the destination port or port range. For the ICMP protocol, you must also
// specify the ICMP type and code. You can use -1 for the type or code to mean all
// types or all codes. Rule changes are propagated to affected instances as quickly
// as possible. However, a small delay might occur. For information about VPC
// security group quotas, see Amazon VPC quotas
// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
AuthorizeSecurityGroupEgress(ctx context.Context, params *AuthorizeSecurityGroupEgressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupEgressOutput, error)
// Adds the specified inbound (ingress) rules to a security group. An inbound rule
// permits instances to receive traffic from the specified IPv4 or IPv6 CIDR
// address range, or from the instances that are associated with the specified
// destination security groups. You specify a protocol for each rule (for example,
// TCP). For TCP and UDP, you must also specify the destination port or port range.
// For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can
// use -1 to mean all types or all codes. Rule changes are propagated to instances
// within the security group as quickly as possible. However, a small delay might
// occur. For more information about VPC security group quotas, see Amazon VPC
// quotas
// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
AuthorizeSecurityGroupIngress(ctx context.Context, params *AuthorizeSecurityGroupIngressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupIngressOutput, error)
// Bundles an Amazon instance store-backed Windows instance. During bundling, only
// the root device volume (C:\) is bundled. Data on other instance store volumes is
// not preserved. This action is not applicable for Linux/Unix instances or Windows
// instances that are backed by Amazon EBS.
BundleInstance(ctx context.Context, params *BundleInstanceInput, optFns ...func(*Options)) (*BundleInstanceOutput, error)
// Cancels a bundling operation for an instance store-backed Windows instance.
CancelBundleTask(ctx context.Context, params *CancelBundleTaskInput, optFns ...func(*Options)) (*CancelBundleTaskOutput, error)
// Cancels the specified Capacity Reservation, releases the reserved capacity, and
// changes the Capacity Reservation's state to cancelled. Instances running in the
// reserved capacity continue running until you stop them. Stopped instances that
// target the Capacity Reservation can no longer launch. Modify these instances to
// either target a different Capacity Reservation, launch On-Demand Instance
// capacity, or run in any open Capacity Reservation that has matching attributes
// and sufficient capacity.
CancelCapacityReservation(ctx context.Context, params *CancelCapacityReservationInput, optFns ...func(*Options)) (*CancelCapacityReservationOutput, error)
// Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity
// Reservation Fleet, the following happens:
//
// * The Capacity Reservation Fleet's
// status changes to cancelled.
//
// * The individual Capacity Reservations in the
// Fleet are cancelled. Instances running in the Capacity Reservations at the time
// of cancelling the Fleet continue to run in shared capacity.
//
// * The Fleet stops
// creating new Capacity Reservations.
CancelCapacityReservationFleets(ctx context.Context, params *CancelCapacityReservationFleetsInput, optFns ...func(*Options)) (*CancelCapacityReservationFleetsOutput, error)
// Cancels an active conversion task. The task can be the import of an instance or
// volume. The action removes all artifacts of the conversion, including a
// partially uploaded volume or instance. If the conversion is complete or is in
// the process of transferring the final disk image, the command fails and returns
// an exception. For more information, see Importing a Virtual Machine Using the
// Amazon EC2 CLI
// (https://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ec2-cli-vmimport-export.html).
CancelConversionTask(ctx context.Context, params *CancelConversionTaskInput, optFns ...func(*Options)) (*CancelConversionTaskOutput, error)
// Cancels an active export task. The request removes all artifacts of the export,
// including any partially-created Amazon S3 objects. If the export task is
// complete or is in the process of transferring the final disk image, the command
// fails and returns an error.
CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error)
// Cancels an in-process import virtual machine or import snapshot task.
CancelImportTask(ctx context.Context, params *CancelImportTaskInput, optFns ...func(*Options)) (*CancelImportTaskOutput, error)
// Cancels the specified Reserved Instance listing in the Reserved Instance
// Marketplace. For more information, see Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
CancelReservedInstancesListing(ctx context.Context, params *CancelReservedInstancesListingInput, optFns ...func(*Options)) (*CancelReservedInstancesListingOutput, error)
// Cancels the specified Spot Fleet requests. After you cancel a Spot Fleet
// request, the Spot Fleet launches no new Spot Instances. You must specify whether
// the Spot Fleet should also terminate its Spot Instances. If you terminate the
// instances, the Spot Fleet request enters the cancelled_terminating state.
// Otherwise, the Spot Fleet request enters the cancelled_running state and the
// instances continue to run until they are interrupted or you terminate them
// manually.
CancelSpotFleetRequests(ctx context.Context, params *CancelSpotFleetRequestsInput, optFns ...func(*Options)) (*CancelSpotFleetRequestsOutput, error)
// Cancels one or more Spot Instance requests. Canceling a Spot Instance request
// does not terminate running Spot Instances associated with the request.
CancelSpotInstanceRequests(ctx context.Context, params *CancelSpotInstanceRequestsInput, optFns ...func(*Options)) (*CancelSpotInstanceRequestsOutput, error)
// Determines whether a product code is associated with an instance. This action
// can only be used by the owner of the product code. It is useful when a product
// code owner must verify whether another user's instance is eligible for support.
ConfirmProductInstance(ctx context.Context, params *ConfirmProductInstanceInput, optFns ...func(*Options)) (*ConfirmProductInstanceOutput, error)
// Copies the specified Amazon FPGA Image (AFI) to the current Region.
CopyFpgaImage(ctx context.Context, params *CopyFpgaImageInput, optFns ...func(*Options)) (*CopyFpgaImageOutput, error)
// Initiates the copy of an AMI. You can copy an AMI from one Region to another, or
// from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region,
// from one Outpost to another, or within the same Outpost. To copy an AMI to
// another partition, see CreateStoreImageTask
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html).
// To copy an AMI from one Region to another, specify the source Region using
// the
//
// SourceRegion parameter, and specify the destination Region using its
// endpoint. Copies of encrypted backing snapshots for the AMI are encrypted.
// Copies of unencrypted backing snapshots remain unencrypted, unless you set
// Encrypted during the copy operation. You cannot create an unencrypted copy of an
// encrypted backing snapshot. To copy an AMI from a Region to an Outpost, specify
// the source Region using the
//
// SourceRegion parameter, and specify the ARN of the
// destination Outpost using DestinationOutpostArn. Backing snapshots copied to an
// Outpost are encrypted by default using the default encryption key for the
// Region, or a different key that you specify in the request using KmsKeyId.
// Outposts do not support unencrypted snapshots. For more information, Amazon EBS
// local snapshots on Outposts
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami)
// in the Amazon Elastic Compute Cloud User Guide. For more information about the
// prerequisites and limits when copying an AMI, see Copying an AMI
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html) in the
// Amazon Elastic Compute Cloud User Guide.
CopyImage(ctx context.Context, params *CopyImageInput, optFns ...func(*Options)) (*CopyImageOutput, error)
// Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You
// can copy a snapshot within the same Region, from one Region to another, or from
// a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region,
// from one Outpost to another, or within the same Outpost. You can use the
// snapshot to create EBS volumes or Amazon Machine Images (AMIs). When copying
// snapshots to a Region, copies of encrypted EBS snapshots remain encrypted.
// Copies of unencrypted snapshots remain unencrypted, unless you enable encryption
// for the snapshot copy operation. By default, encrypted snapshot copies use the
// default Key Management Service (KMS) KMS key; however, you can specify a
// different KMS key. To copy an encrypted snapshot that has been shared from
// another account, you must have permissions for the KMS key used to encrypt the
// snapshot. Snapshots copied to an Outpost are encrypted by default using the
// default encryption key for the Region, or a different key that you specify in
// the request using KmsKeyId. Outposts do not support unencrypted snapshots. For
// more information, Amazon EBS local snapshots on Outposts
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami)
// in the Amazon Elastic Compute Cloud User Guide. Snapshots created by copying
// another snapshot have an arbitrary volume ID that should not be used for any
// purpose. For more information, see Copy an Amazon EBS snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html) in
// the Amazon Elastic Compute Cloud User Guide.
CopySnapshot(ctx context.Context, params *CopySnapshotInput, optFns ...func(*Options)) (*CopySnapshotOutput, error)
// Creates a new Capacity Reservation with the specified attributes. Capacity
// Reservations enable you to reserve capacity for your Amazon EC2 instances in a
// specific Availability Zone for any duration. This gives you the flexibility to
// selectively add capacity reservations and still get the Regional RI discounts
// for that usage. By creating Capacity Reservations, you ensure that you always
// have access to Amazon EC2 capacity when you need it, for as long as you need it.
// For more information, see Capacity Reservations
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html)
// in the Amazon EC2 User Guide. Your request to create a Capacity Reservation
// could fail if Amazon EC2 does not have sufficient capacity to fulfill the
// request. If your request fails due to Amazon EC2 capacity constraints, either
// try again at a later time, try in a different Availability Zone, or request a
// smaller capacity reservation. If your application is flexible across instance
// types and sizes, try to create a Capacity Reservation with different instance
// attributes. Your request could also fail if the requested quantity exceeds your
// On-Demand Instance limit for the selected instance type. If your request fails
// due to limit constraints, increase your On-Demand Instance limit for the
// required instance type and try again. For more information about increasing your
// instance limits, see Amazon EC2 Service Quotas
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)
// in the Amazon EC2 User Guide.
CreateCapacityReservation(ctx context.Context, params *CreateCapacityReservationInput, optFns ...func(*Options)) (*CreateCapacityReservationOutput, error)
// Creates a Capacity Reservation Fleet. For more information, see Create a
// Capacity Reservation Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-cr-fleets.html#create-crfleet)
// in the Amazon EC2 User Guide.
CreateCapacityReservationFleet(ctx context.Context, params *CreateCapacityReservationFleetInput, optFns ...func(*Options)) (*CreateCapacityReservationFleetOutput, error)
// Creates a carrier gateway. For more information about carrier gateways, see
// Carrier gateways
// (https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#wavelength-carrier-gateway)
// in the Amazon Web Services Wavelength Developer Guide.
CreateCarrierGateway(ctx context.Context, params *CreateCarrierGatewayInput, optFns ...func(*Options)) (*CreateCarrierGatewayOutput, error)
// Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create
// and configure to enable and manage client VPN sessions. It is the destination
// endpoint at which all client VPN sessions are terminated.
CreateClientVpnEndpoint(ctx context.Context, params *CreateClientVpnEndpointInput, optFns ...func(*Options)) (*CreateClientVpnEndpointOutput, error)
// Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has
// a route table that describes the available destination network routes. Each
// route in the route table specifies the path for traffic to specific resources or
// networks.
CreateClientVpnRoute(ctx context.Context, params *CreateClientVpnRouteInput, optFns ...func(*Options)) (*CreateClientVpnRouteOutput, error)
// Provides information to Amazon Web Services about your VPN customer gateway
// device. The customer gateway is the appliance at your end of the VPN connection.
// (The device on the Amazon Web Services side of the VPN connection is the virtual
// private gateway.) You must provide the internet-routable IP address of the
// customer gateway's external interface. The IP address must be static and can be
// behind a device performing network address translation (NAT). For devices that
// use Border Gateway Protocol (BGP), you can also provide the device's BGP
// Autonomous System Number (ASN). You can use an existing ASN assigned to your
// network. If you don't have an ASN already, you can use a private ASN (in the
// 64512 - 65534 range). Amazon EC2 supports all 4-byte ASN numbers in the range of
// 1 - 2147483647, with the exception of the following:
//
// * 7224 - reserved in the
// us-east-1 Region
//
// * 9059 - reserved in the eu-west-1 Region
//
// * 17943 - reserved
// in the ap-southeast-1 Region
//
// * 10124 - reserved in the ap-northeast-1
// Region
//
// For more information, see Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide. To create more than one customer gateway
// with the same VPN type, IP address, and BGP ASN, specify a unique device name
// for each customer gateway. Identical requests return information about the
// existing customer gateway and do not create new customer gateways.
CreateCustomerGateway(ctx context.Context, params *CreateCustomerGatewayInput, optFns ...func(*Options)) (*CreateCustomerGatewayOutput, error)
// Creates a default subnet with a size /20 IPv4 CIDR block in the specified
// Availability Zone in your default VPC. You can have only one default subnet per
// Availability Zone. For more information, see Creating a default subnet
// (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#create-default-subnet)
// in the Amazon Virtual Private Cloud User Guide.
CreateDefaultSubnet(ctx context.Context, params *CreateDefaultSubnetInput, optFns ...func(*Options)) (*CreateDefaultSubnetOutput, error)
// Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in
// each Availability Zone. For more information about the components of a default
// VPC, see Default VPC and default subnets
// (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) in the
// Amazon Virtual Private Cloud User Guide. You cannot specify the components of
// the default VPC yourself. If you deleted your previous default VPC, you can
// create a default VPC. You cannot have more than one default VPC per Region. If
// your account supports EC2-Classic, you cannot use this action to create a
// default VPC in a Region that supports EC2-Classic. If you want a default VPC in
// a Region that supports EC2-Classic, see "I really want a default VPC for my
// existing EC2 account. Is that possible?" in the Default VPCs FAQ
// (http://aws.amazon.com/vpc/faqs/#Default_VPCs).
CreateDefaultVpc(ctx context.Context, params *CreateDefaultVpcInput, optFns ...func(*Options)) (*CreateDefaultVpcOutput, error)
// Creates a set of DHCP options for your VPC. After creating the set, you must
// associate it with the VPC, causing all existing and new instances that you
// launch in the VPC to use this set of DHCP options. The following are the
// individual DHCP options you can specify. For more information about the options,
// see RFC 2132 (http://www.ietf.org/rfc/rfc2132.txt).
//
// * domain-name-servers - The
// IP addresses of up to four domain name servers, or AmazonProvidedDNS. The
// default DHCP option set specifies AmazonProvidedDNS. If specifying more than one
// domain name server, specify the IP addresses in a single parameter, separated by
// commas. To have your instance receive a custom DNS hostname as specified in
// domain-name, you must set domain-name-servers to a custom DNS server.
//
// *
// domain-name - If you're using AmazonProvidedDNS in us-east-1, specify
// ec2.internal. If you're using AmazonProvidedDNS in another Region, specify
// region.compute.internal (for example, ap-northeast-1.compute.internal).
// Otherwise, specify a domain name (for example, ExampleCompany.com). This value
// is used to complete unqualified DNS hostnames. Important: Some Linux operating
// systems accept multiple domain names separated by spaces. However, Windows and
// other Linux operating systems treat the value as a single domain, which results
// in unexpected behavior. If your DHCP options set is associated with a VPC that
// has instances with multiple operating systems, specify only one domain name.
//
// *
// ntp-servers - The IP addresses of up to four Network Time Protocol (NTP)
// servers.
//
// * netbios-name-servers - The IP addresses of up to four NetBIOS name
// servers.
//
// * netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We
// recommend that you specify 2 (broadcast and multicast are not currently
// supported). For more information about these node types, see RFC 2132
// (http://www.ietf.org/rfc/rfc2132.txt).
//
// Your VPC automatically starts out with a
// set of DHCP options that includes only a DNS server that we provide
// (AmazonProvidedDNS). If you create a set of options, and if your VPC has an
// internet gateway, make sure to set the domain-name-servers option either to
// AmazonProvidedDNS or to a domain name server of your choice. For more
// information, see DHCP options sets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateDhcpOptions(ctx context.Context, params *CreateDhcpOptionsInput, optFns ...func(*Options)) (*CreateDhcpOptionsOutput, error)
// [IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only
// internet gateway is used to enable outbound communication over IPv6 from
// instances in your VPC to the internet, and prevents hosts outside of your VPC
// from initiating an IPv6 connection with your instance.
CreateEgressOnlyInternetGateway(ctx context.Context, params *CreateEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*CreateEgressOnlyInternetGatewayOutput, error)
// Launches an EC2 Fleet. You can create a single EC2 Fleet that includes multiple
// launch specifications that vary by instance type, AMI, Availability Zone, or
// subnet. For more information, see EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html) in the
// Amazon EC2 User Guide.
CreateFleet(ctx context.Context, params *CreateFleetInput, optFns ...func(*Options)) (*CreateFleetOutput, error)
// Creates one or more flow logs to capture information about IP traffic for a
// specific network interface, subnet, or VPC. Flow log data for a monitored
// network interface is recorded as flow log records, which are log events
// consisting of fields that describe the traffic flow. For more information, see
// Flow log records
// (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records)
// in the Amazon Virtual Private Cloud User Guide. When publishing to CloudWatch
// Logs, flow log records are published to a log group, and each network interface
// has a unique log stream in the log group. When publishing to Amazon S3, flow log
// records for all of the monitored network interfaces are published to a single
// log file object that is stored in the specified bucket. For more information,
// see VPC Flow Logs
// (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html) in the Amazon
// Virtual Private Cloud User Guide.
CreateFlowLogs(ctx context.Context, params *CreateFlowLogsInput, optFns ...func(*Options)) (*CreateFlowLogsOutput, error)
// Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).
// The create operation is asynchronous. To verify that the AFI is ready for use,
// check the output logs. An AFI contains the FPGA bitstream that is ready to
// download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated
// instances. For more information, see the Amazon Web Services FPGA Hardware
// Development Kit (https://github.com/aws/aws-fpga/).
CreateFpgaImage(ctx context.Context, params *CreateFpgaImageInput, optFns ...func(*Options)) (*CreateFpgaImageOutput, error)
// Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is
// either running or stopped. By default, Amazon EC2 shuts down and reboots the
// instance before creating the AMI to ensure that everything on the instance is
// stopped and in a consistent state during the creation process. If you're
// confident that your instance is in a consistent state appropriate for AMI
// creation, use the NoReboot parameter to prevent Amazon EC2 from shutting down
// and rebooting the instance. If you customized your instance with instance store
// volumes or Amazon EBS volumes in addition to the root device volume, the new AMI
// contains block device mapping information for those volumes. When you launch an
// instance from this new AMI, the instance automatically launches with those
// additional volumes. For more information, see Creating Amazon EBS-Backed Linux
// AMIs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html)
// in the Amazon Elastic Compute Cloud User Guide.
CreateImage(ctx context.Context, params *CreateImageInput, optFns ...func(*Options)) (*CreateImageOutput, error)
// Creates an event window in which scheduled events for the associated Amazon EC2
// instances can run. You can define either a set of time ranges or a cron
// expression when creating the event window, but not both. All event window times
// are in UTC. You can create up to 200 event windows per Amazon Web Services
// Region. When you create the event window, targets (instance IDs, Dedicated Host
// IDs, or tags) are not yet associated with it. To ensure that the event window
// can be used, you must associate one or more targets with it by using the
// AssociateInstanceEventWindow API. Event windows are applicable only for
// scheduled events that stop, reboot, or terminate instances. Event windows are
// not applicable for:
//
// * Expedited scheduled events and network maintenance
// events.
//
// * Unscheduled maintenance such as AutoRecovery and unplanned
// reboots.
//
// For more information, see Define event windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
CreateInstanceEventWindow(ctx context.Context, params *CreateInstanceEventWindowInput, optFns ...func(*Options)) (*CreateInstanceEventWindowOutput, error)
// Exports a running or stopped instance to an Amazon S3 bucket. For information
// about the supported operating systems, image formats, and known limitations for
// the types of instances you can export, see Exporting an instance as a VM Using
// VM Import/Export
// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) in the VM
// Import/Export User Guide.
CreateInstanceExportTask(ctx context.Context, params *CreateInstanceExportTaskInput, optFns ...func(*Options)) (*CreateInstanceExportTaskOutput, error)
// Creates an internet gateway for use with a VPC. After creating the internet
// gateway, you attach it to a VPC using AttachInternetGateway. For more
// information about your VPC and internet gateway, see the Amazon Virtual Private
// Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/).
CreateInternetGateway(ctx context.Context, params *CreateInternetGatewayInput, optFns ...func(*Options)) (*CreateInternetGatewayOutput, error)
// Create an IPAM. Amazon VCP IP Address Manager (IPAM) is a VPC feature that you
// can use to automate your IP address management workflows including assigning,
// tracking, troubleshooting, and auditing IP addresses across Amazon Web Services
// Regions and accounts throughout your Amazon Web Services Organization. For more
// information, see Create an IPAM in the Amazon VPC IPAM User Guide.
CreateIpam(ctx context.Context, params *CreateIpamInput, optFns ...func(*Options)) (*CreateIpamOutput, error)
// Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a
// pool is a collection of contiguous IP addresses CIDRs. Pools enable you to
// organize your IP addresses according to your routing and security needs. For
// example, if you have separate routing and security needs for development and
// production applications, you can create a pool for each. For more information,
// see Create a top-level pool in the Amazon VPC IPAM User Guide.
CreateIpamPool(ctx context.Context, params *CreateIpamPoolInput, optFns ...func(*Options)) (*CreateIpamPoolOutput, error)
// Create an IPAM scope. In IPAM, a scope is the highest-level container within
// IPAM. An IPAM contains two default scopes. Each scope represents the IP space
// for a single network. The private scope is intended for all private IP address
// space. The public scope is intended for all public IP address space. Scopes
// enable you to reuse IP addresses across multiple unconnected networks without
// causing IP address overlap or conflict. For more information, see Add a scope in
// the Amazon VPC IPAM User Guide.
CreateIpamScope(ctx context.Context, params *CreateIpamScopeInput, optFns ...func(*Options)) (*CreateIpamScopeOutput, error)
// Creates an ED25519 or 2048-bit RSA key pair with the specified name. Amazon EC2
// stores the public key and displays the private key for you to save to a file.
// The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If
// a key with the specified name already exists, Amazon EC2 returns an error. The
// key pair returned to you is available only in the Amazon Web Services Region in
// which you create it. If you prefer, you can create your own key pair using a
// third-party tool and upload it to any Region using ImportKeyPair. You can have
// up to 5,000 key pairs per Amazon Web Services Region. For more information, see
// Amazon EC2 key pairs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
// Amazon Elastic Compute Cloud User Guide.
CreateKeyPair(ctx context.Context, params *CreateKeyPairInput, optFns ...func(*Options)) (*CreateKeyPairOutput, error)
// Creates a launch template. A launch template contains the parameters to launch
// an instance. When you launch an instance using RunInstances, you can specify a
// launch template instead of providing the launch parameters in the request. For
// more information, see Launching an instance from a launch template
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html)
// in the Amazon Elastic Compute Cloud User Guide.
CreateLaunchTemplate(ctx context.Context, params *CreateLaunchTemplateInput, optFns ...func(*Options)) (*CreateLaunchTemplateOutput, error)
// Creates a new version for a launch template. You can specify an existing version
// of launch template from which to base the new version. Launch template versions
// are numbered in the order in which they are created. You cannot specify, change,
// or replace the numbering of launch template versions. For more information, see
// Managing launch template versions
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#manage-launch-template-versions)in
// the Amazon Elastic Compute Cloud User Guide.
CreateLaunchTemplateVersion(ctx context.Context, params *CreateLaunchTemplateVersionInput, optFns ...func(*Options)) (*CreateLaunchTemplateVersionOutput, error)
// Creates a static route for the specified local gateway route table.
CreateLocalGatewayRoute(ctx context.Context, params *CreateLocalGatewayRouteInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteOutput, error)
// Associates the specified VPC with the specified local gateway route table.
CreateLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *CreateLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteTableVpcAssociationOutput, error)
// Creates a managed prefix list. You can specify one or more entries for the
// prefix list. Each entry consists of a CIDR block and an optional description.
CreateManagedPrefixList(ctx context.Context, params *CreateManagedPrefixListInput, optFns ...func(*Options)) (*CreateManagedPrefixListOutput, error)
// Creates a NAT gateway in the specified subnet. This action creates a network
// interface in the specified subnet with a private IP address from the IP address
// range of the subnet. You can create either a public NAT gateway or a private NAT
// gateway. With a public NAT gateway, internet-bound traffic from a private subnet
// can be routed to the NAT gateway, so that instances in a private subnet can
// connect to the internet. With a private NAT gateway, private communication is
// routed across VPCs and on-premises networks through a transit gateway or virtual
// private gateway. Common use cases include running large workloads behind a small
// pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and
// communicating between overlapping networks. For more information, see NAT
// gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html)
// in the Amazon Virtual Private Cloud User Guide.
CreateNatGateway(ctx context.Context, params *CreateNatGatewayInput, optFns ...func(*Options)) (*CreateNatGatewayOutput, error)
// Creates a network ACL in a VPC. Network ACLs provide an optional layer of
// security (in addition to security groups) for the instances in your VPC. For
// more information, see Network ACLs
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
// Virtual Private Cloud User Guide.
CreateNetworkAcl(ctx context.Context, params *CreateNetworkAclInput, optFns ...func(*Options)) (*CreateNetworkAclOutput, error)
// Creates an entry (a rule) in a network ACL with the specified rule number. Each
// network ACL has a set of numbered ingress rules and a separate set of numbered
// egress rules. When determining whether a packet should be allowed in or out of a
// subnet associated with the ACL, we process the entries in the ACL according to
// the rule numbers, in ascending order. Each network ACL has a set of ingress
// rules and a separate set of egress rules. We recommend that you leave room
// between the rule numbers (for example, 100, 110, 120, ...), and not number them
// one right after the other (for example, 101, 102, 103, ...). This makes it
// easier to add a rule between existing ones without having to renumber the rules.
// After you add an entry, you can't modify it; you must either replace it, or
// create an entry and delete the old one. For more information about network ACLs,
// see Network ACLs
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
// Virtual Private Cloud User Guide.
CreateNetworkAclEntry(ctx context.Context, params *CreateNetworkAclEntryInput, optFns ...func(*Options)) (*CreateNetworkAclEntryOutput, error)
// Creates a Network Access Scope. Amazon Web Services Network Access Analyzer
// enables cloud networking and cloud operations teams to verify that their
// networks on Amazon Web Services conform to their network security and governance
// objectives. For more information, see the Amazon Web Services Network Access
// Analyzer Guide
// (https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/).
CreateNetworkInsightsAccessScope(ctx context.Context, params *CreateNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*CreateNetworkInsightsAccessScopeOutput, error)
// Creates a path to analyze for reachability. Reachability Analyzer enables you to
// analyze and debug network reachability between two resources in your virtual
// private cloud (VPC). For more information, see What is Reachability Analyzer
// (https://docs.aws.amazon.com/vpc/latest/reachability/).
CreateNetworkInsightsPath(ctx context.Context, params *CreateNetworkInsightsPathInput, optFns ...func(*Options)) (*CreateNetworkInsightsPathOutput, error)
// Creates a network interface in the specified subnet. For more information about
// network interfaces, see Elastic Network Interfaces
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateNetworkInterface(ctx context.Context, params *CreateNetworkInterfaceInput, optFns ...func(*Options)) (*CreateNetworkInterfaceOutput, error)
// Grants an Amazon Web Services-authorized account permission to attach the
// specified network interface to an instance in their account. You can grant
// permission to a single Amazon Web Services account only, and only one account at
// a time.
CreateNetworkInterfacePermission(ctx context.Context, params *CreateNetworkInterfacePermissionInput, optFns ...func(*Options)) (*CreateNetworkInterfacePermissionOutput, error)
// Creates a placement group in which to launch instances. The strategy of the
// placement group determines how the instances are organized within the group. A
// cluster placement group is a logical grouping of instances within a single
// Availability Zone that benefit from low network latency, high network
// throughput. A spread placement group places instances on distinct hardware. A
// partition placement group places groups of instances in different partitions,
// where instances in one partition do not share the same hardware with instances
// in another partition. For more information, see Placement groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
// the Amazon EC2 User Guide.
CreatePlacementGroup(ctx context.Context, params *CreatePlacementGroupInput, optFns ...func(*Options)) (*CreatePlacementGroupOutput, error)
// Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool
// required for the public IPv4 CIDRs that you own and bring to Amazon Web Services
// to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however,
// use IPAM pools only. To monitor the status of pool creation, use
// DescribePublicIpv4Pools
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html).
CreatePublicIpv4Pool(ctx context.Context, params *CreatePublicIpv4PoolInput, optFns ...func(*Options)) (*CreatePublicIpv4PoolOutput, error)
// Creates a root volume replacement task for an Amazon EC2 instance. The root
// volume can either be restored to its initial launch state, or it can be restored
// using a specific snapshot. For more information, see Replace a root volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root)
// in the Amazon Elastic Compute Cloud User Guide.
CreateReplaceRootVolumeTask(ctx context.Context, params *CreateReplaceRootVolumeTaskInput, optFns ...func(*Options)) (*CreateReplaceRootVolumeTaskOutput, error)
// Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the
// Reserved Instance Marketplace. You can submit one Standard Reserved Instance
// listing at a time. To get a list of your Standard Reserved Instances, you can
// use the DescribeReservedInstances operation. Only Standard Reserved Instances
// can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances
// cannot be sold. The Reserved Instance Marketplace matches sellers who want to
// resell Standard Reserved Instance capacity that they no longer need with buyers
// who want to purchase additional capacity. Reserved Instances bought and sold
// through the Reserved Instance Marketplace work like any other Reserved
// Instances. To sell your Standard Reserved Instances, you must first register as
// a seller in the Reserved Instance Marketplace. After completing the registration
// process, you can create a Reserved Instance Marketplace listing of some or all
// of your Standard Reserved Instances, and specify the upfront price to receive
// for them. Your Standard Reserved Instance listings then become available for
// purchase. To view the details of your Standard Reserved Instance listing, you
// can use the DescribeReservedInstancesListings operation. For more information,
// see Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
CreateReservedInstancesListing(ctx context.Context, params *CreateReservedInstancesListingInput, optFns ...func(*Options)) (*CreateReservedInstancesListingOutput, error)
// Starts a task that restores an AMI from an Amazon S3 object that was previously
// created by using CreateStoreImageTask
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html).
// To use this API, you must have the required permissions. For more information,
// see Permissions for storing and restoring AMIs using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
// and restore an AMI using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
// the Amazon Elastic Compute Cloud User Guide.
CreateRestoreImageTask(ctx context.Context, params *CreateRestoreImageTaskInput, optFns ...func(*Options)) (*CreateRestoreImageTaskOutput, error)
// Creates a route in a route table within a VPC. You must specify one of the
// following targets: internet gateway or virtual private gateway, NAT instance,
// NAT gateway, VPC peering connection, network interface, egress-only internet
// gateway, or transit gateway. When determining how to route traffic, we use the
// route with the most specific match. For example, traffic is destined for the
// IPv4 address 192.0.2.3, and the route table includes the following two IPv4
// routes:
//
// * 192.0.2.0/24 (goes to some target A)
//
// * 192.0.2.0/28 (goes to some
// target B)
//
// Both routes apply to the traffic destined for 192.0.2.3. However, the
// second route in the list covers a smaller number of IP addresses and is
// therefore more specific, so we use that route to determine where to target the
// traffic. For more information about route tables, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateRoute(ctx context.Context, params *CreateRouteInput, optFns ...func(*Options)) (*CreateRouteOutput, error)
// Creates a route table for the specified VPC. After you create a route table, you
// can add routes and associate the table with a subnet. For more information, see
// Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateRouteTable(ctx context.Context, params *CreateRouteTableInput, optFns ...func(*Options)) (*CreateRouteTableOutput, error)
// Creates a security group. A security group acts as a virtual firewall for your
// instance to control inbound and outbound traffic. For more information, see
// Amazon EC2 security groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html)
// in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC
// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html)
// in the Amazon Virtual Private Cloud User Guide. When you create a security
// group, you specify a friendly name of your choice. You can have a security group
// for use in EC2-Classic with the same name as a security group for use in a VPC.
// However, you can't have two security groups for use in EC2-Classic with the same
// name or two security groups for use in a VPC with the same name. You have a
// default security group for use in EC2-Classic and a default security group for
// use in your VPC. If you don't specify a security group when you launch an
// instance, the instance is launched into the appropriate default security group.
// A default security group includes a default rule that grants instances
// unrestricted network access to each other. You can add or remove rules from your
// security groups using AuthorizeSecurityGroupIngress,
// AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and
// RevokeSecurityGroupEgress. For more information about VPC security group limits,
// see Amazon VPC Limits
// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
CreateSecurityGroup(ctx context.Context, params *CreateSecurityGroupInput, optFns ...func(*Options)) (*CreateSecurityGroupOutput, error)
// Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use
// snapshots for backups, to make copies of EBS volumes, and to save data before
// shutting down an instance. You can create snapshots of volumes in a Region and
// volumes on an Outpost. If you create a snapshot of a volume in a Region, the
// snapshot must be stored in the same Region as the volume. If you create a
// snapshot of a volume on an Outpost, the snapshot can be stored on the same
// Outpost as the volume, or in the Region for that Outpost. When a snapshot is
// created, any Amazon Web Services Marketplace product codes that are associated
// with the source volume are propagated to the snapshot. You can take a snapshot
// of an attached volume that is in use. However, snapshots only capture data that
// has been written to your Amazon EBS volume at the time the snapshot command is
// issued; this might exclude any data that has been cached by any applications or
// the operating system. If you can pause any file systems on the volume long
// enough to take a snapshot, your snapshot should be complete. However, if you
// cannot pause all file writes to the volume, you should unmount the volume from
// within the instance, issue the snapshot command, and then remount the volume to
// ensure a consistent and complete snapshot. You may remount and use your volume
// while the snapshot status is pending. To create a snapshot for Amazon EBS
// volumes that serve as root devices, you should stop the instance before taking
// the snapshot. Snapshots that are taken from encrypted volumes are automatically
// encrypted. Volumes that are created from encrypted snapshots are also
// automatically encrypted. Your encrypted volumes and any associated snapshots
// always remain protected. You can tag your snapshots during creation. For more
// information, see Tag your Amazon EC2 resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide. For more information, see Amazon
// Elastic Block Store
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) and Amazon
// EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
CreateSnapshot(ctx context.Context, params *CreateSnapshotInput, optFns ...func(*Options)) (*CreateSnapshotOutput, error)
// Creates crash-consistent snapshots of multiple EBS volumes and stores the data
// in S3. Volumes are chosen by specifying an instance. Any attached volumes will
// produce one snapshot each that is crash-consistent across the instance. Boot
// volumes can be excluded by changing the parameters. You can create multi-volume
// snapshots of instances in a Region and instances on an Outpost. If you create
// snapshots from an instance in a Region, the snapshots must be stored in the same
// Region as the instance. If you create snapshots from an instance on an Outpost,
// the snapshots can be stored on the same Outpost as the instance, or in the
// Region for that Outpost.
CreateSnapshots(ctx context.Context, params *CreateSnapshotsInput, optFns ...func(*Options)) (*CreateSnapshotsOutput, error)
// Creates a data feed for Spot Instances, enabling you to view Spot Instance usage
// logs. You can create one data feed per Amazon Web Services account. For more
// information, see Spot Instance data feed
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in
// the Amazon EC2 User Guide for Linux Instances.
CreateSpotDatafeedSubscription(ctx context.Context, params *CreateSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*CreateSpotDatafeedSubscriptionOutput, error)
// Stores an AMI as a single object in an Amazon S3 bucket. To use this API, you
// must have the required permissions. For more information, see Permissions for
// storing and restoring AMIs using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
// and restore an AMI using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
// the Amazon Elastic Compute Cloud User Guide.
CreateStoreImageTask(ctx context.Context, params *CreateStoreImageTaskInput, optFns ...func(*Options)) (*CreateStoreImageTaskOutput, error)
// Creates a subnet in a specified VPC. You must specify an IPv4 CIDR block for the
// subnet. After you create a subnet, you can't change its CIDR block. The allowed
// block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP
// addresses). The CIDR block must not overlap with the CIDR block of an existing
// subnet in the VPC. If you've associated an IPv6 CIDR block with your VPC, you
// can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.
// Amazon Web Services reserves both the first four and the last IPv4 address in
// each subnet's CIDR block. They're not available for use. If you add more than
// one subnet to a VPC, they're set up in a star topology with a logical router in
// the middle. When you stop an instance in a subnet, it retains its private IPv4
// address. It's therefore possible to have a subnet with no running instances
// (they're all stopped), but no remaining IP addresses available. For more
// information about subnets, see Your VPC and subnets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateSubnet(ctx context.Context, params *CreateSubnetInput, optFns ...func(*Options)) (*CreateSubnetOutput, error)
// Creates a subnet CIDR reservation. For information about subnet CIDR
// reservations, see Subnet CIDR reservations
// (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html)
// in the Amazon Virtual Private Cloud User Guide.
CreateSubnetCidrReservation(ctx context.Context, params *CreateSubnetCidrReservationInput, optFns ...func(*Options)) (*CreateSubnetCidrReservationOutput, error)
// Adds or overwrites only the specified tags for the specified Amazon EC2 resource
// or resources. When you specify an existing tag key, the value is overwritten
// with the new value. Each resource can have a maximum of 50 tags. Each tag
// consists of a key and optional value. Tag keys must be unique per resource. For
// more information about tags, see Tagging Your Resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide. For more information about creating IAM
// policies that control users' access to resources based on tags, see Supported
// Resource-Level Permissions for Amazon EC2 API Actions
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-iam-actions-resources.html)
// in the Amazon Elastic Compute Cloud User Guide.
CreateTags(ctx context.Context, params *CreateTagsInput, optFns ...func(*Options)) (*CreateTagsOutput, error)
// Creates a Traffic Mirror filter. A Traffic Mirror filter is a set of rules that
// defines the traffic to mirror. By default, no traffic is mirrored. To mirror
// traffic, use CreateTrafficMirrorFilterRule
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.htm)
// to add Traffic Mirror rules to the filter. The rules you add define what traffic
// gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyTrafficMirrorFilterNetworkServices.html)
// to mirror supported network services.
CreateTrafficMirrorFilter(ctx context.Context, params *CreateTrafficMirrorFilterInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterOutput, error)
// Creates a Traffic Mirror filter rule. A Traffic Mirror rule defines the Traffic
// Mirror source traffic to mirror. You need the Traffic Mirror filter ID when you
// create the rule.
CreateTrafficMirrorFilterRule(ctx context.Context, params *CreateTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterRuleOutput, error)
// Creates a Traffic Mirror session. A Traffic Mirror session actively copies
// packets from a Traffic Mirror source to a Traffic Mirror target. Create a
// filter, and then assign it to the session to define a subset of the traffic to
// mirror, for example all TCP traffic. The Traffic Mirror source and the Traffic
// Mirror target (monitoring appliances) can be in the same VPC, or in a different
// VPC connected via VPC peering or a transit gateway. By default, no traffic is
// mirrored. Use CreateTrafficMirrorFilter
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilter.htm)
// to create filter rules that specify the traffic to mirror.
CreateTrafficMirrorSession(ctx context.Context, params *CreateTrafficMirrorSessionInput, optFns ...func(*Options)) (*CreateTrafficMirrorSessionOutput, error)
// Creates a target for your Traffic Mirror session. A Traffic Mirror target is the
// destination for mirrored traffic. The Traffic Mirror source and the Traffic
// Mirror target (monitoring appliances) can be in the same VPC, or in different
// VPCs connected via VPC peering or a transit gateway. A Traffic Mirror target can
// be a network interface, or a Network Load Balancer. To use the target in a
// Traffic Mirror session, use CreateTrafficMirrorSession
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.htm).
CreateTrafficMirrorTarget(ctx context.Context, params *CreateTrafficMirrorTargetInput, optFns ...func(*Options)) (*CreateTrafficMirrorTargetOutput, error)
// Creates a transit gateway. You can use a transit gateway to interconnect your
// virtual private clouds (VPC) and on-premises networks. After the transit gateway
// enters the available state, you can attach your VPCs and VPN connections to the
// transit gateway. To attach your VPCs, use CreateTransitGatewayVpcAttachment. To
// attach a VPN connection, use CreateCustomerGateway to create a customer gateway
// and specify the ID of the customer gateway and the ID of the transit gateway in
// a call to CreateVpnConnection. When you create a transit gateway, we create a
// default transit gateway route table and use it as the default association route
// table and the default propagation route table. You can use
// CreateTransitGatewayRouteTable to create additional transit gateway route
// tables. If you disable automatic route propagation, we do not create a default
// transit gateway route table. You can use
// EnableTransitGatewayRouteTablePropagation to propagate routes from a resource
// attachment to a transit gateway route table. If you disable automatic
// associations, you can use AssociateTransitGatewayRouteTable to associate a
// resource attachment with a transit gateway route table.
CreateTransitGateway(ctx context.Context, params *CreateTransitGatewayInput, optFns ...func(*Options)) (*CreateTransitGatewayOutput, error)
// Creates a Connect attachment from a specified transit gateway attachment. A
// Connect attachment is a GRE-based tunnel attachment that you can use to
// establish a connection between a transit gateway and an appliance. A Connect
// attachment uses an existing VPC or Amazon Web Services Direct Connect attachment
// as the underlying transport mechanism.
CreateTransitGatewayConnect(ctx context.Context, params *CreateTransitGatewayConnectInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectOutput, error)
// Creates a Connect peer for a specified transit gateway Connect attachment
// between a transit gateway and an appliance. The peer address and transit gateway
// address must be the same IP address family (IPv4 or IPv6). For more information,
// see Connect peers
// (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html#tgw-connect-peer)
// in the Transit Gateways Guide.
CreateTransitGatewayConnectPeer(ctx context.Context, params *CreateTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectPeerOutput, error)
// Creates a multicast domain using the specified transit gateway. The transit
// gateway must be in the available state before you create a domain. Use
// DescribeTransitGateways
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html)
// to see the state of transit gateway.
CreateTransitGatewayMulticastDomain(ctx context.Context, params *CreateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*CreateTransitGatewayMulticastDomainOutput, error)
// Requests a transit gateway peering attachment between the specified transit
// gateway (requester) and a peer transit gateway (accepter). The transit gateways
// must be in different Regions. The peer transit gateway can be in your account or
// a different Amazon Web Services account. After you create the peering
// attachment, the owner of the accepter transit gateway must accept the attachment
// request.
CreateTransitGatewayPeeringAttachment(ctx context.Context, params *CreateTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayPeeringAttachmentOutput, error)
// Creates a reference (route) to a prefix list in a specified transit gateway
// route table.
CreateTransitGatewayPrefixListReference(ctx context.Context, params *CreateTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*CreateTransitGatewayPrefixListReferenceOutput, error)
// Creates a static route for the specified transit gateway route table.
CreateTransitGatewayRoute(ctx context.Context, params *CreateTransitGatewayRouteInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteOutput, error)
// Creates a route table for the specified transit gateway.
CreateTransitGatewayRouteTable(ctx context.Context, params *CreateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteTableOutput, error)
// Attaches the specified VPC to the specified transit gateway. If you attach a VPC
// with a CIDR range that overlaps the CIDR range of a VPC that is already
// attached, the new VPC CIDR range is not propagated to the default propagation
// route table. To send VPC traffic to an attached transit gateway, add a route to
// the VPC route table using CreateRoute.
CreateTransitGatewayVpcAttachment(ctx context.Context, params *CreateTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayVpcAttachmentOutput, error)
// Creates an EBS volume that can be attached to an instance in the same
// Availability Zone. You can create a new empty volume or restore a volume from an
// EBS snapshot. Any Amazon Web Services Marketplace product codes from the
// snapshot are propagated to the volume. You can create encrypted volumes.
// Encrypted volumes must be attached to instances that support Amazon EBS
// encryption. Volumes that are created from encrypted snapshots are also
// automatically encrypted. For more information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide. You can tag your volumes during
// creation. For more information, see Tag your Amazon EC2 resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide. For more information, see Create an
// Amazon EBS volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-volume.html)
// in the Amazon Elastic Compute Cloud User Guide.
CreateVolume(ctx context.Context, params *CreateVolumeInput, optFns ...func(*Options)) (*CreateVolumeOutput, error)
// Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can
// create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16
// netmask (65,536 IPv4 addresses). For more information about how large to make
// your VPC, see Your VPC and subnets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the
// Amazon Virtual Private Cloud User Guide. You can optionally request an IPv6 CIDR
// block for the VPC. You can request an Amazon-provided IPv6 CIDR block from
// Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool
// that you provisioned through bring your own IP addresses (BYOIP
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). By
// default, each instance you launch in the VPC has the default DHCP options, which
// include only a default DNS server that we provide (AmazonProvidedDNS). For more
// information, see DHCP options sets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
// Amazon Virtual Private Cloud User Guide. You can specify the instance tenancy
// value for the VPC when you create it. You can't change this value for the VPC
// after you create it. For more information, see Dedicated Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in
// the Amazon Elastic Compute Cloud User Guide.
CreateVpc(ctx context.Context, params *CreateVpcInput, optFns ...func(*Options)) (*CreateVpcOutput, error)
// Creates a VPC endpoint for a specified service. An endpoint enables you to
// create a private connection between your VPC and the service. The service may be
// provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or
// another Amazon Web Services account. For more information, see VPC Endpoints
// (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the
// Amazon Virtual Private Cloud User Guide. A gateway endpoint serves as a target
// for a route in your route table for traffic destined for the Amazon Web Service.
// You can specify an endpoint policy to attach to the endpoint, which will control
// access to the service from your VPC. You can also specify the VPC route tables
// that use the endpoint. An interface endpoint is a network interface in your
// subnet that serves as an endpoint for communicating with the specified service.
// You can specify the subnets in which to create an endpoint, and the security
// groups to associate with the endpoint network interface. A GatewayLoadBalancer
// endpoint is a network interface in your subnet that serves an endpoint for
// communicating with a Gateway Load Balancer that you've configured as a VPC
// endpoint service. Use DescribeVpcEndpointServices to get a list of supported
// services.
CreateVpcEndpoint(ctx context.Context, params *CreateVpcEndpointInput, optFns ...func(*Options)) (*CreateVpcEndpointOutput, error)
// Creates a connection notification for a specified VPC endpoint or VPC endpoint
// service. A connection notification notifies you of specific endpoint events. You
// must create an SNS topic to receive notifications. For more information, see
// Create a Topic (https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html) in
// the Amazon Simple Notification Service Developer Guide. You can create a
// connection notification for interface endpoints only.
CreateVpcEndpointConnectionNotification(ctx context.Context, params *CreateVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*CreateVpcEndpointConnectionNotificationOutput, error)
// Creates a VPC endpoint service configuration to which service consumers (Amazon
// Web Services accounts, IAM users, and IAM roles) can connect. To create an
// endpoint service configuration, you must first create one of the following for
// your service:
//
// * A Network Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html).
// Service consumers connect to your service using an interface endpoint.
//
// * A
// Gateway Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/introduction.html).
// Service consumers connect to your service using a Gateway Load Balancer
// endpoint.
//
// For more information, see VPC Endpoint Services
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html) in the
// Amazon Virtual Private Cloud User Guide. If you set the private DNS name, you
// must prove that you own the private DNS domain name. For more information, see
// VPC Endpoint Service Private DNS Name Verification
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html)
// in the Amazon Virtual Private Cloud User Guide.
CreateVpcEndpointServiceConfiguration(ctx context.Context, params *CreateVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*CreateVpcEndpointServiceConfigurationOutput, error)
// Requests a VPC peering connection between two VPCs: a requester VPC that you own
// and an accepter VPC with which to create the connection. The accepter VPC can
// belong to another Amazon Web Services account and can be in a different Region
// to the requester VPC. The requester VPC and accepter VPC cannot have overlapping
// CIDR blocks. Limitations and rules apply to a VPC peering connection. For more
// information, see the limitations
// (https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations)
// section in the VPC Peering Guide. The owner of the accepter VPC must accept the
// peering request to activate the peering connection. The VPC peering connection
// request expires after 7 days, after which it cannot be accepted or rejected. If
// you create a VPC peering connection request between VPCs with overlapping CIDR
// blocks, the VPC peering connection has a status of failed.
CreateVpcPeeringConnection(ctx context.Context, params *CreateVpcPeeringConnectionInput, optFns ...func(*Options)) (*CreateVpcPeeringConnectionOutput, error)
// Creates a VPN connection between an existing virtual private gateway or transit
// gateway and a customer gateway. The supported connection type is ipsec.1. The
// response includes information that you need to give to your network
// administrator to configure your customer gateway. We strongly recommend that you
// use HTTPS when calling this operation because the response contains sensitive
// cryptographic information for configuring your customer gateway device. If you
// decide to shut down your VPN connection for any reason and later create a new
// VPN connection, you must reconfigure your customer gateway with the new
// information returned from this call. This is an idempotent operation. If you
// perform the operation more than once, Amazon EC2 doesn't return an error. For
// more information, see Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
CreateVpnConnection(ctx context.Context, params *CreateVpnConnectionInput, optFns ...func(*Options)) (*CreateVpnConnectionOutput, error)
// Creates a static route associated with a VPN connection between an existing
// virtual private gateway and a VPN customer gateway. The static route allows
// traffic to be routed from the virtual private gateway to the VPN customer
// gateway. For more information, see Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
CreateVpnConnectionRoute(ctx context.Context, params *CreateVpnConnectionRouteInput, optFns ...func(*Options)) (*CreateVpnConnectionRouteOutput, error)
// Creates a virtual private gateway. A virtual private gateway is the endpoint on
// the VPC side of your VPN connection. You can create a virtual private gateway
// before creating the VPC itself. For more information, see Amazon Web Services
// Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in
// the Amazon Web Services Site-to-Site VPN User Guide.
CreateVpnGateway(ctx context.Context, params *CreateVpnGatewayInput, optFns ...func(*Options)) (*CreateVpnGatewayOutput, error)
// Deletes a carrier gateway. If you do not delete the route that contains the
// carrier gateway as the Target, the route is a blackhole route. For information
// about how to delete a route, see DeleteRoute
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteRoute.html).
DeleteCarrierGateway(ctx context.Context, params *DeleteCarrierGatewayInput, optFns ...func(*Options)) (*DeleteCarrierGatewayOutput, error)
// Deletes the specified Client VPN endpoint. You must disassociate all target
// networks before you can delete a Client VPN endpoint.
DeleteClientVpnEndpoint(ctx context.Context, params *DeleteClientVpnEndpointInput, optFns ...func(*Options)) (*DeleteClientVpnEndpointOutput, error)
// Deletes a route from a Client VPN endpoint. You can only delete routes that you
// manually added using the CreateClientVpnRoute action. You cannot delete routes
// that were automatically added when associating a subnet. To remove routes that
// have been automatically added, disassociate the target subnet from the Client
// VPN endpoint.
DeleteClientVpnRoute(ctx context.Context, params *DeleteClientVpnRouteInput, optFns ...func(*Options)) (*DeleteClientVpnRouteOutput, error)
// Deletes the specified customer gateway. You must delete the VPN connection
// before you can delete the customer gateway.
DeleteCustomerGateway(ctx context.Context, params *DeleteCustomerGatewayInput, optFns ...func(*Options)) (*DeleteCustomerGatewayOutput, error)
// Deletes the specified set of DHCP options. You must disassociate the set of DHCP
// options before you can delete it. You can disassociate the set of DHCP options
// by associating either a new set of options or the default set of options with
// the VPC.
DeleteDhcpOptions(ctx context.Context, params *DeleteDhcpOptionsInput, optFns ...func(*Options)) (*DeleteDhcpOptionsOutput, error)
// Deletes an egress-only internet gateway.
DeleteEgressOnlyInternetGateway(ctx context.Context, params *DeleteEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*DeleteEgressOnlyInternetGatewayOutput, error)
// Deletes the specified EC2 Fleet. After you delete an EC2 Fleet, it launches no
// new instances. You must specify whether a deleted EC2 Fleet should also
// terminate its instances. If you choose to terminate the instances, the EC2 Fleet
// enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the
// deleted_running state, and the instances continue to run until they are
// interrupted or you terminate them manually. For instant fleets, EC2 Fleet must
// terminate the instances when the fleet is deleted. A deleted instant fleet with
// running instances is not supported. Restrictions
//
// * You can delete up to 25
// instant fleets in a single request. If you exceed this number, no instant fleets
// are deleted and an error is returned. There is no restriction on the number of
// fleets of type maintain or request that can be deleted in a single request.
//
// *
// Up to 1000 instances can be terminated in a single request to delete instant
// fleets.
//
// For more information, see Delete an EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#delete-fleet)
// in the Amazon EC2 User Guide.
DeleteFleets(ctx context.Context, params *DeleteFleetsInput, optFns ...func(*Options)) (*DeleteFleetsOutput, error)
// Deletes one or more flow logs.
DeleteFlowLogs(ctx context.Context, params *DeleteFlowLogsInput, optFns ...func(*Options)) (*DeleteFlowLogsOutput, error)
// Deletes the specified Amazon FPGA Image (AFI).
DeleteFpgaImage(ctx context.Context, params *DeleteFpgaImageInput, optFns ...func(*Options)) (*DeleteFpgaImageOutput, error)
// Deletes the specified event window. For more information, see Define event
// windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
DeleteInstanceEventWindow(ctx context.Context, params *DeleteInstanceEventWindowInput, optFns ...func(*Options)) (*DeleteInstanceEventWindowOutput, error)
// Deletes the specified internet gateway. You must detach the internet gateway
// from the VPC before you can delete it.
DeleteInternetGateway(ctx context.Context, params *DeleteInternetGatewayInput, optFns ...func(*Options)) (*DeleteInternetGatewayOutput, error)
// Delete an IPAM. Deleting an IPAM removes all monitored data associated with the
// IPAM including the historical data for CIDRs. You cannot delete an IPAM if there
// are CIDRs provisioned to pools or if there are allocations in the pools within
// the IPAM. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html).
// To release allocations, see ReleaseIpamPoolAllocation
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html).
// For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.
DeleteIpam(ctx context.Context, params *DeleteIpamInput, optFns ...func(*Options)) (*DeleteIpamOutput, error)
// Delete an IPAM pool. You cannot delete an IPAM pool if there are allocations in
// it or CIDRs provisioned to it. To release allocations, see
// ReleaseIpamPoolAllocation
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html).
// To deprovision pool CIDRs, see DeprovisionIpamPoolCidr
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html).
// For more information, see Delete a pool in the Amazon VPC IPAM User Guide.
DeleteIpamPool(ctx context.Context, params *DeleteIpamPoolInput, optFns ...func(*Options)) (*DeleteIpamPoolOutput, error)
// Delete the scope for an IPAM. You cannot delete the default scopes. For more
// information, see Delete a scope in the Amazon VPC IPAM User Guide.
DeleteIpamScope(ctx context.Context, params *DeleteIpamScopeInput, optFns ...func(*Options)) (*DeleteIpamScopeOutput, error)
// Deletes the specified key pair, by removing the public key from Amazon EC2.
DeleteKeyPair(ctx context.Context, params *DeleteKeyPairInput, optFns ...func(*Options)) (*DeleteKeyPairOutput, error)
// Deletes a launch template. Deleting a launch template deletes all of its
// versions.
DeleteLaunchTemplate(ctx context.Context, params *DeleteLaunchTemplateInput, optFns ...func(*Options)) (*DeleteLaunchTemplateOutput, error)
// Deletes one or more versions of a launch template. You cannot delete the default
// version of a launch template; you must first assign a different version as the
// default. If the default version is the only version for the launch template, you
// must delete the entire launch template using DeleteLaunchTemplate.
DeleteLaunchTemplateVersions(ctx context.Context, params *DeleteLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DeleteLaunchTemplateVersionsOutput, error)
// Deletes the specified route from the specified local gateway route table.
DeleteLocalGatewayRoute(ctx context.Context, params *DeleteLocalGatewayRouteInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteOutput, error)
// Deletes the specified association between a VPC and local gateway route table.
DeleteLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *DeleteLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteTableVpcAssociationOutput, error)
// Deletes the specified managed prefix list. You must first remove all references
// to the prefix list in your resources.
DeleteManagedPrefixList(ctx context.Context, params *DeleteManagedPrefixListInput, optFns ...func(*Options)) (*DeleteManagedPrefixListOutput, error)
// Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates
// its Elastic IP address, but does not release the address from your account.
// Deleting a NAT gateway does not delete any NAT gateway routes in your route
// tables.
DeleteNatGateway(ctx context.Context, params *DeleteNatGatewayInput, optFns ...func(*Options)) (*DeleteNatGatewayOutput, error)
// Deletes the specified network ACL. You can't delete the ACL if it's associated
// with any subnets. You can't delete the default network ACL.
DeleteNetworkAcl(ctx context.Context, params *DeleteNetworkAclInput, optFns ...func(*Options)) (*DeleteNetworkAclOutput, error)
// Deletes the specified ingress or egress entry (rule) from the specified network
// ACL.
DeleteNetworkAclEntry(ctx context.Context, params *DeleteNetworkAclEntryInput, optFns ...func(*Options)) (*DeleteNetworkAclEntryOutput, error)
// Deletes the specified Network Access Scope.
DeleteNetworkInsightsAccessScope(ctx context.Context, params *DeleteNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeOutput, error)
// Deletes the specified Network Access Scope analysis.
DeleteNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *DeleteNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeAnalysisOutput, error)
// Deletes the specified network insights analysis.
DeleteNetworkInsightsAnalysis(ctx context.Context, params *DeleteNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAnalysisOutput, error)
// Deletes the specified path.
DeleteNetworkInsightsPath(ctx context.Context, params *DeleteNetworkInsightsPathInput, optFns ...func(*Options)) (*DeleteNetworkInsightsPathOutput, error)
// Deletes the specified network interface. You must detach the network interface
// before you can delete it.
DeleteNetworkInterface(ctx context.Context, params *DeleteNetworkInterfaceInput, optFns ...func(*Options)) (*DeleteNetworkInterfaceOutput, error)
// Deletes a permission for a network interface. By default, you cannot delete the
// permission if the account for which you're removing the permission has attached
// the network interface to an instance. However, you can force delete the
// permission, regardless of any attachment.
DeleteNetworkInterfacePermission(ctx context.Context, params *DeleteNetworkInterfacePermissionInput, optFns ...func(*Options)) (*DeleteNetworkInterfacePermissionOutput, error)
// Deletes the specified placement group. You must terminate all instances in the
// placement group before you can delete the placement group. For more information,
// see Placement groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
// the Amazon EC2 User Guide.
DeletePlacementGroup(ctx context.Context, params *DeletePlacementGroupInput, optFns ...func(*Options)) (*DeletePlacementGroupOutput, error)
// Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required
// for the public IPv4 CIDRs that you own and bring to Amazon Web Services to
// manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use
// IPAM pools only.
DeletePublicIpv4Pool(ctx context.Context, params *DeletePublicIpv4PoolInput, optFns ...func(*Options)) (*DeletePublicIpv4PoolOutput, error)
// Deletes the queued purchases for the specified Reserved Instances.
DeleteQueuedReservedInstances(ctx context.Context, params *DeleteQueuedReservedInstancesInput, optFns ...func(*Options)) (*DeleteQueuedReservedInstancesOutput, error)
// Deletes the specified route from the specified route table.
DeleteRoute(ctx context.Context, params *DeleteRouteInput, optFns ...func(*Options)) (*DeleteRouteOutput, error)
// Deletes the specified route table. You must disassociate the route table from
// any subnets before you can delete it. You can't delete the main route table.
DeleteRouteTable(ctx context.Context, params *DeleteRouteTableInput, optFns ...func(*Options)) (*DeleteRouteTableOutput, error)
// Deletes a security group. If you attempt to delete a security group that is
// associated with an instance, or is referenced by another security group, the
// operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in
// EC2-VPC.
DeleteSecurityGroup(ctx context.Context, params *DeleteSecurityGroupInput, optFns ...func(*Options)) (*DeleteSecurityGroupOutput, error)
// Deletes the specified snapshot. When you make periodic snapshots of a volume,
// the snapshots are incremental, and only the blocks on the device that have
// changed since your last snapshot are saved in the new snapshot. When you delete
// a snapshot, only the data not needed for any other snapshot is removed. So
// regardless of which prior snapshots have been deleted, all active snapshots will
// have access to all the information needed to restore the volume. You cannot
// delete a snapshot of the root device of an EBS volume used by a registered AMI.
// You must first de-register the AMI before you can delete the snapshot. For more
// information, see Delete an Amazon EBS snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-snapshot.html)
// in the Amazon Elastic Compute Cloud User Guide.
DeleteSnapshot(ctx context.Context, params *DeleteSnapshotInput, optFns ...func(*Options)) (*DeleteSnapshotOutput, error)
// Deletes the data feed for Spot Instances.
DeleteSpotDatafeedSubscription(ctx context.Context, params *DeleteSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DeleteSpotDatafeedSubscriptionOutput, error)
// Deletes the specified subnet. You must terminate all running instances in the
// subnet before you can delete the subnet.
DeleteSubnet(ctx context.Context, params *DeleteSubnetInput, optFns ...func(*Options)) (*DeleteSubnetOutput, error)
// Deletes a subnet CIDR reservation.
DeleteSubnetCidrReservation(ctx context.Context, params *DeleteSubnetCidrReservationInput, optFns ...func(*Options)) (*DeleteSubnetCidrReservationOutput, error)
// Deletes the specified set of tags from the specified set of resources. To list
// the current tags, use DescribeTags. For more information about tags, see Tagging
// Your Resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide.
DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error)
// Deletes the specified Traffic Mirror filter. You cannot delete a Traffic Mirror
// filter that is in use by a Traffic Mirror session.
DeleteTrafficMirrorFilter(ctx context.Context, params *DeleteTrafficMirrorFilterInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterOutput, error)
// Deletes the specified Traffic Mirror rule.
DeleteTrafficMirrorFilterRule(ctx context.Context, params *DeleteTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterRuleOutput, error)
// Deletes the specified Traffic Mirror session.
DeleteTrafficMirrorSession(ctx context.Context, params *DeleteTrafficMirrorSessionInput, optFns ...func(*Options)) (*DeleteTrafficMirrorSessionOutput, error)
// Deletes the specified Traffic Mirror target. You cannot delete a Traffic Mirror
// target that is in use by a Traffic Mirror session.
DeleteTrafficMirrorTarget(ctx context.Context, params *DeleteTrafficMirrorTargetInput, optFns ...func(*Options)) (*DeleteTrafficMirrorTargetOutput, error)
// Deletes the specified transit gateway.
DeleteTransitGateway(ctx context.Context, params *DeleteTransitGatewayInput, optFns ...func(*Options)) (*DeleteTransitGatewayOutput, error)
// Deletes the specified Connect attachment. You must first delete any Connect
// peers for the attachment.
DeleteTransitGatewayConnect(ctx context.Context, params *DeleteTransitGatewayConnectInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectOutput, error)
// Deletes the specified Connect peer.
DeleteTransitGatewayConnectPeer(ctx context.Context, params *DeleteTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectPeerOutput, error)
// Deletes the specified transit gateway multicast domain.
DeleteTransitGatewayMulticastDomain(ctx context.Context, params *DeleteTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DeleteTransitGatewayMulticastDomainOutput, error)
// Deletes a transit gateway peering attachment.
DeleteTransitGatewayPeeringAttachment(ctx context.Context, params *DeleteTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayPeeringAttachmentOutput, error)
// Deletes a reference (route) to a prefix list in a specified transit gateway
// route table.
DeleteTransitGatewayPrefixListReference(ctx context.Context, params *DeleteTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*DeleteTransitGatewayPrefixListReferenceOutput, error)
// Deletes the specified route from the specified transit gateway route table.
DeleteTransitGatewayRoute(ctx context.Context, params *DeleteTransitGatewayRouteInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteOutput, error)
// Deletes the specified transit gateway route table. You must disassociate the
// route table from any transit gateway route tables before you can delete it.
DeleteTransitGatewayRouteTable(ctx context.Context, params *DeleteTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteTableOutput, error)
// Deletes the specified VPC attachment.
DeleteTransitGatewayVpcAttachment(ctx context.Context, params *DeleteTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayVpcAttachmentOutput, error)
// Deletes the specified EBS volume. The volume must be in the available state (not
// attached to an instance). The volume can remain in the deleting state for
// several minutes. For more information, see Delete an Amazon EBS volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html)
// in the Amazon Elastic Compute Cloud User Guide.
DeleteVolume(ctx context.Context, params *DeleteVolumeInput, optFns ...func(*Options)) (*DeleteVolumeOutput, error)
// Deletes the specified VPC. You must detach or delete all gateways and resources
// that are associated with the VPC before you can delete it. For example, you must
// terminate all instances running in the VPC, delete all security groups
// associated with the VPC (except the default one), delete all route tables
// associated with the VPC (except the default one), and so on.
DeleteVpc(ctx context.Context, params *DeleteVpcInput, optFns ...func(*Options)) (*DeleteVpcOutput, error)
// Deletes one or more VPC endpoint connection notifications.
DeleteVpcEndpointConnectionNotifications(ctx context.Context, params *DeleteVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointConnectionNotificationsOutput, error)
// Deletes one or more VPC endpoint service configurations in your account. Before
// you delete the endpoint service configuration, you must reject any Available or
// PendingAcceptance interface endpoint connections that are attached to the
// service.
DeleteVpcEndpointServiceConfigurations(ctx context.Context, params *DeleteVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointServiceConfigurationsOutput, error)
// Deletes one or more specified VPC endpoints. You can delete any of the following
// types of VPC endpoints.
//
// * Gateway endpoint,
//
// * Gateway Load Balancer
// endpoint,
//
// * Interface endpoint
//
// The following rules apply when you delete a VPC
// endpoint:
//
// * When you delete a gateway endpoint, we delete the endpoint routes
// in the route tables that are associated with the endpoint.
//
// * When you delete a
// Gateway Load Balancer endpoint, we delete the endpoint network interfaces. You
// can only delete Gateway Load Balancer endpoints when the routes that are
// associated with the endpoint are deleted.
//
// * When you delete an interface
// endpoint, we delete the endpoint network interfaces.
DeleteVpcEndpoints(ctx context.Context, params *DeleteVpcEndpointsInput, optFns ...func(*Options)) (*DeleteVpcEndpointsOutput, error)
// Deletes a VPC peering connection. Either the owner of the requester VPC or the
// owner of the accepter VPC can delete the VPC peering connection if it's in the
// active state. The owner of the requester VPC can delete a VPC peering connection
// in the pending-acceptance state. You cannot delete a VPC peering connection
// that's in the failed state.
DeleteVpcPeeringConnection(ctx context.Context, params *DeleteVpcPeeringConnectionInput, optFns ...func(*Options)) (*DeleteVpcPeeringConnectionOutput, error)
// Deletes the specified VPN connection. If you're deleting the VPC and its
// associated components, we recommend that you detach the virtual private gateway
// from the VPC and delete the VPC before deleting the VPN connection. If you
// believe that the tunnel credentials for your VPN connection have been
// compromised, you can delete the VPN connection and create a new one that has new
// keys, without needing to delete the VPC or virtual private gateway. If you
// create a new VPN connection, you must reconfigure the customer gateway device
// using the new configuration information returned with the new VPN connection ID.
// For certificate-based authentication, delete all Certificate Manager (ACM)
// private certificates used for the Amazon Web Services-side tunnel endpoints for
// the VPN connection before deleting the VPN connection.
DeleteVpnConnection(ctx context.Context, params *DeleteVpnConnectionInput, optFns ...func(*Options)) (*DeleteVpnConnectionOutput, error)
// Deletes the specified static route associated with a VPN connection between an
// existing virtual private gateway and a VPN customer gateway. The static route
// allows traffic to be routed from the virtual private gateway to the VPN customer
// gateway.
DeleteVpnConnectionRoute(ctx context.Context, params *DeleteVpnConnectionRouteInput, optFns ...func(*Options)) (*DeleteVpnConnectionRouteOutput, error)
// Deletes the specified virtual private gateway. You must first detach the virtual
// private gateway from the VPC. Note that you don't need to delete the virtual
// private gateway if you plan to delete and recreate the VPN connection between
// your VPC and your network.
DeleteVpnGateway(ctx context.Context, params *DeleteVpnGatewayInput, optFns ...func(*Options)) (*DeleteVpnGatewayOutput, error)
// Releases the specified address range that you provisioned for use with your
// Amazon Web Services resources through bring your own IP addresses (BYOIP) and
// deletes the corresponding address pool. Before you can release an address range,
// you must stop advertising it using WithdrawByoipCidr and you must not have any
// IP addresses allocated from its address range.
DeprovisionByoipCidr(ctx context.Context, params *DeprovisionByoipCidrInput, optFns ...func(*Options)) (*DeprovisionByoipCidrOutput, error)
// Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from
// a pool that has a source pool, the CIDR is recycled back into the source pool.
// For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User
// Guide.
DeprovisionIpamPoolCidr(ctx context.Context, params *DeprovisionIpamPoolCidrInput, optFns ...func(*Options)) (*DeprovisionIpamPoolCidrOutput, error)
// Deprovision a CIDR from a public IPv4 pool.
DeprovisionPublicIpv4PoolCidr(ctx context.Context, params *DeprovisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*DeprovisionPublicIpv4PoolCidrOutput, error)
// Deregisters the specified AMI. After you deregister an AMI, it can't be used to
// launch new instances. If you deregister an AMI that matches a Recycle Bin
// retention rule, the AMI is retained in the Recycle Bin for the specified
// retention period. For more information, see Recycle Bin
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
// Amazon Elastic Compute Cloud User Guide. When you deregister an AMI, it doesn't
// affect any instances that you've already launched from the AMI. You'll continue
// to incur usage costs for those instances until you terminate them. When you
// deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was
// created for the root volume of the instance during the AMI creation process.
// When you deregister an instance store-backed AMI, it doesn't affect the files
// that you uploaded to Amazon S3 when you created the AMI.
DeregisterImage(ctx context.Context, params *DeregisterImageInput, optFns ...func(*Options)) (*DeregisterImageOutput, error)
// Deregisters tag keys to prevent tags that have the specified tag keys from being
// included in scheduled event notifications for resources in the Region.
DeregisterInstanceEventNotificationAttributes(ctx context.Context, params *DeregisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DeregisterInstanceEventNotificationAttributesOutput, error)
// Deregisters the specified members (network interfaces) from the transit gateway
// multicast group.
DeregisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupMembersOutput, error)
// Deregisters the specified sources (network interfaces) from the transit gateway
// multicast group.
DeregisterTransitGatewayMulticastGroupSources(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupSourcesOutput, error)
// Describes attributes of your Amazon Web Services account. The following are the
// supported account attributes:
//
// * supported-platforms: Indicates whether your
// account can launch instances into EC2-Classic and EC2-VPC, or only into
// EC2-VPC.
//
// * default-vpc: The ID of the default VPC for your account, or none.
//
// *
// max-instances: This attribute is no longer supported. The returned value does
// not reflect your actual vCPU limit for running On-Demand Instances. For more
// information, see On-Demand Instance Limits
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits)
// in the Amazon Elastic Compute Cloud User Guide.
//
// *
// vpc-max-security-groups-per-interface: The maximum number of security groups
// that you can assign to a network interface.
//
// * max-elastic-ips: The maximum
// number of Elastic IP addresses that you can allocate for use with
// EC2-Classic.
//
// * vpc-max-elastic-ips: The maximum number of Elastic IP addresses
// that you can allocate for use with EC2-VPC.
DescribeAccountAttributes(ctx context.Context, params *DescribeAccountAttributesInput, optFns ...func(*Options)) (*DescribeAccountAttributesOutput, error)
// Describes the specified Elastic IP addresses or all of your Elastic IP
// addresses. An Elastic IP address is for use in either the EC2-Classic platform
// or in a VPC. For more information, see Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide.
DescribeAddresses(ctx context.Context, params *DescribeAddressesInput, optFns ...func(*Options)) (*DescribeAddressesOutput, error)
// Describes the attributes of the specified Elastic IP addresses. For
// requirements, see Using reverse DNS for email applications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
DescribeAddressesAttribute(ctx context.Context, params *DescribeAddressesAttributeInput, optFns ...func(*Options)) (*DescribeAddressesAttributeOutput, error)
// Describes the longer ID format settings for all resource types in a specific
// Region. This request is useful for performing a quick audit to determine whether
// a specific Region is fully opted in for longer IDs (17-character IDs). This
// request only returns information about resource types that support longer IDs.
// The following resource types support longer IDs: bundle | conversion-task |
// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
// | export-task | flow-log | image | import-task | instance | internet-gateway |
// network-acl | network-acl-association | network-interface |
// network-interface-attachment | prefix-list | reservation | route-table |
// route-table-association | security-group | snapshot | subnet |
// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.
DescribeAggregateIdFormat(ctx context.Context, params *DescribeAggregateIdFormatInput, optFns ...func(*Options)) (*DescribeAggregateIdFormatOutput, error)
// Describes the Availability Zones, Local Zones, and Wavelength Zones that are
// available to you. If there is an event impacting a zone, you can use this
// request to view the state and any provided messages for that zone. For more
// information about Availability Zones, Local Zones, and Wavelength Zones, see
// Regions and zones
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html)
// in the Amazon Elastic Compute Cloud User Guide.
DescribeAvailabilityZones(ctx context.Context, params *DescribeAvailabilityZonesInput, optFns ...func(*Options)) (*DescribeAvailabilityZonesOutput, error)
// Describes the specified bundle tasks or all of your bundle tasks. Completed
// bundle tasks are listed for only a limited time. If your bundle task is no
// longer in the list, you can still register an AMI from it. Just use
// RegisterImage with the Amazon S3 bucket name and image manifest name you
// provided to the bundle task.
DescribeBundleTasks(ctx context.Context, params *DescribeBundleTasksInput, optFns ...func(*Options)) (*DescribeBundleTasksOutput, error)
// Describes the IP address ranges that were specified in calls to
// ProvisionByoipCidr. To describe the address pools that were created when you
// provisioned the address ranges, use DescribePublicIpv4Pools or
// DescribeIpv6Pools.
DescribeByoipCidrs(ctx context.Context, params *DescribeByoipCidrsInput, optFns ...func(*Options)) (*DescribeByoipCidrsOutput, error)
// Describes one or more Capacity Reservation Fleets.
DescribeCapacityReservationFleets(ctx context.Context, params *DescribeCapacityReservationFleetsInput, optFns ...func(*Options)) (*DescribeCapacityReservationFleetsOutput, error)
// Describes one or more of your Capacity Reservations. The results describe only
// the Capacity Reservations in the Amazon Web Services Region that you're
// currently using.
DescribeCapacityReservations(ctx context.Context, params *DescribeCapacityReservationsInput, optFns ...func(*Options)) (*DescribeCapacityReservationsOutput, error)
// Describes one or more of your carrier gateways.
DescribeCarrierGateways(ctx context.Context, params *DescribeCarrierGatewaysInput, optFns ...func(*Options)) (*DescribeCarrierGatewaysOutput, error)
// Describes one or more of your linked EC2-Classic instances. This request only
// returns information about EC2-Classic instances linked to a VPC through
// ClassicLink. You cannot use this request to return information about other
// instances.
DescribeClassicLinkInstances(ctx context.Context, params *DescribeClassicLinkInstancesInput, optFns ...func(*Options)) (*DescribeClassicLinkInstancesOutput, error)
// Describes the authorization rules for a specified Client VPN endpoint.
DescribeClientVpnAuthorizationRules(ctx context.Context, params *DescribeClientVpnAuthorizationRulesInput, optFns ...func(*Options)) (*DescribeClientVpnAuthorizationRulesOutput, error)
// Describes active client connections and connections that have been terminated
// within the last 60 minutes for the specified Client VPN endpoint.
DescribeClientVpnConnections(ctx context.Context, params *DescribeClientVpnConnectionsInput, optFns ...func(*Options)) (*DescribeClientVpnConnectionsOutput, error)
// Describes one or more Client VPN endpoints in the account.
DescribeClientVpnEndpoints(ctx context.Context, params *DescribeClientVpnEndpointsInput, optFns ...func(*Options)) (*DescribeClientVpnEndpointsOutput, error)
// Describes the routes for the specified Client VPN endpoint.
DescribeClientVpnRoutes(ctx context.Context, params *DescribeClientVpnRoutesInput, optFns ...func(*Options)) (*DescribeClientVpnRoutesOutput, error)
// Describes the target networks associated with the specified Client VPN endpoint.
DescribeClientVpnTargetNetworks(ctx context.Context, params *DescribeClientVpnTargetNetworksInput, optFns ...func(*Options)) (*DescribeClientVpnTargetNetworksOutput, error)
// Describes the specified customer-owned address pools or all of your
// customer-owned address pools.
DescribeCoipPools(ctx context.Context, params *DescribeCoipPoolsInput, optFns ...func(*Options)) (*DescribeCoipPoolsOutput, error)
// Describes the specified conversion tasks or all your conversion tasks. For more
// information, see the VM Import/Export User Guide
// (https://docs.aws.amazon.com/vm-import/latest/userguide/). For information about
// the import manifest referenced by this API action, see VM Import Manifest
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
DescribeConversionTasks(ctx context.Context, params *DescribeConversionTasksInput, optFns ...func(*Options)) (*DescribeConversionTasksOutput, error)
// Describes one or more of your VPN customer gateways. For more information, see
// Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
DescribeCustomerGateways(ctx context.Context, params *DescribeCustomerGatewaysInput, optFns ...func(*Options)) (*DescribeCustomerGatewaysOutput, error)
// Describes one or more of your DHCP options sets. For more information, see DHCP
// options sets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
// Amazon Virtual Private Cloud User Guide.
DescribeDhcpOptions(ctx context.Context, params *DescribeDhcpOptionsInput, optFns ...func(*Options)) (*DescribeDhcpOptionsOutput, error)
// Describes one or more of your egress-only internet gateways.
DescribeEgressOnlyInternetGateways(ctx context.Context, params *DescribeEgressOnlyInternetGatewaysInput, optFns ...func(*Options)) (*DescribeEgressOnlyInternetGatewaysOutput, error)
// Describes the Elastic Graphics accelerator associated with your instances. For
// more information about Elastic Graphics, see Amazon Elastic Graphics
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html).
DescribeElasticGpus(ctx context.Context, params *DescribeElasticGpusInput, optFns ...func(*Options)) (*DescribeElasticGpusOutput, error)
// Describes the specified export image tasks or all of your export image tasks.
DescribeExportImageTasks(ctx context.Context, params *DescribeExportImageTasksInput, optFns ...func(*Options)) (*DescribeExportImageTasksOutput, error)
// Describes the specified export instance tasks or all of your export instance
// tasks.
DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error)
// Describe details for Windows AMIs that are configured for faster launching.
DescribeFastLaunchImages(ctx context.Context, params *DescribeFastLaunchImagesInput, optFns ...func(*Options)) (*DescribeFastLaunchImagesOutput, error)
// Describes the state of fast snapshot restores for your snapshots.
DescribeFastSnapshotRestores(ctx context.Context, params *DescribeFastSnapshotRestoresInput, optFns ...func(*Options)) (*DescribeFastSnapshotRestoresOutput, error)
// Describes the events for the specified EC2 Fleet during the specified time. EC2
// Fleet events are delayed by up to 30 seconds before they can be described. This
// ensures that you can query by the last evaluated time and not miss a recorded
// event. EC2 Fleet events are available for 48 hours. For more information, see
// Monitor fleet events using Amazon EventBridge
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the
// Amazon EC2 User Guide.
DescribeFleetHistory(ctx context.Context, params *DescribeFleetHistoryInput, optFns ...func(*Options)) (*DescribeFleetHistoryOutput, error)
// Describes the running instances for the specified EC2 Fleet. For more
// information, see Monitor your EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet)
// in the Amazon EC2 User Guide.
DescribeFleetInstances(ctx context.Context, params *DescribeFleetInstancesInput, optFns ...func(*Options)) (*DescribeFleetInstancesOutput, error)
// Describes the specified EC2 Fleets or all of your EC2 Fleets. For more
// information, see Monitor your EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet)
// in the Amazon EC2 User Guide.
DescribeFleets(ctx context.Context, params *DescribeFleetsInput, optFns ...func(*Options)) (*DescribeFleetsOutput, error)
// Describes one or more flow logs. To view the information in your flow logs (the
// log streams for the network interfaces), you must use the CloudWatch Logs
// console or the CloudWatch Logs API.
DescribeFlowLogs(ctx context.Context, params *DescribeFlowLogsInput, optFns ...func(*Options)) (*DescribeFlowLogsOutput, error)
// Describes the specified attribute of the specified Amazon FPGA Image (AFI).
DescribeFpgaImageAttribute(ctx context.Context, params *DescribeFpgaImageAttributeInput, optFns ...func(*Options)) (*DescribeFpgaImageAttributeOutput, error)
// Describes the Amazon FPGA Images (AFIs) available to you. These include public
// AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services
// accounts for which you have load permissions.
DescribeFpgaImages(ctx context.Context, params *DescribeFpgaImagesInput, optFns ...func(*Options)) (*DescribeFpgaImagesOutput, error)
// Describes the Dedicated Host reservations that are available to purchase. The
// results describe all of the Dedicated Host reservation offerings, including
// offerings that might not match the instance family and Region of your Dedicated
// Hosts. When purchasing an offering, ensure that the instance family and Region
// of the offering matches that of the Dedicated Hosts with which it is to be
// associated. For more information about supported instance types, see Dedicated
// Hosts
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html)
// in the Amazon EC2 User Guide.
DescribeHostReservationOfferings(ctx context.Context, params *DescribeHostReservationOfferingsInput, optFns ...func(*Options)) (*DescribeHostReservationOfferingsOutput, error)
// Describes reservations that are associated with Dedicated Hosts in your account.
DescribeHostReservations(ctx context.Context, params *DescribeHostReservationsInput, optFns ...func(*Options)) (*DescribeHostReservationsOutput, error)
// Describes the specified Dedicated Hosts or all your Dedicated Hosts. The results
// describe only the Dedicated Hosts in the Region you're currently using. All
// listed instances consume capacity on your Dedicated Host. Dedicated Hosts that
// have recently been released are listed with the state released.
DescribeHosts(ctx context.Context, params *DescribeHostsInput, optFns ...func(*Options)) (*DescribeHostsOutput, error)
// Describes your IAM instance profile associations.
DescribeIamInstanceProfileAssociations(ctx context.Context, params *DescribeIamInstanceProfileAssociationsInput, optFns ...func(*Options)) (*DescribeIamInstanceProfileAssociationsOutput, error)
// Describes the ID format settings for your resources on a per-Region basis, for
// example, to view which resource types are enabled for longer IDs. This request
// only returns information about resource types whose ID formats can be modified;
// it does not return information about other resource types. The following
// resource types support longer IDs: bundle | conversion-task | customer-gateway |
// dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task |
// flow-log | image | import-task | instance | internet-gateway | network-acl |
// network-acl-association | network-interface | network-interface-attachment |
// prefix-list | reservation | route-table | route-table-association |
// security-group | snapshot | subnet | subnet-cidr-block-association | volume |
// vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
// vpn-connection | vpn-gateway. These settings apply to the IAM user who makes the
// request; they do not apply to the entire Amazon Web Services account. By
// default, an IAM user defaults to the same settings as the root user, unless they
// explicitly override the settings by running the ModifyIdFormat command.
// Resources created with longer IDs are visible to all IAM users, regardless of
// these settings and provided that they have permission to use the relevant
// Describe command for the resource type.
DescribeIdFormat(ctx context.Context, params *DescribeIdFormatInput, optFns ...func(*Options)) (*DescribeIdFormatOutput, error)
// Describes the ID format settings for resources for the specified IAM user, IAM
// role, or root user. For example, you can view the resource types that are
// enabled for longer IDs. This request only returns information about resource
// types whose ID formats can be modified; it does not return information about
// other resource types. For more information, see Resource IDs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
// Amazon Elastic Compute Cloud User Guide. The following resource types support
// longer IDs: bundle | conversion-task | customer-gateway | dhcp-options |
// elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image
// | import-task | instance | internet-gateway | network-acl |
// network-acl-association | network-interface | network-interface-attachment |
// prefix-list | reservation | route-table | route-table-association |
// security-group | snapshot | subnet | subnet-cidr-block-association | volume |
// vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
// vpn-connection | vpn-gateway. These settings apply to the principal specified in
// the request. They do not apply to the principal that makes the request.
DescribeIdentityIdFormat(ctx context.Context, params *DescribeIdentityIdFormatInput, optFns ...func(*Options)) (*DescribeIdentityIdFormatOutput, error)
// Describes the specified attribute of the specified AMI. You can specify only one
// attribute at a time.
DescribeImageAttribute(ctx context.Context, params *DescribeImageAttributeInput, optFns ...func(*Options)) (*DescribeImageAttributeOutput, error)
// Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of
// the images available to you. The images available to you include public images,
// private images that you own, and private images owned by other Amazon Web
// Services accounts for which you have explicit launch permissions. Recently
// deregistered images appear in the returned results for a short interval and then
// return empty results. After all instances that reference a deregistered AMI are
// terminated, specifying the ID of the image will eventually return an error
// indicating that the AMI ID cannot be found.
DescribeImages(ctx context.Context, params *DescribeImagesInput, optFns ...func(*Options)) (*DescribeImagesOutput, error)
// Displays details about an import virtual machine or import snapshot tasks that
// are already created.
DescribeImportImageTasks(ctx context.Context, params *DescribeImportImageTasksInput, optFns ...func(*Options)) (*DescribeImportImageTasksOutput, error)
// Describes your import snapshot tasks.
DescribeImportSnapshotTasks(ctx context.Context, params *DescribeImportSnapshotTasksInput, optFns ...func(*Options)) (*DescribeImportSnapshotTasksOutput, error)
// Describes the specified attribute of the specified instance. You can specify
// only one attribute at a time. Valid attribute values are: instanceType | kernel
// | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior
// | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck |
// groupSet | ebsOptimized | sriovNetSupport
DescribeInstanceAttribute(ctx context.Context, params *DescribeInstanceAttributeInput, optFns ...func(*Options)) (*DescribeInstanceAttributeOutput, error)
// Describes the credit option for CPU usage of the specified burstable performance
// instances. The credit options are standard and unlimited. If you do not specify
// an instance ID, Amazon EC2 returns burstable performance instances with the
// unlimited credit option, as well as instances that were previously configured as
// T2, T3, and T3a with the unlimited credit option. For example, if you resize a
// T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2
// returns the M4 instance. If you specify one or more instance IDs, Amazon EC2
// returns the credit option (standard or unlimited) of those instances. If you
// specify an instance ID that is not valid, such as an instance that is not a
// burstable performance instance, an error is returned. Recently terminated
// instances might appear in the returned results. This interval is usually less
// than one hour. If an Availability Zone is experiencing a service disruption and
// you specify instance IDs in the affected zone, or do not specify any instance
// IDs at all, the call fails. If you specify only instance IDs in an unaffected
// zone, the call works normally. For more information, see Burstable performance
// instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
// in the Amazon EC2 User Guide.
DescribeInstanceCreditSpecifications(ctx context.Context, params *DescribeInstanceCreditSpecificationsInput, optFns ...func(*Options)) (*DescribeInstanceCreditSpecificationsOutput, error)
// Describes the tag keys that are registered to appear in scheduled event
// notifications for resources in the current Region.
DescribeInstanceEventNotificationAttributes(ctx context.Context, params *DescribeInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DescribeInstanceEventNotificationAttributesOutput, error)
// Describes the specified event windows or all event windows. If you specify event
// window IDs, the output includes information for only the specified event
// windows. If you specify filters, the output includes information for only those
// event windows that meet the filter criteria. If you do not specify event windows
// IDs or filters, the output includes information for all event windows, which can
// affect performance. We recommend that you use pagination to ensure that the
// operation returns quickly and successfully. For more information, see Define
// event windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
DescribeInstanceEventWindows(ctx context.Context, params *DescribeInstanceEventWindowsInput, optFns ...func(*Options)) (*DescribeInstanceEventWindowsOutput, error)
// Describes the status of the specified instances or all of your instances. By
// default, only running instances are described, unless you specifically indicate
// to return the status of all instances. Instance status includes the following
// components:
//
// * Status checks - Amazon EC2 performs status checks on running EC2
// instances to identify hardware and software issues. For more information, see
// Status checks for your instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html)
// and Troubleshoot instances with failed status checks
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html)
// in the Amazon EC2 User Guide.
//
// * Scheduled events - Amazon EC2 can schedule
// events (such as reboot, stop, or terminate) for your instances related to
// hardware issues, software updates, or system maintenance. For more information,
// see Scheduled events for your instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html)
// in the Amazon EC2 User Guide.
//
// * Instance state - You can manage your instances
// from the moment you launch them through their termination. For more information,
// see Instance lifecycle
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
// in the Amazon EC2 User Guide.
DescribeInstanceStatus(ctx context.Context, params *DescribeInstanceStatusInput, optFns ...func(*Options)) (*DescribeInstanceStatusOutput, error)
// Returns a list of all instance types offered. The results can be filtered by
// location (Region or Availability Zone). If no location is specified, the
// instance types offered in the current Region are returned.
DescribeInstanceTypeOfferings(ctx context.Context, params *DescribeInstanceTypeOfferingsInput, optFns ...func(*Options)) (*DescribeInstanceTypeOfferingsOutput, error)
// Describes the details of the instance types that are offered in a location. The
// results can be filtered by the attributes of the instance types.
DescribeInstanceTypes(ctx context.Context, params *DescribeInstanceTypesInput, optFns ...func(*Options)) (*DescribeInstanceTypesOutput, error)
// Describes the specified instances or all instances. If you specify instance IDs,
// the output includes information for only the specified instances. If you specify
// filters, the output includes information for only those instances that meet the
// filter criteria. If you do not specify instance IDs or filters, the output
// includes information for all instances, which can affect performance. We
// recommend that you use pagination to ensure that the operation returns quickly
// and successfully. If you specify an instance ID that is not valid, an error is
// returned. If you specify an instance that you do not own, it is not included in
// the output. Recently terminated instances might appear in the returned results.
// This interval is usually less than one hour. If you describe instances in the
// rare case where an Availability Zone is experiencing a service disruption and
// you specify instance IDs that are in the affected zone, or do not specify any
// instance IDs at all, the call fails. If you describe instances and specify only
// instance IDs that are in an unaffected zone, the call works normally.
DescribeInstances(ctx context.Context, params *DescribeInstancesInput, optFns ...func(*Options)) (*DescribeInstancesOutput, error)
// Describes one or more of your internet gateways.
DescribeInternetGateways(ctx context.Context, params *DescribeInternetGatewaysInput, optFns ...func(*Options)) (*DescribeInternetGatewaysOutput, error)
// Get information about your IPAM pools.
DescribeIpamPools(ctx context.Context, params *DescribeIpamPoolsInput, optFns ...func(*Options)) (*DescribeIpamPoolsOutput, error)
// Get information about your IPAM scopes.
DescribeIpamScopes(ctx context.Context, params *DescribeIpamScopesInput, optFns ...func(*Options)) (*DescribeIpamScopesOutput, error)
// Get information about your IPAM pools. For more information, see What is IPAM?
// in the Amazon VPC IPAM User Guide.
DescribeIpams(ctx context.Context, params *DescribeIpamsInput, optFns ...func(*Options)) (*DescribeIpamsOutput, error)
// Describes your IPv6 address pools.
DescribeIpv6Pools(ctx context.Context, params *DescribeIpv6PoolsInput, optFns ...func(*Options)) (*DescribeIpv6PoolsOutput, error)
// Describes the specified key pairs or all of your key pairs. For more information
// about key pairs, see Amazon EC2 key pairs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
// Amazon Elastic Compute Cloud User Guide.
DescribeKeyPairs(ctx context.Context, params *DescribeKeyPairsInput, optFns ...func(*Options)) (*DescribeKeyPairsOutput, error)
// Describes one or more versions of a specified launch template. You can describe
// all versions, individual versions, or a range of versions. You can also describe
// all the latest versions or all the default versions of all the launch templates
// in your account.
DescribeLaunchTemplateVersions(ctx context.Context, params *DescribeLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DescribeLaunchTemplateVersionsOutput, error)
// Describes one or more launch templates.
DescribeLaunchTemplates(ctx context.Context, params *DescribeLaunchTemplatesInput, optFns ...func(*Options)) (*DescribeLaunchTemplatesOutput, error)
// Describes the associations between virtual interface groups and local gateway
// route tables.
DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error)
// Describes the specified associations between VPCs and local gateway route
// tables.
DescribeLocalGatewayRouteTableVpcAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVpcAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVpcAssociationsOutput, error)
// Describes one or more local gateway route tables. By default, all local gateway
// route tables are described. Alternatively, you can filter the results.
DescribeLocalGatewayRouteTables(ctx context.Context, params *DescribeLocalGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTablesOutput, error)
// Describes the specified local gateway virtual interface groups.
DescribeLocalGatewayVirtualInterfaceGroups(ctx context.Context, params *DescribeLocalGatewayVirtualInterfaceGroupsInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfaceGroupsOutput, error)
// Describes the specified local gateway virtual interfaces.
DescribeLocalGatewayVirtualInterfaces(ctx context.Context, params *DescribeLocalGatewayVirtualInterfacesInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfacesOutput, error)
// Describes one or more local gateways. By default, all local gateways are
// described. Alternatively, you can filter the results.
DescribeLocalGateways(ctx context.Context, params *DescribeLocalGatewaysInput, optFns ...func(*Options)) (*DescribeLocalGatewaysOutput, error)
// Describes your managed prefix lists and any Amazon Web Services-managed prefix
// lists. To view the entries for your prefix list, use
// GetManagedPrefixListEntries.
DescribeManagedPrefixLists(ctx context.Context, params *DescribeManagedPrefixListsInput, optFns ...func(*Options)) (*DescribeManagedPrefixListsOutput, error)
// Describes your Elastic IP addresses that are being moved to the EC2-VPC
// platform, or that are being restored to the EC2-Classic platform. This request
// does not return information about any other Elastic IP addresses in your
// account.
DescribeMovingAddresses(ctx context.Context, params *DescribeMovingAddressesInput, optFns ...func(*Options)) (*DescribeMovingAddressesOutput, error)
// Describes one or more of your NAT gateways.
DescribeNatGateways(ctx context.Context, params *DescribeNatGatewaysInput, optFns ...func(*Options)) (*DescribeNatGatewaysOutput, error)
// Describes one or more of your network ACLs. For more information, see Network
// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the
// Amazon Virtual Private Cloud User Guide.
DescribeNetworkAcls(ctx context.Context, params *DescribeNetworkAclsInput, optFns ...func(*Options)) (*DescribeNetworkAclsOutput, error)
// Describes the specified Network Access Scope analyses.
DescribeNetworkInsightsAccessScopeAnalyses(ctx context.Context, params *DescribeNetworkInsightsAccessScopeAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopeAnalysesOutput, error)
// Describes the specified Network Access Scopes.
DescribeNetworkInsightsAccessScopes(ctx context.Context, params *DescribeNetworkInsightsAccessScopesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopesOutput, error)
// Describes one or more of your network insights analyses.
DescribeNetworkInsightsAnalyses(ctx context.Context, params *DescribeNetworkInsightsAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAnalysesOutput, error)
// Describes one or more of your paths.
DescribeNetworkInsightsPaths(ctx context.Context, params *DescribeNetworkInsightsPathsInput, optFns ...func(*Options)) (*DescribeNetworkInsightsPathsOutput, error)
// Describes a network interface attribute. You can specify only one attribute at a
// time.
DescribeNetworkInterfaceAttribute(ctx context.Context, params *DescribeNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*DescribeNetworkInterfaceAttributeOutput, error)
// Describes the permissions for your network interfaces.
DescribeNetworkInterfacePermissions(ctx context.Context, params *DescribeNetworkInterfacePermissionsInput, optFns ...func(*Options)) (*DescribeNetworkInterfacePermissionsOutput, error)
// Describes one or more of your network interfaces.
DescribeNetworkInterfaces(ctx context.Context, params *DescribeNetworkInterfacesInput, optFns ...func(*Options)) (*DescribeNetworkInterfacesOutput, error)
// Describes the specified placement groups or all of your placement groups. For
// more information, see Placement groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
// the Amazon EC2 User Guide.
DescribePlacementGroups(ctx context.Context, params *DescribePlacementGroupsInput, optFns ...func(*Options)) (*DescribePlacementGroupsOutput, error)
// Describes available Amazon Web Services services in a prefix list format, which
// includes the prefix list name and prefix list ID of the service and the IP
// address range for the service. We recommend that you use
// DescribeManagedPrefixLists instead.
DescribePrefixLists(ctx context.Context, params *DescribePrefixListsInput, optFns ...func(*Options)) (*DescribePrefixListsOutput, error)
// Describes the ID format settings for the root user and all IAM roles and IAM
// users that have explicitly specified a longer ID (17-character ID) preference.
// By default, all IAM roles and IAM users default to the same ID settings as the
// root user, unless they explicitly override the settings. This request is useful
// for identifying those IAM users and IAM roles that have overridden the default
// ID settings. The following resource types support longer IDs: bundle |
// conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation |
// elastic-ip-association | export-task | flow-log | image | import-task | instance
// | internet-gateway | network-acl | network-acl-association | network-interface |
// network-interface-attachment | prefix-list | reservation | route-table |
// route-table-association | security-group | snapshot | subnet |
// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.
DescribePrincipalIdFormat(ctx context.Context, params *DescribePrincipalIdFormatInput, optFns ...func(*Options)) (*DescribePrincipalIdFormatOutput, error)
// Describes the specified IPv4 address pools.
DescribePublicIpv4Pools(ctx context.Context, params *DescribePublicIpv4PoolsInput, optFns ...func(*Options)) (*DescribePublicIpv4PoolsOutput, error)
// Describes the Regions that are enabled for your account, or all Regions. For a
// list of the Regions supported by Amazon EC2, see Amazon Elastic Compute Cloud
// endpoints and quotas
// (https://docs.aws.amazon.com/general/latest/gr/ec2-service.html). For
// information about enabling and disabling Regions for your account, see Managing
// Amazon Web Services Regions
// (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html) in the Amazon
// Web Services General Reference.
DescribeRegions(ctx context.Context, params *DescribeRegionsInput, optFns ...func(*Options)) (*DescribeRegionsOutput, error)
// Describes a root volume replacement task. For more information, see Replace a
// root volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root)
// in the Amazon Elastic Compute Cloud User Guide.
DescribeReplaceRootVolumeTasks(ctx context.Context, params *DescribeReplaceRootVolumeTasksInput, optFns ...func(*Options)) (*DescribeReplaceRootVolumeTasksOutput, error)
// Describes one or more of the Reserved Instances that you purchased. For more
// information about Reserved Instances, see Reserved Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html)
// in the Amazon EC2 User Guide.
DescribeReservedInstances(ctx context.Context, params *DescribeReservedInstancesInput, optFns ...func(*Options)) (*DescribeReservedInstancesOutput, error)
// Describes your account's Reserved Instance listings in the Reserved Instance
// Marketplace. The Reserved Instance Marketplace matches sellers who want to
// resell Reserved Instance capacity that they no longer need with buyers who want
// to purchase additional capacity. Reserved Instances bought and sold through the
// Reserved Instance Marketplace work like any other Reserved Instances. As a
// seller, you choose to list some or all of your Reserved Instances, and you
// specify the upfront price to receive for them. Your Reserved Instances are then
// listed in the Reserved Instance Marketplace and are available for purchase. As a
// buyer, you specify the configuration of the Reserved Instance to purchase, and
// the Marketplace matches what you're searching for with what's available. The
// Marketplace first sells the lowest priced Reserved Instances to you, and
// continues to sell available Reserved Instance listings to you until your demand
// is met. You are charged based on the total price of all of the listings that you
// purchase. For more information, see Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
DescribeReservedInstancesListings(ctx context.Context, params *DescribeReservedInstancesListingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesListingsOutput, error)
// Describes the modifications made to your Reserved Instances. If no parameter is
// specified, information about all your Reserved Instances modification requests
// is returned. If a modification ID is specified, only information about the
// specific modification is returned. For more information, see Modifying Reserved
// Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the
// Amazon EC2 User Guide.
DescribeReservedInstancesModifications(ctx context.Context, params *DescribeReservedInstancesModificationsInput, optFns ...func(*Options)) (*DescribeReservedInstancesModificationsOutput, error)
// Describes Reserved Instance offerings that are available for purchase. With
// Reserved Instances, you purchase the right to launch instances for a period of
// time. During that time period, you do not receive insufficient capacity errors,
// and you pay a lower usage rate than the rate charged for On-Demand instances for
// the actual time used. If you have listed your own Reserved Instances for sale in
// the Reserved Instance Marketplace, they will be excluded from these results.
// This is to ensure that you do not purchase your own Reserved Instances. For more
// information, see Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
DescribeReservedInstancesOfferings(ctx context.Context, params *DescribeReservedInstancesOfferingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesOfferingsOutput, error)
// Describes one or more of your route tables. Each subnet in your VPC must be
// associated with a route table. If a subnet is not explicitly associated with any
// route table, it is implicitly associated with the main route table. This command
// does not return the subnet ID for implicit associations. For more information,
// see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
DescribeRouteTables(ctx context.Context, params *DescribeRouteTablesInput, optFns ...func(*Options)) (*DescribeRouteTablesOutput, error)
// Finds available schedules that meet the specified criteria. You can search for
// an available schedule no more than 3 months in advance. You must meet the
// minimum required duration of 1,200 hours per year. For example, the minimum
// daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the
// minimum monthly schedule is 100 hours. After you find a schedule that meets your
// needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that
// schedule.
DescribeScheduledInstanceAvailability(ctx context.Context, params *DescribeScheduledInstanceAvailabilityInput, optFns ...func(*Options)) (*DescribeScheduledInstanceAvailabilityOutput, error)
// Describes the specified Scheduled Instances or all your Scheduled Instances.
DescribeScheduledInstances(ctx context.Context, params *DescribeScheduledInstancesInput, optFns ...func(*Options)) (*DescribeScheduledInstancesOutput, error)
// [VPC only] Describes the VPCs on the other side of a VPC peering connection that
// are referencing the security groups you've specified in this request.
DescribeSecurityGroupReferences(ctx context.Context, params *DescribeSecurityGroupReferencesInput, optFns ...func(*Options)) (*DescribeSecurityGroupReferencesOutput, error)
// Describes one or more of your security group rules.
DescribeSecurityGroupRules(ctx context.Context, params *DescribeSecurityGroupRulesInput, optFns ...func(*Options)) (*DescribeSecurityGroupRulesOutput, error)
// Describes the specified security groups or all of your security groups. A
// security group is for use with instances either in the EC2-Classic platform or
// in a specific VPC. For more information, see Amazon EC2 security groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html)
// in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC
// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html)
// in the Amazon Virtual Private Cloud User Guide.
DescribeSecurityGroups(ctx context.Context, params *DescribeSecurityGroupsInput, optFns ...func(*Options)) (*DescribeSecurityGroupsOutput, error)
// Describes the specified attribute of the specified snapshot. You can specify
// only one attribute at a time. For more information about EBS snapshots, see
// Amazon EBS snapshots
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the
// Amazon Elastic Compute Cloud User Guide.
DescribeSnapshotAttribute(ctx context.Context, params *DescribeSnapshotAttributeInput, optFns ...func(*Options)) (*DescribeSnapshotAttributeOutput, error)
// Describes the storage tier status of one or more Amazon EBS snapshots.
DescribeSnapshotTierStatus(ctx context.Context, params *DescribeSnapshotTierStatusInput, optFns ...func(*Options)) (*DescribeSnapshotTierStatusOutput, error)
// Describes the specified EBS snapshots available to you or all of the EBS
// snapshots available to you. The snapshots available to you include public
// snapshots, private snapshots that you own, and private snapshots owned by other
// Amazon Web Services accounts for which you have explicit create volume
// permissions. The create volume permissions fall into the following
// categories:
//
// * public: The owner of the snapshot granted create volume
// permissions for the snapshot to the all group. All Amazon Web Services accounts
// have create volume permissions for these snapshots.
//
// * explicit: The owner of
// the snapshot granted create volume permissions to a specific Amazon Web Services
// account.
//
// * implicit: An Amazon Web Services account has implicit create volume
// permissions for all snapshots it owns.
//
// The list of snapshots returned can be
// filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services
// accounts with create volume permissions. If no options are specified, Amazon EC2
// returns all snapshots for which you have create volume permissions. If you
// specify one or more snapshot IDs, only snapshots that have the specified IDs are
// returned. If you specify an invalid snapshot ID, an error is returned. If you
// specify a snapshot ID for which you do not have access, it is not included in
// the returned results. If you specify one or more snapshot owners using the
// OwnerIds option, only snapshots from the specified owners and for which you have
// access are returned. The results can include the Amazon Web Services account IDs
// of the specified owners, amazon for snapshots owned by Amazon, or self for
// snapshots that you own. If you specify a list of restorable users, only
// snapshots with create snapshot permissions for those users are returned. You can
// specify Amazon Web Services account IDs (if you own the snapshots), self for
// snapshots for which you own or have explicit permissions, or all for public
// snapshots. If you are describing a long list of snapshots, we recommend that you
// paginate the output to make the list more manageable. The MaxResults parameter
// sets the maximum number of results returned in a single page. If the list of
// results exceeds your MaxResults value, then that number of results is returned
// along with a NextToken value that can be passed to a subsequent
// DescribeSnapshots request to retrieve the remaining results. To get the state of
// fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores. For
// more information about EBS snapshots, see Amazon EBS snapshots
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the
// Amazon Elastic Compute Cloud User Guide.
DescribeSnapshots(ctx context.Context, params *DescribeSnapshotsInput, optFns ...func(*Options)) (*DescribeSnapshotsOutput, error)
// Describes the data feed for Spot Instances. For more information, see Spot
// Instance data feed
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in
// the Amazon EC2 User Guide for Linux Instances.
DescribeSpotDatafeedSubscription(ctx context.Context, params *DescribeSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DescribeSpotDatafeedSubscriptionOutput, error)
// Describes the running instances for the specified Spot Fleet.
DescribeSpotFleetInstances(ctx context.Context, params *DescribeSpotFleetInstancesInput, optFns ...func(*Options)) (*DescribeSpotFleetInstancesOutput, error)
// Describes the events for the specified Spot Fleet request during the specified
// time. Spot Fleet events are delayed by up to 30 seconds before they can be
// described. This ensures that you can query by the last evaluated time and not
// miss a recorded event. Spot Fleet events are available for 48 hours. For more
// information, see Monitor fleet events using Amazon EventBridge
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the
// Amazon EC2 User Guide for Linux Instances.
DescribeSpotFleetRequestHistory(ctx context.Context, params *DescribeSpotFleetRequestHistoryInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestHistoryOutput, error)
// Describes your Spot Fleet requests. Spot Fleet requests are deleted 48 hours
// after they are canceled and their instances are terminated.
DescribeSpotFleetRequests(ctx context.Context, params *DescribeSpotFleetRequestsInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestsOutput, error)
// Describes the specified Spot Instance requests. You can use
// DescribeSpotInstanceRequests to find a running Spot Instance by examining the
// response. If the status of the Spot Instance is fulfilled, the instance ID
// appears in the response and contains the identifier of the instance.
// Alternatively, you can use DescribeInstances
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances)
// with a filter to look for instances where the instance lifecycle is spot. We
// recommend that you set MaxResults to a value between 5 and 1000 to limit the
// number of results returned. This paginates the output, which makes the list more
// manageable and returns the results faster. If the list of results exceeds your
// MaxResults value, then that number of results is returned along with a NextToken
// value that can be passed to a subsequent DescribeSpotInstanceRequests request to
// retrieve the remaining results. Spot Instance requests are deleted four hours
// after they are canceled and their instances are terminated.
DescribeSpotInstanceRequests(ctx context.Context, params *DescribeSpotInstanceRequestsInput, optFns ...func(*Options)) (*DescribeSpotInstanceRequestsOutput, error)
// Describes the Spot price history. For more information, see Spot Instance
// pricing history
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances-history.html)
// in the Amazon EC2 User Guide for Linux Instances. When you specify a start and
// end time, the operation returns the prices of the instance types within that
// time range. It also returns the last price change before the start time, which
// is the effective price as of the start time.
DescribeSpotPriceHistory(ctx context.Context, params *DescribeSpotPriceHistoryInput, optFns ...func(*Options)) (*DescribeSpotPriceHistoryOutput, error)
// [VPC only] Describes the stale security group rules for security groups in a
// specified VPC. Rules are stale when they reference a deleted security group in
// the same VPC or in a peer VPC, or if they reference a security group in a peer
// VPC for which the VPC peering connection has been deleted.
DescribeStaleSecurityGroups(ctx context.Context, params *DescribeStaleSecurityGroupsInput, optFns ...func(*Options)) (*DescribeStaleSecurityGroupsOutput, error)
// Describes the progress of the AMI store tasks. You can describe the store tasks
// for specified AMIs. If you don't specify the AMIs, you get a paginated list of
// store tasks from the last 31 days. For each AMI task, the response indicates if
// the task is InProgress, Completed, or Failed. For tasks InProgress, the response
// shows the estimated progress as a percentage. Tasks are listed in reverse
// chronological order. Currently, only tasks from the past 31 days can be viewed.
// To use this API, you must have the required permissions. For more information,
// see Permissions for storing and restoring AMIs using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
// and restore an AMI using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
// the Amazon Elastic Compute Cloud User Guide.
DescribeStoreImageTasks(ctx context.Context, params *DescribeStoreImageTasksInput, optFns ...func(*Options)) (*DescribeStoreImageTasksOutput, error)
// Describes one or more of your subnets. For more information, see Your VPC and
// subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in
// the Amazon Virtual Private Cloud User Guide.
DescribeSubnets(ctx context.Context, params *DescribeSubnetsInput, optFns ...func(*Options)) (*DescribeSubnetsOutput, error)
// Describes the specified tags for your EC2 resources. For more information about
// tags, see Tagging Your Resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide.
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Describes one or more Traffic Mirror filters.
DescribeTrafficMirrorFilters(ctx context.Context, params *DescribeTrafficMirrorFiltersInput, optFns ...func(*Options)) (*DescribeTrafficMirrorFiltersOutput, error)
// Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror
// sessions are described. Alternatively, you can filter the results.
DescribeTrafficMirrorSessions(ctx context.Context, params *DescribeTrafficMirrorSessionsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorSessionsOutput, error)
// Information about one or more Traffic Mirror targets.
DescribeTrafficMirrorTargets(ctx context.Context, params *DescribeTrafficMirrorTargetsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorTargetsOutput, error)
// Describes one or more attachments between resources and transit gateways. By
// default, all attachments are described. Alternatively, you can filter the
// results by attachment ID, attachment state, resource ID, or resource owner.
DescribeTransitGatewayAttachments(ctx context.Context, params *DescribeTransitGatewayAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayAttachmentsOutput, error)
// Describes one or more Connect peers.
DescribeTransitGatewayConnectPeers(ctx context.Context, params *DescribeTransitGatewayConnectPeersInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectPeersOutput, error)
// Describes one or more Connect attachments.
DescribeTransitGatewayConnects(ctx context.Context, params *DescribeTransitGatewayConnectsInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectsOutput, error)
// Describes one or more transit gateway multicast domains.
DescribeTransitGatewayMulticastDomains(ctx context.Context, params *DescribeTransitGatewayMulticastDomainsInput, optFns ...func(*Options)) (*DescribeTransitGatewayMulticastDomainsOutput, error)
// Describes your transit gateway peering attachments.
DescribeTransitGatewayPeeringAttachments(ctx context.Context, params *DescribeTransitGatewayPeeringAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayPeeringAttachmentsOutput, error)
// Describes one or more transit gateway route tables. By default, all transit
// gateway route tables are described. Alternatively, you can filter the results.
DescribeTransitGatewayRouteTables(ctx context.Context, params *DescribeTransitGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeTransitGatewayRouteTablesOutput, error)
// Describes one or more VPC attachments. By default, all VPC attachments are
// described. Alternatively, you can filter the results.
DescribeTransitGatewayVpcAttachments(ctx context.Context, params *DescribeTransitGatewayVpcAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayVpcAttachmentsOutput, error)
// Describes one or more transit gateways. By default, all transit gateways are
// described. Alternatively, you can filter the results.
DescribeTransitGateways(ctx context.Context, params *DescribeTransitGatewaysInput, optFns ...func(*Options)) (*DescribeTransitGatewaysOutput, error)
// This API action is currently in limited preview only. If you are interested in
// using this feature, contact your account manager. Describes one or more network
// interface trunk associations.
DescribeTrunkInterfaceAssociations(ctx context.Context, params *DescribeTrunkInterfaceAssociationsInput, optFns ...func(*Options)) (*DescribeTrunkInterfaceAssociationsOutput, error)
// Describes the specified attribute of the specified volume. You can specify only
// one attribute at a time. For more information about EBS volumes, see Amazon EBS
// volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in
// the Amazon Elastic Compute Cloud User Guide.
DescribeVolumeAttribute(ctx context.Context, params *DescribeVolumeAttributeInput, optFns ...func(*Options)) (*DescribeVolumeAttributeOutput, error)
// Describes the status of the specified volumes. Volume status provides the result
// of the checks performed on your volumes to determine events that can impair the
// performance of your volumes. The performance of a volume can be affected if an
// issue occurs on the volume's underlying host. If the volume's underlying host
// experiences a power outage or system issue, after the system is restored, there
// could be data inconsistencies on the volume. Volume events notify you if this
// occurs. Volume actions notify you if any action needs to be taken in response to
// the event. The DescribeVolumeStatus operation provides the following information
// about the specified volumes: Status: Reflects the current status of the volume.
// The possible values are ok, impaired , warning, or insufficient-data. If all
// checks pass, the overall status of the volume is ok. If the check fails, the
// overall status is impaired. If the status is insufficient-data, then the checks
// might still be taking place on your volume at the time. We recommend that you
// retry the request. For more information about volume status, see Monitor the
// status of your volumes
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html)
// in the Amazon Elastic Compute Cloud User Guide. Events: Reflect the cause of a
// volume status and might require you to take action. For example, if your volume
// returns an impaired status, then the volume event might be
// potential-data-inconsistency. This means that your volume has been affected by
// an issue with the underlying host, has all I/O operations disabled, and might
// have inconsistent data. Actions: Reflect the actions you might have to take in
// response to an event. For example, if the status of the volume is impaired and
// the volume event shows potential-data-inconsistency, then the action shows
// enable-volume-io. This means that you may want to enable the I/O operations for
// the volume by calling the EnableVolumeIO action and then check the volume for
// data consistency. Volume status is based on the volume status checks, and does
// not reflect the volume state. Therefore, volume status does not indicate volumes
// in the error state (for example, when a volume is incapable of accepting I/O.)
DescribeVolumeStatus(ctx context.Context, params *DescribeVolumeStatusInput, optFns ...func(*Options)) (*DescribeVolumeStatusOutput, error)
// Describes the specified EBS volumes or all of your EBS volumes. If you are
// describing a long list of volumes, we recommend that you paginate the output to
// make the list more manageable. The MaxResults parameter sets the maximum number
// of results returned in a single page. If the list of results exceeds your
// MaxResults value, then that number of results is returned along with a NextToken
// value that can be passed to a subsequent DescribeVolumes request to retrieve the
// remaining results. For more information about EBS volumes, see Amazon EBS
// volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in
// the Amazon Elastic Compute Cloud User Guide.
DescribeVolumes(ctx context.Context, params *DescribeVolumesInput, optFns ...func(*Options)) (*DescribeVolumesOutput, error)
// Describes the most recent volume modification request for the specified EBS
// volumes. If a volume has never been modified, some information in the output
// will be null. If a volume has been modified more than once, the output includes
// only the most recent modification request. You can also use CloudWatch Events to
// check the status of a modification to an EBS volume. For information about
// CloudWatch Events, see the Amazon CloudWatch Events User Guide
// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). For more
// information, see Monitor the progress of volume modifications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html)
// in the Amazon Elastic Compute Cloud User Guide.
DescribeVolumesModifications(ctx context.Context, params *DescribeVolumesModificationsInput, optFns ...func(*Options)) (*DescribeVolumesModificationsOutput, error)
// Describes the specified attribute of the specified VPC. You can specify only one
// attribute at a time.
DescribeVpcAttribute(ctx context.Context, params *DescribeVpcAttributeInput, optFns ...func(*Options)) (*DescribeVpcAttributeOutput, error)
// Describes the ClassicLink status of one or more VPCs.
DescribeVpcClassicLink(ctx context.Context, params *DescribeVpcClassicLinkInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkOutput, error)
// Describes the ClassicLink DNS support status of one or more VPCs. If enabled,
// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
// address when addressed from an instance in the VPC to which it's linked.
// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
// address when addressed from a linked EC2-Classic instance. For more information,
// see ClassicLink
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
// the Amazon Elastic Compute Cloud User Guide.
DescribeVpcClassicLinkDnsSupport(ctx context.Context, params *DescribeVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkDnsSupportOutput, error)
// Describes the connection notifications for VPC endpoints and VPC endpoint
// services.
DescribeVpcEndpointConnectionNotifications(ctx context.Context, params *DescribeVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionNotificationsOutput, error)
// Describes the VPC endpoint connections to your VPC endpoint services, including
// any endpoints that are pending your acceptance.
DescribeVpcEndpointConnections(ctx context.Context, params *DescribeVpcEndpointConnectionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionsOutput, error)
// Describes the VPC endpoint service configurations in your account (your
// services).
DescribeVpcEndpointServiceConfigurations(ctx context.Context, params *DescribeVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServiceConfigurationsOutput, error)
// Describes the principals (service consumers) that are permitted to discover your
// VPC endpoint service.
DescribeVpcEndpointServicePermissions(ctx context.Context, params *DescribeVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicePermissionsOutput, error)
// Describes available services to which you can create a VPC endpoint. When the
// service provider and the consumer have different accounts in multiple
// Availability Zones, and the consumer views the VPC endpoint service information,
// the response only includes the common Availability Zones. For example, when the
// service provider account uses us-east-1a and us-east-1c and the consumer uses
// us-east-1a and us-east-1b, the response includes the VPC endpoint services in
// the common Availability Zone, us-east-1a.
DescribeVpcEndpointServices(ctx context.Context, params *DescribeVpcEndpointServicesInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicesOutput, error)
// Describes one or more of your VPC endpoints.
DescribeVpcEndpoints(ctx context.Context, params *DescribeVpcEndpointsInput, optFns ...func(*Options)) (*DescribeVpcEndpointsOutput, error)
// Describes one or more of your VPC peering connections.
DescribeVpcPeeringConnections(ctx context.Context, params *DescribeVpcPeeringConnectionsInput, optFns ...func(*Options)) (*DescribeVpcPeeringConnectionsOutput, error)
// Describes one or more of your VPCs.
DescribeVpcs(ctx context.Context, params *DescribeVpcsInput, optFns ...func(*Options)) (*DescribeVpcsOutput, error)
// Describes one or more of your VPN connections. For more information, see Amazon
// Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
DescribeVpnConnections(ctx context.Context, params *DescribeVpnConnectionsInput, optFns ...func(*Options)) (*DescribeVpnConnectionsOutput, error)
// Describes one or more of your virtual private gateways. For more information,
// see Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
DescribeVpnGateways(ctx context.Context, params *DescribeVpnGatewaysInput, optFns ...func(*Options)) (*DescribeVpnGatewaysOutput, error)
// Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance
// has been unlinked, the VPC security groups are no longer associated with it. An
// instance is automatically unlinked from a VPC when it's stopped.
DetachClassicLinkVpc(ctx context.Context, params *DetachClassicLinkVpcInput, optFns ...func(*Options)) (*DetachClassicLinkVpcOutput, error)
// Detaches an internet gateway from a VPC, disabling connectivity between the
// internet and the VPC. The VPC must not contain any running instances with
// Elastic IP addresses or public IPv4 addresses.
DetachInternetGateway(ctx context.Context, params *DetachInternetGatewayInput, optFns ...func(*Options)) (*DetachInternetGatewayOutput, error)
// Detaches a network interface from an instance.
DetachNetworkInterface(ctx context.Context, params *DetachNetworkInterfaceInput, optFns ...func(*Options)) (*DetachNetworkInterfaceOutput, error)
// Detaches an EBS volume from an instance. Make sure to unmount any file systems
// on the device within your operating system before detaching the volume. Failure
// to do so can result in the volume becoming stuck in the busy state while
// detaching. If this happens, detachment can be delayed indefinitely until you
// unmount the volume, force detachment, reboot the instance, or all three. If an
// EBS volume is the root device of an instance, it can't be detached while the
// instance is running. To detach the root volume, stop the instance first. When a
// volume with an Amazon Web Services Marketplace product code is detached from an
// instance, the product code is no longer associated with the instance. For more
// information, see Detach an Amazon EBS volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html)
// in the Amazon Elastic Compute Cloud User Guide.
DetachVolume(ctx context.Context, params *DetachVolumeInput, optFns ...func(*Options)) (*DetachVolumeOutput, error)
// Detaches a virtual private gateway from a VPC. You do this if you're planning to
// turn off the VPC and not use it anymore. You can confirm a virtual private
// gateway has been completely detached from a VPC by describing the virtual
// private gateway (any attachments to the virtual private gateway are also
// described). You must wait for the attachment's state to switch to detached
// before you can delete the VPC or attach a different VPC to the virtual private
// gateway.
DetachVpnGateway(ctx context.Context, params *DetachVpnGatewayInput, optFns ...func(*Options)) (*DetachVpnGatewayOutput, error)
// Disables EBS encryption by default for your account in the current Region. After
// you disable encryption by default, you can still create encrypted volumes by
// enabling encryption when you create each volume. Disabling encryption by default
// does not change the encryption status of your existing volumes. For more
// information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
DisableEbsEncryptionByDefault(ctx context.Context, params *DisableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*DisableEbsEncryptionByDefaultOutput, error)
// Discontinue faster launching for a Windows AMI, and clean up existing
// pre-provisioned snapshots. When you disable faster launching, the AMI uses the
// standard launch process for each instance. All pre-provisioned snapshots must be
// removed before you can enable faster launching again. To change these settings,
// you must own the AMI.
DisableFastLaunch(ctx context.Context, params *DisableFastLaunchInput, optFns ...func(*Options)) (*DisableFastLaunchOutput, error)
// Disables fast snapshot restores for the specified snapshots in the specified
// Availability Zones.
DisableFastSnapshotRestores(ctx context.Context, params *DisableFastSnapshotRestoresInput, optFns ...func(*Options)) (*DisableFastSnapshotRestoresOutput, error)
// Cancels the deprecation of the specified AMI. For more information, see
// Deprecate an AMI
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the
// Amazon Elastic Compute Cloud User Guide.
DisableImageDeprecation(ctx context.Context, params *DisableImageDeprecationInput, optFns ...func(*Options)) (*DisableImageDeprecationOutput, error)
// Disable the IPAM account. For more information, see Enable integration with
// Organizations in the Amazon VPC IPAM User Guide.
DisableIpamOrganizationAdminAccount(ctx context.Context, params *DisableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*DisableIpamOrganizationAdminAccountOutput, error)
// Disables access to the EC2 serial console of all instances for your account. By
// default, access to the EC2 serial console is disabled for your account. For more
// information, see Manage account access to the EC2 serial console
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
// in the Amazon EC2 User Guide.
DisableSerialConsoleAccess(ctx context.Context, params *DisableSerialConsoleAccessInput, optFns ...func(*Options)) (*DisableSerialConsoleAccessOutput, error)
// Disables the specified resource attachment from propagating routes to the
// specified propagation route table.
DisableTransitGatewayRouteTablePropagation(ctx context.Context, params *DisableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*DisableTransitGatewayRouteTablePropagationOutput, error)
// Disables a virtual private gateway (VGW) from propagating routes to a specified
// route table of a VPC.
DisableVgwRoutePropagation(ctx context.Context, params *DisableVgwRoutePropagationInput, optFns ...func(*Options)) (*DisableVgwRoutePropagationOutput, error)
// Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that
// has EC2-Classic instances linked to it.
DisableVpcClassicLink(ctx context.Context, params *DisableVpcClassicLinkInput, optFns ...func(*Options)) (*DisableVpcClassicLinkOutput, error)
// Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve
// to public IP addresses when addressed between a linked EC2-Classic instance and
// instances in the VPC to which it's linked. For more information, see ClassicLink
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
// the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the
// request.
DisableVpcClassicLinkDnsSupport(ctx context.Context, params *DisableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DisableVpcClassicLinkDnsSupportOutput, error)
// Disassociates an Elastic IP address from the instance or network interface it's
// associated with. An Elastic IP address is for use in either the EC2-Classic
// platform or in a VPC. For more information, see Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide. This is an idempotent operation.
// If you perform the operation more than once, Amazon EC2 doesn't return an error.
DisassociateAddress(ctx context.Context, params *DisassociateAddressInput, optFns ...func(*Options)) (*DisassociateAddressOutput, error)
// Disassociates a target network from the specified Client VPN endpoint. When you
// disassociate the last target network from a Client VPN, the following
// happens:
//
// * The route that was automatically added for the VPC is deleted
//
// * All
// active client connections are terminated
//
// * New client connections are
// disallowed
//
// * The Client VPN endpoint's status changes to pending-associate
DisassociateClientVpnTargetNetwork(ctx context.Context, params *DisassociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*DisassociateClientVpnTargetNetworkOutput, error)
// Disassociates an IAM role from an Certificate Manager (ACM) certificate.
// Disassociating an IAM role from an ACM certificate removes the Amazon S3 object
// that contains the certificate, certificate chain, and encrypted private key from
// the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS
// key used to encrypt the private key. This effectively revokes the role's
// permission to use the certificate.
DisassociateEnclaveCertificateIamRole(ctx context.Context, params *DisassociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*DisassociateEnclaveCertificateIamRoleOutput, error)
// Disassociates an IAM instance profile from a running or stopped instance. Use
// DescribeIamInstanceProfileAssociations to get the association ID.
DisassociateIamInstanceProfile(ctx context.Context, params *DisassociateIamInstanceProfileInput, optFns ...func(*Options)) (*DisassociateIamInstanceProfileOutput, error)
// Disassociates one or more targets from an event window. For more information,
// see Define event windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
DisassociateInstanceEventWindow(ctx context.Context, params *DisassociateInstanceEventWindowInput, optFns ...func(*Options)) (*DisassociateInstanceEventWindowOutput, error)
// Disassociates a subnet or gateway from a route table. After you perform this
// action, the subnet no longer uses the routes in the route table. Instead, it
// uses the routes in the VPC's main route table. For more information about route
// tables, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
DisassociateRouteTable(ctx context.Context, params *DisassociateRouteTableInput, optFns ...func(*Options)) (*DisassociateRouteTableOutput, error)
// Disassociates a CIDR block from a subnet. Currently, you can disassociate an
// IPv6 CIDR block only. You must detach or delete all gateways and resources that
// are associated with the CIDR block before you can disassociate it.
DisassociateSubnetCidrBlock(ctx context.Context, params *DisassociateSubnetCidrBlockInput, optFns ...func(*Options)) (*DisassociateSubnetCidrBlockOutput, error)
// Disassociates the specified subnets from the transit gateway multicast domain.
DisassociateTransitGatewayMulticastDomain(ctx context.Context, params *DisassociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DisassociateTransitGatewayMulticastDomainOutput, error)
// Disassociates a resource attachment from a transit gateway route table.
DisassociateTransitGatewayRouteTable(ctx context.Context, params *DisassociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DisassociateTransitGatewayRouteTableOutput, error)
// This API action is currently in limited preview only. If you are interested in
// using this feature, contact your account manager. Removes an association between
// a branch network interface with a trunk network interface.
DisassociateTrunkInterface(ctx context.Context, params *DisassociateTrunkInterfaceInput, optFns ...func(*Options)) (*DisassociateTrunkInterfaceOutput, error)
// Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must
// specify its association ID. You can get the association ID by using
// DescribeVpcs. You must detach or delete all gateways and resources that are
// associated with the CIDR block before you can disassociate it. You cannot
// disassociate the CIDR block with which you originally created the VPC (the
// primary CIDR block).
DisassociateVpcCidrBlock(ctx context.Context, params *DisassociateVpcCidrBlockInput, optFns ...func(*Options)) (*DisassociateVpcCidrBlockOutput, error)
// Enables EBS encryption by default for your account in the current Region. After
// you enable encryption by default, the EBS volumes that you create are always
// encrypted, either using the default KMS key or the KMS key that you specified
// when you created each volume. For more information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide. You can specify the default KMS key for
// encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.
// Enabling encryption by default has no effect on the encryption status of your
// existing volumes. After you enable encryption by default, you can no longer
// launch instances using instance types that do not support encryption. For more
// information, see Supported instance types
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances).
EnableEbsEncryptionByDefault(ctx context.Context, params *EnableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*EnableEbsEncryptionByDefaultOutput, error)
// When you enable faster launching for a Windows AMI, images are pre-provisioned,
// using snapshots to launch instances up to 65% faster. To create the optimized
// Windows image, Amazon EC2 launches an instance and runs through Sysprep steps,
// rebooting as required. Then it creates a set of reserved snapshots that are used
// for subsequent launches. The reserved snapshots are automatically replenished as
// they are used, depending on your settings for launch frequency. To change these
// settings, you must own the AMI.
EnableFastLaunch(ctx context.Context, params *EnableFastLaunchInput, optFns ...func(*Options)) (*EnableFastLaunchOutput, error)
// Enables fast snapshot restores for the specified snapshots in the specified
// Availability Zones. You get the full benefit of fast snapshot restores after
// they enter the enabled state. To get the current state of fast snapshot
// restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores,
// use DisableFastSnapshotRestores. For more information, see Amazon EBS fast
// snapshot restore
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-fast-snapshot-restore.html)
// in the Amazon Elastic Compute Cloud User Guide.
EnableFastSnapshotRestores(ctx context.Context, params *EnableFastSnapshotRestoresInput, optFns ...func(*Options)) (*EnableFastSnapshotRestoresOutput, error)
// Enables deprecation of the specified AMI at the specified date and time. For
// more information, see Deprecate an AMI
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the
// Amazon Elastic Compute Cloud User Guide.
EnableImageDeprecation(ctx context.Context, params *EnableImageDeprecationInput, optFns ...func(*Options)) (*EnableImageDeprecationOutput, error)
// Enable an Organizations member account as the IPAM admin account. You cannot
// select the Organizations management account as the IPAM admin account. For more
// information, see Enable integration with Organizations in the Amazon VPC IPAM
// User Guide.
EnableIpamOrganizationAdminAccount(ctx context.Context, params *EnableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*EnableIpamOrganizationAdminAccountOutput, error)
// Enables access to the EC2 serial console of all instances for your account. By
// default, access to the EC2 serial console is disabled for your account. For more
// information, see Manage account access to the EC2 serial console
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
// in the Amazon EC2 User Guide.
EnableSerialConsoleAccess(ctx context.Context, params *EnableSerialConsoleAccessInput, optFns ...func(*Options)) (*EnableSerialConsoleAccessOutput, error)
// Enables the specified attachment to propagate routes to the specified
// propagation route table.
EnableTransitGatewayRouteTablePropagation(ctx context.Context, params *EnableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*EnableTransitGatewayRouteTablePropagationOutput, error)
// Enables a virtual private gateway (VGW) to propagate routes to the specified
// route table of a VPC.
EnableVgwRoutePropagation(ctx context.Context, params *EnableVgwRoutePropagationInput, optFns ...func(*Options)) (*EnableVgwRoutePropagationOutput, error)
// Enables I/O operations for a volume that had I/O operations disabled because the
// data on the volume was potentially inconsistent.
EnableVolumeIO(ctx context.Context, params *EnableVolumeIOInput, optFns ...func(*Options)) (*EnableVolumeIOOutput, error)
// Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your
// ClassicLink-enabled VPC to allow communication over private IP addresses. You
// cannot enable your VPC for ClassicLink if any of your VPC route tables have
// existing routes for address ranges within the 10.0.0.0/8 IP address range,
// excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address
// ranges. For more information, see ClassicLink
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
// the Amazon Elastic Compute Cloud User Guide.
EnableVpcClassicLink(ctx context.Context, params *EnableVpcClassicLinkInput, optFns ...func(*Options)) (*EnableVpcClassicLinkOutput, error)
// Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled,
// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
// address when addressed from an instance in the VPC to which it's linked.
// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
// address when addressed from a linked EC2-Classic instance. For more information,
// see ClassicLink
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
// the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the
// request.
EnableVpcClassicLinkDnsSupport(ctx context.Context, params *EnableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*EnableVpcClassicLinkDnsSupportOutput, error)
// Downloads the client certificate revocation list for the specified Client VPN
// endpoint.
ExportClientVpnClientCertificateRevocationList(ctx context.Context, params *ExportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ExportClientVpnClientCertificateRevocationListOutput, error)
// Downloads the contents of the Client VPN endpoint configuration file for the
// specified Client VPN endpoint. The Client VPN endpoint configuration file
// includes the Client VPN endpoint and certificate information clients need to
// establish a connection with the Client VPN endpoint.
ExportClientVpnClientConfiguration(ctx context.Context, params *ExportClientVpnClientConfigurationInput, optFns ...func(*Options)) (*ExportClientVpnClientConfigurationOutput, error)
// Exports an Amazon Machine Image (AMI) to a VM file. For more information, see
// Exporting a VM directly from an Amazon Machine Image (AMI)
// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport_image.html) in
// the VM Import/Export User Guide.
ExportImage(ctx context.Context, params *ExportImageInput, optFns ...func(*Options)) (*ExportImageOutput, error)
// Exports routes from the specified transit gateway route table to the specified
// S3 bucket. By default, all routes are exported. Alternatively, you can filter by
// CIDR range. The routes are saved to the specified bucket in a JSON file. For
// more information, see Export Route Tables to Amazon S3
// (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html#tgw-export-route-tables)
// in Transit Gateways.
ExportTransitGatewayRoutes(ctx context.Context, params *ExportTransitGatewayRoutesInput, optFns ...func(*Options)) (*ExportTransitGatewayRoutesOutput, error)
// Returns the IAM roles that are associated with the specified ACM (ACM)
// certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3
// object key where the certificate, certificate chain, and encrypted private key
// bundle are stored, and the ARN of the KMS key that's used to encrypt the private
// key.
GetAssociatedEnclaveCertificateIamRoles(ctx context.Context, params *GetAssociatedEnclaveCertificateIamRolesInput, optFns ...func(*Options)) (*GetAssociatedEnclaveCertificateIamRolesOutput, error)
// Gets information about the IPv6 CIDR block associations for a specified IPv6
// address pool.
GetAssociatedIpv6PoolCidrs(ctx context.Context, params *GetAssociatedIpv6PoolCidrsInput, optFns ...func(*Options)) (*GetAssociatedIpv6PoolCidrsOutput, error)
// Gets usage information about a Capacity Reservation. If the Capacity Reservation
// is shared, it shows usage information for the Capacity Reservation owner and
// each Amazon Web Services account that is currently using the shared capacity. If
// the Capacity Reservation is not shared, it shows only the Capacity Reservation
// owner's usage.
GetCapacityReservationUsage(ctx context.Context, params *GetCapacityReservationUsageInput, optFns ...func(*Options)) (*GetCapacityReservationUsageOutput, error)
// Describes the allocations from the specified customer-owned address pool.
GetCoipPoolUsage(ctx context.Context, params *GetCoipPoolUsageInput, optFns ...func(*Options)) (*GetCoipPoolUsageOutput, error)
// Gets the console output for the specified instance. For Linux instances, the
// instance console output displays the exact console output that would normally be
// displayed on a physical monitor attached to a computer. For Windows instances,
// the instance console output includes the last three system event log errors. By
// default, the console output returns buffered information that was posted shortly
// after an instance transition state (start, stop, reboot, or terminate). This
// information is available for at least one hour after the most recent post. Only
// the most recent 64 KB of console output is available. You can optionally
// retrieve the latest serial console output at any time during the instance
// lifecycle. This option is supported on instance types that use the Nitro
// hypervisor. For more information, see Instance console output
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html#instance-console-console-output)
// in the Amazon EC2 User Guide.
GetConsoleOutput(ctx context.Context, params *GetConsoleOutputInput, optFns ...func(*Options)) (*GetConsoleOutputOutput, error)
// Retrieve a JPG-format screenshot of a running instance to help with
// troubleshooting. The returned content is Base64-encoded.
GetConsoleScreenshot(ctx context.Context, params *GetConsoleScreenshotInput, optFns ...func(*Options)) (*GetConsoleScreenshotOutput, error)
// Describes the default credit option for CPU usage of a burstable performance
// instance family. For more information, see Burstable performance instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
// in the Amazon EC2 User Guide.
GetDefaultCreditSpecification(ctx context.Context, params *GetDefaultCreditSpecificationInput, optFns ...func(*Options)) (*GetDefaultCreditSpecificationOutput, error)
// Describes the default KMS key for EBS encryption by default for your account in
// this Region. You can change the default KMS key for encryption by default using
// ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. For more information, see
// Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
GetEbsDefaultKmsKeyId(ctx context.Context, params *GetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*GetEbsDefaultKmsKeyIdOutput, error)
// Describes whether EBS encryption by default is enabled for your account in the
// current Region. For more information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
GetEbsEncryptionByDefault(ctx context.Context, params *GetEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*GetEbsEncryptionByDefaultOutput, error)
// Generates a CloudFormation template that streamlines and automates the
// integration of VPC flow logs with Amazon Athena. This make it easier for you to
// query and gain insights from VPC flow logs data. Based on the information that
// you provide, we configure resources in the template to do the following:
//
// *
// Create a table in Athena that maps fields to a custom log format
//
// * Create a
// Lambda function that updates the table with new partitions on a daily, weekly,
// or monthly basis
//
// * Create a table partitioned between two timestamps in the
// past
//
// * Create a set of named queries in Athena that you can use to get started
// quickly
GetFlowLogsIntegrationTemplate(ctx context.Context, params *GetFlowLogsIntegrationTemplateInput, optFns ...func(*Options)) (*GetFlowLogsIntegrationTemplateOutput, error)
// Lists the resource groups to which a Capacity Reservation has been added.
GetGroupsForCapacityReservation(ctx context.Context, params *GetGroupsForCapacityReservationInput, optFns ...func(*Options)) (*GetGroupsForCapacityReservationOutput, error)
// Preview a reservation purchase with configurations that match those of your
// Dedicated Host. You must have active Dedicated Hosts in your account before you
// purchase a reservation. This is a preview of the PurchaseHostReservation action
// and does not result in the offering being purchased.
GetHostReservationPurchasePreview(ctx context.Context, params *GetHostReservationPurchasePreviewInput, optFns ...func(*Options)) (*GetHostReservationPurchasePreviewOutput, error)
// Returns a list of instance types with the specified instance attributes. You can
// use the response to preview the instance types without launching instances. Note
// that the response does not consider capacity. When you specify multiple
// parameters, you get instance types that satisfy all of the specified parameters.
// If you specify multiple values for a parameter, you get instance types that
// satisfy any of the specified values. For more information, see Preview instance
// types with specified attributes
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html#spotfleet-get-instance-types-from-instance-requirements),
// Attribute-based instance type selection for EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html),
// Attribute-based instance type selection for Spot Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html),
// and Spot placement score
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html)
// in the Amazon EC2 User Guide, and Creating an Auto Scaling group using
// attribute-based instance type selection
// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-instance-type-requirements.html)
// in the Amazon EC2 Auto Scaling User Guide.
GetInstanceTypesFromInstanceRequirements(ctx context.Context, params *GetInstanceTypesFromInstanceRequirementsInput, optFns ...func(*Options)) (*GetInstanceTypesFromInstanceRequirementsOutput, error)
// Retrieve historical information about a CIDR within an IPAM scope. For more
// information, see View the history of IP addresses in the Amazon VPC IPAM User
// Guide.
GetIpamAddressHistory(ctx context.Context, params *GetIpamAddressHistoryInput, optFns ...func(*Options)) (*GetIpamAddressHistoryOutput, error)
// Get a list of all the CIDR allocations in an IPAM pool.
GetIpamPoolAllocations(ctx context.Context, params *GetIpamPoolAllocationsInput, optFns ...func(*Options)) (*GetIpamPoolAllocationsOutput, error)
// Get the CIDRs provisioned to an IPAM pool.
GetIpamPoolCidrs(ctx context.Context, params *GetIpamPoolCidrsInput, optFns ...func(*Options)) (*GetIpamPoolCidrsOutput, error)
// Get information about the resources in a scope.
GetIpamResourceCidrs(ctx context.Context, params *GetIpamResourceCidrsInput, optFns ...func(*Options)) (*GetIpamResourceCidrsOutput, error)
// Retrieves the configuration data of the specified instance. You can use this
// data to create a launch template. This action calls on other describe actions to
// get instance information. Depending on your instance configuration, you may need
// to allow the following actions in your IAM policy: DescribeSpotInstanceRequests,
// DescribeInstanceCreditSpecifications, DescribeVolumes,
// DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe*
// depending on your instance requirements.
GetLaunchTemplateData(ctx context.Context, params *GetLaunchTemplateDataInput, optFns ...func(*Options)) (*GetLaunchTemplateDataOutput, error)
// Gets information about the resources that are associated with the specified
// managed prefix list.
GetManagedPrefixListAssociations(ctx context.Context, params *GetManagedPrefixListAssociationsInput, optFns ...func(*Options)) (*GetManagedPrefixListAssociationsOutput, error)
// Gets information about the entries for a specified managed prefix list.
GetManagedPrefixListEntries(ctx context.Context, params *GetManagedPrefixListEntriesInput, optFns ...func(*Options)) (*GetManagedPrefixListEntriesOutput, error)
// Gets the findings for the specified Network Access Scope analysis.
GetNetworkInsightsAccessScopeAnalysisFindings(ctx context.Context, params *GetNetworkInsightsAccessScopeAnalysisFindingsInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, error)
// Gets the content for the specified Network Access Scope.
GetNetworkInsightsAccessScopeContent(ctx context.Context, params *GetNetworkInsightsAccessScopeContentInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeContentOutput, error)
// Retrieves the encrypted administrator password for a running Windows instance.
// The Windows password is generated at boot by the EC2Config service or EC2Launch
// scripts (Windows Server 2016 and later). This usually only happens the first
// time an instance is launched. For more information, see EC2Config
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_WinAMI.html)
// and EC2Launch
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html) in the
// Amazon EC2 User Guide. For the EC2Config service, the password is not generated
// for rebundled AMIs unless Ec2SetPassword is enabled before bundling. The
// password is encrypted using the key pair that you specified when you launched
// the instance. You must provide the corresponding key pair file. When you launch
// an instance, password generation and encryption may take a few minutes. If you
// try to retrieve the password before it's available, the output returns an empty
// string. We recommend that you wait up to 15 minutes after launching an instance
// before trying to retrieve the generated password.
GetPasswordData(ctx context.Context, params *GetPasswordDataInput, optFns ...func(*Options)) (*GetPasswordDataOutput, error)
// Returns a quote and exchange information for exchanging one or more specified
// Convertible Reserved Instances for a new Convertible Reserved Instance. If the
// exchange cannot be performed, the reason is returned in the response. Use
// AcceptReservedInstancesExchangeQuote to perform the exchange.
GetReservedInstancesExchangeQuote(ctx context.Context, params *GetReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*GetReservedInstancesExchangeQuoteOutput, error)
// Retrieves the access status of your account to the EC2 serial console of all
// instances. By default, access to the EC2 serial console is disabled for your
// account. For more information, see Manage account access to the EC2 serial
// console
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
// in the Amazon EC2 User Guide.
GetSerialConsoleAccessStatus(ctx context.Context, params *GetSerialConsoleAccessStatusInput, optFns ...func(*Options)) (*GetSerialConsoleAccessStatusOutput, error)
// Calculates the Spot placement score for a Region or Availability Zone based on
// the specified target capacity and compute requirements. You can specify your
// compute requirements either by using InstanceRequirementsWithMetadata and
// letting Amazon EC2 choose the optimal instance types to fulfill your Spot
// request, or you can specify the instance types by using InstanceTypes. For more
// information, see Spot placement score
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html)
// in the Amazon EC2 User Guide.
GetSpotPlacementScores(ctx context.Context, params *GetSpotPlacementScoresInput, optFns ...func(*Options)) (*GetSpotPlacementScoresOutput, error)
// Gets information about the subnet CIDR reservations.
GetSubnetCidrReservations(ctx context.Context, params *GetSubnetCidrReservationsInput, optFns ...func(*Options)) (*GetSubnetCidrReservationsOutput, error)
// Lists the route tables to which the specified resource attachment propagates
// routes.
GetTransitGatewayAttachmentPropagations(ctx context.Context, params *GetTransitGatewayAttachmentPropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayAttachmentPropagationsOutput, error)
// Gets information about the associations for the transit gateway multicast
// domain.
GetTransitGatewayMulticastDomainAssociations(ctx context.Context, params *GetTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayMulticastDomainAssociationsOutput, error)
// Gets information about the prefix list references in a specified transit gateway
// route table.
GetTransitGatewayPrefixListReferences(ctx context.Context, params *GetTransitGatewayPrefixListReferencesInput, optFns ...func(*Options)) (*GetTransitGatewayPrefixListReferencesOutput, error)
// Gets information about the associations for the specified transit gateway route
// table.
GetTransitGatewayRouteTableAssociations(ctx context.Context, params *GetTransitGatewayRouteTableAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTableAssociationsOutput, error)
// Gets information about the route table propagations for the specified transit
// gateway route table.
GetTransitGatewayRouteTablePropagations(ctx context.Context, params *GetTransitGatewayRouteTablePropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTablePropagationsOutput, error)
// Download an Amazon Web Services-provided sample configuration file to be used
// with the customer gateway device specified for your Site-to-Site VPN connection.
GetVpnConnectionDeviceSampleConfiguration(ctx context.Context, params *GetVpnConnectionDeviceSampleConfigurationInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceSampleConfigurationOutput, error)
// Obtain a list of customer gateway devices for which sample configuration files
// can be provided. The request has no additional parameters. You can also see the
// list of device types with sample configuration files available under Your
// customer gateway device
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
GetVpnConnectionDeviceTypes(ctx context.Context, params *GetVpnConnectionDeviceTypesInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceTypesOutput, error)
// Uploads a client certificate revocation list to the specified Client VPN
// endpoint. Uploading a client certificate revocation list overwrites the existing
// client certificate revocation list. Uploading a client certificate revocation
// list resets existing client connections.
ImportClientVpnClientCertificateRevocationList(ctx context.Context, params *ImportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ImportClientVpnClientCertificateRevocationListOutput, error)
// Import single or multi-volume disk images or EBS snapshots into an Amazon
// Machine Image (AMI). For more information, see Importing a VM as an image using
// VM Import/Export
// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html)
// in the VM Import/Export User Guide.
ImportImage(ctx context.Context, params *ImportImageInput, optFns ...func(*Options)) (*ImportImageOutput, error)
// Creates an import instance task using metadata from the specified disk image.
// This API action supports only single-volume VMs. To import multi-volume VMs, use
// ImportImage instead. This API action is not supported by the Command Line
// Interface (CLI). For information about using the Amazon EC2 CLI, which is
// deprecated, see Importing a VM to Amazon EC2
// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2)
// in the Amazon EC2 CLI Reference PDF file. For information about the import
// manifest referenced by this API action, see VM Import Manifest
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
ImportInstance(ctx context.Context, params *ImportInstanceInput, optFns ...func(*Options)) (*ImportInstanceOutput, error)
// Imports the public key from an RSA or ED25519 key pair that you created with a
// third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services
// creates the key pair and gives the keys to you (Amazon Web Services keeps a copy
// of the public key). With ImportKeyPair, you create the key pair and give Amazon
// Web Services just the public key. The private key is never transferred between
// you and Amazon Web Services. For more information about key pairs, see Amazon
// EC2 key pairs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
// Amazon Elastic Compute Cloud User Guide.
ImportKeyPair(ctx context.Context, params *ImportKeyPairInput, optFns ...func(*Options)) (*ImportKeyPairOutput, error)
// Imports a disk into an EBS snapshot. For more information, see Importing a disk
// as a snapshot using VM Import/Export
// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-import-snapshot.html)
// in the VM Import/Export User Guide.
ImportSnapshot(ctx context.Context, params *ImportSnapshotInput, optFns ...func(*Options)) (*ImportSnapshotOutput, error)
// Creates an import volume task using metadata from the specified disk image. This
// API action supports only single-volume VMs. To import multi-volume VMs, use
// ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.
// This API action is not supported by the Command Line Interface (CLI). For
// information about using the Amazon EC2 CLI, which is deprecated, see Importing
// Disks to Amazon EBS
// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#importing-your-volumes-into-amazon-ebs)
// in the Amazon EC2 CLI Reference PDF file. For information about the import
// manifest referenced by this API action, see VM Import Manifest
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
ImportVolume(ctx context.Context, params *ImportVolumeInput, optFns ...func(*Options)) (*ImportVolumeOutput, error)
// Lists one or more AMIs that are currently in the Recycle Bin. For more
// information, see Recycle Bin
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
// Amazon Elastic Compute Cloud User Guide.
ListImagesInRecycleBin(ctx context.Context, params *ListImagesInRecycleBinInput, optFns ...func(*Options)) (*ListImagesInRecycleBinOutput, error)
// Lists one or more snapshots that are currently in the Recycle Bin.
ListSnapshotsInRecycleBin(ctx context.Context, params *ListSnapshotsInRecycleBinInput, optFns ...func(*Options)) (*ListSnapshotsInRecycleBinOutput, error)
// Modifies an attribute of the specified Elastic IP address. For requirements, see
// Using reverse DNS for email applications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
ModifyAddressAttribute(ctx context.Context, params *ModifyAddressAttributeInput, optFns ...func(*Options)) (*ModifyAddressAttributeOutput, error)
// Changes the opt-in status of the Local Zone and Wavelength Zone group for your
// account. Use DescribeAvailabilityZones
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html)
// to view the value for GroupName.
ModifyAvailabilityZoneGroup(ctx context.Context, params *ModifyAvailabilityZoneGroupInput, optFns ...func(*Options)) (*ModifyAvailabilityZoneGroupOutput, error)
// Modifies a Capacity Reservation's capacity and the conditions under which it is
// to be released. You cannot change a Capacity Reservation's instance type, EBS
// optimization, instance store settings, platform, Availability Zone, or instance
// eligibility. If you need to modify any of these attributes, we recommend that
// you cancel the Capacity Reservation, and then create a new one with the required
// attributes.
ModifyCapacityReservation(ctx context.Context, params *ModifyCapacityReservationInput, optFns ...func(*Options)) (*ModifyCapacityReservationOutput, error)
// Modifies a Capacity Reservation Fleet. When you modify the total target capacity
// of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity
// Reservations, or modifies or cancels existing Capacity Reservations in the Fleet
// to meet the new total target capacity. When you modify the end date for the
// Fleet, the end dates for all of the individual Capacity Reservations in the
// Fleet are updated accordingly.
ModifyCapacityReservationFleet(ctx context.Context, params *ModifyCapacityReservationFleetInput, optFns ...func(*Options)) (*ModifyCapacityReservationFleetOutput, error)
// Modifies the specified Client VPN endpoint. Modifying the DNS server resets
// existing client connections.
ModifyClientVpnEndpoint(ctx context.Context, params *ModifyClientVpnEndpointInput, optFns ...func(*Options)) (*ModifyClientVpnEndpointOutput, error)
// Modifies the default credit option for CPU usage of burstable performance
// instances. The default credit option is set at the account level per Amazon Web
// Services Region, and is specified per instance family. All new burstable
// performance instances in the account launch using the default credit option.
// ModifyDefaultCreditSpecification is an asynchronous operation, which works at an
// Amazon Web Services Region level and modifies the credit option for each
// Availability Zone. All zones in a Region are updated within five minutes. But if
// instances are launched during this operation, they might not get the new credit
// option until the zone is updated. To verify whether the update has occurred, you
// can call GetDefaultCreditSpecification and check DefaultCreditSpecification for
// updates. For more information, see Burstable performance instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
// in the Amazon EC2 User Guide.
ModifyDefaultCreditSpecification(ctx context.Context, params *ModifyDefaultCreditSpecificationInput, optFns ...func(*Options)) (*ModifyDefaultCreditSpecificationOutput, error)
// Changes the default KMS key for EBS encryption by default for your account in
// this Region. Amazon Web Services creates a unique Amazon Web Services managed
// KMS key in each Region for use with encryption by default. If you change the
// default KMS key to a symmetric customer managed KMS key, it is used instead of
// the Amazon Web Services managed KMS key. To reset the default KMS key to the
// Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon
// EBS does not support asymmetric KMS keys. If you delete or disable the customer
// managed KMS key that you specified for use with encryption by default, your
// instances will fail to launch. For more information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
ModifyEbsDefaultKmsKeyId(ctx context.Context, params *ModifyEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ModifyEbsDefaultKmsKeyIdOutput, error)
// Modifies the specified EC2 Fleet. You can only modify an EC2 Fleet request of
// type maintain. While the EC2 Fleet is being modified, it is in the modifying
// state. To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet
// launches the additional Spot Instances according to the allocation strategy for
// the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet
// launches instances using the Spot Instance pool with the lowest price. If the
// allocation strategy is diversified, the EC2 Fleet distributes the instances
// across the Spot Instance pools. If the allocation strategy is
// capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with
// optimal capacity for the number of instances that are launching. To scale down
// your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any
// open requests that exceed the new target capacity. You can request that the EC2
// Fleet terminate Spot Instances until the size of the fleet no longer exceeds the
// new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet
// terminates the instances with the highest price per unit. If the allocation
// strategy is capacity-optimized, the EC2 Fleet terminates the instances in the
// Spot Instance pools that have the least available Spot Instance capacity. If the
// allocation strategy is diversified, the EC2 Fleet terminates instances across
// the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep
// the fleet at its current size, but not replace any Spot Instances that are
// interrupted or that you terminate manually. If you are finished with your EC2
// Fleet for now, but will use it again later, you can set the target capacity to
// 0.
ModifyFleet(ctx context.Context, params *ModifyFleetInput, optFns ...func(*Options)) (*ModifyFleetOutput, error)
// Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
ModifyFpgaImageAttribute(ctx context.Context, params *ModifyFpgaImageAttributeInput, optFns ...func(*Options)) (*ModifyFpgaImageAttributeOutput, error)
// Modify the auto-placement setting of a Dedicated Host. When auto-placement is
// enabled, any instances that you launch with a tenancy of host but without a
// specific host ID are placed onto any available Dedicated Host in your account
// that has auto-placement enabled. When auto-placement is disabled, you need to
// provide a host ID to have the instance launch onto a specific host. If no host
// ID is provided, the instance is launched onto a suitable host with
// auto-placement enabled. You can also use this API action to modify a Dedicated
// Host to support either multiple instance types in an instance family, or to
// support a specific instance type only.
ModifyHosts(ctx context.Context, params *ModifyHostsInput, optFns ...func(*Options)) (*ModifyHostsOutput, error)
// Modifies the ID format for the specified resource on a per-Region basis. You can
// specify that resources should receive longer IDs (17-character IDs) when they
// are created. This request can only be used to modify longer ID settings for
// resource types that are within the opt-in period. Resources currently in their
// opt-in period include: bundle | conversion-task | customer-gateway |
// dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task |
// flow-log | image | import-task | internet-gateway | network-acl |
// network-acl-association | network-interface | network-interface-attachment |
// prefix-list | route-table | route-table-association | security-group | subnet |
// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
// | vpc-peering-connection | vpn-connection | vpn-gateway. This setting applies to
// the IAM user who makes the request; it does not apply to the entire Amazon Web
// Services account. By default, an IAM user defaults to the same settings as the
// root user. If you're using this action as the root user, then these settings
// apply to the entire account, unless an IAM user explicitly overrides these
// settings for themselves. For more information, see Resource IDs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
// Amazon Elastic Compute Cloud User Guide. Resources created with longer IDs are
// visible to all IAM roles and users, regardless of these settings and provided
// that they have permission to use the relevant Describe command for the resource
// type.
ModifyIdFormat(ctx context.Context, params *ModifyIdFormatInput, optFns ...func(*Options)) (*ModifyIdFormatOutput, error)
// Modifies the ID format of a resource for a specified IAM user, IAM role, or the
// root user for an account; or all IAM users, IAM roles, and the root user for an
// account. You can specify that resources should receive longer IDs (17-character
// IDs) when they are created. This request can only be used to modify longer ID
// settings for resource types that are within the opt-in period. Resources
// currently in their opt-in period include: bundle | conversion-task |
// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
// | export-task | flow-log | image | import-task | internet-gateway | network-acl
// | network-acl-association | network-interface | network-interface-attachment |
// prefix-list | route-table | route-table-association | security-group | subnet |
// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
// | vpc-peering-connection | vpn-connection | vpn-gateway. For more information,
// see Resource IDs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
// Amazon Elastic Compute Cloud User Guide. This setting applies to the principal
// specified in the request; it does not apply to the principal that makes the
// request. Resources created with longer IDs are visible to all IAM roles and
// users, regardless of these settings and provided that they have permission to
// use the relevant Describe command for the resource type.
ModifyIdentityIdFormat(ctx context.Context, params *ModifyIdentityIdFormatInput, optFns ...func(*Options)) (*ModifyIdentityIdFormatOutput, error)
// Modifies the specified attribute of the specified AMI. You can specify only one
// attribute at a time. You can use the Attribute parameter to specify the
// attribute or one of the following parameters: Description or LaunchPermission.
// Images with an Amazon Web Services Marketplace product code cannot be made
// public. To enable the SriovNetSupport enhanced networking attribute of an image,
// enable SriovNetSupport on an instance and create an AMI from the instance.
ModifyImageAttribute(ctx context.Context, params *ModifyImageAttributeInput, optFns ...func(*Options)) (*ModifyImageAttributeOutput, error)
// Modifies the specified attribute of the specified instance. You can specify only
// one attribute at a time. Note: Using this action to change the security groups
// associated with an elastic network interface (ENI) attached to an instance in a
// VPC can result in an error if the instance has more than one ENI. To change the
// security groups associated with an ENI attached to an instance that has multiple
// ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action. To
// modify some attributes, the instance must be stopped. For more information, see
// Modify a stopped instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html)
// in the Amazon EC2 User Guide.
ModifyInstanceAttribute(ctx context.Context, params *ModifyInstanceAttributeInput, optFns ...func(*Options)) (*ModifyInstanceAttributeOutput, error)
// Modifies the Capacity Reservation settings for a stopped instance. Use this
// action to configure an instance to target a specific Capacity Reservation, run
// in any open Capacity Reservation with matching attributes, or run On-Demand
// Instance capacity.
ModifyInstanceCapacityReservationAttributes(ctx context.Context, params *ModifyInstanceCapacityReservationAttributesInput, optFns ...func(*Options)) (*ModifyInstanceCapacityReservationAttributesOutput, error)
// Modifies the credit option for CPU usage on a running or stopped burstable
// performance instance. The credit options are standard and unlimited. For more
// information, see Burstable performance instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
// in the Amazon EC2 User Guide.
ModifyInstanceCreditSpecification(ctx context.Context, params *ModifyInstanceCreditSpecificationInput, optFns ...func(*Options)) (*ModifyInstanceCreditSpecificationOutput, error)
// Modifies the start time for a scheduled Amazon EC2 instance event.
ModifyInstanceEventStartTime(ctx context.Context, params *ModifyInstanceEventStartTimeInput, optFns ...func(*Options)) (*ModifyInstanceEventStartTimeOutput, error)
// Modifies the specified event window. You can define either a set of time ranges
// or a cron expression when modifying the event window, but not both. To modify
// the targets associated with the event window, use the
// AssociateInstanceEventWindow and DisassociateInstanceEventWindow API. If Amazon
// Web Services has already scheduled an event, modifying an event window won't
// change the time of the scheduled event. For more information, see Define event
// windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
ModifyInstanceEventWindow(ctx context.Context, params *ModifyInstanceEventWindowInput, optFns ...func(*Options)) (*ModifyInstanceEventWindowOutput, error)
// Modifies the recovery behavior of your instance to disable simplified automatic
// recovery or set the recovery behavior to default. The default configuration will
// not enable simplified automatic recovery for an unsupported instance type. For
// more information, see Simplified automatic recovery
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery).
ModifyInstanceMaintenanceOptions(ctx context.Context, params *ModifyInstanceMaintenanceOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMaintenanceOptionsOutput, error)
// Modify the instance metadata parameters on a running or stopped instance. When
// you modify the parameters on a stopped instance, they are applied when the
// instance is started. When you modify the parameters on a running instance, the
// API responds with a state of “pending”. After the parameter modifications are
// successfully applied to the instance, the state of the modifications changes
// from “pending” to “applied” in subsequent describe-instances API calls. For more
// information, see Instance metadata and user data
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
// in the Amazon EC2 User Guide.
ModifyInstanceMetadataOptions(ctx context.Context, params *ModifyInstanceMetadataOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMetadataOptionsOutput, error)
// Modifies the placement attributes for a specified instance. You can do the
// following:
//
// * Modify the affinity between an instance and a Dedicated Host
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html).
// When affinity is set to host and the instance is not associated with a specific
// Dedicated Host, the next time the instance is launched, it is automatically
// associated with the host on which it lands. If the instance is restarted or
// rebooted, this relationship persists.
//
// * Change the Dedicated Host with which an
// instance is associated.
//
// * Change the instance tenancy of an instance.
//
// * Move
// an instance to or from a placement group
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html).
//
// At
// least one attribute for affinity, host ID, tenancy, or placement group name must
// be specified in the request. Affinity and tenancy can be modified in the same
// request. To modify the host ID, tenancy, placement group, or partition for an
// instance, the instance must be in the stopped state.
ModifyInstancePlacement(ctx context.Context, params *ModifyInstancePlacementInput, optFns ...func(*Options)) (*ModifyInstancePlacementOutput, error)
// Modify the configurations of an IPAM.
ModifyIpam(ctx context.Context, params *ModifyIpamInput, optFns ...func(*Options)) (*ModifyIpamOutput, error)
// Modify the configurations of an IPAM pool. For more information, see Modify a
// pool in the Amazon VPC IPAM User Guide.
ModifyIpamPool(ctx context.Context, params *ModifyIpamPoolInput, optFns ...func(*Options)) (*ModifyIpamPoolOutput, error)
// Modify a resource CIDR. You can use this action to transfer resource CIDRs
// between scopes and ignore resource CIDRs that you do not want to manage. If set
// to false, the resource will not be tracked for overlap, it cannot be
// auto-imported into a pool, and it will be removed from any pool it has an
// allocation in. For more information, see Move resource CIDRs between scopes and
// Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.
ModifyIpamResourceCidr(ctx context.Context, params *ModifyIpamResourceCidrInput, optFns ...func(*Options)) (*ModifyIpamResourceCidrOutput, error)
// Modify an IPAM scope.
ModifyIpamScope(ctx context.Context, params *ModifyIpamScopeInput, optFns ...func(*Options)) (*ModifyIpamScopeOutput, error)
// Modifies a launch template. You can specify which version of the launch template
// to set as the default version. When launching an instance, the default version
// applies when a launch template version is not specified.
ModifyLaunchTemplate(ctx context.Context, params *ModifyLaunchTemplateInput, optFns ...func(*Options)) (*ModifyLaunchTemplateOutput, error)
// Modifies the specified managed prefix list. Adding or removing entries in a
// prefix list creates a new version of the prefix list. Changing the name of the
// prefix list does not affect the version. If you specify a current version number
// that does not match the true current version number, the request fails.
ModifyManagedPrefixList(ctx context.Context, params *ModifyManagedPrefixListInput, optFns ...func(*Options)) (*ModifyManagedPrefixListOutput, error)
// Modifies the specified network interface attribute. You can specify only one
// attribute at a time. You can use this action to attach and detach security
// groups from an existing EC2 instance.
ModifyNetworkInterfaceAttribute(ctx context.Context, params *ModifyNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ModifyNetworkInterfaceAttributeOutput, error)
// Modifies the options for instance hostnames for the specified instance.
ModifyPrivateDnsNameOptions(ctx context.Context, params *ModifyPrivateDnsNameOptionsInput, optFns ...func(*Options)) (*ModifyPrivateDnsNameOptionsOutput, error)
// Modifies the Availability Zone, instance count, instance type, or network
// platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved
// Instances to be modified must be identical, except for Availability Zone,
// network platform, and instance type. For more information, see Modifying
// Reserved Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the
// Amazon EC2 User Guide.
ModifyReservedInstances(ctx context.Context, params *ModifyReservedInstancesInput, optFns ...func(*Options)) (*ModifyReservedInstancesOutput, error)
// Modifies the rules of a security group.
ModifySecurityGroupRules(ctx context.Context, params *ModifySecurityGroupRulesInput, optFns ...func(*Options)) (*ModifySecurityGroupRulesOutput, error)
// Adds or removes permission settings for the specified snapshot. You may add or
// remove specified Amazon Web Services account IDs from a snapshot's list of
// create volume permissions, but you cannot do both in a single operation. If you
// need to both add and remove account IDs for a snapshot, you must use multiple
// operations. You can make up to 500 modifications to a snapshot in a single
// operation. Encrypted snapshots and snapshots with Amazon Web Services
// Marketplace product codes cannot be made public. Snapshots encrypted with your
// default KMS key cannot be shared with other accounts. For more information about
// modifying snapshot permissions, see Share a snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html)
// in the Amazon Elastic Compute Cloud User Guide.
ModifySnapshotAttribute(ctx context.Context, params *ModifySnapshotAttributeInput, optFns ...func(*Options)) (*ModifySnapshotAttributeOutput, error)
// Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to
// a full snapshot that includes all of the blocks of data that were written to the
// volume at the time the snapshot was created, and moved from the standard tier to
// the archive tier. For more information, see Archive Amazon EBS snapshots
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-archive.html) in
// the Amazon Elastic Compute Cloud User Guide.
ModifySnapshotTier(ctx context.Context, params *ModifySnapshotTierInput, optFns ...func(*Options)) (*ModifySnapshotTierOutput, error)
// Modifies the specified Spot Fleet request. You can only modify a Spot Fleet
// request of type maintain. While the Spot Fleet request is being modified, it is
// in the modifying state. To scale up your Spot Fleet, increase its target
// capacity. The Spot Fleet launches the additional Spot Instances according to the
// allocation strategy for the Spot Fleet request. If the allocation strategy is
// lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with
// the lowest price. If the allocation strategy is diversified, the Spot Fleet
// distributes the instances across the Spot Instance pools. If the allocation
// strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance
// pools with optimal capacity for the number of instances that are launching. To
// scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet
// cancels any open requests that exceed the new target capacity. You can request
// that the Spot Fleet terminate Spot Instances until the size of the fleet no
// longer exceeds the new target capacity. If the allocation strategy is
// lowestPrice, the Spot Fleet terminates the instances with the highest price per
// unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates
// the instances in the Spot Instance pools that have the least available Spot
// Instance capacity. If the allocation strategy is diversified, the Spot Fleet
// terminates instances across the Spot Instance pools. Alternatively, you can
// request that the Spot Fleet keep the fleet at its current size, but not replace
// any Spot Instances that are interrupted or that you terminate manually. If you
// are finished with your Spot Fleet for now, but will use it again later, you can
// set the target capacity to 0.
ModifySpotFleetRequest(ctx context.Context, params *ModifySpotFleetRequestInput, optFns ...func(*Options)) (*ModifySpotFleetRequestOutput, error)
// Modifies a subnet attribute. You can only modify one attribute at a time. Use
// this action to modify subnets on Amazon Web Services Outposts.
//
// * To modify a
// subnet on an Outpost rack, set both MapCustomerOwnedIpOnLaunch and
// CustomerOwnedIpv4Pool. These two parameters act as a single attribute.
//
// * To
// modify a subnet on an Outpost server, set either EnableLniAtDeviceIndex or
// DisableLniAtDeviceIndex.
//
// For more information about Amazon Web Services
// Outposts, see the following:
//
// * Outpost servers
// (https://docs.aws.amazon.com/outposts/latest/userguide/how-servers-work.html)
//
// *
// Outpost racks
// (https://docs.aws.amazon.com/outposts/latest/userguide/how-racks-work.html)
ModifySubnetAttribute(ctx context.Context, params *ModifySubnetAttributeInput, optFns ...func(*Options)) (*ModifySubnetAttributeOutput, error)
// Allows or restricts mirroring network services. By default, Amazon DNS network
// services are not eligible for Traffic Mirror. Use AddNetworkServices to add
// network services to a Traffic Mirror filter. When a network service is added to
// the Traffic Mirror filter, all traffic related to that network service will be
// mirrored. When you no longer want to mirror network services, use
// RemoveNetworkServices to remove the network services from the Traffic Mirror
// filter.
ModifyTrafficMirrorFilterNetworkServices(ctx context.Context, params *ModifyTrafficMirrorFilterNetworkServicesInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterNetworkServicesOutput, error)
// Modifies the specified Traffic Mirror rule. DestinationCidrBlock and
// SourceCidrBlock must both be an IPv4 range or an IPv6 range.
ModifyTrafficMirrorFilterRule(ctx context.Context, params *ModifyTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterRuleOutput, error)
// Modifies a Traffic Mirror session.
ModifyTrafficMirrorSession(ctx context.Context, params *ModifyTrafficMirrorSessionInput, optFns ...func(*Options)) (*ModifyTrafficMirrorSessionOutput, error)
// Modifies the specified transit gateway. When you modify a transit gateway, the
// modified options are applied to new transit gateway attachments only. Your
// existing transit gateway attachments are not modified.
ModifyTransitGateway(ctx context.Context, params *ModifyTransitGatewayInput, optFns ...func(*Options)) (*ModifyTransitGatewayOutput, error)
// Modifies a reference (route) to a prefix list in a specified transit gateway
// route table.
ModifyTransitGatewayPrefixListReference(ctx context.Context, params *ModifyTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*ModifyTransitGatewayPrefixListReferenceOutput, error)
// Modifies the specified VPC attachment.
ModifyTransitGatewayVpcAttachment(ctx context.Context, params *ModifyTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ModifyTransitGatewayVpcAttachmentOutput, error)
// You can modify several parameters of an existing EBS volume, including volume
// size, volume type, and IOPS capacity. If your EBS volume is attached to a
// current-generation EC2 instance type, you might be able to apply these changes
// without stopping the instance or detaching the volume from it. For more
// information about modifying EBS volumes, see Amazon EBS Elastic Volumes
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modify-volume.html)
// (Linux instances) or Amazon EBS Elastic Volumes
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-modify-volume.html)
// (Windows instances). When you complete a resize operation on your volume, you
// need to extend the volume's file-system size to take advantage of the new
// storage capacity. For more information, see Extend a Linux file system
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#recognize-expanded-volume-linux)
// or Extend a Windows file system
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-expand-volume.html#recognize-expanded-volume-windows).
// You can use CloudWatch Events to check the status of a modification to an EBS
// volume. For information about CloudWatch Events, see the Amazon CloudWatch
// Events User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/).
// You can also track the status of a modification using
// DescribeVolumesModifications. For information about tracking status changes
// using either method, see Monitor the progress of volume modifications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html).
// With previous-generation instance types, resizing an EBS volume might require
// detaching and reattaching the volume or stopping and restarting the instance. If
// you reach the maximum volume modification rate per volume limit, you must wait
// at least six hours before applying further modifications to the affected EBS
// volume.
ModifyVolume(ctx context.Context, params *ModifyVolumeInput, optFns ...func(*Options)) (*ModifyVolumeOutput, error)
// Modifies a volume attribute. By default, all I/O operations for the volume are
// suspended when the data on the volume is determined to be potentially
// inconsistent, to prevent undetectable, latent data corruption. The I/O access to
// the volume can be resumed by first enabling I/O access and then checking the
// data consistency on your volume. You can change the default behavior to resume
// I/O operations. We recommend that you change this only for boot volumes or for
// volumes that are stateless or disposable.
ModifyVolumeAttribute(ctx context.Context, params *ModifyVolumeAttributeInput, optFns ...func(*Options)) (*ModifyVolumeAttributeOutput, error)
// Modifies the specified attribute of the specified VPC.
ModifyVpcAttribute(ctx context.Context, params *ModifyVpcAttributeInput, optFns ...func(*Options)) (*ModifyVpcAttributeOutput, error)
// Modifies attributes of a specified VPC endpoint. The attributes that you can
// modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load
// Balancer). For more information, see VPC Endpoints
// (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the
// Amazon Virtual Private Cloud User Guide.
ModifyVpcEndpoint(ctx context.Context, params *ModifyVpcEndpointInput, optFns ...func(*Options)) (*ModifyVpcEndpointOutput, error)
// Modifies a connection notification for VPC endpoint or VPC endpoint service. You
// can change the SNS topic for the notification, or the events for which to be
// notified.
ModifyVpcEndpointConnectionNotification(ctx context.Context, params *ModifyVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*ModifyVpcEndpointConnectionNotificationOutput, error)
// Modifies the attributes of your VPC endpoint service configuration. You can
// change the Network Load Balancers or Gateway Load Balancers for your service,
// and you can specify whether acceptance is required for requests to connect to
// your endpoint service through an interface VPC endpoint. If you set or modify
// the private DNS name, you must prove that you own the private DNS domain name.
// For more information, see VPC Endpoint Service Private DNS Name Verification
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html)
// in the Amazon Virtual Private Cloud User Guide.
ModifyVpcEndpointServiceConfiguration(ctx context.Context, params *ModifyVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*ModifyVpcEndpointServiceConfigurationOutput, error)
// Modifies the payer responsibility for your VPC endpoint service.
ModifyVpcEndpointServicePayerResponsibility(ctx context.Context, params *ModifyVpcEndpointServicePayerResponsibilityInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePayerResponsibilityOutput, error)
// Modifies the permissions for your VPC endpoint service
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html). You
// can add or remove permissions for service consumers (IAM users, IAM roles, and
// Amazon Web Services accounts) to connect to your endpoint service. If you grant
// permissions to all principals, the service is public. Any users who know the
// name of a public service can send a request to attach an endpoint. If the
// service does not require manual approval, attachments are automatically
// approved.
ModifyVpcEndpointServicePermissions(ctx context.Context, params *ModifyVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePermissionsOutput, error)
// Modifies the VPC peering connection options on one side of a VPC peering
// connection. You can do the following:
//
// * Enable/disable communication over the
// peering connection between an EC2-Classic instance that's linked to your VPC
// (using ClassicLink) and instances in the peer VPC.
//
// * Enable/disable
// communication over the peering connection between instances in your VPC and an
// EC2-Classic instance that's linked to the peer VPC.
//
// * Enable/disable the
// ability to resolve public DNS hostnames to private IP addresses when queried
// from instances in the peer VPC.
//
// If the peered VPCs are in the same Amazon Web
// Services account, you can enable DNS resolution for queries from the local VPC.
// This ensures that queries from the local VPC resolve to private IP addresses in
// the peer VPC. This option is not available if the peered VPCs are in different
// different Amazon Web Services accounts or different Regions. For peered VPCs in
// different Amazon Web Services accounts, each Amazon Web Services account owner
// must initiate a separate request to modify the peering connection options. For
// inter-region peering connections, you must use the Region for the requester VPC
// to modify the requester VPC peering options and the Region for the accepter VPC
// to modify the accepter VPC peering options. To verify which VPCs are the
// accepter and the requester for a VPC peering connection, use the
// DescribeVpcPeeringConnections command.
ModifyVpcPeeringConnectionOptions(ctx context.Context, params *ModifyVpcPeeringConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpcPeeringConnectionOptionsOutput, error)
// Modifies the instance tenancy attribute of the specified VPC. You can change the
// instance tenancy attribute of a VPC to default only. You cannot change the
// instance tenancy attribute to dedicated. After you modify the tenancy of the
// VPC, any new instances that you launch into the VPC have a tenancy of default,
// unless you specify otherwise during launch. The tenancy of any existing
// instances in the VPC is not affected. For more information, see Dedicated
// Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in
// the Amazon Elastic Compute Cloud User Guide.
ModifyVpcTenancy(ctx context.Context, params *ModifyVpcTenancyInput, optFns ...func(*Options)) (*ModifyVpcTenancyOutput, error)
// Modifies the customer gateway or the target gateway of an Amazon Web Services
// Site-to-Site VPN connection. To modify the target gateway, the following
// migration options are available:
//
// * An existing virtual private gateway to a new
// virtual private gateway
//
// * An existing virtual private gateway to a transit
// gateway
//
// * An existing transit gateway to a new transit gateway
//
// * An existing
// transit gateway to a virtual private gateway
//
// Before you perform the migration
// to the new gateway, you must configure the new gateway. Use CreateVpnGateway to
// create a virtual private gateway, or CreateTransitGateway to create a transit
// gateway. This step is required when you migrate from a virtual private gateway
// with static routes to a transit gateway. You must delete the static routes
// before you migrate to the new gateway. Keep a copy of the static route before
// you delete it. You will need to add back these routes to the transit gateway
// after the VPN connection migration is complete. After you migrate to the new
// gateway, you might need to modify your VPC route table. Use CreateRoute and
// DeleteRoute to make the changes described in Update VPC route tables
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing)
// in the Amazon Web Services Site-to-Site VPN User Guide. When the new gateway is
// a transit gateway, modify the transit gateway route table to allow traffic
// between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use
// CreateTransitGatewayRoute to add the routes. If you deleted VPN static routes,
// you must add the static routes to the transit gateway route table. After you
// perform this operation, the VPN endpoint's IP addresses on the Amazon Web
// Services side and the tunnel options remain intact. Your Amazon Web Services
// Site-to-Site VPN connection will be temporarily unavailable for a brief period
// while we provision the new endpoints.
ModifyVpnConnection(ctx context.Context, params *ModifyVpnConnectionInput, optFns ...func(*Options)) (*ModifyVpnConnectionOutput, error)
// Modifies the connection options for your Site-to-Site VPN connection. When you
// modify the VPN connection options, the VPN endpoint IP addresses on the Amazon
// Web Services side do not change, and the tunnel options do not change. Your VPN
// connection will be temporarily unavailable for a brief period while the VPN
// connection is updated.
ModifyVpnConnectionOptions(ctx context.Context, params *ModifyVpnConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpnConnectionOptionsOutput, error)
// Modifies the VPN tunnel endpoint certificate.
ModifyVpnTunnelCertificate(ctx context.Context, params *ModifyVpnTunnelCertificateInput, optFns ...func(*Options)) (*ModifyVpnTunnelCertificateOutput, error)
// Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN
// connection. You can modify multiple options for a tunnel in a single request,
// but you can only modify one tunnel at a time. For more information, see
// Site-to-Site VPN tunnel options for your Site-to-Site VPN connection
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html) in the Amazon
// Web Services Site-to-Site VPN User Guide.
ModifyVpnTunnelOptions(ctx context.Context, params *ModifyVpnTunnelOptionsInput, optFns ...func(*Options)) (*ModifyVpnTunnelOptionsOutput, error)
// Enables detailed monitoring for a running instance. Otherwise, basic monitoring
// is enabled. For more information, see Monitor your instances using CloudWatch
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in
// the Amazon EC2 User Guide. To disable detailed monitoring, see
// UnmonitorInstances
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_UnmonitorInstances.html).
MonitorInstances(ctx context.Context, params *MonitorInstancesInput, optFns ...func(*Options)) (*MonitorInstancesOutput, error)
// Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC
// platform. The Elastic IP address must be allocated to your account for more than
// 24 hours, and it must not be associated with an instance. After the Elastic IP
// address is moved, it is no longer available for use in the EC2-Classic platform,
// unless you move it back using the RestoreAddressToClassic request. You cannot
// move an Elastic IP address that was originally allocated for use in the EC2-VPC
// platform to the EC2-Classic platform.
MoveAddressToVpc(ctx context.Context, params *MoveAddressToVpcInput, optFns ...func(*Options)) (*MoveAddressToVpcOutput, error)
// Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool. If you already have an
// IPv4 BYOIP CIDR with Amazon Web Services, you can move the CIDR to IPAM from a
// public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a
// new IP address to Amazon Web Services for the first time, complete the steps in
// Tutorial: BYOIP address CIDRs to IPAM.
MoveByoipCidrToIpam(ctx context.Context, params *MoveByoipCidrToIpamInput, optFns ...func(*Options)) (*MoveByoipCidrToIpamOutput, error)
// Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services
// resources through bring your own IP addresses (BYOIP) and creates a
// corresponding address pool. After the address range is provisioned, it is ready
// to be advertised using AdvertiseByoipCidr. Amazon Web Services verifies that you
// own the address range and are authorized to advertise it. You must ensure that
// the address range is registered to you and that you created an RPKI ROA to
// authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more
// information, see Bring your own IP addresses (BYOIP)
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the
// Amazon Elastic Compute Cloud User Guide. Provisioning an address range is an
// asynchronous operation, so the call returns immediately, but the address range
// is not ready to use until its status changes from pending-provision to
// provisioned. To monitor the status of an address range, use DescribeByoipCidrs.
// To allocate an Elastic IP address from your IPv4 address pool, use
// AllocateAddress with either the specific address from the address pool or the ID
// of the address pool.
ProvisionByoipCidr(ctx context.Context, params *ProvisionByoipCidrInput, optFns ...func(*Options)) (*ProvisionByoipCidrOutput, error)
// Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs
// to a top-level pool or to transfer a CIDR from a top-level pool to a pool within
// it. For more information, see Provision CIDRs to pools in the Amazon VPC IPAM
// User Guide.
ProvisionIpamPoolCidr(ctx context.Context, params *ProvisionIpamPoolCidrInput, optFns ...func(*Options)) (*ProvisionIpamPoolCidrOutput, error)
// Provision a CIDR to a public IPv4 pool. For more information about IPAM, see
// What is IPAM? in the Amazon VPC IPAM User Guide.
ProvisionPublicIpv4PoolCidr(ctx context.Context, params *ProvisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*ProvisionPublicIpv4PoolCidrOutput, error)
// Purchase a reservation with configurations that match those of your Dedicated
// Host. You must have active Dedicated Hosts in your account before you purchase a
// reservation. This action results in the specified reservation being purchased
// and charged to your account.
PurchaseHostReservation(ctx context.Context, params *PurchaseHostReservationInput, optFns ...func(*Options)) (*PurchaseHostReservationOutput, error)
// Purchases a Reserved Instance for use with your account. With Reserved
// Instances, you pay a lower hourly rate compared to On-Demand instance pricing.
// Use DescribeReservedInstancesOfferings to get a list of Reserved Instance
// offerings that match your specifications. After you've purchased a Reserved
// Instance, you can check for your new Reserved Instance with
// DescribeReservedInstances. To queue a purchase for a future date and time,
// specify a purchase time. If you do not specify a purchase time, the default is
// the current time. For more information, see Reserved Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html)
// and Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
PurchaseReservedInstancesOffering(ctx context.Context, params *PurchaseReservedInstancesOfferingInput, optFns ...func(*Options)) (*PurchaseReservedInstancesOfferingOutput, error)
// Purchases the Scheduled Instances with the specified schedule. Scheduled
// Instances enable you to purchase Amazon EC2 compute capacity by the hour for a
// one-year term. Before you can purchase a Scheduled Instance, you must call
// DescribeScheduledInstanceAvailability to check for available schedules and
// obtain a purchase token. After you purchase a Scheduled Instance, you must call
// RunScheduledInstances during each scheduled time period. After you purchase a
// Scheduled Instance, you can't cancel, modify, or resell your purchase.
PurchaseScheduledInstances(ctx context.Context, params *PurchaseScheduledInstancesInput, optFns ...func(*Options)) (*PurchaseScheduledInstancesOutput, error)
// Requests a reboot of the specified instances. This operation is asynchronous; it
// only queues a request to reboot the specified instances. The operation succeeds
// if the instances are valid and belong to you. Requests to reboot terminated
// instances are ignored. If an instance does not cleanly shut down within a few
// minutes, Amazon EC2 performs a hard reboot. For more information about
// troubleshooting, see Troubleshoot an unreachable instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html) in
// the Amazon EC2 User Guide.
RebootInstances(ctx context.Context, params *RebootInstancesInput, optFns ...func(*Options)) (*RebootInstancesOutput, error)
// Registers an AMI. When you're creating an AMI, this is the final step you must
// complete before you can launch an instance from the AMI. For more information
// about creating AMIs, see Creating your own AMIs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami.html) in
// the Amazon Elastic Compute Cloud User Guide. For Amazon EBS-backed instances,
// CreateImage creates and registers the AMI in a single request, so you don't have
// to register the AMI yourself. If needed, you can deregister an AMI at any time.
// Any modifications you make to an AMI backed by an instance store volume
// invalidates its registration. If you make changes to an image, deregister the
// previous image and register the new image. Register a snapshot of a root device
// volume You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a
// snapshot of a root device volume. You specify the snapshot using a block device
// mapping. You can't set the encryption state of the volume using the block device
// mapping. If the snapshot is encrypted, or encryption by default is enabled, the
// root volume of an instance launched from the AMI is encrypted. For more
// information, see Create a Linux AMI from a snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html#creating-launching-ami-from-snapshot)
// and Use encryption with Amazon EBS-backed AMIs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide. Amazon Web Services Marketplace product
// codes If any snapshots have Amazon Web Services Marketplace product codes, they
// are copied to the new AMI. Windows and some Linux distributions, such as Red Hat
// Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon
// EC2 billing product code associated with an AMI to verify the subscription
// status for package updates. To create a new AMI for operating systems that
// require a billing product code, instead of registering the AMI, do the following
// to preserve the billing product code association:
//
// * Launch an instance from an
// existing AMI with that billing product code.
//
// * Customize the instance.
//
// *
// Create an AMI from the instance using CreateImage.
//
// If you purchase a Reserved
// Instance to apply to an On-Demand Instance that was launched from an AMI with a
// billing product code, make sure that the Reserved Instance has the matching
// billing product code. If you purchase a Reserved Instance without the matching
// billing product code, the Reserved Instance will not be applied to the On-Demand
// Instance. For information about how to obtain the platform details and billing
// information of an AMI, see Understanding AMI billing
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html) in
// the Amazon Elastic Compute Cloud User Guide.
RegisterImage(ctx context.Context, params *RegisterImageInput, optFns ...func(*Options)) (*RegisterImageOutput, error)
// Registers a set of tag keys to include in scheduled event notifications for your
// resources. To remove tags, use DeregisterInstanceEventNotificationAttributes
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeregisterInstanceEventNotificationAttributes.html).
RegisterInstanceEventNotificationAttributes(ctx context.Context, params *RegisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*RegisterInstanceEventNotificationAttributesOutput, error)
// Registers members (network interfaces) with the transit gateway multicast group.
// A member is a network interface associated with a supported EC2 instance that
// receives multicast traffic. For information about supported instances, see
// Multicast Consideration
// (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits)
// in Amazon VPC Transit Gateways. After you add the members, use
// SearchTransitGatewayMulticastGroups
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html)
// to verify that the members were added to the transit gateway multicast group.
RegisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *RegisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupMembersOutput, error)
// Registers sources (network interfaces) with the specified transit gateway
// multicast group. A multicast source is a network interface attached to a
// supported instance that sends multicast traffic. For information about supported
// instances, see Multicast Considerations
// (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits)
// in Amazon VPC Transit Gateways. After you add the source, use
// SearchTransitGatewayMulticastGroups
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html)
// to verify that the source was added to the multicast group.
RegisterTransitGatewayMulticastGroupSources(ctx context.Context, params *RegisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupSourcesOutput, error)
// Rejects a request to associate cross-account subnets with a transit gateway
// multicast domain.
RejectTransitGatewayMulticastDomainAssociations(ctx context.Context, params *RejectTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*RejectTransitGatewayMulticastDomainAssociationsOutput, error)
// Rejects a transit gateway peering attachment request.
RejectTransitGatewayPeeringAttachment(ctx context.Context, params *RejectTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayPeeringAttachmentOutput, error)
// Rejects a request to attach a VPC to a transit gateway. The VPC attachment must
// be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to
// view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment
// to accept a VPC attachment request.
RejectTransitGatewayVpcAttachment(ctx context.Context, params *RejectTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayVpcAttachmentOutput, error)
// Rejects one or more VPC endpoint connection requests to your VPC endpoint
// service.
RejectVpcEndpointConnections(ctx context.Context, params *RejectVpcEndpointConnectionsInput, optFns ...func(*Options)) (*RejectVpcEndpointConnectionsOutput, error)
// Rejects a VPC peering connection request. The VPC peering connection must be in
// the pending-acceptance state. Use the DescribeVpcPeeringConnections request to
// view your outstanding VPC peering connection requests. To delete an active VPC
// peering connection, or to delete a VPC peering connection request that you
// initiated, use DeleteVpcPeeringConnection.
RejectVpcPeeringConnection(ctx context.Context, params *RejectVpcPeeringConnectionInput, optFns ...func(*Options)) (*RejectVpcPeeringConnectionOutput, error)
// Releases the specified Elastic IP address. [EC2-Classic, default VPC] Releasing
// an Elastic IP address automatically disassociates it from any instance that it's
// associated with. To disassociate an Elastic IP address without releasing it, use
// DisassociateAddress. [Nondefault VPC] You must use DisassociateAddress to
// disassociate the Elastic IP address before you can release it. Otherwise, Amazon
// EC2 returns an error (InvalidIPAddress.InUse). After releasing an Elastic IP
// address, it is released to the IP address pool. Be sure to update your DNS
// records and any servers or devices that communicate with the address. If you
// attempt to release an Elastic IP address that you already released, you'll get
// an AuthFailure error if the address is already allocated to another Amazon Web
// Services account. [EC2-VPC] After you release an Elastic IP address for use in a
// VPC, you might be able to recover it. For more information, see AllocateAddress.
ReleaseAddress(ctx context.Context, params *ReleaseAddressInput, optFns ...func(*Options)) (*ReleaseAddressOutput, error)
// When you no longer want to use an On-Demand Dedicated Host it can be released.
// On-Demand billing is stopped and the host goes into released state. The host ID
// of Dedicated Hosts that have been released can no longer be specified in another
// request, for example, to modify the host. You must stop or terminate all
// instances on a host before it can be released. When Dedicated Hosts are
// released, it may take some time for them to stop counting toward your limit and
// you may receive capacity errors when trying to allocate new Dedicated Hosts.
// Wait a few minutes and then try again. Released hosts still appear in a
// DescribeHosts response.
ReleaseHosts(ctx context.Context, params *ReleaseHostsInput, optFns ...func(*Options)) (*ReleaseHostsOutput, error)
// Release an allocation within an IPAM pool. You can only use this action to
// release manual allocations. To remove an allocation for a resource without
// deleting the resource, set its monitored state to false using
// ModifyIpamResourceCidr
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html).
// For more information, see Release an allocation in the Amazon VPC IPAM User
// Guide.
ReleaseIpamPoolAllocation(ctx context.Context, params *ReleaseIpamPoolAllocationInput, optFns ...func(*Options)) (*ReleaseIpamPoolAllocationOutput, error)
// Replaces an IAM instance profile for the specified running instance. You can use
// this action to change the IAM instance profile that's associated with an
// instance without having to disassociate the existing IAM instance profile first.
// Use DescribeIamInstanceProfileAssociations to get the association ID.
ReplaceIamInstanceProfileAssociation(ctx context.Context, params *ReplaceIamInstanceProfileAssociationInput, optFns ...func(*Options)) (*ReplaceIamInstanceProfileAssociationOutput, error)
// Changes which network ACL a subnet is associated with. By default when you
// create a subnet, it's automatically associated with the default network ACL. For
// more information, see Network ACLs
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
// Virtual Private Cloud User Guide. This is an idempotent operation.
ReplaceNetworkAclAssociation(ctx context.Context, params *ReplaceNetworkAclAssociationInput, optFns ...func(*Options)) (*ReplaceNetworkAclAssociationOutput, error)
// Replaces an entry (rule) in a network ACL. For more information, see Network
// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the
// Amazon Virtual Private Cloud User Guide.
ReplaceNetworkAclEntry(ctx context.Context, params *ReplaceNetworkAclEntryInput, optFns ...func(*Options)) (*ReplaceNetworkAclEntryOutput, error)
// Replaces an existing route within a route table in a VPC. You must provide only
// one of the following: internet gateway, virtual private gateway, NAT instance,
// NAT gateway, VPC peering connection, network interface, egress-only internet
// gateway, or transit gateway. For more information, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
ReplaceRoute(ctx context.Context, params *ReplaceRouteInput, optFns ...func(*Options)) (*ReplaceRouteOutput, error)
// Changes the route table associated with a given subnet, internet gateway, or
// virtual private gateway in a VPC. After the operation completes, the subnet or
// gateway uses the routes in the new route table. For more information about route
// tables, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide. You can also use this operation to
// change which table is the main route table in the VPC. Specify the main route
// table's association ID and the route table ID of the new main route table.
ReplaceRouteTableAssociation(ctx context.Context, params *ReplaceRouteTableAssociationInput, optFns ...func(*Options)) (*ReplaceRouteTableAssociationOutput, error)
// Replaces the specified route in the specified transit gateway route table.
ReplaceTransitGatewayRoute(ctx context.Context, params *ReplaceTransitGatewayRouteInput, optFns ...func(*Options)) (*ReplaceTransitGatewayRouteOutput, error)
// Submits feedback about the status of an instance. The instance must be in the
// running state. If your experience with the instance differs from the instance
// status returned by DescribeInstanceStatus, use ReportInstanceStatus to report
// your experience with the instance. Amazon EC2 collects this information to
// improve the accuracy of status checks. Use of this action does not change the
// value returned by DescribeInstanceStatus.
ReportInstanceStatus(ctx context.Context, params *ReportInstanceStatusInput, optFns ...func(*Options)) (*ReportInstanceStatusOutput, error)
// Creates a Spot Fleet request. The Spot Fleet request specifies the total target
// capacity and the On-Demand target capacity. Amazon EC2 calculates the difference
// between the total capacity and On-Demand capacity, and launches the difference
// as Spot capacity. You can submit a single request that includes multiple launch
// specifications that vary by instance type, AMI, Availability Zone, or subnet. By
// default, the Spot Fleet requests Spot Instances in the Spot Instance pool where
// the price per unit is the lowest. Each launch specification can include its own
// instance weighting that reflects the value of the instance type to your
// application workload. Alternatively, you can specify that the Spot Fleet
// distribute the target capacity across the Spot pools included in its launch
// specifications. By ensuring that the Spot Instances in your Spot Fleet are in
// different Spot pools, you can improve the availability of your fleet. You can
// specify tags for the Spot Fleet request and instances launched by the fleet. You
// cannot tag other resource types in a Spot Fleet request because only the
// spot-fleet-request and instance resource types are supported. For more
// information, see Spot Fleet requests
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html)
// in the Amazon EC2 User Guide for Linux Instances.
RequestSpotFleet(ctx context.Context, params *RequestSpotFleetInput, optFns ...func(*Options)) (*RequestSpotFleetOutput, error)
// Creates a Spot Instance request. For more information, see Spot Instance
// requests
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html) in the
// Amazon EC2 User Guide for Linux Instances.
RequestSpotInstances(ctx context.Context, params *RequestSpotInstancesInput, optFns ...func(*Options)) (*RequestSpotInstancesOutput, error)
// Resets the attribute of the specified IP address. For requirements, see Using
// reverse DNS for email applications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
ResetAddressAttribute(ctx context.Context, params *ResetAddressAttributeInput, optFns ...func(*Options)) (*ResetAddressAttributeOutput, error)
// Resets the default KMS key for EBS encryption for your account in this Region to
// the Amazon Web Services managed KMS key for EBS. After resetting the default KMS
// key to the Amazon Web Services managed KMS key, you can continue to encrypt by a
// customer managed KMS key by specifying it when you create the volume. For more
// information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
ResetEbsDefaultKmsKeyId(ctx context.Context, params *ResetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ResetEbsDefaultKmsKeyIdOutput, error)
// Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its
// default value. You can only reset the load permission attribute.
ResetFpgaImageAttribute(ctx context.Context, params *ResetFpgaImageAttributeInput, optFns ...func(*Options)) (*ResetFpgaImageAttributeOutput, error)
// Resets an attribute of an AMI to its default value.
ResetImageAttribute(ctx context.Context, params *ResetImageAttributeInput, optFns ...func(*Options)) (*ResetImageAttributeOutput, error)
// Resets an attribute of an instance to its default value. To reset the kernel or
// ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck,
// the instance can be either running or stopped. The sourceDestCheck attribute
// controls whether source/destination checking is enabled. The default value is
// true, which means checking is enabled. This value must be false for a NAT
// instance to perform NAT. For more information, see NAT Instances
// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html)
// in the Amazon VPC User Guide.
ResetInstanceAttribute(ctx context.Context, params *ResetInstanceAttributeInput, optFns ...func(*Options)) (*ResetInstanceAttributeOutput, error)
// Resets a network interface attribute. You can specify only one attribute at a
// time.
ResetNetworkInterfaceAttribute(ctx context.Context, params *ResetNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ResetNetworkInterfaceAttributeOutput, error)
// Resets permission settings for the specified snapshot. For more information
// about modifying snapshot permissions, see Share a snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html)
// in the Amazon Elastic Compute Cloud User Guide.
ResetSnapshotAttribute(ctx context.Context, params *ResetSnapshotAttributeInput, optFns ...func(*Options)) (*ResetSnapshotAttributeOutput, error)
// Restores an Elastic IP address that was previously moved to the EC2-VPC platform
// back to the EC2-Classic platform. You cannot move an Elastic IP address that was
// originally allocated for use in EC2-VPC. The Elastic IP address must not be
// associated with an instance or network interface.
RestoreAddressToClassic(ctx context.Context, params *RestoreAddressToClassicInput, optFns ...func(*Options)) (*RestoreAddressToClassicOutput, error)
// Restores an AMI from the Recycle Bin. For more information, see Recycle Bin
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
// Amazon Elastic Compute Cloud User Guide.
RestoreImageFromRecycleBin(ctx context.Context, params *RestoreImageFromRecycleBinInput, optFns ...func(*Options)) (*RestoreImageFromRecycleBinOutput, error)
// Restores the entries from a previous version of a managed prefix list to a new
// version of the prefix list.
RestoreManagedPrefixListVersion(ctx context.Context, params *RestoreManagedPrefixListVersionInput, optFns ...func(*Options)) (*RestoreManagedPrefixListVersionOutput, error)
// Restores a snapshot from the Recycle Bin. For more information, see Restore
// snapshots from the Recycle Bin
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin-working-with-snaps.html#recycle-bin-restore-snaps)
// in the Amazon Elastic Compute Cloud User Guide.
RestoreSnapshotFromRecycleBin(ctx context.Context, params *RestoreSnapshotFromRecycleBinInput, optFns ...func(*Options)) (*RestoreSnapshotFromRecycleBinOutput, error)
// Restores an archived Amazon EBS snapshot for use temporarily or permanently, or
// modifies the restore period or restore type for a snapshot that was previously
// temporarily restored. For more information see Restore an archived snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#restore-archived-snapshot)
// and modify the restore period or restore type for a temporarily restored
// snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#modify-temp-restore-period)
// in the Amazon Elastic Compute Cloud User Guide.
RestoreSnapshotTier(ctx context.Context, params *RestoreSnapshotTierInput, optFns ...func(*Options)) (*RestoreSnapshotTierOutput, error)
// Removes an ingress authorization rule from a Client VPN endpoint.
RevokeClientVpnIngress(ctx context.Context, params *RevokeClientVpnIngressInput, optFns ...func(*Options)) (*RevokeClientVpnIngressOutput, error)
// [VPC only] Removes the specified outbound (egress) rules from a security group
// for EC2-VPC. This action does not apply to security groups for use in
// EC2-Classic. You can specify rules using either rule IDs or security group rule
// properties. If you use rule properties, the values that you specify (for
// example, ports) must match the existing rule's values exactly. Each rule has a
// protocol, from and to ports, and destination (CIDR range, security group, or
// prefix list). For the TCP and UDP protocols, you must also specify the
// destination port or range of ports. For the ICMP protocol, you must also specify
// the ICMP type and code. If the security group rule has a description, you do not
// need to specify the description to revoke the rule. [Default VPC] If the values
// you specify do not match the existing rule's values, no error is returned, and
// the output describes the security group rules that were not revoked. Amazon Web
// Services recommends that you describe the security group to verify that the
// rules were removed. Rule changes are propagated to instances within the security
// group as quickly as possible. However, a small delay might occur.
RevokeSecurityGroupEgress(ctx context.Context, params *RevokeSecurityGroupEgressInput, optFns ...func(*Options)) (*RevokeSecurityGroupEgressOutput, error)
// Removes the specified inbound (ingress) rules from a security group. You can
// specify rules using either rule IDs or security group rule properties. If you
// use rule properties, the values that you specify (for example, ports) must match
// the existing rule's values exactly. Each rule has a protocol, from and to ports,
// and source (CIDR range, security group, or prefix list). For the TCP and UDP
// protocols, you must also specify the destination port or range of ports. For the
// ICMP protocol, you must also specify the ICMP type and code. If the security
// group rule has a description, you do not need to specify the description to
// revoke the rule. [EC2-Classic, default VPC] If the values you specify do not
// match the existing rule's values, no error is returned, and the output describes
// the security group rules that were not revoked. Amazon Web Services recommends
// that you describe the security group to verify that the rules were removed. Rule
// changes are propagated to instances within the security group as quickly as
// possible. However, a small delay might occur.
RevokeSecurityGroupIngress(ctx context.Context, params *RevokeSecurityGroupIngressInput, optFns ...func(*Options)) (*RevokeSecurityGroupIngressOutput, error)
// Launches the specified number of instances using an AMI for which you have
// permissions. You can specify a number of options, or leave the default options.
// The following rules apply:
//
// * [EC2-VPC] If you don't specify a subnet ID, we
// choose a default subnet from your default VPC for you. If you don't have a
// default VPC, you must specify a subnet ID in the request.
//
// * [EC2-Classic] If
// don't specify an Availability Zone, we choose one for you.
//
// * Some instance
// types must be launched into a VPC. If you do not have a default VPC, or if you
// do not specify a subnet ID, the request fails. For more information, see
// Instance types available only in a VPC
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html#vpc-only-instance-types).
//
// *
// [EC2-VPC] All instances have a network interface with a primary private IPv4
// address. If you don't specify this address, we choose one from the IPv4 range of
// your subnet.
//
// * Not all instance types support IPv6 addresses. For more
// information, see Instance types
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html).
//
// * If
// you don't specify a security group ID, we use the default security group. For
// more information, see Security groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html).
//
// *
// If any of the AMIs have a product code attached for which the user has not
// subscribed, the request fails.
//
// You can create a launch template
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html),
// which is a resource that contains the parameters to launch an instance. When you
// launch an instance using RunInstances, you can specify the launch template
// instead of specifying the launch parameters. To ensure faster instance launches,
// break up large requests into smaller batches. For example, create five separate
// launch requests for 100 instances each instead of one launch request for 500
// instances. An instance is ready for you to use when it's in the running state.
// You can check the state of your instance using DescribeInstances. You can tag
// instances and EBS volumes during launch, after launch, or both. For more
// information, see CreateTags and Tagging your Amazon EC2 resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html). Linux
// instances have access to the public key of the key pair at boot. You can use
// this key to provide secure access to the instance. Amazon EC2 public images use
// this feature to provide secure access without passwords. For more information,
// see Key pairs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). For
// troubleshooting, see What to do if an instance immediately terminates
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html),
// and Troubleshooting connecting to your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html).
RunInstances(ctx context.Context, params *RunInstancesInput, optFns ...func(*Options)) (*RunInstancesOutput, error)
// Launches the specified Scheduled Instances. Before you can launch a Scheduled
// Instance, you must purchase it and obtain an identifier using
// PurchaseScheduledInstances. You must launch a Scheduled Instance during its
// scheduled time period. You can't stop or reboot a Scheduled Instance, but you
// can terminate it as needed. If you terminate a Scheduled Instance before the
// current scheduled time period ends, you can launch it again after a few minutes.
// For more information, see Scheduled Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html)
// in the Amazon EC2 User Guide.
RunScheduledInstances(ctx context.Context, params *RunScheduledInstancesInput, optFns ...func(*Options)) (*RunScheduledInstancesOutput, error)
// Searches for routes in the specified local gateway route table.
SearchLocalGatewayRoutes(ctx context.Context, params *SearchLocalGatewayRoutesInput, optFns ...func(*Options)) (*SearchLocalGatewayRoutesOutput, error)
// Searches one or more transit gateway multicast groups and returns the group
// membership information.
SearchTransitGatewayMulticastGroups(ctx context.Context, params *SearchTransitGatewayMulticastGroupsInput, optFns ...func(*Options)) (*SearchTransitGatewayMulticastGroupsOutput, error)
// Searches for routes in the specified transit gateway route table.
SearchTransitGatewayRoutes(ctx context.Context, params *SearchTransitGatewayRoutesInput, optFns ...func(*Options)) (*SearchTransitGatewayRoutesOutput, error)
// Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a
// kernel panic (on Linux instances), or a blue screen/stop error (on Windows
// instances). For instances based on Intel and AMD processors, the interrupt is
// received as a non-maskable interrupt (NMI). In general, the operating system
// crashes and reboots when a kernel panic or stop error is triggered. The
// operating system can also be configured to perform diagnostic tasks, such as
// generating a memory dump file, loading a secondary kernel, or obtaining a call
// trace. Before sending a diagnostic interrupt to your instance, ensure that its
// operating system is configured to perform the required diagnostic tasks. For
// more information about configuring your operating system to generate a crash
// dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt
// (for advanced users)
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/diagnostic-interrupt.html)
// (Linux instances) or Send a diagnostic interrupt (for advanced users)
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/diagnostic-interrupt.html)
// (Windows instances).
SendDiagnosticInterrupt(ctx context.Context, params *SendDiagnosticInterruptInput, optFns ...func(*Options)) (*SendDiagnosticInterruptOutput, error)
// Starts an Amazon EBS-backed instance that you've previously stopped. Instances
// that use Amazon EBS volumes as their root devices can be quickly stopped and
// started. When an instance is stopped, the compute resources are released and you
// are not billed for instance usage. However, your root partition Amazon EBS
// volume remains and continues to persist your data, and you are charged for
// Amazon EBS volume usage. You can restart your instance at any time. Every time
// you start your instance, Amazon EC2 charges a one-minute minimum for instance
// usage, and thereafter charges per second for instance usage. Before stopping an
// instance, make sure it is in a state from which it can be restarted. Stopping an
// instance does not preserve data stored in RAM. Performing this operation on an
// instance that uses an instance store as its root device returns an error. If you
// attempt to start a T3 instance with host tenancy and the unlimted CPU credit
// option, the request fails. The unlimited CPU credit option is not supported on
// Dedicated Hosts. Before you start the instance, either change its CPU credit
// option to standard, or change its tenancy to default or dedicated. For more
// information, see Stop and start your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html) in the
// Amazon EC2 User Guide.
StartInstances(ctx context.Context, params *StartInstancesInput, optFns ...func(*Options)) (*StartInstancesOutput, error)
// Starts analyzing the specified Network Access Scope.
StartNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *StartNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAccessScopeAnalysisOutput, error)
// Starts analyzing the specified path. If the path is reachable, the operation
// returns the shortest feasible path.
StartNetworkInsightsAnalysis(ctx context.Context, params *StartNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAnalysisOutput, error)
// Initiates the verification process to prove that the service provider owns the
// private DNS name domain for the endpoint service. The service provider must
// successfully perform the verification before the consumer can use the name to
// access the service. Before the service provider runs this command, they must add
// a record to the DNS server. For more information, see Adding a TXT Record to
// Your Domain's DNS Server
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html#add-dns-txt-record)
// in the Amazon VPC User Guide.
StartVpcEndpointServicePrivateDnsVerification(ctx context.Context, params *StartVpcEndpointServicePrivateDnsVerificationInput, optFns ...func(*Options)) (*StartVpcEndpointServicePrivateDnsVerificationOutput, error)
// Stops an Amazon EBS-backed instance. You can use the Stop action to hibernate an
// instance if the instance is enabled for hibernation
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#enabling-hibernation)
// and it meets the hibernation prerequisites
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites).
// For more information, see Hibernate your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) in the
// Amazon EC2 User Guide. We don't charge usage for a stopped instance, or data
// transfer fees; however, your root partition Amazon EBS volume remains and
// continues to persist your data, and you are charged for Amazon EBS volume usage.
// Every time you start your instance, Amazon EC2 charges a one-minute minimum for
// instance usage, and thereafter charges per second for instance usage. You can't
// stop or hibernate instance store-backed instances. You can't use the Stop action
// to hibernate Spot Instances, but you can specify that Amazon EC2 should
// hibernate Spot Instances when they are interrupted. For more information, see
// Hibernating interrupted Spot Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances)
// in the Amazon EC2 User Guide. When you stop or hibernate an instance, we shut it
// down. You can restart your instance at any time. Before stopping or hibernating
// an instance, make sure it is in a state from which it can be restarted. Stopping
// an instance does not preserve data stored in RAM, but hibernating an instance
// does preserve data stored in RAM. If an instance cannot hibernate successfully,
// a normal shutdown occurs. Stopping and hibernating an instance is different to
// rebooting or terminating it. For example, when you stop or hibernate an
// instance, the root device and any other devices attached to the instance
// persist. When you terminate an instance, the root device and any other devices
// attached during the instance launch are automatically deleted. For more
// information about the differences between rebooting, stopping, hibernating, and
// terminating instances, see Instance lifecycle
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
// in the Amazon EC2 User Guide. When you stop an instance, we attempt to shut it
// down forcibly after a short while. If your instance appears stuck in the
// stopping state after a period of time, there may be an issue with the underlying
// host computer. For more information, see Troubleshoot stopping your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesStopping.html)
// in the Amazon EC2 User Guide.
StopInstances(ctx context.Context, params *StopInstancesInput, optFns ...func(*Options)) (*StopInstancesOutput, error)
// Terminates active Client VPN endpoint connections. This action can be used to
// terminate a specific client connection, or up to five connections established by
// a specific user.
TerminateClientVpnConnections(ctx context.Context, params *TerminateClientVpnConnectionsInput, optFns ...func(*Options)) (*TerminateClientVpnConnectionsOutput, error)
// Shuts down the specified instances. This operation is idempotent; if you
// terminate an instance more than once, each call succeeds. If you specify
// multiple instances and the request fails (for example, because of a single
// incorrect instance ID), none of the instances are terminated. If you terminate
// multiple instances across multiple Availability Zones, and one or more of the
// specified instances are enabled for termination protection, the request fails
// with the following results:
//
// * The specified instances that are in the same
// Availability Zone as the protected instance are not terminated.
//
// * The specified
// instances that are in different Availability Zones, where no other specified
// instances are protected, are successfully terminated.
//
// For example, say you have
// the following instances:
//
// * Instance A: us-east-1a; Not protected
//
// * Instance B:
// us-east-1a; Not protected
//
// * Instance C: us-east-1b; Protected
//
// * Instance D:
// us-east-1b; not protected
//
// If you attempt to terminate all of these instances in
// the same request, the request reports failure with the following results:
//
// *
// Instance A and Instance B are successfully terminated because none of the
// specified instances in us-east-1a are enabled for termination protection.
//
// *
// Instance C and Instance D fail to terminate because at least one of the
// specified instances in us-east-1b (Instance C) is enabled for termination
// protection.
//
// Terminated instances remain visible after termination (for
// approximately one hour). By default, Amazon EC2 deletes all EBS volumes that
// were attached when the instance launched. Volumes attached after instance launch
// continue running. You can stop, start, and terminate EBS-backed instances. You
// can only terminate instance store-backed instances. What happens to an instance
// differs if you stop it or terminate it. For example, when you stop an instance,
// the root device and any other devices attached to the instance persist. When you
// terminate an instance, any attached EBS volumes with the DeleteOnTermination
// block device mapping parameter set to true are automatically deleted. For more
// information about the differences between stopping and terminating instances,
// see Instance lifecycle
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
// in the Amazon EC2 User Guide. For more information about troubleshooting, see
// Troubleshooting terminating your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesShuttingDown.html)
// in the Amazon EC2 User Guide.
TerminateInstances(ctx context.Context, params *TerminateInstancesInput, optFns ...func(*Options)) (*TerminateInstancesOutput, error)
// Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a
// network interface.
UnassignIpv6Addresses(ctx context.Context, params *UnassignIpv6AddressesInput, optFns ...func(*Options)) (*UnassignIpv6AddressesOutput, error)
// Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation
// prefixes from a network interface.
UnassignPrivateIpAddresses(ctx context.Context, params *UnassignPrivateIpAddressesInput, optFns ...func(*Options)) (*UnassignPrivateIpAddressesOutput, error)
// Disables detailed monitoring for a running instance. For more information, see
// Monitoring your instances and volumes
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in
// the Amazon EC2 User Guide.
UnmonitorInstances(ctx context.Context, params *UnmonitorInstancesInput, optFns ...func(*Options)) (*UnmonitorInstancesOutput, error)
// [VPC only] Updates the description of an egress (outbound) security group rule.
// You can replace an existing description, or add a description to a rule that did
// not have one previously. You can remove a description for a security group rule
// by omitting the description parameter in the request.
UpdateSecurityGroupRuleDescriptionsEgress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsEgressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsEgressOutput, error)
// Updates the description of an ingress (inbound) security group rule. You can
// replace an existing description, or add a description to a rule that did not
// have one previously. You can remove a description for a security group rule by
// omitting the description parameter in the request.
UpdateSecurityGroupRuleDescriptionsIngress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsIngressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsIngressOutput, error)
// Stops advertising an address range that is provisioned as an address pool. You
// can perform this operation at most once every 10 seconds, even if you specify
// different address ranges each time. It can take a few minutes before traffic to
// the specified addresses stops routing to Amazon Web Services because of BGP
// propagation delays.
WithdrawByoipCidr(ctx context.Context, params *WithdrawByoipCidrInput, optFns ...func(*Options)) (*WithdrawByoipCidrOutput, error)
}
EC2 provides an interface to the AWS EC2 service.
type EKS ¶ added in v0.98.0
type EKS interface {
// Associate encryption configuration to an existing cluster. You can use this API
// to enable encryption on existing clusters which do not have encryption already
// enabled. This allows you to implement a defense-in-depth security strategy
// without migrating applications to new Amazon EKS clusters.
AssociateEncryptionConfig(ctx context.Context, params *AssociateEncryptionConfigInput, optFns ...func(*Options)) (*AssociateEncryptionConfigOutput, error)
// Associate an identity provider configuration to a cluster. If you want to
// authenticate identities using an identity provider, you can create an identity
// provider configuration and associate it to your cluster. After configuring
// authentication to your cluster you can create Kubernetes roles and clusterroles
// to assign permissions to the roles, and then bind the roles to the identities
// using Kubernetes rolebindings and clusterrolebindings . For more information see
// Using RBAC Authorization (https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
// in the Kubernetes documentation.
AssociateIdentityProviderConfig(ctx context.Context, params *AssociateIdentityProviderConfigInput, optFns ...func(*Options)) (*AssociateIdentityProviderConfigOutput, error)
// Creates an Amazon EKS add-on. Amazon EKS add-ons help to automate the
// provisioning and lifecycle management of common operational software for Amazon
// EKS clusters. For more information, see Amazon EKS add-ons (https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html)
// in the Amazon EKS User Guide.
CreateAddon(ctx context.Context, params *CreateAddonInput, optFns ...func(*Options)) (*CreateAddonOutput, error)
// Creates an Amazon EKS control plane. The Amazon EKS control plane consists of
// control plane instances that run the Kubernetes software, such as etcd and the
// API server. The control plane runs in an account managed by Amazon Web Services,
// and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each
// Amazon EKS cluster control plane is single tenant and unique. It runs on its own
// set of Amazon EC2 instances. The cluster control plane is provisioned across
// multiple Availability Zones and fronted by an Elastic Load Balancing Network
// Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC
// subnets to provide connectivity from the control plane instances to the nodes
// (for example, to support kubectl exec , logs , and proxy data flows). Amazon
// EKS nodes run in your Amazon Web Services account and connect to your cluster's
// control plane over the Kubernetes API server endpoint and a certificate file
// that is created for your cluster. In most cases, it takes several minutes to
// create a cluster. After you create an Amazon EKS cluster, you must configure
// your Kubernetes tooling to communicate with the API server and launch nodes into
// your cluster. For more information, see Managing Cluster Authentication (https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html)
// and Launching Amazon EKS nodes (https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html)
// in the Amazon EKS User Guide.
CreateCluster(ctx context.Context, params *CreateClusterInput, optFns ...func(*Options)) (*CreateClusterOutput, error)
// Creates an Fargate profile for your Amazon EKS cluster. You must have at least
// one Fargate profile in a cluster to be able to run pods on Fargate. The Fargate
// profile allows an administrator to declare which pods run on Fargate and specify
// which pods run on which Fargate profile. This declaration is done through the
// profile’s selectors. Each profile can have up to five selectors that contain a
// namespace and labels. A namespace is required for every selector. The label
// field consists of multiple optional key-value pairs. Pods that match the
// selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the
// selectors in the Fargate profile, then that pod is run on Fargate. When you
// create a Fargate profile, you must specify a pod execution role to use with the
// pods that are scheduled with the profile. This role is added to the cluster's
// Kubernetes Role Based Access Control (https://kubernetes.io/docs/admin/authorization/rbac/)
// (RBAC) for authorization so that the kubelet that is running on the Fargate
// infrastructure can register with your Amazon EKS cluster so that it can appear
// in your cluster as a node. The pod execution role also provides IAM permissions
// to the Fargate infrastructure to allow read access to Amazon ECR image
// repositories. For more information, see Pod Execution Role (https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html)
// in the Amazon EKS User Guide. Fargate profiles are immutable. However, you can
// create a new updated profile to replace an existing profile and then delete the
// original after the updated profile has finished creating. If any Fargate
// profiles in a cluster are in the DELETING status, you must wait for that
// Fargate profile to finish deleting before you can create any other profiles in
// that cluster. For more information, see Fargate Profile (https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html)
// in the Amazon EKS User Guide.
CreateFargateProfile(ctx context.Context, params *CreateFargateProfileInput, optFns ...func(*Options)) (*CreateFargateProfileOutput, error)
// Creates a managed node group for an Amazon EKS cluster. You can only create a
// node group for your cluster that is equal to the current Kubernetes version for
// the cluster. All node groups are created with the latest AMI release version for
// the respective minor Kubernetes version of the cluster, unless you deploy a
// custom AMI using a launch template. For more information about using launch
// templates, see Launch template support (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html)
// . An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and
// associated Amazon EC2 instances that are managed by Amazon Web Services for an
// Amazon EKS cluster. For more information, see Managed node groups (https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html)
// in the Amazon EKS User Guide. Windows AMI types are only supported for
// commercial Regions that support Windows Amazon EKS.
CreateNodegroup(ctx context.Context, params *CreateNodegroupInput, optFns ...func(*Options)) (*CreateNodegroupOutput, error)
// Delete an Amazon EKS add-on. When you remove the add-on, it will also be
// deleted from the cluster. You can always manually start an add-on on the cluster
// using the Kubernetes API.
DeleteAddon(ctx context.Context, params *DeleteAddonInput, optFns ...func(*Options)) (*DeleteAddonOutput, error)
// Deletes the Amazon EKS cluster control plane. If you have active services in
// your cluster that are associated with a load balancer, you must delete those
// services before deleting the cluster so that the load balancers are deleted
// properly. Otherwise, you can have orphaned resources in your VPC that prevent
// you from being able to delete the VPC. For more information, see Deleting a
// Cluster (https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html)
// in the Amazon EKS User Guide. If you have managed node groups or Fargate
// profiles attached to the cluster, you must delete them first. For more
// information, see DeleteNodegroup and DeleteFargateProfile .
DeleteCluster(ctx context.Context, params *DeleteClusterInput, optFns ...func(*Options)) (*DeleteClusterOutput, error)
// Deletes an Fargate profile. When you delete a Fargate profile, any pods running
// on Fargate that were created with the profile are deleted. If those pods match
// another Fargate profile, then they are scheduled on Fargate with that profile.
// If they no longer match any Fargate profiles, then they are not scheduled on
// Fargate and they may remain in a pending state. Only one Fargate profile in a
// cluster can be in the DELETING status at a time. You must wait for a Fargate
// profile to finish deleting before you can delete any other profiles in that
// cluster.
DeleteFargateProfile(ctx context.Context, params *DeleteFargateProfileInput, optFns ...func(*Options)) (*DeleteFargateProfileOutput, error)
// Deletes an Amazon EKS node group for a cluster.
DeleteNodegroup(ctx context.Context, params *DeleteNodegroupInput, optFns ...func(*Options)) (*DeleteNodegroupOutput, error)
// Deregisters a connected cluster to remove it from the Amazon EKS control plane.
DeregisterCluster(ctx context.Context, params *DeregisterClusterInput, optFns ...func(*Options)) (*DeregisterClusterOutput, error)
// Describes an Amazon EKS add-on.
DescribeAddon(ctx context.Context, params *DescribeAddonInput, optFns ...func(*Options)) (*DescribeAddonOutput, error)
// Returns configuration options.
DescribeAddonConfiguration(ctx context.Context, params *DescribeAddonConfigurationInput, optFns ...func(*Options)) (*DescribeAddonConfigurationOutput, error)
// Describes the versions for an add-on. Information such as the Kubernetes
// versions that you can use the add-on with, the owner , publisher , and the type
// of the add-on are returned.
DescribeAddonVersions(ctx context.Context, params *DescribeAddonVersionsInput, optFns ...func(*Options)) (*DescribeAddonVersionsOutput, error)
// Returns descriptive information about an Amazon EKS cluster. The API server
// endpoint and certificate authority data returned by this operation are required
// for kubelet and kubectl to communicate with your Kubernetes API server. For
// more information, see Create a kubeconfig for Amazon EKS (https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html)
// . The API server endpoint and certificate authority data aren't available until
// the cluster reaches the ACTIVE state.
DescribeCluster(ctx context.Context, params *DescribeClusterInput, optFns ...func(*Options)) (*DescribeClusterOutput, error)
// Returns descriptive information about an Fargate profile.
DescribeFargateProfile(ctx context.Context, params *DescribeFargateProfileInput, optFns ...func(*Options)) (*DescribeFargateProfileOutput, error)
// Returns descriptive information about an identity provider configuration.
DescribeIdentityProviderConfig(ctx context.Context, params *DescribeIdentityProviderConfigInput, optFns ...func(*Options)) (*DescribeIdentityProviderConfigOutput, error)
// Returns descriptive information about an Amazon EKS node group.
DescribeNodegroup(ctx context.Context, params *DescribeNodegroupInput, optFns ...func(*Options)) (*DescribeNodegroupOutput, error)
// Returns descriptive information about an update against your Amazon EKS cluster
// or associated managed node group or Amazon EKS add-on. When the status of the
// update is Succeeded , the update is complete. If an update fails, the status is
// Failed , and an error detail explains the reason for the failure.
DescribeUpdate(ctx context.Context, params *DescribeUpdateInput, optFns ...func(*Options)) (*DescribeUpdateOutput, error)
// Disassociates an identity provider configuration from a cluster. If you
// disassociate an identity provider from your cluster, users included in the
// provider can no longer access the cluster. However, you can still access the
// cluster with Amazon Web Services IAM users.
DisassociateIdentityProviderConfig(ctx context.Context, params *DisassociateIdentityProviderConfigInput, optFns ...func(*Options)) (*DisassociateIdentityProviderConfigOutput, error)
// Lists the available add-ons.
ListAddons(ctx context.Context, params *ListAddonsInput, optFns ...func(*Options)) (*ListAddonsOutput, error)
// Lists the Amazon EKS clusters in your Amazon Web Services account in the
// specified Region.
ListClusters(ctx context.Context, params *ListClustersInput, optFns ...func(*Options)) (*ListClustersOutput, error)
// Lists the Fargate profiles associated with the specified cluster in your Amazon
// Web Services account in the specified Region.
ListFargateProfiles(ctx context.Context, params *ListFargateProfilesInput, optFns ...func(*Options)) (*ListFargateProfilesOutput, error)
// A list of identity provider configurations.
ListIdentityProviderConfigs(ctx context.Context, params *ListIdentityProviderConfigsInput, optFns ...func(*Options)) (*ListIdentityProviderConfigsOutput, error)
// Lists the Amazon EKS managed node groups associated with the specified cluster
// in your Amazon Web Services account in the specified Region. Self-managed node
// groups are not listed.
ListNodegroups(ctx context.Context, params *ListNodegroupsInput, optFns ...func(*Options)) (*ListNodegroupsOutput, error)
// List the tags for an Amazon EKS resource.
ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
// Lists the updates associated with an Amazon EKS cluster or managed node group
// in your Amazon Web Services account, in the specified Region.
ListUpdates(ctx context.Context, params *ListUpdatesInput, optFns ...func(*Options)) (*ListUpdatesOutput, error)
// Connects a Kubernetes cluster to the Amazon EKS control plane. Any Kubernetes
// cluster can be connected to the Amazon EKS control plane to view current
// information about the cluster and its nodes. Cluster connection requires two
// steps. First, send a RegisterClusterRequest to add it to the Amazon EKS control
// plane. Second, a Manifest (https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml)
// containing the activationID and activationCode must be applied to the
// Kubernetes cluster through it's native provider to provide visibility. After the
// Manifest is updated and applied, then the connected cluster is visible to the
// Amazon EKS control plane. If the Manifest is not applied within three days, then
// the connected cluster will no longer be visible and must be deregistered. See
// DeregisterCluster .
RegisterCluster(ctx context.Context, params *RegisterClusterInput, optFns ...func(*Options)) (*RegisterClusterOutput, error)
// Associates the specified tags to a resource with the specified resourceArn . If
// existing tags on a resource are not specified in the request parameters, they
// are not changed. When a resource is deleted, the tags associated with that
// resource are deleted as well. Tags that you create for Amazon EKS resources do
// not propagate to any other resources associated with the cluster. For example,
// if you tag a cluster with this operation, that tag does not automatically
// propagate to the subnets and nodes associated with the cluster.
TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
// Deletes specified tags from a resource.
UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
// Updates an Amazon EKS add-on.
UpdateAddon(ctx context.Context, params *UpdateAddonInput, optFns ...func(*Options)) (*UpdateAddonOutput, error)
// Updates an Amazon EKS cluster configuration. Your cluster continues to function
// during the update. The response output includes an update ID that you can use to
// track the status of your cluster update with the DescribeUpdate API operation.
// You can use this API operation to enable or disable exporting the Kubernetes
// control plane logs for your cluster to CloudWatch Logs. By default, cluster
// control plane logs aren't exported to CloudWatch Logs. For more information, see
// Amazon EKS Cluster Control Plane Logs (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)
// in the Amazon EKS User Guide . CloudWatch Logs ingestion, archive storage, and
// data scanning rates apply to exported control plane logs. For more information,
// see CloudWatch Pricing (http://aws.amazon.com/cloudwatch/pricing/) . You can
// also use this API operation to enable or disable public and private access to
// your cluster's Kubernetes API server endpoint. By default, public access is
// enabled, and private access is disabled. For more information, see Amazon EKS
// cluster endpoint access control (https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html)
// in the Amazon EKS User Guide . You can't update the subnets or security group
// IDs for an existing cluster. Cluster updates are asynchronous, and they should
// finish within a few minutes. During an update, the cluster status moves to
// UPDATING (this status transition is eventually consistent). When the update is
// complete (either Failed or Successful ), the cluster status moves to Active .
UpdateClusterConfig(ctx context.Context, params *UpdateClusterConfigInput, optFns ...func(*Options)) (*UpdateClusterConfigOutput, error)
// Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster
// continues to function during the update. The response output includes an update
// ID that you can use to track the status of your cluster update with the
// DescribeUpdate API operation. Cluster updates are asynchronous, and they should
// finish within a few minutes. During an update, the cluster status moves to
// UPDATING (this status transition is eventually consistent). When the update is
// complete (either Failed or Successful ), the cluster status moves to Active . If
// your cluster has managed node groups attached to it, all of your node groups’
// Kubernetes versions must match the cluster’s Kubernetes version in order to
// update the cluster to a new Kubernetes version.
UpdateClusterVersion(ctx context.Context, params *UpdateClusterVersionInput, optFns ...func(*Options)) (*UpdateClusterVersionOutput, error)
// Updates an Amazon EKS managed node group configuration. Your node group
// continues to function during the update. The response output includes an update
// ID that you can use to track the status of your node group update with the
// DescribeUpdate API operation. Currently you can update the Kubernetes labels for
// a node group or the scaling configuration.
UpdateNodegroupConfig(ctx context.Context, params *UpdateNodegroupConfigInput, optFns ...func(*Options)) (*UpdateNodegroupConfigOutput, error)
// Updates the Kubernetes version or AMI version of an Amazon EKS managed node
// group. You can update a node group using a launch template only if the node
// group was originally deployed with a launch template. If you need to update a
// custom AMI in a node group that was deployed with a launch template, then update
// your custom AMI, specify the new ID in a new version of the launch template, and
// then update the node group to the new version of the launch template. If you
// update without a launch template, then you can update to the latest available
// AMI version of a node group's current Kubernetes version by not specifying a
// Kubernetes version in the request. You can update to the latest AMI version of
// your cluster's current Kubernetes version by specifying your cluster's
// Kubernetes version in the request. For information about Linux versions, see
// Amazon EKS optimized Amazon Linux AMI versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html)
// in the Amazon EKS User Guide. For information about Windows versions, see
// Amazon EKS optimized Windows AMI versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html)
// in the Amazon EKS User Guide. You cannot roll back a node group to an earlier
// Kubernetes version or AMI version. When a node in a managed node group is
// terminated due to a scaling action or update, the pods in that node are drained
// first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is
// unable to do so. You can force the update if Amazon EKS is unable to drain the
// nodes as a result of a pod disruption budget issue.
UpdateNodegroupVersion(ctx context.Context, params *UpdateNodegroupVersionInput, optFns ...func(*Options)) (*UpdateNodegroupVersionOutput, error)
}
EKS provides an interface to the AWS EKS service.
type ELB ¶ added in v0.91.0
type ELB interface {
// Adds the specified tags to the specified load balancer. Each load balancer can
// have a maximum of 10 tags. Each tag consists of a key and an optional value. If
// a tag with the same key is already associated with the load balancer, AddTags
// updates its value. For more information, see Tag Your Classic Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/add-remove-tags.html)
// in the Classic Load Balancers Guide.
AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
// Associates one or more security groups with your load balancer in a virtual
// private cloud (VPC). The specified security groups override the previously
// associated security groups. For more information, see Security Groups for Load
// Balancers in a VPC (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-security-groups)
// in the Classic Load Balancers Guide.
ApplySecurityGroupsToLoadBalancer(ctx context.Context, params *ApplySecurityGroupsToLoadBalancerInput, optFns ...func(*Options)) (*ApplySecurityGroupsToLoadBalancerOutput, error)
// Adds one or more subnets to the set of configured subnets for the specified
// load balancer. The load balancer evenly distributes requests across all
// registered subnets. For more information, see Add or Remove Subnets for Your
// Load Balancer in a VPC (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html)
// in the Classic Load Balancers Guide.
AttachLoadBalancerToSubnets(ctx context.Context, params *AttachLoadBalancerToSubnetsInput, optFns ...func(*Options)) (*AttachLoadBalancerToSubnetsOutput, error)
// Specifies the health check settings to use when evaluating the health state of
// your EC2 instances. For more information, see Configure Health Checks for Your
// Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html)
// in the Classic Load Balancers Guide.
ConfigureHealthCheck(ctx context.Context, params *ConfigureHealthCheckInput, optFns ...func(*Options)) (*ConfigureHealthCheckOutput, error)
// Generates a stickiness policy with sticky session lifetimes that follow that of
// an application-generated cookie. This policy can be associated only with
// HTTP/HTTPS listeners. This policy is similar to the policy created by
// CreateLBCookieStickinessPolicy , except that the lifetime of the special Elastic
// Load Balancing cookie, AWSELB , follows the lifetime of the
// application-generated cookie specified in the policy configuration. The load
// balancer only inserts a new stickiness cookie when the application response
// includes a new application cookie. If the application cookie is explicitly
// removed or expires, the session stops being sticky until a new application
// cookie is issued. For more information, see Application-Controlled Session
// Stickiness (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application)
// in the Classic Load Balancers Guide.
CreateAppCookieStickinessPolicy(ctx context.Context, params *CreateAppCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateAppCookieStickinessPolicyOutput, error)
// Generates a stickiness policy with sticky session lifetimes controlled by the
// lifetime of the browser (user-agent) or a specified expiration period. This
// policy can be associated only with HTTP/HTTPS listeners. When a load balancer
// implements this policy, the load balancer uses a special cookie to track the
// instance for each request. When the load balancer receives a request, it first
// checks to see if this cookie is present in the request. If so, the load balancer
// sends the request to the application server specified in the cookie. If not, the
// load balancer sends the request to a server that is chosen based on the existing
// load-balancing algorithm. A cookie is inserted into the response for binding
// subsequent requests from the same user to that server. The validity of the
// cookie is based on the cookie expiration time, which is specified in the policy
// configuration. For more information, see Duration-Based Session Stickiness (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration)
// in the Classic Load Balancers Guide.
CreateLBCookieStickinessPolicy(ctx context.Context, params *CreateLBCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateLBCookieStickinessPolicyOutput, error)
// Creates a Classic Load Balancer. You can add listeners, security groups,
// subnets, and tags when you create your load balancer, or you can add them later
// using CreateLoadBalancerListeners , ApplySecurityGroupsToLoadBalancer ,
// AttachLoadBalancerToSubnets , and AddTags . To describe your current load
// balancers, see DescribeLoadBalancers . When you are finished with a load
// balancer, you can delete it using DeleteLoadBalancer . You can create up to 20
// load balancers per region per account. You can request an increase for the
// number of load balancers for your account. For more information, see Limits for
// Your Classic Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html)
// in the Classic Load Balancers Guide.
CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
// Creates one or more listeners for the specified load balancer. If a listener
// with the specified port does not already exist, it is created; otherwise, the
// properties of the new listener must match the properties of the existing
// listener. For more information, see Listeners for Your Classic Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html)
// in the Classic Load Balancers Guide.
CreateLoadBalancerListeners(ctx context.Context, params *CreateLoadBalancerListenersInput, optFns ...func(*Options)) (*CreateLoadBalancerListenersOutput, error)
// Creates a policy with the specified attributes for the specified load balancer.
// Policies are settings that are saved for your load balancer and that can be
// applied to the listener or the application server, depending on the policy type.
CreateLoadBalancerPolicy(ctx context.Context, params *CreateLoadBalancerPolicyInput, optFns ...func(*Options)) (*CreateLoadBalancerPolicyOutput, error)
// Deletes the specified load balancer. If you are attempting to recreate a load
// balancer, you must reconfigure all settings. The DNS name associated with a
// deleted load balancer are no longer usable. The name and associated DNS record
// of the deleted load balancer no longer exist and traffic sent to any of its IP
// addresses is no longer delivered to your instances. If the load balancer does
// not exist or has already been deleted, the call to DeleteLoadBalancer still
// succeeds.
DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
// Deletes the specified listeners from the specified load balancer.
DeleteLoadBalancerListeners(ctx context.Context, params *DeleteLoadBalancerListenersInput, optFns ...func(*Options)) (*DeleteLoadBalancerListenersOutput, error)
// Deletes the specified policy from the specified load balancer. This policy must
// not be enabled for any listeners.
DeleteLoadBalancerPolicy(ctx context.Context, params *DeleteLoadBalancerPolicyInput, optFns ...func(*Options)) (*DeleteLoadBalancerPolicyOutput, error)
// Deregisters the specified instances from the specified load balancer. After the
// instance is deregistered, it no longer receives traffic from the load balancer.
// You can use DescribeLoadBalancers to verify that the instance is deregistered
// from the load balancer. For more information, see Register or De-Register EC2
// Instances (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html)
// in the Classic Load Balancers Guide.
DeregisterInstancesFromLoadBalancer(ctx context.Context, params *DeregisterInstancesFromLoadBalancerInput, optFns ...func(*Options)) (*DeregisterInstancesFromLoadBalancerOutput, error)
// Describes the current Elastic Load Balancing resource limits for your AWS
// account. For more information, see Limits for Your Classic Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html)
// in the Classic Load Balancers Guide.
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Describes the state of the specified instances with respect to the specified
// load balancer. If no instances are specified, the call describes the state of
// all instances that are currently registered with the load balancer. If instances
// are specified, their state is returned even if they are no longer registered
// with the load balancer. The state of terminated instances is not returned.
DescribeInstanceHealth(ctx context.Context, params *DescribeInstanceHealthInput, optFns ...func(*Options)) (*DescribeInstanceHealthOutput, error)
// Describes the attributes for the specified load balancer.
DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
// Describes the specified policies. If you specify a load balancer name, the
// action returns the descriptions of all policies created for the load balancer.
// If you specify a policy name associated with your load balancer, the action
// returns the description of that policy. If you don't specify a load balancer
// name, the action returns descriptions of the specified sample policies, or
// descriptions of all sample policies. The names of the sample policies have the
// ELBSample- prefix.
DescribeLoadBalancerPolicies(ctx context.Context, params *DescribeLoadBalancerPoliciesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPoliciesOutput, error)
// Describes the specified load balancer policy types or all load balancer policy
// types. The description of each type indicates how it can be used. For example,
// some policies can be used only with layer 7 listeners, some policies can be used
// only with layer 4 listeners, and some policies can be used only with your EC2
// instances. You can use CreateLoadBalancerPolicy to create a policy
// configuration for any of these policy types. Then, depending on the policy type,
// use either SetLoadBalancerPoliciesOfListener or
// SetLoadBalancerPoliciesForBackendServer to set the policy.
DescribeLoadBalancerPolicyTypes(ctx context.Context, params *DescribeLoadBalancerPolicyTypesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPolicyTypesOutput, error)
// Describes the specified the load balancers. If no load balancers are specified,
// the call describes all of your load balancers.
DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
// Describes the tags associated with the specified load balancers.
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Removes the specified subnets from the set of configured subnets for the load
// balancer. After a subnet is removed, all EC2 instances registered with the load
// balancer in the removed subnet go into the OutOfService state. Then, the load
// balancer balances the traffic among the remaining routable subnets.
DetachLoadBalancerFromSubnets(ctx context.Context, params *DetachLoadBalancerFromSubnetsInput, optFns ...func(*Options)) (*DetachLoadBalancerFromSubnetsOutput, error)
// Removes the specified Availability Zones from the set of Availability Zones for
// the specified load balancer in EC2-Classic or a default VPC. For load balancers
// in a non-default VPC, use DetachLoadBalancerFromSubnets . There must be at least
// one Availability Zone registered with a load balancer at all times. After an
// Availability Zone is removed, all instances registered with the load balancer
// that are in the removed Availability Zone go into the OutOfService state. Then,
// the load balancer attempts to equally balance the traffic among its remaining
// Availability Zones. For more information, see Add or Remove Availability Zones (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html)
// in the Classic Load Balancers Guide.
DisableAvailabilityZonesForLoadBalancer(ctx context.Context, params *DisableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*DisableAvailabilityZonesForLoadBalancerOutput, error)
// Adds the specified Availability Zones to the set of Availability Zones for the
// specified load balancer in EC2-Classic or a default VPC. For load balancers in a
// non-default VPC, use AttachLoadBalancerToSubnets . The load balancer evenly
// distributes requests across all its registered Availability Zones that contain
// instances. For more information, see Add or Remove Availability Zones (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html)
// in the Classic Load Balancers Guide.
EnableAvailabilityZonesForLoadBalancer(ctx context.Context, params *EnableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*EnableAvailabilityZonesForLoadBalancerOutput, error)
// Modifies the attributes of the specified load balancer. You can modify the load
// balancer attributes, such as AccessLogs , ConnectionDraining , and
// CrossZoneLoadBalancing by either enabling or disabling them. Or, you can modify
// the load balancer attribute ConnectionSettings by specifying an idle connection
// timeout value for your load balancer. For more information, see the following in
// the Classic Load Balancers Guide:
// - Cross-Zone Load Balancing (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-crosszone-lb.html)
// - Connection Draining (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-conn-drain.html)
// - Access Logs (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html)
// - Idle Connection Timeout (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html)
ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
// Adds the specified instances to the specified load balancer. The instance must
// be a running instance in the same network as the load balancer (EC2-Classic or
// the same VPC). If you have EC2-Classic instances and a load balancer in a VPC
// with ClassicLink enabled, you can link the EC2-Classic instances to that VPC and
// then register the linked EC2-Classic instances with the load balancer in the
// VPC. Note that RegisterInstanceWithLoadBalancer completes when the request has
// been registered. Instance registration takes a little time to complete. To check
// the state of the registered instances, use DescribeLoadBalancers or
// DescribeInstanceHealth . After the instance is registered, it starts receiving
// traffic and requests from the load balancer. Any instance that is not in one of
// the Availability Zones registered for the load balancer is moved to the
// OutOfService state. If an Availability Zone is added to the load balancer later,
// any instances registered with the load balancer move to the InService state. To
// deregister instances from a load balancer, use
// DeregisterInstancesFromLoadBalancer . For more information, see Register or
// De-Register EC2 Instances (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html)
// in the Classic Load Balancers Guide.
RegisterInstancesWithLoadBalancer(ctx context.Context, params *RegisterInstancesWithLoadBalancerInput, optFns ...func(*Options)) (*RegisterInstancesWithLoadBalancerOutput, error)
// Removes one or more tags from the specified load balancer.
RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
// Sets the certificate that terminates the specified listener's SSL connections.
// The specified certificate replaces any prior certificate that was used on the
// same load balancer and port. For more information about updating your SSL
// certificate, see Replace the SSL Certificate for Your Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-update-ssl-cert.html)
// in the Classic Load Balancers Guide.
SetLoadBalancerListenerSSLCertificate(ctx context.Context, params *SetLoadBalancerListenerSSLCertificateInput, optFns ...func(*Options)) (*SetLoadBalancerListenerSSLCertificateOutput, error)
// Replaces the set of policies associated with the specified port on which the
// EC2 instance is listening with a new set of policies. At this time, only the
// back-end server authentication policy type can be applied to the instance ports;
// this policy type is composed of multiple public key policies. Each time you use
// SetLoadBalancerPoliciesForBackendServer to enable the policies, use the
// PolicyNames parameter to list the policies that you want to enable. You can use
// DescribeLoadBalancers or DescribeLoadBalancerPolicies to verify that the policy
// is associated with the EC2 instance. For more information about enabling
// back-end instance authentication, see Configure Back-end Instance Authentication (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html#configure_backendauth_clt)
// in the Classic Load Balancers Guide. For more information about Proxy Protocol,
// see Configure Proxy Protocol Support (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html)
// in the Classic Load Balancers Guide.
SetLoadBalancerPoliciesForBackendServer(ctx context.Context, params *SetLoadBalancerPoliciesForBackendServerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesForBackendServerOutput, error)
// Replaces the current set of policies for the specified load balancer port with
// the specified set of policies. To enable back-end server authentication, use
// SetLoadBalancerPoliciesForBackendServer . For more information about setting
// policies, see Update the SSL Negotiation Configuration (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-config-update.html)
// , Duration-Based Session Stickiness (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration)
// , and Application-Controlled Session Stickiness (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application)
// in the Classic Load Balancers Guide.
SetLoadBalancerPoliciesOfListener(ctx context.Context, params *SetLoadBalancerPoliciesOfListenerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesOfListenerOutput, error)
}
ELB provides an interface to the AWS ELB service.
type ELBV2 ¶ added in v0.91.0
type ELBV2 interface {
// Adds the specified SSL server certificate to the certificate list for the
// specified HTTPS or TLS listener. If the certificate in already in the
// certificate list, the call is successful but the certificate is not added again.
// For more information, see HTTPS listeners (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html)
// in the Application Load Balancers Guide or TLS listeners (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html)
// in the Network Load Balancers Guide.
AddListenerCertificates(ctx context.Context, params *AddListenerCertificatesInput, optFns ...func(*Options)) (*AddListenerCertificatesOutput, error)
// Adds the specified tags to the specified Elastic Load Balancing resource. You
// can tag your Application Load Balancers, Network Load Balancers, Gateway Load
// Balancers, target groups, listeners, and rules. Each tag consists of a key and
// an optional value. If a resource already has a tag with the same key, AddTags
// updates its value.
AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
// Creates a listener for the specified Application Load Balancer, Network Load
// Balancer, or Gateway Load Balancer. For more information, see the following:
// - Listeners for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html)
// - Listeners for your Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-listeners.html)
// - Listeners for your Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-listeners.html)
//
// This operation is idempotent, which means that it completes at most one time.
// If you attempt to create multiple listeners with the same settings, each call
// succeeds.
CreateListener(ctx context.Context, params *CreateListenerInput, optFns ...func(*Options)) (*CreateListenerOutput, error)
// Creates an Application Load Balancer, Network Load Balancer, or Gateway Load
// Balancer. For more information, see the following:
// - Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html)
// - Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html)
// - Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html)
//
// This operation is idempotent, which means that it completes at most one time.
// If you attempt to create multiple load balancers with the same settings, each
// call succeeds.
CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
// Creates a rule for the specified listener. The listener must be associated with
// an Application Load Balancer. Each rule consists of a priority, one or more
// actions, and one or more conditions. Rules are evaluated in priority order, from
// the lowest value to the highest value. When the conditions for a rule are met,
// its actions are performed. If the conditions for no rules are met, the actions
// for the default rule are performed. For more information, see Listener rules (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules)
// in the Application Load Balancers Guide.
CreateRule(ctx context.Context, params *CreateRuleInput, optFns ...func(*Options)) (*CreateRuleOutput, error)
// Creates a target group. For more information, see the following:
// - Target groups for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html)
// - Target groups for your Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html)
// - Target groups for your Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html)
//
// This operation is idempotent, which means that it completes at most one time.
// If you attempt to create multiple target groups with the same settings, each
// call succeeds.
CreateTargetGroup(ctx context.Context, params *CreateTargetGroupInput, optFns ...func(*Options)) (*CreateTargetGroupOutput, error)
// Deletes the specified listener. Alternatively, your listener is deleted when
// you delete the load balancer to which it is attached.
DeleteListener(ctx context.Context, params *DeleteListenerInput, optFns ...func(*Options)) (*DeleteListenerOutput, error)
// Deletes the specified Application Load Balancer, Network Load Balancer, or
// Gateway Load Balancer. Deleting a load balancer also deletes its listeners. You
// can't delete a load balancer if deletion protection is enabled. If the load
// balancer does not exist or has already been deleted, the call succeeds. Deleting
// a load balancer does not affect its registered targets. For example, your EC2
// instances continue to run and are still registered to their target groups. If
// you no longer need these EC2 instances, you can stop or terminate them.
DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
// Deletes the specified rule. You can't delete the default rule.
DeleteRule(ctx context.Context, params *DeleteRuleInput, optFns ...func(*Options)) (*DeleteRuleOutput, error)
// Deletes the specified target group. You can delete a target group if it is not
// referenced by any actions. Deleting a target group also deletes any associated
// health checks. Deleting a target group does not affect its registered targets.
// For example, any EC2 instances continue to run until you stop or terminate them.
DeleteTargetGroup(ctx context.Context, params *DeleteTargetGroupInput, optFns ...func(*Options)) (*DeleteTargetGroupOutput, error)
// Deregisters the specified targets from the specified target group. After the
// targets are deregistered, they no longer receive traffic from the load balancer.
DeregisterTargets(ctx context.Context, params *DeregisterTargetsInput, optFns ...func(*Options)) (*DeregisterTargetsOutput, error)
// Describes the current Elastic Load Balancing resource limits for your Amazon
// Web Services account. For more information, see the following:
// - Quotas for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html)
// - Quotas for your Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html)
// - Quotas for your Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html)
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Describes the default certificate and the certificate list for the specified
// HTTPS or TLS listener. If the default certificate is also in the certificate
// list, it appears twice in the results (once with IsDefault set to true and once
// with IsDefault set to false). For more information, see SSL certificates (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#https-listener-certificates)
// in the Application Load Balancers Guide or Server certificates (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificate)
// in the Network Load Balancers Guide.
DescribeListenerCertificates(ctx context.Context, params *DescribeListenerCertificatesInput, optFns ...func(*Options)) (*DescribeListenerCertificatesOutput, error)
// Describes the specified listeners or the listeners for the specified
// Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. You
// must specify either a load balancer or one or more listeners.
DescribeListeners(ctx context.Context, params *DescribeListenersInput, optFns ...func(*Options)) (*DescribeListenersOutput, error)
// Describes the attributes for the specified Application Load Balancer, Network
// Load Balancer, or Gateway Load Balancer. For more information, see the
// following:
// - Load balancer attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes)
// in the Application Load Balancers Guide
// - Load balancer attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#load-balancer-attributes)
// in the Network Load Balancers Guide
// - Load balancer attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html#load-balancer-attributes)
// in the Gateway Load Balancers Guide
DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
// Describes the specified load balancers or all of your load balancers.
DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
// Describes the specified rules or the rules for the specified listener. You must
// specify either a listener or one or more rules.
DescribeRules(ctx context.Context, params *DescribeRulesInput, optFns ...func(*Options)) (*DescribeRulesOutput, error)
// Describes the specified policies or all policies used for SSL negotiation. For
// more information, see Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies)
// in the Application Load Balancers Guide or Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies)
// in the Network Load Balancers Guide.
DescribeSSLPolicies(ctx context.Context, params *DescribeSSLPoliciesInput, optFns ...func(*Options)) (*DescribeSSLPoliciesOutput, error)
// Describes the tags for the specified Elastic Load Balancing resources. You can
// describe the tags for one or more Application Load Balancers, Network Load
// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Describes the attributes for the specified target group. For more information,
// see the following:
// - Target group attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-attributes)
// in the Application Load Balancers Guide
// - Target group attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#target-group-attributes)
// in the Network Load Balancers Guide
// - Target group attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#target-group-attributes)
// in the Gateway Load Balancers Guide
DescribeTargetGroupAttributes(ctx context.Context, params *DescribeTargetGroupAttributesInput, optFns ...func(*Options)) (*DescribeTargetGroupAttributesOutput, error)
// Describes the specified target groups or all of your target groups. By default,
// all target groups are described. Alternatively, you can specify one of the
// following to filter the results: the ARN of the load balancer, the names of one
// or more target groups, or the ARNs of one or more target groups.
DescribeTargetGroups(ctx context.Context, params *DescribeTargetGroupsInput, optFns ...func(*Options)) (*DescribeTargetGroupsOutput, error)
// Describes the health of the specified targets or all of your targets.
DescribeTargetHealth(ctx context.Context, params *DescribeTargetHealthInput, optFns ...func(*Options)) (*DescribeTargetHealthOutput, error)
// Replaces the specified properties of the specified listener. Any properties
// that you do not specify remain unchanged. Changing the protocol from HTTPS to
// HTTP, or from TLS to TCP, removes the security policy and default certificate
// properties. If you change the protocol from HTTP to HTTPS, or from TCP to TLS,
// you must add the security policy and default certificate properties. To add an
// item to a list, remove an item from a list, or update an item in a list, you
// must provide the entire list. For example, to add an action, specify a list with
// the current actions plus the new action.
ModifyListener(ctx context.Context, params *ModifyListenerInput, optFns ...func(*Options)) (*ModifyListenerOutput, error)
// Modifies the specified attributes of the specified Application Load Balancer,
// Network Load Balancer, or Gateway Load Balancer. If any of the specified
// attributes can't be modified as requested, the call fails. Any existing
// attributes that you do not modify retain their current values.
ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
// Replaces the specified properties of the specified rule. Any properties that
// you do not specify are unchanged. To add an item to a list, remove an item from
// a list, or update an item in a list, you must provide the entire list. For
// example, to add an action, specify a list with the current actions plus the new
// action.
ModifyRule(ctx context.Context, params *ModifyRuleInput, optFns ...func(*Options)) (*ModifyRuleOutput, error)
// Modifies the health checks used when evaluating the health state of the targets
// in the specified target group.
ModifyTargetGroup(ctx context.Context, params *ModifyTargetGroupInput, optFns ...func(*Options)) (*ModifyTargetGroupOutput, error)
// Modifies the specified attributes of the specified target group.
ModifyTargetGroupAttributes(ctx context.Context, params *ModifyTargetGroupAttributesInput, optFns ...func(*Options)) (*ModifyTargetGroupAttributesOutput, error)
// Registers the specified targets with the specified target group. If the target
// is an EC2 instance, it must be in the running state when you register it. By
// default, the load balancer routes requests to registered targets using the
// protocol and port for the target group. Alternatively, you can override the port
// for a target when you register it. You can register each EC2 instance or IP
// address with the same target group multiple times using different ports. With a
// Network Load Balancer, you cannot register instances by instance ID if they have
// the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1,
// HS1, M1, M2, M3, and T1. You can register instances of these types by IP
// address.
RegisterTargets(ctx context.Context, params *RegisterTargetsInput, optFns ...func(*Options)) (*RegisterTargetsOutput, error)
// Removes the specified certificate from the certificate list for the specified
// HTTPS or TLS listener.
RemoveListenerCertificates(ctx context.Context, params *RemoveListenerCertificatesInput, optFns ...func(*Options)) (*RemoveListenerCertificatesOutput, error)
// Removes the specified tags from the specified Elastic Load Balancing resources.
// You can remove the tags for one or more Application Load Balancers, Network Load
// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
// Sets the type of IP addresses used by the subnets of the specified load
// balancer.
SetIpAddressType(ctx context.Context, params *SetIpAddressTypeInput, optFns ...func(*Options)) (*SetIpAddressTypeOutput, error)
// Sets the priorities of the specified rules. You can reorder the rules as long
// as there are no priority conflicts in the new order. Any existing rules that you
// do not specify retain their current priority.
SetRulePriorities(ctx context.Context, params *SetRulePrioritiesInput, optFns ...func(*Options)) (*SetRulePrioritiesOutput, error)
// Associates the specified security groups with the specified Application Load
// Balancer. The specified security groups override the previously associated
// security groups. You can't specify a security group for a Network Load Balancer
// or Gateway Load Balancer.
SetSecurityGroups(ctx context.Context, params *SetSecurityGroupsInput, optFns ...func(*Options)) (*SetSecurityGroupsOutput, error)
// Enables the Availability Zones for the specified public subnets for the
// specified Application Load Balancer or Network Load Balancer. The specified
// subnets replace the previously enabled subnets. When you specify subnets for a
// Network Load Balancer, you must include all subnets that were enabled
// previously, with their existing configurations, plus any additional subnets.
SetSubnets(ctx context.Context, params *SetSubnetsInput, optFns ...func(*Options)) (*SetSubnetsOutput, error)
}
ELBV2 provides an interface to the AWS ELBV2 service.
type IAM ¶ added in v0.94.0
type IAM interface {
// Adds a new client ID (also known as audience) to the list of client IDs already
// registered for the specified IAM OpenID Connect (OIDC) provider resource. This
// operation is idempotent; it does not fail or return an error if you add an
// existing client ID to the provider.
AddClientIDToOpenIDConnectProvider(ctx context.Context, params *AddClientIDToOpenIDConnectProviderInput, optFns ...func(*Options)) (*AddClientIDToOpenIDConnectProviderOutput, error)
// Adds the specified IAM role to the specified instance profile. An instance
// profile can contain only one role, and this quota cannot be increased. You can
// remove the existing role and then add a different role to an instance profile.
// You must then wait for the change to appear across all of Amazon Web Services
// because of eventual consistency (https://en.wikipedia.org/wiki/Eventual_consistency)
// . To force the change, you must disassociate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html)
// and then associate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html)
// , or you can stop your instance and then restart it. The caller of this
// operation must be granted the PassRole permission on the IAM role by a
// permissions policy. For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html)
// . For more information about instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html)
// .
AddRoleToInstanceProfile(ctx context.Context, params *AddRoleToInstanceProfileInput, optFns ...func(*Options)) (*AddRoleToInstanceProfileOutput, error)
// Adds the specified user to the specified group.
AddUserToGroup(ctx context.Context, params *AddUserToGroupInput, optFns ...func(*Options)) (*AddUserToGroupOutput, error)
// Attaches the specified managed policy to the specified IAM group. You use this
// operation to attach a managed policy to a group. To embed an inline policy in a
// group, use PutGroupPolicy . As a best practice, you can validate your IAM
// policies. To learn more, see Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
// in the IAM User Guide. For more information about policies, see Managed
// policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
AttachGroupPolicy(ctx context.Context, params *AttachGroupPolicyInput, optFns ...func(*Options)) (*AttachGroupPolicyOutput, error)
// Attaches the specified managed policy to the specified IAM role. When you
// attach a managed policy to a role, the managed policy becomes part of the role's
// permission (access) policy. You cannot use a managed policy as the role's trust
// policy. The role's trust policy is created at the same time as the role, using
// CreateRole . You can update a role's trust policy using UpdateAssumeRolePolicy .
// Use this operation to attach a managed policy to a role. To embed an inline
// policy in a role, use PutRolePolicy . For more information about policies, see
// Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. As a best practice, you can validate your IAM policies.
// To learn more, see Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
// in the IAM User Guide.
AttachRolePolicy(ctx context.Context, params *AttachRolePolicyInput, optFns ...func(*Options)) (*AttachRolePolicyOutput, error)
// Attaches the specified managed policy to the specified user. You use this
// operation to attach a managed policy to a user. To embed an inline policy in a
// user, use PutUserPolicy . As a best practice, you can validate your IAM
// policies. To learn more, see Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
// in the IAM User Guide. For more information about policies, see Managed
// policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
AttachUserPolicy(ctx context.Context, params *AttachUserPolicyInput, optFns ...func(*Options)) (*AttachUserPolicyOutput, error)
// Changes the password of the IAM user who is calling this operation. This
// operation can be performed using the CLI, the Amazon Web Services API, or the My
// Security Credentials page in the Amazon Web Services Management Console. The
// Amazon Web Services account root user password is not affected by this
// operation. Use UpdateLoginProfile to use the CLI, the Amazon Web Services API,
// or the Users page in the IAM console to change the password for any IAM user.
// For more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the IAM User Guide.
ChangePassword(ctx context.Context, params *ChangePasswordInput, optFns ...func(*Options)) (*ChangePasswordOutput, error)
// Creates a new Amazon Web Services secret access key and corresponding Amazon
// Web Services access key ID for the specified user. The default status for new
// keys is Active . If you do not specify a user name, IAM determines the user name
// implicitly based on the Amazon Web Services access key ID signing the request.
// This operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials. This is true even if the Amazon Web Services account has
// no associated users. For information about quotas on the number of keys you can
// create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide. To ensure the security of your Amazon Web Services
// account, the secret access key is accessible only during key and user creation.
// You must save the key (for example, in a text file) if you want to be able to
// access it again. If a secret key is lost, you can delete the access keys for the
// associated user and then create new keys.
CreateAccessKey(ctx context.Context, params *CreateAccessKeyInput, optFns ...func(*Options)) (*CreateAccessKeyOutput, error)
// Creates an alias for your Amazon Web Services account. For information about
// using an Amazon Web Services account alias, see Using an alias for your Amazon
// Web Services account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the IAM User Guide.
CreateAccountAlias(ctx context.Context, params *CreateAccountAliasInput, optFns ...func(*Options)) (*CreateAccountAliasOutput, error)
// Creates a new group. For information about the number of groups you can create,
// see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
CreateGroup(ctx context.Context, params *CreateGroupInput, optFns ...func(*Options)) (*CreateGroupOutput, error)
// Creates a new instance profile. For information about instance profiles, see
// Using roles for applications on Amazon EC2 (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)
// in the IAM User Guide, and Instance profiles (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile)
// in the Amazon EC2 User Guide. For information about the number of instance
// profiles you can create, see IAM object quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
CreateInstanceProfile(ctx context.Context, params *CreateInstanceProfileInput, optFns ...func(*Options)) (*CreateInstanceProfileOutput, error)
// Creates a password for the specified IAM user. A password allows an IAM user to
// access Amazon Web Services services through the Amazon Web Services Management
// Console. You can use the CLI, the Amazon Web Services API, or the Users page in
// the IAM console to create a password for any IAM user. Use ChangePassword to
// update your own existing password in the My Security Credentials page in the
// Amazon Web Services Management Console. For more information about managing
// passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the IAM User Guide.
CreateLoginProfile(ctx context.Context, params *CreateLoginProfileInput, optFns ...func(*Options)) (*CreateLoginProfileOutput, error)
// Creates an IAM entity to describe an identity provider (IdP) that supports
// OpenID Connect (OIDC) (http://openid.net/connect/) . The OIDC provider that you
// create with this operation can be used as a principal in a role's trust policy.
// Such a policy establishes a trust relationship between Amazon Web Services and
// the OIDC provider. If you are using an OIDC identity provider from Google,
// Facebook, or Amazon Cognito, you don't need to create a separate IAM identity
// provider. These OIDC identity providers are already built-in to Amazon Web
// Services and are available for your use. Instead, you can move directly to
// creating new roles using your identity provider. To learn more, see Creating a
// role for web identity or OpenID connect federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html)
// in the IAM User Guide. When you create the IAM OIDC provider, you specify the
// following:
// - The URL of the OIDC identity provider (IdP) to trust
// - A list of client IDs (also known as audiences) that identify the
// application or applications allowed to authenticate using the OIDC provider
// - A list of tags that are attached to the specified IAM OIDC provider
// - A list of thumbprints of one or more server certificates that the IdP uses
//
// You get all of this information from the OIDC IdP you want to use to access
// Amazon Web Services. Amazon Web Services secures communication with some OIDC
// identity providers (IdPs) through our library of trusted certificate authorities
// (CAs) instead of using a certificate thumbprint to verify your IdP server
// certificate. These OIDC IdPs include Google, Auth0, and those that use an Amazon
// S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these cases, your
// legacy thumbprint remains in your configuration, but is no longer used for
// validation. The trust for the OIDC provider is derived from the IAM provider
// that this operation creates. Therefore, it is best to limit access to the
// CreateOpenIDConnectProvider operation to highly privileged users.
CreateOpenIDConnectProvider(ctx context.Context, params *CreateOpenIDConnectProviderInput, optFns ...func(*Options)) (*CreateOpenIDConnectProviderOutput, error)
// Creates a new managed policy for your Amazon Web Services account. This
// operation creates a policy version with a version identifier of v1 and sets v1
// as the policy's default version. For more information about policy versions, see
// Versioning for managed policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide. As a best practice, you can validate your IAM policies.
// To learn more, see Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
// in the IAM User Guide. For more information about managed policies in general,
// see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
CreatePolicy(ctx context.Context, params *CreatePolicyInput, optFns ...func(*Options)) (*CreatePolicyOutput, error)
// Creates a new version of the specified managed policy. To update a managed
// policy, you create a new policy version. A managed policy can have up to five
// versions. If the policy has five versions, you must delete an existing version
// using DeletePolicyVersion before you create a new version. Optionally, you can
// set the new version as the policy's default version. The default version is the
// version that is in effect for the IAM users, groups, and roles to which the
// policy is attached. For more information about managed policy versions, see
// Versioning for managed policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
CreatePolicyVersion(ctx context.Context, params *CreatePolicyVersionInput, optFns ...func(*Options)) (*CreatePolicyVersionOutput, error)
// Creates a new role for your Amazon Web Services account. For more information
// about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html)
// . For information about quotas for role names and the number of roles you can
// create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
CreateRole(ctx context.Context, params *CreateRoleInput, optFns ...func(*Options)) (*CreateRoleOutput, error)
// Creates an IAM resource that describes an identity provider (IdP) that supports
// SAML 2.0. The SAML provider resource that you create with this operation can be
// used as a principal in an IAM role's trust policy. Such a policy can enable
// federated users who sign in using the SAML IdP to assume the role. You can
// create an IAM role that supports Web-based single sign-on (SSO) to the Amazon
// Web Services Management Console or one that supports API access to Amazon Web
// Services. When you create the SAML provider resource, you upload a SAML metadata
// document that you get from your IdP. That document includes the issuer's name,
// expiration information, and keys that can be used to validate the SAML
// authentication response (assertions) that the IdP sends. You must generate the
// metadata document using the identity management software that is used as your
// organization's IdP. This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
// . For more information, see Enabling SAML 2.0 federated users to access the
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html)
// and About SAML 2.0-based federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
// in the IAM User Guide.
CreateSAMLProvider(ctx context.Context, params *CreateSAMLProviderInput, optFns ...func(*Options)) (*CreateSAMLProviderOutput, error)
// Creates an IAM role that is linked to a specific Amazon Web Services service.
// The service controls the attached policies and when the role can be deleted.
// This helps ensure that the service is not broken by an unexpectedly changed or
// deleted role, which could put your Amazon Web Services resources into an unknown
// state. Allowing the service to control the role helps improve service stability
// and proper cleanup when a service and its role are no longer needed. For more
// information, see Using service-linked roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
// in the IAM User Guide. To attach a policy to this service-linked role, you must
// make the request using the Amazon Web Services service that depends on this
// role.
CreateServiceLinkedRole(ctx context.Context, params *CreateServiceLinkedRoleInput, optFns ...func(*Options)) (*CreateServiceLinkedRoleOutput, error)
// Generates a set of credentials consisting of a user name and password that can
// be used to access the service specified in the request. These credentials are
// generated by IAM, and can be used only for the specified service. You can have a
// maximum of two sets of service-specific credentials for each supported service
// per user. You can create service-specific credentials for CodeCommit and Amazon
// Keyspaces (for Apache Cassandra). You can reset the password to a new
// service-generated value by calling ResetServiceSpecificCredential . For more
// information about service-specific credentials, see Using IAM with CodeCommit:
// Git credentials, SSH keys, and Amazon Web Services access keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html)
// in the IAM User Guide.
CreateServiceSpecificCredential(ctx context.Context, params *CreateServiceSpecificCredentialInput, optFns ...func(*Options)) (*CreateServiceSpecificCredentialOutput, error)
// Creates a new IAM user for your Amazon Web Services account. For information
// about quotas for the number of IAM users you can create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
CreateUser(ctx context.Context, params *CreateUserInput, optFns ...func(*Options)) (*CreateUserOutput, error)
// Creates a new virtual MFA device for the Amazon Web Services account. After
// creating the virtual MFA, use EnableMFADevice to attach the MFA device to an
// IAM user. For more information about creating and working with virtual MFA
// devices, see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the IAM User Guide. For information about the maximum number of MFA devices
// you can create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide. The seed information contained in the QR code and the
// Base32 string should be treated like any other secret access information. In
// other words, protect the seed information as you would your Amazon Web Services
// access keys or your passwords. After you provision your virtual device, you
// should ensure that the information is destroyed following secure procedures.
CreateVirtualMFADevice(ctx context.Context, params *CreateVirtualMFADeviceInput, optFns ...func(*Options)) (*CreateVirtualMFADeviceOutput, error)
// Deactivates the specified MFA device and removes it from association with the
// user name for which it was originally enabled. For more information about
// creating and working with virtual MFA devices, see Enabling a virtual
// multi-factor authentication (MFA) device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the IAM User Guide.
DeactivateMFADevice(ctx context.Context, params *DeactivateMFADeviceInput, optFns ...func(*Options)) (*DeactivateMFADeviceOutput, error)
// Deletes the access key pair associated with the specified IAM user. If you do
// not specify a user name, IAM determines the user name implicitly based on the
// Amazon Web Services access key ID signing the request. This operation works for
// access keys under the Amazon Web Services account. Consequently, you can use
// this operation to manage Amazon Web Services account root user credentials even
// if the Amazon Web Services account has no associated users.
DeleteAccessKey(ctx context.Context, params *DeleteAccessKeyInput, optFns ...func(*Options)) (*DeleteAccessKeyOutput, error)
// Deletes the specified Amazon Web Services account alias. For information about
// using an Amazon Web Services account alias, see Using an alias for your Amazon
// Web Services account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the IAM User Guide.
DeleteAccountAlias(ctx context.Context, params *DeleteAccountAliasInput, optFns ...func(*Options)) (*DeleteAccountAliasOutput, error)
// Deletes the password policy for the Amazon Web Services account. There are no
// parameters.
DeleteAccountPasswordPolicy(ctx context.Context, params *DeleteAccountPasswordPolicyInput, optFns ...func(*Options)) (*DeleteAccountPasswordPolicyOutput, error)
// Deletes the specified IAM group. The group must not contain any users or have
// any attached policies.
DeleteGroup(ctx context.Context, params *DeleteGroupInput, optFns ...func(*Options)) (*DeleteGroupOutput, error)
// Deletes the specified inline policy that is embedded in the specified IAM
// group. A group can also have managed policies attached to it. To detach a
// managed policy from a group, use DetachGroupPolicy . For more information about
// policies, refer to Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
DeleteGroupPolicy(ctx context.Context, params *DeleteGroupPolicyInput, optFns ...func(*Options)) (*DeleteGroupPolicyOutput, error)
// Deletes the specified instance profile. The instance profile must not have an
// associated role. Make sure that you do not have any Amazon EC2 instances running
// with the instance profile you are about to delete. Deleting a role or instance
// profile that is associated with a running instance will break any applications
// running on the instance. For more information about instance profiles, see
// About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html)
// .
DeleteInstanceProfile(ctx context.Context, params *DeleteInstanceProfileInput, optFns ...func(*Options)) (*DeleteInstanceProfileOutput, error)
// Deletes the password for the specified IAM user, For more information, see
// Managing passwords for IAM users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html)
// . You can use the CLI, the Amazon Web Services API, or the Users page in the IAM
// console to delete a password for any IAM user. You can use ChangePassword to
// update, but not delete, your own password in the My Security Credentials page in
// the Amazon Web Services Management Console. Deleting a user's password does not
// prevent a user from accessing Amazon Web Services through the command line
// interface or the API. To prevent all user access, you must also either make any
// access keys inactive or delete them. For more information about making keys
// inactive or deleting them, see UpdateAccessKey and DeleteAccessKey .
DeleteLoginProfile(ctx context.Context, params *DeleteLoginProfileInput, optFns ...func(*Options)) (*DeleteLoginProfileOutput, error)
// Deletes an OpenID Connect identity provider (IdP) resource object in IAM.
// Deleting an IAM OIDC provider resource does not update any roles that reference
// the provider as a principal in their trust policies. Any attempt to assume a
// role that references a deleted provider fails. This operation is idempotent; it
// does not fail or return an error if you call the operation for a provider that
// does not exist.
DeleteOpenIDConnectProvider(ctx context.Context, params *DeleteOpenIDConnectProviderInput, optFns ...func(*Options)) (*DeleteOpenIDConnectProviderOutput, error)
// Deletes the specified managed policy. Before you can delete a managed policy,
// you must first detach the policy from all users, groups, and roles that it is
// attached to. In addition, you must delete all the policy's versions. The
// following steps describe the process for deleting a managed policy:
// - Detach the policy from all users, groups, and roles that the policy is
// attached to, using DetachUserPolicy , DetachGroupPolicy , or DetachRolePolicy
// . To list all the users, groups, and roles that a policy is attached to, use
// ListEntitiesForPolicy .
// - Delete all versions of the policy using DeletePolicyVersion . To list the
// policy's versions, use ListPolicyVersions . You cannot use DeletePolicyVersion
// to delete the version that is marked as the default version. You delete the
// policy's default version in the next step of the process.
// - Delete the policy (this automatically deletes the policy's default version)
// using this operation.
//
// For information about managed policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error)
// Deletes the specified version from the specified managed policy. You cannot
// delete the default version from a policy using this operation. To delete the
// default version from a policy, use DeletePolicy . To find out which version of a
// policy is marked as the default version, use ListPolicyVersions . For
// information about versions for managed policies, see Versioning for managed
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
DeletePolicyVersion(ctx context.Context, params *DeletePolicyVersionInput, optFns ...func(*Options)) (*DeletePolicyVersionOutput, error)
// Deletes the specified role. Unlike the Amazon Web Services Management Console,
// when you delete a role programmatically, you must delete the items attached to
// the role manually, or the deletion fails. For more information, see Deleting an
// IAM role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli)
// . Before attempting to delete a role, remove the following attached items:
// - Inline policies ( DeleteRolePolicy )
// - Attached managed policies ( DetachRolePolicy )
// - Instance profile ( RemoveRoleFromInstanceProfile )
// - Optional – Delete instance profile after detaching from role for resource
// clean up ( DeleteInstanceProfile )
//
// Make sure that you do not have any Amazon EC2 instances running with the role
// you are about to delete. Deleting a role or instance profile that is associated
// with a running instance will break any applications running on the instance.
DeleteRole(ctx context.Context, params *DeleteRoleInput, optFns ...func(*Options)) (*DeleteRoleOutput, error)
// Deletes the permissions boundary for the specified IAM role. You cannot set the
// boundary for a service-linked role. Deleting the permissions boundary for a role
// might increase its permissions. For example, it might allow anyone who assumes
// the role to perform all the actions granted in its permissions policies.
DeleteRolePermissionsBoundary(ctx context.Context, params *DeleteRolePermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteRolePermissionsBoundaryOutput, error)
// Deletes the specified inline policy that is embedded in the specified IAM role.
// A role can also have managed policies attached to it. To detach a managed policy
// from a role, use DetachRolePolicy . For more information about policies, refer
// to Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
DeleteRolePolicy(ctx context.Context, params *DeleteRolePolicyInput, optFns ...func(*Options)) (*DeleteRolePolicyOutput, error)
// Deletes a SAML provider resource in IAM. Deleting the provider resource from
// IAM does not update any roles that reference the SAML provider resource's ARN as
// a principal in their trust policies. Any attempt to assume a role that
// references a non-existent provider resource ARN fails. This operation requires
// Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
// .
DeleteSAMLProvider(ctx context.Context, params *DeleteSAMLProviderInput, optFns ...func(*Options)) (*DeleteSAMLProviderOutput, error)
// Deletes the specified SSH public key. The SSH public key deleted by this
// operation is used only for authenticating the associated IAM user to an
// CodeCommit repository. For more information about using SSH keys to authenticate
// to an CodeCommit repository, see Set up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide.
DeleteSSHPublicKey(ctx context.Context, params *DeleteSSHPublicKeyInput, optFns ...func(*Options)) (*DeleteSSHPublicKeyOutput, error)
// Deletes the specified server certificate. For more information about working
// with server certificates, see Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic also includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM. If you
// are using a server certificate with Elastic Load Balancing, deleting the
// certificate could have implications for your application. If Elastic Load
// Balancing doesn't detect the deletion of bound certificates, it may continue to
// use the certificates. This could cause Elastic Load Balancing to stop accepting
// traffic. We recommend that you remove the reference to the certificate from
// Elastic Load Balancing before using this command to delete the certificate. For
// more information, see DeleteLoadBalancerListeners (https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html)
// in the Elastic Load Balancing API Reference.
DeleteServerCertificate(ctx context.Context, params *DeleteServerCertificateInput, optFns ...func(*Options)) (*DeleteServerCertificateOutput, error)
// Submits a service-linked role deletion request and returns a DeletionTaskId ,
// which you can use to check the status of the deletion. Before you call this
// operation, confirm that the role has no active sessions and that any resources
// used by the role in the linked service are deleted. If you call this operation
// more than once for the same service-linked role and an earlier deletion task is
// not complete, then the DeletionTaskId of the earlier request is returned. If
// you submit a deletion request for a service-linked role whose linked service is
// still accessing a resource, then the deletion task fails. If it fails, the
// GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure,
// usually including the resources that must be deleted. To delete the
// service-linked role, you must first remove those resources from the linked
// service and then submit the deletion request again. Resources are specific to
// the service that is linked to the role. For more information about removing
// resources from a service, see the Amazon Web Services documentation (http://docs.aws.amazon.com/)
// for your service. For more information about service-linked roles, see Roles
// terms and concepts: Amazon Web Services service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role)
// in the IAM User Guide.
DeleteServiceLinkedRole(ctx context.Context, params *DeleteServiceLinkedRoleInput, optFns ...func(*Options)) (*DeleteServiceLinkedRoleOutput, error)
// Deletes the specified service-specific credential.
DeleteServiceSpecificCredential(ctx context.Context, params *DeleteServiceSpecificCredentialInput, optFns ...func(*Options)) (*DeleteServiceSpecificCredentialOutput, error)
// Deletes a signing certificate associated with the specified IAM user. If you do
// not specify a user name, IAM determines the user name implicitly based on the
// Amazon Web Services access key ID signing the request. This operation works for
// access keys under the Amazon Web Services account. Consequently, you can use
// this operation to manage Amazon Web Services account root user credentials even
// if the Amazon Web Services account has no associated IAM users.
DeleteSigningCertificate(ctx context.Context, params *DeleteSigningCertificateInput, optFns ...func(*Options)) (*DeleteSigningCertificateOutput, error)
// Deletes the specified IAM user. Unlike the Amazon Web Services Management
// Console, when you delete a user programmatically, you must delete the items
// attached to the user manually, or the deletion fails. For more information, see
// Deleting an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli)
// . Before attempting to delete a user, remove the following items:
// - Password ( DeleteLoginProfile )
// - Access keys ( DeleteAccessKey )
// - Signing certificate ( DeleteSigningCertificate )
// - SSH public key ( DeleteSSHPublicKey )
// - Git credentials ( DeleteServiceSpecificCredential )
// - Multi-factor authentication (MFA) device ( DeactivateMFADevice ,
// DeleteVirtualMFADevice )
// - Inline policies ( DeleteUserPolicy )
// - Attached managed policies ( DetachUserPolicy )
// - Group memberships ( RemoveUserFromGroup )
DeleteUser(ctx context.Context, params *DeleteUserInput, optFns ...func(*Options)) (*DeleteUserOutput, error)
// Deletes the permissions boundary for the specified IAM user. Deleting the
// permissions boundary for a user might increase its permissions by allowing the
// user to perform all the actions granted in its permissions policies.
DeleteUserPermissionsBoundary(ctx context.Context, params *DeleteUserPermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteUserPermissionsBoundaryOutput, error)
// Deletes the specified inline policy that is embedded in the specified IAM user.
// A user can also have managed policies attached to it. To detach a managed policy
// from a user, use DetachUserPolicy . For more information about policies, refer
// to Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
DeleteUserPolicy(ctx context.Context, params *DeleteUserPolicyInput, optFns ...func(*Options)) (*DeleteUserPolicyOutput, error)
// Deletes a virtual MFA device. You must deactivate a user's virtual MFA device
// before you can delete it. For information about deactivating MFA devices, see
// DeactivateMFADevice .
DeleteVirtualMFADevice(ctx context.Context, params *DeleteVirtualMFADeviceInput, optFns ...func(*Options)) (*DeleteVirtualMFADeviceOutput, error)
// Removes the specified managed policy from the specified IAM group. A group can
// also have inline policies embedded with it. To delete an inline policy, use
// DeleteGroupPolicy . For information about policies, see Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
DetachGroupPolicy(ctx context.Context, params *DetachGroupPolicyInput, optFns ...func(*Options)) (*DetachGroupPolicyOutput, error)
// Removes the specified managed policy from the specified role. A role can also
// have inline policies embedded with it. To delete an inline policy, use
// DeleteRolePolicy . For information about policies, see Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
DetachRolePolicy(ctx context.Context, params *DetachRolePolicyInput, optFns ...func(*Options)) (*DetachRolePolicyOutput, error)
// Removes the specified managed policy from the specified user. A user can also
// have inline policies embedded with it. To delete an inline policy, use
// DeleteUserPolicy . For information about policies, see Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
DetachUserPolicy(ctx context.Context, params *DetachUserPolicyInput, optFns ...func(*Options)) (*DetachUserPolicyOutput, error)
// Enables the specified MFA device and associates it with the specified IAM user.
// When enabled, the MFA device is required for every subsequent login by the IAM
// user associated with the device.
EnableMFADevice(ctx context.Context, params *EnableMFADeviceInput, optFns ...func(*Options)) (*EnableMFADeviceOutput, error)
// Generates a credential report for the Amazon Web Services account. For more
// information about the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
// in the IAM User Guide.
GenerateCredentialReport(ctx context.Context, params *GenerateCredentialReportInput, optFns ...func(*Options)) (*GenerateCredentialReportOutput, error)
// Generates a report for service last accessed data for Organizations. You can
// generate a report for any entities (organization root, organizational unit, or
// account) or policies in your organization. To call this operation, you must be
// signed in using your Organizations management account credentials. You can use
// your long-term IAM user or root user credentials, or temporary credentials from
// assuming an IAM role. SCPs must be enabled for your organization root. You must
// have the required IAM and Organizations permissions. For more information, see
// Refining permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide. You can generate a service last accessed data report for
// entities by specifying only the entity's path. This data includes a list of
// services that are allowed by any service control policies (SCPs) that apply to
// the entity. You can generate a service last accessed data report for a policy by
// specifying an entity's path and an optional Organizations policy ID. This data
// includes a list of services that are allowed by the specified SCP. For each
// service in both report types, the data includes the most recent account activity
// that the policy allows to account principals in the entity or the entity's
// children. For important information about the data, reporting period,
// permissions required, troubleshooting, and supported Regions see Reducing
// permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide. The data includes all attempts to access Amazon Web
// Services, not just the successful ones. This includes all attempts that were
// made using the Amazon Web Services Management Console, the Amazon Web Services
// API through any of the SDKs, or any of the command line tools. An unexpected
// entry in the service last accessed data does not mean that an account has been
// compromised, because the request might have been denied. Refer to your
// CloudTrail logs as the authoritative source for information about all API calls
// and whether they were successful or denied access. For more information, see
// Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
// in the IAM User Guide. This operation returns a JobId . Use this parameter in
// the GetOrganizationsAccessReport operation to check the status of the report
// generation. To check the status of this request, use the JobId parameter in the
// GetOrganizationsAccessReport operation and test the JobStatus response
// parameter. When the job is complete, you can retrieve the report. To generate a
// service last accessed data report for entities, specify an entity path without
// specifying the optional Organizations policy ID. The type of entity that you
// specify determines the data returned in the report.
// - Root – When you specify the organizations root as the entity, the resulting
// report lists all of the services allowed by SCPs that are attached to your root.
// For each service, the report includes data for all accounts in your organization
// except the management account, because the management account is not limited by
// SCPs.
// - OU – When you specify an organizational unit (OU) as the entity, the
// resulting report lists all of the services allowed by SCPs that are attached to
// the OU and its parents. For each service, the report includes data for all
// accounts in the OU or its children. This data excludes the management account,
// because the management account is not limited by SCPs.
// - management account – When you specify the management account, the resulting
// report lists all Amazon Web Services services, because the management account is
// not limited by SCPs. For each service, the report includes data for only the
// management account.
// - Account – When you specify another account as the entity, the resulting
// report lists all of the services allowed by SCPs that are attached to the
// account and its parents. For each service, the report includes data for only the
// specified account.
//
// To generate a service last accessed data report for policies, specify an entity
// path and the optional Organizations policy ID. The type of entity that you
// specify determines the data returned for each service.
// - Root – When you specify the root entity and a policy ID, the resulting
// report lists all of the services that are allowed by the specified SCP. For each
// service, the report includes data for all accounts in your organization to which
// the SCP applies. This data excludes the management account, because the
// management account is not limited by SCPs. If the SCP is not attached to any
// entities in the organization, then the report will return a list of services
// with no data.
// - OU – When you specify an OU entity and a policy ID, the resulting report
// lists all of the services that are allowed by the specified SCP. For each
// service, the report includes data for all accounts in the OU or its children to
// which the SCP applies. This means that other accounts outside the OU that are
// affected by the SCP might not be included in the data. This data excludes the
// management account, because the management account is not limited by SCPs. If
// the SCP is not attached to the OU or one of its children, the report will return
// a list of services with no data.
// - management account – When you specify the management account, the resulting
// report lists all Amazon Web Services services, because the management account is
// not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is
// ignored. For each service, the report includes data for only the management
// account.
// - Account – When you specify another account entity and a policy ID, the
// resulting report lists all of the services that are allowed by the specified
// SCP. For each service, the report includes data for only the specified account.
// This means that other accounts in the organization that are affected by the SCP
// might not be included in the data. If the SCP is not attached to the account,
// the report will return a list of services with no data.
//
// Service last accessed data does not use other policy types when determining
// whether a principal could access a service. These other policy types include
// identity-based policies, resource-based policies, access control lists, IAM
// permissions boundaries, and STS assume role policies. It only applies SCP logic.
// For more about the evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide. For more information about service last accessed data,
// see Reducing policy scope by viewing user activity (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
GenerateOrganizationsAccessReport(ctx context.Context, params *GenerateOrganizationsAccessReportInput, optFns ...func(*Options)) (*GenerateOrganizationsAccessReportOutput, error)
// Generates a report that includes details about when an IAM resource (user,
// group, role, or policy) was last used in an attempt to access Amazon Web
// Services services. Recent activity usually appears within four hours. IAM
// reports activity for at least the last 400 days, or less if your Region began
// supporting this feature within the last year. For more information, see Regions
// where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period)
// . The service last accessed data includes all attempts to access an Amazon Web
// Services API, not just the successful ones. This includes all attempts that were
// made using the Amazon Web Services Management Console, the Amazon Web Services
// API through any of the SDKs, or any of the command line tools. An unexpected
// entry in the service last accessed data does not mean that your account has been
// compromised, because the request might have been denied. Refer to your
// CloudTrail logs as the authoritative source for information about all API calls
// and whether they were successful or denied access. For more information, see
// Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
// in the IAM User Guide. The GenerateServiceLastAccessedDetails operation returns
// a JobId . Use this parameter in the following operations to retrieve the
// following details from your report:
// - GetServiceLastAccessedDetails – Use this operation for users, groups, roles,
// or policies to list every Amazon Web Services service that the resource could
// access using permissions policies. For each service, the response includes
// information about the most recent access attempt. The JobId returned by
// GenerateServiceLastAccessedDetail must be used by the same role within a
// session, or by the same user when used to call GetServiceLastAccessedDetail .
// - GetServiceLastAccessedDetailsWithEntities – Use this operation for groups
// and policies to list information about the associated entities (users or roles)
// that attempted to access a specific Amazon Web Services service.
//
// To check the status of the GenerateServiceLastAccessedDetails request, use the
// JobId parameter in the same operations and test the JobStatus response
// parameter. For additional information about the permissions policies that allow
// an identity (user, group, or role) to access specific services, use the
// ListPoliciesGrantingServiceAccess operation. Service last accessed data does not
// use other policy types when determining whether a resource could access a
// service. These other policy types include resource-based policies, access
// control lists, Organizations policies, IAM permissions boundaries, and STS
// assume role policies. It only applies permissions policy logic. For more about
// the evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide. For more information about service and action last
// accessed data, see Reducing permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
GenerateServiceLastAccessedDetails(ctx context.Context, params *GenerateServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GenerateServiceLastAccessedDetailsOutput, error)
// Retrieves information about when the specified access key was last used. The
// information includes the date and time of last use, along with the Amazon Web
// Services service and Region that were specified in the last request made with
// that key.
GetAccessKeyLastUsed(ctx context.Context, params *GetAccessKeyLastUsedInput, optFns ...func(*Options)) (*GetAccessKeyLastUsedOutput, error)
// Retrieves information about all IAM users, groups, roles, and policies in your
// Amazon Web Services account, including their relationships to one another. Use
// this operation to obtain a snapshot of the configuration of IAM permissions
// (users, groups, roles, and policies) in your account. Policies returned by this
// operation are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986)
// . You can use a URL decoding method to convert the policy back to plain JSON
// text. For example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality. You can optionally filter the results using the
// Filter parameter. You can paginate the results using the MaxItems and Marker
// parameters.
GetAccountAuthorizationDetails(ctx context.Context, params *GetAccountAuthorizationDetailsInput, optFns ...func(*Options)) (*GetAccountAuthorizationDetailsOutput, error)
// Retrieves the password policy for the Amazon Web Services account. This tells
// you the complexity requirements and mandatory rotation periods for the IAM user
// passwords in your account. For more information about using a password policy,
// see Managing an IAM password policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html)
// .
GetAccountPasswordPolicy(ctx context.Context, params *GetAccountPasswordPolicyInput, optFns ...func(*Options)) (*GetAccountPasswordPolicyOutput, error)
// Retrieves information about IAM entity usage and IAM quotas in the Amazon Web
// Services account. For information about IAM quotas, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
GetAccountSummary(ctx context.Context, params *GetAccountSummaryInput, optFns ...func(*Options)) (*GetAccountSummaryOutput, error)
// Gets a list of all of the context keys referenced in the input policies. The
// policies are supplied as a list of one or more strings. To get the context keys
// from policies associated with an IAM user, group, or role, use
// GetContextKeysForPrincipalPolicy . Context keys are variables maintained by
// Amazon Web Services and its services that provide details about the context of
// an API query request. Context keys can be evaluated by testing against a value
// specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand
// what key names and values you must supply when you call SimulateCustomPolicy .
// Note that all parameters are shown in unencoded form here for clarity but must
// be URL encoded to be included as a part of a real HTML request.
GetContextKeysForCustomPolicy(ctx context.Context, params *GetContextKeysForCustomPolicyInput, optFns ...func(*Options)) (*GetContextKeysForCustomPolicyOutput, error)
// Gets a list of all of the context keys referenced in all the IAM policies that
// are attached to the specified IAM entity. The entity can be an IAM user, group,
// or role. If you specify a user, then the request also includes all of the
// policies attached to groups that the user is a member of. You can optionally
// include a list of one or more additional policies, specified as strings. If you
// want to include only a list of policies by string, use
// GetContextKeysForCustomPolicy instead. Note: This operation discloses
// information about the permissions granted to other users. If you do not want
// users to see other user's permissions, then consider allowing them to use
// GetContextKeysForCustomPolicy instead. Context keys are variables maintained by
// Amazon Web Services and its services that provide details about the context of
// an API query request. Context keys can be evaluated by testing against a value
// in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key
// names and values you must supply when you call SimulatePrincipalPolicy .
GetContextKeysForPrincipalPolicy(ctx context.Context, params *GetContextKeysForPrincipalPolicyInput, optFns ...func(*Options)) (*GetContextKeysForPrincipalPolicyOutput, error)
// Retrieves a credential report for the Amazon Web Services account. For more
// information about the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
// in the IAM User Guide.
GetCredentialReport(ctx context.Context, params *GetCredentialReportInput, optFns ...func(*Options)) (*GetCredentialReportOutput, error)
// Returns a list of IAM users that are in the specified IAM group. You can
// paginate the results using the MaxItems and Marker parameters.
GetGroup(ctx context.Context, params *GetGroupInput, optFns ...func(*Options)) (*GetGroupOutput, error)
// Retrieves the specified inline policy document that is embedded in the
// specified IAM group. Policies returned by this operation are URL-encoded
// compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) . You can use a
// URL decoding method to convert the policy back to plain JSON text. For example,
// if you use Java, you can use the decode method of the java.net.URLDecoder
// utility class in the Java SDK. Other languages and SDKs provide similar
// functionality. An IAM group can also have managed policies attached to it. To
// retrieve a managed policy document that is attached to a group, use GetPolicy
// to determine the policy's default version, then use GetPolicyVersion to
// retrieve the policy document. For more information about policies, see Managed
// policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
GetGroupPolicy(ctx context.Context, params *GetGroupPolicyInput, optFns ...func(*Options)) (*GetGroupPolicyOutput, error)
// Retrieves information about the specified instance profile, including the
// instance profile's path, GUID, ARN, and role. For more information about
// instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html)
// in the IAM User Guide.
GetInstanceProfile(ctx context.Context, params *GetInstanceProfileInput, optFns ...func(*Options)) (*GetInstanceProfileOutput, error)
// Retrieves the user name for the specified IAM user. A login profile is created
// when you create a password for the user to access the Amazon Web Services
// Management Console. If the user does not exist or does not have a password, the
// operation returns a 404 ( NoSuchEntity ) error. If you create an IAM user with
// access to the console, the CreateDate reflects the date you created the initial
// password for the user. If you create an IAM user with programmatic access, and
// then later add a password for the user to access the Amazon Web Services
// Management Console, the CreateDate reflects the initial password creation date.
// A user with programmatic access does not have a login profile unless you create
// a password for the user to access the Amazon Web Services Management Console.
GetLoginProfile(ctx context.Context, params *GetLoginProfileInput, optFns ...func(*Options)) (*GetLoginProfileOutput, error)
// Returns information about the specified OpenID Connect (OIDC) provider resource
// object in IAM.
GetOpenIDConnectProvider(ctx context.Context, params *GetOpenIDConnectProviderInput, optFns ...func(*Options)) (*GetOpenIDConnectProviderOutput, error)
// Retrieves the service last accessed data report for Organizations that was
// previously generated using the GenerateOrganizationsAccessReport operation.
// This operation retrieves the status of your report job and the report contents.
// Depending on the parameters that you passed when you generated the report, the
// data returned could include different information. For details, see
// GenerateOrganizationsAccessReport . To call this operation, you must be signed
// in to the management account in your organization. SCPs must be enabled for your
// organization root. You must have permissions to perform this operation. For more
// information, see Refining permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide. For each service that principals in an account (root
// user, IAM users, or IAM roles) could access using SCPs, the operation returns
// details about the most recent access attempt. If there was no attempt, the
// service is listed without details about the most recent attempt to access the
// service. If the operation fails, it returns the reason that it failed. By
// default, the list is sorted by service namespace.
GetOrganizationsAccessReport(ctx context.Context, params *GetOrganizationsAccessReportInput, optFns ...func(*Options)) (*GetOrganizationsAccessReportOutput, error)
// Retrieves information about the specified managed policy, including the
// policy's default version and the total number of IAM users, groups, and roles to
// which the policy is attached. To retrieve the list of the specific users,
// groups, and roles that the policy is attached to, use ListEntitiesForPolicy .
// This operation returns metadata about the policy. To retrieve the actual policy
// document for a specific version of the policy, use GetPolicyVersion . This
// operation retrieves information about managed policies. To retrieve information
// about an inline policy that is embedded with an IAM user, group, or role, use
// GetUserPolicy , GetGroupPolicy , or GetRolePolicy . For more information about
// policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
GetPolicy(ctx context.Context, params *GetPolicyInput, optFns ...func(*Options)) (*GetPolicyOutput, error)
// Retrieves information about the specified version of the specified managed
// policy, including the policy document. Policies returned by this operation are
// URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) . You
// can use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality. To list the available versions for a policy, use
// ListPolicyVersions . This operation retrieves information about managed
// policies. To retrieve information about an inline policy that is embedded in a
// user, group, or role, use GetUserPolicy , GetGroupPolicy , or GetRolePolicy .
// For more information about the types of policies, see Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. For more information about managed policy versions, see
// Versioning for managed policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
GetPolicyVersion(ctx context.Context, params *GetPolicyVersionInput, optFns ...func(*Options)) (*GetPolicyVersionOutput, error)
// Retrieves information about the specified role, including the role's path,
// GUID, ARN, and the role's trust policy that grants permission to assume the
// role. For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html)
// . Policies returned by this operation are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986)
// . You can use a URL decoding method to convert the policy back to plain JSON
// text. For example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
GetRole(ctx context.Context, params *GetRoleInput, optFns ...func(*Options)) (*GetRoleOutput, error)
// Retrieves the specified inline policy document that is embedded with the
// specified IAM role. Policies returned by this operation are URL-encoded
// compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) . You can use a
// URL decoding method to convert the policy back to plain JSON text. For example,
// if you use Java, you can use the decode method of the java.net.URLDecoder
// utility class in the Java SDK. Other languages and SDKs provide similar
// functionality. An IAM role can also have managed policies attached to it. To
// retrieve a managed policy document that is attached to a role, use GetPolicy to
// determine the policy's default version, then use GetPolicyVersion to retrieve
// the policy document. For more information about policies, see Managed policies
// and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. For more information about roles, see Using roles to
// delegate permissions and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html)
// .
GetRolePolicy(ctx context.Context, params *GetRolePolicyInput, optFns ...func(*Options)) (*GetRolePolicyOutput, error)
// Returns the SAML provider metadocument that was uploaded when the IAM SAML
// provider resource object was created or updated. This operation requires
// Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
// .
GetSAMLProvider(ctx context.Context, params *GetSAMLProviderInput, optFns ...func(*Options)) (*GetSAMLProviderOutput, error)
// Retrieves the specified SSH public key, including metadata about the key. The
// SSH public key retrieved by this operation is used only for authenticating the
// associated IAM user to an CodeCommit repository. For more information about
// using SSH keys to authenticate to an CodeCommit repository, see Set up
// CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide.
GetSSHPublicKey(ctx context.Context, params *GetSSHPublicKeyInput, optFns ...func(*Options)) (*GetSSHPublicKeyOutput, error)
// Retrieves information about the specified server certificate stored in IAM. For
// more information about working with server certificates, see Working with
// server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM.
GetServerCertificate(ctx context.Context, params *GetServerCertificateInput, optFns ...func(*Options)) (*GetServerCertificateOutput, error)
// Retrieves a service last accessed report that was created using the
// GenerateServiceLastAccessedDetails operation. You can use the JobId parameter
// in GetServiceLastAccessedDetails to retrieve the status of your report job.
// When the report is complete, you can retrieve the generated report. The report
// includes a list of Amazon Web Services services that the resource (user, group,
// role, or managed policy) can access. Service last accessed data does not use
// other policy types when determining whether a resource could access a service.
// These other policy types include resource-based policies, access control lists,
// Organizations policies, IAM permissions boundaries, and STS assume role
// policies. It only applies permissions policy logic. For more about the
// evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide. For each service that the resource could access using
// permissions policies, the operation returns details about the most recent access
// attempt. If there was no attempt, the service is listed without details about
// the most recent attempt to access the service. If the operation fails, the
// GetServiceLastAccessedDetails operation returns the reason that it failed. The
// GetServiceLastAccessedDetails operation returns a list of services. This list
// includes the number of entities that have attempted to access the service and
// the date and time of the last attempt. It also returns the ARN of the following
// entity, depending on the resource ARN that you used to generate the report:
// - User – Returns the user ARN that you used to generate the report
// - Group – Returns the ARN of the group member (user) that last attempted to
// access the service
// - Role – Returns the role ARN that you used to generate the report
// - Policy – Returns the ARN of the user or role that last used the policy to
// attempt to access the service
//
// By default, the list is sorted by service namespace. If you specified
// ACTION_LEVEL granularity when you generated the report, this operation returns
// service and action last accessed data. This includes the most recent access
// attempt for each tracked action within a service. Otherwise, this operation
// returns only service data. For more information about service and action last
// accessed data, see Reducing permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
GetServiceLastAccessedDetails(ctx context.Context, params *GetServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsOutput, error)
// After you generate a group or policy report using the
// GenerateServiceLastAccessedDetails operation, you can use the JobId parameter
// in GetServiceLastAccessedDetailsWithEntities . This operation retrieves the
// status of your report job and a list of entities that could have used group or
// policy permissions to access the specified service.
// - Group – For a group report, this operation returns a list of users in the
// group that could have used the group’s policies in an attempt to access the
// service.
// - Policy – For a policy report, this operation returns a list of entities
// (users or roles) that could have used the policy in an attempt to access the
// service.
//
// You can also use this operation for user or role reports to retrieve details
// about those entities. If the operation fails, the
// GetServiceLastAccessedDetailsWithEntities operation returns the reason that it
// failed. By default, the list of associated entities is sorted by date, with the
// most recent access listed first.
GetServiceLastAccessedDetailsWithEntities(ctx context.Context, params *GetServiceLastAccessedDetailsWithEntitiesInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsWithEntitiesOutput, error)
// Retrieves the status of your service-linked role deletion. After you use
// DeleteServiceLinkedRole to submit a service-linked role for deletion, you can
// use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus to check
// the status of the deletion. If the deletion fails, this operation returns the
// reason that it failed, if that information is returned by the service.
GetServiceLinkedRoleDeletionStatus(ctx context.Context, params *GetServiceLinkedRoleDeletionStatusInput, optFns ...func(*Options)) (*GetServiceLinkedRoleDeletionStatusOutput, error)
// Retrieves information about the specified IAM user, including the user's
// creation date, path, unique ID, and ARN. If you do not specify a user name, IAM
// determines the user name implicitly based on the Amazon Web Services access key
// ID used to sign the request to this operation.
GetUser(ctx context.Context, params *GetUserInput, optFns ...func(*Options)) (*GetUserOutput, error)
// Retrieves the specified inline policy document that is embedded in the
// specified IAM user. Policies returned by this operation are URL-encoded
// compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) . You can use a
// URL decoding method to convert the policy back to plain JSON text. For example,
// if you use Java, you can use the decode method of the java.net.URLDecoder
// utility class in the Java SDK. Other languages and SDKs provide similar
// functionality. An IAM user can also have managed policies attached to it. To
// retrieve a managed policy document that is attached to a user, use GetPolicy to
// determine the policy's default version. Then use GetPolicyVersion to retrieve
// the policy document. For more information about policies, see Managed policies
// and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
GetUserPolicy(ctx context.Context, params *GetUserPolicyInput, optFns ...func(*Options)) (*GetUserPolicyOutput, error)
// Returns information about the access key IDs associated with the specified IAM
// user. If there is none, the operation returns an empty list. Although each user
// is limited to a small number of keys, you can still paginate the results using
// the MaxItems and Marker parameters. If the UserName is not specified, the user
// name is determined implicitly based on the Amazon Web Services access key ID
// used to sign the request. If a temporary access key is used, then UserName is
// required. If a long-term key is assigned to the user, then UserName is not
// required. This operation works for access keys under the Amazon Web Services
// account. Consequently, you can use this operation to manage Amazon Web Services
// account root user credentials even if the Amazon Web Services account has no
// associated users. To ensure the security of your Amazon Web Services account,
// the secret access key is accessible only during key and user creation.
ListAccessKeys(ctx context.Context, params *ListAccessKeysInput, optFns ...func(*Options)) (*ListAccessKeysOutput, error)
// Lists the account alias associated with the Amazon Web Services account (Note:
// you can have only one). For information about using an Amazon Web Services
// account alias, see Using an alias for your Amazon Web Services account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the IAM User Guide.
ListAccountAliases(ctx context.Context, params *ListAccountAliasesInput, optFns ...func(*Options)) (*ListAccountAliasesOutput, error)
// Lists all managed policies that are attached to the specified IAM group. An IAM
// group can also have inline policies embedded with it. To list the inline
// policies for a group, use ListGroupPolicies . For information about policies,
// see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. You can paginate the results using the MaxItems and
// Marker parameters. You can use the PathPrefix parameter to limit the list of
// policies to only those matching the specified path prefix. If there are no
// policies attached to the specified group (or none that match the specified path
// prefix), the operation returns an empty list.
ListAttachedGroupPolicies(ctx context.Context, params *ListAttachedGroupPoliciesInput, optFns ...func(*Options)) (*ListAttachedGroupPoliciesOutput, error)
// Lists all managed policies that are attached to the specified IAM role. An IAM
// role can also have inline policies embedded with it. To list the inline policies
// for a role, use ListRolePolicies . For information about policies, see Managed
// policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. You can paginate the results using the MaxItems and
// Marker parameters. You can use the PathPrefix parameter to limit the list of
// policies to only those matching the specified path prefix. If there are no
// policies attached to the specified role (or none that match the specified path
// prefix), the operation returns an empty list.
ListAttachedRolePolicies(ctx context.Context, params *ListAttachedRolePoliciesInput, optFns ...func(*Options)) (*ListAttachedRolePoliciesOutput, error)
// Lists all managed policies that are attached to the specified IAM user. An IAM
// user can also have inline policies embedded with it. To list the inline policies
// for a user, use ListUserPolicies . For information about policies, see Managed
// policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. You can paginate the results using the MaxItems and
// Marker parameters. You can use the PathPrefix parameter to limit the list of
// policies to only those matching the specified path prefix. If there are no
// policies attached to the specified group (or none that match the specified path
// prefix), the operation returns an empty list.
ListAttachedUserPolicies(ctx context.Context, params *ListAttachedUserPoliciesInput, optFns ...func(*Options)) (*ListAttachedUserPoliciesOutput, error)
// Lists all IAM users, groups, and roles that the specified managed policy is
// attached to. You can use the optional EntityFilter parameter to limit the
// results to a particular type of entity (users, groups, or roles). For example,
// to list only the roles that are attached to the specified policy, set
// EntityFilter to Role . You can paginate the results using the MaxItems and
// Marker parameters.
ListEntitiesForPolicy(ctx context.Context, params *ListEntitiesForPolicyInput, optFns ...func(*Options)) (*ListEntitiesForPolicyOutput, error)
// Lists the names of the inline policies that are embedded in the specified IAM
// group. An IAM group can also have managed policies attached to it. To list the
// managed policies that are attached to a group, use ListAttachedGroupPolicies .
// For more information about policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. You can paginate the results using the MaxItems and
// Marker parameters. If there are no inline policies embedded with the specified
// group, the operation returns an empty list.
ListGroupPolicies(ctx context.Context, params *ListGroupPoliciesInput, optFns ...func(*Options)) (*ListGroupPoliciesOutput, error)
// Lists the IAM groups that have the specified path prefix. You can paginate the
// results using the MaxItems and Marker parameters.
ListGroups(ctx context.Context, params *ListGroupsInput, optFns ...func(*Options)) (*ListGroupsOutput, error)
// Lists the IAM groups that the specified IAM user belongs to. You can paginate
// the results using the MaxItems and Marker parameters.
ListGroupsForUser(ctx context.Context, params *ListGroupsForUserInput, optFns ...func(*Options)) (*ListGroupsForUserOutput, error)
// Lists the tags that are attached to the specified IAM instance profile. The
// returned list of tags is sorted by tag key. For more information about tagging,
// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
ListInstanceProfileTags(ctx context.Context, params *ListInstanceProfileTagsInput, optFns ...func(*Options)) (*ListInstanceProfileTagsOutput, error)
// Lists the instance profiles that have the specified path prefix. If there are
// none, the operation returns an empty list. For more information about instance
// profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html)
// . IAM resource-listing operations return a subset of the available attributes
// for the resource. For example, this operation does not return tags, even though
// they are an attribute of the returned object. To view all of the information for
// an instance profile, see GetInstanceProfile . You can paginate the results using
// the MaxItems and Marker parameters.
ListInstanceProfiles(ctx context.Context, params *ListInstanceProfilesInput, optFns ...func(*Options)) (*ListInstanceProfilesOutput, error)
// Lists the instance profiles that have the specified associated IAM role. If
// there are none, the operation returns an empty list. For more information about
// instance profiles, go to About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html)
// . You can paginate the results using the MaxItems and Marker parameters.
ListInstanceProfilesForRole(ctx context.Context, params *ListInstanceProfilesForRoleInput, optFns ...func(*Options)) (*ListInstanceProfilesForRoleOutput, error)
// Lists the tags that are attached to the specified IAM virtual multi-factor
// authentication (MFA) device. The returned list of tags is sorted by tag key. For
// more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
ListMFADeviceTags(ctx context.Context, params *ListMFADeviceTagsInput, optFns ...func(*Options)) (*ListMFADeviceTagsOutput, error)
// Lists the MFA devices for an IAM user. If the request includes a IAM user name,
// then this operation lists all the MFA devices associated with the specified
// user. If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request for this
// operation. You can paginate the results using the MaxItems and Marker
// parameters.
ListMFADevices(ctx context.Context, params *ListMFADevicesInput, optFns ...func(*Options)) (*ListMFADevicesOutput, error)
// Lists the tags that are attached to the specified OpenID Connect
// (OIDC)-compatible identity provider. The returned list of tags is sorted by tag
// key. For more information, see About web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html)
// . For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
ListOpenIDConnectProviderTags(ctx context.Context, params *ListOpenIDConnectProviderTagsInput, optFns ...func(*Options)) (*ListOpenIDConnectProviderTagsOutput, error)
// Lists information about the IAM OpenID Connect (OIDC) provider resource objects
// defined in the Amazon Web Services account. IAM resource-listing operations
// return a subset of the available attributes for the resource. For example, this
// operation does not return tags, even though they are an attribute of the
// returned object. To view all of the information for an OIDC provider, see
// GetOpenIDConnectProvider .
ListOpenIDConnectProviders(ctx context.Context, params *ListOpenIDConnectProvidersInput, optFns ...func(*Options)) (*ListOpenIDConnectProvidersOutput, error)
// Lists all the managed policies that are available in your Amazon Web Services
// account, including your own customer-defined managed policies and all Amazon Web
// Services managed policies. You can filter the list of policies that is returned
// using the optional OnlyAttached , Scope , and PathPrefix parameters. For
// example, to list only the customer managed policies in your Amazon Web Services
// account, set Scope to Local . To list only Amazon Web Services managed policies,
// set Scope to AWS . You can paginate the results using the MaxItems and Marker
// parameters. For more information about managed policies, see Managed policies
// and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. IAM resource-listing operations return a subset of the
// available attributes for the resource. For example, this operation does not
// return tags, even though they are an attribute of the returned object. To view
// all of the information for a customer manged policy, see GetPolicy .
ListPolicies(ctx context.Context, params *ListPoliciesInput, optFns ...func(*Options)) (*ListPoliciesOutput, error)
// Retrieves a list of policies that the IAM identity (user, group, or role) can
// use to access each specified service. This operation does not use other policy
// types when determining whether a resource could access a service. These other
// policy types include resource-based policies, access control lists,
// Organizations policies, IAM permissions boundaries, and STS assume role
// policies. It only applies permissions policy logic. For more about the
// evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide. The list of policies returned by the operation depends on
// the ARN of the identity that you provide.
// - User – The list of policies includes the managed and inline policies that
// are attached to the user directly. The list also includes any additional managed
// and inline policies that are attached to the group to which the user belongs.
// - Group – The list of policies includes only the managed and inline policies
// that are attached to the group directly. Policies that are attached to the
// group’s user are not included.
// - Role – The list of policies includes only the managed and inline policies
// that are attached to the role.
//
// For each managed policy, this operation returns the ARN and policy name. For
// each inline policy, it returns the policy name and the entity to which it is
// attached. Inline policies do not have an ARN. For more information about these
// policy types, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html)
// in the IAM User Guide. Policies that are attached to users and roles as
// permissions boundaries are not returned. To view which managed policy is
// currently used to set the permissions boundary for a user or role, use the
// GetUser or GetRole operations.
ListPoliciesGrantingServiceAccess(ctx context.Context, params *ListPoliciesGrantingServiceAccessInput, optFns ...func(*Options)) (*ListPoliciesGrantingServiceAccessOutput, error)
// Lists the tags that are attached to the specified IAM customer managed policy.
// The returned list of tags is sorted by tag key. For more information about
// tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
ListPolicyTags(ctx context.Context, params *ListPolicyTagsInput, optFns ...func(*Options)) (*ListPolicyTagsOutput, error)
// Lists information about the versions of the specified managed policy, including
// the version that is currently set as the policy's default version. For more
// information about managed policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
ListPolicyVersions(ctx context.Context, params *ListPolicyVersionsInput, optFns ...func(*Options)) (*ListPolicyVersionsOutput, error)
// Lists the names of the inline policies that are embedded in the specified IAM
// role. An IAM role can also have managed policies attached to it. To list the
// managed policies that are attached to a role, use ListAttachedRolePolicies . For
// more information about policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. You can paginate the results using the MaxItems and
// Marker parameters. If there are no inline policies embedded with the specified
// role, the operation returns an empty list.
ListRolePolicies(ctx context.Context, params *ListRolePoliciesInput, optFns ...func(*Options)) (*ListRolePoliciesOutput, error)
// Lists the tags that are attached to the specified role. The returned list of
// tags is sorted by tag key. For more information about tagging, see Tagging IAM
// resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
// IAM User Guide.
ListRoleTags(ctx context.Context, params *ListRoleTagsInput, optFns ...func(*Options)) (*ListRoleTagsOutput, error)
// Lists the IAM roles that have the specified path prefix. If there are none, the
// operation returns an empty list. For more information about roles, see Working
// with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html)
// . IAM resource-listing operations return a subset of the available attributes
// for the resource. For example, this operation does not return tags, even though
// they are an attribute of the returned object. To view all of the information for
// a role, see GetRole . You can paginate the results using the MaxItems and Marker
// parameters.
ListRoles(ctx context.Context, params *ListRolesInput, optFns ...func(*Options)) (*ListRolesOutput, error)
// Lists the tags that are attached to the specified Security Assertion Markup
// Language (SAML) identity provider. The returned list of tags is sorted by tag
// key. For more information, see About SAML 2.0-based federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
// . For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
ListSAMLProviderTags(ctx context.Context, params *ListSAMLProviderTagsInput, optFns ...func(*Options)) (*ListSAMLProviderTagsOutput, error)
// Lists the SAML provider resource objects defined in IAM in the account. IAM
// resource-listing operations return a subset of the available attributes for the
// resource. For example, this operation does not return tags, even though they are
// an attribute of the returned object. To view all of the information for a SAML
// provider, see GetSAMLProvider . This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
// .
ListSAMLProviders(ctx context.Context, params *ListSAMLProvidersInput, optFns ...func(*Options)) (*ListSAMLProvidersOutput, error)
// Returns information about the SSH public keys associated with the specified IAM
// user. If none exists, the operation returns an empty list. The SSH public keys
// returned by this operation are used only for authenticating the IAM user to an
// CodeCommit repository. For more information about using SSH keys to authenticate
// to an CodeCommit repository, see Set up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide. Although each user is limited to a small number of
// keys, you can still paginate the results using the MaxItems and Marker
// parameters.
ListSSHPublicKeys(ctx context.Context, params *ListSSHPublicKeysInput, optFns ...func(*Options)) (*ListSSHPublicKeysOutput, error)
// Lists the tags that are attached to the specified IAM server certificate. The
// returned list of tags is sorted by tag key. For more information about tagging,
// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide. For certificates in a Region supported by Certificate
// Manager (ACM), we recommend that you don't use IAM server certificates. Instead,
// use ACM to provision, manage, and deploy your server certificates. For more
// information about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
ListServerCertificateTags(ctx context.Context, params *ListServerCertificateTagsInput, optFns ...func(*Options)) (*ListServerCertificateTagsOutput, error)
// Lists the server certificates stored in IAM that have the specified path
// prefix. If none exist, the operation returns an empty list. You can paginate the
// results using the MaxItems and Marker parameters. For more information about
// working with server certificates, see Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic also includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM. IAM
// resource-listing operations return a subset of the available attributes for the
// resource. For example, this operation does not return tags, even though they are
// an attribute of the returned object. To view all of the information for a
// servercertificate, see GetServerCertificate .
ListServerCertificates(ctx context.Context, params *ListServerCertificatesInput, optFns ...func(*Options)) (*ListServerCertificatesOutput, error)
// Returns information about the service-specific credentials associated with the
// specified IAM user. If none exists, the operation returns an empty list. The
// service-specific credentials returned by this operation are used only for
// authenticating the IAM user to a specific service. For more information about
// using service-specific credentials to authenticate to an Amazon Web Services
// service, see Set up service-specific credentials (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html)
// in the CodeCommit User Guide.
ListServiceSpecificCredentials(ctx context.Context, params *ListServiceSpecificCredentialsInput, optFns ...func(*Options)) (*ListServiceSpecificCredentialsOutput, error)
// Returns information about the signing certificates associated with the
// specified IAM user. If none exists, the operation returns an empty list.
// Although each user is limited to a small number of signing certificates, you can
// still paginate the results using the MaxItems and Marker parameters. If the
// UserName field is not specified, the user name is determined implicitly based on
// the Amazon Web Services access key ID used to sign the request for this
// operation. This operation works for access keys under the Amazon Web Services
// account. Consequently, you can use this operation to manage Amazon Web Services
// account root user credentials even if the Amazon Web Services account has no
// associated users.
ListSigningCertificates(ctx context.Context, params *ListSigningCertificatesInput, optFns ...func(*Options)) (*ListSigningCertificatesOutput, error)
// Lists the names of the inline policies embedded in the specified IAM user. An
// IAM user can also have managed policies attached to it. To list the managed
// policies that are attached to a user, use ListAttachedUserPolicies . For more
// information about policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. You can paginate the results using the MaxItems and
// Marker parameters. If there are no inline policies embedded with the specified
// user, the operation returns an empty list.
ListUserPolicies(ctx context.Context, params *ListUserPoliciesInput, optFns ...func(*Options)) (*ListUserPoliciesOutput, error)
// Lists the tags that are attached to the specified IAM user. The returned list
// of tags is sorted by tag key. For more information about tagging, see Tagging
// IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in
// the IAM User Guide.
ListUserTags(ctx context.Context, params *ListUserTagsInput, optFns ...func(*Options)) (*ListUserTagsOutput, error)
// Lists the IAM users that have the specified path prefix. If no path prefix is
// specified, the operation returns all users in the Amazon Web Services account.
// If there are none, the operation returns an empty list. IAM resource-listing
// operations return a subset of the available attributes for the resource. For
// example, this operation does not return tags, even though they are an attribute
// of the returned object. To view all of the information for a user, see GetUser .
// You can paginate the results using the MaxItems and Marker parameters.
ListUsers(ctx context.Context, params *ListUsersInput, optFns ...func(*Options)) (*ListUsersOutput, error)
// Lists the virtual MFA devices defined in the Amazon Web Services account by
// assignment status. If you do not specify an assignment status, the operation
// returns a list of all virtual MFA devices. Assignment status can be Assigned ,
// Unassigned , or Any . IAM resource-listing operations return a subset of the
// available attributes for the resource. For example, this operation does not
// return tags, even though they are an attribute of the returned object. To view
// tag information for a virtual MFA device, see ListMFADeviceTags . You can
// paginate the results using the MaxItems and Marker parameters.
ListVirtualMFADevices(ctx context.Context, params *ListVirtualMFADevicesInput, optFns ...func(*Options)) (*ListVirtualMFADevicesOutput, error)
// Adds or updates an inline policy document that is embedded in the specified IAM
// group. A user can also have managed policies attached to it. To attach a managed
// policy to a group, use AttachGroupPolicy . To create a new managed policy, use
// CreatePolicy . For information about policies, see Managed policies and inline
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. For information about the maximum number of inline
// policies that you can embed in a group, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide. Because policy documents can be large, you should use
// POST rather than GET when calling PutGroupPolicy . For general information about
// using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
PutGroupPolicy(ctx context.Context, params *PutGroupPolicyInput, optFns ...func(*Options)) (*PutGroupPolicyOutput, error)
// Adds or updates the policy that is specified as the IAM role's permissions
// boundary. You can use an Amazon Web Services managed policy or a customer
// managed policy to set the boundary for a role. Use the boundary to control the
// maximum permissions that the role can have. Setting a permissions boundary is an
// advanced feature that can affect the permissions for the role. You cannot set
// the boundary for a service-linked role. Policies used as permissions boundaries
// do not provide permissions. You must also attach a permissions policy to the
// role. To learn how the effective permissions for a role are evaluated, see IAM
// JSON policy evaluation logic (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html)
// in the IAM User Guide.
PutRolePermissionsBoundary(ctx context.Context, params *PutRolePermissionsBoundaryInput, optFns ...func(*Options)) (*PutRolePermissionsBoundaryOutput, error)
// Adds or updates an inline policy document that is embedded in the specified IAM
// role. When you embed an inline policy in a role, the inline policy is used as
// part of the role's access (permissions) policy. The role's trust policy is
// created at the same time as the role, using CreateRole . You can update a role's
// trust policy using UpdateAssumeRolePolicy . For more information about IAM
// roles, see Using roles to delegate permissions and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html)
// . A role can also have a managed policy attached to it. To attach a managed
// policy to a role, use AttachRolePolicy . To create a new managed policy, use
// CreatePolicy . For information about policies, see Managed policies and inline
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. For information about the maximum number of inline
// policies that you can embed with a role, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide. Because policy documents can be large, you should use
// POST rather than GET when calling PutRolePolicy . For general information about
// using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
PutRolePolicy(ctx context.Context, params *PutRolePolicyInput, optFns ...func(*Options)) (*PutRolePolicyOutput, error)
// Adds or updates the policy that is specified as the IAM user's permissions
// boundary. You can use an Amazon Web Services managed policy or a customer
// managed policy to set the boundary for a user. Use the boundary to control the
// maximum permissions that the user can have. Setting a permissions boundary is an
// advanced feature that can affect the permissions for the user. Policies that are
// used as permissions boundaries do not provide permissions. You must also attach
// a permissions policy to the user. To learn how the effective permissions for a
// user are evaluated, see IAM JSON policy evaluation logic (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html)
// in the IAM User Guide.
PutUserPermissionsBoundary(ctx context.Context, params *PutUserPermissionsBoundaryInput, optFns ...func(*Options)) (*PutUserPermissionsBoundaryOutput, error)
// Adds or updates an inline policy document that is embedded in the specified IAM
// user. An IAM user can also have a managed policy attached to it. To attach a
// managed policy to a user, use AttachUserPolicy . To create a new managed policy,
// use CreatePolicy . For information about policies, see Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide. For information about the maximum number of inline
// policies that you can embed in a user, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide. Because policy documents can be large, you should use
// POST rather than GET when calling PutUserPolicy . For general information about
// using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
PutUserPolicy(ctx context.Context, params *PutUserPolicyInput, optFns ...func(*Options)) (*PutUserPolicyOutput, error)
// Removes the specified client ID (also known as audience) from the list of
// client IDs registered for the specified IAM OpenID Connect (OIDC) provider
// resource object. This operation is idempotent; it does not fail or return an
// error if you try to remove a client ID that does not exist.
RemoveClientIDFromOpenIDConnectProvider(ctx context.Context, params *RemoveClientIDFromOpenIDConnectProviderInput, optFns ...func(*Options)) (*RemoveClientIDFromOpenIDConnectProviderOutput, error)
// Removes the specified IAM role from the specified EC2 instance profile. Make
// sure that you do not have any Amazon EC2 instances running with the role you are
// about to remove from the instance profile. Removing a role from an instance
// profile that is associated with a running instance might break any applications
// running on the instance. For more information about IAM roles, see Working with
// roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) .
// For more information about instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html)
// .
RemoveRoleFromInstanceProfile(ctx context.Context, params *RemoveRoleFromInstanceProfileInput, optFns ...func(*Options)) (*RemoveRoleFromInstanceProfileOutput, error)
// Removes the specified user from the specified group.
RemoveUserFromGroup(ctx context.Context, params *RemoveUserFromGroupInput, optFns ...func(*Options)) (*RemoveUserFromGroupOutput, error)
// Resets the password for a service-specific credential. The new password is
// Amazon Web Services generated and cryptographically strong. It cannot be
// configured by the user. Resetting the password immediately invalidates the
// previous password associated with this user.
ResetServiceSpecificCredential(ctx context.Context, params *ResetServiceSpecificCredentialInput, optFns ...func(*Options)) (*ResetServiceSpecificCredentialOutput, error)
// Synchronizes the specified MFA device with its IAM resource object on the
// Amazon Web Services servers. For more information about creating and working
// with virtual MFA devices, see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the IAM User Guide.
ResyncMFADevice(ctx context.Context, params *ResyncMFADeviceInput, optFns ...func(*Options)) (*ResyncMFADeviceOutput, error)
// Sets the specified version of the specified policy as the policy's default
// (operative) version. This operation affects all users, groups, and roles that
// the policy is attached to. To list the users, groups, and roles that the policy
// is attached to, use ListEntitiesForPolicy . For information about managed
// policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
SetDefaultPolicyVersion(ctx context.Context, params *SetDefaultPolicyVersionInput, optFns ...func(*Options)) (*SetDefaultPolicyVersionOutput, error)
// Sets the specified version of the global endpoint token as the token version
// used for the Amazon Web Services account. By default, Security Token Service
// (STS) is available as a global service, and all STS requests go to a single
// endpoint at https://sts.amazonaws.com . Amazon Web Services recommends using
// Regional STS endpoints to reduce latency, build in redundancy, and increase
// session token availability. For information about Regional endpoints for STS,
// see Security Token Service endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sts.html)
// in the Amazon Web Services General Reference. If you make an STS call to the
// global endpoint, the resulting session tokens might be valid in some Regions but
// not others. It depends on the version that is set in this operation. Version 1
// tokens are valid only in Amazon Web Services Regions that are available by
// default. These tokens do not work in manually enabled Regions, such as Asia
// Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version
// 2 tokens are longer and might affect systems where you temporarily store tokens.
// For information, see Activating and deactivating STS in an Amazon Web Services
// Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide. To view the current session token version, see the
// GlobalEndpointTokenVersion entry in the response of the GetAccountSummary
// operation.
SetSecurityTokenServicePreferences(ctx context.Context, params *SetSecurityTokenServicePreferencesInput, optFns ...func(*Options)) (*SetSecurityTokenServicePreferencesOutput, error)
// Simulate how a set of IAM policies and optionally a resource-based policy works
// with a list of API operations and Amazon Web Services resources to determine the
// policies' effective permissions. The policies are provided as strings. The
// simulation does not perform the API operations; it only checks the authorization
// to determine if the simulated policies allow or deny the operations. You can
// simulate resources that don't exist in your account. If you want to simulate
// existing policies that are attached to an IAM user, group, or role, use
// SimulatePrincipalPolicy instead. Context keys are variables that are maintained
// by Amazon Web Services and its services and which provide details about the
// context of an API query request. You can use the Condition element of an IAM
// policy to evaluate context keys. To get the list of context keys that the
// policies require for correct simulation, use GetContextKeysForCustomPolicy . If
// the output is long, you can use MaxItems and Marker parameters to paginate the
// results. The IAM policy simulator evaluates statements in the identity-based
// policy and the inputs that you provide during simulation. The policy simulator
// results can differ from your live Amazon Web Services environment. We recommend
// that you check your policies against your live Amazon Web Services environment
// after testing using the policy simulator to confirm that you have the desired
// results. For more information about using the policy simulator, see Testing IAM
// policies with the IAM policy simulator (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html)
// in the IAM User Guide.
SimulateCustomPolicy(ctx context.Context, params *SimulateCustomPolicyInput, optFns ...func(*Options)) (*SimulateCustomPolicyOutput, error)
// Simulate how a set of IAM policies attached to an IAM entity works with a list
// of API operations and Amazon Web Services resources to determine the policies'
// effective permissions. The entity can be an IAM user, group, or role. If you
// specify a user, then the simulation also includes all of the policies that are
// attached to groups that the user belongs to. You can simulate resources that
// don't exist in your account. You can optionally include a list of one or more
// additional policies specified as strings to include in the simulation. If you
// want to simulate only policies specified as strings, use SimulateCustomPolicy
// instead. You can also optionally include one resource-based policy to be
// evaluated with each of the resources included in the simulation for IAM users
// only. The simulation does not perform the API operations; it only checks the
// authorization to determine if the simulated policies allow or deny the
// operations. Note: This operation discloses information about the permissions
// granted to other users. If you do not want users to see other user's
// permissions, then consider allowing them to use SimulateCustomPolicy instead.
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. You can use the
// Condition element of an IAM policy to evaluate context keys. To get the list of
// context keys that the policies require for correct simulation, use
// GetContextKeysForPrincipalPolicy . If the output is long, you can use the
// MaxItems and Marker parameters to paginate the results. The IAM policy
// simulator evaluates statements in the identity-based policy and the inputs that
// you provide during simulation. The policy simulator results can differ from your
// live Amazon Web Services environment. We recommend that you check your policies
// against your live Amazon Web Services environment after testing using the policy
// simulator to confirm that you have the desired results. For more information
// about using the policy simulator, see Testing IAM policies with the IAM policy
// simulator (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html)
// in the IAM User Guide.
SimulatePrincipalPolicy(ctx context.Context, params *SimulatePrincipalPolicyInput, optFns ...func(*Options)) (*SimulatePrincipalPolicyOutput, error)
// Adds one or more tags to an IAM instance profile. If a tag with the same key
// name already exists, then that tag is overwritten with the new value. Each tag
// consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM instance profile
// that has a specified tag attached. For examples of policies that show how to use
// tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
TagInstanceProfile(ctx context.Context, params *TagInstanceProfileInput, optFns ...func(*Options)) (*TagInstanceProfileOutput, error)
// Adds one or more tags to an IAM virtual multi-factor authentication (MFA)
// device. If a tag with the same key name already exists, then that tag is
// overwritten with the new value. A tag consists of a key name and an associated
// value. By assigning tags to your resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM virtual MFA device
// that has a specified tag attached. For examples of policies that show how to use
// tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
TagMFADevice(ctx context.Context, params *TagMFADeviceInput, optFns ...func(*Options)) (*TagMFADeviceOutput, error)
// Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider.
// For more information about these providers, see About web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html)
// . If a tag with the same key name already exists, then that tag is overwritten
// with the new value. A tag consists of a key name and an associated value. By
// assigning tags to your resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM identity-based and resource-based
// policies. You can use tags to restrict access to only an OIDC provider that has
// a specified tag attached. For examples of policies that show how to use tags to
// control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
TagOpenIDConnectProvider(ctx context.Context, params *TagOpenIDConnectProviderInput, optFns ...func(*Options)) (*TagOpenIDConnectProviderOutput, error)
// Adds one or more tags to an IAM customer managed policy. If a tag with the same
// key name already exists, then that tag is overwritten with the new value. A tag
// consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM customer managed
// policy that has a specified tag attached. For examples of policies that show how
// to use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
TagPolicy(ctx context.Context, params *TagPolicyInput, optFns ...func(*Options)) (*TagPolicyOutput, error)
// Adds one or more tags to an IAM role. The role can be a regular role or a
// service-linked role. If a tag with the same key name already exists, then that
// tag is overwritten with the new value. A tag consists of a key name and an
// associated value. By assigning tags to your resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM role that has a
// specified tag attached. You can also restrict access to only those resources
// that have a certain tag attached. For examples of policies that show how to use
// tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// in the IAM User Guide.
//
// - Cost allocation - Use tags to help track which individuals and teams are
// using which Amazon Web Services resources.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
TagRole(ctx context.Context, params *TagRoleInput, optFns ...func(*Options)) (*TagRoleOutput, error)
// Adds one or more tags to a Security Assertion Markup Language (SAML) identity
// provider. For more information about these providers, see About SAML 2.0-based
// federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
// . If a tag with the same key name already exists, then that tag is overwritten
// with the new value. A tag consists of a key name and an associated value. By
// assigning tags to your resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only a SAML identity provider
// that has a specified tag attached. For examples of policies that show how to use
// tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
TagSAMLProvider(ctx context.Context, params *TagSAMLProviderInput, optFns ...func(*Options)) (*TagSAMLProviderOutput, error)
// Adds one or more tags to an IAM server certificate. If a tag with the same key
// name already exists, then that tag is overwritten with the new value. For
// certificates in a Region supported by Certificate Manager (ACM), we recommend
// that you don't use IAM server certificates. Instead, use ACM to provision,
// manage, and deploy your server certificates. For more information about IAM
// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. A tag consists of a key name and an associated value. By
// assigning tags to your resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only a server certificate that
// has a specified tag attached. For examples of policies that show how to use tags
// to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// in the IAM User Guide.
//
// - Cost allocation - Use tags to help track which individuals and teams are
// using which Amazon Web Services resources.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
TagServerCertificate(ctx context.Context, params *TagServerCertificateInput, optFns ...func(*Options)) (*TagServerCertificateOutput, error)
// Adds one or more tags to an IAM user. If a tag with the same key name already
// exists, then that tag is overwritten with the new value. A tag consists of a key
// name and an associated value. By assigning tags to your resources, you can do
// the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM identity-based and resource-based
// policies. You can use tags to restrict access to only an IAM requesting user
// that has a specified tag attached. You can also restrict access to only those
// resources that have a certain tag attached. For examples of policies that show
// how to use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
// in the IAM User Guide.
//
// - Cost allocation - Use tags to help track which individuals and teams are
// using which Amazon Web Services resources.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
TagUser(ctx context.Context, params *TagUserInput, optFns ...func(*Options)) (*TagUserOutput, error)
// Removes the specified tags from the IAM instance profile. For more information
// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
UntagInstanceProfile(ctx context.Context, params *UntagInstanceProfileInput, optFns ...func(*Options)) (*UntagInstanceProfileOutput, error)
// Removes the specified tags from the IAM virtual multi-factor authentication
// (MFA) device. For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
UntagMFADevice(ctx context.Context, params *UntagMFADeviceInput, optFns ...func(*Options)) (*UntagMFADeviceOutput, error)
// Removes the specified tags from the specified OpenID Connect (OIDC)-compatible
// identity provider in IAM. For more information about OIDC providers, see About
// web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html)
// . For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
UntagOpenIDConnectProvider(ctx context.Context, params *UntagOpenIDConnectProviderInput, optFns ...func(*Options)) (*UntagOpenIDConnectProviderOutput, error)
// Removes the specified tags from the customer managed policy. For more
// information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
UntagPolicy(ctx context.Context, params *UntagPolicyInput, optFns ...func(*Options)) (*UntagPolicyOutput, error)
// Removes the specified tags from the role. For more information about tagging,
// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
UntagRole(ctx context.Context, params *UntagRoleInput, optFns ...func(*Options)) (*UntagRoleOutput, error)
// Removes the specified tags from the specified Security Assertion Markup
// Language (SAML) identity provider in IAM. For more information about these
// providers, see About web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html)
// . For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
UntagSAMLProvider(ctx context.Context, params *UntagSAMLProviderInput, optFns ...func(*Options)) (*UntagSAMLProviderOutput, error)
// Removes the specified tags from the IAM server certificate. For more
// information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide. For certificates in a Region supported by Certificate
// Manager (ACM), we recommend that you don't use IAM server certificates. Instead,
// use ACM to provision, manage, and deploy your server certificates. For more
// information about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
UntagServerCertificate(ctx context.Context, params *UntagServerCertificateInput, optFns ...func(*Options)) (*UntagServerCertificateOutput, error)
// Removes the specified tags from the user. For more information about tagging,
// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
UntagUser(ctx context.Context, params *UntagUserInput, optFns ...func(*Options)) (*UntagUserOutput, error)
// Changes the status of the specified access key from Active to Inactive, or vice
// versa. This operation can be used to disable a user's key as part of a key
// rotation workflow. If the UserName is not specified, the user name is
// determined implicitly based on the Amazon Web Services access key ID used to
// sign the request. If a temporary access key is used, then UserName is required.
// If a long-term key is assigned to the user, then UserName is not required. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users. For information about rotating keys, see Managing keys and certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html)
// in the IAM User Guide.
UpdateAccessKey(ctx context.Context, params *UpdateAccessKeyInput, optFns ...func(*Options)) (*UpdateAccessKeyOutput, error)
// Updates the password policy settings for the Amazon Web Services account. This
// operation does not support partial updates. No parameters are required, but if
// you do not specify a parameter, that parameter's value reverts to its default
// value. See the Request Parameters section for each parameter's default value.
// Also note that some parameters do not allow the default parameter to be
// explicitly set. Instead, to invoke the default value, do not include that
// parameter when you invoke the operation. For more information about using a
// password policy, see Managing an IAM password policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html)
// in the IAM User Guide.
UpdateAccountPasswordPolicy(ctx context.Context, params *UpdateAccountPasswordPolicyInput, optFns ...func(*Options)) (*UpdateAccountPasswordPolicyOutput, error)
// Updates the policy that grants an IAM entity permission to assume a role. This
// is typically referred to as the "role trust policy". For more information about
// roles, see Using roles to delegate permissions and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html)
// .
UpdateAssumeRolePolicy(ctx context.Context, params *UpdateAssumeRolePolicyInput, optFns ...func(*Options)) (*UpdateAssumeRolePolicyOutput, error)
// Updates the name and/or the path of the specified IAM group. You should
// understand the implications of changing a group's path or name. For more
// information, see Renaming users and groups (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html)
// in the IAM User Guide. The person making the request (the principal), must have
// permission to change the role group with the old name and the new name. For
// example, to change the group named Managers to MGRs , the principal must have a
// policy that allows them to update both groups. If the principal has permission
// to update the Managers group, but not the MGRs group, then the update fails.
// For more information about permissions, see Access management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// .
UpdateGroup(ctx context.Context, params *UpdateGroupInput, optFns ...func(*Options)) (*UpdateGroupOutput, error)
// Changes the password for the specified IAM user. You can use the CLI, the
// Amazon Web Services API, or the Users page in the IAM console to change the
// password for any IAM user. Use ChangePassword to change your own password in
// the My Security Credentials page in the Amazon Web Services Management Console.
// For more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the IAM User Guide.
UpdateLoginProfile(ctx context.Context, params *UpdateLoginProfileInput, optFns ...func(*Options)) (*UpdateLoginProfileOutput, error)
// Replaces the existing list of server certificate thumbprints associated with an
// OpenID Connect (OIDC) provider resource object with a new list of thumbprints.
// The list that you pass with this operation completely replaces the existing list
// of thumbprints. (The lists are not merged.) Typically, you need to update a
// thumbprint only when the identity provider certificate changes, which occurs
// rarely. However, if the provider's certificate does change, any attempt to
// assume an IAM role that specifies the OIDC provider as a principal fails until
// the certificate thumbprint is updated. Amazon Web Services secures communication
// with some OIDC identity providers (IdPs) through our library of trusted
// certificate authorities (CAs) instead of using a certificate thumbprint to
// verify your IdP server certificate. These OIDC IdPs include Google, Auth0, and
// those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint.
// In these cases, your legacy thumbprint remains in your configuration, but is no
// longer used for validation. Trust for the OIDC provider is derived from the
// provider certificate and is validated by the thumbprint. Therefore, it is best
// to limit access to the UpdateOpenIDConnectProviderThumbprint operation to
// highly privileged users.
UpdateOpenIDConnectProviderThumbprint(ctx context.Context, params *UpdateOpenIDConnectProviderThumbprintInput, optFns ...func(*Options)) (*UpdateOpenIDConnectProviderThumbprintOutput, error)
// Updates the description or maximum session duration setting of a role.
UpdateRole(ctx context.Context, params *UpdateRoleInput, optFns ...func(*Options)) (*UpdateRoleOutput, error)
// Use UpdateRole instead. Modifies only the description of a role. This operation
// performs the same function as the Description parameter in the UpdateRole
// operation.
UpdateRoleDescription(ctx context.Context, params *UpdateRoleDescriptionInput, optFns ...func(*Options)) (*UpdateRoleDescriptionOutput, error)
// Updates the metadata document for an existing SAML provider resource object.
// This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
// .
UpdateSAMLProvider(ctx context.Context, params *UpdateSAMLProviderInput, optFns ...func(*Options)) (*UpdateSAMLProviderOutput, error)
// Sets the status of an IAM user's SSH public key to active or inactive. SSH
// public keys that are inactive cannot be used for authentication. This operation
// can be used to disable a user's SSH public key as part of a key rotation work
// flow. The SSH public key affected by this operation is used only for
// authenticating the associated IAM user to an CodeCommit repository. For more
// information about using SSH keys to authenticate to an CodeCommit repository,
// see Set up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide.
UpdateSSHPublicKey(ctx context.Context, params *UpdateSSHPublicKeyInput, optFns ...func(*Options)) (*UpdateSSHPublicKeyOutput, error)
// Updates the name and/or the path of the specified server certificate stored in
// IAM. For more information about working with server certificates, see Working
// with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic also includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM. You
// should understand the implications of changing a server certificate's path or
// name. For more information, see Renaming a server certificate (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts)
// in the IAM User Guide. The person making the request (the principal), must have
// permission to change the server certificate with the old name and the new name.
// For example, to change the certificate named ProductionCert to ProdCert , the
// principal must have a policy that allows them to update both certificates. If
// the principal has permission to update the ProductionCert group, but not the
// ProdCert certificate, then the update fails. For more information about
// permissions, see Access management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
UpdateServerCertificate(ctx context.Context, params *UpdateServerCertificateInput, optFns ...func(*Options)) (*UpdateServerCertificateOutput, error)
// Sets the status of a service-specific credential to Active or Inactive .
// Service-specific credentials that are inactive cannot be used for authentication
// to the service. This operation can be used to disable a user's service-specific
// credential as part of a credential rotation work flow.
UpdateServiceSpecificCredential(ctx context.Context, params *UpdateServiceSpecificCredentialInput, optFns ...func(*Options)) (*UpdateServiceSpecificCredentialOutput, error)
// Changes the status of the specified user signing certificate from active to
// disabled, or vice versa. This operation can be used to disable an IAM user's
// signing certificate as part of a certificate rotation work flow. If the UserName
// field is not specified, the user name is determined implicitly based on the
// Amazon Web Services access key ID used to sign the request. This operation works
// for access keys under the Amazon Web Services account. Consequently, you can use
// this operation to manage Amazon Web Services account root user credentials even
// if the Amazon Web Services account has no associated users.
UpdateSigningCertificate(ctx context.Context, params *UpdateSigningCertificateInput, optFns ...func(*Options)) (*UpdateSigningCertificateOutput, error)
// Updates the name and/or the path of the specified IAM user. You should
// understand the implications of changing an IAM user's path or name. For more
// information, see Renaming an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming)
// and Renaming an IAM group (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html)
// in the IAM User Guide. To change a user name, the requester must have
// appropriate permissions on both the source object and the target object. For
// example, to change Bob to Robert, the entity making the request must have
// permission on Bob and Robert, or must have permission on all (*). For more
// information about permissions, see Permissions and policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html)
// .
UpdateUser(ctx context.Context, params *UpdateUserInput, optFns ...func(*Options)) (*UpdateUserOutput, error)
// Uploads an SSH public key and associates it with the specified IAM user. The
// SSH public key uploaded by this operation can be used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information about
// using SSH keys to authenticate to an CodeCommit repository, see Set up
// CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide.
UploadSSHPublicKey(ctx context.Context, params *UploadSSHPublicKeyInput, optFns ...func(*Options)) (*UploadSSHPublicKeyOutput, error)
// Uploads a server certificate entity for the Amazon Web Services account. The
// server certificate entity includes a public key certificate, a private key, and
// an optional certificate chain, which should all be PEM-encoded. We recommend
// that you use Certificate Manager (https://docs.aws.amazon.com/acm/) to
// provision, manage, and deploy your server certificates. With ACM you can request
// a certificate, deploy it to Amazon Web Services resources, and let ACM handle
// certificate renewals for you. Certificates provided by ACM are free. For more
// information about using ACM, see the Certificate Manager User Guide (https://docs.aws.amazon.com/acm/latest/userguide/)
// . For more information about working with server certificates, see Working with
// server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM. For
// information about the number of server certificates you can upload, see IAM and
// STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide. Because the body of the public key certificate, private
// key, and the certificate chain can be large, you should use POST rather than GET
// when calling UploadServerCertificate . For information about setting up
// signatures and authorization through the API, see Signing Amazon Web Services
// API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
// in the Amazon Web Services General Reference. For general information about
// using the Query API with IAM, see Calling the API by making HTTP query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html)
// in the IAM User Guide.
UploadServerCertificate(ctx context.Context, params *UploadServerCertificateInput, optFns ...func(*Options)) (*UploadServerCertificateOutput, error)
// Uploads an X.509 signing certificate and associates it with the specified IAM
// user. Some Amazon Web Services services require you to use certificates to
// validate requests that are signed with a corresponding private key. When you
// upload the certificate, its default status is Active . For information about
// when you would use an X.509 signing certificate, see Managing server
// certificates in IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. If the UserName is not specified, the IAM user name is
// determined implicitly based on the Amazon Web Services access key ID used to
// sign the request. This operation works for access keys under the Amazon Web
// Services account. Consequently, you can use this operation to manage Amazon Web
// Services account root user credentials even if the Amazon Web Services account
// has no associated users. Because the body of an X.509 certificate can be large,
// you should use POST rather than GET when calling UploadSigningCertificate . For
// information about setting up signatures and authorization through the API, see
// Signing Amazon Web Services API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
// in the Amazon Web Services General Reference. For general information about
// using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
UploadSigningCertificate(ctx context.Context, params *UploadSigningCertificateInput, optFns ...func(*Options)) (*UploadSigningCertificateOutput, error)
}
IAM provides an interface to the AWS IAM service.
type Outposts ¶ added in v0.112.0
type Outposts interface {
// Cancels the specified order for an Outpost.
CancelOrder(ctx context.Context, params *CancelOrderInput, optFns ...func(*Options)) (*CancelOrderOutput, error)
// Creates an order for an Outpost.
CreateOrder(ctx context.Context, params *CreateOrderInput, optFns ...func(*Options)) (*CreateOrderOutput, error)
// Creates an Outpost. You can specify either an Availability one or an AZ ID.
CreateOutpost(ctx context.Context, params *CreateOutpostInput, optFns ...func(*Options)) (*CreateOutpostOutput, error)
// Creates a site for an Outpost.
CreateSite(ctx context.Context, params *CreateSiteInput, optFns ...func(*Options)) (*CreateSiteOutput, error)
// Deletes the specified Outpost.
DeleteOutpost(ctx context.Context, params *DeleteOutpostInput, optFns ...func(*Options)) (*DeleteOutpostOutput, error)
// Deletes the specified site.
DeleteSite(ctx context.Context, params *DeleteSiteInput, optFns ...func(*Options)) (*DeleteSiteOutput, error)
// Gets information about the specified catalog item.
GetCatalogItem(ctx context.Context, params *GetCatalogItemInput, optFns ...func(*Options)) (*GetCatalogItemOutput, error)
// Amazon Web Services uses this action to install Outpost servers. Gets
// information about the specified connection. Use CloudTrail to monitor this
// action or Amazon Web Services managed policy for Amazon Web Services Outposts to
// secure it. For more information, see Amazon Web Services managed policies for
// Amazon Web Services Outposts (https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html)
// and Logging Amazon Web Services Outposts API calls with Amazon Web Services
// CloudTrail (https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html)
// in the Amazon Web Services Outposts User Guide.
GetConnection(ctx context.Context, params *GetConnectionInput, optFns ...func(*Options)) (*GetConnectionOutput, error)
// Gets information about the specified order.
GetOrder(ctx context.Context, params *GetOrderInput, optFns ...func(*Options)) (*GetOrderOutput, error)
// Gets information about the specified Outpost.
GetOutpost(ctx context.Context, params *GetOutpostInput, optFns ...func(*Options)) (*GetOutpostOutput, error)
// Gets the instance types for the specified Outpost.
GetOutpostInstanceTypes(ctx context.Context, params *GetOutpostInstanceTypesInput, optFns ...func(*Options)) (*GetOutpostInstanceTypesOutput, error)
// Gets information about the specified Outpost site.
GetSite(ctx context.Context, params *GetSiteInput, optFns ...func(*Options)) (*GetSiteOutput, error)
// Gets the site address of the specified site.
GetSiteAddress(ctx context.Context, params *GetSiteAddressInput, optFns ...func(*Options)) (*GetSiteAddressOutput, error)
// Lists the hardware assets for the specified Outpost. Use filters to return
// specific results. If you specify multiple filters, the results include only the
// resources that match all of the specified filters. For a filter where you can
// specify multiple values, the results include items that match any of the values
// that you specify for the filter.
ListAssets(ctx context.Context, params *ListAssetsInput, optFns ...func(*Options)) (*ListAssetsOutput, error)
// Lists the items in the catalog. Use filters to return specific results. If you
// specify multiple filters, the results include only the resources that match all
// of the specified filters. For a filter where you can specify multiple values,
// the results include items that match any of the values that you specify for the
// filter.
ListCatalogItems(ctx context.Context, params *ListCatalogItemsInput, optFns ...func(*Options)) (*ListCatalogItemsOutput, error)
// Lists the Outpost orders for your Amazon Web Services account.
ListOrders(ctx context.Context, params *ListOrdersInput, optFns ...func(*Options)) (*ListOrdersOutput, error)
// Lists the Outposts for your Amazon Web Services account. Use filters to return
// specific results. If you specify multiple filters, the results include only the
// resources that match all of the specified filters. For a filter where you can
// specify multiple values, the results include items that match any of the values
// that you specify for the filter.
ListOutposts(ctx context.Context, params *ListOutpostsInput, optFns ...func(*Options)) (*ListOutpostsOutput, error)
// Lists the Outpost sites for your Amazon Web Services account. Use filters to
// return specific results. Use filters to return specific results. If you specify
// multiple filters, the results include only the resources that match all of the
// specified filters. For a filter where you can specify multiple values, the
// results include items that match any of the values that you specify for the
// filter.
ListSites(ctx context.Context, params *ListSitesInput, optFns ...func(*Options)) (*ListSitesOutput, error)
// Lists the tags for the specified resource.
ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
// Amazon Web Services uses this action to install Outpost servers. Starts the
// connection required for Outpost server installation. Use CloudTrail to monitor
// this action or Amazon Web Services managed policy for Amazon Web Services
// Outposts to secure it. For more information, see Amazon Web Services managed
// policies for Amazon Web Services Outposts (https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html)
// and Logging Amazon Web Services Outposts API calls with Amazon Web Services
// CloudTrail (https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html)
// in the Amazon Web Services Outposts User Guide.
StartConnection(ctx context.Context, params *StartConnectionInput, optFns ...func(*Options)) (*StartConnectionOutput, error)
// Adds tags to the specified resource.
TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
// Removes tags from the specified resource.
UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
// Updates an Outpost.
UpdateOutpost(ctx context.Context, params *UpdateOutpostInput, optFns ...func(*Options)) (*UpdateOutpostOutput, error)
// Updates the specified site.
UpdateSite(ctx context.Context, params *UpdateSiteInput, optFns ...func(*Options)) (*UpdateSiteOutput, error)
// Updates the address of the specified site. You can't update a site address if
// there is an order in progress. You must wait for the order to complete or cancel
// the order. You can update the operating address before you place an order at the
// site, or after all Outposts that belong to the site have been deactivated.
UpdateSiteAddress(ctx context.Context, params *UpdateSiteAddressInput, optFns ...func(*Options)) (*UpdateSiteAddressOutput, error)
// Update the physical and logistical details for a rack at a site. For more
// information about hardware requirements for racks, see Network readiness
// checklist (https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#checklist)
// in the Amazon Web Services Outposts User Guide. To update a rack at a site with
// an order of IN_PROGRESS , you must wait for the order to complete or cancel the
// order.
UpdateSiteRackPhysicalProperties(ctx context.Context, params *UpdateSiteRackPhysicalPropertiesInput, optFns ...func(*Options)) (*UpdateSiteRackPhysicalPropertiesOutput, error)
}
Outposts provides an interface to the AWS Outposts service.
type SSM ¶ added in v0.91.0
type SSM interface {
// Adds or overwrites one or more tags for the specified resource. Tags are
// metadata that you can assign to your automations, documents, managed nodes,
// maintenance windows, Parameter Store parameters, and patch baselines. Tags
// enable you to categorize your resources in different ways, for example, by
// purpose, owner, or environment. Each tag consists of a key and an optional
// value, both of which you define. For example, you could define a set of tags for
// your account's managed nodes that helps you track each node's owner and stack
// level. For example:
// - Key=Owner,Value=DbAdmin
// - Key=Owner,Value=SysAdmin
// - Key=Owner,Value=Dev
// - Key=Stack,Value=Production
// - Key=Stack,Value=Pre-Production
// - Key=Stack,Value=Test
//
// Most resources can have a maximum of 50 tags. Automations can have a maximum of
// 5 tags. We recommend that you devise a set of tag keys that meets your needs for
// each resource type. Using a consistent set of tag keys makes it easier for you
// to manage your resources. You can search and filter the resources based on the
// tags you add. Tags don't have any semantic meaning to and are interpreted
// strictly as a string of characters. For more information about using tags with
// Amazon Elastic Compute Cloud (Amazon EC2) instances, see Tagging your Amazon
// EC2 resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html)
// in the Amazon EC2 User Guide.
AddTagsToResource(ctx context.Context, params *AddTagsToResourceInput, optFns ...func(*Options)) (*AddTagsToResourceOutput, error)
// Associates a related item to a Systems Manager OpsCenter OpsItem. For example,
// you can associate an Incident Manager incident or analysis with an OpsItem.
// Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems
// Manager.
AssociateOpsItemRelatedItem(ctx context.Context, params *AssociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*AssociateOpsItemRelatedItemOutput, error)
// Attempts to cancel the command specified by the Command ID. There is no
// guarantee that the command will be terminated and the underlying process
// stopped.
CancelCommand(ctx context.Context, params *CancelCommandInput, optFns ...func(*Options)) (*CancelCommandOutput, error)
// Stops a maintenance window execution that is already in progress and cancels
// any tasks in the window that haven't already starting running. Tasks already in
// progress will continue to completion.
CancelMaintenanceWindowExecution(ctx context.Context, params *CancelMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*CancelMaintenanceWindowExecutionOutput, error)
// Generates an activation code and activation ID you can use to register your
// on-premises servers, edge devices, or virtual machine (VM) with Amazon Web
// Services Systems Manager. Registering these machines with Systems Manager makes
// it possible to manage them using Systems Manager capabilities. You use the
// activation code and ID when installing SSM Agent on machines in your hybrid
// environment. For more information about requirements for managing on-premises
// machines using Systems Manager, see Setting up Amazon Web Services Systems
// Manager for hybrid environments (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html)
// in the Amazon Web Services Systems Manager User Guide. Amazon Elastic Compute
// Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that
// are configured for Systems Manager are all called managed nodes.
CreateActivation(ctx context.Context, params *CreateActivationInput, optFns ...func(*Options)) (*CreateActivationOutput, error)
// A State Manager association defines the state that you want to maintain on your
// managed nodes. For example, an association can specify that anti-virus software
// must be installed and running on your managed nodes, or that certain ports must
// be closed. For static targets, the association specifies a schedule for when the
// configuration is reapplied. For dynamic targets, such as an Amazon Web Services
// resource group or an Amazon Web Services autoscaling group, State Manager, a
// capability of Amazon Web Services Systems Manager applies the configuration when
// new managed nodes are added to the group. The association also specifies actions
// to take when applying the configuration. For example, an association for
// anti-virus software might run once a day. If the software isn't installed, then
// State Manager installs it. If the software is installed, but the service isn't
// running, then the association might instruct State Manager to start the service.
CreateAssociation(ctx context.Context, params *CreateAssociationInput, optFns ...func(*Options)) (*CreateAssociationOutput, error)
// Associates the specified Amazon Web Services Systems Manager document (SSM
// document) with the specified managed nodes or targets. When you associate a
// document with one or more managed nodes using IDs or tags, Amazon Web Services
// Systems Manager Agent (SSM Agent) running on the managed node processes the
// document and configures the node as specified. If you associate a document with
// a managed node that already has an associated document, the system returns the
// AssociationAlreadyExists exception.
CreateAssociationBatch(ctx context.Context, params *CreateAssociationBatchInput, optFns ...func(*Options)) (*CreateAssociationBatchOutput, error)
// Creates a Amazon Web Services Systems Manager (SSM document). An SSM document
// defines the actions that Systems Manager performs on your managed nodes. For
// more information about SSM documents, including information about supported
// schemas, features, and syntax, see Amazon Web Services Systems Manager Documents (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html)
// in the Amazon Web Services Systems Manager User Guide.
CreateDocument(ctx context.Context, params *CreateDocumentInput, optFns ...func(*Options)) (*CreateDocumentOutput, error)
// Creates a new maintenance window. The value you specify for Duration determines
// the specific end time for the maintenance window based on the time it begins. No
// maintenance window tasks are permitted to start after the resulting endtime
// minus the number of hours you specify for Cutoff . For example, if the
// maintenance window starts at 3 PM, the duration is three hours, and the value
// you specify for Cutoff is one hour, no maintenance window tasks can start after
// 5 PM.
CreateMaintenanceWindow(ctx context.Context, params *CreateMaintenanceWindowInput, optFns ...func(*Options)) (*CreateMaintenanceWindowOutput, error)
// Creates a new OpsItem. You must have permission in Identity and Access
// Management (IAM) to create a new OpsItem. For more information, see Getting
// started with OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
// investigate, and remediate operational issues impacting the performance and
// health of their Amazon Web Services resources. For more information, see Amazon
// Web Services Systems Manager OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html)
// in the Amazon Web Services Systems Manager User Guide.
CreateOpsItem(ctx context.Context, params *CreateOpsItemInput, optFns ...func(*Options)) (*CreateOpsItemOutput, error)
// If you create a new application in Application Manager, Amazon Web Services
// Systems Manager calls this API operation to specify information about the new
// application, including the application type.
CreateOpsMetadata(ctx context.Context, params *CreateOpsMetadataInput, optFns ...func(*Options)) (*CreateOpsMetadataOutput, error)
// Creates a patch baseline. For information about valid key-value pairs in
// PatchFilters for each supported operating system type, see PatchFilter .
CreatePatchBaseline(ctx context.Context, params *CreatePatchBaselineInput, optFns ...func(*Options)) (*CreatePatchBaselineOutput, error)
// A resource data sync helps you view data from multiple sources in a single
// location. Amazon Web Services Systems Manager offers two types of resource data
// sync: SyncToDestination and SyncFromSource . You can configure Systems Manager
// Inventory to use the SyncToDestination type to synchronize Inventory data from
// multiple Amazon Web Services Regions to a single Amazon Simple Storage Service
// (Amazon S3) bucket. For more information, see Configuring resource data sync
// for Inventory (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-datasync.html)
// in the Amazon Web Services Systems Manager User Guide. You can configure Systems
// Manager Explorer to use the SyncFromSource type to synchronize operational work
// items (OpsItems) and operational data (OpsData) from multiple Amazon Web
// Services Regions to a single Amazon S3 bucket. This type can synchronize
// OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web
// Services Regions or EntireOrganization by using Organizations. For more
// information, see Setting up Systems Manager Explorer to display data from
// multiple accounts and Regions (https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer-resource-data-sync.html)
// in the Amazon Web Services Systems Manager User Guide. A resource data sync is
// an asynchronous operation that returns immediately. After a successful initial
// sync is completed, the system continuously syncs data. To check the status of a
// sync, use the ListResourceDataSync . By default, data isn't encrypted in Amazon
// S3. We strongly recommend that you enable encryption in Amazon S3 to ensure
// secure data storage. We also recommend that you secure access to the Amazon S3
// bucket by creating a restrictive bucket policy.
CreateResourceDataSync(ctx context.Context, params *CreateResourceDataSyncInput, optFns ...func(*Options)) (*CreateResourceDataSyncOutput, error)
// Deletes an activation. You aren't required to delete an activation. If you
// delete an activation, you can no longer use it to register additional managed
// nodes. Deleting an activation doesn't de-register managed nodes. You must
// manually de-register managed nodes.
DeleteActivation(ctx context.Context, params *DeleteActivationInput, optFns ...func(*Options)) (*DeleteActivationOutput, error)
// Disassociates the specified Amazon Web Services Systems Manager document (SSM
// document) from the specified managed node. If you created the association by
// using the Targets parameter, then you must delete the association by using the
// association ID. When you disassociate a document from a managed node, it doesn't
// change the configuration of the node. To change the configuration state of a
// managed node after you disassociate a document, you must create a new document
// with the desired configuration and associate it with the node.
DeleteAssociation(ctx context.Context, params *DeleteAssociationInput, optFns ...func(*Options)) (*DeleteAssociationOutput, error)
// Deletes the Amazon Web Services Systems Manager document (SSM document) and all
// managed node associations to the document. Before you delete the document, we
// recommend that you use DeleteAssociation to disassociate all managed nodes that
// are associated with the document.
DeleteDocument(ctx context.Context, params *DeleteDocumentInput, optFns ...func(*Options)) (*DeleteDocumentOutput, error)
// Delete a custom inventory type or the data associated with a custom Inventory
// type. Deleting a custom inventory type is also referred to as deleting a custom
// inventory schema.
DeleteInventory(ctx context.Context, params *DeleteInventoryInput, optFns ...func(*Options)) (*DeleteInventoryOutput, error)
// Deletes a maintenance window.
DeleteMaintenanceWindow(ctx context.Context, params *DeleteMaintenanceWindowInput, optFns ...func(*Options)) (*DeleteMaintenanceWindowOutput, error)
// Delete OpsMetadata related to an application.
DeleteOpsMetadata(ctx context.Context, params *DeleteOpsMetadataInput, optFns ...func(*Options)) (*DeleteOpsMetadataOutput, error)
// Delete a parameter from the system. After deleting a parameter, wait for at
// least 30 seconds to create a parameter with the same name.
DeleteParameter(ctx context.Context, params *DeleteParameterInput, optFns ...func(*Options)) (*DeleteParameterOutput, error)
// Delete a list of parameters. After deleting a parameter, wait for at least 30
// seconds to create a parameter with the same name.
DeleteParameters(ctx context.Context, params *DeleteParametersInput, optFns ...func(*Options)) (*DeleteParametersOutput, error)
// Deletes a patch baseline.
DeletePatchBaseline(ctx context.Context, params *DeletePatchBaselineInput, optFns ...func(*Options)) (*DeletePatchBaselineOutput, error)
// Deletes a resource data sync configuration. After the configuration is deleted,
// changes to data on managed nodes are no longer synced to or from the target.
// Deleting a sync configuration doesn't delete data.
DeleteResourceDataSync(ctx context.Context, params *DeleteResourceDataSyncInput, optFns ...func(*Options)) (*DeleteResourceDataSyncOutput, error)
// Deletes a Systems Manager resource policy. A resource policy helps you to
// define the IAM entity (for example, an Amazon Web Services account) that can
// manage your Systems Manager resources. Currently, OpsItemGroup is the only
// resource that supports Systems Manager resource policies. The resource policy
// for OpsItemGroup enables Amazon Web Services accounts to view and interact with
// OpsCenter operational work items (OpsItems).
DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
// Removes the server or virtual machine from the list of registered servers. You
// can reregister the node again at any time. If you don't plan to use Run Command
// on the server, we suggest uninstalling SSM Agent first.
DeregisterManagedInstance(ctx context.Context, params *DeregisterManagedInstanceInput, optFns ...func(*Options)) (*DeregisterManagedInstanceOutput, error)
// Removes a patch group from a patch baseline.
DeregisterPatchBaselineForPatchGroup(ctx context.Context, params *DeregisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*DeregisterPatchBaselineForPatchGroupOutput, error)
// Removes a target from a maintenance window.
DeregisterTargetFromMaintenanceWindow(ctx context.Context, params *DeregisterTargetFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTargetFromMaintenanceWindowOutput, error)
// Removes a task from a maintenance window.
DeregisterTaskFromMaintenanceWindow(ctx context.Context, params *DeregisterTaskFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTaskFromMaintenanceWindowOutput, error)
// Describes details about the activation, such as the date and time the
// activation was created, its expiration date, the Identity and Access Management
// (IAM) role assigned to the managed nodes in the activation, and the number of
// nodes registered by using this activation.
DescribeActivations(ctx context.Context, params *DescribeActivationsInput, optFns ...func(*Options)) (*DescribeActivationsOutput, error)
// Describes the association for the specified target or managed node. If you
// created the association by using the Targets parameter, then you must retrieve
// the association by using the association ID.
DescribeAssociation(ctx context.Context, params *DescribeAssociationInput, optFns ...func(*Options)) (*DescribeAssociationOutput, error)
// Views information about a specific execution of a specific association.
DescribeAssociationExecutionTargets(ctx context.Context, params *DescribeAssociationExecutionTargetsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionTargetsOutput, error)
// Views all executions for a specific association ID.
DescribeAssociationExecutions(ctx context.Context, params *DescribeAssociationExecutionsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionsOutput, error)
// Provides details about all active and terminated Automation executions.
DescribeAutomationExecutions(ctx context.Context, params *DescribeAutomationExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationExecutionsOutput, error)
// Information about all active and terminated step executions in an Automation
// workflow.
DescribeAutomationStepExecutions(ctx context.Context, params *DescribeAutomationStepExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationStepExecutionsOutput, error)
// Lists all patches eligible to be included in a patch baseline.
DescribeAvailablePatches(ctx context.Context, params *DescribeAvailablePatchesInput, optFns ...func(*Options)) (*DescribeAvailablePatchesOutput, error)
// Describes the specified Amazon Web Services Systems Manager document (SSM
// document).
DescribeDocument(ctx context.Context, params *DescribeDocumentInput, optFns ...func(*Options)) (*DescribeDocumentOutput, error)
// Describes the permissions for a Amazon Web Services Systems Manager document
// (SSM document). If you created the document, you are the owner. If a document is
// shared, it can either be shared privately (by specifying a user's Amazon Web
// Services account ID) or publicly (All).
DescribeDocumentPermission(ctx context.Context, params *DescribeDocumentPermissionInput, optFns ...func(*Options)) (*DescribeDocumentPermissionOutput, error)
// All associations for the managed node(s).
DescribeEffectiveInstanceAssociations(ctx context.Context, params *DescribeEffectiveInstanceAssociationsInput, optFns ...func(*Options)) (*DescribeEffectiveInstanceAssociationsOutput, error)
// Retrieves the current effective patches (the patch and the approval state) for
// the specified patch baseline. Applies to patch baselines for Windows only.
DescribeEffectivePatchesForPatchBaseline(ctx context.Context, params *DescribeEffectivePatchesForPatchBaselineInput, optFns ...func(*Options)) (*DescribeEffectivePatchesForPatchBaselineOutput, error)
// The status of the associations for the managed node(s).
DescribeInstanceAssociationsStatus(ctx context.Context, params *DescribeInstanceAssociationsStatusInput, optFns ...func(*Options)) (*DescribeInstanceAssociationsStatusOutput, error)
// Describes one or more of your managed nodes, including information about the
// operating system platform, the version of SSM Agent installed on the managed
// node, node status, and so on. If you specify one or more managed node IDs, it
// returns information for those managed nodes. If you don't specify node IDs, it
// returns information for all your managed nodes. If you specify a node ID that
// isn't valid or a node that you don't own, you receive an error. The IamRole
// field for this API operation is the Identity and Access Management (IAM) role
// assigned to on-premises managed nodes. This call doesn't return the IAM role for
// EC2 instances.
DescribeInstanceInformation(ctx context.Context, params *DescribeInstanceInformationInput, optFns ...func(*Options)) (*DescribeInstanceInformationOutput, error)
// Retrieves the high-level patch state of one or more managed nodes.
DescribeInstancePatchStates(ctx context.Context, params *DescribeInstancePatchStatesInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesOutput, error)
// Retrieves the high-level patch state for the managed nodes in the specified
// patch group.
DescribeInstancePatchStatesForPatchGroup(ctx context.Context, params *DescribeInstancePatchStatesForPatchGroupInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesForPatchGroupOutput, error)
// Retrieves information about the patches on the specified managed node and their
// state relative to the patch baseline being used for the node.
DescribeInstancePatches(ctx context.Context, params *DescribeInstancePatchesInput, optFns ...func(*Options)) (*DescribeInstancePatchesOutput, error)
// Describes a specific delete inventory operation.
DescribeInventoryDeletions(ctx context.Context, params *DescribeInventoryDeletionsInput, optFns ...func(*Options)) (*DescribeInventoryDeletionsOutput, error)
// Retrieves the individual task executions (one per target) for a particular task
// run as part of a maintenance window execution.
DescribeMaintenanceWindowExecutionTaskInvocations(ctx context.Context, params *DescribeMaintenanceWindowExecutionTaskInvocationsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTaskInvocationsOutput, error)
// For a given maintenance window execution, lists the tasks that were run.
DescribeMaintenanceWindowExecutionTasks(ctx context.Context, params *DescribeMaintenanceWindowExecutionTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTasksOutput, error)
// Lists the executions of a maintenance window. This includes information about
// when the maintenance window was scheduled to be active, and information about
// tasks registered and run with the maintenance window.
DescribeMaintenanceWindowExecutions(ctx context.Context, params *DescribeMaintenanceWindowExecutionsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionsOutput, error)
// Retrieves information about upcoming executions of a maintenance window.
DescribeMaintenanceWindowSchedule(ctx context.Context, params *DescribeMaintenanceWindowScheduleInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowScheduleOutput, error)
// Lists the targets registered with the maintenance window.
DescribeMaintenanceWindowTargets(ctx context.Context, params *DescribeMaintenanceWindowTargetsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTargetsOutput, error)
// Lists the tasks in a maintenance window. For maintenance window tasks without a
// specified target, you can't supply values for --max-errors and --max-concurrency
// . Instead, the system inserts a placeholder value of 1 , which may be reported
// in the response to this command. These values don't affect the running of your
// task and can be ignored.
DescribeMaintenanceWindowTasks(ctx context.Context, params *DescribeMaintenanceWindowTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTasksOutput, error)
// Retrieves the maintenance windows in an Amazon Web Services account.
DescribeMaintenanceWindows(ctx context.Context, params *DescribeMaintenanceWindowsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsOutput, error)
// Retrieves information about the maintenance window targets or tasks that a
// managed node is associated with.
DescribeMaintenanceWindowsForTarget(ctx context.Context, params *DescribeMaintenanceWindowsForTargetInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsForTargetOutput, error)
// Query a set of OpsItems. You must have permission in Identity and Access
// Management (IAM) to query a list of OpsItems. For more information, see Getting
// started with OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
// investigate, and remediate operational issues impacting the performance and
// health of their Amazon Web Services resources. For more information, see
// OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html)
// in the Amazon Web Services Systems Manager User Guide.
DescribeOpsItems(ctx context.Context, params *DescribeOpsItemsInput, optFns ...func(*Options)) (*DescribeOpsItemsOutput, error)
// Get information about a parameter. Request results are returned on a
// best-effort basis. If you specify MaxResults in the request, the response
// includes information up to the limit specified. The number of items returned,
// however, can be between zero and the value of MaxResults . If the service
// reaches an internal limit while processing the results, it stops the operation
// and returns the matching values up to that point and a NextToken . You can
// specify the NextToken in a subsequent call to get the next set of results. If
// you change the KMS key alias for the KMS key used to encrypt a parameter, then
// you must also update the key alias the parameter uses to reference KMS.
// Otherwise, DescribeParameters retrieves whatever the original key alias was
// referencing.
DescribeParameters(ctx context.Context, params *DescribeParametersInput, optFns ...func(*Options)) (*DescribeParametersOutput, error)
// Lists the patch baselines in your Amazon Web Services account.
DescribePatchBaselines(ctx context.Context, params *DescribePatchBaselinesInput, optFns ...func(*Options)) (*DescribePatchBaselinesOutput, error)
// Returns high-level aggregated patch compliance state information for a patch
// group.
DescribePatchGroupState(ctx context.Context, params *DescribePatchGroupStateInput, optFns ...func(*Options)) (*DescribePatchGroupStateOutput, error)
// Lists all patch groups that have been registered with patch baselines.
DescribePatchGroups(ctx context.Context, params *DescribePatchGroupsInput, optFns ...func(*Options)) (*DescribePatchGroupsOutput, error)
// Lists the properties of available patches organized by product, product family,
// classification, severity, and other properties of available patches. You can use
// the reported properties in the filters you specify in requests for operations
// such as CreatePatchBaseline , UpdatePatchBaseline , DescribeAvailablePatches ,
// and DescribePatchBaselines . The following section lists the properties that can
// be used in filters for each major operating system type: AMAZON_LINUX Valid
// properties: PRODUCT | CLASSIFICATION | SEVERITY AMAZON_LINUX_2 Valid
// properties: PRODUCT | CLASSIFICATION | SEVERITY CENTOS Valid properties: PRODUCT
// | CLASSIFICATION | SEVERITY DEBIAN Valid properties: PRODUCT | PRIORITY MACOS
// Valid properties: PRODUCT | CLASSIFICATION ORACLE_LINUX Valid properties:
// PRODUCT | CLASSIFICATION | SEVERITY REDHAT_ENTERPRISE_LINUX Valid properties:
// PRODUCT | CLASSIFICATION | SEVERITY SUSE Valid properties: PRODUCT |
// CLASSIFICATION | SEVERITY UBUNTU Valid properties: PRODUCT | PRIORITY WINDOWS
// Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | MSRC_SEVERITY
DescribePatchProperties(ctx context.Context, params *DescribePatchPropertiesInput, optFns ...func(*Options)) (*DescribePatchPropertiesOutput, error)
// Retrieves a list of all active sessions (both connected and disconnected) or
// terminated sessions from the past 30 days.
DescribeSessions(ctx context.Context, params *DescribeSessionsInput, optFns ...func(*Options)) (*DescribeSessionsOutput, error)
// Deletes the association between an OpsItem and a related item. For example,
// this API operation can delete an Incident Manager incident from an OpsItem.
// Incident Manager is a capability of Amazon Web Services Systems Manager.
DisassociateOpsItemRelatedItem(ctx context.Context, params *DisassociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*DisassociateOpsItemRelatedItemOutput, error)
// Get detailed information about a particular Automation execution.
GetAutomationExecution(ctx context.Context, params *GetAutomationExecutionInput, optFns ...func(*Options)) (*GetAutomationExecutionOutput, error)
// Gets the state of a Amazon Web Services Systems Manager change calendar at the
// current time or a specified time. If you specify a time, GetCalendarState
// returns the state of the calendar at that specific time, and returns the next
// time that the change calendar state will transition. If you don't specify a
// time, GetCalendarState uses the current time. Change Calendar entries have two
// possible states: OPEN or CLOSED . If you specify more than one calendar in a
// request, the command returns the status of OPEN only if all calendars in the
// request are open. If one or more calendars in the request are closed, the status
// returned is CLOSED . For more information about Change Calendar, a capability of
// Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager
// Change Calendar (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html)
// in the Amazon Web Services Systems Manager User Guide.
GetCalendarState(ctx context.Context, params *GetCalendarStateInput, optFns ...func(*Options)) (*GetCalendarStateOutput, error)
// Returns detailed information about command execution for an invocation or
// plugin. GetCommandInvocation only gives the execution status of a plugin in a
// document. To get the command execution status on a specific managed node, use
// ListCommandInvocations . To get the command execution status across managed
// nodes, use ListCommands .
GetCommandInvocation(ctx context.Context, params *GetCommandInvocationInput, optFns ...func(*Options)) (*GetCommandInvocationOutput, error)
// Retrieves the Session Manager connection status for a managed node to determine
// whether it is running and ready to receive Session Manager connections.
GetConnectionStatus(ctx context.Context, params *GetConnectionStatusInput, optFns ...func(*Options)) (*GetConnectionStatusOutput, error)
// Retrieves the default patch baseline. Amazon Web Services Systems Manager
// supports creating multiple default patch baselines. For example, you can create
// a default patch baseline for each operating system. If you don't specify an
// operating system value, the default patch baseline for Windows is returned.
GetDefaultPatchBaseline(ctx context.Context, params *GetDefaultPatchBaselineInput, optFns ...func(*Options)) (*GetDefaultPatchBaselineOutput, error)
// Retrieves the current snapshot for the patch baseline the managed node uses.
// This API is primarily used by the AWS-RunPatchBaseline Systems Manager document
// (SSM document). If you run the command locally, such as with the Command Line
// Interface (CLI), the system attempts to use your local Amazon Web Services
// credentials and the operation fails. To avoid this, you can run the command in
// the Amazon Web Services Systems Manager console. Use Run Command, a capability
// of Amazon Web Services Systems Manager, with an SSM document that enables you to
// target a managed node with a script or command. For example, run the command
// using the AWS-RunShellScript document or the AWS-RunPowerShellScript document.
GetDeployablePatchSnapshotForInstance(ctx context.Context, params *GetDeployablePatchSnapshotForInstanceInput, optFns ...func(*Options)) (*GetDeployablePatchSnapshotForInstanceOutput, error)
// Gets the contents of the specified Amazon Web Services Systems Manager document
// (SSM document).
GetDocument(ctx context.Context, params *GetDocumentInput, optFns ...func(*Options)) (*GetDocumentOutput, error)
// Query inventory information. This includes managed node status, such as Stopped
// or Terminated .
GetInventory(ctx context.Context, params *GetInventoryInput, optFns ...func(*Options)) (*GetInventoryOutput, error)
// Return a list of inventory type names for the account, or return a list of
// attribute names for a specific Inventory item type.
GetInventorySchema(ctx context.Context, params *GetInventorySchemaInput, optFns ...func(*Options)) (*GetInventorySchemaOutput, error)
// Retrieves a maintenance window.
GetMaintenanceWindow(ctx context.Context, params *GetMaintenanceWindowInput, optFns ...func(*Options)) (*GetMaintenanceWindowOutput, error)
// Retrieves details about a specific a maintenance window execution.
GetMaintenanceWindowExecution(ctx context.Context, params *GetMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionOutput, error)
// Retrieves the details about a specific task run as part of a maintenance window
// execution.
GetMaintenanceWindowExecutionTask(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskOutput, error)
// Retrieves information about a specific task running on a specific target.
GetMaintenanceWindowExecutionTaskInvocation(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInvocationInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskInvocationOutput, error)
// Retrieves the details of a maintenance window task. For maintenance window
// tasks without a specified target, you can't supply values for --max-errors and
// --max-concurrency . Instead, the system inserts a placeholder value of 1 , which
// may be reported in the response to this command. These values don't affect the
// running of your task and can be ignored. To retrieve a list of tasks in a
// maintenance window, instead use the DescribeMaintenanceWindowTasks command.
GetMaintenanceWindowTask(ctx context.Context, params *GetMaintenanceWindowTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowTaskOutput, error)
// Get information about an OpsItem by using the ID. You must have permission in
// Identity and Access Management (IAM) to view information about an OpsItem. For
// more information, see Getting started with OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
// investigate, and remediate operational issues impacting the performance and
// health of their Amazon Web Services resources. For more information, see
// OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html)
// in the Amazon Web Services Systems Manager User Guide.
GetOpsItem(ctx context.Context, params *GetOpsItemInput, optFns ...func(*Options)) (*GetOpsItemOutput, error)
// View operational metadata related to an application in Application Manager.
GetOpsMetadata(ctx context.Context, params *GetOpsMetadataInput, optFns ...func(*Options)) (*GetOpsMetadataOutput, error)
// View a summary of operations metadata (OpsData) based on specified filters and
// aggregators. OpsData can include information about Amazon Web Services Systems
// Manager OpsCenter operational workitems (OpsItems) as well as information about
// any Amazon Web Services resource or service configured to report OpsData to
// Amazon Web Services Systems Manager Explorer.
GetOpsSummary(ctx context.Context, params *GetOpsSummaryInput, optFns ...func(*Options)) (*GetOpsSummaryOutput, error)
// Get information about a single parameter by specifying the parameter name. To
// get information about more than one parameter at a time, use the GetParameters
// operation.
GetParameter(ctx context.Context, params *GetParameterInput, optFns ...func(*Options)) (*GetParameterOutput, error)
// Retrieves the history of all changes to a parameter. If you change the KMS key
// alias for the KMS key used to encrypt a parameter, then you must also update the
// key alias the parameter uses to reference KMS. Otherwise, GetParameterHistory
// retrieves whatever the original key alias was referencing.
GetParameterHistory(ctx context.Context, params *GetParameterHistoryInput, optFns ...func(*Options)) (*GetParameterHistoryOutput, error)
// Get information about one or more parameters by specifying multiple parameter
// names. To get information about a single parameter, you can use the GetParameter
// operation instead.
GetParameters(ctx context.Context, params *GetParametersInput, optFns ...func(*Options)) (*GetParametersOutput, error)
// Retrieve information about one or more parameters in a specific hierarchy.
// Request results are returned on a best-effort basis. If you specify MaxResults
// in the request, the response includes information up to the limit specified. The
// number of items returned, however, can be between zero and the value of
// MaxResults . If the service reaches an internal limit while processing the
// results, it stops the operation and returns the matching values up to that point
// and a NextToken . You can specify the NextToken in a subsequent call to get the
// next set of results.
GetParametersByPath(ctx context.Context, params *GetParametersByPathInput, optFns ...func(*Options)) (*GetParametersByPathOutput, error)
// Retrieves information about a patch baseline.
GetPatchBaseline(ctx context.Context, params *GetPatchBaselineInput, optFns ...func(*Options)) (*GetPatchBaselineOutput, error)
// Retrieves the patch baseline that should be used for the specified patch group.
GetPatchBaselineForPatchGroup(ctx context.Context, params *GetPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*GetPatchBaselineForPatchGroupOutput, error)
// Returns an array of the Policy object.
GetResourcePolicies(ctx context.Context, params *GetResourcePoliciesInput, optFns ...func(*Options)) (*GetResourcePoliciesOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of false . This means the user can't use
// this feature unless they change the setting to true and intentionally opt in
// for a paid feature. Services map a SettingId object to a setting value. Amazon
// Web Services services teams define the default value for a SettingId . You can't
// create a new SettingId , but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the
// UpdateServiceSetting API operation to change the default setting. Or use the
// ResetServiceSetting to change the value back to the original value defined by
// the Amazon Web Services service team. Query the current service setting for the
// Amazon Web Services account.
GetServiceSetting(ctx context.Context, params *GetServiceSettingInput, optFns ...func(*Options)) (*GetServiceSettingOutput, error)
// A parameter label is a user-defined alias to help you manage different versions
// of a parameter. When you modify a parameter, Amazon Web Services Systems Manager
// automatically saves a new version and increments the version number by one. A
// label can help you remember the purpose of a parameter when there are multiple
// versions. Parameter labels have the following requirements and restrictions.
// - A version of a parameter can have a maximum of 10 labels.
// - You can't attach the same label to different versions of the same
// parameter. For example, if version 1 has the label Production, then you can't
// attach Production to version 2.
// - You can move a label from one version of a parameter to another.
// - You can't create a label when you create a new parameter. You must attach a
// label to a specific version of a parameter.
// - If you no longer want to use a parameter label, then you can either delete
// it or move it to a different version of a parameter.
// - A label can have a maximum of 100 characters.
// - Labels can contain letters (case sensitive), numbers, periods (.), hyphens
// (-), or underscores (_).
// - Labels can't begin with a number, " aws " or " ssm " (not case sensitive).
// If a label fails to meet these requirements, then the label isn't associated
// with a parameter and the system displays it in the list of InvalidLabels.
LabelParameterVersion(ctx context.Context, params *LabelParameterVersionInput, optFns ...func(*Options)) (*LabelParameterVersionOutput, error)
// Retrieves all versions of an association for a specific association ID.
ListAssociationVersions(ctx context.Context, params *ListAssociationVersionsInput, optFns ...func(*Options)) (*ListAssociationVersionsOutput, error)
// Returns all State Manager associations in the current Amazon Web Services
// account and Amazon Web Services Region. You can limit the results to a specific
// State Manager association document or managed node by specifying a filter. State
// Manager is a capability of Amazon Web Services Systems Manager.
ListAssociations(ctx context.Context, params *ListAssociationsInput, optFns ...func(*Options)) (*ListAssociationsOutput, error)
// An invocation is copy of a command sent to a specific managed node. A command
// can apply to one or more managed nodes. A command invocation applies to one
// managed node. For example, if a user runs SendCommand against three managed
// nodes, then a command invocation is created for each requested managed node ID.
// ListCommandInvocations provide status about command execution.
ListCommandInvocations(ctx context.Context, params *ListCommandInvocationsInput, optFns ...func(*Options)) (*ListCommandInvocationsOutput, error)
// Lists the commands requested by users of the Amazon Web Services account.
ListCommands(ctx context.Context, params *ListCommandsInput, optFns ...func(*Options)) (*ListCommandsOutput, error)
// For a specified resource ID, this API operation returns a list of compliance
// statuses for different resource types. Currently, you can only specify one
// resource ID per call. List results depend on the criteria specified in the
// filter.
ListComplianceItems(ctx context.Context, params *ListComplianceItemsInput, optFns ...func(*Options)) (*ListComplianceItemsOutput, error)
// Returns a summary count of compliant and non-compliant resources for a
// compliance type. For example, this call can return State Manager associations,
// patches, or custom compliance types according to the filter criteria that you
// specify.
ListComplianceSummaries(ctx context.Context, params *ListComplianceSummariesInput, optFns ...func(*Options)) (*ListComplianceSummariesOutput, error)
// Information about approval reviews for a version of a change template in Change
// Manager.
ListDocumentMetadataHistory(ctx context.Context, params *ListDocumentMetadataHistoryInput, optFns ...func(*Options)) (*ListDocumentMetadataHistoryOutput, error)
// List all versions for a document.
ListDocumentVersions(ctx context.Context, params *ListDocumentVersionsInput, optFns ...func(*Options)) (*ListDocumentVersionsOutput, error)
// Returns all Systems Manager (SSM) documents in the current Amazon Web Services
// account and Amazon Web Services Region. You can limit the results of this
// request by using a filter.
ListDocuments(ctx context.Context, params *ListDocumentsInput, optFns ...func(*Options)) (*ListDocumentsOutput, error)
// A list of inventory items returned by the request.
ListInventoryEntries(ctx context.Context, params *ListInventoryEntriesInput, optFns ...func(*Options)) (*ListInventoryEntriesOutput, error)
// Returns a list of all OpsItem events in the current Amazon Web Services Region
// and Amazon Web Services account. You can limit the results to events associated
// with specific OpsItems by specifying a filter.
ListOpsItemEvents(ctx context.Context, params *ListOpsItemEventsInput, optFns ...func(*Options)) (*ListOpsItemEventsOutput, error)
// Lists all related-item resources associated with a Systems Manager OpsCenter
// OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager.
ListOpsItemRelatedItems(ctx context.Context, params *ListOpsItemRelatedItemsInput, optFns ...func(*Options)) (*ListOpsItemRelatedItemsOutput, error)
// Amazon Web Services Systems Manager calls this API operation when displaying
// all Application Manager OpsMetadata objects or blobs.
ListOpsMetadata(ctx context.Context, params *ListOpsMetadataInput, optFns ...func(*Options)) (*ListOpsMetadataOutput, error)
// Returns a resource-level summary count. The summary includes information about
// compliant and non-compliant statuses and detailed compliance-item severity
// counts, according to the filter criteria you specify.
ListResourceComplianceSummaries(ctx context.Context, params *ListResourceComplianceSummariesInput, optFns ...func(*Options)) (*ListResourceComplianceSummariesOutput, error)
// Lists your resource data sync configurations. Includes information about the
// last time a sync attempted to start, the last sync status, and the last time a
// sync successfully completed. The number of sync configurations might be too
// large to return using a single call to ListResourceDataSync . You can limit the
// number of sync configurations returned by using the MaxResults parameter. To
// determine whether there are more sync configurations to list, check the value of
// NextToken in the output. If there are more sync configurations to list, you can
// request them by specifying the NextToken returned in the call to the parameter
// of a subsequent call.
ListResourceDataSync(ctx context.Context, params *ListResourceDataSyncInput, optFns ...func(*Options)) (*ListResourceDataSyncOutput, error)
// Returns a list of the tags assigned to the specified resource. For information
// about the ID format for each supported resource type, see AddTagsToResource .
ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
// Shares a Amazon Web Services Systems Manager document (SSM document)publicly or
// privately. If you share a document privately, you must specify the Amazon Web
// Services user IDs for those people who can use the document. If you share a
// document publicly, you must specify All as the account ID.
ModifyDocumentPermission(ctx context.Context, params *ModifyDocumentPermissionInput, optFns ...func(*Options)) (*ModifyDocumentPermissionOutput, error)
// Registers a compliance type and other compliance details on a designated
// resource. This operation lets you register custom compliance details with a
// resource. This call overwrites existing compliance information on the resource,
// so you must provide a full list of compliance items each time that you send the
// request. ComplianceType can be one of the following:
// - ExecutionId: The execution ID when the patch, association, or custom
// compliance item was applied.
// - ExecutionType: Specify patch, association, or Custom: string .
// - ExecutionTime. The time the patch, association, or custom compliance item
// was applied to the managed node.
// - Id: The patch, association, or custom compliance ID.
// - Title: A title.
// - Status: The status of the compliance item. For example, approved for
// patches, or Failed for associations.
// - Severity: A patch severity. For example, Critical .
// - DocumentName: An SSM document name. For example, AWS-RunPatchBaseline .
// - DocumentVersion: An SSM document version number. For example, 4.
// - Classification: A patch classification. For example, security updates .
// - PatchBaselineId: A patch baseline ID.
// - PatchSeverity: A patch severity. For example, Critical .
// - PatchState: A patch state. For example, InstancesWithFailedPatches .
// - PatchGroup: The name of a patch group.
// - InstalledTime: The time the association, patch, or custom compliance item
// was applied to the resource. Specify the time by using the following format:
// yyyy-MM-dd'T'HH:mm:ss'Z'
PutComplianceItems(ctx context.Context, params *PutComplianceItemsInput, optFns ...func(*Options)) (*PutComplianceItemsOutput, error)
// Bulk update custom inventory items on one or more managed nodes. The request
// adds an inventory item, if it doesn't already exist, or updates an inventory
// item, if it does exist.
PutInventory(ctx context.Context, params *PutInventoryInput, optFns ...func(*Options)) (*PutInventoryOutput, error)
// Add a parameter to the system.
PutParameter(ctx context.Context, params *PutParameterInput, optFns ...func(*Options)) (*PutParameterOutput, error)
// Creates or updates a Systems Manager resource policy. A resource policy helps
// you to define the IAM entity (for example, an Amazon Web Services account) that
// can manage your Systems Manager resources. Currently, OpsItemGroup is the only
// resource that supports Systems Manager resource policies. The resource policy
// for OpsItemGroup enables Amazon Web Services accounts to view and interact with
// OpsCenter operational work items (OpsItems).
PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
// Defines the default patch baseline for the relevant operating system. To reset
// the Amazon Web Services-predefined patch baseline as the default, specify the
// full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For
// example, for CentOS, specify
// arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of
// pb-0574b43a65ea646ed .
RegisterDefaultPatchBaseline(ctx context.Context, params *RegisterDefaultPatchBaselineInput, optFns ...func(*Options)) (*RegisterDefaultPatchBaselineOutput, error)
// Registers a patch baseline for a patch group.
RegisterPatchBaselineForPatchGroup(ctx context.Context, params *RegisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*RegisterPatchBaselineForPatchGroupOutput, error)
// Registers a target with a maintenance window.
RegisterTargetWithMaintenanceWindow(ctx context.Context, params *RegisterTargetWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTargetWithMaintenanceWindowOutput, error)
// Adds a new task to a maintenance window.
RegisterTaskWithMaintenanceWindow(ctx context.Context, params *RegisterTaskWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTaskWithMaintenanceWindowOutput, error)
// Removes tag keys from the specified resource.
RemoveTagsFromResource(ctx context.Context, params *RemoveTagsFromResourceInput, optFns ...func(*Options)) (*RemoveTagsFromResourceOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of "false". This means the user can't use
// this feature unless they change the setting to "true" and intentionally opt in
// for a paid feature. Services map a SettingId object to a setting value. Amazon
// Web Services services teams define the default value for a SettingId . You can't
// create a new SettingId , but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting
// API operation to view the current value. Use the UpdateServiceSetting API
// operation to change the default setting. Reset the service setting for the
// account to the default value as provisioned by the Amazon Web Services service
// team.
ResetServiceSetting(ctx context.Context, params *ResetServiceSettingInput, optFns ...func(*Options)) (*ResetServiceSettingOutput, error)
// Reconnects a session to a managed node after it has been disconnected.
// Connections can be resumed for disconnected sessions, but not terminated
// sessions. This command is primarily for use by client machines to automatically
// reconnect during intermittent network issues. It isn't intended for any other
// use.
ResumeSession(ctx context.Context, params *ResumeSessionInput, optFns ...func(*Options)) (*ResumeSessionOutput, error)
// Sends a signal to an Automation execution to change the current behavior or
// status of the execution.
SendAutomationSignal(ctx context.Context, params *SendAutomationSignalInput, optFns ...func(*Options)) (*SendAutomationSignalOutput, error)
// Runs commands on one or more managed nodes.
SendCommand(ctx context.Context, params *SendCommandInput, optFns ...func(*Options)) (*SendCommandOutput, error)
// Runs an association immediately and only one time. This operation can be
// helpful when troubleshooting associations.
StartAssociationsOnce(ctx context.Context, params *StartAssociationsOnceInput, optFns ...func(*Options)) (*StartAssociationsOnceOutput, error)
// Initiates execution of an Automation runbook.
StartAutomationExecution(ctx context.Context, params *StartAutomationExecutionInput, optFns ...func(*Options)) (*StartAutomationExecutionOutput, error)
// Creates a change request for Change Manager. The Automation runbooks specified
// in the change request run only after all required approvals for the change
// request have been received.
StartChangeRequestExecution(ctx context.Context, params *StartChangeRequestExecutionInput, optFns ...func(*Options)) (*StartChangeRequestExecutionOutput, error)
// Initiates a connection to a target (for example, a managed node) for a Session
// Manager session. Returns a URL and token that can be used to open a WebSocket
// connection for sending input and receiving outputs. Amazon Web Services CLI
// usage: start-session is an interactive command that requires the Session
// Manager plugin to be installed on the client machine making the call. For
// information, see Install the Session Manager plugin for the Amazon Web Services
// CLI (https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html)
// in the Amazon Web Services Systems Manager User Guide. Amazon Web Services Tools
// for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web
// Services Tools for PowerShell on Windows local machines.
StartSession(ctx context.Context, params *StartSessionInput, optFns ...func(*Options)) (*StartSessionOutput, error)
// Stop an Automation that is currently running.
StopAutomationExecution(ctx context.Context, params *StopAutomationExecutionInput, optFns ...func(*Options)) (*StopAutomationExecutionOutput, error)
// Permanently ends a session and closes the data connection between the Session
// Manager client and SSM Agent on the managed node. A terminated session can't be
// resumed.
TerminateSession(ctx context.Context, params *TerminateSessionInput, optFns ...func(*Options)) (*TerminateSessionOutput, error)
// Remove a label or labels from a parameter.
UnlabelParameterVersion(ctx context.Context, params *UnlabelParameterVersionInput, optFns ...func(*Options)) (*UnlabelParameterVersionOutput, error)
// Updates an association. You can update the association name and version, the
// document version, schedule, parameters, and Amazon Simple Storage Service
// (Amazon S3) output. When you call UpdateAssociation , the system removes all
// optional parameters from the request and overwrites the association with null
// values for those parameters. This is by design. You must specify all optional
// parameters in the call, even if you are not changing the parameters. This
// includes the Name parameter. Before calling this API action, we recommend that
// you call the DescribeAssociation API operation and make a note of all optional
// parameters required for your UpdateAssociation call. In order to call this API
// operation, a user, group, or role must be granted permission to call the
// DescribeAssociation API operation. If you don't have permission to call
// DescribeAssociation , then you receive the following error: An error occurred
// (AccessDeniedException) when calling the UpdateAssociation operation: User:
// isn't authorized to perform: ssm:DescribeAssociation on resource: When you
// update an association, the association immediately runs against the specified
// targets. You can add the ApplyOnlyAtCronInterval parameter to run the
// association during the next schedule run.
UpdateAssociation(ctx context.Context, params *UpdateAssociationInput, optFns ...func(*Options)) (*UpdateAssociationOutput, error)
// Updates the status of the Amazon Web Services Systems Manager document (SSM
// document) associated with the specified managed node. UpdateAssociationStatus
// is primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent)
// to report status updates about your associations and is only used for
// associations created with the InstanceId legacy parameter.
UpdateAssociationStatus(ctx context.Context, params *UpdateAssociationStatusInput, optFns ...func(*Options)) (*UpdateAssociationStatusOutput, error)
// Updates one or more values for an SSM document.
UpdateDocument(ctx context.Context, params *UpdateDocumentInput, optFns ...func(*Options)) (*UpdateDocumentOutput, error)
// Set the default version of a document. If you change a document version for a
// State Manager association, Systems Manager immediately runs the association
// unless you previously specifed the apply-only-at-cron-interval parameter.
UpdateDocumentDefaultVersion(ctx context.Context, params *UpdateDocumentDefaultVersionInput, optFns ...func(*Options)) (*UpdateDocumentDefaultVersionOutput, error)
// Updates information related to approval reviews for a specific version of a
// change template in Change Manager.
UpdateDocumentMetadata(ctx context.Context, params *UpdateDocumentMetadataInput, optFns ...func(*Options)) (*UpdateDocumentMetadataOutput, error)
// Updates an existing maintenance window. Only specified parameters are modified.
// The value you specify for Duration determines the specific end time for the
// maintenance window based on the time it begins. No maintenance window tasks are
// permitted to start after the resulting endtime minus the number of hours you
// specify for Cutoff . For example, if the maintenance window starts at 3 PM, the
// duration is three hours, and the value you specify for Cutoff is one hour, no
// maintenance window tasks can start after 5 PM.
UpdateMaintenanceWindow(ctx context.Context, params *UpdateMaintenanceWindowInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowOutput, error)
// Modifies the target of an existing maintenance window. You can change the
// following:
// - Name
// - Description
// - Owner
// - IDs for an ID target
// - Tags for a Tag target
// - From any supported tag type to another. The three supported tag types are
// ID target, Tag target, and resource group. For more information, see Target .
//
// If a parameter is null, then the corresponding field isn't modified.
UpdateMaintenanceWindowTarget(ctx context.Context, params *UpdateMaintenanceWindowTargetInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTargetOutput, error)
// Modifies a task assigned to a maintenance window. You can't change the task
// type, but you can change the following values:
// - TaskARN . For example, you can change a RUN_COMMAND task from
// AWS-RunPowerShellScript to AWS-RunShellScript .
// - ServiceRoleArn
// - TaskInvocationParameters
// - Priority
// - MaxConcurrency
// - MaxErrors
//
// One or more targets must be specified for maintenance window Run Command-type
// tasks. Depending on the task, targets are optional for other maintenance window
// task types (Automation, Lambda, and Step Functions). For more information about
// running tasks that don't specify targets, see Registering maintenance window
// tasks without targets (https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html)
// in the Amazon Web Services Systems Manager User Guide. If the value for a
// parameter in UpdateMaintenanceWindowTask is null, then the corresponding field
// isn't modified. If you set Replace to true, then all fields required by the
// RegisterTaskWithMaintenanceWindow operation are required for this request.
// Optional fields that aren't specified are set to null. When you update a
// maintenance window task that has options specified in TaskInvocationParameters ,
// you must provide again all the TaskInvocationParameters values that you want to
// retain. The values you don't specify again are removed. For example, suppose
// that when you registered a Run Command task, you specified
// TaskInvocationParameters values for Comment , NotificationConfig , and
// OutputS3BucketName . If you update the maintenance window task and specify only
// a different OutputS3BucketName value, the values for Comment and
// NotificationConfig are removed.
UpdateMaintenanceWindowTask(ctx context.Context, params *UpdateMaintenanceWindowTaskInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTaskOutput, error)
// Changes the Identity and Access Management (IAM) role that is assigned to the
// on-premises server, edge device, or virtual machines (VM). IAM roles are first
// assigned to these hybrid nodes during the activation process. For more
// information, see CreateActivation .
UpdateManagedInstanceRole(ctx context.Context, params *UpdateManagedInstanceRoleInput, optFns ...func(*Options)) (*UpdateManagedInstanceRoleOutput, error)
// Edit or change an OpsItem. You must have permission in Identity and Access
// Management (IAM) to update an OpsItem. For more information, see Getting
// started with OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
// investigate, and remediate operational issues impacting the performance and
// health of their Amazon Web Services resources. For more information, see
// OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html)
// in the Amazon Web Services Systems Manager User Guide.
UpdateOpsItem(ctx context.Context, params *UpdateOpsItemInput, optFns ...func(*Options)) (*UpdateOpsItemOutput, error)
// Amazon Web Services Systems Manager calls this API operation when you edit
// OpsMetadata in Application Manager.
UpdateOpsMetadata(ctx context.Context, params *UpdateOpsMetadataInput, optFns ...func(*Options)) (*UpdateOpsMetadataOutput, error)
// Modifies an existing patch baseline. Fields not specified in the request are
// left unchanged. For information about valid key-value pairs in PatchFilters for
// each supported operating system type, see PatchFilter .
UpdatePatchBaseline(ctx context.Context, params *UpdatePatchBaselineInput, optFns ...func(*Options)) (*UpdatePatchBaselineOutput, error)
// Update a resource data sync. After you create a resource data sync for a
// Region, you can't change the account options for that sync. For example, if you
// create a sync in the us-east-2 (Ohio) Region and you choose the Include only
// the current account option, you can't edit that sync later and choose the
// Include all accounts from my Organizations configuration option. Instead, you
// must delete the first resource data sync, and create a new one. This API
// operation only supports a resource data sync that was created with a
// SyncFromSource SyncType .
UpdateResourceDataSync(ctx context.Context, params *UpdateResourceDataSyncInput, optFns ...func(*Options)) (*UpdateResourceDataSyncOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of "false". This means the user can't use
// this feature unless they change the setting to "true" and intentionally opt in
// for a paid feature. Services map a SettingId object to a setting value. Amazon
// Web Services services teams define the default value for a SettingId . You can't
// create a new SettingId , but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting
// API operation to view the current value. Or, use the ResetServiceSetting to
// change the value back to the original value defined by the Amazon Web Services
// service team. Update the service setting for the account.
UpdateServiceSetting(ctx context.Context, params *UpdateServiceSettingInput, optFns ...func(*Options)) (*UpdateServiceSettingOutput, error)
}
SSM provides an interface to the AWS SSM service.
type STS ¶
type STS interface {
// Returns a set of temporary security credentials that you can use to access
// Amazon Web Services resources. These temporary credentials consist of an access
// key ID, a secret access key, and a security token. Typically, you use AssumeRole
// within your account or for cross-account access. For a comparison of AssumeRole
// with other API operations that produce temporary credentials, see Requesting
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. Permissions The temporary security credentials created by
// AssumeRole can be used to make API calls to any Amazon Web Services service
// with the following exception: You cannot call the Amazon Web Services STS
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. When you create a role, you create two policies: A role
// trust policy that specifies who can assume the role and a permissions policy
// that specifies what can be done with the role. You specify the trusted principal
// who is allowed to assume the role in the role trust policy. To assume a role
// from a different account, your Amazon Web Services account must be trusted by
// the role. The trust relationship is defined in the role's trust policy when the
// role is created. That trust policy states which accounts are allowed to delegate
// that access to users in the account. A user who wants to access a role in a
// different account must also have permissions that are delegated from the user
// account administrator. The administrator must attach a policy that allows the
// user to call AssumeRole for the ARN of the role in the other account. To allow
// a user to assume a role in the same account, you can do either of the following:
//
// - Attach a policy to the user that allows the user to call AssumeRole (as long
// as the role's trust policy trusts the account).
// - Add the user as a principal directly in the role's trust policy.
//
// You can do either because the role’s trust policy acts as an IAM resource-based
// policy. When a resource-based policy grants access to a principal in the same
// account, no additional identity-based policy is required. For more information
// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
// in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
// session. These tags are called session tags. For more information about session
// tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide. An administrator must grant you the permissions necessary
// to pass session tags. The administrator can also create granular permissions to
// allow you to pass only specific session tags. For more information, see
// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include
// multi-factor authentication (MFA) information when you call AssumeRole . This is
// useful for cross-account scenarios to ensure that the user that assumes the role
// has been authenticated with an Amazon Web Services MFA device. In that scenario,
// the trust policy of the role being assumed includes a condition that tests for
// MFA authentication. If the caller does not include valid MFA information, the
// request to assume the role is denied. The condition in a trust policy that tests
// for MFA authentication might look like the following example. "Condition":
// {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see
// Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
// in the IAM User Guide guide. To use MFA with AssumeRole , you pass values for
// the SerialNumber and TokenCode parameters. The SerialNumber value identifies
// the user's hardware or virtual MFA device. The TokenCode is the time-based
// one-time password (TOTP) that the MFA device produces.
AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error)
// Returns a set of temporary security credentials for users who have been
// authenticated via a SAML authentication response. This operation provides a
// mechanism for tying an enterprise identity store or directory to role-based
// Amazon Web Services access without user-specific credentials or configuration.
// For a comparison of AssumeRoleWithSAML with the other API operations that
// produce temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. The temporary security credentials returned by this
// operation consist of an access key ID, a secret access key, and a security
// token. Applications can use these temporary security credentials to sign calls
// to Amazon Web Services services. Session Duration By default, the temporary
// security credentials created by AssumeRoleWithSAML last for one hour. However,
// you can use the optional DurationSeconds parameter to specify the duration of
// your session. Your role session lasts for the duration that you specify, or
// until the time specified in the SAML authentication response's
// SessionNotOnOrAfter value, whichever is shorter. You can provide a
// DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
// duration setting for the role. This setting can have a value from 1 hour to 12
// hours. To learn how to view the maximum value for your role, see View the
// Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. The maximum session duration limit applies when you use
// the AssumeRole* API operations or the assume-role* CLI commands. However the
// limit does not apply when you use those operations to create a console URL. For
// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide. Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
// limits your CLI or Amazon Web Services API role session to a maximum of one
// hour. When you use the AssumeRole API operation to assume a role, you can
// specify the duration of your role session with the DurationSeconds parameter.
// You can specify a parameter value of up to 43200 seconds (12 hours), depending
// on the maximum session duration setting for your role. However, if you assume a
// role using role chaining and provide a DurationSeconds parameter value greater
// than one hour, the operation fails. Permissions The temporary security
// credentials created by AssumeRoleWithSAML can be used to make API calls to any
// Amazon Web Services service with the following exception: you cannot call the
// STS GetFederationToken or GetSessionToken API operations. (Optional) You can
// pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
// Amazon Web Services security credentials. The identity of the caller is
// validated by using keys in the metadata document that is uploaded for the SAML
// provider entity for your identity provider. Calling AssumeRoleWithSAML can
// result in an entry in your CloudTrail logs. The entry includes the value in the
// NameID element of the SAML assertion. We recommend that you use a NameIDType
// that is not associated with any personally identifiable information (PII). For
// example, you could instead use the persistent identifier (
// urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ). Tags (Optional) You can
// configure your IdP to pass attributes into your SAML assertion as session tags.
// Each session tag consists of a key name and an associated value. For more
// information about session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// inline session policy, managed policy ARNs, and session tags into a packed
// binary format that has a separate limit. Your request can fail for this limit
// even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit. You can pass a session tag with the
// same key as a tag that is attached to the role. When you do, session tags
// override the role's tags with the same key. An administrator must grant you the
// permissions necessary to pass session tags. The administrator can also create
// granular permissions to allow you to pass only specific session tags. For more
// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. SAML Configuration Before your application can call
// AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to
// issue the claims required by Amazon Web Services. Additionally, you must use
// Identity and Access Management (IAM) to create a SAML provider entity in your
// Amazon Web Services account that represents your identity provider. You must
// also create an IAM role that specifies this SAML provider in its trust policy.
// For more information, see the following resources:
// - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
// in the IAM User Guide.
// - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
// in the IAM User Guide.
// - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
// in the IAM User Guide.
// - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
// in the IAM User Guide.
AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error)
// Returns a set of temporary security credentials for users who have been
// authenticated in a mobile or web application with a web identity provider.
// Example providers include the OAuth 2.0 providers Login with Amazon and
// Facebook, or any OpenID Connect-compatible identity provider such as Google or
// Amazon Cognito federated identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
// . For mobile applications, we recommend that you use Amazon Cognito. You can use
// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
// and the Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
// to uniquely identify a user. You can also supply the user with a consistent
// identity throughout the lifetime of an application. To learn more about Amazon
// Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito
// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
// in the Amazon Web Services SDK for iOS Developer Guide. Calling
// AssumeRoleWithWebIdentity does not require the use of Amazon Web Services
// security credentials. Therefore, you can distribute an application (for example,
// on mobile devices) that requests temporary security credentials without
// including long-term Amazon Web Services credentials in the application. You also
// don't need to deploy server-based proxy services that use long-term Amazon Web
// Services credentials. Instead, the identity of the caller is validated by using
// a token from the web identity provider. For a comparison of
// AssumeRoleWithWebIdentity with the other API operations that produce temporary
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. The temporary security credentials returned by this API
// consist of an access key ID, a secret access key, and a security token.
// Applications can use these temporary security credentials to sign calls to
// Amazon Web Services service API operations. Session Duration By default, the
// temporary security credentials created by AssumeRoleWithWebIdentity last for
// one hour. However, you can use the optional DurationSeconds parameter to
// specify the duration of your session. You can provide a value from 900 seconds
// (15 minutes) up to the maximum session duration setting for the role. This
// setting can have a value from 1 hour to 12 hours. To learn how to view the
// maximum value for your role, see View the Maximum Session Duration Setting for
// a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. The maximum session duration limit applies when you use
// the AssumeRole* API operations or the assume-role* CLI commands. However the
// limit does not apply when you use those operations to create a console URL. For
// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide. Permissions The temporary security credentials created by
// AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web
// Services service with the following exception: you cannot call the STS
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
// attributes into your web identity token as session tags. Each session tag
// consists of a key name and an associated value. For more information about
// session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// inline session policy, managed policy ARNs, and session tags into a packed
// binary format that has a separate limit. Your request can fail for this limit
// even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit. You can pass a session tag with the
// same key as a tag that is attached to the role. When you do, the session tag
// overrides the role tag with the same key. An administrator must grant you the
// permissions necessary to pass session tags. The administrator can also create
// granular permissions to allow you to pass only specific session tags. For more
// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. Identities Before your application can call
// AssumeRoleWithWebIdentity , you must have an identity token from a supported
// identity provider and create a role that the application can assume. The role
// that your application assumes must trust the identity provider that is
// associated with the identity token. In other words, the identity provider must
// be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can
// result in an entry in your CloudTrail logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
// of the provided web identity token. We recommend that you avoid using any
// personally identifiable information (PII) in this field. For example, you could
// instead use a GUID or a pairwise identifier, as suggested in the OIDC
// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes)
// . For more information about how to use web identity federation and the
// AssumeRoleWithWebIdentity API, see the following resources:
// - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
// .
// - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/)
// . Walk through the process of authenticating through Login with Amazon,
// Facebook, or Google, getting temporary security credentials, and then using
// those credentials to make a request to Amazon Web Services.
// - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
// and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
// . These toolkits contain sample apps that show how to invoke the identity
// providers. The toolkits then show how to use the information from these
// providers to get and use temporary security credentials.
// - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications)
// . This article discusses web identity federation and shows an example of how to
// use web identity federation to get access to content in Amazon S3.
AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error)
// Decodes additional information about the authorization status of a request from
// an encoded message returned in response to an Amazon Web Services request. For
// example, if a user is not authorized to perform an operation that he or she has
// requested, the request returns a Client.UnauthorizedOperation response (an HTTP
// 403 response). Some Amazon Web Services operations additionally return an
// encoded message that can provide details about this authorization failure. Only
// certain Amazon Web Services operations return an encoded authorization message.
// The documentation for an individual operation indicates whether that operation
// returns an encoded message in addition to returning an HTTP code. The message is
// encoded because the details of the authorization status can contain privileged
// information that the user who requested the operation should not see. To decode
// an authorization status message, a user must be granted permissions through an
// IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
// to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage )
// action. The decoded message includes the following type of information:
// - Whether the request was denied due to an explicit deny or due to the
// absence of an explicit allow. For more information, see Determining Whether a
// Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
// in the IAM User Guide.
// - The principal who made the request.
// - The requested action.
// - The requested resource.
// - The values of condition keys in the context of the user's request.
DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error)
// Returns the account identifier for the specified access key ID. Access keys
// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE ) and
// a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ).
// For more information about access keys, see Managing Access Keys for IAM Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
// in the IAM User Guide. When you pass an access key ID to this operation, it
// returns the ID of the Amazon Web Services account to which the keys belong.
// Access key IDs beginning with AKIA are long-term credentials for an IAM user or
// the Amazon Web Services account root user. Access key IDs beginning with ASIA
// are temporary credentials that are created using STS operations. If the account
// in the response belongs to you, you can sign in as the root user and review your
// root user access keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
// to learn which IAM user owns the keys. To learn who requested the temporary
// credentials for an ASIA access key, view the STS events in your CloudTrail logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
// in the IAM User Guide. This operation does not indicate the state of the access
// key. The key might be active, inactive, or deleted. Active keys might not have
// permissions to perform an operation. Providing a deleted access key might return
// an error that the key doesn't exist.
GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoInput, optFns ...func(*Options)) (*GetAccessKeyInfoOutput, error)
// Returns details about the IAM user or role whose credentials are used to call
// the operation. No permissions are required to perform this operation. If an
// administrator adds a policy to your IAM user or role that explicitly denies
// access to the sts:GetCallerIdentity action, you can still perform this
// operation. Permissions are not required because the same information is returned
// when an IAM user or role is denied access. To view an example response, see I
// Am Not Authorized to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
// in the IAM User Guide.
GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error)
// Returns a set of temporary security credentials (consisting of an access key
// ID, a secret access key, and a security token) for a federated user. A typical
// use is in a proxy application that gets temporary security credentials on behalf
// of distributed applications inside a corporate network. You must call the
// GetFederationToken operation using the long-term security credentials of an IAM
// user. As a result, this call is appropriate in contexts where those credentials
// can be safely stored, usually in a server-based application. For a comparison of
// GetFederationToken with the other API operations that produce temporary
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. You can create a mobile-based or browser-based app that
// can authenticate users using a web identity provider like Login with Amazon,
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
// in the IAM User Guide. You can also call GetFederationToken using the security
// credentials of an Amazon Web Services account root user, but we do not recommend
// it. Instead, we recommend that you create an IAM user for the purpose of the
// proxy application. Then attach a policy to the IAM user that limits federated
// users to only the actions and resources that they need to access. For more
// information, see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
// in the IAM User Guide. Session duration The temporary credentials are valid for
// the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
// seconds (36 hours). The default session duration is 43,200 seconds (12 hours).
// Temporary credentials obtained by using the Amazon Web Services account root
// user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions
// You can use the temporary credentials created by GetFederationToken in any
// Amazon Web Services service with the following exceptions:
// - You cannot call any IAM operations using the CLI or the Amazon Web Services
// API. This limitation does not apply to console sessions.
// - You cannot call any STS operations except GetCallerIdentity .
//
// You can use temporary credentials for single sign-on (SSO) to the console. You
// must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Though the session policy parameters are optional, if you do not pass a policy,
// then the resulting federated user session has no permissions. When you pass
// session policies, the session permissions are the intersection of the IAM user
// policies and the session policies that you pass. This gives you a way to further
// restrict the permissions for a federated user. You cannot use session policies
// to grant more permissions than those that are defined in the permissions policy
// of the IAM user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. For information about using GetFederationToken to create
// temporary security credentials, see GetFederationToken—Federation Through a
// Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken)
// . You can use the credentials to access a resource that has a resource-based
// policy. If that policy specifically references the federated user session in the
// Principal element of the policy, the session has the permissions allowed by the
// policy. These permissions are granted in addition to the permissions granted by
// the session policies. Tags (Optional) You can pass tag key-value pairs to your
// session. These are called session tags. For more information about session tags,
// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide. You can create a mobile-based or browser-based app that
// can authenticate users using a web identity provider like Login with Amazon,
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
// in the IAM User Guide. An administrator must grant you the permissions necessary
// to pass session tags. The administrator can also create granular permissions to
// allow you to pass only specific session tags. For more information, see
// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is
// preserved. This means that you cannot have separate Department and department
// tag keys. Assume that the user that you are federating has the Department =
// Marketing tag and you pass the department = engineering session tag. Department
// and department are not saved as separate tags, and the session tag passed in
// the request takes precedence over the user tag.
GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error)
// Returns a set of temporary credentials for an Amazon Web Services account or
// IAM user. The credentials consist of an access key ID, a secret access key, and
// a security token. Typically, you use GetSessionToken if you want to use MFA to
// protect programmatic calls to specific Amazon Web Services API operations like
// Amazon EC2 StopInstances . MFA-enabled IAM users would need to call
// GetSessionToken and submit an MFA code that is associated with their MFA device.
// Using the temporary security credentials that are returned from the call, IAM
// users can then make programmatic calls to API operations that require MFA
// authentication. If you do not supply a correct MFA code, then the API returns an
// access denied error. For a comparison of GetSessionToken with the other API
// operations that produce temporary credentials, see Requesting Temporary
// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. No permissions are required for users to perform this
// operation. The purpose of the sts:GetSessionToken operation is to authenticate
// the user using MFA. You cannot use policies to control authentication
// operations. For more information, see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
// in the IAM User Guide. Session Duration The GetSessionToken operation must be
// called by using the long-term Amazon Web Services security credentials of the
// Amazon Web Services account root user or an IAM user. Credentials that are
// created by IAM users are valid for the duration that you specify. This duration
// can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
// hours), with a default of 43,200 seconds (12 hours). Credentials based on
// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
// (1 hour), with a default of 1 hour. Permissions The temporary security
// credentials created by GetSessionToken can be used to make API calls to any
// Amazon Web Services service with the following exceptions:
// - You cannot call any IAM API operations unless MFA authentication
// information is included in the request.
// - You cannot call any STS API except AssumeRole or GetCallerIdentity .
//
// We recommend that you do not call GetSessionToken with Amazon Web Services
// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
// by creating one or more IAM users, giving them the necessary permissions, and
// using IAM users for everyday interaction with Amazon Web Services. The
// credentials that are returned by GetSessionToken are based on permissions
// associated with the user whose credentials were used to call the operation. If
// GetSessionToken is called using Amazon Web Services account root user
// credentials, the temporary credentials have root user permissions. Similarly, if
// GetSessionToken is called using the credentials of an IAM user, the temporary
// credentials have the same permissions as the IAM user. For more information
// about using GetSessionToken to create temporary credentials, go to Temporary
// Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
// in the IAM User Guide.
GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error)
}
STS provides an interface to the AWS STS service.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.