Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ASG ¶ added in v0.92.0
type ASG interface { // Attaches one or more EC2 instances to the specified Auto Scaling group. When // you attach instances, Amazon EC2 Auto Scaling increases the desired capacity of // the group by the number of instances being attached. If the number of instances // being attached plus the desired capacity of the group exceeds the maximum size // of the group, the operation fails. If there is a Classic Load Balancer attached // to your Auto Scaling group, the instances are also registered with the load // balancer. If there are target groups attached to your Auto Scaling group, the // instances are also registered with the target groups. For more information, see // Attach EC2 instances to your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-instance-asg.html) // in the Amazon EC2 Auto Scaling User Guide. AttachInstances(ctx context.Context, params *AttachInstancesInput, optFns ...func(*Options)) (*AttachInstancesOutput, error) // This API operation is superseded by AttachTrafficSources , which can attach // multiple traffic sources types. We recommend using AttachTrafficSources to // simplify how you manage traffic sources. However, we continue to support // AttachLoadBalancerTargetGroups . You can use both the original // AttachLoadBalancerTargetGroups API operation and AttachTrafficSources on the // same Auto Scaling group. Attaches one or more target groups to the specified // Auto Scaling group. This operation is used with the following load balancer // types: // - Application Load Balancer - Operates at the application layer (layer 7) and // supports HTTP and HTTPS. // - Network Load Balancer - Operates at the transport layer (layer 4) and // supports TCP, TLS, and UDP. // - Gateway Load Balancer - Operates at the network layer (layer 3). // // To describe the target groups for an Auto Scaling group, call the // DescribeLoadBalancerTargetGroups API. To detach the target group from the Auto // Scaling group, call the DetachLoadBalancerTargetGroups API. This operation is // additive and does not detach existing target groups or Classic Load Balancers // from the Auto Scaling group. For more information, see Use Elastic Load // Balancing to distribute traffic across the instances in your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) // in the Amazon EC2 Auto Scaling User Guide. AttachLoadBalancerTargetGroups(ctx context.Context, params *AttachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*AttachLoadBalancerTargetGroupsOutput, error) // This API operation is superseded by AttachTrafficSources , which can attach // multiple traffic sources types. We recommend using AttachTrafficSources to // simplify how you manage traffic sources. However, we continue to support // AttachLoadBalancers . You can use both the original AttachLoadBalancers API // operation and AttachTrafficSources on the same Auto Scaling group. Attaches one // or more Classic Load Balancers to the specified Auto Scaling group. Amazon EC2 // Auto Scaling registers the running instances with these Classic Load Balancers. // To describe the load balancers for an Auto Scaling group, call the // DescribeLoadBalancers API. To detach a load balancer from the Auto Scaling // group, call the DetachLoadBalancers API. This operation is additive and does // not detach existing Classic Load Balancers or target groups from the Auto // Scaling group. For more information, see Use Elastic Load Balancing to // distribute traffic across the instances in your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) // in the Amazon EC2 Auto Scaling User Guide. AttachLoadBalancers(ctx context.Context, params *AttachLoadBalancersInput, optFns ...func(*Options)) (*AttachLoadBalancersOutput, error) // Attaches one or more traffic sources to the specified Auto Scaling group. You // can use any of the following as traffic sources for an Auto Scaling group: // - Application Load Balancer // - Classic Load Balancer // - Gateway Load Balancer // - Network Load Balancer // - VPC Lattice // // This operation is additive and does not detach existing traffic sources from // the Auto Scaling group. After the operation completes, use the // DescribeTrafficSources API to return details about the state of the attachments // between traffic sources and your Auto Scaling group. To detach a traffic source // from the Auto Scaling group, call the DetachTrafficSources API. AttachTrafficSources(ctx context.Context, params *AttachTrafficSourcesInput, optFns ...func(*Options)) (*AttachTrafficSourcesOutput, error) // Deletes one or more scheduled actions for the specified Auto Scaling group. BatchDeleteScheduledAction(ctx context.Context, params *BatchDeleteScheduledActionInput, optFns ...func(*Options)) (*BatchDeleteScheduledActionOutput, error) // Creates or updates one or more scheduled scaling actions for an Auto Scaling // group. BatchPutScheduledUpdateGroupAction(ctx context.Context, params *BatchPutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*BatchPutScheduledUpdateGroupActionOutput, error) // Cancels an instance refresh or rollback that is in progress. If an instance // refresh or rollback is not in progress, an ActiveInstanceRefreshNotFound error // occurs. This operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) // in Amazon EC2 Auto Scaling, which helps you update instances in your Auto // Scaling group after you make configuration changes. When you cancel an instance // refresh, this does not roll back any changes that it made. Use the // RollbackInstanceRefresh API to roll back instead. CancelInstanceRefresh(ctx context.Context, params *CancelInstanceRefreshInput, optFns ...func(*Options)) (*CancelInstanceRefreshOutput, error) // Completes the lifecycle action for the specified token or instance with the // specified result. This step is a part of the procedure for adding a lifecycle // hook to an Auto Scaling group: // - (Optional) Create a launch template or launch configuration with a user // data script that runs while an instance is in a wait state due to a lifecycle // hook. // - (Optional) Create a Lambda function and a rule that allows Amazon // EventBridge to invoke your Lambda function when an instance is put into a wait // state due to a lifecycle hook. // - (Optional) Create a notification target and an IAM role. The target can be // either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 // Auto Scaling to publish lifecycle notifications to the target. // - Create the lifecycle hook. Specify whether the hook is used when the // instances launch or terminate. // - If you need more time, record the lifecycle action heartbeat to keep the // instance in a wait state. // - If you finish before the timeout period ends, send a callback by using the // CompleteLifecycleAction API call. // // For more information, see Amazon EC2 Auto Scaling lifecycle hooks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) // in the Amazon EC2 Auto Scaling User Guide. CompleteLifecycleAction(ctx context.Context, params *CompleteLifecycleActionInput, optFns ...func(*Options)) (*CompleteLifecycleActionOutput, error) // We strongly recommend using a launch template when calling this operation to // ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2. Creates an // Auto Scaling group with the specified name and attributes. If you exceed your // maximum limit of Auto Scaling groups, the call fails. To query this limit, call // the DescribeAccountLimits API. For information about updating this limit, see // Quotas for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html) // in the Amazon EC2 Auto Scaling User Guide. For introductory exercises for // creating an Auto Scaling group, see Getting started with Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/GettingStartedTutorial.html) // and Tutorial: Set up a scaled and load-balanced application (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-register-lbs-with-asg.html) // in the Amazon EC2 Auto Scaling User Guide. For more information, see Auto // Scaling groups (https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html) // in the Amazon EC2 Auto Scaling User Guide. Every Auto Scaling group has three // size properties ( DesiredCapacity , MaxSize , and MinSize ). Usually, you set // these sizes based on a specific number of instances. However, if you configure a // mixed instances policy that defines weights for the instance types, you must // specify these sizes with the same units that you use for weighting instances. CreateAutoScalingGroup(ctx context.Context, params *CreateAutoScalingGroupInput, optFns ...func(*Options)) (*CreateAutoScalingGroupOutput, error) // Creates a launch configuration. If you exceed your maximum limit of launch // configurations, the call fails. To query this limit, call the // DescribeAccountLimits API. For information about updating this limit, see // Quotas for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html) // in the Amazon EC2 Auto Scaling User Guide. For more information, see Launch // configurations (https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html) // in the Amazon EC2 Auto Scaling User Guide. Amazon EC2 Auto Scaling configures // instances launched as part of an Auto Scaling group using either a launch // template or a launch configuration. We strongly recommend that you do not use // launch configurations. They do not provide full functionality for Amazon EC2 // Auto Scaling or Amazon EC2. For information about using launch templates, see // Launch templates (https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-templates.html) // in the Amazon EC2 Auto Scaling User Guide. CreateLaunchConfiguration(ctx context.Context, params *CreateLaunchConfigurationInput, optFns ...func(*Options)) (*CreateLaunchConfigurationOutput, error) // Creates or updates tags for the specified Auto Scaling group. When you specify // a tag with a key that already exists, the operation overwrites the previous tag // definition, and you do not get an error message. For more information, see Tag // Auto Scaling groups and instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html) // in the Amazon EC2 Auto Scaling User Guide. CreateOrUpdateTags(ctx context.Context, params *CreateOrUpdateTagsInput, optFns ...func(*Options)) (*CreateOrUpdateTagsOutput, error) // Deletes the specified Auto Scaling group. If the group has instances or scaling // activities in progress, you must specify the option to force the deletion in // order for it to succeed. The force delete operation will also terminate the EC2 // instances. If the group has a warm pool, the force delete option also deletes // the warm pool. To remove instances from the Auto Scaling group before deleting // it, call the DetachInstances API with the list of instances and the option to // decrement the desired capacity. This ensures that Amazon EC2 Auto Scaling does // not launch replacement instances. To terminate all instances before deleting the // Auto Scaling group, call the UpdateAutoScalingGroup API and set the minimum // size and desired capacity of the Auto Scaling group to zero. If the group has // scaling policies, deleting the group deletes the policies, the underlying alarm // actions, and any alarm that no longer has an associated action. For more // information, see Delete your Auto Scaling infrastructure (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-process-shutdown.html) // in the Amazon EC2 Auto Scaling User Guide. DeleteAutoScalingGroup(ctx context.Context, params *DeleteAutoScalingGroupInput, optFns ...func(*Options)) (*DeleteAutoScalingGroupOutput, error) // Deletes the specified launch configuration. The launch configuration must not // be attached to an Auto Scaling group. When this call completes, the launch // configuration is no longer available for use. DeleteLaunchConfiguration(ctx context.Context, params *DeleteLaunchConfigurationInput, optFns ...func(*Options)) (*DeleteLaunchConfigurationOutput, error) // Deletes the specified lifecycle hook. If there are any outstanding lifecycle // actions, they are completed first ( ABANDON for launching instances, CONTINUE // for terminating instances). DeleteLifecycleHook(ctx context.Context, params *DeleteLifecycleHookInput, optFns ...func(*Options)) (*DeleteLifecycleHookOutput, error) // Deletes the specified notification. DeleteNotificationConfiguration(ctx context.Context, params *DeleteNotificationConfigurationInput, optFns ...func(*Options)) (*DeleteNotificationConfigurationOutput, error) // Deletes the specified scaling policy. Deleting either a step scaling policy or // a simple scaling policy deletes the underlying alarm action, but does not delete // the alarm, even if it no longer has an associated action. For more information, // see Deleting a scaling policy (https://docs.aws.amazon.com/autoscaling/ec2/userguide/deleting-scaling-policy.html) // in the Amazon EC2 Auto Scaling User Guide. DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error) // Deletes the specified scheduled action. DeleteScheduledAction(ctx context.Context, params *DeleteScheduledActionInput, optFns ...func(*Options)) (*DeleteScheduledActionOutput, error) // Deletes the specified tags. DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error) // Deletes the warm pool for the specified Auto Scaling group. For more // information, see Warm pools for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html) // in the Amazon EC2 Auto Scaling User Guide. DeleteWarmPool(ctx context.Context, params *DeleteWarmPoolInput, optFns ...func(*Options)) (*DeleteWarmPoolOutput, error) // Describes the current Amazon EC2 Auto Scaling resource quotas for your account. // When you establish an Amazon Web Services account, the account has initial // quotas on the maximum number of Auto Scaling groups and launch configurations // that you can create in a given Region. For more information, see Quotas for // Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html) // in the Amazon EC2 Auto Scaling User Guide. DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error) // Describes the available adjustment types for step scaling and simple scaling // policies. The following adjustment types are supported: // - ChangeInCapacity // - ExactCapacity // - PercentChangeInCapacity DescribeAdjustmentTypes(ctx context.Context, params *DescribeAdjustmentTypesInput, optFns ...func(*Options)) (*DescribeAdjustmentTypesOutput, error) // Gets information about the Auto Scaling groups in the account and Region. If // you specify Auto Scaling group names, the output includes information for only // the specified Auto Scaling groups. If you specify filters, the output includes // information for only those Auto Scaling groups that meet the filter criteria. If // you do not specify group names or filters, the output includes information for // all Auto Scaling groups. This operation also returns information about instances // in Auto Scaling groups. To retrieve information about the instances in a warm // pool, you must call the DescribeWarmPool API. DescribeAutoScalingGroups(ctx context.Context, params *DescribeAutoScalingGroupsInput, optFns ...func(*Options)) (*DescribeAutoScalingGroupsOutput, error) // Gets information about the Auto Scaling instances in the account and Region. DescribeAutoScalingInstances(ctx context.Context, params *DescribeAutoScalingInstancesInput, optFns ...func(*Options)) (*DescribeAutoScalingInstancesOutput, error) // Describes the notification types that are supported by Amazon EC2 Auto Scaling. DescribeAutoScalingNotificationTypes(ctx context.Context, params *DescribeAutoScalingNotificationTypesInput, optFns ...func(*Options)) (*DescribeAutoScalingNotificationTypesOutput, error) // Gets information about the instance refreshes for the specified Auto Scaling // group. This operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) // in Amazon EC2 Auto Scaling, which helps you update instances in your Auto // Scaling group after you make configuration changes. To help you determine the // status of an instance refresh, Amazon EC2 Auto Scaling returns information about // the instance refreshes you previously initiated, including their status, start // time, end time, the percentage of the instance refresh that is complete, and the // number of instances remaining to update before the instance refresh is complete. // If a rollback is initiated while an instance refresh is in progress, Amazon EC2 // Auto Scaling also returns information about the rollback of the instance // refresh. DescribeInstanceRefreshes(ctx context.Context, params *DescribeInstanceRefreshesInput, optFns ...func(*Options)) (*DescribeInstanceRefreshesOutput, error) // Gets information about the launch configurations in the account and Region. DescribeLaunchConfigurations(ctx context.Context, params *DescribeLaunchConfigurationsInput, optFns ...func(*Options)) (*DescribeLaunchConfigurationsOutput, error) // Describes the available types of lifecycle hooks. The following hook types are // supported: // - autoscaling:EC2_INSTANCE_LAUNCHING // - autoscaling:EC2_INSTANCE_TERMINATING DescribeLifecycleHookTypes(ctx context.Context, params *DescribeLifecycleHookTypesInput, optFns ...func(*Options)) (*DescribeLifecycleHookTypesOutput, error) // Gets information about the lifecycle hooks for the specified Auto Scaling group. DescribeLifecycleHooks(ctx context.Context, params *DescribeLifecycleHooksInput, optFns ...func(*Options)) (*DescribeLifecycleHooksOutput, error) // This API operation is superseded by DescribeTrafficSources , which can describe // multiple traffic sources types. We recommend using DetachTrafficSources to // simplify how you manage traffic sources. However, we continue to support // DescribeLoadBalancerTargetGroups . You can use both the original // DescribeLoadBalancerTargetGroups API operation and DescribeTrafficSources on // the same Auto Scaling group. Gets information about the Elastic Load Balancing // target groups for the specified Auto Scaling group. To determine the attachment // status of the target group, use the State element in the response. When you // attach a target group to an Auto Scaling group, the initial State value is // Adding . The state transitions to Added after all Auto Scaling instances are // registered with the target group. If Elastic Load Balancing health checks are // enabled for the Auto Scaling group, the state transitions to InService after at // least one Auto Scaling instance passes the health check. When the target group // is in the InService state, Amazon EC2 Auto Scaling can terminate and replace // any instances that are reported as unhealthy. If no registered instances pass // the health checks, the target group doesn't enter the InService state. Target // groups also have an InService state if you attach them in the // CreateAutoScalingGroup API call. If your target group state is InService , but // it is not working properly, check the scaling activities by calling // DescribeScalingActivities and take any corrective actions necessary. For help // with failed health checks, see Troubleshooting Amazon EC2 Auto Scaling: Health // checks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html) // in the Amazon EC2 Auto Scaling User Guide. For more information, see Use // Elastic Load Balancing to distribute traffic across the instances in your Auto // Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) // in the Amazon EC2 Auto Scaling User Guide. You can use this operation to // describe target groups that were attached by using // AttachLoadBalancerTargetGroups , but not for target groups that were attached by // using AttachTrafficSources . DescribeLoadBalancerTargetGroups(ctx context.Context, params *DescribeLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DescribeLoadBalancerTargetGroupsOutput, error) // This API operation is superseded by DescribeTrafficSources , which can describe // multiple traffic sources types. We recommend using DescribeTrafficSources to // simplify how you manage traffic sources. However, we continue to support // DescribeLoadBalancers . You can use both the original DescribeLoadBalancers API // operation and DescribeTrafficSources on the same Auto Scaling group. Gets // information about the load balancers for the specified Auto Scaling group. This // operation describes only Classic Load Balancers. If you have Application Load // Balancers, Network Load Balancers, or Gateway Load Balancers, use the // DescribeLoadBalancerTargetGroups API instead. To determine the attachment status // of the load balancer, use the State element in the response. When you attach a // load balancer to an Auto Scaling group, the initial State value is Adding . The // state transitions to Added after all Auto Scaling instances are registered with // the load balancer. If Elastic Load Balancing health checks are enabled for the // Auto Scaling group, the state transitions to InService after at least one Auto // Scaling instance passes the health check. When the load balancer is in the // InService state, Amazon EC2 Auto Scaling can terminate and replace any instances // that are reported as unhealthy. If no registered instances pass the health // checks, the load balancer doesn't enter the InService state. Load balancers // also have an InService state if you attach them in the CreateAutoScalingGroup // API call. If your load balancer state is InService , but it is not working // properly, check the scaling activities by calling DescribeScalingActivities and // take any corrective actions necessary. For help with failed health checks, see // Troubleshooting Amazon EC2 Auto Scaling: Health checks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html) // in the Amazon EC2 Auto Scaling User Guide. For more information, see Use // Elastic Load Balancing to distribute traffic across the instances in your Auto // Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) // in the Amazon EC2 Auto Scaling User Guide. DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error) // Describes the available CloudWatch metrics for Amazon EC2 Auto Scaling. DescribeMetricCollectionTypes(ctx context.Context, params *DescribeMetricCollectionTypesInput, optFns ...func(*Options)) (*DescribeMetricCollectionTypesOutput, error) // Gets information about the Amazon SNS notifications that are configured for one // or more Auto Scaling groups. DescribeNotificationConfigurations(ctx context.Context, params *DescribeNotificationConfigurationsInput, optFns ...func(*Options)) (*DescribeNotificationConfigurationsOutput, error) // Gets information about the scaling policies in the account and Region. DescribePolicies(ctx context.Context, params *DescribePoliciesInput, optFns ...func(*Options)) (*DescribePoliciesOutput, error) // Gets information about the scaling activities in the account and Region. When // scaling events occur, you see a record of the scaling activity in the scaling // activities. For more information, see Verifying a scaling activity for an Auto // Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html) // in the Amazon EC2 Auto Scaling User Guide. If the scaling event succeeds, the // value of the StatusCode element in the response is Successful . If an attempt to // launch instances failed, the StatusCode value is Failed or Cancelled and the // StatusMessage element in the response indicates the cause of the failure. For // help interpreting the StatusMessage , see Troubleshooting Amazon EC2 Auto // Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/CHAP_Troubleshooting.html) // in the Amazon EC2 Auto Scaling User Guide. DescribeScalingActivities(ctx context.Context, params *DescribeScalingActivitiesInput, optFns ...func(*Options)) (*DescribeScalingActivitiesOutput, error) // Describes the scaling process types for use with the ResumeProcesses and // SuspendProcesses APIs. DescribeScalingProcessTypes(ctx context.Context, params *DescribeScalingProcessTypesInput, optFns ...func(*Options)) (*DescribeScalingProcessTypesOutput, error) // Gets information about the scheduled actions that haven't run or that have not // reached their end time. To describe the scaling activities for scheduled actions // that have already run, call the DescribeScalingActivities API. DescribeScheduledActions(ctx context.Context, params *DescribeScheduledActionsInput, optFns ...func(*Options)) (*DescribeScheduledActionsOutput, error) // Describes the specified tags. You can use filters to limit the results. For // example, you can query for the tags for a specific Auto Scaling group. You can // specify multiple values for a filter. A tag must match at least one of the // specified values for it to be included in the results. You can also specify // multiple filters. The result includes information for a particular tag only if // it matches all the filters. If there's no match, no special message is returned. // For more information, see Tag Auto Scaling groups and instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html) // in the Amazon EC2 Auto Scaling User Guide. DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error) // Describes the termination policies supported by Amazon EC2 Auto Scaling. For // more information, see Work with Amazon EC2 Auto Scaling termination policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) // in the Amazon EC2 Auto Scaling User Guide. DescribeTerminationPolicyTypes(ctx context.Context, params *DescribeTerminationPolicyTypesInput, optFns ...func(*Options)) (*DescribeTerminationPolicyTypesOutput, error) // Gets information about the traffic sources for the specified Auto Scaling // group. You can optionally provide a traffic source type. If you provide a // traffic source type, then the results only include that traffic source type. If // you do not provide a traffic source type, then the results include all the // traffic sources for the specified Auto Scaling group. DescribeTrafficSources(ctx context.Context, params *DescribeTrafficSourcesInput, optFns ...func(*Options)) (*DescribeTrafficSourcesOutput, error) // Gets information about a warm pool and its instances. For more information, see // Warm pools for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html) // in the Amazon EC2 Auto Scaling User Guide. DescribeWarmPool(ctx context.Context, params *DescribeWarmPoolInput, optFns ...func(*Options)) (*DescribeWarmPoolOutput, error) // Removes one or more instances from the specified Auto Scaling group. After the // instances are detached, you can manage them independent of the Auto Scaling // group. If you do not specify the option to decrement the desired capacity, // Amazon EC2 Auto Scaling launches instances to replace the ones that are // detached. If there is a Classic Load Balancer attached to the Auto Scaling // group, the instances are deregistered from the load balancer. If there are // target groups attached to the Auto Scaling group, the instances are deregistered // from the target groups. For more information, see Detach EC2 instances from // your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/detach-instance-asg.html) // in the Amazon EC2 Auto Scaling User Guide. DetachInstances(ctx context.Context, params *DetachInstancesInput, optFns ...func(*Options)) (*DetachInstancesOutput, error) // This API operation is superseded by DetachTrafficSources , which can detach // multiple traffic sources types. We recommend using DetachTrafficSources to // simplify how you manage traffic sources. However, we continue to support // DetachLoadBalancerTargetGroups . You can use both the original // DetachLoadBalancerTargetGroups API operation and DetachTrafficSources on the // same Auto Scaling group. Detaches one or more target groups from the specified // Auto Scaling group. When you detach a target group, it enters the Removing // state while deregistering the instances in the group. When all instances are // deregistered, then you can no longer describe the target group using the // DescribeLoadBalancerTargetGroups API call. The instances remain running. You can // use this operation to detach target groups that were attached by using // AttachLoadBalancerTargetGroups , but not for target groups that were attached by // using AttachTrafficSources . DetachLoadBalancerTargetGroups(ctx context.Context, params *DetachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DetachLoadBalancerTargetGroupsOutput, error) // This API operation is superseded by DetachTrafficSources , which can detach // multiple traffic sources types. We recommend using DetachTrafficSources to // simplify how you manage traffic sources. However, we continue to support // DetachLoadBalancers . You can use both the original DetachLoadBalancers API // operation and DetachTrafficSources on the same Auto Scaling group. Detaches one // or more Classic Load Balancers from the specified Auto Scaling group. This // operation detaches only Classic Load Balancers. If you have Application Load // Balancers, Network Load Balancers, or Gateway Load Balancers, use the // DetachLoadBalancerTargetGroups API instead. When you detach a load balancer, it // enters the Removing state while deregistering the instances in the group. When // all instances are deregistered, then you can no longer describe the load // balancer using the DescribeLoadBalancers API call. The instances remain running. DetachLoadBalancers(ctx context.Context, params *DetachLoadBalancersInput, optFns ...func(*Options)) (*DetachLoadBalancersOutput, error) // Detaches one or more traffic sources from the specified Auto Scaling group. // When you detach a taffic, it enters the Removing state while deregistering the // instances in the group. When all instances are deregistered, then you can no // longer describe the traffic source using the DescribeTrafficSources API call. // The instances continue to run. DetachTrafficSources(ctx context.Context, params *DetachTrafficSourcesInput, optFns ...func(*Options)) (*DetachTrafficSourcesOutput, error) // Disables group metrics collection for the specified Auto Scaling group. DisableMetricsCollection(ctx context.Context, params *DisableMetricsCollectionInput, optFns ...func(*Options)) (*DisableMetricsCollectionOutput, error) // Enables group metrics collection for the specified Auto Scaling group. You can // use these metrics to track changes in an Auto Scaling group and to set alarms on // threshold values. You can view group metrics using the Amazon EC2 Auto Scaling // console or the CloudWatch console. For more information, see Monitor CloudWatch // metrics for your Auto Scaling groups and instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-cloudwatch-monitoring.html) // in the Amazon EC2 Auto Scaling User Guide. EnableMetricsCollection(ctx context.Context, params *EnableMetricsCollectionInput, optFns ...func(*Options)) (*EnableMetricsCollectionOutput, error) // Moves the specified instances into the standby state. If you choose to // decrement the desired capacity of the Auto Scaling group, the instances can // enter standby as long as the desired capacity of the Auto Scaling group after // the instances are placed into standby is equal to or greater than the minimum // capacity of the group. If you choose not to decrement the desired capacity of // the Auto Scaling group, the Auto Scaling group launches new instances to replace // the instances on standby. For more information, see Temporarily removing // instances from your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html) // in the Amazon EC2 Auto Scaling User Guide. EnterStandby(ctx context.Context, params *EnterStandbyInput, optFns ...func(*Options)) (*EnterStandbyOutput, error) // Executes the specified policy. This can be useful for testing the design of // your scaling policy. ExecutePolicy(ctx context.Context, params *ExecutePolicyInput, optFns ...func(*Options)) (*ExecutePolicyOutput, error) // Moves the specified instances out of the standby state. After you put the // instances back in service, the desired capacity is incremented. For more // information, see Temporarily removing instances from your Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html) // in the Amazon EC2 Auto Scaling User Guide. ExitStandby(ctx context.Context, params *ExitStandbyInput, optFns ...func(*Options)) (*ExitStandbyOutput, error) // Retrieves the forecast data for a predictive scaling policy. Load forecasts are // predictions of the hourly load values using historical load data from CloudWatch // and an analysis of historical trends. Capacity forecasts are represented as // predicted values for the minimum capacity that is needed on an hourly basis, // based on the hourly load forecast. A minimum of 24 hours of data is required to // create the initial forecasts. However, having a full 14 days of historical data // results in more accurate forecasts. For more information, see Predictive // scaling for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html) // in the Amazon EC2 Auto Scaling User Guide. GetPredictiveScalingForecast(ctx context.Context, params *GetPredictiveScalingForecastInput, optFns ...func(*Options)) (*GetPredictiveScalingForecastOutput, error) // Creates or updates a lifecycle hook for the specified Auto Scaling group. // Lifecycle hooks let you create solutions that are aware of events in the Auto // Scaling instance lifecycle, and then perform a custom action on instances when // the corresponding lifecycle event occurs. This step is a part of the procedure // for adding a lifecycle hook to an Auto Scaling group: // - (Optional) Create a launch template or launch configuration with a user // data script that runs while an instance is in a wait state due to a lifecycle // hook. // - (Optional) Create a Lambda function and a rule that allows Amazon // EventBridge to invoke your Lambda function when an instance is put into a wait // state due to a lifecycle hook. // - (Optional) Create a notification target and an IAM role. The target can be // either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 // Auto Scaling to publish lifecycle notifications to the target. // - Create the lifecycle hook. Specify whether the hook is used when the // instances launch or terminate. // - If you need more time, record the lifecycle action heartbeat to keep the // instance in a wait state using the RecordLifecycleActionHeartbeat API call. // - If you finish before the timeout period ends, send a callback by using the // CompleteLifecycleAction API call. // // For more information, see Amazon EC2 Auto Scaling lifecycle hooks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) // in the Amazon EC2 Auto Scaling User Guide. If you exceed your maximum limit of // lifecycle hooks, which by default is 50 per Auto Scaling group, the call fails. // You can view the lifecycle hooks for an Auto Scaling group using the // DescribeLifecycleHooks API call. If you are no longer using a lifecycle hook, // you can delete it by calling the DeleteLifecycleHook API. PutLifecycleHook(ctx context.Context, params *PutLifecycleHookInput, optFns ...func(*Options)) (*PutLifecycleHookOutput, error) // Configures an Auto Scaling group to send notifications when specified events // take place. Subscribers to the specified topic can have messages delivered to an // endpoint such as a web server or an email address. This configuration overwrites // any existing configuration. For more information, see Getting Amazon SNS // notifications when your Auto Scaling group scales (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ASGettingNotifications.html) // in the Amazon EC2 Auto Scaling User Guide. If you exceed your maximum limit of // SNS topics, which is 10 per Auto Scaling group, the call fails. PutNotificationConfiguration(ctx context.Context, params *PutNotificationConfigurationInput, optFns ...func(*Options)) (*PutNotificationConfigurationOutput, error) // Creates or updates a scaling policy for an Auto Scaling group. Scaling policies // are used to scale an Auto Scaling group based on configurable metrics. If no // policies are defined, the dynamic scaling and predictive scaling features are // not used. For more information about using dynamic scaling, see Target tracking // scaling policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html) // and Step and simple scaling policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html) // in the Amazon EC2 Auto Scaling User Guide. For more information about using // predictive scaling, see Predictive scaling for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html) // in the Amazon EC2 Auto Scaling User Guide. You can view the scaling policies for // an Auto Scaling group using the DescribePolicies API call. If you are no longer // using a scaling policy, you can delete it by calling the DeletePolicy API. PutScalingPolicy(ctx context.Context, params *PutScalingPolicyInput, optFns ...func(*Options)) (*PutScalingPolicyOutput, error) // Creates or updates a scheduled scaling action for an Auto Scaling group. For // more information, see Scheduled scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html) // in the Amazon EC2 Auto Scaling User Guide. You can view the scheduled actions // for an Auto Scaling group using the DescribeScheduledActions API call. If you // are no longer using a scheduled action, you can delete it by calling the // DeleteScheduledAction API. If you try to schedule your action in the past, // Amazon EC2 Auto Scaling returns an error message. PutScheduledUpdateGroupAction(ctx context.Context, params *PutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*PutScheduledUpdateGroupActionOutput, error) // Creates or updates a warm pool for the specified Auto Scaling group. A warm // pool is a pool of pre-initialized EC2 instances that sits alongside the Auto // Scaling group. Whenever your application needs to scale out, the Auto Scaling // group can draw on the warm pool to meet its new desired capacity. For more // information and example configurations, see Warm pools for Amazon EC2 Auto // Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html) // in the Amazon EC2 Auto Scaling User Guide. This operation must be called from // the Region in which the Auto Scaling group was created. This operation cannot be // called on an Auto Scaling group that has a mixed instances policy or a launch // template or launch configuration that requests Spot Instances. You can view the // instances in the warm pool using the DescribeWarmPool API call. If you are no // longer using a warm pool, you can delete it by calling the DeleteWarmPool API. PutWarmPool(ctx context.Context, params *PutWarmPoolInput, optFns ...func(*Options)) (*PutWarmPoolOutput, error) // Records a heartbeat for the lifecycle action associated with the specified // token or instance. This extends the timeout by the length of time defined using // the PutLifecycleHook API call. This step is a part of the procedure for adding // a lifecycle hook to an Auto Scaling group: // - (Optional) Create a launch template or launch configuration with a user // data script that runs while an instance is in a wait state due to a lifecycle // hook. // - (Optional) Create a Lambda function and a rule that allows Amazon // EventBridge to invoke your Lambda function when an instance is put into a wait // state due to a lifecycle hook. // - (Optional) Create a notification target and an IAM role. The target can be // either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 // Auto Scaling to publish lifecycle notifications to the target. // - Create the lifecycle hook. Specify whether the hook is used when the // instances launch or terminate. // - If you need more time, record the lifecycle action heartbeat to keep the // instance in a wait state. // - If you finish before the timeout period ends, send a callback by using the // CompleteLifecycleAction API call. // // For more information, see Amazon EC2 Auto Scaling lifecycle hooks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) // in the Amazon EC2 Auto Scaling User Guide. RecordLifecycleActionHeartbeat(ctx context.Context, params *RecordLifecycleActionHeartbeatInput, optFns ...func(*Options)) (*RecordLifecycleActionHeartbeatOutput, error) // Resumes the specified suspended auto scaling processes, or all suspended // process, for the specified Auto Scaling group. For more information, see // Suspending and resuming scaling processes (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html) // in the Amazon EC2 Auto Scaling User Guide. ResumeProcesses(ctx context.Context, params *ResumeProcessesInput, optFns ...func(*Options)) (*ResumeProcessesOutput, error) // Cancels an instance refresh that is in progress and rolls back any changes that // it made. Amazon EC2 Auto Scaling replaces any instances that were replaced // during the instance refresh. This restores your Auto Scaling group to the // configuration that it was using before the start of the instance refresh. This // operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) // in Amazon EC2 Auto Scaling, which helps you update instances in your Auto // Scaling group after you make configuration changes. A rollback is not supported // in the following situations: // - There is no desired configuration specified for the instance refresh. // - The Auto Scaling group has a launch template that uses an Amazon Web // Services Systems Manager parameter instead of an AMI ID for the ImageId // property. // - The Auto Scaling group uses the launch template's $Latest or $Default // version. // // When you receive a successful response from this operation, Amazon EC2 Auto // Scaling immediately begins replacing instances. You can check the status of this // operation through the DescribeInstanceRefreshes API operation. RollbackInstanceRefresh(ctx context.Context, params *RollbackInstanceRefreshInput, optFns ...func(*Options)) (*RollbackInstanceRefreshOutput, error) // Sets the size of the specified Auto Scaling group. If a scale-in activity // occurs as a result of a new DesiredCapacity value that is lower than the // current size of the group, the Auto Scaling group uses its termination policy to // determine which instances to terminate. For more information, see Manual scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-manual-scaling.html) // in the Amazon EC2 Auto Scaling User Guide. SetDesiredCapacity(ctx context.Context, params *SetDesiredCapacityInput, optFns ...func(*Options)) (*SetDesiredCapacityOutput, error) // Sets the health status of the specified instance. For more information, see // Health checks for Auto Scaling instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html) // in the Amazon EC2 Auto Scaling User Guide. SetInstanceHealth(ctx context.Context, params *SetInstanceHealthInput, optFns ...func(*Options)) (*SetInstanceHealthOutput, error) // Updates the instance protection settings of the specified instances. This // operation cannot be called on instances in a warm pool. For more information // about preventing instances that are part of an Auto Scaling group from // terminating on scale in, see Using instance scale-in protection (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html) // in the Amazon EC2 Auto Scaling User Guide. If you exceed your maximum limit of // instance IDs, which is 50 per Auto Scaling group, the call fails. SetInstanceProtection(ctx context.Context, params *SetInstanceProtectionInput, optFns ...func(*Options)) (*SetInstanceProtectionOutput, error) // Starts an instance refresh. During an instance refresh, Amazon EC2 Auto Scaling // performs a rolling update of instances in an Auto Scaling group. Instances are // terminated first and then replaced, which temporarily reduces the capacity // available within your Auto Scaling group. This operation is part of the // instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) // in Amazon EC2 Auto Scaling, which helps you update instances in your Auto // Scaling group. This feature is helpful, for example, when you have a new AMI or // a new user data script. You just need to create a new launch template that // specifies the new AMI or user data script. Then start an instance refresh to // immediately begin the process of updating instances in the group. If successful, // the request's response contains a unique ID that you can use to track the // progress of the instance refresh. To query its status, call the // DescribeInstanceRefreshes API. To describe the instance refreshes that have // already run, call the DescribeInstanceRefreshes API. To cancel an instance // refresh that is in progress, use the CancelInstanceRefresh API. An instance // refresh might fail for several reasons, such as EC2 launch failures, // misconfigured health checks, or not ignoring or allowing the termination of // instances that are in Standby state or protected from scale in. You can monitor // for failed EC2 launches using the scaling activities. To find the scaling // activities, call the DescribeScalingActivities API. If you enable auto // rollback, your Auto Scaling group will be rolled back automatically when the // instance refresh fails. You can enable this feature before starting an instance // refresh by specifying the AutoRollback property in the instance refresh // preferences. Otherwise, to roll back an instance refresh before it finishes, use // the RollbackInstanceRefresh API. StartInstanceRefresh(ctx context.Context, params *StartInstanceRefreshInput, optFns ...func(*Options)) (*StartInstanceRefreshOutput, error) // Suspends the specified auto scaling processes, or all processes, for the // specified Auto Scaling group. If you suspend either the Launch or Terminate // process types, it can prevent other process types from functioning properly. For // more information, see Suspending and resuming scaling processes (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html) // in the Amazon EC2 Auto Scaling User Guide. To resume processes that have been // suspended, call the ResumeProcesses API. SuspendProcesses(ctx context.Context, params *SuspendProcessesInput, optFns ...func(*Options)) (*SuspendProcessesOutput, error) // Terminates the specified instance and optionally adjusts the desired group // size. This operation cannot be called on instances in a warm pool. This call // simply makes a termination request. The instance is not terminated immediately. // When an instance is terminated, the instance status changes to terminated . You // can't connect to or start an instance after you've terminated it. If you do not // specify the option to decrement the desired capacity, Amazon EC2 Auto Scaling // launches instances to replace the ones that are terminated. By default, Amazon // EC2 Auto Scaling balances instances across all Availability Zones. If you // decrement the desired capacity, your Auto Scaling group can become unbalanced // between Availability Zones. Amazon EC2 Auto Scaling tries to rebalance the // group, and rebalancing might terminate instances in other zones. For more // information, see Rebalancing activities (https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html#AutoScalingBehavior.InstanceUsage) // in the Amazon EC2 Auto Scaling User Guide. TerminateInstanceInAutoScalingGroup(ctx context.Context, params *TerminateInstanceInAutoScalingGroupInput, optFns ...func(*Options)) (*TerminateInstanceInAutoScalingGroupOutput, error) // We strongly recommend that all Auto Scaling groups use launch templates to // ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2. Updates // the configuration for the specified Auto Scaling group. To update an Auto // Scaling group, specify the name of the group and the property that you want to // change. Any properties that you don't specify are not changed by this update // request. The new settings take effect on any scaling activities after this call // returns. If you associate a new launch configuration or template with an Auto // Scaling group, all new instances will get the updated configuration. Existing // instances continue to run with the configuration that they were originally // launched with. When you update a group to specify a mixed instances policy // instead of a launch configuration or template, existing instances may be // replaced to match the new purchasing options that you specified in the policy. // For example, if the group currently has 100% On-Demand capacity and the policy // specifies 50% Spot capacity, this means that half of your instances will be // gradually terminated and relaunched as Spot Instances. When replacing instances, // Amazon EC2 Auto Scaling launches new instances before terminating the old ones, // so that updating your group does not compromise the performance or availability // of your application. Note the following about changing DesiredCapacity , MaxSize // , or MinSize : // - If a scale-in activity occurs as a result of a new DesiredCapacity value // that is lower than the current size of the group, the Auto Scaling group uses // its termination policy to determine which instances to terminate. // - If you specify a new value for MinSize without specifying a value for // DesiredCapacity , and the new MinSize is larger than the current size of the // group, this sets the group's DesiredCapacity to the new MinSize value. // - If you specify a new value for MaxSize without specifying a value for // DesiredCapacity , and the new MaxSize is smaller than the current size of the // group, this sets the group's DesiredCapacity to the new MaxSize value. // // To see which properties have been set, call the DescribeAutoScalingGroups API. // To view the scaling policies for an Auto Scaling group, call the // DescribePolicies API. If the group has scaling policies, you can update them by // calling the PutScalingPolicy API. UpdateAutoScalingGroup(ctx context.Context, params *UpdateAutoScalingGroupInput, optFns ...func(*Options)) (*UpdateAutoScalingGroupOutput, error) }
ASG provides an interface to the AWS ASG service.
type CloudFormation ¶
type CloudFormation interface { // Activate trusted access with Organizations. With trusted access between // StackSets and Organizations activated, the management account has permissions to // create and manage StackSets for your organization. ActivateOrganizationsAccess(ctx context.Context, params *ActivateOrganizationsAccessInput, optFns ...func(*Options)) (*ActivateOrganizationsAccessOutput, error) // Activates a public third-party extension, making it available for use in stack // templates. For more information, see Using public extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) // in the CloudFormation User Guide. Once you have activated a public third-party // extension in your account and Region, use SetTypeConfiguration (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) // to specify configuration properties for the extension. For more information, see // Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) // in the CloudFormation User Guide. ActivateType(ctx context.Context, params *ActivateTypeInput, optFns ...func(*Options)) (*ActivateTypeOutput, error) // Returns configuration data for the specified CloudFormation extensions, from // the CloudFormation registry for the account and Region. For more information, // see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) // in the CloudFormation User Guide. BatchDescribeTypeConfigurations(ctx context.Context, params *BatchDescribeTypeConfigurationsInput, optFns ...func(*Options)) (*BatchDescribeTypeConfigurationsOutput, error) // Cancels an update on the specified stack. If the call completes successfully, // the stack rolls back the update and reverts to the previous stack configuration. // You can cancel only stacks that are in the UPDATE_IN_PROGRESS state. CancelUpdateStack(ctx context.Context, params *CancelUpdateStackInput, optFns ...func(*Options)) (*CancelUpdateStackOutput, error) // For a specified stack that's in the UPDATE_ROLLBACK_FAILED state, continues // rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause // of the failure, you can manually fix the error (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed) // and continue the rollback. By continuing the rollback, you can return your stack // to a working state (the UPDATE_ROLLBACK_COMPLETE state), and then try to update // the stack again. A stack goes into the UPDATE_ROLLBACK_FAILED state when // CloudFormation can't roll back all changes after a failed stack update. For // example, you might have a stack that's rolling back to an old database instance // that was deleted outside of CloudFormation. Because CloudFormation doesn't know // the database was deleted, it assumes that the database instance still exists and // attempts to roll back to it, causing the update rollback to fail. ContinueUpdateRollback(ctx context.Context, params *ContinueUpdateRollbackInput, optFns ...func(*Options)) (*ContinueUpdateRollbackOutput, error) // Creates a list of changes that will be applied to a stack so that you can // review the changes before executing them. You can create a change set for a // stack that doesn't exist or an existing stack. If you create a change set for a // stack that doesn't exist, the change set shows all of the resources that // CloudFormation will create. If you create a change set for an existing stack, // CloudFormation compares the stack's information with the information that you // submit in the change set and lists the differences. Use change sets to // understand which resources CloudFormation will create or change, and how it will // change resources in an existing stack, before you create or update a stack. To // create a change set for a stack that doesn't exist, for the ChangeSetType // parameter, specify CREATE . To create a change set for an existing stack, // specify UPDATE for the ChangeSetType parameter. To create a change set for an // import operation, specify IMPORT for the ChangeSetType parameter. After the // CreateChangeSet call successfully completes, CloudFormation starts creating the // change set. To check the status of the change set or to review it, use the // DescribeChangeSet action. When you are satisfied with the changes the change set // will make, execute the change set by using the ExecuteChangeSet action. // CloudFormation doesn't make changes until you execute the change set. To create // a change set for the entire stack hierarchy, set IncludeNestedStacks to True . CreateChangeSet(ctx context.Context, params *CreateChangeSetInput, optFns ...func(*Options)) (*CreateChangeSetOutput, error) // Creates a stack as specified in the template. After the call completes // successfully, the stack creation starts. You can check the status of the stack // through the DescribeStacks operation. CreateStack(ctx context.Context, params *CreateStackInput, optFns ...func(*Options)) (*CreateStackOutput, error) // Creates stack instances for the specified accounts, within the specified Amazon // Web Services Regions. A stack instance refers to a stack in a specific account // and Region. You must specify at least one value for either Accounts or // DeploymentTargets , and you must specify at least one value for Regions . CreateStackInstances(ctx context.Context, params *CreateStackInstancesInput, optFns ...func(*Options)) (*CreateStackInstancesOutput, error) // Creates a stack set. CreateStackSet(ctx context.Context, params *CreateStackSetInput, optFns ...func(*Options)) (*CreateStackSetOutput, error) // Deactivates trusted access with Organizations. If trusted access is // deactivated, the management account does not have permissions to create and // manage service-managed StackSets for your organization. DeactivateOrganizationsAccess(ctx context.Context, params *DeactivateOrganizationsAccessInput, optFns ...func(*Options)) (*DeactivateOrganizationsAccessOutput, error) // Deactivates a public extension that was previously activated in this account // and Region. Once deactivated, an extension can't be used in any CloudFormation // operation. This includes stack update operations where the stack template // includes the extension, even if no updates are being made to the extension. In // addition, deactivated extensions aren't automatically updated if a new version // of the extension is released. DeactivateType(ctx context.Context, params *DeactivateTypeInput, optFns ...func(*Options)) (*DeactivateTypeOutput, error) // Deletes the specified change set. Deleting change sets ensures that no one // executes the wrong change set. If the call successfully completes, // CloudFormation successfully deleted the change set. If IncludeNestedStacks // specifies True during the creation of the nested change set, then // DeleteChangeSet will delete all change sets that belong to the stacks hierarchy // and will also delete all change sets for nested stacks with the status of // REVIEW_IN_PROGRESS . DeleteChangeSet(ctx context.Context, params *DeleteChangeSetInput, optFns ...func(*Options)) (*DeleteChangeSetOutput, error) // Deletes a specified stack. Once the call completes successfully, stack deletion // starts. Deleted stacks don't show up in the DescribeStacks operation if the // deletion has been completed successfully. DeleteStack(ctx context.Context, params *DeleteStackInput, optFns ...func(*Options)) (*DeleteStackOutput, error) // Deletes stack instances for the specified accounts, in the specified Amazon Web // Services Regions. DeleteStackInstances(ctx context.Context, params *DeleteStackInstancesInput, optFns ...func(*Options)) (*DeleteStackInstancesOutput, error) // Deletes a stack set. Before you can delete a stack set, all its member stack // instances must be deleted. For more information about how to complete this, see // DeleteStackInstances . DeleteStackSet(ctx context.Context, params *DeleteStackSetInput, optFns ...func(*Options)) (*DeleteStackSetOutput, error) // Marks an extension or extension version as DEPRECATED in the CloudFormation // registry, removing it from active use. Deprecated extensions or extension // versions cannot be used in CloudFormation operations. To deregister an entire // extension, you must individually deregister all active versions of that // extension. If an extension has only a single active version, deregistering that // version results in the extension itself being deregistered and marked as // deprecated in the registry. You can't deregister the default version of an // extension if there are other active version of that extension. If you do // deregister the default version of an extension, the extension type itself is // deregistered as well and marked as deprecated. To view the deprecation status of // an extension or extension version, use DescribeType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html) // . DeregisterType(ctx context.Context, params *DeregisterTypeInput, optFns ...func(*Options)) (*DeregisterTypeOutput, error) // Retrieves your account's CloudFormation limits, such as the maximum number of // stacks that you can create in your account. For more information about account // limits, see CloudFormation Quotas (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html) // in the CloudFormation User Guide. DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error) // Returns the inputs for the change set and a list of changes that CloudFormation // will make if you execute the change set. For more information, see Updating // Stacks Using Change Sets (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html) // in the CloudFormation User Guide. DescribeChangeSet(ctx context.Context, params *DescribeChangeSetInput, optFns ...func(*Options)) (*DescribeChangeSetOutput, error) // Returns hook-related information for the change set and a list of changes that // CloudFormation makes when you run the change set. DescribeChangeSetHooks(ctx context.Context, params *DescribeChangeSetHooksInput, optFns ...func(*Options)) (*DescribeChangeSetHooksOutput, error) // Retrieves information about the account's OrganizationAccess status. This API // can be called either by the management account or the delegated administrator by // using the CallAs parameter. This API can also be called without the CallAs // parameter by the management account. DescribeOrganizationsAccess(ctx context.Context, params *DescribeOrganizationsAccessInput, optFns ...func(*Options)) (*DescribeOrganizationsAccessOutput, error) // Returns information about a CloudFormation extension publisher. If you don't // supply a PublisherId , and you have registered as an extension publisher, // DescribePublisher returns information about your own publisher account. For more // information about registering as a publisher, see: // - RegisterPublisher (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html) // - Publishing extensions to make them available for public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html) // in the CloudFormation CLI User Guide DescribePublisher(ctx context.Context, params *DescribePublisherInput, optFns ...func(*Options)) (*DescribePublisherOutput, error) // Returns information about a stack drift detection operation. A stack drift // detection operation detects whether a stack's actual configuration differs, or // has drifted, from its expected configuration, as defined in the stack template // and any values specified as template parameters. A stack is considered to have // drifted if one or more of its resources have drifted. For more information about // stack and resource drift, see Detecting Unregulated Configuration Changes to // Stacks and Resources (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html) // . Use DetectStackDrift to initiate a stack drift detection operation. // DetectStackDrift returns a StackDriftDetectionId you can use to monitor the // progress of the operation using DescribeStackDriftDetectionStatus . Once the // drift detection operation has completed, use DescribeStackResourceDrifts to // return drift information about the stack and its resources. DescribeStackDriftDetectionStatus(ctx context.Context, params *DescribeStackDriftDetectionStatusInput, optFns ...func(*Options)) (*DescribeStackDriftDetectionStatusOutput, error) // Returns all stack related events for a specified stack in reverse chronological // order. For more information about a stack's event history, go to Stacks (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/concept-stack.html) // in the CloudFormation User Guide. You can list events for stacks that have // failed to create or have been deleted by specifying the unique stack identifier // (stack ID). DescribeStackEvents(ctx context.Context, params *DescribeStackEventsInput, optFns ...func(*Options)) (*DescribeStackEventsOutput, error) // Returns the stack instance that's associated with the specified StackSet, // Amazon Web Services account, and Amazon Web Services Region. For a list of stack // instances that are associated with a specific StackSet, use ListStackInstances . DescribeStackInstance(ctx context.Context, params *DescribeStackInstanceInput, optFns ...func(*Options)) (*DescribeStackInstanceOutput, error) // Returns a description of the specified resource in the specified stack. For // deleted stacks, DescribeStackResource returns resource information for up to 90 // days after the stack has been deleted. DescribeStackResource(ctx context.Context, params *DescribeStackResourceInput, optFns ...func(*Options)) (*DescribeStackResourceOutput, error) // Returns drift information for the resources that have been checked for drift in // the specified stack. This includes actual and expected configuration values for // resources where CloudFormation detects configuration drift. For a given stack, // there will be one StackResourceDrift for each stack resource that has been // checked for drift. Resources that haven't yet been checked for drift aren't // included. Resources that don't currently support drift detection aren't checked, // and so not included. For a list of resources that support drift detection, see // Resources that Support Drift Detection (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html) // . Use DetectStackResourceDrift to detect drift on individual resources, or // DetectStackDrift to detect drift on all supported resources for a given stack. DescribeStackResourceDrifts(ctx context.Context, params *DescribeStackResourceDriftsInput, optFns ...func(*Options)) (*DescribeStackResourceDriftsOutput, error) // Returns Amazon Web Services resource descriptions for running and deleted // stacks. If StackName is specified, all the associated resources that are part // of the stack are returned. If PhysicalResourceId is specified, the associated // resources of the stack that the resource belongs to are returned. Only the first // 100 resources will be returned. If your stack has more resources than this, you // should use ListStackResources instead. For deleted stacks, // DescribeStackResources returns resource information for up to 90 days after the // stack has been deleted. You must specify either StackName or PhysicalResourceId // , but not both. In addition, you can specify LogicalResourceId to filter the // returned result. For more information about resources, the LogicalResourceId // and PhysicalResourceId , go to the CloudFormation User Guide (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/) // . A ValidationError is returned if you specify both StackName and // PhysicalResourceId in the same request. DescribeStackResources(ctx context.Context, params *DescribeStackResourcesInput, optFns ...func(*Options)) (*DescribeStackResourcesOutput, error) // Returns the description of the specified StackSet. DescribeStackSet(ctx context.Context, params *DescribeStackSetInput, optFns ...func(*Options)) (*DescribeStackSetOutput, error) // Returns the description of the specified StackSet operation. DescribeStackSetOperation(ctx context.Context, params *DescribeStackSetOperationInput, optFns ...func(*Options)) (*DescribeStackSetOperationOutput, error) // Returns the description for the specified stack; if no stack name was // specified, then it returns the description for all the stacks created. If the // stack doesn't exist, an ValidationError is returned. DescribeStacks(ctx context.Context, params *DescribeStacksInput, optFns ...func(*Options)) (*DescribeStacksOutput, error) // Returns detailed information about an extension that has been registered. If // you specify a VersionId , DescribeType returns information about that specific // extension version. Otherwise, it returns information about the default extension // version. DescribeType(ctx context.Context, params *DescribeTypeInput, optFns ...func(*Options)) (*DescribeTypeOutput, error) // Returns information about an extension's registration, including its current // status and type and version identifiers. When you initiate a registration // request using RegisterType , you can then use DescribeTypeRegistration to // monitor the progress of that registration request. Once the registration request // has completed, use DescribeType to return detailed information about an // extension. DescribeTypeRegistration(ctx context.Context, params *DescribeTypeRegistrationInput, optFns ...func(*Options)) (*DescribeTypeRegistrationOutput, error) // Detects whether a stack's actual configuration differs, or has drifted, from // its expected configuration, as defined in the stack template and any values // specified as template parameters. For each resource in the stack that supports // drift detection, CloudFormation compares the actual configuration of the // resource with its expected template configuration. Only resource properties // explicitly defined in the stack template are checked for drift. A stack is // considered to have drifted if one or more of its resources differ from their // expected template configurations. For more information, see Detecting // Unregulated Configuration Changes to Stacks and Resources (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html) // . Use DetectStackDrift to detect drift on all supported resources for a given // stack, or DetectStackResourceDrift to detect drift on individual resources. For // a list of stack resources that currently support drift detection, see Resources // that Support Drift Detection (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html) // . DetectStackDrift can take up to several minutes, depending on the number of // resources contained within the stack. Use DescribeStackDriftDetectionStatus to // monitor the progress of a detect stack drift operation. Once the drift detection // operation has completed, use DescribeStackResourceDrifts to return drift // information about the stack and its resources. When detecting drift on a stack, // CloudFormation doesn't detect drift on any nested stacks belonging to that // stack. Perform DetectStackDrift directly on the nested stack itself. DetectStackDrift(ctx context.Context, params *DetectStackDriftInput, optFns ...func(*Options)) (*DetectStackDriftOutput, error) // Returns information about whether a resource's actual configuration differs, or // has drifted, from its expected configuration, as defined in the stack template // and any values specified as template parameters. This information includes // actual and expected property values for resources in which CloudFormation // detects drift. Only resource properties explicitly defined in the stack template // are checked for drift. For more information about stack and resource drift, see // Detecting Unregulated Configuration Changes to Stacks and Resources (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html) // . Use DetectStackResourceDrift to detect drift on individual resources, or // DetectStackDrift to detect drift on all resources in a given stack that support // drift detection. Resources that don't currently support drift detection can't be // checked. For a list of resources that support drift detection, see Resources // that Support Drift Detection (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html) // . DetectStackResourceDrift(ctx context.Context, params *DetectStackResourceDriftInput, optFns ...func(*Options)) (*DetectStackResourceDriftOutput, error) // Detect drift on a stack set. When CloudFormation performs drift detection on a // stack set, it performs drift detection on the stack associated with each stack // instance in the stack set. For more information, see How CloudFormation // performs drift detection on a stack set (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html) // . DetectStackSetDrift returns the OperationId of the stack set drift detection // operation. Use this operation id with DescribeStackSetOperation to monitor the // progress of the drift detection operation. The drift detection operation may // take some time, depending on the number of stack instances included in the stack // set, in addition to the number of resources included in each stack. Once the // operation has completed, use the following actions to return drift information: // - Use DescribeStackSet to return detailed information about the stack set, // including detailed information about the last completed drift operation // performed on the stack set. (Information about drift operations that are in // progress isn't included.) // - Use ListStackInstances to return a list of stack instances belonging to the // stack set, including the drift status and last drift time checked of each // instance. // - Use DescribeStackInstance to return detailed information about a specific // stack instance, including its drift status and last drift time checked. // // For more information about performing a drift detection operation on a stack // set, see Detecting unmanaged changes in stack sets (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html) // . You can only run a single drift detection operation on a given stack set at // one time. To stop a drift detection stack set operation, use // StopStackSetOperation . DetectStackSetDrift(ctx context.Context, params *DetectStackSetDriftInput, optFns ...func(*Options)) (*DetectStackSetDriftOutput, error) // Returns the estimated monthly cost of a template. The return value is an Amazon // Web Services Simple Monthly Calculator URL with a query string that describes // the resources required to run the template. EstimateTemplateCost(ctx context.Context, params *EstimateTemplateCostInput, optFns ...func(*Options)) (*EstimateTemplateCostOutput, error) // Updates a stack using the input information that was provided when the // specified change set was created. After the call successfully completes, // CloudFormation starts updating the stack. Use the DescribeStacks action to view // the status of the update. When you execute a change set, CloudFormation deletes // all other change sets associated with the stack because they aren't valid for // the updated stack. If a stack policy is associated with the stack, // CloudFormation enforces the policy during the update. You can't specify a // temporary stack policy that overrides the current policy. To create a change set // for the entire stack hierarchy, IncludeNestedStacks must have been set to True . ExecuteChangeSet(ctx context.Context, params *ExecuteChangeSetInput, optFns ...func(*Options)) (*ExecuteChangeSetOutput, error) // Returns the stack policy for a specified stack. If a stack doesn't have a // policy, a null value is returned. GetStackPolicy(ctx context.Context, params *GetStackPolicyInput, optFns ...func(*Options)) (*GetStackPolicyOutput, error) // Returns the template body for a specified stack. You can get the template for // running or deleted stacks. For deleted stacks, GetTemplate returns the template // for up to 90 days after the stack has been deleted. If the template doesn't // exist, a ValidationError is returned. GetTemplate(ctx context.Context, params *GetTemplateInput, optFns ...func(*Options)) (*GetTemplateOutput, error) // Returns information about a new or existing template. The GetTemplateSummary // action is useful for viewing parameter information, such as default parameter // values and parameter types, before you create or update a stack or stack set. // You can use the GetTemplateSummary action when you submit a template, or you // can get template information for a stack set, or a running or deleted stack. For // deleted stacks, GetTemplateSummary returns the template information for up to // 90 days after the stack has been deleted. If the template doesn't exist, a // ValidationError is returned. GetTemplateSummary(ctx context.Context, params *GetTemplateSummaryInput, optFns ...func(*Options)) (*GetTemplateSummaryOutput, error) // Import existing stacks into a new stack sets. Use the stack import operation to // import up to 10 stacks into a new stack set in the same account as the source // stack or in a different administrator account and Region, by specifying the // stack ID of the stack you intend to import. ImportStacksToStackSet(ctx context.Context, params *ImportStacksToStackSetInput, optFns ...func(*Options)) (*ImportStacksToStackSetOutput, error) // Returns the ID and status of each active change set for a stack. For example, // CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or // CREATE_PENDING state. ListChangeSets(ctx context.Context, params *ListChangeSetsInput, optFns ...func(*Options)) (*ListChangeSetsOutput, error) // Lists all exported output values in the account and Region in which you call // this action. Use this action to see the exported output values that you can // import into other stacks. To import values, use the Fn::ImportValue (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html) // function. For more information, see CloudFormation export stack output values (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html) // . ListExports(ctx context.Context, params *ListExportsInput, optFns ...func(*Options)) (*ListExportsOutput, error) // Lists all stacks that are importing an exported output value. To modify or // remove an exported output value, first use this action to see which stacks are // using it. To see the exported output values in your account, see ListExports . // For more information about importing an exported output value, see the // Fn::ImportValue (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html) // function. ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error) // Returns summary information about stack instances that are associated with the // specified stack set. You can filter for stack instances that are associated with // a specific Amazon Web Services account name or Region, or that have a specific // status. ListStackInstances(ctx context.Context, params *ListStackInstancesInput, optFns ...func(*Options)) (*ListStackInstancesOutput, error) // Returns descriptions of all resources of the specified stack. For deleted // stacks, ListStackResources returns resource information for up to 90 days after // the stack has been deleted. ListStackResources(ctx context.Context, params *ListStackResourcesInput, optFns ...func(*Options)) (*ListStackResourcesOutput, error) // Returns summary information about the results of a stack set operation. ListStackSetOperationResults(ctx context.Context, params *ListStackSetOperationResultsInput, optFns ...func(*Options)) (*ListStackSetOperationResultsOutput, error) // Returns summary information about operations performed on a stack set. ListStackSetOperations(ctx context.Context, params *ListStackSetOperationsInput, optFns ...func(*Options)) (*ListStackSetOperationsOutput, error) // Returns summary information about stack sets that are associated with the user. // - [Self-managed permissions] If you set the CallAs parameter to SELF while // signed in to your Amazon Web Services account, ListStackSets returns all // self-managed stack sets in your Amazon Web Services account. // - [Service-managed permissions] If you set the CallAs parameter to SELF while // signed in to the organization's management account, ListStackSets returns all // stack sets in the management account. // - [Service-managed permissions] If you set the CallAs parameter to // DELEGATED_ADMIN while signed in to your member account, ListStackSets returns // all stack sets with service-managed permissions in the management account. ListStackSets(ctx context.Context, params *ListStackSetsInput, optFns ...func(*Options)) (*ListStackSetsOutput, error) // Returns the summary information for stacks whose status matches the specified // StackStatusFilter. Summary information for stacks that have been deleted is kept // for 90 days after the stack is deleted. If no StackStatusFilter is specified, // summary information for all stacks is returned (including existing stacks and // stacks that have been deleted). ListStacks(ctx context.Context, params *ListStacksInput, optFns ...func(*Options)) (*ListStacksOutput, error) // Returns a list of registration tokens for the specified extension(s). ListTypeRegistrations(ctx context.Context, params *ListTypeRegistrationsInput, optFns ...func(*Options)) (*ListTypeRegistrationsOutput, error) // Returns summary information about the versions of an extension. ListTypeVersions(ctx context.Context, params *ListTypeVersionsInput, optFns ...func(*Options)) (*ListTypeVersionsOutput, error) // Returns summary information about extension that have been registered with // CloudFormation. ListTypes(ctx context.Context, params *ListTypesInput, optFns ...func(*Options)) (*ListTypesOutput, error) // Publishes the specified extension to the CloudFormation registry as a public // extension in this Region. Public extensions are available for use by all // CloudFormation users. For more information about publishing extensions, see // Publishing extensions to make them available for public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html) // in the CloudFormation CLI User Guide. To publish an extension, you must be // registered as a publisher with CloudFormation. For more information, see // RegisterPublisher (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html) // . PublishType(ctx context.Context, params *PublishTypeInput, optFns ...func(*Options)) (*PublishTypeOutput, error) // Reports progress of a resource handler to CloudFormation. Reserved for use by // the CloudFormation CLI (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html) // . Don't use this API in your code. RecordHandlerProgress(ctx context.Context, params *RecordHandlerProgressInput, optFns ...func(*Options)) (*RecordHandlerProgressOutput, error) // Registers your account as a publisher of public extensions in the // CloudFormation registry. Public extensions are available for use by all // CloudFormation users. This publisher ID applies to your account in all Amazon // Web Services Regions. For information about requirements for registering as a // public extension publisher, see Registering your account to publish // CloudFormation extensions (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs) // in the CloudFormation CLI User Guide. RegisterPublisher(ctx context.Context, params *RegisterPublisherInput, optFns ...func(*Options)) (*RegisterPublisherOutput, error) // Registers an extension with the CloudFormation service. Registering an // extension makes it available for use in CloudFormation templates in your Amazon // Web Services account, and includes: // - Validating the extension schema. // - Determining which handlers, if any, have been specified for the extension. // - Making the extension available for use in your account. // // For more information about how to develop extensions and ready them for // registration, see Creating Resource Providers (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html) // in the CloudFormation CLI User Guide. You can have a maximum of 50 resource // extension versions registered at a time. This maximum is per account and per // Region. Use DeregisterType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeregisterType.html) // to deregister specific extension versions if necessary. Once you have initiated // a registration request using RegisterType , you can use DescribeTypeRegistration // to monitor the progress of the registration request. Once you have registered a // private extension in your account and Region, use SetTypeConfiguration (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) // to specify configuration properties for the extension. For more information, see // Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) // in the CloudFormation User Guide. RegisterType(ctx context.Context, params *RegisterTypeInput, optFns ...func(*Options)) (*RegisterTypeOutput, error) // When specifying RollbackStack , you preserve the state of previously provisioned // resources when an operation fails. You can check the status of the stack through // the DescribeStacks operation. Rolls back the specified stack to the last known // stable state from CREATE_FAILED or UPDATE_FAILED stack statuses. This operation // will delete a stack if it doesn't contain a last known stable state. A last // known stable state includes any status in a *_COMPLETE . This includes the // following stack statuses. // - CREATE_COMPLETE // - UPDATE_COMPLETE // - UPDATE_ROLLBACK_COMPLETE // - IMPORT_COMPLETE // - IMPORT_ROLLBACK_COMPLETE RollbackStack(ctx context.Context, params *RollbackStackInput, optFns ...func(*Options)) (*RollbackStackOutput, error) // Sets a stack policy for a specified stack. SetStackPolicy(ctx context.Context, params *SetStackPolicyInput, optFns ...func(*Options)) (*SetStackPolicyOutput, error) // Specifies the configuration data for a registered CloudFormation extension, in // the given account and Region. To view the current configuration data for an // extension, refer to the ConfigurationSchema element of DescribeType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html) // . For more information, see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) // in the CloudFormation User Guide. It's strongly recommended that you use dynamic // references to restrict sensitive configuration definitions, such as third-party // credentials. For more details on dynamic references, see Using dynamic // references to specify template values (https://docs.aws.amazon.com/) in the // CloudFormation User Guide. SetTypeConfiguration(ctx context.Context, params *SetTypeConfigurationInput, optFns ...func(*Options)) (*SetTypeConfigurationOutput, error) // Specify the default version of an extension. The default version of an // extension will be used in CloudFormation operations. SetTypeDefaultVersion(ctx context.Context, params *SetTypeDefaultVersionInput, optFns ...func(*Options)) (*SetTypeDefaultVersionOutput, error) // Sends a signal to the specified resource with a success or failure status. You // can use the SignalResource operation in conjunction with a creation policy or // update policy. CloudFormation doesn't proceed with a stack creation or update // until resources receive the required number of signals or the timeout period is // exceeded. The SignalResource operation is useful in cases where you want to // send signals from anywhere other than an Amazon EC2 instance. SignalResource(ctx context.Context, params *SignalResourceInput, optFns ...func(*Options)) (*SignalResourceOutput, error) // Stops an in-progress operation on a stack set and its associated stack // instances. StackSets will cancel all the unstarted stack instance deployments // and wait for those are in-progress to complete. StopStackSetOperation(ctx context.Context, params *StopStackSetOperationInput, optFns ...func(*Options)) (*StopStackSetOperationOutput, error) // Tests a registered extension to make sure it meets all necessary requirements // for being published in the CloudFormation registry. // - For resource types, this includes passing all contracts tests defined for // the type. // - For modules, this includes determining if the module's model meets all // necessary requirements. // // For more information, see Testing your public extension prior to publishing (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing) // in the CloudFormation CLI User Guide. If you don't specify a version, // CloudFormation uses the default version of the extension in your account and // Region for testing. To perform testing, CloudFormation assumes the execution // role specified when the type was registered. For more information, see // RegisterType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html) // . Once you've initiated testing on an extension using TestType , you can pass // the returned TypeVersionArn into DescribeType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html) // to monitor the current test status and test status description for the // extension. An extension must have a test status of PASSED before it can be // published. For more information, see Publishing extensions to make them // available for public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html) // in the CloudFormation CLI User Guide. TestType(ctx context.Context, params *TestTypeInput, optFns ...func(*Options)) (*TestTypeOutput, error) // Updates a stack as specified in the template. After the call completes // successfully, the stack update starts. You can check the status of the stack // through the DescribeStacks action. To get a copy of the template for an // existing stack, you can use the GetTemplate action. For more information about // creating an update template, updating a stack, and monitoring the progress of // the update, see Updating a Stack (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) // . UpdateStack(ctx context.Context, params *UpdateStackInput, optFns ...func(*Options)) (*UpdateStackOutput, error) // Updates the parameter values for stack instances for the specified accounts, // within the specified Amazon Web Services Regions. A stack instance refers to a // stack in a specific account and Region. You can only update stack instances in // Amazon Web Services Regions and accounts where they already exist; to create // additional stack instances, use CreateStackInstances (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStackInstances.html) // . During stack set updates, any parameters overridden for a stack instance // aren't updated, but retain their overridden value. You can only update the // parameter values that are specified in the stack set; to add or delete a // parameter itself, use UpdateStackSet (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html) // to update the stack set template. If you add a parameter to a template, before // you can override the parameter value specified in the stack set you must first // use UpdateStackSet (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html) // to update all stack instances with the updated template and parameter value // specified in the stack set. Once a stack instance has been updated with the new // parameter, you can then override the parameter value using UpdateStackInstances . UpdateStackInstances(ctx context.Context, params *UpdateStackInstancesInput, optFns ...func(*Options)) (*UpdateStackInstancesOutput, error) // Updates the stack set, and associated stack instances in the specified accounts // and Amazon Web Services Regions. Even if the stack set operation created by // updating the stack set fails (completely or partially, below or above a // specified failure tolerance), the stack set is updated with your changes. // Subsequent CreateStackInstances calls on the specified stack set use the // updated stack set. UpdateStackSet(ctx context.Context, params *UpdateStackSetInput, optFns ...func(*Options)) (*UpdateStackSetOutput, error) // Updates termination protection for the specified stack. If a user attempts to // delete a stack with termination protection enabled, the operation fails and the // stack remains unchanged. For more information, see Protecting a Stack From // Being Deleted (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html) // in the CloudFormation User Guide. For nested stacks (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html) // , termination protection is set on the root stack and can't be changed directly // on the nested stack. UpdateTerminationProtection(ctx context.Context, params *UpdateTerminationProtectionInput, optFns ...func(*Options)) (*UpdateTerminationProtectionOutput, error) // Validates a specified template. CloudFormation first checks if the template is // valid JSON. If it isn't, CloudFormation checks if the template is valid YAML. If // both these checks fail, CloudFormation returns a template validation error. ValidateTemplate(ctx context.Context, params *ValidateTemplateInput, optFns ...func(*Options)) (*ValidateTemplateOutput, error) }
CloudFormation provides an interface to the AWS CloudFormation service.
type CloudTrail ¶ added in v0.92.0
type CloudTrail interface { // Adds one or more tags to a trail, event data store, or channel, up to a limit // of 50. Overwrites an existing tag's value when a new value is specified for an // existing tag key. Tag key names must be unique; you cannot have two keys with // the same name but different values. If you specify a key without a value, the // tag will be created with the specified key and a value of null. You can tag a // trail or event data store that applies to all Amazon Web Services Regions only // from the Region in which the trail or event data store was created (also known // as its home Region). AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error) // Cancels a query if the query is not in a terminated state, such as CANCELLED , // FAILED , TIMED_OUT , or FINISHED . You must specify an ARN value for // EventDataStore . The ID of the query that you want to cancel is also required. // When you run CancelQuery , the query status might show as CANCELLED even if the // operation is not yet finished. CancelQuery(ctx context.Context, params *CancelQueryInput, optFns ...func(*Options)) (*CancelQueryOutput, error) // Creates a channel for CloudTrail to ingest events from a partner or external // source. After you create a channel, a CloudTrail Lake event data store can log // events from the partner or source that you specify. CreateChannel(ctx context.Context, params *CreateChannelInput, optFns ...func(*Options)) (*CreateChannelOutput, error) // Creates a new event data store. CreateEventDataStore(ctx context.Context, params *CreateEventDataStoreInput, optFns ...func(*Options)) (*CreateEventDataStoreOutput, error) // Creates a trail that specifies the settings for delivery of log data to an // Amazon S3 bucket. CreateTrail(ctx context.Context, params *CreateTrailInput, optFns ...func(*Options)) (*CreateTrailOutput, error) // Deletes a channel. DeleteChannel(ctx context.Context, params *DeleteChannelInput, optFns ...func(*Options)) (*DeleteChannelOutput, error) // Disables the event data store specified by EventDataStore , which accepts an // event data store ARN. After you run DeleteEventDataStore , the event data store // enters a PENDING_DELETION state, and is automatically deleted after a wait // period of seven days. TerminationProtectionEnabled must be set to False on the // event data store; this operation cannot work if TerminationProtectionEnabled is // True . After you run DeleteEventDataStore on an event data store, you cannot // run ListQueries , DescribeQuery , or GetQueryResults on queries that are using // an event data store in a PENDING_DELETION state. An event data store in the // PENDING_DELETION state does not incur costs. DeleteEventDataStore(ctx context.Context, params *DeleteEventDataStoreInput, optFns ...func(*Options)) (*DeleteEventDataStoreOutput, error) // Deletes the resource-based policy attached to the CloudTrail channel. DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error) // Deletes a trail. This operation must be called from the Region in which the // trail was created. DeleteTrail cannot be called on the shadow trails // (replicated trails in other Regions) of a trail that is enabled in all Regions. DeleteTrail(ctx context.Context, params *DeleteTrailInput, optFns ...func(*Options)) (*DeleteTrailOutput, error) // Removes CloudTrail delegated administrator permissions from a member account in // an organization. DeregisterOrganizationDelegatedAdmin(ctx context.Context, params *DeregisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*DeregisterOrganizationDelegatedAdminOutput, error) // Returns metadata about a query, including query run time in milliseconds, // number of events scanned and matched, and query status. If the query results // were delivered to an S3 bucket, the response also provides the S3 URI and the // delivery status. You must specify either a QueryID or a QueryAlias . Specifying // the QueryAlias parameter returns information about the last query run for the // alias. DescribeQuery(ctx context.Context, params *DescribeQueryInput, optFns ...func(*Options)) (*DescribeQueryOutput, error) // Retrieves settings for one or more trails associated with the current Region // for your account. DescribeTrails(ctx context.Context, params *DescribeTrailsInput, optFns ...func(*Options)) (*DescribeTrailsOutput, error) // Returns information about a specific channel. GetChannel(ctx context.Context, params *GetChannelInput, optFns ...func(*Options)) (*GetChannelOutput, error) // Returns information about an event data store specified as either an ARN or the // ID portion of the ARN. GetEventDataStore(ctx context.Context, params *GetEventDataStoreInput, optFns ...func(*Options)) (*GetEventDataStoreOutput, error) // Describes the settings for the event selectors that you configured for your // trail. The information returned for your event selectors includes the following: // // - If your event selector includes read-only events, write-only events, or all // events. This applies to both management events and data events. // - If your event selector includes management events. // - If your event selector includes data events, the resources on which you are // logging data events. // // For more information about logging management and data events, see the // following topics in the CloudTrail User Guide: // - Logging management events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) // - Logging data events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) GetEventSelectors(ctx context.Context, params *GetEventSelectorsInput, optFns ...func(*Options)) (*GetEventSelectorsOutput, error) // Returns information about a specific import. GetImport(ctx context.Context, params *GetImportInput, optFns ...func(*Options)) (*GetImportOutput, error) // Describes the settings for the Insights event selectors that you configured for // your trail. GetInsightSelectors shows if CloudTrail Insights event logging is // enabled on the trail, and if it is, which insight types are enabled. If you run // GetInsightSelectors on a trail that does not have Insights events enabled, the // operation throws the exception InsightNotEnabledException For more information, // see Logging CloudTrail Insights Events for Trails (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html) // in the CloudTrail User Guide. GetInsightSelectors(ctx context.Context, params *GetInsightSelectorsInput, optFns ...func(*Options)) (*GetInsightSelectorsOutput, error) // Gets event data results of a query. You must specify the QueryID value returned // by the StartQuery operation. GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error) // Retrieves the JSON text of the resource-based policy document attached to the // CloudTrail channel. GetResourcePolicy(ctx context.Context, params *GetResourcePolicyInput, optFns ...func(*Options)) (*GetResourcePolicyOutput, error) // Returns settings information for a specified trail. GetTrail(ctx context.Context, params *GetTrailInput, optFns ...func(*Options)) (*GetTrailOutput, error) // Returns a JSON-formatted list of information about the specified trail. Fields // include information on delivery errors, Amazon SNS and Amazon S3 errors, and // start and stop logging times for each trail. This operation returns trail status // from a single Region. To return trail status from all Regions, you must call the // operation on each Region. GetTrailStatus(ctx context.Context, params *GetTrailStatusInput, optFns ...func(*Options)) (*GetTrailStatusOutput, error) // Lists the channels in the current account, and their source names. ListChannels(ctx context.Context, params *ListChannelsInput, optFns ...func(*Options)) (*ListChannelsOutput, error) // Returns information about all event data stores in the account, in the current // Region. ListEventDataStores(ctx context.Context, params *ListEventDataStoresInput, optFns ...func(*Options)) (*ListEventDataStoresOutput, error) // Returns a list of failures for the specified import. ListImportFailures(ctx context.Context, params *ListImportFailuresInput, optFns ...func(*Options)) (*ListImportFailuresOutput, error) // Returns information on all imports, or a select set of imports by ImportStatus // or Destination . ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error) // Returns all public keys whose private keys were used to sign the digest files // within the specified time range. The public key is needed to validate digest // files that were signed with its corresponding private key. CloudTrail uses // different private and public key pairs per Region. Each digest file is signed // with a private key unique to its Region. When you validate a digest file from a // specific Region, you must look in the same Region for its corresponding public // key. ListPublicKeys(ctx context.Context, params *ListPublicKeysInput, optFns ...func(*Options)) (*ListPublicKeysOutput, error) // Returns a list of queries and query statuses for the past seven days. You must // specify an ARN value for EventDataStore . Optionally, to shorten the list of // results, you can specify a time range, formatted as timestamps, by adding // StartTime and EndTime parameters, and a QueryStatus value. Valid values for // QueryStatus include QUEUED , RUNNING , FINISHED , FAILED , TIMED_OUT , or // CANCELLED . ListQueries(ctx context.Context, params *ListQueriesInput, optFns ...func(*Options)) (*ListQueriesOutput, error) // Lists the tags for the specified trails, event data stores, or channels in the // current Region. ListTags(ctx context.Context, params *ListTagsInput, optFns ...func(*Options)) (*ListTagsOutput, error) // Lists trails that are in the current account. ListTrails(ctx context.Context, params *ListTrailsInput, optFns ...func(*Options)) (*ListTrailsOutput, error) // Looks up management events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events) // or CloudTrail Insights events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-insights-events) // that are captured by CloudTrail. You can look up events that occurred in a // Region within the last 90 days. Lookup supports the following attributes for // management events: // - Amazon Web Services access key // - Event ID // - Event name // - Event source // - Read only // - Resource name // - Resource type // - User name // // Lookup supports the following attributes for Insights events: // - Event ID // - Event name // - Event source // // All attributes are optional. The default number of results returned is 50, with // a maximum of 50 possible. The response includes a token that you can use to get // the next page of results. The rate of lookup requests is limited to two per // second, per account, per Region. If this limit is exceeded, a throttling error // occurs. LookupEvents(ctx context.Context, params *LookupEventsInput, optFns ...func(*Options)) (*LookupEventsOutput, error) // Configures an event selector or advanced event selectors for your trail. Use // event selectors or advanced event selectors to specify management and data event // settings for your trail. If you want your trail to log Insights events, be sure // the event selector enables logging of the Insights event types you want // configured for your trail. For more information about logging Insights events, // see Logging Insights events for trails (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html) // in the CloudTrail User Guide. By default, trails created without specific event // selectors are configured to log all read and write management events, and no // data events. When an event occurs in your account, CloudTrail evaluates the // event selectors or advanced event selectors in all trails. For each trail, if // the event matches any event selector, the trail processes and logs the event. If // the event doesn't match any event selector, the trail doesn't log the event. // Example // - You create an event selector for a trail and specify that you want // write-only events. // - The EC2 GetConsoleOutput and RunInstances API operations occur in your // account. // - CloudTrail evaluates whether the events match your event selectors. // - The RunInstances is a write-only event and it matches your event selector. // The trail logs the event. // - The GetConsoleOutput is a read-only event that doesn't match your event // selector. The trail doesn't log the event. // // The PutEventSelectors operation must be called from the Region in which the // trail was created; otherwise, an InvalidHomeRegionException exception is // thrown. You can configure up to five event selectors for each trail. For more // information, see Logging management events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) // , Logging data events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) // , and Quotas in CloudTrail (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) // in the CloudTrail User Guide. You can add advanced event selectors, and // conditions for your advanced event selectors, up to a maximum of 500 values for // all conditions and selectors on a trail. You can use either // AdvancedEventSelectors or EventSelectors , but not both. If you apply // AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten. // For more information about advanced event selectors, see Logging data events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) // in the CloudTrail User Guide. PutEventSelectors(ctx context.Context, params *PutEventSelectorsInput, optFns ...func(*Options)) (*PutEventSelectorsOutput, error) // Lets you enable Insights event logging by specifying the Insights selectors // that you want to enable on an existing trail. You also use PutInsightSelectors // to turn off Insights event logging, by passing an empty list of insight types. // The valid Insights event types in this release are ApiErrorRateInsight and // ApiCallRateInsight . To log CloudTrail Insights events on API call volume, the // trail must log write management events. To log CloudTrail Insights events on // API error rate, the trail must log read or write management events. You can // call GetEventSelectors on a trail to check whether the trail logs management // events. PutInsightSelectors(ctx context.Context, params *PutInsightSelectorsInput, optFns ...func(*Options)) (*PutInsightSelectorsOutput, error) // Attaches a resource-based permission policy to a CloudTrail channel that is // used for an integration with an event source outside of Amazon Web Services. For // more information about resource-based policies, see CloudTrail resource-based // policy examples (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html) // in the CloudTrail User Guide. PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error) // Registers an organization’s member account as the CloudTrail delegated // administrator. RegisterOrganizationDelegatedAdmin(ctx context.Context, params *RegisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*RegisterOrganizationDelegatedAdminOutput, error) // Removes the specified tags from a trail, event data store, or channel. RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error) // Restores a deleted event data store specified by EventDataStore , which accepts // an event data store ARN. You can only restore a deleted event data store within // the seven-day wait period after deletion. Restoring an event data store can take // several minutes, depending on the size of the event data store. RestoreEventDataStore(ctx context.Context, params *RestoreEventDataStoreInput, optFns ...func(*Options)) (*RestoreEventDataStoreOutput, error) // Starts the ingestion of live events on an event data store specified as either // an ARN or the ID portion of the ARN. To start ingestion, the event data store // Status must be STOPPED_INGESTION and the eventCategory must be Management , Data // , or ConfigurationItem . StartEventDataStoreIngestion(ctx context.Context, params *StartEventDataStoreIngestionInput, optFns ...func(*Options)) (*StartEventDataStoreIngestionOutput, error) // Starts an import of logged trail events from a source S3 bucket to a // destination event data store. By default, CloudTrail only imports events // contained in the S3 bucket's CloudTrail prefix and the prefixes inside the // CloudTrail prefix, and does not check prefixes for other Amazon Web Services // services. If you want to import CloudTrail events contained in another prefix, // you must include the prefix in the S3LocationUri . For more considerations about // importing trail events, see Considerations (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-copy-trail-to-lake.html#cloudtrail-trail-copy-considerations) // . When you start a new import, the Destinations and ImportSource parameters are // required. Before starting a new import, disable any access control lists (ACLs) // attached to the source S3 bucket. For more information about disabling ACLs, see // Controlling ownership of objects and disabling ACLs for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) // . When you retry an import, the ImportID parameter is required. If the // destination event data store is for an organization, you must use the management // account to import trail events. You cannot use the delegated administrator // account for the organization. StartImport(ctx context.Context, params *StartImportInput, optFns ...func(*Options)) (*StartImportOutput, error) // Starts the recording of Amazon Web Services API calls and log file delivery for // a trail. For a trail that is enabled in all Regions, this operation must be // called from the Region in which the trail was created. This operation cannot be // called on the shadow trails (replicated trails in other Regions) of a trail that // is enabled in all Regions. StartLogging(ctx context.Context, params *StartLoggingInput, optFns ...func(*Options)) (*StartLoggingOutput, error) // Starts a CloudTrail Lake query. Use the QueryStatement parameter to provide // your SQL query, enclosed in single quotation marks. Use the optional // DeliveryS3Uri parameter to deliver the query results to an S3 bucket. StartQuery // requires you specify either the QueryStatement parameter, or a QueryAlias and // any QueryParameters . In the current release, the QueryAlias and QueryParameters // parameters are used only for the queries that populate the CloudTrail Lake // dashboards. StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error) // Stops the ingestion of live events on an event data store specified as either // an ARN or the ID portion of the ARN. To stop ingestion, the event data store // Status must be ENABLED and the eventCategory must be Management , Data , or // ConfigurationItem . StopEventDataStoreIngestion(ctx context.Context, params *StopEventDataStoreIngestionInput, optFns ...func(*Options)) (*StopEventDataStoreIngestionOutput, error) // Stops a specified import. StopImport(ctx context.Context, params *StopImportInput, optFns ...func(*Options)) (*StopImportOutput, error) // Suspends the recording of Amazon Web Services API calls and log file delivery // for the specified trail. Under most circumstances, there is no need to use this // action. You can update a trail without stopping it first. This action is the // only way to stop recording. For a trail enabled in all Regions, this operation // must be called from the Region in which the trail was created, or an // InvalidHomeRegionException will occur. This operation cannot be called on the // shadow trails (replicated trails in other Regions) of a trail enabled in all // Regions. StopLogging(ctx context.Context, params *StopLoggingInput, optFns ...func(*Options)) (*StopLoggingOutput, error) // Updates a channel specified by a required channel ARN or UUID. UpdateChannel(ctx context.Context, params *UpdateChannelInput, optFns ...func(*Options)) (*UpdateChannelOutput, error) // Updates an event data store. The required EventDataStore value is an ARN or the // ID portion of the ARN. Other parameters are optional, but at least one optional // parameter must be specified, or CloudTrail throws an error. RetentionPeriod is // in days, and valid values are integers between 90 and 2557. By default, // TerminationProtection is enabled. For event data stores for CloudTrail events, // AdvancedEventSelectors includes or excludes management and data events in your // event data store. For more information about AdvancedEventSelectors , see // AdvancedEventSelectors (https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html) // . For event data stores for Config configuration items, Audit Manager evidence, // or non-Amazon Web Services events, AdvancedEventSelectors includes events of // that type in your event data store. UpdateEventDataStore(ctx context.Context, params *UpdateEventDataStoreInput, optFns ...func(*Options)) (*UpdateEventDataStoreOutput, error) // Updates trail settings that control what events you are logging, and how to // handle log files. Changes to a trail do not require stopping the CloudTrail // service. Use this action to designate an existing bucket for log delivery. If // the existing bucket has previously been a target for CloudTrail log files, an // IAM policy exists for the bucket. UpdateTrail must be called from the Region in // which the trail was created; otherwise, an InvalidHomeRegionException is thrown. UpdateTrail(ctx context.Context, params *UpdateTrailInput, optFns ...func(*Options)) (*UpdateTrailOutput, error) }
CloudTrail provides an interface to the AWS CloudTrail service.
type CloudWatchLogs ¶ added in v0.92.0
type CloudWatchLogs interface { // Associates the specified KMS key with the specified log group. Associating a // KMS key with a log group overrides any existing associations between the log // group and a KMS key. After a KMS key is associated with a log group, all newly // ingested data for the log group is encrypted using the KMS key. This association // is stored as long as the data encrypted with the KMS keyis still within // CloudWatch Logs. This enables CloudWatch Logs to decrypt this data whenever it // is requested. CloudWatch Logs supports only symmetric KMS keys. Do not use an // associate an asymmetric KMS key with your log group. For more information, see // Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // . It can take up to 5 minutes for this operation to take effect. If you attempt // to associate a KMS key with a log group but the KMS key does not exist or the // KMS key is disabled, you receive an InvalidParameterException error. AssociateKmsKey(ctx context.Context, params *AssociateKmsKeyInput, optFns ...func(*Options)) (*AssociateKmsKeyOutput, error) // Cancels the specified export task. The task must be in the PENDING or RUNNING // state. CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error) // Creates an export task so that you can efficiently export data from a log group // to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must // use credentials that have permission to write to the S3 bucket that you specify // as the destination. Exporting log data to S3 buckets that are encrypted by KMS // is supported. Exporting log data to Amazon S3 buckets that have S3 Object Lock // enabled with a retention period is also supported. Exporting to S3 buckets that // are encrypted with AES-256 is supported. This is an asynchronous call. If all // the required information is provided, this operation initiates an export task // and responds with the ID of the task. After the task has started, you can use // DescribeExportTasks (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html) // to get the status of the export task. Each account can only have one active ( // RUNNING or PENDING ) export task at a time. To cancel an export task, use // CancelExportTask (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html) // . You can export logs from multiple log groups or multiple time ranges to the // same S3 bucket. To separate log data for each export task, specify a prefix to // be used as the Amazon S3 key prefix for all exported objects. Time-based sorting // on chunks of log data inside an exported file is not guaranteed. You can sort // the exported log field data by using Linux utilities. CreateExportTask(ctx context.Context, params *CreateExportTaskInput, optFns ...func(*Options)) (*CreateExportTaskOutput, error) // Creates a log group with the specified name. You can create up to 20,000 log // groups per account. You must use the following guidelines when naming a log // group: // - Log group names must be unique within a Region for an Amazon Web Services // account. // - Log group names can be between 1 and 512 characters long. // - Log group names consist of the following characters: a-z, A-Z, 0-9, '_' // (underscore), '-' (hyphen), '/' (forward slash), '.' (period), and '#' (number // sign) // // When you create a log group, by default the log events in the log group do not // expire. To set a retention policy so that events expire and are deleted after a // specified time, use PutRetentionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html) // . If you associate an KMS key with the log group, ingested data is encrypted // using the KMS key. This association is stored as long as the data encrypted with // the KMS key is still within CloudWatch Logs. This enables CloudWatch Logs to // decrypt this data whenever it is requested. If you attempt to associate a KMS // key with the log group but the KMS key does not exist or the KMS key is // disabled, you receive an InvalidParameterException error. CloudWatch Logs // supports only symmetric KMS keys. Do not associate an asymmetric KMS key with // your log group. For more information, see Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // . CreateLogGroup(ctx context.Context, params *CreateLogGroupInput, optFns ...func(*Options)) (*CreateLogGroupOutput, error) // Creates a log stream for the specified log group. A log stream is a sequence of // log events that originate from a single source, such as an application instance // or a resource that is being monitored. There is no limit on the number of log // streams that you can create for a log group. There is a limit of 50 TPS on // CreateLogStream operations, after which transactions are throttled. You must use // the following guidelines when naming a log stream: // - Log stream names must be unique within the log group. // - Log stream names can be between 1 and 512 characters long. // - Don't use ':' (colon) or '*' (asterisk) characters. CreateLogStream(ctx context.Context, params *CreateLogStreamInput, optFns ...func(*Options)) (*CreateLogStreamOutput, error) // Deletes a CloudWatch Logs account policy. To use this operation, you must be // signed on with the logs:DeleteDataProtectionPolicy and logs:DeleteAccountPolicy // permissions. DeleteAccountPolicy(ctx context.Context, params *DeleteAccountPolicyInput, optFns ...func(*Options)) (*DeleteAccountPolicyOutput, error) // Deletes the data protection policy from the specified log group. For more // information about data protection policies, see PutDataProtectionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html) // . DeleteDataProtectionPolicy(ctx context.Context, params *DeleteDataProtectionPolicyInput, optFns ...func(*Options)) (*DeleteDataProtectionPolicyOutput, error) // Deletes the specified destination, and eventually disables all the subscription // filters that publish to it. This operation does not delete the physical resource // encapsulated by the destination. DeleteDestination(ctx context.Context, params *DeleteDestinationInput, optFns ...func(*Options)) (*DeleteDestinationOutput, error) // Deletes the specified log group and permanently deletes all the archived log // events associated with the log group. DeleteLogGroup(ctx context.Context, params *DeleteLogGroupInput, optFns ...func(*Options)) (*DeleteLogGroupOutput, error) // Deletes the specified log stream and permanently deletes all the archived log // events associated with the log stream. DeleteLogStream(ctx context.Context, params *DeleteLogStreamInput, optFns ...func(*Options)) (*DeleteLogStreamOutput, error) // Deletes the specified metric filter. DeleteMetricFilter(ctx context.Context, params *DeleteMetricFilterInput, optFns ...func(*Options)) (*DeleteMetricFilterOutput, error) // Deletes a saved CloudWatch Logs Insights query definition. A query definition // contains details about a saved CloudWatch Logs Insights query. Each // DeleteQueryDefinition operation can delete one query definition. You must have // the logs:DeleteQueryDefinition permission to be able to perform this operation. DeleteQueryDefinition(ctx context.Context, params *DeleteQueryDefinitionInput, optFns ...func(*Options)) (*DeleteQueryDefinitionOutput, error) // Deletes a resource policy from this account. This revokes the access of the // identities in that policy to put log events to this account. DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error) // Deletes the specified retention policy. Log events do not expire if they belong // to log groups without a retention policy. DeleteRetentionPolicy(ctx context.Context, params *DeleteRetentionPolicyInput, optFns ...func(*Options)) (*DeleteRetentionPolicyOutput, error) // Deletes the specified subscription filter. DeleteSubscriptionFilter(ctx context.Context, params *DeleteSubscriptionFilterInput, optFns ...func(*Options)) (*DeleteSubscriptionFilterOutput, error) // Returns a list of all CloudWatch Logs account policies in the account. DescribeAccountPolicies(ctx context.Context, params *DescribeAccountPoliciesInput, optFns ...func(*Options)) (*DescribeAccountPoliciesOutput, error) // Lists all your destinations. The results are ASCII-sorted by destination name. DescribeDestinations(ctx context.Context, params *DescribeDestinationsInput, optFns ...func(*Options)) (*DescribeDestinationsOutput, error) // Lists the specified export tasks. You can list all your export tasks or filter // the results based on task ID or task status. DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error) // Lists the specified log groups. You can list all your log groups or filter the // results by prefix. The results are ASCII-sorted by log group name. CloudWatch // Logs doesn’t support IAM policies that control access to the DescribeLogGroups // action by using the aws:ResourceTag/key-name condition key. Other CloudWatch // Logs actions do support the use of the aws:ResourceTag/key-name condition key // to control access. For more information about using tags to control access, see // Controlling access to Amazon Web Services resources using tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // . If you are using CloudWatch cross-account observability, you can use this // operation in a monitoring account and view data from the linked source accounts. // For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html) // . DescribeLogGroups(ctx context.Context, params *DescribeLogGroupsInput, optFns ...func(*Options)) (*DescribeLogGroupsOutput, error) // Lists the log streams for the specified log group. You can list all the log // streams or filter the results by prefix. You can also control how the results // are ordered. You can specify the log group to search by using either // logGroupIdentifier or logGroupName . You must include one of these two // parameters, but you can't include both. This operation has a limit of five // transactions per second, after which transactions are throttled. If you are // using CloudWatch cross-account observability, you can use this operation in a // monitoring account and view data from the linked source accounts. For more // information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html) // . DescribeLogStreams(ctx context.Context, params *DescribeLogStreamsInput, optFns ...func(*Options)) (*DescribeLogStreamsOutput, error) // Lists the specified metric filters. You can list all of the metric filters or // filter the results by log name, prefix, metric name, or metric namespace. The // results are ASCII-sorted by filter name. DescribeMetricFilters(ctx context.Context, params *DescribeMetricFiltersInput, optFns ...func(*Options)) (*DescribeMetricFiltersOutput, error) // Returns a list of CloudWatch Logs Insights queries that are scheduled, running, // or have been run recently in this account. You can request all queries or limit // it to queries of a specific log group or queries with a certain status. DescribeQueries(ctx context.Context, params *DescribeQueriesInput, optFns ...func(*Options)) (*DescribeQueriesOutput, error) // This operation returns a paginated list of your saved CloudWatch Logs Insights // query definitions. You can use the queryDefinitionNamePrefix parameter to limit // the results to only the query definitions that have names that start with a // certain string. DescribeQueryDefinitions(ctx context.Context, params *DescribeQueryDefinitionsInput, optFns ...func(*Options)) (*DescribeQueryDefinitionsOutput, error) // Lists the resource policies in this account. DescribeResourcePolicies(ctx context.Context, params *DescribeResourcePoliciesInput, optFns ...func(*Options)) (*DescribeResourcePoliciesOutput, error) // Lists the subscription filters for the specified log group. You can list all // the subscription filters or filter the results by prefix. The results are // ASCII-sorted by filter name. DescribeSubscriptionFilters(ctx context.Context, params *DescribeSubscriptionFiltersInput, optFns ...func(*Options)) (*DescribeSubscriptionFiltersOutput, error) // Disassociates the associated KMS key from the specified log group. After the // KMS key is disassociated from the log group, CloudWatch Logs stops encrypting // newly ingested data for the log group. All previously ingested data remains // encrypted, and CloudWatch Logs requires permissions for the KMS key whenever the // encrypted data is requested. Note that it can take up to 5 minutes for this // operation to take effect. DisassociateKmsKey(ctx context.Context, params *DisassociateKmsKeyInput, optFns ...func(*Options)) (*DisassociateKmsKeyOutput, error) // Lists log events from the specified log group. You can list all the log events // or filter the results using a filter pattern, a time range, and the name of the // log stream. You must have the logs:FilterLogEvents permission to perform this // operation. You can specify the log group to search by using either // logGroupIdentifier or logGroupName . You must include one of these two // parameters, but you can't include both. By default, this operation returns as // many log events as can fit in 1 MB (up to 10,000 log events) or all the events // found within the specified time range. If the results include a token, that // means there are more log events available. You can get additional results by // specifying the token in a subsequent call. This operation can return empty // results while there are more log events available through the token. The // returned log events are sorted by event timestamp, the timestamp when the event // was ingested by CloudWatch Logs, and the ID of the PutLogEvents request. If you // are using CloudWatch cross-account observability, you can use this operation in // a monitoring account and view data from the linked source accounts. For more // information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html) // . FilterLogEvents(ctx context.Context, params *FilterLogEventsInput, optFns ...func(*Options)) (*FilterLogEventsOutput, error) // Returns information about a log group data protection policy. GetDataProtectionPolicy(ctx context.Context, params *GetDataProtectionPolicyInput, optFns ...func(*Options)) (*GetDataProtectionPolicyOutput, error) // Lists log events from the specified log stream. You can list all of the log // events or filter using a time range. By default, this operation returns as many // log events as can fit in a response size of 1MB (up to 10,000 log events). You // can get additional log events by specifying one of the tokens in a subsequent // call. This operation can return empty results while there are more log events // available through the token. If you are using CloudWatch cross-account // observability, you can use this operation in a monitoring account and view data // from the linked source accounts. For more information, see CloudWatch // cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html) // . You can specify the log group to search by using either logGroupIdentifier or // logGroupName . You must include one of these two parameters, but you can't // include both. GetLogEvents(ctx context.Context, params *GetLogEventsInput, optFns ...func(*Options)) (*GetLogEventsOutput, error) // Returns a list of the fields that are included in log events in the specified // log group. Includes the percentage of log events that contain each field. The // search is limited to a time period that you specify. You can specify the log // group to search by using either logGroupIdentifier or logGroupName . You must // specify one of these parameters, but you can't specify both. In the results, // fields that start with @ are fields generated by CloudWatch Logs. For example, // @timestamp is the timestamp of each log event. For more information about the // fields that are generated by CloudWatch logs, see Supported Logs and Discovered // Fields (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html) // . The response results are sorted by the frequency percentage, starting with the // highest percentage. If you are using CloudWatch cross-account observability, you // can use this operation in a monitoring account and view data from the linked // source accounts. For more information, see CloudWatch cross-account // observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html) // . GetLogGroupFields(ctx context.Context, params *GetLogGroupFieldsInput, optFns ...func(*Options)) (*GetLogGroupFieldsOutput, error) // Retrieves all of the fields and values of a single log event. All fields are // retrieved, even if the original query that produced the logRecordPointer // retrieved only a subset of fields. Fields are returned as field name/field value // pairs. The full unparsed log event is returned within @message . GetLogRecord(ctx context.Context, params *GetLogRecordInput, optFns ...func(*Options)) (*GetLogRecordOutput, error) // Returns the results from the specified query. Only the fields requested in the // query are returned, along with a @ptr field, which is the identifier for the // log record. You can use the value of @ptr in a GetLogRecord (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html) // operation to get the full log record. GetQueryResults does not start running a // query. To run a query, use StartQuery (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html) // . If the value of the Status field in the output is Running , this operation // returns only partial results. If you see a value of Scheduled or Running for // the status, you can retry the operation later to see the final results. If you // are using CloudWatch cross-account observability, you can use this operation in // a monitoring account to start queries in linked source accounts. For more // information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html) // . GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error) // Displays the tags associated with a CloudWatch Logs resource. Currently, log // groups and destinations support tagging. ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error) // The ListTagsLogGroup operation is on the path to deprecation. We recommend that // you use ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html) // instead. Lists the tags for the specified log group. // // Deprecated: Please use the generic tagging API ListTagsForResource ListTagsLogGroup(ctx context.Context, params *ListTagsLogGroupInput, optFns ...func(*Options)) (*ListTagsLogGroupOutput, error) // Creates an account-level data protection policy that applies to all log groups // in the account. A data protection policy can help safeguard sensitive data // that's ingested by your log groups by auditing and masking the sensitive log // data. Each account can have only one account-level policy. Sensitive data is // detected and masked when it is ingested into a log group. When you set a data // protection policy, log events ingested into the log groups before that time are // not masked. If you use PutAccountPolicy to create a data protection policy for // your whole account, it applies to both existing log groups and all log groups // that are created later in this account. The account policy is applied to // existing log groups with eventual consistency. It might take up to 5 minutes // before sensitive data in existing log groups begins to be masked. By default, // when a user views a log event that includes masked data, the sensitive data is // replaced by asterisks. A user who has the logs:Unmask permission can use a // GetLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) // or FilterLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) // operation with the unmask parameter set to true to view the unmasked log // events. Users with the logs:Unmask can also view unmasked data in the // CloudWatch Logs console by running a CloudWatch Logs Insights query with the // unmask query command. For more information, including a list of types of data // that can be audited and masked, see Protect sensitive log data with masking (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html) // . To use the PutAccountPolicy operation, you must be signed on with the // logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions. The // PutAccountPolicy operation applies to all log groups in the account. You can // also use PutDataProtectionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html) // to create a data protection policy that applies to just one log group. If a log // group has its own data protection policy and the account also has an // account-level data protection policy, then the two policies are cumulative. Any // sensitive term specified in either policy is masked. PutAccountPolicy(ctx context.Context, params *PutAccountPolicyInput, optFns ...func(*Options)) (*PutAccountPolicyOutput, error) // Creates a data protection policy for the specified log group. A data protection // policy can help safeguard sensitive data that's ingested by the log group by // auditing and masking the sensitive log data. Sensitive data is detected and // masked when it is ingested into the log group. When you set a data protection // policy, log events ingested into the log group before that time are not masked. // By default, when a user views a log event that includes masked data, the // sensitive data is replaced by asterisks. A user who has the logs:Unmask // permission can use a GetLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) // or FilterLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) // operation with the unmask parameter set to true to view the unmasked log // events. Users with the logs:Unmask can also view unmasked data in the // CloudWatch Logs console by running a CloudWatch Logs Insights query with the // unmask query command. For more information, including a list of types of data // that can be audited and masked, see Protect sensitive log data with masking (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html) // . The PutDataProtectionPolicy operation applies to only the specified log // group. You can also use PutAccountPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html) // to create an account-level data protection policy that applies to all log groups // in the account, including both existing log groups and log groups that are // created level. If a log group has its own data protection policy and the account // also has an account-level data protection policy, then the two policies are // cumulative. Any sensitive term specified in either policy is masked. PutDataProtectionPolicy(ctx context.Context, params *PutDataProtectionPolicyInput, optFns ...func(*Options)) (*PutDataProtectionPolicyOutput, error) // Creates or updates a destination. This operation is used only to create // destinations for cross-account subscriptions. A destination encapsulates a // physical resource (such as an Amazon Kinesis stream). With a destination, you // can subscribe to a real-time stream of log events for a different account, // ingested using PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html) // . Through an access policy, a destination controls what is written to it. By // default, PutDestination does not set any access policy with the destination, // which means a cross-account user cannot call PutSubscriptionFilter (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html) // against this destination. To enable this, the destination owner must call // PutDestinationPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html) // after PutDestination . To perform a PutDestination operation, you must also // have the iam:PassRole permission. PutDestination(ctx context.Context, params *PutDestinationInput, optFns ...func(*Options)) (*PutDestinationOutput, error) // Creates or updates an access policy associated with an existing destination. An // access policy is an IAM policy document (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) // that is used to authorize claims to register a subscription filter against a // given destination. PutDestinationPolicy(ctx context.Context, params *PutDestinationPolicyInput, optFns ...func(*Options)) (*PutDestinationPolicyOutput, error) // Uploads a batch of log events to the specified log stream. The sequence token // is now ignored in PutLogEvents actions. PutLogEvents actions are always // accepted and never return InvalidSequenceTokenException or // DataAlreadyAcceptedException even if the sequence token is not valid. You can // use parallel PutLogEvents actions on the same log stream. The batch of events // must satisfy the following constraints: // - The maximum batch size is 1,048,576 bytes. This size is calculated as the // sum of all event messages in UTF-8, plus 26 bytes for each log event. // - None of the log events in the batch can be more than 2 hours in the future. // - None of the log events in the batch can be more than 14 days in the past. // Also, none of the log events can be from earlier than the retention period of // the log group. // - The log events in the batch must be in chronological order by their // timestamp. The timestamp is the time that the event occurred, expressed as the // number of milliseconds after Jan 1, 1970 00:00:00 UTC . (In Amazon Web // Services Tools for PowerShell and the Amazon Web Services SDK for .NET, the // timestamp is specified in .NET format: yyyy-mm-ddThh:mm:ss . For example, // 2017-09-15T13:45:30 .) // - A batch of log events in a single request cannot span more than 24 hours. // Otherwise, the operation fails. // - Each log event can be no larger than 256 KB. // - The maximum number of log events in a batch is 10,000. // - The quota of five requests per second per log stream has been removed. // Instead, PutLogEvents actions are throttled based on a per-second per-account // quota. You can request an increase to the per-second throttling quota by using // the Service Quotas service. // // If a call to PutLogEvents returns "UnrecognizedClientException" the most likely // cause is a non-valid Amazon Web Services access key ID or secret key. PutLogEvents(ctx context.Context, params *PutLogEventsInput, optFns ...func(*Options)) (*PutLogEventsOutput, error) // Creates or updates a metric filter and associates it with the specified log // group. With metric filters, you can configure rules to extract metric data from // log events ingested through PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html) // . The maximum number of metric filters that can be associated with a log group // is 100. When you create a metric filter, you can also optionally assign a unit // and dimensions to the metric that is created. Metrics extracted from log events // are charged as custom metrics. To prevent unexpected high charges, do not // specify high-cardinality fields such as IPAddress or requestID as dimensions. // Each different value found for a dimension is treated as a separate metric and // accrues charges as a separate custom metric. CloudWatch Logs disables a metric // filter if it generates 1,000 different name/value pairs for your specified // dimensions within a certain amount of time. This helps to prevent accidental // high charges. You can also set up a billing alarm to alert you if your charges // are higher than expected. For more information, see Creating a Billing Alarm to // Monitor Your Estimated Amazon Web Services Charges (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html) // . PutMetricFilter(ctx context.Context, params *PutMetricFilterInput, optFns ...func(*Options)) (*PutMetricFilterOutput, error) // Creates or updates a query definition for CloudWatch Logs Insights. For more // information, see Analyzing Log Data with CloudWatch Logs Insights (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html) // . To update a query definition, specify its queryDefinitionId in your request. // The values of name , queryString , and logGroupNames are changed to the values // that you specify in your update operation. No current values are retained from // the current query definition. For example, imagine updating a current query // definition that includes log groups. If you don't specify the logGroupNames // parameter in your update operation, the query definition changes to contain no // log groups. You must have the logs:PutQueryDefinition permission to be able to // perform this operation. PutQueryDefinition(ctx context.Context, params *PutQueryDefinitionInput, optFns ...func(*Options)) (*PutQueryDefinitionOutput, error) // Creates or updates a resource policy allowing other Amazon Web Services // services to put log events to this account, such as Amazon Route 53. An account // can have up to 10 resource policies per Amazon Web Services Region. PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error) // Sets the retention of the specified log group. With a retention policy, you can // configure the number of days for which to retain log events in the specified log // group. CloudWatch Logs doesn’t immediately delete log events when they reach // their retention setting. It typically takes up to 72 hours after that before log // events are deleted, but in rare situations might take longer. To illustrate, // imagine that you change a log group to have a longer retention setting when it // contains log events that are past the expiration date, but haven’t been deleted. // Those log events will take up to 72 hours to be deleted after the new retention // date is reached. To make sure that log data is deleted permanently, keep a log // group at its lower retention setting until 72 hours after the previous retention // period ends. Alternatively, wait to change the retention setting until you // confirm that the earlier log events are deleted. PutRetentionPolicy(ctx context.Context, params *PutRetentionPolicyInput, optFns ...func(*Options)) (*PutRetentionPolicyOutput, error) // Creates or updates a subscription filter and associates it with the specified // log group. With subscription filters, you can subscribe to a real-time stream of // log events ingested through PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html) // and have them delivered to a specific destination. When log events are sent to // the receiving service, they are Base64 encoded and compressed with the GZIP // format. The following destinations are supported for subscription filters: // - An Amazon Kinesis data stream belonging to the same account as the // subscription filter, for same-account delivery. // - A logical destination that belongs to a different account, for // cross-account delivery. // - An Amazon Kinesis Data Firehose delivery stream that belongs to the same // account as the subscription filter, for same-account delivery. // - An Lambda function that belongs to the same account as the subscription // filter, for same-account delivery. // // Each log group can have up to two subscription filters associated with it. If // you are updating an existing filter, you must specify the correct name in // filterName . To perform a PutSubscriptionFilter operation for any destination // except a Lambda function, you must also have the iam:PassRole permission. PutSubscriptionFilter(ctx context.Context, params *PutSubscriptionFilterInput, optFns ...func(*Options)) (*PutSubscriptionFilterOutput, error) // Schedules a query of a log group using CloudWatch Logs Insights. You specify // the log group and time range to query and the query string to use. For more // information, see CloudWatch Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html) // . Queries time out after 60 minutes of runtime. If your queries are timing out, // reduce the time range being searched or partition your query into a number of // queries. If you are using CloudWatch cross-account observability, you can use // this operation in a monitoring account to start a query in a linked source // account. For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html) // . For a cross-account StartQuery operation, the query definition must be // defined in the monitoring account. You can have up to 30 concurrent CloudWatch // Logs insights queries, including queries that have been added to dashboards. StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error) // Stops a CloudWatch Logs Insights query that is in progress. If the query has // already ended, the operation returns an error indicating that the specified // query is not running. StopQuery(ctx context.Context, params *StopQueryInput, optFns ...func(*Options)) (*StopQueryOutput, error) // The TagLogGroup operation is on the path to deprecation. We recommend that you // use TagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html) // instead. Adds or updates the specified tags for the specified log group. To list // the tags for a log group, use ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html) // . To remove tags, use UntagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html) // . For more information about tags, see Tag Log Groups in Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#log-group-tagging) // in the Amazon CloudWatch Logs User Guide. CloudWatch Logs doesn’t support IAM // policies that prevent users from assigning specified tags to log groups using // the aws:Resource/key-name or aws:TagKeys condition keys. For more information // about using tags to control access, see Controlling access to Amazon Web // Services resources using tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // . // // Deprecated: Please use the generic tagging API TagResource TagLogGroup(ctx context.Context, params *TagLogGroupInput, optFns ...func(*Options)) (*TagLogGroupOutput, error) // Assigns one or more tags (key-value pairs) to the specified CloudWatch Logs // resource. Currently, the only CloudWatch Logs resources that can be tagged are // log groups and destinations. Tags can help you organize and categorize your // resources. You can also use them to scope user permissions by granting a user // permission to access or change only resources with certain tag values. Tags // don't have any semantic meaning to Amazon Web Services and are interpreted // strictly as strings of characters. You can use the TagResource action with a // resource that already has tags. If you specify a new tag key for the alarm, this // tag is appended to the list of tags associated with the alarm. If you specify a // tag key that is already associated with the alarm, the new tag value that you // specify replaces the previous value for that tag. You can associate as many as // 50 tags with a CloudWatch Logs resource. TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error) // Tests the filter pattern of a metric filter against a sample of log event // messages. You can use this operation to validate the correctness of a metric // filter pattern. TestMetricFilter(ctx context.Context, params *TestMetricFilterInput, optFns ...func(*Options)) (*TestMetricFilterOutput, error) // The UntagLogGroup operation is on the path to deprecation. We recommend that // you use UntagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html) // instead. Removes the specified tags from the specified log group. To list the // tags for a log group, use ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html) // . To add tags, use TagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html) // . CloudWatch Logs doesn’t support IAM policies that prevent users from assigning // specified tags to log groups using the aws:Resource/key-name or aws:TagKeys // condition keys. // // Deprecated: Please use the generic tagging API UntagResource UntagLogGroup(ctx context.Context, params *UntagLogGroupInput, optFns ...func(*Options)) (*UntagLogGroupOutput, error) // Removes one or more tags from the specified resource. UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error) }
CloudWatchLogs provides an interface to the AWS CloudWatchLogs service.
type EC2 ¶ added in v0.94.0
type EC2 interface { // Accepts the Convertible Reserved Instance exchange quote described in the // GetReservedInstancesExchangeQuote call. AcceptReservedInstancesExchangeQuote(ctx context.Context, params *AcceptReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*AcceptReservedInstancesExchangeQuoteOutput, error) // Accepts a request to associate subnets with a transit gateway multicast domain. AcceptTransitGatewayMulticastDomainAssociations(ctx context.Context, params *AcceptTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*AcceptTransitGatewayMulticastDomainAssociationsOutput, error) // Accepts a transit gateway peering attachment request. The peering attachment // must be in the pendingAcceptance state. AcceptTransitGatewayPeeringAttachment(ctx context.Context, params *AcceptTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayPeeringAttachmentOutput, error) // Accepts a request to attach a VPC to a transit gateway. The VPC attachment must // be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to // view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment // to reject a VPC attachment request. AcceptTransitGatewayVpcAttachment(ctx context.Context, params *AcceptTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayVpcAttachmentOutput, error) // Accepts one or more interface VPC endpoint connection requests to your VPC // endpoint service. AcceptVpcEndpointConnections(ctx context.Context, params *AcceptVpcEndpointConnectionsInput, optFns ...func(*Options)) (*AcceptVpcEndpointConnectionsOutput, error) // Accept a VPC peering connection request. To accept a request, the VPC peering // connection must be in the pending-acceptance state, and you must be the owner of // the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC // peering connection requests. For an inter-Region VPC peering connection request, // you must accept the VPC peering connection in the Region of the accepter VPC. AcceptVpcPeeringConnection(ctx context.Context, params *AcceptVpcPeeringConnectionInput, optFns ...func(*Options)) (*AcceptVpcPeeringConnectionOutput, error) // Advertises an IPv4 or IPv6 address range that is provisioned for use with your // Amazon Web Services resources through bring your own IP addresses (BYOIP). You // can perform this operation at most once every 10 seconds, even if you specify // different address ranges each time. We recommend that you stop advertising the // BYOIP CIDR from other locations when you advertise it from Amazon Web Services. // To minimize down time, you can configure your Amazon Web Services resources to // use an address from a BYOIP CIDR before it is advertised, and then // simultaneously stop advertising it from the current location and start // advertising it through Amazon Web Services. It can take a few minutes before // traffic to the specified addresses starts routing to Amazon Web Services because // of BGP propagation delays. To stop advertising the BYOIP CIDR, use // WithdrawByoipCidr. AdvertiseByoipCidr(ctx context.Context, params *AdvertiseByoipCidrInput, optFns ...func(*Options)) (*AdvertiseByoipCidrOutput, error) // Allocates an Elastic IP address to your Amazon Web Services account. After you // allocate the Elastic IP address you can associate it with an instance or network // interface. After you release an Elastic IP address, it is released to the IP // address pool and can be allocated to a different Amazon Web Services account. // You can allocate an Elastic IP address from an address pool owned by Amazon Web // Services or from an address pool created from a public IPv4 address range that // you have brought to Amazon Web Services for use with your Amazon Web Services // resources using bring your own IP addresses (BYOIP). For more information, see // Bring Your Own IP Addresses (BYOIP) // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the // Amazon Elastic Compute Cloud User Guide. [EC2-VPC] If you release an Elastic IP // address, you might be able to recover it. You cannot recover an Elastic IP // address that you released after it is allocated to another Amazon Web Services // account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to // recover an Elastic IP address that you released, specify it in this operation. // An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. // By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region // and 5 Elastic IP addresses for EC2-VPC per Region. For more information, see // Elastic IP Addresses // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) // in the Amazon Elastic Compute Cloud User Guide. You can allocate a carrier IP // address which is a public IP address from a telecommunication carrier, to a // network interface which resides in a subnet in a Wavelength Zone (for example an // EC2 instance). AllocateAddress(ctx context.Context, params *AllocateAddressInput, optFns ...func(*Options)) (*AllocateAddressOutput, error) // Allocates a Dedicated Host to your account. At a minimum, specify the supported // instance type or instance family, the Availability Zone in which to allocate the // host, and the number of hosts to allocate. AllocateHosts(ctx context.Context, params *AllocateHostsInput, optFns ...func(*Options)) (*AllocateHostsOutput, error) // Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment // from an IPAM pool to another resource or IPAM pool. For more information, see // Allocate CIDRs in the Amazon VPC IPAM User Guide. AllocateIpamPoolCidr(ctx context.Context, params *AllocateIpamPoolCidrInput, optFns ...func(*Options)) (*AllocateIpamPoolCidrOutput, error) // Applies a security group to the association between the target network and the // Client VPN endpoint. This action replaces the existing security groups with the // specified security groups. ApplySecurityGroupsToClientVpnTargetNetwork(ctx context.Context, params *ApplySecurityGroupsToClientVpnTargetNetworkInput, optFns ...func(*Options)) (*ApplySecurityGroupsToClientVpnTargetNetworkOutput, error) // Assigns one or more IPv6 addresses to the specified network interface. You can // specify one or more specific IPv6 addresses, or you can specify the number of // IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR // block range. You can assign as many IPv6 addresses to a network interface as you // can assign private IPv4 addresses, and the limit varies per instance type. For // information, see IP Addresses Per Network Interface Per Instance Type // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI) // in the Amazon Elastic Compute Cloud User Guide. You must specify either the IPv6 // addresses or the IPv6 address count in the request. You can optionally use // Prefix Delegation on the network interface. You must specify either the IPV6 // Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For // information, see Assigning prefixes to Amazon EC2 network interfaces // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the // Amazon Elastic Compute Cloud User Guide. AssignIpv6Addresses(ctx context.Context, params *AssignIpv6AddressesInput, optFns ...func(*Options)) (*AssignIpv6AddressesOutput, error) // Assigns one or more secondary private IP addresses to the specified network // interface. You can specify one or more specific secondary IP addresses, or you // can specify the number of secondary IP addresses to be automatically assigned // within the subnet's CIDR block range. The number of secondary IP addresses that // you can assign to an instance varies by instance type. For information about // instance types, see Instance Types // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the // Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP // addresses, see Elastic IP Addresses // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) // in the Amazon Elastic Compute Cloud User Guide. When you move a secondary // private IP address to another network interface, any Elastic IP address that is // associated with the IP address is also moved. Remapping an IP address is an // asynchronous operation. When you move an IP address from one network interface // to another, check network/interfaces/macs/mac/local-ipv4s in the instance // metadata to confirm that the remapping is complete. You must specify either the // IP addresses or the IP address count in the request. You can optionally use // Prefix Delegation on the network interface. You must specify either the IPv4 // Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For // information, see Assigning prefixes to Amazon EC2 network interfaces // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the // Amazon Elastic Compute Cloud User Guide. AssignPrivateIpAddresses(ctx context.Context, params *AssignPrivateIpAddressesInput, optFns ...func(*Options)) (*AssignPrivateIpAddressesOutput, error) // Associates an Elastic IP address, or carrier IP address (for instances that are // in subnets in Wavelength Zones) with an instance or a network interface. Before // you can use an Elastic IP address, you must allocate it to your account. An // Elastic IP address is for use in either the EC2-Classic platform or in a VPC. // For more information, see Elastic IP Addresses // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) // in the Amazon Elastic Compute Cloud User Guide. [EC2-Classic, VPC in an // EC2-VPC-only account] If the Elastic IP address is already associated with a // different instance, it is disassociated from that instance and associated with // the specified instance. If you associate an Elastic IP address with an instance // that has an existing Elastic IP address, the existing address is disassociated // from the instance, but remains allocated to your account. [VPC in an EC2-Classic // account] If you don't specify a private IP address, the Elastic IP address is // associated with the primary IP address. If the Elastic IP address is already // associated with a different instance or a network interface, you get an error // unless you allow reassociation. You cannot associate an Elastic IP address with // an instance or network interface that has an existing Elastic IP address. // [Subnets in Wavelength Zones] You can associate an IP address from the // telecommunication carrier to the instance or network interface. You cannot // associate an Elastic IP address with an interface in a different network border // group. This is an idempotent operation. If you perform the operation more than // once, Amazon EC2 doesn't return an error, and you may be charged for each time // the Elastic IP address is remapped to the same instance. For more information, // see the Elastic IP Addresses section of Amazon EC2 Pricing // (http://aws.amazon.com/ec2/pricing/). AssociateAddress(ctx context.Context, params *AssociateAddressInput, optFns ...func(*Options)) (*AssociateAddressOutput, error) // Associates a target network with a Client VPN endpoint. A target network is a // subnet in a VPC. You can associate multiple subnets from the same VPC with a // Client VPN endpoint. You can associate only one subnet in each Availability // Zone. We recommend that you associate at least two subnets to provide // Availability Zone redundancy. If you specified a VPC when you created the Client // VPN endpoint or if you have previous subnet associations, the specified subnet // must be in the same VPC. To specify a subnet that's in a different VPC, you must // first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the // VPC that's associated with it. AssociateClientVpnTargetNetwork(ctx context.Context, params *AssociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*AssociateClientVpnTargetNetworkOutput, error) // Associates a set of DHCP options (that you've previously created) with the // specified VPC, or associates no DHCP options with the VPC. After you associate // the options with the VPC, any existing instances and all new instances that you // launch in that VPC use the options. You don't need to restart or relaunch the // instances. They automatically pick up the changes within a few hours, depending // on how frequently the instance renews its DHCP lease. You can explicitly renew // the lease using the operating system on the instance. For more information, see // DHCP options sets // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the // Amazon Virtual Private Cloud User Guide. AssociateDhcpOptions(ctx context.Context, params *AssociateDhcpOptionsInput, optFns ...func(*Options)) (*AssociateDhcpOptionsOutput, error) // Associates an Identity and Access Management (IAM) role with an Certificate // Manager (ACM) certificate. This enables the certificate to be used by the ACM // for Nitro Enclaves application inside an enclave. For more information, see // Certificate Manager for Nitro Enclaves // (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) in // the Amazon Web Services Nitro Enclaves User Guide. When the IAM role is // associated with the ACM certificate, the certificate, certificate chain, and // encrypted private key are placed in an Amazon S3 bucket that only the associated // IAM role can access. The private key of the certificate is encrypted with an // Amazon Web Services managed key that has an attached attestation-based key // policy. To enable the IAM role to access the Amazon S3 object, you must grant it // permission to call s3:GetObject on the Amazon S3 bucket returned by the command. // To enable the IAM role to access the KMS key, you must grant it permission to // call kms:Decrypt on the KMS key returned by the command. For more information, // see Grant the role permission to access the certificate and encryption key // (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy) // in the Amazon Web Services Nitro Enclaves User Guide. AssociateEnclaveCertificateIamRole(ctx context.Context, params *AssociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*AssociateEnclaveCertificateIamRoleOutput, error) // Associates an IAM instance profile with a running or stopped instance. You // cannot associate more than one IAM instance profile with an instance. AssociateIamInstanceProfile(ctx context.Context, params *AssociateIamInstanceProfileInput, optFns ...func(*Options)) (*AssociateIamInstanceProfileOutput, error) // Associates one or more targets with an event window. Only one type of target // (instance IDs, Dedicated Host IDs, or tags) can be specified with an event // window. For more information, see Define event windows for scheduled events // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the // Amazon EC2 User Guide. AssociateInstanceEventWindow(ctx context.Context, params *AssociateInstanceEventWindowInput, optFns ...func(*Options)) (*AssociateInstanceEventWindowOutput, error) // Associates a subnet in your VPC or an internet gateway or virtual private // gateway attached to your VPC with a route table in your VPC. This association // causes traffic from the subnet or gateway to be routed according to the routes // in the route table. The action returns an association ID, which you need in // order to disassociate the route table later. A route table can be associated // with multiple subnets. For more information, see Route tables // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the // Amazon Virtual Private Cloud User Guide. AssociateRouteTable(ctx context.Context, params *AssociateRouteTableInput, optFns ...func(*Options)) (*AssociateRouteTableOutput, error) // Associates a CIDR block with your subnet. You can only associate a single IPv6 // CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of // /64. AssociateSubnetCidrBlock(ctx context.Context, params *AssociateSubnetCidrBlockInput, optFns ...func(*Options)) (*AssociateSubnetCidrBlockOutput, error) // Associates the specified subnets and transit gateway attachments with the // specified transit gateway multicast domain. The transit gateway attachment must // be in the available state before you can add a resource. Use // DescribeTransitGatewayAttachments // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html) // to see the state of the attachment. AssociateTransitGatewayMulticastDomain(ctx context.Context, params *AssociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*AssociateTransitGatewayMulticastDomainOutput, error) // Associates the specified attachment with the specified transit gateway route // table. You can associate only one route table with an attachment. AssociateTransitGatewayRouteTable(ctx context.Context, params *AssociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*AssociateTransitGatewayRouteTableOutput, error) // This API action is currently in limited preview only. If you are interested in // using this feature, contact your account manager. Associates a branch network // interface with a trunk network interface. Before you create the association, run // the create-network-interface // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) // command and set --interface-type to trunk. You must also create a network // interface for each branch network interface that you want to associate with the // trunk network interface. AssociateTrunkInterface(ctx context.Context, params *AssociateTrunkInterfaceInput, optFns ...func(*Options)) (*AssociateTrunkInterfaceOutput, error) // Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR // block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 // address pool that you provisioned through bring your own IP addresses (BYOIP // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). The IPv6 // CIDR block size is fixed at /56. You must specify one of the following in the // request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR // block. For more information about associating CIDR blocks with your VPC and // applicable restrictions, see VPC and subnet sizing // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing) // in the Amazon Virtual Private Cloud User Guide. AssociateVpcCidrBlock(ctx context.Context, params *AssociateVpcCidrBlockInput, optFns ...func(*Options)) (*AssociateVpcCidrBlockOutput, error) // Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more // of the VPC's security groups. You cannot link an EC2-Classic instance to more // than one VPC at a time. You can only link an instance that's in the running // state. An instance is automatically unlinked from a VPC when it's stopped - you // can link it to the VPC again when you restart it. After you've linked an // instance, you cannot change the VPC security groups that are associated with it. // To change the security groups, you must first unlink the instance, and then link // it again. Linking your instance to a VPC is sometimes referred to as attaching // your instance. AttachClassicLinkVpc(ctx context.Context, params *AttachClassicLinkVpcInput, optFns ...func(*Options)) (*AttachClassicLinkVpcOutput, error) // Attaches an internet gateway or a virtual private gateway to a VPC, enabling // connectivity between the internet and the VPC. For more information about your // VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide // (https://docs.aws.amazon.com/vpc/latest/userguide/). AttachInternetGateway(ctx context.Context, params *AttachInternetGatewayInput, optFns ...func(*Options)) (*AttachInternetGatewayOutput, error) // Attaches a network interface to an instance. AttachNetworkInterface(ctx context.Context, params *AttachNetworkInterfaceInput, optFns ...func(*Options)) (*AttachNetworkInterfaceOutput, error) // Attaches an EBS volume to a running or stopped instance and exposes it to the // instance with the specified device name. Encrypted EBS volumes must be attached // to instances that support Amazon EBS encryption. For more information, see // Amazon EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. After you attach an EBS volume, you // must make it available. For more information, see Make an EBS volume available // for use // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html). If // a volume has an Amazon Web Services Marketplace product code: // // * The volume can // be attached only to a stopped instance. // // * Amazon Web Services Marketplace // product codes are copied from the volume to the instance. // // * You must be // subscribed to the product. // // * The instance type and operating system of the // instance must support the product. For example, you can't detach a volume from a // Windows instance and attach it to a Linux instance. // // For more information, see // Attach an Amazon EBS volume to an instance // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html) // in the Amazon Elastic Compute Cloud User Guide. AttachVolume(ctx context.Context, params *AttachVolumeInput, optFns ...func(*Options)) (*AttachVolumeOutput, error) // Attaches a virtual private gateway to a VPC. You can attach one virtual private // gateway to one VPC at a time. For more information, see Amazon Web Services // Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in // the Amazon Web Services Site-to-Site VPN User Guide. AttachVpnGateway(ctx context.Context, params *AttachVpnGatewayInput, optFns ...func(*Options)) (*AttachVpnGatewayOutput, error) // Adds an ingress authorization rule to a Client VPN endpoint. Ingress // authorization rules act as firewall rules that grant access to networks. You // must configure ingress authorization rules to enable clients to access resources // in Amazon Web Services or on-premises networks. AuthorizeClientVpnIngress(ctx context.Context, params *AuthorizeClientVpnIngressInput, optFns ...func(*Options)) (*AuthorizeClientVpnIngressOutput, error) // [VPC only] Adds the specified outbound (egress) rules to a security group for // use with a VPC. An outbound rule permits instances to send traffic to the // specified IPv4 or IPv6 CIDR address ranges, or to the instances that are // associated with the specified source security groups. You specify a protocol for // each rule (for example, TCP). For the TCP and UDP protocols, you must also // specify the destination port or port range. For the ICMP protocol, you must also // specify the ICMP type and code. You can use -1 for the type or code to mean all // types or all codes. Rule changes are propagated to affected instances as quickly // as possible. However, a small delay might occur. For information about VPC // security group quotas, see Amazon VPC quotas // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). AuthorizeSecurityGroupEgress(ctx context.Context, params *AuthorizeSecurityGroupEgressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupEgressOutput, error) // Adds the specified inbound (ingress) rules to a security group. An inbound rule // permits instances to receive traffic from the specified IPv4 or IPv6 CIDR // address range, or from the instances that are associated with the specified // destination security groups. You specify a protocol for each rule (for example, // TCP). For TCP and UDP, you must also specify the destination port or port range. // For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can // use -1 to mean all types or all codes. Rule changes are propagated to instances // within the security group as quickly as possible. However, a small delay might // occur. For more information about VPC security group quotas, see Amazon VPC // quotas // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). AuthorizeSecurityGroupIngress(ctx context.Context, params *AuthorizeSecurityGroupIngressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupIngressOutput, error) // Bundles an Amazon instance store-backed Windows instance. During bundling, only // the root device volume (C:\) is bundled. Data on other instance store volumes is // not preserved. This action is not applicable for Linux/Unix instances or Windows // instances that are backed by Amazon EBS. BundleInstance(ctx context.Context, params *BundleInstanceInput, optFns ...func(*Options)) (*BundleInstanceOutput, error) // Cancels a bundling operation for an instance store-backed Windows instance. CancelBundleTask(ctx context.Context, params *CancelBundleTaskInput, optFns ...func(*Options)) (*CancelBundleTaskOutput, error) // Cancels the specified Capacity Reservation, releases the reserved capacity, and // changes the Capacity Reservation's state to cancelled. Instances running in the // reserved capacity continue running until you stop them. Stopped instances that // target the Capacity Reservation can no longer launch. Modify these instances to // either target a different Capacity Reservation, launch On-Demand Instance // capacity, or run in any open Capacity Reservation that has matching attributes // and sufficient capacity. CancelCapacityReservation(ctx context.Context, params *CancelCapacityReservationInput, optFns ...func(*Options)) (*CancelCapacityReservationOutput, error) // Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity // Reservation Fleet, the following happens: // // * The Capacity Reservation Fleet's // status changes to cancelled. // // * The individual Capacity Reservations in the // Fleet are cancelled. Instances running in the Capacity Reservations at the time // of cancelling the Fleet continue to run in shared capacity. // // * The Fleet stops // creating new Capacity Reservations. CancelCapacityReservationFleets(ctx context.Context, params *CancelCapacityReservationFleetsInput, optFns ...func(*Options)) (*CancelCapacityReservationFleetsOutput, error) // Cancels an active conversion task. The task can be the import of an instance or // volume. The action removes all artifacts of the conversion, including a // partially uploaded volume or instance. If the conversion is complete or is in // the process of transferring the final disk image, the command fails and returns // an exception. For more information, see Importing a Virtual Machine Using the // Amazon EC2 CLI // (https://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ec2-cli-vmimport-export.html). CancelConversionTask(ctx context.Context, params *CancelConversionTaskInput, optFns ...func(*Options)) (*CancelConversionTaskOutput, error) // Cancels an active export task. The request removes all artifacts of the export, // including any partially-created Amazon S3 objects. If the export task is // complete or is in the process of transferring the final disk image, the command // fails and returns an error. CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error) // Cancels an in-process import virtual machine or import snapshot task. CancelImportTask(ctx context.Context, params *CancelImportTaskInput, optFns ...func(*Options)) (*CancelImportTaskOutput, error) // Cancels the specified Reserved Instance listing in the Reserved Instance // Marketplace. For more information, see Reserved Instance Marketplace // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in // the Amazon EC2 User Guide. CancelReservedInstancesListing(ctx context.Context, params *CancelReservedInstancesListingInput, optFns ...func(*Options)) (*CancelReservedInstancesListingOutput, error) // Cancels the specified Spot Fleet requests. After you cancel a Spot Fleet // request, the Spot Fleet launches no new Spot Instances. You must specify whether // the Spot Fleet should also terminate its Spot Instances. If you terminate the // instances, the Spot Fleet request enters the cancelled_terminating state. // Otherwise, the Spot Fleet request enters the cancelled_running state and the // instances continue to run until they are interrupted or you terminate them // manually. CancelSpotFleetRequests(ctx context.Context, params *CancelSpotFleetRequestsInput, optFns ...func(*Options)) (*CancelSpotFleetRequestsOutput, error) // Cancels one or more Spot Instance requests. Canceling a Spot Instance request // does not terminate running Spot Instances associated with the request. CancelSpotInstanceRequests(ctx context.Context, params *CancelSpotInstanceRequestsInput, optFns ...func(*Options)) (*CancelSpotInstanceRequestsOutput, error) // Determines whether a product code is associated with an instance. This action // can only be used by the owner of the product code. It is useful when a product // code owner must verify whether another user's instance is eligible for support. ConfirmProductInstance(ctx context.Context, params *ConfirmProductInstanceInput, optFns ...func(*Options)) (*ConfirmProductInstanceOutput, error) // Copies the specified Amazon FPGA Image (AFI) to the current Region. CopyFpgaImage(ctx context.Context, params *CopyFpgaImageInput, optFns ...func(*Options)) (*CopyFpgaImageOutput, error) // Initiates the copy of an AMI. You can copy an AMI from one Region to another, or // from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region, // from one Outpost to another, or within the same Outpost. To copy an AMI to // another partition, see CreateStoreImageTask // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html). // To copy an AMI from one Region to another, specify the source Region using // the // // SourceRegion parameter, and specify the destination Region using its // endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. // Copies of unencrypted backing snapshots remain unencrypted, unless you set // Encrypted during the copy operation. You cannot create an unencrypted copy of an // encrypted backing snapshot. To copy an AMI from a Region to an Outpost, specify // the source Region using the // // SourceRegion parameter, and specify the ARN of the // destination Outpost using DestinationOutpostArn. Backing snapshots copied to an // Outpost are encrypted by default using the default encryption key for the // Region, or a different key that you specify in the request using KmsKeyId. // Outposts do not support unencrypted snapshots. For more information, Amazon EBS // local snapshots on Outposts // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami) // in the Amazon Elastic Compute Cloud User Guide. For more information about the // prerequisites and limits when copying an AMI, see Copying an AMI // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html) in the // Amazon Elastic Compute Cloud User Guide. CopyImage(ctx context.Context, params *CopyImageInput, optFns ...func(*Options)) (*CopyImageOutput, error) // Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You // can copy a snapshot within the same Region, from one Region to another, or from // a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region, // from one Outpost to another, or within the same Outpost. You can use the // snapshot to create EBS volumes or Amazon Machine Images (AMIs). When copying // snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. // Copies of unencrypted snapshots remain unencrypted, unless you enable encryption // for the snapshot copy operation. By default, encrypted snapshot copies use the // default Key Management Service (KMS) KMS key; however, you can specify a // different KMS key. To copy an encrypted snapshot that has been shared from // another account, you must have permissions for the KMS key used to encrypt the // snapshot. Snapshots copied to an Outpost are encrypted by default using the // default encryption key for the Region, or a different key that you specify in // the request using KmsKeyId. Outposts do not support unencrypted snapshots. For // more information, Amazon EBS local snapshots on Outposts // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami) // in the Amazon Elastic Compute Cloud User Guide. Snapshots created by copying // another snapshot have an arbitrary volume ID that should not be used for any // purpose. For more information, see Copy an Amazon EBS snapshot // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html) in // the Amazon Elastic Compute Cloud User Guide. CopySnapshot(ctx context.Context, params *CopySnapshotInput, optFns ...func(*Options)) (*CopySnapshotOutput, error) // Creates a new Capacity Reservation with the specified attributes. Capacity // Reservations enable you to reserve capacity for your Amazon EC2 instances in a // specific Availability Zone for any duration. This gives you the flexibility to // selectively add capacity reservations and still get the Regional RI discounts // for that usage. By creating Capacity Reservations, you ensure that you always // have access to Amazon EC2 capacity when you need it, for as long as you need it. // For more information, see Capacity Reservations // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html) // in the Amazon EC2 User Guide. Your request to create a Capacity Reservation // could fail if Amazon EC2 does not have sufficient capacity to fulfill the // request. If your request fails due to Amazon EC2 capacity constraints, either // try again at a later time, try in a different Availability Zone, or request a // smaller capacity reservation. If your application is flexible across instance // types and sizes, try to create a Capacity Reservation with different instance // attributes. Your request could also fail if the requested quantity exceeds your // On-Demand Instance limit for the selected instance type. If your request fails // due to limit constraints, increase your On-Demand Instance limit for the // required instance type and try again. For more information about increasing your // instance limits, see Amazon EC2 Service Quotas // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html) // in the Amazon EC2 User Guide. CreateCapacityReservation(ctx context.Context, params *CreateCapacityReservationInput, optFns ...func(*Options)) (*CreateCapacityReservationOutput, error) // Creates a Capacity Reservation Fleet. For more information, see Create a // Capacity Reservation Fleet // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-cr-fleets.html#create-crfleet) // in the Amazon EC2 User Guide. CreateCapacityReservationFleet(ctx context.Context, params *CreateCapacityReservationFleetInput, optFns ...func(*Options)) (*CreateCapacityReservationFleetOutput, error) // Creates a carrier gateway. For more information about carrier gateways, see // Carrier gateways // (https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#wavelength-carrier-gateway) // in the Amazon Web Services Wavelength Developer Guide. CreateCarrierGateway(ctx context.Context, params *CreateCarrierGatewayInput, optFns ...func(*Options)) (*CreateCarrierGatewayOutput, error) // Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create // and configure to enable and manage client VPN sessions. It is the destination // endpoint at which all client VPN sessions are terminated. CreateClientVpnEndpoint(ctx context.Context, params *CreateClientVpnEndpointInput, optFns ...func(*Options)) (*CreateClientVpnEndpointOutput, error) // Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has // a route table that describes the available destination network routes. Each // route in the route table specifies the path for traffic to specific resources or // networks. CreateClientVpnRoute(ctx context.Context, params *CreateClientVpnRouteInput, optFns ...func(*Options)) (*CreateClientVpnRouteOutput, error) // Provides information to Amazon Web Services about your VPN customer gateway // device. The customer gateway is the appliance at your end of the VPN connection. // (The device on the Amazon Web Services side of the VPN connection is the virtual // private gateway.) You must provide the internet-routable IP address of the // customer gateway's external interface. The IP address must be static and can be // behind a device performing network address translation (NAT). For devices that // use Border Gateway Protocol (BGP), you can also provide the device's BGP // Autonomous System Number (ASN). You can use an existing ASN assigned to your // network. If you don't have an ASN already, you can use a private ASN (in the // 64512 - 65534 range). Amazon EC2 supports all 4-byte ASN numbers in the range of // 1 - 2147483647, with the exception of the following: // // * 7224 - reserved in the // us-east-1 Region // // * 9059 - reserved in the eu-west-1 Region // // * 17943 - reserved // in the ap-southeast-1 Region // // * 10124 - reserved in the ap-northeast-1 // Region // // For more information, see Amazon Web Services Site-to-Site VPN // (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web // Services Site-to-Site VPN User Guide. To create more than one customer gateway // with the same VPN type, IP address, and BGP ASN, specify a unique device name // for each customer gateway. Identical requests return information about the // existing customer gateway and do not create new customer gateways. CreateCustomerGateway(ctx context.Context, params *CreateCustomerGatewayInput, optFns ...func(*Options)) (*CreateCustomerGatewayOutput, error) // Creates a default subnet with a size /20 IPv4 CIDR block in the specified // Availability Zone in your default VPC. You can have only one default subnet per // Availability Zone. For more information, see Creating a default subnet // (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#create-default-subnet) // in the Amazon Virtual Private Cloud User Guide. CreateDefaultSubnet(ctx context.Context, params *CreateDefaultSubnetInput, optFns ...func(*Options)) (*CreateDefaultSubnetOutput, error) // Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in // each Availability Zone. For more information about the components of a default // VPC, see Default VPC and default subnets // (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) in the // Amazon Virtual Private Cloud User Guide. You cannot specify the components of // the default VPC yourself. If you deleted your previous default VPC, you can // create a default VPC. You cannot have more than one default VPC per Region. If // your account supports EC2-Classic, you cannot use this action to create a // default VPC in a Region that supports EC2-Classic. If you want a default VPC in // a Region that supports EC2-Classic, see "I really want a default VPC for my // existing EC2 account. Is that possible?" in the Default VPCs FAQ // (http://aws.amazon.com/vpc/faqs/#Default_VPCs). CreateDefaultVpc(ctx context.Context, params *CreateDefaultVpcInput, optFns ...func(*Options)) (*CreateDefaultVpcOutput, error) // Creates a set of DHCP options for your VPC. After creating the set, you must // associate it with the VPC, causing all existing and new instances that you // launch in the VPC to use this set of DHCP options. The following are the // individual DHCP options you can specify. For more information about the options, // see RFC 2132 (http://www.ietf.org/rfc/rfc2132.txt). // // * domain-name-servers - The // IP addresses of up to four domain name servers, or AmazonProvidedDNS. The // default DHCP option set specifies AmazonProvidedDNS. If specifying more than one // domain name server, specify the IP addresses in a single parameter, separated by // commas. To have your instance receive a custom DNS hostname as specified in // domain-name, you must set domain-name-servers to a custom DNS server. // // * // domain-name - If you're using AmazonProvidedDNS in us-east-1, specify // ec2.internal. If you're using AmazonProvidedDNS in another Region, specify // region.compute.internal (for example, ap-northeast-1.compute.internal). // Otherwise, specify a domain name (for example, ExampleCompany.com). This value // is used to complete unqualified DNS hostnames. Important: Some Linux operating // systems accept multiple domain names separated by spaces. However, Windows and // other Linux operating systems treat the value as a single domain, which results // in unexpected behavior. If your DHCP options set is associated with a VPC that // has instances with multiple operating systems, specify only one domain name. // // * // ntp-servers - The IP addresses of up to four Network Time Protocol (NTP) // servers. // // * netbios-name-servers - The IP addresses of up to four NetBIOS name // servers. // // * netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We // recommend that you specify 2 (broadcast and multicast are not currently // supported). For more information about these node types, see RFC 2132 // (http://www.ietf.org/rfc/rfc2132.txt). // // Your VPC automatically starts out with a // set of DHCP options that includes only a DNS server that we provide // (AmazonProvidedDNS). If you create a set of options, and if your VPC has an // internet gateway, make sure to set the domain-name-servers option either to // AmazonProvidedDNS or to a domain name server of your choice. For more // information, see DHCP options sets // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the // Amazon Virtual Private Cloud User Guide. CreateDhcpOptions(ctx context.Context, params *CreateDhcpOptionsInput, optFns ...func(*Options)) (*CreateDhcpOptionsOutput, error) // [IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only // internet gateway is used to enable outbound communication over IPv6 from // instances in your VPC to the internet, and prevents hosts outside of your VPC // from initiating an IPv6 connection with your instance. CreateEgressOnlyInternetGateway(ctx context.Context, params *CreateEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*CreateEgressOnlyInternetGatewayOutput, error) // Launches an EC2 Fleet. You can create a single EC2 Fleet that includes multiple // launch specifications that vary by instance type, AMI, Availability Zone, or // subnet. For more information, see EC2 Fleet // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html) in the // Amazon EC2 User Guide. CreateFleet(ctx context.Context, params *CreateFleetInput, optFns ...func(*Options)) (*CreateFleetOutput, error) // Creates one or more flow logs to capture information about IP traffic for a // specific network interface, subnet, or VPC. Flow log data for a monitored // network interface is recorded as flow log records, which are log events // consisting of fields that describe the traffic flow. For more information, see // Flow log records // (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records) // in the Amazon Virtual Private Cloud User Guide. When publishing to CloudWatch // Logs, flow log records are published to a log group, and each network interface // has a unique log stream in the log group. When publishing to Amazon S3, flow log // records for all of the monitored network interfaces are published to a single // log file object that is stored in the specified bucket. For more information, // see VPC Flow Logs // (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html) in the Amazon // Virtual Private Cloud User Guide. CreateFlowLogs(ctx context.Context, params *CreateFlowLogsInput, optFns ...func(*Options)) (*CreateFlowLogsOutput, error) // Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP). // The create operation is asynchronous. To verify that the AFI is ready for use, // check the output logs. An AFI contains the FPGA bitstream that is ready to // download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated // instances. For more information, see the Amazon Web Services FPGA Hardware // Development Kit (https://github.com/aws/aws-fpga/). CreateFpgaImage(ctx context.Context, params *CreateFpgaImageInput, optFns ...func(*Options)) (*CreateFpgaImageOutput, error) // Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is // either running or stopped. By default, Amazon EC2 shuts down and reboots the // instance before creating the AMI to ensure that everything on the instance is // stopped and in a consistent state during the creation process. If you're // confident that your instance is in a consistent state appropriate for AMI // creation, use the NoReboot parameter to prevent Amazon EC2 from shutting down // and rebooting the instance. If you customized your instance with instance store // volumes or Amazon EBS volumes in addition to the root device volume, the new AMI // contains block device mapping information for those volumes. When you launch an // instance from this new AMI, the instance automatically launches with those // additional volumes. For more information, see Creating Amazon EBS-Backed Linux // AMIs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html) // in the Amazon Elastic Compute Cloud User Guide. CreateImage(ctx context.Context, params *CreateImageInput, optFns ...func(*Options)) (*CreateImageOutput, error) // Creates an event window in which scheduled events for the associated Amazon EC2 // instances can run. You can define either a set of time ranges or a cron // expression when creating the event window, but not both. All event window times // are in UTC. You can create up to 200 event windows per Amazon Web Services // Region. When you create the event window, targets (instance IDs, Dedicated Host // IDs, or tags) are not yet associated with it. To ensure that the event window // can be used, you must associate one or more targets with it by using the // AssociateInstanceEventWindow API. Event windows are applicable only for // scheduled events that stop, reboot, or terminate instances. Event windows are // not applicable for: // // * Expedited scheduled events and network maintenance // events. // // * Unscheduled maintenance such as AutoRecovery and unplanned // reboots. // // For more information, see Define event windows for scheduled events // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the // Amazon EC2 User Guide. CreateInstanceEventWindow(ctx context.Context, params *CreateInstanceEventWindowInput, optFns ...func(*Options)) (*CreateInstanceEventWindowOutput, error) // Exports a running or stopped instance to an Amazon S3 bucket. For information // about the supported operating systems, image formats, and known limitations for // the types of instances you can export, see Exporting an instance as a VM Using // VM Import/Export // (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) in the VM // Import/Export User Guide. CreateInstanceExportTask(ctx context.Context, params *CreateInstanceExportTaskInput, optFns ...func(*Options)) (*CreateInstanceExportTaskOutput, error) // Creates an internet gateway for use with a VPC. After creating the internet // gateway, you attach it to a VPC using AttachInternetGateway. For more // information about your VPC and internet gateway, see the Amazon Virtual Private // Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). CreateInternetGateway(ctx context.Context, params *CreateInternetGatewayInput, optFns ...func(*Options)) (*CreateInternetGatewayOutput, error) // Create an IPAM. Amazon VCP IP Address Manager (IPAM) is a VPC feature that you // can use to automate your IP address management workflows including assigning, // tracking, troubleshooting, and auditing IP addresses across Amazon Web Services // Regions and accounts throughout your Amazon Web Services Organization. For more // information, see Create an IPAM in the Amazon VPC IPAM User Guide. CreateIpam(ctx context.Context, params *CreateIpamInput, optFns ...func(*Options)) (*CreateIpamOutput, error) // Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a // pool is a collection of contiguous IP addresses CIDRs. Pools enable you to // organize your IP addresses according to your routing and security needs. For // example, if you have separate routing and security needs for development and // production applications, you can create a pool for each. For more information, // see Create a top-level pool in the Amazon VPC IPAM User Guide. CreateIpamPool(ctx context.Context, params *CreateIpamPoolInput, optFns ...func(*Options)) (*CreateIpamPoolOutput, error) // Create an IPAM scope. In IPAM, a scope is the highest-level container within // IPAM. An IPAM contains two default scopes. Each scope represents the IP space // for a single network. The private scope is intended for all private IP address // space. The public scope is intended for all public IP address space. Scopes // enable you to reuse IP addresses across multiple unconnected networks without // causing IP address overlap or conflict. For more information, see Add a scope in // the Amazon VPC IPAM User Guide. CreateIpamScope(ctx context.Context, params *CreateIpamScopeInput, optFns ...func(*Options)) (*CreateIpamScopeOutput, error) // Creates an ED25519 or 2048-bit RSA key pair with the specified name. Amazon EC2 // stores the public key and displays the private key for you to save to a file. // The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If // a key with the specified name already exists, Amazon EC2 returns an error. The // key pair returned to you is available only in the Amazon Web Services Region in // which you create it. If you prefer, you can create your own key pair using a // third-party tool and upload it to any Region using ImportKeyPair. You can have // up to 5,000 key pairs per Amazon Web Services Region. For more information, see // Amazon EC2 key pairs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the // Amazon Elastic Compute Cloud User Guide. CreateKeyPair(ctx context.Context, params *CreateKeyPairInput, optFns ...func(*Options)) (*CreateKeyPairOutput, error) // Creates a launch template. A launch template contains the parameters to launch // an instance. When you launch an instance using RunInstances, you can specify a // launch template instead of providing the launch parameters in the request. For // more information, see Launching an instance from a launch template // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html) // in the Amazon Elastic Compute Cloud User Guide. CreateLaunchTemplate(ctx context.Context, params *CreateLaunchTemplateInput, optFns ...func(*Options)) (*CreateLaunchTemplateOutput, error) // Creates a new version for a launch template. You can specify an existing version // of launch template from which to base the new version. Launch template versions // are numbered in the order in which they are created. You cannot specify, change, // or replace the numbering of launch template versions. For more information, see // Managing launch template versions // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#manage-launch-template-versions)in // the Amazon Elastic Compute Cloud User Guide. CreateLaunchTemplateVersion(ctx context.Context, params *CreateLaunchTemplateVersionInput, optFns ...func(*Options)) (*CreateLaunchTemplateVersionOutput, error) // Creates a static route for the specified local gateway route table. CreateLocalGatewayRoute(ctx context.Context, params *CreateLocalGatewayRouteInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteOutput, error) // Associates the specified VPC with the specified local gateway route table. CreateLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *CreateLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteTableVpcAssociationOutput, error) // Creates a managed prefix list. You can specify one or more entries for the // prefix list. Each entry consists of a CIDR block and an optional description. CreateManagedPrefixList(ctx context.Context, params *CreateManagedPrefixListInput, optFns ...func(*Options)) (*CreateManagedPrefixListOutput, error) // Creates a NAT gateway in the specified subnet. This action creates a network // interface in the specified subnet with a private IP address from the IP address // range of the subnet. You can create either a public NAT gateway or a private NAT // gateway. With a public NAT gateway, internet-bound traffic from a private subnet // can be routed to the NAT gateway, so that instances in a private subnet can // connect to the internet. With a private NAT gateway, private communication is // routed across VPCs and on-premises networks through a transit gateway or virtual // private gateway. Common use cases include running large workloads behind a small // pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and // communicating between overlapping networks. For more information, see NAT // gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) // in the Amazon Virtual Private Cloud User Guide. CreateNatGateway(ctx context.Context, params *CreateNatGatewayInput, optFns ...func(*Options)) (*CreateNatGatewayOutput, error) // Creates a network ACL in a VPC. Network ACLs provide an optional layer of // security (in addition to security groups) for the instances in your VPC. For // more information, see Network ACLs // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon // Virtual Private Cloud User Guide. CreateNetworkAcl(ctx context.Context, params *CreateNetworkAclInput, optFns ...func(*Options)) (*CreateNetworkAclOutput, error) // Creates an entry (a rule) in a network ACL with the specified rule number. Each // network ACL has a set of numbered ingress rules and a separate set of numbered // egress rules. When determining whether a packet should be allowed in or out of a // subnet associated with the ACL, we process the entries in the ACL according to // the rule numbers, in ascending order. Each network ACL has a set of ingress // rules and a separate set of egress rules. We recommend that you leave room // between the rule numbers (for example, 100, 110, 120, ...), and not number them // one right after the other (for example, 101, 102, 103, ...). This makes it // easier to add a rule between existing ones without having to renumber the rules. // After you add an entry, you can't modify it; you must either replace it, or // create an entry and delete the old one. For more information about network ACLs, // see Network ACLs // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon // Virtual Private Cloud User Guide. CreateNetworkAclEntry(ctx context.Context, params *CreateNetworkAclEntryInput, optFns ...func(*Options)) (*CreateNetworkAclEntryOutput, error) // Creates a Network Access Scope. Amazon Web Services Network Access Analyzer // enables cloud networking and cloud operations teams to verify that their // networks on Amazon Web Services conform to their network security and governance // objectives. For more information, see the Amazon Web Services Network Access // Analyzer Guide // (https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/). CreateNetworkInsightsAccessScope(ctx context.Context, params *CreateNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*CreateNetworkInsightsAccessScopeOutput, error) // Creates a path to analyze for reachability. Reachability Analyzer enables you to // analyze and debug network reachability between two resources in your virtual // private cloud (VPC). For more information, see What is Reachability Analyzer // (https://docs.aws.amazon.com/vpc/latest/reachability/). CreateNetworkInsightsPath(ctx context.Context, params *CreateNetworkInsightsPathInput, optFns ...func(*Options)) (*CreateNetworkInsightsPathOutput, error) // Creates a network interface in the specified subnet. For more information about // network interfaces, see Elastic Network Interfaces // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) in the // Amazon Virtual Private Cloud User Guide. CreateNetworkInterface(ctx context.Context, params *CreateNetworkInterfaceInput, optFns ...func(*Options)) (*CreateNetworkInterfaceOutput, error) // Grants an Amazon Web Services-authorized account permission to attach the // specified network interface to an instance in their account. You can grant // permission to a single Amazon Web Services account only, and only one account at // a time. CreateNetworkInterfacePermission(ctx context.Context, params *CreateNetworkInterfacePermissionInput, optFns ...func(*Options)) (*CreateNetworkInterfacePermissionOutput, error) // Creates a placement group in which to launch instances. The strategy of the // placement group determines how the instances are organized within the group. A // cluster placement group is a logical grouping of instances within a single // Availability Zone that benefit from low network latency, high network // throughput. A spread placement group places instances on distinct hardware. A // partition placement group places groups of instances in different partitions, // where instances in one partition do not share the same hardware with instances // in another partition. For more information, see Placement groups // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in // the Amazon EC2 User Guide. CreatePlacementGroup(ctx context.Context, params *CreatePlacementGroupInput, optFns ...func(*Options)) (*CreatePlacementGroupOutput, error) // Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool // required for the public IPv4 CIDRs that you own and bring to Amazon Web Services // to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, // use IPAM pools only. To monitor the status of pool creation, use // DescribePublicIpv4Pools // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html). CreatePublicIpv4Pool(ctx context.Context, params *CreatePublicIpv4PoolInput, optFns ...func(*Options)) (*CreatePublicIpv4PoolOutput, error) // Creates a root volume replacement task for an Amazon EC2 instance. The root // volume can either be restored to its initial launch state, or it can be restored // using a specific snapshot. For more information, see Replace a root volume // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root) // in the Amazon Elastic Compute Cloud User Guide. CreateReplaceRootVolumeTask(ctx context.Context, params *CreateReplaceRootVolumeTaskInput, optFns ...func(*Options)) (*CreateReplaceRootVolumeTaskOutput, error) // Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the // Reserved Instance Marketplace. You can submit one Standard Reserved Instance // listing at a time. To get a list of your Standard Reserved Instances, you can // use the DescribeReservedInstances operation. Only Standard Reserved Instances // can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances // cannot be sold. The Reserved Instance Marketplace matches sellers who want to // resell Standard Reserved Instance capacity that they no longer need with buyers // who want to purchase additional capacity. Reserved Instances bought and sold // through the Reserved Instance Marketplace work like any other Reserved // Instances. To sell your Standard Reserved Instances, you must first register as // a seller in the Reserved Instance Marketplace. After completing the registration // process, you can create a Reserved Instance Marketplace listing of some or all // of your Standard Reserved Instances, and specify the upfront price to receive // for them. Your Standard Reserved Instance listings then become available for // purchase. To view the details of your Standard Reserved Instance listing, you // can use the DescribeReservedInstancesListings operation. For more information, // see Reserved Instance Marketplace // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in // the Amazon EC2 User Guide. CreateReservedInstancesListing(ctx context.Context, params *CreateReservedInstancesListingInput, optFns ...func(*Options)) (*CreateReservedInstancesListingOutput, error) // Starts a task that restores an AMI from an Amazon S3 object that was previously // created by using CreateStoreImageTask // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html). // To use this API, you must have the required permissions. For more information, // see Permissions for storing and restoring AMIs using Amazon S3 // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions) // in the Amazon Elastic Compute Cloud User Guide. For more information, see Store // and restore an AMI using Amazon S3 // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in // the Amazon Elastic Compute Cloud User Guide. CreateRestoreImageTask(ctx context.Context, params *CreateRestoreImageTaskInput, optFns ...func(*Options)) (*CreateRestoreImageTaskOutput, error) // Creates a route in a route table within a VPC. You must specify one of the // following targets: internet gateway or virtual private gateway, NAT instance, // NAT gateway, VPC peering connection, network interface, egress-only internet // gateway, or transit gateway. When determining how to route traffic, we use the // route with the most specific match. For example, traffic is destined for the // IPv4 address 192.0.2.3, and the route table includes the following two IPv4 // routes: // // * 192.0.2.0/24 (goes to some target A) // // * 192.0.2.0/28 (goes to some // target B) // // Both routes apply to the traffic destined for 192.0.2.3. However, the // second route in the list covers a smaller number of IP addresses and is // therefore more specific, so we use that route to determine where to target the // traffic. For more information about route tables, see Route tables // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the // Amazon Virtual Private Cloud User Guide. CreateRoute(ctx context.Context, params *CreateRouteInput, optFns ...func(*Options)) (*CreateRouteOutput, error) // Creates a route table for the specified VPC. After you create a route table, you // can add routes and associate the table with a subnet. For more information, see // Route tables // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the // Amazon Virtual Private Cloud User Guide. CreateRouteTable(ctx context.Context, params *CreateRouteTableInput, optFns ...func(*Options)) (*CreateRouteTableOutput, error) // Creates a security group. A security group acts as a virtual firewall for your // instance to control inbound and outbound traffic. For more information, see // Amazon EC2 security groups // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) // in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) // in the Amazon Virtual Private Cloud User Guide. When you create a security // group, you specify a friendly name of your choice. You can have a security group // for use in EC2-Classic with the same name as a security group for use in a VPC. // However, you can't have two security groups for use in EC2-Classic with the same // name or two security groups for use in a VPC with the same name. You have a // default security group for use in EC2-Classic and a default security group for // use in your VPC. If you don't specify a security group when you launch an // instance, the instance is launched into the appropriate default security group. // A default security group includes a default rule that grants instances // unrestricted network access to each other. You can add or remove rules from your // security groups using AuthorizeSecurityGroupIngress, // AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and // RevokeSecurityGroupEgress. For more information about VPC security group limits, // see Amazon VPC Limits // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). CreateSecurityGroup(ctx context.Context, params *CreateSecurityGroupInput, optFns ...func(*Options)) (*CreateSecurityGroupOutput, error) // Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use // snapshots for backups, to make copies of EBS volumes, and to save data before // shutting down an instance. You can create snapshots of volumes in a Region and // volumes on an Outpost. If you create a snapshot of a volume in a Region, the // snapshot must be stored in the same Region as the volume. If you create a // snapshot of a volume on an Outpost, the snapshot can be stored on the same // Outpost as the volume, or in the Region for that Outpost. When a snapshot is // created, any Amazon Web Services Marketplace product codes that are associated // with the source volume are propagated to the snapshot. You can take a snapshot // of an attached volume that is in use. However, snapshots only capture data that // has been written to your Amazon EBS volume at the time the snapshot command is // issued; this might exclude any data that has been cached by any applications or // the operating system. If you can pause any file systems on the volume long // enough to take a snapshot, your snapshot should be complete. However, if you // cannot pause all file writes to the volume, you should unmount the volume from // within the instance, issue the snapshot command, and then remount the volume to // ensure a consistent and complete snapshot. You may remount and use your volume // while the snapshot status is pending. To create a snapshot for Amazon EBS // volumes that serve as root devices, you should stop the instance before taking // the snapshot. Snapshots that are taken from encrypted volumes are automatically // encrypted. Volumes that are created from encrypted snapshots are also // automatically encrypted. Your encrypted volumes and any associated snapshots // always remain protected. You can tag your snapshots during creation. For more // information, see Tag your Amazon EC2 resources // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the // Amazon Elastic Compute Cloud User Guide. For more information, see Amazon // Elastic Block Store // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) and Amazon // EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. CreateSnapshot(ctx context.Context, params *CreateSnapshotInput, optFns ...func(*Options)) (*CreateSnapshotOutput, error) // Creates crash-consistent snapshots of multiple EBS volumes and stores the data // in S3. Volumes are chosen by specifying an instance. Any attached volumes will // produce one snapshot each that is crash-consistent across the instance. Boot // volumes can be excluded by changing the parameters. You can create multi-volume // snapshots of instances in a Region and instances on an Outpost. If you create // snapshots from an instance in a Region, the snapshots must be stored in the same // Region as the instance. If you create snapshots from an instance on an Outpost, // the snapshots can be stored on the same Outpost as the instance, or in the // Region for that Outpost. CreateSnapshots(ctx context.Context, params *CreateSnapshotsInput, optFns ...func(*Options)) (*CreateSnapshotsOutput, error) // Creates a data feed for Spot Instances, enabling you to view Spot Instance usage // logs. You can create one data feed per Amazon Web Services account. For more // information, see Spot Instance data feed // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in // the Amazon EC2 User Guide for Linux Instances. CreateSpotDatafeedSubscription(ctx context.Context, params *CreateSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*CreateSpotDatafeedSubscriptionOutput, error) // Stores an AMI as a single object in an Amazon S3 bucket. To use this API, you // must have the required permissions. For more information, see Permissions for // storing and restoring AMIs using Amazon S3 // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions) // in the Amazon Elastic Compute Cloud User Guide. For more information, see Store // and restore an AMI using Amazon S3 // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in // the Amazon Elastic Compute Cloud User Guide. CreateStoreImageTask(ctx context.Context, params *CreateStoreImageTaskInput, optFns ...func(*Options)) (*CreateStoreImageTaskOutput, error) // Creates a subnet in a specified VPC. You must specify an IPv4 CIDR block for the // subnet. After you create a subnet, you can't change its CIDR block. The allowed // block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP // addresses). The CIDR block must not overlap with the CIDR block of an existing // subnet in the VPC. If you've associated an IPv6 CIDR block with your VPC, you // can create a subnet with an IPv6 CIDR block that uses a /64 prefix length. // Amazon Web Services reserves both the first four and the last IPv4 address in // each subnet's CIDR block. They're not available for use. If you add more than // one subnet to a VPC, they're set up in a star topology with a logical router in // the middle. When you stop an instance in a subnet, it retains its private IPv4 // address. It's therefore possible to have a subnet with no running instances // (they're all stopped), but no remaining IP addresses available. For more // information about subnets, see Your VPC and subnets // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the // Amazon Virtual Private Cloud User Guide. CreateSubnet(ctx context.Context, params *CreateSubnetInput, optFns ...func(*Options)) (*CreateSubnetOutput, error) // Creates a subnet CIDR reservation. For information about subnet CIDR // reservations, see Subnet CIDR reservations // (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html) // in the Amazon Virtual Private Cloud User Guide. CreateSubnetCidrReservation(ctx context.Context, params *CreateSubnetCidrReservationInput, optFns ...func(*Options)) (*CreateSubnetCidrReservationOutput, error) // Adds or overwrites only the specified tags for the specified Amazon EC2 resource // or resources. When you specify an existing tag key, the value is overwritten // with the new value. Each resource can have a maximum of 50 tags. Each tag // consists of a key and optional value. Tag keys must be unique per resource. For // more information about tags, see Tagging Your Resources // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the // Amazon Elastic Compute Cloud User Guide. For more information about creating IAM // policies that control users' access to resources based on tags, see Supported // Resource-Level Permissions for Amazon EC2 API Actions // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-iam-actions-resources.html) // in the Amazon Elastic Compute Cloud User Guide. CreateTags(ctx context.Context, params *CreateTagsInput, optFns ...func(*Options)) (*CreateTagsOutput, error) // Creates a Traffic Mirror filter. A Traffic Mirror filter is a set of rules that // defines the traffic to mirror. By default, no traffic is mirrored. To mirror // traffic, use CreateTrafficMirrorFilterRule // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.htm) // to add Traffic Mirror rules to the filter. The rules you add define what traffic // gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyTrafficMirrorFilterNetworkServices.html) // to mirror supported network services. CreateTrafficMirrorFilter(ctx context.Context, params *CreateTrafficMirrorFilterInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterOutput, error) // Creates a Traffic Mirror filter rule. A Traffic Mirror rule defines the Traffic // Mirror source traffic to mirror. You need the Traffic Mirror filter ID when you // create the rule. CreateTrafficMirrorFilterRule(ctx context.Context, params *CreateTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterRuleOutput, error) // Creates a Traffic Mirror session. A Traffic Mirror session actively copies // packets from a Traffic Mirror source to a Traffic Mirror target. Create a // filter, and then assign it to the session to define a subset of the traffic to // mirror, for example all TCP traffic. The Traffic Mirror source and the Traffic // Mirror target (monitoring appliances) can be in the same VPC, or in a different // VPC connected via VPC peering or a transit gateway. By default, no traffic is // mirrored. Use CreateTrafficMirrorFilter // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilter.htm) // to create filter rules that specify the traffic to mirror. CreateTrafficMirrorSession(ctx context.Context, params *CreateTrafficMirrorSessionInput, optFns ...func(*Options)) (*CreateTrafficMirrorSessionOutput, error) // Creates a target for your Traffic Mirror session. A Traffic Mirror target is the // destination for mirrored traffic. The Traffic Mirror source and the Traffic // Mirror target (monitoring appliances) can be in the same VPC, or in different // VPCs connected via VPC peering or a transit gateway. A Traffic Mirror target can // be a network interface, or a Network Load Balancer. To use the target in a // Traffic Mirror session, use CreateTrafficMirrorSession // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.htm). CreateTrafficMirrorTarget(ctx context.Context, params *CreateTrafficMirrorTargetInput, optFns ...func(*Options)) (*CreateTrafficMirrorTargetOutput, error) // Creates a transit gateway. You can use a transit gateway to interconnect your // virtual private clouds (VPC) and on-premises networks. After the transit gateway // enters the available state, you can attach your VPCs and VPN connections to the // transit gateway. To attach your VPCs, use CreateTransitGatewayVpcAttachment. To // attach a VPN connection, use CreateCustomerGateway to create a customer gateway // and specify the ID of the customer gateway and the ID of the transit gateway in // a call to CreateVpnConnection. When you create a transit gateway, we create a // default transit gateway route table and use it as the default association route // table and the default propagation route table. You can use // CreateTransitGatewayRouteTable to create additional transit gateway route // tables. If you disable automatic route propagation, we do not create a default // transit gateway route table. You can use // EnableTransitGatewayRouteTablePropagation to propagate routes from a resource // attachment to a transit gateway route table. If you disable automatic // associations, you can use AssociateTransitGatewayRouteTable to associate a // resource attachment with a transit gateway route table. CreateTransitGateway(ctx context.Context, params *CreateTransitGatewayInput, optFns ...func(*Options)) (*CreateTransitGatewayOutput, error) // Creates a Connect attachment from a specified transit gateway attachment. A // Connect attachment is a GRE-based tunnel attachment that you can use to // establish a connection between a transit gateway and an appliance. A Connect // attachment uses an existing VPC or Amazon Web Services Direct Connect attachment // as the underlying transport mechanism. CreateTransitGatewayConnect(ctx context.Context, params *CreateTransitGatewayConnectInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectOutput, error) // Creates a Connect peer for a specified transit gateway Connect attachment // between a transit gateway and an appliance. The peer address and transit gateway // address must be the same IP address family (IPv4 or IPv6). For more information, // see Connect peers // (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html#tgw-connect-peer) // in the Transit Gateways Guide. CreateTransitGatewayConnectPeer(ctx context.Context, params *CreateTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectPeerOutput, error) // Creates a multicast domain using the specified transit gateway. The transit // gateway must be in the available state before you create a domain. Use // DescribeTransitGateways // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html) // to see the state of transit gateway. CreateTransitGatewayMulticastDomain(ctx context.Context, params *CreateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*CreateTransitGatewayMulticastDomainOutput, error) // Requests a transit gateway peering attachment between the specified transit // gateway (requester) and a peer transit gateway (accepter). The transit gateways // must be in different Regions. The peer transit gateway can be in your account or // a different Amazon Web Services account. After you create the peering // attachment, the owner of the accepter transit gateway must accept the attachment // request. CreateTransitGatewayPeeringAttachment(ctx context.Context, params *CreateTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayPeeringAttachmentOutput, error) // Creates a reference (route) to a prefix list in a specified transit gateway // route table. CreateTransitGatewayPrefixListReference(ctx context.Context, params *CreateTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*CreateTransitGatewayPrefixListReferenceOutput, error) // Creates a static route for the specified transit gateway route table. CreateTransitGatewayRoute(ctx context.Context, params *CreateTransitGatewayRouteInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteOutput, error) // Creates a route table for the specified transit gateway. CreateTransitGatewayRouteTable(ctx context.Context, params *CreateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteTableOutput, error) // Attaches the specified VPC to the specified transit gateway. If you attach a VPC // with a CIDR range that overlaps the CIDR range of a VPC that is already // attached, the new VPC CIDR range is not propagated to the default propagation // route table. To send VPC traffic to an attached transit gateway, add a route to // the VPC route table using CreateRoute. CreateTransitGatewayVpcAttachment(ctx context.Context, params *CreateTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayVpcAttachmentOutput, error) // Creates an EBS volume that can be attached to an instance in the same // Availability Zone. You can create a new empty volume or restore a volume from an // EBS snapshot. Any Amazon Web Services Marketplace product codes from the // snapshot are propagated to the volume. You can create encrypted volumes. // Encrypted volumes must be attached to instances that support Amazon EBS // encryption. Volumes that are created from encrypted snapshots are also // automatically encrypted. For more information, see Amazon EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. You can tag your volumes during // creation. For more information, see Tag your Amazon EC2 resources // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the // Amazon Elastic Compute Cloud User Guide. For more information, see Create an // Amazon EBS volume // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-volume.html) // in the Amazon Elastic Compute Cloud User Guide. CreateVolume(ctx context.Context, params *CreateVolumeInput, optFns ...func(*Options)) (*CreateVolumeOutput, error) // Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can // create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 // netmask (65,536 IPv4 addresses). For more information about how large to make // your VPC, see Your VPC and subnets // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the // Amazon Virtual Private Cloud User Guide. You can optionally request an IPv6 CIDR // block for the VPC. You can request an Amazon-provided IPv6 CIDR block from // Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool // that you provisioned through bring your own IP addresses (BYOIP // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). By // default, each instance you launch in the VPC has the default DHCP options, which // include only a default DNS server that we provide (AmazonProvidedDNS). For more // information, see DHCP options sets // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the // Amazon Virtual Private Cloud User Guide. You can specify the instance tenancy // value for the VPC when you create it. You can't change this value for the VPC // after you create it. For more information, see Dedicated Instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in // the Amazon Elastic Compute Cloud User Guide. CreateVpc(ctx context.Context, params *CreateVpcInput, optFns ...func(*Options)) (*CreateVpcOutput, error) // Creates a VPC endpoint for a specified service. An endpoint enables you to // create a private connection between your VPC and the service. The service may be // provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or // another Amazon Web Services account. For more information, see VPC Endpoints // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the // Amazon Virtual Private Cloud User Guide. A gateway endpoint serves as a target // for a route in your route table for traffic destined for the Amazon Web Service. // You can specify an endpoint policy to attach to the endpoint, which will control // access to the service from your VPC. You can also specify the VPC route tables // that use the endpoint. An interface endpoint is a network interface in your // subnet that serves as an endpoint for communicating with the specified service. // You can specify the subnets in which to create an endpoint, and the security // groups to associate with the endpoint network interface. A GatewayLoadBalancer // endpoint is a network interface in your subnet that serves an endpoint for // communicating with a Gateway Load Balancer that you've configured as a VPC // endpoint service. Use DescribeVpcEndpointServices to get a list of supported // services. CreateVpcEndpoint(ctx context.Context, params *CreateVpcEndpointInput, optFns ...func(*Options)) (*CreateVpcEndpointOutput, error) // Creates a connection notification for a specified VPC endpoint or VPC endpoint // service. A connection notification notifies you of specific endpoint events. You // must create an SNS topic to receive notifications. For more information, see // Create a Topic (https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html) in // the Amazon Simple Notification Service Developer Guide. You can create a // connection notification for interface endpoints only. CreateVpcEndpointConnectionNotification(ctx context.Context, params *CreateVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*CreateVpcEndpointConnectionNotificationOutput, error) // Creates a VPC endpoint service configuration to which service consumers (Amazon // Web Services accounts, IAM users, and IAM roles) can connect. To create an // endpoint service configuration, you must first create one of the following for // your service: // // * A Network Load Balancer // (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html). // Service consumers connect to your service using an interface endpoint. // // * A // Gateway Load Balancer // (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/introduction.html). // Service consumers connect to your service using a Gateway Load Balancer // endpoint. // // For more information, see VPC Endpoint Services // (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html) in the // Amazon Virtual Private Cloud User Guide. If you set the private DNS name, you // must prove that you own the private DNS domain name. For more information, see // VPC Endpoint Service Private DNS Name Verification // (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html) // in the Amazon Virtual Private Cloud User Guide. CreateVpcEndpointServiceConfiguration(ctx context.Context, params *CreateVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*CreateVpcEndpointServiceConfigurationOutput, error) // Requests a VPC peering connection between two VPCs: a requester VPC that you own // and an accepter VPC with which to create the connection. The accepter VPC can // belong to another Amazon Web Services account and can be in a different Region // to the requester VPC. The requester VPC and accepter VPC cannot have overlapping // CIDR blocks. Limitations and rules apply to a VPC peering connection. For more // information, see the limitations // (https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations) // section in the VPC Peering Guide. The owner of the accepter VPC must accept the // peering request to activate the peering connection. The VPC peering connection // request expires after 7 days, after which it cannot be accepted or rejected. If // you create a VPC peering connection request between VPCs with overlapping CIDR // blocks, the VPC peering connection has a status of failed. CreateVpcPeeringConnection(ctx context.Context, params *CreateVpcPeeringConnectionInput, optFns ...func(*Options)) (*CreateVpcPeeringConnectionOutput, error) // Creates a VPN connection between an existing virtual private gateway or transit // gateway and a customer gateway. The supported connection type is ipsec.1. The // response includes information that you need to give to your network // administrator to configure your customer gateway. We strongly recommend that you // use HTTPS when calling this operation because the response contains sensitive // cryptographic information for configuring your customer gateway device. If you // decide to shut down your VPN connection for any reason and later create a new // VPN connection, you must reconfigure your customer gateway with the new // information returned from this call. This is an idempotent operation. If you // perform the operation more than once, Amazon EC2 doesn't return an error. For // more information, see Amazon Web Services Site-to-Site VPN // (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web // Services Site-to-Site VPN User Guide. CreateVpnConnection(ctx context.Context, params *CreateVpnConnectionInput, optFns ...func(*Options)) (*CreateVpnConnectionOutput, error) // Creates a static route associated with a VPN connection between an existing // virtual private gateway and a VPN customer gateway. The static route allows // traffic to be routed from the virtual private gateway to the VPN customer // gateway. For more information, see Amazon Web Services Site-to-Site VPN // (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web // Services Site-to-Site VPN User Guide. CreateVpnConnectionRoute(ctx context.Context, params *CreateVpnConnectionRouteInput, optFns ...func(*Options)) (*CreateVpnConnectionRouteOutput, error) // Creates a virtual private gateway. A virtual private gateway is the endpoint on // the VPC side of your VPN connection. You can create a virtual private gateway // before creating the VPC itself. For more information, see Amazon Web Services // Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in // the Amazon Web Services Site-to-Site VPN User Guide. CreateVpnGateway(ctx context.Context, params *CreateVpnGatewayInput, optFns ...func(*Options)) (*CreateVpnGatewayOutput, error) // Deletes a carrier gateway. If you do not delete the route that contains the // carrier gateway as the Target, the route is a blackhole route. For information // about how to delete a route, see DeleteRoute // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteRoute.html). DeleteCarrierGateway(ctx context.Context, params *DeleteCarrierGatewayInput, optFns ...func(*Options)) (*DeleteCarrierGatewayOutput, error) // Deletes the specified Client VPN endpoint. You must disassociate all target // networks before you can delete a Client VPN endpoint. DeleteClientVpnEndpoint(ctx context.Context, params *DeleteClientVpnEndpointInput, optFns ...func(*Options)) (*DeleteClientVpnEndpointOutput, error) // Deletes a route from a Client VPN endpoint. You can only delete routes that you // manually added using the CreateClientVpnRoute action. You cannot delete routes // that were automatically added when associating a subnet. To remove routes that // have been automatically added, disassociate the target subnet from the Client // VPN endpoint. DeleteClientVpnRoute(ctx context.Context, params *DeleteClientVpnRouteInput, optFns ...func(*Options)) (*DeleteClientVpnRouteOutput, error) // Deletes the specified customer gateway. You must delete the VPN connection // before you can delete the customer gateway. DeleteCustomerGateway(ctx context.Context, params *DeleteCustomerGatewayInput, optFns ...func(*Options)) (*DeleteCustomerGatewayOutput, error) // Deletes the specified set of DHCP options. You must disassociate the set of DHCP // options before you can delete it. You can disassociate the set of DHCP options // by associating either a new set of options or the default set of options with // the VPC. DeleteDhcpOptions(ctx context.Context, params *DeleteDhcpOptionsInput, optFns ...func(*Options)) (*DeleteDhcpOptionsOutput, error) // Deletes an egress-only internet gateway. DeleteEgressOnlyInternetGateway(ctx context.Context, params *DeleteEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*DeleteEgressOnlyInternetGatewayOutput, error) // Deletes the specified EC2 Fleet. After you delete an EC2 Fleet, it launches no // new instances. You must specify whether a deleted EC2 Fleet should also // terminate its instances. If you choose to terminate the instances, the EC2 Fleet // enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the // deleted_running state, and the instances continue to run until they are // interrupted or you terminate them manually. For instant fleets, EC2 Fleet must // terminate the instances when the fleet is deleted. A deleted instant fleet with // running instances is not supported. Restrictions // // * You can delete up to 25 // instant fleets in a single request. If you exceed this number, no instant fleets // are deleted and an error is returned. There is no restriction on the number of // fleets of type maintain or request that can be deleted in a single request. // // * // Up to 1000 instances can be terminated in a single request to delete instant // fleets. // // For more information, see Delete an EC2 Fleet // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#delete-fleet) // in the Amazon EC2 User Guide. DeleteFleets(ctx context.Context, params *DeleteFleetsInput, optFns ...func(*Options)) (*DeleteFleetsOutput, error) // Deletes one or more flow logs. DeleteFlowLogs(ctx context.Context, params *DeleteFlowLogsInput, optFns ...func(*Options)) (*DeleteFlowLogsOutput, error) // Deletes the specified Amazon FPGA Image (AFI). DeleteFpgaImage(ctx context.Context, params *DeleteFpgaImageInput, optFns ...func(*Options)) (*DeleteFpgaImageOutput, error) // Deletes the specified event window. For more information, see Define event // windows for scheduled events // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the // Amazon EC2 User Guide. DeleteInstanceEventWindow(ctx context.Context, params *DeleteInstanceEventWindowInput, optFns ...func(*Options)) (*DeleteInstanceEventWindowOutput, error) // Deletes the specified internet gateway. You must detach the internet gateway // from the VPC before you can delete it. DeleteInternetGateway(ctx context.Context, params *DeleteInternetGatewayInput, optFns ...func(*Options)) (*DeleteInternetGatewayOutput, error) // Delete an IPAM. Deleting an IPAM removes all monitored data associated with the // IPAM including the historical data for CIDRs. You cannot delete an IPAM if there // are CIDRs provisioned to pools or if there are allocations in the pools within // the IPAM. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html). // To release allocations, see ReleaseIpamPoolAllocation // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html). // For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide. DeleteIpam(ctx context.Context, params *DeleteIpamInput, optFns ...func(*Options)) (*DeleteIpamOutput, error) // Delete an IPAM pool. You cannot delete an IPAM pool if there are allocations in // it or CIDRs provisioned to it. To release allocations, see // ReleaseIpamPoolAllocation // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html). // To deprovision pool CIDRs, see DeprovisionIpamPoolCidr // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html). // For more information, see Delete a pool in the Amazon VPC IPAM User Guide. DeleteIpamPool(ctx context.Context, params *DeleteIpamPoolInput, optFns ...func(*Options)) (*DeleteIpamPoolOutput, error) // Delete the scope for an IPAM. You cannot delete the default scopes. For more // information, see Delete a scope in the Amazon VPC IPAM User Guide. DeleteIpamScope(ctx context.Context, params *DeleteIpamScopeInput, optFns ...func(*Options)) (*DeleteIpamScopeOutput, error) // Deletes the specified key pair, by removing the public key from Amazon EC2. DeleteKeyPair(ctx context.Context, params *DeleteKeyPairInput, optFns ...func(*Options)) (*DeleteKeyPairOutput, error) // Deletes a launch template. Deleting a launch template deletes all of its // versions. DeleteLaunchTemplate(ctx context.Context, params *DeleteLaunchTemplateInput, optFns ...func(*Options)) (*DeleteLaunchTemplateOutput, error) // Deletes one or more versions of a launch template. You cannot delete the default // version of a launch template; you must first assign a different version as the // default. If the default version is the only version for the launch template, you // must delete the entire launch template using DeleteLaunchTemplate. DeleteLaunchTemplateVersions(ctx context.Context, params *DeleteLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DeleteLaunchTemplateVersionsOutput, error) // Deletes the specified route from the specified local gateway route table. DeleteLocalGatewayRoute(ctx context.Context, params *DeleteLocalGatewayRouteInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteOutput, error) // Deletes the specified association between a VPC and local gateway route table. DeleteLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *DeleteLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteTableVpcAssociationOutput, error) // Deletes the specified managed prefix list. You must first remove all references // to the prefix list in your resources. DeleteManagedPrefixList(ctx context.Context, params *DeleteManagedPrefixListInput, optFns ...func(*Options)) (*DeleteManagedPrefixListOutput, error) // Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates // its Elastic IP address, but does not release the address from your account. // Deleting a NAT gateway does not delete any NAT gateway routes in your route // tables. DeleteNatGateway(ctx context.Context, params *DeleteNatGatewayInput, optFns ...func(*Options)) (*DeleteNatGatewayOutput, error) // Deletes the specified network ACL. You can't delete the ACL if it's associated // with any subnets. You can't delete the default network ACL. DeleteNetworkAcl(ctx context.Context, params *DeleteNetworkAclInput, optFns ...func(*Options)) (*DeleteNetworkAclOutput, error) // Deletes the specified ingress or egress entry (rule) from the specified network // ACL. DeleteNetworkAclEntry(ctx context.Context, params *DeleteNetworkAclEntryInput, optFns ...func(*Options)) (*DeleteNetworkAclEntryOutput, error) // Deletes the specified Network Access Scope. DeleteNetworkInsightsAccessScope(ctx context.Context, params *DeleteNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeOutput, error) // Deletes the specified Network Access Scope analysis. DeleteNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *DeleteNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeAnalysisOutput, error) // Deletes the specified network insights analysis. DeleteNetworkInsightsAnalysis(ctx context.Context, params *DeleteNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAnalysisOutput, error) // Deletes the specified path. DeleteNetworkInsightsPath(ctx context.Context, params *DeleteNetworkInsightsPathInput, optFns ...func(*Options)) (*DeleteNetworkInsightsPathOutput, error) // Deletes the specified network interface. You must detach the network interface // before you can delete it. DeleteNetworkInterface(ctx context.Context, params *DeleteNetworkInterfaceInput, optFns ...func(*Options)) (*DeleteNetworkInterfaceOutput, error) // Deletes a permission for a network interface. By default, you cannot delete the // permission if the account for which you're removing the permission has attached // the network interface to an instance. However, you can force delete the // permission, regardless of any attachment. DeleteNetworkInterfacePermission(ctx context.Context, params *DeleteNetworkInterfacePermissionInput, optFns ...func(*Options)) (*DeleteNetworkInterfacePermissionOutput, error) // Deletes the specified placement group. You must terminate all instances in the // placement group before you can delete the placement group. For more information, // see Placement groups // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in // the Amazon EC2 User Guide. DeletePlacementGroup(ctx context.Context, params *DeletePlacementGroupInput, optFns ...func(*Options)) (*DeletePlacementGroupOutput, error) // Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required // for the public IPv4 CIDRs that you own and bring to Amazon Web Services to // manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use // IPAM pools only. DeletePublicIpv4Pool(ctx context.Context, params *DeletePublicIpv4PoolInput, optFns ...func(*Options)) (*DeletePublicIpv4PoolOutput, error) // Deletes the queued purchases for the specified Reserved Instances. DeleteQueuedReservedInstances(ctx context.Context, params *DeleteQueuedReservedInstancesInput, optFns ...func(*Options)) (*DeleteQueuedReservedInstancesOutput, error) // Deletes the specified route from the specified route table. DeleteRoute(ctx context.Context, params *DeleteRouteInput, optFns ...func(*Options)) (*DeleteRouteOutput, error) // Deletes the specified route table. You must disassociate the route table from // any subnets before you can delete it. You can't delete the main route table. DeleteRouteTable(ctx context.Context, params *DeleteRouteTableInput, optFns ...func(*Options)) (*DeleteRouteTableOutput, error) // Deletes a security group. If you attempt to delete a security group that is // associated with an instance, or is referenced by another security group, the // operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in // EC2-VPC. DeleteSecurityGroup(ctx context.Context, params *DeleteSecurityGroupInput, optFns ...func(*Options)) (*DeleteSecurityGroupOutput, error) // Deletes the specified snapshot. When you make periodic snapshots of a volume, // the snapshots are incremental, and only the blocks on the device that have // changed since your last snapshot are saved in the new snapshot. When you delete // a snapshot, only the data not needed for any other snapshot is removed. So // regardless of which prior snapshots have been deleted, all active snapshots will // have access to all the information needed to restore the volume. You cannot // delete a snapshot of the root device of an EBS volume used by a registered AMI. // You must first de-register the AMI before you can delete the snapshot. For more // information, see Delete an Amazon EBS snapshot // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-snapshot.html) // in the Amazon Elastic Compute Cloud User Guide. DeleteSnapshot(ctx context.Context, params *DeleteSnapshotInput, optFns ...func(*Options)) (*DeleteSnapshotOutput, error) // Deletes the data feed for Spot Instances. DeleteSpotDatafeedSubscription(ctx context.Context, params *DeleteSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DeleteSpotDatafeedSubscriptionOutput, error) // Deletes the specified subnet. You must terminate all running instances in the // subnet before you can delete the subnet. DeleteSubnet(ctx context.Context, params *DeleteSubnetInput, optFns ...func(*Options)) (*DeleteSubnetOutput, error) // Deletes a subnet CIDR reservation. DeleteSubnetCidrReservation(ctx context.Context, params *DeleteSubnetCidrReservationInput, optFns ...func(*Options)) (*DeleteSubnetCidrReservationOutput, error) // Deletes the specified set of tags from the specified set of resources. To list // the current tags, use DescribeTags. For more information about tags, see Tagging // Your Resources // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the // Amazon Elastic Compute Cloud User Guide. DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error) // Deletes the specified Traffic Mirror filter. You cannot delete a Traffic Mirror // filter that is in use by a Traffic Mirror session. DeleteTrafficMirrorFilter(ctx context.Context, params *DeleteTrafficMirrorFilterInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterOutput, error) // Deletes the specified Traffic Mirror rule. DeleteTrafficMirrorFilterRule(ctx context.Context, params *DeleteTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterRuleOutput, error) // Deletes the specified Traffic Mirror session. DeleteTrafficMirrorSession(ctx context.Context, params *DeleteTrafficMirrorSessionInput, optFns ...func(*Options)) (*DeleteTrafficMirrorSessionOutput, error) // Deletes the specified Traffic Mirror target. You cannot delete a Traffic Mirror // target that is in use by a Traffic Mirror session. DeleteTrafficMirrorTarget(ctx context.Context, params *DeleteTrafficMirrorTargetInput, optFns ...func(*Options)) (*DeleteTrafficMirrorTargetOutput, error) // Deletes the specified transit gateway. DeleteTransitGateway(ctx context.Context, params *DeleteTransitGatewayInput, optFns ...func(*Options)) (*DeleteTransitGatewayOutput, error) // Deletes the specified Connect attachment. You must first delete any Connect // peers for the attachment. DeleteTransitGatewayConnect(ctx context.Context, params *DeleteTransitGatewayConnectInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectOutput, error) // Deletes the specified Connect peer. DeleteTransitGatewayConnectPeer(ctx context.Context, params *DeleteTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectPeerOutput, error) // Deletes the specified transit gateway multicast domain. DeleteTransitGatewayMulticastDomain(ctx context.Context, params *DeleteTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DeleteTransitGatewayMulticastDomainOutput, error) // Deletes a transit gateway peering attachment. DeleteTransitGatewayPeeringAttachment(ctx context.Context, params *DeleteTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayPeeringAttachmentOutput, error) // Deletes a reference (route) to a prefix list in a specified transit gateway // route table. DeleteTransitGatewayPrefixListReference(ctx context.Context, params *DeleteTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*DeleteTransitGatewayPrefixListReferenceOutput, error) // Deletes the specified route from the specified transit gateway route table. DeleteTransitGatewayRoute(ctx context.Context, params *DeleteTransitGatewayRouteInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteOutput, error) // Deletes the specified transit gateway route table. You must disassociate the // route table from any transit gateway route tables before you can delete it. DeleteTransitGatewayRouteTable(ctx context.Context, params *DeleteTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteTableOutput, error) // Deletes the specified VPC attachment. DeleteTransitGatewayVpcAttachment(ctx context.Context, params *DeleteTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayVpcAttachmentOutput, error) // Deletes the specified EBS volume. The volume must be in the available state (not // attached to an instance). The volume can remain in the deleting state for // several minutes. For more information, see Delete an Amazon EBS volume // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html) // in the Amazon Elastic Compute Cloud User Guide. DeleteVolume(ctx context.Context, params *DeleteVolumeInput, optFns ...func(*Options)) (*DeleteVolumeOutput, error) // Deletes the specified VPC. You must detach or delete all gateways and resources // that are associated with the VPC before you can delete it. For example, you must // terminate all instances running in the VPC, delete all security groups // associated with the VPC (except the default one), delete all route tables // associated with the VPC (except the default one), and so on. DeleteVpc(ctx context.Context, params *DeleteVpcInput, optFns ...func(*Options)) (*DeleteVpcOutput, error) // Deletes one or more VPC endpoint connection notifications. DeleteVpcEndpointConnectionNotifications(ctx context.Context, params *DeleteVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointConnectionNotificationsOutput, error) // Deletes one or more VPC endpoint service configurations in your account. Before // you delete the endpoint service configuration, you must reject any Available or // PendingAcceptance interface endpoint connections that are attached to the // service. DeleteVpcEndpointServiceConfigurations(ctx context.Context, params *DeleteVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointServiceConfigurationsOutput, error) // Deletes one or more specified VPC endpoints. You can delete any of the following // types of VPC endpoints. // // * Gateway endpoint, // // * Gateway Load Balancer // endpoint, // // * Interface endpoint // // The following rules apply when you delete a VPC // endpoint: // // * When you delete a gateway endpoint, we delete the endpoint routes // in the route tables that are associated with the endpoint. // // * When you delete a // Gateway Load Balancer endpoint, we delete the endpoint network interfaces. You // can only delete Gateway Load Balancer endpoints when the routes that are // associated with the endpoint are deleted. // // * When you delete an interface // endpoint, we delete the endpoint network interfaces. DeleteVpcEndpoints(ctx context.Context, params *DeleteVpcEndpointsInput, optFns ...func(*Options)) (*DeleteVpcEndpointsOutput, error) // Deletes a VPC peering connection. Either the owner of the requester VPC or the // owner of the accepter VPC can delete the VPC peering connection if it's in the // active state. The owner of the requester VPC can delete a VPC peering connection // in the pending-acceptance state. You cannot delete a VPC peering connection // that's in the failed state. DeleteVpcPeeringConnection(ctx context.Context, params *DeleteVpcPeeringConnectionInput, optFns ...func(*Options)) (*DeleteVpcPeeringConnectionOutput, error) // Deletes the specified VPN connection. If you're deleting the VPC and its // associated components, we recommend that you detach the virtual private gateway // from the VPC and delete the VPC before deleting the VPN connection. If you // believe that the tunnel credentials for your VPN connection have been // compromised, you can delete the VPN connection and create a new one that has new // keys, without needing to delete the VPC or virtual private gateway. If you // create a new VPN connection, you must reconfigure the customer gateway device // using the new configuration information returned with the new VPN connection ID. // For certificate-based authentication, delete all Certificate Manager (ACM) // private certificates used for the Amazon Web Services-side tunnel endpoints for // the VPN connection before deleting the VPN connection. DeleteVpnConnection(ctx context.Context, params *DeleteVpnConnectionInput, optFns ...func(*Options)) (*DeleteVpnConnectionOutput, error) // Deletes the specified static route associated with a VPN connection between an // existing virtual private gateway and a VPN customer gateway. The static route // allows traffic to be routed from the virtual private gateway to the VPN customer // gateway. DeleteVpnConnectionRoute(ctx context.Context, params *DeleteVpnConnectionRouteInput, optFns ...func(*Options)) (*DeleteVpnConnectionRouteOutput, error) // Deletes the specified virtual private gateway. You must first detach the virtual // private gateway from the VPC. Note that you don't need to delete the virtual // private gateway if you plan to delete and recreate the VPN connection between // your VPC and your network. DeleteVpnGateway(ctx context.Context, params *DeleteVpnGatewayInput, optFns ...func(*Options)) (*DeleteVpnGatewayOutput, error) // Releases the specified address range that you provisioned for use with your // Amazon Web Services resources through bring your own IP addresses (BYOIP) and // deletes the corresponding address pool. Before you can release an address range, // you must stop advertising it using WithdrawByoipCidr and you must not have any // IP addresses allocated from its address range. DeprovisionByoipCidr(ctx context.Context, params *DeprovisionByoipCidrInput, optFns ...func(*Options)) (*DeprovisionByoipCidrOutput, error) // Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from // a pool that has a source pool, the CIDR is recycled back into the source pool. // For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User // Guide. DeprovisionIpamPoolCidr(ctx context.Context, params *DeprovisionIpamPoolCidrInput, optFns ...func(*Options)) (*DeprovisionIpamPoolCidrOutput, error) // Deprovision a CIDR from a public IPv4 pool. DeprovisionPublicIpv4PoolCidr(ctx context.Context, params *DeprovisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*DeprovisionPublicIpv4PoolCidrOutput, error) // Deregisters the specified AMI. After you deregister an AMI, it can't be used to // launch new instances. If you deregister an AMI that matches a Recycle Bin // retention rule, the AMI is retained in the Recycle Bin for the specified // retention period. For more information, see Recycle Bin // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the // Amazon Elastic Compute Cloud User Guide. When you deregister an AMI, it doesn't // affect any instances that you've already launched from the AMI. You'll continue // to incur usage costs for those instances until you terminate them. When you // deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was // created for the root volume of the instance during the AMI creation process. // When you deregister an instance store-backed AMI, it doesn't affect the files // that you uploaded to Amazon S3 when you created the AMI. DeregisterImage(ctx context.Context, params *DeregisterImageInput, optFns ...func(*Options)) (*DeregisterImageOutput, error) // Deregisters tag keys to prevent tags that have the specified tag keys from being // included in scheduled event notifications for resources in the Region. DeregisterInstanceEventNotificationAttributes(ctx context.Context, params *DeregisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DeregisterInstanceEventNotificationAttributesOutput, error) // Deregisters the specified members (network interfaces) from the transit gateway // multicast group. DeregisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupMembersOutput, error) // Deregisters the specified sources (network interfaces) from the transit gateway // multicast group. DeregisterTransitGatewayMulticastGroupSources(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupSourcesOutput, error) // Describes attributes of your Amazon Web Services account. The following are the // supported account attributes: // // * supported-platforms: Indicates whether your // account can launch instances into EC2-Classic and EC2-VPC, or only into // EC2-VPC. // // * default-vpc: The ID of the default VPC for your account, or none. // // * // max-instances: This attribute is no longer supported. The returned value does // not reflect your actual vCPU limit for running On-Demand Instances. For more // information, see On-Demand Instance Limits // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits) // in the Amazon Elastic Compute Cloud User Guide. // // * // vpc-max-security-groups-per-interface: The maximum number of security groups // that you can assign to a network interface. // // * max-elastic-ips: The maximum // number of Elastic IP addresses that you can allocate for use with // EC2-Classic. // // * vpc-max-elastic-ips: The maximum number of Elastic IP addresses // that you can allocate for use with EC2-VPC. DescribeAccountAttributes(ctx context.Context, params *DescribeAccountAttributesInput, optFns ...func(*Options)) (*DescribeAccountAttributesOutput, error) // Describes the specified Elastic IP addresses or all of your Elastic IP // addresses. An Elastic IP address is for use in either the EC2-Classic platform // or in a VPC. For more information, see Elastic IP Addresses // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) // in the Amazon Elastic Compute Cloud User Guide. DescribeAddresses(ctx context.Context, params *DescribeAddressesInput, optFns ...func(*Options)) (*DescribeAddressesOutput, error) // Describes the attributes of the specified Elastic IP addresses. For // requirements, see Using reverse DNS for email applications // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS). DescribeAddressesAttribute(ctx context.Context, params *DescribeAddressesAttributeInput, optFns ...func(*Options)) (*DescribeAddressesAttributeOutput, error) // Describes the longer ID format settings for all resource types in a specific // Region. This request is useful for performing a quick audit to determine whether // a specific Region is fully opted in for longer IDs (17-character IDs). This // request only returns information about resource types that support longer IDs. // The following resource types support longer IDs: bundle | conversion-task | // customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association // | export-task | flow-log | image | import-task | instance | internet-gateway | // network-acl | network-acl-association | network-interface | // network-interface-attachment | prefix-list | reservation | route-table | // route-table-association | security-group | snapshot | subnet | // subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | // vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway. DescribeAggregateIdFormat(ctx context.Context, params *DescribeAggregateIdFormatInput, optFns ...func(*Options)) (*DescribeAggregateIdFormatOutput, error) // Describes the Availability Zones, Local Zones, and Wavelength Zones that are // available to you. If there is an event impacting a zone, you can use this // request to view the state and any provided messages for that zone. For more // information about Availability Zones, Local Zones, and Wavelength Zones, see // Regions and zones // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html) // in the Amazon Elastic Compute Cloud User Guide. DescribeAvailabilityZones(ctx context.Context, params *DescribeAvailabilityZonesInput, optFns ...func(*Options)) (*DescribeAvailabilityZonesOutput, error) // Describes the specified bundle tasks or all of your bundle tasks. Completed // bundle tasks are listed for only a limited time. If your bundle task is no // longer in the list, you can still register an AMI from it. Just use // RegisterImage with the Amazon S3 bucket name and image manifest name you // provided to the bundle task. DescribeBundleTasks(ctx context.Context, params *DescribeBundleTasksInput, optFns ...func(*Options)) (*DescribeBundleTasksOutput, error) // Describes the IP address ranges that were specified in calls to // ProvisionByoipCidr. To describe the address pools that were created when you // provisioned the address ranges, use DescribePublicIpv4Pools or // DescribeIpv6Pools. DescribeByoipCidrs(ctx context.Context, params *DescribeByoipCidrsInput, optFns ...func(*Options)) (*DescribeByoipCidrsOutput, error) // Describes one or more Capacity Reservation Fleets. DescribeCapacityReservationFleets(ctx context.Context, params *DescribeCapacityReservationFleetsInput, optFns ...func(*Options)) (*DescribeCapacityReservationFleetsOutput, error) // Describes one or more of your Capacity Reservations. The results describe only // the Capacity Reservations in the Amazon Web Services Region that you're // currently using. DescribeCapacityReservations(ctx context.Context, params *DescribeCapacityReservationsInput, optFns ...func(*Options)) (*DescribeCapacityReservationsOutput, error) // Describes one or more of your carrier gateways. DescribeCarrierGateways(ctx context.Context, params *DescribeCarrierGatewaysInput, optFns ...func(*Options)) (*DescribeCarrierGatewaysOutput, error) // Describes one or more of your linked EC2-Classic instances. This request only // returns information about EC2-Classic instances linked to a VPC through // ClassicLink. You cannot use this request to return information about other // instances. DescribeClassicLinkInstances(ctx context.Context, params *DescribeClassicLinkInstancesInput, optFns ...func(*Options)) (*DescribeClassicLinkInstancesOutput, error) // Describes the authorization rules for a specified Client VPN endpoint. DescribeClientVpnAuthorizationRules(ctx context.Context, params *DescribeClientVpnAuthorizationRulesInput, optFns ...func(*Options)) (*DescribeClientVpnAuthorizationRulesOutput, error) // Describes active client connections and connections that have been terminated // within the last 60 minutes for the specified Client VPN endpoint. DescribeClientVpnConnections(ctx context.Context, params *DescribeClientVpnConnectionsInput, optFns ...func(*Options)) (*DescribeClientVpnConnectionsOutput, error) // Describes one or more Client VPN endpoints in the account. DescribeClientVpnEndpoints(ctx context.Context, params *DescribeClientVpnEndpointsInput, optFns ...func(*Options)) (*DescribeClientVpnEndpointsOutput, error) // Describes the routes for the specified Client VPN endpoint. DescribeClientVpnRoutes(ctx context.Context, params *DescribeClientVpnRoutesInput, optFns ...func(*Options)) (*DescribeClientVpnRoutesOutput, error) // Describes the target networks associated with the specified Client VPN endpoint. DescribeClientVpnTargetNetworks(ctx context.Context, params *DescribeClientVpnTargetNetworksInput, optFns ...func(*Options)) (*DescribeClientVpnTargetNetworksOutput, error) // Describes the specified customer-owned address pools or all of your // customer-owned address pools. DescribeCoipPools(ctx context.Context, params *DescribeCoipPoolsInput, optFns ...func(*Options)) (*DescribeCoipPoolsOutput, error) // Describes the specified conversion tasks or all your conversion tasks. For more // information, see the VM Import/Export User Guide // (https://docs.aws.amazon.com/vm-import/latest/userguide/). For information about // the import manifest referenced by this API action, see VM Import Manifest // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). DescribeConversionTasks(ctx context.Context, params *DescribeConversionTasksInput, optFns ...func(*Options)) (*DescribeConversionTasksOutput, error) // Describes one or more of your VPN customer gateways. For more information, see // Amazon Web Services Site-to-Site VPN // (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web // Services Site-to-Site VPN User Guide. DescribeCustomerGateways(ctx context.Context, params *DescribeCustomerGatewaysInput, optFns ...func(*Options)) (*DescribeCustomerGatewaysOutput, error) // Describes one or more of your DHCP options sets. For more information, see DHCP // options sets // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the // Amazon Virtual Private Cloud User Guide. DescribeDhcpOptions(ctx context.Context, params *DescribeDhcpOptionsInput, optFns ...func(*Options)) (*DescribeDhcpOptionsOutput, error) // Describes one or more of your egress-only internet gateways. DescribeEgressOnlyInternetGateways(ctx context.Context, params *DescribeEgressOnlyInternetGatewaysInput, optFns ...func(*Options)) (*DescribeEgressOnlyInternetGatewaysOutput, error) // Describes the Elastic Graphics accelerator associated with your instances. For // more information about Elastic Graphics, see Amazon Elastic Graphics // (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html). DescribeElasticGpus(ctx context.Context, params *DescribeElasticGpusInput, optFns ...func(*Options)) (*DescribeElasticGpusOutput, error) // Describes the specified export image tasks or all of your export image tasks. DescribeExportImageTasks(ctx context.Context, params *DescribeExportImageTasksInput, optFns ...func(*Options)) (*DescribeExportImageTasksOutput, error) // Describes the specified export instance tasks or all of your export instance // tasks. DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error) // Describe details for Windows AMIs that are configured for faster launching. DescribeFastLaunchImages(ctx context.Context, params *DescribeFastLaunchImagesInput, optFns ...func(*Options)) (*DescribeFastLaunchImagesOutput, error) // Describes the state of fast snapshot restores for your snapshots. DescribeFastSnapshotRestores(ctx context.Context, params *DescribeFastSnapshotRestoresInput, optFns ...func(*Options)) (*DescribeFastSnapshotRestoresOutput, error) // Describes the events for the specified EC2 Fleet during the specified time. EC2 // Fleet events are delayed by up to 30 seconds before they can be described. This // ensures that you can query by the last evaluated time and not miss a recorded // event. EC2 Fleet events are available for 48 hours. For more information, see // Monitor fleet events using Amazon EventBridge // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the // Amazon EC2 User Guide. DescribeFleetHistory(ctx context.Context, params *DescribeFleetHistoryInput, optFns ...func(*Options)) (*DescribeFleetHistoryOutput, error) // Describes the running instances for the specified EC2 Fleet. For more // information, see Monitor your EC2 Fleet // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet) // in the Amazon EC2 User Guide. DescribeFleetInstances(ctx context.Context, params *DescribeFleetInstancesInput, optFns ...func(*Options)) (*DescribeFleetInstancesOutput, error) // Describes the specified EC2 Fleets or all of your EC2 Fleets. For more // information, see Monitor your EC2 Fleet // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet) // in the Amazon EC2 User Guide. DescribeFleets(ctx context.Context, params *DescribeFleetsInput, optFns ...func(*Options)) (*DescribeFleetsOutput, error) // Describes one or more flow logs. To view the information in your flow logs (the // log streams for the network interfaces), you must use the CloudWatch Logs // console or the CloudWatch Logs API. DescribeFlowLogs(ctx context.Context, params *DescribeFlowLogsInput, optFns ...func(*Options)) (*DescribeFlowLogsOutput, error) // Describes the specified attribute of the specified Amazon FPGA Image (AFI). DescribeFpgaImageAttribute(ctx context.Context, params *DescribeFpgaImageAttributeInput, optFns ...func(*Options)) (*DescribeFpgaImageAttributeOutput, error) // Describes the Amazon FPGA Images (AFIs) available to you. These include public // AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services // accounts for which you have load permissions. DescribeFpgaImages(ctx context.Context, params *DescribeFpgaImagesInput, optFns ...func(*Options)) (*DescribeFpgaImagesOutput, error) // Describes the Dedicated Host reservations that are available to purchase. The // results describe all of the Dedicated Host reservation offerings, including // offerings that might not match the instance family and Region of your Dedicated // Hosts. When purchasing an offering, ensure that the instance family and Region // of the offering matches that of the Dedicated Hosts with which it is to be // associated. For more information about supported instance types, see Dedicated // Hosts // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) // in the Amazon EC2 User Guide. DescribeHostReservationOfferings(ctx context.Context, params *DescribeHostReservationOfferingsInput, optFns ...func(*Options)) (*DescribeHostReservationOfferingsOutput, error) // Describes reservations that are associated with Dedicated Hosts in your account. DescribeHostReservations(ctx context.Context, params *DescribeHostReservationsInput, optFns ...func(*Options)) (*DescribeHostReservationsOutput, error) // Describes the specified Dedicated Hosts or all your Dedicated Hosts. The results // describe only the Dedicated Hosts in the Region you're currently using. All // listed instances consume capacity on your Dedicated Host. Dedicated Hosts that // have recently been released are listed with the state released. DescribeHosts(ctx context.Context, params *DescribeHostsInput, optFns ...func(*Options)) (*DescribeHostsOutput, error) // Describes your IAM instance profile associations. DescribeIamInstanceProfileAssociations(ctx context.Context, params *DescribeIamInstanceProfileAssociationsInput, optFns ...func(*Options)) (*DescribeIamInstanceProfileAssociationsOutput, error) // Describes the ID format settings for your resources on a per-Region basis, for // example, to view which resource types are enabled for longer IDs. This request // only returns information about resource types whose ID formats can be modified; // it does not return information about other resource types. The following // resource types support longer IDs: bundle | conversion-task | customer-gateway | // dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | // flow-log | image | import-task | instance | internet-gateway | network-acl | // network-acl-association | network-interface | network-interface-attachment | // prefix-list | reservation | route-table | route-table-association | // security-group | snapshot | subnet | subnet-cidr-block-association | volume | // vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | // vpn-connection | vpn-gateway. These settings apply to the IAM user who makes the // request; they do not apply to the entire Amazon Web Services account. By // default, an IAM user defaults to the same settings as the root user, unless they // explicitly override the settings by running the ModifyIdFormat command. // Resources created with longer IDs are visible to all IAM users, regardless of // these settings and provided that they have permission to use the relevant // Describe command for the resource type. DescribeIdFormat(ctx context.Context, params *DescribeIdFormatInput, optFns ...func(*Options)) (*DescribeIdFormatOutput, error) // Describes the ID format settings for resources for the specified IAM user, IAM // role, or root user. For example, you can view the resource types that are // enabled for longer IDs. This request only returns information about resource // types whose ID formats can be modified; it does not return information about // other resource types. For more information, see Resource IDs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the // Amazon Elastic Compute Cloud User Guide. The following resource types support // longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | // elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image // | import-task | instance | internet-gateway | network-acl | // network-acl-association | network-interface | network-interface-attachment | // prefix-list | reservation | route-table | route-table-association | // security-group | snapshot | subnet | subnet-cidr-block-association | volume | // vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | // vpn-connection | vpn-gateway. These settings apply to the principal specified in // the request. They do not apply to the principal that makes the request. DescribeIdentityIdFormat(ctx context.Context, params *DescribeIdentityIdFormatInput, optFns ...func(*Options)) (*DescribeIdentityIdFormatOutput, error) // Describes the specified attribute of the specified AMI. You can specify only one // attribute at a time. DescribeImageAttribute(ctx context.Context, params *DescribeImageAttributeInput, optFns ...func(*Options)) (*DescribeImageAttributeOutput, error) // Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of // the images available to you. The images available to you include public images, // private images that you own, and private images owned by other Amazon Web // Services accounts for which you have explicit launch permissions. Recently // deregistered images appear in the returned results for a short interval and then // return empty results. After all instances that reference a deregistered AMI are // terminated, specifying the ID of the image will eventually return an error // indicating that the AMI ID cannot be found. DescribeImages(ctx context.Context, params *DescribeImagesInput, optFns ...func(*Options)) (*DescribeImagesOutput, error) // Displays details about an import virtual machine or import snapshot tasks that // are already created. DescribeImportImageTasks(ctx context.Context, params *DescribeImportImageTasksInput, optFns ...func(*Options)) (*DescribeImportImageTasksOutput, error) // Describes your import snapshot tasks. DescribeImportSnapshotTasks(ctx context.Context, params *DescribeImportSnapshotTasksInput, optFns ...func(*Options)) (*DescribeImportSnapshotTasksOutput, error) // Describes the specified attribute of the specified instance. You can specify // only one attribute at a time. Valid attribute values are: instanceType | kernel // | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior // | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck | // groupSet | ebsOptimized | sriovNetSupport DescribeInstanceAttribute(ctx context.Context, params *DescribeInstanceAttributeInput, optFns ...func(*Options)) (*DescribeInstanceAttributeOutput, error) // Describes the credit option for CPU usage of the specified burstable performance // instances. The credit options are standard and unlimited. If you do not specify // an instance ID, Amazon EC2 returns burstable performance instances with the // unlimited credit option, as well as instances that were previously configured as // T2, T3, and T3a with the unlimited credit option. For example, if you resize a // T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2 // returns the M4 instance. If you specify one or more instance IDs, Amazon EC2 // returns the credit option (standard or unlimited) of those instances. If you // specify an instance ID that is not valid, such as an instance that is not a // burstable performance instance, an error is returned. Recently terminated // instances might appear in the returned results. This interval is usually less // than one hour. If an Availability Zone is experiencing a service disruption and // you specify instance IDs in the affected zone, or do not specify any instance // IDs at all, the call fails. If you specify only instance IDs in an unaffected // zone, the call works normally. For more information, see Burstable performance // instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) // in the Amazon EC2 User Guide. DescribeInstanceCreditSpecifications(ctx context.Context, params *DescribeInstanceCreditSpecificationsInput, optFns ...func(*Options)) (*DescribeInstanceCreditSpecificationsOutput, error) // Describes the tag keys that are registered to appear in scheduled event // notifications for resources in the current Region. DescribeInstanceEventNotificationAttributes(ctx context.Context, params *DescribeInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DescribeInstanceEventNotificationAttributesOutput, error) // Describes the specified event windows or all event windows. If you specify event // window IDs, the output includes information for only the specified event // windows. If you specify filters, the output includes information for only those // event windows that meet the filter criteria. If you do not specify event windows // IDs or filters, the output includes information for all event windows, which can // affect performance. We recommend that you use pagination to ensure that the // operation returns quickly and successfully. For more information, see Define // event windows for scheduled events // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the // Amazon EC2 User Guide. DescribeInstanceEventWindows(ctx context.Context, params *DescribeInstanceEventWindowsInput, optFns ...func(*Options)) (*DescribeInstanceEventWindowsOutput, error) // Describes the status of the specified instances or all of your instances. By // default, only running instances are described, unless you specifically indicate // to return the status of all instances. Instance status includes the following // components: // // * Status checks - Amazon EC2 performs status checks on running EC2 // instances to identify hardware and software issues. For more information, see // Status checks for your instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html) // and Troubleshoot instances with failed status checks // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html) // in the Amazon EC2 User Guide. // // * Scheduled events - Amazon EC2 can schedule // events (such as reboot, stop, or terminate) for your instances related to // hardware issues, software updates, or system maintenance. For more information, // see Scheduled events for your instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) // in the Amazon EC2 User Guide. // // * Instance state - You can manage your instances // from the moment you launch them through their termination. For more information, // see Instance lifecycle // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html) // in the Amazon EC2 User Guide. DescribeInstanceStatus(ctx context.Context, params *DescribeInstanceStatusInput, optFns ...func(*Options)) (*DescribeInstanceStatusOutput, error) // Returns a list of all instance types offered. The results can be filtered by // location (Region or Availability Zone). If no location is specified, the // instance types offered in the current Region are returned. DescribeInstanceTypeOfferings(ctx context.Context, params *DescribeInstanceTypeOfferingsInput, optFns ...func(*Options)) (*DescribeInstanceTypeOfferingsOutput, error) // Describes the details of the instance types that are offered in a location. The // results can be filtered by the attributes of the instance types. DescribeInstanceTypes(ctx context.Context, params *DescribeInstanceTypesInput, optFns ...func(*Options)) (*DescribeInstanceTypesOutput, error) // Describes the specified instances or all instances. If you specify instance IDs, // the output includes information for only the specified instances. If you specify // filters, the output includes information for only those instances that meet the // filter criteria. If you do not specify instance IDs or filters, the output // includes information for all instances, which can affect performance. We // recommend that you use pagination to ensure that the operation returns quickly // and successfully. If you specify an instance ID that is not valid, an error is // returned. If you specify an instance that you do not own, it is not included in // the output. Recently terminated instances might appear in the returned results. // This interval is usually less than one hour. If you describe instances in the // rare case where an Availability Zone is experiencing a service disruption and // you specify instance IDs that are in the affected zone, or do not specify any // instance IDs at all, the call fails. If you describe instances and specify only // instance IDs that are in an unaffected zone, the call works normally. DescribeInstances(ctx context.Context, params *DescribeInstancesInput, optFns ...func(*Options)) (*DescribeInstancesOutput, error) // Describes one or more of your internet gateways. DescribeInternetGateways(ctx context.Context, params *DescribeInternetGatewaysInput, optFns ...func(*Options)) (*DescribeInternetGatewaysOutput, error) // Get information about your IPAM pools. DescribeIpamPools(ctx context.Context, params *DescribeIpamPoolsInput, optFns ...func(*Options)) (*DescribeIpamPoolsOutput, error) // Get information about your IPAM scopes. DescribeIpamScopes(ctx context.Context, params *DescribeIpamScopesInput, optFns ...func(*Options)) (*DescribeIpamScopesOutput, error) // Get information about your IPAM pools. For more information, see What is IPAM? // in the Amazon VPC IPAM User Guide. DescribeIpams(ctx context.Context, params *DescribeIpamsInput, optFns ...func(*Options)) (*DescribeIpamsOutput, error) // Describes your IPv6 address pools. DescribeIpv6Pools(ctx context.Context, params *DescribeIpv6PoolsInput, optFns ...func(*Options)) (*DescribeIpv6PoolsOutput, error) // Describes the specified key pairs or all of your key pairs. For more information // about key pairs, see Amazon EC2 key pairs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the // Amazon Elastic Compute Cloud User Guide. DescribeKeyPairs(ctx context.Context, params *DescribeKeyPairsInput, optFns ...func(*Options)) (*DescribeKeyPairsOutput, error) // Describes one or more versions of a specified launch template. You can describe // all versions, individual versions, or a range of versions. You can also describe // all the latest versions or all the default versions of all the launch templates // in your account. DescribeLaunchTemplateVersions(ctx context.Context, params *DescribeLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DescribeLaunchTemplateVersionsOutput, error) // Describes one or more launch templates. DescribeLaunchTemplates(ctx context.Context, params *DescribeLaunchTemplatesInput, optFns ...func(*Options)) (*DescribeLaunchTemplatesOutput, error) // Describes the associations between virtual interface groups and local gateway // route tables. DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error) // Describes the specified associations between VPCs and local gateway route // tables. DescribeLocalGatewayRouteTableVpcAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVpcAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVpcAssociationsOutput, error) // Describes one or more local gateway route tables. By default, all local gateway // route tables are described. Alternatively, you can filter the results. DescribeLocalGatewayRouteTables(ctx context.Context, params *DescribeLocalGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTablesOutput, error) // Describes the specified local gateway virtual interface groups. DescribeLocalGatewayVirtualInterfaceGroups(ctx context.Context, params *DescribeLocalGatewayVirtualInterfaceGroupsInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfaceGroupsOutput, error) // Describes the specified local gateway virtual interfaces. DescribeLocalGatewayVirtualInterfaces(ctx context.Context, params *DescribeLocalGatewayVirtualInterfacesInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfacesOutput, error) // Describes one or more local gateways. By default, all local gateways are // described. Alternatively, you can filter the results. DescribeLocalGateways(ctx context.Context, params *DescribeLocalGatewaysInput, optFns ...func(*Options)) (*DescribeLocalGatewaysOutput, error) // Describes your managed prefix lists and any Amazon Web Services-managed prefix // lists. To view the entries for your prefix list, use // GetManagedPrefixListEntries. DescribeManagedPrefixLists(ctx context.Context, params *DescribeManagedPrefixListsInput, optFns ...func(*Options)) (*DescribeManagedPrefixListsOutput, error) // Describes your Elastic IP addresses that are being moved to the EC2-VPC // platform, or that are being restored to the EC2-Classic platform. This request // does not return information about any other Elastic IP addresses in your // account. DescribeMovingAddresses(ctx context.Context, params *DescribeMovingAddressesInput, optFns ...func(*Options)) (*DescribeMovingAddressesOutput, error) // Describes one or more of your NAT gateways. DescribeNatGateways(ctx context.Context, params *DescribeNatGatewaysInput, optFns ...func(*Options)) (*DescribeNatGatewaysOutput, error) // Describes one or more of your network ACLs. For more information, see Network // ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the // Amazon Virtual Private Cloud User Guide. DescribeNetworkAcls(ctx context.Context, params *DescribeNetworkAclsInput, optFns ...func(*Options)) (*DescribeNetworkAclsOutput, error) // Describes the specified Network Access Scope analyses. DescribeNetworkInsightsAccessScopeAnalyses(ctx context.Context, params *DescribeNetworkInsightsAccessScopeAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopeAnalysesOutput, error) // Describes the specified Network Access Scopes. DescribeNetworkInsightsAccessScopes(ctx context.Context, params *DescribeNetworkInsightsAccessScopesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopesOutput, error) // Describes one or more of your network insights analyses. DescribeNetworkInsightsAnalyses(ctx context.Context, params *DescribeNetworkInsightsAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAnalysesOutput, error) // Describes one or more of your paths. DescribeNetworkInsightsPaths(ctx context.Context, params *DescribeNetworkInsightsPathsInput, optFns ...func(*Options)) (*DescribeNetworkInsightsPathsOutput, error) // Describes a network interface attribute. You can specify only one attribute at a // time. DescribeNetworkInterfaceAttribute(ctx context.Context, params *DescribeNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*DescribeNetworkInterfaceAttributeOutput, error) // Describes the permissions for your network interfaces. DescribeNetworkInterfacePermissions(ctx context.Context, params *DescribeNetworkInterfacePermissionsInput, optFns ...func(*Options)) (*DescribeNetworkInterfacePermissionsOutput, error) // Describes one or more of your network interfaces. DescribeNetworkInterfaces(ctx context.Context, params *DescribeNetworkInterfacesInput, optFns ...func(*Options)) (*DescribeNetworkInterfacesOutput, error) // Describes the specified placement groups or all of your placement groups. For // more information, see Placement groups // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in // the Amazon EC2 User Guide. DescribePlacementGroups(ctx context.Context, params *DescribePlacementGroupsInput, optFns ...func(*Options)) (*DescribePlacementGroupsOutput, error) // Describes available Amazon Web Services services in a prefix list format, which // includes the prefix list name and prefix list ID of the service and the IP // address range for the service. We recommend that you use // DescribeManagedPrefixLists instead. DescribePrefixLists(ctx context.Context, params *DescribePrefixListsInput, optFns ...func(*Options)) (*DescribePrefixListsOutput, error) // Describes the ID format settings for the root user and all IAM roles and IAM // users that have explicitly specified a longer ID (17-character ID) preference. // By default, all IAM roles and IAM users default to the same ID settings as the // root user, unless they explicitly override the settings. This request is useful // for identifying those IAM users and IAM roles that have overridden the default // ID settings. The following resource types support longer IDs: bundle | // conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | // elastic-ip-association | export-task | flow-log | image | import-task | instance // | internet-gateway | network-acl | network-acl-association | network-interface | // network-interface-attachment | prefix-list | reservation | route-table | // route-table-association | security-group | snapshot | subnet | // subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | // vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway. DescribePrincipalIdFormat(ctx context.Context, params *DescribePrincipalIdFormatInput, optFns ...func(*Options)) (*DescribePrincipalIdFormatOutput, error) // Describes the specified IPv4 address pools. DescribePublicIpv4Pools(ctx context.Context, params *DescribePublicIpv4PoolsInput, optFns ...func(*Options)) (*DescribePublicIpv4PoolsOutput, error) // Describes the Regions that are enabled for your account, or all Regions. For a // list of the Regions supported by Amazon EC2, see Amazon Elastic Compute Cloud // endpoints and quotas // (https://docs.aws.amazon.com/general/latest/gr/ec2-service.html). For // information about enabling and disabling Regions for your account, see Managing // Amazon Web Services Regions // (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html) in the Amazon // Web Services General Reference. DescribeRegions(ctx context.Context, params *DescribeRegionsInput, optFns ...func(*Options)) (*DescribeRegionsOutput, error) // Describes a root volume replacement task. For more information, see Replace a // root volume // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root) // in the Amazon Elastic Compute Cloud User Guide. DescribeReplaceRootVolumeTasks(ctx context.Context, params *DescribeReplaceRootVolumeTasksInput, optFns ...func(*Options)) (*DescribeReplaceRootVolumeTasksOutput, error) // Describes one or more of the Reserved Instances that you purchased. For more // information about Reserved Instances, see Reserved Instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html) // in the Amazon EC2 User Guide. DescribeReservedInstances(ctx context.Context, params *DescribeReservedInstancesInput, optFns ...func(*Options)) (*DescribeReservedInstancesOutput, error) // Describes your account's Reserved Instance listings in the Reserved Instance // Marketplace. The Reserved Instance Marketplace matches sellers who want to // resell Reserved Instance capacity that they no longer need with buyers who want // to purchase additional capacity. Reserved Instances bought and sold through the // Reserved Instance Marketplace work like any other Reserved Instances. As a // seller, you choose to list some or all of your Reserved Instances, and you // specify the upfront price to receive for them. Your Reserved Instances are then // listed in the Reserved Instance Marketplace and are available for purchase. As a // buyer, you specify the configuration of the Reserved Instance to purchase, and // the Marketplace matches what you're searching for with what's available. The // Marketplace first sells the lowest priced Reserved Instances to you, and // continues to sell available Reserved Instance listings to you until your demand // is met. You are charged based on the total price of all of the listings that you // purchase. For more information, see Reserved Instance Marketplace // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in // the Amazon EC2 User Guide. DescribeReservedInstancesListings(ctx context.Context, params *DescribeReservedInstancesListingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesListingsOutput, error) // Describes the modifications made to your Reserved Instances. If no parameter is // specified, information about all your Reserved Instances modification requests // is returned. If a modification ID is specified, only information about the // specific modification is returned. For more information, see Modifying Reserved // Instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the // Amazon EC2 User Guide. DescribeReservedInstancesModifications(ctx context.Context, params *DescribeReservedInstancesModificationsInput, optFns ...func(*Options)) (*DescribeReservedInstancesModificationsOutput, error) // Describes Reserved Instance offerings that are available for purchase. With // Reserved Instances, you purchase the right to launch instances for a period of // time. During that time period, you do not receive insufficient capacity errors, // and you pay a lower usage rate than the rate charged for On-Demand instances for // the actual time used. If you have listed your own Reserved Instances for sale in // the Reserved Instance Marketplace, they will be excluded from these results. // This is to ensure that you do not purchase your own Reserved Instances. For more // information, see Reserved Instance Marketplace // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in // the Amazon EC2 User Guide. DescribeReservedInstancesOfferings(ctx context.Context, params *DescribeReservedInstancesOfferingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesOfferingsOutput, error) // Describes one or more of your route tables. Each subnet in your VPC must be // associated with a route table. If a subnet is not explicitly associated with any // route table, it is implicitly associated with the main route table. This command // does not return the subnet ID for implicit associations. For more information, // see Route tables // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the // Amazon Virtual Private Cloud User Guide. DescribeRouteTables(ctx context.Context, params *DescribeRouteTablesInput, optFns ...func(*Options)) (*DescribeRouteTablesOutput, error) // Finds available schedules that meet the specified criteria. You can search for // an available schedule no more than 3 months in advance. You must meet the // minimum required duration of 1,200 hours per year. For example, the minimum // daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the // minimum monthly schedule is 100 hours. After you find a schedule that meets your // needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that // schedule. DescribeScheduledInstanceAvailability(ctx context.Context, params *DescribeScheduledInstanceAvailabilityInput, optFns ...func(*Options)) (*DescribeScheduledInstanceAvailabilityOutput, error) // Describes the specified Scheduled Instances or all your Scheduled Instances. DescribeScheduledInstances(ctx context.Context, params *DescribeScheduledInstancesInput, optFns ...func(*Options)) (*DescribeScheduledInstancesOutput, error) // [VPC only] Describes the VPCs on the other side of a VPC peering connection that // are referencing the security groups you've specified in this request. DescribeSecurityGroupReferences(ctx context.Context, params *DescribeSecurityGroupReferencesInput, optFns ...func(*Options)) (*DescribeSecurityGroupReferencesOutput, error) // Describes one or more of your security group rules. DescribeSecurityGroupRules(ctx context.Context, params *DescribeSecurityGroupRulesInput, optFns ...func(*Options)) (*DescribeSecurityGroupRulesOutput, error) // Describes the specified security groups or all of your security groups. A // security group is for use with instances either in the EC2-Classic platform or // in a specific VPC. For more information, see Amazon EC2 security groups // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) // in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) // in the Amazon Virtual Private Cloud User Guide. DescribeSecurityGroups(ctx context.Context, params *DescribeSecurityGroupsInput, optFns ...func(*Options)) (*DescribeSecurityGroupsOutput, error) // Describes the specified attribute of the specified snapshot. You can specify // only one attribute at a time. For more information about EBS snapshots, see // Amazon EBS snapshots // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the // Amazon Elastic Compute Cloud User Guide. DescribeSnapshotAttribute(ctx context.Context, params *DescribeSnapshotAttributeInput, optFns ...func(*Options)) (*DescribeSnapshotAttributeOutput, error) // Describes the storage tier status of one or more Amazon EBS snapshots. DescribeSnapshotTierStatus(ctx context.Context, params *DescribeSnapshotTierStatusInput, optFns ...func(*Options)) (*DescribeSnapshotTierStatusOutput, error) // Describes the specified EBS snapshots available to you or all of the EBS // snapshots available to you. The snapshots available to you include public // snapshots, private snapshots that you own, and private snapshots owned by other // Amazon Web Services accounts for which you have explicit create volume // permissions. The create volume permissions fall into the following // categories: // // * public: The owner of the snapshot granted create volume // permissions for the snapshot to the all group. All Amazon Web Services accounts // have create volume permissions for these snapshots. // // * explicit: The owner of // the snapshot granted create volume permissions to a specific Amazon Web Services // account. // // * implicit: An Amazon Web Services account has implicit create volume // permissions for all snapshots it owns. // // The list of snapshots returned can be // filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services // accounts with create volume permissions. If no options are specified, Amazon EC2 // returns all snapshots for which you have create volume permissions. If you // specify one or more snapshot IDs, only snapshots that have the specified IDs are // returned. If you specify an invalid snapshot ID, an error is returned. If you // specify a snapshot ID for which you do not have access, it is not included in // the returned results. If you specify one or more snapshot owners using the // OwnerIds option, only snapshots from the specified owners and for which you have // access are returned. The results can include the Amazon Web Services account IDs // of the specified owners, amazon for snapshots owned by Amazon, or self for // snapshots that you own. If you specify a list of restorable users, only // snapshots with create snapshot permissions for those users are returned. You can // specify Amazon Web Services account IDs (if you own the snapshots), self for // snapshots for which you own or have explicit permissions, or all for public // snapshots. If you are describing a long list of snapshots, we recommend that you // paginate the output to make the list more manageable. The MaxResults parameter // sets the maximum number of results returned in a single page. If the list of // results exceeds your MaxResults value, then that number of results is returned // along with a NextToken value that can be passed to a subsequent // DescribeSnapshots request to retrieve the remaining results. To get the state of // fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores. For // more information about EBS snapshots, see Amazon EBS snapshots // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the // Amazon Elastic Compute Cloud User Guide. DescribeSnapshots(ctx context.Context, params *DescribeSnapshotsInput, optFns ...func(*Options)) (*DescribeSnapshotsOutput, error) // Describes the data feed for Spot Instances. For more information, see Spot // Instance data feed // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in // the Amazon EC2 User Guide for Linux Instances. DescribeSpotDatafeedSubscription(ctx context.Context, params *DescribeSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DescribeSpotDatafeedSubscriptionOutput, error) // Describes the running instances for the specified Spot Fleet. DescribeSpotFleetInstances(ctx context.Context, params *DescribeSpotFleetInstancesInput, optFns ...func(*Options)) (*DescribeSpotFleetInstancesOutput, error) // Describes the events for the specified Spot Fleet request during the specified // time. Spot Fleet events are delayed by up to 30 seconds before they can be // described. This ensures that you can query by the last evaluated time and not // miss a recorded event. Spot Fleet events are available for 48 hours. For more // information, see Monitor fleet events using Amazon EventBridge // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the // Amazon EC2 User Guide for Linux Instances. DescribeSpotFleetRequestHistory(ctx context.Context, params *DescribeSpotFleetRequestHistoryInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestHistoryOutput, error) // Describes your Spot Fleet requests. Spot Fleet requests are deleted 48 hours // after they are canceled and their instances are terminated. DescribeSpotFleetRequests(ctx context.Context, params *DescribeSpotFleetRequestsInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestsOutput, error) // Describes the specified Spot Instance requests. You can use // DescribeSpotInstanceRequests to find a running Spot Instance by examining the // response. If the status of the Spot Instance is fulfilled, the instance ID // appears in the response and contains the identifier of the instance. // Alternatively, you can use DescribeInstances // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances) // with a filter to look for instances where the instance lifecycle is spot. We // recommend that you set MaxResults to a value between 5 and 1000 to limit the // number of results returned. This paginates the output, which makes the list more // manageable and returns the results faster. If the list of results exceeds your // MaxResults value, then that number of results is returned along with a NextToken // value that can be passed to a subsequent DescribeSpotInstanceRequests request to // retrieve the remaining results. Spot Instance requests are deleted four hours // after they are canceled and their instances are terminated. DescribeSpotInstanceRequests(ctx context.Context, params *DescribeSpotInstanceRequestsInput, optFns ...func(*Options)) (*DescribeSpotInstanceRequestsOutput, error) // Describes the Spot price history. For more information, see Spot Instance // pricing history // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances-history.html) // in the Amazon EC2 User Guide for Linux Instances. When you specify a start and // end time, the operation returns the prices of the instance types within that // time range. It also returns the last price change before the start time, which // is the effective price as of the start time. DescribeSpotPriceHistory(ctx context.Context, params *DescribeSpotPriceHistoryInput, optFns ...func(*Options)) (*DescribeSpotPriceHistoryOutput, error) // [VPC only] Describes the stale security group rules for security groups in a // specified VPC. Rules are stale when they reference a deleted security group in // the same VPC or in a peer VPC, or if they reference a security group in a peer // VPC for which the VPC peering connection has been deleted. DescribeStaleSecurityGroups(ctx context.Context, params *DescribeStaleSecurityGroupsInput, optFns ...func(*Options)) (*DescribeStaleSecurityGroupsOutput, error) // Describes the progress of the AMI store tasks. You can describe the store tasks // for specified AMIs. If you don't specify the AMIs, you get a paginated list of // store tasks from the last 31 days. For each AMI task, the response indicates if // the task is InProgress, Completed, or Failed. For tasks InProgress, the response // shows the estimated progress as a percentage. Tasks are listed in reverse // chronological order. Currently, only tasks from the past 31 days can be viewed. // To use this API, you must have the required permissions. For more information, // see Permissions for storing and restoring AMIs using Amazon S3 // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions) // in the Amazon Elastic Compute Cloud User Guide. For more information, see Store // and restore an AMI using Amazon S3 // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in // the Amazon Elastic Compute Cloud User Guide. DescribeStoreImageTasks(ctx context.Context, params *DescribeStoreImageTasksInput, optFns ...func(*Options)) (*DescribeStoreImageTasksOutput, error) // Describes one or more of your subnets. For more information, see Your VPC and // subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in // the Amazon Virtual Private Cloud User Guide. DescribeSubnets(ctx context.Context, params *DescribeSubnetsInput, optFns ...func(*Options)) (*DescribeSubnetsOutput, error) // Describes the specified tags for your EC2 resources. For more information about // tags, see Tagging Your Resources // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the // Amazon Elastic Compute Cloud User Guide. DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error) // Describes one or more Traffic Mirror filters. DescribeTrafficMirrorFilters(ctx context.Context, params *DescribeTrafficMirrorFiltersInput, optFns ...func(*Options)) (*DescribeTrafficMirrorFiltersOutput, error) // Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror // sessions are described. Alternatively, you can filter the results. DescribeTrafficMirrorSessions(ctx context.Context, params *DescribeTrafficMirrorSessionsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorSessionsOutput, error) // Information about one or more Traffic Mirror targets. DescribeTrafficMirrorTargets(ctx context.Context, params *DescribeTrafficMirrorTargetsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorTargetsOutput, error) // Describes one or more attachments between resources and transit gateways. By // default, all attachments are described. Alternatively, you can filter the // results by attachment ID, attachment state, resource ID, or resource owner. DescribeTransitGatewayAttachments(ctx context.Context, params *DescribeTransitGatewayAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayAttachmentsOutput, error) // Describes one or more Connect peers. DescribeTransitGatewayConnectPeers(ctx context.Context, params *DescribeTransitGatewayConnectPeersInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectPeersOutput, error) // Describes one or more Connect attachments. DescribeTransitGatewayConnects(ctx context.Context, params *DescribeTransitGatewayConnectsInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectsOutput, error) // Describes one or more transit gateway multicast domains. DescribeTransitGatewayMulticastDomains(ctx context.Context, params *DescribeTransitGatewayMulticastDomainsInput, optFns ...func(*Options)) (*DescribeTransitGatewayMulticastDomainsOutput, error) // Describes your transit gateway peering attachments. DescribeTransitGatewayPeeringAttachments(ctx context.Context, params *DescribeTransitGatewayPeeringAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayPeeringAttachmentsOutput, error) // Describes one or more transit gateway route tables. By default, all transit // gateway route tables are described. Alternatively, you can filter the results. DescribeTransitGatewayRouteTables(ctx context.Context, params *DescribeTransitGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeTransitGatewayRouteTablesOutput, error) // Describes one or more VPC attachments. By default, all VPC attachments are // described. Alternatively, you can filter the results. DescribeTransitGatewayVpcAttachments(ctx context.Context, params *DescribeTransitGatewayVpcAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayVpcAttachmentsOutput, error) // Describes one or more transit gateways. By default, all transit gateways are // described. Alternatively, you can filter the results. DescribeTransitGateways(ctx context.Context, params *DescribeTransitGatewaysInput, optFns ...func(*Options)) (*DescribeTransitGatewaysOutput, error) // This API action is currently in limited preview only. If you are interested in // using this feature, contact your account manager. Describes one or more network // interface trunk associations. DescribeTrunkInterfaceAssociations(ctx context.Context, params *DescribeTrunkInterfaceAssociationsInput, optFns ...func(*Options)) (*DescribeTrunkInterfaceAssociationsOutput, error) // Describes the specified attribute of the specified volume. You can specify only // one attribute at a time. For more information about EBS volumes, see Amazon EBS // volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in // the Amazon Elastic Compute Cloud User Guide. DescribeVolumeAttribute(ctx context.Context, params *DescribeVolumeAttributeInput, optFns ...func(*Options)) (*DescribeVolumeAttributeOutput, error) // Describes the status of the specified volumes. Volume status provides the result // of the checks performed on your volumes to determine events that can impair the // performance of your volumes. The performance of a volume can be affected if an // issue occurs on the volume's underlying host. If the volume's underlying host // experiences a power outage or system issue, after the system is restored, there // could be data inconsistencies on the volume. Volume events notify you if this // occurs. Volume actions notify you if any action needs to be taken in response to // the event. The DescribeVolumeStatus operation provides the following information // about the specified volumes: Status: Reflects the current status of the volume. // The possible values are ok, impaired , warning, or insufficient-data. If all // checks pass, the overall status of the volume is ok. If the check fails, the // overall status is impaired. If the status is insufficient-data, then the checks // might still be taking place on your volume at the time. We recommend that you // retry the request. For more information about volume status, see Monitor the // status of your volumes // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html) // in the Amazon Elastic Compute Cloud User Guide. Events: Reflect the cause of a // volume status and might require you to take action. For example, if your volume // returns an impaired status, then the volume event might be // potential-data-inconsistency. This means that your volume has been affected by // an issue with the underlying host, has all I/O operations disabled, and might // have inconsistent data. Actions: Reflect the actions you might have to take in // response to an event. For example, if the status of the volume is impaired and // the volume event shows potential-data-inconsistency, then the action shows // enable-volume-io. This means that you may want to enable the I/O operations for // the volume by calling the EnableVolumeIO action and then check the volume for // data consistency. Volume status is based on the volume status checks, and does // not reflect the volume state. Therefore, volume status does not indicate volumes // in the error state (for example, when a volume is incapable of accepting I/O.) DescribeVolumeStatus(ctx context.Context, params *DescribeVolumeStatusInput, optFns ...func(*Options)) (*DescribeVolumeStatusOutput, error) // Describes the specified EBS volumes or all of your EBS volumes. If you are // describing a long list of volumes, we recommend that you paginate the output to // make the list more manageable. The MaxResults parameter sets the maximum number // of results returned in a single page. If the list of results exceeds your // MaxResults value, then that number of results is returned along with a NextToken // value that can be passed to a subsequent DescribeVolumes request to retrieve the // remaining results. For more information about EBS volumes, see Amazon EBS // volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in // the Amazon Elastic Compute Cloud User Guide. DescribeVolumes(ctx context.Context, params *DescribeVolumesInput, optFns ...func(*Options)) (*DescribeVolumesOutput, error) // Describes the most recent volume modification request for the specified EBS // volumes. If a volume has never been modified, some information in the output // will be null. If a volume has been modified more than once, the output includes // only the most recent modification request. You can also use CloudWatch Events to // check the status of a modification to an EBS volume. For information about // CloudWatch Events, see the Amazon CloudWatch Events User Guide // (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). For more // information, see Monitor the progress of volume modifications // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html) // in the Amazon Elastic Compute Cloud User Guide. DescribeVolumesModifications(ctx context.Context, params *DescribeVolumesModificationsInput, optFns ...func(*Options)) (*DescribeVolumesModificationsOutput, error) // Describes the specified attribute of the specified VPC. You can specify only one // attribute at a time. DescribeVpcAttribute(ctx context.Context, params *DescribeVpcAttributeInput, optFns ...func(*Options)) (*DescribeVpcAttributeOutput, error) // Describes the ClassicLink status of one or more VPCs. DescribeVpcClassicLink(ctx context.Context, params *DescribeVpcClassicLinkInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkOutput, error) // Describes the ClassicLink DNS support status of one or more VPCs. If enabled, // the DNS hostname of a linked EC2-Classic instance resolves to its private IP // address when addressed from an instance in the VPC to which it's linked. // Similarly, the DNS hostname of an instance in a VPC resolves to its private IP // address when addressed from a linked EC2-Classic instance. For more information, // see ClassicLink // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in // the Amazon Elastic Compute Cloud User Guide. DescribeVpcClassicLinkDnsSupport(ctx context.Context, params *DescribeVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkDnsSupportOutput, error) // Describes the connection notifications for VPC endpoints and VPC endpoint // services. DescribeVpcEndpointConnectionNotifications(ctx context.Context, params *DescribeVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionNotificationsOutput, error) // Describes the VPC endpoint connections to your VPC endpoint services, including // any endpoints that are pending your acceptance. DescribeVpcEndpointConnections(ctx context.Context, params *DescribeVpcEndpointConnectionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionsOutput, error) // Describes the VPC endpoint service configurations in your account (your // services). DescribeVpcEndpointServiceConfigurations(ctx context.Context, params *DescribeVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServiceConfigurationsOutput, error) // Describes the principals (service consumers) that are permitted to discover your // VPC endpoint service. DescribeVpcEndpointServicePermissions(ctx context.Context, params *DescribeVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicePermissionsOutput, error) // Describes available services to which you can create a VPC endpoint. When the // service provider and the consumer have different accounts in multiple // Availability Zones, and the consumer views the VPC endpoint service information, // the response only includes the common Availability Zones. For example, when the // service provider account uses us-east-1a and us-east-1c and the consumer uses // us-east-1a and us-east-1b, the response includes the VPC endpoint services in // the common Availability Zone, us-east-1a. DescribeVpcEndpointServices(ctx context.Context, params *DescribeVpcEndpointServicesInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicesOutput, error) // Describes one or more of your VPC endpoints. DescribeVpcEndpoints(ctx context.Context, params *DescribeVpcEndpointsInput, optFns ...func(*Options)) (*DescribeVpcEndpointsOutput, error) // Describes one or more of your VPC peering connections. DescribeVpcPeeringConnections(ctx context.Context, params *DescribeVpcPeeringConnectionsInput, optFns ...func(*Options)) (*DescribeVpcPeeringConnectionsOutput, error) // Describes one or more of your VPCs. DescribeVpcs(ctx context.Context, params *DescribeVpcsInput, optFns ...func(*Options)) (*DescribeVpcsOutput, error) // Describes one or more of your VPN connections. For more information, see Amazon // Web Services Site-to-Site VPN // (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web // Services Site-to-Site VPN User Guide. DescribeVpnConnections(ctx context.Context, params *DescribeVpnConnectionsInput, optFns ...func(*Options)) (*DescribeVpnConnectionsOutput, error) // Describes one or more of your virtual private gateways. For more information, // see Amazon Web Services Site-to-Site VPN // (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web // Services Site-to-Site VPN User Guide. DescribeVpnGateways(ctx context.Context, params *DescribeVpnGatewaysInput, optFns ...func(*Options)) (*DescribeVpnGatewaysOutput, error) // Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance // has been unlinked, the VPC security groups are no longer associated with it. An // instance is automatically unlinked from a VPC when it's stopped. DetachClassicLinkVpc(ctx context.Context, params *DetachClassicLinkVpcInput, optFns ...func(*Options)) (*DetachClassicLinkVpcOutput, error) // Detaches an internet gateway from a VPC, disabling connectivity between the // internet and the VPC. The VPC must not contain any running instances with // Elastic IP addresses or public IPv4 addresses. DetachInternetGateway(ctx context.Context, params *DetachInternetGatewayInput, optFns ...func(*Options)) (*DetachInternetGatewayOutput, error) // Detaches a network interface from an instance. DetachNetworkInterface(ctx context.Context, params *DetachNetworkInterfaceInput, optFns ...func(*Options)) (*DetachNetworkInterfaceOutput, error) // Detaches an EBS volume from an instance. Make sure to unmount any file systems // on the device within your operating system before detaching the volume. Failure // to do so can result in the volume becoming stuck in the busy state while // detaching. If this happens, detachment can be delayed indefinitely until you // unmount the volume, force detachment, reboot the instance, or all three. If an // EBS volume is the root device of an instance, it can't be detached while the // instance is running. To detach the root volume, stop the instance first. When a // volume with an Amazon Web Services Marketplace product code is detached from an // instance, the product code is no longer associated with the instance. For more // information, see Detach an Amazon EBS volume // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html) // in the Amazon Elastic Compute Cloud User Guide. DetachVolume(ctx context.Context, params *DetachVolumeInput, optFns ...func(*Options)) (*DetachVolumeOutput, error) // Detaches a virtual private gateway from a VPC. You do this if you're planning to // turn off the VPC and not use it anymore. You can confirm a virtual private // gateway has been completely detached from a VPC by describing the virtual // private gateway (any attachments to the virtual private gateway are also // described). You must wait for the attachment's state to switch to detached // before you can delete the VPC or attach a different VPC to the virtual private // gateway. DetachVpnGateway(ctx context.Context, params *DetachVpnGatewayInput, optFns ...func(*Options)) (*DetachVpnGatewayOutput, error) // Disables EBS encryption by default for your account in the current Region. After // you disable encryption by default, you can still create encrypted volumes by // enabling encryption when you create each volume. Disabling encryption by default // does not change the encryption status of your existing volumes. For more // information, see Amazon EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. DisableEbsEncryptionByDefault(ctx context.Context, params *DisableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*DisableEbsEncryptionByDefaultOutput, error) // Discontinue faster launching for a Windows AMI, and clean up existing // pre-provisioned snapshots. When you disable faster launching, the AMI uses the // standard launch process for each instance. All pre-provisioned snapshots must be // removed before you can enable faster launching again. To change these settings, // you must own the AMI. DisableFastLaunch(ctx context.Context, params *DisableFastLaunchInput, optFns ...func(*Options)) (*DisableFastLaunchOutput, error) // Disables fast snapshot restores for the specified snapshots in the specified // Availability Zones. DisableFastSnapshotRestores(ctx context.Context, params *DisableFastSnapshotRestoresInput, optFns ...func(*Options)) (*DisableFastSnapshotRestoresOutput, error) // Cancels the deprecation of the specified AMI. For more information, see // Deprecate an AMI // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the // Amazon Elastic Compute Cloud User Guide. DisableImageDeprecation(ctx context.Context, params *DisableImageDeprecationInput, optFns ...func(*Options)) (*DisableImageDeprecationOutput, error) // Disable the IPAM account. For more information, see Enable integration with // Organizations in the Amazon VPC IPAM User Guide. DisableIpamOrganizationAdminAccount(ctx context.Context, params *DisableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*DisableIpamOrganizationAdminAccountOutput, error) // Disables access to the EC2 serial console of all instances for your account. By // default, access to the EC2 serial console is disabled for your account. For more // information, see Manage account access to the EC2 serial console // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access) // in the Amazon EC2 User Guide. DisableSerialConsoleAccess(ctx context.Context, params *DisableSerialConsoleAccessInput, optFns ...func(*Options)) (*DisableSerialConsoleAccessOutput, error) // Disables the specified resource attachment from propagating routes to the // specified propagation route table. DisableTransitGatewayRouteTablePropagation(ctx context.Context, params *DisableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*DisableTransitGatewayRouteTablePropagationOutput, error) // Disables a virtual private gateway (VGW) from propagating routes to a specified // route table of a VPC. DisableVgwRoutePropagation(ctx context.Context, params *DisableVgwRoutePropagationInput, optFns ...func(*Options)) (*DisableVgwRoutePropagationOutput, error) // Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that // has EC2-Classic instances linked to it. DisableVpcClassicLink(ctx context.Context, params *DisableVpcClassicLinkInput, optFns ...func(*Options)) (*DisableVpcClassicLinkOutput, error) // Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve // to public IP addresses when addressed between a linked EC2-Classic instance and // instances in the VPC to which it's linked. For more information, see ClassicLink // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in // the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the // request. DisableVpcClassicLinkDnsSupport(ctx context.Context, params *DisableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DisableVpcClassicLinkDnsSupportOutput, error) // Disassociates an Elastic IP address from the instance or network interface it's // associated with. An Elastic IP address is for use in either the EC2-Classic // platform or in a VPC. For more information, see Elastic IP Addresses // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) // in the Amazon Elastic Compute Cloud User Guide. This is an idempotent operation. // If you perform the operation more than once, Amazon EC2 doesn't return an error. DisassociateAddress(ctx context.Context, params *DisassociateAddressInput, optFns ...func(*Options)) (*DisassociateAddressOutput, error) // Disassociates a target network from the specified Client VPN endpoint. When you // disassociate the last target network from a Client VPN, the following // happens: // // * The route that was automatically added for the VPC is deleted // // * All // active client connections are terminated // // * New client connections are // disallowed // // * The Client VPN endpoint's status changes to pending-associate DisassociateClientVpnTargetNetwork(ctx context.Context, params *DisassociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*DisassociateClientVpnTargetNetworkOutput, error) // Disassociates an IAM role from an Certificate Manager (ACM) certificate. // Disassociating an IAM role from an ACM certificate removes the Amazon S3 object // that contains the certificate, certificate chain, and encrypted private key from // the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS // key used to encrypt the private key. This effectively revokes the role's // permission to use the certificate. DisassociateEnclaveCertificateIamRole(ctx context.Context, params *DisassociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*DisassociateEnclaveCertificateIamRoleOutput, error) // Disassociates an IAM instance profile from a running or stopped instance. Use // DescribeIamInstanceProfileAssociations to get the association ID. DisassociateIamInstanceProfile(ctx context.Context, params *DisassociateIamInstanceProfileInput, optFns ...func(*Options)) (*DisassociateIamInstanceProfileOutput, error) // Disassociates one or more targets from an event window. For more information, // see Define event windows for scheduled events // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the // Amazon EC2 User Guide. DisassociateInstanceEventWindow(ctx context.Context, params *DisassociateInstanceEventWindowInput, optFns ...func(*Options)) (*DisassociateInstanceEventWindowOutput, error) // Disassociates a subnet or gateway from a route table. After you perform this // action, the subnet no longer uses the routes in the route table. Instead, it // uses the routes in the VPC's main route table. For more information about route // tables, see Route tables // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the // Amazon Virtual Private Cloud User Guide. DisassociateRouteTable(ctx context.Context, params *DisassociateRouteTableInput, optFns ...func(*Options)) (*DisassociateRouteTableOutput, error) // Disassociates a CIDR block from a subnet. Currently, you can disassociate an // IPv6 CIDR block only. You must detach or delete all gateways and resources that // are associated with the CIDR block before you can disassociate it. DisassociateSubnetCidrBlock(ctx context.Context, params *DisassociateSubnetCidrBlockInput, optFns ...func(*Options)) (*DisassociateSubnetCidrBlockOutput, error) // Disassociates the specified subnets from the transit gateway multicast domain. DisassociateTransitGatewayMulticastDomain(ctx context.Context, params *DisassociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DisassociateTransitGatewayMulticastDomainOutput, error) // Disassociates a resource attachment from a transit gateway route table. DisassociateTransitGatewayRouteTable(ctx context.Context, params *DisassociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DisassociateTransitGatewayRouteTableOutput, error) // This API action is currently in limited preview only. If you are interested in // using this feature, contact your account manager. Removes an association between // a branch network interface with a trunk network interface. DisassociateTrunkInterface(ctx context.Context, params *DisassociateTrunkInterfaceInput, optFns ...func(*Options)) (*DisassociateTrunkInterfaceOutput, error) // Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must // specify its association ID. You can get the association ID by using // DescribeVpcs. You must detach or delete all gateways and resources that are // associated with the CIDR block before you can disassociate it. You cannot // disassociate the CIDR block with which you originally created the VPC (the // primary CIDR block). DisassociateVpcCidrBlock(ctx context.Context, params *DisassociateVpcCidrBlockInput, optFns ...func(*Options)) (*DisassociateVpcCidrBlockOutput, error) // Enables EBS encryption by default for your account in the current Region. After // you enable encryption by default, the EBS volumes that you create are always // encrypted, either using the default KMS key or the KMS key that you specified // when you created each volume. For more information, see Amazon EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. You can specify the default KMS key for // encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. // Enabling encryption by default has no effect on the encryption status of your // existing volumes. After you enable encryption by default, you can no longer // launch instances using instance types that do not support encryption. For more // information, see Supported instance types // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). EnableEbsEncryptionByDefault(ctx context.Context, params *EnableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*EnableEbsEncryptionByDefaultOutput, error) // When you enable faster launching for a Windows AMI, images are pre-provisioned, // using snapshots to launch instances up to 65% faster. To create the optimized // Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, // rebooting as required. Then it creates a set of reserved snapshots that are used // for subsequent launches. The reserved snapshots are automatically replenished as // they are used, depending on your settings for launch frequency. To change these // settings, you must own the AMI. EnableFastLaunch(ctx context.Context, params *EnableFastLaunchInput, optFns ...func(*Options)) (*EnableFastLaunchOutput, error) // Enables fast snapshot restores for the specified snapshots in the specified // Availability Zones. You get the full benefit of fast snapshot restores after // they enter the enabled state. To get the current state of fast snapshot // restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores, // use DisableFastSnapshotRestores. For more information, see Amazon EBS fast // snapshot restore // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-fast-snapshot-restore.html) // in the Amazon Elastic Compute Cloud User Guide. EnableFastSnapshotRestores(ctx context.Context, params *EnableFastSnapshotRestoresInput, optFns ...func(*Options)) (*EnableFastSnapshotRestoresOutput, error) // Enables deprecation of the specified AMI at the specified date and time. For // more information, see Deprecate an AMI // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the // Amazon Elastic Compute Cloud User Guide. EnableImageDeprecation(ctx context.Context, params *EnableImageDeprecationInput, optFns ...func(*Options)) (*EnableImageDeprecationOutput, error) // Enable an Organizations member account as the IPAM admin account. You cannot // select the Organizations management account as the IPAM admin account. For more // information, see Enable integration with Organizations in the Amazon VPC IPAM // User Guide. EnableIpamOrganizationAdminAccount(ctx context.Context, params *EnableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*EnableIpamOrganizationAdminAccountOutput, error) // Enables access to the EC2 serial console of all instances for your account. By // default, access to the EC2 serial console is disabled for your account. For more // information, see Manage account access to the EC2 serial console // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access) // in the Amazon EC2 User Guide. EnableSerialConsoleAccess(ctx context.Context, params *EnableSerialConsoleAccessInput, optFns ...func(*Options)) (*EnableSerialConsoleAccessOutput, error) // Enables the specified attachment to propagate routes to the specified // propagation route table. EnableTransitGatewayRouteTablePropagation(ctx context.Context, params *EnableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*EnableTransitGatewayRouteTablePropagationOutput, error) // Enables a virtual private gateway (VGW) to propagate routes to the specified // route table of a VPC. EnableVgwRoutePropagation(ctx context.Context, params *EnableVgwRoutePropagationInput, optFns ...func(*Options)) (*EnableVgwRoutePropagationOutput, error) // Enables I/O operations for a volume that had I/O operations disabled because the // data on the volume was potentially inconsistent. EnableVolumeIO(ctx context.Context, params *EnableVolumeIOInput, optFns ...func(*Options)) (*EnableVolumeIOOutput, error) // Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your // ClassicLink-enabled VPC to allow communication over private IP addresses. You // cannot enable your VPC for ClassicLink if any of your VPC route tables have // existing routes for address ranges within the 10.0.0.0/8 IP address range, // excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address // ranges. For more information, see ClassicLink // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in // the Amazon Elastic Compute Cloud User Guide. EnableVpcClassicLink(ctx context.Context, params *EnableVpcClassicLinkInput, optFns ...func(*Options)) (*EnableVpcClassicLinkOutput, error) // Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, // the DNS hostname of a linked EC2-Classic instance resolves to its private IP // address when addressed from an instance in the VPC to which it's linked. // Similarly, the DNS hostname of an instance in a VPC resolves to its private IP // address when addressed from a linked EC2-Classic instance. For more information, // see ClassicLink // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in // the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the // request. EnableVpcClassicLinkDnsSupport(ctx context.Context, params *EnableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*EnableVpcClassicLinkDnsSupportOutput, error) // Downloads the client certificate revocation list for the specified Client VPN // endpoint. ExportClientVpnClientCertificateRevocationList(ctx context.Context, params *ExportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ExportClientVpnClientCertificateRevocationListOutput, error) // Downloads the contents of the Client VPN endpoint configuration file for the // specified Client VPN endpoint. The Client VPN endpoint configuration file // includes the Client VPN endpoint and certificate information clients need to // establish a connection with the Client VPN endpoint. ExportClientVpnClientConfiguration(ctx context.Context, params *ExportClientVpnClientConfigurationInput, optFns ...func(*Options)) (*ExportClientVpnClientConfigurationOutput, error) // Exports an Amazon Machine Image (AMI) to a VM file. For more information, see // Exporting a VM directly from an Amazon Machine Image (AMI) // (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport_image.html) in // the VM Import/Export User Guide. ExportImage(ctx context.Context, params *ExportImageInput, optFns ...func(*Options)) (*ExportImageOutput, error) // Exports routes from the specified transit gateway route table to the specified // S3 bucket. By default, all routes are exported. Alternatively, you can filter by // CIDR range. The routes are saved to the specified bucket in a JSON file. For // more information, see Export Route Tables to Amazon S3 // (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html#tgw-export-route-tables) // in Transit Gateways. ExportTransitGatewayRoutes(ctx context.Context, params *ExportTransitGatewayRoutesInput, optFns ...func(*Options)) (*ExportTransitGatewayRoutesOutput, error) // Returns the IAM roles that are associated with the specified ACM (ACM) // certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 // object key where the certificate, certificate chain, and encrypted private key // bundle are stored, and the ARN of the KMS key that's used to encrypt the private // key. GetAssociatedEnclaveCertificateIamRoles(ctx context.Context, params *GetAssociatedEnclaveCertificateIamRolesInput, optFns ...func(*Options)) (*GetAssociatedEnclaveCertificateIamRolesOutput, error) // Gets information about the IPv6 CIDR block associations for a specified IPv6 // address pool. GetAssociatedIpv6PoolCidrs(ctx context.Context, params *GetAssociatedIpv6PoolCidrsInput, optFns ...func(*Options)) (*GetAssociatedIpv6PoolCidrsOutput, error) // Gets usage information about a Capacity Reservation. If the Capacity Reservation // is shared, it shows usage information for the Capacity Reservation owner and // each Amazon Web Services account that is currently using the shared capacity. If // the Capacity Reservation is not shared, it shows only the Capacity Reservation // owner's usage. GetCapacityReservationUsage(ctx context.Context, params *GetCapacityReservationUsageInput, optFns ...func(*Options)) (*GetCapacityReservationUsageOutput, error) // Describes the allocations from the specified customer-owned address pool. GetCoipPoolUsage(ctx context.Context, params *GetCoipPoolUsageInput, optFns ...func(*Options)) (*GetCoipPoolUsageOutput, error) // Gets the console output for the specified instance. For Linux instances, the // instance console output displays the exact console output that would normally be // displayed on a physical monitor attached to a computer. For Windows instances, // the instance console output includes the last three system event log errors. By // default, the console output returns buffered information that was posted shortly // after an instance transition state (start, stop, reboot, or terminate). This // information is available for at least one hour after the most recent post. Only // the most recent 64 KB of console output is available. You can optionally // retrieve the latest serial console output at any time during the instance // lifecycle. This option is supported on instance types that use the Nitro // hypervisor. For more information, see Instance console output // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html#instance-console-console-output) // in the Amazon EC2 User Guide. GetConsoleOutput(ctx context.Context, params *GetConsoleOutputInput, optFns ...func(*Options)) (*GetConsoleOutputOutput, error) // Retrieve a JPG-format screenshot of a running instance to help with // troubleshooting. The returned content is Base64-encoded. GetConsoleScreenshot(ctx context.Context, params *GetConsoleScreenshotInput, optFns ...func(*Options)) (*GetConsoleScreenshotOutput, error) // Describes the default credit option for CPU usage of a burstable performance // instance family. For more information, see Burstable performance instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) // in the Amazon EC2 User Guide. GetDefaultCreditSpecification(ctx context.Context, params *GetDefaultCreditSpecificationInput, optFns ...func(*Options)) (*GetDefaultCreditSpecificationOutput, error) // Describes the default KMS key for EBS encryption by default for your account in // this Region. You can change the default KMS key for encryption by default using // ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. For more information, see // Amazon EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. GetEbsDefaultKmsKeyId(ctx context.Context, params *GetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*GetEbsDefaultKmsKeyIdOutput, error) // Describes whether EBS encryption by default is enabled for your account in the // current Region. For more information, see Amazon EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. GetEbsEncryptionByDefault(ctx context.Context, params *GetEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*GetEbsEncryptionByDefaultOutput, error) // Generates a CloudFormation template that streamlines and automates the // integration of VPC flow logs with Amazon Athena. This make it easier for you to // query and gain insights from VPC flow logs data. Based on the information that // you provide, we configure resources in the template to do the following: // // * // Create a table in Athena that maps fields to a custom log format // // * Create a // Lambda function that updates the table with new partitions on a daily, weekly, // or monthly basis // // * Create a table partitioned between two timestamps in the // past // // * Create a set of named queries in Athena that you can use to get started // quickly GetFlowLogsIntegrationTemplate(ctx context.Context, params *GetFlowLogsIntegrationTemplateInput, optFns ...func(*Options)) (*GetFlowLogsIntegrationTemplateOutput, error) // Lists the resource groups to which a Capacity Reservation has been added. GetGroupsForCapacityReservation(ctx context.Context, params *GetGroupsForCapacityReservationInput, optFns ...func(*Options)) (*GetGroupsForCapacityReservationOutput, error) // Preview a reservation purchase with configurations that match those of your // Dedicated Host. You must have active Dedicated Hosts in your account before you // purchase a reservation. This is a preview of the PurchaseHostReservation action // and does not result in the offering being purchased. GetHostReservationPurchasePreview(ctx context.Context, params *GetHostReservationPurchasePreviewInput, optFns ...func(*Options)) (*GetHostReservationPurchasePreviewOutput, error) // Returns a list of instance types with the specified instance attributes. You can // use the response to preview the instance types without launching instances. Note // that the response does not consider capacity. When you specify multiple // parameters, you get instance types that satisfy all of the specified parameters. // If you specify multiple values for a parameter, you get instance types that // satisfy any of the specified values. For more information, see Preview instance // types with specified attributes // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html#spotfleet-get-instance-types-from-instance-requirements), // Attribute-based instance type selection for EC2 Fleet // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), // Attribute-based instance type selection for Spot Fleet // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), // and Spot placement score // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) // in the Amazon EC2 User Guide, and Creating an Auto Scaling group using // attribute-based instance type selection // (https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-instance-type-requirements.html) // in the Amazon EC2 Auto Scaling User Guide. GetInstanceTypesFromInstanceRequirements(ctx context.Context, params *GetInstanceTypesFromInstanceRequirementsInput, optFns ...func(*Options)) (*GetInstanceTypesFromInstanceRequirementsOutput, error) // Retrieve historical information about a CIDR within an IPAM scope. For more // information, see View the history of IP addresses in the Amazon VPC IPAM User // Guide. GetIpamAddressHistory(ctx context.Context, params *GetIpamAddressHistoryInput, optFns ...func(*Options)) (*GetIpamAddressHistoryOutput, error) // Get a list of all the CIDR allocations in an IPAM pool. GetIpamPoolAllocations(ctx context.Context, params *GetIpamPoolAllocationsInput, optFns ...func(*Options)) (*GetIpamPoolAllocationsOutput, error) // Get the CIDRs provisioned to an IPAM pool. GetIpamPoolCidrs(ctx context.Context, params *GetIpamPoolCidrsInput, optFns ...func(*Options)) (*GetIpamPoolCidrsOutput, error) // Get information about the resources in a scope. GetIpamResourceCidrs(ctx context.Context, params *GetIpamResourceCidrsInput, optFns ...func(*Options)) (*GetIpamResourceCidrsOutput, error) // Retrieves the configuration data of the specified instance. You can use this // data to create a launch template. This action calls on other describe actions to // get instance information. Depending on your instance configuration, you may need // to allow the following actions in your IAM policy: DescribeSpotInstanceRequests, // DescribeInstanceCreditSpecifications, DescribeVolumes, // DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe* // depending on your instance requirements. GetLaunchTemplateData(ctx context.Context, params *GetLaunchTemplateDataInput, optFns ...func(*Options)) (*GetLaunchTemplateDataOutput, error) // Gets information about the resources that are associated with the specified // managed prefix list. GetManagedPrefixListAssociations(ctx context.Context, params *GetManagedPrefixListAssociationsInput, optFns ...func(*Options)) (*GetManagedPrefixListAssociationsOutput, error) // Gets information about the entries for a specified managed prefix list. GetManagedPrefixListEntries(ctx context.Context, params *GetManagedPrefixListEntriesInput, optFns ...func(*Options)) (*GetManagedPrefixListEntriesOutput, error) // Gets the findings for the specified Network Access Scope analysis. GetNetworkInsightsAccessScopeAnalysisFindings(ctx context.Context, params *GetNetworkInsightsAccessScopeAnalysisFindingsInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, error) // Gets the content for the specified Network Access Scope. GetNetworkInsightsAccessScopeContent(ctx context.Context, params *GetNetworkInsightsAccessScopeContentInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeContentOutput, error) // Retrieves the encrypted administrator password for a running Windows instance. // The Windows password is generated at boot by the EC2Config service or EC2Launch // scripts (Windows Server 2016 and later). This usually only happens the first // time an instance is launched. For more information, see EC2Config // (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_WinAMI.html) // and EC2Launch // (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html) in the // Amazon EC2 User Guide. For the EC2Config service, the password is not generated // for rebundled AMIs unless Ec2SetPassword is enabled before bundling. The // password is encrypted using the key pair that you specified when you launched // the instance. You must provide the corresponding key pair file. When you launch // an instance, password generation and encryption may take a few minutes. If you // try to retrieve the password before it's available, the output returns an empty // string. We recommend that you wait up to 15 minutes after launching an instance // before trying to retrieve the generated password. GetPasswordData(ctx context.Context, params *GetPasswordDataInput, optFns ...func(*Options)) (*GetPasswordDataOutput, error) // Returns a quote and exchange information for exchanging one or more specified // Convertible Reserved Instances for a new Convertible Reserved Instance. If the // exchange cannot be performed, the reason is returned in the response. Use // AcceptReservedInstancesExchangeQuote to perform the exchange. GetReservedInstancesExchangeQuote(ctx context.Context, params *GetReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*GetReservedInstancesExchangeQuoteOutput, error) // Retrieves the access status of your account to the EC2 serial console of all // instances. By default, access to the EC2 serial console is disabled for your // account. For more information, see Manage account access to the EC2 serial // console // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access) // in the Amazon EC2 User Guide. GetSerialConsoleAccessStatus(ctx context.Context, params *GetSerialConsoleAccessStatusInput, optFns ...func(*Options)) (*GetSerialConsoleAccessStatusOutput, error) // Calculates the Spot placement score for a Region or Availability Zone based on // the specified target capacity and compute requirements. You can specify your // compute requirements either by using InstanceRequirementsWithMetadata and // letting Amazon EC2 choose the optimal instance types to fulfill your Spot // request, or you can specify the instance types by using InstanceTypes. For more // information, see Spot placement score // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) // in the Amazon EC2 User Guide. GetSpotPlacementScores(ctx context.Context, params *GetSpotPlacementScoresInput, optFns ...func(*Options)) (*GetSpotPlacementScoresOutput, error) // Gets information about the subnet CIDR reservations. GetSubnetCidrReservations(ctx context.Context, params *GetSubnetCidrReservationsInput, optFns ...func(*Options)) (*GetSubnetCidrReservationsOutput, error) // Lists the route tables to which the specified resource attachment propagates // routes. GetTransitGatewayAttachmentPropagations(ctx context.Context, params *GetTransitGatewayAttachmentPropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayAttachmentPropagationsOutput, error) // Gets information about the associations for the transit gateway multicast // domain. GetTransitGatewayMulticastDomainAssociations(ctx context.Context, params *GetTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayMulticastDomainAssociationsOutput, error) // Gets information about the prefix list references in a specified transit gateway // route table. GetTransitGatewayPrefixListReferences(ctx context.Context, params *GetTransitGatewayPrefixListReferencesInput, optFns ...func(*Options)) (*GetTransitGatewayPrefixListReferencesOutput, error) // Gets information about the associations for the specified transit gateway route // table. GetTransitGatewayRouteTableAssociations(ctx context.Context, params *GetTransitGatewayRouteTableAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTableAssociationsOutput, error) // Gets information about the route table propagations for the specified transit // gateway route table. GetTransitGatewayRouteTablePropagations(ctx context.Context, params *GetTransitGatewayRouteTablePropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTablePropagationsOutput, error) // Download an Amazon Web Services-provided sample configuration file to be used // with the customer gateway device specified for your Site-to-Site VPN connection. GetVpnConnectionDeviceSampleConfiguration(ctx context.Context, params *GetVpnConnectionDeviceSampleConfigurationInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceSampleConfigurationOutput, error) // Obtain a list of customer gateway devices for which sample configuration files // can be provided. The request has no additional parameters. You can also see the // list of device types with sample configuration files available under Your // customer gateway device // (https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html) in the Amazon Web // Services Site-to-Site VPN User Guide. GetVpnConnectionDeviceTypes(ctx context.Context, params *GetVpnConnectionDeviceTypesInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceTypesOutput, error) // Uploads a client certificate revocation list to the specified Client VPN // endpoint. Uploading a client certificate revocation list overwrites the existing // client certificate revocation list. Uploading a client certificate revocation // list resets existing client connections. ImportClientVpnClientCertificateRevocationList(ctx context.Context, params *ImportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ImportClientVpnClientCertificateRevocationListOutput, error) // Import single or multi-volume disk images or EBS snapshots into an Amazon // Machine Image (AMI). For more information, see Importing a VM as an image using // VM Import/Export // (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html) // in the VM Import/Export User Guide. ImportImage(ctx context.Context, params *ImportImageInput, optFns ...func(*Options)) (*ImportImageOutput, error) // Creates an import instance task using metadata from the specified disk image. // This API action supports only single-volume VMs. To import multi-volume VMs, use // ImportImage instead. This API action is not supported by the Command Line // Interface (CLI). For information about using the Amazon EC2 CLI, which is // deprecated, see Importing a VM to Amazon EC2 // (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2) // in the Amazon EC2 CLI Reference PDF file. For information about the import // manifest referenced by this API action, see VM Import Manifest // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). ImportInstance(ctx context.Context, params *ImportInstanceInput, optFns ...func(*Options)) (*ImportInstanceOutput, error) // Imports the public key from an RSA or ED25519 key pair that you created with a // third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services // creates the key pair and gives the keys to you (Amazon Web Services keeps a copy // of the public key). With ImportKeyPair, you create the key pair and give Amazon // Web Services just the public key. The private key is never transferred between // you and Amazon Web Services. For more information about key pairs, see Amazon // EC2 key pairs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the // Amazon Elastic Compute Cloud User Guide. ImportKeyPair(ctx context.Context, params *ImportKeyPairInput, optFns ...func(*Options)) (*ImportKeyPairOutput, error) // Imports a disk into an EBS snapshot. For more information, see Importing a disk // as a snapshot using VM Import/Export // (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-import-snapshot.html) // in the VM Import/Export User Guide. ImportSnapshot(ctx context.Context, params *ImportSnapshotInput, optFns ...func(*Options)) (*ImportSnapshotOutput, error) // Creates an import volume task using metadata from the specified disk image. This // API action supports only single-volume VMs. To import multi-volume VMs, use // ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead. // This API action is not supported by the Command Line Interface (CLI). For // information about using the Amazon EC2 CLI, which is deprecated, see Importing // Disks to Amazon EBS // (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#importing-your-volumes-into-amazon-ebs) // in the Amazon EC2 CLI Reference PDF file. For information about the import // manifest referenced by this API action, see VM Import Manifest // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). ImportVolume(ctx context.Context, params *ImportVolumeInput, optFns ...func(*Options)) (*ImportVolumeOutput, error) // Lists one or more AMIs that are currently in the Recycle Bin. For more // information, see Recycle Bin // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the // Amazon Elastic Compute Cloud User Guide. ListImagesInRecycleBin(ctx context.Context, params *ListImagesInRecycleBinInput, optFns ...func(*Options)) (*ListImagesInRecycleBinOutput, error) // Lists one or more snapshots that are currently in the Recycle Bin. ListSnapshotsInRecycleBin(ctx context.Context, params *ListSnapshotsInRecycleBinInput, optFns ...func(*Options)) (*ListSnapshotsInRecycleBinOutput, error) // Modifies an attribute of the specified Elastic IP address. For requirements, see // Using reverse DNS for email applications // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS). ModifyAddressAttribute(ctx context.Context, params *ModifyAddressAttributeInput, optFns ...func(*Options)) (*ModifyAddressAttributeOutput, error) // Changes the opt-in status of the Local Zone and Wavelength Zone group for your // account. Use DescribeAvailabilityZones // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) // to view the value for GroupName. ModifyAvailabilityZoneGroup(ctx context.Context, params *ModifyAvailabilityZoneGroupInput, optFns ...func(*Options)) (*ModifyAvailabilityZoneGroupOutput, error) // Modifies a Capacity Reservation's capacity and the conditions under which it is // to be released. You cannot change a Capacity Reservation's instance type, EBS // optimization, instance store settings, platform, Availability Zone, or instance // eligibility. If you need to modify any of these attributes, we recommend that // you cancel the Capacity Reservation, and then create a new one with the required // attributes. ModifyCapacityReservation(ctx context.Context, params *ModifyCapacityReservationInput, optFns ...func(*Options)) (*ModifyCapacityReservationOutput, error) // Modifies a Capacity Reservation Fleet. When you modify the total target capacity // of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity // Reservations, or modifies or cancels existing Capacity Reservations in the Fleet // to meet the new total target capacity. When you modify the end date for the // Fleet, the end dates for all of the individual Capacity Reservations in the // Fleet are updated accordingly. ModifyCapacityReservationFleet(ctx context.Context, params *ModifyCapacityReservationFleetInput, optFns ...func(*Options)) (*ModifyCapacityReservationFleetOutput, error) // Modifies the specified Client VPN endpoint. Modifying the DNS server resets // existing client connections. ModifyClientVpnEndpoint(ctx context.Context, params *ModifyClientVpnEndpointInput, optFns ...func(*Options)) (*ModifyClientVpnEndpointOutput, error) // Modifies the default credit option for CPU usage of burstable performance // instances. The default credit option is set at the account level per Amazon Web // Services Region, and is specified per instance family. All new burstable // performance instances in the account launch using the default credit option. // ModifyDefaultCreditSpecification is an asynchronous operation, which works at an // Amazon Web Services Region level and modifies the credit option for each // Availability Zone. All zones in a Region are updated within five minutes. But if // instances are launched during this operation, they might not get the new credit // option until the zone is updated. To verify whether the update has occurred, you // can call GetDefaultCreditSpecification and check DefaultCreditSpecification for // updates. For more information, see Burstable performance instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) // in the Amazon EC2 User Guide. ModifyDefaultCreditSpecification(ctx context.Context, params *ModifyDefaultCreditSpecificationInput, optFns ...func(*Options)) (*ModifyDefaultCreditSpecificationOutput, error) // Changes the default KMS key for EBS encryption by default for your account in // this Region. Amazon Web Services creates a unique Amazon Web Services managed // KMS key in each Region for use with encryption by default. If you change the // default KMS key to a symmetric customer managed KMS key, it is used instead of // the Amazon Web Services managed KMS key. To reset the default KMS key to the // Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon // EBS does not support asymmetric KMS keys. If you delete or disable the customer // managed KMS key that you specified for use with encryption by default, your // instances will fail to launch. For more information, see Amazon EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. ModifyEbsDefaultKmsKeyId(ctx context.Context, params *ModifyEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ModifyEbsDefaultKmsKeyIdOutput, error) // Modifies the specified EC2 Fleet. You can only modify an EC2 Fleet request of // type maintain. While the EC2 Fleet is being modified, it is in the modifying // state. To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet // launches the additional Spot Instances according to the allocation strategy for // the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet // launches instances using the Spot Instance pool with the lowest price. If the // allocation strategy is diversified, the EC2 Fleet distributes the instances // across the Spot Instance pools. If the allocation strategy is // capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with // optimal capacity for the number of instances that are launching. To scale down // your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any // open requests that exceed the new target capacity. You can request that the EC2 // Fleet terminate Spot Instances until the size of the fleet no longer exceeds the // new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet // terminates the instances with the highest price per unit. If the allocation // strategy is capacity-optimized, the EC2 Fleet terminates the instances in the // Spot Instance pools that have the least available Spot Instance capacity. If the // allocation strategy is diversified, the EC2 Fleet terminates instances across // the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep // the fleet at its current size, but not replace any Spot Instances that are // interrupted or that you terminate manually. If you are finished with your EC2 // Fleet for now, but will use it again later, you can set the target capacity to // 0. ModifyFleet(ctx context.Context, params *ModifyFleetInput, optFns ...func(*Options)) (*ModifyFleetOutput, error) // Modifies the specified attribute of the specified Amazon FPGA Image (AFI). ModifyFpgaImageAttribute(ctx context.Context, params *ModifyFpgaImageAttributeInput, optFns ...func(*Options)) (*ModifyFpgaImageAttributeOutput, error) // Modify the auto-placement setting of a Dedicated Host. When auto-placement is // enabled, any instances that you launch with a tenancy of host but without a // specific host ID are placed onto any available Dedicated Host in your account // that has auto-placement enabled. When auto-placement is disabled, you need to // provide a host ID to have the instance launch onto a specific host. If no host // ID is provided, the instance is launched onto a suitable host with // auto-placement enabled. You can also use this API action to modify a Dedicated // Host to support either multiple instance types in an instance family, or to // support a specific instance type only. ModifyHosts(ctx context.Context, params *ModifyHostsInput, optFns ...func(*Options)) (*ModifyHostsOutput, error) // Modifies the ID format for the specified resource on a per-Region basis. You can // specify that resources should receive longer IDs (17-character IDs) when they // are created. This request can only be used to modify longer ID settings for // resource types that are within the opt-in period. Resources currently in their // opt-in period include: bundle | conversion-task | customer-gateway | // dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | // flow-log | image | import-task | internet-gateway | network-acl | // network-acl-association | network-interface | network-interface-attachment | // prefix-list | route-table | route-table-association | security-group | subnet | // subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint // | vpc-peering-connection | vpn-connection | vpn-gateway. This setting applies to // the IAM user who makes the request; it does not apply to the entire Amazon Web // Services account. By default, an IAM user defaults to the same settings as the // root user. If you're using this action as the root user, then these settings // apply to the entire account, unless an IAM user explicitly overrides these // settings for themselves. For more information, see Resource IDs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the // Amazon Elastic Compute Cloud User Guide. Resources created with longer IDs are // visible to all IAM roles and users, regardless of these settings and provided // that they have permission to use the relevant Describe command for the resource // type. ModifyIdFormat(ctx context.Context, params *ModifyIdFormatInput, optFns ...func(*Options)) (*ModifyIdFormatOutput, error) // Modifies the ID format of a resource for a specified IAM user, IAM role, or the // root user for an account; or all IAM users, IAM roles, and the root user for an // account. You can specify that resources should receive longer IDs (17-character // IDs) when they are created. This request can only be used to modify longer ID // settings for resource types that are within the opt-in period. Resources // currently in their opt-in period include: bundle | conversion-task | // customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association // | export-task | flow-log | image | import-task | internet-gateway | network-acl // | network-acl-association | network-interface | network-interface-attachment | // prefix-list | route-table | route-table-association | security-group | subnet | // subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint // | vpc-peering-connection | vpn-connection | vpn-gateway. For more information, // see Resource IDs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the // Amazon Elastic Compute Cloud User Guide. This setting applies to the principal // specified in the request; it does not apply to the principal that makes the // request. Resources created with longer IDs are visible to all IAM roles and // users, regardless of these settings and provided that they have permission to // use the relevant Describe command for the resource type. ModifyIdentityIdFormat(ctx context.Context, params *ModifyIdentityIdFormatInput, optFns ...func(*Options)) (*ModifyIdentityIdFormatOutput, error) // Modifies the specified attribute of the specified AMI. You can specify only one // attribute at a time. You can use the Attribute parameter to specify the // attribute or one of the following parameters: Description or LaunchPermission. // Images with an Amazon Web Services Marketplace product code cannot be made // public. To enable the SriovNetSupport enhanced networking attribute of an image, // enable SriovNetSupport on an instance and create an AMI from the instance. ModifyImageAttribute(ctx context.Context, params *ModifyImageAttributeInput, optFns ...func(*Options)) (*ModifyImageAttributeOutput, error) // Modifies the specified attribute of the specified instance. You can specify only // one attribute at a time. Note: Using this action to change the security groups // associated with an elastic network interface (ENI) attached to an instance in a // VPC can result in an error if the instance has more than one ENI. To change the // security groups associated with an ENI attached to an instance that has multiple // ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action. To // modify some attributes, the instance must be stopped. For more information, see // Modify a stopped instance // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html) // in the Amazon EC2 User Guide. ModifyInstanceAttribute(ctx context.Context, params *ModifyInstanceAttributeInput, optFns ...func(*Options)) (*ModifyInstanceAttributeOutput, error) // Modifies the Capacity Reservation settings for a stopped instance. Use this // action to configure an instance to target a specific Capacity Reservation, run // in any open Capacity Reservation with matching attributes, or run On-Demand // Instance capacity. ModifyInstanceCapacityReservationAttributes(ctx context.Context, params *ModifyInstanceCapacityReservationAttributesInput, optFns ...func(*Options)) (*ModifyInstanceCapacityReservationAttributesOutput, error) // Modifies the credit option for CPU usage on a running or stopped burstable // performance instance. The credit options are standard and unlimited. For more // information, see Burstable performance instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) // in the Amazon EC2 User Guide. ModifyInstanceCreditSpecification(ctx context.Context, params *ModifyInstanceCreditSpecificationInput, optFns ...func(*Options)) (*ModifyInstanceCreditSpecificationOutput, error) // Modifies the start time for a scheduled Amazon EC2 instance event. ModifyInstanceEventStartTime(ctx context.Context, params *ModifyInstanceEventStartTimeInput, optFns ...func(*Options)) (*ModifyInstanceEventStartTimeOutput, error) // Modifies the specified event window. You can define either a set of time ranges // or a cron expression when modifying the event window, but not both. To modify // the targets associated with the event window, use the // AssociateInstanceEventWindow and DisassociateInstanceEventWindow API. If Amazon // Web Services has already scheduled an event, modifying an event window won't // change the time of the scheduled event. For more information, see Define event // windows for scheduled events // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the // Amazon EC2 User Guide. ModifyInstanceEventWindow(ctx context.Context, params *ModifyInstanceEventWindowInput, optFns ...func(*Options)) (*ModifyInstanceEventWindowOutput, error) // Modifies the recovery behavior of your instance to disable simplified automatic // recovery or set the recovery behavior to default. The default configuration will // not enable simplified automatic recovery for an unsupported instance type. For // more information, see Simplified automatic recovery // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery). ModifyInstanceMaintenanceOptions(ctx context.Context, params *ModifyInstanceMaintenanceOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMaintenanceOptionsOutput, error) // Modify the instance metadata parameters on a running or stopped instance. When // you modify the parameters on a stopped instance, they are applied when the // instance is started. When you modify the parameters on a running instance, the // API responds with a state of “pending”. After the parameter modifications are // successfully applied to the instance, the state of the modifications changes // from “pending” to “applied” in subsequent describe-instances API calls. For more // information, see Instance metadata and user data // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) // in the Amazon EC2 User Guide. ModifyInstanceMetadataOptions(ctx context.Context, params *ModifyInstanceMetadataOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMetadataOptionsOutput, error) // Modifies the placement attributes for a specified instance. You can do the // following: // // * Modify the affinity between an instance and a Dedicated Host // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html). // When affinity is set to host and the instance is not associated with a specific // Dedicated Host, the next time the instance is launched, it is automatically // associated with the host on which it lands. If the instance is restarted or // rebooted, this relationship persists. // // * Change the Dedicated Host with which an // instance is associated. // // * Change the instance tenancy of an instance. // // * Move // an instance to or from a placement group // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html). // // At // least one attribute for affinity, host ID, tenancy, or placement group name must // be specified in the request. Affinity and tenancy can be modified in the same // request. To modify the host ID, tenancy, placement group, or partition for an // instance, the instance must be in the stopped state. ModifyInstancePlacement(ctx context.Context, params *ModifyInstancePlacementInput, optFns ...func(*Options)) (*ModifyInstancePlacementOutput, error) // Modify the configurations of an IPAM. ModifyIpam(ctx context.Context, params *ModifyIpamInput, optFns ...func(*Options)) (*ModifyIpamOutput, error) // Modify the configurations of an IPAM pool. For more information, see Modify a // pool in the Amazon VPC IPAM User Guide. ModifyIpamPool(ctx context.Context, params *ModifyIpamPoolInput, optFns ...func(*Options)) (*ModifyIpamPoolOutput, error) // Modify a resource CIDR. You can use this action to transfer resource CIDRs // between scopes and ignore resource CIDRs that you do not want to manage. If set // to false, the resource will not be tracked for overlap, it cannot be // auto-imported into a pool, and it will be removed from any pool it has an // allocation in. For more information, see Move resource CIDRs between scopes and // Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide. ModifyIpamResourceCidr(ctx context.Context, params *ModifyIpamResourceCidrInput, optFns ...func(*Options)) (*ModifyIpamResourceCidrOutput, error) // Modify an IPAM scope. ModifyIpamScope(ctx context.Context, params *ModifyIpamScopeInput, optFns ...func(*Options)) (*ModifyIpamScopeOutput, error) // Modifies a launch template. You can specify which version of the launch template // to set as the default version. When launching an instance, the default version // applies when a launch template version is not specified. ModifyLaunchTemplate(ctx context.Context, params *ModifyLaunchTemplateInput, optFns ...func(*Options)) (*ModifyLaunchTemplateOutput, error) // Modifies the specified managed prefix list. Adding or removing entries in a // prefix list creates a new version of the prefix list. Changing the name of the // prefix list does not affect the version. If you specify a current version number // that does not match the true current version number, the request fails. ModifyManagedPrefixList(ctx context.Context, params *ModifyManagedPrefixListInput, optFns ...func(*Options)) (*ModifyManagedPrefixListOutput, error) // Modifies the specified network interface attribute. You can specify only one // attribute at a time. You can use this action to attach and detach security // groups from an existing EC2 instance. ModifyNetworkInterfaceAttribute(ctx context.Context, params *ModifyNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ModifyNetworkInterfaceAttributeOutput, error) // Modifies the options for instance hostnames for the specified instance. ModifyPrivateDnsNameOptions(ctx context.Context, params *ModifyPrivateDnsNameOptionsInput, optFns ...func(*Options)) (*ModifyPrivateDnsNameOptionsOutput, error) // Modifies the Availability Zone, instance count, instance type, or network // platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved // Instances to be modified must be identical, except for Availability Zone, // network platform, and instance type. For more information, see Modifying // Reserved Instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the // Amazon EC2 User Guide. ModifyReservedInstances(ctx context.Context, params *ModifyReservedInstancesInput, optFns ...func(*Options)) (*ModifyReservedInstancesOutput, error) // Modifies the rules of a security group. ModifySecurityGroupRules(ctx context.Context, params *ModifySecurityGroupRulesInput, optFns ...func(*Options)) (*ModifySecurityGroupRulesOutput, error) // Adds or removes permission settings for the specified snapshot. You may add or // remove specified Amazon Web Services account IDs from a snapshot's list of // create volume permissions, but you cannot do both in a single operation. If you // need to both add and remove account IDs for a snapshot, you must use multiple // operations. You can make up to 500 modifications to a snapshot in a single // operation. Encrypted snapshots and snapshots with Amazon Web Services // Marketplace product codes cannot be made public. Snapshots encrypted with your // default KMS key cannot be shared with other accounts. For more information about // modifying snapshot permissions, see Share a snapshot // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html) // in the Amazon Elastic Compute Cloud User Guide. ModifySnapshotAttribute(ctx context.Context, params *ModifySnapshotAttributeInput, optFns ...func(*Options)) (*ModifySnapshotAttributeOutput, error) // Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to // a full snapshot that includes all of the blocks of data that were written to the // volume at the time the snapshot was created, and moved from the standard tier to // the archive tier. For more information, see Archive Amazon EBS snapshots // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-archive.html) in // the Amazon Elastic Compute Cloud User Guide. ModifySnapshotTier(ctx context.Context, params *ModifySnapshotTierInput, optFns ...func(*Options)) (*ModifySnapshotTierOutput, error) // Modifies the specified Spot Fleet request. You can only modify a Spot Fleet // request of type maintain. While the Spot Fleet request is being modified, it is // in the modifying state. To scale up your Spot Fleet, increase its target // capacity. The Spot Fleet launches the additional Spot Instances according to the // allocation strategy for the Spot Fleet request. If the allocation strategy is // lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with // the lowest price. If the allocation strategy is diversified, the Spot Fleet // distributes the instances across the Spot Instance pools. If the allocation // strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance // pools with optimal capacity for the number of instances that are launching. To // scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet // cancels any open requests that exceed the new target capacity. You can request // that the Spot Fleet terminate Spot Instances until the size of the fleet no // longer exceeds the new target capacity. If the allocation strategy is // lowestPrice, the Spot Fleet terminates the instances with the highest price per // unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates // the instances in the Spot Instance pools that have the least available Spot // Instance capacity. If the allocation strategy is diversified, the Spot Fleet // terminates instances across the Spot Instance pools. Alternatively, you can // request that the Spot Fleet keep the fleet at its current size, but not replace // any Spot Instances that are interrupted or that you terminate manually. If you // are finished with your Spot Fleet for now, but will use it again later, you can // set the target capacity to 0. ModifySpotFleetRequest(ctx context.Context, params *ModifySpotFleetRequestInput, optFns ...func(*Options)) (*ModifySpotFleetRequestOutput, error) // Modifies a subnet attribute. You can only modify one attribute at a time. Use // this action to modify subnets on Amazon Web Services Outposts. // // * To modify a // subnet on an Outpost rack, set both MapCustomerOwnedIpOnLaunch and // CustomerOwnedIpv4Pool. These two parameters act as a single attribute. // // * To // modify a subnet on an Outpost server, set either EnableLniAtDeviceIndex or // DisableLniAtDeviceIndex. // // For more information about Amazon Web Services // Outposts, see the following: // // * Outpost servers // (https://docs.aws.amazon.com/outposts/latest/userguide/how-servers-work.html) // // * // Outpost racks // (https://docs.aws.amazon.com/outposts/latest/userguide/how-racks-work.html) ModifySubnetAttribute(ctx context.Context, params *ModifySubnetAttributeInput, optFns ...func(*Options)) (*ModifySubnetAttributeOutput, error) // Allows or restricts mirroring network services. By default, Amazon DNS network // services are not eligible for Traffic Mirror. Use AddNetworkServices to add // network services to a Traffic Mirror filter. When a network service is added to // the Traffic Mirror filter, all traffic related to that network service will be // mirrored. When you no longer want to mirror network services, use // RemoveNetworkServices to remove the network services from the Traffic Mirror // filter. ModifyTrafficMirrorFilterNetworkServices(ctx context.Context, params *ModifyTrafficMirrorFilterNetworkServicesInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterNetworkServicesOutput, error) // Modifies the specified Traffic Mirror rule. DestinationCidrBlock and // SourceCidrBlock must both be an IPv4 range or an IPv6 range. ModifyTrafficMirrorFilterRule(ctx context.Context, params *ModifyTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterRuleOutput, error) // Modifies a Traffic Mirror session. ModifyTrafficMirrorSession(ctx context.Context, params *ModifyTrafficMirrorSessionInput, optFns ...func(*Options)) (*ModifyTrafficMirrorSessionOutput, error) // Modifies the specified transit gateway. When you modify a transit gateway, the // modified options are applied to new transit gateway attachments only. Your // existing transit gateway attachments are not modified. ModifyTransitGateway(ctx context.Context, params *ModifyTransitGatewayInput, optFns ...func(*Options)) (*ModifyTransitGatewayOutput, error) // Modifies a reference (route) to a prefix list in a specified transit gateway // route table. ModifyTransitGatewayPrefixListReference(ctx context.Context, params *ModifyTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*ModifyTransitGatewayPrefixListReferenceOutput, error) // Modifies the specified VPC attachment. ModifyTransitGatewayVpcAttachment(ctx context.Context, params *ModifyTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ModifyTransitGatewayVpcAttachmentOutput, error) // You can modify several parameters of an existing EBS volume, including volume // size, volume type, and IOPS capacity. If your EBS volume is attached to a // current-generation EC2 instance type, you might be able to apply these changes // without stopping the instance or detaching the volume from it. For more // information about modifying EBS volumes, see Amazon EBS Elastic Volumes // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modify-volume.html) // (Linux instances) or Amazon EBS Elastic Volumes // (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-modify-volume.html) // (Windows instances). When you complete a resize operation on your volume, you // need to extend the volume's file-system size to take advantage of the new // storage capacity. For more information, see Extend a Linux file system // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#recognize-expanded-volume-linux) // or Extend a Windows file system // (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-expand-volume.html#recognize-expanded-volume-windows). // You can use CloudWatch Events to check the status of a modification to an EBS // volume. For information about CloudWatch Events, see the Amazon CloudWatch // Events User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). // You can also track the status of a modification using // DescribeVolumesModifications. For information about tracking status changes // using either method, see Monitor the progress of volume modifications // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html). // With previous-generation instance types, resizing an EBS volume might require // detaching and reattaching the volume or stopping and restarting the instance. If // you reach the maximum volume modification rate per volume limit, you must wait // at least six hours before applying further modifications to the affected EBS // volume. ModifyVolume(ctx context.Context, params *ModifyVolumeInput, optFns ...func(*Options)) (*ModifyVolumeOutput, error) // Modifies a volume attribute. By default, all I/O operations for the volume are // suspended when the data on the volume is determined to be potentially // inconsistent, to prevent undetectable, latent data corruption. The I/O access to // the volume can be resumed by first enabling I/O access and then checking the // data consistency on your volume. You can change the default behavior to resume // I/O operations. We recommend that you change this only for boot volumes or for // volumes that are stateless or disposable. ModifyVolumeAttribute(ctx context.Context, params *ModifyVolumeAttributeInput, optFns ...func(*Options)) (*ModifyVolumeAttributeOutput, error) // Modifies the specified attribute of the specified VPC. ModifyVpcAttribute(ctx context.Context, params *ModifyVpcAttributeInput, optFns ...func(*Options)) (*ModifyVpcAttributeOutput, error) // Modifies attributes of a specified VPC endpoint. The attributes that you can // modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load // Balancer). For more information, see VPC Endpoints // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the // Amazon Virtual Private Cloud User Guide. ModifyVpcEndpoint(ctx context.Context, params *ModifyVpcEndpointInput, optFns ...func(*Options)) (*ModifyVpcEndpointOutput, error) // Modifies a connection notification for VPC endpoint or VPC endpoint service. You // can change the SNS topic for the notification, or the events for which to be // notified. ModifyVpcEndpointConnectionNotification(ctx context.Context, params *ModifyVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*ModifyVpcEndpointConnectionNotificationOutput, error) // Modifies the attributes of your VPC endpoint service configuration. You can // change the Network Load Balancers or Gateway Load Balancers for your service, // and you can specify whether acceptance is required for requests to connect to // your endpoint service through an interface VPC endpoint. If you set or modify // the private DNS name, you must prove that you own the private DNS domain name. // For more information, see VPC Endpoint Service Private DNS Name Verification // (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html) // in the Amazon Virtual Private Cloud User Guide. ModifyVpcEndpointServiceConfiguration(ctx context.Context, params *ModifyVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*ModifyVpcEndpointServiceConfigurationOutput, error) // Modifies the payer responsibility for your VPC endpoint service. ModifyVpcEndpointServicePayerResponsibility(ctx context.Context, params *ModifyVpcEndpointServicePayerResponsibilityInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePayerResponsibilityOutput, error) // Modifies the permissions for your VPC endpoint service // (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html). You // can add or remove permissions for service consumers (IAM users, IAM roles, and // Amazon Web Services accounts) to connect to your endpoint service. If you grant // permissions to all principals, the service is public. Any users who know the // name of a public service can send a request to attach an endpoint. If the // service does not require manual approval, attachments are automatically // approved. ModifyVpcEndpointServicePermissions(ctx context.Context, params *ModifyVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePermissionsOutput, error) // Modifies the VPC peering connection options on one side of a VPC peering // connection. You can do the following: // // * Enable/disable communication over the // peering connection between an EC2-Classic instance that's linked to your VPC // (using ClassicLink) and instances in the peer VPC. // // * Enable/disable // communication over the peering connection between instances in your VPC and an // EC2-Classic instance that's linked to the peer VPC. // // * Enable/disable the // ability to resolve public DNS hostnames to private IP addresses when queried // from instances in the peer VPC. // // If the peered VPCs are in the same Amazon Web // Services account, you can enable DNS resolution for queries from the local VPC. // This ensures that queries from the local VPC resolve to private IP addresses in // the peer VPC. This option is not available if the peered VPCs are in different // different Amazon Web Services accounts or different Regions. For peered VPCs in // different Amazon Web Services accounts, each Amazon Web Services account owner // must initiate a separate request to modify the peering connection options. For // inter-region peering connections, you must use the Region for the requester VPC // to modify the requester VPC peering options and the Region for the accepter VPC // to modify the accepter VPC peering options. To verify which VPCs are the // accepter and the requester for a VPC peering connection, use the // DescribeVpcPeeringConnections command. ModifyVpcPeeringConnectionOptions(ctx context.Context, params *ModifyVpcPeeringConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpcPeeringConnectionOptionsOutput, error) // Modifies the instance tenancy attribute of the specified VPC. You can change the // instance tenancy attribute of a VPC to default only. You cannot change the // instance tenancy attribute to dedicated. After you modify the tenancy of the // VPC, any new instances that you launch into the VPC have a tenancy of default, // unless you specify otherwise during launch. The tenancy of any existing // instances in the VPC is not affected. For more information, see Dedicated // Instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in // the Amazon Elastic Compute Cloud User Guide. ModifyVpcTenancy(ctx context.Context, params *ModifyVpcTenancyInput, optFns ...func(*Options)) (*ModifyVpcTenancyOutput, error) // Modifies the customer gateway or the target gateway of an Amazon Web Services // Site-to-Site VPN connection. To modify the target gateway, the following // migration options are available: // // * An existing virtual private gateway to a new // virtual private gateway // // * An existing virtual private gateway to a transit // gateway // // * An existing transit gateway to a new transit gateway // // * An existing // transit gateway to a virtual private gateway // // Before you perform the migration // to the new gateway, you must configure the new gateway. Use CreateVpnGateway to // create a virtual private gateway, or CreateTransitGateway to create a transit // gateway. This step is required when you migrate from a virtual private gateway // with static routes to a transit gateway. You must delete the static routes // before you migrate to the new gateway. Keep a copy of the static route before // you delete it. You will need to add back these routes to the transit gateway // after the VPN connection migration is complete. After you migrate to the new // gateway, you might need to modify your VPC route table. Use CreateRoute and // DeleteRoute to make the changes described in Update VPC route tables // (https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing) // in the Amazon Web Services Site-to-Site VPN User Guide. When the new gateway is // a transit gateway, modify the transit gateway route table to allow traffic // between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use // CreateTransitGatewayRoute to add the routes. If you deleted VPN static routes, // you must add the static routes to the transit gateway route table. After you // perform this operation, the VPN endpoint's IP addresses on the Amazon Web // Services side and the tunnel options remain intact. Your Amazon Web Services // Site-to-Site VPN connection will be temporarily unavailable for a brief period // while we provision the new endpoints. ModifyVpnConnection(ctx context.Context, params *ModifyVpnConnectionInput, optFns ...func(*Options)) (*ModifyVpnConnectionOutput, error) // Modifies the connection options for your Site-to-Site VPN connection. When you // modify the VPN connection options, the VPN endpoint IP addresses on the Amazon // Web Services side do not change, and the tunnel options do not change. Your VPN // connection will be temporarily unavailable for a brief period while the VPN // connection is updated. ModifyVpnConnectionOptions(ctx context.Context, params *ModifyVpnConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpnConnectionOptionsOutput, error) // Modifies the VPN tunnel endpoint certificate. ModifyVpnTunnelCertificate(ctx context.Context, params *ModifyVpnTunnelCertificateInput, optFns ...func(*Options)) (*ModifyVpnTunnelCertificateOutput, error) // Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN // connection. You can modify multiple options for a tunnel in a single request, // but you can only modify one tunnel at a time. For more information, see // Site-to-Site VPN tunnel options for your Site-to-Site VPN connection // (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html) in the Amazon // Web Services Site-to-Site VPN User Guide. ModifyVpnTunnelOptions(ctx context.Context, params *ModifyVpnTunnelOptionsInput, optFns ...func(*Options)) (*ModifyVpnTunnelOptionsOutput, error) // Enables detailed monitoring for a running instance. Otherwise, basic monitoring // is enabled. For more information, see Monitor your instances using CloudWatch // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in // the Amazon EC2 User Guide. To disable detailed monitoring, see // UnmonitorInstances // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_UnmonitorInstances.html). MonitorInstances(ctx context.Context, params *MonitorInstancesInput, optFns ...func(*Options)) (*MonitorInstancesOutput, error) // Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC // platform. The Elastic IP address must be allocated to your account for more than // 24 hours, and it must not be associated with an instance. After the Elastic IP // address is moved, it is no longer available for use in the EC2-Classic platform, // unless you move it back using the RestoreAddressToClassic request. You cannot // move an Elastic IP address that was originally allocated for use in the EC2-VPC // platform to the EC2-Classic platform. MoveAddressToVpc(ctx context.Context, params *MoveAddressToVpcInput, optFns ...func(*Options)) (*MoveAddressToVpcOutput, error) // Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool. If you already have an // IPv4 BYOIP CIDR with Amazon Web Services, you can move the CIDR to IPAM from a // public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a // new IP address to Amazon Web Services for the first time, complete the steps in // Tutorial: BYOIP address CIDRs to IPAM. MoveByoipCidrToIpam(ctx context.Context, params *MoveByoipCidrToIpamInput, optFns ...func(*Options)) (*MoveByoipCidrToIpamOutput, error) // Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services // resources through bring your own IP addresses (BYOIP) and creates a // corresponding address pool. After the address range is provisioned, it is ready // to be advertised using AdvertiseByoipCidr. Amazon Web Services verifies that you // own the address range and are authorized to advertise it. You must ensure that // the address range is registered to you and that you created an RPKI ROA to // authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more // information, see Bring your own IP addresses (BYOIP) // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the // Amazon Elastic Compute Cloud User Guide. Provisioning an address range is an // asynchronous operation, so the call returns immediately, but the address range // is not ready to use until its status changes from pending-provision to // provisioned. To monitor the status of an address range, use DescribeByoipCidrs. // To allocate an Elastic IP address from your IPv4 address pool, use // AllocateAddress with either the specific address from the address pool or the ID // of the address pool. ProvisionByoipCidr(ctx context.Context, params *ProvisionByoipCidrInput, optFns ...func(*Options)) (*ProvisionByoipCidrOutput, error) // Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs // to a top-level pool or to transfer a CIDR from a top-level pool to a pool within // it. For more information, see Provision CIDRs to pools in the Amazon VPC IPAM // User Guide. ProvisionIpamPoolCidr(ctx context.Context, params *ProvisionIpamPoolCidrInput, optFns ...func(*Options)) (*ProvisionIpamPoolCidrOutput, error) // Provision a CIDR to a public IPv4 pool. For more information about IPAM, see // What is IPAM? in the Amazon VPC IPAM User Guide. ProvisionPublicIpv4PoolCidr(ctx context.Context, params *ProvisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*ProvisionPublicIpv4PoolCidrOutput, error) // Purchase a reservation with configurations that match those of your Dedicated // Host. You must have active Dedicated Hosts in your account before you purchase a // reservation. This action results in the specified reservation being purchased // and charged to your account. PurchaseHostReservation(ctx context.Context, params *PurchaseHostReservationInput, optFns ...func(*Options)) (*PurchaseHostReservationOutput, error) // Purchases a Reserved Instance for use with your account. With Reserved // Instances, you pay a lower hourly rate compared to On-Demand instance pricing. // Use DescribeReservedInstancesOfferings to get a list of Reserved Instance // offerings that match your specifications. After you've purchased a Reserved // Instance, you can check for your new Reserved Instance with // DescribeReservedInstances. To queue a purchase for a future date and time, // specify a purchase time. If you do not specify a purchase time, the default is // the current time. For more information, see Reserved Instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html) // and Reserved Instance Marketplace // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in // the Amazon EC2 User Guide. PurchaseReservedInstancesOffering(ctx context.Context, params *PurchaseReservedInstancesOfferingInput, optFns ...func(*Options)) (*PurchaseReservedInstancesOfferingOutput, error) // Purchases the Scheduled Instances with the specified schedule. Scheduled // Instances enable you to purchase Amazon EC2 compute capacity by the hour for a // one-year term. Before you can purchase a Scheduled Instance, you must call // DescribeScheduledInstanceAvailability to check for available schedules and // obtain a purchase token. After you purchase a Scheduled Instance, you must call // RunScheduledInstances during each scheduled time period. After you purchase a // Scheduled Instance, you can't cancel, modify, or resell your purchase. PurchaseScheduledInstances(ctx context.Context, params *PurchaseScheduledInstancesInput, optFns ...func(*Options)) (*PurchaseScheduledInstancesOutput, error) // Requests a reboot of the specified instances. This operation is asynchronous; it // only queues a request to reboot the specified instances. The operation succeeds // if the instances are valid and belong to you. Requests to reboot terminated // instances are ignored. If an instance does not cleanly shut down within a few // minutes, Amazon EC2 performs a hard reboot. For more information about // troubleshooting, see Troubleshoot an unreachable instance // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html) in // the Amazon EC2 User Guide. RebootInstances(ctx context.Context, params *RebootInstancesInput, optFns ...func(*Options)) (*RebootInstancesOutput, error) // Registers an AMI. When you're creating an AMI, this is the final step you must // complete before you can launch an instance from the AMI. For more information // about creating AMIs, see Creating your own AMIs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami.html) in // the Amazon Elastic Compute Cloud User Guide. For Amazon EBS-backed instances, // CreateImage creates and registers the AMI in a single request, so you don't have // to register the AMI yourself. If needed, you can deregister an AMI at any time. // Any modifications you make to an AMI backed by an instance store volume // invalidates its registration. If you make changes to an image, deregister the // previous image and register the new image. Register a snapshot of a root device // volume You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a // snapshot of a root device volume. You specify the snapshot using a block device // mapping. You can't set the encryption state of the volume using the block device // mapping. If the snapshot is encrypted, or encryption by default is enabled, the // root volume of an instance launched from the AMI is encrypted. For more // information, see Create a Linux AMI from a snapshot // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html#creating-launching-ami-from-snapshot) // and Use encryption with Amazon EBS-backed AMIs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. Amazon Web Services Marketplace product // codes If any snapshots have Amazon Web Services Marketplace product codes, they // are copied to the new AMI. Windows and some Linux distributions, such as Red Hat // Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon // EC2 billing product code associated with an AMI to verify the subscription // status for package updates. To create a new AMI for operating systems that // require a billing product code, instead of registering the AMI, do the following // to preserve the billing product code association: // // * Launch an instance from an // existing AMI with that billing product code. // // * Customize the instance. // // * // Create an AMI from the instance using CreateImage. // // If you purchase a Reserved // Instance to apply to an On-Demand Instance that was launched from an AMI with a // billing product code, make sure that the Reserved Instance has the matching // billing product code. If you purchase a Reserved Instance without the matching // billing product code, the Reserved Instance will not be applied to the On-Demand // Instance. For information about how to obtain the platform details and billing // information of an AMI, see Understanding AMI billing // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html) in // the Amazon Elastic Compute Cloud User Guide. RegisterImage(ctx context.Context, params *RegisterImageInput, optFns ...func(*Options)) (*RegisterImageOutput, error) // Registers a set of tag keys to include in scheduled event notifications for your // resources. To remove tags, use DeregisterInstanceEventNotificationAttributes // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeregisterInstanceEventNotificationAttributes.html). RegisterInstanceEventNotificationAttributes(ctx context.Context, params *RegisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*RegisterInstanceEventNotificationAttributesOutput, error) // Registers members (network interfaces) with the transit gateway multicast group. // A member is a network interface associated with a supported EC2 instance that // receives multicast traffic. For information about supported instances, see // Multicast Consideration // (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits) // in Amazon VPC Transit Gateways. After you add the members, use // SearchTransitGatewayMulticastGroups // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html) // to verify that the members were added to the transit gateway multicast group. RegisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *RegisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupMembersOutput, error) // Registers sources (network interfaces) with the specified transit gateway // multicast group. A multicast source is a network interface attached to a // supported instance that sends multicast traffic. For information about supported // instances, see Multicast Considerations // (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits) // in Amazon VPC Transit Gateways. After you add the source, use // SearchTransitGatewayMulticastGroups // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html) // to verify that the source was added to the multicast group. RegisterTransitGatewayMulticastGroupSources(ctx context.Context, params *RegisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupSourcesOutput, error) // Rejects a request to associate cross-account subnets with a transit gateway // multicast domain. RejectTransitGatewayMulticastDomainAssociations(ctx context.Context, params *RejectTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*RejectTransitGatewayMulticastDomainAssociationsOutput, error) // Rejects a transit gateway peering attachment request. RejectTransitGatewayPeeringAttachment(ctx context.Context, params *RejectTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayPeeringAttachmentOutput, error) // Rejects a request to attach a VPC to a transit gateway. The VPC attachment must // be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to // view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment // to accept a VPC attachment request. RejectTransitGatewayVpcAttachment(ctx context.Context, params *RejectTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayVpcAttachmentOutput, error) // Rejects one or more VPC endpoint connection requests to your VPC endpoint // service. RejectVpcEndpointConnections(ctx context.Context, params *RejectVpcEndpointConnectionsInput, optFns ...func(*Options)) (*RejectVpcEndpointConnectionsOutput, error) // Rejects a VPC peering connection request. The VPC peering connection must be in // the pending-acceptance state. Use the DescribeVpcPeeringConnections request to // view your outstanding VPC peering connection requests. To delete an active VPC // peering connection, or to delete a VPC peering connection request that you // initiated, use DeleteVpcPeeringConnection. RejectVpcPeeringConnection(ctx context.Context, params *RejectVpcPeeringConnectionInput, optFns ...func(*Options)) (*RejectVpcPeeringConnectionOutput, error) // Releases the specified Elastic IP address. [EC2-Classic, default VPC] Releasing // an Elastic IP address automatically disassociates it from any instance that it's // associated with. To disassociate an Elastic IP address without releasing it, use // DisassociateAddress. [Nondefault VPC] You must use DisassociateAddress to // disassociate the Elastic IP address before you can release it. Otherwise, Amazon // EC2 returns an error (InvalidIPAddress.InUse). After releasing an Elastic IP // address, it is released to the IP address pool. Be sure to update your DNS // records and any servers or devices that communicate with the address. If you // attempt to release an Elastic IP address that you already released, you'll get // an AuthFailure error if the address is already allocated to another Amazon Web // Services account. [EC2-VPC] After you release an Elastic IP address for use in a // VPC, you might be able to recover it. For more information, see AllocateAddress. ReleaseAddress(ctx context.Context, params *ReleaseAddressInput, optFns ...func(*Options)) (*ReleaseAddressOutput, error) // When you no longer want to use an On-Demand Dedicated Host it can be released. // On-Demand billing is stopped and the host goes into released state. The host ID // of Dedicated Hosts that have been released can no longer be specified in another // request, for example, to modify the host. You must stop or terminate all // instances on a host before it can be released. When Dedicated Hosts are // released, it may take some time for them to stop counting toward your limit and // you may receive capacity errors when trying to allocate new Dedicated Hosts. // Wait a few minutes and then try again. Released hosts still appear in a // DescribeHosts response. ReleaseHosts(ctx context.Context, params *ReleaseHostsInput, optFns ...func(*Options)) (*ReleaseHostsOutput, error) // Release an allocation within an IPAM pool. You can only use this action to // release manual allocations. To remove an allocation for a resource without // deleting the resource, set its monitored state to false using // ModifyIpamResourceCidr // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html). // For more information, see Release an allocation in the Amazon VPC IPAM User // Guide. ReleaseIpamPoolAllocation(ctx context.Context, params *ReleaseIpamPoolAllocationInput, optFns ...func(*Options)) (*ReleaseIpamPoolAllocationOutput, error) // Replaces an IAM instance profile for the specified running instance. You can use // this action to change the IAM instance profile that's associated with an // instance without having to disassociate the existing IAM instance profile first. // Use DescribeIamInstanceProfileAssociations to get the association ID. ReplaceIamInstanceProfileAssociation(ctx context.Context, params *ReplaceIamInstanceProfileAssociationInput, optFns ...func(*Options)) (*ReplaceIamInstanceProfileAssociationOutput, error) // Changes which network ACL a subnet is associated with. By default when you // create a subnet, it's automatically associated with the default network ACL. For // more information, see Network ACLs // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon // Virtual Private Cloud User Guide. This is an idempotent operation. ReplaceNetworkAclAssociation(ctx context.Context, params *ReplaceNetworkAclAssociationInput, optFns ...func(*Options)) (*ReplaceNetworkAclAssociationOutput, error) // Replaces an entry (rule) in a network ACL. For more information, see Network // ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the // Amazon Virtual Private Cloud User Guide. ReplaceNetworkAclEntry(ctx context.Context, params *ReplaceNetworkAclEntryInput, optFns ...func(*Options)) (*ReplaceNetworkAclEntryOutput, error) // Replaces an existing route within a route table in a VPC. You must provide only // one of the following: internet gateway, virtual private gateway, NAT instance, // NAT gateway, VPC peering connection, network interface, egress-only internet // gateway, or transit gateway. For more information, see Route tables // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the // Amazon Virtual Private Cloud User Guide. ReplaceRoute(ctx context.Context, params *ReplaceRouteInput, optFns ...func(*Options)) (*ReplaceRouteOutput, error) // Changes the route table associated with a given subnet, internet gateway, or // virtual private gateway in a VPC. After the operation completes, the subnet or // gateway uses the routes in the new route table. For more information about route // tables, see Route tables // (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the // Amazon Virtual Private Cloud User Guide. You can also use this operation to // change which table is the main route table in the VPC. Specify the main route // table's association ID and the route table ID of the new main route table. ReplaceRouteTableAssociation(ctx context.Context, params *ReplaceRouteTableAssociationInput, optFns ...func(*Options)) (*ReplaceRouteTableAssociationOutput, error) // Replaces the specified route in the specified transit gateway route table. ReplaceTransitGatewayRoute(ctx context.Context, params *ReplaceTransitGatewayRouteInput, optFns ...func(*Options)) (*ReplaceTransitGatewayRouteOutput, error) // Submits feedback about the status of an instance. The instance must be in the // running state. If your experience with the instance differs from the instance // status returned by DescribeInstanceStatus, use ReportInstanceStatus to report // your experience with the instance. Amazon EC2 collects this information to // improve the accuracy of status checks. Use of this action does not change the // value returned by DescribeInstanceStatus. ReportInstanceStatus(ctx context.Context, params *ReportInstanceStatusInput, optFns ...func(*Options)) (*ReportInstanceStatusOutput, error) // Creates a Spot Fleet request. The Spot Fleet request specifies the total target // capacity and the On-Demand target capacity. Amazon EC2 calculates the difference // between the total capacity and On-Demand capacity, and launches the difference // as Spot capacity. You can submit a single request that includes multiple launch // specifications that vary by instance type, AMI, Availability Zone, or subnet. By // default, the Spot Fleet requests Spot Instances in the Spot Instance pool where // the price per unit is the lowest. Each launch specification can include its own // instance weighting that reflects the value of the instance type to your // application workload. Alternatively, you can specify that the Spot Fleet // distribute the target capacity across the Spot pools included in its launch // specifications. By ensuring that the Spot Instances in your Spot Fleet are in // different Spot pools, you can improve the availability of your fleet. You can // specify tags for the Spot Fleet request and instances launched by the fleet. You // cannot tag other resource types in a Spot Fleet request because only the // spot-fleet-request and instance resource types are supported. For more // information, see Spot Fleet requests // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html) // in the Amazon EC2 User Guide for Linux Instances. RequestSpotFleet(ctx context.Context, params *RequestSpotFleetInput, optFns ...func(*Options)) (*RequestSpotFleetOutput, error) // Creates a Spot Instance request. For more information, see Spot Instance // requests // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html) in the // Amazon EC2 User Guide for Linux Instances. RequestSpotInstances(ctx context.Context, params *RequestSpotInstancesInput, optFns ...func(*Options)) (*RequestSpotInstancesOutput, error) // Resets the attribute of the specified IP address. For requirements, see Using // reverse DNS for email applications // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS). ResetAddressAttribute(ctx context.Context, params *ResetAddressAttributeInput, optFns ...func(*Options)) (*ResetAddressAttributeOutput, error) // Resets the default KMS key for EBS encryption for your account in this Region to // the Amazon Web Services managed KMS key for EBS. After resetting the default KMS // key to the Amazon Web Services managed KMS key, you can continue to encrypt by a // customer managed KMS key by specifying it when you create the volume. For more // information, see Amazon EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the // Amazon Elastic Compute Cloud User Guide. ResetEbsDefaultKmsKeyId(ctx context.Context, params *ResetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ResetEbsDefaultKmsKeyIdOutput, error) // Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its // default value. You can only reset the load permission attribute. ResetFpgaImageAttribute(ctx context.Context, params *ResetFpgaImageAttributeInput, optFns ...func(*Options)) (*ResetFpgaImageAttributeOutput, error) // Resets an attribute of an AMI to its default value. ResetImageAttribute(ctx context.Context, params *ResetImageAttributeInput, optFns ...func(*Options)) (*ResetImageAttributeOutput, error) // Resets an attribute of an instance to its default value. To reset the kernel or // ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck, // the instance can be either running or stopped. The sourceDestCheck attribute // controls whether source/destination checking is enabled. The default value is // true, which means checking is enabled. This value must be false for a NAT // instance to perform NAT. For more information, see NAT Instances // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html) // in the Amazon VPC User Guide. ResetInstanceAttribute(ctx context.Context, params *ResetInstanceAttributeInput, optFns ...func(*Options)) (*ResetInstanceAttributeOutput, error) // Resets a network interface attribute. You can specify only one attribute at a // time. ResetNetworkInterfaceAttribute(ctx context.Context, params *ResetNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ResetNetworkInterfaceAttributeOutput, error) // Resets permission settings for the specified snapshot. For more information // about modifying snapshot permissions, see Share a snapshot // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html) // in the Amazon Elastic Compute Cloud User Guide. ResetSnapshotAttribute(ctx context.Context, params *ResetSnapshotAttributeInput, optFns ...func(*Options)) (*ResetSnapshotAttributeOutput, error) // Restores an Elastic IP address that was previously moved to the EC2-VPC platform // back to the EC2-Classic platform. You cannot move an Elastic IP address that was // originally allocated for use in EC2-VPC. The Elastic IP address must not be // associated with an instance or network interface. RestoreAddressToClassic(ctx context.Context, params *RestoreAddressToClassicInput, optFns ...func(*Options)) (*RestoreAddressToClassicOutput, error) // Restores an AMI from the Recycle Bin. For more information, see Recycle Bin // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the // Amazon Elastic Compute Cloud User Guide. RestoreImageFromRecycleBin(ctx context.Context, params *RestoreImageFromRecycleBinInput, optFns ...func(*Options)) (*RestoreImageFromRecycleBinOutput, error) // Restores the entries from a previous version of a managed prefix list to a new // version of the prefix list. RestoreManagedPrefixListVersion(ctx context.Context, params *RestoreManagedPrefixListVersionInput, optFns ...func(*Options)) (*RestoreManagedPrefixListVersionOutput, error) // Restores a snapshot from the Recycle Bin. For more information, see Restore // snapshots from the Recycle Bin // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin-working-with-snaps.html#recycle-bin-restore-snaps) // in the Amazon Elastic Compute Cloud User Guide. RestoreSnapshotFromRecycleBin(ctx context.Context, params *RestoreSnapshotFromRecycleBinInput, optFns ...func(*Options)) (*RestoreSnapshotFromRecycleBinOutput, error) // Restores an archived Amazon EBS snapshot for use temporarily or permanently, or // modifies the restore period or restore type for a snapshot that was previously // temporarily restored. For more information see Restore an archived snapshot // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#restore-archived-snapshot) // and modify the restore period or restore type for a temporarily restored // snapshot // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#modify-temp-restore-period) // in the Amazon Elastic Compute Cloud User Guide. RestoreSnapshotTier(ctx context.Context, params *RestoreSnapshotTierInput, optFns ...func(*Options)) (*RestoreSnapshotTierOutput, error) // Removes an ingress authorization rule from a Client VPN endpoint. RevokeClientVpnIngress(ctx context.Context, params *RevokeClientVpnIngressInput, optFns ...func(*Options)) (*RevokeClientVpnIngressOutput, error) // [VPC only] Removes the specified outbound (egress) rules from a security group // for EC2-VPC. This action does not apply to security groups for use in // EC2-Classic. You can specify rules using either rule IDs or security group rule // properties. If you use rule properties, the values that you specify (for // example, ports) must match the existing rule's values exactly. Each rule has a // protocol, from and to ports, and destination (CIDR range, security group, or // prefix list). For the TCP and UDP protocols, you must also specify the // destination port or range of ports. For the ICMP protocol, you must also specify // the ICMP type and code. If the security group rule has a description, you do not // need to specify the description to revoke the rule. [Default VPC] If the values // you specify do not match the existing rule's values, no error is returned, and // the output describes the security group rules that were not revoked. Amazon Web // Services recommends that you describe the security group to verify that the // rules were removed. Rule changes are propagated to instances within the security // group as quickly as possible. However, a small delay might occur. RevokeSecurityGroupEgress(ctx context.Context, params *RevokeSecurityGroupEgressInput, optFns ...func(*Options)) (*RevokeSecurityGroupEgressOutput, error) // Removes the specified inbound (ingress) rules from a security group. You can // specify rules using either rule IDs or security group rule properties. If you // use rule properties, the values that you specify (for example, ports) must match // the existing rule's values exactly. Each rule has a protocol, from and to ports, // and source (CIDR range, security group, or prefix list). For the TCP and UDP // protocols, you must also specify the destination port or range of ports. For the // ICMP protocol, you must also specify the ICMP type and code. If the security // group rule has a description, you do not need to specify the description to // revoke the rule. [EC2-Classic, default VPC] If the values you specify do not // match the existing rule's values, no error is returned, and the output describes // the security group rules that were not revoked. Amazon Web Services recommends // that you describe the security group to verify that the rules were removed. Rule // changes are propagated to instances within the security group as quickly as // possible. However, a small delay might occur. RevokeSecurityGroupIngress(ctx context.Context, params *RevokeSecurityGroupIngressInput, optFns ...func(*Options)) (*RevokeSecurityGroupIngressOutput, error) // Launches the specified number of instances using an AMI for which you have // permissions. You can specify a number of options, or leave the default options. // The following rules apply: // // * [EC2-VPC] If you don't specify a subnet ID, we // choose a default subnet from your default VPC for you. If you don't have a // default VPC, you must specify a subnet ID in the request. // // * [EC2-Classic] If // don't specify an Availability Zone, we choose one for you. // // * Some instance // types must be launched into a VPC. If you do not have a default VPC, or if you // do not specify a subnet ID, the request fails. For more information, see // Instance types available only in a VPC // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html#vpc-only-instance-types). // // * // [EC2-VPC] All instances have a network interface with a primary private IPv4 // address. If you don't specify this address, we choose one from the IPv4 range of // your subnet. // // * Not all instance types support IPv6 addresses. For more // information, see Instance types // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html). // // * If // you don't specify a security group ID, we use the default security group. For // more information, see Security groups // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html). // // * // If any of the AMIs have a product code attached for which the user has not // subscribed, the request fails. // // You can create a launch template // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html), // which is a resource that contains the parameters to launch an instance. When you // launch an instance using RunInstances, you can specify the launch template // instead of specifying the launch parameters. To ensure faster instance launches, // break up large requests into smaller batches. For example, create five separate // launch requests for 100 instances each instead of one launch request for 500 // instances. An instance is ready for you to use when it's in the running state. // You can check the state of your instance using DescribeInstances. You can tag // instances and EBS volumes during launch, after launch, or both. For more // information, see CreateTags and Tagging your Amazon EC2 resources // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html). Linux // instances have access to the public key of the key pair at boot. You can use // this key to provide secure access to the instance. Amazon EC2 public images use // this feature to provide secure access without passwords. For more information, // see Key pairs // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). For // troubleshooting, see What to do if an instance immediately terminates // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html), // and Troubleshooting connecting to your instance // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html). RunInstances(ctx context.Context, params *RunInstancesInput, optFns ...func(*Options)) (*RunInstancesOutput, error) // Launches the specified Scheduled Instances. Before you can launch a Scheduled // Instance, you must purchase it and obtain an identifier using // PurchaseScheduledInstances. You must launch a Scheduled Instance during its // scheduled time period. You can't stop or reboot a Scheduled Instance, but you // can terminate it as needed. If you terminate a Scheduled Instance before the // current scheduled time period ends, you can launch it again after a few minutes. // For more information, see Scheduled Instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html) // in the Amazon EC2 User Guide. RunScheduledInstances(ctx context.Context, params *RunScheduledInstancesInput, optFns ...func(*Options)) (*RunScheduledInstancesOutput, error) // Searches for routes in the specified local gateway route table. SearchLocalGatewayRoutes(ctx context.Context, params *SearchLocalGatewayRoutesInput, optFns ...func(*Options)) (*SearchLocalGatewayRoutesOutput, error) // Searches one or more transit gateway multicast groups and returns the group // membership information. SearchTransitGatewayMulticastGroups(ctx context.Context, params *SearchTransitGatewayMulticastGroupsInput, optFns ...func(*Options)) (*SearchTransitGatewayMulticastGroupsOutput, error) // Searches for routes in the specified transit gateway route table. SearchTransitGatewayRoutes(ctx context.Context, params *SearchTransitGatewayRoutesInput, optFns ...func(*Options)) (*SearchTransitGatewayRoutesOutput, error) // Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a // kernel panic (on Linux instances), or a blue screen/stop error (on Windows // instances). For instances based on Intel and AMD processors, the interrupt is // received as a non-maskable interrupt (NMI). In general, the operating system // crashes and reboots when a kernel panic or stop error is triggered. The // operating system can also be configured to perform diagnostic tasks, such as // generating a memory dump file, loading a secondary kernel, or obtaining a call // trace. Before sending a diagnostic interrupt to your instance, ensure that its // operating system is configured to perform the required diagnostic tasks. For // more information about configuring your operating system to generate a crash // dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt // (for advanced users) // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/diagnostic-interrupt.html) // (Linux instances) or Send a diagnostic interrupt (for advanced users) // (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/diagnostic-interrupt.html) // (Windows instances). SendDiagnosticInterrupt(ctx context.Context, params *SendDiagnosticInterruptInput, optFns ...func(*Options)) (*SendDiagnosticInterruptOutput, error) // Starts an Amazon EBS-backed instance that you've previously stopped. Instances // that use Amazon EBS volumes as their root devices can be quickly stopped and // started. When an instance is stopped, the compute resources are released and you // are not billed for instance usage. However, your root partition Amazon EBS // volume remains and continues to persist your data, and you are charged for // Amazon EBS volume usage. You can restart your instance at any time. Every time // you start your instance, Amazon EC2 charges a one-minute minimum for instance // usage, and thereafter charges per second for instance usage. Before stopping an // instance, make sure it is in a state from which it can be restarted. Stopping an // instance does not preserve data stored in RAM. Performing this operation on an // instance that uses an instance store as its root device returns an error. If you // attempt to start a T3 instance with host tenancy and the unlimted CPU credit // option, the request fails. The unlimited CPU credit option is not supported on // Dedicated Hosts. Before you start the instance, either change its CPU credit // option to standard, or change its tenancy to default or dedicated. For more // information, see Stop and start your instance // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html) in the // Amazon EC2 User Guide. StartInstances(ctx context.Context, params *StartInstancesInput, optFns ...func(*Options)) (*StartInstancesOutput, error) // Starts analyzing the specified Network Access Scope. StartNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *StartNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAccessScopeAnalysisOutput, error) // Starts analyzing the specified path. If the path is reachable, the operation // returns the shortest feasible path. StartNetworkInsightsAnalysis(ctx context.Context, params *StartNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAnalysisOutput, error) // Initiates the verification process to prove that the service provider owns the // private DNS name domain for the endpoint service. The service provider must // successfully perform the verification before the consumer can use the name to // access the service. Before the service provider runs this command, they must add // a record to the DNS server. For more information, see Adding a TXT Record to // Your Domain's DNS Server // (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html#add-dns-txt-record) // in the Amazon VPC User Guide. StartVpcEndpointServicePrivateDnsVerification(ctx context.Context, params *StartVpcEndpointServicePrivateDnsVerificationInput, optFns ...func(*Options)) (*StartVpcEndpointServicePrivateDnsVerificationOutput, error) // Stops an Amazon EBS-backed instance. You can use the Stop action to hibernate an // instance if the instance is enabled for hibernation // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#enabling-hibernation) // and it meets the hibernation prerequisites // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). // For more information, see Hibernate your instance // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) in the // Amazon EC2 User Guide. We don't charge usage for a stopped instance, or data // transfer fees; however, your root partition Amazon EBS volume remains and // continues to persist your data, and you are charged for Amazon EBS volume usage. // Every time you start your instance, Amazon EC2 charges a one-minute minimum for // instance usage, and thereafter charges per second for instance usage. You can't // stop or hibernate instance store-backed instances. You can't use the Stop action // to hibernate Spot Instances, but you can specify that Amazon EC2 should // hibernate Spot Instances when they are interrupted. For more information, see // Hibernating interrupted Spot Instances // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances) // in the Amazon EC2 User Guide. When you stop or hibernate an instance, we shut it // down. You can restart your instance at any time. Before stopping or hibernating // an instance, make sure it is in a state from which it can be restarted. Stopping // an instance does not preserve data stored in RAM, but hibernating an instance // does preserve data stored in RAM. If an instance cannot hibernate successfully, // a normal shutdown occurs. Stopping and hibernating an instance is different to // rebooting or terminating it. For example, when you stop or hibernate an // instance, the root device and any other devices attached to the instance // persist. When you terminate an instance, the root device and any other devices // attached during the instance launch are automatically deleted. For more // information about the differences between rebooting, stopping, hibernating, and // terminating instances, see Instance lifecycle // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html) // in the Amazon EC2 User Guide. When you stop an instance, we attempt to shut it // down forcibly after a short while. If your instance appears stuck in the // stopping state after a period of time, there may be an issue with the underlying // host computer. For more information, see Troubleshoot stopping your instance // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesStopping.html) // in the Amazon EC2 User Guide. StopInstances(ctx context.Context, params *StopInstancesInput, optFns ...func(*Options)) (*StopInstancesOutput, error) // Terminates active Client VPN endpoint connections. This action can be used to // terminate a specific client connection, or up to five connections established by // a specific user. TerminateClientVpnConnections(ctx context.Context, params *TerminateClientVpnConnectionsInput, optFns ...func(*Options)) (*TerminateClientVpnConnectionsOutput, error) // Shuts down the specified instances. This operation is idempotent; if you // terminate an instance more than once, each call succeeds. If you specify // multiple instances and the request fails (for example, because of a single // incorrect instance ID), none of the instances are terminated. If you terminate // multiple instances across multiple Availability Zones, and one or more of the // specified instances are enabled for termination protection, the request fails // with the following results: // // * The specified instances that are in the same // Availability Zone as the protected instance are not terminated. // // * The specified // instances that are in different Availability Zones, where no other specified // instances are protected, are successfully terminated. // // For example, say you have // the following instances: // // * Instance A: us-east-1a; Not protected // // * Instance B: // us-east-1a; Not protected // // * Instance C: us-east-1b; Protected // // * Instance D: // us-east-1b; not protected // // If you attempt to terminate all of these instances in // the same request, the request reports failure with the following results: // // * // Instance A and Instance B are successfully terminated because none of the // specified instances in us-east-1a are enabled for termination protection. // // * // Instance C and Instance D fail to terminate because at least one of the // specified instances in us-east-1b (Instance C) is enabled for termination // protection. // // Terminated instances remain visible after termination (for // approximately one hour). By default, Amazon EC2 deletes all EBS volumes that // were attached when the instance launched. Volumes attached after instance launch // continue running. You can stop, start, and terminate EBS-backed instances. You // can only terminate instance store-backed instances. What happens to an instance // differs if you stop it or terminate it. For example, when you stop an instance, // the root device and any other devices attached to the instance persist. When you // terminate an instance, any attached EBS volumes with the DeleteOnTermination // block device mapping parameter set to true are automatically deleted. For more // information about the differences between stopping and terminating instances, // see Instance lifecycle // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html) // in the Amazon EC2 User Guide. For more information about troubleshooting, see // Troubleshooting terminating your instance // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesShuttingDown.html) // in the Amazon EC2 User Guide. TerminateInstances(ctx context.Context, params *TerminateInstancesInput, optFns ...func(*Options)) (*TerminateInstancesOutput, error) // Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a // network interface. UnassignIpv6Addresses(ctx context.Context, params *UnassignIpv6AddressesInput, optFns ...func(*Options)) (*UnassignIpv6AddressesOutput, error) // Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation // prefixes from a network interface. UnassignPrivateIpAddresses(ctx context.Context, params *UnassignPrivateIpAddressesInput, optFns ...func(*Options)) (*UnassignPrivateIpAddressesOutput, error) // Disables detailed monitoring for a running instance. For more information, see // Monitoring your instances and volumes // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in // the Amazon EC2 User Guide. UnmonitorInstances(ctx context.Context, params *UnmonitorInstancesInput, optFns ...func(*Options)) (*UnmonitorInstancesOutput, error) // [VPC only] Updates the description of an egress (outbound) security group rule. // You can replace an existing description, or add a description to a rule that did // not have one previously. You can remove a description for a security group rule // by omitting the description parameter in the request. UpdateSecurityGroupRuleDescriptionsEgress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsEgressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsEgressOutput, error) // Updates the description of an ingress (inbound) security group rule. You can // replace an existing description, or add a description to a rule that did not // have one previously. You can remove a description for a security group rule by // omitting the description parameter in the request. UpdateSecurityGroupRuleDescriptionsIngress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsIngressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsIngressOutput, error) // Stops advertising an address range that is provisioned as an address pool. You // can perform this operation at most once every 10 seconds, even if you specify // different address ranges each time. It can take a few minutes before traffic to // the specified addresses stops routing to Amazon Web Services because of BGP // propagation delays. WithdrawByoipCidr(ctx context.Context, params *WithdrawByoipCidrInput, optFns ...func(*Options)) (*WithdrawByoipCidrOutput, error) }
EC2 provides an interface to the AWS EC2 service.
type EKS ¶ added in v0.98.0
type EKS interface { // Associate encryption configuration to an existing cluster. You can use this API // to enable encryption on existing clusters which do not have encryption already // enabled. This allows you to implement a defense-in-depth security strategy // without migrating applications to new Amazon EKS clusters. AssociateEncryptionConfig(ctx context.Context, params *AssociateEncryptionConfigInput, optFns ...func(*Options)) (*AssociateEncryptionConfigOutput, error) // Associate an identity provider configuration to a cluster. If you want to // authenticate identities using an identity provider, you can create an identity // provider configuration and associate it to your cluster. After configuring // authentication to your cluster you can create Kubernetes roles and clusterroles // to assign permissions to the roles, and then bind the roles to the identities // using Kubernetes rolebindings and clusterrolebindings . For more information see // Using RBAC Authorization (https://kubernetes.io/docs/reference/access-authn-authz/rbac/) // in the Kubernetes documentation. AssociateIdentityProviderConfig(ctx context.Context, params *AssociateIdentityProviderConfigInput, optFns ...func(*Options)) (*AssociateIdentityProviderConfigOutput, error) // Creates an Amazon EKS add-on. Amazon EKS add-ons help to automate the // provisioning and lifecycle management of common operational software for Amazon // EKS clusters. For more information, see Amazon EKS add-ons (https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) // in the Amazon EKS User Guide. CreateAddon(ctx context.Context, params *CreateAddonInput, optFns ...func(*Options)) (*CreateAddonOutput, error) // Creates an Amazon EKS control plane. The Amazon EKS control plane consists of // control plane instances that run the Kubernetes software, such as etcd and the // API server. The control plane runs in an account managed by Amazon Web Services, // and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each // Amazon EKS cluster control plane is single tenant and unique. It runs on its own // set of Amazon EC2 instances. The cluster control plane is provisioned across // multiple Availability Zones and fronted by an Elastic Load Balancing Network // Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC // subnets to provide connectivity from the control plane instances to the nodes // (for example, to support kubectl exec , logs , and proxy data flows). Amazon // EKS nodes run in your Amazon Web Services account and connect to your cluster's // control plane over the Kubernetes API server endpoint and a certificate file // that is created for your cluster. In most cases, it takes several minutes to // create a cluster. After you create an Amazon EKS cluster, you must configure // your Kubernetes tooling to communicate with the API server and launch nodes into // your cluster. For more information, see Managing Cluster Authentication (https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html) // and Launching Amazon EKS nodes (https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) // in the Amazon EKS User Guide. CreateCluster(ctx context.Context, params *CreateClusterInput, optFns ...func(*Options)) (*CreateClusterOutput, error) // Creates an Fargate profile for your Amazon EKS cluster. You must have at least // one Fargate profile in a cluster to be able to run pods on Fargate. The Fargate // profile allows an administrator to declare which pods run on Fargate and specify // which pods run on which Fargate profile. This declaration is done through the // profile’s selectors. Each profile can have up to five selectors that contain a // namespace and labels. A namespace is required for every selector. The label // field consists of multiple optional key-value pairs. Pods that match the // selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the // selectors in the Fargate profile, then that pod is run on Fargate. When you // create a Fargate profile, you must specify a pod execution role to use with the // pods that are scheduled with the profile. This role is added to the cluster's // Kubernetes Role Based Access Control (https://kubernetes.io/docs/admin/authorization/rbac/) // (RBAC) for authorization so that the kubelet that is running on the Fargate // infrastructure can register with your Amazon EKS cluster so that it can appear // in your cluster as a node. The pod execution role also provides IAM permissions // to the Fargate infrastructure to allow read access to Amazon ECR image // repositories. For more information, see Pod Execution Role (https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) // in the Amazon EKS User Guide. Fargate profiles are immutable. However, you can // create a new updated profile to replace an existing profile and then delete the // original after the updated profile has finished creating. If any Fargate // profiles in a cluster are in the DELETING status, you must wait for that // Fargate profile to finish deleting before you can create any other profiles in // that cluster. For more information, see Fargate Profile (https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) // in the Amazon EKS User Guide. CreateFargateProfile(ctx context.Context, params *CreateFargateProfileInput, optFns ...func(*Options)) (*CreateFargateProfileOutput, error) // Creates a managed node group for an Amazon EKS cluster. You can only create a // node group for your cluster that is equal to the current Kubernetes version for // the cluster. All node groups are created with the latest AMI release version for // the respective minor Kubernetes version of the cluster, unless you deploy a // custom AMI using a launch template. For more information about using launch // templates, see Launch template support (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) // . An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and // associated Amazon EC2 instances that are managed by Amazon Web Services for an // Amazon EKS cluster. For more information, see Managed node groups (https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) // in the Amazon EKS User Guide. Windows AMI types are only supported for // commercial Regions that support Windows Amazon EKS. CreateNodegroup(ctx context.Context, params *CreateNodegroupInput, optFns ...func(*Options)) (*CreateNodegroupOutput, error) // Delete an Amazon EKS add-on. When you remove the add-on, it will also be // deleted from the cluster. You can always manually start an add-on on the cluster // using the Kubernetes API. DeleteAddon(ctx context.Context, params *DeleteAddonInput, optFns ...func(*Options)) (*DeleteAddonOutput, error) // Deletes the Amazon EKS cluster control plane. If you have active services in // your cluster that are associated with a load balancer, you must delete those // services before deleting the cluster so that the load balancers are deleted // properly. Otherwise, you can have orphaned resources in your VPC that prevent // you from being able to delete the VPC. For more information, see Deleting a // Cluster (https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html) // in the Amazon EKS User Guide. If you have managed node groups or Fargate // profiles attached to the cluster, you must delete them first. For more // information, see DeleteNodegroup and DeleteFargateProfile . DeleteCluster(ctx context.Context, params *DeleteClusterInput, optFns ...func(*Options)) (*DeleteClusterOutput, error) // Deletes an Fargate profile. When you delete a Fargate profile, any pods running // on Fargate that were created with the profile are deleted. If those pods match // another Fargate profile, then they are scheduled on Fargate with that profile. // If they no longer match any Fargate profiles, then they are not scheduled on // Fargate and they may remain in a pending state. Only one Fargate profile in a // cluster can be in the DELETING status at a time. You must wait for a Fargate // profile to finish deleting before you can delete any other profiles in that // cluster. DeleteFargateProfile(ctx context.Context, params *DeleteFargateProfileInput, optFns ...func(*Options)) (*DeleteFargateProfileOutput, error) // Deletes an Amazon EKS node group for a cluster. DeleteNodegroup(ctx context.Context, params *DeleteNodegroupInput, optFns ...func(*Options)) (*DeleteNodegroupOutput, error) // Deregisters a connected cluster to remove it from the Amazon EKS control plane. DeregisterCluster(ctx context.Context, params *DeregisterClusterInput, optFns ...func(*Options)) (*DeregisterClusterOutput, error) // Describes an Amazon EKS add-on. DescribeAddon(ctx context.Context, params *DescribeAddonInput, optFns ...func(*Options)) (*DescribeAddonOutput, error) // Returns configuration options. DescribeAddonConfiguration(ctx context.Context, params *DescribeAddonConfigurationInput, optFns ...func(*Options)) (*DescribeAddonConfigurationOutput, error) // Describes the versions for an add-on. Information such as the Kubernetes // versions that you can use the add-on with, the owner , publisher , and the type // of the add-on are returned. DescribeAddonVersions(ctx context.Context, params *DescribeAddonVersionsInput, optFns ...func(*Options)) (*DescribeAddonVersionsOutput, error) // Returns descriptive information about an Amazon EKS cluster. The API server // endpoint and certificate authority data returned by this operation are required // for kubelet and kubectl to communicate with your Kubernetes API server. For // more information, see Create a kubeconfig for Amazon EKS (https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html) // . The API server endpoint and certificate authority data aren't available until // the cluster reaches the ACTIVE state. DescribeCluster(ctx context.Context, params *DescribeClusterInput, optFns ...func(*Options)) (*DescribeClusterOutput, error) // Returns descriptive information about an Fargate profile. DescribeFargateProfile(ctx context.Context, params *DescribeFargateProfileInput, optFns ...func(*Options)) (*DescribeFargateProfileOutput, error) // Returns descriptive information about an identity provider configuration. DescribeIdentityProviderConfig(ctx context.Context, params *DescribeIdentityProviderConfigInput, optFns ...func(*Options)) (*DescribeIdentityProviderConfigOutput, error) // Returns descriptive information about an Amazon EKS node group. DescribeNodegroup(ctx context.Context, params *DescribeNodegroupInput, optFns ...func(*Options)) (*DescribeNodegroupOutput, error) // Returns descriptive information about an update against your Amazon EKS cluster // or associated managed node group or Amazon EKS add-on. When the status of the // update is Succeeded , the update is complete. If an update fails, the status is // Failed , and an error detail explains the reason for the failure. DescribeUpdate(ctx context.Context, params *DescribeUpdateInput, optFns ...func(*Options)) (*DescribeUpdateOutput, error) // Disassociates an identity provider configuration from a cluster. If you // disassociate an identity provider from your cluster, users included in the // provider can no longer access the cluster. However, you can still access the // cluster with Amazon Web Services IAM users. DisassociateIdentityProviderConfig(ctx context.Context, params *DisassociateIdentityProviderConfigInput, optFns ...func(*Options)) (*DisassociateIdentityProviderConfigOutput, error) // Lists the available add-ons. ListAddons(ctx context.Context, params *ListAddonsInput, optFns ...func(*Options)) (*ListAddonsOutput, error) // Lists the Amazon EKS clusters in your Amazon Web Services account in the // specified Region. ListClusters(ctx context.Context, params *ListClustersInput, optFns ...func(*Options)) (*ListClustersOutput, error) // Lists the Fargate profiles associated with the specified cluster in your Amazon // Web Services account in the specified Region. ListFargateProfiles(ctx context.Context, params *ListFargateProfilesInput, optFns ...func(*Options)) (*ListFargateProfilesOutput, error) // A list of identity provider configurations. ListIdentityProviderConfigs(ctx context.Context, params *ListIdentityProviderConfigsInput, optFns ...func(*Options)) (*ListIdentityProviderConfigsOutput, error) // Lists the Amazon EKS managed node groups associated with the specified cluster // in your Amazon Web Services account in the specified Region. Self-managed node // groups are not listed. ListNodegroups(ctx context.Context, params *ListNodegroupsInput, optFns ...func(*Options)) (*ListNodegroupsOutput, error) // List the tags for an Amazon EKS resource. ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error) // Lists the updates associated with an Amazon EKS cluster or managed node group // in your Amazon Web Services account, in the specified Region. ListUpdates(ctx context.Context, params *ListUpdatesInput, optFns ...func(*Options)) (*ListUpdatesOutput, error) // Connects a Kubernetes cluster to the Amazon EKS control plane. Any Kubernetes // cluster can be connected to the Amazon EKS control plane to view current // information about the cluster and its nodes. Cluster connection requires two // steps. First, send a RegisterClusterRequest to add it to the Amazon EKS control // plane. Second, a Manifest (https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml) // containing the activationID and activationCode must be applied to the // Kubernetes cluster through it's native provider to provide visibility. After the // Manifest is updated and applied, then the connected cluster is visible to the // Amazon EKS control plane. If the Manifest is not applied within three days, then // the connected cluster will no longer be visible and must be deregistered. See // DeregisterCluster . RegisterCluster(ctx context.Context, params *RegisterClusterInput, optFns ...func(*Options)) (*RegisterClusterOutput, error) // Associates the specified tags to a resource with the specified resourceArn . If // existing tags on a resource are not specified in the request parameters, they // are not changed. When a resource is deleted, the tags associated with that // resource are deleted as well. Tags that you create for Amazon EKS resources do // not propagate to any other resources associated with the cluster. For example, // if you tag a cluster with this operation, that tag does not automatically // propagate to the subnets and nodes associated with the cluster. TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error) // Deletes specified tags from a resource. UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error) // Updates an Amazon EKS add-on. UpdateAddon(ctx context.Context, params *UpdateAddonInput, optFns ...func(*Options)) (*UpdateAddonOutput, error) // Updates an Amazon EKS cluster configuration. Your cluster continues to function // during the update. The response output includes an update ID that you can use to // track the status of your cluster update with the DescribeUpdate API operation. // You can use this API operation to enable or disable exporting the Kubernetes // control plane logs for your cluster to CloudWatch Logs. By default, cluster // control plane logs aren't exported to CloudWatch Logs. For more information, see // Amazon EKS Cluster Control Plane Logs (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) // in the Amazon EKS User Guide . CloudWatch Logs ingestion, archive storage, and // data scanning rates apply to exported control plane logs. For more information, // see CloudWatch Pricing (http://aws.amazon.com/cloudwatch/pricing/) . You can // also use this API operation to enable or disable public and private access to // your cluster's Kubernetes API server endpoint. By default, public access is // enabled, and private access is disabled. For more information, see Amazon EKS // cluster endpoint access control (https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) // in the Amazon EKS User Guide . You can't update the subnets or security group // IDs for an existing cluster. Cluster updates are asynchronous, and they should // finish within a few minutes. During an update, the cluster status moves to // UPDATING (this status transition is eventually consistent). When the update is // complete (either Failed or Successful ), the cluster status moves to Active . UpdateClusterConfig(ctx context.Context, params *UpdateClusterConfigInput, optFns ...func(*Options)) (*UpdateClusterConfigOutput, error) // Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster // continues to function during the update. The response output includes an update // ID that you can use to track the status of your cluster update with the // DescribeUpdate API operation. Cluster updates are asynchronous, and they should // finish within a few minutes. During an update, the cluster status moves to // UPDATING (this status transition is eventually consistent). When the update is // complete (either Failed or Successful ), the cluster status moves to Active . If // your cluster has managed node groups attached to it, all of your node groups’ // Kubernetes versions must match the cluster’s Kubernetes version in order to // update the cluster to a new Kubernetes version. UpdateClusterVersion(ctx context.Context, params *UpdateClusterVersionInput, optFns ...func(*Options)) (*UpdateClusterVersionOutput, error) // Updates an Amazon EKS managed node group configuration. Your node group // continues to function during the update. The response output includes an update // ID that you can use to track the status of your node group update with the // DescribeUpdate API operation. Currently you can update the Kubernetes labels for // a node group or the scaling configuration. UpdateNodegroupConfig(ctx context.Context, params *UpdateNodegroupConfigInput, optFns ...func(*Options)) (*UpdateNodegroupConfigOutput, error) // Updates the Kubernetes version or AMI version of an Amazon EKS managed node // group. You can update a node group using a launch template only if the node // group was originally deployed with a launch template. If you need to update a // custom AMI in a node group that was deployed with a launch template, then update // your custom AMI, specify the new ID in a new version of the launch template, and // then update the node group to the new version of the launch template. If you // update without a launch template, then you can update to the latest available // AMI version of a node group's current Kubernetes version by not specifying a // Kubernetes version in the request. You can update to the latest AMI version of // your cluster's current Kubernetes version by specifying your cluster's // Kubernetes version in the request. For information about Linux versions, see // Amazon EKS optimized Amazon Linux AMI versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html) // in the Amazon EKS User Guide. For information about Windows versions, see // Amazon EKS optimized Windows AMI versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html) // in the Amazon EKS User Guide. You cannot roll back a node group to an earlier // Kubernetes version or AMI version. When a node in a managed node group is // terminated due to a scaling action or update, the pods in that node are drained // first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is // unable to do so. You can force the update if Amazon EKS is unable to drain the // nodes as a result of a pod disruption budget issue. UpdateNodegroupVersion(ctx context.Context, params *UpdateNodegroupVersionInput, optFns ...func(*Options)) (*UpdateNodegroupVersionOutput, error) }
EKS provides an interface to the AWS EKS service.
type ELB ¶ added in v0.91.0
type ELB interface { // Adds the specified tags to the specified load balancer. Each load balancer can // have a maximum of 10 tags. Each tag consists of a key and an optional value. If // a tag with the same key is already associated with the load balancer, AddTags // updates its value. For more information, see Tag Your Classic Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/add-remove-tags.html) // in the Classic Load Balancers Guide. AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error) // Associates one or more security groups with your load balancer in a virtual // private cloud (VPC). The specified security groups override the previously // associated security groups. For more information, see Security Groups for Load // Balancers in a VPC (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-security-groups) // in the Classic Load Balancers Guide. ApplySecurityGroupsToLoadBalancer(ctx context.Context, params *ApplySecurityGroupsToLoadBalancerInput, optFns ...func(*Options)) (*ApplySecurityGroupsToLoadBalancerOutput, error) // Adds one or more subnets to the set of configured subnets for the specified // load balancer. The load balancer evenly distributes requests across all // registered subnets. For more information, see Add or Remove Subnets for Your // Load Balancer in a VPC (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html) // in the Classic Load Balancers Guide. AttachLoadBalancerToSubnets(ctx context.Context, params *AttachLoadBalancerToSubnetsInput, optFns ...func(*Options)) (*AttachLoadBalancerToSubnetsOutput, error) // Specifies the health check settings to use when evaluating the health state of // your EC2 instances. For more information, see Configure Health Checks for Your // Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html) // in the Classic Load Balancers Guide. ConfigureHealthCheck(ctx context.Context, params *ConfigureHealthCheckInput, optFns ...func(*Options)) (*ConfigureHealthCheckOutput, error) // Generates a stickiness policy with sticky session lifetimes that follow that of // an application-generated cookie. This policy can be associated only with // HTTP/HTTPS listeners. This policy is similar to the policy created by // CreateLBCookieStickinessPolicy , except that the lifetime of the special Elastic // Load Balancing cookie, AWSELB , follows the lifetime of the // application-generated cookie specified in the policy configuration. The load // balancer only inserts a new stickiness cookie when the application response // includes a new application cookie. If the application cookie is explicitly // removed or expires, the session stops being sticky until a new application // cookie is issued. For more information, see Application-Controlled Session // Stickiness (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application) // in the Classic Load Balancers Guide. CreateAppCookieStickinessPolicy(ctx context.Context, params *CreateAppCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateAppCookieStickinessPolicyOutput, error) // Generates a stickiness policy with sticky session lifetimes controlled by the // lifetime of the browser (user-agent) or a specified expiration period. This // policy can be associated only with HTTP/HTTPS listeners. When a load balancer // implements this policy, the load balancer uses a special cookie to track the // instance for each request. When the load balancer receives a request, it first // checks to see if this cookie is present in the request. If so, the load balancer // sends the request to the application server specified in the cookie. If not, the // load balancer sends the request to a server that is chosen based on the existing // load-balancing algorithm. A cookie is inserted into the response for binding // subsequent requests from the same user to that server. The validity of the // cookie is based on the cookie expiration time, which is specified in the policy // configuration. For more information, see Duration-Based Session Stickiness (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration) // in the Classic Load Balancers Guide. CreateLBCookieStickinessPolicy(ctx context.Context, params *CreateLBCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateLBCookieStickinessPolicyOutput, error) // Creates a Classic Load Balancer. You can add listeners, security groups, // subnets, and tags when you create your load balancer, or you can add them later // using CreateLoadBalancerListeners , ApplySecurityGroupsToLoadBalancer , // AttachLoadBalancerToSubnets , and AddTags . To describe your current load // balancers, see DescribeLoadBalancers . When you are finished with a load // balancer, you can delete it using DeleteLoadBalancer . You can create up to 20 // load balancers per region per account. You can request an increase for the // number of load balancers for your account. For more information, see Limits for // Your Classic Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html) // in the Classic Load Balancers Guide. CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error) // Creates one or more listeners for the specified load balancer. If a listener // with the specified port does not already exist, it is created; otherwise, the // properties of the new listener must match the properties of the existing // listener. For more information, see Listeners for Your Classic Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html) // in the Classic Load Balancers Guide. CreateLoadBalancerListeners(ctx context.Context, params *CreateLoadBalancerListenersInput, optFns ...func(*Options)) (*CreateLoadBalancerListenersOutput, error) // Creates a policy with the specified attributes for the specified load balancer. // Policies are settings that are saved for your load balancer and that can be // applied to the listener or the application server, depending on the policy type. CreateLoadBalancerPolicy(ctx context.Context, params *CreateLoadBalancerPolicyInput, optFns ...func(*Options)) (*CreateLoadBalancerPolicyOutput, error) // Deletes the specified load balancer. If you are attempting to recreate a load // balancer, you must reconfigure all settings. The DNS name associated with a // deleted load balancer are no longer usable. The name and associated DNS record // of the deleted load balancer no longer exist and traffic sent to any of its IP // addresses is no longer delivered to your instances. If the load balancer does // not exist or has already been deleted, the call to DeleteLoadBalancer still // succeeds. DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error) // Deletes the specified listeners from the specified load balancer. DeleteLoadBalancerListeners(ctx context.Context, params *DeleteLoadBalancerListenersInput, optFns ...func(*Options)) (*DeleteLoadBalancerListenersOutput, error) // Deletes the specified policy from the specified load balancer. This policy must // not be enabled for any listeners. DeleteLoadBalancerPolicy(ctx context.Context, params *DeleteLoadBalancerPolicyInput, optFns ...func(*Options)) (*DeleteLoadBalancerPolicyOutput, error) // Deregisters the specified instances from the specified load balancer. After the // instance is deregistered, it no longer receives traffic from the load balancer. // You can use DescribeLoadBalancers to verify that the instance is deregistered // from the load balancer. For more information, see Register or De-Register EC2 // Instances (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html) // in the Classic Load Balancers Guide. DeregisterInstancesFromLoadBalancer(ctx context.Context, params *DeregisterInstancesFromLoadBalancerInput, optFns ...func(*Options)) (*DeregisterInstancesFromLoadBalancerOutput, error) // Describes the current Elastic Load Balancing resource limits for your AWS // account. For more information, see Limits for Your Classic Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html) // in the Classic Load Balancers Guide. DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error) // Describes the state of the specified instances with respect to the specified // load balancer. If no instances are specified, the call describes the state of // all instances that are currently registered with the load balancer. If instances // are specified, their state is returned even if they are no longer registered // with the load balancer. The state of terminated instances is not returned. DescribeInstanceHealth(ctx context.Context, params *DescribeInstanceHealthInput, optFns ...func(*Options)) (*DescribeInstanceHealthOutput, error) // Describes the attributes for the specified load balancer. DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error) // Describes the specified policies. If you specify a load balancer name, the // action returns the descriptions of all policies created for the load balancer. // If you specify a policy name associated with your load balancer, the action // returns the description of that policy. If you don't specify a load balancer // name, the action returns descriptions of the specified sample policies, or // descriptions of all sample policies. The names of the sample policies have the // ELBSample- prefix. DescribeLoadBalancerPolicies(ctx context.Context, params *DescribeLoadBalancerPoliciesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPoliciesOutput, error) // Describes the specified load balancer policy types or all load balancer policy // types. The description of each type indicates how it can be used. For example, // some policies can be used only with layer 7 listeners, some policies can be used // only with layer 4 listeners, and some policies can be used only with your EC2 // instances. You can use CreateLoadBalancerPolicy to create a policy // configuration for any of these policy types. Then, depending on the policy type, // use either SetLoadBalancerPoliciesOfListener or // SetLoadBalancerPoliciesForBackendServer to set the policy. DescribeLoadBalancerPolicyTypes(ctx context.Context, params *DescribeLoadBalancerPolicyTypesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPolicyTypesOutput, error) // Describes the specified the load balancers. If no load balancers are specified, // the call describes all of your load balancers. DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error) // Describes the tags associated with the specified load balancers. DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error) // Removes the specified subnets from the set of configured subnets for the load // balancer. After a subnet is removed, all EC2 instances registered with the load // balancer in the removed subnet go into the OutOfService state. Then, the load // balancer balances the traffic among the remaining routable subnets. DetachLoadBalancerFromSubnets(ctx context.Context, params *DetachLoadBalancerFromSubnetsInput, optFns ...func(*Options)) (*DetachLoadBalancerFromSubnetsOutput, error) // Removes the specified Availability Zones from the set of Availability Zones for // the specified load balancer in EC2-Classic or a default VPC. For load balancers // in a non-default VPC, use DetachLoadBalancerFromSubnets . There must be at least // one Availability Zone registered with a load balancer at all times. After an // Availability Zone is removed, all instances registered with the load balancer // that are in the removed Availability Zone go into the OutOfService state. Then, // the load balancer attempts to equally balance the traffic among its remaining // Availability Zones. For more information, see Add or Remove Availability Zones (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html) // in the Classic Load Balancers Guide. DisableAvailabilityZonesForLoadBalancer(ctx context.Context, params *DisableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*DisableAvailabilityZonesForLoadBalancerOutput, error) // Adds the specified Availability Zones to the set of Availability Zones for the // specified load balancer in EC2-Classic or a default VPC. For load balancers in a // non-default VPC, use AttachLoadBalancerToSubnets . The load balancer evenly // distributes requests across all its registered Availability Zones that contain // instances. For more information, see Add or Remove Availability Zones (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html) // in the Classic Load Balancers Guide. EnableAvailabilityZonesForLoadBalancer(ctx context.Context, params *EnableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*EnableAvailabilityZonesForLoadBalancerOutput, error) // Modifies the attributes of the specified load balancer. You can modify the load // balancer attributes, such as AccessLogs , ConnectionDraining , and // CrossZoneLoadBalancing by either enabling or disabling them. Or, you can modify // the load balancer attribute ConnectionSettings by specifying an idle connection // timeout value for your load balancer. For more information, see the following in // the Classic Load Balancers Guide: // - Cross-Zone Load Balancing (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-crosszone-lb.html) // - Connection Draining (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-conn-drain.html) // - Access Logs (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html) // - Idle Connection Timeout (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html) ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error) // Adds the specified instances to the specified load balancer. The instance must // be a running instance in the same network as the load balancer (EC2-Classic or // the same VPC). If you have EC2-Classic instances and a load balancer in a VPC // with ClassicLink enabled, you can link the EC2-Classic instances to that VPC and // then register the linked EC2-Classic instances with the load balancer in the // VPC. Note that RegisterInstanceWithLoadBalancer completes when the request has // been registered. Instance registration takes a little time to complete. To check // the state of the registered instances, use DescribeLoadBalancers or // DescribeInstanceHealth . After the instance is registered, it starts receiving // traffic and requests from the load balancer. Any instance that is not in one of // the Availability Zones registered for the load balancer is moved to the // OutOfService state. If an Availability Zone is added to the load balancer later, // any instances registered with the load balancer move to the InService state. To // deregister instances from a load balancer, use // DeregisterInstancesFromLoadBalancer . For more information, see Register or // De-Register EC2 Instances (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html) // in the Classic Load Balancers Guide. RegisterInstancesWithLoadBalancer(ctx context.Context, params *RegisterInstancesWithLoadBalancerInput, optFns ...func(*Options)) (*RegisterInstancesWithLoadBalancerOutput, error) // Removes one or more tags from the specified load balancer. RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error) // Sets the certificate that terminates the specified listener's SSL connections. // The specified certificate replaces any prior certificate that was used on the // same load balancer and port. For more information about updating your SSL // certificate, see Replace the SSL Certificate for Your Load Balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-update-ssl-cert.html) // in the Classic Load Balancers Guide. SetLoadBalancerListenerSSLCertificate(ctx context.Context, params *SetLoadBalancerListenerSSLCertificateInput, optFns ...func(*Options)) (*SetLoadBalancerListenerSSLCertificateOutput, error) // Replaces the set of policies associated with the specified port on which the // EC2 instance is listening with a new set of policies. At this time, only the // back-end server authentication policy type can be applied to the instance ports; // this policy type is composed of multiple public key policies. Each time you use // SetLoadBalancerPoliciesForBackendServer to enable the policies, use the // PolicyNames parameter to list the policies that you want to enable. You can use // DescribeLoadBalancers or DescribeLoadBalancerPolicies to verify that the policy // is associated with the EC2 instance. For more information about enabling // back-end instance authentication, see Configure Back-end Instance Authentication (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html#configure_backendauth_clt) // in the Classic Load Balancers Guide. For more information about Proxy Protocol, // see Configure Proxy Protocol Support (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html) // in the Classic Load Balancers Guide. SetLoadBalancerPoliciesForBackendServer(ctx context.Context, params *SetLoadBalancerPoliciesForBackendServerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesForBackendServerOutput, error) // Replaces the current set of policies for the specified load balancer port with // the specified set of policies. To enable back-end server authentication, use // SetLoadBalancerPoliciesForBackendServer . For more information about setting // policies, see Update the SSL Negotiation Configuration (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-config-update.html) // , Duration-Based Session Stickiness (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration) // , and Application-Controlled Session Stickiness (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application) // in the Classic Load Balancers Guide. SetLoadBalancerPoliciesOfListener(ctx context.Context, params *SetLoadBalancerPoliciesOfListenerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesOfListenerOutput, error) }
ELB provides an interface to the AWS ELB service.
type ELBV2 ¶ added in v0.91.0
type ELBV2 interface { // Adds the specified SSL server certificate to the certificate list for the // specified HTTPS or TLS listener. If the certificate in already in the // certificate list, the call is successful but the certificate is not added again. // For more information, see HTTPS listeners (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html) // in the Application Load Balancers Guide or TLS listeners (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html) // in the Network Load Balancers Guide. AddListenerCertificates(ctx context.Context, params *AddListenerCertificatesInput, optFns ...func(*Options)) (*AddListenerCertificatesOutput, error) // Adds the specified tags to the specified Elastic Load Balancing resource. You // can tag your Application Load Balancers, Network Load Balancers, Gateway Load // Balancers, target groups, listeners, and rules. Each tag consists of a key and // an optional value. If a resource already has a tag with the same key, AddTags // updates its value. AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error) // Creates a listener for the specified Application Load Balancer, Network Load // Balancer, or Gateway Load Balancer. For more information, see the following: // - Listeners for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html) // - Listeners for your Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-listeners.html) // - Listeners for your Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-listeners.html) // // This operation is idempotent, which means that it completes at most one time. // If you attempt to create multiple listeners with the same settings, each call // succeeds. CreateListener(ctx context.Context, params *CreateListenerInput, optFns ...func(*Options)) (*CreateListenerOutput, error) // Creates an Application Load Balancer, Network Load Balancer, or Gateway Load // Balancer. For more information, see the following: // - Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html) // - Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html) // - Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html) // // This operation is idempotent, which means that it completes at most one time. // If you attempt to create multiple load balancers with the same settings, each // call succeeds. CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error) // Creates a rule for the specified listener. The listener must be associated with // an Application Load Balancer. Each rule consists of a priority, one or more // actions, and one or more conditions. Rules are evaluated in priority order, from // the lowest value to the highest value. When the conditions for a rule are met, // its actions are performed. If the conditions for no rules are met, the actions // for the default rule are performed. For more information, see Listener rules (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules) // in the Application Load Balancers Guide. CreateRule(ctx context.Context, params *CreateRuleInput, optFns ...func(*Options)) (*CreateRuleOutput, error) // Creates a target group. For more information, see the following: // - Target groups for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html) // - Target groups for your Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html) // - Target groups for your Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html) // // This operation is idempotent, which means that it completes at most one time. // If you attempt to create multiple target groups with the same settings, each // call succeeds. CreateTargetGroup(ctx context.Context, params *CreateTargetGroupInput, optFns ...func(*Options)) (*CreateTargetGroupOutput, error) // Deletes the specified listener. Alternatively, your listener is deleted when // you delete the load balancer to which it is attached. DeleteListener(ctx context.Context, params *DeleteListenerInput, optFns ...func(*Options)) (*DeleteListenerOutput, error) // Deletes the specified Application Load Balancer, Network Load Balancer, or // Gateway Load Balancer. Deleting a load balancer also deletes its listeners. You // can't delete a load balancer if deletion protection is enabled. If the load // balancer does not exist or has already been deleted, the call succeeds. Deleting // a load balancer does not affect its registered targets. For example, your EC2 // instances continue to run and are still registered to their target groups. If // you no longer need these EC2 instances, you can stop or terminate them. DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error) // Deletes the specified rule. You can't delete the default rule. DeleteRule(ctx context.Context, params *DeleteRuleInput, optFns ...func(*Options)) (*DeleteRuleOutput, error) // Deletes the specified target group. You can delete a target group if it is not // referenced by any actions. Deleting a target group also deletes any associated // health checks. Deleting a target group does not affect its registered targets. // For example, any EC2 instances continue to run until you stop or terminate them. DeleteTargetGroup(ctx context.Context, params *DeleteTargetGroupInput, optFns ...func(*Options)) (*DeleteTargetGroupOutput, error) // Deregisters the specified targets from the specified target group. After the // targets are deregistered, they no longer receive traffic from the load balancer. DeregisterTargets(ctx context.Context, params *DeregisterTargetsInput, optFns ...func(*Options)) (*DeregisterTargetsOutput, error) // Describes the current Elastic Load Balancing resource limits for your Amazon // Web Services account. For more information, see the following: // - Quotas for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html) // - Quotas for your Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html) // - Quotas for your Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html) DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error) // Describes the default certificate and the certificate list for the specified // HTTPS or TLS listener. If the default certificate is also in the certificate // list, it appears twice in the results (once with IsDefault set to true and once // with IsDefault set to false). For more information, see SSL certificates (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#https-listener-certificates) // in the Application Load Balancers Guide or Server certificates (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificate) // in the Network Load Balancers Guide. DescribeListenerCertificates(ctx context.Context, params *DescribeListenerCertificatesInput, optFns ...func(*Options)) (*DescribeListenerCertificatesOutput, error) // Describes the specified listeners or the listeners for the specified // Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. You // must specify either a load balancer or one or more listeners. DescribeListeners(ctx context.Context, params *DescribeListenersInput, optFns ...func(*Options)) (*DescribeListenersOutput, error) // Describes the attributes for the specified Application Load Balancer, Network // Load Balancer, or Gateway Load Balancer. For more information, see the // following: // - Load balancer attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes) // in the Application Load Balancers Guide // - Load balancer attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#load-balancer-attributes) // in the Network Load Balancers Guide // - Load balancer attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html#load-balancer-attributes) // in the Gateway Load Balancers Guide DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error) // Describes the specified load balancers or all of your load balancers. DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error) // Describes the specified rules or the rules for the specified listener. You must // specify either a listener or one or more rules. DescribeRules(ctx context.Context, params *DescribeRulesInput, optFns ...func(*Options)) (*DescribeRulesOutput, error) // Describes the specified policies or all policies used for SSL negotiation. For // more information, see Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) // in the Application Load Balancers Guide or Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) // in the Network Load Balancers Guide. DescribeSSLPolicies(ctx context.Context, params *DescribeSSLPoliciesInput, optFns ...func(*Options)) (*DescribeSSLPoliciesOutput, error) // Describes the tags for the specified Elastic Load Balancing resources. You can // describe the tags for one or more Application Load Balancers, Network Load // Balancers, Gateway Load Balancers, target groups, listeners, or rules. DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error) // Describes the attributes for the specified target group. For more information, // see the following: // - Target group attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-attributes) // in the Application Load Balancers Guide // - Target group attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#target-group-attributes) // in the Network Load Balancers Guide // - Target group attributes (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#target-group-attributes) // in the Gateway Load Balancers Guide DescribeTargetGroupAttributes(ctx context.Context, params *DescribeTargetGroupAttributesInput, optFns ...func(*Options)) (*DescribeTargetGroupAttributesOutput, error) // Describes the specified target groups or all of your target groups. By default, // all target groups are described. Alternatively, you can specify one of the // following to filter the results: the ARN of the load balancer, the names of one // or more target groups, or the ARNs of one or more target groups. DescribeTargetGroups(ctx context.Context, params *DescribeTargetGroupsInput, optFns ...func(*Options)) (*DescribeTargetGroupsOutput, error) // Describes the health of the specified targets or all of your targets. DescribeTargetHealth(ctx context.Context, params *DescribeTargetHealthInput, optFns ...func(*Options)) (*DescribeTargetHealthOutput, error) // Replaces the specified properties of the specified listener. Any properties // that you do not specify remain unchanged. Changing the protocol from HTTPS to // HTTP, or from TLS to TCP, removes the security policy and default certificate // properties. If you change the protocol from HTTP to HTTPS, or from TCP to TLS, // you must add the security policy and default certificate properties. To add an // item to a list, remove an item from a list, or update an item in a list, you // must provide the entire list. For example, to add an action, specify a list with // the current actions plus the new action. ModifyListener(ctx context.Context, params *ModifyListenerInput, optFns ...func(*Options)) (*ModifyListenerOutput, error) // Modifies the specified attributes of the specified Application Load Balancer, // Network Load Balancer, or Gateway Load Balancer. If any of the specified // attributes can't be modified as requested, the call fails. Any existing // attributes that you do not modify retain their current values. ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error) // Replaces the specified properties of the specified rule. Any properties that // you do not specify are unchanged. To add an item to a list, remove an item from // a list, or update an item in a list, you must provide the entire list. For // example, to add an action, specify a list with the current actions plus the new // action. ModifyRule(ctx context.Context, params *ModifyRuleInput, optFns ...func(*Options)) (*ModifyRuleOutput, error) // Modifies the health checks used when evaluating the health state of the targets // in the specified target group. ModifyTargetGroup(ctx context.Context, params *ModifyTargetGroupInput, optFns ...func(*Options)) (*ModifyTargetGroupOutput, error) // Modifies the specified attributes of the specified target group. ModifyTargetGroupAttributes(ctx context.Context, params *ModifyTargetGroupAttributesInput, optFns ...func(*Options)) (*ModifyTargetGroupAttributesOutput, error) // Registers the specified targets with the specified target group. If the target // is an EC2 instance, it must be in the running state when you register it. By // default, the load balancer routes requests to registered targets using the // protocol and port for the target group. Alternatively, you can override the port // for a target when you register it. You can register each EC2 instance or IP // address with the same target group multiple times using different ports. With a // Network Load Balancer, you cannot register instances by instance ID if they have // the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, // HS1, M1, M2, M3, and T1. You can register instances of these types by IP // address. RegisterTargets(ctx context.Context, params *RegisterTargetsInput, optFns ...func(*Options)) (*RegisterTargetsOutput, error) // Removes the specified certificate from the certificate list for the specified // HTTPS or TLS listener. RemoveListenerCertificates(ctx context.Context, params *RemoveListenerCertificatesInput, optFns ...func(*Options)) (*RemoveListenerCertificatesOutput, error) // Removes the specified tags from the specified Elastic Load Balancing resources. // You can remove the tags for one or more Application Load Balancers, Network Load // Balancers, Gateway Load Balancers, target groups, listeners, or rules. RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error) // Sets the type of IP addresses used by the subnets of the specified load // balancer. SetIpAddressType(ctx context.Context, params *SetIpAddressTypeInput, optFns ...func(*Options)) (*SetIpAddressTypeOutput, error) // Sets the priorities of the specified rules. You can reorder the rules as long // as there are no priority conflicts in the new order. Any existing rules that you // do not specify retain their current priority. SetRulePriorities(ctx context.Context, params *SetRulePrioritiesInput, optFns ...func(*Options)) (*SetRulePrioritiesOutput, error) // Associates the specified security groups with the specified Application Load // Balancer. The specified security groups override the previously associated // security groups. You can't specify a security group for a Network Load Balancer // or Gateway Load Balancer. SetSecurityGroups(ctx context.Context, params *SetSecurityGroupsInput, optFns ...func(*Options)) (*SetSecurityGroupsOutput, error) // Enables the Availability Zones for the specified public subnets for the // specified Application Load Balancer or Network Load Balancer. The specified // subnets replace the previously enabled subnets. When you specify subnets for a // Network Load Balancer, you must include all subnets that were enabled // previously, with their existing configurations, plus any additional subnets. SetSubnets(ctx context.Context, params *SetSubnetsInput, optFns ...func(*Options)) (*SetSubnetsOutput, error) }
ELBV2 provides an interface to the AWS ELBV2 service.
type IAM ¶ added in v0.94.0
type IAM interface { // Adds a new client ID (also known as audience) to the list of client IDs already // registered for the specified IAM OpenID Connect (OIDC) provider resource. This // operation is idempotent; it does not fail or return an error if you add an // existing client ID to the provider. AddClientIDToOpenIDConnectProvider(ctx context.Context, params *AddClientIDToOpenIDConnectProviderInput, optFns ...func(*Options)) (*AddClientIDToOpenIDConnectProviderOutput, error) // Adds the specified IAM role to the specified instance profile. An instance // profile can contain only one role, and this quota cannot be increased. You can // remove the existing role and then add a different role to an instance profile. // You must then wait for the change to appear across all of Amazon Web Services // because of eventual consistency (https://en.wikipedia.org/wiki/Eventual_consistency) // . To force the change, you must disassociate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html) // and then associate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html) // , or you can stop your instance and then restart it. The caller of this // operation must be granted the PassRole permission on the IAM role by a // permissions policy. For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) // . For more information about instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html) // . AddRoleToInstanceProfile(ctx context.Context, params *AddRoleToInstanceProfileInput, optFns ...func(*Options)) (*AddRoleToInstanceProfileOutput, error) // Adds the specified user to the specified group. AddUserToGroup(ctx context.Context, params *AddUserToGroupInput, optFns ...func(*Options)) (*AddUserToGroupOutput, error) // Attaches the specified managed policy to the specified IAM group. You use this // operation to attach a managed policy to a group. To embed an inline policy in a // group, use PutGroupPolicy . As a best practice, you can validate your IAM // policies. To learn more, see Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) // in the IAM User Guide. For more information about policies, see Managed // policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. AttachGroupPolicy(ctx context.Context, params *AttachGroupPolicyInput, optFns ...func(*Options)) (*AttachGroupPolicyOutput, error) // Attaches the specified managed policy to the specified IAM role. When you // attach a managed policy to a role, the managed policy becomes part of the role's // permission (access) policy. You cannot use a managed policy as the role's trust // policy. The role's trust policy is created at the same time as the role, using // CreateRole . You can update a role's trust policy using UpdateAssumeRolePolicy . // Use this operation to attach a managed policy to a role. To embed an inline // policy in a role, use PutRolePolicy . For more information about policies, see // Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. As a best practice, you can validate your IAM policies. // To learn more, see Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) // in the IAM User Guide. AttachRolePolicy(ctx context.Context, params *AttachRolePolicyInput, optFns ...func(*Options)) (*AttachRolePolicyOutput, error) // Attaches the specified managed policy to the specified user. You use this // operation to attach a managed policy to a user. To embed an inline policy in a // user, use PutUserPolicy . As a best practice, you can validate your IAM // policies. To learn more, see Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) // in the IAM User Guide. For more information about policies, see Managed // policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. AttachUserPolicy(ctx context.Context, params *AttachUserPolicyInput, optFns ...func(*Options)) (*AttachUserPolicyOutput, error) // Changes the password of the IAM user who is calling this operation. This // operation can be performed using the CLI, the Amazon Web Services API, or the My // Security Credentials page in the Amazon Web Services Management Console. The // Amazon Web Services account root user password is not affected by this // operation. Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, // or the Users page in the IAM console to change the password for any IAM user. // For more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) // in the IAM User Guide. ChangePassword(ctx context.Context, params *ChangePasswordInput, optFns ...func(*Options)) (*ChangePasswordOutput, error) // Creates a new Amazon Web Services secret access key and corresponding Amazon // Web Services access key ID for the specified user. The default status for new // keys is Active . If you do not specify a user name, IAM determines the user name // implicitly based on the Amazon Web Services access key ID signing the request. // This operation works for access keys under the Amazon Web Services account. // Consequently, you can use this operation to manage Amazon Web Services account // root user credentials. This is true even if the Amazon Web Services account has // no associated users. For information about quotas on the number of keys you can // create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. To ensure the security of your Amazon Web Services // account, the secret access key is accessible only during key and user creation. // You must save the key (for example, in a text file) if you want to be able to // access it again. If a secret key is lost, you can delete the access keys for the // associated user and then create new keys. CreateAccessKey(ctx context.Context, params *CreateAccessKeyInput, optFns ...func(*Options)) (*CreateAccessKeyOutput, error) // Creates an alias for your Amazon Web Services account. For information about // using an Amazon Web Services account alias, see Creating, deleting, and listing // an Amazon Web Services account alias (https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html) // in the Amazon Web Services Sign-In User Guide. CreateAccountAlias(ctx context.Context, params *CreateAccountAliasInput, optFns ...func(*Options)) (*CreateAccountAliasOutput, error) // Creates a new group. For information about the number of groups you can create, // see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. CreateGroup(ctx context.Context, params *CreateGroupInput, optFns ...func(*Options)) (*CreateGroupOutput, error) // Creates a new instance profile. For information about instance profiles, see // Using roles for applications on Amazon EC2 (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html) // in the IAM User Guide, and Instance profiles (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile) // in the Amazon EC2 User Guide. For information about the number of instance // profiles you can create, see IAM object quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. CreateInstanceProfile(ctx context.Context, params *CreateInstanceProfileInput, optFns ...func(*Options)) (*CreateInstanceProfileOutput, error) // Creates a password for the specified IAM user. A password allows an IAM user to // access Amazon Web Services services through the Amazon Web Services Management // Console. You can use the CLI, the Amazon Web Services API, or the Users page in // the IAM console to create a password for any IAM user. Use ChangePassword to // update your own existing password in the My Security Credentials page in the // Amazon Web Services Management Console. For more information about managing // passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) // in the IAM User Guide. CreateLoginProfile(ctx context.Context, params *CreateLoginProfileInput, optFns ...func(*Options)) (*CreateLoginProfileOutput, error) // Creates an IAM entity to describe an identity provider (IdP) that supports // OpenID Connect (OIDC) (http://openid.net/connect/) . The OIDC provider that you // create with this operation can be used as a principal in a role's trust policy. // Such a policy establishes a trust relationship between Amazon Web Services and // the OIDC provider. If you are using an OIDC identity provider from Google, // Facebook, or Amazon Cognito, you don't need to create a separate IAM identity // provider. These OIDC identity providers are already built-in to Amazon Web // Services and are available for your use. Instead, you can move directly to // creating new roles using your identity provider. To learn more, see Creating a // role for web identity or OpenID connect federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html) // in the IAM User Guide. When you create the IAM OIDC provider, you specify the // following: // - The URL of the OIDC identity provider (IdP) to trust // - A list of client IDs (also known as audiences) that identify the // application or applications allowed to authenticate using the OIDC provider // - A list of tags that are attached to the specified IAM OIDC provider // - A list of thumbprints of one or more server certificates that the IdP uses // // You get all of this information from the OIDC IdP you want to use to access // Amazon Web Services. Amazon Web Services secures communication with some OIDC // identity providers (IdPs) through our library of trusted certificate authorities // (CAs) instead of using a certificate thumbprint to verify your IdP server // certificate. These OIDC IdPs include Google, Auth0, and those that use an Amazon // S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these cases, your // legacy thumbprint remains in your configuration, but is no longer used for // validation. The trust for the OIDC provider is derived from the IAM provider // that this operation creates. Therefore, it is best to limit access to the // CreateOpenIDConnectProvider operation to highly privileged users. CreateOpenIDConnectProvider(ctx context.Context, params *CreateOpenIDConnectProviderInput, optFns ...func(*Options)) (*CreateOpenIDConnectProviderOutput, error) // Creates a new managed policy for your Amazon Web Services account. This // operation creates a policy version with a version identifier of v1 and sets v1 // as the policy's default version. For more information about policy versions, see // Versioning for managed policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) // in the IAM User Guide. As a best practice, you can validate your IAM policies. // To learn more, see Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) // in the IAM User Guide. For more information about managed policies in general, // see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. CreatePolicy(ctx context.Context, params *CreatePolicyInput, optFns ...func(*Options)) (*CreatePolicyOutput, error) // Creates a new version of the specified managed policy. To update a managed // policy, you create a new policy version. A managed policy can have up to five // versions. If the policy has five versions, you must delete an existing version // using DeletePolicyVersion before you create a new version. Optionally, you can // set the new version as the policy's default version. The default version is the // version that is in effect for the IAM users, groups, and roles to which the // policy is attached. For more information about managed policy versions, see // Versioning for managed policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) // in the IAM User Guide. CreatePolicyVersion(ctx context.Context, params *CreatePolicyVersionInput, optFns ...func(*Options)) (*CreatePolicyVersionOutput, error) // Creates a new role for your Amazon Web Services account. For more information // about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) // . For information about quotas for role names and the number of roles you can // create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. CreateRole(ctx context.Context, params *CreateRoleInput, optFns ...func(*Options)) (*CreateRoleOutput, error) // Creates an IAM resource that describes an identity provider (IdP) that supports // SAML 2.0. The SAML provider resource that you create with this operation can be // used as a principal in an IAM role's trust policy. Such a policy can enable // federated users who sign in using the SAML IdP to assume the role. You can // create an IAM role that supports Web-based single sign-on (SSO) to the Amazon // Web Services Management Console or one that supports API access to Amazon Web // Services. When you create the SAML provider resource, you upload a SAML metadata // document that you get from your IdP. That document includes the issuer's name, // expiration information, and keys that can be used to validate the SAML // authentication response (assertions) that the IdP sends. You must generate the // metadata document using the identity management software that is used as your // organization's IdP. This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) // . For more information, see Enabling SAML 2.0 federated users to access the // Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) // and About SAML 2.0-based federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) // in the IAM User Guide. CreateSAMLProvider(ctx context.Context, params *CreateSAMLProviderInput, optFns ...func(*Options)) (*CreateSAMLProviderOutput, error) // Creates an IAM role that is linked to a specific Amazon Web Services service. // The service controls the attached policies and when the role can be deleted. // This helps ensure that the service is not broken by an unexpectedly changed or // deleted role, which could put your Amazon Web Services resources into an unknown // state. Allowing the service to control the role helps improve service stability // and proper cleanup when a service and its role are no longer needed. For more // information, see Using service-linked roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) // in the IAM User Guide. To attach a policy to this service-linked role, you must // make the request using the Amazon Web Services service that depends on this // role. CreateServiceLinkedRole(ctx context.Context, params *CreateServiceLinkedRoleInput, optFns ...func(*Options)) (*CreateServiceLinkedRoleOutput, error) // Generates a set of credentials consisting of a user name and password that can // be used to access the service specified in the request. These credentials are // generated by IAM, and can be used only for the specified service. You can have a // maximum of two sets of service-specific credentials for each supported service // per user. You can create service-specific credentials for CodeCommit and Amazon // Keyspaces (for Apache Cassandra). You can reset the password to a new // service-generated value by calling ResetServiceSpecificCredential . For more // information about service-specific credentials, see Using IAM with CodeCommit: // Git credentials, SSH keys, and Amazon Web Services access keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html) // in the IAM User Guide. CreateServiceSpecificCredential(ctx context.Context, params *CreateServiceSpecificCredentialInput, optFns ...func(*Options)) (*CreateServiceSpecificCredentialOutput, error) // Creates a new IAM user for your Amazon Web Services account. For information // about quotas for the number of IAM users you can create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. CreateUser(ctx context.Context, params *CreateUserInput, optFns ...func(*Options)) (*CreateUserOutput, error) // Creates a new virtual MFA device for the Amazon Web Services account. After // creating the virtual MFA, use EnableMFADevice to attach the MFA device to an // IAM user. For more information about creating and working with virtual MFA // devices, see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) // in the IAM User Guide. For information about the maximum number of MFA devices // you can create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. The seed information contained in the QR code and the // Base32 string should be treated like any other secret access information. In // other words, protect the seed information as you would your Amazon Web Services // access keys or your passwords. After you provision your virtual device, you // should ensure that the information is destroyed following secure procedures. CreateVirtualMFADevice(ctx context.Context, params *CreateVirtualMFADeviceInput, optFns ...func(*Options)) (*CreateVirtualMFADeviceOutput, error) // Deactivates the specified MFA device and removes it from association with the // user name for which it was originally enabled. For more information about // creating and working with virtual MFA devices, see Enabling a virtual // multi-factor authentication (MFA) device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) // in the IAM User Guide. DeactivateMFADevice(ctx context.Context, params *DeactivateMFADeviceInput, optFns ...func(*Options)) (*DeactivateMFADeviceOutput, error) // Deletes the access key pair associated with the specified IAM user. If you do // not specify a user name, IAM determines the user name implicitly based on the // Amazon Web Services access key ID signing the request. This operation works for // access keys under the Amazon Web Services account. Consequently, you can use // this operation to manage Amazon Web Services account root user credentials even // if the Amazon Web Services account has no associated users. DeleteAccessKey(ctx context.Context, params *DeleteAccessKeyInput, optFns ...func(*Options)) (*DeleteAccessKeyOutput, error) // Deletes the specified Amazon Web Services account alias. For information about // using an Amazon Web Services account alias, see Creating, deleting, and listing // an Amazon Web Services account alias (https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html) // in the Amazon Web Services Sign-In User Guide. DeleteAccountAlias(ctx context.Context, params *DeleteAccountAliasInput, optFns ...func(*Options)) (*DeleteAccountAliasOutput, error) // Deletes the password policy for the Amazon Web Services account. There are no // parameters. DeleteAccountPasswordPolicy(ctx context.Context, params *DeleteAccountPasswordPolicyInput, optFns ...func(*Options)) (*DeleteAccountPasswordPolicyOutput, error) // Deletes the specified IAM group. The group must not contain any users or have // any attached policies. DeleteGroup(ctx context.Context, params *DeleteGroupInput, optFns ...func(*Options)) (*DeleteGroupOutput, error) // Deletes the specified inline policy that is embedded in the specified IAM // group. A group can also have managed policies attached to it. To detach a // managed policy from a group, use DetachGroupPolicy . For more information about // policies, refer to Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. DeleteGroupPolicy(ctx context.Context, params *DeleteGroupPolicyInput, optFns ...func(*Options)) (*DeleteGroupPolicyOutput, error) // Deletes the specified instance profile. The instance profile must not have an // associated role. Make sure that you do not have any Amazon EC2 instances running // with the instance profile you are about to delete. Deleting a role or instance // profile that is associated with a running instance will break any applications // running on the instance. For more information about instance profiles, see // About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html) // . DeleteInstanceProfile(ctx context.Context, params *DeleteInstanceProfileInput, optFns ...func(*Options)) (*DeleteInstanceProfileOutput, error) // Deletes the password for the specified IAM user, For more information, see // Managing passwords for IAM users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html) // . You can use the CLI, the Amazon Web Services API, or the Users page in the IAM // console to delete a password for any IAM user. You can use ChangePassword to // update, but not delete, your own password in the My Security Credentials page in // the Amazon Web Services Management Console. Deleting a user's password does not // prevent a user from accessing Amazon Web Services through the command line // interface or the API. To prevent all user access, you must also either make any // access keys inactive or delete them. For more information about making keys // inactive or deleting them, see UpdateAccessKey and DeleteAccessKey . DeleteLoginProfile(ctx context.Context, params *DeleteLoginProfileInput, optFns ...func(*Options)) (*DeleteLoginProfileOutput, error) // Deletes an OpenID Connect identity provider (IdP) resource object in IAM. // Deleting an IAM OIDC provider resource does not update any roles that reference // the provider as a principal in their trust policies. Any attempt to assume a // role that references a deleted provider fails. This operation is idempotent; it // does not fail or return an error if you call the operation for a provider that // does not exist. DeleteOpenIDConnectProvider(ctx context.Context, params *DeleteOpenIDConnectProviderInput, optFns ...func(*Options)) (*DeleteOpenIDConnectProviderOutput, error) // Deletes the specified managed policy. Before you can delete a managed policy, // you must first detach the policy from all users, groups, and roles that it is // attached to. In addition, you must delete all the policy's versions. The // following steps describe the process for deleting a managed policy: // - Detach the policy from all users, groups, and roles that the policy is // attached to, using DetachUserPolicy , DetachGroupPolicy , or DetachRolePolicy // . To list all the users, groups, and roles that a policy is attached to, use // ListEntitiesForPolicy . // - Delete all versions of the policy using DeletePolicyVersion . To list the // policy's versions, use ListPolicyVersions . You cannot use DeletePolicyVersion // to delete the version that is marked as the default version. You delete the // policy's default version in the next step of the process. // - Delete the policy (this automatically deletes the policy's default version) // using this operation. // // For information about managed policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error) // Deletes the specified version from the specified managed policy. You cannot // delete the default version from a policy using this operation. To delete the // default version from a policy, use DeletePolicy . To find out which version of a // policy is marked as the default version, use ListPolicyVersions . For // information about versions for managed policies, see Versioning for managed // policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) // in the IAM User Guide. DeletePolicyVersion(ctx context.Context, params *DeletePolicyVersionInput, optFns ...func(*Options)) (*DeletePolicyVersionOutput, error) // Deletes the specified role. Unlike the Amazon Web Services Management Console, // when you delete a role programmatically, you must delete the items attached to // the role manually, or the deletion fails. For more information, see Deleting an // IAM role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli) // . Before attempting to delete a role, remove the following attached items: // - Inline policies ( DeleteRolePolicy ) // - Attached managed policies ( DetachRolePolicy ) // - Instance profile ( RemoveRoleFromInstanceProfile ) // - Optional – Delete instance profile after detaching from role for resource // clean up ( DeleteInstanceProfile ) // // Make sure that you do not have any Amazon EC2 instances running with the role // you are about to delete. Deleting a role or instance profile that is associated // with a running instance will break any applications running on the instance. DeleteRole(ctx context.Context, params *DeleteRoleInput, optFns ...func(*Options)) (*DeleteRoleOutput, error) // Deletes the permissions boundary for the specified IAM role. You cannot set the // boundary for a service-linked role. Deleting the permissions boundary for a role // might increase its permissions. For example, it might allow anyone who assumes // the role to perform all the actions granted in its permissions policies. DeleteRolePermissionsBoundary(ctx context.Context, params *DeleteRolePermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteRolePermissionsBoundaryOutput, error) // Deletes the specified inline policy that is embedded in the specified IAM role. // A role can also have managed policies attached to it. To detach a managed policy // from a role, use DetachRolePolicy . For more information about policies, refer // to Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. DeleteRolePolicy(ctx context.Context, params *DeleteRolePolicyInput, optFns ...func(*Options)) (*DeleteRolePolicyOutput, error) // Deletes a SAML provider resource in IAM. Deleting the provider resource from // IAM does not update any roles that reference the SAML provider resource's ARN as // a principal in their trust policies. Any attempt to assume a role that // references a non-existent provider resource ARN fails. This operation requires // Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) // . DeleteSAMLProvider(ctx context.Context, params *DeleteSAMLProviderInput, optFns ...func(*Options)) (*DeleteSAMLProviderOutput, error) // Deletes the specified SSH public key. The SSH public key deleted by this // operation is used only for authenticating the associated IAM user to an // CodeCommit repository. For more information about using SSH keys to authenticate // to an CodeCommit repository, see Set up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) // in the CodeCommit User Guide. DeleteSSHPublicKey(ctx context.Context, params *DeleteSSHPublicKeyInput, optFns ...func(*Options)) (*DeleteSSHPublicKeyOutput, error) // Deletes the specified server certificate. For more information about working // with server certificates, see Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. This topic also includes a list of Amazon Web Services // services that can use the server certificates that you manage with IAM. If you // are using a server certificate with Elastic Load Balancing, deleting the // certificate could have implications for your application. If Elastic Load // Balancing doesn't detect the deletion of bound certificates, it may continue to // use the certificates. This could cause Elastic Load Balancing to stop accepting // traffic. We recommend that you remove the reference to the certificate from // Elastic Load Balancing before using this command to delete the certificate. For // more information, see DeleteLoadBalancerListeners (https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html) // in the Elastic Load Balancing API Reference. DeleteServerCertificate(ctx context.Context, params *DeleteServerCertificateInput, optFns ...func(*Options)) (*DeleteServerCertificateOutput, error) // Submits a service-linked role deletion request and returns a DeletionTaskId , // which you can use to check the status of the deletion. Before you call this // operation, confirm that the role has no active sessions and that any resources // used by the role in the linked service are deleted. If you call this operation // more than once for the same service-linked role and an earlier deletion task is // not complete, then the DeletionTaskId of the earlier request is returned. If // you submit a deletion request for a service-linked role whose linked service is // still accessing a resource, then the deletion task fails. If it fails, the // GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure, // usually including the resources that must be deleted. To delete the // service-linked role, you must first remove those resources from the linked // service and then submit the deletion request again. Resources are specific to // the service that is linked to the role. For more information about removing // resources from a service, see the Amazon Web Services documentation (http://docs.aws.amazon.com/) // for your service. For more information about service-linked roles, see Roles // terms and concepts: Amazon Web Services service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role) // in the IAM User Guide. DeleteServiceLinkedRole(ctx context.Context, params *DeleteServiceLinkedRoleInput, optFns ...func(*Options)) (*DeleteServiceLinkedRoleOutput, error) // Deletes the specified service-specific credential. DeleteServiceSpecificCredential(ctx context.Context, params *DeleteServiceSpecificCredentialInput, optFns ...func(*Options)) (*DeleteServiceSpecificCredentialOutput, error) // Deletes a signing certificate associated with the specified IAM user. If you do // not specify a user name, IAM determines the user name implicitly based on the // Amazon Web Services access key ID signing the request. This operation works for // access keys under the Amazon Web Services account. Consequently, you can use // this operation to manage Amazon Web Services account root user credentials even // if the Amazon Web Services account has no associated IAM users. DeleteSigningCertificate(ctx context.Context, params *DeleteSigningCertificateInput, optFns ...func(*Options)) (*DeleteSigningCertificateOutput, error) // Deletes the specified IAM user. Unlike the Amazon Web Services Management // Console, when you delete a user programmatically, you must delete the items // attached to the user manually, or the deletion fails. For more information, see // Deleting an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli) // . Before attempting to delete a user, remove the following items: // - Password ( DeleteLoginProfile ) // - Access keys ( DeleteAccessKey ) // - Signing certificate ( DeleteSigningCertificate ) // - SSH public key ( DeleteSSHPublicKey ) // - Git credentials ( DeleteServiceSpecificCredential ) // - Multi-factor authentication (MFA) device ( DeactivateMFADevice , // DeleteVirtualMFADevice ) // - Inline policies ( DeleteUserPolicy ) // - Attached managed policies ( DetachUserPolicy ) // - Group memberships ( RemoveUserFromGroup ) DeleteUser(ctx context.Context, params *DeleteUserInput, optFns ...func(*Options)) (*DeleteUserOutput, error) // Deletes the permissions boundary for the specified IAM user. Deleting the // permissions boundary for a user might increase its permissions by allowing the // user to perform all the actions granted in its permissions policies. DeleteUserPermissionsBoundary(ctx context.Context, params *DeleteUserPermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteUserPermissionsBoundaryOutput, error) // Deletes the specified inline policy that is embedded in the specified IAM user. // A user can also have managed policies attached to it. To detach a managed policy // from a user, use DetachUserPolicy . For more information about policies, refer // to Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. DeleteUserPolicy(ctx context.Context, params *DeleteUserPolicyInput, optFns ...func(*Options)) (*DeleteUserPolicyOutput, error) // Deletes a virtual MFA device. You must deactivate a user's virtual MFA device // before you can delete it. For information about deactivating MFA devices, see // DeactivateMFADevice . DeleteVirtualMFADevice(ctx context.Context, params *DeleteVirtualMFADeviceInput, optFns ...func(*Options)) (*DeleteVirtualMFADeviceOutput, error) // Removes the specified managed policy from the specified IAM group. A group can // also have inline policies embedded with it. To delete an inline policy, use // DeleteGroupPolicy . For information about policies, see Managed policies and // inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. DetachGroupPolicy(ctx context.Context, params *DetachGroupPolicyInput, optFns ...func(*Options)) (*DetachGroupPolicyOutput, error) // Removes the specified managed policy from the specified role. A role can also // have inline policies embedded with it. To delete an inline policy, use // DeleteRolePolicy . For information about policies, see Managed policies and // inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. DetachRolePolicy(ctx context.Context, params *DetachRolePolicyInput, optFns ...func(*Options)) (*DetachRolePolicyOutput, error) // Removes the specified managed policy from the specified user. A user can also // have inline policies embedded with it. To delete an inline policy, use // DeleteUserPolicy . For information about policies, see Managed policies and // inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. DetachUserPolicy(ctx context.Context, params *DetachUserPolicyInput, optFns ...func(*Options)) (*DetachUserPolicyOutput, error) // Enables the specified MFA device and associates it with the specified IAM user. // When enabled, the MFA device is required for every subsequent login by the IAM // user associated with the device. EnableMFADevice(ctx context.Context, params *EnableMFADeviceInput, optFns ...func(*Options)) (*EnableMFADeviceOutput, error) // Generates a credential report for the Amazon Web Services account. For more // information about the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) // in the IAM User Guide. GenerateCredentialReport(ctx context.Context, params *GenerateCredentialReportInput, optFns ...func(*Options)) (*GenerateCredentialReportOutput, error) // Generates a report for service last accessed data for Organizations. You can // generate a report for any entities (organization root, organizational unit, or // account) or policies in your organization. To call this operation, you must be // signed in using your Organizations management account credentials. You can use // your long-term IAM user or root user credentials, or temporary credentials from // assuming an IAM role. SCPs must be enabled for your organization root. You must // have the required IAM and Organizations permissions. For more information, see // Refining permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. You can generate a service last accessed data report for // entities by specifying only the entity's path. This data includes a list of // services that are allowed by any service control policies (SCPs) that apply to // the entity. You can generate a service last accessed data report for a policy by // specifying an entity's path and an optional Organizations policy ID. This data // includes a list of services that are allowed by the specified SCP. For each // service in both report types, the data includes the most recent account activity // that the policy allows to account principals in the entity or the entity's // children. For important information about the data, reporting period, // permissions required, troubleshooting, and supported Regions see Reducing // permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. The data includes all attempts to access Amazon Web // Services, not just the successful ones. This includes all attempts that were // made using the Amazon Web Services Management Console, the Amazon Web Services // API through any of the SDKs, or any of the command line tools. An unexpected // entry in the service last accessed data does not mean that an account has been // compromised, because the request might have been denied. Refer to your // CloudTrail logs as the authoritative source for information about all API calls // and whether they were successful or denied access. For more information, see // Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) // in the IAM User Guide. This operation returns a JobId . Use this parameter in // the GetOrganizationsAccessReport operation to check the status of the report // generation. To check the status of this request, use the JobId parameter in the // GetOrganizationsAccessReport operation and test the JobStatus response // parameter. When the job is complete, you can retrieve the report. To generate a // service last accessed data report for entities, specify an entity path without // specifying the optional Organizations policy ID. The type of entity that you // specify determines the data returned in the report. // - Root – When you specify the organizations root as the entity, the resulting // report lists all of the services allowed by SCPs that are attached to your root. // For each service, the report includes data for all accounts in your organization // except the management account, because the management account is not limited by // SCPs. // - OU – When you specify an organizational unit (OU) as the entity, the // resulting report lists all of the services allowed by SCPs that are attached to // the OU and its parents. For each service, the report includes data for all // accounts in the OU or its children. This data excludes the management account, // because the management account is not limited by SCPs. // - management account – When you specify the management account, the resulting // report lists all Amazon Web Services services, because the management account is // not limited by SCPs. For each service, the report includes data for only the // management account. // - Account – When you specify another account as the entity, the resulting // report lists all of the services allowed by SCPs that are attached to the // account and its parents. For each service, the report includes data for only the // specified account. // // To generate a service last accessed data report for policies, specify an entity // path and the optional Organizations policy ID. The type of entity that you // specify determines the data returned for each service. // - Root – When you specify the root entity and a policy ID, the resulting // report lists all of the services that are allowed by the specified SCP. For each // service, the report includes data for all accounts in your organization to which // the SCP applies. This data excludes the management account, because the // management account is not limited by SCPs. If the SCP is not attached to any // entities in the organization, then the report will return a list of services // with no data. // - OU – When you specify an OU entity and a policy ID, the resulting report // lists all of the services that are allowed by the specified SCP. For each // service, the report includes data for all accounts in the OU or its children to // which the SCP applies. This means that other accounts outside the OU that are // affected by the SCP might not be included in the data. This data excludes the // management account, because the management account is not limited by SCPs. If // the SCP is not attached to the OU or one of its children, the report will return // a list of services with no data. // - management account – When you specify the management account, the resulting // report lists all Amazon Web Services services, because the management account is // not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is // ignored. For each service, the report includes data for only the management // account. // - Account – When you specify another account entity and a policy ID, the // resulting report lists all of the services that are allowed by the specified // SCP. For each service, the report includes data for only the specified account. // This means that other accounts in the organization that are affected by the SCP // might not be included in the data. If the SCP is not attached to the account, // the report will return a list of services with no data. // // Service last accessed data does not use other policy types when determining // whether a principal could access a service. These other policy types include // identity-based policies, resource-based policies, access control lists, IAM // permissions boundaries, and STS assume role policies. It only applies SCP logic. // For more about the evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. For more information about service last accessed data, // see Reducing policy scope by viewing user activity (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. GenerateOrganizationsAccessReport(ctx context.Context, params *GenerateOrganizationsAccessReportInput, optFns ...func(*Options)) (*GenerateOrganizationsAccessReportOutput, error) // Generates a report that includes details about when an IAM resource (user, // group, role, or policy) was last used in an attempt to access Amazon Web // Services services. Recent activity usually appears within four hours. IAM // reports activity for at least the last 400 days, or less if your Region began // supporting this feature within the last year. For more information, see Regions // where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) // . The service last accessed data includes all attempts to access an Amazon Web // Services API, not just the successful ones. This includes all attempts that were // made using the Amazon Web Services Management Console, the Amazon Web Services // API through any of the SDKs, or any of the command line tools. An unexpected // entry in the service last accessed data does not mean that your account has been // compromised, because the request might have been denied. Refer to your // CloudTrail logs as the authoritative source for information about all API calls // and whether they were successful or denied access. For more information, see // Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) // in the IAM User Guide. The GenerateServiceLastAccessedDetails operation returns // a JobId . Use this parameter in the following operations to retrieve the // following details from your report: // - GetServiceLastAccessedDetails – Use this operation for users, groups, roles, // or policies to list every Amazon Web Services service that the resource could // access using permissions policies. For each service, the response includes // information about the most recent access attempt. The JobId returned by // GenerateServiceLastAccessedDetail must be used by the same role within a // session, or by the same user when used to call GetServiceLastAccessedDetail . // - GetServiceLastAccessedDetailsWithEntities – Use this operation for groups // and policies to list information about the associated entities (users or roles) // that attempted to access a specific Amazon Web Services service. // // To check the status of the GenerateServiceLastAccessedDetails request, use the // JobId parameter in the same operations and test the JobStatus response // parameter. For additional information about the permissions policies that allow // an identity (user, group, or role) to access specific services, use the // ListPoliciesGrantingServiceAccess operation. Service last accessed data does not // use other policy types when determining whether a resource could access a // service. These other policy types include resource-based policies, access // control lists, Organizations policies, IAM permissions boundaries, and STS // assume role policies. It only applies permissions policy logic. For more about // the evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. For more information about service and action last // accessed data, see Reducing permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. GenerateServiceLastAccessedDetails(ctx context.Context, params *GenerateServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GenerateServiceLastAccessedDetailsOutput, error) // Retrieves information about when the specified access key was last used. The // information includes the date and time of last use, along with the Amazon Web // Services service and Region that were specified in the last request made with // that key. GetAccessKeyLastUsed(ctx context.Context, params *GetAccessKeyLastUsedInput, optFns ...func(*Options)) (*GetAccessKeyLastUsedOutput, error) // Retrieves information about all IAM users, groups, roles, and policies in your // Amazon Web Services account, including their relationships to one another. Use // this operation to obtain a snapshot of the configuration of IAM permissions // (users, groups, roles, and policies) in your account. Policies returned by this // operation are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) // . You can use a URL decoding method to convert the policy back to plain JSON // text. For example, if you use Java, you can use the decode method of the // java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs // provide similar functionality. You can optionally filter the results using the // Filter parameter. You can paginate the results using the MaxItems and Marker // parameters. GetAccountAuthorizationDetails(ctx context.Context, params *GetAccountAuthorizationDetailsInput, optFns ...func(*Options)) (*GetAccountAuthorizationDetailsOutput, error) // Retrieves the password policy for the Amazon Web Services account. This tells // you the complexity requirements and mandatory rotation periods for the IAM user // passwords in your account. For more information about using a password policy, // see Managing an IAM password policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html) // . GetAccountPasswordPolicy(ctx context.Context, params *GetAccountPasswordPolicyInput, optFns ...func(*Options)) (*GetAccountPasswordPolicyOutput, error) // Retrieves information about IAM entity usage and IAM quotas in the Amazon Web // Services account. For information about IAM quotas, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. GetAccountSummary(ctx context.Context, params *GetAccountSummaryInput, optFns ...func(*Options)) (*GetAccountSummaryOutput, error) // Gets a list of all of the context keys referenced in the input policies. The // policies are supplied as a list of one or more strings. To get the context keys // from policies associated with an IAM user, group, or role, use // GetContextKeysForPrincipalPolicy . Context keys are variables maintained by // Amazon Web Services and its services that provide details about the context of // an API query request. Context keys can be evaluated by testing against a value // specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand // what key names and values you must supply when you call SimulateCustomPolicy . // Note that all parameters are shown in unencoded form here for clarity but must // be URL encoded to be included as a part of a real HTML request. GetContextKeysForCustomPolicy(ctx context.Context, params *GetContextKeysForCustomPolicyInput, optFns ...func(*Options)) (*GetContextKeysForCustomPolicyOutput, error) // Gets a list of all of the context keys referenced in all the IAM policies that // are attached to the specified IAM entity. The entity can be an IAM user, group, // or role. If you specify a user, then the request also includes all of the // policies attached to groups that the user is a member of. You can optionally // include a list of one or more additional policies, specified as strings. If you // want to include only a list of policies by string, use // GetContextKeysForCustomPolicy instead. Note: This operation discloses // information about the permissions granted to other users. If you do not want // users to see other user's permissions, then consider allowing them to use // GetContextKeysForCustomPolicy instead. Context keys are variables maintained by // Amazon Web Services and its services that provide details about the context of // an API query request. Context keys can be evaluated by testing against a value // in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key // names and values you must supply when you call SimulatePrincipalPolicy . GetContextKeysForPrincipalPolicy(ctx context.Context, params *GetContextKeysForPrincipalPolicyInput, optFns ...func(*Options)) (*GetContextKeysForPrincipalPolicyOutput, error) // Retrieves a credential report for the Amazon Web Services account. For more // information about the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) // in the IAM User Guide. GetCredentialReport(ctx context.Context, params *GetCredentialReportInput, optFns ...func(*Options)) (*GetCredentialReportOutput, error) // Returns a list of IAM users that are in the specified IAM group. You can // paginate the results using the MaxItems and Marker parameters. GetGroup(ctx context.Context, params *GetGroupInput, optFns ...func(*Options)) (*GetGroupOutput, error) // Retrieves the specified inline policy document that is embedded in the // specified IAM group. Policies returned by this operation are URL-encoded // compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) . You can use a // URL decoding method to convert the policy back to plain JSON text. For example, // if you use Java, you can use the decode method of the java.net.URLDecoder // utility class in the Java SDK. Other languages and SDKs provide similar // functionality. An IAM group can also have managed policies attached to it. To // retrieve a managed policy document that is attached to a group, use GetPolicy // to determine the policy's default version, then use GetPolicyVersion to // retrieve the policy document. For more information about policies, see Managed // policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. GetGroupPolicy(ctx context.Context, params *GetGroupPolicyInput, optFns ...func(*Options)) (*GetGroupPolicyOutput, error) // Retrieves information about the specified instance profile, including the // instance profile's path, GUID, ARN, and role. For more information about // instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html) // in the IAM User Guide. GetInstanceProfile(ctx context.Context, params *GetInstanceProfileInput, optFns ...func(*Options)) (*GetInstanceProfileOutput, error) // Retrieves the user name for the specified IAM user. A login profile is created // when you create a password for the user to access the Amazon Web Services // Management Console. If the user does not exist or does not have a password, the // operation returns a 404 ( NoSuchEntity ) error. If you create an IAM user with // access to the console, the CreateDate reflects the date you created the initial // password for the user. If you create an IAM user with programmatic access, and // then later add a password for the user to access the Amazon Web Services // Management Console, the CreateDate reflects the initial password creation date. // A user with programmatic access does not have a login profile unless you create // a password for the user to access the Amazon Web Services Management Console. GetLoginProfile(ctx context.Context, params *GetLoginProfileInput, optFns ...func(*Options)) (*GetLoginProfileOutput, error) // Returns information about the specified OpenID Connect (OIDC) provider resource // object in IAM. GetOpenIDConnectProvider(ctx context.Context, params *GetOpenIDConnectProviderInput, optFns ...func(*Options)) (*GetOpenIDConnectProviderOutput, error) // Retrieves the service last accessed data report for Organizations that was // previously generated using the GenerateOrganizationsAccessReport operation. // This operation retrieves the status of your report job and the report contents. // Depending on the parameters that you passed when you generated the report, the // data returned could include different information. For details, see // GenerateOrganizationsAccessReport . To call this operation, you must be signed // in to the management account in your organization. SCPs must be enabled for your // organization root. You must have permissions to perform this operation. For more // information, see Refining permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. For each service that principals in an account (root // user, IAM users, or IAM roles) could access using SCPs, the operation returns // details about the most recent access attempt. If there was no attempt, the // service is listed without details about the most recent attempt to access the // service. If the operation fails, it returns the reason that it failed. By // default, the list is sorted by service namespace. GetOrganizationsAccessReport(ctx context.Context, params *GetOrganizationsAccessReportInput, optFns ...func(*Options)) (*GetOrganizationsAccessReportOutput, error) // Retrieves information about the specified managed policy, including the // policy's default version and the total number of IAM users, groups, and roles to // which the policy is attached. To retrieve the list of the specific users, // groups, and roles that the policy is attached to, use ListEntitiesForPolicy . // This operation returns metadata about the policy. To retrieve the actual policy // document for a specific version of the policy, use GetPolicyVersion . This // operation retrieves information about managed policies. To retrieve information // about an inline policy that is embedded with an IAM user, group, or role, use // GetUserPolicy , GetGroupPolicy , or GetRolePolicy . For more information about // policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. GetPolicy(ctx context.Context, params *GetPolicyInput, optFns ...func(*Options)) (*GetPolicyOutput, error) // Retrieves information about the specified version of the specified managed // policy, including the policy document. Policies returned by this operation are // URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) . You // can use a URL decoding method to convert the policy back to plain JSON text. For // example, if you use Java, you can use the decode method of the // java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs // provide similar functionality. To list the available versions for a policy, use // ListPolicyVersions . This operation retrieves information about managed // policies. To retrieve information about an inline policy that is embedded in a // user, group, or role, use GetUserPolicy , GetGroupPolicy , or GetRolePolicy . // For more information about the types of policies, see Managed policies and // inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. For more information about managed policy versions, see // Versioning for managed policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) // in the IAM User Guide. GetPolicyVersion(ctx context.Context, params *GetPolicyVersionInput, optFns ...func(*Options)) (*GetPolicyVersionOutput, error) // Retrieves information about the specified role, including the role's path, // GUID, ARN, and the role's trust policy that grants permission to assume the // role. For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) // . Policies returned by this operation are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) // . You can use a URL decoding method to convert the policy back to plain JSON // text. For example, if you use Java, you can use the decode method of the // java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs // provide similar functionality. GetRole(ctx context.Context, params *GetRoleInput, optFns ...func(*Options)) (*GetRoleOutput, error) // Retrieves the specified inline policy document that is embedded with the // specified IAM role. Policies returned by this operation are URL-encoded // compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) . You can use a // URL decoding method to convert the policy back to plain JSON text. For example, // if you use Java, you can use the decode method of the java.net.URLDecoder // utility class in the Java SDK. Other languages and SDKs provide similar // functionality. An IAM role can also have managed policies attached to it. To // retrieve a managed policy document that is attached to a role, use GetPolicy to // determine the policy's default version, then use GetPolicyVersion to retrieve // the policy document. For more information about policies, see Managed policies // and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. For more information about roles, see Using roles to // delegate permissions and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) // . GetRolePolicy(ctx context.Context, params *GetRolePolicyInput, optFns ...func(*Options)) (*GetRolePolicyOutput, error) // Returns the SAML provider metadocument that was uploaded when the IAM SAML // provider resource object was created or updated. This operation requires // Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) // . GetSAMLProvider(ctx context.Context, params *GetSAMLProviderInput, optFns ...func(*Options)) (*GetSAMLProviderOutput, error) // Retrieves the specified SSH public key, including metadata about the key. The // SSH public key retrieved by this operation is used only for authenticating the // associated IAM user to an CodeCommit repository. For more information about // using SSH keys to authenticate to an CodeCommit repository, see Set up // CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) // in the CodeCommit User Guide. GetSSHPublicKey(ctx context.Context, params *GetSSHPublicKeyInput, optFns ...func(*Options)) (*GetSSHPublicKeyOutput, error) // Retrieves information about the specified server certificate stored in IAM. For // more information about working with server certificates, see Working with // server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. This topic includes a list of Amazon Web Services // services that can use the server certificates that you manage with IAM. GetServerCertificate(ctx context.Context, params *GetServerCertificateInput, optFns ...func(*Options)) (*GetServerCertificateOutput, error) // Retrieves a service last accessed report that was created using the // GenerateServiceLastAccessedDetails operation. You can use the JobId parameter // in GetServiceLastAccessedDetails to retrieve the status of your report job. // When the report is complete, you can retrieve the generated report. The report // includes a list of Amazon Web Services services that the resource (user, group, // role, or managed policy) can access. Service last accessed data does not use // other policy types when determining whether a resource could access a service. // These other policy types include resource-based policies, access control lists, // Organizations policies, IAM permissions boundaries, and STS assume role // policies. It only applies permissions policy logic. For more about the // evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. For each service that the resource could access using // permissions policies, the operation returns details about the most recent access // attempt. If there was no attempt, the service is listed without details about // the most recent attempt to access the service. If the operation fails, the // GetServiceLastAccessedDetails operation returns the reason that it failed. The // GetServiceLastAccessedDetails operation returns a list of services. This list // includes the number of entities that have attempted to access the service and // the date and time of the last attempt. It also returns the ARN of the following // entity, depending on the resource ARN that you used to generate the report: // - User – Returns the user ARN that you used to generate the report // - Group – Returns the ARN of the group member (user) that last attempted to // access the service // - Role – Returns the role ARN that you used to generate the report // - Policy – Returns the ARN of the user or role that last used the policy to // attempt to access the service // // By default, the list is sorted by service namespace. If you specified // ACTION_LEVEL granularity when you generated the report, this operation returns // service and action last accessed data. This includes the most recent access // attempt for each tracked action within a service. Otherwise, this operation // returns only service data. For more information about service and action last // accessed data, see Reducing permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. GetServiceLastAccessedDetails(ctx context.Context, params *GetServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsOutput, error) // After you generate a group or policy report using the // GenerateServiceLastAccessedDetails operation, you can use the JobId parameter // in GetServiceLastAccessedDetailsWithEntities . This operation retrieves the // status of your report job and a list of entities that could have used group or // policy permissions to access the specified service. // - Group – For a group report, this operation returns a list of users in the // group that could have used the group’s policies in an attempt to access the // service. // - Policy – For a policy report, this operation returns a list of entities // (users or roles) that could have used the policy in an attempt to access the // service. // // You can also use this operation for user or role reports to retrieve details // about those entities. If the operation fails, the // GetServiceLastAccessedDetailsWithEntities operation returns the reason that it // failed. By default, the list of associated entities is sorted by date, with the // most recent access listed first. GetServiceLastAccessedDetailsWithEntities(ctx context.Context, params *GetServiceLastAccessedDetailsWithEntitiesInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsWithEntitiesOutput, error) // Retrieves the status of your service-linked role deletion. After you use // DeleteServiceLinkedRole to submit a service-linked role for deletion, you can // use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus to check // the status of the deletion. If the deletion fails, this operation returns the // reason that it failed, if that information is returned by the service. GetServiceLinkedRoleDeletionStatus(ctx context.Context, params *GetServiceLinkedRoleDeletionStatusInput, optFns ...func(*Options)) (*GetServiceLinkedRoleDeletionStatusOutput, error) // Retrieves information about the specified IAM user, including the user's // creation date, path, unique ID, and ARN. If you do not specify a user name, IAM // determines the user name implicitly based on the Amazon Web Services access key // ID used to sign the request to this operation. GetUser(ctx context.Context, params *GetUserInput, optFns ...func(*Options)) (*GetUserOutput, error) // Retrieves the specified inline policy document that is embedded in the // specified IAM user. Policies returned by this operation are URL-encoded // compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986) . You can use a // URL decoding method to convert the policy back to plain JSON text. For example, // if you use Java, you can use the decode method of the java.net.URLDecoder // utility class in the Java SDK. Other languages and SDKs provide similar // functionality. An IAM user can also have managed policies attached to it. To // retrieve a managed policy document that is attached to a user, use GetPolicy to // determine the policy's default version. Then use GetPolicyVersion to retrieve // the policy document. For more information about policies, see Managed policies // and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. GetUserPolicy(ctx context.Context, params *GetUserPolicyInput, optFns ...func(*Options)) (*GetUserPolicyOutput, error) // Returns information about the access key IDs associated with the specified IAM // user. If there is none, the operation returns an empty list. Although each user // is limited to a small number of keys, you can still paginate the results using // the MaxItems and Marker parameters. If the UserName is not specified, the user // name is determined implicitly based on the Amazon Web Services access key ID // used to sign the request. If a temporary access key is used, then UserName is // required. If a long-term key is assigned to the user, then UserName is not // required. This operation works for access keys under the Amazon Web Services // account. Consequently, you can use this operation to manage Amazon Web Services // account root user credentials even if the Amazon Web Services account has no // associated users. To ensure the security of your Amazon Web Services account, // the secret access key is accessible only during key and user creation. ListAccessKeys(ctx context.Context, params *ListAccessKeysInput, optFns ...func(*Options)) (*ListAccessKeysOutput, error) // Lists the account alias associated with the Amazon Web Services account (Note: // you can have only one). For information about using an Amazon Web Services // account alias, see Creating, deleting, and listing an Amazon Web Services // account alias (https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html) // in the Amazon Web Services Sign-In User Guide. ListAccountAliases(ctx context.Context, params *ListAccountAliasesInput, optFns ...func(*Options)) (*ListAccountAliasesOutput, error) // Lists all managed policies that are attached to the specified IAM group. An IAM // group can also have inline policies embedded with it. To list the inline // policies for a group, use ListGroupPolicies . For information about policies, // see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. You can paginate the results using the MaxItems and // Marker parameters. You can use the PathPrefix parameter to limit the list of // policies to only those matching the specified path prefix. If there are no // policies attached to the specified group (or none that match the specified path // prefix), the operation returns an empty list. ListAttachedGroupPolicies(ctx context.Context, params *ListAttachedGroupPoliciesInput, optFns ...func(*Options)) (*ListAttachedGroupPoliciesOutput, error) // Lists all managed policies that are attached to the specified IAM role. An IAM // role can also have inline policies embedded with it. To list the inline policies // for a role, use ListRolePolicies . For information about policies, see Managed // policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. You can paginate the results using the MaxItems and // Marker parameters. You can use the PathPrefix parameter to limit the list of // policies to only those matching the specified path prefix. If there are no // policies attached to the specified role (or none that match the specified path // prefix), the operation returns an empty list. ListAttachedRolePolicies(ctx context.Context, params *ListAttachedRolePoliciesInput, optFns ...func(*Options)) (*ListAttachedRolePoliciesOutput, error) // Lists all managed policies that are attached to the specified IAM user. An IAM // user can also have inline policies embedded with it. To list the inline policies // for a user, use ListUserPolicies . For information about policies, see Managed // policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. You can paginate the results using the MaxItems and // Marker parameters. You can use the PathPrefix parameter to limit the list of // policies to only those matching the specified path prefix. If there are no // policies attached to the specified group (or none that match the specified path // prefix), the operation returns an empty list. ListAttachedUserPolicies(ctx context.Context, params *ListAttachedUserPoliciesInput, optFns ...func(*Options)) (*ListAttachedUserPoliciesOutput, error) // Lists all IAM users, groups, and roles that the specified managed policy is // attached to. You can use the optional EntityFilter parameter to limit the // results to a particular type of entity (users, groups, or roles). For example, // to list only the roles that are attached to the specified policy, set // EntityFilter to Role . You can paginate the results using the MaxItems and // Marker parameters. ListEntitiesForPolicy(ctx context.Context, params *ListEntitiesForPolicyInput, optFns ...func(*Options)) (*ListEntitiesForPolicyOutput, error) // Lists the names of the inline policies that are embedded in the specified IAM // group. An IAM group can also have managed policies attached to it. To list the // managed policies that are attached to a group, use ListAttachedGroupPolicies . // For more information about policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. You can paginate the results using the MaxItems and // Marker parameters. If there are no inline policies embedded with the specified // group, the operation returns an empty list. ListGroupPolicies(ctx context.Context, params *ListGroupPoliciesInput, optFns ...func(*Options)) (*ListGroupPoliciesOutput, error) // Lists the IAM groups that have the specified path prefix. You can paginate the // results using the MaxItems and Marker parameters. ListGroups(ctx context.Context, params *ListGroupsInput, optFns ...func(*Options)) (*ListGroupsOutput, error) // Lists the IAM groups that the specified IAM user belongs to. You can paginate // the results using the MaxItems and Marker parameters. ListGroupsForUser(ctx context.Context, params *ListGroupsForUserInput, optFns ...func(*Options)) (*ListGroupsForUserOutput, error) // Lists the tags that are attached to the specified IAM instance profile. The // returned list of tags is sorted by tag key. For more information about tagging, // see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. ListInstanceProfileTags(ctx context.Context, params *ListInstanceProfileTagsInput, optFns ...func(*Options)) (*ListInstanceProfileTagsOutput, error) // Lists the instance profiles that have the specified path prefix. If there are // none, the operation returns an empty list. For more information about instance // profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html) // . IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even though // they are an attribute of the returned object. To view all of the information for // an instance profile, see GetInstanceProfile . You can paginate the results using // the MaxItems and Marker parameters. ListInstanceProfiles(ctx context.Context, params *ListInstanceProfilesInput, optFns ...func(*Options)) (*ListInstanceProfilesOutput, error) // Lists the instance profiles that have the specified associated IAM role. If // there are none, the operation returns an empty list. For more information about // instance profiles, go to About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html) // . You can paginate the results using the MaxItems and Marker parameters. ListInstanceProfilesForRole(ctx context.Context, params *ListInstanceProfilesForRoleInput, optFns ...func(*Options)) (*ListInstanceProfilesForRoleOutput, error) // Lists the tags that are attached to the specified IAM virtual multi-factor // authentication (MFA) device. The returned list of tags is sorted by tag key. For // more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. ListMFADeviceTags(ctx context.Context, params *ListMFADeviceTagsInput, optFns ...func(*Options)) (*ListMFADeviceTagsOutput, error) // Lists the MFA devices for an IAM user. If the request includes a IAM user name, // then this operation lists all the MFA devices associated with the specified // user. If you do not specify a user name, IAM determines the user name implicitly // based on the Amazon Web Services access key ID signing the request for this // operation. You can paginate the results using the MaxItems and Marker // parameters. ListMFADevices(ctx context.Context, params *ListMFADevicesInput, optFns ...func(*Options)) (*ListMFADevicesOutput, error) // Lists the tags that are attached to the specified OpenID Connect // (OIDC)-compatible identity provider. The returned list of tags is sorted by tag // key. For more information, see About web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) // . For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. ListOpenIDConnectProviderTags(ctx context.Context, params *ListOpenIDConnectProviderTagsInput, optFns ...func(*Options)) (*ListOpenIDConnectProviderTagsOutput, error) // Lists information about the IAM OpenID Connect (OIDC) provider resource objects // defined in the Amazon Web Services account. IAM resource-listing operations // return a subset of the available attributes for the resource. For example, this // operation does not return tags, even though they are an attribute of the // returned object. To view all of the information for an OIDC provider, see // GetOpenIDConnectProvider . ListOpenIDConnectProviders(ctx context.Context, params *ListOpenIDConnectProvidersInput, optFns ...func(*Options)) (*ListOpenIDConnectProvidersOutput, error) // Lists all the managed policies that are available in your Amazon Web Services // account, including your own customer-defined managed policies and all Amazon Web // Services managed policies. You can filter the list of policies that is returned // using the optional OnlyAttached , Scope , and PathPrefix parameters. For // example, to list only the customer managed policies in your Amazon Web Services // account, set Scope to Local . To list only Amazon Web Services managed policies, // set Scope to AWS . You can paginate the results using the MaxItems and Marker // parameters. For more information about managed policies, see Managed policies // and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. IAM resource-listing operations return a subset of the // available attributes for the resource. For example, this operation does not // return tags, even though they are an attribute of the returned object. To view // all of the information for a customer manged policy, see GetPolicy . ListPolicies(ctx context.Context, params *ListPoliciesInput, optFns ...func(*Options)) (*ListPoliciesOutput, error) // Retrieves a list of policies that the IAM identity (user, group, or role) can // use to access each specified service. This operation does not use other policy // types when determining whether a resource could access a service. These other // policy types include resource-based policies, access control lists, // Organizations policies, IAM permissions boundaries, and STS assume role // policies. It only applies permissions policy logic. For more about the // evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. The list of policies returned by the operation depends on // the ARN of the identity that you provide. // - User – The list of policies includes the managed and inline policies that // are attached to the user directly. The list also includes any additional managed // and inline policies that are attached to the group to which the user belongs. // - Group – The list of policies includes only the managed and inline policies // that are attached to the group directly. Policies that are attached to the // group’s user are not included. // - Role – The list of policies includes only the managed and inline policies // that are attached to the role. // // For each managed policy, this operation returns the ARN and policy name. For // each inline policy, it returns the policy name and the entity to which it is // attached. Inline policies do not have an ARN. For more information about these // policy types, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) // in the IAM User Guide. Policies that are attached to users and roles as // permissions boundaries are not returned. To view which managed policy is // currently used to set the permissions boundary for a user or role, use the // GetUser or GetRole operations. ListPoliciesGrantingServiceAccess(ctx context.Context, params *ListPoliciesGrantingServiceAccessInput, optFns ...func(*Options)) (*ListPoliciesGrantingServiceAccessOutput, error) // Lists the tags that are attached to the specified IAM customer managed policy. // The returned list of tags is sorted by tag key. For more information about // tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. ListPolicyTags(ctx context.Context, params *ListPolicyTagsInput, optFns ...func(*Options)) (*ListPolicyTagsOutput, error) // Lists information about the versions of the specified managed policy, including // the version that is currently set as the policy's default version. For more // information about managed policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. ListPolicyVersions(ctx context.Context, params *ListPolicyVersionsInput, optFns ...func(*Options)) (*ListPolicyVersionsOutput, error) // Lists the names of the inline policies that are embedded in the specified IAM // role. An IAM role can also have managed policies attached to it. To list the // managed policies that are attached to a role, use ListAttachedRolePolicies . For // more information about policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. You can paginate the results using the MaxItems and // Marker parameters. If there are no inline policies embedded with the specified // role, the operation returns an empty list. ListRolePolicies(ctx context.Context, params *ListRolePoliciesInput, optFns ...func(*Options)) (*ListRolePoliciesOutput, error) // Lists the tags that are attached to the specified role. The returned list of // tags is sorted by tag key. For more information about tagging, see Tagging IAM // resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. ListRoleTags(ctx context.Context, params *ListRoleTagsInput, optFns ...func(*Options)) (*ListRoleTagsOutput, error) // Lists the IAM roles that have the specified path prefix. If there are none, the // operation returns an empty list. For more information about roles, see Working // with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) // . IAM resource-listing operations return a subset of the available attributes // for the resource. This operation does not return the following attributes, even // though they are an attribute of the returned object: // - PermissionsBoundary // - RoleLastUsed // - Tags // // To view all of the information for a role, see GetRole . You can paginate the // results using the MaxItems and Marker parameters. ListRoles(ctx context.Context, params *ListRolesInput, optFns ...func(*Options)) (*ListRolesOutput, error) // Lists the tags that are attached to the specified Security Assertion Markup // Language (SAML) identity provider. The returned list of tags is sorted by tag // key. For more information, see About SAML 2.0-based federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) // . For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. ListSAMLProviderTags(ctx context.Context, params *ListSAMLProviderTagsInput, optFns ...func(*Options)) (*ListSAMLProviderTagsOutput, error) // Lists the SAML provider resource objects defined in IAM in the account. IAM // resource-listing operations return a subset of the available attributes for the // resource. For example, this operation does not return tags, even though they are // an attribute of the returned object. To view all of the information for a SAML // provider, see GetSAMLProvider . This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) // . ListSAMLProviders(ctx context.Context, params *ListSAMLProvidersInput, optFns ...func(*Options)) (*ListSAMLProvidersOutput, error) // Returns information about the SSH public keys associated with the specified IAM // user. If none exists, the operation returns an empty list. The SSH public keys // returned by this operation are used only for authenticating the IAM user to an // CodeCommit repository. For more information about using SSH keys to authenticate // to an CodeCommit repository, see Set up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) // in the CodeCommit User Guide. Although each user is limited to a small number of // keys, you can still paginate the results using the MaxItems and Marker // parameters. ListSSHPublicKeys(ctx context.Context, params *ListSSHPublicKeysInput, optFns ...func(*Options)) (*ListSSHPublicKeysOutput, error) // Lists the tags that are attached to the specified IAM server certificate. The // returned list of tags is sorted by tag key. For more information about tagging, // see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. For certificates in a Region supported by Certificate // Manager (ACM), we recommend that you don't use IAM server certificates. Instead, // use ACM to provision, manage, and deploy your server certificates. For more // information about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. ListServerCertificateTags(ctx context.Context, params *ListServerCertificateTagsInput, optFns ...func(*Options)) (*ListServerCertificateTagsOutput, error) // Lists the server certificates stored in IAM that have the specified path // prefix. If none exist, the operation returns an empty list. You can paginate the // results using the MaxItems and Marker parameters. For more information about // working with server certificates, see Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. This topic also includes a list of Amazon Web Services // services that can use the server certificates that you manage with IAM. IAM // resource-listing operations return a subset of the available attributes for the // resource. For example, this operation does not return tags, even though they are // an attribute of the returned object. To view all of the information for a // servercertificate, see GetServerCertificate . ListServerCertificates(ctx context.Context, params *ListServerCertificatesInput, optFns ...func(*Options)) (*ListServerCertificatesOutput, error) // Returns information about the service-specific credentials associated with the // specified IAM user. If none exists, the operation returns an empty list. The // service-specific credentials returned by this operation are used only for // authenticating the IAM user to a specific service. For more information about // using service-specific credentials to authenticate to an Amazon Web Services // service, see Set up service-specific credentials (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html) // in the CodeCommit User Guide. ListServiceSpecificCredentials(ctx context.Context, params *ListServiceSpecificCredentialsInput, optFns ...func(*Options)) (*ListServiceSpecificCredentialsOutput, error) // Returns information about the signing certificates associated with the // specified IAM user. If none exists, the operation returns an empty list. // Although each user is limited to a small number of signing certificates, you can // still paginate the results using the MaxItems and Marker parameters. If the // UserName field is not specified, the user name is determined implicitly based on // the Amazon Web Services access key ID used to sign the request for this // operation. This operation works for access keys under the Amazon Web Services // account. Consequently, you can use this operation to manage Amazon Web Services // account root user credentials even if the Amazon Web Services account has no // associated users. ListSigningCertificates(ctx context.Context, params *ListSigningCertificatesInput, optFns ...func(*Options)) (*ListSigningCertificatesOutput, error) // Lists the names of the inline policies embedded in the specified IAM user. An // IAM user can also have managed policies attached to it. To list the managed // policies that are attached to a user, use ListAttachedUserPolicies . For more // information about policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. You can paginate the results using the MaxItems and // Marker parameters. If there are no inline policies embedded with the specified // user, the operation returns an empty list. ListUserPolicies(ctx context.Context, params *ListUserPoliciesInput, optFns ...func(*Options)) (*ListUserPoliciesOutput, error) // Lists the tags that are attached to the specified IAM user. The returned list // of tags is sorted by tag key. For more information about tagging, see Tagging // IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in // the IAM User Guide. ListUserTags(ctx context.Context, params *ListUserTagsInput, optFns ...func(*Options)) (*ListUserTagsOutput, error) // Lists the IAM users that have the specified path prefix. If no path prefix is // specified, the operation returns all users in the Amazon Web Services account. // If there are none, the operation returns an empty list. IAM resource-listing // operations return a subset of the available attributes for the resource. This // operation does not return the following attributes, even though they are an // attribute of the returned object: // - PermissionsBoundary // - Tags // // To view all of the information for a user, see GetUser . You can paginate the // results using the MaxItems and Marker parameters. ListUsers(ctx context.Context, params *ListUsersInput, optFns ...func(*Options)) (*ListUsersOutput, error) // Lists the virtual MFA devices defined in the Amazon Web Services account by // assignment status. If you do not specify an assignment status, the operation // returns a list of all virtual MFA devices. Assignment status can be Assigned , // Unassigned , or Any . IAM resource-listing operations return a subset of the // available attributes for the resource. For example, this operation does not // return tags, even though they are an attribute of the returned object. To view // tag information for a virtual MFA device, see ListMFADeviceTags . You can // paginate the results using the MaxItems and Marker parameters. ListVirtualMFADevices(ctx context.Context, params *ListVirtualMFADevicesInput, optFns ...func(*Options)) (*ListVirtualMFADevicesOutput, error) // Adds or updates an inline policy document that is embedded in the specified IAM // group. A user can also have managed policies attached to it. To attach a managed // policy to a group, use AttachGroupPolicy . To create a new managed policy, use // CreatePolicy . For information about policies, see Managed policies and inline // policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. For information about the maximum number of inline // policies that you can embed in a group, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. Because policy documents can be large, you should use // POST rather than GET when calling PutGroupPolicy . For general information about // using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) // in the IAM User Guide. PutGroupPolicy(ctx context.Context, params *PutGroupPolicyInput, optFns ...func(*Options)) (*PutGroupPolicyOutput, error) // Adds or updates the policy that is specified as the IAM role's permissions // boundary. You can use an Amazon Web Services managed policy or a customer // managed policy to set the boundary for a role. Use the boundary to control the // maximum permissions that the role can have. Setting a permissions boundary is an // advanced feature that can affect the permissions for the role. You cannot set // the boundary for a service-linked role. Policies used as permissions boundaries // do not provide permissions. You must also attach a permissions policy to the // role. To learn how the effective permissions for a role are evaluated, see IAM // JSON policy evaluation logic (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) // in the IAM User Guide. PutRolePermissionsBoundary(ctx context.Context, params *PutRolePermissionsBoundaryInput, optFns ...func(*Options)) (*PutRolePermissionsBoundaryOutput, error) // Adds or updates an inline policy document that is embedded in the specified IAM // role. When you embed an inline policy in a role, the inline policy is used as // part of the role's access (permissions) policy. The role's trust policy is // created at the same time as the role, using CreateRole . You can update a role's // trust policy using UpdateAssumeRolePolicy . For more information about IAM // roles, see Using roles to delegate permissions and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) // . A role can also have a managed policy attached to it. To attach a managed // policy to a role, use AttachRolePolicy . To create a new managed policy, use // CreatePolicy . For information about policies, see Managed policies and inline // policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. For information about the maximum number of inline // policies that you can embed with a role, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. Because policy documents can be large, you should use // POST rather than GET when calling PutRolePolicy . For general information about // using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) // in the IAM User Guide. PutRolePolicy(ctx context.Context, params *PutRolePolicyInput, optFns ...func(*Options)) (*PutRolePolicyOutput, error) // Adds or updates the policy that is specified as the IAM user's permissions // boundary. You can use an Amazon Web Services managed policy or a customer // managed policy to set the boundary for a user. Use the boundary to control the // maximum permissions that the user can have. Setting a permissions boundary is an // advanced feature that can affect the permissions for the user. Policies that are // used as permissions boundaries do not provide permissions. You must also attach // a permissions policy to the user. To learn how the effective permissions for a // user are evaluated, see IAM JSON policy evaluation logic (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) // in the IAM User Guide. PutUserPermissionsBoundary(ctx context.Context, params *PutUserPermissionsBoundaryInput, optFns ...func(*Options)) (*PutUserPermissionsBoundaryOutput, error) // Adds or updates an inline policy document that is embedded in the specified IAM // user. An IAM user can also have a managed policy attached to it. To attach a // managed policy to a user, use AttachUserPolicy . To create a new managed policy, // use CreatePolicy . For information about policies, see Managed policies and // inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. For information about the maximum number of inline // policies that you can embed in a user, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. Because policy documents can be large, you should use // POST rather than GET when calling PutUserPolicy . For general information about // using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) // in the IAM User Guide. PutUserPolicy(ctx context.Context, params *PutUserPolicyInput, optFns ...func(*Options)) (*PutUserPolicyOutput, error) // Removes the specified client ID (also known as audience) from the list of // client IDs registered for the specified IAM OpenID Connect (OIDC) provider // resource object. This operation is idempotent; it does not fail or return an // error if you try to remove a client ID that does not exist. RemoveClientIDFromOpenIDConnectProvider(ctx context.Context, params *RemoveClientIDFromOpenIDConnectProviderInput, optFns ...func(*Options)) (*RemoveClientIDFromOpenIDConnectProviderOutput, error) // Removes the specified IAM role from the specified EC2 instance profile. Make // sure that you do not have any Amazon EC2 instances running with the role you are // about to remove from the instance profile. Removing a role from an instance // profile that is associated with a running instance might break any applications // running on the instance. For more information about IAM roles, see Working with // roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) . // For more information about instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html) // . RemoveRoleFromInstanceProfile(ctx context.Context, params *RemoveRoleFromInstanceProfileInput, optFns ...func(*Options)) (*RemoveRoleFromInstanceProfileOutput, error) // Removes the specified user from the specified group. RemoveUserFromGroup(ctx context.Context, params *RemoveUserFromGroupInput, optFns ...func(*Options)) (*RemoveUserFromGroupOutput, error) // Resets the password for a service-specific credential. The new password is // Amazon Web Services generated and cryptographically strong. It cannot be // configured by the user. Resetting the password immediately invalidates the // previous password associated with this user. ResetServiceSpecificCredential(ctx context.Context, params *ResetServiceSpecificCredentialInput, optFns ...func(*Options)) (*ResetServiceSpecificCredentialOutput, error) // Synchronizes the specified MFA device with its IAM resource object on the // Amazon Web Services servers. For more information about creating and working // with virtual MFA devices, see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) // in the IAM User Guide. ResyncMFADevice(ctx context.Context, params *ResyncMFADeviceInput, optFns ...func(*Options)) (*ResyncMFADeviceOutput, error) // Sets the specified version of the specified policy as the policy's default // (operative) version. This operation affects all users, groups, and roles that // the policy is attached to. To list the users, groups, and roles that the policy // is attached to, use ListEntitiesForPolicy . For information about managed // policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. SetDefaultPolicyVersion(ctx context.Context, params *SetDefaultPolicyVersionInput, optFns ...func(*Options)) (*SetDefaultPolicyVersionOutput, error) // Sets the specified version of the global endpoint token as the token version // used for the Amazon Web Services account. By default, Security Token Service // (STS) is available as a global service, and all STS requests go to a single // endpoint at https://sts.amazonaws.com . Amazon Web Services recommends using // Regional STS endpoints to reduce latency, build in redundancy, and increase // session token availability. For information about Regional endpoints for STS, // see Security Token Service endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sts.html) // in the Amazon Web Services General Reference. If you make an STS call to the // global endpoint, the resulting session tokens might be valid in some Regions but // not others. It depends on the version that is set in this operation. Version 1 // tokens are valid only in Amazon Web Services Regions that are available by // default. These tokens do not work in manually enabled Regions, such as Asia // Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version // 2 tokens are longer and might affect systems where you temporarily store tokens. // For information, see Activating and deactivating STS in an Amazon Web Services // Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. To view the current session token version, see the // GlobalEndpointTokenVersion entry in the response of the GetAccountSummary // operation. SetSecurityTokenServicePreferences(ctx context.Context, params *SetSecurityTokenServicePreferencesInput, optFns ...func(*Options)) (*SetSecurityTokenServicePreferencesOutput, error) // Simulate how a set of IAM policies and optionally a resource-based policy works // with a list of API operations and Amazon Web Services resources to determine the // policies' effective permissions. The policies are provided as strings. The // simulation does not perform the API operations; it only checks the authorization // to determine if the simulated policies allow or deny the operations. You can // simulate resources that don't exist in your account. If you want to simulate // existing policies that are attached to an IAM user, group, or role, use // SimulatePrincipalPolicy instead. Context keys are variables that are maintained // by Amazon Web Services and its services and which provide details about the // context of an API query request. You can use the Condition element of an IAM // policy to evaluate context keys. To get the list of context keys that the // policies require for correct simulation, use GetContextKeysForCustomPolicy . If // the output is long, you can use MaxItems and Marker parameters to paginate the // results. The IAM policy simulator evaluates statements in the identity-based // policy and the inputs that you provide during simulation. The policy simulator // results can differ from your live Amazon Web Services environment. We recommend // that you check your policies against your live Amazon Web Services environment // after testing using the policy simulator to confirm that you have the desired // results. For more information about using the policy simulator, see Testing IAM // policies with the IAM policy simulator (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html) // in the IAM User Guide. SimulateCustomPolicy(ctx context.Context, params *SimulateCustomPolicyInput, optFns ...func(*Options)) (*SimulateCustomPolicyOutput, error) // Simulate how a set of IAM policies attached to an IAM entity works with a list // of API operations and Amazon Web Services resources to determine the policies' // effective permissions. The entity can be an IAM user, group, or role. If you // specify a user, then the simulation also includes all of the policies that are // attached to groups that the user belongs to. You can simulate resources that // don't exist in your account. You can optionally include a list of one or more // additional policies specified as strings to include in the simulation. If you // want to simulate only policies specified as strings, use SimulateCustomPolicy // instead. You can also optionally include one resource-based policy to be // evaluated with each of the resources included in the simulation for IAM users // only. The simulation does not perform the API operations; it only checks the // authorization to determine if the simulated policies allow or deny the // operations. Note: This operation discloses information about the permissions // granted to other users. If you do not want users to see other user's // permissions, then consider allowing them to use SimulateCustomPolicy instead. // Context keys are variables maintained by Amazon Web Services and its services // that provide details about the context of an API query request. You can use the // Condition element of an IAM policy to evaluate context keys. To get the list of // context keys that the policies require for correct simulation, use // GetContextKeysForPrincipalPolicy . If the output is long, you can use the // MaxItems and Marker parameters to paginate the results. The IAM policy // simulator evaluates statements in the identity-based policy and the inputs that // you provide during simulation. The policy simulator results can differ from your // live Amazon Web Services environment. We recommend that you check your policies // against your live Amazon Web Services environment after testing using the policy // simulator to confirm that you have the desired results. For more information // about using the policy simulator, see Testing IAM policies with the IAM policy // simulator (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html) // in the IAM User Guide. SimulatePrincipalPolicy(ctx context.Context, params *SimulatePrincipalPolicyInput, optFns ...func(*Options)) (*SimulatePrincipalPolicyOutput, error) // Adds one or more tags to an IAM instance profile. If a tag with the same key // name already exists, then that tag is overwritten with the new value. Each tag // consists of a key name and an associated value. By assigning tags to your // resources, you can do the following: // // - Administrative grouping and discovery - Attach tags to resources to aid in // organization and search. For example, you could search for all resources with // the key name Project and the value MyImportantProject. Or search for all // resources with the key name Cost Center and the value 41200. // // - Access control - Include tags in IAM user-based and resource-based // policies. You can use tags to restrict access to only an IAM instance profile // that has a specified tag attached. For examples of policies that show how to use // tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not created. // For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // // - Amazon Web Services always interprets the tag Value as a single string. If // you need to store an array, you can store comma-separated values in the string. // However, you must interpret the value in your code. TagInstanceProfile(ctx context.Context, params *TagInstanceProfileInput, optFns ...func(*Options)) (*TagInstanceProfileOutput, error) // Adds one or more tags to an IAM virtual multi-factor authentication (MFA) // device. If a tag with the same key name already exists, then that tag is // overwritten with the new value. A tag consists of a key name and an associated // value. By assigning tags to your resources, you can do the following: // // - Administrative grouping and discovery - Attach tags to resources to aid in // organization and search. For example, you could search for all resources with // the key name Project and the value MyImportantProject. Or search for all // resources with the key name Cost Center and the value 41200. // // - Access control - Include tags in IAM user-based and resource-based // policies. You can use tags to restrict access to only an IAM virtual MFA device // that has a specified tag attached. For examples of policies that show how to use // tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not created. // For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // // - Amazon Web Services always interprets the tag Value as a single string. If // you need to store an array, you can store comma-separated values in the string. // However, you must interpret the value in your code. TagMFADevice(ctx context.Context, params *TagMFADeviceInput, optFns ...func(*Options)) (*TagMFADeviceOutput, error) // Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider. // For more information about these providers, see About web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) // . If a tag with the same key name already exists, then that tag is overwritten // with the new value. A tag consists of a key name and an associated value. By // assigning tags to your resources, you can do the following: // // - Administrative grouping and discovery - Attach tags to resources to aid in // organization and search. For example, you could search for all resources with // the key name Project and the value MyImportantProject. Or search for all // resources with the key name Cost Center and the value 41200. // // - Access control - Include tags in IAM identity-based and resource-based // policies. You can use tags to restrict access to only an OIDC provider that has // a specified tag attached. For examples of policies that show how to use tags to // control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not created. // For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // // - Amazon Web Services always interprets the tag Value as a single string. If // you need to store an array, you can store comma-separated values in the string. // However, you must interpret the value in your code. TagOpenIDConnectProvider(ctx context.Context, params *TagOpenIDConnectProviderInput, optFns ...func(*Options)) (*TagOpenIDConnectProviderOutput, error) // Adds one or more tags to an IAM customer managed policy. If a tag with the same // key name already exists, then that tag is overwritten with the new value. A tag // consists of a key name and an associated value. By assigning tags to your // resources, you can do the following: // // - Administrative grouping and discovery - Attach tags to resources to aid in // organization and search. For example, you could search for all resources with // the key name Project and the value MyImportantProject. Or search for all // resources with the key name Cost Center and the value 41200. // // - Access control - Include tags in IAM user-based and resource-based // policies. You can use tags to restrict access to only an IAM customer managed // policy that has a specified tag attached. For examples of policies that show how // to use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not created. // For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // // - Amazon Web Services always interprets the tag Value as a single string. If // you need to store an array, you can store comma-separated values in the string. // However, you must interpret the value in your code. TagPolicy(ctx context.Context, params *TagPolicyInput, optFns ...func(*Options)) (*TagPolicyOutput, error) // Adds one or more tags to an IAM role. The role can be a regular role or a // service-linked role. If a tag with the same key name already exists, then that // tag is overwritten with the new value. A tag consists of a key name and an // associated value. By assigning tags to your resources, you can do the following: // // - Administrative grouping and discovery - Attach tags to resources to aid in // organization and search. For example, you could search for all resources with // the key name Project and the value MyImportantProject. Or search for all // resources with the key name Cost Center and the value 41200. // // - Access control - Include tags in IAM user-based and resource-based // policies. You can use tags to restrict access to only an IAM role that has a // specified tag attached. You can also restrict access to only those resources // that have a certain tag attached. For examples of policies that show how to use // tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - Cost allocation - Use tags to help track which individuals and teams are // using which Amazon Web Services resources. // // - If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not created. // For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // // - Amazon Web Services always interprets the tag Value as a single string. If // you need to store an array, you can store comma-separated values in the string. // However, you must interpret the value in your code. // // For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. TagRole(ctx context.Context, params *TagRoleInput, optFns ...func(*Options)) (*TagRoleOutput, error) // Adds one or more tags to a Security Assertion Markup Language (SAML) identity // provider. For more information about these providers, see About SAML 2.0-based // federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) // . If a tag with the same key name already exists, then that tag is overwritten // with the new value. A tag consists of a key name and an associated value. By // assigning tags to your resources, you can do the following: // // - Administrative grouping and discovery - Attach tags to resources to aid in // organization and search. For example, you could search for all resources with // the key name Project and the value MyImportantProject. Or search for all // resources with the key name Cost Center and the value 41200. // // - Access control - Include tags in IAM user-based and resource-based // policies. You can use tags to restrict access to only a SAML identity provider // that has a specified tag attached. For examples of policies that show how to use // tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not created. // For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // // - Amazon Web Services always interprets the tag Value as a single string. If // you need to store an array, you can store comma-separated values in the string. // However, you must interpret the value in your code. TagSAMLProvider(ctx context.Context, params *TagSAMLProviderInput, optFns ...func(*Options)) (*TagSAMLProviderOutput, error) // Adds one or more tags to an IAM server certificate. If a tag with the same key // name already exists, then that tag is overwritten with the new value. For // certificates in a Region supported by Certificate Manager (ACM), we recommend // that you don't use IAM server certificates. Instead, use ACM to provision, // manage, and deploy your server certificates. For more information about IAM // server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. A tag consists of a key name and an associated value. By // assigning tags to your resources, you can do the following: // // - Administrative grouping and discovery - Attach tags to resources to aid in // organization and search. For example, you could search for all resources with // the key name Project and the value MyImportantProject. Or search for all // resources with the key name Cost Center and the value 41200. // // - Access control - Include tags in IAM user-based and resource-based // policies. You can use tags to restrict access to only a server certificate that // has a specified tag attached. For examples of policies that show how to use tags // to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - Cost allocation - Use tags to help track which individuals and teams are // using which Amazon Web Services resources. // // - If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not created. // For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // // - Amazon Web Services always interprets the tag Value as a single string. If // you need to store an array, you can store comma-separated values in the string. // However, you must interpret the value in your code. TagServerCertificate(ctx context.Context, params *TagServerCertificateInput, optFns ...func(*Options)) (*TagServerCertificateOutput, error) // Adds one or more tags to an IAM user. If a tag with the same key name already // exists, then that tag is overwritten with the new value. A tag consists of a key // name and an associated value. By assigning tags to your resources, you can do // the following: // // - Administrative grouping and discovery - Attach tags to resources to aid in // organization and search. For example, you could search for all resources with // the key name Project and the value MyImportantProject. Or search for all // resources with the key name Cost Center and the value 41200. // // - Access control - Include tags in IAM identity-based and resource-based // policies. You can use tags to restrict access to only an IAM requesting user // that has a specified tag attached. You can also restrict access to only those // resources that have a certain tag attached. For examples of policies that show // how to use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - Cost allocation - Use tags to help track which individuals and teams are // using which Amazon Web Services resources. // // - If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not created. // For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // // - Amazon Web Services always interprets the tag Value as a single string. If // you need to store an array, you can store comma-separated values in the string. // However, you must interpret the value in your code. // // For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. TagUser(ctx context.Context, params *TagUserInput, optFns ...func(*Options)) (*TagUserOutput, error) // Removes the specified tags from the IAM instance profile. For more information // about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. UntagInstanceProfile(ctx context.Context, params *UntagInstanceProfileInput, optFns ...func(*Options)) (*UntagInstanceProfileOutput, error) // Removes the specified tags from the IAM virtual multi-factor authentication // (MFA) device. For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. UntagMFADevice(ctx context.Context, params *UntagMFADeviceInput, optFns ...func(*Options)) (*UntagMFADeviceOutput, error) // Removes the specified tags from the specified OpenID Connect (OIDC)-compatible // identity provider in IAM. For more information about OIDC providers, see About // web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) // . For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. UntagOpenIDConnectProvider(ctx context.Context, params *UntagOpenIDConnectProviderInput, optFns ...func(*Options)) (*UntagOpenIDConnectProviderOutput, error) // Removes the specified tags from the customer managed policy. For more // information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. UntagPolicy(ctx context.Context, params *UntagPolicyInput, optFns ...func(*Options)) (*UntagPolicyOutput, error) // Removes the specified tags from the role. For more information about tagging, // see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. UntagRole(ctx context.Context, params *UntagRoleInput, optFns ...func(*Options)) (*UntagRoleOutput, error) // Removes the specified tags from the specified Security Assertion Markup // Language (SAML) identity provider in IAM. For more information about these // providers, see About web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) // . For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. UntagSAMLProvider(ctx context.Context, params *UntagSAMLProviderInput, optFns ...func(*Options)) (*UntagSAMLProviderOutput, error) // Removes the specified tags from the IAM server certificate. For more // information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. For certificates in a Region supported by Certificate // Manager (ACM), we recommend that you don't use IAM server certificates. Instead, // use ACM to provision, manage, and deploy your server certificates. For more // information about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. UntagServerCertificate(ctx context.Context, params *UntagServerCertificateInput, optFns ...func(*Options)) (*UntagServerCertificateOutput, error) // Removes the specified tags from the user. For more information about tagging, // see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. UntagUser(ctx context.Context, params *UntagUserInput, optFns ...func(*Options)) (*UntagUserOutput, error) // Changes the status of the specified access key from Active to Inactive, or vice // versa. This operation can be used to disable a user's key as part of a key // rotation workflow. If the UserName is not specified, the user name is // determined implicitly based on the Amazon Web Services access key ID used to // sign the request. If a temporary access key is used, then UserName is required. // If a long-term key is assigned to the user, then UserName is not required. This // operation works for access keys under the Amazon Web Services account. // Consequently, you can use this operation to manage Amazon Web Services account // root user credentials even if the Amazon Web Services account has no associated // users. For information about rotating keys, see Managing keys and certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html) // in the IAM User Guide. UpdateAccessKey(ctx context.Context, params *UpdateAccessKeyInput, optFns ...func(*Options)) (*UpdateAccessKeyOutput, error) // Updates the password policy settings for the Amazon Web Services account. This // operation does not support partial updates. No parameters are required, but if // you do not specify a parameter, that parameter's value reverts to its default // value. See the Request Parameters section for each parameter's default value. // Also note that some parameters do not allow the default parameter to be // explicitly set. Instead, to invoke the default value, do not include that // parameter when you invoke the operation. For more information about using a // password policy, see Managing an IAM password policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html) // in the IAM User Guide. UpdateAccountPasswordPolicy(ctx context.Context, params *UpdateAccountPasswordPolicyInput, optFns ...func(*Options)) (*UpdateAccountPasswordPolicyOutput, error) // Updates the policy that grants an IAM entity permission to assume a role. This // is typically referred to as the "role trust policy". For more information about // roles, see Using roles to delegate permissions and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) // . UpdateAssumeRolePolicy(ctx context.Context, params *UpdateAssumeRolePolicyInput, optFns ...func(*Options)) (*UpdateAssumeRolePolicyOutput, error) // Updates the name and/or the path of the specified IAM group. You should // understand the implications of changing a group's path or name. For more // information, see Renaming users and groups (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html) // in the IAM User Guide. The person making the request (the principal), must have // permission to change the role group with the old name and the new name. For // example, to change the group named Managers to MGRs , the principal must have a // policy that allows them to update both groups. If the principal has permission // to update the Managers group, but not the MGRs group, then the update fails. // For more information about permissions, see Access management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) // . UpdateGroup(ctx context.Context, params *UpdateGroupInput, optFns ...func(*Options)) (*UpdateGroupOutput, error) // Changes the password for the specified IAM user. You can use the CLI, the // Amazon Web Services API, or the Users page in the IAM console to change the // password for any IAM user. Use ChangePassword to change your own password in // the My Security Credentials page in the Amazon Web Services Management Console. // For more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) // in the IAM User Guide. UpdateLoginProfile(ctx context.Context, params *UpdateLoginProfileInput, optFns ...func(*Options)) (*UpdateLoginProfileOutput, error) // Replaces the existing list of server certificate thumbprints associated with an // OpenID Connect (OIDC) provider resource object with a new list of thumbprints. // The list that you pass with this operation completely replaces the existing list // of thumbprints. (The lists are not merged.) Typically, you need to update a // thumbprint only when the identity provider certificate changes, which occurs // rarely. However, if the provider's certificate does change, any attempt to // assume an IAM role that specifies the OIDC provider as a principal fails until // the certificate thumbprint is updated. Amazon Web Services secures communication // with some OIDC identity providers (IdPs) through our library of trusted // certificate authorities (CAs) instead of using a certificate thumbprint to // verify your IdP server certificate. These OIDC IdPs include Google, Auth0, and // those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. // In these cases, your legacy thumbprint remains in your configuration, but is no // longer used for validation. Trust for the OIDC provider is derived from the // provider certificate and is validated by the thumbprint. Therefore, it is best // to limit access to the UpdateOpenIDConnectProviderThumbprint operation to // highly privileged users. UpdateOpenIDConnectProviderThumbprint(ctx context.Context, params *UpdateOpenIDConnectProviderThumbprintInput, optFns ...func(*Options)) (*UpdateOpenIDConnectProviderThumbprintOutput, error) // Updates the description or maximum session duration setting of a role. UpdateRole(ctx context.Context, params *UpdateRoleInput, optFns ...func(*Options)) (*UpdateRoleOutput, error) // Use UpdateRole instead. Modifies only the description of a role. This operation // performs the same function as the Description parameter in the UpdateRole // operation. UpdateRoleDescription(ctx context.Context, params *UpdateRoleDescriptionInput, optFns ...func(*Options)) (*UpdateRoleDescriptionOutput, error) // Updates the metadata document for an existing SAML provider resource object. // This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) // . UpdateSAMLProvider(ctx context.Context, params *UpdateSAMLProviderInput, optFns ...func(*Options)) (*UpdateSAMLProviderOutput, error) // Sets the status of an IAM user's SSH public key to active or inactive. SSH // public keys that are inactive cannot be used for authentication. This operation // can be used to disable a user's SSH public key as part of a key rotation work // flow. The SSH public key affected by this operation is used only for // authenticating the associated IAM user to an CodeCommit repository. For more // information about using SSH keys to authenticate to an CodeCommit repository, // see Set up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) // in the CodeCommit User Guide. UpdateSSHPublicKey(ctx context.Context, params *UpdateSSHPublicKeyInput, optFns ...func(*Options)) (*UpdateSSHPublicKeyOutput, error) // Updates the name and/or the path of the specified server certificate stored in // IAM. For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. This topic also includes a list of Amazon Web Services // services that can use the server certificates that you manage with IAM. You // should understand the implications of changing a server certificate's path or // name. For more information, see Renaming a server certificate (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts) // in the IAM User Guide. The person making the request (the principal), must have // permission to change the server certificate with the old name and the new name. // For example, to change the certificate named ProductionCert to ProdCert , the // principal must have a policy that allows them to update both certificates. If // the principal has permission to update the ProductionCert group, but not the // ProdCert certificate, then the update fails. For more information about // permissions, see Access management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) // in the IAM User Guide. UpdateServerCertificate(ctx context.Context, params *UpdateServerCertificateInput, optFns ...func(*Options)) (*UpdateServerCertificateOutput, error) // Sets the status of a service-specific credential to Active or Inactive . // Service-specific credentials that are inactive cannot be used for authentication // to the service. This operation can be used to disable a user's service-specific // credential as part of a credential rotation work flow. UpdateServiceSpecificCredential(ctx context.Context, params *UpdateServiceSpecificCredentialInput, optFns ...func(*Options)) (*UpdateServiceSpecificCredentialOutput, error) // Changes the status of the specified user signing certificate from active to // disabled, or vice versa. This operation can be used to disable an IAM user's // signing certificate as part of a certificate rotation work flow. If the UserName // field is not specified, the user name is determined implicitly based on the // Amazon Web Services access key ID used to sign the request. This operation works // for access keys under the Amazon Web Services account. Consequently, you can use // this operation to manage Amazon Web Services account root user credentials even // if the Amazon Web Services account has no associated users. UpdateSigningCertificate(ctx context.Context, params *UpdateSigningCertificateInput, optFns ...func(*Options)) (*UpdateSigningCertificateOutput, error) // Updates the name and/or the path of the specified IAM user. You should // understand the implications of changing an IAM user's path or name. For more // information, see Renaming an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming) // and Renaming an IAM group (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html) // in the IAM User Guide. To change a user name, the requester must have // appropriate permissions on both the source object and the target object. For // example, to change Bob to Robert, the entity making the request must have // permission on Bob and Robert, or must have permission on all (*). For more // information about permissions, see Permissions and policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html) // . UpdateUser(ctx context.Context, params *UpdateUserInput, optFns ...func(*Options)) (*UpdateUserOutput, error) // Uploads an SSH public key and associates it with the specified IAM user. The // SSH public key uploaded by this operation can be used only for authenticating // the associated IAM user to an CodeCommit repository. For more information about // using SSH keys to authenticate to an CodeCommit repository, see Set up // CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) // in the CodeCommit User Guide. UploadSSHPublicKey(ctx context.Context, params *UploadSSHPublicKeyInput, optFns ...func(*Options)) (*UploadSSHPublicKeyOutput, error) // Uploads a server certificate entity for the Amazon Web Services account. The // server certificate entity includes a public key certificate, a private key, and // an optional certificate chain, which should all be PEM-encoded. We recommend // that you use Certificate Manager (https://docs.aws.amazon.com/acm/) to // provision, manage, and deploy your server certificates. With ACM you can request // a certificate, deploy it to Amazon Web Services resources, and let ACM handle // certificate renewals for you. Certificates provided by ACM are free. For more // information about using ACM, see the Certificate Manager User Guide (https://docs.aws.amazon.com/acm/latest/userguide/) // . For more information about working with server certificates, see Working with // server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. This topic includes a list of Amazon Web Services // services that can use the server certificates that you manage with IAM. For // information about the number of server certificates you can upload, see IAM and // STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. Because the body of the public key certificate, private // key, and the certificate chain can be large, you should use POST rather than GET // when calling UploadServerCertificate . For information about setting up // signatures and authorization through the API, see Signing Amazon Web Services // API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) // in the Amazon Web Services General Reference. For general information about // using the Query API with IAM, see Calling the API by making HTTP query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) // in the IAM User Guide. UploadServerCertificate(ctx context.Context, params *UploadServerCertificateInput, optFns ...func(*Options)) (*UploadServerCertificateOutput, error) // Uploads an X.509 signing certificate and associates it with the specified IAM // user. Some Amazon Web Services services require you to use certificates to // validate requests that are signed with a corresponding private key. When you // upload the certificate, its default status is Active . For information about // when you would use an X.509 signing certificate, see Managing server // certificates in IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. If the UserName is not specified, the IAM user name is // determined implicitly based on the Amazon Web Services access key ID used to // sign the request. This operation works for access keys under the Amazon Web // Services account. Consequently, you can use this operation to manage Amazon Web // Services account root user credentials even if the Amazon Web Services account // has no associated users. Because the body of an X.509 certificate can be large, // you should use POST rather than GET when calling UploadSigningCertificate . For // information about setting up signatures and authorization through the API, see // Signing Amazon Web Services API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) // in the Amazon Web Services General Reference. For general information about // using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) // in the IAM User Guide. UploadSigningCertificate(ctx context.Context, params *UploadSigningCertificateInput, optFns ...func(*Options)) (*UploadSigningCertificateOutput, error) }
IAM provides an interface to the AWS IAM service.
type Outposts ¶ added in v0.112.0
type Outposts interface { // Cancels the specified order for an Outpost. CancelOrder(ctx context.Context, params *CancelOrderInput, optFns ...func(*Options)) (*CancelOrderOutput, error) // Creates an order for an Outpost. CreateOrder(ctx context.Context, params *CreateOrderInput, optFns ...func(*Options)) (*CreateOrderOutput, error) // Creates an Outpost. You can specify either an Availability one or an AZ ID. CreateOutpost(ctx context.Context, params *CreateOutpostInput, optFns ...func(*Options)) (*CreateOutpostOutput, error) // Creates a site for an Outpost. CreateSite(ctx context.Context, params *CreateSiteInput, optFns ...func(*Options)) (*CreateSiteOutput, error) // Deletes the specified Outpost. DeleteOutpost(ctx context.Context, params *DeleteOutpostInput, optFns ...func(*Options)) (*DeleteOutpostOutput, error) // Deletes the specified site. DeleteSite(ctx context.Context, params *DeleteSiteInput, optFns ...func(*Options)) (*DeleteSiteOutput, error) // Gets information about the specified catalog item. GetCatalogItem(ctx context.Context, params *GetCatalogItemInput, optFns ...func(*Options)) (*GetCatalogItemOutput, error) // Amazon Web Services uses this action to install Outpost servers. Gets // information about the specified connection. Use CloudTrail to monitor this // action or Amazon Web Services managed policy for Amazon Web Services Outposts to // secure it. For more information, see Amazon Web Services managed policies for // Amazon Web Services Outposts (https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html) // and Logging Amazon Web Services Outposts API calls with Amazon Web Services // CloudTrail (https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html) // in the Amazon Web Services Outposts User Guide. GetConnection(ctx context.Context, params *GetConnectionInput, optFns ...func(*Options)) (*GetConnectionOutput, error) // Gets information about the specified order. GetOrder(ctx context.Context, params *GetOrderInput, optFns ...func(*Options)) (*GetOrderOutput, error) // Gets information about the specified Outpost. GetOutpost(ctx context.Context, params *GetOutpostInput, optFns ...func(*Options)) (*GetOutpostOutput, error) // Gets the instance types for the specified Outpost. GetOutpostInstanceTypes(ctx context.Context, params *GetOutpostInstanceTypesInput, optFns ...func(*Options)) (*GetOutpostInstanceTypesOutput, error) // Gets information about the specified Outpost site. GetSite(ctx context.Context, params *GetSiteInput, optFns ...func(*Options)) (*GetSiteOutput, error) // Gets the site address of the specified site. GetSiteAddress(ctx context.Context, params *GetSiteAddressInput, optFns ...func(*Options)) (*GetSiteAddressOutput, error) // Lists the hardware assets for the specified Outpost. Use filters to return // specific results. If you specify multiple filters, the results include only the // resources that match all of the specified filters. For a filter where you can // specify multiple values, the results include items that match any of the values // that you specify for the filter. ListAssets(ctx context.Context, params *ListAssetsInput, optFns ...func(*Options)) (*ListAssetsOutput, error) // Lists the items in the catalog. Use filters to return specific results. If you // specify multiple filters, the results include only the resources that match all // of the specified filters. For a filter where you can specify multiple values, // the results include items that match any of the values that you specify for the // filter. ListCatalogItems(ctx context.Context, params *ListCatalogItemsInput, optFns ...func(*Options)) (*ListCatalogItemsOutput, error) // Lists the Outpost orders for your Amazon Web Services account. ListOrders(ctx context.Context, params *ListOrdersInput, optFns ...func(*Options)) (*ListOrdersOutput, error) // Lists the Outposts for your Amazon Web Services account. Use filters to return // specific results. If you specify multiple filters, the results include only the // resources that match all of the specified filters. For a filter where you can // specify multiple values, the results include items that match any of the values // that you specify for the filter. ListOutposts(ctx context.Context, params *ListOutpostsInput, optFns ...func(*Options)) (*ListOutpostsOutput, error) // Lists the Outpost sites for your Amazon Web Services account. Use filters to // return specific results. Use filters to return specific results. If you specify // multiple filters, the results include only the resources that match all of the // specified filters. For a filter where you can specify multiple values, the // results include items that match any of the values that you specify for the // filter. ListSites(ctx context.Context, params *ListSitesInput, optFns ...func(*Options)) (*ListSitesOutput, error) // Lists the tags for the specified resource. ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error) // Amazon Web Services uses this action to install Outpost servers. Starts the // connection required for Outpost server installation. Use CloudTrail to monitor // this action or Amazon Web Services managed policy for Amazon Web Services // Outposts to secure it. For more information, see Amazon Web Services managed // policies for Amazon Web Services Outposts (https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html) // and Logging Amazon Web Services Outposts API calls with Amazon Web Services // CloudTrail (https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html) // in the Amazon Web Services Outposts User Guide. StartConnection(ctx context.Context, params *StartConnectionInput, optFns ...func(*Options)) (*StartConnectionOutput, error) // Adds tags to the specified resource. TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error) // Removes tags from the specified resource. UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error) // Updates an Outpost. UpdateOutpost(ctx context.Context, params *UpdateOutpostInput, optFns ...func(*Options)) (*UpdateOutpostOutput, error) // Updates the specified site. UpdateSite(ctx context.Context, params *UpdateSiteInput, optFns ...func(*Options)) (*UpdateSiteOutput, error) // Updates the address of the specified site. You can't update a site address if // there is an order in progress. You must wait for the order to complete or cancel // the order. You can update the operating address before you place an order at the // site, or after all Outposts that belong to the site have been deactivated. UpdateSiteAddress(ctx context.Context, params *UpdateSiteAddressInput, optFns ...func(*Options)) (*UpdateSiteAddressOutput, error) // Update the physical and logistical details for a rack at a site. For more // information about hardware requirements for racks, see Network readiness // checklist (https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#checklist) // in the Amazon Web Services Outposts User Guide. To update a rack at a site with // an order of IN_PROGRESS , you must wait for the order to complete or cancel the // order. UpdateSiteRackPhysicalProperties(ctx context.Context, params *UpdateSiteRackPhysicalPropertiesInput, optFns ...func(*Options)) (*UpdateSiteRackPhysicalPropertiesOutput, error) }
Outposts provides an interface to the AWS Outposts service.
type SSM ¶ added in v0.91.0
type SSM interface { // Adds or overwrites one or more tags for the specified resource. Tags are // metadata that you can assign to your automations, documents, managed nodes, // maintenance windows, Parameter Store parameters, and patch baselines. Tags // enable you to categorize your resources in different ways, for example, by // purpose, owner, or environment. Each tag consists of a key and an optional // value, both of which you define. For example, you could define a set of tags for // your account's managed nodes that helps you track each node's owner and stack // level. For example: // - Key=Owner,Value=DbAdmin // - Key=Owner,Value=SysAdmin // - Key=Owner,Value=Dev // - Key=Stack,Value=Production // - Key=Stack,Value=Pre-Production // - Key=Stack,Value=Test // // Most resources can have a maximum of 50 tags. Automations can have a maximum of // 5 tags. We recommend that you devise a set of tag keys that meets your needs for // each resource type. Using a consistent set of tag keys makes it easier for you // to manage your resources. You can search and filter the resources based on the // tags you add. Tags don't have any semantic meaning to and are interpreted // strictly as a string of characters. For more information about using tags with // Amazon Elastic Compute Cloud (Amazon EC2) instances, see Tagging your Amazon // EC2 resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) // in the Amazon EC2 User Guide. AddTagsToResource(ctx context.Context, params *AddTagsToResourceInput, optFns ...func(*Options)) (*AddTagsToResourceOutput, error) // Associates a related item to a Systems Manager OpsCenter OpsItem. For example, // you can associate an Incident Manager incident or analysis with an OpsItem. // Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems // Manager. AssociateOpsItemRelatedItem(ctx context.Context, params *AssociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*AssociateOpsItemRelatedItemOutput, error) // Attempts to cancel the command specified by the Command ID. There is no // guarantee that the command will be terminated and the underlying process // stopped. CancelCommand(ctx context.Context, params *CancelCommandInput, optFns ...func(*Options)) (*CancelCommandOutput, error) // Stops a maintenance window execution that is already in progress and cancels // any tasks in the window that haven't already starting running. Tasks already in // progress will continue to completion. CancelMaintenanceWindowExecution(ctx context.Context, params *CancelMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*CancelMaintenanceWindowExecutionOutput, error) // Generates an activation code and activation ID you can use to register your // on-premises servers, edge devices, or virtual machine (VM) with Amazon Web // Services Systems Manager. Registering these machines with Systems Manager makes // it possible to manage them using Systems Manager capabilities. You use the // activation code and ID when installing SSM Agent on machines in your hybrid // environment. For more information about requirements for managing on-premises // machines using Systems Manager, see Setting up Amazon Web Services Systems // Manager for hybrid environments (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html) // in the Amazon Web Services Systems Manager User Guide. Amazon Elastic Compute // Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that // are configured for Systems Manager are all called managed nodes. CreateActivation(ctx context.Context, params *CreateActivationInput, optFns ...func(*Options)) (*CreateActivationOutput, error) // A State Manager association defines the state that you want to maintain on your // managed nodes. For example, an association can specify that anti-virus software // must be installed and running on your managed nodes, or that certain ports must // be closed. For static targets, the association specifies a schedule for when the // configuration is reapplied. For dynamic targets, such as an Amazon Web Services // resource group or an Amazon Web Services autoscaling group, State Manager, a // capability of Amazon Web Services Systems Manager applies the configuration when // new managed nodes are added to the group. The association also specifies actions // to take when applying the configuration. For example, an association for // anti-virus software might run once a day. If the software isn't installed, then // State Manager installs it. If the software is installed, but the service isn't // running, then the association might instruct State Manager to start the service. CreateAssociation(ctx context.Context, params *CreateAssociationInput, optFns ...func(*Options)) (*CreateAssociationOutput, error) // Associates the specified Amazon Web Services Systems Manager document (SSM // document) with the specified managed nodes or targets. When you associate a // document with one or more managed nodes using IDs or tags, Amazon Web Services // Systems Manager Agent (SSM Agent) running on the managed node processes the // document and configures the node as specified. If you associate a document with // a managed node that already has an associated document, the system returns the // AssociationAlreadyExists exception. CreateAssociationBatch(ctx context.Context, params *CreateAssociationBatchInput, optFns ...func(*Options)) (*CreateAssociationBatchOutput, error) // Creates a Amazon Web Services Systems Manager (SSM document). An SSM document // defines the actions that Systems Manager performs on your managed nodes. For // more information about SSM documents, including information about supported // schemas, features, and syntax, see Amazon Web Services Systems Manager Documents (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html) // in the Amazon Web Services Systems Manager User Guide. CreateDocument(ctx context.Context, params *CreateDocumentInput, optFns ...func(*Options)) (*CreateDocumentOutput, error) // Creates a new maintenance window. The value you specify for Duration determines // the specific end time for the maintenance window based on the time it begins. No // maintenance window tasks are permitted to start after the resulting endtime // minus the number of hours you specify for Cutoff . For example, if the // maintenance window starts at 3 PM, the duration is three hours, and the value // you specify for Cutoff is one hour, no maintenance window tasks can start after // 5 PM. CreateMaintenanceWindow(ctx context.Context, params *CreateMaintenanceWindowInput, optFns ...func(*Options)) (*CreateMaintenanceWindowOutput, error) // Creates a new OpsItem. You must have permission in Identity and Access // Management (IAM) to create a new OpsItem. For more information, see Getting // started with OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html) // in the Amazon Web Services Systems Manager User Guide. Operations engineers and // IT professionals use Amazon Web Services Systems Manager OpsCenter to view, // investigate, and remediate operational issues impacting the performance and // health of their Amazon Web Services resources. For more information, see Amazon // Web Services Systems Manager OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) // in the Amazon Web Services Systems Manager User Guide. CreateOpsItem(ctx context.Context, params *CreateOpsItemInput, optFns ...func(*Options)) (*CreateOpsItemOutput, error) // If you create a new application in Application Manager, Amazon Web Services // Systems Manager calls this API operation to specify information about the new // application, including the application type. CreateOpsMetadata(ctx context.Context, params *CreateOpsMetadataInput, optFns ...func(*Options)) (*CreateOpsMetadataOutput, error) // Creates a patch baseline. For information about valid key-value pairs in // PatchFilters for each supported operating system type, see PatchFilter . CreatePatchBaseline(ctx context.Context, params *CreatePatchBaselineInput, optFns ...func(*Options)) (*CreatePatchBaselineOutput, error) // A resource data sync helps you view data from multiple sources in a single // location. Amazon Web Services Systems Manager offers two types of resource data // sync: SyncToDestination and SyncFromSource . You can configure Systems Manager // Inventory to use the SyncToDestination type to synchronize Inventory data from // multiple Amazon Web Services Regions to a single Amazon Simple Storage Service // (Amazon S3) bucket. For more information, see Configuring resource data sync // for Inventory (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-datasync.html) // in the Amazon Web Services Systems Manager User Guide. You can configure Systems // Manager Explorer to use the SyncFromSource type to synchronize operational work // items (OpsItems) and operational data (OpsData) from multiple Amazon Web // Services Regions to a single Amazon S3 bucket. This type can synchronize // OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web // Services Regions or EntireOrganization by using Organizations. For more // information, see Setting up Systems Manager Explorer to display data from // multiple accounts and Regions (https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer-resource-data-sync.html) // in the Amazon Web Services Systems Manager User Guide. A resource data sync is // an asynchronous operation that returns immediately. After a successful initial // sync is completed, the system continuously syncs data. To check the status of a // sync, use the ListResourceDataSync . By default, data isn't encrypted in Amazon // S3. We strongly recommend that you enable encryption in Amazon S3 to ensure // secure data storage. We also recommend that you secure access to the Amazon S3 // bucket by creating a restrictive bucket policy. CreateResourceDataSync(ctx context.Context, params *CreateResourceDataSyncInput, optFns ...func(*Options)) (*CreateResourceDataSyncOutput, error) // Deletes an activation. You aren't required to delete an activation. If you // delete an activation, you can no longer use it to register additional managed // nodes. Deleting an activation doesn't de-register managed nodes. You must // manually de-register managed nodes. DeleteActivation(ctx context.Context, params *DeleteActivationInput, optFns ...func(*Options)) (*DeleteActivationOutput, error) // Disassociates the specified Amazon Web Services Systems Manager document (SSM // document) from the specified managed node. If you created the association by // using the Targets parameter, then you must delete the association by using the // association ID. When you disassociate a document from a managed node, it doesn't // change the configuration of the node. To change the configuration state of a // managed node after you disassociate a document, you must create a new document // with the desired configuration and associate it with the node. DeleteAssociation(ctx context.Context, params *DeleteAssociationInput, optFns ...func(*Options)) (*DeleteAssociationOutput, error) // Deletes the Amazon Web Services Systems Manager document (SSM document) and all // managed node associations to the document. Before you delete the document, we // recommend that you use DeleteAssociation to disassociate all managed nodes that // are associated with the document. DeleteDocument(ctx context.Context, params *DeleteDocumentInput, optFns ...func(*Options)) (*DeleteDocumentOutput, error) // Delete a custom inventory type or the data associated with a custom Inventory // type. Deleting a custom inventory type is also referred to as deleting a custom // inventory schema. DeleteInventory(ctx context.Context, params *DeleteInventoryInput, optFns ...func(*Options)) (*DeleteInventoryOutput, error) // Deletes a maintenance window. DeleteMaintenanceWindow(ctx context.Context, params *DeleteMaintenanceWindowInput, optFns ...func(*Options)) (*DeleteMaintenanceWindowOutput, error) // Delete OpsMetadata related to an application. DeleteOpsMetadata(ctx context.Context, params *DeleteOpsMetadataInput, optFns ...func(*Options)) (*DeleteOpsMetadataOutput, error) // Delete a parameter from the system. After deleting a parameter, wait for at // least 30 seconds to create a parameter with the same name. DeleteParameter(ctx context.Context, params *DeleteParameterInput, optFns ...func(*Options)) (*DeleteParameterOutput, error) // Delete a list of parameters. After deleting a parameter, wait for at least 30 // seconds to create a parameter with the same name. DeleteParameters(ctx context.Context, params *DeleteParametersInput, optFns ...func(*Options)) (*DeleteParametersOutput, error) // Deletes a patch baseline. DeletePatchBaseline(ctx context.Context, params *DeletePatchBaselineInput, optFns ...func(*Options)) (*DeletePatchBaselineOutput, error) // Deletes a resource data sync configuration. After the configuration is deleted, // changes to data on managed nodes are no longer synced to or from the target. // Deleting a sync configuration doesn't delete data. DeleteResourceDataSync(ctx context.Context, params *DeleteResourceDataSyncInput, optFns ...func(*Options)) (*DeleteResourceDataSyncOutput, error) // Deletes a Systems Manager resource policy. A resource policy helps you to // define the IAM entity (for example, an Amazon Web Services account) that can // manage your Systems Manager resources. Currently, OpsItemGroup is the only // resource that supports Systems Manager resource policies. The resource policy // for OpsItemGroup enables Amazon Web Services accounts to view and interact with // OpsCenter operational work items (OpsItems). DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error) // Removes the server or virtual machine from the list of registered servers. You // can reregister the node again at any time. If you don't plan to use Run Command // on the server, we suggest uninstalling SSM Agent first. DeregisterManagedInstance(ctx context.Context, params *DeregisterManagedInstanceInput, optFns ...func(*Options)) (*DeregisterManagedInstanceOutput, error) // Removes a patch group from a patch baseline. DeregisterPatchBaselineForPatchGroup(ctx context.Context, params *DeregisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*DeregisterPatchBaselineForPatchGroupOutput, error) // Removes a target from a maintenance window. DeregisterTargetFromMaintenanceWindow(ctx context.Context, params *DeregisterTargetFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTargetFromMaintenanceWindowOutput, error) // Removes a task from a maintenance window. DeregisterTaskFromMaintenanceWindow(ctx context.Context, params *DeregisterTaskFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTaskFromMaintenanceWindowOutput, error) // Describes details about the activation, such as the date and time the // activation was created, its expiration date, the Identity and Access Management // (IAM) role assigned to the managed nodes in the activation, and the number of // nodes registered by using this activation. DescribeActivations(ctx context.Context, params *DescribeActivationsInput, optFns ...func(*Options)) (*DescribeActivationsOutput, error) // Describes the association for the specified target or managed node. If you // created the association by using the Targets parameter, then you must retrieve // the association by using the association ID. DescribeAssociation(ctx context.Context, params *DescribeAssociationInput, optFns ...func(*Options)) (*DescribeAssociationOutput, error) // Views information about a specific execution of a specific association. DescribeAssociationExecutionTargets(ctx context.Context, params *DescribeAssociationExecutionTargetsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionTargetsOutput, error) // Views all executions for a specific association ID. DescribeAssociationExecutions(ctx context.Context, params *DescribeAssociationExecutionsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionsOutput, error) // Provides details about all active and terminated Automation executions. DescribeAutomationExecutions(ctx context.Context, params *DescribeAutomationExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationExecutionsOutput, error) // Information about all active and terminated step executions in an Automation // workflow. DescribeAutomationStepExecutions(ctx context.Context, params *DescribeAutomationStepExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationStepExecutionsOutput, error) // Lists all patches eligible to be included in a patch baseline. DescribeAvailablePatches(ctx context.Context, params *DescribeAvailablePatchesInput, optFns ...func(*Options)) (*DescribeAvailablePatchesOutput, error) // Describes the specified Amazon Web Services Systems Manager document (SSM // document). DescribeDocument(ctx context.Context, params *DescribeDocumentInput, optFns ...func(*Options)) (*DescribeDocumentOutput, error) // Describes the permissions for a Amazon Web Services Systems Manager document // (SSM document). If you created the document, you are the owner. If a document is // shared, it can either be shared privately (by specifying a user's Amazon Web // Services account ID) or publicly (All). DescribeDocumentPermission(ctx context.Context, params *DescribeDocumentPermissionInput, optFns ...func(*Options)) (*DescribeDocumentPermissionOutput, error) // All associations for the managed node(s). DescribeEffectiveInstanceAssociations(ctx context.Context, params *DescribeEffectiveInstanceAssociationsInput, optFns ...func(*Options)) (*DescribeEffectiveInstanceAssociationsOutput, error) // Retrieves the current effective patches (the patch and the approval state) for // the specified patch baseline. Applies to patch baselines for Windows only. DescribeEffectivePatchesForPatchBaseline(ctx context.Context, params *DescribeEffectivePatchesForPatchBaselineInput, optFns ...func(*Options)) (*DescribeEffectivePatchesForPatchBaselineOutput, error) // The status of the associations for the managed node(s). DescribeInstanceAssociationsStatus(ctx context.Context, params *DescribeInstanceAssociationsStatusInput, optFns ...func(*Options)) (*DescribeInstanceAssociationsStatusOutput, error) // Describes one or more of your managed nodes, including information about the // operating system platform, the version of SSM Agent installed on the managed // node, node status, and so on. If you specify one or more managed node IDs, it // returns information for those managed nodes. If you don't specify node IDs, it // returns information for all your managed nodes. If you specify a node ID that // isn't valid or a node that you don't own, you receive an error. The IamRole // field for this API operation is the Identity and Access Management (IAM) role // assigned to on-premises managed nodes. This call doesn't return the IAM role for // EC2 instances. DescribeInstanceInformation(ctx context.Context, params *DescribeInstanceInformationInput, optFns ...func(*Options)) (*DescribeInstanceInformationOutput, error) // Retrieves the high-level patch state of one or more managed nodes. DescribeInstancePatchStates(ctx context.Context, params *DescribeInstancePatchStatesInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesOutput, error) // Retrieves the high-level patch state for the managed nodes in the specified // patch group. DescribeInstancePatchStatesForPatchGroup(ctx context.Context, params *DescribeInstancePatchStatesForPatchGroupInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesForPatchGroupOutput, error) // Retrieves information about the patches on the specified managed node and their // state relative to the patch baseline being used for the node. DescribeInstancePatches(ctx context.Context, params *DescribeInstancePatchesInput, optFns ...func(*Options)) (*DescribeInstancePatchesOutput, error) // Describes a specific delete inventory operation. DescribeInventoryDeletions(ctx context.Context, params *DescribeInventoryDeletionsInput, optFns ...func(*Options)) (*DescribeInventoryDeletionsOutput, error) // Retrieves the individual task executions (one per target) for a particular task // run as part of a maintenance window execution. DescribeMaintenanceWindowExecutionTaskInvocations(ctx context.Context, params *DescribeMaintenanceWindowExecutionTaskInvocationsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTaskInvocationsOutput, error) // For a given maintenance window execution, lists the tasks that were run. DescribeMaintenanceWindowExecutionTasks(ctx context.Context, params *DescribeMaintenanceWindowExecutionTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTasksOutput, error) // Lists the executions of a maintenance window. This includes information about // when the maintenance window was scheduled to be active, and information about // tasks registered and run with the maintenance window. DescribeMaintenanceWindowExecutions(ctx context.Context, params *DescribeMaintenanceWindowExecutionsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionsOutput, error) // Retrieves information about upcoming executions of a maintenance window. DescribeMaintenanceWindowSchedule(ctx context.Context, params *DescribeMaintenanceWindowScheduleInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowScheduleOutput, error) // Lists the targets registered with the maintenance window. DescribeMaintenanceWindowTargets(ctx context.Context, params *DescribeMaintenanceWindowTargetsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTargetsOutput, error) // Lists the tasks in a maintenance window. For maintenance window tasks without a // specified target, you can't supply values for --max-errors and --max-concurrency // . Instead, the system inserts a placeholder value of 1 , which may be reported // in the response to this command. These values don't affect the running of your // task and can be ignored. DescribeMaintenanceWindowTasks(ctx context.Context, params *DescribeMaintenanceWindowTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTasksOutput, error) // Retrieves the maintenance windows in an Amazon Web Services account. DescribeMaintenanceWindows(ctx context.Context, params *DescribeMaintenanceWindowsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsOutput, error) // Retrieves information about the maintenance window targets or tasks that a // managed node is associated with. DescribeMaintenanceWindowsForTarget(ctx context.Context, params *DescribeMaintenanceWindowsForTargetInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsForTargetOutput, error) // Query a set of OpsItems. You must have permission in Identity and Access // Management (IAM) to query a list of OpsItems. For more information, see Getting // started with OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html) // in the Amazon Web Services Systems Manager User Guide. Operations engineers and // IT professionals use Amazon Web Services Systems Manager OpsCenter to view, // investigate, and remediate operational issues impacting the performance and // health of their Amazon Web Services resources. For more information, see // OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) // in the Amazon Web Services Systems Manager User Guide. DescribeOpsItems(ctx context.Context, params *DescribeOpsItemsInput, optFns ...func(*Options)) (*DescribeOpsItemsOutput, error) // Get information about a parameter. Request results are returned on a // best-effort basis. If you specify MaxResults in the request, the response // includes information up to the limit specified. The number of items returned, // however, can be between zero and the value of MaxResults . If the service // reaches an internal limit while processing the results, it stops the operation // and returns the matching values up to that point and a NextToken . You can // specify the NextToken in a subsequent call to get the next set of results. If // you change the KMS key alias for the KMS key used to encrypt a parameter, then // you must also update the key alias the parameter uses to reference KMS. // Otherwise, DescribeParameters retrieves whatever the original key alias was // referencing. DescribeParameters(ctx context.Context, params *DescribeParametersInput, optFns ...func(*Options)) (*DescribeParametersOutput, error) // Lists the patch baselines in your Amazon Web Services account. DescribePatchBaselines(ctx context.Context, params *DescribePatchBaselinesInput, optFns ...func(*Options)) (*DescribePatchBaselinesOutput, error) // Returns high-level aggregated patch compliance state information for a patch // group. DescribePatchGroupState(ctx context.Context, params *DescribePatchGroupStateInput, optFns ...func(*Options)) (*DescribePatchGroupStateOutput, error) // Lists all patch groups that have been registered with patch baselines. DescribePatchGroups(ctx context.Context, params *DescribePatchGroupsInput, optFns ...func(*Options)) (*DescribePatchGroupsOutput, error) // Lists the properties of available patches organized by product, product family, // classification, severity, and other properties of available patches. You can use // the reported properties in the filters you specify in requests for operations // such as CreatePatchBaseline , UpdatePatchBaseline , DescribeAvailablePatches , // and DescribePatchBaselines . The following section lists the properties that can // be used in filters for each major operating system type: AMAZON_LINUX Valid // properties: PRODUCT | CLASSIFICATION | SEVERITY AMAZON_LINUX_2 Valid // properties: PRODUCT | CLASSIFICATION | SEVERITY CENTOS Valid properties: PRODUCT // | CLASSIFICATION | SEVERITY DEBIAN Valid properties: PRODUCT | PRIORITY MACOS // Valid properties: PRODUCT | CLASSIFICATION ORACLE_LINUX Valid properties: // PRODUCT | CLASSIFICATION | SEVERITY REDHAT_ENTERPRISE_LINUX Valid properties: // PRODUCT | CLASSIFICATION | SEVERITY SUSE Valid properties: PRODUCT | // CLASSIFICATION | SEVERITY UBUNTU Valid properties: PRODUCT | PRIORITY WINDOWS // Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | MSRC_SEVERITY DescribePatchProperties(ctx context.Context, params *DescribePatchPropertiesInput, optFns ...func(*Options)) (*DescribePatchPropertiesOutput, error) // Retrieves a list of all active sessions (both connected and disconnected) or // terminated sessions from the past 30 days. DescribeSessions(ctx context.Context, params *DescribeSessionsInput, optFns ...func(*Options)) (*DescribeSessionsOutput, error) // Deletes the association between an OpsItem and a related item. For example, // this API operation can delete an Incident Manager incident from an OpsItem. // Incident Manager is a capability of Amazon Web Services Systems Manager. DisassociateOpsItemRelatedItem(ctx context.Context, params *DisassociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*DisassociateOpsItemRelatedItemOutput, error) // Get detailed information about a particular Automation execution. GetAutomationExecution(ctx context.Context, params *GetAutomationExecutionInput, optFns ...func(*Options)) (*GetAutomationExecutionOutput, error) // Gets the state of a Amazon Web Services Systems Manager change calendar at the // current time or a specified time. If you specify a time, GetCalendarState // returns the state of the calendar at that specific time, and returns the next // time that the change calendar state will transition. If you don't specify a // time, GetCalendarState uses the current time. Change Calendar entries have two // possible states: OPEN or CLOSED . If you specify more than one calendar in a // request, the command returns the status of OPEN only if all calendars in the // request are open. If one or more calendars in the request are closed, the status // returned is CLOSED . For more information about Change Calendar, a capability of // Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager // Change Calendar (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html) // in the Amazon Web Services Systems Manager User Guide. GetCalendarState(ctx context.Context, params *GetCalendarStateInput, optFns ...func(*Options)) (*GetCalendarStateOutput, error) // Returns detailed information about command execution for an invocation or // plugin. GetCommandInvocation only gives the execution status of a plugin in a // document. To get the command execution status on a specific managed node, use // ListCommandInvocations . To get the command execution status across managed // nodes, use ListCommands . GetCommandInvocation(ctx context.Context, params *GetCommandInvocationInput, optFns ...func(*Options)) (*GetCommandInvocationOutput, error) // Retrieves the Session Manager connection status for a managed node to determine // whether it is running and ready to receive Session Manager connections. GetConnectionStatus(ctx context.Context, params *GetConnectionStatusInput, optFns ...func(*Options)) (*GetConnectionStatusOutput, error) // Retrieves the default patch baseline. Amazon Web Services Systems Manager // supports creating multiple default patch baselines. For example, you can create // a default patch baseline for each operating system. If you don't specify an // operating system value, the default patch baseline for Windows is returned. GetDefaultPatchBaseline(ctx context.Context, params *GetDefaultPatchBaselineInput, optFns ...func(*Options)) (*GetDefaultPatchBaselineOutput, error) // Retrieves the current snapshot for the patch baseline the managed node uses. // This API is primarily used by the AWS-RunPatchBaseline Systems Manager document // (SSM document). If you run the command locally, such as with the Command Line // Interface (CLI), the system attempts to use your local Amazon Web Services // credentials and the operation fails. To avoid this, you can run the command in // the Amazon Web Services Systems Manager console. Use Run Command, a capability // of Amazon Web Services Systems Manager, with an SSM document that enables you to // target a managed node with a script or command. For example, run the command // using the AWS-RunShellScript document or the AWS-RunPowerShellScript document. GetDeployablePatchSnapshotForInstance(ctx context.Context, params *GetDeployablePatchSnapshotForInstanceInput, optFns ...func(*Options)) (*GetDeployablePatchSnapshotForInstanceOutput, error) // Gets the contents of the specified Amazon Web Services Systems Manager document // (SSM document). GetDocument(ctx context.Context, params *GetDocumentInput, optFns ...func(*Options)) (*GetDocumentOutput, error) // Query inventory information. This includes managed node status, such as Stopped // or Terminated . GetInventory(ctx context.Context, params *GetInventoryInput, optFns ...func(*Options)) (*GetInventoryOutput, error) // Return a list of inventory type names for the account, or return a list of // attribute names for a specific Inventory item type. GetInventorySchema(ctx context.Context, params *GetInventorySchemaInput, optFns ...func(*Options)) (*GetInventorySchemaOutput, error) // Retrieves a maintenance window. GetMaintenanceWindow(ctx context.Context, params *GetMaintenanceWindowInput, optFns ...func(*Options)) (*GetMaintenanceWindowOutput, error) // Retrieves details about a specific a maintenance window execution. GetMaintenanceWindowExecution(ctx context.Context, params *GetMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionOutput, error) // Retrieves the details about a specific task run as part of a maintenance window // execution. GetMaintenanceWindowExecutionTask(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskOutput, error) // Retrieves information about a specific task running on a specific target. GetMaintenanceWindowExecutionTaskInvocation(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInvocationInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskInvocationOutput, error) // Retrieves the details of a maintenance window task. For maintenance window // tasks without a specified target, you can't supply values for --max-errors and // --max-concurrency . Instead, the system inserts a placeholder value of 1 , which // may be reported in the response to this command. These values don't affect the // running of your task and can be ignored. To retrieve a list of tasks in a // maintenance window, instead use the DescribeMaintenanceWindowTasks command. GetMaintenanceWindowTask(ctx context.Context, params *GetMaintenanceWindowTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowTaskOutput, error) // Get information about an OpsItem by using the ID. You must have permission in // Identity and Access Management (IAM) to view information about an OpsItem. For // more information, see Getting started with OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html) // in the Amazon Web Services Systems Manager User Guide. Operations engineers and // IT professionals use Amazon Web Services Systems Manager OpsCenter to view, // investigate, and remediate operational issues impacting the performance and // health of their Amazon Web Services resources. For more information, see // OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) // in the Amazon Web Services Systems Manager User Guide. GetOpsItem(ctx context.Context, params *GetOpsItemInput, optFns ...func(*Options)) (*GetOpsItemOutput, error) // View operational metadata related to an application in Application Manager. GetOpsMetadata(ctx context.Context, params *GetOpsMetadataInput, optFns ...func(*Options)) (*GetOpsMetadataOutput, error) // View a summary of operations metadata (OpsData) based on specified filters and // aggregators. OpsData can include information about Amazon Web Services Systems // Manager OpsCenter operational workitems (OpsItems) as well as information about // any Amazon Web Services resource or service configured to report OpsData to // Amazon Web Services Systems Manager Explorer. GetOpsSummary(ctx context.Context, params *GetOpsSummaryInput, optFns ...func(*Options)) (*GetOpsSummaryOutput, error) // Get information about a single parameter by specifying the parameter name. To // get information about more than one parameter at a time, use the GetParameters // operation. GetParameter(ctx context.Context, params *GetParameterInput, optFns ...func(*Options)) (*GetParameterOutput, error) // Retrieves the history of all changes to a parameter. If you change the KMS key // alias for the KMS key used to encrypt a parameter, then you must also update the // key alias the parameter uses to reference KMS. Otherwise, GetParameterHistory // retrieves whatever the original key alias was referencing. GetParameterHistory(ctx context.Context, params *GetParameterHistoryInput, optFns ...func(*Options)) (*GetParameterHistoryOutput, error) // Get information about one or more parameters by specifying multiple parameter // names. To get information about a single parameter, you can use the GetParameter // operation instead. GetParameters(ctx context.Context, params *GetParametersInput, optFns ...func(*Options)) (*GetParametersOutput, error) // Retrieve information about one or more parameters in a specific hierarchy. // Request results are returned on a best-effort basis. If you specify MaxResults // in the request, the response includes information up to the limit specified. The // number of items returned, however, can be between zero and the value of // MaxResults . If the service reaches an internal limit while processing the // results, it stops the operation and returns the matching values up to that point // and a NextToken . You can specify the NextToken in a subsequent call to get the // next set of results. GetParametersByPath(ctx context.Context, params *GetParametersByPathInput, optFns ...func(*Options)) (*GetParametersByPathOutput, error) // Retrieves information about a patch baseline. GetPatchBaseline(ctx context.Context, params *GetPatchBaselineInput, optFns ...func(*Options)) (*GetPatchBaselineOutput, error) // Retrieves the patch baseline that should be used for the specified patch group. GetPatchBaselineForPatchGroup(ctx context.Context, params *GetPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*GetPatchBaselineForPatchGroupOutput, error) // Returns an array of the Policy object. GetResourcePolicies(ctx context.Context, params *GetResourcePoliciesInput, optFns ...func(*Options)) (*GetResourcePoliciesOutput, error) // ServiceSetting is an account-level setting for an Amazon Web Services service. // This setting defines how a user interacts with or uses a service or a feature of // a service. For example, if an Amazon Web Services service charges money to the // account based on feature or service usage, then the Amazon Web Services service // team might create a default setting of false . This means the user can't use // this feature unless they change the setting to true and intentionally opt in // for a paid feature. Services map a SettingId object to a setting value. Amazon // Web Services services teams define the default value for a SettingId . You can't // create a new SettingId , but you can overwrite the default value if you have the // ssm:UpdateServiceSetting permission for the setting. Use the // UpdateServiceSetting API operation to change the default setting. Or use the // ResetServiceSetting to change the value back to the original value defined by // the Amazon Web Services service team. Query the current service setting for the // Amazon Web Services account. GetServiceSetting(ctx context.Context, params *GetServiceSettingInput, optFns ...func(*Options)) (*GetServiceSettingOutput, error) // A parameter label is a user-defined alias to help you manage different versions // of a parameter. When you modify a parameter, Amazon Web Services Systems Manager // automatically saves a new version and increments the version number by one. A // label can help you remember the purpose of a parameter when there are multiple // versions. Parameter labels have the following requirements and restrictions. // - A version of a parameter can have a maximum of 10 labels. // - You can't attach the same label to different versions of the same // parameter. For example, if version 1 has the label Production, then you can't // attach Production to version 2. // - You can move a label from one version of a parameter to another. // - You can't create a label when you create a new parameter. You must attach a // label to a specific version of a parameter. // - If you no longer want to use a parameter label, then you can either delete // it or move it to a different version of a parameter. // - A label can have a maximum of 100 characters. // - Labels can contain letters (case sensitive), numbers, periods (.), hyphens // (-), or underscores (_). // - Labels can't begin with a number, " aws " or " ssm " (not case sensitive). // If a label fails to meet these requirements, then the label isn't associated // with a parameter and the system displays it in the list of InvalidLabels. LabelParameterVersion(ctx context.Context, params *LabelParameterVersionInput, optFns ...func(*Options)) (*LabelParameterVersionOutput, error) // Retrieves all versions of an association for a specific association ID. ListAssociationVersions(ctx context.Context, params *ListAssociationVersionsInput, optFns ...func(*Options)) (*ListAssociationVersionsOutput, error) // Returns all State Manager associations in the current Amazon Web Services // account and Amazon Web Services Region. You can limit the results to a specific // State Manager association document or managed node by specifying a filter. State // Manager is a capability of Amazon Web Services Systems Manager. ListAssociations(ctx context.Context, params *ListAssociationsInput, optFns ...func(*Options)) (*ListAssociationsOutput, error) // An invocation is copy of a command sent to a specific managed node. A command // can apply to one or more managed nodes. A command invocation applies to one // managed node. For example, if a user runs SendCommand against three managed // nodes, then a command invocation is created for each requested managed node ID. // ListCommandInvocations provide status about command execution. ListCommandInvocations(ctx context.Context, params *ListCommandInvocationsInput, optFns ...func(*Options)) (*ListCommandInvocationsOutput, error) // Lists the commands requested by users of the Amazon Web Services account. ListCommands(ctx context.Context, params *ListCommandsInput, optFns ...func(*Options)) (*ListCommandsOutput, error) // For a specified resource ID, this API operation returns a list of compliance // statuses for different resource types. Currently, you can only specify one // resource ID per call. List results depend on the criteria specified in the // filter. ListComplianceItems(ctx context.Context, params *ListComplianceItemsInput, optFns ...func(*Options)) (*ListComplianceItemsOutput, error) // Returns a summary count of compliant and non-compliant resources for a // compliance type. For example, this call can return State Manager associations, // patches, or custom compliance types according to the filter criteria that you // specify. ListComplianceSummaries(ctx context.Context, params *ListComplianceSummariesInput, optFns ...func(*Options)) (*ListComplianceSummariesOutput, error) // Information about approval reviews for a version of a change template in Change // Manager. ListDocumentMetadataHistory(ctx context.Context, params *ListDocumentMetadataHistoryInput, optFns ...func(*Options)) (*ListDocumentMetadataHistoryOutput, error) // List all versions for a document. ListDocumentVersions(ctx context.Context, params *ListDocumentVersionsInput, optFns ...func(*Options)) (*ListDocumentVersionsOutput, error) // Returns all Systems Manager (SSM) documents in the current Amazon Web Services // account and Amazon Web Services Region. You can limit the results of this // request by using a filter. ListDocuments(ctx context.Context, params *ListDocumentsInput, optFns ...func(*Options)) (*ListDocumentsOutput, error) // A list of inventory items returned by the request. ListInventoryEntries(ctx context.Context, params *ListInventoryEntriesInput, optFns ...func(*Options)) (*ListInventoryEntriesOutput, error) // Returns a list of all OpsItem events in the current Amazon Web Services Region // and Amazon Web Services account. You can limit the results to events associated // with specific OpsItems by specifying a filter. ListOpsItemEvents(ctx context.Context, params *ListOpsItemEventsInput, optFns ...func(*Options)) (*ListOpsItemEventsOutput, error) // Lists all related-item resources associated with a Systems Manager OpsCenter // OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager. ListOpsItemRelatedItems(ctx context.Context, params *ListOpsItemRelatedItemsInput, optFns ...func(*Options)) (*ListOpsItemRelatedItemsOutput, error) // Amazon Web Services Systems Manager calls this API operation when displaying // all Application Manager OpsMetadata objects or blobs. ListOpsMetadata(ctx context.Context, params *ListOpsMetadataInput, optFns ...func(*Options)) (*ListOpsMetadataOutput, error) // Returns a resource-level summary count. The summary includes information about // compliant and non-compliant statuses and detailed compliance-item severity // counts, according to the filter criteria you specify. ListResourceComplianceSummaries(ctx context.Context, params *ListResourceComplianceSummariesInput, optFns ...func(*Options)) (*ListResourceComplianceSummariesOutput, error) // Lists your resource data sync configurations. Includes information about the // last time a sync attempted to start, the last sync status, and the last time a // sync successfully completed. The number of sync configurations might be too // large to return using a single call to ListResourceDataSync . You can limit the // number of sync configurations returned by using the MaxResults parameter. To // determine whether there are more sync configurations to list, check the value of // NextToken in the output. If there are more sync configurations to list, you can // request them by specifying the NextToken returned in the call to the parameter // of a subsequent call. ListResourceDataSync(ctx context.Context, params *ListResourceDataSyncInput, optFns ...func(*Options)) (*ListResourceDataSyncOutput, error) // Returns a list of the tags assigned to the specified resource. For information // about the ID format for each supported resource type, see AddTagsToResource . ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error) // Shares a Amazon Web Services Systems Manager document (SSM document)publicly or // privately. If you share a document privately, you must specify the Amazon Web // Services user IDs for those people who can use the document. If you share a // document publicly, you must specify All as the account ID. ModifyDocumentPermission(ctx context.Context, params *ModifyDocumentPermissionInput, optFns ...func(*Options)) (*ModifyDocumentPermissionOutput, error) // Registers a compliance type and other compliance details on a designated // resource. This operation lets you register custom compliance details with a // resource. This call overwrites existing compliance information on the resource, // so you must provide a full list of compliance items each time that you send the // request. ComplianceType can be one of the following: // - ExecutionId: The execution ID when the patch, association, or custom // compliance item was applied. // - ExecutionType: Specify patch, association, or Custom: string . // - ExecutionTime. The time the patch, association, or custom compliance item // was applied to the managed node. // - Id: The patch, association, or custom compliance ID. // - Title: A title. // - Status: The status of the compliance item. For example, approved for // patches, or Failed for associations. // - Severity: A patch severity. For example, Critical . // - DocumentName: An SSM document name. For example, AWS-RunPatchBaseline . // - DocumentVersion: An SSM document version number. For example, 4. // - Classification: A patch classification. For example, security updates . // - PatchBaselineId: A patch baseline ID. // - PatchSeverity: A patch severity. For example, Critical . // - PatchState: A patch state. For example, InstancesWithFailedPatches . // - PatchGroup: The name of a patch group. // - InstalledTime: The time the association, patch, or custom compliance item // was applied to the resource. Specify the time by using the following format: // yyyy-MM-dd'T'HH:mm:ss'Z' PutComplianceItems(ctx context.Context, params *PutComplianceItemsInput, optFns ...func(*Options)) (*PutComplianceItemsOutput, error) // Bulk update custom inventory items on one or more managed nodes. The request // adds an inventory item, if it doesn't already exist, or updates an inventory // item, if it does exist. PutInventory(ctx context.Context, params *PutInventoryInput, optFns ...func(*Options)) (*PutInventoryOutput, error) // Add a parameter to the system. PutParameter(ctx context.Context, params *PutParameterInput, optFns ...func(*Options)) (*PutParameterOutput, error) // Creates or updates a Systems Manager resource policy. A resource policy helps // you to define the IAM entity (for example, an Amazon Web Services account) that // can manage your Systems Manager resources. Currently, OpsItemGroup is the only // resource that supports Systems Manager resource policies. The resource policy // for OpsItemGroup enables Amazon Web Services accounts to view and interact with // OpsCenter operational work items (OpsItems). PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error) // Defines the default patch baseline for the relevant operating system. To reset // the Amazon Web Services-predefined patch baseline as the default, specify the // full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For // example, for CentOS, specify // arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of // pb-0574b43a65ea646ed . RegisterDefaultPatchBaseline(ctx context.Context, params *RegisterDefaultPatchBaselineInput, optFns ...func(*Options)) (*RegisterDefaultPatchBaselineOutput, error) // Registers a patch baseline for a patch group. RegisterPatchBaselineForPatchGroup(ctx context.Context, params *RegisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*RegisterPatchBaselineForPatchGroupOutput, error) // Registers a target with a maintenance window. RegisterTargetWithMaintenanceWindow(ctx context.Context, params *RegisterTargetWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTargetWithMaintenanceWindowOutput, error) // Adds a new task to a maintenance window. RegisterTaskWithMaintenanceWindow(ctx context.Context, params *RegisterTaskWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTaskWithMaintenanceWindowOutput, error) // Removes tag keys from the specified resource. RemoveTagsFromResource(ctx context.Context, params *RemoveTagsFromResourceInput, optFns ...func(*Options)) (*RemoveTagsFromResourceOutput, error) // ServiceSetting is an account-level setting for an Amazon Web Services service. // This setting defines how a user interacts with or uses a service or a feature of // a service. For example, if an Amazon Web Services service charges money to the // account based on feature or service usage, then the Amazon Web Services service // team might create a default setting of "false". This means the user can't use // this feature unless they change the setting to "true" and intentionally opt in // for a paid feature. Services map a SettingId object to a setting value. Amazon // Web Services services teams define the default value for a SettingId . You can't // create a new SettingId , but you can overwrite the default value if you have the // ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting // API operation to view the current value. Use the UpdateServiceSetting API // operation to change the default setting. Reset the service setting for the // account to the default value as provisioned by the Amazon Web Services service // team. ResetServiceSetting(ctx context.Context, params *ResetServiceSettingInput, optFns ...func(*Options)) (*ResetServiceSettingOutput, error) // Reconnects a session to a managed node after it has been disconnected. // Connections can be resumed for disconnected sessions, but not terminated // sessions. This command is primarily for use by client machines to automatically // reconnect during intermittent network issues. It isn't intended for any other // use. ResumeSession(ctx context.Context, params *ResumeSessionInput, optFns ...func(*Options)) (*ResumeSessionOutput, error) // Sends a signal to an Automation execution to change the current behavior or // status of the execution. SendAutomationSignal(ctx context.Context, params *SendAutomationSignalInput, optFns ...func(*Options)) (*SendAutomationSignalOutput, error) // Runs commands on one or more managed nodes. SendCommand(ctx context.Context, params *SendCommandInput, optFns ...func(*Options)) (*SendCommandOutput, error) // Runs an association immediately and only one time. This operation can be // helpful when troubleshooting associations. StartAssociationsOnce(ctx context.Context, params *StartAssociationsOnceInput, optFns ...func(*Options)) (*StartAssociationsOnceOutput, error) // Initiates execution of an Automation runbook. StartAutomationExecution(ctx context.Context, params *StartAutomationExecutionInput, optFns ...func(*Options)) (*StartAutomationExecutionOutput, error) // Creates a change request for Change Manager. The Automation runbooks specified // in the change request run only after all required approvals for the change // request have been received. StartChangeRequestExecution(ctx context.Context, params *StartChangeRequestExecutionInput, optFns ...func(*Options)) (*StartChangeRequestExecutionOutput, error) // Initiates a connection to a target (for example, a managed node) for a Session // Manager session. Returns a URL and token that can be used to open a WebSocket // connection for sending input and receiving outputs. Amazon Web Services CLI // usage: start-session is an interactive command that requires the Session // Manager plugin to be installed on the client machine making the call. For // information, see Install the Session Manager plugin for the Amazon Web Services // CLI (https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) // in the Amazon Web Services Systems Manager User Guide. Amazon Web Services Tools // for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web // Services Tools for PowerShell on Windows local machines. StartSession(ctx context.Context, params *StartSessionInput, optFns ...func(*Options)) (*StartSessionOutput, error) // Stop an Automation that is currently running. StopAutomationExecution(ctx context.Context, params *StopAutomationExecutionInput, optFns ...func(*Options)) (*StopAutomationExecutionOutput, error) // Permanently ends a session and closes the data connection between the Session // Manager client and SSM Agent on the managed node. A terminated session can't be // resumed. TerminateSession(ctx context.Context, params *TerminateSessionInput, optFns ...func(*Options)) (*TerminateSessionOutput, error) // Remove a label or labels from a parameter. UnlabelParameterVersion(ctx context.Context, params *UnlabelParameterVersionInput, optFns ...func(*Options)) (*UnlabelParameterVersionOutput, error) // Updates an association. You can update the association name and version, the // document version, schedule, parameters, and Amazon Simple Storage Service // (Amazon S3) output. When you call UpdateAssociation , the system removes all // optional parameters from the request and overwrites the association with null // values for those parameters. This is by design. You must specify all optional // parameters in the call, even if you are not changing the parameters. This // includes the Name parameter. Before calling this API action, we recommend that // you call the DescribeAssociation API operation and make a note of all optional // parameters required for your UpdateAssociation call. In order to call this API // operation, a user, group, or role must be granted permission to call the // DescribeAssociation API operation. If you don't have permission to call // DescribeAssociation , then you receive the following error: An error occurred // (AccessDeniedException) when calling the UpdateAssociation operation: User: // isn't authorized to perform: ssm:DescribeAssociation on resource: When you // update an association, the association immediately runs against the specified // targets. You can add the ApplyOnlyAtCronInterval parameter to run the // association during the next schedule run. UpdateAssociation(ctx context.Context, params *UpdateAssociationInput, optFns ...func(*Options)) (*UpdateAssociationOutput, error) // Updates the status of the Amazon Web Services Systems Manager document (SSM // document) associated with the specified managed node. UpdateAssociationStatus // is primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent) // to report status updates about your associations and is only used for // associations created with the InstanceId legacy parameter. UpdateAssociationStatus(ctx context.Context, params *UpdateAssociationStatusInput, optFns ...func(*Options)) (*UpdateAssociationStatusOutput, error) // Updates one or more values for an SSM document. UpdateDocument(ctx context.Context, params *UpdateDocumentInput, optFns ...func(*Options)) (*UpdateDocumentOutput, error) // Set the default version of a document. If you change a document version for a // State Manager association, Systems Manager immediately runs the association // unless you previously specifed the apply-only-at-cron-interval parameter. UpdateDocumentDefaultVersion(ctx context.Context, params *UpdateDocumentDefaultVersionInput, optFns ...func(*Options)) (*UpdateDocumentDefaultVersionOutput, error) // Updates information related to approval reviews for a specific version of a // change template in Change Manager. UpdateDocumentMetadata(ctx context.Context, params *UpdateDocumentMetadataInput, optFns ...func(*Options)) (*UpdateDocumentMetadataOutput, error) // Updates an existing maintenance window. Only specified parameters are modified. // The value you specify for Duration determines the specific end time for the // maintenance window based on the time it begins. No maintenance window tasks are // permitted to start after the resulting endtime minus the number of hours you // specify for Cutoff . For example, if the maintenance window starts at 3 PM, the // duration is three hours, and the value you specify for Cutoff is one hour, no // maintenance window tasks can start after 5 PM. UpdateMaintenanceWindow(ctx context.Context, params *UpdateMaintenanceWindowInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowOutput, error) // Modifies the target of an existing maintenance window. You can change the // following: // - Name // - Description // - Owner // - IDs for an ID target // - Tags for a Tag target // - From any supported tag type to another. The three supported tag types are // ID target, Tag target, and resource group. For more information, see Target . // // If a parameter is null, then the corresponding field isn't modified. UpdateMaintenanceWindowTarget(ctx context.Context, params *UpdateMaintenanceWindowTargetInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTargetOutput, error) // Modifies a task assigned to a maintenance window. You can't change the task // type, but you can change the following values: // - TaskARN . For example, you can change a RUN_COMMAND task from // AWS-RunPowerShellScript to AWS-RunShellScript . // - ServiceRoleArn // - TaskInvocationParameters // - Priority // - MaxConcurrency // - MaxErrors // // One or more targets must be specified for maintenance window Run Command-type // tasks. Depending on the task, targets are optional for other maintenance window // task types (Automation, Lambda, and Step Functions). For more information about // running tasks that don't specify targets, see Registering maintenance window // tasks without targets (https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html) // in the Amazon Web Services Systems Manager User Guide. If the value for a // parameter in UpdateMaintenanceWindowTask is null, then the corresponding field // isn't modified. If you set Replace to true, then all fields required by the // RegisterTaskWithMaintenanceWindow operation are required for this request. // Optional fields that aren't specified are set to null. When you update a // maintenance window task that has options specified in TaskInvocationParameters , // you must provide again all the TaskInvocationParameters values that you want to // retain. The values you don't specify again are removed. For example, suppose // that when you registered a Run Command task, you specified // TaskInvocationParameters values for Comment , NotificationConfig , and // OutputS3BucketName . If you update the maintenance window task and specify only // a different OutputS3BucketName value, the values for Comment and // NotificationConfig are removed. UpdateMaintenanceWindowTask(ctx context.Context, params *UpdateMaintenanceWindowTaskInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTaskOutput, error) // Changes the Identity and Access Management (IAM) role that is assigned to the // on-premises server, edge device, or virtual machines (VM). IAM roles are first // assigned to these hybrid nodes during the activation process. For more // information, see CreateActivation . UpdateManagedInstanceRole(ctx context.Context, params *UpdateManagedInstanceRoleInput, optFns ...func(*Options)) (*UpdateManagedInstanceRoleOutput, error) // Edit or change an OpsItem. You must have permission in Identity and Access // Management (IAM) to update an OpsItem. For more information, see Getting // started with OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html) // in the Amazon Web Services Systems Manager User Guide. Operations engineers and // IT professionals use Amazon Web Services Systems Manager OpsCenter to view, // investigate, and remediate operational issues impacting the performance and // health of their Amazon Web Services resources. For more information, see // OpsCenter (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) // in the Amazon Web Services Systems Manager User Guide. UpdateOpsItem(ctx context.Context, params *UpdateOpsItemInput, optFns ...func(*Options)) (*UpdateOpsItemOutput, error) // Amazon Web Services Systems Manager calls this API operation when you edit // OpsMetadata in Application Manager. UpdateOpsMetadata(ctx context.Context, params *UpdateOpsMetadataInput, optFns ...func(*Options)) (*UpdateOpsMetadataOutput, error) // Modifies an existing patch baseline. Fields not specified in the request are // left unchanged. For information about valid key-value pairs in PatchFilters for // each supported operating system type, see PatchFilter . UpdatePatchBaseline(ctx context.Context, params *UpdatePatchBaselineInput, optFns ...func(*Options)) (*UpdatePatchBaselineOutput, error) // Update a resource data sync. After you create a resource data sync for a // Region, you can't change the account options for that sync. For example, if you // create a sync in the us-east-2 (Ohio) Region and you choose the Include only // the current account option, you can't edit that sync later and choose the // Include all accounts from my Organizations configuration option. Instead, you // must delete the first resource data sync, and create a new one. This API // operation only supports a resource data sync that was created with a // SyncFromSource SyncType . UpdateResourceDataSync(ctx context.Context, params *UpdateResourceDataSyncInput, optFns ...func(*Options)) (*UpdateResourceDataSyncOutput, error) // ServiceSetting is an account-level setting for an Amazon Web Services service. // This setting defines how a user interacts with or uses a service or a feature of // a service. For example, if an Amazon Web Services service charges money to the // account based on feature or service usage, then the Amazon Web Services service // team might create a default setting of "false". This means the user can't use // this feature unless they change the setting to "true" and intentionally opt in // for a paid feature. Services map a SettingId object to a setting value. Amazon // Web Services services teams define the default value for a SettingId . You can't // create a new SettingId , but you can overwrite the default value if you have the // ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting // API operation to view the current value. Or, use the ResetServiceSetting to // change the value back to the original value defined by the Amazon Web Services // service team. Update the service setting for the account. UpdateServiceSetting(ctx context.Context, params *UpdateServiceSettingInput, optFns ...func(*Options)) (*UpdateServiceSettingOutput, error) }
SSM provides an interface to the AWS SSM service.
type STS ¶
type STS interface { // Returns a set of temporary security credentials that you can use to access // Amazon Web Services resources. These temporary credentials consist of an access // key ID, a secret access key, and a security token. Typically, you use AssumeRole // within your account or for cross-account access. For a comparison of AssumeRole // with other API operations that produce temporary credentials, see Requesting // Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. Permissions The temporary security credentials created by // AssumeRole can be used to make API calls to any Amazon Web Services service // with the following exception: You cannot call the Amazon Web Services STS // GetFederationToken or GetSessionToken API operations. (Optional) You can pass // inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policy Amazon // Resource Names (ARNs) to use as managed session policies. The plaintext that you // use for both inline and managed session policies can't exceed 2,048 characters. // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's // identity-based policy and the session policies. You can use the role's temporary // credentials in subsequent Amazon Web Services API calls to access resources in // the account that owns the role. You cannot use session policies to grant more // permissions than those allowed by the identity-based policy of the role that is // being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. When you create a role, you create two policies: a role // trust policy that specifies who can assume the role, and a permissions policy // that specifies what can be done with the role. You specify the trusted principal // that is allowed to assume the role in the role trust policy. To assume a role // from a different account, your Amazon Web Services account must be trusted by // the role. The trust relationship is defined in the role's trust policy when the // role is created. That trust policy states which accounts are allowed to delegate // that access to users in the account. A user who wants to access a role in a // different account must also have permissions that are delegated from the account // administrator. The administrator must attach a policy that allows the user to // call AssumeRole for the ARN of the role in the other account. To allow a user // to assume a role in the same account, you can do either of the following: // - Attach a policy to the user that allows the user to call AssumeRole (as long // as the role's trust policy trusts the account). // - Add the user as a principal directly in the role's trust policy. // // You can do either because the role’s trust policy acts as an IAM resource-based // policy. When a resource-based policy grants access to a principal in the same // account, no additional identity-based policy is required. For more information // about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) // in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your // session. These tags are called session tags. For more information about session // tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. An administrator must grant you the permissions necessary // to pass session tags. The administrator can also create granular permissions to // allow you to pass only specific session tags. For more information, see // Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) // in the IAM User Guide. You can set the session tags as transitive. Transitive // tags persist during role chaining. For more information, see Chaining Roles // with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) // in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include // multi-factor authentication (MFA) information when you call AssumeRole . This is // useful for cross-account scenarios to ensure that the user that assumes the role // has been authenticated with an Amazon Web Services MFA device. In that scenario, // the trust policy of the role being assumed includes a condition that tests for // MFA authentication. If the caller does not include valid MFA information, the // request to assume the role is denied. The condition in a trust policy that tests // for MFA authentication might look like the following example. "Condition": // {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see // Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) // in the IAM User Guide guide. To use MFA with AssumeRole , you pass values for // the SerialNumber and TokenCode parameters. The SerialNumber value identifies // the user's hardware or virtual MFA device. The TokenCode is the time-based // one-time password (TOTP) that the MFA device produces. AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) // Returns a set of temporary security credentials for users who have been // authenticated via a SAML authentication response. This operation provides a // mechanism for tying an enterprise identity store or directory to role-based // Amazon Web Services access without user-specific credentials or configuration. // For a comparison of AssumeRoleWithSAML with the other API operations that // produce temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. The temporary security credentials returned by this // operation consist of an access key ID, a secret access key, and a security // token. Applications can use these temporary security credentials to sign calls // to Amazon Web Services services. Session Duration By default, the temporary // security credentials created by AssumeRoleWithSAML last for one hour. However, // you can use the optional DurationSeconds parameter to specify the duration of // your session. Your role session lasts for the duration that you specify, or // until the time specified in the SAML authentication response's // SessionNotOnOrAfter value, whichever is shorter. You can provide a // DurationSeconds value from 900 seconds (15 minutes) up to the maximum session // duration setting for the role. This setting can have a value from 1 hour to 12 // hours. To learn how to view the maximum value for your role, see View the // Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. The maximum session duration limit applies when you use // the AssumeRole* API operations or the assume-role* CLI commands. However the // limit does not apply when you use those operations to create a console URL. For // more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining) // limits your CLI or Amazon Web Services API role session to a maximum of one // hour. When you use the AssumeRole API operation to assume a role, you can // specify the duration of your role session with the DurationSeconds parameter. // You can specify a parameter value of up to 43200 seconds (12 hours), depending // on the maximum session duration setting for your role. However, if you assume a // role using role chaining and provide a DurationSeconds parameter value greater // than one hour, the operation fails. Permissions The temporary security // credentials created by AssumeRoleWithSAML can be used to make API calls to any // Amazon Web Services service with the following exception: you cannot call the // STS GetFederationToken or GetSessionToken API operations. (Optional) You can // pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policy Amazon // Resource Names (ARNs) to use as managed session policies. The plaintext that you // use for both inline and managed session policies can't exceed 2,048 characters. // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's // identity-based policy and the session policies. You can use the role's temporary // credentials in subsequent Amazon Web Services API calls to access resources in // the account that owns the role. You cannot use session policies to grant more // permissions than those allowed by the identity-based policy of the role that is // being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of // Amazon Web Services security credentials. The identity of the caller is // validated by using keys in the metadata document that is uploaded for the SAML // provider entity for your identity provider. Calling AssumeRoleWithSAML can // result in an entry in your CloudTrail logs. The entry includes the value in the // NameID element of the SAML assertion. We recommend that you use a NameIDType // that is not associated with any personally identifiable information (PII). For // example, you could instead use the persistent identifier ( // urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ). Tags (Optional) You can // configure your IdP to pass attributes into your SAML assertion as session tags. // Each session tag consists of a key name and an associated value. For more // information about session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. You can pass up to 50 session tags. The plaintext session // tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. // For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. An Amazon Web Services conversion compresses the passed // inline session policy, managed policy ARNs, and session tags into a packed // binary format that has a separate limit. Your request can fail for this limit // even if your plaintext meets the other requirements. The PackedPolicySize // response element indicates by percentage how close the policies and tags for // your request are to the upper size limit. You can pass a session tag with the // same key as a tag that is attached to the role. When you do, session tags // override the role's tags with the same key. An administrator must grant you the // permissions necessary to pass session tags. The administrator can also create // granular permissions to allow you to pass only specific session tags. For more // information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) // in the IAM User Guide. You can set the session tags as transitive. Transitive // tags persist during role chaining. For more information, see Chaining Roles // with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) // in the IAM User Guide. SAML Configuration Before your application can call // AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to // issue the claims required by Amazon Web Services. Additionally, you must use // Identity and Access Management (IAM) to create a SAML provider entity in your // Amazon Web Services account that represents your identity provider. You must // also create an IAM role that specifies this SAML provider in its trust policy. // For more information, see the following resources: // - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) // in the IAM User Guide. // - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html) // in the IAM User Guide. // - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html) // in the IAM User Guide. // - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html) // in the IAM User Guide. AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error) // Returns a set of temporary security credentials for users who have been // authenticated in a mobile or web application with a web identity provider. // Example providers include the OAuth 2.0 providers Login with Amazon and // Facebook, or any OpenID Connect-compatible identity provider such as Google or // Amazon Cognito federated identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) // . For mobile applications, we recommend that you use Amazon Cognito. You can use // Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) // and the Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) // to uniquely identify a user. You can also supply the user with a consistent // identity throughout the lifetime of an application. To learn more about Amazon // Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) // in Amazon Cognito Developer Guide. Calling AssumeRoleWithWebIdentity does not // require the use of Amazon Web Services security credentials. Therefore, you can // distribute an application (for example, on mobile devices) that requests // temporary security credentials without including long-term Amazon Web Services // credentials in the application. You also don't need to deploy server-based proxy // services that use long-term Amazon Web Services credentials. Instead, the // identity of the caller is validated by using a token from the web identity // provider. For a comparison of AssumeRoleWithWebIdentity with the other API // operations that produce temporary credentials, see Requesting Temporary // Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. The temporary security credentials returned by this API // consist of an access key ID, a secret access key, and a security token. // Applications can use these temporary security credentials to sign calls to // Amazon Web Services service API operations. Session Duration By default, the // temporary security credentials created by AssumeRoleWithWebIdentity last for // one hour. However, you can use the optional DurationSeconds parameter to // specify the duration of your session. You can provide a value from 900 seconds // (15 minutes) up to the maximum session duration setting for the role. This // setting can have a value from 1 hour to 12 hours. To learn how to view the // maximum value for your role, see View the Maximum Session Duration Setting for // a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. The maximum session duration limit applies when you use // the AssumeRole* API operations or the assume-role* CLI commands. However the // limit does not apply when you use those operations to create a console URL. For // more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. Permissions The temporary security credentials created by // AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web // Services service with the following exception: you cannot call the STS // GetFederationToken or GetSessionToken API operations. (Optional) You can pass // inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policy Amazon // Resource Names (ARNs) to use as managed session policies. The plaintext that you // use for both inline and managed session policies can't exceed 2,048 characters. // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's // identity-based policy and the session policies. You can use the role's temporary // credentials in subsequent Amazon Web Services API calls to access resources in // the account that owns the role. You cannot use session policies to grant more // permissions than those allowed by the identity-based policy of the role that is // being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. Tags (Optional) You can configure your IdP to pass // attributes into your web identity token as session tags. Each session tag // consists of a key name and an associated value. For more information about // session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. You can pass up to 50 session tags. The plaintext session // tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. // For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. An Amazon Web Services conversion compresses the passed // inline session policy, managed policy ARNs, and session tags into a packed // binary format that has a separate limit. Your request can fail for this limit // even if your plaintext meets the other requirements. The PackedPolicySize // response element indicates by percentage how close the policies and tags for // your request are to the upper size limit. You can pass a session tag with the // same key as a tag that is attached to the role. When you do, the session tag // overrides the role tag with the same key. An administrator must grant you the // permissions necessary to pass session tags. The administrator can also create // granular permissions to allow you to pass only specific session tags. For more // information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) // in the IAM User Guide. You can set the session tags as transitive. Transitive // tags persist during role chaining. For more information, see Chaining Roles // with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) // in the IAM User Guide. Identities Before your application can call // AssumeRoleWithWebIdentity , you must have an identity token from a supported // identity provider and create a role that the application can assume. The role // that your application assumes must trust the identity provider that is // associated with the identity token. In other words, the identity provider must // be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can // result in an entry in your CloudTrail logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims) // of the provided web identity token. We recommend that you avoid using any // personally identifiable information (PII) in this field. For example, you could // instead use a GUID or a pairwise identifier, as suggested in the OIDC // specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes) // . For more information about how to use web identity federation and the // AssumeRoleWithWebIdentity API, see the following resources: // - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html) // and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) // . // - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/) // . Walk through the process of authenticating through Login with Amazon, // Facebook, or Google, getting temporary security credentials, and then using // those credentials to make a request to Amazon Web Services. // - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) // and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) // . These toolkits contain sample apps that show how to invoke the identity // providers. The toolkits then show how to use the information from these // providers to get and use temporary security credentials. // - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications) // . This article discusses web identity federation and shows an example of how to // use web identity federation to get access to content in Amazon S3. AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) // Decodes additional information about the authorization status of a request from // an encoded message returned in response to an Amazon Web Services request. For // example, if a user is not authorized to perform an operation that he or she has // requested, the request returns a Client.UnauthorizedOperation response (an HTTP // 403 response). Some Amazon Web Services operations additionally return an // encoded message that can provide details about this authorization failure. Only // certain Amazon Web Services operations return an encoded authorization message. // The documentation for an individual operation indicates whether that operation // returns an encoded message in addition to returning an HTTP code. The message is // encoded because the details of the authorization status can contain privileged // information that the user who requested the operation should not see. To decode // an authorization status message, a user must be granted permissions through an // IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) // to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage ) // action. The decoded message includes the following type of information: // - Whether the request was denied due to an explicit deny or due to the // absence of an explicit allow. For more information, see Determining Whether a // Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) // in the IAM User Guide. // - The principal who made the request. // - The requested action. // - The requested resource. // - The values of condition keys in the context of the user's request. DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) // Returns the account identifier for the specified access key ID. Access keys // consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE ) and // a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ). // For more information about access keys, see Managing Access Keys for IAM Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) // in the IAM User Guide. When you pass an access key ID to this operation, it // returns the ID of the Amazon Web Services account to which the keys belong. // Access key IDs beginning with AKIA are long-term credentials for an IAM user or // the Amazon Web Services account root user. Access key IDs beginning with ASIA // are temporary credentials that are created using STS operations. If the account // in the response belongs to you, you can sign in as the root user and review your // root user access keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) // to learn which IAM user owns the keys. To learn who requested the temporary // credentials for an ASIA access key, view the STS events in your CloudTrail logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) // in the IAM User Guide. This operation does not indicate the state of the access // key. The key might be active, inactive, or deleted. Active keys might not have // permissions to perform an operation. Providing a deleted access key might return // an error that the key doesn't exist. GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoInput, optFns ...func(*Options)) (*GetAccessKeyInfoOutput, error) // Returns details about the IAM user or role whose credentials are used to call // the operation. No permissions are required to perform this operation. If an // administrator attaches a policy to your identity that explicitly denies access // to the sts:GetCallerIdentity action, you can still perform this operation. // Permissions are not required because the same information is returned when // access is denied. To view an example response, see I Am Not Authorized to // Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa) // in the IAM User Guide. GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error) // Returns a set of temporary security credentials (consisting of an access key // ID, a secret access key, and a security token) for a user. A typical use is in a // proxy application that gets temporary security credentials on behalf of // distributed applications inside a corporate network. You must call the // GetFederationToken operation using the long-term security credentials of an IAM // user. As a result, this call is appropriate in contexts where those credentials // can be safeguarded, usually in a server-based application. For a comparison of // GetFederationToken with the other API operations that produce temporary // credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. Although it is possible to call GetFederationToken using // the security credentials of an Amazon Web Services account root user rather than // an IAM user that you create for the purpose of a proxy application, we do not // recommend it. For more information, see Safeguard your root user credentials // and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) // in the IAM User Guide. You can create a mobile-based or browser-based app that // can authenticate users using a web identity provider like Login with Amazon, // Facebook, Google, or an OpenID Connect-compatible identity provider. In this // case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/) // or AssumeRoleWithWebIdentity . For more information, see Federation Through a // Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) // in the IAM User Guide. Session duration The temporary credentials are valid for // the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 // seconds (36 hours). The default session duration is 43,200 seconds (12 hours). // Temporary credentials obtained by using the root user credentials have a maximum // duration of 3,600 seconds (1 hour). Permissions You can use the temporary // credentials created by GetFederationToken in any Amazon Web Services service // with the following exceptions: // - You cannot call any IAM operations using the CLI or the Amazon Web Services // API. This limitation does not apply to console sessions. // - You cannot call any STS operations except GetCallerIdentity . // // You can use temporary credentials for single sign-on (SSO) to the console. You // must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policy Amazon // Resource Names (ARNs) to use as managed session policies. The plaintext that you // use for both inline and managed session policies can't exceed 2,048 characters. // Though the session policy parameters are optional, if you do not pass a policy, // then the resulting federated user session has no permissions. When you pass // session policies, the session permissions are the intersection of the IAM user // policies and the session policies that you pass. This gives you a way to further // restrict the permissions for a federated user. You cannot use session policies // to grant more permissions than those that are defined in the permissions policy // of the IAM user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. For information about using GetFederationToken to create // temporary security credentials, see GetFederationToken—Federation Through a // Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken) // . You can use the credentials to access a resource that has a resource-based // policy. If that policy specifically references the federated user session in the // Principal element of the policy, the session has the permissions allowed by the // policy. These permissions are granted in addition to the permissions granted by // the session policies. Tags (Optional) You can pass tag key-value pairs to your // session. These are called session tags. For more information about session tags, // see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. You can create a mobile-based or browser-based app that // can authenticate users using a web identity provider like Login with Amazon, // Facebook, Google, or an OpenID Connect-compatible identity provider. In this // case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/) // or AssumeRoleWithWebIdentity . For more information, see Federation Through a // Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) // in the IAM User Guide. An administrator must grant you the permissions necessary // to pass session tags. The administrator can also create granular permissions to // allow you to pass only specific session tags. For more information, see // Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) // in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is // preserved. This means that you cannot have separate Department and department // tag keys. Assume that the user that you are federating has the Department = // Marketing tag and you pass the department = engineering session tag. Department // and department are not saved as separate tags, and the session tag passed in // the request takes precedence over the user tag. GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) // Returns a set of temporary credentials for an Amazon Web Services account or // IAM user. The credentials consist of an access key ID, a secret access key, and // a security token. Typically, you use GetSessionToken if you want to use MFA to // protect programmatic calls to specific Amazon Web Services API operations like // Amazon EC2 StopInstances . MFA-enabled IAM users must call GetSessionToken and // submit an MFA code that is associated with their MFA device. Using the temporary // security credentials that the call returns, IAM users can then make programmatic // calls to API operations that require MFA authentication. An incorrect MFA code // causes the API to return an access denied error. For a comparison of // GetSessionToken with the other API operations that produce temporary // credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. No permissions are required for users to perform this // operation. The purpose of the sts:GetSessionToken operation is to authenticate // the user using MFA. You cannot use policies to control authentication // operations. For more information, see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html) // in the IAM User Guide. Session Duration The GetSessionToken operation must be // called by using the long-term Amazon Web Services security credentials of an IAM // user. Credentials that are created by IAM users are valid for the duration that // you specify. This duration can range from 900 seconds (15 minutes) up to a // maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 // hours). Credentials based on account credentials can range from 900 seconds (15 // minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. Permissions The // temporary security credentials created by GetSessionToken can be used to make // API calls to any Amazon Web Services service with the following exceptions: // - You cannot call any IAM API operations unless MFA authentication // information is included in the request. // - You cannot call any STS API except AssumeRole or GetCallerIdentity . // // The credentials that GetSessionToken returns are based on permissions // associated with the IAM user whose credentials were used to call the operation. // The temporary credentials have the same permissions as the IAM user. Although it // is possible to call GetSessionToken using the security credentials of an Amazon // Web Services account root user rather than an IAM user, we do not recommend it. // If GetSessionToken is called using root user credentials, the temporary // credentials have root user permissions. For more information, see Safeguard // your root user credentials and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) // in the IAM User Guide For more information about using GetSessionToken to // create temporary credentials, see Temporary Credentials for Users in Untrusted // Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) // in the IAM User Guide. GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) }
STS provides an interface to the AWS STS service.