awsapi

package
v0.134.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 10, 2023 License: Apache-2.0 Imports: 13 Imported by: 58

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ASG added in v0.92.0

type ASG interface {
	// Attaches one or more EC2 instances to the specified Auto Scaling group. When you
	// attach instances, Amazon EC2 Auto Scaling increases the desired capacity of the
	// group by the number of instances being attached. If the number of instances
	// being attached plus the desired capacity of the group exceeds the maximum size
	// of the group, the operation fails. If there is a Classic Load Balancer attached
	// to your Auto Scaling group, the instances are also registered with the load
	// balancer. If there are target groups attached to your Auto Scaling group, the
	// instances are also registered with the target groups. For more information, see
	// Attach EC2 instances to your Auto Scaling group
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-instance-asg.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	AttachInstances(ctx context.Context, params *AttachInstancesInput, optFns ...func(*Options)) (*AttachInstancesOutput, error)
	// Attaches one or more target groups to the specified Auto Scaling group. This
	// operation is used with the following load balancer types:
	//
	// * Application Load
	// Balancer - Operates at the application layer (layer 7) and supports HTTP and
	// HTTPS.
	//
	// * Network Load Balancer - Operates at the transport layer (layer 4) and
	// supports TCP, TLS, and UDP.
	//
	// * Gateway Load Balancer - Operates at the network
	// layer (layer 3).
	//
	// To describe the target groups for an Auto Scaling group, call
	// the DescribeLoadBalancerTargetGroups API. To detach the target group from the
	// Auto Scaling group, call the DetachLoadBalancerTargetGroups API. This operation
	// is additive and does not detach existing target groups or Classic Load Balancers
	// from the Auto Scaling group. For more information, see Use Elastic Load
	// Balancing to distribute traffic across the instances in your Auto Scaling group
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	AttachLoadBalancerTargetGroups(ctx context.Context, params *AttachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*AttachLoadBalancerTargetGroupsOutput, error)
	// To attach an Application Load Balancer, Network Load Balancer, or Gateway Load
	// Balancer, use the AttachLoadBalancerTargetGroups API operation instead. Attaches
	// one or more Classic Load Balancers to the specified Auto Scaling group. Amazon
	// EC2 Auto Scaling registers the running instances with these Classic Load
	// Balancers. To describe the load balancers for an Auto Scaling group, call the
	// DescribeLoadBalancers API. To detach a load balancer from the Auto Scaling
	// group, call the DetachLoadBalancers API. This operation is additive and does not
	// detach existing Classic Load Balancers or target groups from the Auto Scaling
	// group. For more information, see Use Elastic Load Balancing to distribute
	// traffic across the instances in your Auto Scaling group
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	AttachLoadBalancers(ctx context.Context, params *AttachLoadBalancersInput, optFns ...func(*Options)) (*AttachLoadBalancersOutput, error)
	// Reserved for use with Amazon VPC Lattice, which is in preview and subject to
	// change. Do not use this API for production workloads. This API is also subject
	// to change. Attaches one or more traffic sources to the specified Auto Scaling
	// group. To describe the traffic sources for an Auto Scaling group, call the
	// DescribeTrafficSources API. To detach a traffic source from the Auto Scaling
	// group, call the DetachTrafficSources API. This operation is additive and does
	// not detach existing traffic sources from the Auto Scaling group.
	AttachTrafficSources(ctx context.Context, params *AttachTrafficSourcesInput, optFns ...func(*Options)) (*AttachTrafficSourcesOutput, error)
	// Deletes one or more scheduled actions for the specified Auto Scaling group.
	BatchDeleteScheduledAction(ctx context.Context, params *BatchDeleteScheduledActionInput, optFns ...func(*Options)) (*BatchDeleteScheduledActionOutput, error)
	// Creates or updates one or more scheduled scaling actions for an Auto Scaling
	// group.
	BatchPutScheduledUpdateGroupAction(ctx context.Context, params *BatchPutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*BatchPutScheduledUpdateGroupActionOutput, error)
	// Cancels an instance refresh or rollback that is in progress. If an instance
	// refresh or rollback is not in progress, an ActiveInstanceRefreshNotFound error
	// occurs. This operation is part of the instance refresh feature
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)
	// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto
	// Scaling group after you make configuration changes. When you cancel an instance
	// refresh, this does not roll back any changes that it made. Use the
	// RollbackInstanceRefresh API to roll back instead.
	CancelInstanceRefresh(ctx context.Context, params *CancelInstanceRefreshInput, optFns ...func(*Options)) (*CancelInstanceRefreshOutput, error)
	// Completes the lifecycle action for the specified token or instance with the
	// specified result. This step is a part of the procedure for adding a lifecycle
	// hook to an Auto Scaling group:
	//
	// * (Optional) Create a launch template or launch
	// configuration with a user data script that runs while an instance is in a wait
	// state due to a lifecycle hook.
	//
	// * (Optional) Create a Lambda function and a rule
	// that allows Amazon EventBridge to invoke your Lambda function when an instance
	// is put into a wait state due to a lifecycle hook.
	//
	// * (Optional) Create a
	// notification target and an IAM role. The target can be either an Amazon SQS
	// queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish
	// lifecycle notifications to the target.
	//
	// * Create the lifecycle hook. Specify
	// whether the hook is used when the instances launch or terminate.
	//
	// * If you need
	// more time, record the lifecycle action heartbeat to keep the instance in a wait
	// state.
	//
	// * If you finish before the timeout period ends, send a callback by using
	// the CompleteLifecycleAction API call.
	//
	// For more information, see Amazon EC2 Auto
	// Scaling lifecycle hooks
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) in
	// the Amazon EC2 Auto Scaling User Guide.
	CompleteLifecycleAction(ctx context.Context, params *CompleteLifecycleActionInput, optFns ...func(*Options)) (*CompleteLifecycleActionOutput, error)
	// We strongly recommend using a launch template when calling this operation to
	// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2. Creates an
	// Auto Scaling group with the specified name and attributes. If you exceed your
	// maximum limit of Auto Scaling groups, the call fails. To query this limit, call
	// the DescribeAccountLimits API. For information about updating this limit, see
	// Quotas for Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html)
	// in the Amazon EC2 Auto Scaling User Guide. For introductory exercises for
	// creating an Auto Scaling group, see Getting started with Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/GettingStartedTutorial.html)
	// and Tutorial: Set up a scaled and load-balanced application
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-register-lbs-with-asg.html)
	// in the Amazon EC2 Auto Scaling User Guide. For more information, see Auto
	// Scaling groups
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html) in
	// the Amazon EC2 Auto Scaling User Guide. Every Auto Scaling group has three size
	// properties (DesiredCapacity, MaxSize, and MinSize). Usually, you set these sizes
	// based on a specific number of instances. However, if you configure a mixed
	// instances policy that defines weights for the instance types, you must specify
	// these sizes with the same units that you use for weighting instances.
	CreateAutoScalingGroup(ctx context.Context, params *CreateAutoScalingGroupInput, optFns ...func(*Options)) (*CreateAutoScalingGroupOutput, error)
	// Creates a launch configuration. If you exceed your maximum limit of launch
	// configurations, the call fails. To query this limit, call the
	// DescribeAccountLimits API. For information about updating this limit, see Quotas
	// for Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html)
	// in the Amazon EC2 Auto Scaling User Guide. For more information, see Launch
	// configurations
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html)
	// in the Amazon EC2 Auto Scaling User Guide. Amazon EC2 Auto Scaling configures
	// instances launched as part of an Auto Scaling group using either a launch
	// template or a launch configuration. We strongly recommend that you do not use
	// launch configurations. They do not provide full functionality for Amazon EC2
	// Auto Scaling or Amazon EC2. For information about using launch templates, see
	// Launch templates
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-templates.html) in
	// the Amazon EC2 Auto Scaling User Guide.
	CreateLaunchConfiguration(ctx context.Context, params *CreateLaunchConfigurationInput, optFns ...func(*Options)) (*CreateLaunchConfigurationOutput, error)
	// Creates or updates tags for the specified Auto Scaling group. When you specify a
	// tag with a key that already exists, the operation overwrites the previous tag
	// definition, and you do not get an error message. For more information, see Tag
	// Auto Scaling groups and instances
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	CreateOrUpdateTags(ctx context.Context, params *CreateOrUpdateTagsInput, optFns ...func(*Options)) (*CreateOrUpdateTagsOutput, error)
	// Deletes the specified Auto Scaling group. If the group has instances or scaling
	// activities in progress, you must specify the option to force the deletion in
	// order for it to succeed. The force delete operation will also terminate the EC2
	// instances. If the group has a warm pool, the force delete option also deletes
	// the warm pool. To remove instances from the Auto Scaling group before deleting
	// it, call the DetachInstances API with the list of instances and the option to
	// decrement the desired capacity. This ensures that Amazon EC2 Auto Scaling does
	// not launch replacement instances. To terminate all instances before deleting the
	// Auto Scaling group, call the UpdateAutoScalingGroup API and set the minimum size
	// and desired capacity of the Auto Scaling group to zero. If the group has scaling
	// policies, deleting the group deletes the policies, the underlying alarm actions,
	// and any alarm that no longer has an associated action. For more information, see
	// Delete your Auto Scaling infrastructure
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-process-shutdown.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DeleteAutoScalingGroup(ctx context.Context, params *DeleteAutoScalingGroupInput, optFns ...func(*Options)) (*DeleteAutoScalingGroupOutput, error)
	// Deletes the specified launch configuration. The launch configuration must not be
	// attached to an Auto Scaling group. When this call completes, the launch
	// configuration is no longer available for use.
	DeleteLaunchConfiguration(ctx context.Context, params *DeleteLaunchConfigurationInput, optFns ...func(*Options)) (*DeleteLaunchConfigurationOutput, error)
	// Deletes the specified lifecycle hook. If there are any outstanding lifecycle
	// actions, they are completed first (ABANDON for launching instances, CONTINUE for
	// terminating instances).
	DeleteLifecycleHook(ctx context.Context, params *DeleteLifecycleHookInput, optFns ...func(*Options)) (*DeleteLifecycleHookOutput, error)
	// Deletes the specified notification.
	DeleteNotificationConfiguration(ctx context.Context, params *DeleteNotificationConfigurationInput, optFns ...func(*Options)) (*DeleteNotificationConfigurationOutput, error)
	// Deletes the specified scaling policy. Deleting either a step scaling policy or a
	// simple scaling policy deletes the underlying alarm action, but does not delete
	// the alarm, even if it no longer has an associated action. For more information,
	// see Deleting a scaling policy
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/deleting-scaling-policy.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error)
	// Deletes the specified scheduled action.
	DeleteScheduledAction(ctx context.Context, params *DeleteScheduledActionInput, optFns ...func(*Options)) (*DeleteScheduledActionOutput, error)
	// Deletes the specified tags.
	DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error)
	// Deletes the warm pool for the specified Auto Scaling group. For more
	// information, see Warm pools for Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DeleteWarmPool(ctx context.Context, params *DeleteWarmPoolInput, optFns ...func(*Options)) (*DeleteWarmPoolOutput, error)
	// Describes the current Amazon EC2 Auto Scaling resource quotas for your account.
	// When you establish an Amazon Web Services account, the account has initial
	// quotas on the maximum number of Auto Scaling groups and launch configurations
	// that you can create in a given Region. For more information, see Quotas for
	// Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
	// Describes the available adjustment types for step scaling and simple scaling
	// policies. The following adjustment types are supported:
	//
	// * ChangeInCapacity
	//
	// *
	// ExactCapacity
	//
	// * PercentChangeInCapacity
	DescribeAdjustmentTypes(ctx context.Context, params *DescribeAdjustmentTypesInput, optFns ...func(*Options)) (*DescribeAdjustmentTypesOutput, error)
	// Gets information about the Auto Scaling groups in the account and Region. If you
	// specify Auto Scaling group names, the output includes information for only the
	// specified Auto Scaling groups. If you specify filters, the output includes
	// information for only those Auto Scaling groups that meet the filter criteria. If
	// you do not specify group names or filters, the output includes information for
	// all Auto Scaling groups. This operation also returns information about instances
	// in Auto Scaling groups. To retrieve information about the instances in a warm
	// pool, you must call the DescribeWarmPool API.
	DescribeAutoScalingGroups(ctx context.Context, params *DescribeAutoScalingGroupsInput, optFns ...func(*Options)) (*DescribeAutoScalingGroupsOutput, error)
	// Gets information about the Auto Scaling instances in the account and Region.
	DescribeAutoScalingInstances(ctx context.Context, params *DescribeAutoScalingInstancesInput, optFns ...func(*Options)) (*DescribeAutoScalingInstancesOutput, error)
	// Describes the notification types that are supported by Amazon EC2 Auto Scaling.
	DescribeAutoScalingNotificationTypes(ctx context.Context, params *DescribeAutoScalingNotificationTypesInput, optFns ...func(*Options)) (*DescribeAutoScalingNotificationTypesOutput, error)
	// Gets information about the instance refreshes for the specified Auto Scaling
	// group. This operation is part of the instance refresh feature
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)
	// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto
	// Scaling group after you make configuration changes. To help you determine the
	// status of an instance refresh, Amazon EC2 Auto Scaling returns information about
	// the instance refreshes you previously initiated, including their status, start
	// time, end time, the percentage of the instance refresh that is complete, and the
	// number of instances remaining to update before the instance refresh is complete.
	// If a rollback is initiated while an instance refresh is in progress, Amazon EC2
	// Auto Scaling also returns information about the rollback of the instance
	// refresh.
	DescribeInstanceRefreshes(ctx context.Context, params *DescribeInstanceRefreshesInput, optFns ...func(*Options)) (*DescribeInstanceRefreshesOutput, error)
	// Gets information about the launch configurations in the account and Region.
	DescribeLaunchConfigurations(ctx context.Context, params *DescribeLaunchConfigurationsInput, optFns ...func(*Options)) (*DescribeLaunchConfigurationsOutput, error)
	// Describes the available types of lifecycle hooks. The following hook types are
	// supported:
	//
	// * autoscaling:EC2_INSTANCE_LAUNCHING
	//
	// *
	// autoscaling:EC2_INSTANCE_TERMINATING
	DescribeLifecycleHookTypes(ctx context.Context, params *DescribeLifecycleHookTypesInput, optFns ...func(*Options)) (*DescribeLifecycleHookTypesOutput, error)
	// Gets information about the lifecycle hooks for the specified Auto Scaling group.
	DescribeLifecycleHooks(ctx context.Context, params *DescribeLifecycleHooksInput, optFns ...func(*Options)) (*DescribeLifecycleHooksOutput, error)
	// Gets information about the Elastic Load Balancing target groups for the
	// specified Auto Scaling group. To determine the attachment status of the target
	// group, use the State element in the response. When you attach a target group to
	// an Auto Scaling group, the initial State value is Adding. The state transitions
	// to Added after all Auto Scaling instances are registered with the target group.
	// If Elastic Load Balancing health checks are enabled for the Auto Scaling group,
	// the state transitions to InService after at least one Auto Scaling instance
	// passes the health check. When the target group is in the InService state, Amazon
	// EC2 Auto Scaling can terminate and replace any instances that are reported as
	// unhealthy. If no registered instances pass the health checks, the target group
	// doesn't enter the InService state. Target groups also have an InService state if
	// you attach them in the CreateAutoScalingGroup API call. If your target group
	// state is InService, but it is not working properly, check the scaling activities
	// by calling DescribeScalingActivities and take any corrective actions necessary.
	// For help with failed health checks, see Troubleshooting Amazon EC2 Auto Scaling:
	// Health checks
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html)
	// in the Amazon EC2 Auto Scaling User Guide. For more information, see Use Elastic
	// Load Balancing to distribute traffic across the instances in your Auto Scaling
	// group
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html)
	// in the Amazon EC2 Auto Scaling User Guide. You can use this operation to
	// describe target groups that were attached by using
	// AttachLoadBalancerTargetGroups, but not for target groups that were attached by
	// using AttachTrafficSources.
	DescribeLoadBalancerTargetGroups(ctx context.Context, params *DescribeLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DescribeLoadBalancerTargetGroupsOutput, error)
	// Gets information about the load balancers for the specified Auto Scaling group.
	// This operation describes only Classic Load Balancers. If you have Application
	// Load Balancers, Network Load Balancers, or Gateway Load Balancer, use the
	// DescribeLoadBalancerTargetGroups API instead. To determine the attachment status
	// of the load balancer, use the State element in the response. When you attach a
	// load balancer to an Auto Scaling group, the initial State value is Adding. The
	// state transitions to Added after all Auto Scaling instances are registered with
	// the load balancer. If Elastic Load Balancing health checks are enabled for the
	// Auto Scaling group, the state transitions to InService after at least one Auto
	// Scaling instance passes the health check. When the load balancer is in the
	// InService state, Amazon EC2 Auto Scaling can terminate and replace any instances
	// that are reported as unhealthy. If no registered instances pass the health
	// checks, the load balancer doesn't enter the InService state. Load balancers also
	// have an InService state if you attach them in the CreateAutoScalingGroup API
	// call. If your load balancer state is InService, but it is not working properly,
	// check the scaling activities by calling DescribeScalingActivities and take any
	// corrective actions necessary. For help with failed health checks, see
	// Troubleshooting Amazon EC2 Auto Scaling: Health checks
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html)
	// in the Amazon EC2 Auto Scaling User Guide. For more information, see Use Elastic
	// Load Balancing to distribute traffic across the instances in your Auto Scaling
	// group
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
	// Describes the available CloudWatch metrics for Amazon EC2 Auto Scaling.
	DescribeMetricCollectionTypes(ctx context.Context, params *DescribeMetricCollectionTypesInput, optFns ...func(*Options)) (*DescribeMetricCollectionTypesOutput, error)
	// Gets information about the Amazon SNS notifications that are configured for one
	// or more Auto Scaling groups.
	DescribeNotificationConfigurations(ctx context.Context, params *DescribeNotificationConfigurationsInput, optFns ...func(*Options)) (*DescribeNotificationConfigurationsOutput, error)
	// Gets information about the scaling policies in the account and Region.
	DescribePolicies(ctx context.Context, params *DescribePoliciesInput, optFns ...func(*Options)) (*DescribePoliciesOutput, error)
	// Gets information about the scaling activities in the account and Region. When
	// scaling events occur, you see a record of the scaling activity in the scaling
	// activities. For more information, see Verifying a scaling activity for an Auto
	// Scaling group
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html)
	// in the Amazon EC2 Auto Scaling User Guide. If the scaling event succeeds, the
	// value of the StatusCode element in the response is Successful. If an attempt to
	// launch instances failed, the StatusCode value is Failed or Cancelled and the
	// StatusMessage element in the response indicates the cause of the failure. For
	// help interpreting the StatusMessage, see Troubleshooting Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/CHAP_Troubleshooting.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DescribeScalingActivities(ctx context.Context, params *DescribeScalingActivitiesInput, optFns ...func(*Options)) (*DescribeScalingActivitiesOutput, error)
	// Describes the scaling process types for use with the ResumeProcesses and
	// SuspendProcesses APIs.
	DescribeScalingProcessTypes(ctx context.Context, params *DescribeScalingProcessTypesInput, optFns ...func(*Options)) (*DescribeScalingProcessTypesOutput, error)
	// Gets information about the scheduled actions that haven't run or that have not
	// reached their end time. To describe the scaling activities for scheduled actions
	// that have already run, call the DescribeScalingActivities API.
	DescribeScheduledActions(ctx context.Context, params *DescribeScheduledActionsInput, optFns ...func(*Options)) (*DescribeScheduledActionsOutput, error)
	// Describes the specified tags. You can use filters to limit the results. For
	// example, you can query for the tags for a specific Auto Scaling group. You can
	// specify multiple values for a filter. A tag must match at least one of the
	// specified values for it to be included in the results. You can also specify
	// multiple filters. The result includes information for a particular tag only if
	// it matches all the filters. If there's no match, no special message is returned.
	// For more information, see Tag Auto Scaling groups and instances
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
	// Describes the termination policies supported by Amazon EC2 Auto Scaling. For
	// more information, see Work with Amazon EC2 Auto Scaling termination policies
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DescribeTerminationPolicyTypes(ctx context.Context, params *DescribeTerminationPolicyTypesInput, optFns ...func(*Options)) (*DescribeTerminationPolicyTypesOutput, error)
	// Reserved for use with Amazon VPC Lattice, which is in preview and subject to
	// change. Do not use this API for production workloads. This API is also subject
	// to change. Gets information about the traffic sources for the specified Auto
	// Scaling group.
	DescribeTrafficSources(ctx context.Context, params *DescribeTrafficSourcesInput, optFns ...func(*Options)) (*DescribeTrafficSourcesOutput, error)
	// Gets information about a warm pool and its instances. For more information, see
	// Warm pools for Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DescribeWarmPool(ctx context.Context, params *DescribeWarmPoolInput, optFns ...func(*Options)) (*DescribeWarmPoolOutput, error)
	// Removes one or more instances from the specified Auto Scaling group. After the
	// instances are detached, you can manage them independent of the Auto Scaling
	// group. If you do not specify the option to decrement the desired capacity,
	// Amazon EC2 Auto Scaling launches instances to replace the ones that are
	// detached. If there is a Classic Load Balancer attached to the Auto Scaling
	// group, the instances are deregistered from the load balancer. If there are
	// target groups attached to the Auto Scaling group, the instances are deregistered
	// from the target groups. For more information, see Detach EC2 instances from your
	// Auto Scaling group
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/detach-instance-asg.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	DetachInstances(ctx context.Context, params *DetachInstancesInput, optFns ...func(*Options)) (*DetachInstancesOutput, error)
	// Detaches one or more target groups from the specified Auto Scaling group. When
	// you detach a target group, it enters the Removing state while deregistering the
	// instances in the group. When all instances are deregistered, then you can no
	// longer describe the target group using the DescribeLoadBalancerTargetGroups API
	// call. The instances remain running. You can use this operation to detach target
	// groups that were attached by using AttachLoadBalancerTargetGroups, but not for
	// target groups that were attached by using AttachTrafficSources.
	DetachLoadBalancerTargetGroups(ctx context.Context, params *DetachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DetachLoadBalancerTargetGroupsOutput, error)
	// Detaches one or more Classic Load Balancers from the specified Auto Scaling
	// group. This operation detaches only Classic Load Balancers. If you have
	// Application Load Balancers, Network Load Balancers, or Gateway Load Balancer,
	// use the DetachLoadBalancerTargetGroups API instead. When you detach a load
	// balancer, it enters the Removing state while deregistering the instances in the
	// group. When all instances are deregistered, then you can no longer describe the
	// load balancer using the DescribeLoadBalancers API call. The instances remain
	// running.
	DetachLoadBalancers(ctx context.Context, params *DetachLoadBalancersInput, optFns ...func(*Options)) (*DetachLoadBalancersOutput, error)
	// Reserved for use with Amazon VPC Lattice, which is in preview and subject to
	// change. Do not use this API for production workloads. This API is also subject
	// to change. Detaches one or more traffic sources from the specified Auto Scaling
	// group.
	DetachTrafficSources(ctx context.Context, params *DetachTrafficSourcesInput, optFns ...func(*Options)) (*DetachTrafficSourcesOutput, error)
	// Disables group metrics collection for the specified Auto Scaling group.
	DisableMetricsCollection(ctx context.Context, params *DisableMetricsCollectionInput, optFns ...func(*Options)) (*DisableMetricsCollectionOutput, error)
	// Enables group metrics collection for the specified Auto Scaling group. You can
	// use these metrics to track changes in an Auto Scaling group and to set alarms on
	// threshold values. You can view group metrics using the Amazon EC2 Auto Scaling
	// console or the CloudWatch console. For more information, see Monitor CloudWatch
	// metrics for your Auto Scaling groups and instances
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-cloudwatch-monitoring.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	EnableMetricsCollection(ctx context.Context, params *EnableMetricsCollectionInput, optFns ...func(*Options)) (*EnableMetricsCollectionOutput, error)
	// Moves the specified instances into the standby state. If you choose to decrement
	// the desired capacity of the Auto Scaling group, the instances can enter standby
	// as long as the desired capacity of the Auto Scaling group after the instances
	// are placed into standby is equal to or greater than the minimum capacity of the
	// group. If you choose not to decrement the desired capacity of the Auto Scaling
	// group, the Auto Scaling group launches new instances to replace the instances on
	// standby. For more information, see Temporarily removing instances from your Auto
	// Scaling group
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	EnterStandby(ctx context.Context, params *EnterStandbyInput, optFns ...func(*Options)) (*EnterStandbyOutput, error)
	// Executes the specified policy. This can be useful for testing the design of your
	// scaling policy.
	ExecutePolicy(ctx context.Context, params *ExecutePolicyInput, optFns ...func(*Options)) (*ExecutePolicyOutput, error)
	// Moves the specified instances out of the standby state. After you put the
	// instances back in service, the desired capacity is incremented. For more
	// information, see Temporarily removing instances from your Auto Scaling group
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	ExitStandby(ctx context.Context, params *ExitStandbyInput, optFns ...func(*Options)) (*ExitStandbyOutput, error)
	// Retrieves the forecast data for a predictive scaling policy. Load forecasts are
	// predictions of the hourly load values using historical load data from CloudWatch
	// and an analysis of historical trends. Capacity forecasts are represented as
	// predicted values for the minimum capacity that is needed on an hourly basis,
	// based on the hourly load forecast. A minimum of 24 hours of data is required to
	// create the initial forecasts. However, having a full 14 days of historical data
	// results in more accurate forecasts. For more information, see Predictive scaling
	// for Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	GetPredictiveScalingForecast(ctx context.Context, params *GetPredictiveScalingForecastInput, optFns ...func(*Options)) (*GetPredictiveScalingForecastOutput, error)
	// Creates or updates a lifecycle hook for the specified Auto Scaling group.
	// Lifecycle hooks let you create solutions that are aware of events in the Auto
	// Scaling instance lifecycle, and then perform a custom action on instances when
	// the corresponding lifecycle event occurs. This step is a part of the procedure
	// for adding a lifecycle hook to an Auto Scaling group:
	//
	// * (Optional) Create a
	// launch template or launch configuration with a user data script that runs while
	// an instance is in a wait state due to a lifecycle hook.
	//
	// * (Optional) Create a
	// Lambda function and a rule that allows Amazon EventBridge to invoke your Lambda
	// function when an instance is put into a wait state due to a lifecycle hook.
	//
	// *
	// (Optional) Create a notification target and an IAM role. The target can be
	// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
	// Auto Scaling to publish lifecycle notifications to the target.
	//
	// * Create the
	// lifecycle hook. Specify whether the hook is used when the instances launch or
	// terminate.
	//
	// * If you need more time, record the lifecycle action heartbeat to
	// keep the instance in a wait state using the RecordLifecycleActionHeartbeat API
	// call.
	//
	// * If you finish before the timeout period ends, send a callback by using
	// the CompleteLifecycleAction API call.
	//
	// For more information, see Amazon EC2 Auto
	// Scaling lifecycle hooks
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) in
	// the Amazon EC2 Auto Scaling User Guide. If you exceed your maximum limit of
	// lifecycle hooks, which by default is 50 per Auto Scaling group, the call fails.
	// You can view the lifecycle hooks for an Auto Scaling group using the
	// DescribeLifecycleHooks API call. If you are no longer using a lifecycle hook,
	// you can delete it by calling the DeleteLifecycleHook API.
	PutLifecycleHook(ctx context.Context, params *PutLifecycleHookInput, optFns ...func(*Options)) (*PutLifecycleHookOutput, error)
	// Configures an Auto Scaling group to send notifications when specified events
	// take place. Subscribers to the specified topic can have messages delivered to an
	// endpoint such as a web server or an email address. This configuration overwrites
	// any existing configuration. For more information, see Getting Amazon SNS
	// notifications when your Auto Scaling group scales
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ASGettingNotifications.html)
	// in the Amazon EC2 Auto Scaling User Guide. If you exceed your maximum limit of
	// SNS topics, which is 10 per Auto Scaling group, the call fails.
	PutNotificationConfiguration(ctx context.Context, params *PutNotificationConfigurationInput, optFns ...func(*Options)) (*PutNotificationConfigurationOutput, error)
	// Creates or updates a scaling policy for an Auto Scaling group. Scaling policies
	// are used to scale an Auto Scaling group based on configurable metrics. If no
	// policies are defined, the dynamic scaling and predictive scaling features are
	// not used. For more information about using dynamic scaling, see Target tracking
	// scaling policies
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html)
	// and Step and simple scaling policies
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html)
	// in the Amazon EC2 Auto Scaling User Guide. For more information about using
	// predictive scaling, see Predictive scaling for Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html)
	// in the Amazon EC2 Auto Scaling User Guide. You can view the scaling policies for
	// an Auto Scaling group using the DescribePolicies API call. If you are no longer
	// using a scaling policy, you can delete it by calling the DeletePolicy API.
	PutScalingPolicy(ctx context.Context, params *PutScalingPolicyInput, optFns ...func(*Options)) (*PutScalingPolicyOutput, error)
	// Creates or updates a scheduled scaling action for an Auto Scaling group. For
	// more information, see Scheduled scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html) in
	// the Amazon EC2 Auto Scaling User Guide. You can view the scheduled actions for
	// an Auto Scaling group using the DescribeScheduledActions API call. If you are no
	// longer using a scheduled action, you can delete it by calling the
	// DeleteScheduledAction API. If you try to schedule your action in the past,
	// Amazon EC2 Auto Scaling returns an error message.
	PutScheduledUpdateGroupAction(ctx context.Context, params *PutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*PutScheduledUpdateGroupActionOutput, error)
	// Creates or updates a warm pool for the specified Auto Scaling group. A warm pool
	// is a pool of pre-initialized EC2 instances that sits alongside the Auto Scaling
	// group. Whenever your application needs to scale out, the Auto Scaling group can
	// draw on the warm pool to meet its new desired capacity. For more information and
	// example configurations, see Warm pools for Amazon EC2 Auto Scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)
	// in the Amazon EC2 Auto Scaling User Guide. This operation must be called from
	// the Region in which the Auto Scaling group was created. This operation cannot be
	// called on an Auto Scaling group that has a mixed instances policy or a launch
	// template or launch configuration that requests Spot Instances. You can view the
	// instances in the warm pool using the DescribeWarmPool API call. If you are no
	// longer using a warm pool, you can delete it by calling the DeleteWarmPool API.
	PutWarmPool(ctx context.Context, params *PutWarmPoolInput, optFns ...func(*Options)) (*PutWarmPoolOutput, error)
	// Records a heartbeat for the lifecycle action associated with the specified token
	// or instance. This extends the timeout by the length of time defined using the
	// PutLifecycleHook API call. This step is a part of the procedure for adding a
	// lifecycle hook to an Auto Scaling group:
	//
	// * (Optional) Create a launch template
	// or launch configuration with a user data script that runs while an instance is
	// in a wait state due to a lifecycle hook.
	//
	// * (Optional) Create a Lambda function
	// and a rule that allows Amazon EventBridge to invoke your Lambda function when an
	// instance is put into a wait state due to a lifecycle hook.
	//
	// * (Optional) Create
	// a notification target and an IAM role. The target can be either an Amazon SQS
	// queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish
	// lifecycle notifications to the target.
	//
	// * Create the lifecycle hook. Specify
	// whether the hook is used when the instances launch or terminate.
	//
	// * If you need
	// more time, record the lifecycle action heartbeat to keep the instance in a wait
	// state.
	//
	// * If you finish before the timeout period ends, send a callback by using
	// the CompleteLifecycleAction API call.
	//
	// For more information, see Amazon EC2 Auto
	// Scaling lifecycle hooks
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) in
	// the Amazon EC2 Auto Scaling User Guide.
	RecordLifecycleActionHeartbeat(ctx context.Context, params *RecordLifecycleActionHeartbeatInput, optFns ...func(*Options)) (*RecordLifecycleActionHeartbeatOutput, error)
	// Resumes the specified suspended auto scaling processes, or all suspended
	// process, for the specified Auto Scaling group. For more information, see
	// Suspending and resuming scaling processes
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	ResumeProcesses(ctx context.Context, params *ResumeProcessesInput, optFns ...func(*Options)) (*ResumeProcessesOutput, error)
	// Cancels an instance refresh that is in progress and rolls back any changes that
	// it made. Amazon EC2 Auto Scaling replaces any instances that were replaced
	// during the instance refresh. This restores your Auto Scaling group to the
	// configuration that it was using before the start of the instance refresh. This
	// operation is part of the instance refresh feature
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)
	// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto
	// Scaling group after you make configuration changes. A rollback is not supported
	// in the following situations:
	//
	// * There is no desired configuration specified for
	// the instance refresh.
	//
	// * The Auto Scaling group has a launch template that uses
	// an Amazon Web Services Systems Manager parameter instead of an AMI ID for the
	// ImageId property.
	//
	// * The Auto Scaling group uses the launch template's $Latest
	// or $Default version.
	//
	// When you receive a successful response from this
	// operation, Amazon EC2 Auto Scaling immediately begins replacing instances. You
	// can check the status of this operation through the DescribeInstanceRefreshes API
	// operation.
	RollbackInstanceRefresh(ctx context.Context, params *RollbackInstanceRefreshInput, optFns ...func(*Options)) (*RollbackInstanceRefreshOutput, error)
	// Sets the size of the specified Auto Scaling group. If a scale-in activity occurs
	// as a result of a new DesiredCapacity value that is lower than the current size
	// of the group, the Auto Scaling group uses its termination policy to determine
	// which instances to terminate. For more information, see Manual scaling
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-manual-scaling.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	SetDesiredCapacity(ctx context.Context, params *SetDesiredCapacityInput, optFns ...func(*Options)) (*SetDesiredCapacityOutput, error)
	// Sets the health status of the specified instance. For more information, see
	// Health checks for Auto Scaling instances
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html) in the
	// Amazon EC2 Auto Scaling User Guide.
	SetInstanceHealth(ctx context.Context, params *SetInstanceHealthInput, optFns ...func(*Options)) (*SetInstanceHealthOutput, error)
	// Updates the instance protection settings of the specified instances. This
	// operation cannot be called on instances in a warm pool. For more information
	// about preventing instances that are part of an Auto Scaling group from
	// terminating on scale in, see Using instance scale-in protection
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html)
	// in the Amazon EC2 Auto Scaling User Guide. If you exceed your maximum limit of
	// instance IDs, which is 50 per Auto Scaling group, the call fails.
	SetInstanceProtection(ctx context.Context, params *SetInstanceProtectionInput, optFns ...func(*Options)) (*SetInstanceProtectionOutput, error)
	// Starts an instance refresh. During an instance refresh, Amazon EC2 Auto Scaling
	// performs a rolling update of instances in an Auto Scaling group. Instances are
	// terminated first and then replaced, which temporarily reduces the capacity
	// available within your Auto Scaling group. This operation is part of the instance
	// refresh feature
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)
	// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto
	// Scaling group. This feature is helpful, for example, when you have a new AMI or
	// a new user data script. You just need to create a new launch template that
	// specifies the new AMI or user data script. Then start an instance refresh to
	// immediately begin the process of updating instances in the group. If successful,
	// the request's response contains a unique ID that you can use to track the
	// progress of the instance refresh. To query its status, call the
	// DescribeInstanceRefreshes API. To describe the instance refreshes that have
	// already run, call the DescribeInstanceRefreshes API. To cancel an instance
	// refresh that is in progress, use the CancelInstanceRefresh API. An instance
	// refresh might fail for several reasons, such as EC2 launch failures,
	// misconfigured health checks, or not ignoring or allowing the termination of
	// instances that are in Standby state or protected from scale in. You can monitor
	// for failed EC2 launches using the scaling activities. To find the scaling
	// activities, call the DescribeScalingActivities API. If you enable auto rollback,
	// your Auto Scaling group will be rolled back automatically when the instance
	// refresh fails. You can enable this feature before starting an instance refresh
	// by specifying the AutoRollback property in the instance refresh preferences.
	// Otherwise, to roll back an instance refresh before it finishes, use the
	// RollbackInstanceRefresh API.
	StartInstanceRefresh(ctx context.Context, params *StartInstanceRefreshInput, optFns ...func(*Options)) (*StartInstanceRefreshOutput, error)
	// Suspends the specified auto scaling processes, or all processes, for the
	// specified Auto Scaling group. If you suspend either the Launch or Terminate
	// process types, it can prevent other process types from functioning properly. For
	// more information, see Suspending and resuming scaling processes
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html)
	// in the Amazon EC2 Auto Scaling User Guide. To resume processes that have been
	// suspended, call the ResumeProcesses API.
	SuspendProcesses(ctx context.Context, params *SuspendProcessesInput, optFns ...func(*Options)) (*SuspendProcessesOutput, error)
	// Terminates the specified instance and optionally adjusts the desired group size.
	// This operation cannot be called on instances in a warm pool. This call simply
	// makes a termination request. The instance is not terminated immediately. When an
	// instance is terminated, the instance status changes to terminated. You can't
	// connect to or start an instance after you've terminated it. If you do not
	// specify the option to decrement the desired capacity, Amazon EC2 Auto Scaling
	// launches instances to replace the ones that are terminated. By default, Amazon
	// EC2 Auto Scaling balances instances across all Availability Zones. If you
	// decrement the desired capacity, your Auto Scaling group can become unbalanced
	// between Availability Zones. Amazon EC2 Auto Scaling tries to rebalance the
	// group, and rebalancing might terminate instances in other zones. For more
	// information, see Rebalancing activities
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html#AutoScalingBehavior.InstanceUsage)
	// in the Amazon EC2 Auto Scaling User Guide.
	TerminateInstanceInAutoScalingGroup(ctx context.Context, params *TerminateInstanceInAutoScalingGroupInput, optFns ...func(*Options)) (*TerminateInstanceInAutoScalingGroupOutput, error)
	// We strongly recommend that all Auto Scaling groups use launch templates to
	// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2. Updates
	// the configuration for the specified Auto Scaling group. To update an Auto
	// Scaling group, specify the name of the group and the property that you want to
	// change. Any properties that you don't specify are not changed by this update
	// request. The new settings take effect on any scaling activities after this call
	// returns. If you associate a new launch configuration or template with an Auto
	// Scaling group, all new instances will get the updated configuration. Existing
	// instances continue to run with the configuration that they were originally
	// launched with. When you update a group to specify a mixed instances policy
	// instead of a launch configuration or template, existing instances may be
	// replaced to match the new purchasing options that you specified in the policy.
	// For example, if the group currently has 100% On-Demand capacity and the policy
	// specifies 50% Spot capacity, this means that half of your instances will be
	// gradually terminated and relaunched as Spot Instances. When replacing instances,
	// Amazon EC2 Auto Scaling launches new instances before terminating the old ones,
	// so that updating your group does not compromise the performance or availability
	// of your application. Note the following about changing DesiredCapacity, MaxSize,
	// or MinSize:
	//
	// * If a scale-in activity occurs as a result of a new
	// DesiredCapacity value that is lower than the current size of the group, the Auto
	// Scaling group uses its termination policy to determine which instances to
	// terminate.
	//
	// * If you specify a new value for MinSize without specifying a value
	// for DesiredCapacity, and the new MinSize is larger than the current size of the
	// group, this sets the group's DesiredCapacity to the new MinSize value.
	//
	// * If you
	// specify a new value for MaxSize without specifying a value for DesiredCapacity,
	// and the new MaxSize is smaller than the current size of the group, this sets the
	// group's DesiredCapacity to the new MaxSize value.
	//
	// To see which properties have
	// been set, call the DescribeAutoScalingGroups API. To view the scaling policies
	// for an Auto Scaling group, call the DescribePolicies API. If the group has
	// scaling policies, you can update them by calling the PutScalingPolicy API.
	UpdateAutoScalingGroup(ctx context.Context, params *UpdateAutoScalingGroupInput, optFns ...func(*Options)) (*UpdateAutoScalingGroupOutput, error)
}

ASG provides an interface to the AWS ASG service.

type CloudFormation

type CloudFormation interface {
	// Activates a public third-party extension, making it available for use in stack
	// templates. For more information, see Using public extensions
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html)
	// in the CloudFormation User Guide. Once you have activated a public third-party
	// extension in your account and region, use SetTypeConfiguration to specify
	// configuration properties for the extension. For more information, see
	// Configuring extensions at the account level
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
	// in the CloudFormation User Guide.
	ActivateType(ctx context.Context, params *ActivateTypeInput, optFns ...func(*Options)) (*ActivateTypeOutput, error)
	// Returns configuration data for the specified CloudFormation extensions, from the
	// CloudFormation registry for the account and region. For more information, see
	// Configuring extensions at the account level
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
	// in the CloudFormation User Guide.
	BatchDescribeTypeConfigurations(ctx context.Context, params *BatchDescribeTypeConfigurationsInput, optFns ...func(*Options)) (*BatchDescribeTypeConfigurationsOutput, error)
	// Cancels an update on the specified stack. If the call completes successfully,
	// the stack rolls back the update and reverts to the previous stack configuration.
	// You can cancel only stacks that are in the UPDATE_IN_PROGRESS state.
	CancelUpdateStack(ctx context.Context, params *CancelUpdateStackInput, optFns ...func(*Options)) (*CancelUpdateStackOutput, error)
	// For a specified stack that's in the UPDATE_ROLLBACK_FAILED state, continues
	// rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause of
	// the failure, you can manually  fix the error
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed)
	// and continue the rollback. By continuing the rollback, you can return your stack
	// to a working state (the UPDATE_ROLLBACK_COMPLETE state), and then try to update
	// the stack again. A stack goes into the UPDATE_ROLLBACK_FAILED state when
	// CloudFormation can't roll back all changes after a failed stack update. For
	// example, you might have a stack that's rolling back to an old database instance
	// that was deleted outside of CloudFormation. Because CloudFormation doesn't know
	// the database was deleted, it assumes that the database instance still exists and
	// attempts to roll back to it, causing the update rollback to fail.
	ContinueUpdateRollback(ctx context.Context, params *ContinueUpdateRollbackInput, optFns ...func(*Options)) (*ContinueUpdateRollbackOutput, error)
	// Creates a list of changes that will be applied to a stack so that you can review
	// the changes before executing them. You can create a change set for a stack that
	// doesn't exist or an existing stack. If you create a change set for a stack that
	// doesn't exist, the change set shows all of the resources that CloudFormation
	// will create. If you create a change set for an existing stack, CloudFormation
	// compares the stack's information with the information that you submit in the
	// change set and lists the differences. Use change sets to understand which
	// resources CloudFormation will create or change, and how it will change resources
	// in an existing stack, before you create or update a stack. To create a change
	// set for a stack that doesn't exist, for the ChangeSetType parameter, specify
	// CREATE. To create a change set for an existing stack, specify UPDATE for the
	// ChangeSetType parameter. To create a change set for an import operation, specify
	// IMPORT for the ChangeSetType parameter. After the CreateChangeSet call
	// successfully completes, CloudFormation starts creating the change set. To check
	// the status of the change set or to review it, use the DescribeChangeSet action.
	// When you are satisfied with the changes the change set will make, execute the
	// change set by using the ExecuteChangeSet action. CloudFormation doesn't make
	// changes until you execute the change set. To create a change set for the entire
	// stack hierarchy, set IncludeNestedStacks to True.
	CreateChangeSet(ctx context.Context, params *CreateChangeSetInput, optFns ...func(*Options)) (*CreateChangeSetOutput, error)
	// Creates a stack as specified in the template. After the call completes
	// successfully, the stack creation starts. You can check the status of the stack
	// through the DescribeStacksoperation.
	CreateStack(ctx context.Context, params *CreateStackInput, optFns ...func(*Options)) (*CreateStackOutput, error)
	// Creates stack instances for the specified accounts, within the specified Amazon
	// Web Services Regions. A stack instance refers to a stack in a specific account
	// and Region. You must specify at least one value for either Accounts or
	// DeploymentTargets, and you must specify at least one value for Regions.
	CreateStackInstances(ctx context.Context, params *CreateStackInstancesInput, optFns ...func(*Options)) (*CreateStackInstancesOutput, error)
	// Creates a stack set.
	CreateStackSet(ctx context.Context, params *CreateStackSetInput, optFns ...func(*Options)) (*CreateStackSetOutput, error)
	// Deactivates a public extension that was previously activated in this account and
	// region. Once deactivated, an extension can't be used in any CloudFormation
	// operation. This includes stack update operations where the stack template
	// includes the extension, even if no updates are being made to the extension. In
	// addition, deactivated extensions aren't automatically updated if a new version
	// of the extension is released.
	DeactivateType(ctx context.Context, params *DeactivateTypeInput, optFns ...func(*Options)) (*DeactivateTypeOutput, error)
	// Deletes the specified change set. Deleting change sets ensures that no one
	// executes the wrong change set. If the call successfully completes,
	// CloudFormation successfully deleted the change set. If IncludeNestedStacks
	// specifies True during the creation of the nested change set, then
	// DeleteChangeSet will delete all change sets that belong to the stacks hierarchy
	// and will also delete all change sets for nested stacks with the status of
	// REVIEW_IN_PROGRESS.
	DeleteChangeSet(ctx context.Context, params *DeleteChangeSetInput, optFns ...func(*Options)) (*DeleteChangeSetOutput, error)
	// Deletes a specified stack. Once the call completes successfully, stack deletion
	// starts. Deleted stacks don't show up in the DescribeStacks operation if the
	// deletion has been completed successfully.
	DeleteStack(ctx context.Context, params *DeleteStackInput, optFns ...func(*Options)) (*DeleteStackOutput, error)
	// Deletes stack instances for the specified accounts, in the specified Amazon Web
	// Services Regions.
	DeleteStackInstances(ctx context.Context, params *DeleteStackInstancesInput, optFns ...func(*Options)) (*DeleteStackInstancesOutput, error)
	// Deletes a stack set. Before you can delete a stack set, all its member stack
	// instances must be deleted. For more information about how to complete this, see
	// DeleteStackInstances.
	DeleteStackSet(ctx context.Context, params *DeleteStackSetInput, optFns ...func(*Options)) (*DeleteStackSetOutput, error)
	// Marks an extension or extension version as DEPRECATED in the CloudFormation
	// registry, removing it from active use. Deprecated extensions or extension
	// versions cannot be used in CloudFormation operations. To deregister an entire
	// extension, you must individually deregister all active versions of that
	// extension. If an extension has only a single active version, deregistering that
	// version results in the extension itself being deregistered and marked as
	// deprecated in the registry. You can't deregister the default version of an
	// extension if there are other active version of that extension. If you do
	// deregister the default version of an extension, the extension type itself is
	// deregistered as well and marked as deprecated. To view the deprecation status of
	// an extension or extension version, use DescribeType
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html).
	DeregisterType(ctx context.Context, params *DeregisterTypeInput, optFns ...func(*Options)) (*DeregisterTypeOutput, error)
	// Retrieves your account's CloudFormation limits, such as the maximum number of
	// stacks that you can create in your account. For more information about account
	// limits, see CloudFormation Quotas
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html)
	// in the CloudFormation User Guide.
	DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
	// Returns the inputs for the change set and a list of changes that CloudFormation
	// will make if you execute the change set. For more information, see Updating
	// Stacks Using Change Sets
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html)
	// in the CloudFormation User Guide.
	DescribeChangeSet(ctx context.Context, params *DescribeChangeSetInput, optFns ...func(*Options)) (*DescribeChangeSetOutput, error)
	// Returns hook-related information for the change set and a list of changes that
	// CloudFormation makes when you run the change set.
	DescribeChangeSetHooks(ctx context.Context, params *DescribeChangeSetHooksInput, optFns ...func(*Options)) (*DescribeChangeSetHooksOutput, error)
	// Returns information about a CloudFormation extension publisher. If you don't
	// supply a PublisherId, and you have registered as an extension publisher,
	// DescribePublisher returns information about your own publisher account. For more
	// information about registering as a publisher, see:
	//
	// * RegisterPublisher
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html)
	//
	// *
	// Publishing extensions to make them available for public use
	// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html)
	// in the CloudFormation CLI User Guide
	DescribePublisher(ctx context.Context, params *DescribePublisherInput, optFns ...func(*Options)) (*DescribePublisherOutput, error)
	// Returns information about a stack drift detection operation. A stack drift
	// detection operation detects whether a stack's actual configuration differs, or
	// has drifted, from it's expected configuration, as defined in the stack template
	// and any values specified as template parameters. A stack is considered to have
	// drifted if one or more of its resources have drifted. For more information about
	// stack and resource drift, see Detecting Unregulated Configuration Changes to
	// Stacks and Resources
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html).
	// Use DetectStackDrift to initiate a stack drift detection operation.
	// DetectStackDrift returns a StackDriftDetectionId you can use to monitor the
	// progress of the operation using DescribeStackDriftDetectionStatus. Once the
	// drift detection operation has completed, use DescribeStackResourceDrifts to
	// return drift information about the stack and its resources.
	DescribeStackDriftDetectionStatus(ctx context.Context, params *DescribeStackDriftDetectionStatusInput, optFns ...func(*Options)) (*DescribeStackDriftDetectionStatusOutput, error)
	// Returns all stack related events for a specified stack in reverse chronological
	// order. For more information about a stack's event history, go to Stacks
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/concept-stack.html)
	// in the CloudFormation User Guide. You can list events for stacks that have
	// failed to create or have been deleted by specifying the unique stack identifier
	// (stack ID).
	DescribeStackEvents(ctx context.Context, params *DescribeStackEventsInput, optFns ...func(*Options)) (*DescribeStackEventsOutput, error)
	// Returns the stack instance that's associated with the specified stack set,
	// Amazon Web Services account, and Region. For a list of stack instances that are
	// associated with a specific stack set, use ListStackInstances.
	DescribeStackInstance(ctx context.Context, params *DescribeStackInstanceInput, optFns ...func(*Options)) (*DescribeStackInstanceOutput, error)
	// Returns a description of the specified resource in the specified stack. For
	// deleted stacks, DescribeStackResource returns resource information for up to 90
	// days after the stack has been deleted.
	DescribeStackResource(ctx context.Context, params *DescribeStackResourceInput, optFns ...func(*Options)) (*DescribeStackResourceOutput, error)
	// Returns drift information for the resources that have been checked for drift in
	// the specified stack. This includes actual and expected configuration values for
	// resources where CloudFormation detects configuration drift. For a given stack,
	// there will be one StackResourceDrift for each stack resource that has been
	// checked for drift. Resources that haven't yet been checked for drift aren't
	// included. Resources that don't currently support drift detection aren't checked,
	// and so not included. For a list of resources that support drift detection, see
	// Resources that Support Drift Detection
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html).
	// Use DetectStackResourceDrift to detect drift on individual resources, or
	// DetectStackDrift to detect drift on all supported resources for a given stack.
	DescribeStackResourceDrifts(ctx context.Context, params *DescribeStackResourceDriftsInput, optFns ...func(*Options)) (*DescribeStackResourceDriftsOutput, error)
	// Returns Amazon Web Services resource descriptions for running and deleted
	// stacks. If StackName is specified, all the associated resources that are part of
	// the stack are returned. If PhysicalResourceId is specified, the associated
	// resources of the stack that the resource belongs to are returned. Only the first
	// 100 resources will be returned. If your stack has more resources than this, you
	// should use ListStackResources instead. For deleted stacks,
	// DescribeStackResources returns resource information for up to 90 days after the
	// stack has been deleted. You must specify either StackName or PhysicalResourceId,
	// but not both. In addition, you can specify LogicalResourceId to filter the
	// returned result. For more information about resources, the LogicalResourceId and
	// PhysicalResourceId, go to the CloudFormation User Guide
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/). A
	// ValidationError is returned if you specify both StackName and PhysicalResourceId
	// in the same request.
	DescribeStackResources(ctx context.Context, params *DescribeStackResourcesInput, optFns ...func(*Options)) (*DescribeStackResourcesOutput, error)
	// Returns the description of the specified stack set.
	DescribeStackSet(ctx context.Context, params *DescribeStackSetInput, optFns ...func(*Options)) (*DescribeStackSetOutput, error)
	// Returns the description of the specified stack set operation.
	DescribeStackSetOperation(ctx context.Context, params *DescribeStackSetOperationInput, optFns ...func(*Options)) (*DescribeStackSetOperationOutput, error)
	// Returns the description for the specified stack; if no stack name was specified,
	// then it returns the description for all the stacks created. If the stack doesn't
	// exist, an ValidationError is returned.
	DescribeStacks(ctx context.Context, params *DescribeStacksInput, optFns ...func(*Options)) (*DescribeStacksOutput, error)
	// Returns detailed information about an extension that has been registered. If you
	// specify a VersionId, DescribeType returns information about that specific
	// extension version. Otherwise, it returns information about the default extension
	// version.
	DescribeType(ctx context.Context, params *DescribeTypeInput, optFns ...func(*Options)) (*DescribeTypeOutput, error)
	// Returns information about an extension's registration, including its current
	// status and type and version identifiers. When you initiate a registration
	// request using RegisterType, you can then use DescribeTypeRegistration to monitor
	// the progress of that registration request. Once the registration request has
	// completed, use DescribeType to return detailed information about an extension.
	DescribeTypeRegistration(ctx context.Context, params *DescribeTypeRegistrationInput, optFns ...func(*Options)) (*DescribeTypeRegistrationOutput, error)
	// Detects whether a stack's actual configuration differs, or has drifted, from
	// it's expected configuration, as defined in the stack template and any values
	// specified as template parameters. For each resource in the stack that supports
	// drift detection, CloudFormation compares the actual configuration of the
	// resource with its expected template configuration. Only resource properties
	// explicitly defined in the stack template are checked for drift. A stack is
	// considered to have drifted if one or more of its resources differ from their
	// expected template configurations. For more information, see Detecting
	// Unregulated Configuration Changes to Stacks and Resources
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html).
	// Use DetectStackDrift to detect drift on all supported resources for a given
	// stack, or DetectStackResourceDrift to detect drift on individual resources. For
	// a list of stack resources that currently support drift detection, see Resources
	// that Support Drift Detection
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html).
	// DetectStackDrift can take up to several minutes, depending on the number of
	// resources contained within the stack. Use DescribeStackDriftDetectionStatus to
	// monitor the progress of a detect stack drift operation. Once the drift detection
	// operation has completed, use DescribeStackResourceDrifts to return drift
	// information about the stack and its resources. When detecting drift on a stack,
	// CloudFormation doesn't detect drift on any nested stacks belonging to that
	// stack. Perform DetectStackDrift directly on the nested stack itself.
	DetectStackDrift(ctx context.Context, params *DetectStackDriftInput, optFns ...func(*Options)) (*DetectStackDriftOutput, error)
	// Returns information about whether a resource's actual configuration differs, or
	// has drifted, from it's expected configuration, as defined in the stack template
	// and any values specified as template parameters. This information includes
	// actual and expected property values for resources in which CloudFormation
	// detects drift. Only resource properties explicitly defined in the stack template
	// are checked for drift. For more information about stack and resource drift, see
	// Detecting Unregulated Configuration Changes to Stacks and Resources
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html).
	// Use DetectStackResourceDrift to detect drift on individual resources, or
	// DetectStackDrift to detect drift on all resources in a given stack that support
	// drift detection. Resources that don't currently support drift detection can't be
	// checked. For a list of resources that support drift detection, see Resources
	// that Support Drift Detection
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html).
	DetectStackResourceDrift(ctx context.Context, params *DetectStackResourceDriftInput, optFns ...func(*Options)) (*DetectStackResourceDriftOutput, error)
	// Detect drift on a stack set. When CloudFormation performs drift detection on a
	// stack set, it performs drift detection on the stack associated with each stack
	// instance in the stack set. For more information, see How CloudFormation performs
	// drift detection on a stack set
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html).
	// DetectStackSetDrift returns the OperationId of the stack set drift detection
	// operation. Use this operation id with DescribeStackSetOperation to monitor the
	// progress of the drift detection operation. The drift detection operation may
	// take some time, depending on the number of stack instances included in the stack
	// set, in addition to the number of resources included in each stack. Once the
	// operation has completed, use the following actions to return drift
	// information:
	//
	// * Use DescribeStackSet to return detailed information about the
	// stack set, including detailed information about the last completed drift
	// operation performed on the stack set. (Information about drift operations that
	// are in progress isn't included.)
	//
	// * Use ListStackInstances to return a list of
	// stack instances belonging to the stack set, including the drift status and last
	// drift time checked of each instance.
	//
	// * Use DescribeStackInstance to return
	// detailed information about a specific stack instance, including its drift status
	// and last drift time checked.
	//
	// For more information about performing a drift
	// detection operation on a stack set, see Detecting unmanaged changes in stack
	// sets
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html).
	// You can only run a single drift detection operation on a given stack set at one
	// time. To stop a drift detection stack set operation, use StopStackSetOperation.
	DetectStackSetDrift(ctx context.Context, params *DetectStackSetDriftInput, optFns ...func(*Options)) (*DetectStackSetDriftOutput, error)
	// Returns the estimated monthly cost of a template. The return value is an Amazon
	// Web Services Simple Monthly Calculator URL with a query string that describes
	// the resources required to run the template.
	EstimateTemplateCost(ctx context.Context, params *EstimateTemplateCostInput, optFns ...func(*Options)) (*EstimateTemplateCostOutput, error)
	// Updates a stack using the input information that was provided when the specified
	// change set was created. After the call successfully completes, CloudFormation
	// starts updating the stack. Use the DescribeStacks action to view the status of
	// the update. When you execute a change set, CloudFormation deletes all other
	// change sets associated with the stack because they aren't valid for the updated
	// stack. If a stack policy is associated with the stack, CloudFormation enforces
	// the policy during the update. You can't specify a temporary stack policy that
	// overrides the current policy. To create a change set for the entire stack
	// hierarchy, IncludeNestedStacks must have been set to True.
	ExecuteChangeSet(ctx context.Context, params *ExecuteChangeSetInput, optFns ...func(*Options)) (*ExecuteChangeSetOutput, error)
	// Returns the stack policy for a specified stack. If a stack doesn't have a
	// policy, a null value is returned.
	GetStackPolicy(ctx context.Context, params *GetStackPolicyInput, optFns ...func(*Options)) (*GetStackPolicyOutput, error)
	// Returns the template body for a specified stack. You can get the template for
	// running or deleted stacks. For deleted stacks, GetTemplate returns the template
	// for up to 90 days after the stack has been deleted. If the template doesn't
	// exist, a ValidationError is returned.
	GetTemplate(ctx context.Context, params *GetTemplateInput, optFns ...func(*Options)) (*GetTemplateOutput, error)
	// Returns information about a new or existing template. The GetTemplateSummary
	// action is useful for viewing parameter information, such as default parameter
	// values and parameter types, before you create or update a stack or stack set.
	// You can use the GetTemplateSummary action when you submit a template, or you can
	// get template information for a stack set, or a running or deleted stack. For
	// deleted stacks, GetTemplateSummary returns the template information for up to 90
	// days after the stack has been deleted. If the template doesn't exist, a
	// ValidationError is returned.
	GetTemplateSummary(ctx context.Context, params *GetTemplateSummaryInput, optFns ...func(*Options)) (*GetTemplateSummaryOutput, error)
	// Import existing stacks into a new stack sets. Use the stack import operation to
	// import up to 10 stacks into a new stack set in the same account as the source
	// stack or in a different administrator account and Region, by specifying the
	// stack ID of the stack you intend to import. ImportStacksToStackSet is only
	// supported by self-managed permissions.
	ImportStacksToStackSet(ctx context.Context, params *ImportStacksToStackSetInput, optFns ...func(*Options)) (*ImportStacksToStackSetOutput, error)
	// Returns the ID and status of each active change set for a stack. For example,
	// CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or
	// CREATE_PENDING state.
	ListChangeSets(ctx context.Context, params *ListChangeSetsInput, optFns ...func(*Options)) (*ListChangeSetsOutput, error)
	// Lists all exported output values in the account and Region in which you call
	// this action. Use this action to see the exported output values that you can
	// import into other stacks. To import values, use the Fn::ImportValue
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)
	// function. For more information, see  CloudFormation export stack output values
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html).
	ListExports(ctx context.Context, params *ListExportsInput, optFns ...func(*Options)) (*ListExportsOutput, error)
	// Lists all stacks that are importing an exported output value. To modify or
	// remove an exported output value, first use this action to see which stacks are
	// using it. To see the exported output values in your account, see ListExports.
	// For more information about importing an exported output value, see the
	// Fn::ImportValue
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)
	// function.
	ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error)
	// Returns summary information about stack instances that are associated with the
	// specified stack set. You can filter for stack instances that are associated with
	// a specific Amazon Web Services account name or Region, or that have a specific
	// status.
	ListStackInstances(ctx context.Context, params *ListStackInstancesInput, optFns ...func(*Options)) (*ListStackInstancesOutput, error)
	// Returns descriptions of all resources of the specified stack. For deleted
	// stacks, ListStackResources returns resource information for up to 90 days after
	// the stack has been deleted.
	ListStackResources(ctx context.Context, params *ListStackResourcesInput, optFns ...func(*Options)) (*ListStackResourcesOutput, error)
	// Returns summary information about the results of a stack set operation.
	ListStackSetOperationResults(ctx context.Context, params *ListStackSetOperationResultsInput, optFns ...func(*Options)) (*ListStackSetOperationResultsOutput, error)
	// Returns summary information about operations performed on a stack set.
	ListStackSetOperations(ctx context.Context, params *ListStackSetOperationsInput, optFns ...func(*Options)) (*ListStackSetOperationsOutput, error)
	// Returns summary information about stack sets that are associated with the
	// user.
	//
	// * [Self-managed permissions] If you set the CallAs parameter to SELF
	// while signed in to your Amazon Web Services account, ListStackSets returns all
	// self-managed stack sets in your Amazon Web Services account.
	//
	// * [Service-managed
	// permissions] If you set the CallAs parameter to SELF while signed in to the
	// organization's management account, ListStackSets returns all stack sets in the
	// management account.
	//
	// * [Service-managed permissions] If you set the CallAs
	// parameter to DELEGATED_ADMIN while signed in to your member account,
	// ListStackSets returns all stack sets with service-managed permissions in the
	// management account.
	ListStackSets(ctx context.Context, params *ListStackSetsInput, optFns ...func(*Options)) (*ListStackSetsOutput, error)
	// Returns the summary information for stacks whose status matches the specified
	// StackStatusFilter. Summary information for stacks that have been deleted is kept
	// for 90 days after the stack is deleted. If no StackStatusFilter is specified,
	// summary information for all stacks is returned (including existing stacks and
	// stacks that have been deleted).
	ListStacks(ctx context.Context, params *ListStacksInput, optFns ...func(*Options)) (*ListStacksOutput, error)
	// Returns a list of registration tokens for the specified extension(s).
	ListTypeRegistrations(ctx context.Context, params *ListTypeRegistrationsInput, optFns ...func(*Options)) (*ListTypeRegistrationsOutput, error)
	// Returns summary information about the versions of an extension.
	ListTypeVersions(ctx context.Context, params *ListTypeVersionsInput, optFns ...func(*Options)) (*ListTypeVersionsOutput, error)
	// Returns summary information about extension that have been registered with
	// CloudFormation.
	ListTypes(ctx context.Context, params *ListTypesInput, optFns ...func(*Options)) (*ListTypesOutput, error)
	// Publishes the specified extension to the CloudFormation registry as a public
	// extension in this region. Public extensions are available for use by all
	// CloudFormation users. For more information about publishing extensions, see
	// Publishing extensions to make them available for public use
	// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html)
	// in the CloudFormation CLI User Guide. To publish an extension, you must be
	// registered as a publisher with CloudFormation. For more information, see
	// RegisterPublisher
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html).
	PublishType(ctx context.Context, params *PublishTypeInput, optFns ...func(*Options)) (*PublishTypeOutput, error)
	// Reports progress of a resource handler to CloudFormation. Reserved for use by
	// the CloudFormation CLI
	// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html).
	// Don't use this API in your code.
	RecordHandlerProgress(ctx context.Context, params *RecordHandlerProgressInput, optFns ...func(*Options)) (*RecordHandlerProgressOutput, error)
	// Registers your account as a publisher of public extensions in the CloudFormation
	// registry. Public extensions are available for use by all CloudFormation users.
	// This publisher ID applies to your account in all Amazon Web Services Regions.
	// For information about requirements for registering as a public extension
	// publisher, see Registering your account to publish CloudFormation extensions
	// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs)
	// in the CloudFormation CLI User Guide.
	RegisterPublisher(ctx context.Context, params *RegisterPublisherInput, optFns ...func(*Options)) (*RegisterPublisherOutput, error)
	// Registers an extension with the CloudFormation service. Registering an extension
	// makes it available for use in CloudFormation templates in your Amazon Web
	// Services account, and includes:
	//
	// * Validating the extension schema.
	//
	// *
	// Determining which handlers, if any, have been specified for the extension.
	//
	// *
	// Making the extension available for use in your account.
	//
	// For more information
	// about how to develop extensions and ready them for registration, see Creating
	// Resource Providers
	// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html)
	// in the CloudFormation CLI User Guide. You can have a maximum of 50 resource
	// extension versions registered at a time. This maximum is per account and per
	// region. Use DeregisterType to deregister specific extension versions if
	// necessary. Once you have initiated a registration request using RegisterType,
	// you can use DescribeTypeRegistration to monitor the progress of the registration
	// request. Once you have registered a private extension in your account and
	// region, use SetTypeConfiguration to specify configuration properties for the
	// extension. For more information, see Configuring extensions at the account level
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
	// in the CloudFormation User Guide.
	RegisterType(ctx context.Context, params *RegisterTypeInput, optFns ...func(*Options)) (*RegisterTypeOutput, error)
	// When specifying RollbackStack, you preserve the state of previously provisioned
	// resources when an operation fails. You can check the status of the stack through
	// the DescribeStacks operation. Rolls back the specified stack to the last known
	// stable state from CREATE_FAILED or UPDATE_FAILED stack statuses. This operation
	// will delete a stack if it doesn't contain a last known stable state. A last
	// known stable state includes any status in a *_COMPLETE. This includes the
	// following stack statuses.
	//
	// * CREATE_COMPLETE
	//
	// * UPDATE_COMPLETE
	//
	// *
	// UPDATE_ROLLBACK_COMPLETE
	//
	// * IMPORT_COMPLETE
	//
	// * IMPORT_ROLLBACK_COMPLETE
	RollbackStack(ctx context.Context, params *RollbackStackInput, optFns ...func(*Options)) (*RollbackStackOutput, error)
	// Sets a stack policy for a specified stack.
	SetStackPolicy(ctx context.Context, params *SetStackPolicyInput, optFns ...func(*Options)) (*SetStackPolicyOutput, error)
	// Specifies the configuration data for a registered CloudFormation extension, in
	// the given account and region. To view the current configuration data for an
	// extension, refer to the ConfigurationSchema element of DescribeType. For more
	// information, see Configuring extensions at the account level
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
	// in the CloudFormation User Guide. It's strongly recommended that you use dynamic
	// references to restrict sensitive configuration definitions, such as third-party
	// credentials. For more details on dynamic references, see Using dynamic
	// references to specify template values (https://docs.aws.amazon.com/) in the
	// CloudFormation User Guide.
	SetTypeConfiguration(ctx context.Context, params *SetTypeConfigurationInput, optFns ...func(*Options)) (*SetTypeConfigurationOutput, error)
	// Specify the default version of an extension. The default version of an extension
	// will be used in CloudFormation operations.
	SetTypeDefaultVersion(ctx context.Context, params *SetTypeDefaultVersionInput, optFns ...func(*Options)) (*SetTypeDefaultVersionOutput, error)
	// Sends a signal to the specified resource with a success or failure status. You
	// can use the SignalResource operation in conjunction with a creation policy or
	// update policy. CloudFormation doesn't proceed with a stack creation or update
	// until resources receive the required number of signals or the timeout period is
	// exceeded. The SignalResource operation is useful in cases where you want to send
	// signals from anywhere other than an Amazon EC2 instance.
	SignalResource(ctx context.Context, params *SignalResourceInput, optFns ...func(*Options)) (*SignalResourceOutput, error)
	// Stops an in-progress operation on a stack set and its associated stack
	// instances. StackSets will cancel all the unstarted stack instance deployments
	// and wait for those are in-progress to complete.
	StopStackSetOperation(ctx context.Context, params *StopStackSetOperationInput, optFns ...func(*Options)) (*StopStackSetOperationOutput, error)
	// Tests a registered extension to make sure it meets all necessary requirements
	// for being published in the CloudFormation registry.
	//
	// * For resource types, this
	// includes passing all contracts tests defined for the type.
	//
	// * For modules, this
	// includes determining if the module's model meets all necessary
	// requirements.
	//
	// For more information, see Testing your public extension prior to
	// publishing
	// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing)
	// in the CloudFormation CLI User Guide. If you don't specify a version,
	// CloudFormation uses the default version of the extension in your account and
	// region for testing. To perform testing, CloudFormation assumes the execution
	// role specified when the type was registered. For more information, see
	// RegisterType. Once you've initiated testing on an extension using TestType, you
	// can pass the returned TypeVersionArn into DescribeType
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html)
	// to monitor the current test status and test status description for the
	// extension. An extension must have a test status of PASSED before it can be
	// published. For more information, see Publishing extensions to make them
	// available for public use
	// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html)
	// in the CloudFormation CLI User Guide.
	TestType(ctx context.Context, params *TestTypeInput, optFns ...func(*Options)) (*TestTypeOutput, error)
	// Updates a stack as specified in the template. After the call completes
	// successfully, the stack update starts. You can check the status of the stack
	// through the DescribeStacks action. To get a copy of the template for an existing
	// stack, you can use the GetTemplate action. For more information about creating
	// an update template, updating a stack, and monitoring the progress of the update,
	// see Updating a Stack
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html).
	UpdateStack(ctx context.Context, params *UpdateStackInput, optFns ...func(*Options)) (*UpdateStackOutput, error)
	// Updates the parameter values for stack instances for the specified accounts,
	// within the specified Amazon Web Services Regions. A stack instance refers to a
	// stack in a specific account and Region. You can only update stack instances in
	// Amazon Web Services Regions and accounts where they already exist; to create
	// additional stack instances, use CreateStackInstances
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStackInstances.html).
	// During stack set updates, any parameters overridden for a stack instance aren't
	// updated, but retain their overridden value. You can only update the parameter
	// values that are specified in the stack set; to add or delete a parameter itself,
	// use UpdateStackSet
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html)
	// to update the stack set template. If you add a parameter to a template, before
	// you can override the parameter value specified in the stack set you must first
	// use UpdateStackSet
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html)
	// to update all stack instances with the updated template and parameter value
	// specified in the stack set. Once a stack instance has been updated with the new
	// parameter, you can then override the parameter value using UpdateStackInstances.
	UpdateStackInstances(ctx context.Context, params *UpdateStackInstancesInput, optFns ...func(*Options)) (*UpdateStackInstancesOutput, error)
	// Updates the stack set, and associated stack instances in the specified accounts
	// and Amazon Web Services Regions. Even if the stack set operation created by
	// updating the stack set fails (completely or partially, below or above a
	// specified failure tolerance), the stack set is updated with your changes.
	// Subsequent CreateStackInstances calls on the specified stack set use the updated
	// stack set.
	UpdateStackSet(ctx context.Context, params *UpdateStackSetInput, optFns ...func(*Options)) (*UpdateStackSetOutput, error)
	// Updates termination protection for the specified stack. If a user attempts to
	// delete a stack with termination protection enabled, the operation fails and the
	// stack remains unchanged. For more information, see Protecting a Stack From Being
	// Deleted
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html)
	// in the CloudFormation User Guide. For nested stacks
	// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html),
	// termination protection is set on the root stack and can't be changed directly on
	// the nested stack.
	UpdateTerminationProtection(ctx context.Context, params *UpdateTerminationProtectionInput, optFns ...func(*Options)) (*UpdateTerminationProtectionOutput, error)
	// Validates a specified template. CloudFormation first checks if the template is
	// valid JSON. If it isn't, CloudFormation checks if the template is valid YAML. If
	// both these checks fail, CloudFormation returns a template validation error.
	ValidateTemplate(ctx context.Context, params *ValidateTemplateInput, optFns ...func(*Options)) (*ValidateTemplateOutput, error)
}

CloudFormation provides an interface to the AWS CloudFormation service.

type CloudTrail added in v0.92.0

type CloudTrail interface {
	// Adds one or more tags to a trail, event data store, or channel, up to a limit of
	// 50. Overwrites an existing tag's value when a new value is specified for an
	// existing tag key. Tag key names must be unique; you cannot have two keys with
	// the same name but different values. If you specify a key without a value, the
	// tag will be created with the specified key and a value of null. You can tag a
	// trail or event data store that applies to all Amazon Web Services Regions only
	// from the Region in which the trail or event data store was created (also known
	// as its home region).
	AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
	// Cancels a query if the query is not in a terminated state, such as CANCELLED,
	// FAILED, TIMED_OUT, or FINISHED. You must specify an ARN value for
	// EventDataStore. The ID of the query that you want to cancel is also required.
	// When you run CancelQuery, the query status might show as CANCELLED even if the
	// operation is not yet finished.
	CancelQuery(ctx context.Context, params *CancelQueryInput, optFns ...func(*Options)) (*CancelQueryOutput, error)
	// Creates a channel for CloudTrail to ingest events from a partner or external
	// source. After you create a channel, a CloudTrail Lake event data store can log
	// events from the partner or source that you specify.
	CreateChannel(ctx context.Context, params *CreateChannelInput, optFns ...func(*Options)) (*CreateChannelOutput, error)
	// Creates a new event data store.
	CreateEventDataStore(ctx context.Context, params *CreateEventDataStoreInput, optFns ...func(*Options)) (*CreateEventDataStoreOutput, error)
	// Creates a trail that specifies the settings for delivery of log data to an
	// Amazon S3 bucket.
	CreateTrail(ctx context.Context, params *CreateTrailInput, optFns ...func(*Options)) (*CreateTrailOutput, error)
	// Deletes a channel.
	DeleteChannel(ctx context.Context, params *DeleteChannelInput, optFns ...func(*Options)) (*DeleteChannelOutput, error)
	// Disables the event data store specified by EventDataStore, which accepts an
	// event data store ARN. After you run DeleteEventDataStore, the event data store
	// enters a PENDING_DELETION state, and is automatically deleted after a wait
	// period of seven days. TerminationProtectionEnabled must be set to False on the
	// event data store; this operation cannot work if TerminationProtectionEnabled is
	// True. After you run DeleteEventDataStore on an event data store, you cannot run
	// ListQueries, DescribeQuery, or GetQueryResults on queries that are using an
	// event data store in a PENDING_DELETION state. An event data store in the
	// PENDING_DELETION state does not incur costs.
	DeleteEventDataStore(ctx context.Context, params *DeleteEventDataStoreInput, optFns ...func(*Options)) (*DeleteEventDataStoreOutput, error)
	// Deletes the resource-based policy attached to the CloudTrail channel.
	DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
	// Deletes a trail. This operation must be called from the region in which the
	// trail was created. DeleteTrail cannot be called on the shadow trails (replicated
	// trails in other regions) of a trail that is enabled in all regions.
	DeleteTrail(ctx context.Context, params *DeleteTrailInput, optFns ...func(*Options)) (*DeleteTrailOutput, error)
	// Removes CloudTrail delegated administrator permissions from a member account in
	// an organization.
	DeregisterOrganizationDelegatedAdmin(ctx context.Context, params *DeregisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*DeregisterOrganizationDelegatedAdminOutput, error)
	// Returns metadata about a query, including query run time in milliseconds, number
	// of events scanned and matched, and query status. You must specify an ARN for
	// EventDataStore, and a value for QueryID.
	DescribeQuery(ctx context.Context, params *DescribeQueryInput, optFns ...func(*Options)) (*DescribeQueryOutput, error)
	// Retrieves settings for one or more trails associated with the current region for
	// your account.
	DescribeTrails(ctx context.Context, params *DescribeTrailsInput, optFns ...func(*Options)) (*DescribeTrailsOutput, error)
	// Returns information about a specific channel.
	GetChannel(ctx context.Context, params *GetChannelInput, optFns ...func(*Options)) (*GetChannelOutput, error)
	// Returns information about an event data store specified as either an ARN or the
	// ID portion of the ARN.
	GetEventDataStore(ctx context.Context, params *GetEventDataStoreInput, optFns ...func(*Options)) (*GetEventDataStoreOutput, error)
	// Describes the settings for the event selectors that you configured for your
	// trail. The information returned for your event selectors includes the
	// following:
	//
	// * If your event selector includes read-only events, write-only
	// events, or all events. This applies to both management events and data
	// events.
	//
	// * If your event selector includes management events.
	//
	// * If your event
	// selector includes data events, the resources on which you are logging data
	// events.
	//
	// For more information about logging management and data events, see the
	// following topics in the CloudTrail User Guide:
	//
	// * Logging management events for
	// trails
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html)
	//
	// *
	// Logging data events for trails
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html)
	GetEventSelectors(ctx context.Context, params *GetEventSelectorsInput, optFns ...func(*Options)) (*GetEventSelectorsOutput, error)
	// Returns information about a specific import.
	GetImport(ctx context.Context, params *GetImportInput, optFns ...func(*Options)) (*GetImportOutput, error)
	// Describes the settings for the Insights event selectors that you configured for
	// your trail. GetInsightSelectors shows if CloudTrail Insights event logging is
	// enabled on the trail, and if it is, which insight types are enabled. If you run
	// GetInsightSelectors on a trail that does not have Insights events enabled, the
	// operation throws the exception InsightNotEnabledException For more information,
	// see Logging CloudTrail Insights Events for Trails
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html)
	// in the CloudTrail User Guide.
	GetInsightSelectors(ctx context.Context, params *GetInsightSelectorsInput, optFns ...func(*Options)) (*GetInsightSelectorsOutput, error)
	// Gets event data results of a query. You must specify the QueryID value returned
	// by the StartQuery operation, and an ARN for EventDataStore.
	GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error)
	// Retrieves the JSON text of the resource-based policy document attached to the
	// CloudTrail channel.
	GetResourcePolicy(ctx context.Context, params *GetResourcePolicyInput, optFns ...func(*Options)) (*GetResourcePolicyOutput, error)
	// Returns settings information for a specified trail.
	GetTrail(ctx context.Context, params *GetTrailInput, optFns ...func(*Options)) (*GetTrailOutput, error)
	// Returns a JSON-formatted list of information about the specified trail. Fields
	// include information on delivery errors, Amazon SNS and Amazon S3 errors, and
	// start and stop logging times for each trail. This operation returns trail status
	// from a single region. To return trail status from all regions, you must call the
	// operation on each region.
	GetTrailStatus(ctx context.Context, params *GetTrailStatusInput, optFns ...func(*Options)) (*GetTrailStatusOutput, error)
	// Lists the channels in the current account, and their source names.
	ListChannels(ctx context.Context, params *ListChannelsInput, optFns ...func(*Options)) (*ListChannelsOutput, error)
	// Returns information about all event data stores in the account, in the current
	// region.
	ListEventDataStores(ctx context.Context, params *ListEventDataStoresInput, optFns ...func(*Options)) (*ListEventDataStoresOutput, error)
	// Returns a list of failures for the specified import.
	ListImportFailures(ctx context.Context, params *ListImportFailuresInput, optFns ...func(*Options)) (*ListImportFailuresOutput, error)
	// Returns information on all imports, or a select set of imports by ImportStatus
	// or Destination.
	ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error)
	// Returns all public keys whose private keys were used to sign the digest files
	// within the specified time range. The public key is needed to validate digest
	// files that were signed with its corresponding private key. CloudTrail uses
	// different private and public key pairs per region. Each digest file is signed
	// with a private key unique to its region. When you validate a digest file from a
	// specific region, you must look in the same region for its corresponding public
	// key.
	ListPublicKeys(ctx context.Context, params *ListPublicKeysInput, optFns ...func(*Options)) (*ListPublicKeysOutput, error)
	// Returns a list of queries and query statuses for the past seven days. You must
	// specify an ARN value for EventDataStore. Optionally, to shorten the list of
	// results, you can specify a time range, formatted as timestamps, by adding
	// StartTime and EndTime parameters, and a QueryStatus value. Valid values for
	// QueryStatus include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED.
	ListQueries(ctx context.Context, params *ListQueriesInput, optFns ...func(*Options)) (*ListQueriesOutput, error)
	// Lists the tags for the trail, event data store, or channel in the current
	// region.
	ListTags(ctx context.Context, params *ListTagsInput, optFns ...func(*Options)) (*ListTagsOutput, error)
	// Lists trails that are in the current account.
	ListTrails(ctx context.Context, params *ListTrailsInput, optFns ...func(*Options)) (*ListTrailsOutput, error)
	// Looks up management events
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events)
	// or CloudTrail Insights events
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-insights-events)
	// that are captured by CloudTrail. You can look up events that occurred in a
	// region within the last 90 days. Lookup supports the following attributes for
	// management events:
	//
	// * Amazon Web Services access key
	//
	// * Event ID
	//
	// * Event
	// name
	//
	// * Event source
	//
	// * Read only
	//
	// * Resource name
	//
	// * Resource type
	//
	// * User
	// name
	//
	// Lookup supports the following attributes for Insights events:
	//
	// * Event
	// ID
	//
	// * Event name
	//
	// * Event source
	//
	// All attributes are optional. The default
	// number of results returned is 50, with a maximum of 50 possible. The response
	// includes a token that you can use to get the next page of results. The rate of
	// lookup requests is limited to two per second, per account, per region. If this
	// limit is exceeded, a throttling error occurs.
	LookupEvents(ctx context.Context, params *LookupEventsInput, optFns ...func(*Options)) (*LookupEventsOutput, error)
	// Configures an event selector or advanced event selectors for your trail. Use
	// event selectors or advanced event selectors to specify management and data event
	// settings for your trail. By default, trails created without specific event
	// selectors are configured to log all read and write management events, and no
	// data events. When an event occurs in your account, CloudTrail evaluates the
	// event selectors or advanced event selectors in all trails. For each trail, if
	// the event matches any event selector, the trail processes and logs the event. If
	// the event doesn't match any event selector, the trail doesn't log the event.
	// Example
	//
	// * You create an event selector for a trail and specify that you want
	// write-only events.
	//
	// * The EC2 GetConsoleOutput and RunInstances API operations
	// occur in your account.
	//
	// * CloudTrail evaluates whether the events match your
	// event selectors.
	//
	// * The RunInstances is a write-only event and it matches your
	// event selector. The trail logs the event.
	//
	// * The GetConsoleOutput is a read-only
	// event that doesn't match your event selector. The trail doesn't log the
	// event.
	//
	// The PutEventSelectors operation must be called from the region in which
	// the trail was created; otherwise, an InvalidHomeRegionException exception is
	// thrown. You can configure up to five event selectors for each trail. For more
	// information, see Logging management events for trails
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html),
	// Logging data events for trails
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html),
	// and Quotas in CloudTrail
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html)
	// in the CloudTrail User Guide. You can add advanced event selectors, and
	// conditions for your advanced event selectors, up to a maximum of 500 values for
	// all conditions and selectors on a trail. You can use either
	// AdvancedEventSelectors or EventSelectors, but not both. If you apply
	// AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten.
	// For more information about advanced event selectors, see Logging data events for
	// trails
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html)
	// in the CloudTrail User Guide.
	PutEventSelectors(ctx context.Context, params *PutEventSelectorsInput, optFns ...func(*Options)) (*PutEventSelectorsOutput, error)
	// Lets you enable Insights event logging by specifying the Insights selectors that
	// you want to enable on an existing trail. You also use PutInsightSelectors to
	// turn off Insights event logging, by passing an empty list of insight types. The
	// valid Insights event types in this release are ApiErrorRateInsight and
	// ApiCallRateInsight.
	PutInsightSelectors(ctx context.Context, params *PutInsightSelectorsInput, optFns ...func(*Options)) (*PutInsightSelectorsOutput, error)
	// Attaches a resource-based permission policy to a CloudTrail channel that is used
	// for an integration with an event source outside of Amazon Web Services. For more
	// information about resource-based policies, see CloudTrail resource-based policy
	// examples
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html)
	// in the CloudTrail User Guide.
	PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
	// Registers an organization’s member account as the CloudTrail delegated
	// administrator.
	RegisterOrganizationDelegatedAdmin(ctx context.Context, params *RegisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*RegisterOrganizationDelegatedAdminOutput, error)
	// Removes the specified tags from a trail, event data store, or channel.
	RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
	// Restores a deleted event data store specified by EventDataStore, which accepts
	// an event data store ARN. You can only restore a deleted event data store within
	// the seven-day wait period after deletion. Restoring an event data store can take
	// several minutes, depending on the size of the event data store.
	RestoreEventDataStore(ctx context.Context, params *RestoreEventDataStoreInput, optFns ...func(*Options)) (*RestoreEventDataStoreOutput, error)
	// Starts an import of logged trail events from a source S3 bucket to a destination
	// event data store. By default, CloudTrail only imports events contained in the S3
	// bucket's CloudTrail prefix and the prefixes inside the CloudTrail prefix, and
	// does not check prefixes for other Amazon Web Services services. If you want to
	// import CloudTrail events contained in another prefix, you must include the
	// prefix in the S3LocationUri. For more considerations about importing trail
	// events, see Considerations
	// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-copy-trail-to-lake.html#cloudtrail-trail-copy-considerations).
	// When you start a new import, the Destinations and ImportSource parameters are
	// required. Before starting a new import, disable any access control lists (ACLs)
	// attached to the source S3 bucket. For more information about disabling ACLs, see
	// Controlling ownership of objects and disabling ACLs for your bucket
	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html).
	// When you retry an import, the ImportID parameter is required. If the destination
	// event data store is for an organization, you must use the management account to
	// import trail events. You cannot use the delegated administrator account for the
	// organization.
	StartImport(ctx context.Context, params *StartImportInput, optFns ...func(*Options)) (*StartImportOutput, error)
	// Starts the recording of Amazon Web Services API calls and log file delivery for
	// a trail. For a trail that is enabled in all regions, this operation must be
	// called from the region in which the trail was created. This operation cannot be
	// called on the shadow trails (replicated trails in other regions) of a trail that
	// is enabled in all regions.
	StartLogging(ctx context.Context, params *StartLoggingInput, optFns ...func(*Options)) (*StartLoggingOutput, error)
	// Starts a CloudTrail Lake query. The required QueryStatement parameter provides
	// your SQL query, enclosed in single quotation marks. Use the optional
	// DeliveryS3Uri parameter to deliver the query results to an S3 bucket.
	StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error)
	// Stops a specified import.
	StopImport(ctx context.Context, params *StopImportInput, optFns ...func(*Options)) (*StopImportOutput, error)
	// Suspends the recording of Amazon Web Services API calls and log file delivery
	// for the specified trail. Under most circumstances, there is no need to use this
	// action. You can update a trail without stopping it first. This action is the
	// only way to stop recording. For a trail enabled in all regions, this operation
	// must be called from the region in which the trail was created, or an
	// InvalidHomeRegionException will occur. This operation cannot be called on the
	// shadow trails (replicated trails in other regions) of a trail enabled in all
	// regions.
	StopLogging(ctx context.Context, params *StopLoggingInput, optFns ...func(*Options)) (*StopLoggingOutput, error)
	// Updates a channel specified by a required channel ARN or UUID.
	UpdateChannel(ctx context.Context, params *UpdateChannelInput, optFns ...func(*Options)) (*UpdateChannelOutput, error)
	// Updates an event data store. The required EventDataStore value is an ARN or the
	// ID portion of the ARN. Other parameters are optional, but at least one optional
	// parameter must be specified, or CloudTrail throws an error. RetentionPeriod is
	// in days, and valid values are integers between 90 and 2557. By default,
	// TerminationProtection is enabled. For event data stores for CloudTrail events,
	// AdvancedEventSelectors includes or excludes management and data events in your
	// event data store. For more information about AdvancedEventSelectors, see
	// PutEventSelectorsRequest$AdvancedEventSelectors. For event data stores for
	// Config configuration items, Audit Manager evidence, or non-Amazon Web Services
	// events, AdvancedEventSelectors includes events of that type in your event data
	// store.
	UpdateEventDataStore(ctx context.Context, params *UpdateEventDataStoreInput, optFns ...func(*Options)) (*UpdateEventDataStoreOutput, error)
	// Updates trail settings that control what events you are logging, and how to
	// handle log files. Changes to a trail do not require stopping the CloudTrail
	// service. Use this action to designate an existing bucket for log delivery. If
	// the existing bucket has previously been a target for CloudTrail log files, an
	// IAM policy exists for the bucket. UpdateTrail must be called from the region in
	// which the trail was created; otherwise, an InvalidHomeRegionException is thrown.
	UpdateTrail(ctx context.Context, params *UpdateTrailInput, optFns ...func(*Options)) (*UpdateTrailOutput, error)
}

CloudTrail provides an interface to the AWS CloudTrail service.

type CloudWatchLogs added in v0.92.0

type CloudWatchLogs interface {
	// Associates the specified KMS key with the specified log group. Associating a KMS
	// key with a log group overrides any existing associations between the log group
	// and a KMS key. After a KMS key is associated with a log group, all newly
	// ingested data for the log group is encrypted using the KMS key. This association
	// is stored as long as the data encrypted with the KMS keyis still within
	// CloudWatch Logs. This enables CloudWatch Logs to decrypt this data whenever it
	// is requested. CloudWatch Logs supports only symmetric KMS keys. Do not use an
	// associate an asymmetric KMS key with your log group. For more information, see
	// Using Symmetric and Asymmetric Keys
	// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html).
	// It can take up to 5 minutes for this operation to take effect. If you attempt to
	// associate a KMS key with a log group but the KMS key does not exist or the KMS
	// key is disabled, you receive an InvalidParameterException error.
	AssociateKmsKey(ctx context.Context, params *AssociateKmsKeyInput, optFns ...func(*Options)) (*AssociateKmsKeyOutput, error)
	// Cancels the specified export task. The task must be in the PENDING or RUNNING
	// state.
	CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error)
	// Creates an export task so that you can efficiently export data from a log group
	// to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must
	// use credentials that have permission to write to the S3 bucket that you specify
	// as the destination. Exporting log data to S3 buckets that are encrypted by KMS
	// is supported. Exporting log data to Amazon S3 buckets that have S3 Object Lock
	// enabled with a retention period is also supported. Exporting to S3 buckets that
	// are encrypted with AES-256 is supported. This is an asynchronous call. If all
	// the required information is provided, this operation initiates an export task
	// and responds with the ID of the task. After the task has started, you can use
	// DescribeExportTasks
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html)
	// to get the status of the export task. Each account can only have one active
	// (RUNNING or PENDING) export task at a time. To cancel an export task, use
	// CancelExportTask
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html).
	// You can export logs from multiple log groups or multiple time ranges to the same
	// S3 bucket. To separate log data for each export task, specify a prefix to be
	// used as the Amazon S3 key prefix for all exported objects. Time-based sorting on
	// chunks of log data inside an exported file is not guaranteed. You can sort the
	// exported log field data by using Linux utilities.
	CreateExportTask(ctx context.Context, params *CreateExportTaskInput, optFns ...func(*Options)) (*CreateExportTaskOutput, error)
	// Creates a log group with the specified name. You can create up to 20,000 log
	// groups per account. You must use the following guidelines when naming a log
	// group:
	//
	// * Log group names must be unique within a Region for an Amazon Web
	// Services account.
	//
	// * Log group names can be between 1 and 512 characters
	// long.
	//
	// * Log group names consist of the following characters: a-z, A-Z, 0-9, '_'
	// (underscore), '-' (hyphen), '/' (forward slash), '.' (period), and '#' (number
	// sign)
	//
	// When you create a log group, by default the log events in the log group
	// do not expire. To set a retention policy so that events expire and are deleted
	// after a specified time, use PutRetentionPolicy
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html).
	// If you associate an KMS key with the log group, ingested data is encrypted using
	// the KMS key. This association is stored as long as the data encrypted with the
	// KMS key is still within CloudWatch Logs. This enables CloudWatch Logs to decrypt
	// this data whenever it is requested. If you attempt to associate a KMS key with
	// the log group but the KMS keydoes not exist or the KMS key is disabled, you
	// receive an InvalidParameterException error. CloudWatch Logs supports only
	// symmetric KMS keys. Do not associate an asymmetric KMS key with your log group.
	// For more information, see Using Symmetric and Asymmetric Keys
	// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html).
	CreateLogGroup(ctx context.Context, params *CreateLogGroupInput, optFns ...func(*Options)) (*CreateLogGroupOutput, error)
	// Creates a log stream for the specified log group. A log stream is a sequence of
	// log events that originate from a single source, such as an application instance
	// or a resource that is being monitored. There is no limit on the number of log
	// streams that you can create for a log group. There is a limit of 50 TPS on
	// CreateLogStream operations, after which transactions are throttled. You must use
	// the following guidelines when naming a log stream:
	//
	// * Log stream names must be
	// unique within the log group.
	//
	// * Log stream names can be between 1 and 512
	// characters long.
	//
	// * Don't use ':' (colon) or '*' (asterisk) characters.
	CreateLogStream(ctx context.Context, params *CreateLogStreamInput, optFns ...func(*Options)) (*CreateLogStreamOutput, error)
	// Deletes the data protection policy from the specified log group. For more
	// information about data protection policies, see PutDataProtectionPolicy
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html).
	DeleteDataProtectionPolicy(ctx context.Context, params *DeleteDataProtectionPolicyInput, optFns ...func(*Options)) (*DeleteDataProtectionPolicyOutput, error)
	// Deletes the specified destination, and eventually disables all the subscription
	// filters that publish to it. This operation does not delete the physical resource
	// encapsulated by the destination.
	DeleteDestination(ctx context.Context, params *DeleteDestinationInput, optFns ...func(*Options)) (*DeleteDestinationOutput, error)
	// Deletes the specified log group and permanently deletes all the archived log
	// events associated with the log group.
	DeleteLogGroup(ctx context.Context, params *DeleteLogGroupInput, optFns ...func(*Options)) (*DeleteLogGroupOutput, error)
	// Deletes the specified log stream and permanently deletes all the archived log
	// events associated with the log stream.
	DeleteLogStream(ctx context.Context, params *DeleteLogStreamInput, optFns ...func(*Options)) (*DeleteLogStreamOutput, error)
	// Deletes the specified metric filter.
	DeleteMetricFilter(ctx context.Context, params *DeleteMetricFilterInput, optFns ...func(*Options)) (*DeleteMetricFilterOutput, error)
	// Deletes a saved CloudWatch Logs Insights query definition. A query definition
	// contains details about a saved CloudWatch Logs Insights query. Each
	// DeleteQueryDefinition operation can delete one query definition. You must have
	// the logs:DeleteQueryDefinition permission to be able to perform this operation.
	DeleteQueryDefinition(ctx context.Context, params *DeleteQueryDefinitionInput, optFns ...func(*Options)) (*DeleteQueryDefinitionOutput, error)
	// Deletes a resource policy from this account. This revokes the access of the
	// identities in that policy to put log events to this account.
	DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
	// Deletes the specified retention policy. Log events do not expire if they belong
	// to log groups without a retention policy.
	DeleteRetentionPolicy(ctx context.Context, params *DeleteRetentionPolicyInput, optFns ...func(*Options)) (*DeleteRetentionPolicyOutput, error)
	// Deletes the specified subscription filter.
	DeleteSubscriptionFilter(ctx context.Context, params *DeleteSubscriptionFilterInput, optFns ...func(*Options)) (*DeleteSubscriptionFilterOutput, error)
	// Lists all your destinations. The results are ASCII-sorted by destination name.
	DescribeDestinations(ctx context.Context, params *DescribeDestinationsInput, optFns ...func(*Options)) (*DescribeDestinationsOutput, error)
	// Lists the specified export tasks. You can list all your export tasks or filter
	// the results based on task ID or task status.
	DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error)
	// Lists the specified log groups. You can list all your log groups or filter the
	// results by prefix. The results are ASCII-sorted by log group name. CloudWatch
	// Logs doesn’t support IAM policies that control access to the DescribeLogGroups
	// action by using the aws:ResourceTag/key-name  condition key. Other CloudWatch
	// Logs actions do support the use of the aws:ResourceTag/key-name  condition key
	// to control access. For more information about using tags to control access, see
	// Controlling access to Amazon Web Services resources using tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html). If you are
	// using CloudWatch cross-account observability, you can use this operation in a
	// monitoring account and view data from the linked source accounts. For more
	// information, see CloudWatch cross-account observability
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html).
	DescribeLogGroups(ctx context.Context, params *DescribeLogGroupsInput, optFns ...func(*Options)) (*DescribeLogGroupsOutput, error)
	// Lists the log streams for the specified log group. You can list all the log
	// streams or filter the results by prefix. You can also control how the results
	// are ordered. You can specify the log group to search by using either
	// logGroupIdentifier or logGroupName. You must include one of these two
	// parameters, but you can't include both. This operation has a limit of five
	// transactions per second, after which transactions are throttled. If you are
	// using CloudWatch cross-account observability, you can use this operation in a
	// monitoring account and view data from the linked source accounts. For more
	// information, see CloudWatch cross-account observability
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html).
	DescribeLogStreams(ctx context.Context, params *DescribeLogStreamsInput, optFns ...func(*Options)) (*DescribeLogStreamsOutput, error)
	// Lists the specified metric filters. You can list all of the metric filters or
	// filter the results by log name, prefix, metric name, or metric namespace. The
	// results are ASCII-sorted by filter name.
	DescribeMetricFilters(ctx context.Context, params *DescribeMetricFiltersInput, optFns ...func(*Options)) (*DescribeMetricFiltersOutput, error)
	// Returns a list of CloudWatch Logs Insights queries that are scheduled, running,
	// or have been run recently in this account. You can request all queries or limit
	// it to queries of a specific log group or queries with a certain status.
	DescribeQueries(ctx context.Context, params *DescribeQueriesInput, optFns ...func(*Options)) (*DescribeQueriesOutput, error)
	// This operation returns a paginated list of your saved CloudWatch Logs Insights
	// query definitions. You can use the queryDefinitionNamePrefix parameter to limit
	// the results to only the query definitions that have names that start with a
	// certain string.
	DescribeQueryDefinitions(ctx context.Context, params *DescribeQueryDefinitionsInput, optFns ...func(*Options)) (*DescribeQueryDefinitionsOutput, error)
	// Lists the resource policies in this account.
	DescribeResourcePolicies(ctx context.Context, params *DescribeResourcePoliciesInput, optFns ...func(*Options)) (*DescribeResourcePoliciesOutput, error)
	// Lists the subscription filters for the specified log group. You can list all the
	// subscription filters or filter the results by prefix. The results are
	// ASCII-sorted by filter name.
	DescribeSubscriptionFilters(ctx context.Context, params *DescribeSubscriptionFiltersInput, optFns ...func(*Options)) (*DescribeSubscriptionFiltersOutput, error)
	// Disassociates the associated KMS key from the specified log group. After the KMS
	// key is disassociated from the log group, CloudWatch Logs stops encrypting newly
	// ingested data for the log group. All previously ingested data remains encrypted,
	// and CloudWatch Logs requires permissions for the KMS key whenever the encrypted
	// data is requested. Note that it can take up to 5 minutes for this operation to
	// take effect.
	DisassociateKmsKey(ctx context.Context, params *DisassociateKmsKeyInput, optFns ...func(*Options)) (*DisassociateKmsKeyOutput, error)
	// Lists log events from the specified log group. You can list all the log events
	// or filter the results using a filter pattern, a time range, and the name of the
	// log stream. You must have the logs;FilterLogEvents permission to perform this
	// operation. You can specify the log group to search by using either
	// logGroupIdentifier or logGroupName. You must include one of these two
	// parameters, but you can't include both. By default, this operation returns as
	// many log events as can fit in 1 MB (up to 10,000 log events) or all the events
	// found within the specified time range. If the results include a token, that
	// means there are more log events available. You can get additional results by
	// specifying the token in a subsequent call. This operation can return empty
	// results while there are more log events available through the token. The
	// returned log events are sorted by event timestamp, the timestamp when the event
	// was ingested by CloudWatch Logs, and the ID of the PutLogEvents request. If you
	// are using CloudWatch cross-account observability, you can use this operation in
	// a monitoring account and view data from the linked source accounts. For more
	// information, see CloudWatch cross-account observability
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html).
	FilterLogEvents(ctx context.Context, params *FilterLogEventsInput, optFns ...func(*Options)) (*FilterLogEventsOutput, error)
	// Returns information about a log group data protection policy.
	GetDataProtectionPolicy(ctx context.Context, params *GetDataProtectionPolicyInput, optFns ...func(*Options)) (*GetDataProtectionPolicyOutput, error)
	// Lists log events from the specified log stream. You can list all of the log
	// events or filter using a time range. By default, this operation returns as many
	// log events as can fit in a response size of 1MB (up to 10,000 log events). You
	// can get additional log events by specifying one of the tokens in a subsequent
	// call. This operation can return empty results while there are more log events
	// available through the token. If you are using CloudWatch cross-account
	// observability, you can use this operation in a monitoring account and view data
	// from the linked source accounts. For more information, see CloudWatch
	// cross-account observability
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html).
	// You can specify the log group to search by using either logGroupIdentifier or
	// logGroupName. You must include one of these two parameters, but you can't
	// include both.
	GetLogEvents(ctx context.Context, params *GetLogEventsInput, optFns ...func(*Options)) (*GetLogEventsOutput, error)
	// Returns a list of the fields that are included in log events in the specified
	// log group. Includes the percentage of log events that contain each field. The
	// search is limited to a time period that you specify. You can specify the log
	// group to search by using either logGroupIdentifier or logGroupName. You must
	// specify one of these parameters, but you can't specify both. In the results,
	// fields that start with @ are fields generated by CloudWatch Logs. For example,
	// @timestamp is the timestamp of each log event. For more information about the
	// fields that are generated by CloudWatch logs, see Supported Logs and Discovered
	// Fields
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html).
	// The response results are sorted by the frequency percentage, starting with the
	// highest percentage. If you are using CloudWatch cross-account observability, you
	// can use this operation in a monitoring account and view data from the linked
	// source accounts. For more information, see CloudWatch cross-account
	// observability
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html).
	GetLogGroupFields(ctx context.Context, params *GetLogGroupFieldsInput, optFns ...func(*Options)) (*GetLogGroupFieldsOutput, error)
	// Retrieves all of the fields and values of a single log event. All fields are
	// retrieved, even if the original query that produced the logRecordPointer
	// retrieved only a subset of fields. Fields are returned as field name/field value
	// pairs. The full unparsed log event is returned within @message.
	GetLogRecord(ctx context.Context, params *GetLogRecordInput, optFns ...func(*Options)) (*GetLogRecordOutput, error)
	// Returns the results from the specified query. Only the fields requested in the
	// query are returned, along with a @ptr field, which is the identifier for the log
	// record. You can use the value of @ptr in a GetLogRecord
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html)
	// operation to get the full log record. GetQueryResults does not start running a
	// query. To run a query, use StartQuery
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html).
	// If the value of the Status field in the output is Running, this operation
	// returns only partial results. If you see a value of Scheduled or Running for the
	// status, you can retry the operation later to see the final results. If you are
	// using CloudWatch cross-account observability, you can use this operation in a
	// monitoring account to start queries in linked source accounts. For more
	// information, see CloudWatch cross-account observability
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html).
	GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error)
	// Displays the tags associated with a CloudWatch Logs resource. Currently, log
	// groups and destinations support tagging.
	ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
	// The ListTagsLogGroup operation is on the path to deprecation. We recommend that
	// you use ListTagsForResource
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html)
	// instead. Lists the tags for the specified log group.
	//
	// Deprecated: Please use the generic tagging API ListTagsForResource
	ListTagsLogGroup(ctx context.Context, params *ListTagsLogGroupInput, optFns ...func(*Options)) (*ListTagsLogGroupOutput, error)
	// Creates a data protection policy for the specified log group. A data protection
	// policy can help safeguard sensitive data that's ingested by the log group by
	// auditing and masking the sensitive log data. Sensitive data is detected and
	// masked when it is ingested into the log group. When you set a data protection
	// policy, log events ingested into the log group before that time are not masked.
	// By default, when a user views a log event that includes masked data, the
	// sensitive data is replaced by asterisks. A user who has the logs:Unmask
	// permission can use a GetLogEvents
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html)
	// or FilterLogEvents
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html)
	// operation with the unmask parameter set to true to view the unmasked log events.
	// Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs
	// console by running a CloudWatch Logs Insights query with the unmask query
	// command. For more information, including a list of types of data that can be
	// audited and masked, see Protect sensitive log data with masking
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html).
	PutDataProtectionPolicy(ctx context.Context, params *PutDataProtectionPolicyInput, optFns ...func(*Options)) (*PutDataProtectionPolicyOutput, error)
	// Creates or updates a destination. This operation is used only to create
	// destinations for cross-account subscriptions. A destination encapsulates a
	// physical resource (such as an Amazon Kinesis stream). With a destination, you
	// can subscribe to a real-time stream of log events for a different account,
	// ingested using PutLogEvents
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html).
	// Through an access policy, a destination controls what is written to it. By
	// default, PutDestination does not set any access policy with the destination,
	// which means a cross-account user cannot call PutSubscriptionFilter
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html)
	// against this destination. To enable this, the destination owner must call
	// PutDestinationPolicy
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html)
	// after PutDestination. To perform a PutDestination operation, you must also have
	// the iam:PassRole permission.
	PutDestination(ctx context.Context, params *PutDestinationInput, optFns ...func(*Options)) (*PutDestinationOutput, error)
	// Creates or updates an access policy associated with an existing destination. An
	// access policy is an IAM policy document
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) that
	// is used to authorize claims to register a subscription filter against a given
	// destination.
	PutDestinationPolicy(ctx context.Context, params *PutDestinationPolicyInput, optFns ...func(*Options)) (*PutDestinationPolicyOutput, error)
	// Uploads a batch of log events to the specified log stream. The sequence token is
	// now ignored in PutLogEvents actions. PutLogEvents actions are always accepted
	// and never return InvalidSequenceTokenException or DataAlreadyAcceptedException
	// even if the sequence token is not valid. You can use parallel PutLogEvents
	// actions on the same log stream. The batch of events must satisfy the following
	// constraints:
	//
	// * The maximum batch size is 1,048,576 bytes. This size is
	// calculated as the sum of all event messages in UTF-8, plus 26 bytes for each log
	// event.
	//
	// * None of the log events in the batch can be more than 2 hours in the
	// future.
	//
	// * None of the log events in the batch can be more than 14 days in the
	// past. Also, none of the log events can be from earlier than the retention period
	// of the log group.
	//
	// * The log events in the batch must be in chronological order
	// by their timestamp. The timestamp is the time that the event occurred, expressed
	// as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. (In Amazon Web
	// Services Tools for PowerShell and the Amazon Web Services SDK for .NET, the
	// timestamp is specified in .NET format: yyyy-mm-ddThh:mm:ss. For example,
	// 2017-09-15T13:45:30.)
	//
	// * A batch of log events in a single request cannot span
	// more than 24 hours. Otherwise, the operation fails.
	//
	// * The maximum number of log
	// events in a batch is 10,000.
	//
	// * The quota of five requests per second per log
	// stream has been removed. Instead, PutLogEvents actions are throttled based on a
	// per-second per-account quota. You can request an increase to the per-second
	// throttling quota by using the Service Quotas service.
	//
	// If a call to PutLogEvents
	// returns "UnrecognizedClientException" the most likely cause is a non-valid
	// Amazon Web Services access key ID or secret key.
	PutLogEvents(ctx context.Context, params *PutLogEventsInput, optFns ...func(*Options)) (*PutLogEventsOutput, error)
	// Creates or updates a metric filter and associates it with the specified log
	// group. With metric filters, you can configure rules to extract metric data from
	// log events ingested through PutLogEvents
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html).
	// The maximum number of metric filters that can be associated with a log group is
	// 100. When you create a metric filter, you can also optionally assign a unit and
	// dimensions to the metric that is created. Metrics extracted from log events are
	// charged as custom metrics. To prevent unexpected high charges, do not specify
	// high-cardinality fields such as IPAddress or requestID as dimensions. Each
	// different value found for a dimension is treated as a separate metric and
	// accrues charges as a separate custom metric. CloudWatch Logs disables a metric
	// filter if it generates 1,000 different name/value pairs for your specified
	// dimensions within a certain amount of time. This helps to prevent accidental
	// high charges. You can also set up a billing alarm to alert you if your charges
	// are higher than expected. For more information, see  Creating a Billing Alarm to
	// Monitor Your Estimated Amazon Web Services Charges
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html).
	PutMetricFilter(ctx context.Context, params *PutMetricFilterInput, optFns ...func(*Options)) (*PutMetricFilterOutput, error)
	// Creates or updates a query definition for CloudWatch Logs Insights. For more
	// information, see Analyzing Log Data with CloudWatch Logs Insights
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html).
	// To update a query definition, specify its queryDefinitionId in your request. The
	// values of name, queryString, and logGroupNames are changed to the values that
	// you specify in your update operation. No current values are retained from the
	// current query definition. For example, imagine updating a current query
	// definition that includes log groups. If you don't specify the logGroupNames
	// parameter in your update operation, the query definition changes to contain no
	// log groups. You must have the logs:PutQueryDefinition permission to be able to
	// perform this operation.
	PutQueryDefinition(ctx context.Context, params *PutQueryDefinitionInput, optFns ...func(*Options)) (*PutQueryDefinitionOutput, error)
	// Creates or updates a resource policy allowing other Amazon Web Services services
	// to put log events to this account, such as Amazon Route 53. An account can have
	// up to 10 resource policies per Amazon Web Services Region.
	PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
	// Sets the retention of the specified log group. With a retention policy, you can
	// configure the number of days for which to retain log events in the specified log
	// group. CloudWatch Logs doesn’t immediately delete log events when they reach
	// their retention setting. It typically takes up to 72 hours after that before log
	// events are deleted, but in rare situations might take longer. To illustrate,
	// imagine that you change a log group to have a longer retention setting when it
	// contains log events that are past the expiration date, but haven’t been deleted.
	// Those log events will take up to 72 hours to be deleted after the new retention
	// date is reached. To make sure that log data is deleted permanently, keep a log
	// group at its lower retention setting until 72 hours after the previous retention
	// period ends. Alternatively, wait to change the retention setting until you
	// confirm that the earlier log events are deleted.
	PutRetentionPolicy(ctx context.Context, params *PutRetentionPolicyInput, optFns ...func(*Options)) (*PutRetentionPolicyOutput, error)
	// Creates or updates a subscription filter and associates it with the specified
	// log group. With subscription filters, you can subscribe to a real-time stream of
	// log events ingested through PutLogEvents
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html)
	// and have them delivered to a specific destination. When log events are sent to
	// the receiving service, they are Base64 encoded and compressed with the GZIP
	// format. The following destinations are supported for subscription filters:
	//
	// * An
	// Amazon Kinesis data stream belonging to the same account as the subscription
	// filter, for same-account delivery.
	//
	// * A logical destination that belongs to a
	// different account, for cross-account delivery.
	//
	// * An Amazon Kinesis Data
	// Firehose delivery stream that belongs to the same account as the subscription
	// filter, for same-account delivery.
	//
	// * An Lambda function that belongs to the
	// same account as the subscription filter, for same-account delivery.
	//
	// Each log
	// group can have up to two subscription filters associated with it. If you are
	// updating an existing filter, you must specify the correct name in filterName. To
	// perform a PutSubscriptionFilter operation, you must also have the iam:PassRole
	// permission.
	PutSubscriptionFilter(ctx context.Context, params *PutSubscriptionFilterInput, optFns ...func(*Options)) (*PutSubscriptionFilterOutput, error)
	// Schedules a query of a log group using CloudWatch Logs Insights. You specify the
	// log group and time range to query and the query string to use. For more
	// information, see CloudWatch Logs Insights Query Syntax
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).
	// Queries time out after 15 minutes of runtime. If your queries are timing out,
	// reduce the time range being searched or partition your query into a number of
	// queries. If you are using CloudWatch cross-account observability, you can use
	// this operation in a monitoring account to start a query in a linked source
	// account. For more information, see CloudWatch cross-account observability
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html).
	// For a cross-account StartQuery operation, the query definition must be defined
	// in the monitoring account. You can have up to 20 concurrent CloudWatch Logs
	// insights queries, including queries that have been added to dashboards.
	StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error)
	// Stops a CloudWatch Logs Insights query that is in progress. If the query has
	// already ended, the operation returns an error indicating that the specified
	// query is not running.
	StopQuery(ctx context.Context, params *StopQueryInput, optFns ...func(*Options)) (*StopQueryOutput, error)
	// The TagLogGroup operation is on the path to deprecation. We recommend that you
	// use TagResource
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html)
	// instead. Adds or updates the specified tags for the specified log group. To list
	// the tags for a log group, use ListTagsForResource
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html).
	// To remove tags, use UntagResource
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html).
	// For more information about tags, see Tag Log Groups in Amazon CloudWatch Logs
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#log-group-tagging)
	// in the Amazon CloudWatch Logs User Guide. CloudWatch Logs doesn’t support IAM
	// policies that prevent users from assigning specified tags to log groups using
	// the aws:Resource/key-name  or aws:TagKeys condition keys. For more information
	// about using tags to control access, see Controlling access to Amazon Web
	// Services resources using tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html).
	//
	// Deprecated: Please use the generic tagging API TagResource
	TagLogGroup(ctx context.Context, params *TagLogGroupInput, optFns ...func(*Options)) (*TagLogGroupOutput, error)
	// Assigns one or more tags (key-value pairs) to the specified CloudWatch Logs
	// resource. Currently, the only CloudWatch Logs resources that can be tagged are
	// log groups and destinations. Tags can help you organize and categorize your
	// resources. You can also use them to scope user permissions by granting a user
	// permission to access or change only resources with certain tag values. Tags
	// don't have any semantic meaning to Amazon Web Services and are interpreted
	// strictly as strings of characters. You can use the TagResource action with a
	// resource that already has tags. If you specify a new tag key for the alarm, this
	// tag is appended to the list of tags associated with the alarm. If you specify a
	// tag key that is already associated with the alarm, the new tag value that you
	// specify replaces the previous value for that tag. You can associate as many as
	// 50 tags with a CloudWatch Logs resource.
	TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
	// Tests the filter pattern of a metric filter against a sample of log event
	// messages. You can use this operation to validate the correctness of a metric
	// filter pattern.
	TestMetricFilter(ctx context.Context, params *TestMetricFilterInput, optFns ...func(*Options)) (*TestMetricFilterOutput, error)
	// The UntagLogGroup operation is on the path to deprecation. We recommend that you
	// use UntagResource
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html)
	// instead. Removes the specified tags from the specified log group. To list the
	// tags for a log group, use ListTagsForResource
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html).
	// To add tags, use TagResource
	// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html).
	// CloudWatch Logs doesn’t support IAM policies that prevent users from assigning
	// specified tags to log groups using the aws:Resource/key-name  or aws:TagKeys
	// condition keys.
	//
	// Deprecated: Please use the generic tagging API UntagResource
	UntagLogGroup(ctx context.Context, params *UntagLogGroupInput, optFns ...func(*Options)) (*UntagLogGroupOutput, error)
	// Removes one or more tags from the specified resource.
	UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
}

CloudWatchLogs provides an interface to the AWS CloudWatchLogs service.

type EC2 added in v0.94.0

type EC2 interface {
	// Accepts the Convertible Reserved Instance exchange quote described in the
	// GetReservedInstancesExchangeQuote call.
	AcceptReservedInstancesExchangeQuote(ctx context.Context, params *AcceptReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*AcceptReservedInstancesExchangeQuoteOutput, error)
	// Accepts a request to associate subnets with a transit gateway multicast domain.
	AcceptTransitGatewayMulticastDomainAssociations(ctx context.Context, params *AcceptTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*AcceptTransitGatewayMulticastDomainAssociationsOutput, error)
	// Accepts a transit gateway peering attachment request. The peering attachment
	// must be in the pendingAcceptance state.
	AcceptTransitGatewayPeeringAttachment(ctx context.Context, params *AcceptTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayPeeringAttachmentOutput, error)
	// Accepts a request to attach a VPC to a transit gateway. The VPC attachment must
	// be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to
	// view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment
	// to reject a VPC attachment request.
	AcceptTransitGatewayVpcAttachment(ctx context.Context, params *AcceptTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayVpcAttachmentOutput, error)
	// Accepts one or more interface VPC endpoint connection requests to your VPC
	// endpoint service.
	AcceptVpcEndpointConnections(ctx context.Context, params *AcceptVpcEndpointConnectionsInput, optFns ...func(*Options)) (*AcceptVpcEndpointConnectionsOutput, error)
	// Accept a VPC peering connection request. To accept a request, the VPC peering
	// connection must be in the pending-acceptance state, and you must be the owner of
	// the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC
	// peering connection requests. For an inter-Region VPC peering connection request,
	// you must accept the VPC peering connection in the Region of the accepter VPC.
	AcceptVpcPeeringConnection(ctx context.Context, params *AcceptVpcPeeringConnectionInput, optFns ...func(*Options)) (*AcceptVpcPeeringConnectionOutput, error)
	// Advertises an IPv4 or IPv6 address range that is provisioned for use with your
	// Amazon Web Services resources through bring your own IP addresses (BYOIP). You
	// can perform this operation at most once every 10 seconds, even if you specify
	// different address ranges each time. We recommend that you stop advertising the
	// BYOIP CIDR from other locations when you advertise it from Amazon Web Services.
	// To minimize down time, you can configure your Amazon Web Services resources to
	// use an address from a BYOIP CIDR before it is advertised, and then
	// simultaneously stop advertising it from the current location and start
	// advertising it through Amazon Web Services. It can take a few minutes before
	// traffic to the specified addresses starts routing to Amazon Web Services because
	// of BGP propagation delays. To stop advertising the BYOIP CIDR, use
	// WithdrawByoipCidr.
	AdvertiseByoipCidr(ctx context.Context, params *AdvertiseByoipCidrInput, optFns ...func(*Options)) (*AdvertiseByoipCidrOutput, error)
	// Allocates an Elastic IP address to your Amazon Web Services account. After you
	// allocate the Elastic IP address you can associate it with an instance or network
	// interface. After you release an Elastic IP address, it is released to the IP
	// address pool and can be allocated to a different Amazon Web Services account.
	// You can allocate an Elastic IP address from an address pool owned by Amazon Web
	// Services or from an address pool created from a public IPv4 address range that
	// you have brought to Amazon Web Services for use with your Amazon Web Services
	// resources using bring your own IP addresses (BYOIP). For more information, see
	// Bring Your Own IP Addresses (BYOIP)
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the
	// Amazon Elastic Compute Cloud User Guide. [EC2-VPC] If you release an Elastic IP
	// address, you might be able to recover it. You cannot recover an Elastic IP
	// address that you released after it is allocated to another Amazon Web Services
	// account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to
	// recover an Elastic IP address that you released, specify it in this operation.
	// An Elastic IP address is for use either in the EC2-Classic platform or in a VPC.
	// By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region
	// and 5 Elastic IP addresses for EC2-VPC per Region. For more information, see
	// Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide. You can allocate a carrier IP
	// address which is a public IP address from a telecommunication carrier, to a
	// network interface which resides in a subnet in a Wavelength Zone (for example an
	// EC2 instance).
	AllocateAddress(ctx context.Context, params *AllocateAddressInput, optFns ...func(*Options)) (*AllocateAddressOutput, error)
	// Allocates a Dedicated Host to your account. At a minimum, specify the supported
	// instance type or instance family, the Availability Zone in which to allocate the
	// host, and the number of hosts to allocate.
	AllocateHosts(ctx context.Context, params *AllocateHostsInput, optFns ...func(*Options)) (*AllocateHostsOutput, error)
	// Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment
	// from an IPAM pool to another resource or IPAM pool. For more information, see
	// Allocate CIDRs in the Amazon VPC IPAM User Guide.
	AllocateIpamPoolCidr(ctx context.Context, params *AllocateIpamPoolCidrInput, optFns ...func(*Options)) (*AllocateIpamPoolCidrOutput, error)
	// Applies a security group to the association between the target network and the
	// Client VPN endpoint. This action replaces the existing security groups with the
	// specified security groups.
	ApplySecurityGroupsToClientVpnTargetNetwork(ctx context.Context, params *ApplySecurityGroupsToClientVpnTargetNetworkInput, optFns ...func(*Options)) (*ApplySecurityGroupsToClientVpnTargetNetworkOutput, error)
	// Assigns one or more IPv6 addresses to the specified network interface. You can
	// specify one or more specific IPv6 addresses, or you can specify the number of
	// IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR
	// block range. You can assign as many IPv6 addresses to a network interface as you
	// can assign private IPv4 addresses, and the limit varies per instance type. For
	// information, see IP Addresses Per Network Interface Per Instance Type
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI)
	// in the Amazon Elastic Compute Cloud User Guide. You must specify either the IPv6
	// addresses or the IPv6 address count in the request. You can optionally use
	// Prefix Delegation on the network interface. You must specify either the IPV6
	// Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For
	// information, see  Assigning prefixes to Amazon EC2 network interfaces
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	AssignIpv6Addresses(ctx context.Context, params *AssignIpv6AddressesInput, optFns ...func(*Options)) (*AssignIpv6AddressesOutput, error)
	// Assigns one or more secondary private IP addresses to the specified network
	// interface. You can specify one or more specific secondary IP addresses, or you
	// can specify the number of secondary IP addresses to be automatically assigned
	// within the subnet's CIDR block range. The number of secondary IP addresses that
	// you can assign to an instance varies by instance type. For information about
	// instance types, see Instance Types
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the
	// Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP
	// addresses, see Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide. When you move a secondary
	// private IP address to another network interface, any Elastic IP address that is
	// associated with the IP address is also moved. Remapping an IP address is an
	// asynchronous operation. When you move an IP address from one network interface
	// to another, check network/interfaces/macs/mac/local-ipv4s in the instance
	// metadata to confirm that the remapping is complete. You must specify either the
	// IP addresses or the IP address count in the request. You can optionally use
	// Prefix Delegation on the network interface. You must specify either the IPv4
	// Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For
	// information, see  Assigning prefixes to Amazon EC2 network interfaces
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	AssignPrivateIpAddresses(ctx context.Context, params *AssignPrivateIpAddressesInput, optFns ...func(*Options)) (*AssignPrivateIpAddressesOutput, error)
	// Associates an Elastic IP address, or carrier IP address (for instances that are
	// in subnets in Wavelength Zones) with an instance or a network interface. Before
	// you can use an Elastic IP address, you must allocate it to your account. An
	// Elastic IP address is for use in either the EC2-Classic platform or in a VPC.
	// For more information, see Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide. [EC2-Classic, VPC in an
	// EC2-VPC-only account] If the Elastic IP address is already associated with a
	// different instance, it is disassociated from that instance and associated with
	// the specified instance. If you associate an Elastic IP address with an instance
	// that has an existing Elastic IP address, the existing address is disassociated
	// from the instance, but remains allocated to your account. [VPC in an EC2-Classic
	// account] If you don't specify a private IP address, the Elastic IP address is
	// associated with the primary IP address. If the Elastic IP address is already
	// associated with a different instance or a network interface, you get an error
	// unless you allow reassociation. You cannot associate an Elastic IP address with
	// an instance or network interface that has an existing Elastic IP address.
	// [Subnets in Wavelength Zones] You can associate an IP address from the
	// telecommunication carrier to the instance or network interface. You cannot
	// associate an Elastic IP address with an interface in a different network border
	// group. This is an idempotent operation. If you perform the operation more than
	// once, Amazon EC2 doesn't return an error, and you may be charged for each time
	// the Elastic IP address is remapped to the same instance. For more information,
	// see the Elastic IP Addresses section of Amazon EC2 Pricing
	// (http://aws.amazon.com/ec2/pricing/).
	AssociateAddress(ctx context.Context, params *AssociateAddressInput, optFns ...func(*Options)) (*AssociateAddressOutput, error)
	// Associates a target network with a Client VPN endpoint. A target network is a
	// subnet in a VPC. You can associate multiple subnets from the same VPC with a
	// Client VPN endpoint. You can associate only one subnet in each Availability
	// Zone. We recommend that you associate at least two subnets to provide
	// Availability Zone redundancy. If you specified a VPC when you created the Client
	// VPN endpoint or if you have previous subnet associations, the specified subnet
	// must be in the same VPC. To specify a subnet that's in a different VPC, you must
	// first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the
	// VPC that's associated with it.
	AssociateClientVpnTargetNetwork(ctx context.Context, params *AssociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*AssociateClientVpnTargetNetworkOutput, error)
	// Associates a set of DHCP options (that you've previously created) with the
	// specified VPC, or associates no DHCP options with the VPC. After you associate
	// the options with the VPC, any existing instances and all new instances that you
	// launch in that VPC use the options. You don't need to restart or relaunch the
	// instances. They automatically pick up the changes within a few hours, depending
	// on how frequently the instance renews its DHCP lease. You can explicitly renew
	// the lease using the operating system on the instance. For more information, see
	// DHCP options sets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
	// Amazon Virtual Private Cloud User Guide.
	AssociateDhcpOptions(ctx context.Context, params *AssociateDhcpOptionsInput, optFns ...func(*Options)) (*AssociateDhcpOptionsOutput, error)
	// Associates an Identity and Access Management (IAM) role with an Certificate
	// Manager (ACM) certificate. This enables the certificate to be used by the ACM
	// for Nitro Enclaves application inside an enclave. For more information, see
	// Certificate Manager for Nitro Enclaves
	// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) in
	// the Amazon Web Services Nitro Enclaves User Guide. When the IAM role is
	// associated with the ACM certificate, the certificate, certificate chain, and
	// encrypted private key are placed in an Amazon S3 bucket that only the associated
	// IAM role can access. The private key of the certificate is encrypted with an
	// Amazon Web Services managed key that has an attached attestation-based key
	// policy. To enable the IAM role to access the Amazon S3 object, you must grant it
	// permission to call s3:GetObject on the Amazon S3 bucket returned by the command.
	// To enable the IAM role to access the KMS key, you must grant it permission to
	// call kms:Decrypt on the KMS key returned by the command. For more information,
	// see  Grant the role permission to access the certificate and encryption key
	// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy)
	// in the Amazon Web Services Nitro Enclaves User Guide.
	AssociateEnclaveCertificateIamRole(ctx context.Context, params *AssociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*AssociateEnclaveCertificateIamRoleOutput, error)
	// Associates an IAM instance profile with a running or stopped instance. You
	// cannot associate more than one IAM instance profile with an instance.
	AssociateIamInstanceProfile(ctx context.Context, params *AssociateIamInstanceProfileInput, optFns ...func(*Options)) (*AssociateIamInstanceProfileOutput, error)
	// Associates one or more targets with an event window. Only one type of target
	// (instance IDs, Dedicated Host IDs, or tags) can be specified with an event
	// window. For more information, see Define event windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	AssociateInstanceEventWindow(ctx context.Context, params *AssociateInstanceEventWindowInput, optFns ...func(*Options)) (*AssociateInstanceEventWindowOutput, error)
	// Associates a subnet in your VPC or an internet gateway or virtual private
	// gateway attached to your VPC with a route table in your VPC. This association
	// causes traffic from the subnet or gateway to be routed according to the routes
	// in the route table. The action returns an association ID, which you need in
	// order to disassociate the route table later. A route table can be associated
	// with multiple subnets. For more information, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	AssociateRouteTable(ctx context.Context, params *AssociateRouteTableInput, optFns ...func(*Options)) (*AssociateRouteTableOutput, error)
	// Associates a CIDR block with your subnet. You can only associate a single IPv6
	// CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of
	// /64.
	AssociateSubnetCidrBlock(ctx context.Context, params *AssociateSubnetCidrBlockInput, optFns ...func(*Options)) (*AssociateSubnetCidrBlockOutput, error)
	// Associates the specified subnets and transit gateway attachments with the
	// specified transit gateway multicast domain. The transit gateway attachment must
	// be in the available state before you can add a resource. Use
	// DescribeTransitGatewayAttachments
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html)
	// to see the state of the attachment.
	AssociateTransitGatewayMulticastDomain(ctx context.Context, params *AssociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*AssociateTransitGatewayMulticastDomainOutput, error)
	// Associates the specified attachment with the specified transit gateway route
	// table. You can associate only one route table with an attachment.
	AssociateTransitGatewayRouteTable(ctx context.Context, params *AssociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*AssociateTransitGatewayRouteTableOutput, error)
	// This API action is currently in limited preview only. If you are interested in
	// using this feature, contact your account manager. Associates a branch network
	// interface with a trunk network interface. Before you create the association, run
	// the create-network-interface
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html)
	// command and set --interface-type to trunk. You must also create a network
	// interface for each branch network interface that you want to associate with the
	// trunk network interface.
	AssociateTrunkInterface(ctx context.Context, params *AssociateTrunkInterfaceInput, optFns ...func(*Options)) (*AssociateTrunkInterfaceOutput, error)
	// Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR
	// block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6
	// address pool that you provisioned through bring your own IP addresses (BYOIP
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). The IPv6
	// CIDR block size is fixed at /56. You must specify one of the following in the
	// request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR
	// block. For more information about associating CIDR blocks with your VPC and
	// applicable restrictions, see VPC and subnet sizing
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing)
	// in the Amazon Virtual Private Cloud User Guide.
	AssociateVpcCidrBlock(ctx context.Context, params *AssociateVpcCidrBlockInput, optFns ...func(*Options)) (*AssociateVpcCidrBlockOutput, error)
	// Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more
	// of the VPC's security groups. You cannot link an EC2-Classic instance to more
	// than one VPC at a time. You can only link an instance that's in the running
	// state. An instance is automatically unlinked from a VPC when it's stopped - you
	// can link it to the VPC again when you restart it. After you've linked an
	// instance, you cannot change the VPC security groups that are associated with it.
	// To change the security groups, you must first unlink the instance, and then link
	// it again. Linking your instance to a VPC is sometimes referred to as attaching
	// your instance.
	AttachClassicLinkVpc(ctx context.Context, params *AttachClassicLinkVpcInput, optFns ...func(*Options)) (*AttachClassicLinkVpcOutput, error)
	// Attaches an internet gateway or a virtual private gateway to a VPC, enabling
	// connectivity between the internet and the VPC. For more information about your
	// VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide
	// (https://docs.aws.amazon.com/vpc/latest/userguide/).
	AttachInternetGateway(ctx context.Context, params *AttachInternetGatewayInput, optFns ...func(*Options)) (*AttachInternetGatewayOutput, error)
	// Attaches a network interface to an instance.
	AttachNetworkInterface(ctx context.Context, params *AttachNetworkInterfaceInput, optFns ...func(*Options)) (*AttachNetworkInterfaceOutput, error)
	// Attaches an EBS volume to a running or stopped instance and exposes it to the
	// instance with the specified device name. Encrypted EBS volumes must be attached
	// to instances that support Amazon EBS encryption. For more information, see
	// Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide. After you attach an EBS volume, you
	// must make it available. For more information, see Make an EBS volume available
	// for use
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html). If
	// a volume has an Amazon Web Services Marketplace product code:
	//
	// * The volume can
	// be attached only to a stopped instance.
	//
	// * Amazon Web Services Marketplace
	// product codes are copied from the volume to the instance.
	//
	// * You must be
	// subscribed to the product.
	//
	// * The instance type and operating system of the
	// instance must support the product. For example, you can't detach a volume from a
	// Windows instance and attach it to a Linux instance.
	//
	// For more information, see
	// Attach an Amazon EBS volume to an instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	AttachVolume(ctx context.Context, params *AttachVolumeInput, optFns ...func(*Options)) (*AttachVolumeOutput, error)
	// Attaches a virtual private gateway to a VPC. You can attach one virtual private
	// gateway to one VPC at a time. For more information, see Amazon Web Services
	// Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in
	// the Amazon Web Services Site-to-Site VPN User Guide.
	AttachVpnGateway(ctx context.Context, params *AttachVpnGatewayInput, optFns ...func(*Options)) (*AttachVpnGatewayOutput, error)
	// Adds an ingress authorization rule to a Client VPN endpoint. Ingress
	// authorization rules act as firewall rules that grant access to networks. You
	// must configure ingress authorization rules to enable clients to access resources
	// in Amazon Web Services or on-premises networks.
	AuthorizeClientVpnIngress(ctx context.Context, params *AuthorizeClientVpnIngressInput, optFns ...func(*Options)) (*AuthorizeClientVpnIngressOutput, error)
	// [VPC only] Adds the specified outbound (egress) rules to a security group for
	// use with a VPC. An outbound rule permits instances to send traffic to the
	// specified IPv4 or IPv6 CIDR address ranges, or to the instances that are
	// associated with the specified source security groups. You specify a protocol for
	// each rule (for example, TCP). For the TCP and UDP protocols, you must also
	// specify the destination port or port range. For the ICMP protocol, you must also
	// specify the ICMP type and code. You can use -1 for the type or code to mean all
	// types or all codes. Rule changes are propagated to affected instances as quickly
	// as possible. However, a small delay might occur. For information about VPC
	// security group quotas, see Amazon VPC quotas
	// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
	AuthorizeSecurityGroupEgress(ctx context.Context, params *AuthorizeSecurityGroupEgressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupEgressOutput, error)
	// Adds the specified inbound (ingress) rules to a security group. An inbound rule
	// permits instances to receive traffic from the specified IPv4 or IPv6 CIDR
	// address range, or from the instances that are associated with the specified
	// destination security groups. You specify a protocol for each rule (for example,
	// TCP). For TCP and UDP, you must also specify the destination port or port range.
	// For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can
	// use -1 to mean all types or all codes. Rule changes are propagated to instances
	// within the security group as quickly as possible. However, a small delay might
	// occur. For more information about VPC security group quotas, see Amazon VPC
	// quotas
	// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
	AuthorizeSecurityGroupIngress(ctx context.Context, params *AuthorizeSecurityGroupIngressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupIngressOutput, error)
	// Bundles an Amazon instance store-backed Windows instance. During bundling, only
	// the root device volume (C:\) is bundled. Data on other instance store volumes is
	// not preserved. This action is not applicable for Linux/Unix instances or Windows
	// instances that are backed by Amazon EBS.
	BundleInstance(ctx context.Context, params *BundleInstanceInput, optFns ...func(*Options)) (*BundleInstanceOutput, error)
	// Cancels a bundling operation for an instance store-backed Windows instance.
	CancelBundleTask(ctx context.Context, params *CancelBundleTaskInput, optFns ...func(*Options)) (*CancelBundleTaskOutput, error)
	// Cancels the specified Capacity Reservation, releases the reserved capacity, and
	// changes the Capacity Reservation's state to cancelled. Instances running in the
	// reserved capacity continue running until you stop them. Stopped instances that
	// target the Capacity Reservation can no longer launch. Modify these instances to
	// either target a different Capacity Reservation, launch On-Demand Instance
	// capacity, or run in any open Capacity Reservation that has matching attributes
	// and sufficient capacity.
	CancelCapacityReservation(ctx context.Context, params *CancelCapacityReservationInput, optFns ...func(*Options)) (*CancelCapacityReservationOutput, error)
	// Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity
	// Reservation Fleet, the following happens:
	//
	// * The Capacity Reservation Fleet's
	// status changes to cancelled.
	//
	// * The individual Capacity Reservations in the
	// Fleet are cancelled. Instances running in the Capacity Reservations at the time
	// of cancelling the Fleet continue to run in shared capacity.
	//
	// * The Fleet stops
	// creating new Capacity Reservations.
	CancelCapacityReservationFleets(ctx context.Context, params *CancelCapacityReservationFleetsInput, optFns ...func(*Options)) (*CancelCapacityReservationFleetsOutput, error)
	// Cancels an active conversion task. The task can be the import of an instance or
	// volume. The action removes all artifacts of the conversion, including a
	// partially uploaded volume or instance. If the conversion is complete or is in
	// the process of transferring the final disk image, the command fails and returns
	// an exception. For more information, see Importing a Virtual Machine Using the
	// Amazon EC2 CLI
	// (https://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ec2-cli-vmimport-export.html).
	CancelConversionTask(ctx context.Context, params *CancelConversionTaskInput, optFns ...func(*Options)) (*CancelConversionTaskOutput, error)
	// Cancels an active export task. The request removes all artifacts of the export,
	// including any partially-created Amazon S3 objects. If the export task is
	// complete or is in the process of transferring the final disk image, the command
	// fails and returns an error.
	CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error)
	// Cancels an in-process import virtual machine or import snapshot task.
	CancelImportTask(ctx context.Context, params *CancelImportTaskInput, optFns ...func(*Options)) (*CancelImportTaskOutput, error)
	// Cancels the specified Reserved Instance listing in the Reserved Instance
	// Marketplace. For more information, see Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	CancelReservedInstancesListing(ctx context.Context, params *CancelReservedInstancesListingInput, optFns ...func(*Options)) (*CancelReservedInstancesListingOutput, error)
	// Cancels the specified Spot Fleet requests. After you cancel a Spot Fleet
	// request, the Spot Fleet launches no new Spot Instances. You must specify whether
	// the Spot Fleet should also terminate its Spot Instances. If you terminate the
	// instances, the Spot Fleet request enters the cancelled_terminating state.
	// Otherwise, the Spot Fleet request enters the cancelled_running state and the
	// instances continue to run until they are interrupted or you terminate them
	// manually.
	CancelSpotFleetRequests(ctx context.Context, params *CancelSpotFleetRequestsInput, optFns ...func(*Options)) (*CancelSpotFleetRequestsOutput, error)
	// Cancels one or more Spot Instance requests. Canceling a Spot Instance request
	// does not terminate running Spot Instances associated with the request.
	CancelSpotInstanceRequests(ctx context.Context, params *CancelSpotInstanceRequestsInput, optFns ...func(*Options)) (*CancelSpotInstanceRequestsOutput, error)
	// Determines whether a product code is associated with an instance. This action
	// can only be used by the owner of the product code. It is useful when a product
	// code owner must verify whether another user's instance is eligible for support.
	ConfirmProductInstance(ctx context.Context, params *ConfirmProductInstanceInput, optFns ...func(*Options)) (*ConfirmProductInstanceOutput, error)
	// Copies the specified Amazon FPGA Image (AFI) to the current Region.
	CopyFpgaImage(ctx context.Context, params *CopyFpgaImageInput, optFns ...func(*Options)) (*CopyFpgaImageOutput, error)
	// Initiates the copy of an AMI. You can copy an AMI from one Region to another, or
	// from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region,
	// from one Outpost to another, or within the same Outpost. To copy an AMI to
	// another partition, see CreateStoreImageTask
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html).
	// To copy an AMI from one Region to another, specify the source Region using
	// the
	//
	// SourceRegion parameter, and specify the destination Region using its
	// endpoint. Copies of encrypted backing snapshots for the AMI are encrypted.
	// Copies of unencrypted backing snapshots remain unencrypted, unless you set
	// Encrypted during the copy operation. You cannot create an unencrypted copy of an
	// encrypted backing snapshot. To copy an AMI from a Region to an Outpost, specify
	// the source Region using the
	//
	// SourceRegion parameter, and specify the ARN of the
	// destination Outpost using DestinationOutpostArn. Backing snapshots copied to an
	// Outpost are encrypted by default using the default encryption key for the
	// Region, or a different key that you specify in the request using KmsKeyId.
	// Outposts do not support unencrypted snapshots. For more information,  Amazon EBS
	// local snapshots on Outposts
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami)
	// in the Amazon Elastic Compute Cloud User Guide. For more information about the
	// prerequisites and limits when copying an AMI, see Copying an AMI
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	CopyImage(ctx context.Context, params *CopyImageInput, optFns ...func(*Options)) (*CopyImageOutput, error)
	// Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You
	// can copy a snapshot within the same Region, from one Region to another, or from
	// a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region,
	// from one Outpost to another, or within the same Outpost. You can use the
	// snapshot to create EBS volumes or Amazon Machine Images (AMIs). When copying
	// snapshots to a Region, copies of encrypted EBS snapshots remain encrypted.
	// Copies of unencrypted snapshots remain unencrypted, unless you enable encryption
	// for the snapshot copy operation. By default, encrypted snapshot copies use the
	// default Key Management Service (KMS) KMS key; however, you can specify a
	// different KMS key. To copy an encrypted snapshot that has been shared from
	// another account, you must have permissions for the KMS key used to encrypt the
	// snapshot. Snapshots copied to an Outpost are encrypted by default using the
	// default encryption key for the Region, or a different key that you specify in
	// the request using KmsKeyId. Outposts do not support unencrypted snapshots. For
	// more information,  Amazon EBS local snapshots on Outposts
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami)
	// in the Amazon Elastic Compute Cloud User Guide. Snapshots created by copying
	// another snapshot have an arbitrary volume ID that should not be used for any
	// purpose. For more information, see Copy an Amazon EBS snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	CopySnapshot(ctx context.Context, params *CopySnapshotInput, optFns ...func(*Options)) (*CopySnapshotOutput, error)
	// Creates a new Capacity Reservation with the specified attributes. Capacity
	// Reservations enable you to reserve capacity for your Amazon EC2 instances in a
	// specific Availability Zone for any duration. This gives you the flexibility to
	// selectively add capacity reservations and still get the Regional RI discounts
	// for that usage. By creating Capacity Reservations, you ensure that you always
	// have access to Amazon EC2 capacity when you need it, for as long as you need it.
	// For more information, see Capacity Reservations
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html)
	// in the Amazon EC2 User Guide. Your request to create a Capacity Reservation
	// could fail if Amazon EC2 does not have sufficient capacity to fulfill the
	// request. If your request fails due to Amazon EC2 capacity constraints, either
	// try again at a later time, try in a different Availability Zone, or request a
	// smaller capacity reservation. If your application is flexible across instance
	// types and sizes, try to create a Capacity Reservation with different instance
	// attributes. Your request could also fail if the requested quantity exceeds your
	// On-Demand Instance limit for the selected instance type. If your request fails
	// due to limit constraints, increase your On-Demand Instance limit for the
	// required instance type and try again. For more information about increasing your
	// instance limits, see Amazon EC2 Service Quotas
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)
	// in the Amazon EC2 User Guide.
	CreateCapacityReservation(ctx context.Context, params *CreateCapacityReservationInput, optFns ...func(*Options)) (*CreateCapacityReservationOutput, error)
	// Creates a Capacity Reservation Fleet. For more information, see Create a
	// Capacity Reservation Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-cr-fleets.html#create-crfleet)
	// in the Amazon EC2 User Guide.
	CreateCapacityReservationFleet(ctx context.Context, params *CreateCapacityReservationFleetInput, optFns ...func(*Options)) (*CreateCapacityReservationFleetOutput, error)
	// Creates a carrier gateway. For more information about carrier gateways, see
	// Carrier gateways
	// (https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#wavelength-carrier-gateway)
	// in the Amazon Web Services Wavelength Developer Guide.
	CreateCarrierGateway(ctx context.Context, params *CreateCarrierGatewayInput, optFns ...func(*Options)) (*CreateCarrierGatewayOutput, error)
	// Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create
	// and configure to enable and manage client VPN sessions. It is the destination
	// endpoint at which all client VPN sessions are terminated.
	CreateClientVpnEndpoint(ctx context.Context, params *CreateClientVpnEndpointInput, optFns ...func(*Options)) (*CreateClientVpnEndpointOutput, error)
	// Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has
	// a route table that describes the available destination network routes. Each
	// route in the route table specifies the path for traffic to specific resources or
	// networks.
	CreateClientVpnRoute(ctx context.Context, params *CreateClientVpnRouteInput, optFns ...func(*Options)) (*CreateClientVpnRouteOutput, error)
	// Provides information to Amazon Web Services about your VPN customer gateway
	// device. The customer gateway is the appliance at your end of the VPN connection.
	// (The device on the Amazon Web Services side of the VPN connection is the virtual
	// private gateway.) You must provide the internet-routable IP address of the
	// customer gateway's external interface. The IP address must be static and can be
	// behind a device performing network address translation (NAT). For devices that
	// use Border Gateway Protocol (BGP), you can also provide the device's BGP
	// Autonomous System Number (ASN). You can use an existing ASN assigned to your
	// network. If you don't have an ASN already, you can use a private ASN (in the
	// 64512 - 65534 range). Amazon EC2 supports all 4-byte ASN numbers in the range of
	// 1 - 2147483647, with the exception of the following:
	//
	// * 7224 - reserved in the
	// us-east-1 Region
	//
	// * 9059 - reserved in the eu-west-1 Region
	//
	// * 17943 - reserved
	// in the ap-southeast-1 Region
	//
	// * 10124 - reserved in the ap-northeast-1
	// Region
	//
	// For more information, see Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide. To create more than one customer gateway
	// with the same VPN type, IP address, and BGP ASN, specify a unique device name
	// for each customer gateway. Identical requests return information about the
	// existing customer gateway and do not create new customer gateways.
	CreateCustomerGateway(ctx context.Context, params *CreateCustomerGatewayInput, optFns ...func(*Options)) (*CreateCustomerGatewayOutput, error)
	// Creates a default subnet with a size /20 IPv4 CIDR block in the specified
	// Availability Zone in your default VPC. You can have only one default subnet per
	// Availability Zone. For more information, see Creating a default subnet
	// (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#create-default-subnet)
	// in the Amazon Virtual Private Cloud User Guide.
	CreateDefaultSubnet(ctx context.Context, params *CreateDefaultSubnetInput, optFns ...func(*Options)) (*CreateDefaultSubnetOutput, error)
	// Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in
	// each Availability Zone. For more information about the components of a default
	// VPC, see Default VPC and default subnets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) in the
	// Amazon Virtual Private Cloud User Guide. You cannot specify the components of
	// the default VPC yourself. If you deleted your previous default VPC, you can
	// create a default VPC. You cannot have more than one default VPC per Region. If
	// your account supports EC2-Classic, you cannot use this action to create a
	// default VPC in a Region that supports EC2-Classic. If you want a default VPC in
	// a Region that supports EC2-Classic, see "I really want a default VPC for my
	// existing EC2 account. Is that possible?" in the Default VPCs FAQ
	// (http://aws.amazon.com/vpc/faqs/#Default_VPCs).
	CreateDefaultVpc(ctx context.Context, params *CreateDefaultVpcInput, optFns ...func(*Options)) (*CreateDefaultVpcOutput, error)
	// Creates a set of DHCP options for your VPC. After creating the set, you must
	// associate it with the VPC, causing all existing and new instances that you
	// launch in the VPC to use this set of DHCP options. The following are the
	// individual DHCP options you can specify. For more information about the options,
	// see RFC 2132 (http://www.ietf.org/rfc/rfc2132.txt).
	//
	// * domain-name-servers - The
	// IP addresses of up to four domain name servers, or AmazonProvidedDNS. The
	// default DHCP option set specifies AmazonProvidedDNS. If specifying more than one
	// domain name server, specify the IP addresses in a single parameter, separated by
	// commas. To have your instance receive a custom DNS hostname as specified in
	// domain-name, you must set domain-name-servers to a custom DNS server.
	//
	// *
	// domain-name - If you're using AmazonProvidedDNS in us-east-1, specify
	// ec2.internal. If you're using AmazonProvidedDNS in another Region, specify
	// region.compute.internal (for example, ap-northeast-1.compute.internal).
	// Otherwise, specify a domain name (for example, ExampleCompany.com). This value
	// is used to complete unqualified DNS hostnames. Important: Some Linux operating
	// systems accept multiple domain names separated by spaces. However, Windows and
	// other Linux operating systems treat the value as a single domain, which results
	// in unexpected behavior. If your DHCP options set is associated with a VPC that
	// has instances with multiple operating systems, specify only one domain name.
	//
	// *
	// ntp-servers - The IP addresses of up to four Network Time Protocol (NTP)
	// servers.
	//
	// * netbios-name-servers - The IP addresses of up to four NetBIOS name
	// servers.
	//
	// * netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We
	// recommend that you specify 2 (broadcast and multicast are not currently
	// supported). For more information about these node types, see RFC 2132
	// (http://www.ietf.org/rfc/rfc2132.txt).
	//
	// Your VPC automatically starts out with a
	// set of DHCP options that includes only a DNS server that we provide
	// (AmazonProvidedDNS). If you create a set of options, and if your VPC has an
	// internet gateway, make sure to set the domain-name-servers option either to
	// AmazonProvidedDNS or to a domain name server of your choice. For more
	// information, see DHCP options sets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateDhcpOptions(ctx context.Context, params *CreateDhcpOptionsInput, optFns ...func(*Options)) (*CreateDhcpOptionsOutput, error)
	// [IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only
	// internet gateway is used to enable outbound communication over IPv6 from
	// instances in your VPC to the internet, and prevents hosts outside of your VPC
	// from initiating an IPv6 connection with your instance.
	CreateEgressOnlyInternetGateway(ctx context.Context, params *CreateEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*CreateEgressOnlyInternetGatewayOutput, error)
	// Launches an EC2 Fleet. You can create a single EC2 Fleet that includes multiple
	// launch specifications that vary by instance type, AMI, Availability Zone, or
	// subnet. For more information, see EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html) in the
	// Amazon EC2 User Guide.
	CreateFleet(ctx context.Context, params *CreateFleetInput, optFns ...func(*Options)) (*CreateFleetOutput, error)
	// Creates one or more flow logs to capture information about IP traffic for a
	// specific network interface, subnet, or VPC. Flow log data for a monitored
	// network interface is recorded as flow log records, which are log events
	// consisting of fields that describe the traffic flow. For more information, see
	// Flow log records
	// (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records)
	// in the Amazon Virtual Private Cloud User Guide. When publishing to CloudWatch
	// Logs, flow log records are published to a log group, and each network interface
	// has a unique log stream in the log group. When publishing to Amazon S3, flow log
	// records for all of the monitored network interfaces are published to a single
	// log file object that is stored in the specified bucket. For more information,
	// see VPC Flow Logs
	// (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html) in the Amazon
	// Virtual Private Cloud User Guide.
	CreateFlowLogs(ctx context.Context, params *CreateFlowLogsInput, optFns ...func(*Options)) (*CreateFlowLogsOutput, error)
	// Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).
	// The create operation is asynchronous. To verify that the AFI is ready for use,
	// check the output logs. An AFI contains the FPGA bitstream that is ready to
	// download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated
	// instances. For more information, see the Amazon Web Services FPGA Hardware
	// Development Kit (https://github.com/aws/aws-fpga/).
	CreateFpgaImage(ctx context.Context, params *CreateFpgaImageInput, optFns ...func(*Options)) (*CreateFpgaImageOutput, error)
	// Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is
	// either running or stopped. By default, Amazon EC2 shuts down and reboots the
	// instance before creating the AMI to ensure that everything on the instance is
	// stopped and in a consistent state during the creation process. If you're
	// confident that your instance is in a consistent state appropriate for AMI
	// creation, use the NoReboot parameter to prevent Amazon EC2 from shutting down
	// and rebooting the instance. If you customized your instance with instance store
	// volumes or Amazon EBS volumes in addition to the root device volume, the new AMI
	// contains block device mapping information for those volumes. When you launch an
	// instance from this new AMI, the instance automatically launches with those
	// additional volumes. For more information, see Creating Amazon EBS-Backed Linux
	// AMIs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateImage(ctx context.Context, params *CreateImageInput, optFns ...func(*Options)) (*CreateImageOutput, error)
	// Creates an event window in which scheduled events for the associated Amazon EC2
	// instances can run. You can define either a set of time ranges or a cron
	// expression when creating the event window, but not both. All event window times
	// are in UTC. You can create up to 200 event windows per Amazon Web Services
	// Region. When you create the event window, targets (instance IDs, Dedicated Host
	// IDs, or tags) are not yet associated with it. To ensure that the event window
	// can be used, you must associate one or more targets with it by using the
	// AssociateInstanceEventWindow API. Event windows are applicable only for
	// scheduled events that stop, reboot, or terminate instances. Event windows are
	// not applicable for:
	//
	// * Expedited scheduled events and network maintenance
	// events.
	//
	// * Unscheduled maintenance such as AutoRecovery and unplanned
	// reboots.
	//
	// For more information, see Define event windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	CreateInstanceEventWindow(ctx context.Context, params *CreateInstanceEventWindowInput, optFns ...func(*Options)) (*CreateInstanceEventWindowOutput, error)
	// Exports a running or stopped instance to an Amazon S3 bucket. For information
	// about the supported operating systems, image formats, and known limitations for
	// the types of instances you can export, see Exporting an instance as a VM Using
	// VM Import/Export
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) in the VM
	// Import/Export User Guide.
	CreateInstanceExportTask(ctx context.Context, params *CreateInstanceExportTaskInput, optFns ...func(*Options)) (*CreateInstanceExportTaskOutput, error)
	// Creates an internet gateway for use with a VPC. After creating the internet
	// gateway, you attach it to a VPC using AttachInternetGateway. For more
	// information about your VPC and internet gateway, see the Amazon Virtual Private
	// Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/).
	CreateInternetGateway(ctx context.Context, params *CreateInternetGatewayInput, optFns ...func(*Options)) (*CreateInternetGatewayOutput, error)
	// Create an IPAM. Amazon VCP IP Address Manager (IPAM) is a VPC feature that you
	// can use to automate your IP address management workflows including assigning,
	// tracking, troubleshooting, and auditing IP addresses across Amazon Web Services
	// Regions and accounts throughout your Amazon Web Services Organization. For more
	// information, see Create an IPAM in the Amazon VPC IPAM User Guide.
	CreateIpam(ctx context.Context, params *CreateIpamInput, optFns ...func(*Options)) (*CreateIpamOutput, error)
	// Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a
	// pool is a collection of contiguous IP addresses CIDRs. Pools enable you to
	// organize your IP addresses according to your routing and security needs. For
	// example, if you have separate routing and security needs for development and
	// production applications, you can create a pool for each. For more information,
	// see Create a top-level pool in the Amazon VPC IPAM User Guide.
	CreateIpamPool(ctx context.Context, params *CreateIpamPoolInput, optFns ...func(*Options)) (*CreateIpamPoolOutput, error)
	// Create an IPAM scope. In IPAM, a scope is the highest-level container within
	// IPAM. An IPAM contains two default scopes. Each scope represents the IP space
	// for a single network. The private scope is intended for all private IP address
	// space. The public scope is intended for all public IP address space. Scopes
	// enable you to reuse IP addresses across multiple unconnected networks without
	// causing IP address overlap or conflict. For more information, see Add a scope in
	// the Amazon VPC IPAM User Guide.
	CreateIpamScope(ctx context.Context, params *CreateIpamScopeInput, optFns ...func(*Options)) (*CreateIpamScopeOutput, error)
	// Creates an ED25519 or 2048-bit RSA key pair with the specified name. Amazon EC2
	// stores the public key and displays the private key for you to save to a file.
	// The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If
	// a key with the specified name already exists, Amazon EC2 returns an error. The
	// key pair returned to you is available only in the Amazon Web Services Region in
	// which you create it. If you prefer, you can create your own key pair using a
	// third-party tool and upload it to any Region using ImportKeyPair. You can have
	// up to 5,000 key pairs per Amazon Web Services Region. For more information, see
	// Amazon EC2 key pairs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	CreateKeyPair(ctx context.Context, params *CreateKeyPairInput, optFns ...func(*Options)) (*CreateKeyPairOutput, error)
	// Creates a launch template. A launch template contains the parameters to launch
	// an instance. When you launch an instance using RunInstances, you can specify a
	// launch template instead of providing the launch parameters in the request. For
	// more information, see Launching an instance from a launch template
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateLaunchTemplate(ctx context.Context, params *CreateLaunchTemplateInput, optFns ...func(*Options)) (*CreateLaunchTemplateOutput, error)
	// Creates a new version for a launch template. You can specify an existing version
	// of launch template from which to base the new version. Launch template versions
	// are numbered in the order in which they are created. You cannot specify, change,
	// or replace the numbering of launch template versions. For more information, see
	// Managing launch template versions
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#manage-launch-template-versions)in
	// the Amazon Elastic Compute Cloud User Guide.
	CreateLaunchTemplateVersion(ctx context.Context, params *CreateLaunchTemplateVersionInput, optFns ...func(*Options)) (*CreateLaunchTemplateVersionOutput, error)
	// Creates a static route for the specified local gateway route table.
	CreateLocalGatewayRoute(ctx context.Context, params *CreateLocalGatewayRouteInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteOutput, error)
	// Associates the specified VPC with the specified local gateway route table.
	CreateLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *CreateLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteTableVpcAssociationOutput, error)
	// Creates a managed prefix list. You can specify one or more entries for the
	// prefix list. Each entry consists of a CIDR block and an optional description.
	CreateManagedPrefixList(ctx context.Context, params *CreateManagedPrefixListInput, optFns ...func(*Options)) (*CreateManagedPrefixListOutput, error)
	// Creates a NAT gateway in the specified subnet. This action creates a network
	// interface in the specified subnet with a private IP address from the IP address
	// range of the subnet. You can create either a public NAT gateway or a private NAT
	// gateway. With a public NAT gateway, internet-bound traffic from a private subnet
	// can be routed to the NAT gateway, so that instances in a private subnet can
	// connect to the internet. With a private NAT gateway, private communication is
	// routed across VPCs and on-premises networks through a transit gateway or virtual
	// private gateway. Common use cases include running large workloads behind a small
	// pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and
	// communicating between overlapping networks. For more information, see NAT
	// gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html)
	// in the Amazon Virtual Private Cloud User Guide.
	CreateNatGateway(ctx context.Context, params *CreateNatGatewayInput, optFns ...func(*Options)) (*CreateNatGatewayOutput, error)
	// Creates a network ACL in a VPC. Network ACLs provide an optional layer of
	// security (in addition to security groups) for the instances in your VPC. For
	// more information, see Network ACLs
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
	// Virtual Private Cloud User Guide.
	CreateNetworkAcl(ctx context.Context, params *CreateNetworkAclInput, optFns ...func(*Options)) (*CreateNetworkAclOutput, error)
	// Creates an entry (a rule) in a network ACL with the specified rule number. Each
	// network ACL has a set of numbered ingress rules and a separate set of numbered
	// egress rules. When determining whether a packet should be allowed in or out of a
	// subnet associated with the ACL, we process the entries in the ACL according to
	// the rule numbers, in ascending order. Each network ACL has a set of ingress
	// rules and a separate set of egress rules. We recommend that you leave room
	// between the rule numbers (for example, 100, 110, 120, ...), and not number them
	// one right after the other (for example, 101, 102, 103, ...). This makes it
	// easier to add a rule between existing ones without having to renumber the rules.
	// After you add an entry, you can't modify it; you must either replace it, or
	// create an entry and delete the old one. For more information about network ACLs,
	// see Network ACLs
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
	// Virtual Private Cloud User Guide.
	CreateNetworkAclEntry(ctx context.Context, params *CreateNetworkAclEntryInput, optFns ...func(*Options)) (*CreateNetworkAclEntryOutput, error)
	// Creates a Network Access Scope. Amazon Web Services Network Access Analyzer
	// enables cloud networking and cloud operations teams to verify that their
	// networks on Amazon Web Services conform to their network security and governance
	// objectives. For more information, see the Amazon Web Services Network Access
	// Analyzer Guide
	// (https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/).
	CreateNetworkInsightsAccessScope(ctx context.Context, params *CreateNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*CreateNetworkInsightsAccessScopeOutput, error)
	// Creates a path to analyze for reachability. Reachability Analyzer enables you to
	// analyze and debug network reachability between two resources in your virtual
	// private cloud (VPC). For more information, see What is Reachability Analyzer
	// (https://docs.aws.amazon.com/vpc/latest/reachability/).
	CreateNetworkInsightsPath(ctx context.Context, params *CreateNetworkInsightsPathInput, optFns ...func(*Options)) (*CreateNetworkInsightsPathOutput, error)
	// Creates a network interface in the specified subnet. For more information about
	// network interfaces, see Elastic Network Interfaces
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateNetworkInterface(ctx context.Context, params *CreateNetworkInterfaceInput, optFns ...func(*Options)) (*CreateNetworkInterfaceOutput, error)
	// Grants an Amazon Web Services-authorized account permission to attach the
	// specified network interface to an instance in their account. You can grant
	// permission to a single Amazon Web Services account only, and only one account at
	// a time.
	CreateNetworkInterfacePermission(ctx context.Context, params *CreateNetworkInterfacePermissionInput, optFns ...func(*Options)) (*CreateNetworkInterfacePermissionOutput, error)
	// Creates a placement group in which to launch instances. The strategy of the
	// placement group determines how the instances are organized within the group. A
	// cluster placement group is a logical grouping of instances within a single
	// Availability Zone that benefit from low network latency, high network
	// throughput. A spread placement group places instances on distinct hardware. A
	// partition placement group places groups of instances in different partitions,
	// where instances in one partition do not share the same hardware with instances
	// in another partition. For more information, see Placement groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
	// the Amazon EC2 User Guide.
	CreatePlacementGroup(ctx context.Context, params *CreatePlacementGroupInput, optFns ...func(*Options)) (*CreatePlacementGroupOutput, error)
	// Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool
	// required for the public IPv4 CIDRs that you own and bring to Amazon Web Services
	// to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however,
	// use IPAM pools only. To monitor the status of pool creation, use
	// DescribePublicIpv4Pools
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html).
	CreatePublicIpv4Pool(ctx context.Context, params *CreatePublicIpv4PoolInput, optFns ...func(*Options)) (*CreatePublicIpv4PoolOutput, error)
	// Creates a root volume replacement task for an Amazon EC2 instance. The root
	// volume can either be restored to its initial launch state, or it can be restored
	// using a specific snapshot. For more information, see Replace a root volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateReplaceRootVolumeTask(ctx context.Context, params *CreateReplaceRootVolumeTaskInput, optFns ...func(*Options)) (*CreateReplaceRootVolumeTaskOutput, error)
	// Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the
	// Reserved Instance Marketplace. You can submit one Standard Reserved Instance
	// listing at a time. To get a list of your Standard Reserved Instances, you can
	// use the DescribeReservedInstances operation. Only Standard Reserved Instances
	// can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances
	// cannot be sold. The Reserved Instance Marketplace matches sellers who want to
	// resell Standard Reserved Instance capacity that they no longer need with buyers
	// who want to purchase additional capacity. Reserved Instances bought and sold
	// through the Reserved Instance Marketplace work like any other Reserved
	// Instances. To sell your Standard Reserved Instances, you must first register as
	// a seller in the Reserved Instance Marketplace. After completing the registration
	// process, you can create a Reserved Instance Marketplace listing of some or all
	// of your Standard Reserved Instances, and specify the upfront price to receive
	// for them. Your Standard Reserved Instance listings then become available for
	// purchase. To view the details of your Standard Reserved Instance listing, you
	// can use the DescribeReservedInstancesListings operation. For more information,
	// see Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	CreateReservedInstancesListing(ctx context.Context, params *CreateReservedInstancesListingInput, optFns ...func(*Options)) (*CreateReservedInstancesListingOutput, error)
	// Starts a task that restores an AMI from an Amazon S3 object that was previously
	// created by using CreateStoreImageTask
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html).
	// To use this API, you must have the required permissions. For more information,
	// see Permissions for storing and restoring AMIs using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
	// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
	// and restore an AMI using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	CreateRestoreImageTask(ctx context.Context, params *CreateRestoreImageTaskInput, optFns ...func(*Options)) (*CreateRestoreImageTaskOutput, error)
	// Creates a route in a route table within a VPC. You must specify one of the
	// following targets: internet gateway or virtual private gateway, NAT instance,
	// NAT gateway, VPC peering connection, network interface, egress-only internet
	// gateway, or transit gateway. When determining how to route traffic, we use the
	// route with the most specific match. For example, traffic is destined for the
	// IPv4 address 192.0.2.3, and the route table includes the following two IPv4
	// routes:
	//
	// * 192.0.2.0/24 (goes to some target A)
	//
	// * 192.0.2.0/28 (goes to some
	// target B)
	//
	// Both routes apply to the traffic destined for 192.0.2.3. However, the
	// second route in the list covers a smaller number of IP addresses and is
	// therefore more specific, so we use that route to determine where to target the
	// traffic. For more information about route tables, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateRoute(ctx context.Context, params *CreateRouteInput, optFns ...func(*Options)) (*CreateRouteOutput, error)
	// Creates a route table for the specified VPC. After you create a route table, you
	// can add routes and associate the table with a subnet. For more information, see
	// Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateRouteTable(ctx context.Context, params *CreateRouteTableInput, optFns ...func(*Options)) (*CreateRouteTableOutput, error)
	// Creates a security group. A security group acts as a virtual firewall for your
	// instance to control inbound and outbound traffic. For more information, see
	// Amazon EC2 security groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html)
	// in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC
	// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html)
	// in the Amazon Virtual Private Cloud User Guide. When you create a security
	// group, you specify a friendly name of your choice. You can have a security group
	// for use in EC2-Classic with the same name as a security group for use in a VPC.
	// However, you can't have two security groups for use in EC2-Classic with the same
	// name or two security groups for use in a VPC with the same name. You have a
	// default security group for use in EC2-Classic and a default security group for
	// use in your VPC. If you don't specify a security group when you launch an
	// instance, the instance is launched into the appropriate default security group.
	// A default security group includes a default rule that grants instances
	// unrestricted network access to each other. You can add or remove rules from your
	// security groups using AuthorizeSecurityGroupIngress,
	// AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and
	// RevokeSecurityGroupEgress. For more information about VPC security group limits,
	// see Amazon VPC Limits
	// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
	CreateSecurityGroup(ctx context.Context, params *CreateSecurityGroupInput, optFns ...func(*Options)) (*CreateSecurityGroupOutput, error)
	// Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use
	// snapshots for backups, to make copies of EBS volumes, and to save data before
	// shutting down an instance. You can create snapshots of volumes in a Region and
	// volumes on an Outpost. If you create a snapshot of a volume in a Region, the
	// snapshot must be stored in the same Region as the volume. If you create a
	// snapshot of a volume on an Outpost, the snapshot can be stored on the same
	// Outpost as the volume, or in the Region for that Outpost. When a snapshot is
	// created, any Amazon Web Services Marketplace product codes that are associated
	// with the source volume are propagated to the snapshot. You can take a snapshot
	// of an attached volume that is in use. However, snapshots only capture data that
	// has been written to your Amazon EBS volume at the time the snapshot command is
	// issued; this might exclude any data that has been cached by any applications or
	// the operating system. If you can pause any file systems on the volume long
	// enough to take a snapshot, your snapshot should be complete. However, if you
	// cannot pause all file writes to the volume, you should unmount the volume from
	// within the instance, issue the snapshot command, and then remount the volume to
	// ensure a consistent and complete snapshot. You may remount and use your volume
	// while the snapshot status is pending. To create a snapshot for Amazon EBS
	// volumes that serve as root devices, you should stop the instance before taking
	// the snapshot. Snapshots that are taken from encrypted volumes are automatically
	// encrypted. Volumes that are created from encrypted snapshots are also
	// automatically encrypted. Your encrypted volumes and any associated snapshots
	// always remain protected. You can tag your snapshots during creation. For more
	// information, see Tag your Amazon EC2 resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide. For more information, see Amazon
	// Elastic Block Store
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) and Amazon
	// EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	CreateSnapshot(ctx context.Context, params *CreateSnapshotInput, optFns ...func(*Options)) (*CreateSnapshotOutput, error)
	// Creates crash-consistent snapshots of multiple EBS volumes and stores the data
	// in S3. Volumes are chosen by specifying an instance. Any attached volumes will
	// produce one snapshot each that is crash-consistent across the instance. Boot
	// volumes can be excluded by changing the parameters. You can create multi-volume
	// snapshots of instances in a Region and instances on an Outpost. If you create
	// snapshots from an instance in a Region, the snapshots must be stored in the same
	// Region as the instance. If you create snapshots from an instance on an Outpost,
	// the snapshots can be stored on the same Outpost as the instance, or in the
	// Region for that Outpost.
	CreateSnapshots(ctx context.Context, params *CreateSnapshotsInput, optFns ...func(*Options)) (*CreateSnapshotsOutput, error)
	// Creates a data feed for Spot Instances, enabling you to view Spot Instance usage
	// logs. You can create one data feed per Amazon Web Services account. For more
	// information, see Spot Instance data feed
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in
	// the Amazon EC2 User Guide for Linux Instances.
	CreateSpotDatafeedSubscription(ctx context.Context, params *CreateSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*CreateSpotDatafeedSubscriptionOutput, error)
	// Stores an AMI as a single object in an Amazon S3 bucket. To use this API, you
	// must have the required permissions. For more information, see Permissions for
	// storing and restoring AMIs using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
	// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
	// and restore an AMI using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	CreateStoreImageTask(ctx context.Context, params *CreateStoreImageTaskInput, optFns ...func(*Options)) (*CreateStoreImageTaskOutput, error)
	// Creates a subnet in a specified VPC. You must specify an IPv4 CIDR block for the
	// subnet. After you create a subnet, you can't change its CIDR block. The allowed
	// block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP
	// addresses). The CIDR block must not overlap with the CIDR block of an existing
	// subnet in the VPC. If you've associated an IPv6 CIDR block with your VPC, you
	// can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.
	// Amazon Web Services reserves both the first four and the last IPv4 address in
	// each subnet's CIDR block. They're not available for use. If you add more than
	// one subnet to a VPC, they're set up in a star topology with a logical router in
	// the middle. When you stop an instance in a subnet, it retains its private IPv4
	// address. It's therefore possible to have a subnet with no running instances
	// (they're all stopped), but no remaining IP addresses available. For more
	// information about subnets, see Your VPC and subnets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateSubnet(ctx context.Context, params *CreateSubnetInput, optFns ...func(*Options)) (*CreateSubnetOutput, error)
	// Creates a subnet CIDR reservation. For information about subnet CIDR
	// reservations, see Subnet CIDR reservations
	// (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html)
	// in the Amazon Virtual Private Cloud User Guide.
	CreateSubnetCidrReservation(ctx context.Context, params *CreateSubnetCidrReservationInput, optFns ...func(*Options)) (*CreateSubnetCidrReservationOutput, error)
	// Adds or overwrites only the specified tags for the specified Amazon EC2 resource
	// or resources. When you specify an existing tag key, the value is overwritten
	// with the new value. Each resource can have a maximum of 50 tags. Each tag
	// consists of a key and optional value. Tag keys must be unique per resource. For
	// more information about tags, see Tagging Your Resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide. For more information about creating IAM
	// policies that control users' access to resources based on tags, see Supported
	// Resource-Level Permissions for Amazon EC2 API Actions
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-iam-actions-resources.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateTags(ctx context.Context, params *CreateTagsInput, optFns ...func(*Options)) (*CreateTagsOutput, error)
	// Creates a Traffic Mirror filter. A Traffic Mirror filter is a set of rules that
	// defines the traffic to mirror. By default, no traffic is mirrored. To mirror
	// traffic, use CreateTrafficMirrorFilterRule
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.htm)
	// to add Traffic Mirror rules to the filter. The rules you add define what traffic
	// gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyTrafficMirrorFilterNetworkServices.html)
	// to mirror supported network services.
	CreateTrafficMirrorFilter(ctx context.Context, params *CreateTrafficMirrorFilterInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterOutput, error)
	// Creates a Traffic Mirror filter rule. A Traffic Mirror rule defines the Traffic
	// Mirror source traffic to mirror. You need the Traffic Mirror filter ID when you
	// create the rule.
	CreateTrafficMirrorFilterRule(ctx context.Context, params *CreateTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterRuleOutput, error)
	// Creates a Traffic Mirror session. A Traffic Mirror session actively copies
	// packets from a Traffic Mirror source to a Traffic Mirror target. Create a
	// filter, and then assign it to the session to define a subset of the traffic to
	// mirror, for example all TCP traffic. The Traffic Mirror source and the Traffic
	// Mirror target (monitoring appliances) can be in the same VPC, or in a different
	// VPC connected via VPC peering or a transit gateway. By default, no traffic is
	// mirrored. Use CreateTrafficMirrorFilter
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilter.htm)
	// to create filter rules that specify the traffic to mirror.
	CreateTrafficMirrorSession(ctx context.Context, params *CreateTrafficMirrorSessionInput, optFns ...func(*Options)) (*CreateTrafficMirrorSessionOutput, error)
	// Creates a target for your Traffic Mirror session. A Traffic Mirror target is the
	// destination for mirrored traffic. The Traffic Mirror source and the Traffic
	// Mirror target (monitoring appliances) can be in the same VPC, or in different
	// VPCs connected via VPC peering or a transit gateway. A Traffic Mirror target can
	// be a network interface, or a Network Load Balancer. To use the target in a
	// Traffic Mirror session, use CreateTrafficMirrorSession
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.htm).
	CreateTrafficMirrorTarget(ctx context.Context, params *CreateTrafficMirrorTargetInput, optFns ...func(*Options)) (*CreateTrafficMirrorTargetOutput, error)
	// Creates a transit gateway. You can use a transit gateway to interconnect your
	// virtual private clouds (VPC) and on-premises networks. After the transit gateway
	// enters the available state, you can attach your VPCs and VPN connections to the
	// transit gateway. To attach your VPCs, use CreateTransitGatewayVpcAttachment. To
	// attach a VPN connection, use CreateCustomerGateway to create a customer gateway
	// and specify the ID of the customer gateway and the ID of the transit gateway in
	// a call to CreateVpnConnection. When you create a transit gateway, we create a
	// default transit gateway route table and use it as the default association route
	// table and the default propagation route table. You can use
	// CreateTransitGatewayRouteTable to create additional transit gateway route
	// tables. If you disable automatic route propagation, we do not create a default
	// transit gateway route table. You can use
	// EnableTransitGatewayRouteTablePropagation to propagate routes from a resource
	// attachment to a transit gateway route table. If you disable automatic
	// associations, you can use AssociateTransitGatewayRouteTable to associate a
	// resource attachment with a transit gateway route table.
	CreateTransitGateway(ctx context.Context, params *CreateTransitGatewayInput, optFns ...func(*Options)) (*CreateTransitGatewayOutput, error)
	// Creates a Connect attachment from a specified transit gateway attachment. A
	// Connect attachment is a GRE-based tunnel attachment that you can use to
	// establish a connection between a transit gateway and an appliance. A Connect
	// attachment uses an existing VPC or Amazon Web Services Direct Connect attachment
	// as the underlying transport mechanism.
	CreateTransitGatewayConnect(ctx context.Context, params *CreateTransitGatewayConnectInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectOutput, error)
	// Creates a Connect peer for a specified transit gateway Connect attachment
	// between a transit gateway and an appliance. The peer address and transit gateway
	// address must be the same IP address family (IPv4 or IPv6). For more information,
	// see Connect peers
	// (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html#tgw-connect-peer)
	// in the Transit Gateways Guide.
	CreateTransitGatewayConnectPeer(ctx context.Context, params *CreateTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectPeerOutput, error)
	// Creates a multicast domain using the specified transit gateway. The transit
	// gateway must be in the available state before you create a domain. Use
	// DescribeTransitGateways
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html)
	// to see the state of transit gateway.
	CreateTransitGatewayMulticastDomain(ctx context.Context, params *CreateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*CreateTransitGatewayMulticastDomainOutput, error)
	// Requests a transit gateway peering attachment between the specified transit
	// gateway (requester) and a peer transit gateway (accepter). The transit gateways
	// must be in different Regions. The peer transit gateway can be in your account or
	// a different Amazon Web Services account. After you create the peering
	// attachment, the owner of the accepter transit gateway must accept the attachment
	// request.
	CreateTransitGatewayPeeringAttachment(ctx context.Context, params *CreateTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayPeeringAttachmentOutput, error)
	// Creates a reference (route) to a prefix list in a specified transit gateway
	// route table.
	CreateTransitGatewayPrefixListReference(ctx context.Context, params *CreateTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*CreateTransitGatewayPrefixListReferenceOutput, error)
	// Creates a static route for the specified transit gateway route table.
	CreateTransitGatewayRoute(ctx context.Context, params *CreateTransitGatewayRouteInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteOutput, error)
	// Creates a route table for the specified transit gateway.
	CreateTransitGatewayRouteTable(ctx context.Context, params *CreateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteTableOutput, error)
	// Attaches the specified VPC to the specified transit gateway. If you attach a VPC
	// with a CIDR range that overlaps the CIDR range of a VPC that is already
	// attached, the new VPC CIDR range is not propagated to the default propagation
	// route table. To send VPC traffic to an attached transit gateway, add a route to
	// the VPC route table using CreateRoute.
	CreateTransitGatewayVpcAttachment(ctx context.Context, params *CreateTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayVpcAttachmentOutput, error)
	// Creates an EBS volume that can be attached to an instance in the same
	// Availability Zone. You can create a new empty volume or restore a volume from an
	// EBS snapshot. Any Amazon Web Services Marketplace product codes from the
	// snapshot are propagated to the volume. You can create encrypted volumes.
	// Encrypted volumes must be attached to instances that support Amazon EBS
	// encryption. Volumes that are created from encrypted snapshots are also
	// automatically encrypted. For more information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide. You can tag your volumes during
	// creation. For more information, see Tag your Amazon EC2 resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide. For more information, see Create an
	// Amazon EBS volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-volume.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateVolume(ctx context.Context, params *CreateVolumeInput, optFns ...func(*Options)) (*CreateVolumeOutput, error)
	// Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can
	// create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16
	// netmask (65,536 IPv4 addresses). For more information about how large to make
	// your VPC, see Your VPC and subnets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the
	// Amazon Virtual Private Cloud User Guide. You can optionally request an IPv6 CIDR
	// block for the VPC. You can request an Amazon-provided IPv6 CIDR block from
	// Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool
	// that you provisioned through bring your own IP addresses (BYOIP
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). By
	// default, each instance you launch in the VPC has the default DHCP options, which
	// include only a default DNS server that we provide (AmazonProvidedDNS). For more
	// information, see DHCP options sets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
	// Amazon Virtual Private Cloud User Guide. You can specify the instance tenancy
	// value for the VPC when you create it. You can't change this value for the VPC
	// after you create it. For more information, see Dedicated Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	CreateVpc(ctx context.Context, params *CreateVpcInput, optFns ...func(*Options)) (*CreateVpcOutput, error)
	// Creates a VPC endpoint for a specified service. An endpoint enables you to
	// create a private connection between your VPC and the service. The service may be
	// provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or
	// another Amazon Web Services account. For more information, see VPC Endpoints
	// (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the
	// Amazon Virtual Private Cloud User Guide. A gateway endpoint serves as a target
	// for a route in your route table for traffic destined for the Amazon Web Service.
	// You can specify an endpoint policy to attach to the endpoint, which will control
	// access to the service from your VPC. You can also specify the VPC route tables
	// that use the endpoint. An interface endpoint is a network interface in your
	// subnet that serves as an endpoint for communicating with the specified service.
	// You can specify the subnets in which to create an endpoint, and the security
	// groups to associate with the endpoint network interface. A GatewayLoadBalancer
	// endpoint is a network interface in your subnet that serves an endpoint for
	// communicating with a Gateway Load Balancer that you've configured as a VPC
	// endpoint service. Use DescribeVpcEndpointServices to get a list of supported
	// services.
	CreateVpcEndpoint(ctx context.Context, params *CreateVpcEndpointInput, optFns ...func(*Options)) (*CreateVpcEndpointOutput, error)
	// Creates a connection notification for a specified VPC endpoint or VPC endpoint
	// service. A connection notification notifies you of specific endpoint events. You
	// must create an SNS topic to receive notifications. For more information, see
	// Create a Topic (https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html) in
	// the Amazon Simple Notification Service Developer Guide. You can create a
	// connection notification for interface endpoints only.
	CreateVpcEndpointConnectionNotification(ctx context.Context, params *CreateVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*CreateVpcEndpointConnectionNotificationOutput, error)
	// Creates a VPC endpoint service configuration to which service consumers (Amazon
	// Web Services accounts, IAM users, and IAM roles) can connect. To create an
	// endpoint service configuration, you must first create one of the following for
	// your service:
	//
	// * A Network Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html).
	// Service consumers connect to your service using an interface endpoint.
	//
	// * A
	// Gateway Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/introduction.html).
	// Service consumers connect to your service using a Gateway Load Balancer
	// endpoint.
	//
	// For more information, see VPC Endpoint Services
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html) in the
	// Amazon Virtual Private Cloud User Guide. If you set the private DNS name, you
	// must prove that you own the private DNS domain name. For more information, see
	// VPC Endpoint Service Private DNS Name Verification
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html)
	// in the Amazon Virtual Private Cloud User Guide.
	CreateVpcEndpointServiceConfiguration(ctx context.Context, params *CreateVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*CreateVpcEndpointServiceConfigurationOutput, error)
	// Requests a VPC peering connection between two VPCs: a requester VPC that you own
	// and an accepter VPC with which to create the connection. The accepter VPC can
	// belong to another Amazon Web Services account and can be in a different Region
	// to the requester VPC. The requester VPC and accepter VPC cannot have overlapping
	// CIDR blocks. Limitations and rules apply to a VPC peering connection. For more
	// information, see the limitations
	// (https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations)
	// section in the VPC Peering Guide. The owner of the accepter VPC must accept the
	// peering request to activate the peering connection. The VPC peering connection
	// request expires after 7 days, after which it cannot be accepted or rejected. If
	// you create a VPC peering connection request between VPCs with overlapping CIDR
	// blocks, the VPC peering connection has a status of failed.
	CreateVpcPeeringConnection(ctx context.Context, params *CreateVpcPeeringConnectionInput, optFns ...func(*Options)) (*CreateVpcPeeringConnectionOutput, error)
	// Creates a VPN connection between an existing virtual private gateway or transit
	// gateway and a customer gateway. The supported connection type is ipsec.1. The
	// response includes information that you need to give to your network
	// administrator to configure your customer gateway. We strongly recommend that you
	// use HTTPS when calling this operation because the response contains sensitive
	// cryptographic information for configuring your customer gateway device. If you
	// decide to shut down your VPN connection for any reason and later create a new
	// VPN connection, you must reconfigure your customer gateway with the new
	// information returned from this call. This is an idempotent operation. If you
	// perform the operation more than once, Amazon EC2 doesn't return an error. For
	// more information, see Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	CreateVpnConnection(ctx context.Context, params *CreateVpnConnectionInput, optFns ...func(*Options)) (*CreateVpnConnectionOutput, error)
	// Creates a static route associated with a VPN connection between an existing
	// virtual private gateway and a VPN customer gateway. The static route allows
	// traffic to be routed from the virtual private gateway to the VPN customer
	// gateway. For more information, see Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	CreateVpnConnectionRoute(ctx context.Context, params *CreateVpnConnectionRouteInput, optFns ...func(*Options)) (*CreateVpnConnectionRouteOutput, error)
	// Creates a virtual private gateway. A virtual private gateway is the endpoint on
	// the VPC side of your VPN connection. You can create a virtual private gateway
	// before creating the VPC itself. For more information, see Amazon Web Services
	// Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in
	// the Amazon Web Services Site-to-Site VPN User Guide.
	CreateVpnGateway(ctx context.Context, params *CreateVpnGatewayInput, optFns ...func(*Options)) (*CreateVpnGatewayOutput, error)
	// Deletes a carrier gateway. If you do not delete the route that contains the
	// carrier gateway as the Target, the route is a blackhole route. For information
	// about how to delete a route, see DeleteRoute
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteRoute.html).
	DeleteCarrierGateway(ctx context.Context, params *DeleteCarrierGatewayInput, optFns ...func(*Options)) (*DeleteCarrierGatewayOutput, error)
	// Deletes the specified Client VPN endpoint. You must disassociate all target
	// networks before you can delete a Client VPN endpoint.
	DeleteClientVpnEndpoint(ctx context.Context, params *DeleteClientVpnEndpointInput, optFns ...func(*Options)) (*DeleteClientVpnEndpointOutput, error)
	// Deletes a route from a Client VPN endpoint. You can only delete routes that you
	// manually added using the CreateClientVpnRoute action. You cannot delete routes
	// that were automatically added when associating a subnet. To remove routes that
	// have been automatically added, disassociate the target subnet from the Client
	// VPN endpoint.
	DeleteClientVpnRoute(ctx context.Context, params *DeleteClientVpnRouteInput, optFns ...func(*Options)) (*DeleteClientVpnRouteOutput, error)
	// Deletes the specified customer gateway. You must delete the VPN connection
	// before you can delete the customer gateway.
	DeleteCustomerGateway(ctx context.Context, params *DeleteCustomerGatewayInput, optFns ...func(*Options)) (*DeleteCustomerGatewayOutput, error)
	// Deletes the specified set of DHCP options. You must disassociate the set of DHCP
	// options before you can delete it. You can disassociate the set of DHCP options
	// by associating either a new set of options or the default set of options with
	// the VPC.
	DeleteDhcpOptions(ctx context.Context, params *DeleteDhcpOptionsInput, optFns ...func(*Options)) (*DeleteDhcpOptionsOutput, error)
	// Deletes an egress-only internet gateway.
	DeleteEgressOnlyInternetGateway(ctx context.Context, params *DeleteEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*DeleteEgressOnlyInternetGatewayOutput, error)
	// Deletes the specified EC2 Fleet. After you delete an EC2 Fleet, it launches no
	// new instances. You must specify whether a deleted EC2 Fleet should also
	// terminate its instances. If you choose to terminate the instances, the EC2 Fleet
	// enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the
	// deleted_running state, and the instances continue to run until they are
	// interrupted or you terminate them manually. For instant fleets, EC2 Fleet must
	// terminate the instances when the fleet is deleted. A deleted instant fleet with
	// running instances is not supported. Restrictions
	//
	// * You can delete up to 25
	// instant fleets in a single request. If you exceed this number, no instant fleets
	// are deleted and an error is returned. There is no restriction on the number of
	// fleets of type maintain or request that can be deleted in a single request.
	//
	// *
	// Up to 1000 instances can be terminated in a single request to delete instant
	// fleets.
	//
	// For more information, see Delete an EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#delete-fleet)
	// in the Amazon EC2 User Guide.
	DeleteFleets(ctx context.Context, params *DeleteFleetsInput, optFns ...func(*Options)) (*DeleteFleetsOutput, error)
	// Deletes one or more flow logs.
	DeleteFlowLogs(ctx context.Context, params *DeleteFlowLogsInput, optFns ...func(*Options)) (*DeleteFlowLogsOutput, error)
	// Deletes the specified Amazon FPGA Image (AFI).
	DeleteFpgaImage(ctx context.Context, params *DeleteFpgaImageInput, optFns ...func(*Options)) (*DeleteFpgaImageOutput, error)
	// Deletes the specified event window. For more information, see Define event
	// windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	DeleteInstanceEventWindow(ctx context.Context, params *DeleteInstanceEventWindowInput, optFns ...func(*Options)) (*DeleteInstanceEventWindowOutput, error)
	// Deletes the specified internet gateway. You must detach the internet gateway
	// from the VPC before you can delete it.
	DeleteInternetGateway(ctx context.Context, params *DeleteInternetGatewayInput, optFns ...func(*Options)) (*DeleteInternetGatewayOutput, error)
	// Delete an IPAM. Deleting an IPAM removes all monitored data associated with the
	// IPAM including the historical data for CIDRs. You cannot delete an IPAM if there
	// are CIDRs provisioned to pools or if there are allocations in the pools within
	// the IPAM. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html).
	// To release allocations, see ReleaseIpamPoolAllocation
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html).
	// For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.
	DeleteIpam(ctx context.Context, params *DeleteIpamInput, optFns ...func(*Options)) (*DeleteIpamOutput, error)
	// Delete an IPAM pool. You cannot delete an IPAM pool if there are allocations in
	// it or CIDRs provisioned to it. To release allocations, see
	// ReleaseIpamPoolAllocation
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html).
	// To deprovision pool CIDRs, see DeprovisionIpamPoolCidr
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html).
	// For more information, see Delete a pool in the Amazon VPC IPAM User Guide.
	DeleteIpamPool(ctx context.Context, params *DeleteIpamPoolInput, optFns ...func(*Options)) (*DeleteIpamPoolOutput, error)
	// Delete the scope for an IPAM. You cannot delete the default scopes. For more
	// information, see Delete a scope in the Amazon VPC IPAM User Guide.
	DeleteIpamScope(ctx context.Context, params *DeleteIpamScopeInput, optFns ...func(*Options)) (*DeleteIpamScopeOutput, error)
	// Deletes the specified key pair, by removing the public key from Amazon EC2.
	DeleteKeyPair(ctx context.Context, params *DeleteKeyPairInput, optFns ...func(*Options)) (*DeleteKeyPairOutput, error)
	// Deletes a launch template. Deleting a launch template deletes all of its
	// versions.
	DeleteLaunchTemplate(ctx context.Context, params *DeleteLaunchTemplateInput, optFns ...func(*Options)) (*DeleteLaunchTemplateOutput, error)
	// Deletes one or more versions of a launch template. You cannot delete the default
	// version of a launch template; you must first assign a different version as the
	// default. If the default version is the only version for the launch template, you
	// must delete the entire launch template using DeleteLaunchTemplate.
	DeleteLaunchTemplateVersions(ctx context.Context, params *DeleteLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DeleteLaunchTemplateVersionsOutput, error)
	// Deletes the specified route from the specified local gateway route table.
	DeleteLocalGatewayRoute(ctx context.Context, params *DeleteLocalGatewayRouteInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteOutput, error)
	// Deletes the specified association between a VPC and local gateway route table.
	DeleteLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *DeleteLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteTableVpcAssociationOutput, error)
	// Deletes the specified managed prefix list. You must first remove all references
	// to the prefix list in your resources.
	DeleteManagedPrefixList(ctx context.Context, params *DeleteManagedPrefixListInput, optFns ...func(*Options)) (*DeleteManagedPrefixListOutput, error)
	// Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates
	// its Elastic IP address, but does not release the address from your account.
	// Deleting a NAT gateway does not delete any NAT gateway routes in your route
	// tables.
	DeleteNatGateway(ctx context.Context, params *DeleteNatGatewayInput, optFns ...func(*Options)) (*DeleteNatGatewayOutput, error)
	// Deletes the specified network ACL. You can't delete the ACL if it's associated
	// with any subnets. You can't delete the default network ACL.
	DeleteNetworkAcl(ctx context.Context, params *DeleteNetworkAclInput, optFns ...func(*Options)) (*DeleteNetworkAclOutput, error)
	// Deletes the specified ingress or egress entry (rule) from the specified network
	// ACL.
	DeleteNetworkAclEntry(ctx context.Context, params *DeleteNetworkAclEntryInput, optFns ...func(*Options)) (*DeleteNetworkAclEntryOutput, error)
	// Deletes the specified Network Access Scope.
	DeleteNetworkInsightsAccessScope(ctx context.Context, params *DeleteNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeOutput, error)
	// Deletes the specified Network Access Scope analysis.
	DeleteNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *DeleteNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeAnalysisOutput, error)
	// Deletes the specified network insights analysis.
	DeleteNetworkInsightsAnalysis(ctx context.Context, params *DeleteNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAnalysisOutput, error)
	// Deletes the specified path.
	DeleteNetworkInsightsPath(ctx context.Context, params *DeleteNetworkInsightsPathInput, optFns ...func(*Options)) (*DeleteNetworkInsightsPathOutput, error)
	// Deletes the specified network interface. You must detach the network interface
	// before you can delete it.
	DeleteNetworkInterface(ctx context.Context, params *DeleteNetworkInterfaceInput, optFns ...func(*Options)) (*DeleteNetworkInterfaceOutput, error)
	// Deletes a permission for a network interface. By default, you cannot delete the
	// permission if the account for which you're removing the permission has attached
	// the network interface to an instance. However, you can force delete the
	// permission, regardless of any attachment.
	DeleteNetworkInterfacePermission(ctx context.Context, params *DeleteNetworkInterfacePermissionInput, optFns ...func(*Options)) (*DeleteNetworkInterfacePermissionOutput, error)
	// Deletes the specified placement group. You must terminate all instances in the
	// placement group before you can delete the placement group. For more information,
	// see Placement groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
	// the Amazon EC2 User Guide.
	DeletePlacementGroup(ctx context.Context, params *DeletePlacementGroupInput, optFns ...func(*Options)) (*DeletePlacementGroupOutput, error)
	// Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required
	// for the public IPv4 CIDRs that you own and bring to Amazon Web Services to
	// manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use
	// IPAM pools only.
	DeletePublicIpv4Pool(ctx context.Context, params *DeletePublicIpv4PoolInput, optFns ...func(*Options)) (*DeletePublicIpv4PoolOutput, error)
	// Deletes the queued purchases for the specified Reserved Instances.
	DeleteQueuedReservedInstances(ctx context.Context, params *DeleteQueuedReservedInstancesInput, optFns ...func(*Options)) (*DeleteQueuedReservedInstancesOutput, error)
	// Deletes the specified route from the specified route table.
	DeleteRoute(ctx context.Context, params *DeleteRouteInput, optFns ...func(*Options)) (*DeleteRouteOutput, error)
	// Deletes the specified route table. You must disassociate the route table from
	// any subnets before you can delete it. You can't delete the main route table.
	DeleteRouteTable(ctx context.Context, params *DeleteRouteTableInput, optFns ...func(*Options)) (*DeleteRouteTableOutput, error)
	// Deletes a security group. If you attempt to delete a security group that is
	// associated with an instance, or is referenced by another security group, the
	// operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in
	// EC2-VPC.
	DeleteSecurityGroup(ctx context.Context, params *DeleteSecurityGroupInput, optFns ...func(*Options)) (*DeleteSecurityGroupOutput, error)
	// Deletes the specified snapshot. When you make periodic snapshots of a volume,
	// the snapshots are incremental, and only the blocks on the device that have
	// changed since your last snapshot are saved in the new snapshot. When you delete
	// a snapshot, only the data not needed for any other snapshot is removed. So
	// regardless of which prior snapshots have been deleted, all active snapshots will
	// have access to all the information needed to restore the volume. You cannot
	// delete a snapshot of the root device of an EBS volume used by a registered AMI.
	// You must first de-register the AMI before you can delete the snapshot. For more
	// information, see Delete an Amazon EBS snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-snapshot.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DeleteSnapshot(ctx context.Context, params *DeleteSnapshotInput, optFns ...func(*Options)) (*DeleteSnapshotOutput, error)
	// Deletes the data feed for Spot Instances.
	DeleteSpotDatafeedSubscription(ctx context.Context, params *DeleteSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DeleteSpotDatafeedSubscriptionOutput, error)
	// Deletes the specified subnet. You must terminate all running instances in the
	// subnet before you can delete the subnet.
	DeleteSubnet(ctx context.Context, params *DeleteSubnetInput, optFns ...func(*Options)) (*DeleteSubnetOutput, error)
	// Deletes a subnet CIDR reservation.
	DeleteSubnetCidrReservation(ctx context.Context, params *DeleteSubnetCidrReservationInput, optFns ...func(*Options)) (*DeleteSubnetCidrReservationOutput, error)
	// Deletes the specified set of tags from the specified set of resources. To list
	// the current tags, use DescribeTags. For more information about tags, see Tagging
	// Your Resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error)
	// Deletes the specified Traffic Mirror filter. You cannot delete a Traffic Mirror
	// filter that is in use by a Traffic Mirror session.
	DeleteTrafficMirrorFilter(ctx context.Context, params *DeleteTrafficMirrorFilterInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterOutput, error)
	// Deletes the specified Traffic Mirror rule.
	DeleteTrafficMirrorFilterRule(ctx context.Context, params *DeleteTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterRuleOutput, error)
	// Deletes the specified Traffic Mirror session.
	DeleteTrafficMirrorSession(ctx context.Context, params *DeleteTrafficMirrorSessionInput, optFns ...func(*Options)) (*DeleteTrafficMirrorSessionOutput, error)
	// Deletes the specified Traffic Mirror target. You cannot delete a Traffic Mirror
	// target that is in use by a Traffic Mirror session.
	DeleteTrafficMirrorTarget(ctx context.Context, params *DeleteTrafficMirrorTargetInput, optFns ...func(*Options)) (*DeleteTrafficMirrorTargetOutput, error)
	// Deletes the specified transit gateway.
	DeleteTransitGateway(ctx context.Context, params *DeleteTransitGatewayInput, optFns ...func(*Options)) (*DeleteTransitGatewayOutput, error)
	// Deletes the specified Connect attachment. You must first delete any Connect
	// peers for the attachment.
	DeleteTransitGatewayConnect(ctx context.Context, params *DeleteTransitGatewayConnectInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectOutput, error)
	// Deletes the specified Connect peer.
	DeleteTransitGatewayConnectPeer(ctx context.Context, params *DeleteTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectPeerOutput, error)
	// Deletes the specified transit gateway multicast domain.
	DeleteTransitGatewayMulticastDomain(ctx context.Context, params *DeleteTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DeleteTransitGatewayMulticastDomainOutput, error)
	// Deletes a transit gateway peering attachment.
	DeleteTransitGatewayPeeringAttachment(ctx context.Context, params *DeleteTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayPeeringAttachmentOutput, error)
	// Deletes a reference (route) to a prefix list in a specified transit gateway
	// route table.
	DeleteTransitGatewayPrefixListReference(ctx context.Context, params *DeleteTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*DeleteTransitGatewayPrefixListReferenceOutput, error)
	// Deletes the specified route from the specified transit gateway route table.
	DeleteTransitGatewayRoute(ctx context.Context, params *DeleteTransitGatewayRouteInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteOutput, error)
	// Deletes the specified transit gateway route table. You must disassociate the
	// route table from any transit gateway route tables before you can delete it.
	DeleteTransitGatewayRouteTable(ctx context.Context, params *DeleteTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteTableOutput, error)
	// Deletes the specified VPC attachment.
	DeleteTransitGatewayVpcAttachment(ctx context.Context, params *DeleteTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayVpcAttachmentOutput, error)
	// Deletes the specified EBS volume. The volume must be in the available state (not
	// attached to an instance). The volume can remain in the deleting state for
	// several minutes. For more information, see Delete an Amazon EBS volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DeleteVolume(ctx context.Context, params *DeleteVolumeInput, optFns ...func(*Options)) (*DeleteVolumeOutput, error)
	// Deletes the specified VPC. You must detach or delete all gateways and resources
	// that are associated with the VPC before you can delete it. For example, you must
	// terminate all instances running in the VPC, delete all security groups
	// associated with the VPC (except the default one), delete all route tables
	// associated with the VPC (except the default one), and so on.
	DeleteVpc(ctx context.Context, params *DeleteVpcInput, optFns ...func(*Options)) (*DeleteVpcOutput, error)
	// Deletes one or more VPC endpoint connection notifications.
	DeleteVpcEndpointConnectionNotifications(ctx context.Context, params *DeleteVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointConnectionNotificationsOutput, error)
	// Deletes one or more VPC endpoint service configurations in your account. Before
	// you delete the endpoint service configuration, you must reject any Available or
	// PendingAcceptance interface endpoint connections that are attached to the
	// service.
	DeleteVpcEndpointServiceConfigurations(ctx context.Context, params *DeleteVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointServiceConfigurationsOutput, error)
	// Deletes one or more specified VPC endpoints. You can delete any of the following
	// types of VPC endpoints.
	//
	// * Gateway endpoint,
	//
	// * Gateway Load Balancer
	// endpoint,
	//
	// * Interface endpoint
	//
	// The following rules apply when you delete a VPC
	// endpoint:
	//
	// * When you delete a gateway endpoint, we delete the endpoint routes
	// in the route tables that are associated with the endpoint.
	//
	// * When you delete a
	// Gateway Load Balancer endpoint, we delete the endpoint network interfaces. You
	// can only delete Gateway Load Balancer endpoints when the routes that are
	// associated with the endpoint are deleted.
	//
	// * When you delete an interface
	// endpoint, we delete the endpoint network interfaces.
	DeleteVpcEndpoints(ctx context.Context, params *DeleteVpcEndpointsInput, optFns ...func(*Options)) (*DeleteVpcEndpointsOutput, error)
	// Deletes a VPC peering connection. Either the owner of the requester VPC or the
	// owner of the accepter VPC can delete the VPC peering connection if it's in the
	// active state. The owner of the requester VPC can delete a VPC peering connection
	// in the pending-acceptance state. You cannot delete a VPC peering connection
	// that's in the failed state.
	DeleteVpcPeeringConnection(ctx context.Context, params *DeleteVpcPeeringConnectionInput, optFns ...func(*Options)) (*DeleteVpcPeeringConnectionOutput, error)
	// Deletes the specified VPN connection. If you're deleting the VPC and its
	// associated components, we recommend that you detach the virtual private gateway
	// from the VPC and delete the VPC before deleting the VPN connection. If you
	// believe that the tunnel credentials for your VPN connection have been
	// compromised, you can delete the VPN connection and create a new one that has new
	// keys, without needing to delete the VPC or virtual private gateway. If you
	// create a new VPN connection, you must reconfigure the customer gateway device
	// using the new configuration information returned with the new VPN connection ID.
	// For certificate-based authentication, delete all Certificate Manager (ACM)
	// private certificates used for the Amazon Web Services-side tunnel endpoints for
	// the VPN connection before deleting the VPN connection.
	DeleteVpnConnection(ctx context.Context, params *DeleteVpnConnectionInput, optFns ...func(*Options)) (*DeleteVpnConnectionOutput, error)
	// Deletes the specified static route associated with a VPN connection between an
	// existing virtual private gateway and a VPN customer gateway. The static route
	// allows traffic to be routed from the virtual private gateway to the VPN customer
	// gateway.
	DeleteVpnConnectionRoute(ctx context.Context, params *DeleteVpnConnectionRouteInput, optFns ...func(*Options)) (*DeleteVpnConnectionRouteOutput, error)
	// Deletes the specified virtual private gateway. You must first detach the virtual
	// private gateway from the VPC. Note that you don't need to delete the virtual
	// private gateway if you plan to delete and recreate the VPN connection between
	// your VPC and your network.
	DeleteVpnGateway(ctx context.Context, params *DeleteVpnGatewayInput, optFns ...func(*Options)) (*DeleteVpnGatewayOutput, error)
	// Releases the specified address range that you provisioned for use with your
	// Amazon Web Services resources through bring your own IP addresses (BYOIP) and
	// deletes the corresponding address pool. Before you can release an address range,
	// you must stop advertising it using WithdrawByoipCidr and you must not have any
	// IP addresses allocated from its address range.
	DeprovisionByoipCidr(ctx context.Context, params *DeprovisionByoipCidrInput, optFns ...func(*Options)) (*DeprovisionByoipCidrOutput, error)
	// Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from
	// a pool that has a source pool, the CIDR is recycled back into the source pool.
	// For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User
	// Guide.
	DeprovisionIpamPoolCidr(ctx context.Context, params *DeprovisionIpamPoolCidrInput, optFns ...func(*Options)) (*DeprovisionIpamPoolCidrOutput, error)
	// Deprovision a CIDR from a public IPv4 pool.
	DeprovisionPublicIpv4PoolCidr(ctx context.Context, params *DeprovisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*DeprovisionPublicIpv4PoolCidrOutput, error)
	// Deregisters the specified AMI. After you deregister an AMI, it can't be used to
	// launch new instances. If you deregister an AMI that matches a Recycle Bin
	// retention rule, the AMI is retained in the Recycle Bin for the specified
	// retention period. For more information, see Recycle Bin
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
	// Amazon Elastic Compute Cloud User Guide. When you deregister an AMI, it doesn't
	// affect any instances that you've already launched from the AMI. You'll continue
	// to incur usage costs for those instances until you terminate them. When you
	// deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was
	// created for the root volume of the instance during the AMI creation process.
	// When you deregister an instance store-backed AMI, it doesn't affect the files
	// that you uploaded to Amazon S3 when you created the AMI.
	DeregisterImage(ctx context.Context, params *DeregisterImageInput, optFns ...func(*Options)) (*DeregisterImageOutput, error)
	// Deregisters tag keys to prevent tags that have the specified tag keys from being
	// included in scheduled event notifications for resources in the Region.
	DeregisterInstanceEventNotificationAttributes(ctx context.Context, params *DeregisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DeregisterInstanceEventNotificationAttributesOutput, error)
	// Deregisters the specified members (network interfaces) from the transit gateway
	// multicast group.
	DeregisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupMembersOutput, error)
	// Deregisters the specified sources (network interfaces) from the transit gateway
	// multicast group.
	DeregisterTransitGatewayMulticastGroupSources(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupSourcesOutput, error)
	// Describes attributes of your Amazon Web Services account. The following are the
	// supported account attributes:
	//
	// * supported-platforms: Indicates whether your
	// account can launch instances into EC2-Classic and EC2-VPC, or only into
	// EC2-VPC.
	//
	// * default-vpc: The ID of the default VPC for your account, or none.
	//
	// *
	// max-instances: This attribute is no longer supported. The returned value does
	// not reflect your actual vCPU limit for running On-Demand Instances. For more
	// information, see On-Demand Instance Limits
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits)
	// in the Amazon Elastic Compute Cloud User Guide.
	//
	// *
	// vpc-max-security-groups-per-interface: The maximum number of security groups
	// that you can assign to a network interface.
	//
	// * max-elastic-ips: The maximum
	// number of Elastic IP addresses that you can allocate for use with
	// EC2-Classic.
	//
	// * vpc-max-elastic-ips: The maximum number of Elastic IP addresses
	// that you can allocate for use with EC2-VPC.
	DescribeAccountAttributes(ctx context.Context, params *DescribeAccountAttributesInput, optFns ...func(*Options)) (*DescribeAccountAttributesOutput, error)
	// Describes the specified Elastic IP addresses or all of your Elastic IP
	// addresses. An Elastic IP address is for use in either the EC2-Classic platform
	// or in a VPC. For more information, see Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DescribeAddresses(ctx context.Context, params *DescribeAddressesInput, optFns ...func(*Options)) (*DescribeAddressesOutput, error)
	// Describes the attributes of the specified Elastic IP addresses. For
	// requirements, see Using reverse DNS for email applications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
	DescribeAddressesAttribute(ctx context.Context, params *DescribeAddressesAttributeInput, optFns ...func(*Options)) (*DescribeAddressesAttributeOutput, error)
	// Describes the longer ID format settings for all resource types in a specific
	// Region. This request is useful for performing a quick audit to determine whether
	// a specific Region is fully opted in for longer IDs (17-character IDs). This
	// request only returns information about resource types that support longer IDs.
	// The following resource types support longer IDs: bundle | conversion-task |
	// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
	// | export-task | flow-log | image | import-task | instance | internet-gateway |
	// network-acl | network-acl-association | network-interface |
	// network-interface-attachment | prefix-list | reservation | route-table |
	// route-table-association | security-group | snapshot | subnet |
	// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
	// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.
	DescribeAggregateIdFormat(ctx context.Context, params *DescribeAggregateIdFormatInput, optFns ...func(*Options)) (*DescribeAggregateIdFormatOutput, error)
	// Describes the Availability Zones, Local Zones, and Wavelength Zones that are
	// available to you. If there is an event impacting a zone, you can use this
	// request to view the state and any provided messages for that zone. For more
	// information about Availability Zones, Local Zones, and Wavelength Zones, see
	// Regions and zones
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DescribeAvailabilityZones(ctx context.Context, params *DescribeAvailabilityZonesInput, optFns ...func(*Options)) (*DescribeAvailabilityZonesOutput, error)
	// Describes the specified bundle tasks or all of your bundle tasks. Completed
	// bundle tasks are listed for only a limited time. If your bundle task is no
	// longer in the list, you can still register an AMI from it. Just use
	// RegisterImage with the Amazon S3 bucket name and image manifest name you
	// provided to the bundle task.
	DescribeBundleTasks(ctx context.Context, params *DescribeBundleTasksInput, optFns ...func(*Options)) (*DescribeBundleTasksOutput, error)
	// Describes the IP address ranges that were specified in calls to
	// ProvisionByoipCidr. To describe the address pools that were created when you
	// provisioned the address ranges, use DescribePublicIpv4Pools or
	// DescribeIpv6Pools.
	DescribeByoipCidrs(ctx context.Context, params *DescribeByoipCidrsInput, optFns ...func(*Options)) (*DescribeByoipCidrsOutput, error)
	// Describes one or more Capacity Reservation Fleets.
	DescribeCapacityReservationFleets(ctx context.Context, params *DescribeCapacityReservationFleetsInput, optFns ...func(*Options)) (*DescribeCapacityReservationFleetsOutput, error)
	// Describes one or more of your Capacity Reservations. The results describe only
	// the Capacity Reservations in the Amazon Web Services Region that you're
	// currently using.
	DescribeCapacityReservations(ctx context.Context, params *DescribeCapacityReservationsInput, optFns ...func(*Options)) (*DescribeCapacityReservationsOutput, error)
	// Describes one or more of your carrier gateways.
	DescribeCarrierGateways(ctx context.Context, params *DescribeCarrierGatewaysInput, optFns ...func(*Options)) (*DescribeCarrierGatewaysOutput, error)
	// Describes one or more of your linked EC2-Classic instances. This request only
	// returns information about EC2-Classic instances linked to a VPC through
	// ClassicLink. You cannot use this request to return information about other
	// instances.
	DescribeClassicLinkInstances(ctx context.Context, params *DescribeClassicLinkInstancesInput, optFns ...func(*Options)) (*DescribeClassicLinkInstancesOutput, error)
	// Describes the authorization rules for a specified Client VPN endpoint.
	DescribeClientVpnAuthorizationRules(ctx context.Context, params *DescribeClientVpnAuthorizationRulesInput, optFns ...func(*Options)) (*DescribeClientVpnAuthorizationRulesOutput, error)
	// Describes active client connections and connections that have been terminated
	// within the last 60 minutes for the specified Client VPN endpoint.
	DescribeClientVpnConnections(ctx context.Context, params *DescribeClientVpnConnectionsInput, optFns ...func(*Options)) (*DescribeClientVpnConnectionsOutput, error)
	// Describes one or more Client VPN endpoints in the account.
	DescribeClientVpnEndpoints(ctx context.Context, params *DescribeClientVpnEndpointsInput, optFns ...func(*Options)) (*DescribeClientVpnEndpointsOutput, error)
	// Describes the routes for the specified Client VPN endpoint.
	DescribeClientVpnRoutes(ctx context.Context, params *DescribeClientVpnRoutesInput, optFns ...func(*Options)) (*DescribeClientVpnRoutesOutput, error)
	// Describes the target networks associated with the specified Client VPN endpoint.
	DescribeClientVpnTargetNetworks(ctx context.Context, params *DescribeClientVpnTargetNetworksInput, optFns ...func(*Options)) (*DescribeClientVpnTargetNetworksOutput, error)
	// Describes the specified customer-owned address pools or all of your
	// customer-owned address pools.
	DescribeCoipPools(ctx context.Context, params *DescribeCoipPoolsInput, optFns ...func(*Options)) (*DescribeCoipPoolsOutput, error)
	// Describes the specified conversion tasks or all your conversion tasks. For more
	// information, see the VM Import/Export User Guide
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/). For information about
	// the import manifest referenced by this API action, see VM Import Manifest
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
	DescribeConversionTasks(ctx context.Context, params *DescribeConversionTasksInput, optFns ...func(*Options)) (*DescribeConversionTasksOutput, error)
	// Describes one or more of your VPN customer gateways. For more information, see
	// Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	DescribeCustomerGateways(ctx context.Context, params *DescribeCustomerGatewaysInput, optFns ...func(*Options)) (*DescribeCustomerGatewaysOutput, error)
	// Describes one or more of your DHCP options sets. For more information, see DHCP
	// options sets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
	// Amazon Virtual Private Cloud User Guide.
	DescribeDhcpOptions(ctx context.Context, params *DescribeDhcpOptionsInput, optFns ...func(*Options)) (*DescribeDhcpOptionsOutput, error)
	// Describes one or more of your egress-only internet gateways.
	DescribeEgressOnlyInternetGateways(ctx context.Context, params *DescribeEgressOnlyInternetGatewaysInput, optFns ...func(*Options)) (*DescribeEgressOnlyInternetGatewaysOutput, error)
	// Describes the Elastic Graphics accelerator associated with your instances. For
	// more information about Elastic Graphics, see Amazon Elastic Graphics
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html).
	DescribeElasticGpus(ctx context.Context, params *DescribeElasticGpusInput, optFns ...func(*Options)) (*DescribeElasticGpusOutput, error)
	// Describes the specified export image tasks or all of your export image tasks.
	DescribeExportImageTasks(ctx context.Context, params *DescribeExportImageTasksInput, optFns ...func(*Options)) (*DescribeExportImageTasksOutput, error)
	// Describes the specified export instance tasks or all of your export instance
	// tasks.
	DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error)
	// Describe details for Windows AMIs that are configured for faster launching.
	DescribeFastLaunchImages(ctx context.Context, params *DescribeFastLaunchImagesInput, optFns ...func(*Options)) (*DescribeFastLaunchImagesOutput, error)
	// Describes the state of fast snapshot restores for your snapshots.
	DescribeFastSnapshotRestores(ctx context.Context, params *DescribeFastSnapshotRestoresInput, optFns ...func(*Options)) (*DescribeFastSnapshotRestoresOutput, error)
	// Describes the events for the specified EC2 Fleet during the specified time. EC2
	// Fleet events are delayed by up to 30 seconds before they can be described. This
	// ensures that you can query by the last evaluated time and not miss a recorded
	// event. EC2 Fleet events are available for 48 hours. For more information, see
	// Monitor fleet events using Amazon EventBridge
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the
	// Amazon EC2 User Guide.
	DescribeFleetHistory(ctx context.Context, params *DescribeFleetHistoryInput, optFns ...func(*Options)) (*DescribeFleetHistoryOutput, error)
	// Describes the running instances for the specified EC2 Fleet. For more
	// information, see Monitor your EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet)
	// in the Amazon EC2 User Guide.
	DescribeFleetInstances(ctx context.Context, params *DescribeFleetInstancesInput, optFns ...func(*Options)) (*DescribeFleetInstancesOutput, error)
	// Describes the specified EC2 Fleets or all of your EC2 Fleets. For more
	// information, see Monitor your EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet)
	// in the Amazon EC2 User Guide.
	DescribeFleets(ctx context.Context, params *DescribeFleetsInput, optFns ...func(*Options)) (*DescribeFleetsOutput, error)
	// Describes one or more flow logs. To view the information in your flow logs (the
	// log streams for the network interfaces), you must use the CloudWatch Logs
	// console or the CloudWatch Logs API.
	DescribeFlowLogs(ctx context.Context, params *DescribeFlowLogsInput, optFns ...func(*Options)) (*DescribeFlowLogsOutput, error)
	// Describes the specified attribute of the specified Amazon FPGA Image (AFI).
	DescribeFpgaImageAttribute(ctx context.Context, params *DescribeFpgaImageAttributeInput, optFns ...func(*Options)) (*DescribeFpgaImageAttributeOutput, error)
	// Describes the Amazon FPGA Images (AFIs) available to you. These include public
	// AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services
	// accounts for which you have load permissions.
	DescribeFpgaImages(ctx context.Context, params *DescribeFpgaImagesInput, optFns ...func(*Options)) (*DescribeFpgaImagesOutput, error)
	// Describes the Dedicated Host reservations that are available to purchase. The
	// results describe all of the Dedicated Host reservation offerings, including
	// offerings that might not match the instance family and Region of your Dedicated
	// Hosts. When purchasing an offering, ensure that the instance family and Region
	// of the offering matches that of the Dedicated Hosts with which it is to be
	// associated. For more information about supported instance types, see Dedicated
	// Hosts
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html)
	// in the Amazon EC2 User Guide.
	DescribeHostReservationOfferings(ctx context.Context, params *DescribeHostReservationOfferingsInput, optFns ...func(*Options)) (*DescribeHostReservationOfferingsOutput, error)
	// Describes reservations that are associated with Dedicated Hosts in your account.
	DescribeHostReservations(ctx context.Context, params *DescribeHostReservationsInput, optFns ...func(*Options)) (*DescribeHostReservationsOutput, error)
	// Describes the specified Dedicated Hosts or all your Dedicated Hosts. The results
	// describe only the Dedicated Hosts in the Region you're currently using. All
	// listed instances consume capacity on your Dedicated Host. Dedicated Hosts that
	// have recently been released are listed with the state released.
	DescribeHosts(ctx context.Context, params *DescribeHostsInput, optFns ...func(*Options)) (*DescribeHostsOutput, error)
	// Describes your IAM instance profile associations.
	DescribeIamInstanceProfileAssociations(ctx context.Context, params *DescribeIamInstanceProfileAssociationsInput, optFns ...func(*Options)) (*DescribeIamInstanceProfileAssociationsOutput, error)
	// Describes the ID format settings for your resources on a per-Region basis, for
	// example, to view which resource types are enabled for longer IDs. This request
	// only returns information about resource types whose ID formats can be modified;
	// it does not return information about other resource types. The following
	// resource types support longer IDs: bundle | conversion-task | customer-gateway |
	// dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task |
	// flow-log | image | import-task | instance | internet-gateway | network-acl |
	// network-acl-association | network-interface | network-interface-attachment |
	// prefix-list | reservation | route-table | route-table-association |
	// security-group | snapshot | subnet | subnet-cidr-block-association | volume |
	// vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
	// vpn-connection | vpn-gateway. These settings apply to the IAM user who makes the
	// request; they do not apply to the entire Amazon Web Services account. By
	// default, an IAM user defaults to the same settings as the root user, unless they
	// explicitly override the settings by running the ModifyIdFormat command.
	// Resources created with longer IDs are visible to all IAM users, regardless of
	// these settings and provided that they have permission to use the relevant
	// Describe command for the resource type.
	DescribeIdFormat(ctx context.Context, params *DescribeIdFormatInput, optFns ...func(*Options)) (*DescribeIdFormatOutput, error)
	// Describes the ID format settings for resources for the specified IAM user, IAM
	// role, or root user. For example, you can view the resource types that are
	// enabled for longer IDs. This request only returns information about resource
	// types whose ID formats can be modified; it does not return information about
	// other resource types. For more information, see Resource IDs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
	// Amazon Elastic Compute Cloud User Guide. The following resource types support
	// longer IDs: bundle | conversion-task | customer-gateway | dhcp-options |
	// elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image
	// | import-task | instance | internet-gateway | network-acl |
	// network-acl-association | network-interface | network-interface-attachment |
	// prefix-list | reservation | route-table | route-table-association |
	// security-group | snapshot | subnet | subnet-cidr-block-association | volume |
	// vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
	// vpn-connection | vpn-gateway. These settings apply to the principal specified in
	// the request. They do not apply to the principal that makes the request.
	DescribeIdentityIdFormat(ctx context.Context, params *DescribeIdentityIdFormatInput, optFns ...func(*Options)) (*DescribeIdentityIdFormatOutput, error)
	// Describes the specified attribute of the specified AMI. You can specify only one
	// attribute at a time.
	DescribeImageAttribute(ctx context.Context, params *DescribeImageAttributeInput, optFns ...func(*Options)) (*DescribeImageAttributeOutput, error)
	// Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of
	// the images available to you. The images available to you include public images,
	// private images that you own, and private images owned by other Amazon Web
	// Services accounts for which you have explicit launch permissions. Recently
	// deregistered images appear in the returned results for a short interval and then
	// return empty results. After all instances that reference a deregistered AMI are
	// terminated, specifying the ID of the image will eventually return an error
	// indicating that the AMI ID cannot be found.
	DescribeImages(ctx context.Context, params *DescribeImagesInput, optFns ...func(*Options)) (*DescribeImagesOutput, error)
	// Displays details about an import virtual machine or import snapshot tasks that
	// are already created.
	DescribeImportImageTasks(ctx context.Context, params *DescribeImportImageTasksInput, optFns ...func(*Options)) (*DescribeImportImageTasksOutput, error)
	// Describes your import snapshot tasks.
	DescribeImportSnapshotTasks(ctx context.Context, params *DescribeImportSnapshotTasksInput, optFns ...func(*Options)) (*DescribeImportSnapshotTasksOutput, error)
	// Describes the specified attribute of the specified instance. You can specify
	// only one attribute at a time. Valid attribute values are: instanceType | kernel
	// | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior
	// | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck |
	// groupSet | ebsOptimized | sriovNetSupport
	DescribeInstanceAttribute(ctx context.Context, params *DescribeInstanceAttributeInput, optFns ...func(*Options)) (*DescribeInstanceAttributeOutput, error)
	// Describes the credit option for CPU usage of the specified burstable performance
	// instances. The credit options are standard and unlimited. If you do not specify
	// an instance ID, Amazon EC2 returns burstable performance instances with the
	// unlimited credit option, as well as instances that were previously configured as
	// T2, T3, and T3a with the unlimited credit option. For example, if you resize a
	// T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2
	// returns the M4 instance. If you specify one or more instance IDs, Amazon EC2
	// returns the credit option (standard or unlimited) of those instances. If you
	// specify an instance ID that is not valid, such as an instance that is not a
	// burstable performance instance, an error is returned. Recently terminated
	// instances might appear in the returned results. This interval is usually less
	// than one hour. If an Availability Zone is experiencing a service disruption and
	// you specify instance IDs in the affected zone, or do not specify any instance
	// IDs at all, the call fails. If you specify only instance IDs in an unaffected
	// zone, the call works normally. For more information, see Burstable performance
	// instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
	// in the Amazon EC2 User Guide.
	DescribeInstanceCreditSpecifications(ctx context.Context, params *DescribeInstanceCreditSpecificationsInput, optFns ...func(*Options)) (*DescribeInstanceCreditSpecificationsOutput, error)
	// Describes the tag keys that are registered to appear in scheduled event
	// notifications for resources in the current Region.
	DescribeInstanceEventNotificationAttributes(ctx context.Context, params *DescribeInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DescribeInstanceEventNotificationAttributesOutput, error)
	// Describes the specified event windows or all event windows. If you specify event
	// window IDs, the output includes information for only the specified event
	// windows. If you specify filters, the output includes information for only those
	// event windows that meet the filter criteria. If you do not specify event windows
	// IDs or filters, the output includes information for all event windows, which can
	// affect performance. We recommend that you use pagination to ensure that the
	// operation returns quickly and successfully. For more information, see Define
	// event windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	DescribeInstanceEventWindows(ctx context.Context, params *DescribeInstanceEventWindowsInput, optFns ...func(*Options)) (*DescribeInstanceEventWindowsOutput, error)
	// Describes the status of the specified instances or all of your instances. By
	// default, only running instances are described, unless you specifically indicate
	// to return the status of all instances. Instance status includes the following
	// components:
	//
	// * Status checks - Amazon EC2 performs status checks on running EC2
	// instances to identify hardware and software issues. For more information, see
	// Status checks for your instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html)
	// and Troubleshoot instances with failed status checks
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html)
	// in the Amazon EC2 User Guide.
	//
	// * Scheduled events - Amazon EC2 can schedule
	// events (such as reboot, stop, or terminate) for your instances related to
	// hardware issues, software updates, or system maintenance. For more information,
	// see Scheduled events for your instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html)
	// in the Amazon EC2 User Guide.
	//
	// * Instance state - You can manage your instances
	// from the moment you launch them through their termination. For more information,
	// see Instance lifecycle
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
	// in the Amazon EC2 User Guide.
	DescribeInstanceStatus(ctx context.Context, params *DescribeInstanceStatusInput, optFns ...func(*Options)) (*DescribeInstanceStatusOutput, error)
	// Returns a list of all instance types offered. The results can be filtered by
	// location (Region or Availability Zone). If no location is specified, the
	// instance types offered in the current Region are returned.
	DescribeInstanceTypeOfferings(ctx context.Context, params *DescribeInstanceTypeOfferingsInput, optFns ...func(*Options)) (*DescribeInstanceTypeOfferingsOutput, error)
	// Describes the details of the instance types that are offered in a location. The
	// results can be filtered by the attributes of the instance types.
	DescribeInstanceTypes(ctx context.Context, params *DescribeInstanceTypesInput, optFns ...func(*Options)) (*DescribeInstanceTypesOutput, error)
	// Describes the specified instances or all instances. If you specify instance IDs,
	// the output includes information for only the specified instances. If you specify
	// filters, the output includes information for only those instances that meet the
	// filter criteria. If you do not specify instance IDs or filters, the output
	// includes information for all instances, which can affect performance. We
	// recommend that you use pagination to ensure that the operation returns quickly
	// and successfully. If you specify an instance ID that is not valid, an error is
	// returned. If you specify an instance that you do not own, it is not included in
	// the output. Recently terminated instances might appear in the returned results.
	// This interval is usually less than one hour. If you describe instances in the
	// rare case where an Availability Zone is experiencing a service disruption and
	// you specify instance IDs that are in the affected zone, or do not specify any
	// instance IDs at all, the call fails. If you describe instances and specify only
	// instance IDs that are in an unaffected zone, the call works normally.
	DescribeInstances(ctx context.Context, params *DescribeInstancesInput, optFns ...func(*Options)) (*DescribeInstancesOutput, error)
	// Describes one or more of your internet gateways.
	DescribeInternetGateways(ctx context.Context, params *DescribeInternetGatewaysInput, optFns ...func(*Options)) (*DescribeInternetGatewaysOutput, error)
	// Get information about your IPAM pools.
	DescribeIpamPools(ctx context.Context, params *DescribeIpamPoolsInput, optFns ...func(*Options)) (*DescribeIpamPoolsOutput, error)
	// Get information about your IPAM scopes.
	DescribeIpamScopes(ctx context.Context, params *DescribeIpamScopesInput, optFns ...func(*Options)) (*DescribeIpamScopesOutput, error)
	// Get information about your IPAM pools. For more information, see What is IPAM?
	// in the Amazon VPC IPAM User Guide.
	DescribeIpams(ctx context.Context, params *DescribeIpamsInput, optFns ...func(*Options)) (*DescribeIpamsOutput, error)
	// Describes your IPv6 address pools.
	DescribeIpv6Pools(ctx context.Context, params *DescribeIpv6PoolsInput, optFns ...func(*Options)) (*DescribeIpv6PoolsOutput, error)
	// Describes the specified key pairs or all of your key pairs. For more information
	// about key pairs, see Amazon EC2 key pairs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DescribeKeyPairs(ctx context.Context, params *DescribeKeyPairsInput, optFns ...func(*Options)) (*DescribeKeyPairsOutput, error)
	// Describes one or more versions of a specified launch template. You can describe
	// all versions, individual versions, or a range of versions. You can also describe
	// all the latest versions or all the default versions of all the launch templates
	// in your account.
	DescribeLaunchTemplateVersions(ctx context.Context, params *DescribeLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DescribeLaunchTemplateVersionsOutput, error)
	// Describes one or more launch templates.
	DescribeLaunchTemplates(ctx context.Context, params *DescribeLaunchTemplatesInput, optFns ...func(*Options)) (*DescribeLaunchTemplatesOutput, error)
	// Describes the associations between virtual interface groups and local gateway
	// route tables.
	DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error)
	// Describes the specified associations between VPCs and local gateway route
	// tables.
	DescribeLocalGatewayRouteTableVpcAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVpcAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVpcAssociationsOutput, error)
	// Describes one or more local gateway route tables. By default, all local gateway
	// route tables are described. Alternatively, you can filter the results.
	DescribeLocalGatewayRouteTables(ctx context.Context, params *DescribeLocalGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTablesOutput, error)
	// Describes the specified local gateway virtual interface groups.
	DescribeLocalGatewayVirtualInterfaceGroups(ctx context.Context, params *DescribeLocalGatewayVirtualInterfaceGroupsInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfaceGroupsOutput, error)
	// Describes the specified local gateway virtual interfaces.
	DescribeLocalGatewayVirtualInterfaces(ctx context.Context, params *DescribeLocalGatewayVirtualInterfacesInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfacesOutput, error)
	// Describes one or more local gateways. By default, all local gateways are
	// described. Alternatively, you can filter the results.
	DescribeLocalGateways(ctx context.Context, params *DescribeLocalGatewaysInput, optFns ...func(*Options)) (*DescribeLocalGatewaysOutput, error)
	// Describes your managed prefix lists and any Amazon Web Services-managed prefix
	// lists. To view the entries for your prefix list, use
	// GetManagedPrefixListEntries.
	DescribeManagedPrefixLists(ctx context.Context, params *DescribeManagedPrefixListsInput, optFns ...func(*Options)) (*DescribeManagedPrefixListsOutput, error)
	// Describes your Elastic IP addresses that are being moved to the EC2-VPC
	// platform, or that are being restored to the EC2-Classic platform. This request
	// does not return information about any other Elastic IP addresses in your
	// account.
	DescribeMovingAddresses(ctx context.Context, params *DescribeMovingAddressesInput, optFns ...func(*Options)) (*DescribeMovingAddressesOutput, error)
	// Describes one or more of your NAT gateways.
	DescribeNatGateways(ctx context.Context, params *DescribeNatGatewaysInput, optFns ...func(*Options)) (*DescribeNatGatewaysOutput, error)
	// Describes one or more of your network ACLs. For more information, see Network
	// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the
	// Amazon Virtual Private Cloud User Guide.
	DescribeNetworkAcls(ctx context.Context, params *DescribeNetworkAclsInput, optFns ...func(*Options)) (*DescribeNetworkAclsOutput, error)
	// Describes the specified Network Access Scope analyses.
	DescribeNetworkInsightsAccessScopeAnalyses(ctx context.Context, params *DescribeNetworkInsightsAccessScopeAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopeAnalysesOutput, error)
	// Describes the specified Network Access Scopes.
	DescribeNetworkInsightsAccessScopes(ctx context.Context, params *DescribeNetworkInsightsAccessScopesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopesOutput, error)
	// Describes one or more of your network insights analyses.
	DescribeNetworkInsightsAnalyses(ctx context.Context, params *DescribeNetworkInsightsAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAnalysesOutput, error)
	// Describes one or more of your paths.
	DescribeNetworkInsightsPaths(ctx context.Context, params *DescribeNetworkInsightsPathsInput, optFns ...func(*Options)) (*DescribeNetworkInsightsPathsOutput, error)
	// Describes a network interface attribute. You can specify only one attribute at a
	// time.
	DescribeNetworkInterfaceAttribute(ctx context.Context, params *DescribeNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*DescribeNetworkInterfaceAttributeOutput, error)
	// Describes the permissions for your network interfaces.
	DescribeNetworkInterfacePermissions(ctx context.Context, params *DescribeNetworkInterfacePermissionsInput, optFns ...func(*Options)) (*DescribeNetworkInterfacePermissionsOutput, error)
	// Describes one or more of your network interfaces.
	DescribeNetworkInterfaces(ctx context.Context, params *DescribeNetworkInterfacesInput, optFns ...func(*Options)) (*DescribeNetworkInterfacesOutput, error)
	// Describes the specified placement groups or all of your placement groups. For
	// more information, see Placement groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
	// the Amazon EC2 User Guide.
	DescribePlacementGroups(ctx context.Context, params *DescribePlacementGroupsInput, optFns ...func(*Options)) (*DescribePlacementGroupsOutput, error)
	// Describes available Amazon Web Services services in a prefix list format, which
	// includes the prefix list name and prefix list ID of the service and the IP
	// address range for the service. We recommend that you use
	// DescribeManagedPrefixLists instead.
	DescribePrefixLists(ctx context.Context, params *DescribePrefixListsInput, optFns ...func(*Options)) (*DescribePrefixListsOutput, error)
	// Describes the ID format settings for the root user and all IAM roles and IAM
	// users that have explicitly specified a longer ID (17-character ID) preference.
	// By default, all IAM roles and IAM users default to the same ID settings as the
	// root user, unless they explicitly override the settings. This request is useful
	// for identifying those IAM users and IAM roles that have overridden the default
	// ID settings. The following resource types support longer IDs: bundle |
	// conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation |
	// elastic-ip-association | export-task | flow-log | image | import-task | instance
	// | internet-gateway | network-acl | network-acl-association | network-interface |
	// network-interface-attachment | prefix-list | reservation | route-table |
	// route-table-association | security-group | snapshot | subnet |
	// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
	// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.
	DescribePrincipalIdFormat(ctx context.Context, params *DescribePrincipalIdFormatInput, optFns ...func(*Options)) (*DescribePrincipalIdFormatOutput, error)
	// Describes the specified IPv4 address pools.
	DescribePublicIpv4Pools(ctx context.Context, params *DescribePublicIpv4PoolsInput, optFns ...func(*Options)) (*DescribePublicIpv4PoolsOutput, error)
	// Describes the Regions that are enabled for your account, or all Regions. For a
	// list of the Regions supported by Amazon EC2, see  Amazon Elastic Compute Cloud
	// endpoints and quotas
	// (https://docs.aws.amazon.com/general/latest/gr/ec2-service.html). For
	// information about enabling and disabling Regions for your account, see Managing
	// Amazon Web Services Regions
	// (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html) in the Amazon
	// Web Services General Reference.
	DescribeRegions(ctx context.Context, params *DescribeRegionsInput, optFns ...func(*Options)) (*DescribeRegionsOutput, error)
	// Describes a root volume replacement task. For more information, see Replace a
	// root volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root)
	// in the Amazon Elastic Compute Cloud User Guide.
	DescribeReplaceRootVolumeTasks(ctx context.Context, params *DescribeReplaceRootVolumeTasksInput, optFns ...func(*Options)) (*DescribeReplaceRootVolumeTasksOutput, error)
	// Describes one or more of the Reserved Instances that you purchased. For more
	// information about Reserved Instances, see Reserved Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html)
	// in the Amazon EC2 User Guide.
	DescribeReservedInstances(ctx context.Context, params *DescribeReservedInstancesInput, optFns ...func(*Options)) (*DescribeReservedInstancesOutput, error)
	// Describes your account's Reserved Instance listings in the Reserved Instance
	// Marketplace. The Reserved Instance Marketplace matches sellers who want to
	// resell Reserved Instance capacity that they no longer need with buyers who want
	// to purchase additional capacity. Reserved Instances bought and sold through the
	// Reserved Instance Marketplace work like any other Reserved Instances. As a
	// seller, you choose to list some or all of your Reserved Instances, and you
	// specify the upfront price to receive for them. Your Reserved Instances are then
	// listed in the Reserved Instance Marketplace and are available for purchase. As a
	// buyer, you specify the configuration of the Reserved Instance to purchase, and
	// the Marketplace matches what you're searching for with what's available. The
	// Marketplace first sells the lowest priced Reserved Instances to you, and
	// continues to sell available Reserved Instance listings to you until your demand
	// is met. You are charged based on the total price of all of the listings that you
	// purchase. For more information, see Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	DescribeReservedInstancesListings(ctx context.Context, params *DescribeReservedInstancesListingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesListingsOutput, error)
	// Describes the modifications made to your Reserved Instances. If no parameter is
	// specified, information about all your Reserved Instances modification requests
	// is returned. If a modification ID is specified, only information about the
	// specific modification is returned. For more information, see Modifying Reserved
	// Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the
	// Amazon EC2 User Guide.
	DescribeReservedInstancesModifications(ctx context.Context, params *DescribeReservedInstancesModificationsInput, optFns ...func(*Options)) (*DescribeReservedInstancesModificationsOutput, error)
	// Describes Reserved Instance offerings that are available for purchase. With
	// Reserved Instances, you purchase the right to launch instances for a period of
	// time. During that time period, you do not receive insufficient capacity errors,
	// and you pay a lower usage rate than the rate charged for On-Demand instances for
	// the actual time used. If you have listed your own Reserved Instances for sale in
	// the Reserved Instance Marketplace, they will be excluded from these results.
	// This is to ensure that you do not purchase your own Reserved Instances. For more
	// information, see Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	DescribeReservedInstancesOfferings(ctx context.Context, params *DescribeReservedInstancesOfferingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesOfferingsOutput, error)
	// Describes one or more of your route tables. Each subnet in your VPC must be
	// associated with a route table. If a subnet is not explicitly associated with any
	// route table, it is implicitly associated with the main route table. This command
	// does not return the subnet ID for implicit associations. For more information,
	// see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	DescribeRouteTables(ctx context.Context, params *DescribeRouteTablesInput, optFns ...func(*Options)) (*DescribeRouteTablesOutput, error)
	// Finds available schedules that meet the specified criteria. You can search for
	// an available schedule no more than 3 months in advance. You must meet the
	// minimum required duration of 1,200 hours per year. For example, the minimum
	// daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the
	// minimum monthly schedule is 100 hours. After you find a schedule that meets your
	// needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that
	// schedule.
	DescribeScheduledInstanceAvailability(ctx context.Context, params *DescribeScheduledInstanceAvailabilityInput, optFns ...func(*Options)) (*DescribeScheduledInstanceAvailabilityOutput, error)
	// Describes the specified Scheduled Instances or all your Scheduled Instances.
	DescribeScheduledInstances(ctx context.Context, params *DescribeScheduledInstancesInput, optFns ...func(*Options)) (*DescribeScheduledInstancesOutput, error)
	// [VPC only] Describes the VPCs on the other side of a VPC peering connection that
	// are referencing the security groups you've specified in this request.
	DescribeSecurityGroupReferences(ctx context.Context, params *DescribeSecurityGroupReferencesInput, optFns ...func(*Options)) (*DescribeSecurityGroupReferencesOutput, error)
	// Describes one or more of your security group rules.
	DescribeSecurityGroupRules(ctx context.Context, params *DescribeSecurityGroupRulesInput, optFns ...func(*Options)) (*DescribeSecurityGroupRulesOutput, error)
	// Describes the specified security groups or all of your security groups. A
	// security group is for use with instances either in the EC2-Classic platform or
	// in a specific VPC. For more information, see Amazon EC2 security groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html)
	// in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC
	// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html)
	// in the Amazon Virtual Private Cloud User Guide.
	DescribeSecurityGroups(ctx context.Context, params *DescribeSecurityGroupsInput, optFns ...func(*Options)) (*DescribeSecurityGroupsOutput, error)
	// Describes the specified attribute of the specified snapshot. You can specify
	// only one attribute at a time. For more information about EBS snapshots, see
	// Amazon EBS snapshots
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DescribeSnapshotAttribute(ctx context.Context, params *DescribeSnapshotAttributeInput, optFns ...func(*Options)) (*DescribeSnapshotAttributeOutput, error)
	// Describes the storage tier status of one or more Amazon EBS snapshots.
	DescribeSnapshotTierStatus(ctx context.Context, params *DescribeSnapshotTierStatusInput, optFns ...func(*Options)) (*DescribeSnapshotTierStatusOutput, error)
	// Describes the specified EBS snapshots available to you or all of the EBS
	// snapshots available to you. The snapshots available to you include public
	// snapshots, private snapshots that you own, and private snapshots owned by other
	// Amazon Web Services accounts for which you have explicit create volume
	// permissions. The create volume permissions fall into the following
	// categories:
	//
	// * public: The owner of the snapshot granted create volume
	// permissions for the snapshot to the all group. All Amazon Web Services accounts
	// have create volume permissions for these snapshots.
	//
	// * explicit: The owner of
	// the snapshot granted create volume permissions to a specific Amazon Web Services
	// account.
	//
	// * implicit: An Amazon Web Services account has implicit create volume
	// permissions for all snapshots it owns.
	//
	// The list of snapshots returned can be
	// filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services
	// accounts with create volume permissions. If no options are specified, Amazon EC2
	// returns all snapshots for which you have create volume permissions. If you
	// specify one or more snapshot IDs, only snapshots that have the specified IDs are
	// returned. If you specify an invalid snapshot ID, an error is returned. If you
	// specify a snapshot ID for which you do not have access, it is not included in
	// the returned results. If you specify one or more snapshot owners using the
	// OwnerIds option, only snapshots from the specified owners and for which you have
	// access are returned. The results can include the Amazon Web Services account IDs
	// of the specified owners, amazon for snapshots owned by Amazon, or self for
	// snapshots that you own. If you specify a list of restorable users, only
	// snapshots with create snapshot permissions for those users are returned. You can
	// specify Amazon Web Services account IDs (if you own the snapshots), self for
	// snapshots for which you own or have explicit permissions, or all for public
	// snapshots. If you are describing a long list of snapshots, we recommend that you
	// paginate the output to make the list more manageable. The MaxResults parameter
	// sets the maximum number of results returned in a single page. If the list of
	// results exceeds your MaxResults value, then that number of results is returned
	// along with a NextToken value that can be passed to a subsequent
	// DescribeSnapshots request to retrieve the remaining results. To get the state of
	// fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores. For
	// more information about EBS snapshots, see Amazon EBS snapshots
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DescribeSnapshots(ctx context.Context, params *DescribeSnapshotsInput, optFns ...func(*Options)) (*DescribeSnapshotsOutput, error)
	// Describes the data feed for Spot Instances. For more information, see Spot
	// Instance data feed
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in
	// the Amazon EC2 User Guide for Linux Instances.
	DescribeSpotDatafeedSubscription(ctx context.Context, params *DescribeSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DescribeSpotDatafeedSubscriptionOutput, error)
	// Describes the running instances for the specified Spot Fleet.
	DescribeSpotFleetInstances(ctx context.Context, params *DescribeSpotFleetInstancesInput, optFns ...func(*Options)) (*DescribeSpotFleetInstancesOutput, error)
	// Describes the events for the specified Spot Fleet request during the specified
	// time. Spot Fleet events are delayed by up to 30 seconds before they can be
	// described. This ensures that you can query by the last evaluated time and not
	// miss a recorded event. Spot Fleet events are available for 48 hours. For more
	// information, see Monitor fleet events using Amazon EventBridge
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the
	// Amazon EC2 User Guide for Linux Instances.
	DescribeSpotFleetRequestHistory(ctx context.Context, params *DescribeSpotFleetRequestHistoryInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestHistoryOutput, error)
	// Describes your Spot Fleet requests. Spot Fleet requests are deleted 48 hours
	// after they are canceled and their instances are terminated.
	DescribeSpotFleetRequests(ctx context.Context, params *DescribeSpotFleetRequestsInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestsOutput, error)
	// Describes the specified Spot Instance requests. You can use
	// DescribeSpotInstanceRequests to find a running Spot Instance by examining the
	// response. If the status of the Spot Instance is fulfilled, the instance ID
	// appears in the response and contains the identifier of the instance.
	// Alternatively, you can use DescribeInstances
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances)
	// with a filter to look for instances where the instance lifecycle is spot. We
	// recommend that you set MaxResults to a value between 5 and 1000 to limit the
	// number of results returned. This paginates the output, which makes the list more
	// manageable and returns the results faster. If the list of results exceeds your
	// MaxResults value, then that number of results is returned along with a NextToken
	// value that can be passed to a subsequent DescribeSpotInstanceRequests request to
	// retrieve the remaining results. Spot Instance requests are deleted four hours
	// after they are canceled and their instances are terminated.
	DescribeSpotInstanceRequests(ctx context.Context, params *DescribeSpotInstanceRequestsInput, optFns ...func(*Options)) (*DescribeSpotInstanceRequestsOutput, error)
	// Describes the Spot price history. For more information, see Spot Instance
	// pricing history
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances-history.html)
	// in the Amazon EC2 User Guide for Linux Instances. When you specify a start and
	// end time, the operation returns the prices of the instance types within that
	// time range. It also returns the last price change before the start time, which
	// is the effective price as of the start time.
	DescribeSpotPriceHistory(ctx context.Context, params *DescribeSpotPriceHistoryInput, optFns ...func(*Options)) (*DescribeSpotPriceHistoryOutput, error)
	// [VPC only] Describes the stale security group rules for security groups in a
	// specified VPC. Rules are stale when they reference a deleted security group in
	// the same VPC or in a peer VPC, or if they reference a security group in a peer
	// VPC for which the VPC peering connection has been deleted.
	DescribeStaleSecurityGroups(ctx context.Context, params *DescribeStaleSecurityGroupsInput, optFns ...func(*Options)) (*DescribeStaleSecurityGroupsOutput, error)
	// Describes the progress of the AMI store tasks. You can describe the store tasks
	// for specified AMIs. If you don't specify the AMIs, you get a paginated list of
	// store tasks from the last 31 days. For each AMI task, the response indicates if
	// the task is InProgress, Completed, or Failed. For tasks InProgress, the response
	// shows the estimated progress as a percentage. Tasks are listed in reverse
	// chronological order. Currently, only tasks from the past 31 days can be viewed.
	// To use this API, you must have the required permissions. For more information,
	// see Permissions for storing and restoring AMIs using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
	// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
	// and restore an AMI using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	DescribeStoreImageTasks(ctx context.Context, params *DescribeStoreImageTasksInput, optFns ...func(*Options)) (*DescribeStoreImageTasksOutput, error)
	// Describes one or more of your subnets. For more information, see Your VPC and
	// subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in
	// the Amazon Virtual Private Cloud User Guide.
	DescribeSubnets(ctx context.Context, params *DescribeSubnetsInput, optFns ...func(*Options)) (*DescribeSubnetsOutput, error)
	// Describes the specified tags for your EC2 resources. For more information about
	// tags, see Tagging Your Resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
	// Describes one or more Traffic Mirror filters.
	DescribeTrafficMirrorFilters(ctx context.Context, params *DescribeTrafficMirrorFiltersInput, optFns ...func(*Options)) (*DescribeTrafficMirrorFiltersOutput, error)
	// Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror
	// sessions are described. Alternatively, you can filter the results.
	DescribeTrafficMirrorSessions(ctx context.Context, params *DescribeTrafficMirrorSessionsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorSessionsOutput, error)
	// Information about one or more Traffic Mirror targets.
	DescribeTrafficMirrorTargets(ctx context.Context, params *DescribeTrafficMirrorTargetsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorTargetsOutput, error)
	// Describes one or more attachments between resources and transit gateways. By
	// default, all attachments are described. Alternatively, you can filter the
	// results by attachment ID, attachment state, resource ID, or resource owner.
	DescribeTransitGatewayAttachments(ctx context.Context, params *DescribeTransitGatewayAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayAttachmentsOutput, error)
	// Describes one or more Connect peers.
	DescribeTransitGatewayConnectPeers(ctx context.Context, params *DescribeTransitGatewayConnectPeersInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectPeersOutput, error)
	// Describes one or more Connect attachments.
	DescribeTransitGatewayConnects(ctx context.Context, params *DescribeTransitGatewayConnectsInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectsOutput, error)
	// Describes one or more transit gateway multicast domains.
	DescribeTransitGatewayMulticastDomains(ctx context.Context, params *DescribeTransitGatewayMulticastDomainsInput, optFns ...func(*Options)) (*DescribeTransitGatewayMulticastDomainsOutput, error)
	// Describes your transit gateway peering attachments.
	DescribeTransitGatewayPeeringAttachments(ctx context.Context, params *DescribeTransitGatewayPeeringAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayPeeringAttachmentsOutput, error)
	// Describes one or more transit gateway route tables. By default, all transit
	// gateway route tables are described. Alternatively, you can filter the results.
	DescribeTransitGatewayRouteTables(ctx context.Context, params *DescribeTransitGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeTransitGatewayRouteTablesOutput, error)
	// Describes one or more VPC attachments. By default, all VPC attachments are
	// described. Alternatively, you can filter the results.
	DescribeTransitGatewayVpcAttachments(ctx context.Context, params *DescribeTransitGatewayVpcAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayVpcAttachmentsOutput, error)
	// Describes one or more transit gateways. By default, all transit gateways are
	// described. Alternatively, you can filter the results.
	DescribeTransitGateways(ctx context.Context, params *DescribeTransitGatewaysInput, optFns ...func(*Options)) (*DescribeTransitGatewaysOutput, error)
	// This API action is currently in limited preview only. If you are interested in
	// using this feature, contact your account manager. Describes one or more network
	// interface trunk associations.
	DescribeTrunkInterfaceAssociations(ctx context.Context, params *DescribeTrunkInterfaceAssociationsInput, optFns ...func(*Options)) (*DescribeTrunkInterfaceAssociationsOutput, error)
	// Describes the specified attribute of the specified volume. You can specify only
	// one attribute at a time. For more information about EBS volumes, see Amazon EBS
	// volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	DescribeVolumeAttribute(ctx context.Context, params *DescribeVolumeAttributeInput, optFns ...func(*Options)) (*DescribeVolumeAttributeOutput, error)
	// Describes the status of the specified volumes. Volume status provides the result
	// of the checks performed on your volumes to determine events that can impair the
	// performance of your volumes. The performance of a volume can be affected if an
	// issue occurs on the volume's underlying host. If the volume's underlying host
	// experiences a power outage or system issue, after the system is restored, there
	// could be data inconsistencies on the volume. Volume events notify you if this
	// occurs. Volume actions notify you if any action needs to be taken in response to
	// the event. The DescribeVolumeStatus operation provides the following information
	// about the specified volumes: Status: Reflects the current status of the volume.
	// The possible values are ok, impaired , warning, or insufficient-data. If all
	// checks pass, the overall status of the volume is ok. If the check fails, the
	// overall status is impaired. If the status is insufficient-data, then the checks
	// might still be taking place on your volume at the time. We recommend that you
	// retry the request. For more information about volume status, see Monitor the
	// status of your volumes
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html)
	// in the Amazon Elastic Compute Cloud User Guide. Events: Reflect the cause of a
	// volume status and might require you to take action. For example, if your volume
	// returns an impaired status, then the volume event might be
	// potential-data-inconsistency. This means that your volume has been affected by
	// an issue with the underlying host, has all I/O operations disabled, and might
	// have inconsistent data. Actions: Reflect the actions you might have to take in
	// response to an event. For example, if the status of the volume is impaired and
	// the volume event shows potential-data-inconsistency, then the action shows
	// enable-volume-io. This means that you may want to enable the I/O operations for
	// the volume by calling the EnableVolumeIO action and then check the volume for
	// data consistency. Volume status is based on the volume status checks, and does
	// not reflect the volume state. Therefore, volume status does not indicate volumes
	// in the error state (for example, when a volume is incapable of accepting I/O.)
	DescribeVolumeStatus(ctx context.Context, params *DescribeVolumeStatusInput, optFns ...func(*Options)) (*DescribeVolumeStatusOutput, error)
	// Describes the specified EBS volumes or all of your EBS volumes. If you are
	// describing a long list of volumes, we recommend that you paginate the output to
	// make the list more manageable. The MaxResults parameter sets the maximum number
	// of results returned in a single page. If the list of results exceeds your
	// MaxResults value, then that number of results is returned along with a NextToken
	// value that can be passed to a subsequent DescribeVolumes request to retrieve the
	// remaining results. For more information about EBS volumes, see Amazon EBS
	// volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	DescribeVolumes(ctx context.Context, params *DescribeVolumesInput, optFns ...func(*Options)) (*DescribeVolumesOutput, error)
	// Describes the most recent volume modification request for the specified EBS
	// volumes. If a volume has never been modified, some information in the output
	// will be null. If a volume has been modified more than once, the output includes
	// only the most recent modification request. You can also use CloudWatch Events to
	// check the status of a modification to an EBS volume. For information about
	// CloudWatch Events, see the Amazon CloudWatch Events User Guide
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). For more
	// information, see Monitor the progress of volume modifications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DescribeVolumesModifications(ctx context.Context, params *DescribeVolumesModificationsInput, optFns ...func(*Options)) (*DescribeVolumesModificationsOutput, error)
	// Describes the specified attribute of the specified VPC. You can specify only one
	// attribute at a time.
	DescribeVpcAttribute(ctx context.Context, params *DescribeVpcAttributeInput, optFns ...func(*Options)) (*DescribeVpcAttributeOutput, error)
	// Describes the ClassicLink status of one or more VPCs.
	DescribeVpcClassicLink(ctx context.Context, params *DescribeVpcClassicLinkInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkOutput, error)
	// Describes the ClassicLink DNS support status of one or more VPCs. If enabled,
	// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
	// address when addressed from an instance in the VPC to which it's linked.
	// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
	// address when addressed from a linked EC2-Classic instance. For more information,
	// see ClassicLink
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	DescribeVpcClassicLinkDnsSupport(ctx context.Context, params *DescribeVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkDnsSupportOutput, error)
	// Describes the connection notifications for VPC endpoints and VPC endpoint
	// services.
	DescribeVpcEndpointConnectionNotifications(ctx context.Context, params *DescribeVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionNotificationsOutput, error)
	// Describes the VPC endpoint connections to your VPC endpoint services, including
	// any endpoints that are pending your acceptance.
	DescribeVpcEndpointConnections(ctx context.Context, params *DescribeVpcEndpointConnectionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionsOutput, error)
	// Describes the VPC endpoint service configurations in your account (your
	// services).
	DescribeVpcEndpointServiceConfigurations(ctx context.Context, params *DescribeVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServiceConfigurationsOutput, error)
	// Describes the principals (service consumers) that are permitted to discover your
	// VPC endpoint service.
	DescribeVpcEndpointServicePermissions(ctx context.Context, params *DescribeVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicePermissionsOutput, error)
	// Describes available services to which you can create a VPC endpoint. When the
	// service provider and the consumer have different accounts in multiple
	// Availability Zones, and the consumer views the VPC endpoint service information,
	// the response only includes the common Availability Zones. For example, when the
	// service provider account uses us-east-1a and us-east-1c and the consumer uses
	// us-east-1a and us-east-1b, the response includes the VPC endpoint services in
	// the common Availability Zone, us-east-1a.
	DescribeVpcEndpointServices(ctx context.Context, params *DescribeVpcEndpointServicesInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicesOutput, error)
	// Describes one or more of your VPC endpoints.
	DescribeVpcEndpoints(ctx context.Context, params *DescribeVpcEndpointsInput, optFns ...func(*Options)) (*DescribeVpcEndpointsOutput, error)
	// Describes one or more of your VPC peering connections.
	DescribeVpcPeeringConnections(ctx context.Context, params *DescribeVpcPeeringConnectionsInput, optFns ...func(*Options)) (*DescribeVpcPeeringConnectionsOutput, error)
	// Describes one or more of your VPCs.
	DescribeVpcs(ctx context.Context, params *DescribeVpcsInput, optFns ...func(*Options)) (*DescribeVpcsOutput, error)
	// Describes one or more of your VPN connections. For more information, see Amazon
	// Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	DescribeVpnConnections(ctx context.Context, params *DescribeVpnConnectionsInput, optFns ...func(*Options)) (*DescribeVpnConnectionsOutput, error)
	// Describes one or more of your virtual private gateways. For more information,
	// see Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	DescribeVpnGateways(ctx context.Context, params *DescribeVpnGatewaysInput, optFns ...func(*Options)) (*DescribeVpnGatewaysOutput, error)
	// Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance
	// has been unlinked, the VPC security groups are no longer associated with it. An
	// instance is automatically unlinked from a VPC when it's stopped.
	DetachClassicLinkVpc(ctx context.Context, params *DetachClassicLinkVpcInput, optFns ...func(*Options)) (*DetachClassicLinkVpcOutput, error)
	// Detaches an internet gateway from a VPC, disabling connectivity between the
	// internet and the VPC. The VPC must not contain any running instances with
	// Elastic IP addresses or public IPv4 addresses.
	DetachInternetGateway(ctx context.Context, params *DetachInternetGatewayInput, optFns ...func(*Options)) (*DetachInternetGatewayOutput, error)
	// Detaches a network interface from an instance.
	DetachNetworkInterface(ctx context.Context, params *DetachNetworkInterfaceInput, optFns ...func(*Options)) (*DetachNetworkInterfaceOutput, error)
	// Detaches an EBS volume from an instance. Make sure to unmount any file systems
	// on the device within your operating system before detaching the volume. Failure
	// to do so can result in the volume becoming stuck in the busy state while
	// detaching. If this happens, detachment can be delayed indefinitely until you
	// unmount the volume, force detachment, reboot the instance, or all three. If an
	// EBS volume is the root device of an instance, it can't be detached while the
	// instance is running. To detach the root volume, stop the instance first. When a
	// volume with an Amazon Web Services Marketplace product code is detached from an
	// instance, the product code is no longer associated with the instance. For more
	// information, see Detach an Amazon EBS volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DetachVolume(ctx context.Context, params *DetachVolumeInput, optFns ...func(*Options)) (*DetachVolumeOutput, error)
	// Detaches a virtual private gateway from a VPC. You do this if you're planning to
	// turn off the VPC and not use it anymore. You can confirm a virtual private
	// gateway has been completely detached from a VPC by describing the virtual
	// private gateway (any attachments to the virtual private gateway are also
	// described). You must wait for the attachment's state to switch to detached
	// before you can delete the VPC or attach a different VPC to the virtual private
	// gateway.
	DetachVpnGateway(ctx context.Context, params *DetachVpnGatewayInput, optFns ...func(*Options)) (*DetachVpnGatewayOutput, error)
	// Disables EBS encryption by default for your account in the current Region. After
	// you disable encryption by default, you can still create encrypted volumes by
	// enabling encryption when you create each volume. Disabling encryption by default
	// does not change the encryption status of your existing volumes. For more
	// information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DisableEbsEncryptionByDefault(ctx context.Context, params *DisableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*DisableEbsEncryptionByDefaultOutput, error)
	// Discontinue faster launching for a Windows AMI, and clean up existing
	// pre-provisioned snapshots. When you disable faster launching, the AMI uses the
	// standard launch process for each instance. All pre-provisioned snapshots must be
	// removed before you can enable faster launching again. To change these settings,
	// you must own the AMI.
	DisableFastLaunch(ctx context.Context, params *DisableFastLaunchInput, optFns ...func(*Options)) (*DisableFastLaunchOutput, error)
	// Disables fast snapshot restores for the specified snapshots in the specified
	// Availability Zones.
	DisableFastSnapshotRestores(ctx context.Context, params *DisableFastSnapshotRestoresInput, optFns ...func(*Options)) (*DisableFastSnapshotRestoresOutput, error)
	// Cancels the deprecation of the specified AMI. For more information, see
	// Deprecate an AMI
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DisableImageDeprecation(ctx context.Context, params *DisableImageDeprecationInput, optFns ...func(*Options)) (*DisableImageDeprecationOutput, error)
	// Disable the IPAM account. For more information, see Enable integration with
	// Organizations in the Amazon VPC IPAM User Guide.
	DisableIpamOrganizationAdminAccount(ctx context.Context, params *DisableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*DisableIpamOrganizationAdminAccountOutput, error)
	// Disables access to the EC2 serial console of all instances for your account. By
	// default, access to the EC2 serial console is disabled for your account. For more
	// information, see Manage account access to the EC2 serial console
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
	// in the Amazon EC2 User Guide.
	DisableSerialConsoleAccess(ctx context.Context, params *DisableSerialConsoleAccessInput, optFns ...func(*Options)) (*DisableSerialConsoleAccessOutput, error)
	// Disables the specified resource attachment from propagating routes to the
	// specified propagation route table.
	DisableTransitGatewayRouteTablePropagation(ctx context.Context, params *DisableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*DisableTransitGatewayRouteTablePropagationOutput, error)
	// Disables a virtual private gateway (VGW) from propagating routes to a specified
	// route table of a VPC.
	DisableVgwRoutePropagation(ctx context.Context, params *DisableVgwRoutePropagationInput, optFns ...func(*Options)) (*DisableVgwRoutePropagationOutput, error)
	// Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that
	// has EC2-Classic instances linked to it.
	DisableVpcClassicLink(ctx context.Context, params *DisableVpcClassicLinkInput, optFns ...func(*Options)) (*DisableVpcClassicLinkOutput, error)
	// Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve
	// to public IP addresses when addressed between a linked EC2-Classic instance and
	// instances in the VPC to which it's linked. For more information, see ClassicLink
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
	// the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the
	// request.
	DisableVpcClassicLinkDnsSupport(ctx context.Context, params *DisableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DisableVpcClassicLinkDnsSupportOutput, error)
	// Disassociates an Elastic IP address from the instance or network interface it's
	// associated with. An Elastic IP address is for use in either the EC2-Classic
	// platform or in a VPC. For more information, see Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide. This is an idempotent operation.
	// If you perform the operation more than once, Amazon EC2 doesn't return an error.
	DisassociateAddress(ctx context.Context, params *DisassociateAddressInput, optFns ...func(*Options)) (*DisassociateAddressOutput, error)
	// Disassociates a target network from the specified Client VPN endpoint. When you
	// disassociate the last target network from a Client VPN, the following
	// happens:
	//
	// * The route that was automatically added for the VPC is deleted
	//
	// * All
	// active client connections are terminated
	//
	// * New client connections are
	// disallowed
	//
	// * The Client VPN endpoint's status changes to pending-associate
	DisassociateClientVpnTargetNetwork(ctx context.Context, params *DisassociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*DisassociateClientVpnTargetNetworkOutput, error)
	// Disassociates an IAM role from an Certificate Manager (ACM) certificate.
	// Disassociating an IAM role from an ACM certificate removes the Amazon S3 object
	// that contains the certificate, certificate chain, and encrypted private key from
	// the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS
	// key used to encrypt the private key. This effectively revokes the role's
	// permission to use the certificate.
	DisassociateEnclaveCertificateIamRole(ctx context.Context, params *DisassociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*DisassociateEnclaveCertificateIamRoleOutput, error)
	// Disassociates an IAM instance profile from a running or stopped instance. Use
	// DescribeIamInstanceProfileAssociations to get the association ID.
	DisassociateIamInstanceProfile(ctx context.Context, params *DisassociateIamInstanceProfileInput, optFns ...func(*Options)) (*DisassociateIamInstanceProfileOutput, error)
	// Disassociates one or more targets from an event window. For more information,
	// see Define event windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	DisassociateInstanceEventWindow(ctx context.Context, params *DisassociateInstanceEventWindowInput, optFns ...func(*Options)) (*DisassociateInstanceEventWindowOutput, error)
	// Disassociates a subnet or gateway from a route table. After you perform this
	// action, the subnet no longer uses the routes in the route table. Instead, it
	// uses the routes in the VPC's main route table. For more information about route
	// tables, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	DisassociateRouteTable(ctx context.Context, params *DisassociateRouteTableInput, optFns ...func(*Options)) (*DisassociateRouteTableOutput, error)
	// Disassociates a CIDR block from a subnet. Currently, you can disassociate an
	// IPv6 CIDR block only. You must detach or delete all gateways and resources that
	// are associated with the CIDR block before you can disassociate it.
	DisassociateSubnetCidrBlock(ctx context.Context, params *DisassociateSubnetCidrBlockInput, optFns ...func(*Options)) (*DisassociateSubnetCidrBlockOutput, error)
	// Disassociates the specified subnets from the transit gateway multicast domain.
	DisassociateTransitGatewayMulticastDomain(ctx context.Context, params *DisassociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DisassociateTransitGatewayMulticastDomainOutput, error)
	// Disassociates a resource attachment from a transit gateway route table.
	DisassociateTransitGatewayRouteTable(ctx context.Context, params *DisassociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DisassociateTransitGatewayRouteTableOutput, error)
	// This API action is currently in limited preview only. If you are interested in
	// using this feature, contact your account manager. Removes an association between
	// a branch network interface with a trunk network interface.
	DisassociateTrunkInterface(ctx context.Context, params *DisassociateTrunkInterfaceInput, optFns ...func(*Options)) (*DisassociateTrunkInterfaceOutput, error)
	// Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must
	// specify its association ID. You can get the association ID by using
	// DescribeVpcs. You must detach or delete all gateways and resources that are
	// associated with the CIDR block before you can disassociate it. You cannot
	// disassociate the CIDR block with which you originally created the VPC (the
	// primary CIDR block).
	DisassociateVpcCidrBlock(ctx context.Context, params *DisassociateVpcCidrBlockInput, optFns ...func(*Options)) (*DisassociateVpcCidrBlockOutput, error)
	// Enables EBS encryption by default for your account in the current Region. After
	// you enable encryption by default, the EBS volumes that you create are always
	// encrypted, either using the default KMS key or the KMS key that you specified
	// when you created each volume. For more information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide. You can specify the default KMS key for
	// encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.
	// Enabling encryption by default has no effect on the encryption status of your
	// existing volumes. After you enable encryption by default, you can no longer
	// launch instances using instance types that do not support encryption. For more
	// information, see Supported instance types
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances).
	EnableEbsEncryptionByDefault(ctx context.Context, params *EnableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*EnableEbsEncryptionByDefaultOutput, error)
	// When you enable faster launching for a Windows AMI, images are pre-provisioned,
	// using snapshots to launch instances up to 65% faster. To create the optimized
	// Windows image, Amazon EC2 launches an instance and runs through Sysprep steps,
	// rebooting as required. Then it creates a set of reserved snapshots that are used
	// for subsequent launches. The reserved snapshots are automatically replenished as
	// they are used, depending on your settings for launch frequency. To change these
	// settings, you must own the AMI.
	EnableFastLaunch(ctx context.Context, params *EnableFastLaunchInput, optFns ...func(*Options)) (*EnableFastLaunchOutput, error)
	// Enables fast snapshot restores for the specified snapshots in the specified
	// Availability Zones. You get the full benefit of fast snapshot restores after
	// they enter the enabled state. To get the current state of fast snapshot
	// restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores,
	// use DisableFastSnapshotRestores. For more information, see Amazon EBS fast
	// snapshot restore
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-fast-snapshot-restore.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	EnableFastSnapshotRestores(ctx context.Context, params *EnableFastSnapshotRestoresInput, optFns ...func(*Options)) (*EnableFastSnapshotRestoresOutput, error)
	// Enables deprecation of the specified AMI at the specified date and time. For
	// more information, see Deprecate an AMI
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	EnableImageDeprecation(ctx context.Context, params *EnableImageDeprecationInput, optFns ...func(*Options)) (*EnableImageDeprecationOutput, error)
	// Enable an Organizations member account as the IPAM admin account. You cannot
	// select the Organizations management account as the IPAM admin account. For more
	// information, see Enable integration with Organizations in the Amazon VPC IPAM
	// User Guide.
	EnableIpamOrganizationAdminAccount(ctx context.Context, params *EnableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*EnableIpamOrganizationAdminAccountOutput, error)
	// Enables access to the EC2 serial console of all instances for your account. By
	// default, access to the EC2 serial console is disabled for your account. For more
	// information, see Manage account access to the EC2 serial console
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
	// in the Amazon EC2 User Guide.
	EnableSerialConsoleAccess(ctx context.Context, params *EnableSerialConsoleAccessInput, optFns ...func(*Options)) (*EnableSerialConsoleAccessOutput, error)
	// Enables the specified attachment to propagate routes to the specified
	// propagation route table.
	EnableTransitGatewayRouteTablePropagation(ctx context.Context, params *EnableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*EnableTransitGatewayRouteTablePropagationOutput, error)
	// Enables a virtual private gateway (VGW) to propagate routes to the specified
	// route table of a VPC.
	EnableVgwRoutePropagation(ctx context.Context, params *EnableVgwRoutePropagationInput, optFns ...func(*Options)) (*EnableVgwRoutePropagationOutput, error)
	// Enables I/O operations for a volume that had I/O operations disabled because the
	// data on the volume was potentially inconsistent.
	EnableVolumeIO(ctx context.Context, params *EnableVolumeIOInput, optFns ...func(*Options)) (*EnableVolumeIOOutput, error)
	// Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your
	// ClassicLink-enabled VPC to allow communication over private IP addresses. You
	// cannot enable your VPC for ClassicLink if any of your VPC route tables have
	// existing routes for address ranges within the 10.0.0.0/8 IP address range,
	// excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address
	// ranges. For more information, see ClassicLink
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	EnableVpcClassicLink(ctx context.Context, params *EnableVpcClassicLinkInput, optFns ...func(*Options)) (*EnableVpcClassicLinkOutput, error)
	// Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled,
	// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
	// address when addressed from an instance in the VPC to which it's linked.
	// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
	// address when addressed from a linked EC2-Classic instance. For more information,
	// see ClassicLink
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
	// the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the
	// request.
	EnableVpcClassicLinkDnsSupport(ctx context.Context, params *EnableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*EnableVpcClassicLinkDnsSupportOutput, error)
	// Downloads the client certificate revocation list for the specified Client VPN
	// endpoint.
	ExportClientVpnClientCertificateRevocationList(ctx context.Context, params *ExportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ExportClientVpnClientCertificateRevocationListOutput, error)
	// Downloads the contents of the Client VPN endpoint configuration file for the
	// specified Client VPN endpoint. The Client VPN endpoint configuration file
	// includes the Client VPN endpoint and certificate information clients need to
	// establish a connection with the Client VPN endpoint.
	ExportClientVpnClientConfiguration(ctx context.Context, params *ExportClientVpnClientConfigurationInput, optFns ...func(*Options)) (*ExportClientVpnClientConfigurationOutput, error)
	// Exports an Amazon Machine Image (AMI) to a VM file. For more information, see
	// Exporting a VM directly from an Amazon Machine Image (AMI)
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport_image.html) in
	// the VM Import/Export User Guide.
	ExportImage(ctx context.Context, params *ExportImageInput, optFns ...func(*Options)) (*ExportImageOutput, error)
	// Exports routes from the specified transit gateway route table to the specified
	// S3 bucket. By default, all routes are exported. Alternatively, you can filter by
	// CIDR range. The routes are saved to the specified bucket in a JSON file. For
	// more information, see Export Route Tables to Amazon S3
	// (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html#tgw-export-route-tables)
	// in Transit Gateways.
	ExportTransitGatewayRoutes(ctx context.Context, params *ExportTransitGatewayRoutesInput, optFns ...func(*Options)) (*ExportTransitGatewayRoutesOutput, error)
	// Returns the IAM roles that are associated with the specified ACM (ACM)
	// certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3
	// object key where the certificate, certificate chain, and encrypted private key
	// bundle are stored, and the ARN of the KMS key that's used to encrypt the private
	// key.
	GetAssociatedEnclaveCertificateIamRoles(ctx context.Context, params *GetAssociatedEnclaveCertificateIamRolesInput, optFns ...func(*Options)) (*GetAssociatedEnclaveCertificateIamRolesOutput, error)
	// Gets information about the IPv6 CIDR block associations for a specified IPv6
	// address pool.
	GetAssociatedIpv6PoolCidrs(ctx context.Context, params *GetAssociatedIpv6PoolCidrsInput, optFns ...func(*Options)) (*GetAssociatedIpv6PoolCidrsOutput, error)
	// Gets usage information about a Capacity Reservation. If the Capacity Reservation
	// is shared, it shows usage information for the Capacity Reservation owner and
	// each Amazon Web Services account that is currently using the shared capacity. If
	// the Capacity Reservation is not shared, it shows only the Capacity Reservation
	// owner's usage.
	GetCapacityReservationUsage(ctx context.Context, params *GetCapacityReservationUsageInput, optFns ...func(*Options)) (*GetCapacityReservationUsageOutput, error)
	// Describes the allocations from the specified customer-owned address pool.
	GetCoipPoolUsage(ctx context.Context, params *GetCoipPoolUsageInput, optFns ...func(*Options)) (*GetCoipPoolUsageOutput, error)
	// Gets the console output for the specified instance. For Linux instances, the
	// instance console output displays the exact console output that would normally be
	// displayed on a physical monitor attached to a computer. For Windows instances,
	// the instance console output includes the last three system event log errors. By
	// default, the console output returns buffered information that was posted shortly
	// after an instance transition state (start, stop, reboot, or terminate). This
	// information is available for at least one hour after the most recent post. Only
	// the most recent 64 KB of console output is available. You can optionally
	// retrieve the latest serial console output at any time during the instance
	// lifecycle. This option is supported on instance types that use the Nitro
	// hypervisor. For more information, see Instance console output
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html#instance-console-console-output)
	// in the Amazon EC2 User Guide.
	GetConsoleOutput(ctx context.Context, params *GetConsoleOutputInput, optFns ...func(*Options)) (*GetConsoleOutputOutput, error)
	// Retrieve a JPG-format screenshot of a running instance to help with
	// troubleshooting. The returned content is Base64-encoded.
	GetConsoleScreenshot(ctx context.Context, params *GetConsoleScreenshotInput, optFns ...func(*Options)) (*GetConsoleScreenshotOutput, error)
	// Describes the default credit option for CPU usage of a burstable performance
	// instance family. For more information, see Burstable performance instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
	// in the Amazon EC2 User Guide.
	GetDefaultCreditSpecification(ctx context.Context, params *GetDefaultCreditSpecificationInput, optFns ...func(*Options)) (*GetDefaultCreditSpecificationOutput, error)
	// Describes the default KMS key for EBS encryption by default for your account in
	// this Region. You can change the default KMS key for encryption by default using
	// ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. For more information, see
	// Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	GetEbsDefaultKmsKeyId(ctx context.Context, params *GetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*GetEbsDefaultKmsKeyIdOutput, error)
	// Describes whether EBS encryption by default is enabled for your account in the
	// current Region. For more information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	GetEbsEncryptionByDefault(ctx context.Context, params *GetEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*GetEbsEncryptionByDefaultOutput, error)
	// Generates a CloudFormation template that streamlines and automates the
	// integration of VPC flow logs with Amazon Athena. This make it easier for you to
	// query and gain insights from VPC flow logs data. Based on the information that
	// you provide, we configure resources in the template to do the following:
	//
	// *
	// Create a table in Athena that maps fields to a custom log format
	//
	// * Create a
	// Lambda function that updates the table with new partitions on a daily, weekly,
	// or monthly basis
	//
	// * Create a table partitioned between two timestamps in the
	// past
	//
	// * Create a set of named queries in Athena that you can use to get started
	// quickly
	GetFlowLogsIntegrationTemplate(ctx context.Context, params *GetFlowLogsIntegrationTemplateInput, optFns ...func(*Options)) (*GetFlowLogsIntegrationTemplateOutput, error)
	// Lists the resource groups to which a Capacity Reservation has been added.
	GetGroupsForCapacityReservation(ctx context.Context, params *GetGroupsForCapacityReservationInput, optFns ...func(*Options)) (*GetGroupsForCapacityReservationOutput, error)
	// Preview a reservation purchase with configurations that match those of your
	// Dedicated Host. You must have active Dedicated Hosts in your account before you
	// purchase a reservation. This is a preview of the PurchaseHostReservation action
	// and does not result in the offering being purchased.
	GetHostReservationPurchasePreview(ctx context.Context, params *GetHostReservationPurchasePreviewInput, optFns ...func(*Options)) (*GetHostReservationPurchasePreviewOutput, error)
	// Returns a list of instance types with the specified instance attributes. You can
	// use the response to preview the instance types without launching instances. Note
	// that the response does not consider capacity. When you specify multiple
	// parameters, you get instance types that satisfy all of the specified parameters.
	// If you specify multiple values for a parameter, you get instance types that
	// satisfy any of the specified values. For more information, see Preview instance
	// types with specified attributes
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html#spotfleet-get-instance-types-from-instance-requirements),
	// Attribute-based instance type selection for EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html),
	// Attribute-based instance type selection for Spot Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html),
	// and Spot placement score
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html)
	// in the Amazon EC2 User Guide, and Creating an Auto Scaling group using
	// attribute-based instance type selection
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-instance-type-requirements.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	GetInstanceTypesFromInstanceRequirements(ctx context.Context, params *GetInstanceTypesFromInstanceRequirementsInput, optFns ...func(*Options)) (*GetInstanceTypesFromInstanceRequirementsOutput, error)
	// Retrieve historical information about a CIDR within an IPAM scope. For more
	// information, see View the history of IP addresses in the Amazon VPC IPAM User
	// Guide.
	GetIpamAddressHistory(ctx context.Context, params *GetIpamAddressHistoryInput, optFns ...func(*Options)) (*GetIpamAddressHistoryOutput, error)
	// Get a list of all the CIDR allocations in an IPAM pool.
	GetIpamPoolAllocations(ctx context.Context, params *GetIpamPoolAllocationsInput, optFns ...func(*Options)) (*GetIpamPoolAllocationsOutput, error)
	// Get the CIDRs provisioned to an IPAM pool.
	GetIpamPoolCidrs(ctx context.Context, params *GetIpamPoolCidrsInput, optFns ...func(*Options)) (*GetIpamPoolCidrsOutput, error)
	// Get information about the resources in a scope.
	GetIpamResourceCidrs(ctx context.Context, params *GetIpamResourceCidrsInput, optFns ...func(*Options)) (*GetIpamResourceCidrsOutput, error)
	// Retrieves the configuration data of the specified instance. You can use this
	// data to create a launch template. This action calls on other describe actions to
	// get instance information. Depending on your instance configuration, you may need
	// to allow the following actions in your IAM policy: DescribeSpotInstanceRequests,
	// DescribeInstanceCreditSpecifications, DescribeVolumes,
	// DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe*
	// depending on your instance requirements.
	GetLaunchTemplateData(ctx context.Context, params *GetLaunchTemplateDataInput, optFns ...func(*Options)) (*GetLaunchTemplateDataOutput, error)
	// Gets information about the resources that are associated with the specified
	// managed prefix list.
	GetManagedPrefixListAssociations(ctx context.Context, params *GetManagedPrefixListAssociationsInput, optFns ...func(*Options)) (*GetManagedPrefixListAssociationsOutput, error)
	// Gets information about the entries for a specified managed prefix list.
	GetManagedPrefixListEntries(ctx context.Context, params *GetManagedPrefixListEntriesInput, optFns ...func(*Options)) (*GetManagedPrefixListEntriesOutput, error)
	// Gets the findings for the specified Network Access Scope analysis.
	GetNetworkInsightsAccessScopeAnalysisFindings(ctx context.Context, params *GetNetworkInsightsAccessScopeAnalysisFindingsInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, error)
	// Gets the content for the specified Network Access Scope.
	GetNetworkInsightsAccessScopeContent(ctx context.Context, params *GetNetworkInsightsAccessScopeContentInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeContentOutput, error)
	// Retrieves the encrypted administrator password for a running Windows instance.
	// The Windows password is generated at boot by the EC2Config service or EC2Launch
	// scripts (Windows Server 2016 and later). This usually only happens the first
	// time an instance is launched. For more information, see EC2Config
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_WinAMI.html)
	// and EC2Launch
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html) in the
	// Amazon EC2 User Guide. For the EC2Config service, the password is not generated
	// for rebundled AMIs unless Ec2SetPassword is enabled before bundling. The
	// password is encrypted using the key pair that you specified when you launched
	// the instance. You must provide the corresponding key pair file. When you launch
	// an instance, password generation and encryption may take a few minutes. If you
	// try to retrieve the password before it's available, the output returns an empty
	// string. We recommend that you wait up to 15 minutes after launching an instance
	// before trying to retrieve the generated password.
	GetPasswordData(ctx context.Context, params *GetPasswordDataInput, optFns ...func(*Options)) (*GetPasswordDataOutput, error)
	// Returns a quote and exchange information for exchanging one or more specified
	// Convertible Reserved Instances for a new Convertible Reserved Instance. If the
	// exchange cannot be performed, the reason is returned in the response. Use
	// AcceptReservedInstancesExchangeQuote to perform the exchange.
	GetReservedInstancesExchangeQuote(ctx context.Context, params *GetReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*GetReservedInstancesExchangeQuoteOutput, error)
	// Retrieves the access status of your account to the EC2 serial console of all
	// instances. By default, access to the EC2 serial console is disabled for your
	// account. For more information, see Manage account access to the EC2 serial
	// console
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
	// in the Amazon EC2 User Guide.
	GetSerialConsoleAccessStatus(ctx context.Context, params *GetSerialConsoleAccessStatusInput, optFns ...func(*Options)) (*GetSerialConsoleAccessStatusOutput, error)
	// Calculates the Spot placement score for a Region or Availability Zone based on
	// the specified target capacity and compute requirements. You can specify your
	// compute requirements either by using InstanceRequirementsWithMetadata and
	// letting Amazon EC2 choose the optimal instance types to fulfill your Spot
	// request, or you can specify the instance types by using InstanceTypes. For more
	// information, see Spot placement score
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html)
	// in the Amazon EC2 User Guide.
	GetSpotPlacementScores(ctx context.Context, params *GetSpotPlacementScoresInput, optFns ...func(*Options)) (*GetSpotPlacementScoresOutput, error)
	// Gets information about the subnet CIDR reservations.
	GetSubnetCidrReservations(ctx context.Context, params *GetSubnetCidrReservationsInput, optFns ...func(*Options)) (*GetSubnetCidrReservationsOutput, error)
	// Lists the route tables to which the specified resource attachment propagates
	// routes.
	GetTransitGatewayAttachmentPropagations(ctx context.Context, params *GetTransitGatewayAttachmentPropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayAttachmentPropagationsOutput, error)
	// Gets information about the associations for the transit gateway multicast
	// domain.
	GetTransitGatewayMulticastDomainAssociations(ctx context.Context, params *GetTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayMulticastDomainAssociationsOutput, error)
	// Gets information about the prefix list references in a specified transit gateway
	// route table.
	GetTransitGatewayPrefixListReferences(ctx context.Context, params *GetTransitGatewayPrefixListReferencesInput, optFns ...func(*Options)) (*GetTransitGatewayPrefixListReferencesOutput, error)
	// Gets information about the associations for the specified transit gateway route
	// table.
	GetTransitGatewayRouteTableAssociations(ctx context.Context, params *GetTransitGatewayRouteTableAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTableAssociationsOutput, error)
	// Gets information about the route table propagations for the specified transit
	// gateway route table.
	GetTransitGatewayRouteTablePropagations(ctx context.Context, params *GetTransitGatewayRouteTablePropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTablePropagationsOutput, error)
	// Download an Amazon Web Services-provided sample configuration file to be used
	// with the customer gateway device specified for your Site-to-Site VPN connection.
	GetVpnConnectionDeviceSampleConfiguration(ctx context.Context, params *GetVpnConnectionDeviceSampleConfigurationInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceSampleConfigurationOutput, error)
	// Obtain a list of customer gateway devices for which sample configuration files
	// can be provided. The request has no additional parameters. You can also see the
	// list of device types with sample configuration files available under Your
	// customer gateway device
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	GetVpnConnectionDeviceTypes(ctx context.Context, params *GetVpnConnectionDeviceTypesInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceTypesOutput, error)
	// Uploads a client certificate revocation list to the specified Client VPN
	// endpoint. Uploading a client certificate revocation list overwrites the existing
	// client certificate revocation list. Uploading a client certificate revocation
	// list resets existing client connections.
	ImportClientVpnClientCertificateRevocationList(ctx context.Context, params *ImportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ImportClientVpnClientCertificateRevocationListOutput, error)
	// Import single or multi-volume disk images or EBS snapshots into an Amazon
	// Machine Image (AMI). For more information, see Importing a VM as an image using
	// VM Import/Export
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html)
	// in the VM Import/Export User Guide.
	ImportImage(ctx context.Context, params *ImportImageInput, optFns ...func(*Options)) (*ImportImageOutput, error)
	// Creates an import instance task using metadata from the specified disk image.
	// This API action supports only single-volume VMs. To import multi-volume VMs, use
	// ImportImage instead. This API action is not supported by the Command Line
	// Interface (CLI). For information about using the Amazon EC2 CLI, which is
	// deprecated, see Importing a VM to Amazon EC2
	// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2)
	// in the Amazon EC2 CLI Reference PDF file. For information about the import
	// manifest referenced by this API action, see VM Import Manifest
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
	ImportInstance(ctx context.Context, params *ImportInstanceInput, optFns ...func(*Options)) (*ImportInstanceOutput, error)
	// Imports the public key from an RSA or ED25519 key pair that you created with a
	// third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services
	// creates the key pair and gives the keys to you (Amazon Web Services keeps a copy
	// of the public key). With ImportKeyPair, you create the key pair and give Amazon
	// Web Services just the public key. The private key is never transferred between
	// you and Amazon Web Services. For more information about key pairs, see Amazon
	// EC2 key pairs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	ImportKeyPair(ctx context.Context, params *ImportKeyPairInput, optFns ...func(*Options)) (*ImportKeyPairOutput, error)
	// Imports a disk into an EBS snapshot. For more information, see Importing a disk
	// as a snapshot using VM Import/Export
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-import-snapshot.html)
	// in the VM Import/Export User Guide.
	ImportSnapshot(ctx context.Context, params *ImportSnapshotInput, optFns ...func(*Options)) (*ImportSnapshotOutput, error)
	// Creates an import volume task using metadata from the specified disk image. This
	// API action supports only single-volume VMs. To import multi-volume VMs, use
	// ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.
	// This API action is not supported by the Command Line Interface (CLI). For
	// information about using the Amazon EC2 CLI, which is deprecated, see Importing
	// Disks to Amazon EBS
	// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#importing-your-volumes-into-amazon-ebs)
	// in the Amazon EC2 CLI Reference PDF file. For information about the import
	// manifest referenced by this API action, see VM Import Manifest
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
	ImportVolume(ctx context.Context, params *ImportVolumeInput, optFns ...func(*Options)) (*ImportVolumeOutput, error)
	// Lists one or more AMIs that are currently in the Recycle Bin. For more
	// information, see Recycle Bin
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	ListImagesInRecycleBin(ctx context.Context, params *ListImagesInRecycleBinInput, optFns ...func(*Options)) (*ListImagesInRecycleBinOutput, error)
	// Lists one or more snapshots that are currently in the Recycle Bin.
	ListSnapshotsInRecycleBin(ctx context.Context, params *ListSnapshotsInRecycleBinInput, optFns ...func(*Options)) (*ListSnapshotsInRecycleBinOutput, error)
	// Modifies an attribute of the specified Elastic IP address. For requirements, see
	// Using reverse DNS for email applications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
	ModifyAddressAttribute(ctx context.Context, params *ModifyAddressAttributeInput, optFns ...func(*Options)) (*ModifyAddressAttributeOutput, error)
	// Changes the opt-in status of the Local Zone and Wavelength Zone group for your
	// account. Use  DescribeAvailabilityZones
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html)
	// to view the value for GroupName.
	ModifyAvailabilityZoneGroup(ctx context.Context, params *ModifyAvailabilityZoneGroupInput, optFns ...func(*Options)) (*ModifyAvailabilityZoneGroupOutput, error)
	// Modifies a Capacity Reservation's capacity and the conditions under which it is
	// to be released. You cannot change a Capacity Reservation's instance type, EBS
	// optimization, instance store settings, platform, Availability Zone, or instance
	// eligibility. If you need to modify any of these attributes, we recommend that
	// you cancel the Capacity Reservation, and then create a new one with the required
	// attributes.
	ModifyCapacityReservation(ctx context.Context, params *ModifyCapacityReservationInput, optFns ...func(*Options)) (*ModifyCapacityReservationOutput, error)
	// Modifies a Capacity Reservation Fleet. When you modify the total target capacity
	// of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity
	// Reservations, or modifies or cancels existing Capacity Reservations in the Fleet
	// to meet the new total target capacity. When you modify the end date for the
	// Fleet, the end dates for all of the individual Capacity Reservations in the
	// Fleet are updated accordingly.
	ModifyCapacityReservationFleet(ctx context.Context, params *ModifyCapacityReservationFleetInput, optFns ...func(*Options)) (*ModifyCapacityReservationFleetOutput, error)
	// Modifies the specified Client VPN endpoint. Modifying the DNS server resets
	// existing client connections.
	ModifyClientVpnEndpoint(ctx context.Context, params *ModifyClientVpnEndpointInput, optFns ...func(*Options)) (*ModifyClientVpnEndpointOutput, error)
	// Modifies the default credit option for CPU usage of burstable performance
	// instances. The default credit option is set at the account level per Amazon Web
	// Services Region, and is specified per instance family. All new burstable
	// performance instances in the account launch using the default credit option.
	// ModifyDefaultCreditSpecification is an asynchronous operation, which works at an
	// Amazon Web Services Region level and modifies the credit option for each
	// Availability Zone. All zones in a Region are updated within five minutes. But if
	// instances are launched during this operation, they might not get the new credit
	// option until the zone is updated. To verify whether the update has occurred, you
	// can call GetDefaultCreditSpecification and check DefaultCreditSpecification for
	// updates. For more information, see Burstable performance instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
	// in the Amazon EC2 User Guide.
	ModifyDefaultCreditSpecification(ctx context.Context, params *ModifyDefaultCreditSpecificationInput, optFns ...func(*Options)) (*ModifyDefaultCreditSpecificationOutput, error)
	// Changes the default KMS key for EBS encryption by default for your account in
	// this Region. Amazon Web Services creates a unique Amazon Web Services managed
	// KMS key in each Region for use with encryption by default. If you change the
	// default KMS key to a symmetric customer managed KMS key, it is used instead of
	// the Amazon Web Services managed KMS key. To reset the default KMS key to the
	// Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon
	// EBS does not support asymmetric KMS keys. If you delete or disable the customer
	// managed KMS key that you specified for use with encryption by default, your
	// instances will fail to launch. For more information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	ModifyEbsDefaultKmsKeyId(ctx context.Context, params *ModifyEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ModifyEbsDefaultKmsKeyIdOutput, error)
	// Modifies the specified EC2 Fleet. You can only modify an EC2 Fleet request of
	// type maintain. While the EC2 Fleet is being modified, it is in the modifying
	// state. To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet
	// launches the additional Spot Instances according to the allocation strategy for
	// the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet
	// launches instances using the Spot Instance pool with the lowest price. If the
	// allocation strategy is diversified, the EC2 Fleet distributes the instances
	// across the Spot Instance pools. If the allocation strategy is
	// capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with
	// optimal capacity for the number of instances that are launching. To scale down
	// your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any
	// open requests that exceed the new target capacity. You can request that the EC2
	// Fleet terminate Spot Instances until the size of the fleet no longer exceeds the
	// new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet
	// terminates the instances with the highest price per unit. If the allocation
	// strategy is capacity-optimized, the EC2 Fleet terminates the instances in the
	// Spot Instance pools that have the least available Spot Instance capacity. If the
	// allocation strategy is diversified, the EC2 Fleet terminates instances across
	// the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep
	// the fleet at its current size, but not replace any Spot Instances that are
	// interrupted or that you terminate manually. If you are finished with your EC2
	// Fleet for now, but will use it again later, you can set the target capacity to
	// 0.
	ModifyFleet(ctx context.Context, params *ModifyFleetInput, optFns ...func(*Options)) (*ModifyFleetOutput, error)
	// Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
	ModifyFpgaImageAttribute(ctx context.Context, params *ModifyFpgaImageAttributeInput, optFns ...func(*Options)) (*ModifyFpgaImageAttributeOutput, error)
	// Modify the auto-placement setting of a Dedicated Host. When auto-placement is
	// enabled, any instances that you launch with a tenancy of host but without a
	// specific host ID are placed onto any available Dedicated Host in your account
	// that has auto-placement enabled. When auto-placement is disabled, you need to
	// provide a host ID to have the instance launch onto a specific host. If no host
	// ID is provided, the instance is launched onto a suitable host with
	// auto-placement enabled. You can also use this API action to modify a Dedicated
	// Host to support either multiple instance types in an instance family, or to
	// support a specific instance type only.
	ModifyHosts(ctx context.Context, params *ModifyHostsInput, optFns ...func(*Options)) (*ModifyHostsOutput, error)
	// Modifies the ID format for the specified resource on a per-Region basis. You can
	// specify that resources should receive longer IDs (17-character IDs) when they
	// are created. This request can only be used to modify longer ID settings for
	// resource types that are within the opt-in period. Resources currently in their
	// opt-in period include: bundle | conversion-task | customer-gateway |
	// dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task |
	// flow-log | image | import-task | internet-gateway | network-acl |
	// network-acl-association | network-interface | network-interface-attachment |
	// prefix-list | route-table | route-table-association | security-group | subnet |
	// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
	// | vpc-peering-connection | vpn-connection | vpn-gateway. This setting applies to
	// the IAM user who makes the request; it does not apply to the entire Amazon Web
	// Services account. By default, an IAM user defaults to the same settings as the
	// root user. If you're using this action as the root user, then these settings
	// apply to the entire account, unless an IAM user explicitly overrides these
	// settings for themselves. For more information, see Resource IDs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
	// Amazon Elastic Compute Cloud User Guide. Resources created with longer IDs are
	// visible to all IAM roles and users, regardless of these settings and provided
	// that they have permission to use the relevant Describe command for the resource
	// type.
	ModifyIdFormat(ctx context.Context, params *ModifyIdFormatInput, optFns ...func(*Options)) (*ModifyIdFormatOutput, error)
	// Modifies the ID format of a resource for a specified IAM user, IAM role, or the
	// root user for an account; or all IAM users, IAM roles, and the root user for an
	// account. You can specify that resources should receive longer IDs (17-character
	// IDs) when they are created. This request can only be used to modify longer ID
	// settings for resource types that are within the opt-in period. Resources
	// currently in their opt-in period include: bundle | conversion-task |
	// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
	// | export-task | flow-log | image | import-task | internet-gateway | network-acl
	// | network-acl-association | network-interface | network-interface-attachment |
	// prefix-list | route-table | route-table-association | security-group | subnet |
	// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
	// | vpc-peering-connection | vpn-connection | vpn-gateway. For more information,
	// see Resource IDs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
	// Amazon Elastic Compute Cloud User Guide. This setting applies to the principal
	// specified in the request; it does not apply to the principal that makes the
	// request. Resources created with longer IDs are visible to all IAM roles and
	// users, regardless of these settings and provided that they have permission to
	// use the relevant Describe command for the resource type.
	ModifyIdentityIdFormat(ctx context.Context, params *ModifyIdentityIdFormatInput, optFns ...func(*Options)) (*ModifyIdentityIdFormatOutput, error)
	// Modifies the specified attribute of the specified AMI. You can specify only one
	// attribute at a time. You can use the Attribute parameter to specify the
	// attribute or one of the following parameters: Description or LaunchPermission.
	// Images with an Amazon Web Services Marketplace product code cannot be made
	// public. To enable the SriovNetSupport enhanced networking attribute of an image,
	// enable SriovNetSupport on an instance and create an AMI from the instance.
	ModifyImageAttribute(ctx context.Context, params *ModifyImageAttributeInput, optFns ...func(*Options)) (*ModifyImageAttributeOutput, error)
	// Modifies the specified attribute of the specified instance. You can specify only
	// one attribute at a time. Note: Using this action to change the security groups
	// associated with an elastic network interface (ENI) attached to an instance in a
	// VPC can result in an error if the instance has more than one ENI. To change the
	// security groups associated with an ENI attached to an instance that has multiple
	// ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action. To
	// modify some attributes, the instance must be stopped. For more information, see
	// Modify a stopped instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html)
	// in the Amazon EC2 User Guide.
	ModifyInstanceAttribute(ctx context.Context, params *ModifyInstanceAttributeInput, optFns ...func(*Options)) (*ModifyInstanceAttributeOutput, error)
	// Modifies the Capacity Reservation settings for a stopped instance. Use this
	// action to configure an instance to target a specific Capacity Reservation, run
	// in any open Capacity Reservation with matching attributes, or run On-Demand
	// Instance capacity.
	ModifyInstanceCapacityReservationAttributes(ctx context.Context, params *ModifyInstanceCapacityReservationAttributesInput, optFns ...func(*Options)) (*ModifyInstanceCapacityReservationAttributesOutput, error)
	// Modifies the credit option for CPU usage on a running or stopped burstable
	// performance instance. The credit options are standard and unlimited. For more
	// information, see Burstable performance instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
	// in the Amazon EC2 User Guide.
	ModifyInstanceCreditSpecification(ctx context.Context, params *ModifyInstanceCreditSpecificationInput, optFns ...func(*Options)) (*ModifyInstanceCreditSpecificationOutput, error)
	// Modifies the start time for a scheduled Amazon EC2 instance event.
	ModifyInstanceEventStartTime(ctx context.Context, params *ModifyInstanceEventStartTimeInput, optFns ...func(*Options)) (*ModifyInstanceEventStartTimeOutput, error)
	// Modifies the specified event window. You can define either a set of time ranges
	// or a cron expression when modifying the event window, but not both. To modify
	// the targets associated with the event window, use the
	// AssociateInstanceEventWindow and DisassociateInstanceEventWindow API. If Amazon
	// Web Services has already scheduled an event, modifying an event window won't
	// change the time of the scheduled event. For more information, see Define event
	// windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	ModifyInstanceEventWindow(ctx context.Context, params *ModifyInstanceEventWindowInput, optFns ...func(*Options)) (*ModifyInstanceEventWindowOutput, error)
	// Modifies the recovery behavior of your instance to disable simplified automatic
	// recovery or set the recovery behavior to default. The default configuration will
	// not enable simplified automatic recovery for an unsupported instance type. For
	// more information, see Simplified automatic recovery
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery).
	ModifyInstanceMaintenanceOptions(ctx context.Context, params *ModifyInstanceMaintenanceOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMaintenanceOptionsOutput, error)
	// Modify the instance metadata parameters on a running or stopped instance. When
	// you modify the parameters on a stopped instance, they are applied when the
	// instance is started. When you modify the parameters on a running instance, the
	// API responds with a state of “pending”. After the parameter modifications are
	// successfully applied to the instance, the state of the modifications changes
	// from “pending” to “applied” in subsequent describe-instances API calls. For more
	// information, see Instance metadata and user data
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
	// in the Amazon EC2 User Guide.
	ModifyInstanceMetadataOptions(ctx context.Context, params *ModifyInstanceMetadataOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMetadataOptionsOutput, error)
	// Modifies the placement attributes for a specified instance. You can do the
	// following:
	//
	// * Modify the affinity between an instance and a Dedicated Host
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html).
	// When affinity is set to host and the instance is not associated with a specific
	// Dedicated Host, the next time the instance is launched, it is automatically
	// associated with the host on which it lands. If the instance is restarted or
	// rebooted, this relationship persists.
	//
	// * Change the Dedicated Host with which an
	// instance is associated.
	//
	// * Change the instance tenancy of an instance.
	//
	// * Move
	// an instance to or from a placement group
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html).
	//
	// At
	// least one attribute for affinity, host ID, tenancy, or placement group name must
	// be specified in the request. Affinity and tenancy can be modified in the same
	// request. To modify the host ID, tenancy, placement group, or partition for an
	// instance, the instance must be in the stopped state.
	ModifyInstancePlacement(ctx context.Context, params *ModifyInstancePlacementInput, optFns ...func(*Options)) (*ModifyInstancePlacementOutput, error)
	// Modify the configurations of an IPAM.
	ModifyIpam(ctx context.Context, params *ModifyIpamInput, optFns ...func(*Options)) (*ModifyIpamOutput, error)
	// Modify the configurations of an IPAM pool. For more information, see Modify a
	// pool in the Amazon VPC IPAM User Guide.
	ModifyIpamPool(ctx context.Context, params *ModifyIpamPoolInput, optFns ...func(*Options)) (*ModifyIpamPoolOutput, error)
	// Modify a resource CIDR. You can use this action to transfer resource CIDRs
	// between scopes and ignore resource CIDRs that you do not want to manage. If set
	// to false, the resource will not be tracked for overlap, it cannot be
	// auto-imported into a pool, and it will be removed from any pool it has an
	// allocation in. For more information, see Move resource CIDRs between scopes and
	// Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.
	ModifyIpamResourceCidr(ctx context.Context, params *ModifyIpamResourceCidrInput, optFns ...func(*Options)) (*ModifyIpamResourceCidrOutput, error)
	// Modify an IPAM scope.
	ModifyIpamScope(ctx context.Context, params *ModifyIpamScopeInput, optFns ...func(*Options)) (*ModifyIpamScopeOutput, error)
	// Modifies a launch template. You can specify which version of the launch template
	// to set as the default version. When launching an instance, the default version
	// applies when a launch template version is not specified.
	ModifyLaunchTemplate(ctx context.Context, params *ModifyLaunchTemplateInput, optFns ...func(*Options)) (*ModifyLaunchTemplateOutput, error)
	// Modifies the specified managed prefix list. Adding or removing entries in a
	// prefix list creates a new version of the prefix list. Changing the name of the
	// prefix list does not affect the version. If you specify a current version number
	// that does not match the true current version number, the request fails.
	ModifyManagedPrefixList(ctx context.Context, params *ModifyManagedPrefixListInput, optFns ...func(*Options)) (*ModifyManagedPrefixListOutput, error)
	// Modifies the specified network interface attribute. You can specify only one
	// attribute at a time. You can use this action to attach and detach security
	// groups from an existing EC2 instance.
	ModifyNetworkInterfaceAttribute(ctx context.Context, params *ModifyNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ModifyNetworkInterfaceAttributeOutput, error)
	// Modifies the options for instance hostnames for the specified instance.
	ModifyPrivateDnsNameOptions(ctx context.Context, params *ModifyPrivateDnsNameOptionsInput, optFns ...func(*Options)) (*ModifyPrivateDnsNameOptionsOutput, error)
	// Modifies the Availability Zone, instance count, instance type, or network
	// platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved
	// Instances to be modified must be identical, except for Availability Zone,
	// network platform, and instance type. For more information, see Modifying
	// Reserved Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the
	// Amazon EC2 User Guide.
	ModifyReservedInstances(ctx context.Context, params *ModifyReservedInstancesInput, optFns ...func(*Options)) (*ModifyReservedInstancesOutput, error)
	// Modifies the rules of a security group.
	ModifySecurityGroupRules(ctx context.Context, params *ModifySecurityGroupRulesInput, optFns ...func(*Options)) (*ModifySecurityGroupRulesOutput, error)
	// Adds or removes permission settings for the specified snapshot. You may add or
	// remove specified Amazon Web Services account IDs from a snapshot's list of
	// create volume permissions, but you cannot do both in a single operation. If you
	// need to both add and remove account IDs for a snapshot, you must use multiple
	// operations. You can make up to 500 modifications to a snapshot in a single
	// operation. Encrypted snapshots and snapshots with Amazon Web Services
	// Marketplace product codes cannot be made public. Snapshots encrypted with your
	// default KMS key cannot be shared with other accounts. For more information about
	// modifying snapshot permissions, see Share a snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	ModifySnapshotAttribute(ctx context.Context, params *ModifySnapshotAttributeInput, optFns ...func(*Options)) (*ModifySnapshotAttributeOutput, error)
	// Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to
	// a full snapshot that includes all of the blocks of data that were written to the
	// volume at the time the snapshot was created, and moved from the standard tier to
	// the archive tier. For more information, see Archive Amazon EBS snapshots
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-archive.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	ModifySnapshotTier(ctx context.Context, params *ModifySnapshotTierInput, optFns ...func(*Options)) (*ModifySnapshotTierOutput, error)
	// Modifies the specified Spot Fleet request. You can only modify a Spot Fleet
	// request of type maintain. While the Spot Fleet request is being modified, it is
	// in the modifying state. To scale up your Spot Fleet, increase its target
	// capacity. The Spot Fleet launches the additional Spot Instances according to the
	// allocation strategy for the Spot Fleet request. If the allocation strategy is
	// lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with
	// the lowest price. If the allocation strategy is diversified, the Spot Fleet
	// distributes the instances across the Spot Instance pools. If the allocation
	// strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance
	// pools with optimal capacity for the number of instances that are launching. To
	// scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet
	// cancels any open requests that exceed the new target capacity. You can request
	// that the Spot Fleet terminate Spot Instances until the size of the fleet no
	// longer exceeds the new target capacity. If the allocation strategy is
	// lowestPrice, the Spot Fleet terminates the instances with the highest price per
	// unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates
	// the instances in the Spot Instance pools that have the least available Spot
	// Instance capacity. If the allocation strategy is diversified, the Spot Fleet
	// terminates instances across the Spot Instance pools. Alternatively, you can
	// request that the Spot Fleet keep the fleet at its current size, but not replace
	// any Spot Instances that are interrupted or that you terminate manually. If you
	// are finished with your Spot Fleet for now, but will use it again later, you can
	// set the target capacity to 0.
	ModifySpotFleetRequest(ctx context.Context, params *ModifySpotFleetRequestInput, optFns ...func(*Options)) (*ModifySpotFleetRequestOutput, error)
	// Modifies a subnet attribute. You can only modify one attribute at a time. Use
	// this action to modify subnets on Amazon Web Services Outposts.
	//
	// * To modify a
	// subnet on an Outpost rack, set both MapCustomerOwnedIpOnLaunch and
	// CustomerOwnedIpv4Pool. These two parameters act as a single attribute.
	//
	// * To
	// modify a subnet on an Outpost server, set either EnableLniAtDeviceIndex or
	// DisableLniAtDeviceIndex.
	//
	// For more information about Amazon Web Services
	// Outposts, see the following:
	//
	// * Outpost servers
	// (https://docs.aws.amazon.com/outposts/latest/userguide/how-servers-work.html)
	//
	// *
	// Outpost racks
	// (https://docs.aws.amazon.com/outposts/latest/userguide/how-racks-work.html)
	ModifySubnetAttribute(ctx context.Context, params *ModifySubnetAttributeInput, optFns ...func(*Options)) (*ModifySubnetAttributeOutput, error)
	// Allows or restricts mirroring network services. By default, Amazon DNS network
	// services are not eligible for Traffic Mirror. Use AddNetworkServices to add
	// network services to a Traffic Mirror filter. When a network service is added to
	// the Traffic Mirror filter, all traffic related to that network service will be
	// mirrored. When you no longer want to mirror network services, use
	// RemoveNetworkServices to remove the network services from the Traffic Mirror
	// filter.
	ModifyTrafficMirrorFilterNetworkServices(ctx context.Context, params *ModifyTrafficMirrorFilterNetworkServicesInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterNetworkServicesOutput, error)
	// Modifies the specified Traffic Mirror rule. DestinationCidrBlock and
	// SourceCidrBlock must both be an IPv4 range or an IPv6 range.
	ModifyTrafficMirrorFilterRule(ctx context.Context, params *ModifyTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterRuleOutput, error)
	// Modifies a Traffic Mirror session.
	ModifyTrafficMirrorSession(ctx context.Context, params *ModifyTrafficMirrorSessionInput, optFns ...func(*Options)) (*ModifyTrafficMirrorSessionOutput, error)
	// Modifies the specified transit gateway. When you modify a transit gateway, the
	// modified options are applied to new transit gateway attachments only. Your
	// existing transit gateway attachments are not modified.
	ModifyTransitGateway(ctx context.Context, params *ModifyTransitGatewayInput, optFns ...func(*Options)) (*ModifyTransitGatewayOutput, error)
	// Modifies a reference (route) to a prefix list in a specified transit gateway
	// route table.
	ModifyTransitGatewayPrefixListReference(ctx context.Context, params *ModifyTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*ModifyTransitGatewayPrefixListReferenceOutput, error)
	// Modifies the specified VPC attachment.
	ModifyTransitGatewayVpcAttachment(ctx context.Context, params *ModifyTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ModifyTransitGatewayVpcAttachmentOutput, error)
	// You can modify several parameters of an existing EBS volume, including volume
	// size, volume type, and IOPS capacity. If your EBS volume is attached to a
	// current-generation EC2 instance type, you might be able to apply these changes
	// without stopping the instance or detaching the volume from it. For more
	// information about modifying EBS volumes, see Amazon EBS Elastic Volumes
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modify-volume.html)
	// (Linux instances) or Amazon EBS Elastic Volumes
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-modify-volume.html)
	// (Windows instances). When you complete a resize operation on your volume, you
	// need to extend the volume's file-system size to take advantage of the new
	// storage capacity. For more information, see Extend a Linux file system
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#recognize-expanded-volume-linux)
	// or Extend a Windows file system
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-expand-volume.html#recognize-expanded-volume-windows).
	// You can use CloudWatch Events to check the status of a modification to an EBS
	// volume. For information about CloudWatch Events, see the Amazon CloudWatch
	// Events User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/).
	// You can also track the status of a modification using
	// DescribeVolumesModifications. For information about tracking status changes
	// using either method, see Monitor the progress of volume modifications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html).
	// With previous-generation instance types, resizing an EBS volume might require
	// detaching and reattaching the volume or stopping and restarting the instance. If
	// you reach the maximum volume modification rate per volume limit, you must wait
	// at least six hours before applying further modifications to the affected EBS
	// volume.
	ModifyVolume(ctx context.Context, params *ModifyVolumeInput, optFns ...func(*Options)) (*ModifyVolumeOutput, error)
	// Modifies a volume attribute. By default, all I/O operations for the volume are
	// suspended when the data on the volume is determined to be potentially
	// inconsistent, to prevent undetectable, latent data corruption. The I/O access to
	// the volume can be resumed by first enabling I/O access and then checking the
	// data consistency on your volume. You can change the default behavior to resume
	// I/O operations. We recommend that you change this only for boot volumes or for
	// volumes that are stateless or disposable.
	ModifyVolumeAttribute(ctx context.Context, params *ModifyVolumeAttributeInput, optFns ...func(*Options)) (*ModifyVolumeAttributeOutput, error)
	// Modifies the specified attribute of the specified VPC.
	ModifyVpcAttribute(ctx context.Context, params *ModifyVpcAttributeInput, optFns ...func(*Options)) (*ModifyVpcAttributeOutput, error)
	// Modifies attributes of a specified VPC endpoint. The attributes that you can
	// modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load
	// Balancer). For more information, see VPC Endpoints
	// (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the
	// Amazon Virtual Private Cloud User Guide.
	ModifyVpcEndpoint(ctx context.Context, params *ModifyVpcEndpointInput, optFns ...func(*Options)) (*ModifyVpcEndpointOutput, error)
	// Modifies a connection notification for VPC endpoint or VPC endpoint service. You
	// can change the SNS topic for the notification, or the events for which to be
	// notified.
	ModifyVpcEndpointConnectionNotification(ctx context.Context, params *ModifyVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*ModifyVpcEndpointConnectionNotificationOutput, error)
	// Modifies the attributes of your VPC endpoint service configuration. You can
	// change the Network Load Balancers or Gateway Load Balancers for your service,
	// and you can specify whether acceptance is required for requests to connect to
	// your endpoint service through an interface VPC endpoint. If you set or modify
	// the private DNS name, you must prove that you own the private DNS domain name.
	// For more information, see VPC Endpoint Service Private DNS Name Verification
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html)
	// in the Amazon Virtual Private Cloud User Guide.
	ModifyVpcEndpointServiceConfiguration(ctx context.Context, params *ModifyVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*ModifyVpcEndpointServiceConfigurationOutput, error)
	// Modifies the payer responsibility for your VPC endpoint service.
	ModifyVpcEndpointServicePayerResponsibility(ctx context.Context, params *ModifyVpcEndpointServicePayerResponsibilityInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePayerResponsibilityOutput, error)
	// Modifies the permissions for your VPC endpoint service
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html). You
	// can add or remove permissions for service consumers (IAM users, IAM roles, and
	// Amazon Web Services accounts) to connect to your endpoint service. If you grant
	// permissions to all principals, the service is public. Any users who know the
	// name of a public service can send a request to attach an endpoint. If the
	// service does not require manual approval, attachments are automatically
	// approved.
	ModifyVpcEndpointServicePermissions(ctx context.Context, params *ModifyVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePermissionsOutput, error)
	// Modifies the VPC peering connection options on one side of a VPC peering
	// connection. You can do the following:
	//
	// * Enable/disable communication over the
	// peering connection between an EC2-Classic instance that's linked to your VPC
	// (using ClassicLink) and instances in the peer VPC.
	//
	// * Enable/disable
	// communication over the peering connection between instances in your VPC and an
	// EC2-Classic instance that's linked to the peer VPC.
	//
	// * Enable/disable the
	// ability to resolve public DNS hostnames to private IP addresses when queried
	// from instances in the peer VPC.
	//
	// If the peered VPCs are in the same Amazon Web
	// Services account, you can enable DNS resolution for queries from the local VPC.
	// This ensures that queries from the local VPC resolve to private IP addresses in
	// the peer VPC. This option is not available if the peered VPCs are in different
	// different Amazon Web Services accounts or different Regions. For peered VPCs in
	// different Amazon Web Services accounts, each Amazon Web Services account owner
	// must initiate a separate request to modify the peering connection options. For
	// inter-region peering connections, you must use the Region for the requester VPC
	// to modify the requester VPC peering options and the Region for the accepter VPC
	// to modify the accepter VPC peering options. To verify which VPCs are the
	// accepter and the requester for a VPC peering connection, use the
	// DescribeVpcPeeringConnections command.
	ModifyVpcPeeringConnectionOptions(ctx context.Context, params *ModifyVpcPeeringConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpcPeeringConnectionOptionsOutput, error)
	// Modifies the instance tenancy attribute of the specified VPC. You can change the
	// instance tenancy attribute of a VPC to default only. You cannot change the
	// instance tenancy attribute to dedicated. After you modify the tenancy of the
	// VPC, any new instances that you launch into the VPC have a tenancy of default,
	// unless you specify otherwise during launch. The tenancy of any existing
	// instances in the VPC is not affected. For more information, see Dedicated
	// Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	ModifyVpcTenancy(ctx context.Context, params *ModifyVpcTenancyInput, optFns ...func(*Options)) (*ModifyVpcTenancyOutput, error)
	// Modifies the customer gateway or the target gateway of an Amazon Web Services
	// Site-to-Site VPN connection. To modify the target gateway, the following
	// migration options are available:
	//
	// * An existing virtual private gateway to a new
	// virtual private gateway
	//
	// * An existing virtual private gateway to a transit
	// gateway
	//
	// * An existing transit gateway to a new transit gateway
	//
	// * An existing
	// transit gateway to a virtual private gateway
	//
	// Before you perform the migration
	// to the new gateway, you must configure the new gateway. Use CreateVpnGateway to
	// create a virtual private gateway, or CreateTransitGateway to create a transit
	// gateway. This step is required when you migrate from a virtual private gateway
	// with static routes to a transit gateway. You must delete the static routes
	// before you migrate to the new gateway. Keep a copy of the static route before
	// you delete it. You will need to add back these routes to the transit gateway
	// after the VPN connection migration is complete. After you migrate to the new
	// gateway, you might need to modify your VPC route table. Use CreateRoute and
	// DeleteRoute to make the changes described in Update VPC route tables
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing)
	// in the Amazon Web Services Site-to-Site VPN User Guide. When the new gateway is
	// a transit gateway, modify the transit gateway route table to allow traffic
	// between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use
	// CreateTransitGatewayRoute to add the routes. If you deleted VPN static routes,
	// you must add the static routes to the transit gateway route table. After you
	// perform this operation, the VPN endpoint's IP addresses on the Amazon Web
	// Services side and the tunnel options remain intact. Your Amazon Web Services
	// Site-to-Site VPN connection will be temporarily unavailable for a brief period
	// while we provision the new endpoints.
	ModifyVpnConnection(ctx context.Context, params *ModifyVpnConnectionInput, optFns ...func(*Options)) (*ModifyVpnConnectionOutput, error)
	// Modifies the connection options for your Site-to-Site VPN connection. When you
	// modify the VPN connection options, the VPN endpoint IP addresses on the Amazon
	// Web Services side do not change, and the tunnel options do not change. Your VPN
	// connection will be temporarily unavailable for a brief period while the VPN
	// connection is updated.
	ModifyVpnConnectionOptions(ctx context.Context, params *ModifyVpnConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpnConnectionOptionsOutput, error)
	// Modifies the VPN tunnel endpoint certificate.
	ModifyVpnTunnelCertificate(ctx context.Context, params *ModifyVpnTunnelCertificateInput, optFns ...func(*Options)) (*ModifyVpnTunnelCertificateOutput, error)
	// Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN
	// connection. You can modify multiple options for a tunnel in a single request,
	// but you can only modify one tunnel at a time. For more information, see
	// Site-to-Site VPN tunnel options for your Site-to-Site VPN connection
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html) in the Amazon
	// Web Services Site-to-Site VPN User Guide.
	ModifyVpnTunnelOptions(ctx context.Context, params *ModifyVpnTunnelOptionsInput, optFns ...func(*Options)) (*ModifyVpnTunnelOptionsOutput, error)
	// Enables detailed monitoring for a running instance. Otherwise, basic monitoring
	// is enabled. For more information, see Monitor your instances using CloudWatch
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in
	// the Amazon EC2 User Guide. To disable detailed monitoring, see
	// UnmonitorInstances
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_UnmonitorInstances.html).
	MonitorInstances(ctx context.Context, params *MonitorInstancesInput, optFns ...func(*Options)) (*MonitorInstancesOutput, error)
	// Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC
	// platform. The Elastic IP address must be allocated to your account for more than
	// 24 hours, and it must not be associated with an instance. After the Elastic IP
	// address is moved, it is no longer available for use in the EC2-Classic platform,
	// unless you move it back using the RestoreAddressToClassic request. You cannot
	// move an Elastic IP address that was originally allocated for use in the EC2-VPC
	// platform to the EC2-Classic platform.
	MoveAddressToVpc(ctx context.Context, params *MoveAddressToVpcInput, optFns ...func(*Options)) (*MoveAddressToVpcOutput, error)
	// Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool. If you already have an
	// IPv4 BYOIP CIDR with Amazon Web Services, you can move the CIDR to IPAM from a
	// public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a
	// new IP address to Amazon Web Services for the first time, complete the steps in
	// Tutorial: BYOIP address CIDRs to IPAM.
	MoveByoipCidrToIpam(ctx context.Context, params *MoveByoipCidrToIpamInput, optFns ...func(*Options)) (*MoveByoipCidrToIpamOutput, error)
	// Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services
	// resources through bring your own IP addresses (BYOIP) and creates a
	// corresponding address pool. After the address range is provisioned, it is ready
	// to be advertised using AdvertiseByoipCidr. Amazon Web Services verifies that you
	// own the address range and are authorized to advertise it. You must ensure that
	// the address range is registered to you and that you created an RPKI ROA to
	// authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more
	// information, see Bring your own IP addresses (BYOIP)
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the
	// Amazon Elastic Compute Cloud User Guide. Provisioning an address range is an
	// asynchronous operation, so the call returns immediately, but the address range
	// is not ready to use until its status changes from pending-provision to
	// provisioned. To monitor the status of an address range, use DescribeByoipCidrs.
	// To allocate an Elastic IP address from your IPv4 address pool, use
	// AllocateAddress with either the specific address from the address pool or the ID
	// of the address pool.
	ProvisionByoipCidr(ctx context.Context, params *ProvisionByoipCidrInput, optFns ...func(*Options)) (*ProvisionByoipCidrOutput, error)
	// Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs
	// to a top-level pool or to transfer a CIDR from a top-level pool to a pool within
	// it. For more information, see Provision CIDRs to pools in the Amazon VPC IPAM
	// User Guide.
	ProvisionIpamPoolCidr(ctx context.Context, params *ProvisionIpamPoolCidrInput, optFns ...func(*Options)) (*ProvisionIpamPoolCidrOutput, error)
	// Provision a CIDR to a public IPv4 pool. For more information about IPAM, see
	// What is IPAM? in the Amazon VPC IPAM User Guide.
	ProvisionPublicIpv4PoolCidr(ctx context.Context, params *ProvisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*ProvisionPublicIpv4PoolCidrOutput, error)
	// Purchase a reservation with configurations that match those of your Dedicated
	// Host. You must have active Dedicated Hosts in your account before you purchase a
	// reservation. This action results in the specified reservation being purchased
	// and charged to your account.
	PurchaseHostReservation(ctx context.Context, params *PurchaseHostReservationInput, optFns ...func(*Options)) (*PurchaseHostReservationOutput, error)
	// Purchases a Reserved Instance for use with your account. With Reserved
	// Instances, you pay a lower hourly rate compared to On-Demand instance pricing.
	// Use DescribeReservedInstancesOfferings to get a list of Reserved Instance
	// offerings that match your specifications. After you've purchased a Reserved
	// Instance, you can check for your new Reserved Instance with
	// DescribeReservedInstances. To queue a purchase for a future date and time,
	// specify a purchase time. If you do not specify a purchase time, the default is
	// the current time. For more information, see Reserved Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html)
	// and Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	PurchaseReservedInstancesOffering(ctx context.Context, params *PurchaseReservedInstancesOfferingInput, optFns ...func(*Options)) (*PurchaseReservedInstancesOfferingOutput, error)
	// Purchases the Scheduled Instances with the specified schedule. Scheduled
	// Instances enable you to purchase Amazon EC2 compute capacity by the hour for a
	// one-year term. Before you can purchase a Scheduled Instance, you must call
	// DescribeScheduledInstanceAvailability to check for available schedules and
	// obtain a purchase token. After you purchase a Scheduled Instance, you must call
	// RunScheduledInstances during each scheduled time period. After you purchase a
	// Scheduled Instance, you can't cancel, modify, or resell your purchase.
	PurchaseScheduledInstances(ctx context.Context, params *PurchaseScheduledInstancesInput, optFns ...func(*Options)) (*PurchaseScheduledInstancesOutput, error)
	// Requests a reboot of the specified instances. This operation is asynchronous; it
	// only queues a request to reboot the specified instances. The operation succeeds
	// if the instances are valid and belong to you. Requests to reboot terminated
	// instances are ignored. If an instance does not cleanly shut down within a few
	// minutes, Amazon EC2 performs a hard reboot. For more information about
	// troubleshooting, see Troubleshoot an unreachable instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html) in
	// the Amazon EC2 User Guide.
	RebootInstances(ctx context.Context, params *RebootInstancesInput, optFns ...func(*Options)) (*RebootInstancesOutput, error)
	// Registers an AMI. When you're creating an AMI, this is the final step you must
	// complete before you can launch an instance from the AMI. For more information
	// about creating AMIs, see Creating your own AMIs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami.html) in
	// the Amazon Elastic Compute Cloud User Guide. For Amazon EBS-backed instances,
	// CreateImage creates and registers the AMI in a single request, so you don't have
	// to register the AMI yourself. If needed, you can deregister an AMI at any time.
	// Any modifications you make to an AMI backed by an instance store volume
	// invalidates its registration. If you make changes to an image, deregister the
	// previous image and register the new image. Register a snapshot of a root device
	// volume You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a
	// snapshot of a root device volume. You specify the snapshot using a block device
	// mapping. You can't set the encryption state of the volume using the block device
	// mapping. If the snapshot is encrypted, or encryption by default is enabled, the
	// root volume of an instance launched from the AMI is encrypted. For more
	// information, see Create a Linux AMI from a snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html#creating-launching-ami-from-snapshot)
	// and Use encryption with Amazon EBS-backed AMIs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide. Amazon Web Services Marketplace product
	// codes If any snapshots have Amazon Web Services Marketplace product codes, they
	// are copied to the new AMI. Windows and some Linux distributions, such as Red Hat
	// Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon
	// EC2 billing product code associated with an AMI to verify the subscription
	// status for package updates. To create a new AMI for operating systems that
	// require a billing product code, instead of registering the AMI, do the following
	// to preserve the billing product code association:
	//
	// * Launch an instance from an
	// existing AMI with that billing product code.
	//
	// * Customize the instance.
	//
	// *
	// Create an AMI from the instance using CreateImage.
	//
	// If you purchase a Reserved
	// Instance to apply to an On-Demand Instance that was launched from an AMI with a
	// billing product code, make sure that the Reserved Instance has the matching
	// billing product code. If you purchase a Reserved Instance without the matching
	// billing product code, the Reserved Instance will not be applied to the On-Demand
	// Instance. For information about how to obtain the platform details and billing
	// information of an AMI, see Understanding AMI billing
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	RegisterImage(ctx context.Context, params *RegisterImageInput, optFns ...func(*Options)) (*RegisterImageOutput, error)
	// Registers a set of tag keys to include in scheduled event notifications for your
	// resources. To remove tags, use DeregisterInstanceEventNotificationAttributes
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeregisterInstanceEventNotificationAttributes.html).
	RegisterInstanceEventNotificationAttributes(ctx context.Context, params *RegisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*RegisterInstanceEventNotificationAttributesOutput, error)
	// Registers members (network interfaces) with the transit gateway multicast group.
	// A member is a network interface associated with a supported EC2 instance that
	// receives multicast traffic. For information about supported instances, see
	// Multicast Consideration
	// (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits)
	// in Amazon VPC Transit Gateways. After you add the members, use
	// SearchTransitGatewayMulticastGroups
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html)
	// to verify that the members were added to the transit gateway multicast group.
	RegisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *RegisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupMembersOutput, error)
	// Registers sources (network interfaces) with the specified transit gateway
	// multicast group. A multicast source is a network interface attached to a
	// supported instance that sends multicast traffic. For information about supported
	// instances, see Multicast Considerations
	// (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits)
	// in Amazon VPC Transit Gateways. After you add the source, use
	// SearchTransitGatewayMulticastGroups
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html)
	// to verify that the source was added to the multicast group.
	RegisterTransitGatewayMulticastGroupSources(ctx context.Context, params *RegisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupSourcesOutput, error)
	// Rejects a request to associate cross-account subnets with a transit gateway
	// multicast domain.
	RejectTransitGatewayMulticastDomainAssociations(ctx context.Context, params *RejectTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*RejectTransitGatewayMulticastDomainAssociationsOutput, error)
	// Rejects a transit gateway peering attachment request.
	RejectTransitGatewayPeeringAttachment(ctx context.Context, params *RejectTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayPeeringAttachmentOutput, error)
	// Rejects a request to attach a VPC to a transit gateway. The VPC attachment must
	// be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to
	// view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment
	// to accept a VPC attachment request.
	RejectTransitGatewayVpcAttachment(ctx context.Context, params *RejectTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayVpcAttachmentOutput, error)
	// Rejects one or more VPC endpoint connection requests to your VPC endpoint
	// service.
	RejectVpcEndpointConnections(ctx context.Context, params *RejectVpcEndpointConnectionsInput, optFns ...func(*Options)) (*RejectVpcEndpointConnectionsOutput, error)
	// Rejects a VPC peering connection request. The VPC peering connection must be in
	// the pending-acceptance state. Use the DescribeVpcPeeringConnections request to
	// view your outstanding VPC peering connection requests. To delete an active VPC
	// peering connection, or to delete a VPC peering connection request that you
	// initiated, use DeleteVpcPeeringConnection.
	RejectVpcPeeringConnection(ctx context.Context, params *RejectVpcPeeringConnectionInput, optFns ...func(*Options)) (*RejectVpcPeeringConnectionOutput, error)
	// Releases the specified Elastic IP address. [EC2-Classic, default VPC] Releasing
	// an Elastic IP address automatically disassociates it from any instance that it's
	// associated with. To disassociate an Elastic IP address without releasing it, use
	// DisassociateAddress. [Nondefault VPC] You must use DisassociateAddress to
	// disassociate the Elastic IP address before you can release it. Otherwise, Amazon
	// EC2 returns an error (InvalidIPAddress.InUse). After releasing an Elastic IP
	// address, it is released to the IP address pool. Be sure to update your DNS
	// records and any servers or devices that communicate with the address. If you
	// attempt to release an Elastic IP address that you already released, you'll get
	// an AuthFailure error if the address is already allocated to another Amazon Web
	// Services account. [EC2-VPC] After you release an Elastic IP address for use in a
	// VPC, you might be able to recover it. For more information, see AllocateAddress.
	ReleaseAddress(ctx context.Context, params *ReleaseAddressInput, optFns ...func(*Options)) (*ReleaseAddressOutput, error)
	// When you no longer want to use an On-Demand Dedicated Host it can be released.
	// On-Demand billing is stopped and the host goes into released state. The host ID
	// of Dedicated Hosts that have been released can no longer be specified in another
	// request, for example, to modify the host. You must stop or terminate all
	// instances on a host before it can be released. When Dedicated Hosts are
	// released, it may take some time for them to stop counting toward your limit and
	// you may receive capacity errors when trying to allocate new Dedicated Hosts.
	// Wait a few minutes and then try again. Released hosts still appear in a
	// DescribeHosts response.
	ReleaseHosts(ctx context.Context, params *ReleaseHostsInput, optFns ...func(*Options)) (*ReleaseHostsOutput, error)
	// Release an allocation within an IPAM pool. You can only use this action to
	// release manual allocations. To remove an allocation for a resource without
	// deleting the resource, set its monitored state to false using
	// ModifyIpamResourceCidr
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html).
	// For more information, see Release an allocation in the Amazon VPC IPAM User
	// Guide.
	ReleaseIpamPoolAllocation(ctx context.Context, params *ReleaseIpamPoolAllocationInput, optFns ...func(*Options)) (*ReleaseIpamPoolAllocationOutput, error)
	// Replaces an IAM instance profile for the specified running instance. You can use
	// this action to change the IAM instance profile that's associated with an
	// instance without having to disassociate the existing IAM instance profile first.
	// Use DescribeIamInstanceProfileAssociations to get the association ID.
	ReplaceIamInstanceProfileAssociation(ctx context.Context, params *ReplaceIamInstanceProfileAssociationInput, optFns ...func(*Options)) (*ReplaceIamInstanceProfileAssociationOutput, error)
	// Changes which network ACL a subnet is associated with. By default when you
	// create a subnet, it's automatically associated with the default network ACL. For
	// more information, see Network ACLs
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
	// Virtual Private Cloud User Guide. This is an idempotent operation.
	ReplaceNetworkAclAssociation(ctx context.Context, params *ReplaceNetworkAclAssociationInput, optFns ...func(*Options)) (*ReplaceNetworkAclAssociationOutput, error)
	// Replaces an entry (rule) in a network ACL. For more information, see Network
	// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the
	// Amazon Virtual Private Cloud User Guide.
	ReplaceNetworkAclEntry(ctx context.Context, params *ReplaceNetworkAclEntryInput, optFns ...func(*Options)) (*ReplaceNetworkAclEntryOutput, error)
	// Replaces an existing route within a route table in a VPC. You must provide only
	// one of the following: internet gateway, virtual private gateway, NAT instance,
	// NAT gateway, VPC peering connection, network interface, egress-only internet
	// gateway, or transit gateway. For more information, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	ReplaceRoute(ctx context.Context, params *ReplaceRouteInput, optFns ...func(*Options)) (*ReplaceRouteOutput, error)
	// Changes the route table associated with a given subnet, internet gateway, or
	// virtual private gateway in a VPC. After the operation completes, the subnet or
	// gateway uses the routes in the new route table. For more information about route
	// tables, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide. You can also use this operation to
	// change which table is the main route table in the VPC. Specify the main route
	// table's association ID and the route table ID of the new main route table.
	ReplaceRouteTableAssociation(ctx context.Context, params *ReplaceRouteTableAssociationInput, optFns ...func(*Options)) (*ReplaceRouteTableAssociationOutput, error)
	// Replaces the specified route in the specified transit gateway route table.
	ReplaceTransitGatewayRoute(ctx context.Context, params *ReplaceTransitGatewayRouteInput, optFns ...func(*Options)) (*ReplaceTransitGatewayRouteOutput, error)
	// Submits feedback about the status of an instance. The instance must be in the
	// running state. If your experience with the instance differs from the instance
	// status returned by DescribeInstanceStatus, use ReportInstanceStatus to report
	// your experience with the instance. Amazon EC2 collects this information to
	// improve the accuracy of status checks. Use of this action does not change the
	// value returned by DescribeInstanceStatus.
	ReportInstanceStatus(ctx context.Context, params *ReportInstanceStatusInput, optFns ...func(*Options)) (*ReportInstanceStatusOutput, error)
	// Creates a Spot Fleet request. The Spot Fleet request specifies the total target
	// capacity and the On-Demand target capacity. Amazon EC2 calculates the difference
	// between the total capacity and On-Demand capacity, and launches the difference
	// as Spot capacity. You can submit a single request that includes multiple launch
	// specifications that vary by instance type, AMI, Availability Zone, or subnet. By
	// default, the Spot Fleet requests Spot Instances in the Spot Instance pool where
	// the price per unit is the lowest. Each launch specification can include its own
	// instance weighting that reflects the value of the instance type to your
	// application workload. Alternatively, you can specify that the Spot Fleet
	// distribute the target capacity across the Spot pools included in its launch
	// specifications. By ensuring that the Spot Instances in your Spot Fleet are in
	// different Spot pools, you can improve the availability of your fleet. You can
	// specify tags for the Spot Fleet request and instances launched by the fleet. You
	// cannot tag other resource types in a Spot Fleet request because only the
	// spot-fleet-request and instance resource types are supported. For more
	// information, see Spot Fleet requests
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html)
	// in the Amazon EC2 User Guide for Linux Instances.
	RequestSpotFleet(ctx context.Context, params *RequestSpotFleetInput, optFns ...func(*Options)) (*RequestSpotFleetOutput, error)
	// Creates a Spot Instance request. For more information, see Spot Instance
	// requests
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html) in the
	// Amazon EC2 User Guide for Linux Instances.
	RequestSpotInstances(ctx context.Context, params *RequestSpotInstancesInput, optFns ...func(*Options)) (*RequestSpotInstancesOutput, error)
	// Resets the attribute of the specified IP address. For requirements, see Using
	// reverse DNS for email applications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
	ResetAddressAttribute(ctx context.Context, params *ResetAddressAttributeInput, optFns ...func(*Options)) (*ResetAddressAttributeOutput, error)
	// Resets the default KMS key for EBS encryption for your account in this Region to
	// the Amazon Web Services managed KMS key for EBS. After resetting the default KMS
	// key to the Amazon Web Services managed KMS key, you can continue to encrypt by a
	// customer managed KMS key by specifying it when you create the volume. For more
	// information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	ResetEbsDefaultKmsKeyId(ctx context.Context, params *ResetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ResetEbsDefaultKmsKeyIdOutput, error)
	// Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its
	// default value. You can only reset the load permission attribute.
	ResetFpgaImageAttribute(ctx context.Context, params *ResetFpgaImageAttributeInput, optFns ...func(*Options)) (*ResetFpgaImageAttributeOutput, error)
	// Resets an attribute of an AMI to its default value.
	ResetImageAttribute(ctx context.Context, params *ResetImageAttributeInput, optFns ...func(*Options)) (*ResetImageAttributeOutput, error)
	// Resets an attribute of an instance to its default value. To reset the kernel or
	// ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck,
	// the instance can be either running or stopped. The sourceDestCheck attribute
	// controls whether source/destination checking is enabled. The default value is
	// true, which means checking is enabled. This value must be false for a NAT
	// instance to perform NAT. For more information, see NAT Instances
	// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html)
	// in the Amazon VPC User Guide.
	ResetInstanceAttribute(ctx context.Context, params *ResetInstanceAttributeInput, optFns ...func(*Options)) (*ResetInstanceAttributeOutput, error)
	// Resets a network interface attribute. You can specify only one attribute at a
	// time.
	ResetNetworkInterfaceAttribute(ctx context.Context, params *ResetNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ResetNetworkInterfaceAttributeOutput, error)
	// Resets permission settings for the specified snapshot. For more information
	// about modifying snapshot permissions, see Share a snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	ResetSnapshotAttribute(ctx context.Context, params *ResetSnapshotAttributeInput, optFns ...func(*Options)) (*ResetSnapshotAttributeOutput, error)
	// Restores an Elastic IP address that was previously moved to the EC2-VPC platform
	// back to the EC2-Classic platform. You cannot move an Elastic IP address that was
	// originally allocated for use in EC2-VPC. The Elastic IP address must not be
	// associated with an instance or network interface.
	RestoreAddressToClassic(ctx context.Context, params *RestoreAddressToClassicInput, optFns ...func(*Options)) (*RestoreAddressToClassicOutput, error)
	// Restores an AMI from the Recycle Bin. For more information, see Recycle Bin
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	RestoreImageFromRecycleBin(ctx context.Context, params *RestoreImageFromRecycleBinInput, optFns ...func(*Options)) (*RestoreImageFromRecycleBinOutput, error)
	// Restores the entries from a previous version of a managed prefix list to a new
	// version of the prefix list.
	RestoreManagedPrefixListVersion(ctx context.Context, params *RestoreManagedPrefixListVersionInput, optFns ...func(*Options)) (*RestoreManagedPrefixListVersionOutput, error)
	// Restores a snapshot from the Recycle Bin. For more information, see Restore
	// snapshots from the Recycle Bin
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin-working-with-snaps.html#recycle-bin-restore-snaps)
	// in the Amazon Elastic Compute Cloud User Guide.
	RestoreSnapshotFromRecycleBin(ctx context.Context, params *RestoreSnapshotFromRecycleBinInput, optFns ...func(*Options)) (*RestoreSnapshotFromRecycleBinOutput, error)
	// Restores an archived Amazon EBS snapshot for use temporarily or permanently, or
	// modifies the restore period or restore type for a snapshot that was previously
	// temporarily restored. For more information see  Restore an archived snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#restore-archived-snapshot)
	// and  modify the restore period or restore type for a temporarily restored
	// snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#modify-temp-restore-period)
	// in the Amazon Elastic Compute Cloud User Guide.
	RestoreSnapshotTier(ctx context.Context, params *RestoreSnapshotTierInput, optFns ...func(*Options)) (*RestoreSnapshotTierOutput, error)
	// Removes an ingress authorization rule from a Client VPN endpoint.
	RevokeClientVpnIngress(ctx context.Context, params *RevokeClientVpnIngressInput, optFns ...func(*Options)) (*RevokeClientVpnIngressOutput, error)
	// [VPC only] Removes the specified outbound (egress) rules from a security group
	// for EC2-VPC. This action does not apply to security groups for use in
	// EC2-Classic. You can specify rules using either rule IDs or security group rule
	// properties. If you use rule properties, the values that you specify (for
	// example, ports) must match the existing rule's values exactly. Each rule has a
	// protocol, from and to ports, and destination (CIDR range, security group, or
	// prefix list). For the TCP and UDP protocols, you must also specify the
	// destination port or range of ports. For the ICMP protocol, you must also specify
	// the ICMP type and code. If the security group rule has a description, you do not
	// need to specify the description to revoke the rule. [Default VPC] If the values
	// you specify do not match the existing rule's values, no error is returned, and
	// the output describes the security group rules that were not revoked. Amazon Web
	// Services recommends that you describe the security group to verify that the
	// rules were removed. Rule changes are propagated to instances within the security
	// group as quickly as possible. However, a small delay might occur.
	RevokeSecurityGroupEgress(ctx context.Context, params *RevokeSecurityGroupEgressInput, optFns ...func(*Options)) (*RevokeSecurityGroupEgressOutput, error)
	// Removes the specified inbound (ingress) rules from a security group. You can
	// specify rules using either rule IDs or security group rule properties. If you
	// use rule properties, the values that you specify (for example, ports) must match
	// the existing rule's values exactly. Each rule has a protocol, from and to ports,
	// and source (CIDR range, security group, or prefix list). For the TCP and UDP
	// protocols, you must also specify the destination port or range of ports. For the
	// ICMP protocol, you must also specify the ICMP type and code. If the security
	// group rule has a description, you do not need to specify the description to
	// revoke the rule. [EC2-Classic, default VPC] If the values you specify do not
	// match the existing rule's values, no error is returned, and the output describes
	// the security group rules that were not revoked. Amazon Web Services recommends
	// that you describe the security group to verify that the rules were removed. Rule
	// changes are propagated to instances within the security group as quickly as
	// possible. However, a small delay might occur.
	RevokeSecurityGroupIngress(ctx context.Context, params *RevokeSecurityGroupIngressInput, optFns ...func(*Options)) (*RevokeSecurityGroupIngressOutput, error)
	// Launches the specified number of instances using an AMI for which you have
	// permissions. You can specify a number of options, or leave the default options.
	// The following rules apply:
	//
	// * [EC2-VPC] If you don't specify a subnet ID, we
	// choose a default subnet from your default VPC for you. If you don't have a
	// default VPC, you must specify a subnet ID in the request.
	//
	// * [EC2-Classic] If
	// don't specify an Availability Zone, we choose one for you.
	//
	// * Some instance
	// types must be launched into a VPC. If you do not have a default VPC, or if you
	// do not specify a subnet ID, the request fails. For more information, see
	// Instance types available only in a VPC
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html#vpc-only-instance-types).
	//
	// *
	// [EC2-VPC] All instances have a network interface with a primary private IPv4
	// address. If you don't specify this address, we choose one from the IPv4 range of
	// your subnet.
	//
	// * Not all instance types support IPv6 addresses. For more
	// information, see Instance types
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html).
	//
	// * If
	// you don't specify a security group ID, we use the default security group. For
	// more information, see Security groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html).
	//
	// *
	// If any of the AMIs have a product code attached for which the user has not
	// subscribed, the request fails.
	//
	// You can create a launch template
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html),
	// which is a resource that contains the parameters to launch an instance. When you
	// launch an instance using RunInstances, you can specify the launch template
	// instead of specifying the launch parameters. To ensure faster instance launches,
	// break up large requests into smaller batches. For example, create five separate
	// launch requests for 100 instances each instead of one launch request for 500
	// instances. An instance is ready for you to use when it's in the running state.
	// You can check the state of your instance using DescribeInstances. You can tag
	// instances and EBS volumes during launch, after launch, or both. For more
	// information, see CreateTags and Tagging your Amazon EC2 resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html). Linux
	// instances have access to the public key of the key pair at boot. You can use
	// this key to provide secure access to the instance. Amazon EC2 public images use
	// this feature to provide secure access without passwords. For more information,
	// see Key pairs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). For
	// troubleshooting, see What to do if an instance immediately terminates
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html),
	// and Troubleshooting connecting to your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html).
	RunInstances(ctx context.Context, params *RunInstancesInput, optFns ...func(*Options)) (*RunInstancesOutput, error)
	// Launches the specified Scheduled Instances. Before you can launch a Scheduled
	// Instance, you must purchase it and obtain an identifier using
	// PurchaseScheduledInstances. You must launch a Scheduled Instance during its
	// scheduled time period. You can't stop or reboot a Scheduled Instance, but you
	// can terminate it as needed. If you terminate a Scheduled Instance before the
	// current scheduled time period ends, you can launch it again after a few minutes.
	// For more information, see Scheduled Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html)
	// in the Amazon EC2 User Guide.
	RunScheduledInstances(ctx context.Context, params *RunScheduledInstancesInput, optFns ...func(*Options)) (*RunScheduledInstancesOutput, error)
	// Searches for routes in the specified local gateway route table.
	SearchLocalGatewayRoutes(ctx context.Context, params *SearchLocalGatewayRoutesInput, optFns ...func(*Options)) (*SearchLocalGatewayRoutesOutput, error)
	// Searches one or more transit gateway multicast groups and returns the group
	// membership information.
	SearchTransitGatewayMulticastGroups(ctx context.Context, params *SearchTransitGatewayMulticastGroupsInput, optFns ...func(*Options)) (*SearchTransitGatewayMulticastGroupsOutput, error)
	// Searches for routes in the specified transit gateway route table.
	SearchTransitGatewayRoutes(ctx context.Context, params *SearchTransitGatewayRoutesInput, optFns ...func(*Options)) (*SearchTransitGatewayRoutesOutput, error)
	// Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a
	// kernel panic (on Linux instances), or a blue screen/stop error (on Windows
	// instances). For instances based on Intel and AMD processors, the interrupt is
	// received as a non-maskable interrupt (NMI). In general, the operating system
	// crashes and reboots when a kernel panic or stop error is triggered. The
	// operating system can also be configured to perform diagnostic tasks, such as
	// generating a memory dump file, loading a secondary kernel, or obtaining a call
	// trace. Before sending a diagnostic interrupt to your instance, ensure that its
	// operating system is configured to perform the required diagnostic tasks. For
	// more information about configuring your operating system to generate a crash
	// dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt
	// (for advanced users)
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/diagnostic-interrupt.html)
	// (Linux instances) or Send a diagnostic interrupt (for advanced users)
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/diagnostic-interrupt.html)
	// (Windows instances).
	SendDiagnosticInterrupt(ctx context.Context, params *SendDiagnosticInterruptInput, optFns ...func(*Options)) (*SendDiagnosticInterruptOutput, error)
	// Starts an Amazon EBS-backed instance that you've previously stopped. Instances
	// that use Amazon EBS volumes as their root devices can be quickly stopped and
	// started. When an instance is stopped, the compute resources are released and you
	// are not billed for instance usage. However, your root partition Amazon EBS
	// volume remains and continues to persist your data, and you are charged for
	// Amazon EBS volume usage. You can restart your instance at any time. Every time
	// you start your instance, Amazon EC2 charges a one-minute minimum for instance
	// usage, and thereafter charges per second for instance usage. Before stopping an
	// instance, make sure it is in a state from which it can be restarted. Stopping an
	// instance does not preserve data stored in RAM. Performing this operation on an
	// instance that uses an instance store as its root device returns an error. If you
	// attempt to start a T3 instance with host tenancy and the unlimted CPU credit
	// option, the request fails. The unlimited CPU credit option is not supported on
	// Dedicated Hosts. Before you start the instance, either change its CPU credit
	// option to standard, or change its tenancy to default or dedicated. For more
	// information, see Stop and start your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html) in the
	// Amazon EC2 User Guide.
	StartInstances(ctx context.Context, params *StartInstancesInput, optFns ...func(*Options)) (*StartInstancesOutput, error)
	// Starts analyzing the specified Network Access Scope.
	StartNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *StartNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAccessScopeAnalysisOutput, error)
	// Starts analyzing the specified path. If the path is reachable, the operation
	// returns the shortest feasible path.
	StartNetworkInsightsAnalysis(ctx context.Context, params *StartNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAnalysisOutput, error)
	// Initiates the verification process to prove that the service provider owns the
	// private DNS name domain for the endpoint service. The service provider must
	// successfully perform the verification before the consumer can use the name to
	// access the service. Before the service provider runs this command, they must add
	// a record to the DNS server. For more information, see Adding a TXT Record to
	// Your Domain's DNS Server
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html#add-dns-txt-record)
	// in the Amazon VPC User Guide.
	StartVpcEndpointServicePrivateDnsVerification(ctx context.Context, params *StartVpcEndpointServicePrivateDnsVerificationInput, optFns ...func(*Options)) (*StartVpcEndpointServicePrivateDnsVerificationOutput, error)
	// Stops an Amazon EBS-backed instance. You can use the Stop action to hibernate an
	// instance if the instance is enabled for hibernation
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#enabling-hibernation)
	// and it meets the hibernation prerequisites
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites).
	// For more information, see Hibernate your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) in the
	// Amazon EC2 User Guide. We don't charge usage for a stopped instance, or data
	// transfer fees; however, your root partition Amazon EBS volume remains and
	// continues to persist your data, and you are charged for Amazon EBS volume usage.
	// Every time you start your instance, Amazon EC2 charges a one-minute minimum for
	// instance usage, and thereafter charges per second for instance usage. You can't
	// stop or hibernate instance store-backed instances. You can't use the Stop action
	// to hibernate Spot Instances, but you can specify that Amazon EC2 should
	// hibernate Spot Instances when they are interrupted. For more information, see
	// Hibernating interrupted Spot Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances)
	// in the Amazon EC2 User Guide. When you stop or hibernate an instance, we shut it
	// down. You can restart your instance at any time. Before stopping or hibernating
	// an instance, make sure it is in a state from which it can be restarted. Stopping
	// an instance does not preserve data stored in RAM, but hibernating an instance
	// does preserve data stored in RAM. If an instance cannot hibernate successfully,
	// a normal shutdown occurs. Stopping and hibernating an instance is different to
	// rebooting or terminating it. For example, when you stop or hibernate an
	// instance, the root device and any other devices attached to the instance
	// persist. When you terminate an instance, the root device and any other devices
	// attached during the instance launch are automatically deleted. For more
	// information about the differences between rebooting, stopping, hibernating, and
	// terminating instances, see Instance lifecycle
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
	// in the Amazon EC2 User Guide. When you stop an instance, we attempt to shut it
	// down forcibly after a short while. If your instance appears stuck in the
	// stopping state after a period of time, there may be an issue with the underlying
	// host computer. For more information, see Troubleshoot stopping your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesStopping.html)
	// in the Amazon EC2 User Guide.
	StopInstances(ctx context.Context, params *StopInstancesInput, optFns ...func(*Options)) (*StopInstancesOutput, error)
	// Terminates active Client VPN endpoint connections. This action can be used to
	// terminate a specific client connection, or up to five connections established by
	// a specific user.
	TerminateClientVpnConnections(ctx context.Context, params *TerminateClientVpnConnectionsInput, optFns ...func(*Options)) (*TerminateClientVpnConnectionsOutput, error)
	// Shuts down the specified instances. This operation is idempotent; if you
	// terminate an instance more than once, each call succeeds. If you specify
	// multiple instances and the request fails (for example, because of a single
	// incorrect instance ID), none of the instances are terminated. If you terminate
	// multiple instances across multiple Availability Zones, and one or more of the
	// specified instances are enabled for termination protection, the request fails
	// with the following results:
	//
	// * The specified instances that are in the same
	// Availability Zone as the protected instance are not terminated.
	//
	// * The specified
	// instances that are in different Availability Zones, where no other specified
	// instances are protected, are successfully terminated.
	//
	// For example, say you have
	// the following instances:
	//
	// * Instance A: us-east-1a; Not protected
	//
	// * Instance B:
	// us-east-1a; Not protected
	//
	// * Instance C: us-east-1b; Protected
	//
	// * Instance D:
	// us-east-1b; not protected
	//
	// If you attempt to terminate all of these instances in
	// the same request, the request reports failure with the following results:
	//
	// *
	// Instance A and Instance B are successfully terminated because none of the
	// specified instances in us-east-1a are enabled for termination protection.
	//
	// *
	// Instance C and Instance D fail to terminate because at least one of the
	// specified instances in us-east-1b (Instance C) is enabled for termination
	// protection.
	//
	// Terminated instances remain visible after termination (for
	// approximately one hour). By default, Amazon EC2 deletes all EBS volumes that
	// were attached when the instance launched. Volumes attached after instance launch
	// continue running. You can stop, start, and terminate EBS-backed instances. You
	// can only terminate instance store-backed instances. What happens to an instance
	// differs if you stop it or terminate it. For example, when you stop an instance,
	// the root device and any other devices attached to the instance persist. When you
	// terminate an instance, any attached EBS volumes with the DeleteOnTermination
	// block device mapping parameter set to true are automatically deleted. For more
	// information about the differences between stopping and terminating instances,
	// see Instance lifecycle
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
	// in the Amazon EC2 User Guide. For more information about troubleshooting, see
	// Troubleshooting terminating your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesShuttingDown.html)
	// in the Amazon EC2 User Guide.
	TerminateInstances(ctx context.Context, params *TerminateInstancesInput, optFns ...func(*Options)) (*TerminateInstancesOutput, error)
	// Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a
	// network interface.
	UnassignIpv6Addresses(ctx context.Context, params *UnassignIpv6AddressesInput, optFns ...func(*Options)) (*UnassignIpv6AddressesOutput, error)
	// Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation
	// prefixes from a network interface.
	UnassignPrivateIpAddresses(ctx context.Context, params *UnassignPrivateIpAddressesInput, optFns ...func(*Options)) (*UnassignPrivateIpAddressesOutput, error)
	// Disables detailed monitoring for a running instance. For more information, see
	// Monitoring your instances and volumes
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in
	// the Amazon EC2 User Guide.
	UnmonitorInstances(ctx context.Context, params *UnmonitorInstancesInput, optFns ...func(*Options)) (*UnmonitorInstancesOutput, error)
	// [VPC only] Updates the description of an egress (outbound) security group rule.
	// You can replace an existing description, or add a description to a rule that did
	// not have one previously. You can remove a description for a security group rule
	// by omitting the description parameter in the request.
	UpdateSecurityGroupRuleDescriptionsEgress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsEgressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsEgressOutput, error)
	// Updates the description of an ingress (inbound) security group rule. You can
	// replace an existing description, or add a description to a rule that did not
	// have one previously. You can remove a description for a security group rule by
	// omitting the description parameter in the request.
	UpdateSecurityGroupRuleDescriptionsIngress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsIngressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsIngressOutput, error)
	// Stops advertising an address range that is provisioned as an address pool. You
	// can perform this operation at most once every 10 seconds, even if you specify
	// different address ranges each time. It can take a few minutes before traffic to
	// the specified addresses stops routing to Amazon Web Services because of BGP
	// propagation delays.
	WithdrawByoipCidr(ctx context.Context, params *WithdrawByoipCidrInput, optFns ...func(*Options)) (*WithdrawByoipCidrOutput, error)
}

EC2 provides an interface to the AWS EC2 service.

type EKS added in v0.98.0

type EKS interface {
	// Associate encryption configuration to an existing cluster. You can use this API
	// to enable encryption on existing clusters which do not have encryption already
	// enabled. This allows you to implement a defense-in-depth security strategy
	// without migrating applications to new Amazon EKS clusters.
	AssociateEncryptionConfig(ctx context.Context, params *AssociateEncryptionConfigInput, optFns ...func(*Options)) (*AssociateEncryptionConfigOutput, error)
	// Associate an identity provider configuration to a cluster. If you want to
	// authenticate identities using an identity provider, you can create an identity
	// provider configuration and associate it to your cluster. After configuring
	// authentication to your cluster you can create Kubernetes roles and clusterroles
	// to assign permissions to the roles, and then bind the roles to the identities
	// using Kubernetes rolebindings and clusterrolebindings. For more information see
	// Using RBAC Authorization
	// (https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in the
	// Kubernetes documentation.
	AssociateIdentityProviderConfig(ctx context.Context, params *AssociateIdentityProviderConfigInput, optFns ...func(*Options)) (*AssociateIdentityProviderConfigOutput, error)
	// Creates an Amazon EKS add-on. Amazon EKS add-ons help to automate the
	// provisioning and lifecycle management of common operational software for Amazon
	// EKS clusters. For more information, see Amazon EKS add-ons
	// (https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) in the
	// Amazon EKS User Guide.
	CreateAddon(ctx context.Context, params *CreateAddonInput, optFns ...func(*Options)) (*CreateAddonOutput, error)
	// Creates an Amazon EKS control plane. The Amazon EKS control plane consists of
	// control plane instances that run the Kubernetes software, such as etcd and the
	// API server. The control plane runs in an account managed by Amazon Web Services,
	// and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each
	// Amazon EKS cluster control plane is single tenant and unique. It runs on its own
	// set of Amazon EC2 instances. The cluster control plane is provisioned across
	// multiple Availability Zones and fronted by an Elastic Load Balancing Network
	// Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC
	// subnets to provide connectivity from the control plane instances to the nodes
	// (for example, to support kubectl exec, logs, and proxy data flows). Amazon EKS
	// nodes run in your Amazon Web Services account and connect to your cluster's
	// control plane over the Kubernetes API server endpoint and a certificate file
	// that is created for your cluster. In most cases, it takes several minutes to
	// create a cluster. After you create an Amazon EKS cluster, you must configure
	// your Kubernetes tooling to communicate with the API server and launch nodes into
	// your cluster. For more information, see Managing Cluster Authentication
	// (https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html) and
	// Launching Amazon EKS nodes
	// (https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the
	// Amazon EKS User Guide.
	CreateCluster(ctx context.Context, params *CreateClusterInput, optFns ...func(*Options)) (*CreateClusterOutput, error)
	// Creates an Fargate profile for your Amazon EKS cluster. You must have at least
	// one Fargate profile in a cluster to be able to run pods on Fargate. The Fargate
	// profile allows an administrator to declare which pods run on Fargate and specify
	// which pods run on which Fargate profile. This declaration is done through the
	// profile’s selectors. Each profile can have up to five selectors that contain a
	// namespace and labels. A namespace is required for every selector. The label
	// field consists of multiple optional key-value pairs. Pods that match the
	// selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the
	// selectors in the Fargate profile, then that pod is run on Fargate. When you
	// create a Fargate profile, you must specify a pod execution role to use with the
	// pods that are scheduled with the profile. This role is added to the cluster's
	// Kubernetes Role Based Access Control
	// (https://kubernetes.io/docs/admin/authorization/rbac/) (RBAC) for authorization
	// so that the kubelet that is running on the Fargate infrastructure can register
	// with your Amazon EKS cluster so that it can appear in your cluster as a node.
	// The pod execution role also provides IAM permissions to the Fargate
	// infrastructure to allow read access to Amazon ECR image repositories. For more
	// information, see Pod Execution Role
	// (https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in
	// the Amazon EKS User Guide. Fargate profiles are immutable. However, you can
	// create a new updated profile to replace an existing profile and then delete the
	// original after the updated profile has finished creating. If any Fargate
	// profiles in a cluster are in the DELETING status, you must wait for that Fargate
	// profile to finish deleting before you can create any other profiles in that
	// cluster. For more information, see Fargate Profile
	// (https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) in the
	// Amazon EKS User Guide.
	CreateFargateProfile(ctx context.Context, params *CreateFargateProfileInput, optFns ...func(*Options)) (*CreateFargateProfileOutput, error)
	// Creates a managed node group for an Amazon EKS cluster. You can only create a
	// node group for your cluster that is equal to the current Kubernetes version for
	// the cluster. All node groups are created with the latest AMI release version for
	// the respective minor Kubernetes version of the cluster, unless you deploy a
	// custom AMI using a launch template. For more information about using launch
	// templates, see Launch template support
	// (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). An
	// Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated
	// Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS
	// cluster. For more information, see Managed node groups
	// (https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in
	// the Amazon EKS User Guide. Windows AMI types are only supported for commercial
	// Regions that support Windows Amazon EKS.
	CreateNodegroup(ctx context.Context, params *CreateNodegroupInput, optFns ...func(*Options)) (*CreateNodegroupOutput, error)
	// Delete an Amazon EKS add-on. When you remove the add-on, it will also be deleted
	// from the cluster. You can always manually start an add-on on the cluster using
	// the Kubernetes API.
	DeleteAddon(ctx context.Context, params *DeleteAddonInput, optFns ...func(*Options)) (*DeleteAddonOutput, error)
	// Deletes the Amazon EKS cluster control plane. If you have active services in
	// your cluster that are associated with a load balancer, you must delete those
	// services before deleting the cluster so that the load balancers are deleted
	// properly. Otherwise, you can have orphaned resources in your VPC that prevent
	// you from being able to delete the VPC. For more information, see Deleting a
	// Cluster (https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html)
	// in the Amazon EKS User Guide. If you have managed node groups or Fargate
	// profiles attached to the cluster, you must delete them first. For more
	// information, see DeleteNodegroup and DeleteFargateProfile.
	DeleteCluster(ctx context.Context, params *DeleteClusterInput, optFns ...func(*Options)) (*DeleteClusterOutput, error)
	// Deletes an Fargate profile. When you delete a Fargate profile, any pods running
	// on Fargate that were created with the profile are deleted. If those pods match
	// another Fargate profile, then they are scheduled on Fargate with that profile.
	// If they no longer match any Fargate profiles, then they are not scheduled on
	// Fargate and they may remain in a pending state. Only one Fargate profile in a
	// cluster can be in the DELETING status at a time. You must wait for a Fargate
	// profile to finish deleting before you can delete any other profiles in that
	// cluster.
	DeleteFargateProfile(ctx context.Context, params *DeleteFargateProfileInput, optFns ...func(*Options)) (*DeleteFargateProfileOutput, error)
	// Deletes an Amazon EKS node group for a cluster.
	DeleteNodegroup(ctx context.Context, params *DeleteNodegroupInput, optFns ...func(*Options)) (*DeleteNodegroupOutput, error)
	// Deregisters a connected cluster to remove it from the Amazon EKS control plane.
	DeregisterCluster(ctx context.Context, params *DeregisterClusterInput, optFns ...func(*Options)) (*DeregisterClusterOutput, error)
	// Describes an Amazon EKS add-on.
	DescribeAddon(ctx context.Context, params *DescribeAddonInput, optFns ...func(*Options)) (*DescribeAddonOutput, error)
	// Returns configuration options.
	DescribeAddonConfiguration(ctx context.Context, params *DescribeAddonConfigurationInput, optFns ...func(*Options)) (*DescribeAddonConfigurationOutput, error)
	// Describes the versions for an add-on. Information such as the Kubernetes
	// versions that you can use the add-on with, the owner, publisher, and the type of
	// the add-on are returned.
	DescribeAddonVersions(ctx context.Context, params *DescribeAddonVersionsInput, optFns ...func(*Options)) (*DescribeAddonVersionsOutput, error)
	// Returns descriptive information about an Amazon EKS cluster. The API server
	// endpoint and certificate authority data returned by this operation are required
	// for kubelet and kubectl to communicate with your Kubernetes API server. For more
	// information, see Create a kubeconfig for Amazon EKS
	// (https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html). The
	// API server endpoint and certificate authority data aren't available until the
	// cluster reaches the ACTIVE state.
	DescribeCluster(ctx context.Context, params *DescribeClusterInput, optFns ...func(*Options)) (*DescribeClusterOutput, error)
	// Returns descriptive information about an Fargate profile.
	DescribeFargateProfile(ctx context.Context, params *DescribeFargateProfileInput, optFns ...func(*Options)) (*DescribeFargateProfileOutput, error)
	// Returns descriptive information about an identity provider configuration.
	DescribeIdentityProviderConfig(ctx context.Context, params *DescribeIdentityProviderConfigInput, optFns ...func(*Options)) (*DescribeIdentityProviderConfigOutput, error)
	// Returns descriptive information about an Amazon EKS node group.
	DescribeNodegroup(ctx context.Context, params *DescribeNodegroupInput, optFns ...func(*Options)) (*DescribeNodegroupOutput, error)
	// Returns descriptive information about an update against your Amazon EKS cluster
	// or associated managed node group or Amazon EKS add-on. When the status of the
	// update is Succeeded, the update is complete. If an update fails, the status is
	// Failed, and an error detail explains the reason for the failure.
	DescribeUpdate(ctx context.Context, params *DescribeUpdateInput, optFns ...func(*Options)) (*DescribeUpdateOutput, error)
	// Disassociates an identity provider configuration from a cluster. If you
	// disassociate an identity provider from your cluster, users included in the
	// provider can no longer access the cluster. However, you can still access the
	// cluster with Amazon Web Services IAM users.
	DisassociateIdentityProviderConfig(ctx context.Context, params *DisassociateIdentityProviderConfigInput, optFns ...func(*Options)) (*DisassociateIdentityProviderConfigOutput, error)
	// Lists the available add-ons.
	ListAddons(ctx context.Context, params *ListAddonsInput, optFns ...func(*Options)) (*ListAddonsOutput, error)
	// Lists the Amazon EKS clusters in your Amazon Web Services account in the
	// specified Region.
	ListClusters(ctx context.Context, params *ListClustersInput, optFns ...func(*Options)) (*ListClustersOutput, error)
	// Lists the Fargate profiles associated with the specified cluster in your Amazon
	// Web Services account in the specified Region.
	ListFargateProfiles(ctx context.Context, params *ListFargateProfilesInput, optFns ...func(*Options)) (*ListFargateProfilesOutput, error)
	// A list of identity provider configurations.
	ListIdentityProviderConfigs(ctx context.Context, params *ListIdentityProviderConfigsInput, optFns ...func(*Options)) (*ListIdentityProviderConfigsOutput, error)
	// Lists the Amazon EKS managed node groups associated with the specified cluster
	// in your Amazon Web Services account in the specified Region. Self-managed node
	// groups are not listed.
	ListNodegroups(ctx context.Context, params *ListNodegroupsInput, optFns ...func(*Options)) (*ListNodegroupsOutput, error)
	// List the tags for an Amazon EKS resource.
	ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
	// Lists the updates associated with an Amazon EKS cluster or managed node group in
	// your Amazon Web Services account, in the specified Region.
	ListUpdates(ctx context.Context, params *ListUpdatesInput, optFns ...func(*Options)) (*ListUpdatesOutput, error)
	// Connects a Kubernetes cluster to the Amazon EKS control plane. Any Kubernetes
	// cluster can be connected to the Amazon EKS control plane to view current
	// information about the cluster and its nodes. Cluster connection requires two
	// steps. First, send a RegisterClusterRequest to add it to the Amazon EKS control
	// plane. Second, a Manifest
	// (https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml)
	// containing the activationID and activationCode must be applied to the Kubernetes
	// cluster through it's native provider to provide visibility. After the Manifest
	// is updated and applied, then the connected cluster is visible to the Amazon EKS
	// control plane. If the Manifest is not applied within three days, then the
	// connected cluster will no longer be visible and must be deregistered. See
	// DeregisterCluster.
	RegisterCluster(ctx context.Context, params *RegisterClusterInput, optFns ...func(*Options)) (*RegisterClusterOutput, error)
	// Associates the specified tags to a resource with the specified resourceArn. If
	// existing tags on a resource are not specified in the request parameters, they
	// are not changed. When a resource is deleted, the tags associated with that
	// resource are deleted as well. Tags that you create for Amazon EKS resources do
	// not propagate to any other resources associated with the cluster. For example,
	// if you tag a cluster with this operation, that tag does not automatically
	// propagate to the subnets and nodes associated with the cluster.
	TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
	// Deletes specified tags from a resource.
	UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
	// Updates an Amazon EKS add-on.
	UpdateAddon(ctx context.Context, params *UpdateAddonInput, optFns ...func(*Options)) (*UpdateAddonOutput, error)
	// Updates an Amazon EKS cluster configuration. Your cluster continues to function
	// during the update. The response output includes an update ID that you can use to
	// track the status of your cluster update with the DescribeUpdate API operation.
	// You can use this API operation to enable or disable exporting the Kubernetes
	// control plane logs for your cluster to CloudWatch Logs. By default, cluster
	// control plane logs aren't exported to CloudWatch Logs. For more information, see
	// Amazon EKS Cluster Control Plane Logs
	// (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in
	// the Amazon EKS User Guide . CloudWatch Logs ingestion, archive storage, and data
	// scanning rates apply to exported control plane logs. For more information, see
	// CloudWatch Pricing (http://aws.amazon.com/cloudwatch/pricing/). You can also use
	// this API operation to enable or disable public and private access to your
	// cluster's Kubernetes API server endpoint. By default, public access is enabled,
	// and private access is disabled. For more information, see Amazon EKS cluster
	// endpoint access control
	// (https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the
	// Amazon EKS User Guide . You can't update the subnets or security group IDs for
	// an existing cluster. Cluster updates are asynchronous, and they should finish
	// within a few minutes. During an update, the cluster status moves to UPDATING
	// (this status transition is eventually consistent). When the update is complete
	// (either Failed or Successful), the cluster status moves to Active.
	UpdateClusterConfig(ctx context.Context, params *UpdateClusterConfigInput, optFns ...func(*Options)) (*UpdateClusterConfigOutput, error)
	// Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster
	// continues to function during the update. The response output includes an update
	// ID that you can use to track the status of your cluster update with the
	// DescribeUpdate API operation. Cluster updates are asynchronous, and they should
	// finish within a few minutes. During an update, the cluster status moves to
	// UPDATING (this status transition is eventually consistent). When the update is
	// complete (either Failed or Successful), the cluster status moves to Active. If
	// your cluster has managed node groups attached to it, all of your node groups’
	// Kubernetes versions must match the cluster’s Kubernetes version in order to
	// update the cluster to a new Kubernetes version.
	UpdateClusterVersion(ctx context.Context, params *UpdateClusterVersionInput, optFns ...func(*Options)) (*UpdateClusterVersionOutput, error)
	// Updates an Amazon EKS managed node group configuration. Your node group
	// continues to function during the update. The response output includes an update
	// ID that you can use to track the status of your node group update with the
	// DescribeUpdate API operation. Currently you can update the Kubernetes labels for
	// a node group or the scaling configuration.
	UpdateNodegroupConfig(ctx context.Context, params *UpdateNodegroupConfigInput, optFns ...func(*Options)) (*UpdateNodegroupConfigOutput, error)
	// Updates the Kubernetes version or AMI version of an Amazon EKS managed node
	// group. You can update a node group using a launch template only if the node
	// group was originally deployed with a launch template. If you need to update a
	// custom AMI in a node group that was deployed with a launch template, then update
	// your custom AMI, specify the new ID in a new version of the launch template, and
	// then update the node group to the new version of the launch template. If you
	// update without a launch template, then you can update to the latest available
	// AMI version of a node group's current Kubernetes version by not specifying a
	// Kubernetes version in the request. You can update to the latest AMI version of
	// your cluster's current Kubernetes version by specifying your cluster's
	// Kubernetes version in the request. For information about Linux versions, see
	// Amazon EKS optimized Amazon Linux AMI versions
	// (https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html)
	// in the Amazon EKS User Guide. For information about Windows versions, see Amazon
	// EKS optimized Windows AMI versions
	// (https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html)
	// in the Amazon EKS User Guide. You cannot roll back a node group to an earlier
	// Kubernetes version or AMI version. When a node in a managed node group is
	// terminated due to a scaling action or update, the pods in that node are drained
	// first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is
	// unable to do so. You can force the update if Amazon EKS is unable to drain the
	// nodes as a result of a pod disruption budget issue.
	UpdateNodegroupVersion(ctx context.Context, params *UpdateNodegroupVersionInput, optFns ...func(*Options)) (*UpdateNodegroupVersionOutput, error)
}

EKS provides an interface to the AWS EKS service.

type ELB added in v0.91.0

type ELB interface {
	// Adds the specified tags to the specified load balancer. Each load balancer can
	// have a maximum of 10 tags. Each tag consists of a key and an optional value. If
	// a tag with the same key is already associated with the load balancer, AddTags
	// updates its value. For more information, see Tag Your Classic Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/add-remove-tags.html)
	// in the Classic Load Balancers Guide.
	AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
	// Associates one or more security groups with your load balancer in a virtual
	// private cloud (VPC). The specified security groups override the previously
	// associated security groups. For more information, see Security Groups for Load
	// Balancers in a VPC
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-security-groups)
	// in the Classic Load Balancers Guide.
	ApplySecurityGroupsToLoadBalancer(ctx context.Context, params *ApplySecurityGroupsToLoadBalancerInput, optFns ...func(*Options)) (*ApplySecurityGroupsToLoadBalancerOutput, error)
	// Adds one or more subnets to the set of configured subnets for the specified load
	// balancer. The load balancer evenly distributes requests across all registered
	// subnets. For more information, see Add or Remove Subnets for Your Load Balancer
	// in a VPC
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html)
	// in the Classic Load Balancers Guide.
	AttachLoadBalancerToSubnets(ctx context.Context, params *AttachLoadBalancerToSubnetsInput, optFns ...func(*Options)) (*AttachLoadBalancerToSubnetsOutput, error)
	// Specifies the health check settings to use when evaluating the health state of
	// your EC2 instances. For more information, see Configure Health Checks for Your
	// Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html)
	// in the Classic Load Balancers Guide.
	ConfigureHealthCheck(ctx context.Context, params *ConfigureHealthCheckInput, optFns ...func(*Options)) (*ConfigureHealthCheckOutput, error)
	// Generates a stickiness policy with sticky session lifetimes that follow that of
	// an application-generated cookie. This policy can be associated only with
	// HTTP/HTTPS listeners. This policy is similar to the policy created by
	// CreateLBCookieStickinessPolicy, except that the lifetime of the special Elastic
	// Load Balancing cookie, AWSELB, follows the lifetime of the application-generated
	// cookie specified in the policy configuration. The load balancer only inserts a
	// new stickiness cookie when the application response includes a new application
	// cookie. If the application cookie is explicitly removed or expires, the session
	// stops being sticky until a new application cookie is issued. For more
	// information, see Application-Controlled Session Stickiness
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application)
	// in the Classic Load Balancers Guide.
	CreateAppCookieStickinessPolicy(ctx context.Context, params *CreateAppCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateAppCookieStickinessPolicyOutput, error)
	// Generates a stickiness policy with sticky session lifetimes controlled by the
	// lifetime of the browser (user-agent) or a specified expiration period. This
	// policy can be associated only with HTTP/HTTPS listeners. When a load balancer
	// implements this policy, the load balancer uses a special cookie to track the
	// instance for each request. When the load balancer receives a request, it first
	// checks to see if this cookie is present in the request. If so, the load balancer
	// sends the request to the application server specified in the cookie. If not, the
	// load balancer sends the request to a server that is chosen based on the existing
	// load-balancing algorithm. A cookie is inserted into the response for binding
	// subsequent requests from the same user to that server. The validity of the
	// cookie is based on the cookie expiration time, which is specified in the policy
	// configuration. For more information, see Duration-Based Session Stickiness
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration)
	// in the Classic Load Balancers Guide.
	CreateLBCookieStickinessPolicy(ctx context.Context, params *CreateLBCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateLBCookieStickinessPolicyOutput, error)
	// Creates a Classic Load Balancer. You can add listeners, security groups,
	// subnets, and tags when you create your load balancer, or you can add them later
	// using CreateLoadBalancerListeners, ApplySecurityGroupsToLoadBalancer,
	// AttachLoadBalancerToSubnets, and AddTags. To describe your current load
	// balancers, see DescribeLoadBalancers. When you are finished with a load
	// balancer, you can delete it using DeleteLoadBalancer. You can create up to 20
	// load balancers per region per account. You can request an increase for the
	// number of load balancers for your account. For more information, see Limits for
	// Your Classic Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html)
	// in the Classic Load Balancers Guide.
	CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
	// Creates one or more listeners for the specified load balancer. If a listener
	// with the specified port does not already exist, it is created; otherwise, the
	// properties of the new listener must match the properties of the existing
	// listener. For more information, see Listeners for Your Classic Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html)
	// in the Classic Load Balancers Guide.
	CreateLoadBalancerListeners(ctx context.Context, params *CreateLoadBalancerListenersInput, optFns ...func(*Options)) (*CreateLoadBalancerListenersOutput, error)
	// Creates a policy with the specified attributes for the specified load balancer.
	// Policies are settings that are saved for your load balancer and that can be
	// applied to the listener or the application server, depending on the policy type.
	CreateLoadBalancerPolicy(ctx context.Context, params *CreateLoadBalancerPolicyInput, optFns ...func(*Options)) (*CreateLoadBalancerPolicyOutput, error)
	// Deletes the specified load balancer. If you are attempting to recreate a load
	// balancer, you must reconfigure all settings. The DNS name associated with a
	// deleted load balancer are no longer usable. The name and associated DNS record
	// of the deleted load balancer no longer exist and traffic sent to any of its IP
	// addresses is no longer delivered to your instances. If the load balancer does
	// not exist or has already been deleted, the call to DeleteLoadBalancer still
	// succeeds.
	DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
	// Deletes the specified listeners from the specified load balancer.
	DeleteLoadBalancerListeners(ctx context.Context, params *DeleteLoadBalancerListenersInput, optFns ...func(*Options)) (*DeleteLoadBalancerListenersOutput, error)
	// Deletes the specified policy from the specified load balancer. This policy must
	// not be enabled for any listeners.
	DeleteLoadBalancerPolicy(ctx context.Context, params *DeleteLoadBalancerPolicyInput, optFns ...func(*Options)) (*DeleteLoadBalancerPolicyOutput, error)
	// Deregisters the specified instances from the specified load balancer. After the
	// instance is deregistered, it no longer receives traffic from the load balancer.
	// You can use DescribeLoadBalancers to verify that the instance is deregistered
	// from the load balancer. For more information, see Register or De-Register EC2
	// Instances
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html)
	// in the Classic Load Balancers Guide.
	DeregisterInstancesFromLoadBalancer(ctx context.Context, params *DeregisterInstancesFromLoadBalancerInput, optFns ...func(*Options)) (*DeregisterInstancesFromLoadBalancerOutput, error)
	// Describes the current Elastic Load Balancing resource limits for your AWS
	// account. For more information, see Limits for Your Classic Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html)
	// in the Classic Load Balancers Guide.
	DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
	// Describes the state of the specified instances with respect to the specified
	// load balancer. If no instances are specified, the call describes the state of
	// all instances that are currently registered with the load balancer. If instances
	// are specified, their state is returned even if they are no longer registered
	// with the load balancer. The state of terminated instances is not returned.
	DescribeInstanceHealth(ctx context.Context, params *DescribeInstanceHealthInput, optFns ...func(*Options)) (*DescribeInstanceHealthOutput, error)
	// Describes the attributes for the specified load balancer.
	DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
	// Describes the specified policies. If you specify a load balancer name, the
	// action returns the descriptions of all policies created for the load balancer.
	// If you specify a policy name associated with your load balancer, the action
	// returns the description of that policy. If you don't specify a load balancer
	// name, the action returns descriptions of the specified sample policies, or
	// descriptions of all sample policies. The names of the sample policies have the
	// ELBSample- prefix.
	DescribeLoadBalancerPolicies(ctx context.Context, params *DescribeLoadBalancerPoliciesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPoliciesOutput, error)
	// Describes the specified load balancer policy types or all load balancer policy
	// types. The description of each type indicates how it can be used. For example,
	// some policies can be used only with layer 7 listeners, some policies can be used
	// only with layer 4 listeners, and some policies can be used only with your EC2
	// instances. You can use CreateLoadBalancerPolicy to create a policy configuration
	// for any of these policy types. Then, depending on the policy type, use either
	// SetLoadBalancerPoliciesOfListener or SetLoadBalancerPoliciesForBackendServer to
	// set the policy.
	DescribeLoadBalancerPolicyTypes(ctx context.Context, params *DescribeLoadBalancerPolicyTypesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPolicyTypesOutput, error)
	// Describes the specified the load balancers. If no load balancers are specified,
	// the call describes all of your load balancers.
	DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
	// Describes the tags associated with the specified load balancers.
	DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
	// Removes the specified subnets from the set of configured subnets for the load
	// balancer. After a subnet is removed, all EC2 instances registered with the load
	// balancer in the removed subnet go into the OutOfService state. Then, the load
	// balancer balances the traffic among the remaining routable subnets.
	DetachLoadBalancerFromSubnets(ctx context.Context, params *DetachLoadBalancerFromSubnetsInput, optFns ...func(*Options)) (*DetachLoadBalancerFromSubnetsOutput, error)
	// Removes the specified Availability Zones from the set of Availability Zones for
	// the specified load balancer in EC2-Classic or a default VPC. For load balancers
	// in a non-default VPC, use DetachLoadBalancerFromSubnets. There must be at least
	// one Availability Zone registered with a load balancer at all times. After an
	// Availability Zone is removed, all instances registered with the load balancer
	// that are in the removed Availability Zone go into the OutOfService state. Then,
	// the load balancer attempts to equally balance the traffic among its remaining
	// Availability Zones. For more information, see Add or Remove Availability Zones
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html)
	// in the Classic Load Balancers Guide.
	DisableAvailabilityZonesForLoadBalancer(ctx context.Context, params *DisableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*DisableAvailabilityZonesForLoadBalancerOutput, error)
	// Adds the specified Availability Zones to the set of Availability Zones for the
	// specified load balancer in EC2-Classic or a default VPC. For load balancers in a
	// non-default VPC, use AttachLoadBalancerToSubnets. The load balancer evenly
	// distributes requests across all its registered Availability Zones that contain
	// instances. For more information, see Add or Remove Availability Zones
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html)
	// in the Classic Load Balancers Guide.
	EnableAvailabilityZonesForLoadBalancer(ctx context.Context, params *EnableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*EnableAvailabilityZonesForLoadBalancerOutput, error)
	// Modifies the attributes of the specified load balancer. You can modify the load
	// balancer attributes, such as AccessLogs, ConnectionDraining, and
	// CrossZoneLoadBalancing by either enabling or disabling them. Or, you can modify
	// the load balancer attribute ConnectionSettings by specifying an idle connection
	// timeout value for your load balancer. For more information, see the following in
	// the Classic Load Balancers Guide:
	//
	// * Cross-Zone Load Balancing
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-crosszone-lb.html)
	//
	// *
	// Connection Draining
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-conn-drain.html)
	//
	// *
	// Access Logs
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html)
	//
	// *
	// Idle Connection Timeout
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html)
	ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
	// Adds the specified instances to the specified load balancer. The instance must
	// be a running instance in the same network as the load balancer (EC2-Classic or
	// the same VPC). If you have EC2-Classic instances and a load balancer in a VPC
	// with ClassicLink enabled, you can link the EC2-Classic instances to that VPC and
	// then register the linked EC2-Classic instances with the load balancer in the
	// VPC. Note that RegisterInstanceWithLoadBalancer completes when the request has
	// been registered. Instance registration takes a little time to complete. To check
	// the state of the registered instances, use DescribeLoadBalancers or
	// DescribeInstanceHealth. After the instance is registered, it starts receiving
	// traffic and requests from the load balancer. Any instance that is not in one of
	// the Availability Zones registered for the load balancer is moved to the
	// OutOfService state. If an Availability Zone is added to the load balancer later,
	// any instances registered with the load balancer move to the InService state. To
	// deregister instances from a load balancer, use
	// DeregisterInstancesFromLoadBalancer. For more information, see Register or
	// De-Register EC2 Instances
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html)
	// in the Classic Load Balancers Guide.
	RegisterInstancesWithLoadBalancer(ctx context.Context, params *RegisterInstancesWithLoadBalancerInput, optFns ...func(*Options)) (*RegisterInstancesWithLoadBalancerOutput, error)
	// Removes one or more tags from the specified load balancer.
	RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
	// Sets the certificate that terminates the specified listener's SSL connections.
	// The specified certificate replaces any prior certificate that was used on the
	// same load balancer and port. For more information about updating your SSL
	// certificate, see Replace the SSL Certificate for Your Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-update-ssl-cert.html)
	// in the Classic Load Balancers Guide.
	SetLoadBalancerListenerSSLCertificate(ctx context.Context, params *SetLoadBalancerListenerSSLCertificateInput, optFns ...func(*Options)) (*SetLoadBalancerListenerSSLCertificateOutput, error)
	// Replaces the set of policies associated with the specified port on which the EC2
	// instance is listening with a new set of policies. At this time, only the
	// back-end server authentication policy type can be applied to the instance ports;
	// this policy type is composed of multiple public key policies. Each time you use
	// SetLoadBalancerPoliciesForBackendServer to enable the policies, use the
	// PolicyNames parameter to list the policies that you want to enable. You can use
	// DescribeLoadBalancers or DescribeLoadBalancerPolicies to verify that the policy
	// is associated with the EC2 instance. For more information about enabling
	// back-end instance authentication, see Configure Back-end Instance Authentication
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html#configure_backendauth_clt)
	// in the Classic Load Balancers Guide. For more information about Proxy Protocol,
	// see Configure Proxy Protocol Support
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html)
	// in the Classic Load Balancers Guide.
	SetLoadBalancerPoliciesForBackendServer(ctx context.Context, params *SetLoadBalancerPoliciesForBackendServerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesForBackendServerOutput, error)
	// Replaces the current set of policies for the specified load balancer port with
	// the specified set of policies. To enable back-end server authentication, use
	// SetLoadBalancerPoliciesForBackendServer. For more information about setting
	// policies, see Update the SSL Negotiation Configuration
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-config-update.html),
	// Duration-Based Session Stickiness
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration),
	// and Application-Controlled Session Stickiness
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application)
	// in the Classic Load Balancers Guide.
	SetLoadBalancerPoliciesOfListener(ctx context.Context, params *SetLoadBalancerPoliciesOfListenerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesOfListenerOutput, error)
}

ELB provides an interface to the AWS ELB service.

type ELBV2 added in v0.91.0

type ELBV2 interface {
	// Adds the specified SSL server certificate to the certificate list for the
	// specified HTTPS or TLS listener. If the certificate in already in the
	// certificate list, the call is successful but the certificate is not added again.
	// For more information, see HTTPS listeners
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html)
	// in the Application Load Balancers Guide or TLS listeners
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html)
	// in the Network Load Balancers Guide.
	AddListenerCertificates(ctx context.Context, params *AddListenerCertificatesInput, optFns ...func(*Options)) (*AddListenerCertificatesOutput, error)
	// Adds the specified tags to the specified Elastic Load Balancing resource. You
	// can tag your Application Load Balancers, Network Load Balancers, Gateway Load
	// Balancers, target groups, listeners, and rules. Each tag consists of a key and
	// an optional value. If a resource already has a tag with the same key, AddTags
	// updates its value.
	AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
	// Creates a listener for the specified Application Load Balancer, Network Load
	// Balancer, or Gateway Load Balancer. For more information, see the following:
	//
	// *
	// Listeners for your Application Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html)
	//
	// *
	// Listeners for your Network Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-listeners.html)
	//
	// *
	// Listeners for your Gateway Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-listeners.html)
	//
	// This
	// operation is idempotent, which means that it completes at most one time. If you
	// attempt to create multiple listeners with the same settings, each call succeeds.
	CreateListener(ctx context.Context, params *CreateListenerInput, optFns ...func(*Options)) (*CreateListenerOutput, error)
	// Creates an Application Load Balancer, Network Load Balancer, or Gateway Load
	// Balancer. For more information, see the following:
	//
	// * Application Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html)
	//
	// *
	// Network Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html)
	//
	// *
	// Gateway Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html)
	//
	// This
	// operation is idempotent, which means that it completes at most one time. If you
	// attempt to create multiple load balancers with the same settings, each call
	// succeeds.
	CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
	// Creates a rule for the specified listener. The listener must be associated with
	// an Application Load Balancer. Each rule consists of a priority, one or more
	// actions, and one or more conditions. Rules are evaluated in priority order, from
	// the lowest value to the highest value. When the conditions for a rule are met,
	// its actions are performed. If the conditions for no rules are met, the actions
	// for the default rule are performed. For more information, see Listener rules
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules)
	// in the Application Load Balancers Guide.
	CreateRule(ctx context.Context, params *CreateRuleInput, optFns ...func(*Options)) (*CreateRuleOutput, error)
	// Creates a target group. For more information, see the following:
	//
	// * Target
	// groups for your Application Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html)
	//
	// *
	// Target groups for your Network Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html)
	//
	// *
	// Target groups for your Gateway Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html)
	//
	// This
	// operation is idempotent, which means that it completes at most one time. If you
	// attempt to create multiple target groups with the same settings, each call
	// succeeds.
	CreateTargetGroup(ctx context.Context, params *CreateTargetGroupInput, optFns ...func(*Options)) (*CreateTargetGroupOutput, error)
	// Deletes the specified listener. Alternatively, your listener is deleted when you
	// delete the load balancer to which it is attached.
	DeleteListener(ctx context.Context, params *DeleteListenerInput, optFns ...func(*Options)) (*DeleteListenerOutput, error)
	// Deletes the specified Application Load Balancer, Network Load Balancer, or
	// Gateway Load Balancer. Deleting a load balancer also deletes its listeners. You
	// can't delete a load balancer if deletion protection is enabled. If the load
	// balancer does not exist or has already been deleted, the call succeeds. Deleting
	// a load balancer does not affect its registered targets. For example, your EC2
	// instances continue to run and are still registered to their target groups. If
	// you no longer need these EC2 instances, you can stop or terminate them.
	DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
	// Deletes the specified rule. You can't delete the default rule.
	DeleteRule(ctx context.Context, params *DeleteRuleInput, optFns ...func(*Options)) (*DeleteRuleOutput, error)
	// Deletes the specified target group. You can delete a target group if it is not
	// referenced by any actions. Deleting a target group also deletes any associated
	// health checks. Deleting a target group does not affect its registered targets.
	// For example, any EC2 instances continue to run until you stop or terminate them.
	DeleteTargetGroup(ctx context.Context, params *DeleteTargetGroupInput, optFns ...func(*Options)) (*DeleteTargetGroupOutput, error)
	// Deregisters the specified targets from the specified target group. After the
	// targets are deregistered, they no longer receive traffic from the load balancer.
	DeregisterTargets(ctx context.Context, params *DeregisterTargetsInput, optFns ...func(*Options)) (*DeregisterTargetsOutput, error)
	// Describes the current Elastic Load Balancing resource limits for your Amazon Web
	// Services account. For more information, see the following:
	//
	// * Quotas for your
	// Application Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html)
	//
	// *
	// Quotas for your Network Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html)
	//
	// *
	// Quotas for your Gateway Load Balancers
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html)
	DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
	// Describes the default certificate and the certificate list for the specified
	// HTTPS or TLS listener. If the default certificate is also in the certificate
	// list, it appears twice in the results (once with IsDefault set to true and once
	// with IsDefault set to false). For more information, see SSL certificates
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#https-listener-certificates)
	// in the Application Load Balancers Guide or Server certificates
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificate)
	// in the Network Load Balancers Guide.
	DescribeListenerCertificates(ctx context.Context, params *DescribeListenerCertificatesInput, optFns ...func(*Options)) (*DescribeListenerCertificatesOutput, error)
	// Describes the specified listeners or the listeners for the specified Application
	// Load Balancer, Network Load Balancer, or Gateway Load Balancer. You must specify
	// either a load balancer or one or more listeners.
	DescribeListeners(ctx context.Context, params *DescribeListenersInput, optFns ...func(*Options)) (*DescribeListenersOutput, error)
	// Describes the attributes for the specified Application Load Balancer, Network
	// Load Balancer, or Gateway Load Balancer. For more information, see the
	// following:
	//
	// * Load balancer attributes
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes)
	// in the Application Load Balancers Guide
	//
	// * Load balancer attributes
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#load-balancer-attributes)
	// in the Network Load Balancers Guide
	//
	// * Load balancer attributes
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html#load-balancer-attributes)
	// in the Gateway Load Balancers Guide
	DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
	// Describes the specified load balancers or all of your load balancers.
	DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
	// Describes the specified rules or the rules for the specified listener. You must
	// specify either a listener or one or more rules.
	DescribeRules(ctx context.Context, params *DescribeRulesInput, optFns ...func(*Options)) (*DescribeRulesOutput, error)
	// Describes the specified policies or all policies used for SSL negotiation. For
	// more information, see Security policies
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies)
	// in the Application Load Balancers Guide or Security policies
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies)
	// in the Network Load Balancers Guide.
	DescribeSSLPolicies(ctx context.Context, params *DescribeSSLPoliciesInput, optFns ...func(*Options)) (*DescribeSSLPoliciesOutput, error)
	// Describes the tags for the specified Elastic Load Balancing resources. You can
	// describe the tags for one or more Application Load Balancers, Network Load
	// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
	DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
	// Describes the attributes for the specified target group. For more information,
	// see the following:
	//
	// * Target group attributes
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-attributes)
	// in the Application Load Balancers Guide
	//
	// * Target group attributes
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#target-group-attributes)
	// in the Network Load Balancers Guide
	//
	// * Target group attributes
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#target-group-attributes)
	// in the Gateway Load Balancers Guide
	DescribeTargetGroupAttributes(ctx context.Context, params *DescribeTargetGroupAttributesInput, optFns ...func(*Options)) (*DescribeTargetGroupAttributesOutput, error)
	// Describes the specified target groups or all of your target groups. By default,
	// all target groups are described. Alternatively, you can specify one of the
	// following to filter the results: the ARN of the load balancer, the names of one
	// or more target groups, or the ARNs of one or more target groups.
	DescribeTargetGroups(ctx context.Context, params *DescribeTargetGroupsInput, optFns ...func(*Options)) (*DescribeTargetGroupsOutput, error)
	// Describes the health of the specified targets or all of your targets.
	DescribeTargetHealth(ctx context.Context, params *DescribeTargetHealthInput, optFns ...func(*Options)) (*DescribeTargetHealthOutput, error)
	// Replaces the specified properties of the specified listener. Any properties that
	// you do not specify remain unchanged. Changing the protocol from HTTPS to HTTP,
	// or from TLS to TCP, removes the security policy and default certificate
	// properties. If you change the protocol from HTTP to HTTPS, or from TCP to TLS,
	// you must add the security policy and default certificate properties. To add an
	// item to a list, remove an item from a list, or update an item in a list, you
	// must provide the entire list. For example, to add an action, specify a list with
	// the current actions plus the new action.
	ModifyListener(ctx context.Context, params *ModifyListenerInput, optFns ...func(*Options)) (*ModifyListenerOutput, error)
	// Modifies the specified attributes of the specified Application Load Balancer,
	// Network Load Balancer, or Gateway Load Balancer. If any of the specified
	// attributes can't be modified as requested, the call fails. Any existing
	// attributes that you do not modify retain their current values.
	ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
	// Replaces the specified properties of the specified rule. Any properties that you
	// do not specify are unchanged. To add an item to a list, remove an item from a
	// list, or update an item in a list, you must provide the entire list. For
	// example, to add an action, specify a list with the current actions plus the new
	// action.
	ModifyRule(ctx context.Context, params *ModifyRuleInput, optFns ...func(*Options)) (*ModifyRuleOutput, error)
	// Modifies the health checks used when evaluating the health state of the targets
	// in the specified target group.
	ModifyTargetGroup(ctx context.Context, params *ModifyTargetGroupInput, optFns ...func(*Options)) (*ModifyTargetGroupOutput, error)
	// Modifies the specified attributes of the specified target group.
	ModifyTargetGroupAttributes(ctx context.Context, params *ModifyTargetGroupAttributesInput, optFns ...func(*Options)) (*ModifyTargetGroupAttributesOutput, error)
	// Registers the specified targets with the specified target group. If the target
	// is an EC2 instance, it must be in the running state when you register it. By
	// default, the load balancer routes requests to registered targets using the
	// protocol and port for the target group. Alternatively, you can override the port
	// for a target when you register it. You can register each EC2 instance or IP
	// address with the same target group multiple times using different ports. With a
	// Network Load Balancer, you cannot register instances by instance ID if they have
	// the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1,
	// HS1, M1, M2, M3, and T1. You can register instances of these types by IP
	// address.
	RegisterTargets(ctx context.Context, params *RegisterTargetsInput, optFns ...func(*Options)) (*RegisterTargetsOutput, error)
	// Removes the specified certificate from the certificate list for the specified
	// HTTPS or TLS listener.
	RemoveListenerCertificates(ctx context.Context, params *RemoveListenerCertificatesInput, optFns ...func(*Options)) (*RemoveListenerCertificatesOutput, error)
	// Removes the specified tags from the specified Elastic Load Balancing resources.
	// You can remove the tags for one or more Application Load Balancers, Network Load
	// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
	RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
	// Sets the type of IP addresses used by the subnets of the specified load
	// balancer.
	SetIpAddressType(ctx context.Context, params *SetIpAddressTypeInput, optFns ...func(*Options)) (*SetIpAddressTypeOutput, error)
	// Sets the priorities of the specified rules. You can reorder the rules as long as
	// there are no priority conflicts in the new order. Any existing rules that you do
	// not specify retain their current priority.
	SetRulePriorities(ctx context.Context, params *SetRulePrioritiesInput, optFns ...func(*Options)) (*SetRulePrioritiesOutput, error)
	// Associates the specified security groups with the specified Application Load
	// Balancer. The specified security groups override the previously associated
	// security groups. You can't specify a security group for a Network Load Balancer
	// or Gateway Load Balancer.
	SetSecurityGroups(ctx context.Context, params *SetSecurityGroupsInput, optFns ...func(*Options)) (*SetSecurityGroupsOutput, error)
	// Enables the Availability Zones for the specified public subnets for the
	// specified Application Load Balancer or Network Load Balancer. The specified
	// subnets replace the previously enabled subnets. When you specify subnets for a
	// Network Load Balancer, you must include all subnets that were enabled
	// previously, with their existing configurations, plus any additional subnets.
	SetSubnets(ctx context.Context, params *SetSubnetsInput, optFns ...func(*Options)) (*SetSubnetsOutput, error)
}

ELBV2 provides an interface to the AWS ELBV2 service.

type IAM added in v0.94.0

type IAM interface {
	// Adds a new client ID (also known as audience) to the list of client IDs already
	// registered for the specified IAM OpenID Connect (OIDC) provider resource. This
	// operation is idempotent; it does not fail or return an error if you add an
	// existing client ID to the provider.
	AddClientIDToOpenIDConnectProvider(ctx context.Context, params *AddClientIDToOpenIDConnectProviderInput, optFns ...func(*Options)) (*AddClientIDToOpenIDConnectProviderOutput, error)
	// Adds the specified IAM role to the specified instance profile. An instance
	// profile can contain only one role, and this quota cannot be increased. You can
	// remove the existing role and then add a different role to an instance profile.
	// You must then wait for the change to appear across all of Amazon Web Services
	// because of eventual consistency
	// (https://en.wikipedia.org/wiki/Eventual_consistency). To force the change, you
	// must disassociate the instance profile
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html)
	// and then associate the instance profile
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html),
	// or you can stop your instance and then restart it. The caller of this operation
	// must be granted the PassRole permission on the IAM role by a permissions policy.
	// For more information about roles, see Working with roles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). For
	// more information about instance profiles, see About instance profiles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
	AddRoleToInstanceProfile(ctx context.Context, params *AddRoleToInstanceProfileInput, optFns ...func(*Options)) (*AddRoleToInstanceProfileOutput, error)
	// Adds the specified user to the specified group.
	AddUserToGroup(ctx context.Context, params *AddUserToGroupInput, optFns ...func(*Options)) (*AddUserToGroupOutput, error)
	// Attaches the specified managed policy to the specified IAM group. You use this
	// operation to attach a managed policy to a group. To embed an inline policy in a
	// group, use PutGroupPolicy. As a best practice, you can validate your IAM
	// policies. To learn more, see Validating IAM policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
	// in the IAM User Guide. For more information about policies, see Managed policies
	// and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	AttachGroupPolicy(ctx context.Context, params *AttachGroupPolicyInput, optFns ...func(*Options)) (*AttachGroupPolicyOutput, error)
	// Attaches the specified managed policy to the specified IAM role. When you attach
	// a managed policy to a role, the managed policy becomes part of the role's
	// permission (access) policy. You cannot use a managed policy as the role's trust
	// policy. The role's trust policy is created at the same time as the role, using
	// CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy.
	// Use this operation to attach a managed policy to a role. To embed an inline
	// policy in a role, use PutRolePolicy. For more information about policies, see
	// Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. As a best practice, you can validate your IAM policies.
	// To learn more, see Validating IAM policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
	// in the IAM User Guide.
	AttachRolePolicy(ctx context.Context, params *AttachRolePolicyInput, optFns ...func(*Options)) (*AttachRolePolicyOutput, error)
	// Attaches the specified managed policy to the specified user. You use this
	// operation to attach a managed policy to a user. To embed an inline policy in a
	// user, use PutUserPolicy. As a best practice, you can validate your IAM policies.
	// To learn more, see Validating IAM policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
	// in the IAM User Guide. For more information about policies, see Managed policies
	// and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	AttachUserPolicy(ctx context.Context, params *AttachUserPolicyInput, optFns ...func(*Options)) (*AttachUserPolicyOutput, error)
	// Changes the password of the IAM user who is calling this operation. This
	// operation can be performed using the CLI, the Amazon Web Services API, or the My
	// Security Credentials page in the Amazon Web Services Management Console. The
	// Amazon Web Services account root user password is not affected by this
	// operation. Use UpdateLoginProfile to use the CLI, the Amazon Web Services API,
	// or the Users page in the IAM console to change the password for any IAM user.
	// For more information about modifying passwords, see Managing passwords
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in
	// the IAM User Guide.
	ChangePassword(ctx context.Context, params *ChangePasswordInput, optFns ...func(*Options)) (*ChangePasswordOutput, error)
	// Creates a new Amazon Web Services secret access key and corresponding Amazon Web
	// Services access key ID for the specified user. The default status for new keys
	// is Active. If you do not specify a user name, IAM determines the user name
	// implicitly based on the Amazon Web Services access key ID signing the request.
	// This operation works for access keys under the Amazon Web Services account.
	// Consequently, you can use this operation to manage Amazon Web Services account
	// root user credentials. This is true even if the Amazon Web Services account has
	// no associated users. For information about quotas on the number of keys you can
	// create, see IAM and STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide. To ensure the security of your Amazon Web Services account,
	// the secret access key is accessible only during key and user creation. You must
	// save the key (for example, in a text file) if you want to be able to access it
	// again. If a secret key is lost, you can delete the access keys for the
	// associated user and then create new keys.
	CreateAccessKey(ctx context.Context, params *CreateAccessKeyInput, optFns ...func(*Options)) (*CreateAccessKeyOutput, error)
	// Creates an alias for your Amazon Web Services account. For information about
	// using an Amazon Web Services account alias, see Using an alias for your Amazon
	// Web Services account ID
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) in the IAM
	// User Guide.
	CreateAccountAlias(ctx context.Context, params *CreateAccountAliasInput, optFns ...func(*Options)) (*CreateAccountAliasOutput, error)
	// Creates a new group. For information about the number of groups you can create,
	// see IAM and STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide.
	CreateGroup(ctx context.Context, params *CreateGroupInput, optFns ...func(*Options)) (*CreateGroupOutput, error)
	// Creates a new instance profile. For information about instance profiles, see
	// Using roles for applications on Amazon EC2
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)
	// in the IAM User Guide, and Instance profiles
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile)
	// in the Amazon EC2 User Guide. For information about the number of instance
	// profiles you can create, see IAM object quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide.
	CreateInstanceProfile(ctx context.Context, params *CreateInstanceProfileInput, optFns ...func(*Options)) (*CreateInstanceProfileOutput, error)
	// Creates a password for the specified IAM user. A password allows an IAM user to
	// access Amazon Web Services services through the Amazon Web Services Management
	// Console. You can use the CLI, the Amazon Web Services API, or the Users page in
	// the IAM console to create a password for any IAM user. Use ChangePassword to
	// update your own existing password in the My Security Credentials page in the
	// Amazon Web Services Management Console. For more information about managing
	// passwords, see Managing passwords
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in
	// the IAM User Guide.
	CreateLoginProfile(ctx context.Context, params *CreateLoginProfileInput, optFns ...func(*Options)) (*CreateLoginProfileOutput, error)
	// Creates an IAM entity to describe an identity provider (IdP) that supports
	// OpenID Connect (OIDC) (http://openid.net/connect/). The OIDC provider that you
	// create with this operation can be used as a principal in a role's trust policy.
	// Such a policy establishes a trust relationship between Amazon Web Services and
	// the OIDC provider. If you are using an OIDC identity provider from Google,
	// Facebook, or Amazon Cognito, you don't need to create a separate IAM identity
	// provider. These OIDC identity providers are already built-in to Amazon Web
	// Services and are available for your use. Instead, you can move directly to
	// creating new roles using your identity provider. To learn more, see Creating a
	// role for web identity or OpenID connect federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html)
	// in the IAM User Guide. When you create the IAM OIDC provider, you specify the
	// following:
	//
	// * The URL of the OIDC identity provider (IdP) to trust
	//
	// * A list of
	// client IDs (also known as audiences) that identify the application or
	// applications allowed to authenticate using the OIDC provider
	//
	// * A list of
	// thumbprints of one or more server certificates that the IdP uses
	//
	// You get all of
	// this information from the OIDC IdP you want to use to access Amazon Web
	// Services. Amazon Web Services secures communication with some OIDC identity
	// providers (IdPs) through our library of trusted certificate authorities (CAs)
	// instead of using a certificate thumbprint to verify your IdP server certificate.
	// These OIDC IdPs include Google, Auth0, and those that use an Amazon S3 bucket to
	// host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint
	// remains in your configuration, but is no longer used for validation. The trust
	// for the OIDC provider is derived from the IAM provider that this operation
	// creates. Therefore, it is best to limit access to the
	// CreateOpenIDConnectProvider operation to highly privileged users.
	CreateOpenIDConnectProvider(ctx context.Context, params *CreateOpenIDConnectProviderInput, optFns ...func(*Options)) (*CreateOpenIDConnectProviderOutput, error)
	// Creates a new managed policy for your Amazon Web Services account. This
	// operation creates a policy version with a version identifier of v1 and sets v1
	// as the policy's default version. For more information about policy versions, see
	// Versioning for managed policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide. As a best practice, you can validate your IAM policies.
	// To learn more, see Validating IAM policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
	// in the IAM User Guide. For more information about managed policies in general,
	// see Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	CreatePolicy(ctx context.Context, params *CreatePolicyInput, optFns ...func(*Options)) (*CreatePolicyOutput, error)
	// Creates a new version of the specified managed policy. To update a managed
	// policy, you create a new policy version. A managed policy can have up to five
	// versions. If the policy has five versions, you must delete an existing version
	// using DeletePolicyVersion before you create a new version. Optionally, you can
	// set the new version as the policy's default version. The default version is the
	// version that is in effect for the IAM users, groups, and roles to which the
	// policy is attached. For more information about managed policy versions, see
	// Versioning for managed policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	CreatePolicyVersion(ctx context.Context, params *CreatePolicyVersionInput, optFns ...func(*Options)) (*CreatePolicyVersionOutput, error)
	// Creates a new role for your Amazon Web Services account. For more information
	// about roles, see IAM roles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). For
	// information about quotas for role names and the number of roles you can create,
	// see IAM and STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide.
	CreateRole(ctx context.Context, params *CreateRoleInput, optFns ...func(*Options)) (*CreateRoleOutput, error)
	// Creates an IAM resource that describes an identity provider (IdP) that supports
	// SAML 2.0. The SAML provider resource that you create with this operation can be
	// used as a principal in an IAM role's trust policy. Such a policy can enable
	// federated users who sign in using the SAML IdP to assume the role. You can
	// create an IAM role that supports Web-based single sign-on (SSO) to the Amazon
	// Web Services Management Console or one that supports API access to Amazon Web
	// Services. When you create the SAML provider resource, you upload a SAML metadata
	// document that you get from your IdP. That document includes the issuer's name,
	// expiration information, and keys that can be used to validate the SAML
	// authentication response (assertions) that the IdP sends. You must generate the
	// metadata document using the identity management software that is used as your
	// organization's IdP. This operation requires Signature Version 4
	// (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). For
	// more information, see Enabling SAML 2.0 federated users to access the Amazon Web
	// Services Management Console
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html)
	// and About SAML 2.0-based federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
	// in the IAM User Guide.
	CreateSAMLProvider(ctx context.Context, params *CreateSAMLProviderInput, optFns ...func(*Options)) (*CreateSAMLProviderOutput, error)
	// Creates an IAM role that is linked to a specific Amazon Web Services service.
	// The service controls the attached policies and when the role can be deleted.
	// This helps ensure that the service is not broken by an unexpectedly changed or
	// deleted role, which could put your Amazon Web Services resources into an unknown
	// state. Allowing the service to control the role helps improve service stability
	// and proper cleanup when a service and its role are no longer needed. For more
	// information, see Using service-linked roles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
	// in the IAM User Guide. To attach a policy to this service-linked role, you must
	// make the request using the Amazon Web Services service that depends on this
	// role.
	CreateServiceLinkedRole(ctx context.Context, params *CreateServiceLinkedRoleInput, optFns ...func(*Options)) (*CreateServiceLinkedRoleOutput, error)
	// Generates a set of credentials consisting of a user name and password that can
	// be used to access the service specified in the request. These credentials are
	// generated by IAM, and can be used only for the specified service. You can have a
	// maximum of two sets of service-specific credentials for each supported service
	// per user. You can create service-specific credentials for CodeCommit and Amazon
	// Keyspaces (for Apache Cassandra). You can reset the password to a new
	// service-generated value by calling ResetServiceSpecificCredential. For more
	// information about service-specific credentials, see Using IAM with CodeCommit:
	// Git credentials, SSH keys, and Amazon Web Services access keys
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html)
	// in the IAM User Guide.
	CreateServiceSpecificCredential(ctx context.Context, params *CreateServiceSpecificCredentialInput, optFns ...func(*Options)) (*CreateServiceSpecificCredentialOutput, error)
	// Creates a new IAM user for your Amazon Web Services account. For information
	// about quotas for the number of IAM users you can create, see IAM and STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide.
	CreateUser(ctx context.Context, params *CreateUserInput, optFns ...func(*Options)) (*CreateUserOutput, error)
	// Creates a new virtual MFA device for the Amazon Web Services account. After
	// creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM
	// user. For more information about creating and working with virtual MFA devices,
	// see Using a virtual MFA device
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) in the
	// IAM User Guide. For information about the maximum number of MFA devices you can
	// create, see IAM and STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide. The seed information contained in the QR code and the Base32
	// string should be treated like any other secret access information. In other
	// words, protect the seed information as you would your Amazon Web Services access
	// keys or your passwords. After you provision your virtual device, you should
	// ensure that the information is destroyed following secure procedures.
	CreateVirtualMFADevice(ctx context.Context, params *CreateVirtualMFADeviceInput, optFns ...func(*Options)) (*CreateVirtualMFADeviceOutput, error)
	// Deactivates the specified MFA device and removes it from association with the
	// user name for which it was originally enabled. For more information about
	// creating and working with virtual MFA devices, see Enabling a virtual
	// multi-factor authentication (MFA) device
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) in the
	// IAM User Guide.
	DeactivateMFADevice(ctx context.Context, params *DeactivateMFADeviceInput, optFns ...func(*Options)) (*DeactivateMFADeviceOutput, error)
	// Deletes the access key pair associated with the specified IAM user. If you do
	// not specify a user name, IAM determines the user name implicitly based on the
	// Amazon Web Services access key ID signing the request. This operation works for
	// access keys under the Amazon Web Services account. Consequently, you can use
	// this operation to manage Amazon Web Services account root user credentials even
	// if the Amazon Web Services account has no associated users.
	DeleteAccessKey(ctx context.Context, params *DeleteAccessKeyInput, optFns ...func(*Options)) (*DeleteAccessKeyOutput, error)
	// Deletes the specified Amazon Web Services account alias. For information about
	// using an Amazon Web Services account alias, see Using an alias for your Amazon
	// Web Services account ID
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) in the IAM
	// User Guide.
	DeleteAccountAlias(ctx context.Context, params *DeleteAccountAliasInput, optFns ...func(*Options)) (*DeleteAccountAliasOutput, error)
	// Deletes the password policy for the Amazon Web Services account. There are no
	// parameters.
	DeleteAccountPasswordPolicy(ctx context.Context, params *DeleteAccountPasswordPolicyInput, optFns ...func(*Options)) (*DeleteAccountPasswordPolicyOutput, error)
	// Deletes the specified IAM group. The group must not contain any users or have
	// any attached policies.
	DeleteGroup(ctx context.Context, params *DeleteGroupInput, optFns ...func(*Options)) (*DeleteGroupOutput, error)
	// Deletes the specified inline policy that is embedded in the specified IAM group.
	// A group can also have managed policies attached to it. To detach a managed
	// policy from a group, use DetachGroupPolicy. For more information about policies,
	// refer to Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	DeleteGroupPolicy(ctx context.Context, params *DeleteGroupPolicyInput, optFns ...func(*Options)) (*DeleteGroupPolicyOutput, error)
	// Deletes the specified instance profile. The instance profile must not have an
	// associated role. Make sure that you do not have any Amazon EC2 instances running
	// with the instance profile you are about to delete. Deleting a role or instance
	// profile that is associated with a running instance will break any applications
	// running on the instance. For more information about instance profiles, see About
	// instance profiles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
	DeleteInstanceProfile(ctx context.Context, params *DeleteInstanceProfileInput, optFns ...func(*Options)) (*DeleteInstanceProfileOutput, error)
	// Deletes the password for the specified IAM user, For more information, see
	// Managing passwords for IAM users
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html).
	// You can use the CLI, the Amazon Web Services API, or the Users page in the IAM
	// console to delete a password for any IAM user. You can use ChangePassword to
	// update, but not delete, your own password in the My Security Credentials page in
	// the Amazon Web Services Management Console. Deleting a user's password does not
	// prevent a user from accessing Amazon Web Services through the command line
	// interface or the API. To prevent all user access, you must also either make any
	// access keys inactive or delete them. For more information about making keys
	// inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
	DeleteLoginProfile(ctx context.Context, params *DeleteLoginProfileInput, optFns ...func(*Options)) (*DeleteLoginProfileOutput, error)
	// Deletes an OpenID Connect identity provider (IdP) resource object in IAM.
	// Deleting an IAM OIDC provider resource does not update any roles that reference
	// the provider as a principal in their trust policies. Any attempt to assume a
	// role that references a deleted provider fails. This operation is idempotent; it
	// does not fail or return an error if you call the operation for a provider that
	// does not exist.
	DeleteOpenIDConnectProvider(ctx context.Context, params *DeleteOpenIDConnectProviderInput, optFns ...func(*Options)) (*DeleteOpenIDConnectProviderOutput, error)
	// Deletes the specified managed policy. Before you can delete a managed policy,
	// you must first detach the policy from all users, groups, and roles that it is
	// attached to. In addition, you must delete all the policy's versions. The
	// following steps describe the process for deleting a managed policy:
	//
	// * Detach
	// the policy from all users, groups, and roles that the policy is attached to,
	// using DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy. To list all the
	// users, groups, and roles that a policy is attached to, use
	// ListEntitiesForPolicy.
	//
	// * Delete all versions of the policy using
	// DeletePolicyVersion. To list the policy's versions, use ListPolicyVersions. You
	// cannot use DeletePolicyVersion to delete the version that is marked as the
	// default version. You delete the policy's default version in the next step of the
	// process.
	//
	// * Delete the policy (this automatically deletes the policy's default
	// version) using this operation.
	//
	// For information about managed policies, see
	// Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error)
	// Deletes the specified version from the specified managed policy. You cannot
	// delete the default version from a policy using this operation. To delete the
	// default version from a policy, use DeletePolicy. To find out which version of a
	// policy is marked as the default version, use ListPolicyVersions. For information
	// about versions for managed policies, see Versioning for managed policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	DeletePolicyVersion(ctx context.Context, params *DeletePolicyVersionInput, optFns ...func(*Options)) (*DeletePolicyVersionOutput, error)
	// Deletes the specified role. Unlike the Amazon Web Services Management Console,
	// when you delete a role programmatically, you must delete the items attached to
	// the role manually, or the deletion fails. For more information, see Deleting an
	// IAM role
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli).
	// Before attempting to delete a role, remove the following attached items:
	//
	// *
	// Inline policies (DeleteRolePolicy)
	//
	// * Attached managed policies
	// (DetachRolePolicy)
	//
	// * Instance profile (RemoveRoleFromInstanceProfile)
	//
	// *
	// Optional – Delete instance profile after detaching from role for resource clean
	// up (DeleteInstanceProfile)
	//
	// Make sure that you do not have any Amazon EC2
	// instances running with the role you are about to delete. Deleting a role or
	// instance profile that is associated with a running instance will break any
	// applications running on the instance.
	DeleteRole(ctx context.Context, params *DeleteRoleInput, optFns ...func(*Options)) (*DeleteRoleOutput, error)
	// Deletes the permissions boundary for the specified IAM role. Deleting the
	// permissions boundary for a role might increase its permissions. For example, it
	// might allow anyone who assumes the role to perform all the actions granted in
	// its permissions policies.
	DeleteRolePermissionsBoundary(ctx context.Context, params *DeleteRolePermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteRolePermissionsBoundaryOutput, error)
	// Deletes the specified inline policy that is embedded in the specified IAM role.
	// A role can also have managed policies attached to it. To detach a managed policy
	// from a role, use DetachRolePolicy. For more information about policies, refer to
	// Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	DeleteRolePolicy(ctx context.Context, params *DeleteRolePolicyInput, optFns ...func(*Options)) (*DeleteRolePolicyOutput, error)
	// Deletes a SAML provider resource in IAM. Deleting the provider resource from IAM
	// does not update any roles that reference the SAML provider resource's ARN as a
	// principal in their trust policies. Any attempt to assume a role that references
	// a non-existent provider resource ARN fails. This operation requires Signature
	// Version 4
	// (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
	DeleteSAMLProvider(ctx context.Context, params *DeleteSAMLProviderInput, optFns ...func(*Options)) (*DeleteSAMLProviderOutput, error)
	// Deletes the specified SSH public key. The SSH public key deleted by this
	// operation is used only for authenticating the associated IAM user to an
	// CodeCommit repository. For more information about using SSH keys to authenticate
	// to an CodeCommit repository, see Set up CodeCommit for SSH connections
	// (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
	// in the CodeCommit User Guide.
	DeleteSSHPublicKey(ctx context.Context, params *DeleteSSHPublicKeyInput, optFns ...func(*Options)) (*DeleteSSHPublicKeyOutput, error)
	// Deletes the specified server certificate. For more information about working
	// with server certificates, see Working with server certificates
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
	// in the IAM User Guide. This topic also includes a list of Amazon Web Services
	// services that can use the server certificates that you manage with IAM. If you
	// are using a server certificate with Elastic Load Balancing, deleting the
	// certificate could have implications for your application. If Elastic Load
	// Balancing doesn't detect the deletion of bound certificates, it may continue to
	// use the certificates. This could cause Elastic Load Balancing to stop accepting
	// traffic. We recommend that you remove the reference to the certificate from
	// Elastic Load Balancing before using this command to delete the certificate. For
	// more information, see DeleteLoadBalancerListeners
	// (https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html)
	// in the Elastic Load Balancing API Reference.
	DeleteServerCertificate(ctx context.Context, params *DeleteServerCertificateInput, optFns ...func(*Options)) (*DeleteServerCertificateOutput, error)
	// Submits a service-linked role deletion request and returns a DeletionTaskId,
	// which you can use to check the status of the deletion. Before you call this
	// operation, confirm that the role has no active sessions and that any resources
	// used by the role in the linked service are deleted. If you call this operation
	// more than once for the same service-linked role and an earlier deletion task is
	// not complete, then the DeletionTaskId of the earlier request is returned. If you
	// submit a deletion request for a service-linked role whose linked service is
	// still accessing a resource, then the deletion task fails. If it fails, the
	// GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure,
	// usually including the resources that must be deleted. To delete the
	// service-linked role, you must first remove those resources from the linked
	// service and then submit the deletion request again. Resources are specific to
	// the service that is linked to the role. For more information about removing
	// resources from a service, see the Amazon Web Services documentation
	// (http://docs.aws.amazon.com/) for your service. For more information about
	// service-linked roles, see Roles terms and concepts: Amazon Web Services
	// service-linked role
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role)
	// in the IAM User Guide.
	DeleteServiceLinkedRole(ctx context.Context, params *DeleteServiceLinkedRoleInput, optFns ...func(*Options)) (*DeleteServiceLinkedRoleOutput, error)
	// Deletes the specified service-specific credential.
	DeleteServiceSpecificCredential(ctx context.Context, params *DeleteServiceSpecificCredentialInput, optFns ...func(*Options)) (*DeleteServiceSpecificCredentialOutput, error)
	// Deletes a signing certificate associated with the specified IAM user. If you do
	// not specify a user name, IAM determines the user name implicitly based on the
	// Amazon Web Services access key ID signing the request. This operation works for
	// access keys under the Amazon Web Services account. Consequently, you can use
	// this operation to manage Amazon Web Services account root user credentials even
	// if the Amazon Web Services account has no associated IAM users.
	DeleteSigningCertificate(ctx context.Context, params *DeleteSigningCertificateInput, optFns ...func(*Options)) (*DeleteSigningCertificateOutput, error)
	// Deletes the specified IAM user. Unlike the Amazon Web Services Management
	// Console, when you delete a user programmatically, you must delete the items
	// attached to the user manually, or the deletion fails. For more information, see
	// Deleting an IAM user
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli).
	// Before attempting to delete a user, remove the following items:
	//
	// * Password
	// (DeleteLoginProfile)
	//
	// * Access keys (DeleteAccessKey)
	//
	// * Signing certificate
	// (DeleteSigningCertificate)
	//
	// * SSH public key (DeleteSSHPublicKey)
	//
	// * Git
	// credentials (DeleteServiceSpecificCredential)
	//
	// * Multi-factor authentication
	// (MFA) device (DeactivateMFADevice, DeleteVirtualMFADevice)
	//
	// * Inline policies
	// (DeleteUserPolicy)
	//
	// * Attached managed policies (DetachUserPolicy)
	//
	// * Group
	// memberships (RemoveUserFromGroup)
	DeleteUser(ctx context.Context, params *DeleteUserInput, optFns ...func(*Options)) (*DeleteUserOutput, error)
	// Deletes the permissions boundary for the specified IAM user. Deleting the
	// permissions boundary for a user might increase its permissions by allowing the
	// user to perform all the actions granted in its permissions policies.
	DeleteUserPermissionsBoundary(ctx context.Context, params *DeleteUserPermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteUserPermissionsBoundaryOutput, error)
	// Deletes the specified inline policy that is embedded in the specified IAM user.
	// A user can also have managed policies attached to it. To detach a managed policy
	// from a user, use DetachUserPolicy. For more information about policies, refer to
	// Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	DeleteUserPolicy(ctx context.Context, params *DeleteUserPolicyInput, optFns ...func(*Options)) (*DeleteUserPolicyOutput, error)
	// Deletes a virtual MFA device. You must deactivate a user's virtual MFA device
	// before you can delete it. For information about deactivating MFA devices, see
	// DeactivateMFADevice.
	DeleteVirtualMFADevice(ctx context.Context, params *DeleteVirtualMFADeviceInput, optFns ...func(*Options)) (*DeleteVirtualMFADeviceOutput, error)
	// Removes the specified managed policy from the specified IAM group. A group can
	// also have inline policies embedded with it. To delete an inline policy, use
	// DeleteGroupPolicy. For information about policies, see Managed policies and
	// inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	DetachGroupPolicy(ctx context.Context, params *DetachGroupPolicyInput, optFns ...func(*Options)) (*DetachGroupPolicyOutput, error)
	// Removes the specified managed policy from the specified role. A role can also
	// have inline policies embedded with it. To delete an inline policy, use
	// DeleteRolePolicy. For information about policies, see Managed policies and
	// inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	DetachRolePolicy(ctx context.Context, params *DetachRolePolicyInput, optFns ...func(*Options)) (*DetachRolePolicyOutput, error)
	// Removes the specified managed policy from the specified user. A user can also
	// have inline policies embedded with it. To delete an inline policy, use
	// DeleteUserPolicy. For information about policies, see Managed policies and
	// inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	DetachUserPolicy(ctx context.Context, params *DetachUserPolicyInput, optFns ...func(*Options)) (*DetachUserPolicyOutput, error)
	// Enables the specified MFA device and associates it with the specified IAM user.
	// When enabled, the MFA device is required for every subsequent login by the IAM
	// user associated with the device.
	EnableMFADevice(ctx context.Context, params *EnableMFADeviceInput, optFns ...func(*Options)) (*EnableMFADeviceOutput, error)
	// Generates a credential report for the Amazon Web Services account. For more
	// information about the credential report, see Getting credential reports
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) in
	// the IAM User Guide.
	GenerateCredentialReport(ctx context.Context, params *GenerateCredentialReportInput, optFns ...func(*Options)) (*GenerateCredentialReportOutput, error)
	// Generates a report for service last accessed data for Organizations. You can
	// generate a report for any entities (organization root, organizational unit, or
	// account) or policies in your organization. To call this operation, you must be
	// signed in using your Organizations management account credentials. You can use
	// your long-term IAM user or root user credentials, or temporary credentials from
	// assuming an IAM role. SCPs must be enabled for your organization root. You must
	// have the required IAM and Organizations permissions. For more information, see
	// Refining permissions using service last accessed data
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
	// in the IAM User Guide. You can generate a service last accessed data report for
	// entities by specifying only the entity's path. This data includes a list of
	// services that are allowed by any service control policies (SCPs) that apply to
	// the entity. You can generate a service last accessed data report for a policy by
	// specifying an entity's path and an optional Organizations policy ID. This data
	// includes a list of services that are allowed by the specified SCP. For each
	// service in both report types, the data includes the most recent account activity
	// that the policy allows to account principals in the entity or the entity's
	// children. For important information about the data, reporting period,
	// permissions required, troubleshooting, and supported Regions see Reducing
	// permissions using service last accessed data
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
	// in the IAM User Guide. The data includes all attempts to access Amazon Web
	// Services, not just the successful ones. This includes all attempts that were
	// made using the Amazon Web Services Management Console, the Amazon Web Services
	// API through any of the SDKs, or any of the command line tools. An unexpected
	// entry in the service last accessed data does not mean that an account has been
	// compromised, because the request might have been denied. Refer to your
	// CloudTrail logs as the authoritative source for information about all API calls
	// and whether they were successful or denied access. For more information, see
	// Logging IAM events with CloudTrail
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
	// in the IAM User Guide. This operation returns a JobId. Use this parameter in the
	// GetOrganizationsAccessReport operation to check the status of the report
	// generation. To check the status of this request, use the JobId parameter in the
	// GetOrganizationsAccessReport operation and test the JobStatus response
	// parameter. When the job is complete, you can retrieve the report. To generate a
	// service last accessed data report for entities, specify an entity path without
	// specifying the optional Organizations policy ID. The type of entity that you
	// specify determines the data returned in the report.
	//
	// * Root – When you specify
	// the organizations root as the entity, the resulting report lists all of the
	// services allowed by SCPs that are attached to your root. For each service, the
	// report includes data for all accounts in your organization except the management
	// account, because the management account is not limited by SCPs.
	//
	// * OU – When you
	// specify an organizational unit (OU) as the entity, the resulting report lists
	// all of the services allowed by SCPs that are attached to the OU and its parents.
	// For each service, the report includes data for all accounts in the OU or its
	// children. This data excludes the management account, because the management
	// account is not limited by SCPs.
	//
	// * management account – When you specify the
	// management account, the resulting report lists all Amazon Web Services services,
	// because the management account is not limited by SCPs. For each service, the
	// report includes data for only the management account.
	//
	// * Account – When you
	// specify another account as the entity, the resulting report lists all of the
	// services allowed by SCPs that are attached to the account and its parents. For
	// each service, the report includes data for only the specified account.
	//
	// To
	// generate a service last accessed data report for policies, specify an entity
	// path and the optional Organizations policy ID. The type of entity that you
	// specify determines the data returned for each service.
	//
	// * Root – When you
	// specify the root entity and a policy ID, the resulting report lists all of the
	// services that are allowed by the specified SCP. For each service, the report
	// includes data for all accounts in your organization to which the SCP applies.
	// This data excludes the management account, because the management account is not
	// limited by SCPs. If the SCP is not attached to any entities in the organization,
	// then the report will return a list of services with no data.
	//
	// * OU – When you
	// specify an OU entity and a policy ID, the resulting report lists all of the
	// services that are allowed by the specified SCP. For each service, the report
	// includes data for all accounts in the OU or its children to which the SCP
	// applies. This means that other accounts outside the OU that are affected by the
	// SCP might not be included in the data. This data excludes the management
	// account, because the management account is not limited by SCPs. If the SCP is
	// not attached to the OU or one of its children, the report will return a list of
	// services with no data.
	//
	// * management account – When you specify the management
	// account, the resulting report lists all Amazon Web Services services, because
	// the management account is not limited by SCPs. If you specify a policy ID in the
	// CLI or API, the policy is ignored. For each service, the report includes data
	// for only the management account.
	//
	// * Account – When you specify another account
	// entity and a policy ID, the resulting report lists all of the services that are
	// allowed by the specified SCP. For each service, the report includes data for
	// only the specified account. This means that other accounts in the organization
	// that are affected by the SCP might not be included in the data. If the SCP is
	// not attached to the account, the report will return a list of services with no
	// data.
	//
	// Service last accessed data does not use other policy types when
	// determining whether a principal could access a service. These other policy types
	// include identity-based policies, resource-based policies, access control lists,
	// IAM permissions boundaries, and STS assume role policies. It only applies SCP
	// logic. For more about the evaluation of policy types, see Evaluating policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
	// in the IAM User Guide. For more information about service last accessed data,
	// see Reducing policy scope by viewing user activity
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
	// in the IAM User Guide.
	GenerateOrganizationsAccessReport(ctx context.Context, params *GenerateOrganizationsAccessReportInput, optFns ...func(*Options)) (*GenerateOrganizationsAccessReportOutput, error)
	// Generates a report that includes details about when an IAM resource (user,
	// group, role, or policy) was last used in an attempt to access Amazon Web
	// Services services. Recent activity usually appears within four hours. IAM
	// reports activity for at least the last 400 days, or less if your Region began
	// supporting this feature within the last year. For more information, see Regions
	// where data is tracked
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period).
	// The service last accessed data includes all attempts to access an Amazon Web
	// Services API, not just the successful ones. This includes all attempts that were
	// made using the Amazon Web Services Management Console, the Amazon Web Services
	// API through any of the SDKs, or any of the command line tools. An unexpected
	// entry in the service last accessed data does not mean that your account has been
	// compromised, because the request might have been denied. Refer to your
	// CloudTrail logs as the authoritative source for information about all API calls
	// and whether they were successful or denied access. For more information, see
	// Logging IAM events with CloudTrail
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
	// in the IAM User Guide. The GenerateServiceLastAccessedDetails operation returns
	// a JobId. Use this parameter in the following operations to retrieve the
	// following details from your report:
	//
	// * GetServiceLastAccessedDetails – Use this
	// operation for users, groups, roles, or policies to list every Amazon Web
	// Services service that the resource could access using permissions policies. For
	// each service, the response includes information about the most recent access
	// attempt. The JobId returned by GenerateServiceLastAccessedDetail must be used by
	// the same role within a session, or by the same user when used to call
	// GetServiceLastAccessedDetail.
	//
	// * GetServiceLastAccessedDetailsWithEntities – Use
	// this operation for groups and policies to list information about the associated
	// entities (users or roles) that attempted to access a specific Amazon Web
	// Services service.
	//
	// To check the status of the GenerateServiceLastAccessedDetails
	// request, use the JobId parameter in the same operations and test the JobStatus
	// response parameter. For additional information about the permissions policies
	// that allow an identity (user, group, or role) to access specific services, use
	// the ListPoliciesGrantingServiceAccess operation. Service last accessed data does
	// not use other policy types when determining whether a resource could access a
	// service. These other policy types include resource-based policies, access
	// control lists, Organizations policies, IAM permissions boundaries, and STS
	// assume role policies. It only applies permissions policy logic. For more about
	// the evaluation of policy types, see Evaluating policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
	// in the IAM User Guide. For more information about service and action last
	// accessed data, see Reducing permissions using service last accessed data
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
	// in the IAM User Guide.
	GenerateServiceLastAccessedDetails(ctx context.Context, params *GenerateServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GenerateServiceLastAccessedDetailsOutput, error)
	// Retrieves information about when the specified access key was last used. The
	// information includes the date and time of last use, along with the Amazon Web
	// Services service and Region that were specified in the last request made with
	// that key.
	GetAccessKeyLastUsed(ctx context.Context, params *GetAccessKeyLastUsedInput, optFns ...func(*Options)) (*GetAccessKeyLastUsedOutput, error)
	// Retrieves information about all IAM users, groups, roles, and policies in your
	// Amazon Web Services account, including their relationships to one another. Use
	// this operation to obtain a snapshot of the configuration of IAM permissions
	// (users, groups, roles, and policies) in your account. Policies returned by this
	// operation are URL-encoded compliant with RFC 3986
	// (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method to
	// convert the policy back to plain JSON text. For example, if you use Java, you
	// can use the decode method of the java.net.URLDecoder utility class in the Java
	// SDK. Other languages and SDKs provide similar functionality. You can optionally
	// filter the results using the Filter parameter. You can paginate the results
	// using the MaxItems and Marker parameters.
	GetAccountAuthorizationDetails(ctx context.Context, params *GetAccountAuthorizationDetailsInput, optFns ...func(*Options)) (*GetAccountAuthorizationDetailsOutput, error)
	// Retrieves the password policy for the Amazon Web Services account. This tells
	// you the complexity requirements and mandatory rotation periods for the IAM user
	// passwords in your account. For more information about using a password policy,
	// see Managing an IAM password policy
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html).
	GetAccountPasswordPolicy(ctx context.Context, params *GetAccountPasswordPolicyInput, optFns ...func(*Options)) (*GetAccountPasswordPolicyOutput, error)
	// Retrieves information about IAM entity usage and IAM quotas in the Amazon Web
	// Services account. For information about IAM quotas, see IAM and STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide.
	GetAccountSummary(ctx context.Context, params *GetAccountSummaryInput, optFns ...func(*Options)) (*GetAccountSummaryOutput, error)
	// Gets a list of all of the context keys referenced in the input policies. The
	// policies are supplied as a list of one or more strings. To get the context keys
	// from policies associated with an IAM user, group, or role, use
	// GetContextKeysForPrincipalPolicy. Context keys are variables maintained by
	// Amazon Web Services and its services that provide details about the context of
	// an API query request. Context keys can be evaluated by testing against a value
	// specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what
	// key names and values you must supply when you call SimulateCustomPolicy. Note
	// that all parameters are shown in unencoded form here for clarity but must be URL
	// encoded to be included as a part of a real HTML request.
	GetContextKeysForCustomPolicy(ctx context.Context, params *GetContextKeysForCustomPolicyInput, optFns ...func(*Options)) (*GetContextKeysForCustomPolicyOutput, error)
	// Gets a list of all of the context keys referenced in all the IAM policies that
	// are attached to the specified IAM entity. The entity can be an IAM user, group,
	// or role. If you specify a user, then the request also includes all of the
	// policies attached to groups that the user is a member of. You can optionally
	// include a list of one or more additional policies, specified as strings. If you
	// want to include only a list of policies by string, use
	// GetContextKeysForCustomPolicy instead. Note: This operation discloses
	// information about the permissions granted to other users. If you do not want
	// users to see other user's permissions, then consider allowing them to use
	// GetContextKeysForCustomPolicy instead. Context keys are variables maintained by
	// Amazon Web Services and its services that provide details about the context of
	// an API query request. Context keys can be evaluated by testing against a value
	// in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key
	// names and values you must supply when you call SimulatePrincipalPolicy.
	GetContextKeysForPrincipalPolicy(ctx context.Context, params *GetContextKeysForPrincipalPolicyInput, optFns ...func(*Options)) (*GetContextKeysForPrincipalPolicyOutput, error)
	// Retrieves a credential report for the Amazon Web Services account. For more
	// information about the credential report, see Getting credential reports
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) in
	// the IAM User Guide.
	GetCredentialReport(ctx context.Context, params *GetCredentialReportInput, optFns ...func(*Options)) (*GetCredentialReportOutput, error)
	// Returns a list of IAM users that are in the specified IAM group. You can
	// paginate the results using the MaxItems and Marker parameters.
	GetGroup(ctx context.Context, params *GetGroupInput, optFns ...func(*Options)) (*GetGroupOutput, error)
	// Retrieves the specified inline policy document that is embedded in the specified
	// IAM group. Policies returned by this operation are URL-encoded compliant with
	// RFC 3986 (https://tools.ietf.org/html/rfc3986). You can use a URL decoding
	// method to convert the policy back to plain JSON text. For example, if you use
	// Java, you can use the decode method of the java.net.URLDecoder utility class in
	// the Java SDK. Other languages and SDKs provide similar functionality. An IAM
	// group can also have managed policies attached to it. To retrieve a managed
	// policy document that is attached to a group, use GetPolicy to determine the
	// policy's default version, then use GetPolicyVersion to retrieve the policy
	// document. For more information about policies, see Managed policies and inline
	// policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	GetGroupPolicy(ctx context.Context, params *GetGroupPolicyInput, optFns ...func(*Options)) (*GetGroupPolicyOutput, error)
	// Retrieves information about the specified instance profile, including the
	// instance profile's path, GUID, ARN, and role. For more information about
	// instance profiles, see About instance profiles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html) in
	// the IAM User Guide.
	GetInstanceProfile(ctx context.Context, params *GetInstanceProfileInput, optFns ...func(*Options)) (*GetInstanceProfileOutput, error)
	// Retrieves the user name for the specified IAM user. A login profile is created
	// when you create a password for the user to access the Amazon Web Services
	// Management Console. If the user does not exist or does not have a password, the
	// operation returns a 404 (NoSuchEntity) error. If you create an IAM user with
	// access to the console, the CreateDate reflects the date you created the initial
	// password for the user. If you create an IAM user with programmatic access, and
	// then later add a password for the user to access the Amazon Web Services
	// Management Console, the CreateDate reflects the initial password creation date.
	// A user with programmatic access does not have a login profile unless you create
	// a password for the user to access the Amazon Web Services Management Console.
	GetLoginProfile(ctx context.Context, params *GetLoginProfileInput, optFns ...func(*Options)) (*GetLoginProfileOutput, error)
	// Returns information about the specified OpenID Connect (OIDC) provider resource
	// object in IAM.
	GetOpenIDConnectProvider(ctx context.Context, params *GetOpenIDConnectProviderInput, optFns ...func(*Options)) (*GetOpenIDConnectProviderOutput, error)
	// Retrieves the service last accessed data report for Organizations that was
	// previously generated using the GenerateOrganizationsAccessReport operation. This
	// operation retrieves the status of your report job and the report contents.
	// Depending on the parameters that you passed when you generated the report, the
	// data returned could include different information. For details, see
	// GenerateOrganizationsAccessReport. To call this operation, you must be signed in
	// to the management account in your organization. SCPs must be enabled for your
	// organization root. You must have permissions to perform this operation. For more
	// information, see Refining permissions using service last accessed data
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
	// in the IAM User Guide. For each service that principals in an account (root
	// users, IAM users, or IAM roles) could access using SCPs, the operation returns
	// details about the most recent access attempt. If there was no attempt, the
	// service is listed without details about the most recent attempt to access the
	// service. If the operation fails, it returns the reason that it failed. By
	// default, the list is sorted by service namespace.
	GetOrganizationsAccessReport(ctx context.Context, params *GetOrganizationsAccessReportInput, optFns ...func(*Options)) (*GetOrganizationsAccessReportOutput, error)
	// Retrieves information about the specified managed policy, including the policy's
	// default version and the total number of IAM users, groups, and roles to which
	// the policy is attached. To retrieve the list of the specific users, groups, and
	// roles that the policy is attached to, use ListEntitiesForPolicy. This operation
	// returns metadata about the policy. To retrieve the actual policy document for a
	// specific version of the policy, use GetPolicyVersion. This operation retrieves
	// information about managed policies. To retrieve information about an inline
	// policy that is embedded with an IAM user, group, or role, use GetUserPolicy,
	// GetGroupPolicy, or GetRolePolicy. For more information about policies, see
	// Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	GetPolicy(ctx context.Context, params *GetPolicyInput, optFns ...func(*Options)) (*GetPolicyOutput, error)
	// Retrieves information about the specified version of the specified managed
	// policy, including the policy document. Policies returned by this operation are
	// URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986). You
	// can use a URL decoding method to convert the policy back to plain JSON text. For
	// example, if you use Java, you can use the decode method of the
	// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
	// provide similar functionality. To list the available versions for a policy, use
	// ListPolicyVersions. This operation retrieves information about managed policies.
	// To retrieve information about an inline policy that is embedded in a user,
	// group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy. For more
	// information about the types of policies, see Managed policies and inline
	// policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. For more information about managed policy versions, see
	// Versioning for managed policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	GetPolicyVersion(ctx context.Context, params *GetPolicyVersionInput, optFns ...func(*Options)) (*GetPolicyVersionOutput, error)
	// Retrieves information about the specified role, including the role's path, GUID,
	// ARN, and the role's trust policy that grants permission to assume the role. For
	// more information about roles, see Working with roles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
	// Policies returned by this operation are URL-encoded compliant with RFC 3986
	// (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method to
	// convert the policy back to plain JSON text. For example, if you use Java, you
	// can use the decode method of the java.net.URLDecoder utility class in the Java
	// SDK. Other languages and SDKs provide similar functionality.
	GetRole(ctx context.Context, params *GetRoleInput, optFns ...func(*Options)) (*GetRoleOutput, error)
	// Retrieves the specified inline policy document that is embedded with the
	// specified IAM role. Policies returned by this operation are URL-encoded
	// compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986). You can use a URL
	// decoding method to convert the policy back to plain JSON text. For example, if
	// you use Java, you can use the decode method of the java.net.URLDecoder utility
	// class in the Java SDK. Other languages and SDKs provide similar functionality.
	// An IAM role can also have managed policies attached to it. To retrieve a managed
	// policy document that is attached to a role, use GetPolicy to determine the
	// policy's default version, then use GetPolicyVersion to retrieve the policy
	// document. For more information about policies, see Managed policies and inline
	// policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. For more information about roles, see Using roles to
	// delegate permissions and federate identities
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
	GetRolePolicy(ctx context.Context, params *GetRolePolicyInput, optFns ...func(*Options)) (*GetRolePolicyOutput, error)
	// Returns the SAML provider metadocument that was uploaded when the IAM SAML
	// provider resource object was created or updated. This operation requires
	// Signature Version 4
	// (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
	GetSAMLProvider(ctx context.Context, params *GetSAMLProviderInput, optFns ...func(*Options)) (*GetSAMLProviderOutput, error)
	// Retrieves the specified SSH public key, including metadata about the key. The
	// SSH public key retrieved by this operation is used only for authenticating the
	// associated IAM user to an CodeCommit repository. For more information about
	// using SSH keys to authenticate to an CodeCommit repository, see Set up
	// CodeCommit for SSH connections
	// (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
	// in the CodeCommit User Guide.
	GetSSHPublicKey(ctx context.Context, params *GetSSHPublicKeyInput, optFns ...func(*Options)) (*GetSSHPublicKeyOutput, error)
	// Retrieves information about the specified server certificate stored in IAM. For
	// more information about working with server certificates, see Working with server
	// certificates
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
	// in the IAM User Guide. This topic includes a list of Amazon Web Services
	// services that can use the server certificates that you manage with IAM.
	GetServerCertificate(ctx context.Context, params *GetServerCertificateInput, optFns ...func(*Options)) (*GetServerCertificateOutput, error)
	// Retrieves a service last accessed report that was created using the
	// GenerateServiceLastAccessedDetails operation. You can use the JobId parameter in
	// GetServiceLastAccessedDetails to retrieve the status of your report job. When
	// the report is complete, you can retrieve the generated report. The report
	// includes a list of Amazon Web Services services that the resource (user, group,
	// role, or managed policy) can access. Service last accessed data does not use
	// other policy types when determining whether a resource could access a service.
	// These other policy types include resource-based policies, access control lists,
	// Organizations policies, IAM permissions boundaries, and STS assume role
	// policies. It only applies permissions policy logic. For more about the
	// evaluation of policy types, see Evaluating policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
	// in the IAM User Guide. For each service that the resource could access using
	// permissions policies, the operation returns details about the most recent access
	// attempt. If there was no attempt, the service is listed without details about
	// the most recent attempt to access the service. If the operation fails, the
	// GetServiceLastAccessedDetails operation returns the reason that it failed. The
	// GetServiceLastAccessedDetails operation returns a list of services. This list
	// includes the number of entities that have attempted to access the service and
	// the date and time of the last attempt. It also returns the ARN of the following
	// entity, depending on the resource ARN that you used to generate the report:
	//
	// *
	// User – Returns the user ARN that you used to generate the report
	//
	// * Group –
	// Returns the ARN of the group member (user) that last attempted to access the
	// service
	//
	// * Role – Returns the role ARN that you used to generate the report
	//
	// *
	// Policy – Returns the ARN of the user or role that last used the policy to
	// attempt to access the service
	//
	// By default, the list is sorted by service
	// namespace. If you specified ACTION_LEVEL granularity when you generated the
	// report, this operation returns service and action last accessed data. This
	// includes the most recent access attempt for each tracked action within a
	// service. Otherwise, this operation returns only service data. For more
	// information about service and action last accessed data, see Reducing
	// permissions using service last accessed data
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
	// in the IAM User Guide.
	GetServiceLastAccessedDetails(ctx context.Context, params *GetServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsOutput, error)
	// After you generate a group or policy report using the
	// GenerateServiceLastAccessedDetails operation, you can use the JobId parameter in
	// GetServiceLastAccessedDetailsWithEntities. This operation retrieves the status
	// of your report job and a list of entities that could have used group or policy
	// permissions to access the specified service.
	//
	// * Group – For a group report, this
	// operation returns a list of users in the group that could have used the group’s
	// policies in an attempt to access the service.
	//
	// * Policy – For a policy report,
	// this operation returns a list of entities (users or roles) that could have used
	// the policy in an attempt to access the service.
	//
	// You can also use this operation
	// for user or role reports to retrieve details about those entities. If the
	// operation fails, the GetServiceLastAccessedDetailsWithEntities operation returns
	// the reason that it failed. By default, the list of associated entities is sorted
	// by date, with the most recent access listed first.
	GetServiceLastAccessedDetailsWithEntities(ctx context.Context, params *GetServiceLastAccessedDetailsWithEntitiesInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsWithEntitiesOutput, error)
	// Retrieves the status of your service-linked role deletion. After you use
	// DeleteServiceLinkedRole to submit a service-linked role for deletion, you can
	// use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus to check
	// the status of the deletion. If the deletion fails, this operation returns the
	// reason that it failed, if that information is returned by the service.
	GetServiceLinkedRoleDeletionStatus(ctx context.Context, params *GetServiceLinkedRoleDeletionStatusInput, optFns ...func(*Options)) (*GetServiceLinkedRoleDeletionStatusOutput, error)
	// Retrieves information about the specified IAM user, including the user's
	// creation date, path, unique ID, and ARN. If you do not specify a user name, IAM
	// determines the user name implicitly based on the Amazon Web Services access key
	// ID used to sign the request to this operation.
	GetUser(ctx context.Context, params *GetUserInput, optFns ...func(*Options)) (*GetUserOutput, error)
	// Retrieves the specified inline policy document that is embedded in the specified
	// IAM user. Policies returned by this operation are URL-encoded compliant with RFC
	// 3986 (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method to
	// convert the policy back to plain JSON text. For example, if you use Java, you
	// can use the decode method of the java.net.URLDecoder utility class in the Java
	// SDK. Other languages and SDKs provide similar functionality. An IAM user can
	// also have managed policies attached to it. To retrieve a managed policy document
	// that is attached to a user, use GetPolicy to determine the policy's default
	// version. Then use GetPolicyVersion to retrieve the policy document. For more
	// information about policies, see Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	GetUserPolicy(ctx context.Context, params *GetUserPolicyInput, optFns ...func(*Options)) (*GetUserPolicyOutput, error)
	// Returns information about the access key IDs associated with the specified IAM
	// user. If there is none, the operation returns an empty list. Although each user
	// is limited to a small number of keys, you can still paginate the results using
	// the MaxItems and Marker parameters. If the UserName is not specified, the user
	// name is determined implicitly based on the Amazon Web Services access key ID
	// used to sign the request. If a temporary access key is used, then UserName is
	// required. If a long-term key is assigned to the user, then UserName is not
	// required. This operation works for access keys under the Amazon Web Services
	// account. Consequently, you can use this operation to manage Amazon Web Services
	// account root user credentials even if the Amazon Web Services account has no
	// associated users. To ensure the security of your Amazon Web Services account,
	// the secret access key is accessible only during key and user creation.
	ListAccessKeys(ctx context.Context, params *ListAccessKeysInput, optFns ...func(*Options)) (*ListAccessKeysOutput, error)
	// Lists the account alias associated with the Amazon Web Services account (Note:
	// you can have only one). For information about using an Amazon Web Services
	// account alias, see Using an alias for your Amazon Web Services account ID
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) in the IAM
	// User Guide.
	ListAccountAliases(ctx context.Context, params *ListAccountAliasesInput, optFns ...func(*Options)) (*ListAccountAliasesOutput, error)
	// Lists all managed policies that are attached to the specified IAM group. An IAM
	// group can also have inline policies embedded with it. To list the inline
	// policies for a group, use ListGroupPolicies. For information about policies, see
	// Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. You can paginate the results using the MaxItems and
	// Marker parameters. You can use the PathPrefix parameter to limit the list of
	// policies to only those matching the specified path prefix. If there are no
	// policies attached to the specified group (or none that match the specified path
	// prefix), the operation returns an empty list.
	ListAttachedGroupPolicies(ctx context.Context, params *ListAttachedGroupPoliciesInput, optFns ...func(*Options)) (*ListAttachedGroupPoliciesOutput, error)
	// Lists all managed policies that are attached to the specified IAM role. An IAM
	// role can also have inline policies embedded with it. To list the inline policies
	// for a role, use ListRolePolicies. For information about policies, see Managed
	// policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. You can paginate the results using the MaxItems and
	// Marker parameters. You can use the PathPrefix parameter to limit the list of
	// policies to only those matching the specified path prefix. If there are no
	// policies attached to the specified role (or none that match the specified path
	// prefix), the operation returns an empty list.
	ListAttachedRolePolicies(ctx context.Context, params *ListAttachedRolePoliciesInput, optFns ...func(*Options)) (*ListAttachedRolePoliciesOutput, error)
	// Lists all managed policies that are attached to the specified IAM user. An IAM
	// user can also have inline policies embedded with it. To list the inline policies
	// for a user, use ListUserPolicies. For information about policies, see Managed
	// policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. You can paginate the results using the MaxItems and
	// Marker parameters. You can use the PathPrefix parameter to limit the list of
	// policies to only those matching the specified path prefix. If there are no
	// policies attached to the specified group (or none that match the specified path
	// prefix), the operation returns an empty list.
	ListAttachedUserPolicies(ctx context.Context, params *ListAttachedUserPoliciesInput, optFns ...func(*Options)) (*ListAttachedUserPoliciesOutput, error)
	// Lists all IAM users, groups, and roles that the specified managed policy is
	// attached to. You can use the optional EntityFilter parameter to limit the
	// results to a particular type of entity (users, groups, or roles). For example,
	// to list only the roles that are attached to the specified policy, set
	// EntityFilter to Role. You can paginate the results using the MaxItems and Marker
	// parameters.
	ListEntitiesForPolicy(ctx context.Context, params *ListEntitiesForPolicyInput, optFns ...func(*Options)) (*ListEntitiesForPolicyOutput, error)
	// Lists the names of the inline policies that are embedded in the specified IAM
	// group. An IAM group can also have managed policies attached to it. To list the
	// managed policies that are attached to a group, use ListAttachedGroupPolicies.
	// For more information about policies, see Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. You can paginate the results using the MaxItems and
	// Marker parameters. If there are no inline policies embedded with the specified
	// group, the operation returns an empty list.
	ListGroupPolicies(ctx context.Context, params *ListGroupPoliciesInput, optFns ...func(*Options)) (*ListGroupPoliciesOutput, error)
	// Lists the IAM groups that have the specified path prefix. You can paginate the
	// results using the MaxItems and Marker parameters.
	ListGroups(ctx context.Context, params *ListGroupsInput, optFns ...func(*Options)) (*ListGroupsOutput, error)
	// Lists the IAM groups that the specified IAM user belongs to. You can paginate
	// the results using the MaxItems and Marker parameters.
	ListGroupsForUser(ctx context.Context, params *ListGroupsForUserInput, optFns ...func(*Options)) (*ListGroupsForUserOutput, error)
	// Lists the tags that are attached to the specified IAM instance profile. The
	// returned list of tags is sorted by tag key. For more information about tagging,
	// see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	ListInstanceProfileTags(ctx context.Context, params *ListInstanceProfileTagsInput, optFns ...func(*Options)) (*ListInstanceProfileTagsOutput, error)
	// Lists the instance profiles that have the specified path prefix. If there are
	// none, the operation returns an empty list. For more information about instance
	// profiles, see About instance profiles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
	// IAM resource-listing operations return a subset of the available attributes for
	// the resource. For example, this operation does not return tags, even though they
	// are an attribute of the returned object. To view all of the information for an
	// instance profile, see GetInstanceProfile. You can paginate the results using the
	// MaxItems and Marker parameters.
	ListInstanceProfiles(ctx context.Context, params *ListInstanceProfilesInput, optFns ...func(*Options)) (*ListInstanceProfilesOutput, error)
	// Lists the instance profiles that have the specified associated IAM role. If
	// there are none, the operation returns an empty list. For more information about
	// instance profiles, go to About instance profiles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
	// You can paginate the results using the MaxItems and Marker parameters.
	ListInstanceProfilesForRole(ctx context.Context, params *ListInstanceProfilesForRoleInput, optFns ...func(*Options)) (*ListInstanceProfilesForRoleOutput, error)
	// Lists the tags that are attached to the specified IAM virtual multi-factor
	// authentication (MFA) device. The returned list of tags is sorted by tag key. For
	// more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	ListMFADeviceTags(ctx context.Context, params *ListMFADeviceTagsInput, optFns ...func(*Options)) (*ListMFADeviceTagsOutput, error)
	// Lists the MFA devices for an IAM user. If the request includes a IAM user name,
	// then this operation lists all the MFA devices associated with the specified
	// user. If you do not specify a user name, IAM determines the user name implicitly
	// based on the Amazon Web Services access key ID signing the request for this
	// operation. You can paginate the results using the MaxItems and Marker
	// parameters.
	ListMFADevices(ctx context.Context, params *ListMFADevicesInput, optFns ...func(*Options)) (*ListMFADevicesOutput, error)
	// Lists the tags that are attached to the specified OpenID Connect
	// (OIDC)-compatible identity provider. The returned list of tags is sorted by tag
	// key. For more information, see About web identity federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html).
	// For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	ListOpenIDConnectProviderTags(ctx context.Context, params *ListOpenIDConnectProviderTagsInput, optFns ...func(*Options)) (*ListOpenIDConnectProviderTagsOutput, error)
	// Lists information about the IAM OpenID Connect (OIDC) provider resource objects
	// defined in the Amazon Web Services account. IAM resource-listing operations
	// return a subset of the available attributes for the resource. For example, this
	// operation does not return tags, even though they are an attribute of the
	// returned object. To view all of the information for an OIDC provider, see
	// GetOpenIDConnectProvider.
	ListOpenIDConnectProviders(ctx context.Context, params *ListOpenIDConnectProvidersInput, optFns ...func(*Options)) (*ListOpenIDConnectProvidersOutput, error)
	// Lists all the managed policies that are available in your Amazon Web Services
	// account, including your own customer-defined managed policies and all Amazon Web
	// Services managed policies. You can filter the list of policies that is returned
	// using the optional OnlyAttached, Scope, and PathPrefix parameters. For example,
	// to list only the customer managed policies in your Amazon Web Services account,
	// set Scope to Local. To list only Amazon Web Services managed policies, set Scope
	// to AWS. You can paginate the results using the MaxItems and Marker parameters.
	// For more information about managed policies, see Managed policies and inline
	// policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. IAM resource-listing operations return a subset of the
	// available attributes for the resource. For example, this operation does not
	// return tags, even though they are an attribute of the returned object. To view
	// all of the information for a customer manged policy, see GetPolicy.
	ListPolicies(ctx context.Context, params *ListPoliciesInput, optFns ...func(*Options)) (*ListPoliciesOutput, error)
	// Retrieves a list of policies that the IAM identity (user, group, or role) can
	// use to access each specified service. This operation does not use other policy
	// types when determining whether a resource could access a service. These other
	// policy types include resource-based policies, access control lists,
	// Organizations policies, IAM permissions boundaries, and STS assume role
	// policies. It only applies permissions policy logic. For more about the
	// evaluation of policy types, see Evaluating policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
	// in the IAM User Guide. The list of policies returned by the operation depends on
	// the ARN of the identity that you provide.
	//
	// * User – The list of policies
	// includes the managed and inline policies that are attached to the user directly.
	// The list also includes any additional managed and inline policies that are
	// attached to the group to which the user belongs.
	//
	// * Group – The list of policies
	// includes only the managed and inline policies that are attached to the group
	// directly. Policies that are attached to the group’s user are not included.
	//
	// *
	// Role – The list of policies includes only the managed and inline policies that
	// are attached to the role.
	//
	// For each managed policy, this operation returns the
	// ARN and policy name. For each inline policy, it returns the policy name and the
	// entity to which it is attached. Inline policies do not have an ARN. For more
	// information about these policy types, see Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html)
	// in the IAM User Guide. Policies that are attached to users and roles as
	// permissions boundaries are not returned. To view which managed policy is
	// currently used to set the permissions boundary for a user or role, use the
	// GetUser or GetRole operations.
	ListPoliciesGrantingServiceAccess(ctx context.Context, params *ListPoliciesGrantingServiceAccessInput, optFns ...func(*Options)) (*ListPoliciesGrantingServiceAccessOutput, error)
	// Lists the tags that are attached to the specified IAM customer managed policy.
	// The returned list of tags is sorted by tag key. For more information about
	// tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	ListPolicyTags(ctx context.Context, params *ListPolicyTagsInput, optFns ...func(*Options)) (*ListPolicyTagsOutput, error)
	// Lists information about the versions of the specified managed policy, including
	// the version that is currently set as the policy's default version. For more
	// information about managed policies, see Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	ListPolicyVersions(ctx context.Context, params *ListPolicyVersionsInput, optFns ...func(*Options)) (*ListPolicyVersionsOutput, error)
	// Lists the names of the inline policies that are embedded in the specified IAM
	// role. An IAM role can also have managed policies attached to it. To list the
	// managed policies that are attached to a role, use ListAttachedRolePolicies. For
	// more information about policies, see Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. You can paginate the results using the MaxItems and
	// Marker parameters. If there are no inline policies embedded with the specified
	// role, the operation returns an empty list.
	ListRolePolicies(ctx context.Context, params *ListRolePoliciesInput, optFns ...func(*Options)) (*ListRolePoliciesOutput, error)
	// Lists the tags that are attached to the specified role. The returned list of
	// tags is sorted by tag key. For more information about tagging, see Tagging IAM
	// resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
	// IAM User Guide.
	ListRoleTags(ctx context.Context, params *ListRoleTagsInput, optFns ...func(*Options)) (*ListRoleTagsOutput, error)
	// Lists the IAM roles that have the specified path prefix. If there are none, the
	// operation returns an empty list. For more information about roles, see Working
	// with roles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). IAM
	// resource-listing operations return a subset of the available attributes for the
	// resource. For example, this operation does not return tags, even though they are
	// an attribute of the returned object. To view all of the information for a role,
	// see GetRole. You can paginate the results using the MaxItems and Marker
	// parameters.
	ListRoles(ctx context.Context, params *ListRolesInput, optFns ...func(*Options)) (*ListRolesOutput, error)
	// Lists the tags that are attached to the specified Security Assertion Markup
	// Language (SAML) identity provider. The returned list of tags is sorted by tag
	// key. For more information, see About SAML 2.0-based federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html).
	// For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	ListSAMLProviderTags(ctx context.Context, params *ListSAMLProviderTagsInput, optFns ...func(*Options)) (*ListSAMLProviderTagsOutput, error)
	// Lists the SAML provider resource objects defined in IAM in the account. IAM
	// resource-listing operations return a subset of the available attributes for the
	// resource. For example, this operation does not return tags, even though they are
	// an attribute of the returned object. To view all of the information for a SAML
	// provider, see GetSAMLProvider. This operation requires Signature Version 4
	// (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
	ListSAMLProviders(ctx context.Context, params *ListSAMLProvidersInput, optFns ...func(*Options)) (*ListSAMLProvidersOutput, error)
	// Returns information about the SSH public keys associated with the specified IAM
	// user. If none exists, the operation returns an empty list. The SSH public keys
	// returned by this operation are used only for authenticating the IAM user to an
	// CodeCommit repository. For more information about using SSH keys to authenticate
	// to an CodeCommit repository, see Set up CodeCommit for SSH connections
	// (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
	// in the CodeCommit User Guide. Although each user is limited to a small number of
	// keys, you can still paginate the results using the MaxItems and Marker
	// parameters.
	ListSSHPublicKeys(ctx context.Context, params *ListSSHPublicKeysInput, optFns ...func(*Options)) (*ListSSHPublicKeysOutput, error)
	// Lists the tags that are attached to the specified IAM server certificate. The
	// returned list of tags is sorted by tag key. For more information about tagging,
	// see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide. For certificates in a Region supported by Certificate Manager (ACM), we
	// recommend that you don't use IAM server certificates. Instead, use ACM to
	// provision, manage, and deploy your server certificates. For more information
	// about IAM server certificates, Working with server certificates
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
	// in the IAM User Guide.
	ListServerCertificateTags(ctx context.Context, params *ListServerCertificateTagsInput, optFns ...func(*Options)) (*ListServerCertificateTagsOutput, error)
	// Lists the server certificates stored in IAM that have the specified path prefix.
	// If none exist, the operation returns an empty list. You can paginate the results
	// using the MaxItems and Marker parameters. For more information about working
	// with server certificates, see Working with server certificates
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
	// in the IAM User Guide. This topic also includes a list of Amazon Web Services
	// services that can use the server certificates that you manage with IAM. IAM
	// resource-listing operations return a subset of the available attributes for the
	// resource. For example, this operation does not return tags, even though they are
	// an attribute of the returned object. To view all of the information for a
	// servercertificate, see GetServerCertificate.
	ListServerCertificates(ctx context.Context, params *ListServerCertificatesInput, optFns ...func(*Options)) (*ListServerCertificatesOutput, error)
	// Returns information about the service-specific credentials associated with the
	// specified IAM user. If none exists, the operation returns an empty list. The
	// service-specific credentials returned by this operation are used only for
	// authenticating the IAM user to a specific service. For more information about
	// using service-specific credentials to authenticate to an Amazon Web Services
	// service, see Set up service-specific credentials
	// (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html) in
	// the CodeCommit User Guide.
	ListServiceSpecificCredentials(ctx context.Context, params *ListServiceSpecificCredentialsInput, optFns ...func(*Options)) (*ListServiceSpecificCredentialsOutput, error)
	// Returns information about the signing certificates associated with the specified
	// IAM user. If none exists, the operation returns an empty list. Although each
	// user is limited to a small number of signing certificates, you can still
	// paginate the results using the MaxItems and Marker parameters. If the UserName
	// field is not specified, the user name is determined implicitly based on the
	// Amazon Web Services access key ID used to sign the request for this operation.
	// This operation works for access keys under the Amazon Web Services account.
	// Consequently, you can use this operation to manage Amazon Web Services account
	// root user credentials even if the Amazon Web Services account has no associated
	// users.
	ListSigningCertificates(ctx context.Context, params *ListSigningCertificatesInput, optFns ...func(*Options)) (*ListSigningCertificatesOutput, error)
	// Lists the names of the inline policies embedded in the specified IAM user. An
	// IAM user can also have managed policies attached to it. To list the managed
	// policies that are attached to a user, use ListAttachedUserPolicies. For more
	// information about policies, see Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. You can paginate the results using the MaxItems and
	// Marker parameters. If there are no inline policies embedded with the specified
	// user, the operation returns an empty list.
	ListUserPolicies(ctx context.Context, params *ListUserPoliciesInput, optFns ...func(*Options)) (*ListUserPoliciesOutput, error)
	// Lists the tags that are attached to the specified IAM user. The returned list of
	// tags is sorted by tag key. For more information about tagging, see Tagging IAM
	// resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
	// IAM User Guide.
	ListUserTags(ctx context.Context, params *ListUserTagsInput, optFns ...func(*Options)) (*ListUserTagsOutput, error)
	// Lists the IAM users that have the specified path prefix. If no path prefix is
	// specified, the operation returns all users in the Amazon Web Services account.
	// If there are none, the operation returns an empty list. IAM resource-listing
	// operations return a subset of the available attributes for the resource. For
	// example, this operation does not return tags, even though they are an attribute
	// of the returned object. To view all of the information for a user, see GetUser.
	// You can paginate the results using the MaxItems and Marker parameters.
	ListUsers(ctx context.Context, params *ListUsersInput, optFns ...func(*Options)) (*ListUsersOutput, error)
	// Lists the virtual MFA devices defined in the Amazon Web Services account by
	// assignment status. If you do not specify an assignment status, the operation
	// returns a list of all virtual MFA devices. Assignment status can be Assigned,
	// Unassigned, or Any. IAM resource-listing operations return a subset of the
	// available attributes for the resource. For example, this operation does not
	// return tags, even though they are an attribute of the returned object. To view
	// tag information for a virtual MFA device, see ListMFADeviceTags. You can
	// paginate the results using the MaxItems and Marker parameters.
	ListVirtualMFADevices(ctx context.Context, params *ListVirtualMFADevicesInput, optFns ...func(*Options)) (*ListVirtualMFADevicesOutput, error)
	// Adds or updates an inline policy document that is embedded in the specified IAM
	// group. A user can also have managed policies attached to it. To attach a managed
	// policy to a group, use AttachGroupPolicy. To create a new managed policy, use
	// CreatePolicy. For information about policies, see Managed policies and inline
	// policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. For information about the maximum number of inline
	// policies that you can embed in a group, see IAM and STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide. Because policy documents can be large, you should use POST
	// rather than GET when calling PutGroupPolicy. For general information about using
	// the Query API with IAM, see Making query requests
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) in the
	// IAM User Guide.
	PutGroupPolicy(ctx context.Context, params *PutGroupPolicyInput, optFns ...func(*Options)) (*PutGroupPolicyOutput, error)
	// Adds or updates the policy that is specified as the IAM role's permissions
	// boundary. You can use an Amazon Web Services managed policy or a customer
	// managed policy to set the boundary for a role. Use the boundary to control the
	// maximum permissions that the role can have. Setting a permissions boundary is an
	// advanced feature that can affect the permissions for the role. You cannot set
	// the boundary for a service-linked role. Policies used as permissions boundaries
	// do not provide permissions. You must also attach a permissions policy to the
	// role. To learn how the effective permissions for a role are evaluated, see IAM
	// JSON policy evaluation logic
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html)
	// in the IAM User Guide.
	PutRolePermissionsBoundary(ctx context.Context, params *PutRolePermissionsBoundaryInput, optFns ...func(*Options)) (*PutRolePermissionsBoundaryOutput, error)
	// Adds or updates an inline policy document that is embedded in the specified IAM
	// role. When you embed an inline policy in a role, the inline policy is used as
	// part of the role's access (permissions) policy. The role's trust policy is
	// created at the same time as the role, using CreateRole. You can update a role's
	// trust policy using UpdateAssumeRolePolicy. For more information about IAM roles,
	// see Using roles to delegate permissions and federate identities
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). A role
	// can also have a managed policy attached to it. To attach a managed policy to a
	// role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy.
	// For information about policies, see Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. For information about the maximum number of inline
	// policies that you can embed with a role, see IAM and STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide. Because policy documents can be large, you should use POST
	// rather than GET when calling PutRolePolicy. For general information about using
	// the Query API with IAM, see Making query requests
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) in the
	// IAM User Guide.
	PutRolePolicy(ctx context.Context, params *PutRolePolicyInput, optFns ...func(*Options)) (*PutRolePolicyOutput, error)
	// Adds or updates the policy that is specified as the IAM user's permissions
	// boundary. You can use an Amazon Web Services managed policy or a customer
	// managed policy to set the boundary for a user. Use the boundary to control the
	// maximum permissions that the user can have. Setting a permissions boundary is an
	// advanced feature that can affect the permissions for the user. Policies that are
	// used as permissions boundaries do not provide permissions. You must also attach
	// a permissions policy to the user. To learn how the effective permissions for a
	// user are evaluated, see IAM JSON policy evaluation logic
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html)
	// in the IAM User Guide.
	PutUserPermissionsBoundary(ctx context.Context, params *PutUserPermissionsBoundaryInput, optFns ...func(*Options)) (*PutUserPermissionsBoundaryOutput, error)
	// Adds or updates an inline policy document that is embedded in the specified IAM
	// user. An IAM user can also have a managed policy attached to it. To attach a
	// managed policy to a user, use AttachUserPolicy. To create a new managed policy,
	// use CreatePolicy. For information about policies, see Managed policies and
	// inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide. For information about the maximum number of inline
	// policies that you can embed in a user, see IAM and STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide. Because policy documents can be large, you should use POST
	// rather than GET when calling PutUserPolicy. For general information about using
	// the Query API with IAM, see Making query requests
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) in the
	// IAM User Guide.
	PutUserPolicy(ctx context.Context, params *PutUserPolicyInput, optFns ...func(*Options)) (*PutUserPolicyOutput, error)
	// Removes the specified client ID (also known as audience) from the list of client
	// IDs registered for the specified IAM OpenID Connect (OIDC) provider resource
	// object. This operation is idempotent; it does not fail or return an error if you
	// try to remove a client ID that does not exist.
	RemoveClientIDFromOpenIDConnectProvider(ctx context.Context, params *RemoveClientIDFromOpenIDConnectProviderInput, optFns ...func(*Options)) (*RemoveClientIDFromOpenIDConnectProviderOutput, error)
	// Removes the specified IAM role from the specified EC2 instance profile. Make
	// sure that you do not have any Amazon EC2 instances running with the role you are
	// about to remove from the instance profile. Removing a role from an instance
	// profile that is associated with a running instance might break any applications
	// running on the instance. For more information about IAM roles, see Working with
	// roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
	// For more information about instance profiles, see About instance profiles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
	RemoveRoleFromInstanceProfile(ctx context.Context, params *RemoveRoleFromInstanceProfileInput, optFns ...func(*Options)) (*RemoveRoleFromInstanceProfileOutput, error)
	// Removes the specified user from the specified group.
	RemoveUserFromGroup(ctx context.Context, params *RemoveUserFromGroupInput, optFns ...func(*Options)) (*RemoveUserFromGroupOutput, error)
	// Resets the password for a service-specific credential. The new password is
	// Amazon Web Services generated and cryptographically strong. It cannot be
	// configured by the user. Resetting the password immediately invalidates the
	// previous password associated with this user.
	ResetServiceSpecificCredential(ctx context.Context, params *ResetServiceSpecificCredentialInput, optFns ...func(*Options)) (*ResetServiceSpecificCredentialOutput, error)
	// Synchronizes the specified MFA device with its IAM resource object on the Amazon
	// Web Services servers. For more information about creating and working with
	// virtual MFA devices, see Using a virtual MFA device
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) in the
	// IAM User Guide.
	ResyncMFADevice(ctx context.Context, params *ResyncMFADeviceInput, optFns ...func(*Options)) (*ResyncMFADeviceOutput, error)
	// Sets the specified version of the specified policy as the policy's default
	// (operative) version. This operation affects all users, groups, and roles that
	// the policy is attached to. To list the users, groups, and roles that the policy
	// is attached to, use ListEntitiesForPolicy. For information about managed
	// policies, see Managed policies and inline policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
	// in the IAM User Guide.
	SetDefaultPolicyVersion(ctx context.Context, params *SetDefaultPolicyVersionInput, optFns ...func(*Options)) (*SetDefaultPolicyVersionOutput, error)
	// Sets the specified version of the global endpoint token as the token version
	// used for the Amazon Web Services account. By default, Security Token Service
	// (STS) is available as a global service, and all STS requests go to a single
	// endpoint at https://sts.amazonaws.com. Amazon Web Services recommends using
	// Regional STS endpoints to reduce latency, build in redundancy, and increase
	// session token availability. For information about Regional endpoints for STS,
	// see Security Token Service endpoints and quotas
	// (https://docs.aws.amazon.com/general/latest/gr/sts.html) in the Amazon Web
	// Services General Reference. If you make an STS call to the global endpoint, the
	// resulting session tokens might be valid in some Regions but not others. It
	// depends on the version that is set in this operation. Version 1 tokens are valid
	// only in Amazon Web Services Regions that are available by default. These tokens
	// do not work in manually enabled Regions, such as Asia Pacific (Hong Kong).
	// Version 2 tokens are valid in all Regions. However, version 2 tokens are longer
	// and might affect systems where you temporarily store tokens. For information,
	// see Activating and deactivating STS in an Amazon Web Services Region
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
	// in the IAM User Guide. To view the current session token version, see the
	// GlobalEndpointTokenVersion entry in the response of the GetAccountSummary
	// operation.
	SetSecurityTokenServicePreferences(ctx context.Context, params *SetSecurityTokenServicePreferencesInput, optFns ...func(*Options)) (*SetSecurityTokenServicePreferencesOutput, error)
	// Simulate how a set of IAM policies and optionally a resource-based policy works
	// with a list of API operations and Amazon Web Services resources to determine the
	// policies' effective permissions. The policies are provided as strings. The
	// simulation does not perform the API operations; it only checks the authorization
	// to determine if the simulated policies allow or deny the operations. You can
	// simulate resources that don't exist in your account. If you want to simulate
	// existing policies that are attached to an IAM user, group, or role, use
	// SimulatePrincipalPolicy instead. Context keys are variables that are maintained
	// by Amazon Web Services and its services and which provide details about the
	// context of an API query request. You can use the Condition element of an IAM
	// policy to evaluate context keys. To get the list of context keys that the
	// policies require for correct simulation, use GetContextKeysForCustomPolicy. If
	// the output is long, you can use MaxItems and Marker parameters to paginate the
	// results. The IAM policy simulator evaluates statements in the identity-based
	// policy and the inputs that you provide during simulation. The policy simulator
	// results can differ from your live Amazon Web Services environment. We recommend
	// that you check your policies against your live Amazon Web Services environment
	// after testing using the policy simulator to confirm that you have the desired
	// results. For more information about using the policy simulator, see Testing IAM
	// policies with the IAM policy simulator
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html)in
	// the IAM User Guide.
	SimulateCustomPolicy(ctx context.Context, params *SimulateCustomPolicyInput, optFns ...func(*Options)) (*SimulateCustomPolicyOutput, error)
	// Simulate how a set of IAM policies attached to an IAM entity works with a list
	// of API operations and Amazon Web Services resources to determine the policies'
	// effective permissions. The entity can be an IAM user, group, or role. If you
	// specify a user, then the simulation also includes all of the policies that are
	// attached to groups that the user belongs to. You can simulate resources that
	// don't exist in your account. You can optionally include a list of one or more
	// additional policies specified as strings to include in the simulation. If you
	// want to simulate only policies specified as strings, use SimulateCustomPolicy
	// instead. You can also optionally include one resource-based policy to be
	// evaluated with each of the resources included in the simulation for IAM users
	// only. The simulation does not perform the API operations; it only checks the
	// authorization to determine if the simulated policies allow or deny the
	// operations. Note: This operation discloses information about the permissions
	// granted to other users. If you do not want users to see other user's
	// permissions, then consider allowing them to use SimulateCustomPolicy instead.
	// Context keys are variables maintained by Amazon Web Services and its services
	// that provide details about the context of an API query request. You can use the
	// Condition element of an IAM policy to evaluate context keys. To get the list of
	// context keys that the policies require for correct simulation, use
	// GetContextKeysForPrincipalPolicy. If the output is long, you can use the
	// MaxItems and Marker parameters to paginate the results. The IAM policy simulator
	// evaluates statements in the identity-based policy and the inputs that you
	// provide during simulation. The policy simulator results can differ from your
	// live Amazon Web Services environment. We recommend that you check your policies
	// against your live Amazon Web Services environment after testing using the policy
	// simulator to confirm that you have the desired results. For more information
	// about using the policy simulator, see Testing IAM policies with the IAM policy
	// simulator
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html)in
	// the IAM User Guide.
	SimulatePrincipalPolicy(ctx context.Context, params *SimulatePrincipalPolicyInput, optFns ...func(*Options)) (*SimulatePrincipalPolicyOutput, error)
	// Adds one or more tags to an IAM instance profile. If a tag with the same key
	// name already exists, then that tag is overwritten with the new value. Each tag
	// consists of a key name and an associated value. By assigning tags to your
	// resources, you can do the following:
	//
	// * Administrative grouping and discovery -
	// Attach tags to resources to aid in organization and search. For example, you
	// could search for all resources with the key name Project and the value
	// MyImportantProject. Or search for all resources with the key name Cost Center
	// and the value 41200.
	//
	// * Access control - Include tags in IAM user-based and
	// resource-based policies. You can use tags to restrict access to only an IAM
	// instance profile that has a specified tag attached. For examples of policies
	// that show how to use tags to control access, see Control access using IAM tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in the IAM
	// User Guide.
	//
	// * If any one of the tags is invalid or if you exceed the allowed
	// maximum number of tags, then the entire request fails and the resource is not
	// created. For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	//
	// * Amazon Web Services always interprets the tag Value as a single
	// string. If you need to store an array, you can store comma-separated values in
	// the string. However, you must interpret the value in your code.
	TagInstanceProfile(ctx context.Context, params *TagInstanceProfileInput, optFns ...func(*Options)) (*TagInstanceProfileOutput, error)
	// Adds one or more tags to an IAM virtual multi-factor authentication (MFA)
	// device. If a tag with the same key name already exists, then that tag is
	// overwritten with the new value. A tag consists of a key name and an associated
	// value. By assigning tags to your resources, you can do the following:
	//
	// *
	// Administrative grouping and discovery - Attach tags to resources to aid in
	// organization and search. For example, you could search for all resources with
	// the key name Project and the value MyImportantProject. Or search for all
	// resources with the key name Cost Center and the value 41200.
	//
	// * Access control -
	// Include tags in IAM user-based and resource-based policies. You can use tags to
	// restrict access to only an IAM virtual MFA device that has a specified tag
	// attached. For examples of policies that show how to use tags to control access,
	// see Control access using IAM tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in the IAM
	// User Guide.
	//
	// * If any one of the tags is invalid or if you exceed the allowed
	// maximum number of tags, then the entire request fails and the resource is not
	// created. For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	//
	// * Amazon Web Services always interprets the tag Value as a single
	// string. If you need to store an array, you can store comma-separated values in
	// the string. However, you must interpret the value in your code.
	TagMFADevice(ctx context.Context, params *TagMFADeviceInput, optFns ...func(*Options)) (*TagMFADeviceOutput, error)
	// Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider.
	// For more information about these providers, see About web identity federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html).
	// If a tag with the same key name already exists, then that tag is overwritten
	// with the new value. A tag consists of a key name and an associated value. By
	// assigning tags to your resources, you can do the following:
	//
	// * Administrative
	// grouping and discovery - Attach tags to resources to aid in organization and
	// search. For example, you could search for all resources with the key name
	// Project and the value MyImportantProject. Or search for all resources with the
	// key name Cost Center and the value 41200.
	//
	// * Access control - Include tags in
	// IAM user-based and resource-based policies. You can use tags to restrict access
	// to only an OIDC provider that has a specified tag attached. For examples of
	// policies that show how to use tags to control access, see Control access using
	// IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in
	// the IAM User Guide.
	//
	// * If any one of the tags is invalid or if you exceed the
	// allowed maximum number of tags, then the entire request fails and the resource
	// is not created. For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	//
	// * Amazon Web Services always interprets the tag Value as a single
	// string. If you need to store an array, you can store comma-separated values in
	// the string. However, you must interpret the value in your code.
	TagOpenIDConnectProvider(ctx context.Context, params *TagOpenIDConnectProviderInput, optFns ...func(*Options)) (*TagOpenIDConnectProviderOutput, error)
	// Adds one or more tags to an IAM customer managed policy. If a tag with the same
	// key name already exists, then that tag is overwritten with the new value. A tag
	// consists of a key name and an associated value. By assigning tags to your
	// resources, you can do the following:
	//
	// * Administrative grouping and discovery -
	// Attach tags to resources to aid in organization and search. For example, you
	// could search for all resources with the key name Project and the value
	// MyImportantProject. Or search for all resources with the key name Cost Center
	// and the value 41200.
	//
	// * Access control - Include tags in IAM user-based and
	// resource-based policies. You can use tags to restrict access to only an IAM
	// customer managed policy that has a specified tag attached. For examples of
	// policies that show how to use tags to control access, see Control access using
	// IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in
	// the IAM User Guide.
	//
	// * If any one of the tags is invalid or if you exceed the
	// allowed maximum number of tags, then the entire request fails and the resource
	// is not created. For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	//
	// * Amazon Web Services always interprets the tag Value as a single
	// string. If you need to store an array, you can store comma-separated values in
	// the string. However, you must interpret the value in your code.
	TagPolicy(ctx context.Context, params *TagPolicyInput, optFns ...func(*Options)) (*TagPolicyOutput, error)
	// Adds one or more tags to an IAM role. The role can be a regular role or a
	// service-linked role. If a tag with the same key name already exists, then that
	// tag is overwritten with the new value. A tag consists of a key name and an
	// associated value. By assigning tags to your resources, you can do the
	// following:
	//
	// * Administrative grouping and discovery - Attach tags to resources
	// to aid in organization and search. For example, you could search for all
	// resources with the key name Project and the value MyImportantProject. Or search
	// for all resources with the key name Cost Center and the value 41200.
	//
	// * Access
	// control - Include tags in IAM user-based and resource-based policies. You can
	// use tags to restrict access to only an IAM role that has a specified tag
	// attached. You can also restrict access to only those resources that have a
	// certain tag attached. For examples of policies that show how to use tags to
	// control access, see Control access using IAM tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in the IAM
	// User Guide.
	//
	// * Cost allocation - Use tags to help track which individuals and
	// teams are using which Amazon Web Services resources.
	//
	// * If any one of the tags
	// is invalid or if you exceed the allowed maximum number of tags, then the entire
	// request fails and the resource is not created. For more information about
	// tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	//
	// * Amazon Web Services always interprets the tag Value as a single
	// string. If you need to store an array, you can store comma-separated values in
	// the string. However, you must interpret the value in your code.
	//
	// For more
	// information about tagging, see Tagging IAM identities
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	TagRole(ctx context.Context, params *TagRoleInput, optFns ...func(*Options)) (*TagRoleOutput, error)
	// Adds one or more tags to a Security Assertion Markup Language (SAML) identity
	// provider. For more information about these providers, see About SAML 2.0-based
	// federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html).
	// If a tag with the same key name already exists, then that tag is overwritten
	// with the new value. A tag consists of a key name and an associated value. By
	// assigning tags to your resources, you can do the following:
	//
	// * Administrative
	// grouping and discovery - Attach tags to resources to aid in organization and
	// search. For example, you could search for all resources with the key name
	// Project and the value MyImportantProject. Or search for all resources with the
	// key name Cost Center and the value 41200.
	//
	// * Access control - Include tags in
	// IAM user-based and resource-based policies. You can use tags to restrict access
	// to only a SAML identity provider that has a specified tag attached. For examples
	// of policies that show how to use tags to control access, see Control access
	// using IAM tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in the IAM
	// User Guide.
	//
	// * If any one of the tags is invalid or if you exceed the allowed
	// maximum number of tags, then the entire request fails and the resource is not
	// created. For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	//
	// * Amazon Web Services always interprets the tag Value as a single
	// string. If you need to store an array, you can store comma-separated values in
	// the string. However, you must interpret the value in your code.
	TagSAMLProvider(ctx context.Context, params *TagSAMLProviderInput, optFns ...func(*Options)) (*TagSAMLProviderOutput, error)
	// Adds one or more tags to an IAM server certificate. If a tag with the same key
	// name already exists, then that tag is overwritten with the new value. For
	// certificates in a Region supported by Certificate Manager (ACM), we recommend
	// that you don't use IAM server certificates. Instead, use ACM to provision,
	// manage, and deploy your server certificates. For more information about IAM
	// server certificates, Working with server certificates
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
	// in the IAM User Guide. A tag consists of a key name and an associated value. By
	// assigning tags to your resources, you can do the following:
	//
	// * Administrative
	// grouping and discovery - Attach tags to resources to aid in organization and
	// search. For example, you could search for all resources with the key name
	// Project and the value MyImportantProject. Or search for all resources with the
	// key name Cost Center and the value 41200.
	//
	// * Access control - Include tags in
	// IAM user-based and resource-based policies. You can use tags to restrict access
	// to only a server certificate that has a specified tag attached. For examples of
	// policies that show how to use tags to control access, see Control access using
	// IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in
	// the IAM User Guide.
	//
	// * Cost allocation - Use tags to help track which
	// individuals and teams are using which Amazon Web Services resources.
	//
	// * If any
	// one of the tags is invalid or if you exceed the allowed maximum number of tags,
	// then the entire request fails and the resource is not created. For more
	// information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	//
	// * Amazon Web Services always interprets the tag Value as a single
	// string. If you need to store an array, you can store comma-separated values in
	// the string. However, you must interpret the value in your code.
	TagServerCertificate(ctx context.Context, params *TagServerCertificateInput, optFns ...func(*Options)) (*TagServerCertificateOutput, error)
	// Adds one or more tags to an IAM user. If a tag with the same key name already
	// exists, then that tag is overwritten with the new value. A tag consists of a key
	// name and an associated value. By assigning tags to your resources, you can do
	// the following:
	//
	// * Administrative grouping and discovery - Attach tags to
	// resources to aid in organization and search. For example, you could search for
	// all resources with the key name Project and the value MyImportantProject. Or
	// search for all resources with the key name Cost Center and the value 41200.
	//
	// *
	// Access control - Include tags in IAM user-based and resource-based policies. You
	// can use tags to restrict access to only an IAM requesting user that has a
	// specified tag attached. You can also restrict access to only those resources
	// that have a certain tag attached. For examples of policies that show how to use
	// tags to control access, see Control access using IAM tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in the IAM
	// User Guide.
	//
	// * Cost allocation - Use tags to help track which individuals and
	// teams are using which Amazon Web Services resources.
	//
	// * If any one of the tags
	// is invalid or if you exceed the allowed maximum number of tags, then the entire
	// request fails and the resource is not created. For more information about
	// tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	//
	// * Amazon Web Services always interprets the tag Value as a single
	// string. If you need to store an array, you can store comma-separated values in
	// the string. However, you must interpret the value in your code.
	//
	// For more
	// information about tagging, see Tagging IAM identities
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	TagUser(ctx context.Context, params *TagUserInput, optFns ...func(*Options)) (*TagUserOutput, error)
	// Removes the specified tags from the IAM instance profile. For more information
	// about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	UntagInstanceProfile(ctx context.Context, params *UntagInstanceProfileInput, optFns ...func(*Options)) (*UntagInstanceProfileOutput, error)
	// Removes the specified tags from the IAM virtual multi-factor authentication
	// (MFA) device. For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	UntagMFADevice(ctx context.Context, params *UntagMFADeviceInput, optFns ...func(*Options)) (*UntagMFADeviceOutput, error)
	// Removes the specified tags from the specified OpenID Connect (OIDC)-compatible
	// identity provider in IAM. For more information about OIDC providers, see About
	// web identity federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html).
	// For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	UntagOpenIDConnectProvider(ctx context.Context, params *UntagOpenIDConnectProviderInput, optFns ...func(*Options)) (*UntagOpenIDConnectProviderOutput, error)
	// Removes the specified tags from the customer managed policy. For more
	// information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	UntagPolicy(ctx context.Context, params *UntagPolicyInput, optFns ...func(*Options)) (*UntagPolicyOutput, error)
	// Removes the specified tags from the role. For more information about tagging,
	// see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	UntagRole(ctx context.Context, params *UntagRoleInput, optFns ...func(*Options)) (*UntagRoleOutput, error)
	// Removes the specified tags from the specified Security Assertion Markup Language
	// (SAML) identity provider in IAM. For more information about these providers, see
	// About web identity federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html).
	// For more information about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	UntagSAMLProvider(ctx context.Context, params *UntagSAMLProviderInput, optFns ...func(*Options)) (*UntagSAMLProviderOutput, error)
	// Removes the specified tags from the IAM server certificate. For more information
	// about tagging, see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide. For certificates in a Region supported by Certificate Manager (ACM), we
	// recommend that you don't use IAM server certificates. Instead, use ACM to
	// provision, manage, and deploy your server certificates. For more information
	// about IAM server certificates, Working with server certificates
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
	// in the IAM User Guide.
	UntagServerCertificate(ctx context.Context, params *UntagServerCertificateInput, optFns ...func(*Options)) (*UntagServerCertificateOutput, error)
	// Removes the specified tags from the user. For more information about tagging,
	// see Tagging IAM resources
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User
	// Guide.
	UntagUser(ctx context.Context, params *UntagUserInput, optFns ...func(*Options)) (*UntagUserOutput, error)
	// Changes the status of the specified access key from Active to Inactive, or vice
	// versa. This operation can be used to disable a user's key as part of a key
	// rotation workflow. If the UserName is not specified, the user name is determined
	// implicitly based on the Amazon Web Services access key ID used to sign the
	// request. If a temporary access key is used, then UserName is required. If a
	// long-term key is assigned to the user, then UserName is not required. This
	// operation works for access keys under the Amazon Web Services account.
	// Consequently, you can use this operation to manage Amazon Web Services account
	// root user credentials even if the Amazon Web Services account has no associated
	// users. For information about rotating keys, see Managing keys and certificates
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html) in
	// the IAM User Guide.
	UpdateAccessKey(ctx context.Context, params *UpdateAccessKeyInput, optFns ...func(*Options)) (*UpdateAccessKeyOutput, error)
	// Updates the password policy settings for the Amazon Web Services account. This
	// operation does not support partial updates. No parameters are required, but if
	// you do not specify a parameter, that parameter's value reverts to its default
	// value. See the Request Parameters section for each parameter's default value.
	// Also note that some parameters do not allow the default parameter to be
	// explicitly set. Instead, to invoke the default value, do not include that
	// parameter when you invoke the operation. For more information about using a
	// password policy, see Managing an IAM password policy
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html)
	// in the IAM User Guide.
	UpdateAccountPasswordPolicy(ctx context.Context, params *UpdateAccountPasswordPolicyInput, optFns ...func(*Options)) (*UpdateAccountPasswordPolicyOutput, error)
	// Updates the policy that grants an IAM entity permission to assume a role. This
	// is typically referred to as the "role trust policy". For more information about
	// roles, see Using roles to delegate permissions and federate identities
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
	UpdateAssumeRolePolicy(ctx context.Context, params *UpdateAssumeRolePolicyInput, optFns ...func(*Options)) (*UpdateAssumeRolePolicyOutput, error)
	// Updates the name and/or the path of the specified IAM group. You should
	// understand the implications of changing a group's path or name. For more
	// information, see Renaming users and groups
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html)
	// in the IAM User Guide. The person making the request (the principal), must have
	// permission to change the role group with the old name and the new name. For
	// example, to change the group named Managers to MGRs, the principal must have a
	// policy that allows them to update both groups. If the principal has permission
	// to update the Managers group, but not the MGRs group, then the update fails. For
	// more information about permissions, see Access management
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html).
	UpdateGroup(ctx context.Context, params *UpdateGroupInput, optFns ...func(*Options)) (*UpdateGroupOutput, error)
	// Changes the password for the specified IAM user. You can use the CLI, the Amazon
	// Web Services API, or the Users page in the IAM console to change the password
	// for any IAM user. Use ChangePassword to change your own password in the My
	// Security Credentials page in the Amazon Web Services Management Console. For
	// more information about modifying passwords, see Managing passwords
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in
	// the IAM User Guide.
	UpdateLoginProfile(ctx context.Context, params *UpdateLoginProfileInput, optFns ...func(*Options)) (*UpdateLoginProfileOutput, error)
	// Replaces the existing list of server certificate thumbprints associated with an
	// OpenID Connect (OIDC) provider resource object with a new list of thumbprints.
	// The list that you pass with this operation completely replaces the existing list
	// of thumbprints. (The lists are not merged.) Typically, you need to update a
	// thumbprint only when the identity provider certificate changes, which occurs
	// rarely. However, if the provider's certificate does change, any attempt to
	// assume an IAM role that specifies the OIDC provider as a principal fails until
	// the certificate thumbprint is updated. Amazon Web Services secures communication
	// with some OIDC identity providers (IdPs) through our library of trusted
	// certificate authorities (CAs) instead of using a certificate thumbprint to
	// verify your IdP server certificate. These OIDC IdPs include Google, Auth0, and
	// those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint.
	// In these cases, your legacy thumbprint remains in your configuration, but is no
	// longer used for validation. Trust for the OIDC provider is derived from the
	// provider certificate and is validated by the thumbprint. Therefore, it is best
	// to limit access to the UpdateOpenIDConnectProviderThumbprint operation to highly
	// privileged users.
	UpdateOpenIDConnectProviderThumbprint(ctx context.Context, params *UpdateOpenIDConnectProviderThumbprintInput, optFns ...func(*Options)) (*UpdateOpenIDConnectProviderThumbprintOutput, error)
	// Updates the description or maximum session duration setting of a role.
	UpdateRole(ctx context.Context, params *UpdateRoleInput, optFns ...func(*Options)) (*UpdateRoleOutput, error)
	// Use UpdateRole instead. Modifies only the description of a role. This operation
	// performs the same function as the Description parameter in the UpdateRole
	// operation.
	UpdateRoleDescription(ctx context.Context, params *UpdateRoleDescriptionInput, optFns ...func(*Options)) (*UpdateRoleDescriptionOutput, error)
	// Updates the metadata document for an existing SAML provider resource object.
	// This operation requires Signature Version 4
	// (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
	UpdateSAMLProvider(ctx context.Context, params *UpdateSAMLProviderInput, optFns ...func(*Options)) (*UpdateSAMLProviderOutput, error)
	// Sets the status of an IAM user's SSH public key to active or inactive. SSH
	// public keys that are inactive cannot be used for authentication. This operation
	// can be used to disable a user's SSH public key as part of a key rotation work
	// flow. The SSH public key affected by this operation is used only for
	// authenticating the associated IAM user to an CodeCommit repository. For more
	// information about using SSH keys to authenticate to an CodeCommit repository,
	// see Set up CodeCommit for SSH connections
	// (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
	// in the CodeCommit User Guide.
	UpdateSSHPublicKey(ctx context.Context, params *UpdateSSHPublicKeyInput, optFns ...func(*Options)) (*UpdateSSHPublicKeyOutput, error)
	// Updates the name and/or the path of the specified server certificate stored in
	// IAM. For more information about working with server certificates, see Working
	// with server certificates
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
	// in the IAM User Guide. This topic also includes a list of Amazon Web Services
	// services that can use the server certificates that you manage with IAM. You
	// should understand the implications of changing a server certificate's path or
	// name. For more information, see Renaming a server certificate
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts)
	// in the IAM User Guide. The person making the request (the principal), must have
	// permission to change the server certificate with the old name and the new name.
	// For example, to change the certificate named ProductionCert to ProdCert, the
	// principal must have a policy that allows them to update both certificates. If
	// the principal has permission to update the ProductionCert group, but not the
	// ProdCert certificate, then the update fails. For more information about
	// permissions, see Access management
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the IAM User
	// Guide.
	UpdateServerCertificate(ctx context.Context, params *UpdateServerCertificateInput, optFns ...func(*Options)) (*UpdateServerCertificateOutput, error)
	// Sets the status of a service-specific credential to Active or Inactive.
	// Service-specific credentials that are inactive cannot be used for authentication
	// to the service. This operation can be used to disable a user's service-specific
	// credential as part of a credential rotation work flow.
	UpdateServiceSpecificCredential(ctx context.Context, params *UpdateServiceSpecificCredentialInput, optFns ...func(*Options)) (*UpdateServiceSpecificCredentialOutput, error)
	// Changes the status of the specified user signing certificate from active to
	// disabled, or vice versa. This operation can be used to disable an IAM user's
	// signing certificate as part of a certificate rotation work flow. If the UserName
	// field is not specified, the user name is determined implicitly based on the
	// Amazon Web Services access key ID used to sign the request. This operation works
	// for access keys under the Amazon Web Services account. Consequently, you can use
	// this operation to manage Amazon Web Services account root user credentials even
	// if the Amazon Web Services account has no associated users.
	UpdateSigningCertificate(ctx context.Context, params *UpdateSigningCertificateInput, optFns ...func(*Options)) (*UpdateSigningCertificateOutput, error)
	// Updates the name and/or the path of the specified IAM user. You should
	// understand the implications of changing an IAM user's path or name. For more
	// information, see Renaming an IAM user
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming)
	// and Renaming an IAM group
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html)
	// in the IAM User Guide. To change a user name, the requester must have
	// appropriate permissions on both the source object and the target object. For
	// example, to change Bob to Robert, the entity making the request must have
	// permission on Bob and Robert, or must have permission on all (*). For more
	// information about permissions, see Permissions and policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html).
	UpdateUser(ctx context.Context, params *UpdateUserInput, optFns ...func(*Options)) (*UpdateUserOutput, error)
	// Uploads an SSH public key and associates it with the specified IAM user. The SSH
	// public key uploaded by this operation can be used only for authenticating the
	// associated IAM user to an CodeCommit repository. For more information about
	// using SSH keys to authenticate to an CodeCommit repository, see Set up
	// CodeCommit for SSH connections
	// (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
	// in the CodeCommit User Guide.
	UploadSSHPublicKey(ctx context.Context, params *UploadSSHPublicKeyInput, optFns ...func(*Options)) (*UploadSSHPublicKeyOutput, error)
	// Uploads a server certificate entity for the Amazon Web Services account. The
	// server certificate entity includes a public key certificate, a private key, and
	// an optional certificate chain, which should all be PEM-encoded. We recommend
	// that you use Certificate Manager (https://docs.aws.amazon.com/acm/) to
	// provision, manage, and deploy your server certificates. With ACM you can request
	// a certificate, deploy it to Amazon Web Services resources, and let ACM handle
	// certificate renewals for you. Certificates provided by ACM are free. For more
	// information about using ACM, see the Certificate Manager User Guide
	// (https://docs.aws.amazon.com/acm/latest/userguide/). For more information about
	// working with server certificates, see Working with server certificates
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
	// in the IAM User Guide. This topic includes a list of Amazon Web Services
	// services that can use the server certificates that you manage with IAM. For
	// information about the number of server certificates you can upload, see IAM and
	// STS quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in
	// the IAM User Guide. Because the body of the public key certificate, private key,
	// and the certificate chain can be large, you should use POST rather than GET when
	// calling UploadServerCertificate. For information about setting up signatures and
	// authorization through the API, see Signing Amazon Web Services API requests
	// (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) in
	// the Amazon Web Services General Reference. For general information about using
	// the Query API with IAM, see Calling the API by making HTTP query requests
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) in the IAM
	// User Guide.
	UploadServerCertificate(ctx context.Context, params *UploadServerCertificateInput, optFns ...func(*Options)) (*UploadServerCertificateOutput, error)
	// Uploads an X.509 signing certificate and associates it with the specified IAM
	// user. Some Amazon Web Services services require you to use certificates to
	// validate requests that are signed with a corresponding private key. When you
	// upload the certificate, its default status is Active. For information about when
	// you would use an X.509 signing certificate, see Managing server certificates in
	// IAM
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
	// in the IAM User Guide. If the UserName is not specified, the IAM user name is
	// determined implicitly based on the Amazon Web Services access key ID used to
	// sign the request. This operation works for access keys under the Amazon Web
	// Services account. Consequently, you can use this operation to manage Amazon Web
	// Services account root user credentials even if the Amazon Web Services account
	// has no associated users. Because the body of an X.509 certificate can be large,
	// you should use POST rather than GET when calling UploadSigningCertificate. For
	// information about setting up signatures and authorization through the API, see
	// Signing Amazon Web Services API requests
	// (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) in
	// the Amazon Web Services General Reference. For general information about using
	// the Query API with IAM, see Making query requests
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) in the
	// IAM User Guide.
	UploadSigningCertificate(ctx context.Context, params *UploadSigningCertificateInput, optFns ...func(*Options)) (*UploadSigningCertificateOutput, error)
}

IAM provides an interface to the AWS IAM service.

type Outposts added in v0.112.0

type Outposts interface {
	// Cancels the specified order for an Outpost.
	CancelOrder(ctx context.Context, params *CancelOrderInput, optFns ...func(*Options)) (*CancelOrderOutput, error)
	// Creates an order for an Outpost.
	CreateOrder(ctx context.Context, params *CreateOrderInput, optFns ...func(*Options)) (*CreateOrderOutput, error)
	// Creates an Outpost. You can specify either an Availability one or an AZ ID.
	CreateOutpost(ctx context.Context, params *CreateOutpostInput, optFns ...func(*Options)) (*CreateOutpostOutput, error)
	// Creates a site for an Outpost.
	CreateSite(ctx context.Context, params *CreateSiteInput, optFns ...func(*Options)) (*CreateSiteOutput, error)
	// Deletes the specified Outpost.
	DeleteOutpost(ctx context.Context, params *DeleteOutpostInput, optFns ...func(*Options)) (*DeleteOutpostOutput, error)
	// Deletes the specified site.
	DeleteSite(ctx context.Context, params *DeleteSiteInput, optFns ...func(*Options)) (*DeleteSiteOutput, error)
	// Gets information about the specified catalog item.
	GetCatalogItem(ctx context.Context, params *GetCatalogItemInput, optFns ...func(*Options)) (*GetCatalogItemOutput, error)
	// Amazon Web Services uses this action to install Outpost servers. Gets
	// information about the specified connection. Use CloudTrail to monitor this
	// action or Amazon Web Services managed policy for Amazon Web Services Outposts to
	// secure it. For more information, see  Amazon Web Services managed policies for
	// Amazon Web Services Outposts
	// (https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html)
	// and  Logging Amazon Web Services Outposts API calls with Amazon Web Services
	// CloudTrail
	// (https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html)
	// in the Amazon Web Services Outposts User Guide.
	GetConnection(ctx context.Context, params *GetConnectionInput, optFns ...func(*Options)) (*GetConnectionOutput, error)
	// Gets information about the specified order.
	GetOrder(ctx context.Context, params *GetOrderInput, optFns ...func(*Options)) (*GetOrderOutput, error)
	// Gets information about the specified Outpost.
	GetOutpost(ctx context.Context, params *GetOutpostInput, optFns ...func(*Options)) (*GetOutpostOutput, error)
	// Gets the instance types for the specified Outpost.
	GetOutpostInstanceTypes(ctx context.Context, params *GetOutpostInstanceTypesInput, optFns ...func(*Options)) (*GetOutpostInstanceTypesOutput, error)
	// Gets information about the specified Outpost site.
	GetSite(ctx context.Context, params *GetSiteInput, optFns ...func(*Options)) (*GetSiteOutput, error)
	// Gets the site address of the specified site.
	GetSiteAddress(ctx context.Context, params *GetSiteAddressInput, optFns ...func(*Options)) (*GetSiteAddressOutput, error)
	// Lists the hardware assets for the specified Outpost. Use filters to return
	// specific results. If you specify multiple filters, the results include only the
	// resources that match all of the specified filters. For a filter where you can
	// specify multiple values, the results include items that match any of the values
	// that you specify for the filter.
	ListAssets(ctx context.Context, params *ListAssetsInput, optFns ...func(*Options)) (*ListAssetsOutput, error)
	// Lists the items in the catalog. Use filters to return specific results. If you
	// specify multiple filters, the results include only the resources that match all
	// of the specified filters. For a filter where you can specify multiple values,
	// the results include items that match any of the values that you specify for the
	// filter.
	ListCatalogItems(ctx context.Context, params *ListCatalogItemsInput, optFns ...func(*Options)) (*ListCatalogItemsOutput, error)
	// Lists the Outpost orders for your Amazon Web Services account.
	ListOrders(ctx context.Context, params *ListOrdersInput, optFns ...func(*Options)) (*ListOrdersOutput, error)
	// Lists the Outposts for your Amazon Web Services account. Use filters to return
	// specific results. If you specify multiple filters, the results include only the
	// resources that match all of the specified filters. For a filter where you can
	// specify multiple values, the results include items that match any of the values
	// that you specify for the filter.
	ListOutposts(ctx context.Context, params *ListOutpostsInput, optFns ...func(*Options)) (*ListOutpostsOutput, error)
	// Lists the Outpost sites for your Amazon Web Services account. Use filters to
	// return specific results. Use filters to return specific results. If you specify
	// multiple filters, the results include only the resources that match all of the
	// specified filters. For a filter where you can specify multiple values, the
	// results include items that match any of the values that you specify for the
	// filter.
	ListSites(ctx context.Context, params *ListSitesInput, optFns ...func(*Options)) (*ListSitesOutput, error)
	// Lists the tags for the specified resource.
	ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
	// Amazon Web Services uses this action to install Outpost servers. Starts the
	// connection required for Outpost server installation. Use CloudTrail to monitor
	// this action or Amazon Web Services managed policy for Amazon Web Services
	// Outposts to secure it. For more information, see  Amazon Web Services managed
	// policies for Amazon Web Services Outposts
	// (https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html)
	// and  Logging Amazon Web Services Outposts API calls with Amazon Web Services
	// CloudTrail
	// (https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html)
	// in the Amazon Web Services Outposts User Guide.
	StartConnection(ctx context.Context, params *StartConnectionInput, optFns ...func(*Options)) (*StartConnectionOutput, error)
	// Adds tags to the specified resource.
	TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
	// Removes tags from the specified resource.
	UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
	// Updates an Outpost.
	UpdateOutpost(ctx context.Context, params *UpdateOutpostInput, optFns ...func(*Options)) (*UpdateOutpostOutput, error)
	// Updates the specified site.
	UpdateSite(ctx context.Context, params *UpdateSiteInput, optFns ...func(*Options)) (*UpdateSiteOutput, error)
	// Updates the address of the specified site. You can't update a site address if
	// there is an order in progress. You must wait for the order to complete or cancel
	// the order. You can update the operating address before you place an order at the
	// site, or after all Outposts that belong to the site have been deactivated.
	UpdateSiteAddress(ctx context.Context, params *UpdateSiteAddressInput, optFns ...func(*Options)) (*UpdateSiteAddressOutput, error)
	// Update the physical and logistical details for a rack at a site. For more
	// information about hardware requirements for racks, see Network readiness
	// checklist
	// (https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#checklist)
	// in the Amazon Web Services Outposts User Guide. To update a rack at a site with
	// an order of IN_PROGRESS, you must wait for the order to complete or cancel the
	// order.
	UpdateSiteRackPhysicalProperties(ctx context.Context, params *UpdateSiteRackPhysicalPropertiesInput, optFns ...func(*Options)) (*UpdateSiteRackPhysicalPropertiesOutput, error)
}

Outposts provides an interface to the AWS Outposts service.

type SSM added in v0.91.0

type SSM interface {
	// Adds or overwrites one or more tags for the specified resource. Tags are
	// metadata that you can assign to your automations, documents, managed nodes,
	// maintenance windows, Parameter Store parameters, and patch baselines. Tags
	// enable you to categorize your resources in different ways, for example, by
	// purpose, owner, or environment. Each tag consists of a key and an optional
	// value, both of which you define. For example, you could define a set of tags for
	// your account's managed nodes that helps you track each node's owner and stack
	// level. For example:
	//
	// * Key=Owner,Value=DbAdmin
	//
	// * Key=Owner,Value=SysAdmin
	//
	// *
	// Key=Owner,Value=Dev
	//
	// * Key=Stack,Value=Production
	//
	// *
	// Key=Stack,Value=Pre-Production
	//
	// * Key=Stack,Value=Test
	//
	// Most resources can have
	// a maximum of 50 tags. Automations can have a maximum of 5 tags. We recommend
	// that you devise a set of tag keys that meets your needs for each resource type.
	// Using a consistent set of tag keys makes it easier for you to manage your
	// resources. You can search and filter the resources based on the tags you add.
	// Tags don't have any semantic meaning to and are interpreted strictly as a string
	// of characters. For more information about using tags with Amazon Elastic Compute
	// Cloud (Amazon EC2) instances, see Tagging your Amazon EC2 resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon EC2 User Guide.
	AddTagsToResource(ctx context.Context, params *AddTagsToResourceInput, optFns ...func(*Options)) (*AddTagsToResourceOutput, error)
	// Associates a related item to a Systems Manager OpsCenter OpsItem. For example,
	// you can associate an Incident Manager incident or analysis with an OpsItem.
	// Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems
	// Manager.
	AssociateOpsItemRelatedItem(ctx context.Context, params *AssociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*AssociateOpsItemRelatedItemOutput, error)
	// Attempts to cancel the command specified by the Command ID. There is no
	// guarantee that the command will be terminated and the underlying process
	// stopped.
	CancelCommand(ctx context.Context, params *CancelCommandInput, optFns ...func(*Options)) (*CancelCommandOutput, error)
	// Stops a maintenance window execution that is already in progress and cancels any
	// tasks in the window that haven't already starting running. Tasks already in
	// progress will continue to completion.
	CancelMaintenanceWindowExecution(ctx context.Context, params *CancelMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*CancelMaintenanceWindowExecutionOutput, error)
	// Generates an activation code and activation ID you can use to register your
	// on-premises servers, edge devices, or virtual machine (VM) with Amazon Web
	// Services Systems Manager. Registering these machines with Systems Manager makes
	// it possible to manage them using Systems Manager capabilities. You use the
	// activation code and ID when installing SSM Agent on machines in your hybrid
	// environment. For more information about requirements for managing on-premises
	// machines using Systems Manager, see Setting up Amazon Web Services Systems
	// Manager for hybrid environments
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html)
	// in the Amazon Web Services Systems Manager User Guide. Amazon Elastic Compute
	// Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that
	// are configured for Systems Manager are all called managed nodes.
	CreateActivation(ctx context.Context, params *CreateActivationInput, optFns ...func(*Options)) (*CreateActivationOutput, error)
	// A State Manager association defines the state that you want to maintain on your
	// managed nodes. For example, an association can specify that anti-virus software
	// must be installed and running on your managed nodes, or that certain ports must
	// be closed. For static targets, the association specifies a schedule for when the
	// configuration is reapplied. For dynamic targets, such as an Amazon Web Services
	// resource group or an Amazon Web Services autoscaling group, State Manager, a
	// capability of Amazon Web Services Systems Manager applies the configuration when
	// new managed nodes are added to the group. The association also specifies actions
	// to take when applying the configuration. For example, an association for
	// anti-virus software might run once a day. If the software isn't installed, then
	// State Manager installs it. If the software is installed, but the service isn't
	// running, then the association might instruct State Manager to start the service.
	CreateAssociation(ctx context.Context, params *CreateAssociationInput, optFns ...func(*Options)) (*CreateAssociationOutput, error)
	// Associates the specified Amazon Web Services Systems Manager document (SSM
	// document) with the specified managed nodes or targets. When you associate a
	// document with one or more managed nodes using IDs or tags, Amazon Web Services
	// Systems Manager Agent (SSM Agent) running on the managed node processes the
	// document and configures the node as specified. If you associate a document with
	// a managed node that already has an associated document, the system returns the
	// AssociationAlreadyExists exception.
	CreateAssociationBatch(ctx context.Context, params *CreateAssociationBatchInput, optFns ...func(*Options)) (*CreateAssociationBatchOutput, error)
	// Creates a Amazon Web Services Systems Manager (SSM document). An SSM document
	// defines the actions that Systems Manager performs on your managed nodes. For
	// more information about SSM documents, including information about supported
	// schemas, features, and syntax, see Amazon Web Services Systems Manager Documents
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html)
	// in the Amazon Web Services Systems Manager User Guide.
	CreateDocument(ctx context.Context, params *CreateDocumentInput, optFns ...func(*Options)) (*CreateDocumentOutput, error)
	// Creates a new maintenance window. The value you specify for Duration determines
	// the specific end time for the maintenance window based on the time it begins. No
	// maintenance window tasks are permitted to start after the resulting endtime
	// minus the number of hours you specify for Cutoff. For example, if the
	// maintenance window starts at 3 PM, the duration is three hours, and the value
	// you specify for Cutoff is one hour, no maintenance window tasks can start after
	// 5 PM.
	CreateMaintenanceWindow(ctx context.Context, params *CreateMaintenanceWindowInput, optFns ...func(*Options)) (*CreateMaintenanceWindowOutput, error)
	// Creates a new OpsItem. You must have permission in Identity and Access
	// Management (IAM) to create a new OpsItem. For more information, see Getting
	// started with OpsCenter
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
	// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
	// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
	// investigate, and remediate operational issues impacting the performance and
	// health of their Amazon Web Services resources. For more information, see Amazon
	// Web Services Systems Manager OpsCenter
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) in
	// the Amazon Web Services Systems Manager User Guide.
	CreateOpsItem(ctx context.Context, params *CreateOpsItemInput, optFns ...func(*Options)) (*CreateOpsItemOutput, error)
	// If you create a new application in Application Manager, Amazon Web Services
	// Systems Manager calls this API operation to specify information about the new
	// application, including the application type.
	CreateOpsMetadata(ctx context.Context, params *CreateOpsMetadataInput, optFns ...func(*Options)) (*CreateOpsMetadataOutput, error)
	// Creates a patch baseline. For information about valid key-value pairs in
	// PatchFilters for each supported operating system type, see PatchFilter.
	CreatePatchBaseline(ctx context.Context, params *CreatePatchBaselineInput, optFns ...func(*Options)) (*CreatePatchBaselineOutput, error)
	// A resource data sync helps you view data from multiple sources in a single
	// location. Amazon Web Services Systems Manager offers two types of resource data
	// sync: SyncToDestination and SyncFromSource. You can configure Systems Manager
	// Inventory to use the SyncToDestination type to synchronize Inventory data from
	// multiple Amazon Web Services Regions to a single Amazon Simple Storage Service
	// (Amazon S3) bucket. For more information, see Configuring resource data sync for
	// Inventory
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-datasync.html)
	// in the Amazon Web Services Systems Manager User Guide. You can configure Systems
	// Manager Explorer to use the SyncFromSource type to synchronize operational work
	// items (OpsItems) and operational data (OpsData) from multiple Amazon Web
	// Services Regions to a single Amazon S3 bucket. This type can synchronize
	// OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web
	// Services Regions or EntireOrganization by using Organizations. For more
	// information, see Setting up Systems Manager Explorer to display data from
	// multiple accounts and Regions
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer-resource-data-sync.html)
	// in the Amazon Web Services Systems Manager User Guide. A resource data sync is
	// an asynchronous operation that returns immediately. After a successful initial
	// sync is completed, the system continuously syncs data. To check the status of a
	// sync, use the ListResourceDataSync. By default, data isn't encrypted in Amazon
	// S3. We strongly recommend that you enable encryption in Amazon S3 to ensure
	// secure data storage. We also recommend that you secure access to the Amazon S3
	// bucket by creating a restrictive bucket policy.
	CreateResourceDataSync(ctx context.Context, params *CreateResourceDataSyncInput, optFns ...func(*Options)) (*CreateResourceDataSyncOutput, error)
	// Deletes an activation. You aren't required to delete an activation. If you
	// delete an activation, you can no longer use it to register additional managed
	// nodes. Deleting an activation doesn't de-register managed nodes. You must
	// manually de-register managed nodes.
	DeleteActivation(ctx context.Context, params *DeleteActivationInput, optFns ...func(*Options)) (*DeleteActivationOutput, error)
	// Disassociates the specified Amazon Web Services Systems Manager document (SSM
	// document) from the specified managed node. If you created the association by
	// using the Targets parameter, then you must delete the association by using the
	// association ID. When you disassociate a document from a managed node, it doesn't
	// change the configuration of the node. To change the configuration state of a
	// managed node after you disassociate a document, you must create a new document
	// with the desired configuration and associate it with the node.
	DeleteAssociation(ctx context.Context, params *DeleteAssociationInput, optFns ...func(*Options)) (*DeleteAssociationOutput, error)
	// Deletes the Amazon Web Services Systems Manager document (SSM document) and all
	// managed node associations to the document. Before you delete the document, we
	// recommend that you use DeleteAssociation to disassociate all managed nodes that
	// are associated with the document.
	DeleteDocument(ctx context.Context, params *DeleteDocumentInput, optFns ...func(*Options)) (*DeleteDocumentOutput, error)
	// Delete a custom inventory type or the data associated with a custom Inventory
	// type. Deleting a custom inventory type is also referred to as deleting a custom
	// inventory schema.
	DeleteInventory(ctx context.Context, params *DeleteInventoryInput, optFns ...func(*Options)) (*DeleteInventoryOutput, error)
	// Deletes a maintenance window.
	DeleteMaintenanceWindow(ctx context.Context, params *DeleteMaintenanceWindowInput, optFns ...func(*Options)) (*DeleteMaintenanceWindowOutput, error)
	// Delete OpsMetadata related to an application.
	DeleteOpsMetadata(ctx context.Context, params *DeleteOpsMetadataInput, optFns ...func(*Options)) (*DeleteOpsMetadataOutput, error)
	// Delete a parameter from the system. After deleting a parameter, wait for at
	// least 30 seconds to create a parameter with the same name.
	DeleteParameter(ctx context.Context, params *DeleteParameterInput, optFns ...func(*Options)) (*DeleteParameterOutput, error)
	// Delete a list of parameters. After deleting a parameter, wait for at least 30
	// seconds to create a parameter with the same name.
	DeleteParameters(ctx context.Context, params *DeleteParametersInput, optFns ...func(*Options)) (*DeleteParametersOutput, error)
	// Deletes a patch baseline.
	DeletePatchBaseline(ctx context.Context, params *DeletePatchBaselineInput, optFns ...func(*Options)) (*DeletePatchBaselineOutput, error)
	// Deletes a resource data sync configuration. After the configuration is deleted,
	// changes to data on managed nodes are no longer synced to or from the target.
	// Deleting a sync configuration doesn't delete data.
	DeleteResourceDataSync(ctx context.Context, params *DeleteResourceDataSyncInput, optFns ...func(*Options)) (*DeleteResourceDataSyncOutput, error)
	// Deletes a Systems Manager resource policy. A resource policy helps you to define
	// the IAM entity (for example, an Amazon Web Services account) that can manage
	// your Systems Manager resources. Currently, OpsItemGroup is the only resource
	// that supports Systems Manager resource policies. The resource policy for
	// OpsItemGroup enables Amazon Web Services accounts to view and interact with
	// OpsCenter operational work items (OpsItems).
	DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
	// Removes the server or virtual machine from the list of registered servers. You
	// can reregister the node again at any time. If you don't plan to use Run Command
	// on the server, we suggest uninstalling SSM Agent first.
	DeregisterManagedInstance(ctx context.Context, params *DeregisterManagedInstanceInput, optFns ...func(*Options)) (*DeregisterManagedInstanceOutput, error)
	// Removes a patch group from a patch baseline.
	DeregisterPatchBaselineForPatchGroup(ctx context.Context, params *DeregisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*DeregisterPatchBaselineForPatchGroupOutput, error)
	// Removes a target from a maintenance window.
	DeregisterTargetFromMaintenanceWindow(ctx context.Context, params *DeregisterTargetFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTargetFromMaintenanceWindowOutput, error)
	// Removes a task from a maintenance window.
	DeregisterTaskFromMaintenanceWindow(ctx context.Context, params *DeregisterTaskFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTaskFromMaintenanceWindowOutput, error)
	// Describes details about the activation, such as the date and time the activation
	// was created, its expiration date, the Identity and Access Management (IAM) role
	// assigned to the managed nodes in the activation, and the number of nodes
	// registered by using this activation.
	DescribeActivations(ctx context.Context, params *DescribeActivationsInput, optFns ...func(*Options)) (*DescribeActivationsOutput, error)
	// Describes the association for the specified target or managed node. If you
	// created the association by using the Targets parameter, then you must retrieve
	// the association by using the association ID.
	DescribeAssociation(ctx context.Context, params *DescribeAssociationInput, optFns ...func(*Options)) (*DescribeAssociationOutput, error)
	// Views information about a specific execution of a specific association.
	DescribeAssociationExecutionTargets(ctx context.Context, params *DescribeAssociationExecutionTargetsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionTargetsOutput, error)
	// Views all executions for a specific association ID.
	DescribeAssociationExecutions(ctx context.Context, params *DescribeAssociationExecutionsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionsOutput, error)
	// Provides details about all active and terminated Automation executions.
	DescribeAutomationExecutions(ctx context.Context, params *DescribeAutomationExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationExecutionsOutput, error)
	// Information about all active and terminated step executions in an Automation
	// workflow.
	DescribeAutomationStepExecutions(ctx context.Context, params *DescribeAutomationStepExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationStepExecutionsOutput, error)
	// Lists all patches eligible to be included in a patch baseline.
	DescribeAvailablePatches(ctx context.Context, params *DescribeAvailablePatchesInput, optFns ...func(*Options)) (*DescribeAvailablePatchesOutput, error)
	// Describes the specified Amazon Web Services Systems Manager document (SSM
	// document).
	DescribeDocument(ctx context.Context, params *DescribeDocumentInput, optFns ...func(*Options)) (*DescribeDocumentOutput, error)
	// Describes the permissions for a Amazon Web Services Systems Manager document
	// (SSM document). If you created the document, you are the owner. If a document is
	// shared, it can either be shared privately (by specifying a user's Amazon Web
	// Services account ID) or publicly (All).
	DescribeDocumentPermission(ctx context.Context, params *DescribeDocumentPermissionInput, optFns ...func(*Options)) (*DescribeDocumentPermissionOutput, error)
	// All associations for the managed node(s).
	DescribeEffectiveInstanceAssociations(ctx context.Context, params *DescribeEffectiveInstanceAssociationsInput, optFns ...func(*Options)) (*DescribeEffectiveInstanceAssociationsOutput, error)
	// Retrieves the current effective patches (the patch and the approval state) for
	// the specified patch baseline. Applies to patch baselines for Windows only.
	DescribeEffectivePatchesForPatchBaseline(ctx context.Context, params *DescribeEffectivePatchesForPatchBaselineInput, optFns ...func(*Options)) (*DescribeEffectivePatchesForPatchBaselineOutput, error)
	// The status of the associations for the managed node(s).
	DescribeInstanceAssociationsStatus(ctx context.Context, params *DescribeInstanceAssociationsStatusInput, optFns ...func(*Options)) (*DescribeInstanceAssociationsStatusOutput, error)
	// Describes one or more of your managed nodes, including information about the
	// operating system platform, the version of SSM Agent installed on the managed
	// node, node status, and so on. If you specify one or more managed node IDs, it
	// returns information for those managed nodes. If you don't specify node IDs, it
	// returns information for all your managed nodes. If you specify a node ID that
	// isn't valid or a node that you don't own, you receive an error. The IamRole
	// field for this API operation is the Identity and Access Management (IAM) role
	// assigned to on-premises managed nodes. This call doesn't return the IAM role for
	// EC2 instances.
	DescribeInstanceInformation(ctx context.Context, params *DescribeInstanceInformationInput, optFns ...func(*Options)) (*DescribeInstanceInformationOutput, error)
	// Retrieves the high-level patch state of one or more managed nodes.
	DescribeInstancePatchStates(ctx context.Context, params *DescribeInstancePatchStatesInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesOutput, error)
	// Retrieves the high-level patch state for the managed nodes in the specified
	// patch group.
	DescribeInstancePatchStatesForPatchGroup(ctx context.Context, params *DescribeInstancePatchStatesForPatchGroupInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesForPatchGroupOutput, error)
	// Retrieves information about the patches on the specified managed node and their
	// state relative to the patch baseline being used for the node.
	DescribeInstancePatches(ctx context.Context, params *DescribeInstancePatchesInput, optFns ...func(*Options)) (*DescribeInstancePatchesOutput, error)
	// Describes a specific delete inventory operation.
	DescribeInventoryDeletions(ctx context.Context, params *DescribeInventoryDeletionsInput, optFns ...func(*Options)) (*DescribeInventoryDeletionsOutput, error)
	// Retrieves the individual task executions (one per target) for a particular task
	// run as part of a maintenance window execution.
	DescribeMaintenanceWindowExecutionTaskInvocations(ctx context.Context, params *DescribeMaintenanceWindowExecutionTaskInvocationsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTaskInvocationsOutput, error)
	// For a given maintenance window execution, lists the tasks that were run.
	DescribeMaintenanceWindowExecutionTasks(ctx context.Context, params *DescribeMaintenanceWindowExecutionTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTasksOutput, error)
	// Lists the executions of a maintenance window. This includes information about
	// when the maintenance window was scheduled to be active, and information about
	// tasks registered and run with the maintenance window.
	DescribeMaintenanceWindowExecutions(ctx context.Context, params *DescribeMaintenanceWindowExecutionsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionsOutput, error)
	// Retrieves information about upcoming executions of a maintenance window.
	DescribeMaintenanceWindowSchedule(ctx context.Context, params *DescribeMaintenanceWindowScheduleInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowScheduleOutput, error)
	// Lists the targets registered with the maintenance window.
	DescribeMaintenanceWindowTargets(ctx context.Context, params *DescribeMaintenanceWindowTargetsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTargetsOutput, error)
	// Lists the tasks in a maintenance window. For maintenance window tasks without a
	// specified target, you can't supply values for --max-errors and
	// --max-concurrency. Instead, the system inserts a placeholder value of 1, which
	// may be reported in the response to this command. These values don't affect the
	// running of your task and can be ignored.
	DescribeMaintenanceWindowTasks(ctx context.Context, params *DescribeMaintenanceWindowTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTasksOutput, error)
	// Retrieves the maintenance windows in an Amazon Web Services account.
	DescribeMaintenanceWindows(ctx context.Context, params *DescribeMaintenanceWindowsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsOutput, error)
	// Retrieves information about the maintenance window targets or tasks that a
	// managed node is associated with.
	DescribeMaintenanceWindowsForTarget(ctx context.Context, params *DescribeMaintenanceWindowsForTargetInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsForTargetOutput, error)
	// Query a set of OpsItems. You must have permission in Identity and Access
	// Management (IAM) to query a list of OpsItems. For more information, see Getting
	// started with OpsCenter
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
	// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
	// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
	// investigate, and remediate operational issues impacting the performance and
	// health of their Amazon Web Services resources. For more information, see
	// OpsCenter
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) in
	// the Amazon Web Services Systems Manager User Guide.
	DescribeOpsItems(ctx context.Context, params *DescribeOpsItemsInput, optFns ...func(*Options)) (*DescribeOpsItemsOutput, error)
	// Get information about a parameter. Request results are returned on a best-effort
	// basis. If you specify MaxResults in the request, the response includes
	// information up to the limit specified. The number of items returned, however,
	// can be between zero and the value of MaxResults. If the service reaches an
	// internal limit while processing the results, it stops the operation and returns
	// the matching values up to that point and a NextToken. You can specify the
	// NextToken in a subsequent call to get the next set of results. If you change the
	// KMS key alias for the KMS key used to encrypt a parameter, then you must also
	// update the key alias the parameter uses to reference KMS. Otherwise,
	// DescribeParameters retrieves whatever the original key alias was referencing.
	DescribeParameters(ctx context.Context, params *DescribeParametersInput, optFns ...func(*Options)) (*DescribeParametersOutput, error)
	// Lists the patch baselines in your Amazon Web Services account.
	DescribePatchBaselines(ctx context.Context, params *DescribePatchBaselinesInput, optFns ...func(*Options)) (*DescribePatchBaselinesOutput, error)
	// Returns high-level aggregated patch compliance state information for a patch
	// group.
	DescribePatchGroupState(ctx context.Context, params *DescribePatchGroupStateInput, optFns ...func(*Options)) (*DescribePatchGroupStateOutput, error)
	// Lists all patch groups that have been registered with patch baselines.
	DescribePatchGroups(ctx context.Context, params *DescribePatchGroupsInput, optFns ...func(*Options)) (*DescribePatchGroupsOutput, error)
	// Lists the properties of available patches organized by product, product family,
	// classification, severity, and other properties of available patches. You can use
	// the reported properties in the filters you specify in requests for operations
	// such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and
	// DescribePatchBaselines. The following section lists the properties that can be
	// used in filters for each major operating system type: AMAZON_LINUX Valid
	// properties: PRODUCT | CLASSIFICATION | SEVERITY AMAZON_LINUX_2 Valid properties:
	// PRODUCT | CLASSIFICATION | SEVERITY CENTOS Valid properties: PRODUCT |
	// CLASSIFICATION | SEVERITY DEBIAN Valid properties: PRODUCT | PRIORITY MACOS
	// Valid properties: PRODUCT | CLASSIFICATION ORACLE_LINUX Valid properties:
	// PRODUCT | CLASSIFICATION | SEVERITY REDHAT_ENTERPRISE_LINUX Valid properties:
	// PRODUCT | CLASSIFICATION | SEVERITY SUSE Valid properties: PRODUCT |
	// CLASSIFICATION | SEVERITY UBUNTU Valid properties: PRODUCT | PRIORITY WINDOWS
	// Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | MSRC_SEVERITY
	DescribePatchProperties(ctx context.Context, params *DescribePatchPropertiesInput, optFns ...func(*Options)) (*DescribePatchPropertiesOutput, error)
	// Retrieves a list of all active sessions (both connected and disconnected) or
	// terminated sessions from the past 30 days.
	DescribeSessions(ctx context.Context, params *DescribeSessionsInput, optFns ...func(*Options)) (*DescribeSessionsOutput, error)
	// Deletes the association between an OpsItem and a related item. For example, this
	// API operation can delete an Incident Manager incident from an OpsItem. Incident
	// Manager is a capability of Amazon Web Services Systems Manager.
	DisassociateOpsItemRelatedItem(ctx context.Context, params *DisassociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*DisassociateOpsItemRelatedItemOutput, error)
	// Get detailed information about a particular Automation execution.
	GetAutomationExecution(ctx context.Context, params *GetAutomationExecutionInput, optFns ...func(*Options)) (*GetAutomationExecutionOutput, error)
	// Gets the state of a Amazon Web Services Systems Manager change calendar at the
	// current time or a specified time. If you specify a time, GetCalendarState
	// returns the state of the calendar at that specific time, and returns the next
	// time that the change calendar state will transition. If you don't specify a
	// time, GetCalendarState uses the current time. Change Calendar entries have two
	// possible states: OPEN or CLOSED. If you specify more than one calendar in a
	// request, the command returns the status of OPEN only if all calendars in the
	// request are open. If one or more calendars in the request are closed, the status
	// returned is CLOSED. For more information about Change Calendar, a capability of
	// Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager
	// Change Calendar
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html)
	// in the Amazon Web Services Systems Manager User Guide.
	GetCalendarState(ctx context.Context, params *GetCalendarStateInput, optFns ...func(*Options)) (*GetCalendarStateOutput, error)
	// Returns detailed information about command execution for an invocation or
	// plugin. GetCommandInvocation only gives the execution status of a plugin in a
	// document. To get the command execution status on a specific managed node, use
	// ListCommandInvocations. To get the command execution status across managed
	// nodes, use ListCommands.
	GetCommandInvocation(ctx context.Context, params *GetCommandInvocationInput, optFns ...func(*Options)) (*GetCommandInvocationOutput, error)
	// Retrieves the Session Manager connection status for a managed node to determine
	// whether it is running and ready to receive Session Manager connections.
	GetConnectionStatus(ctx context.Context, params *GetConnectionStatusInput, optFns ...func(*Options)) (*GetConnectionStatusOutput, error)
	// Retrieves the default patch baseline. Amazon Web Services Systems Manager
	// supports creating multiple default patch baselines. For example, you can create
	// a default patch baseline for each operating system. If you don't specify an
	// operating system value, the default patch baseline for Windows is returned.
	GetDefaultPatchBaseline(ctx context.Context, params *GetDefaultPatchBaselineInput, optFns ...func(*Options)) (*GetDefaultPatchBaselineOutput, error)
	// Retrieves the current snapshot for the patch baseline the managed node uses.
	// This API is primarily used by the AWS-RunPatchBaseline Systems Manager document
	// (SSM document). If you run the command locally, such as with the Command Line
	// Interface (CLI), the system attempts to use your local Amazon Web Services
	// credentials and the operation fails. To avoid this, you can run the command in
	// the Amazon Web Services Systems Manager console. Use Run Command, a capability
	// of Amazon Web Services Systems Manager, with an SSM document that enables you to
	// target a managed node with a script or command. For example, run the command
	// using the AWS-RunShellScript document or the AWS-RunPowerShellScript document.
	GetDeployablePatchSnapshotForInstance(ctx context.Context, params *GetDeployablePatchSnapshotForInstanceInput, optFns ...func(*Options)) (*GetDeployablePatchSnapshotForInstanceOutput, error)
	// Gets the contents of the specified Amazon Web Services Systems Manager document
	// (SSM document).
	GetDocument(ctx context.Context, params *GetDocumentInput, optFns ...func(*Options)) (*GetDocumentOutput, error)
	// Query inventory information. This includes managed node status, such as Stopped
	// or Terminated.
	GetInventory(ctx context.Context, params *GetInventoryInput, optFns ...func(*Options)) (*GetInventoryOutput, error)
	// Return a list of inventory type names for the account, or return a list of
	// attribute names for a specific Inventory item type.
	GetInventorySchema(ctx context.Context, params *GetInventorySchemaInput, optFns ...func(*Options)) (*GetInventorySchemaOutput, error)
	// Retrieves a maintenance window.
	GetMaintenanceWindow(ctx context.Context, params *GetMaintenanceWindowInput, optFns ...func(*Options)) (*GetMaintenanceWindowOutput, error)
	// Retrieves details about a specific a maintenance window execution.
	GetMaintenanceWindowExecution(ctx context.Context, params *GetMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionOutput, error)
	// Retrieves the details about a specific task run as part of a maintenance window
	// execution.
	GetMaintenanceWindowExecutionTask(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskOutput, error)
	// Retrieves information about a specific task running on a specific target.
	GetMaintenanceWindowExecutionTaskInvocation(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInvocationInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskInvocationOutput, error)
	// Retrieves the details of a maintenance window task. For maintenance window tasks
	// without a specified target, you can't supply values for --max-errors and
	// --max-concurrency. Instead, the system inserts a placeholder value of 1, which
	// may be reported in the response to this command. These values don't affect the
	// running of your task and can be ignored. To retrieve a list of tasks in a
	// maintenance window, instead use the DescribeMaintenanceWindowTasks command.
	GetMaintenanceWindowTask(ctx context.Context, params *GetMaintenanceWindowTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowTaskOutput, error)
	// Get information about an OpsItem by using the ID. You must have permission in
	// Identity and Access Management (IAM) to view information about an OpsItem. For
	// more information, see Getting started with OpsCenter
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
	// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
	// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
	// investigate, and remediate operational issues impacting the performance and
	// health of their Amazon Web Services resources. For more information, see
	// OpsCenter
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) in
	// the Amazon Web Services Systems Manager User Guide.
	GetOpsItem(ctx context.Context, params *GetOpsItemInput, optFns ...func(*Options)) (*GetOpsItemOutput, error)
	// View operational metadata related to an application in Application Manager.
	GetOpsMetadata(ctx context.Context, params *GetOpsMetadataInput, optFns ...func(*Options)) (*GetOpsMetadataOutput, error)
	// View a summary of operations metadata (OpsData) based on specified filters and
	// aggregators. OpsData can include information about Amazon Web Services Systems
	// Manager OpsCenter operational workitems (OpsItems) as well as information about
	// any Amazon Web Services resource or service configured to report OpsData to
	// Amazon Web Services Systems Manager Explorer.
	GetOpsSummary(ctx context.Context, params *GetOpsSummaryInput, optFns ...func(*Options)) (*GetOpsSummaryOutput, error)
	// Get information about a single parameter by specifying the parameter name. To
	// get information about more than one parameter at a time, use the GetParameters
	// operation.
	GetParameter(ctx context.Context, params *GetParameterInput, optFns ...func(*Options)) (*GetParameterOutput, error)
	// Retrieves the history of all changes to a parameter. If you change the KMS key
	// alias for the KMS key used to encrypt a parameter, then you must also update the
	// key alias the parameter uses to reference KMS. Otherwise, GetParameterHistory
	// retrieves whatever the original key alias was referencing.
	GetParameterHistory(ctx context.Context, params *GetParameterHistoryInput, optFns ...func(*Options)) (*GetParameterHistoryOutput, error)
	// Get information about one or more parameters by specifying multiple parameter
	// names. To get information about a single parameter, you can use the GetParameter
	// operation instead.
	GetParameters(ctx context.Context, params *GetParametersInput, optFns ...func(*Options)) (*GetParametersOutput, error)
	// Retrieve information about one or more parameters in a specific hierarchy.
	// Request results are returned on a best-effort basis. If you specify MaxResults
	// in the request, the response includes information up to the limit specified. The
	// number of items returned, however, can be between zero and the value of
	// MaxResults. If the service reaches an internal limit while processing the
	// results, it stops the operation and returns the matching values up to that point
	// and a NextToken. You can specify the NextToken in a subsequent call to get the
	// next set of results.
	GetParametersByPath(ctx context.Context, params *GetParametersByPathInput, optFns ...func(*Options)) (*GetParametersByPathOutput, error)
	// Retrieves information about a patch baseline.
	GetPatchBaseline(ctx context.Context, params *GetPatchBaselineInput, optFns ...func(*Options)) (*GetPatchBaselineOutput, error)
	// Retrieves the patch baseline that should be used for the specified patch group.
	GetPatchBaselineForPatchGroup(ctx context.Context, params *GetPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*GetPatchBaselineForPatchGroupOutput, error)
	// Returns an array of the Policy object.
	GetResourcePolicies(ctx context.Context, params *GetResourcePoliciesInput, optFns ...func(*Options)) (*GetResourcePoliciesOutput, error)
	// ServiceSetting is an account-level setting for an Amazon Web Services service.
	// This setting defines how a user interacts with or uses a service or a feature of
	// a service. For example, if an Amazon Web Services service charges money to the
	// account based on feature or service usage, then the Amazon Web Services service
	// team might create a default setting of false. This means the user can't use this
	// feature unless they change the setting to true and intentionally opt in for a
	// paid feature. Services map a SettingId object to a setting value. Amazon Web
	// Services services teams define the default value for a SettingId. You can't
	// create a new SettingId, but you can overwrite the default value if you have the
	// ssm:UpdateServiceSetting permission for the setting. Use the
	// UpdateServiceSetting API operation to change the default setting. Or use the
	// ResetServiceSetting to change the value back to the original value defined by
	// the Amazon Web Services service team. Query the current service setting for the
	// Amazon Web Services account.
	GetServiceSetting(ctx context.Context, params *GetServiceSettingInput, optFns ...func(*Options)) (*GetServiceSettingOutput, error)
	// A parameter label is a user-defined alias to help you manage different versions
	// of a parameter. When you modify a parameter, Amazon Web Services Systems Manager
	// automatically saves a new version and increments the version number by one. A
	// label can help you remember the purpose of a parameter when there are multiple
	// versions. Parameter labels have the following requirements and restrictions.
	//
	// *
	// A version of a parameter can have a maximum of 10 labels.
	//
	// * You can't attach
	// the same label to different versions of the same parameter. For example, if
	// version 1 has the label Production, then you can't attach Production to version
	// 2.
	//
	// * You can move a label from one version of a parameter to another.
	//
	// * You
	// can't create a label when you create a new parameter. You must attach a label to
	// a specific version of a parameter.
	//
	// * If you no longer want to use a parameter
	// label, then you can either delete it or move it to a different version of a
	// parameter.
	//
	// * A label can have a maximum of 100 characters.
	//
	// * Labels can
	// contain letters (case sensitive), numbers, periods (.), hyphens (-), or
	// underscores (_).
	//
	// * Labels can't begin with a number, "aws" or "ssm" (not case
	// sensitive). If a label fails to meet these requirements, then the label isn't
	// associated with a parameter and the system displays it in the list of
	// InvalidLabels.
	LabelParameterVersion(ctx context.Context, params *LabelParameterVersionInput, optFns ...func(*Options)) (*LabelParameterVersionOutput, error)
	// Retrieves all versions of an association for a specific association ID.
	ListAssociationVersions(ctx context.Context, params *ListAssociationVersionsInput, optFns ...func(*Options)) (*ListAssociationVersionsOutput, error)
	// Returns all State Manager associations in the current Amazon Web Services
	// account and Amazon Web Services Region. You can limit the results to a specific
	// State Manager association document or managed node by specifying a filter. State
	// Manager is a capability of Amazon Web Services Systems Manager.
	ListAssociations(ctx context.Context, params *ListAssociationsInput, optFns ...func(*Options)) (*ListAssociationsOutput, error)
	// An invocation is copy of a command sent to a specific managed node. A command
	// can apply to one or more managed nodes. A command invocation applies to one
	// managed node. For example, if a user runs SendCommand against three managed
	// nodes, then a command invocation is created for each requested managed node ID.
	// ListCommandInvocations provide status about command execution.
	ListCommandInvocations(ctx context.Context, params *ListCommandInvocationsInput, optFns ...func(*Options)) (*ListCommandInvocationsOutput, error)
	// Lists the commands requested by users of the Amazon Web Services account.
	ListCommands(ctx context.Context, params *ListCommandsInput, optFns ...func(*Options)) (*ListCommandsOutput, error)
	// For a specified resource ID, this API operation returns a list of compliance
	// statuses for different resource types. Currently, you can only specify one
	// resource ID per call. List results depend on the criteria specified in the
	// filter.
	ListComplianceItems(ctx context.Context, params *ListComplianceItemsInput, optFns ...func(*Options)) (*ListComplianceItemsOutput, error)
	// Returns a summary count of compliant and non-compliant resources for a
	// compliance type. For example, this call can return State Manager associations,
	// patches, or custom compliance types according to the filter criteria that you
	// specify.
	ListComplianceSummaries(ctx context.Context, params *ListComplianceSummariesInput, optFns ...func(*Options)) (*ListComplianceSummariesOutput, error)
	// Information about approval reviews for a version of a change template in Change
	// Manager.
	ListDocumentMetadataHistory(ctx context.Context, params *ListDocumentMetadataHistoryInput, optFns ...func(*Options)) (*ListDocumentMetadataHistoryOutput, error)
	// List all versions for a document.
	ListDocumentVersions(ctx context.Context, params *ListDocumentVersionsInput, optFns ...func(*Options)) (*ListDocumentVersionsOutput, error)
	// Returns all Systems Manager (SSM) documents in the current Amazon Web Services
	// account and Amazon Web Services Region. You can limit the results of this
	// request by using a filter.
	ListDocuments(ctx context.Context, params *ListDocumentsInput, optFns ...func(*Options)) (*ListDocumentsOutput, error)
	// A list of inventory items returned by the request.
	ListInventoryEntries(ctx context.Context, params *ListInventoryEntriesInput, optFns ...func(*Options)) (*ListInventoryEntriesOutput, error)
	// Returns a list of all OpsItem events in the current Amazon Web Services Region
	// and Amazon Web Services account. You can limit the results to events associated
	// with specific OpsItems by specifying a filter.
	ListOpsItemEvents(ctx context.Context, params *ListOpsItemEventsInput, optFns ...func(*Options)) (*ListOpsItemEventsOutput, error)
	// Lists all related-item resources associated with a Systems Manager OpsCenter
	// OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager.
	ListOpsItemRelatedItems(ctx context.Context, params *ListOpsItemRelatedItemsInput, optFns ...func(*Options)) (*ListOpsItemRelatedItemsOutput, error)
	// Amazon Web Services Systems Manager calls this API operation when displaying all
	// Application Manager OpsMetadata objects or blobs.
	ListOpsMetadata(ctx context.Context, params *ListOpsMetadataInput, optFns ...func(*Options)) (*ListOpsMetadataOutput, error)
	// Returns a resource-level summary count. The summary includes information about
	// compliant and non-compliant statuses and detailed compliance-item severity
	// counts, according to the filter criteria you specify.
	ListResourceComplianceSummaries(ctx context.Context, params *ListResourceComplianceSummariesInput, optFns ...func(*Options)) (*ListResourceComplianceSummariesOutput, error)
	// Lists your resource data sync configurations. Includes information about the
	// last time a sync attempted to start, the last sync status, and the last time a
	// sync successfully completed. The number of sync configurations might be too
	// large to return using a single call to ListResourceDataSync. You can limit the
	// number of sync configurations returned by using the MaxResults parameter. To
	// determine whether there are more sync configurations to list, check the value of
	// NextToken in the output. If there are more sync configurations to list, you can
	// request them by specifying the NextToken returned in the call to the parameter
	// of a subsequent call.
	ListResourceDataSync(ctx context.Context, params *ListResourceDataSyncInput, optFns ...func(*Options)) (*ListResourceDataSyncOutput, error)
	// Returns a list of the tags assigned to the specified resource. For information
	// about the ID format for each supported resource type, see AddTagsToResource.
	ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
	// Shares a Amazon Web Services Systems Manager document (SSM document)publicly or
	// privately. If you share a document privately, you must specify the Amazon Web
	// Services user IDs for those people who can use the document. If you share a
	// document publicly, you must specify All as the account ID.
	ModifyDocumentPermission(ctx context.Context, params *ModifyDocumentPermissionInput, optFns ...func(*Options)) (*ModifyDocumentPermissionOutput, error)
	// Registers a compliance type and other compliance details on a designated
	// resource. This operation lets you register custom compliance details with a
	// resource. This call overwrites existing compliance information on the resource,
	// so you must provide a full list of compliance items each time that you send the
	// request. ComplianceType can be one of the following:
	//
	// * ExecutionId: The
	// execution ID when the patch, association, or custom compliance item was
	// applied.
	//
	// * ExecutionType: Specify patch, association, or Custom:string.
	//
	// *
	// ExecutionTime. The time the patch, association, or custom compliance item was
	// applied to the managed node.
	//
	// * Id: The patch, association, or custom compliance
	// ID.
	//
	// * Title: A title.
	//
	// * Status: The status of the compliance item. For
	// example, approved for patches, or Failed for associations.
	//
	// * Severity: A patch
	// severity. For example, Critical.
	//
	// * DocumentName: An SSM document name. For
	// example, AWS-RunPatchBaseline.
	//
	// * DocumentVersion: An SSM document version
	// number. For example, 4.
	//
	// * Classification: A patch classification. For example,
	// security updates.
	//
	// * PatchBaselineId: A patch baseline ID.
	//
	// * PatchSeverity: A
	// patch severity. For example, Critical.
	//
	// * PatchState: A patch state. For
	// example, InstancesWithFailedPatches.
	//
	// * PatchGroup: The name of a patch
	// group.
	//
	// * InstalledTime: The time the association, patch, or custom compliance
	// item was applied to the resource. Specify the time by using the following
	// format: yyyy-MM-dd'T'HH:mm:ss'Z'
	PutComplianceItems(ctx context.Context, params *PutComplianceItemsInput, optFns ...func(*Options)) (*PutComplianceItemsOutput, error)
	// Bulk update custom inventory items on one or more managed nodes. The request
	// adds an inventory item, if it doesn't already exist, or updates an inventory
	// item, if it does exist.
	PutInventory(ctx context.Context, params *PutInventoryInput, optFns ...func(*Options)) (*PutInventoryOutput, error)
	// Add a parameter to the system.
	PutParameter(ctx context.Context, params *PutParameterInput, optFns ...func(*Options)) (*PutParameterOutput, error)
	// Creates or updates a Systems Manager resource policy. A resource policy helps
	// you to define the IAM entity (for example, an Amazon Web Services account) that
	// can manage your Systems Manager resources. Currently, OpsItemGroup is the only
	// resource that supports Systems Manager resource policies. The resource policy
	// for OpsItemGroup enables Amazon Web Services accounts to view and interact with
	// OpsCenter operational work items (OpsItems).
	PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
	// Defines the default patch baseline for the relevant operating system. To reset
	// the Amazon Web Services-predefined patch baseline as the default, specify the
	// full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For
	// example, for CentOS, specify
	// arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of
	// pb-0574b43a65ea646ed.
	RegisterDefaultPatchBaseline(ctx context.Context, params *RegisterDefaultPatchBaselineInput, optFns ...func(*Options)) (*RegisterDefaultPatchBaselineOutput, error)
	// Registers a patch baseline for a patch group.
	RegisterPatchBaselineForPatchGroup(ctx context.Context, params *RegisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*RegisterPatchBaselineForPatchGroupOutput, error)
	// Registers a target with a maintenance window.
	RegisterTargetWithMaintenanceWindow(ctx context.Context, params *RegisterTargetWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTargetWithMaintenanceWindowOutput, error)
	// Adds a new task to a maintenance window.
	RegisterTaskWithMaintenanceWindow(ctx context.Context, params *RegisterTaskWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTaskWithMaintenanceWindowOutput, error)
	// Removes tag keys from the specified resource.
	RemoveTagsFromResource(ctx context.Context, params *RemoveTagsFromResourceInput, optFns ...func(*Options)) (*RemoveTagsFromResourceOutput, error)
	// ServiceSetting is an account-level setting for an Amazon Web Services service.
	// This setting defines how a user interacts with or uses a service or a feature of
	// a service. For example, if an Amazon Web Services service charges money to the
	// account based on feature or service usage, then the Amazon Web Services service
	// team might create a default setting of "false". This means the user can't use
	// this feature unless they change the setting to "true" and intentionally opt in
	// for a paid feature. Services map a SettingId object to a setting value. Amazon
	// Web Services services teams define the default value for a SettingId. You can't
	// create a new SettingId, but you can overwrite the default value if you have the
	// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting
	// API operation to view the current value. Use the UpdateServiceSetting API
	// operation to change the default setting. Reset the service setting for the
	// account to the default value as provisioned by the Amazon Web Services service
	// team.
	ResetServiceSetting(ctx context.Context, params *ResetServiceSettingInput, optFns ...func(*Options)) (*ResetServiceSettingOutput, error)
	// Reconnects a session to a managed node after it has been disconnected.
	// Connections can be resumed for disconnected sessions, but not terminated
	// sessions. This command is primarily for use by client machines to automatically
	// reconnect during intermittent network issues. It isn't intended for any other
	// use.
	ResumeSession(ctx context.Context, params *ResumeSessionInput, optFns ...func(*Options)) (*ResumeSessionOutput, error)
	// Sends a signal to an Automation execution to change the current behavior or
	// status of the execution.
	SendAutomationSignal(ctx context.Context, params *SendAutomationSignalInput, optFns ...func(*Options)) (*SendAutomationSignalOutput, error)
	// Runs commands on one or more managed nodes.
	SendCommand(ctx context.Context, params *SendCommandInput, optFns ...func(*Options)) (*SendCommandOutput, error)
	// Runs an association immediately and only one time. This operation can be helpful
	// when troubleshooting associations.
	StartAssociationsOnce(ctx context.Context, params *StartAssociationsOnceInput, optFns ...func(*Options)) (*StartAssociationsOnceOutput, error)
	// Initiates execution of an Automation runbook.
	StartAutomationExecution(ctx context.Context, params *StartAutomationExecutionInput, optFns ...func(*Options)) (*StartAutomationExecutionOutput, error)
	// Creates a change request for Change Manager. The Automation runbooks specified
	// in the change request run only after all required approvals for the change
	// request have been received.
	StartChangeRequestExecution(ctx context.Context, params *StartChangeRequestExecutionInput, optFns ...func(*Options)) (*StartChangeRequestExecutionOutput, error)
	// Initiates a connection to a target (for example, a managed node) for a Session
	// Manager session. Returns a URL and token that can be used to open a WebSocket
	// connection for sending input and receiving outputs. Amazon Web Services CLI
	// usage: start-session is an interactive command that requires the Session Manager
	// plugin to be installed on the client machine making the call. For information,
	// see Install the Session Manager plugin for the Amazon Web Services CLI
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html)
	// in the Amazon Web Services Systems Manager User Guide. Amazon Web Services Tools
	// for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web
	// Services Tools for PowerShell on Windows local machines.
	StartSession(ctx context.Context, params *StartSessionInput, optFns ...func(*Options)) (*StartSessionOutput, error)
	// Stop an Automation that is currently running.
	StopAutomationExecution(ctx context.Context, params *StopAutomationExecutionInput, optFns ...func(*Options)) (*StopAutomationExecutionOutput, error)
	// Permanently ends a session and closes the data connection between the Session
	// Manager client and SSM Agent on the managed node. A terminated session can't be
	// resumed.
	TerminateSession(ctx context.Context, params *TerminateSessionInput, optFns ...func(*Options)) (*TerminateSessionOutput, error)
	// Remove a label or labels from a parameter.
	UnlabelParameterVersion(ctx context.Context, params *UnlabelParameterVersionInput, optFns ...func(*Options)) (*UnlabelParameterVersionOutput, error)
	// Updates an association. You can update the association name and version, the
	// document version, schedule, parameters, and Amazon Simple Storage Service
	// (Amazon S3) output. When you call UpdateAssociation, the system removes all
	// optional parameters from the request and overwrites the association with null
	// values for those parameters. This is by design. You must specify all optional
	// parameters in the call, even if you are not changing the parameters. This
	// includes the Name parameter. Before calling this API action, we recommend that
	// you call the DescribeAssociation API operation and make a note of all optional
	// parameters required for your UpdateAssociation call. In order to call this API
	// operation, a user, group, or role must be granted permission to call the
	// DescribeAssociation API operation. If you don't have permission to call
	// DescribeAssociation, then you receive the following error: An error occurred
	// (AccessDeniedException) when calling the UpdateAssociation operation: User:
	// isn't authorized to perform: ssm:DescribeAssociation on resource:  When you
	// update an association, the association immediately runs against the specified
	// targets. You can add the ApplyOnlyAtCronInterval parameter to run the
	// association during the next schedule run.
	UpdateAssociation(ctx context.Context, params *UpdateAssociationInput, optFns ...func(*Options)) (*UpdateAssociationOutput, error)
	// Updates the status of the Amazon Web Services Systems Manager document (SSM
	// document) associated with the specified managed node. UpdateAssociationStatus is
	// primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent) to
	// report status updates about your associations and is only used for associations
	// created with the InstanceId legacy parameter.
	UpdateAssociationStatus(ctx context.Context, params *UpdateAssociationStatusInput, optFns ...func(*Options)) (*UpdateAssociationStatusOutput, error)
	// Updates one or more values for an SSM document.
	UpdateDocument(ctx context.Context, params *UpdateDocumentInput, optFns ...func(*Options)) (*UpdateDocumentOutput, error)
	// Set the default version of a document. If you change a document version for a
	// State Manager association, Systems Manager immediately runs the association
	// unless you previously specifed the apply-only-at-cron-interval parameter.
	UpdateDocumentDefaultVersion(ctx context.Context, params *UpdateDocumentDefaultVersionInput, optFns ...func(*Options)) (*UpdateDocumentDefaultVersionOutput, error)
	// Updates information related to approval reviews for a specific version of a
	// change template in Change Manager.
	UpdateDocumentMetadata(ctx context.Context, params *UpdateDocumentMetadataInput, optFns ...func(*Options)) (*UpdateDocumentMetadataOutput, error)
	// Updates an existing maintenance window. Only specified parameters are modified.
	// The value you specify for Duration determines the specific end time for the
	// maintenance window based on the time it begins. No maintenance window tasks are
	// permitted to start after the resulting endtime minus the number of hours you
	// specify for Cutoff. For example, if the maintenance window starts at 3 PM, the
	// duration is three hours, and the value you specify for Cutoff is one hour, no
	// maintenance window tasks can start after 5 PM.
	UpdateMaintenanceWindow(ctx context.Context, params *UpdateMaintenanceWindowInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowOutput, error)
	// Modifies the target of an existing maintenance window. You can change the
	// following:
	//
	// * Name
	//
	// * Description
	//
	// * Owner
	//
	// * IDs for an ID target
	//
	// * Tags for a
	// Tag target
	//
	// * From any supported tag type to another. The three supported tag
	// types are ID target, Tag target, and resource group. For more information, see
	// Target.
	//
	// If a parameter is null, then the corresponding field isn't modified.
	UpdateMaintenanceWindowTarget(ctx context.Context, params *UpdateMaintenanceWindowTargetInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTargetOutput, error)
	// Modifies a task assigned to a maintenance window. You can't change the task
	// type, but you can change the following values:
	//
	// * TaskARN. For example, you can
	// change a RUN_COMMAND task from AWS-RunPowerShellScript to AWS-RunShellScript.
	//
	// *
	// ServiceRoleArn
	//
	// * TaskInvocationParameters
	//
	// * Priority
	//
	// * MaxConcurrency
	//
	// *
	// MaxErrors
	//
	// One or more targets must be specified for maintenance window Run
	// Command-type tasks. Depending on the task, targets are optional for other
	// maintenance window task types (Automation, Lambda, and Step Functions). For more
	// information about running tasks that don't specify targets, see Registering
	// maintenance window tasks without targets
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html)
	// in the Amazon Web Services Systems Manager User Guide. If the value for a
	// parameter in UpdateMaintenanceWindowTask is null, then the corresponding field
	// isn't modified. If you set Replace to true, then all fields required by the
	// RegisterTaskWithMaintenanceWindow operation are required for this request.
	// Optional fields that aren't specified are set to null. When you update a
	// maintenance window task that has options specified in TaskInvocationParameters,
	// you must provide again all the TaskInvocationParameters values that you want to
	// retain. The values you don't specify again are removed. For example, suppose
	// that when you registered a Run Command task, you specified
	// TaskInvocationParameters values for Comment, NotificationConfig, and
	// OutputS3BucketName. If you update the maintenance window task and specify only a
	// different OutputS3BucketName value, the values for Comment and
	// NotificationConfig are removed.
	UpdateMaintenanceWindowTask(ctx context.Context, params *UpdateMaintenanceWindowTaskInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTaskOutput, error)
	// Changes the Identity and Access Management (IAM) role that is assigned to the
	// on-premises server, edge device, or virtual machines (VM). IAM roles are first
	// assigned to these hybrid nodes during the activation process. For more
	// information, see CreateActivation.
	UpdateManagedInstanceRole(ctx context.Context, params *UpdateManagedInstanceRoleInput, optFns ...func(*Options)) (*UpdateManagedInstanceRoleOutput, error)
	// Edit or change an OpsItem. You must have permission in Identity and Access
	// Management (IAM) to update an OpsItem. For more information, see Getting started
	// with OpsCenter
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
	// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
	// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
	// investigate, and remediate operational issues impacting the performance and
	// health of their Amazon Web Services resources. For more information, see
	// OpsCenter
	// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) in
	// the Amazon Web Services Systems Manager User Guide.
	UpdateOpsItem(ctx context.Context, params *UpdateOpsItemInput, optFns ...func(*Options)) (*UpdateOpsItemOutput, error)
	// Amazon Web Services Systems Manager calls this API operation when you edit
	// OpsMetadata in Application Manager.
	UpdateOpsMetadata(ctx context.Context, params *UpdateOpsMetadataInput, optFns ...func(*Options)) (*UpdateOpsMetadataOutput, error)
	// Modifies an existing patch baseline. Fields not specified in the request are
	// left unchanged. For information about valid key-value pairs in PatchFilters for
	// each supported operating system type, see PatchFilter.
	UpdatePatchBaseline(ctx context.Context, params *UpdatePatchBaselineInput, optFns ...func(*Options)) (*UpdatePatchBaselineOutput, error)
	// Update a resource data sync. After you create a resource data sync for a Region,
	// you can't change the account options for that sync. For example, if you create a
	// sync in the us-east-2 (Ohio) Region and you choose the Include only the current
	// account option, you can't edit that sync later and choose the Include all
	// accounts from my Organizations configuration option. Instead, you must delete
	// the first resource data sync, and create a new one. This API operation only
	// supports a resource data sync that was created with a SyncFromSource SyncType.
	UpdateResourceDataSync(ctx context.Context, params *UpdateResourceDataSyncInput, optFns ...func(*Options)) (*UpdateResourceDataSyncOutput, error)
	// ServiceSetting is an account-level setting for an Amazon Web Services service.
	// This setting defines how a user interacts with or uses a service or a feature of
	// a service. For example, if an Amazon Web Services service charges money to the
	// account based on feature or service usage, then the Amazon Web Services service
	// team might create a default setting of "false". This means the user can't use
	// this feature unless they change the setting to "true" and intentionally opt in
	// for a paid feature. Services map a SettingId object to a setting value. Amazon
	// Web Services services teams define the default value for a SettingId. You can't
	// create a new SettingId, but you can overwrite the default value if you have the
	// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting
	// API operation to view the current value. Or, use the ResetServiceSetting to
	// change the value back to the original value defined by the Amazon Web Services
	// service team. Update the service setting for the account.
	UpdateServiceSetting(ctx context.Context, params *UpdateServiceSettingInput, optFns ...func(*Options)) (*UpdateServiceSettingOutput, error)
}

SSM provides an interface to the AWS SSM service.

type STS

type STS interface {
	// Returns a set of temporary security credentials that you can use to access
	// Amazon Web Services resources. These temporary credentials consist of an access
	// key ID, a secret access key, and a security token. Typically, you use AssumeRole
	// within your account or for cross-account access. For a comparison of AssumeRole
	// with other API operations that produce temporary credentials, see Requesting
	// Temporary Security Credentials
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
	// and Comparing the Amazon Web Services STS API operations
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
	// in the IAM User Guide. Permissions The temporary security credentials created by
	// AssumeRole can be used to make API calls to any Amazon Web Services service with
	// the following exception: You cannot call the Amazon Web Services STS
	// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
	// inline or managed session policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
	// to this operation. You can pass a single JSON policy document to use as an
	// inline session policy. You can also specify up to 10 managed policy Amazon
	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
	// use for both inline and managed session policies can't exceed 2,048 characters.
	// Passing policies to this operation returns new temporary credentials. The
	// resulting session's permissions are the intersection of the role's
	// identity-based policy and the session policies. You can use the role's temporary
	// credentials in subsequent Amazon Web Services API calls to access resources in
	// the account that owns the role. You cannot use session policies to grant more
	// permissions than those allowed by the identity-based policy of the role that is
	// being assumed. For more information, see Session Policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
	// in the IAM User Guide. When you create a role, you create two policies: A role
	// trust policy that specifies who can assume the role and a permissions policy
	// that specifies what can be done with the role. You specify the trusted principal
	// who is allowed to assume the role in the role trust policy. To assume a role
	// from a different account, your Amazon Web Services account must be trusted by
	// the role. The trust relationship is defined in the role's trust policy when the
	// role is created. That trust policy states which accounts are allowed to delegate
	// that access to users in the account. A user who wants to access a role in a
	// different account must also have permissions that are delegated from the user
	// account administrator. The administrator must attach a policy that allows the
	// user to call AssumeRole for the ARN of the role in the other account. To allow a
	// user to assume a role in the same account, you can do either of the
	// following:
	//
	// * Attach a policy to the user that allows the user to call
	// AssumeRole (as long as the role's trust policy trusts the account).
	//
	// * Add the
	// user as a principal directly in the role's trust policy.
	//
	// You can do either
	// because the role’s trust policy acts as an IAM resource-based policy. When a
	// resource-based policy grants access to a principal in the same account, no
	// additional identity-based policy is required. For more information about trust
	// policies and resource-based policies, see IAM Policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the
	// IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
	// session. These tags are called session tags. For more information about session
	// tags, see Passing Session Tags in STS
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
	// IAM User Guide. An administrator must grant you the permissions necessary to
	// pass session tags. The administrator can also create granular permissions to
	// allow you to pass only specific session tags. For more information, see
	// Tutorial: Using Tags for Attribute-Based Access Control
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
	// in the IAM User Guide. You can set the session tags as transitive. Transitive
	// tags persist during role chaining. For more information, see Chaining Roles with
	// Session Tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
	// in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include
	// multi-factor authentication (MFA) information when you call AssumeRole. This is
	// useful for cross-account scenarios to ensure that the user that assumes the role
	// has been authenticated with an Amazon Web Services MFA device. In that scenario,
	// the trust policy of the role being assumed includes a condition that tests for
	// MFA authentication. If the caller does not include valid MFA information, the
	// request to assume the role is denied. The condition in a trust policy that tests
	// for MFA authentication might look like the following example. "Condition":
	// {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see
	// Configuring MFA-Protected API Access
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) in the
	// IAM User Guide guide. To use MFA with AssumeRole, you pass values for the
	// SerialNumber and TokenCode parameters. The SerialNumber value identifies the
	// user's hardware or virtual MFA device. The TokenCode is the time-based one-time
	// password (TOTP) that the MFA device produces.
	AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error)
	// Returns a set of temporary security credentials for users who have been
	// authenticated via a SAML authentication response. This operation provides a
	// mechanism for tying an enterprise identity store or directory to role-based
	// Amazon Web Services access without user-specific credentials or configuration.
	// For a comparison of AssumeRoleWithSAML with the other API operations that
	// produce temporary credentials, see Requesting Temporary Security Credentials
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
	// and Comparing the Amazon Web Services STS API operations
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
	// in the IAM User Guide. The temporary security credentials returned by this
	// operation consist of an access key ID, a secret access key, and a security
	// token. Applications can use these temporary security credentials to sign calls
	// to Amazon Web Services services. Session Duration By default, the temporary
	// security credentials created by AssumeRoleWithSAML last for one hour. However,
	// you can use the optional DurationSeconds parameter to specify the duration of
	// your session. Your role session lasts for the duration that you specify, or
	// until the time specified in the SAML authentication response's
	// SessionNotOnOrAfter value, whichever is shorter. You can provide a
	// DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
	// duration setting for the role. This setting can have a value from 1 hour to 12
	// hours. To learn how to view the maximum value for your role, see View the
	// Maximum Session Duration Setting for a Role
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
	// in the IAM User Guide. The maximum session duration limit applies when you use
	// the AssumeRole* API operations or the assume-role* CLI commands. However the
	// limit does not apply when you use those operations to create a console URL. For
	// more information, see Using IAM Roles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM
	// User Guide. Role chaining
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
	// limits your CLI or Amazon Web Services API role session to a maximum of one
	// hour. When you use the AssumeRole API operation to assume a role, you can
	// specify the duration of your role session with the DurationSeconds parameter.
	// You can specify a parameter value of up to 43200 seconds (12 hours), depending
	// on the maximum session duration setting for your role. However, if you assume a
	// role using role chaining and provide a DurationSeconds parameter value greater
	// than one hour, the operation fails. Permissions The temporary security
	// credentials created by AssumeRoleWithSAML can be used to make API calls to any
	// Amazon Web Services service with the following exception: you cannot call the
	// STS GetFederationToken or GetSessionToken API operations. (Optional) You can
	// pass inline or managed session policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
	// to this operation. You can pass a single JSON policy document to use as an
	// inline session policy. You can also specify up to 10 managed policy Amazon
	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
	// use for both inline and managed session policies can't exceed 2,048 characters.
	// Passing policies to this operation returns new temporary credentials. The
	// resulting session's permissions are the intersection of the role's
	// identity-based policy and the session policies. You can use the role's temporary
	// credentials in subsequent Amazon Web Services API calls to access resources in
	// the account that owns the role. You cannot use session policies to grant more
	// permissions than those allowed by the identity-based policy of the role that is
	// being assumed. For more information, see Session Policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
	// in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
	// Amazon Web Services security credentials. The identity of the caller is
	// validated by using keys in the metadata document that is uploaded for the SAML
	// provider entity for your identity provider. Calling AssumeRoleWithSAML can
	// result in an entry in your CloudTrail logs. The entry includes the value in the
	// NameID element of the SAML assertion. We recommend that you use a NameIDType
	// that is not associated with any personally identifiable information (PII). For
	// example, you could instead use the persistent identifier
	// (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). Tags (Optional) You can
	// configure your IdP to pass attributes into your SAML assertion as session tags.
	// Each session tag consists of a key name and an associated value. For more
	// information about session tags, see Passing Session Tags in STS
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
	// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag
	// keys can’t exceed 128 characters and the values can’t exceed 256 characters. For
	// these and additional limits, see IAM and STS Character Limits
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
	// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
	// inline session policy, managed policy ARNs, and session tags into a packed
	// binary format that has a separate limit. Your request can fail for this limit
	// even if your plaintext meets the other requirements. The PackedPolicySize
	// response element indicates by percentage how close the policies and tags for
	// your request are to the upper size limit. You can pass a session tag with the
	// same key as a tag that is attached to the role. When you do, session tags
	// override the role's tags with the same key. An administrator must grant you the
	// permissions necessary to pass session tags. The administrator can also create
	// granular permissions to allow you to pass only specific session tags. For more
	// information, see Tutorial: Using Tags for Attribute-Based Access Control
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
	// in the IAM User Guide. You can set the session tags as transitive. Transitive
	// tags persist during role chaining. For more information, see Chaining Roles with
	// Session Tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
	// in the IAM User Guide. SAML Configuration Before your application can call
	// AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to
	// issue the claims required by Amazon Web Services. Additionally, you must use
	// Identity and Access Management (IAM) to create a SAML provider entity in your
	// Amazon Web Services account that represents your identity provider. You must
	// also create an IAM role that specifies this SAML provider in its trust policy.
	// For more information, see the following resources:
	//
	// * About SAML 2.0-based
	// Federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
	// in the IAM User Guide.
	//
	// * Creating SAML Identity Providers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
	// in the IAM User Guide.
	//
	// * Configuring a Relying Party and Claims
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
	// in the IAM User Guide.
	//
	// * Creating a Role for SAML 2.0 Federation
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
	// in the IAM User Guide.
	AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error)
	// Returns a set of temporary security credentials for users who have been
	// authenticated in a mobile or web application with a web identity provider.
	// Example providers include the OAuth 2.0 providers Login with Amazon and
	// Facebook, or any OpenID Connect-compatible identity provider such as Google or
	// Amazon Cognito federated identities
	// (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html).
	// For mobile applications, we recommend that you use Amazon Cognito. You can use
	// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide
	// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android
	// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify a
	// user. You can also supply the user with a consistent identity throughout the
	// lifetime of an application. To learn more about Amazon Cognito, see Amazon
	// Cognito Overview
	// (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
	// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito
	// Overview
	// (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
	// in the Amazon Web Services SDK for iOS Developer Guide. Calling
	// AssumeRoleWithWebIdentity does not require the use of Amazon Web Services
	// security credentials. Therefore, you can distribute an application (for example,
	// on mobile devices) that requests temporary security credentials without
	// including long-term Amazon Web Services credentials in the application. You also
	// don't need to deploy server-based proxy services that use long-term Amazon Web
	// Services credentials. Instead, the identity of the caller is validated by using
	// a token from the web identity provider. For a comparison of
	// AssumeRoleWithWebIdentity with the other API operations that produce temporary
	// credentials, see Requesting Temporary Security Credentials
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
	// and Comparing the Amazon Web Services STS API operations
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
	// in the IAM User Guide. The temporary security credentials returned by this API
	// consist of an access key ID, a secret access key, and a security token.
	// Applications can use these temporary security credentials to sign calls to
	// Amazon Web Services service API operations. Session Duration By default, the
	// temporary security credentials created by AssumeRoleWithWebIdentity last for one
	// hour. However, you can use the optional DurationSeconds parameter to specify the
	// duration of your session. You can provide a value from 900 seconds (15 minutes)
	// up to the maximum session duration setting for the role. This setting can have a
	// value from 1 hour to 12 hours. To learn how to view the maximum value for your
	// role, see View the Maximum Session Duration Setting for a Role
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
	// in the IAM User Guide. The maximum session duration limit applies when you use
	// the AssumeRole* API operations or the assume-role* CLI commands. However the
	// limit does not apply when you use those operations to create a console URL. For
	// more information, see Using IAM Roles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM
	// User Guide. Permissions The temporary security credentials created by
	// AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web
	// Services service with the following exception: you cannot call the STS
	// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
	// inline or managed session policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
	// to this operation. You can pass a single JSON policy document to use as an
	// inline session policy. You can also specify up to 10 managed policy Amazon
	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
	// use for both inline and managed session policies can't exceed 2,048 characters.
	// Passing policies to this operation returns new temporary credentials. The
	// resulting session's permissions are the intersection of the role's
	// identity-based policy and the session policies. You can use the role's temporary
	// credentials in subsequent Amazon Web Services API calls to access resources in
	// the account that owns the role. You cannot use session policies to grant more
	// permissions than those allowed by the identity-based policy of the role that is
	// being assumed. For more information, see Session Policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
	// in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
	// attributes into your web identity token as session tags. Each session tag
	// consists of a key name and an associated value. For more information about
	// session tags, see Passing Session Tags in STS
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
	// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag
	// keys can’t exceed 128 characters and the values can’t exceed 256 characters. For
	// these and additional limits, see IAM and STS Character Limits
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
	// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
	// inline session policy, managed policy ARNs, and session tags into a packed
	// binary format that has a separate limit. Your request can fail for this limit
	// even if your plaintext meets the other requirements. The PackedPolicySize
	// response element indicates by percentage how close the policies and tags for
	// your request are to the upper size limit. You can pass a session tag with the
	// same key as a tag that is attached to the role. When you do, the session tag
	// overrides the role tag with the same key. An administrator must grant you the
	// permissions necessary to pass session tags. The administrator can also create
	// granular permissions to allow you to pass only specific session tags. For more
	// information, see Tutorial: Using Tags for Attribute-Based Access Control
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
	// in the IAM User Guide. You can set the session tags as transitive. Transitive
	// tags persist during role chaining. For more information, see Chaining Roles with
	// Session Tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
	// in the IAM User Guide. Identities Before your application can call
	// AssumeRoleWithWebIdentity, you must have an identity token from a supported
	// identity provider and create a role that the application can assume. The role
	// that your application assumes must trust the identity provider that is
	// associated with the identity token. In other words, the identity provider must
	// be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can
	// result in an entry in your CloudTrail logs. The entry includes the Subject
	// (http://openid.net/specs/openid-connect-core-1_0.html#Claims) of the provided
	// web identity token. We recommend that you avoid using any personally
	// identifiable information (PII) in this field. For example, you could instead use
	// a GUID or a pairwise identifier, as suggested in the OIDC specification
	// (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes). For more
	// information about how to use web identity federation and the
	// AssumeRoleWithWebIdentity API, see the following resources:
	//
	// * Using Web
	// Identity Federation API Operations for Mobile Apps
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
	// and Federation Through a Web-based Identity Provider
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
	//
	// *
	// Web Identity Federation Playground
	// (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
	// Walk through the process of authenticating through Login with Amazon, Facebook,
	// or Google, getting temporary security credentials, and then using those
	// credentials to make a request to Amazon Web Services.
	//
	// * Amazon Web Services SDK
	// for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and Amazon Web
	// Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
	// These toolkits contain sample apps that show how to invoke the identity
	// providers. The toolkits then show how to use the information from these
	// providers to get and use temporary security credentials.
	//
	// * Web Identity
	// Federation with Mobile Applications
	// (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
	// This article discusses web identity federation and shows an example of how to
	// use web identity federation to get access to content in Amazon S3.
	AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error)
	// Decodes additional information about the authorization status of a request from
	// an encoded message returned in response to an Amazon Web Services request. For
	// example, if a user is not authorized to perform an operation that he or she has
	// requested, the request returns a Client.UnauthorizedOperation response (an HTTP
	// 403 response). Some Amazon Web Services operations additionally return an
	// encoded message that can provide details about this authorization failure. Only
	// certain Amazon Web Services operations return an encoded authorization message.
	// The documentation for an individual operation indicates whether that operation
	// returns an encoded message in addition to returning an HTTP code. The message is
	// encoded because the details of the authorization status can contain privileged
	// information that the user who requested the operation should not see. To decode
	// an authorization status message, a user must be granted permissions through an
	// IAM policy
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) to
	// request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.
	// The decoded message includes the following type of information:
	//
	// * Whether the
	// request was denied due to an explicit deny or due to the absence of an explicit
	// allow. For more information, see Determining Whether a Request is Allowed or
	// Denied
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
	// in the IAM User Guide.
	//
	// * The principal who made the request.
	//
	// * The requested
	// action.
	//
	// * The requested resource.
	//
	// * The values of condition keys in the
	// context of the user's request.
	DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error)
	// Returns the account identifier for the specified access key ID. Access keys
	// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a
	// secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For
	// more information about access keys, see Managing Access Keys for IAM Users
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
	// in the IAM User Guide. When you pass an access key ID to this operation, it
	// returns the ID of the Amazon Web Services account to which the keys belong.
	// Access key IDs beginning with AKIA are long-term credentials for an IAM user or
	// the Amazon Web Services account root user. Access key IDs beginning with ASIA
	// are temporary credentials that are created using STS operations. If the account
	// in the response belongs to you, you can sign in as the root user and review your
	// root user access keys. Then, you can pull a credentials report
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
	// to learn which IAM user owns the keys. To learn who requested the temporary
	// credentials for an ASIA access key, view the STS events in your CloudTrail logs
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
	// in the IAM User Guide. This operation does not indicate the state of the access
	// key. The key might be active, inactive, or deleted. Active keys might not have
	// permissions to perform an operation. Providing a deleted access key might return
	// an error that the key doesn't exist.
	GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoInput, optFns ...func(*Options)) (*GetAccessKeyInfoOutput, error)
	// Returns details about the IAM user or role whose credentials are used to call
	// the operation. No permissions are required to perform this operation. If an
	// administrator adds a policy to your IAM user or role that explicitly denies
	// access to the sts:GetCallerIdentity action, you can still perform this
	// operation. Permissions are not required because the same information is returned
	// when an IAM user or role is denied access. To view an example response, see I Am
	// Not Authorized to Perform: iam:DeleteVirtualMFADevice
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
	// in the IAM User Guide.
	GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error)
	// Returns a set of temporary security credentials (consisting of an access key ID,
	// a secret access key, and a security token) for a federated user. A typical use
	// is in a proxy application that gets temporary security credentials on behalf of
	// distributed applications inside a corporate network. You must call the
	// GetFederationToken operation using the long-term security credentials of an IAM
	// user. As a result, this call is appropriate in contexts where those credentials
	// can be safely stored, usually in a server-based application. For a comparison of
	// GetFederationToken with the other API operations that produce temporary
	// credentials, see Requesting Temporary Security Credentials
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
	// and Comparing the Amazon Web Services STS API operations
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
	// in the IAM User Guide. You can create a mobile-based or browser-based app that
	// can authenticate users using a web identity provider like Login with Amazon,
	// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
	// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
	// or AssumeRoleWithWebIdentity. For more information, see Federation Through a
	// Web-based Identity Provider
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
	// in the IAM User Guide. You can also call GetFederationToken using the security
	// credentials of an Amazon Web Services account root user, but we do not recommend
	// it. Instead, we recommend that you create an IAM user for the purpose of the
	// proxy application. Then attach a policy to the IAM user that limits federated
	// users to only the actions and resources that they need to access. For more
	// information, see IAM Best Practices
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) in the
	// IAM User Guide. Session duration The temporary credentials are valid for the
	// specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
	// seconds (36 hours). The default session duration is 43,200 seconds (12 hours).
	// Temporary credentials obtained by using the Amazon Web Services account root
	// user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions
	// You can use the temporary credentials created by GetFederationToken in any
	// Amazon Web Services service with the following exceptions:
	//
	// * You cannot call
	// any IAM operations using the CLI or the Amazon Web Services API. This limitation
	// does not apply to console sessions.
	//
	// * You cannot call any STS operations except
	// GetCallerIdentity.
	//
	// You can use temporary credentials for single sign-on (SSO)
	// to the console. You must pass an inline or managed session policy
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
	// to this operation. You can pass a single JSON policy document to use as an
	// inline session policy. You can also specify up to 10 managed policy Amazon
	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
	// use for both inline and managed session policies can't exceed 2,048 characters.
	// Though the session policy parameters are optional, if you do not pass a policy,
	// then the resulting federated user session has no permissions. When you pass
	// session policies, the session permissions are the intersection of the IAM user
	// policies and the session policies that you pass. This gives you a way to further
	// restrict the permissions for a federated user. You cannot use session policies
	// to grant more permissions than those that are defined in the permissions policy
	// of the IAM user. For more information, see Session Policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
	// in the IAM User Guide. For information about using GetFederationToken to create
	// temporary security credentials, see GetFederationToken—Federation Through a
	// Custom Identity Broker
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
	// You can use the credentials to access a resource that has a resource-based
	// policy. If that policy specifically references the federated user session in the
	// Principal element of the policy, the session has the permissions allowed by the
	// policy. These permissions are granted in addition to the permissions granted by
	// the session policies. Tags (Optional) You can pass tag key-value pairs to your
	// session. These are called session tags. For more information about session tags,
	// see Passing Session Tags in STS
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
	// IAM User Guide. You can create a mobile-based or browser-based app that can
	// authenticate users using a web identity provider like Login with Amazon,
	// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
	// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
	// or AssumeRoleWithWebIdentity. For more information, see Federation Through a
	// Web-based Identity Provider
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
	// in the IAM User Guide. An administrator must grant you the permissions necessary
	// to pass session tags. The administrator can also create granular permissions to
	// allow you to pass only specific session tags. For more information, see
	// Tutorial: Using Tags for Attribute-Based Access Control
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
	// in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is
	// preserved. This means that you cannot have separate Department and department
	// tag keys. Assume that the user that you are federating has the
	// Department=Marketing tag and you pass the department=engineering session tag.
	// Department and department are not saved as separate tags, and the session tag
	// passed in the request takes precedence over the user tag.
	GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error)
	// Returns a set of temporary credentials for an Amazon Web Services account or IAM
	// user. The credentials consist of an access key ID, a secret access key, and a
	// security token. Typically, you use GetSessionToken if you want to use MFA to
	// protect programmatic calls to specific Amazon Web Services API operations like
	// Amazon EC2 StopInstances. MFA-enabled IAM users would need to call
	// GetSessionToken and submit an MFA code that is associated with their MFA device.
	// Using the temporary security credentials that are returned from the call, IAM
	// users can then make programmatic calls to API operations that require MFA
	// authentication. If you do not supply a correct MFA code, then the API returns an
	// access denied error. For a comparison of GetSessionToken with the other API
	// operations that produce temporary credentials, see Requesting Temporary Security
	// Credentials
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
	// and Comparing the Amazon Web Services STS API operations
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
	// in the IAM User Guide. No permissions are required for users to perform this
	// operation. The purpose of the sts:GetSessionToken operation is to authenticate
	// the user using MFA. You cannot use policies to control authentication
	// operations. For more information, see Permissions for GetSessionToken
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
	// in the IAM User Guide. Session Duration The GetSessionToken operation must be
	// called by using the long-term Amazon Web Services security credentials of the
	// Amazon Web Services account root user or an IAM user. Credentials that are
	// created by IAM users are valid for the duration that you specify. This duration
	// can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
	// hours), with a default of 43,200 seconds (12 hours). Credentials based on
	// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
	// (1 hour), with a default of 1 hour. Permissions The temporary security
	// credentials created by GetSessionToken can be used to make API calls to any
	// Amazon Web Services service with the following exceptions:
	//
	// * You cannot call
	// any IAM API operations unless MFA authentication information is included in the
	// request.
	//
	// * You cannot call any STS API except AssumeRole or
	// GetCallerIdentity.
	//
	// We recommend that you do not call GetSessionToken with
	// Amazon Web Services account root user credentials. Instead, follow our best
	// practices
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
	// by creating one or more IAM users, giving them the necessary permissions, and
	// using IAM users for everyday interaction with Amazon Web Services. The
	// credentials that are returned by GetSessionToken are based on permissions
	// associated with the user whose credentials were used to call the operation. If
	// GetSessionToken is called using Amazon Web Services account root user
	// credentials, the temporary credentials have root user permissions. Similarly, if
	// GetSessionToken is called using the credentials of an IAM user, the temporary
	// credentials have the same permissions as the IAM user. For more information
	// about using GetSessionToken to create temporary credentials, go to Temporary
	// Credentials for Users in Untrusted Environments
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
	// in the IAM User Guide.
	GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error)
}

STS provides an interface to the AWS STS service.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL