awsapi

package
v0.197.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: Apache-2.0 Imports: 13 Imported by: 58

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ASG added in v0.92.0

type ASG interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() autoscaling.Options
	// Attaches one or more EC2 instances to the specified Auto Scaling group.
	//
	// When you attach instances, Amazon EC2 Auto Scaling increases the desired
	// capacity of the group by the number of instances being attached. If the number
	// of instances being attached plus the desired capacity of the group exceeds the
	// maximum size of the group, the operation fails.
	//
	// If there is a Classic Load Balancer attached to your Auto Scaling group, the
	// instances are also registered with the load balancer. If there are target groups
	// attached to your Auto Scaling group, the instances are also registered with the
	// target groups.
	//
	// For more information, see [Detach or attach instances] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Detach or attach instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-detach-attach-instances.html
	AttachInstances(ctx context.Context, params *AttachInstancesInput, optFns ...func(*Options)) (*AttachInstancesOutput, error)
	// This API operation is superseded by [AttachTrafficSources], which can attach multiple traffic sources
	// types. We recommend using AttachTrafficSources to simplify how you manage
	// traffic sources. However, we continue to support AttachLoadBalancerTargetGroups
	// . You can use both the original AttachLoadBalancerTargetGroups API operation
	// and AttachTrafficSources on the same Auto Scaling group.
	//
	// Attaches one or more target groups to the specified Auto Scaling group.
	//
	// This operation is used with the following load balancer types:
	//
	//   - Application Load Balancer - Operates at the application layer (layer 7) and
	//     supports HTTP and HTTPS.
	//
	//   - Network Load Balancer - Operates at the transport layer (layer 4) and
	//     supports TCP, TLS, and UDP.
	//
	//   - Gateway Load Balancer - Operates at the network layer (layer 3).
	//
	// To describe the target groups for an Auto Scaling group, call the [DescribeLoadBalancerTargetGroups] API. To
	// detach the target group from the Auto Scaling group, call the [DetachLoadBalancerTargetGroups]API.
	//
	// This operation is additive and does not detach existing target groups or
	// Classic Load Balancers from the Auto Scaling group.
	//
	// For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [DescribeLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancerTargetGroups.html
	// [DetachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachLoadBalancerTargetGroups.html
	// [AttachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
	// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
	AttachLoadBalancerTargetGroups(ctx context.Context, params *AttachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*AttachLoadBalancerTargetGroupsOutput, error)
	// This API operation is superseded by [https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html], which can attach multiple traffic sources
	// types. We recommend using AttachTrafficSources to simplify how you manage
	// traffic sources. However, we continue to support AttachLoadBalancers . You can
	// use both the original AttachLoadBalancers API operation and AttachTrafficSources
	// on the same Auto Scaling group.
	//
	// Attaches one or more Classic Load Balancers to the specified Auto Scaling
	// group. Amazon EC2 Auto Scaling registers the running instances with these
	// Classic Load Balancers.
	//
	// To describe the load balancers for an Auto Scaling group, call the [DescribeLoadBalancers] API. To
	// detach a load balancer from the Auto Scaling group, call the [DetachLoadBalancers]API.
	//
	// This operation is additive and does not detach existing Classic Load Balancers
	// or target groups from the Auto Scaling group.
	//
	// For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [DetachLoadBalancers]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachLoadBalancers.html
	// [DescribeLoadBalancers]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancers.html
	// [https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
	// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
	AttachLoadBalancers(ctx context.Context, params *AttachLoadBalancersInput, optFns ...func(*Options)) (*AttachLoadBalancersOutput, error)
	// Attaches one or more traffic sources to the specified Auto Scaling group.
	//
	// You can use any of the following as traffic sources for an Auto Scaling group:
	//
	//   - Application Load Balancer
	//
	//   - Classic Load Balancer
	//
	//   - Gateway Load Balancer
	//
	//   - Network Load Balancer
	//
	//   - VPC Lattice
	//
	// This operation is additive and does not detach existing traffic sources from
	// the Auto Scaling group.
	//
	// After the operation completes, use the [DescribeTrafficSources] API to return details about the state
	// of the attachments between traffic sources and your Auto Scaling group. To
	// detach a traffic source from the Auto Scaling group, call the [DetachTrafficSources]API.
	//
	// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
	// [DetachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachTrafficSources.html
	AttachTrafficSources(ctx context.Context, params *AttachTrafficSourcesInput, optFns ...func(*Options)) (*AttachTrafficSourcesOutput, error)
	// Deletes one or more scheduled actions for the specified Auto Scaling group.
	BatchDeleteScheduledAction(ctx context.Context, params *BatchDeleteScheduledActionInput, optFns ...func(*Options)) (*BatchDeleteScheduledActionOutput, error)
	// Creates or updates one or more scheduled scaling actions for an Auto Scaling
	// group.
	BatchPutScheduledUpdateGroupAction(ctx context.Context, params *BatchPutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*BatchPutScheduledUpdateGroupActionOutput, error)
	// Cancels an instance refresh or rollback that is in progress. If an instance
	// refresh or rollback is not in progress, an ActiveInstanceRefreshNotFound error
	// occurs.
	//
	// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
	// update instances in your Auto Scaling group after you make configuration
	// changes.
	//
	// When you cancel an instance refresh, this does not roll back any changes that
	// it made. Use the [RollbackInstanceRefresh]API to roll back instead.
	//
	// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
	// [RollbackInstanceRefresh]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_RollbackInstanceRefresh.html
	CancelInstanceRefresh(ctx context.Context, params *CancelInstanceRefreshInput, optFns ...func(*Options)) (*CancelInstanceRefreshOutput, error)
	// Completes the lifecycle action for the specified token or instance with the
	// specified result.
	//
	// This step is a part of the procedure for adding a lifecycle hook to an Auto
	// Scaling group:
	//
	//   - (Optional) Create a launch template or launch configuration with a user
	//     data script that runs while an instance is in a wait state due to a lifecycle
	//     hook.
	//
	//   - (Optional) Create a Lambda function and a rule that allows Amazon
	//     EventBridge to invoke your Lambda function when an instance is put into a wait
	//     state due to a lifecycle hook.
	//
	//   - (Optional) Create a notification target and an IAM role. The target can be
	//     either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
	//     Auto Scaling to publish lifecycle notifications to the target.
	//
	//   - Create the lifecycle hook. Specify whether the hook is used when the
	//     instances launch or terminate.
	//
	//   - If you need more time, record the lifecycle action heartbeat to keep the
	//     instance in a wait state.
	//
	//   - If you finish before the timeout period ends, send a callback by using the [CompleteLifecycleAction]
	//     API call.
	//
	// For more information, see [Complete a lifecycle action] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [CompleteLifecycleAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CompleteLifecycleAction.html
	// [Complete a lifecycle action]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/completing-lifecycle-hooks.html
	CompleteLifecycleAction(ctx context.Context, params *CompleteLifecycleActionInput, optFns ...func(*Options)) (*CompleteLifecycleActionOutput, error)
	//	We strongly recommend using a launch template when calling this operation to
	//
	// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2.
	//
	// Creates an Auto Scaling group with the specified name and attributes.
	//
	// If you exceed your maximum limit of Auto Scaling groups, the call fails. To
	// query this limit, call the [DescribeAccountLimits]API. For information about updating this limit, see [Quotas for Amazon EC2 Auto Scaling]
	// in the Amazon EC2 Auto Scaling User Guide.
	//
	// If you're new to Amazon EC2 Auto Scaling, see the introductory tutorials in [Get started with Amazon EC2 Auto Scaling] in
	// the Amazon EC2 Auto Scaling User Guide.
	//
	// Every Auto Scaling group has three size properties ( DesiredCapacity , MaxSize ,
	// and MinSize ). Usually, you set these sizes based on a specific number of
	// instances. However, if you configure a mixed instances policy that defines
	// weights for the instance types, you must specify these sizes with the same units
	// that you use for weighting instances.
	//
	// [DescribeAccountLimits]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAccountLimits.html
	// [Get started with Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/get-started-with-ec2-auto-scaling.html
	// [Quotas for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html
	CreateAutoScalingGroup(ctx context.Context, params *CreateAutoScalingGroupInput, optFns ...func(*Options)) (*CreateAutoScalingGroupOutput, error)
	// Creates a launch configuration.
	//
	// If you exceed your maximum limit of launch configurations, the call fails. To
	// query this limit, call the [DescribeAccountLimits]API. For information about updating this limit, see [Quotas for Amazon EC2 Auto Scaling]
	// in the Amazon EC2 Auto Scaling User Guide.
	//
	// For more information, see [Launch configurations] in the Amazon EC2 Auto Scaling User Guide.
	//
	// Amazon EC2 Auto Scaling configures instances launched as part of an Auto
	// Scaling group using either a launch template or a launch configuration. We
	// strongly recommend that you do not use launch configurations. They do not
	// provide full functionality for Amazon EC2 Auto Scaling or Amazon EC2. For
	// information about using launch templates, see [Launch templates]in the Amazon EC2 Auto Scaling
	// User Guide.
	//
	// [DescribeAccountLimits]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAccountLimits.html
	// [Quotas for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html
	// [Launch configurations]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html
	// [Launch templates]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-templates.html
	CreateLaunchConfiguration(ctx context.Context, params *CreateLaunchConfigurationInput, optFns ...func(*Options)) (*CreateLaunchConfigurationOutput, error)
	// Creates or updates tags for the specified Auto Scaling group.
	//
	// When you specify a tag with a key that already exists, the operation overwrites
	// the previous tag definition, and you do not get an error message.
	//
	// For more information, see [Tag Auto Scaling groups and instances] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Tag Auto Scaling groups and instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html
	CreateOrUpdateTags(ctx context.Context, params *CreateOrUpdateTagsInput, optFns ...func(*Options)) (*CreateOrUpdateTagsOutput, error)
	// Deletes the specified Auto Scaling group.
	//
	// If the group has instances or scaling activities in progress, you must specify
	// the option to force the deletion in order for it to succeed. The force delete
	// operation will also terminate the EC2 instances. If the group has a warm pool,
	// the force delete option also deletes the warm pool.
	//
	// To remove instances from the Auto Scaling group before deleting it, call the [DetachInstances]
	// API with the list of instances and the option to decrement the desired capacity.
	// This ensures that Amazon EC2 Auto Scaling does not launch replacement instances.
	//
	// To terminate all instances before deleting the Auto Scaling group, call the [UpdateAutoScalingGroup]
	// API and set the minimum size and desired capacity of the Auto Scaling group to
	// zero.
	//
	// If the group has scaling policies, deleting the group deletes the policies, the
	// underlying alarm actions, and any alarm that no longer has an associated action.
	//
	// For more information, see [Delete your Auto Scaling infrastructure] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Delete your Auto Scaling infrastructure]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-process-shutdown.html
	// [DetachInstances]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachInstances.html
	// [UpdateAutoScalingGroup]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_UpdateAutoScalingGroup.html
	DeleteAutoScalingGroup(ctx context.Context, params *DeleteAutoScalingGroupInput, optFns ...func(*Options)) (*DeleteAutoScalingGroupOutput, error)
	// Deletes the specified launch configuration.
	//
	// The launch configuration must not be attached to an Auto Scaling group. When
	// this call completes, the launch configuration is no longer available for use.
	DeleteLaunchConfiguration(ctx context.Context, params *DeleteLaunchConfigurationInput, optFns ...func(*Options)) (*DeleteLaunchConfigurationOutput, error)
	// Deletes the specified lifecycle hook.
	//
	// If there are any outstanding lifecycle actions, they are completed first (
	// ABANDON for launching instances, CONTINUE for terminating instances).
	DeleteLifecycleHook(ctx context.Context, params *DeleteLifecycleHookInput, optFns ...func(*Options)) (*DeleteLifecycleHookOutput, error)
	// Deletes the specified notification.
	DeleteNotificationConfiguration(ctx context.Context, params *DeleteNotificationConfigurationInput, optFns ...func(*Options)) (*DeleteNotificationConfigurationOutput, error)
	// Deletes the specified scaling policy.
	//
	// Deleting either a step scaling policy or a simple scaling policy deletes the
	// underlying alarm action, but does not delete the alarm, even if it no longer has
	// an associated action.
	//
	// For more information, see [Delete a scaling policy] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Delete a scaling policy]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/deleting-scaling-policy.html
	DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error)
	// Deletes the specified scheduled action.
	DeleteScheduledAction(ctx context.Context, params *DeleteScheduledActionInput, optFns ...func(*Options)) (*DeleteScheduledActionOutput, error)
	// Deletes the specified tags.
	DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error)
	// Deletes the warm pool for the specified Auto Scaling group.
	//
	// For more information, see [Warm pools for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Warm pools for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html
	DeleteWarmPool(ctx context.Context, params *DeleteWarmPoolInput, optFns ...func(*Options)) (*DeleteWarmPoolOutput, error)
	// Describes the current Amazon EC2 Auto Scaling resource quotas for your account.
	//
	// When you establish an Amazon Web Services account, the account has initial
	// quotas on the maximum number of Auto Scaling groups and launch configurations
	// that you can create in a given Region. For more information, see [Quotas for Amazon EC2 Auto Scaling]in the Amazon
	// EC2 Auto Scaling User Guide.
	//
	// [Quotas for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html
	DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
	// Describes the available adjustment types for step scaling and simple scaling
	// policies.
	//
	// The following adjustment types are supported:
	//
	//   - ChangeInCapacity
	//
	//   - ExactCapacity
	//
	//   - PercentChangeInCapacity
	DescribeAdjustmentTypes(ctx context.Context, params *DescribeAdjustmentTypesInput, optFns ...func(*Options)) (*DescribeAdjustmentTypesOutput, error)
	// Gets information about the Auto Scaling groups in the account and Region.
	//
	// If you specify Auto Scaling group names, the output includes information for
	// only the specified Auto Scaling groups. If you specify filters, the output
	// includes information for only those Auto Scaling groups that meet the filter
	// criteria. If you do not specify group names or filters, the output includes
	// information for all Auto Scaling groups.
	//
	// This operation also returns information about instances in Auto Scaling groups.
	// To retrieve information about the instances in a warm pool, you must call the [DescribeWarmPool]
	// API.
	//
	// [DescribeWarmPool]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeWarmPool.html
	DescribeAutoScalingGroups(ctx context.Context, params *DescribeAutoScalingGroupsInput, optFns ...func(*Options)) (*DescribeAutoScalingGroupsOutput, error)
	// Gets information about the Auto Scaling instances in the account and Region.
	DescribeAutoScalingInstances(ctx context.Context, params *DescribeAutoScalingInstancesInput, optFns ...func(*Options)) (*DescribeAutoScalingInstancesOutput, error)
	// Describes the notification types that are supported by Amazon EC2 Auto Scaling.
	DescribeAutoScalingNotificationTypes(ctx context.Context, params *DescribeAutoScalingNotificationTypesInput, optFns ...func(*Options)) (*DescribeAutoScalingNotificationTypesOutput, error)
	// Gets information about the instance refreshes for the specified Auto Scaling
	// group from the previous six weeks.
	//
	// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
	// update instances in your Auto Scaling group after you make configuration
	// changes.
	//
	// To help you determine the status of an instance refresh, Amazon EC2 Auto
	// Scaling returns information about the instance refreshes you previously
	// initiated, including their status, start time, end time, the percentage of the
	// instance refresh that is complete, and the number of instances remaining to
	// update before the instance refresh is complete. If a rollback is initiated while
	// an instance refresh is in progress, Amazon EC2 Auto Scaling also returns
	// information about the rollback of the instance refresh.
	//
	// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
	DescribeInstanceRefreshes(ctx context.Context, params *DescribeInstanceRefreshesInput, optFns ...func(*Options)) (*DescribeInstanceRefreshesOutput, error)
	// Gets information about the launch configurations in the account and Region.
	DescribeLaunchConfigurations(ctx context.Context, params *DescribeLaunchConfigurationsInput, optFns ...func(*Options)) (*DescribeLaunchConfigurationsOutput, error)
	// Describes the available types of lifecycle hooks.
	//
	// The following hook types are supported:
	//
	//   - autoscaling:EC2_INSTANCE_LAUNCHING
	//
	//   - autoscaling:EC2_INSTANCE_TERMINATING
	DescribeLifecycleHookTypes(ctx context.Context, params *DescribeLifecycleHookTypesInput, optFns ...func(*Options)) (*DescribeLifecycleHookTypesOutput, error)
	// Gets information about the lifecycle hooks for the specified Auto Scaling group.
	DescribeLifecycleHooks(ctx context.Context, params *DescribeLifecycleHooksInput, optFns ...func(*Options)) (*DescribeLifecycleHooksOutput, error)
	// This API operation is superseded by [DescribeTrafficSources], which can describe multiple traffic
	// sources types. We recommend using DetachTrafficSources to simplify how you
	// manage traffic sources. However, we continue to support
	// DescribeLoadBalancerTargetGroups . You can use both the original
	// DescribeLoadBalancerTargetGroups API operation and DescribeTrafficSources on
	// the same Auto Scaling group.
	//
	// Gets information about the Elastic Load Balancing target groups for the
	// specified Auto Scaling group.
	//
	// To determine the attachment status of the target group, use the State element
	// in the response. When you attach a target group to an Auto Scaling group, the
	// initial State value is Adding . The state transitions to Added after all Auto
	// Scaling instances are registered with the target group. If Elastic Load
	// Balancing health checks are enabled for the Auto Scaling group, the state
	// transitions to InService after at least one Auto Scaling instance passes the
	// health check. When the target group is in the InService state, Amazon EC2 Auto
	// Scaling can terminate and replace any instances that are reported as unhealthy.
	// If no registered instances pass the health checks, the target group doesn't
	// enter the InService state.
	//
	// Target groups also have an InService state if you attach them in the [CreateAutoScalingGroup] API call.
	// If your target group state is InService , but it is not working properly, check
	// the scaling activities by calling [DescribeScalingActivities]and take any corrective actions necessary.
	//
	// For help with failed health checks, see [Troubleshooting Amazon EC2 Auto Scaling: Health checks] in the Amazon EC2 Auto Scaling User
	// Guide. For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]in the Amazon EC2 Auto Scaling User Guide.
	//
	// You can use this operation to describe target groups that were attached by
	// using [AttachLoadBalancerTargetGroups], but not for target groups that were attached by using [AttachTrafficSources].
	//
	// [Troubleshooting Amazon EC2 Auto Scaling: Health checks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html
	// [AttachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachLoadBalancerTargetGroups.html
	// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
	// [CreateAutoScalingGroup]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CreateAutoScalingGroup.html
	// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
	// [AttachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
	// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
	DescribeLoadBalancerTargetGroups(ctx context.Context, params *DescribeLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DescribeLoadBalancerTargetGroupsOutput, error)
	// This API operation is superseded by [DescribeTrafficSources], which can describe multiple traffic
	// sources types. We recommend using DescribeTrafficSources to simplify how you
	// manage traffic sources. However, we continue to support DescribeLoadBalancers .
	// You can use both the original DescribeLoadBalancers API operation and
	// DescribeTrafficSources on the same Auto Scaling group.
	//
	// Gets information about the load balancers for the specified Auto Scaling group.
	//
	// This operation describes only Classic Load Balancers. If you have Application
	// Load Balancers, Network Load Balancers, or Gateway Load Balancers, use the [DescribeLoadBalancerTargetGroups]API
	// instead.
	//
	// To determine the attachment status of the load balancer, use the State element
	// in the response. When you attach a load balancer to an Auto Scaling group, the
	// initial State value is Adding . The state transitions to Added after all Auto
	// Scaling instances are registered with the load balancer. If Elastic Load
	// Balancing health checks are enabled for the Auto Scaling group, the state
	// transitions to InService after at least one Auto Scaling instance passes the
	// health check. When the load balancer is in the InService state, Amazon EC2 Auto
	// Scaling can terminate and replace any instances that are reported as unhealthy.
	// If no registered instances pass the health checks, the load balancer doesn't
	// enter the InService state.
	//
	// Load balancers also have an InService state if you attach them in the [CreateAutoScalingGroup] API
	// call. If your load balancer state is InService , but it is not working properly,
	// check the scaling activities by calling [DescribeScalingActivities]and take any corrective actions
	// necessary.
	//
	// For help with failed health checks, see [Troubleshooting Amazon EC2 Auto Scaling: Health checks] in the Amazon EC2 Auto Scaling User
	// Guide. For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Troubleshooting Amazon EC2 Auto Scaling: Health checks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html
	// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
	// [DescribeLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancerTargetGroups.html
	// [CreateAutoScalingGroup]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CreateAutoScalingGroup.html
	// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
	// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
	DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
	// Describes the available CloudWatch metrics for Amazon EC2 Auto Scaling.
	DescribeMetricCollectionTypes(ctx context.Context, params *DescribeMetricCollectionTypesInput, optFns ...func(*Options)) (*DescribeMetricCollectionTypesOutput, error)
	// Gets information about the Amazon SNS notifications that are configured for one
	// or more Auto Scaling groups.
	DescribeNotificationConfigurations(ctx context.Context, params *DescribeNotificationConfigurationsInput, optFns ...func(*Options)) (*DescribeNotificationConfigurationsOutput, error)
	// Gets information about the scaling policies in the account and Region.
	DescribePolicies(ctx context.Context, params *DescribePoliciesInput, optFns ...func(*Options)) (*DescribePoliciesOutput, error)
	// Gets information about the scaling activities in the account and Region.
	//
	// When scaling events occur, you see a record of the scaling activity in the
	// scaling activities. For more information, see [Verify a scaling activity for an Auto Scaling group]in the Amazon EC2 Auto Scaling
	// User Guide.
	//
	// If the scaling event succeeds, the value of the StatusCode element in the
	// response is Successful . If an attempt to launch instances failed, the
	// StatusCode value is Failed or Cancelled and the StatusMessage element in the
	// response indicates the cause of the failure. For help interpreting the
	// StatusMessage , see [Troubleshooting Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Troubleshooting Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/CHAP_Troubleshooting.html
	// [Verify a scaling activity for an Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html
	DescribeScalingActivities(ctx context.Context, params *DescribeScalingActivitiesInput, optFns ...func(*Options)) (*DescribeScalingActivitiesOutput, error)
	// Describes the scaling process types for use with the [ResumeProcesses] and [SuspendProcesses] APIs.
	//
	// [ResumeProcesses]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_ResumeProcesses.html
	// [SuspendProcesses]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_SuspendProcesses.html
	DescribeScalingProcessTypes(ctx context.Context, params *DescribeScalingProcessTypesInput, optFns ...func(*Options)) (*DescribeScalingProcessTypesOutput, error)
	// Gets information about the scheduled actions that haven't run or that have not
	// reached their end time.
	//
	// To describe the scaling activities for scheduled actions that have already run,
	// call the [DescribeScalingActivities]API.
	//
	// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
	DescribeScheduledActions(ctx context.Context, params *DescribeScheduledActionsInput, optFns ...func(*Options)) (*DescribeScheduledActionsOutput, error)
	// Describes the specified tags.
	//
	// You can use filters to limit the results. For example, you can query for the
	// tags for a specific Auto Scaling group. You can specify multiple values for a
	// filter. A tag must match at least one of the specified values for it to be
	// included in the results.
	//
	// You can also specify multiple filters. The result includes information for a
	// particular tag only if it matches all the filters. If there's no match, no
	// special message is returned.
	//
	// For more information, see [Tag Auto Scaling groups and instances] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Tag Auto Scaling groups and instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html
	DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
	// Describes the termination policies supported by Amazon EC2 Auto Scaling.
	//
	// For more information, see [Configure termination policies for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Configure termination policies for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html
	DescribeTerminationPolicyTypes(ctx context.Context, params *DescribeTerminationPolicyTypesInput, optFns ...func(*Options)) (*DescribeTerminationPolicyTypesOutput, error)
	// Gets information about the traffic sources for the specified Auto Scaling group.
	//
	// You can optionally provide a traffic source type. If you provide a traffic
	// source type, then the results only include that traffic source type.
	//
	// If you do not provide a traffic source type, then the results include all the
	// traffic sources for the specified Auto Scaling group.
	DescribeTrafficSources(ctx context.Context, params *DescribeTrafficSourcesInput, optFns ...func(*Options)) (*DescribeTrafficSourcesOutput, error)
	// Gets information about a warm pool and its instances.
	//
	// For more information, see [Warm pools for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Warm pools for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html
	DescribeWarmPool(ctx context.Context, params *DescribeWarmPoolInput, optFns ...func(*Options)) (*DescribeWarmPoolOutput, error)
	// Removes one or more instances from the specified Auto Scaling group.
	//
	// After the instances are detached, you can manage them independent of the Auto
	// Scaling group.
	//
	// If you do not specify the option to decrement the desired capacity, Amazon EC2
	// Auto Scaling launches instances to replace the ones that are detached.
	//
	// If there is a Classic Load Balancer attached to the Auto Scaling group, the
	// instances are deregistered from the load balancer. If there are target groups
	// attached to the Auto Scaling group, the instances are deregistered from the
	// target groups.
	//
	// For more information, see [Detach or attach instances] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Detach or attach instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-detach-attach-instances.html
	DetachInstances(ctx context.Context, params *DetachInstancesInput, optFns ...func(*Options)) (*DetachInstancesOutput, error)
	// This API operation is superseded by [DetachTrafficSources], which can detach multiple traffic sources
	// types. We recommend using DetachTrafficSources to simplify how you manage
	// traffic sources. However, we continue to support DetachLoadBalancerTargetGroups
	// . You can use both the original DetachLoadBalancerTargetGroups API operation
	// and DetachTrafficSources on the same Auto Scaling group.
	//
	// Detaches one or more target groups from the specified Auto Scaling group.
	//
	// When you detach a target group, it enters the Removing state while
	// deregistering the instances in the group. When all instances are deregistered,
	// then you can no longer describe the target group using the [DescribeLoadBalancerTargetGroups]API call. The
	// instances remain running.
	//
	// You can use this operation to detach target groups that were attached by using [AttachLoadBalancerTargetGroups]
	// , but not for target groups that were attached by using [AttachTrafficSources].
	//
	// [AttachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachLoadBalancerTargetGroups.html
	// [DescribeLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancerTargetGroups.html
	// [DetachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
	// [AttachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
	DetachLoadBalancerTargetGroups(ctx context.Context, params *DetachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DetachLoadBalancerTargetGroupsOutput, error)
	// This API operation is superseded by [DetachTrafficSources], which can detach multiple traffic sources
	// types. We recommend using DetachTrafficSources to simplify how you manage
	// traffic sources. However, we continue to support DetachLoadBalancers . You can
	// use both the original DetachLoadBalancers API operation and DetachTrafficSources
	// on the same Auto Scaling group.
	//
	// Detaches one or more Classic Load Balancers from the specified Auto Scaling
	// group.
	//
	// This operation detaches only Classic Load Balancers. If you have Application
	// Load Balancers, Network Load Balancers, or Gateway Load Balancers, use the [DetachLoadBalancerTargetGroups]API
	// instead.
	//
	// When you detach a load balancer, it enters the Removing state while
	// deregistering the instances in the group. When all instances are deregistered,
	// then you can no longer describe the load balancer using the [DescribeLoadBalancers]API call. The
	// instances remain running.
	//
	// [DetachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachLoadBalancerTargetGroups.html
	// [DescribeLoadBalancers]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancers.html
	// [DetachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachTrafficSources.html
	DetachLoadBalancers(ctx context.Context, params *DetachLoadBalancersInput, optFns ...func(*Options)) (*DetachLoadBalancersOutput, error)
	// Detaches one or more traffic sources from the specified Auto Scaling group.
	//
	// When you detach a traffic source, it enters the Removing state while
	// deregistering the instances in the group. When all instances are deregistered,
	// then you can no longer describe the traffic source using the [DescribeTrafficSources]API call. The
	// instances continue to run.
	//
	// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
	DetachTrafficSources(ctx context.Context, params *DetachTrafficSourcesInput, optFns ...func(*Options)) (*DetachTrafficSourcesOutput, error)
	// Disables group metrics collection for the specified Auto Scaling group.
	DisableMetricsCollection(ctx context.Context, params *DisableMetricsCollectionInput, optFns ...func(*Options)) (*DisableMetricsCollectionOutput, error)
	// Enables group metrics collection for the specified Auto Scaling group.
	//
	// You can use these metrics to track changes in an Auto Scaling group and to set
	// alarms on threshold values. You can view group metrics using the Amazon EC2 Auto
	// Scaling console or the CloudWatch console. For more information, see [Monitor CloudWatch metrics for your Auto Scaling groups and instances]in the
	// Amazon EC2 Auto Scaling User Guide.
	//
	// [Monitor CloudWatch metrics for your Auto Scaling groups and instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-cloudwatch-monitoring.html
	EnableMetricsCollection(ctx context.Context, params *EnableMetricsCollectionInput, optFns ...func(*Options)) (*EnableMetricsCollectionOutput, error)
	// Moves the specified instances into the standby state.
	//
	// If you choose to decrement the desired capacity of the Auto Scaling group, the
	// instances can enter standby as long as the desired capacity of the Auto Scaling
	// group after the instances are placed into standby is equal to or greater than
	// the minimum capacity of the group.
	//
	// If you choose not to decrement the desired capacity of the Auto Scaling group,
	// the Auto Scaling group launches new instances to replace the instances on
	// standby.
	//
	// For more information, see [Temporarily removing instances from your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Temporarily removing instances from your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html
	EnterStandby(ctx context.Context, params *EnterStandbyInput, optFns ...func(*Options)) (*EnterStandbyOutput, error)
	// Executes the specified policy. This can be useful for testing the design of
	// your scaling policy.
	ExecutePolicy(ctx context.Context, params *ExecutePolicyInput, optFns ...func(*Options)) (*ExecutePolicyOutput, error)
	// Moves the specified instances out of the standby state.
	//
	// After you put the instances back in service, the desired capacity is
	// incremented.
	//
	// For more information, see [Temporarily removing instances from your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Temporarily removing instances from your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html
	ExitStandby(ctx context.Context, params *ExitStandbyInput, optFns ...func(*Options)) (*ExitStandbyOutput, error)
	// Retrieves the forecast data for a predictive scaling policy.
	//
	// Load forecasts are predictions of the hourly load values using historical load
	// data from CloudWatch and an analysis of historical trends. Capacity forecasts
	// are represented as predicted values for the minimum capacity that is needed on
	// an hourly basis, based on the hourly load forecast.
	//
	// A minimum of 24 hours of data is required to create the initial forecasts.
	// However, having a full 14 days of historical data results in more accurate
	// forecasts.
	//
	// For more information, see [Predictive scaling for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Predictive scaling for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html
	GetPredictiveScalingForecast(ctx context.Context, params *GetPredictiveScalingForecastInput, optFns ...func(*Options)) (*GetPredictiveScalingForecastOutput, error)
	// Creates or updates a lifecycle hook for the specified Auto Scaling group.
	//
	// Lifecycle hooks let you create solutions that are aware of events in the Auto
	// Scaling instance lifecycle, and then perform a custom action on instances when
	// the corresponding lifecycle event occurs.
	//
	// This step is a part of the procedure for adding a lifecycle hook to an Auto
	// Scaling group:
	//
	//   - (Optional) Create a launch template or launch configuration with a user
	//     data script that runs while an instance is in a wait state due to a lifecycle
	//     hook.
	//
	//   - (Optional) Create a Lambda function and a rule that allows Amazon
	//     EventBridge to invoke your Lambda function when an instance is put into a wait
	//     state due to a lifecycle hook.
	//
	//   - (Optional) Create a notification target and an IAM role. The target can be
	//     either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
	//     Auto Scaling to publish lifecycle notifications to the target.
	//
	//   - Create the lifecycle hook. Specify whether the hook is used when the
	//     instances launch or terminate.
	//
	//   - If you need more time, record the lifecycle action heartbeat to keep the
	//     instance in a wait state using the [RecordLifecycleActionHeartbeat]API call.
	//
	//   - If you finish before the timeout period ends, send a callback by using the [CompleteLifecycleAction]
	//     API call.
	//
	// For more information, see [Amazon EC2 Auto Scaling lifecycle hooks] in the Amazon EC2 Auto Scaling User Guide.
	//
	// If you exceed your maximum limit of lifecycle hooks, which by default is 50 per
	// Auto Scaling group, the call fails.
	//
	// You can view the lifecycle hooks for an Auto Scaling group using the [DescribeLifecycleHooks] API call.
	// If you are no longer using a lifecycle hook, you can delete it by calling the [DeleteLifecycleHook]
	// API.
	//
	// [RecordLifecycleActionHeartbeat]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_RecordLifecycleActionHeartbeat.html
	// [CompleteLifecycleAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CompleteLifecycleAction.html
	// [Amazon EC2 Auto Scaling lifecycle hooks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
	// [DescribeLifecycleHooks]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLifecycleHooks.html
	// [DeleteLifecycleHook]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeleteLifecycleHook.html
	PutLifecycleHook(ctx context.Context, params *PutLifecycleHookInput, optFns ...func(*Options)) (*PutLifecycleHookOutput, error)
	// Configures an Auto Scaling group to send notifications when specified events
	// take place. Subscribers to the specified topic can have messages delivered to an
	// endpoint such as a web server or an email address.
	//
	// This configuration overwrites any existing configuration.
	//
	// For more information, see [Amazon SNS notification options for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
	//
	// If you exceed your maximum limit of SNS topics, which is 10 per Auto Scaling
	// group, the call fails.
	//
	// [Amazon SNS notification options for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-sns-notifications.html
	PutNotificationConfiguration(ctx context.Context, params *PutNotificationConfigurationInput, optFns ...func(*Options)) (*PutNotificationConfigurationOutput, error)
	// Creates or updates a scaling policy for an Auto Scaling group. Scaling policies
	// are used to scale an Auto Scaling group based on configurable metrics. If no
	// policies are defined, the dynamic scaling and predictive scaling features are
	// not used.
	//
	// For more information about using dynamic scaling, see [Target tracking scaling policies] and [Step and simple scaling policies] in the Amazon EC2
	// Auto Scaling User Guide.
	//
	// For more information about using predictive scaling, see [Predictive scaling for Amazon EC2 Auto Scaling] in the Amazon EC2
	// Auto Scaling User Guide.
	//
	// You can view the scaling policies for an Auto Scaling group using the [DescribePolicies] API
	// call. If you are no longer using a scaling policy, you can delete it by calling
	// the [DeletePolicy]API.
	//
	// [Step and simple scaling policies]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html
	// [DeletePolicy]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeletePolicy.html
	// [Target tracking scaling policies]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html
	// [DescribePolicies]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribePolicies.html
	// [Predictive scaling for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html
	PutScalingPolicy(ctx context.Context, params *PutScalingPolicyInput, optFns ...func(*Options)) (*PutScalingPolicyOutput, error)
	// Creates or updates a scheduled scaling action for an Auto Scaling group.
	//
	// For more information, see [Scheduled scaling] in the Amazon EC2 Auto Scaling User Guide.
	//
	// You can view the scheduled actions for an Auto Scaling group using the [DescribeScheduledActions] API
	// call. If you are no longer using a scheduled action, you can delete it by
	// calling the [DeleteScheduledAction]API.
	//
	// If you try to schedule your action in the past, Amazon EC2 Auto Scaling returns
	// an error message.
	//
	// [DeleteScheduledAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeleteScheduledAction.html
	// [DescribeScheduledActions]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScheduledActions.html
	// [Scheduled scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scheduled-scaling.html
	PutScheduledUpdateGroupAction(ctx context.Context, params *PutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*PutScheduledUpdateGroupActionOutput, error)
	// Creates or updates a warm pool for the specified Auto Scaling group. A warm
	// pool is a pool of pre-initialized EC2 instances that sits alongside the Auto
	// Scaling group. Whenever your application needs to scale out, the Auto Scaling
	// group can draw on the warm pool to meet its new desired capacity.
	//
	// This operation must be called from the Region in which the Auto Scaling group
	// was created.
	//
	// You can view the instances in the warm pool using the [DescribeWarmPool] API call. If you are no
	// longer using a warm pool, you can delete it by calling the [DeleteWarmPool]API.
	//
	// For more information, see [Warm pools for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [DeleteWarmPool]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeleteWarmPool.html
	// [DescribeWarmPool]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeWarmPool.html
	// [Warm pools for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html
	PutWarmPool(ctx context.Context, params *PutWarmPoolInput, optFns ...func(*Options)) (*PutWarmPoolOutput, error)
	// Records a heartbeat for the lifecycle action associated with the specified
	// token or instance. This extends the timeout by the length of time defined using
	// the [PutLifecycleHook]API call.
	//
	// This step is a part of the procedure for adding a lifecycle hook to an Auto
	// Scaling group:
	//
	//   - (Optional) Create a launch template or launch configuration with a user
	//     data script that runs while an instance is in a wait state due to a lifecycle
	//     hook.
	//
	//   - (Optional) Create a Lambda function and a rule that allows Amazon
	//     EventBridge to invoke your Lambda function when an instance is put into a wait
	//     state due to a lifecycle hook.
	//
	//   - (Optional) Create a notification target and an IAM role. The target can be
	//     either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
	//     Auto Scaling to publish lifecycle notifications to the target.
	//
	//   - Create the lifecycle hook. Specify whether the hook is used when the
	//     instances launch or terminate.
	//
	//   - If you need more time, record the lifecycle action heartbeat to keep the
	//     instance in a wait state.
	//
	//   - If you finish before the timeout period ends, send a callback by using the [CompleteLifecycleAction]
	//     API call.
	//
	// For more information, see [Amazon EC2 Auto Scaling lifecycle hooks] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [CompleteLifecycleAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CompleteLifecycleAction.html
	// [Amazon EC2 Auto Scaling lifecycle hooks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
	// [PutLifecycleHook]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutLifecycleHook.html
	RecordLifecycleActionHeartbeat(ctx context.Context, params *RecordLifecycleActionHeartbeatInput, optFns ...func(*Options)) (*RecordLifecycleActionHeartbeatOutput, error)
	// Resumes the specified suspended auto scaling processes, or all suspended
	// process, for the specified Auto Scaling group.
	//
	// For more information, see [Suspend and resume Amazon EC2 Auto Scaling processes] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Suspend and resume Amazon EC2 Auto Scaling processes]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html
	ResumeProcesses(ctx context.Context, params *ResumeProcessesInput, optFns ...func(*Options)) (*ResumeProcessesOutput, error)
	// Cancels an instance refresh that is in progress and rolls back any changes that
	// it made. Amazon EC2 Auto Scaling replaces any instances that were replaced
	// during the instance refresh. This restores your Auto Scaling group to the
	// configuration that it was using before the start of the instance refresh.
	//
	// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
	// update instances in your Auto Scaling group after you make configuration
	// changes.
	//
	// A rollback is not supported in the following situations:
	//
	//   - There is no desired configuration specified for the instance refresh.
	//
	//   - The Auto Scaling group has a launch template that uses an Amazon Web
	//     Services Systems Manager parameter instead of an AMI ID for the ImageId
	//     property.
	//
	//   - The Auto Scaling group uses the launch template's $Latest or $Default
	//     version.
	//
	// When you receive a successful response from this operation, Amazon EC2 Auto
	// Scaling immediately begins replacing instances. You can check the status of this
	// operation through the [DescribeInstanceRefreshes]API operation.
	//
	// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
	// [DescribeInstanceRefreshes]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeInstanceRefreshes.html
	RollbackInstanceRefresh(ctx context.Context, params *RollbackInstanceRefreshInput, optFns ...func(*Options)) (*RollbackInstanceRefreshOutput, error)
	// Sets the size of the specified Auto Scaling group.
	//
	// If a scale-in activity occurs as a result of a new DesiredCapacity value that
	// is lower than the current size of the group, the Auto Scaling group uses its
	// termination policy to determine which instances to terminate.
	//
	// For more information, see [Manual scaling] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Manual scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scaling-manually.html
	SetDesiredCapacity(ctx context.Context, params *SetDesiredCapacityInput, optFns ...func(*Options)) (*SetDesiredCapacityOutput, error)
	// Sets the health status of the specified instance.
	//
	// For more information, see [Set up a custom health check for your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Set up a custom health check for your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/set-up-a-custom-health-check.html
	SetInstanceHealth(ctx context.Context, params *SetInstanceHealthInput, optFns ...func(*Options)) (*SetInstanceHealthOutput, error)
	// Updates the instance protection settings of the specified instances. This
	// operation cannot be called on instances in a warm pool.
	//
	// For more information, see [Use instance scale-in protection] in the Amazon EC2 Auto Scaling User Guide.
	//
	// If you exceed your maximum limit of instance IDs, which is 50 per Auto Scaling
	// group, the call fails.
	//
	// [Use instance scale-in protection]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html
	SetInstanceProtection(ctx context.Context, params *SetInstanceProtectionInput, optFns ...func(*Options)) (*SetInstanceProtectionOutput, error)
	// Starts an instance refresh.
	//
	// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
	// update instances in your Auto Scaling group. This feature is helpful, for
	// example, when you have a new AMI or a new user data script. You just need to
	// create a new launch template that specifies the new AMI or user data script.
	// Then start an instance refresh to immediately begin the process of updating
	// instances in the group.
	//
	// If successful, the request's response contains a unique ID that you can use to
	// track the progress of the instance refresh. To query its status, call the [DescribeInstanceRefreshes]API.
	// To describe the instance refreshes that have already run, call the [DescribeInstanceRefreshes]API. To
	// cancel an instance refresh that is in progress, use the [CancelInstanceRefresh]API.
	//
	// An instance refresh might fail for several reasons, such as EC2 launch
	// failures, misconfigured health checks, or not ignoring or allowing the
	// termination of instances that are in Standby state or protected from scale in.
	// You can monitor for failed EC2 launches using the scaling activities. To find
	// the scaling activities, call the [DescribeScalingActivities]API.
	//
	// If you enable auto rollback, your Auto Scaling group will be rolled back
	// automatically when the instance refresh fails. You can enable this feature
	// before starting an instance refresh by specifying the AutoRollback property in
	// the instance refresh preferences. Otherwise, to roll back an instance refresh
	// before it finishes, use the [RollbackInstanceRefresh]API.
	//
	// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
	// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
	// [DescribeInstanceRefreshes]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeInstanceRefreshes.html
	// [CancelInstanceRefresh]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CancelInstanceRefresh.html
	// [RollbackInstanceRefresh]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_RollbackInstanceRefresh.html
	StartInstanceRefresh(ctx context.Context, params *StartInstanceRefreshInput, optFns ...func(*Options)) (*StartInstanceRefreshOutput, error)
	// Suspends the specified auto scaling processes, or all processes, for the
	// specified Auto Scaling group.
	//
	// If you suspend either the Launch or Terminate process types, it can prevent
	// other process types from functioning properly. For more information, see [Suspend and resume Amazon EC2 Auto Scaling processes]in the
	// Amazon EC2 Auto Scaling User Guide.
	//
	// To resume processes that have been suspended, call the [ResumeProcesses] API.
	//
	// [ResumeProcesses]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_ResumeProcesses.html
	// [Suspend and resume Amazon EC2 Auto Scaling processes]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html
	SuspendProcesses(ctx context.Context, params *SuspendProcessesInput, optFns ...func(*Options)) (*SuspendProcessesOutput, error)
	// Terminates the specified instance and optionally adjusts the desired group
	// size. This operation cannot be called on instances in a warm pool.
	//
	// This call simply makes a termination request. The instance is not terminated
	// immediately. When an instance is terminated, the instance status changes to
	// terminated . You can't connect to or start an instance after you've terminated
	// it.
	//
	// If you do not specify the option to decrement the desired capacity, Amazon EC2
	// Auto Scaling launches instances to replace the ones that are terminated.
	//
	// By default, Amazon EC2 Auto Scaling balances instances across all Availability
	// Zones. If you decrement the desired capacity, your Auto Scaling group can become
	// unbalanced between Availability Zones. Amazon EC2 Auto Scaling tries to
	// rebalance the group, and rebalancing might terminate instances in other zones.
	// For more information, see [Manual scaling]in the Amazon EC2 Auto Scaling User Guide.
	//
	// [Manual scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scaling-manually.html
	TerminateInstanceInAutoScalingGroup(ctx context.Context, params *TerminateInstanceInAutoScalingGroupInput, optFns ...func(*Options)) (*TerminateInstanceInAutoScalingGroupOutput, error)
	//	We strongly recommend that all Auto Scaling groups use launch templates to
	//
	// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2.
	//
	// Updates the configuration for the specified Auto Scaling group.
	//
	// To update an Auto Scaling group, specify the name of the group and the property
	// that you want to change. Any properties that you don't specify are not changed
	// by this update request. The new settings take effect on any scaling activities
	// after this call returns.
	//
	// If you associate a new launch configuration or template with an Auto Scaling
	// group, all new instances will get the updated configuration. Existing instances
	// continue to run with the configuration that they were originally launched with.
	// When you update a group to specify a mixed instances policy instead of a launch
	// configuration or template, existing instances may be replaced to match the new
	// purchasing options that you specified in the policy. For example, if the group
	// currently has 100% On-Demand capacity and the policy specifies 50% Spot
	// capacity, this means that half of your instances will be gradually terminated
	// and relaunched as Spot Instances. When replacing instances, Amazon EC2 Auto
	// Scaling launches new instances before terminating the old ones, so that updating
	// your group does not compromise the performance or availability of your
	// application.
	//
	// Note the following about changing DesiredCapacity , MaxSize , or MinSize :
	//
	//   - If a scale-in activity occurs as a result of a new DesiredCapacity value
	//     that is lower than the current size of the group, the Auto Scaling group uses
	//     its termination policy to determine which instances to terminate.
	//
	//   - If you specify a new value for MinSize without specifying a value for
	//     DesiredCapacity , and the new MinSize is larger than the current size of the
	//     group, this sets the group's DesiredCapacity to the new MinSize value.
	//
	//   - If you specify a new value for MaxSize without specifying a value for
	//     DesiredCapacity , and the new MaxSize is smaller than the current size of the
	//     group, this sets the group's DesiredCapacity to the new MaxSize value.
	//
	// To see which properties have been set, call the [DescribeAutoScalingGroups] API. To view the scaling
	// policies for an Auto Scaling group, call the [DescribePolicies]API. If the group has scaling
	// policies, you can update them by calling the [PutScalingPolicy]API.
	//
	// [DescribeAutoScalingGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAutoScalingGroups.html
	// [DescribePolicies]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribePolicies.html
	// [PutScalingPolicy]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutScalingPolicy.html
	UpdateAutoScalingGroup(ctx context.Context, params *UpdateAutoScalingGroupInput, optFns ...func(*Options)) (*UpdateAutoScalingGroupOutput, error)
}

ASG provides an interface to the AWS ASG service.

type CloudFormation

type CloudFormation interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() cloudformation.Options
	// Activate trusted access with Organizations. With trusted access between
	// StackSets and Organizations activated, the management account has permissions to
	// create and manage StackSets for your organization.
	ActivateOrganizationsAccess(ctx context.Context, params *ActivateOrganizationsAccessInput, optFns ...func(*Options)) (*ActivateOrganizationsAccessOutput, error)
	// Activates a public third-party extension, making it available for use in stack
	// templates. Once you have activated a public third-party extension in your
	// account and Region, use [SetTypeConfiguration]to specify configuration properties for the extension.
	// For more information, see [Using public extensions]in the CloudFormation User Guide.
	//
	// [SetTypeConfiguration]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html
	// [Using public extensions]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html
	ActivateType(ctx context.Context, params *ActivateTypeInput, optFns ...func(*Options)) (*ActivateTypeOutput, error)
	// Returns configuration data for the specified CloudFormation extensions, from
	// the CloudFormation registry for the account and Region.
	//
	// For more information, see [Edit configuration data for extensions in your account] in the CloudFormation User Guide.
	//
	// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
	BatchDescribeTypeConfigurations(ctx context.Context, params *BatchDescribeTypeConfigurationsInput, optFns ...func(*Options)) (*BatchDescribeTypeConfigurationsOutput, error)
	// Cancels an update on the specified stack. If the call completes successfully,
	// the stack rolls back the update and reverts to the previous stack configuration.
	//
	// You can cancel only stacks that are in the UPDATE_IN_PROGRESS state.
	CancelUpdateStack(ctx context.Context, params *CancelUpdateStackInput, optFns ...func(*Options)) (*CancelUpdateStackOutput, error)
	// For a specified stack that's in the UPDATE_ROLLBACK_FAILED state, continues
	// rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause
	// of the failure, you can manually [fix the error]and continue the rollback. By continuing the
	// rollback, you can return your stack to a working state (the
	// UPDATE_ROLLBACK_COMPLETE state), and then try to update the stack again.
	//
	// A stack goes into the UPDATE_ROLLBACK_FAILED state when CloudFormation can't
	// roll back all changes after a failed stack update. For example, you might have a
	// stack that's rolling back to an old database instance that was deleted outside
	// of CloudFormation. Because CloudFormation doesn't know the database was deleted,
	// it assumes that the database instance still exists and attempts to roll back to
	// it, causing the update rollback to fail.
	//
	// [fix the error]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed
	ContinueUpdateRollback(ctx context.Context, params *ContinueUpdateRollbackInput, optFns ...func(*Options)) (*ContinueUpdateRollbackOutput, error)
	// Creates a list of changes that will be applied to a stack so that you can
	// review the changes before executing them. You can create a change set for a
	// stack that doesn't exist or an existing stack. If you create a change set for a
	// stack that doesn't exist, the change set shows all of the resources that
	// CloudFormation will create. If you create a change set for an existing stack,
	// CloudFormation compares the stack's information with the information that you
	// submit in the change set and lists the differences. Use change sets to
	// understand which resources CloudFormation will create or change, and how it will
	// change resources in an existing stack, before you create or update a stack.
	//
	// To create a change set for a stack that doesn't exist, for the ChangeSetType
	// parameter, specify CREATE . To create a change set for an existing stack,
	// specify UPDATE for the ChangeSetType parameter. To create a change set for an
	// import operation, specify IMPORT for the ChangeSetType parameter. After the
	// CreateChangeSet call successfully completes, CloudFormation starts creating the
	// change set. To check the status of the change set or to review it, use the DescribeChangeSet
	// action.
	//
	// When you are satisfied with the changes the change set will make, execute the
	// change set by using the ExecuteChangeSetaction. CloudFormation doesn't make changes until you
	// execute the change set.
	//
	// To create a change set for the entire stack hierarchy, set IncludeNestedStacks
	// to True .
	CreateChangeSet(ctx context.Context, params *CreateChangeSetInput, optFns ...func(*Options)) (*CreateChangeSetOutput, error)
	// Creates a template from existing resources that are not already managed with
	// CloudFormation. You can check the status of the template generation using the
	// DescribeGeneratedTemplate API action.
	CreateGeneratedTemplate(ctx context.Context, params *CreateGeneratedTemplateInput, optFns ...func(*Options)) (*CreateGeneratedTemplateOutput, error)
	// Creates a stack as specified in the template. After the call completes
	// successfully, the stack creation starts. You can check the status of the stack
	// through the DescribeStacksoperation.
	//
	// For more information about creating a stack and monitoring stack progress, see [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]
	// in the CloudFormation User Guide.
	//
	// [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html
	CreateStack(ctx context.Context, params *CreateStackInput, optFns ...func(*Options)) (*CreateStackOutput, error)
	// Creates stack instances for the specified accounts, within the specified Amazon
	// Web Services Regions. A stack instance refers to a stack in a specific account
	// and Region. You must specify at least one value for either Accounts or
	// DeploymentTargets , and you must specify at least one value for Regions .
	CreateStackInstances(ctx context.Context, params *CreateStackInstancesInput, optFns ...func(*Options)) (*CreateStackInstancesOutput, error)
	// Creates a stack set.
	CreateStackSet(ctx context.Context, params *CreateStackSetInput, optFns ...func(*Options)) (*CreateStackSetOutput, error)
	// Deactivates trusted access with Organizations. If trusted access is
	// deactivated, the management account does not have permissions to create and
	// manage service-managed StackSets for your organization.
	DeactivateOrganizationsAccess(ctx context.Context, params *DeactivateOrganizationsAccessInput, optFns ...func(*Options)) (*DeactivateOrganizationsAccessOutput, error)
	// Deactivates a public extension that was previously activated in this account
	// and Region.
	//
	// Once deactivated, an extension can't be used in any CloudFormation operation.
	// This includes stack update operations where the stack template includes the
	// extension, even if no updates are being made to the extension. In addition,
	// deactivated extensions aren't automatically updated if a new version of the
	// extension is released.
	DeactivateType(ctx context.Context, params *DeactivateTypeInput, optFns ...func(*Options)) (*DeactivateTypeOutput, error)
	// Deletes the specified change set. Deleting change sets ensures that no one
	// executes the wrong change set.
	//
	// If the call successfully completes, CloudFormation successfully deleted the
	// change set.
	//
	// If IncludeNestedStacks specifies True during the creation of the nested change
	// set, then DeleteChangeSet will delete all change sets that belong to the stacks
	// hierarchy and will also delete all change sets for nested stacks with the status
	// of REVIEW_IN_PROGRESS .
	DeleteChangeSet(ctx context.Context, params *DeleteChangeSetInput, optFns ...func(*Options)) (*DeleteChangeSetOutput, error)
	// Deleted a generated template.
	DeleteGeneratedTemplate(ctx context.Context, params *DeleteGeneratedTemplateInput, optFns ...func(*Options)) (*DeleteGeneratedTemplateOutput, error)
	// Deletes a specified stack. Once the call completes successfully, stack deletion
	// starts. Deleted stacks don't show up in the DescribeStacksoperation if the deletion has been
	// completed successfully.
	//
	// For more information about deleting a stack, see [Delete a stack from the CloudFormation console] in the CloudFormation User
	// Guide.
	//
	// [Delete a stack from the CloudFormation console]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-delete-stack.html
	DeleteStack(ctx context.Context, params *DeleteStackInput, optFns ...func(*Options)) (*DeleteStackOutput, error)
	// Deletes stack instances for the specified accounts, in the specified Amazon Web
	// Services Regions.
	DeleteStackInstances(ctx context.Context, params *DeleteStackInstancesInput, optFns ...func(*Options)) (*DeleteStackInstancesOutput, error)
	// Deletes a stack set. Before you can delete a stack set, all its member stack
	// instances must be deleted. For more information about how to complete this, see DeleteStackInstances
	// .
	DeleteStackSet(ctx context.Context, params *DeleteStackSetInput, optFns ...func(*Options)) (*DeleteStackSetOutput, error)
	// Marks an extension or extension version as DEPRECATED in the CloudFormation
	// registry, removing it from active use. Deprecated extensions or extension
	// versions cannot be used in CloudFormation operations.
	//
	// To deregister an entire extension, you must individually deregister all active
	// versions of that extension. If an extension has only a single active version,
	// deregistering that version results in the extension itself being deregistered
	// and marked as deprecated in the registry.
	//
	// You can't deregister the default version of an extension if there are other
	// active version of that extension. If you do deregister the default version of an
	// extension, the extension type itself is deregistered as well and marked as
	// deprecated.
	//
	// To view the deprecation status of an extension or extension version, use [DescribeType].
	//
	// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
	DeregisterType(ctx context.Context, params *DeregisterTypeInput, optFns ...func(*Options)) (*DeregisterTypeOutput, error)
	// Retrieves your account's CloudFormation limits, such as the maximum number of
	// stacks that you can create in your account. For more information about account
	// limits, see [Understand CloudFormation quotas]in the CloudFormation User Guide.
	//
	// [Understand CloudFormation quotas]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html
	DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
	// Returns the inputs for the change set and a list of changes that CloudFormation
	// will make if you execute the change set. For more information, see [Update CloudFormation stacks using change sets]in the
	// CloudFormation User Guide.
	//
	// [Update CloudFormation stacks using change sets]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html
	DescribeChangeSet(ctx context.Context, params *DescribeChangeSetInput, optFns ...func(*Options)) (*DescribeChangeSetOutput, error)
	// Returns hook-related information for the change set and a list of changes that
	// CloudFormation makes when you run the change set.
	DescribeChangeSetHooks(ctx context.Context, params *DescribeChangeSetHooksInput, optFns ...func(*Options)) (*DescribeChangeSetHooksOutput, error)
	// Describes a generated template. The output includes details about the progress
	// of the creation of a generated template started by a CreateGeneratedTemplate
	// API action or the update of a generated template started with an
	// UpdateGeneratedTemplate API action.
	DescribeGeneratedTemplate(ctx context.Context, params *DescribeGeneratedTemplateInput, optFns ...func(*Options)) (*DescribeGeneratedTemplateOutput, error)
	// Retrieves information about the account's OrganizationAccess status. This API
	// can be called either by the management account or the delegated administrator by
	// using the CallAs parameter. This API can also be called without the CallAs
	// parameter by the management account.
	DescribeOrganizationsAccess(ctx context.Context, params *DescribeOrganizationsAccessInput, optFns ...func(*Options)) (*DescribeOrganizationsAccessOutput, error)
	// Returns information about a CloudFormation extension publisher.
	//
	// If you don't supply a PublisherId , and you have registered as an extension
	// publisher, DescribePublisher returns information about your own publisher
	// account.
	//
	// For more information about registering as a publisher, see:
	//
	// [RegisterPublisher]
	//
	// [Publishing extensions to make them available for public use]
	//   - in the CloudFormation Command Line Interface (CLI) User Guide
	//
	// [Publishing extensions to make them available for public use]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html
	// [RegisterPublisher]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html
	DescribePublisher(ctx context.Context, params *DescribePublisherInput, optFns ...func(*Options)) (*DescribePublisherOutput, error)
	// Describes details of a resource scan.
	DescribeResourceScan(ctx context.Context, params *DescribeResourceScanInput, optFns ...func(*Options)) (*DescribeResourceScanOutput, error)
	// Returns information about a stack drift detection operation. A stack drift
	// detection operation detects whether a stack's actual configuration differs, or
	// has drifted, from its expected configuration, as defined in the stack template
	// and any values specified as template parameters. A stack is considered to have
	// drifted if one or more of its resources have drifted. For more information about
	// stack and resource drift, see [Detect unmanaged configuration changes to stacks and resources with drift detection].
	//
	// Use DetectStackDrift to initiate a stack drift detection operation. DetectStackDrift returns a
	// StackDriftDetectionId you can use to monitor the progress of the operation using
	// DescribeStackDriftDetectionStatus . Once the drift detection operation has
	// completed, use DescribeStackResourceDriftsto return drift information about the stack and its resources.
	//
	// [Detect unmanaged configuration changes to stacks and resources with drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
	DescribeStackDriftDetectionStatus(ctx context.Context, params *DescribeStackDriftDetectionStatusInput, optFns ...func(*Options)) (*DescribeStackDriftDetectionStatusOutput, error)
	// Returns all stack related events for a specified stack in reverse chronological
	// order. For more information about a stack's event history, see [Understand CloudFormation stack creation events]in the
	// CloudFormation User Guide.
	//
	// You can list events for stacks that have failed to create or have been deleted
	// by specifying the unique stack identifier (stack ID).
	//
	// [Understand CloudFormation stack creation events]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stack-resource-configuration-complete.html
	DescribeStackEvents(ctx context.Context, params *DescribeStackEventsInput, optFns ...func(*Options)) (*DescribeStackEventsOutput, error)
	// Returns the stack instance that's associated with the specified StackSet,
	// Amazon Web Services account, and Amazon Web Services Region.
	//
	// For a list of stack instances that are associated with a specific StackSet, use ListStackInstances
	// .
	DescribeStackInstance(ctx context.Context, params *DescribeStackInstanceInput, optFns ...func(*Options)) (*DescribeStackInstanceOutput, error)
	// Returns a description of the specified resource in the specified stack.
	//
	// For deleted stacks, DescribeStackResource returns resource information for up
	// to 90 days after the stack has been deleted.
	DescribeStackResource(ctx context.Context, params *DescribeStackResourceInput, optFns ...func(*Options)) (*DescribeStackResourceOutput, error)
	// Returns drift information for the resources that have been checked for drift in
	// the specified stack. This includes actual and expected configuration values for
	// resources where CloudFormation detects configuration drift.
	//
	// For a given stack, there will be one StackResourceDrift for each stack resource
	// that has been checked for drift. Resources that haven't yet been checked for
	// drift aren't included. Resources that don't currently support drift detection
	// aren't checked, and so not included. For a list of resources that support drift
	// detection, see [Resource type support for imports and drift detection].
	//
	// Use DetectStackResourceDrift to detect drift on individual resources, or DetectStackDrift to detect drift on all
	// supported resources for a given stack.
	//
	// [Resource type support for imports and drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
	DescribeStackResourceDrifts(ctx context.Context, params *DescribeStackResourceDriftsInput, optFns ...func(*Options)) (*DescribeStackResourceDriftsOutput, error)
	// Returns Amazon Web Services resource descriptions for running and deleted
	// stacks. If StackName is specified, all the associated resources that are part
	// of the stack are returned. If PhysicalResourceId is specified, the associated
	// resources of the stack that the resource belongs to are returned.
	//
	// Only the first 100 resources will be returned. If your stack has more resources
	// than this, you should use ListStackResources instead.
	//
	// For deleted stacks, DescribeStackResources returns resource information for up
	// to 90 days after the stack has been deleted.
	//
	// You must specify either StackName or PhysicalResourceId , but not both. In
	// addition, you can specify LogicalResourceId to filter the returned result. For
	// more information about resources, the LogicalResourceId and PhysicalResourceId ,
	// see the [CloudFormation User Guide].
	//
	// A ValidationError is returned if you specify both StackName and
	// PhysicalResourceId in the same request.
	//
	// [CloudFormation User Guide]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/
	DescribeStackResources(ctx context.Context, params *DescribeStackResourcesInput, optFns ...func(*Options)) (*DescribeStackResourcesOutput, error)
	// Returns the description of the specified StackSet.
	DescribeStackSet(ctx context.Context, params *DescribeStackSetInput, optFns ...func(*Options)) (*DescribeStackSetOutput, error)
	// Returns the description of the specified StackSet operation.
	DescribeStackSetOperation(ctx context.Context, params *DescribeStackSetOperationInput, optFns ...func(*Options)) (*DescribeStackSetOperationOutput, error)
	// Returns the description for the specified stack; if no stack name was
	// specified, then it returns the description for all the stacks created. For more
	// information about a stack's event history, see [Understand CloudFormation stack creation events]in the CloudFormation User Guide.
	//
	// If the stack doesn't exist, a ValidationError is returned.
	//
	// [Understand CloudFormation stack creation events]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stack-resource-configuration-complete.html
	DescribeStacks(ctx context.Context, params *DescribeStacksInput, optFns ...func(*Options)) (*DescribeStacksOutput, error)
	// Returns detailed information about an extension that has been registered.
	//
	// If you specify a VersionId , DescribeType returns information about that
	// specific extension version. Otherwise, it returns information about the default
	// extension version.
	DescribeType(ctx context.Context, params *DescribeTypeInput, optFns ...func(*Options)) (*DescribeTypeOutput, error)
	// Returns information about an extension's registration, including its current
	// status and type and version identifiers.
	//
	// When you initiate a registration request using RegisterType, you can then use DescribeTypeRegistration to monitor
	// the progress of that registration request.
	//
	// Once the registration request has completed, use DescribeType to return detailed
	// information about an extension.
	DescribeTypeRegistration(ctx context.Context, params *DescribeTypeRegistrationInput, optFns ...func(*Options)) (*DescribeTypeRegistrationOutput, error)
	// Detects whether a stack's actual configuration differs, or has drifted, from
	// its expected configuration, as defined in the stack template and any values
	// specified as template parameters. For each resource in the stack that supports
	// drift detection, CloudFormation compares the actual configuration of the
	// resource with its expected template configuration. Only resource properties
	// explicitly defined in the stack template are checked for drift. A stack is
	// considered to have drifted if one or more of its resources differ from their
	// expected template configurations. For more information, see [Detect unmanaged configuration changes to stacks and resources with drift detection].
	//
	// Use DetectStackDrift to detect drift on all supported resources for a given
	// stack, or DetectStackResourceDriftto detect drift on individual resources.
	//
	// For a list of stack resources that currently support drift detection, see [Resource type support for imports and drift detection].
	//
	// DetectStackDrift can take up to several minutes, depending on the number of
	// resources contained within the stack. Use DescribeStackDriftDetectionStatusto monitor the progress of a detect
	// stack drift operation. Once the drift detection operation has completed, use DescribeStackResourceDriftsto
	// return drift information about the stack and its resources.
	//
	// When detecting drift on a stack, CloudFormation doesn't detect drift on any
	// nested stacks belonging to that stack. Perform DetectStackDrift directly on the
	// nested stack itself.
	//
	// [Resource type support for imports and drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
	// [Detect unmanaged configuration changes to stacks and resources with drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
	DetectStackDrift(ctx context.Context, params *DetectStackDriftInput, optFns ...func(*Options)) (*DetectStackDriftOutput, error)
	// Returns information about whether a resource's actual configuration differs, or
	// has drifted, from its expected configuration, as defined in the stack template
	// and any values specified as template parameters. This information includes
	// actual and expected property values for resources in which CloudFormation
	// detects drift. Only resource properties explicitly defined in the stack template
	// are checked for drift. For more information about stack and resource drift, see [Detect unmanaged configuration changes to stacks and resources with drift detection]
	// .
	//
	// Use DetectStackResourceDrift to detect drift on individual resources, or DetectStackDrift to
	// detect drift on all resources in a given stack that support drift detection.
	//
	// Resources that don't currently support drift detection can't be checked. For a
	// list of resources that support drift detection, see [Resource type support for imports and drift detection].
	//
	// [Resource type support for imports and drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
	// [Detect unmanaged configuration changes to stacks and resources with drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
	DetectStackResourceDrift(ctx context.Context, params *DetectStackResourceDriftInput, optFns ...func(*Options)) (*DetectStackResourceDriftOutput, error)
	// Detect drift on a stack set. When CloudFormation performs drift detection on a
	// stack set, it performs drift detection on the stack associated with each stack
	// instance in the stack set. For more information, see [How CloudFormation performs drift detection on a stack set].
	//
	// DetectStackSetDrift returns the OperationId of the stack set drift detection
	// operation. Use this operation id with DescribeStackSetOperationto monitor the progress of the drift
	// detection operation. The drift detection operation may take some time, depending
	// on the number of stack instances included in the stack set, in addition to the
	// number of resources included in each stack.
	//
	// Once the operation has completed, use the following actions to return drift
	// information:
	//
	//   - Use DescribeStackSetto return detailed information about the stack set, including detailed
	//     information about the last completed drift operation performed on the stack set.
	//     (Information about drift operations that are in progress isn't included.)
	//
	//   - Use ListStackInstancesto return a list of stack instances belonging to the stack set,
	//     including the drift status and last drift time checked of each instance.
	//
	//   - Use DescribeStackInstanceto return detailed information about a specific stack instance,
	//     including its drift status and last drift time checked.
	//
	// For more information about performing a drift detection operation on a stack
	// set, see [Detecting unmanaged changes in stack sets].
	//
	// You can only run a single drift detection operation on a given stack set at one
	// time.
	//
	// To stop a drift detection stack set operation, use StopStackSetOperation.
	//
	// [Detecting unmanaged changes in stack sets]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html
	// [How CloudFormation performs drift detection on a stack set]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html
	DetectStackSetDrift(ctx context.Context, params *DetectStackSetDriftInput, optFns ...func(*Options)) (*DetectStackSetDriftOutput, error)
	// Returns the estimated monthly cost of a template. The return value is an Amazon
	// Web Services Simple Monthly Calculator URL with a query string that describes
	// the resources required to run the template.
	EstimateTemplateCost(ctx context.Context, params *EstimateTemplateCostInput, optFns ...func(*Options)) (*EstimateTemplateCostOutput, error)
	// Updates a stack using the input information that was provided when the
	// specified change set was created. After the call successfully completes,
	// CloudFormation starts updating the stack. Use the DescribeStacksaction to view the status of
	// the update.
	//
	// When you execute a change set, CloudFormation deletes all other change sets
	// associated with the stack because they aren't valid for the updated stack.
	//
	// If a stack policy is associated with the stack, CloudFormation enforces the
	// policy during the update. You can't specify a temporary stack policy that
	// overrides the current policy.
	//
	// To create a change set for the entire stack hierarchy, IncludeNestedStacks must
	// have been set to True .
	ExecuteChangeSet(ctx context.Context, params *ExecuteChangeSetInput, optFns ...func(*Options)) (*ExecuteChangeSetOutput, error)
	// Retrieves a generated template. If the template is in an InProgress or Pending
	// status then the template returned will be the template when the template was
	// last in a Complete status. If the template has not yet been in a Complete
	// status then an empty template will be returned.
	GetGeneratedTemplate(ctx context.Context, params *GetGeneratedTemplateInput, optFns ...func(*Options)) (*GetGeneratedTemplateOutput, error)
	// Returns the stack policy for a specified stack. If a stack doesn't have a
	// policy, a null value is returned.
	GetStackPolicy(ctx context.Context, params *GetStackPolicyInput, optFns ...func(*Options)) (*GetStackPolicyOutput, error)
	// Returns the template body for a specified stack. You can get the template for
	// running or deleted stacks.
	//
	// For deleted stacks, GetTemplate returns the template for up to 90 days after
	// the stack has been deleted.
	//
	// If the template doesn't exist, a ValidationError is returned.
	GetTemplate(ctx context.Context, params *GetTemplateInput, optFns ...func(*Options)) (*GetTemplateOutput, error)
	// Returns information about a new or existing template. The GetTemplateSummary
	// action is useful for viewing parameter information, such as default parameter
	// values and parameter types, before you create or update a stack or stack set.
	//
	// You can use the GetTemplateSummary action when you submit a template, or you
	// can get template information for a stack set, or a running or deleted stack.
	//
	// For deleted stacks, GetTemplateSummary returns the template information for up
	// to 90 days after the stack has been deleted. If the template doesn't exist, a
	// ValidationError is returned.
	GetTemplateSummary(ctx context.Context, params *GetTemplateSummaryInput, optFns ...func(*Options)) (*GetTemplateSummaryOutput, error)
	// Import existing stacks into a new stack sets. Use the stack import operation to
	// import up to 10 stacks into a new stack set in the same account as the source
	// stack or in a different administrator account and Region, by specifying the
	// stack ID of the stack you intend to import.
	ImportStacksToStackSet(ctx context.Context, params *ImportStacksToStackSetInput, optFns ...func(*Options)) (*ImportStacksToStackSetOutput, error)
	// Returns the ID and status of each active change set for a stack. For example,
	// CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or
	// CREATE_PENDING state.
	ListChangeSets(ctx context.Context, params *ListChangeSetsInput, optFns ...func(*Options)) (*ListChangeSetsOutput, error)
	// Lists all exported output values in the account and Region in which you call
	// this action. Use this action to see the exported output values that you can
	// import into other stacks. To import values, use the [Fn::ImportValue]function.
	//
	// For more information, see [Get exported outputs from a deployed CloudFormation stack].
	//
	// [Get exported outputs from a deployed CloudFormation stack]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html
	// [Fn::ImportValue]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html
	ListExports(ctx context.Context, params *ListExportsInput, optFns ...func(*Options)) (*ListExportsOutput, error)
	// Lists your generated templates in this Region.
	ListGeneratedTemplates(ctx context.Context, params *ListGeneratedTemplatesInput, optFns ...func(*Options)) (*ListGeneratedTemplatesOutput, error)
	// Returns summaries of invoked Hooks when a change set or Cloud Control API
	// operation target is provided.
	ListHookResults(ctx context.Context, params *ListHookResultsInput, optFns ...func(*Options)) (*ListHookResultsOutput, error)
	// Lists all stacks that are importing an exported output value. To modify or
	// remove an exported output value, first use this action to see which stacks are
	// using it. To see the exported output values in your account, see ListExports.
	//
	// For more information about importing an exported output value, see the [Fn::ImportValue]
	// function.
	//
	// [Fn::ImportValue]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html
	ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error)
	// Lists the related resources for a list of resources from a resource scan. The
	// response indicates whether each returned resource is already managed by
	// CloudFormation.
	ListResourceScanRelatedResources(ctx context.Context, params *ListResourceScanRelatedResourcesInput, optFns ...func(*Options)) (*ListResourceScanRelatedResourcesOutput, error)
	// Lists the resources from a resource scan. The results can be filtered by
	// resource identifier, resource type prefix, tag key, and tag value. Only
	// resources that match all specified filters are returned. The response indicates
	// whether each returned resource is already managed by CloudFormation.
	ListResourceScanResources(ctx context.Context, params *ListResourceScanResourcesInput, optFns ...func(*Options)) (*ListResourceScanResourcesOutput, error)
	// List the resource scans from newest to oldest. By default it will return up to
	// 10 resource scans.
	ListResourceScans(ctx context.Context, params *ListResourceScansInput, optFns ...func(*Options)) (*ListResourceScansOutput, error)
	// Returns drift information for resources in a stack instance.
	//
	// ListStackInstanceResourceDrifts returns drift information for the most recent
	// drift detection operation. If an operation is in progress, it may only return
	// partial results.
	ListStackInstanceResourceDrifts(ctx context.Context, params *ListStackInstanceResourceDriftsInput, optFns ...func(*Options)) (*ListStackInstanceResourceDriftsOutput, error)
	// Returns summary information about stack instances that are associated with the
	// specified stack set. You can filter for stack instances that are associated with
	// a specific Amazon Web Services account name or Region, or that have a specific
	// status.
	ListStackInstances(ctx context.Context, params *ListStackInstancesInput, optFns ...func(*Options)) (*ListStackInstancesOutput, error)
	// Returns descriptions of all resources of the specified stack.
	//
	// For deleted stacks, ListStackResources returns resource information for up to
	// 90 days after the stack has been deleted.
	ListStackResources(ctx context.Context, params *ListStackResourcesInput, optFns ...func(*Options)) (*ListStackResourcesOutput, error)
	// Returns summary information about deployment targets for a stack set.
	ListStackSetAutoDeploymentTargets(ctx context.Context, params *ListStackSetAutoDeploymentTargetsInput, optFns ...func(*Options)) (*ListStackSetAutoDeploymentTargetsOutput, error)
	// Returns summary information about the results of a stack set operation.
	ListStackSetOperationResults(ctx context.Context, params *ListStackSetOperationResultsInput, optFns ...func(*Options)) (*ListStackSetOperationResultsOutput, error)
	// Returns summary information about operations performed on a stack set.
	ListStackSetOperations(ctx context.Context, params *ListStackSetOperationsInput, optFns ...func(*Options)) (*ListStackSetOperationsOutput, error)
	// Returns summary information about stack sets that are associated with the user.
	//
	//   - [Self-managed permissions] If you set the CallAs parameter to SELF while
	//     signed in to your Amazon Web Services account, ListStackSets returns all
	//     self-managed stack sets in your Amazon Web Services account.
	//
	//   - [Service-managed permissions] If you set the CallAs parameter to SELF while
	//     signed in to the organization's management account, ListStackSets returns all
	//     stack sets in the management account.
	//
	//   - [Service-managed permissions] If you set the CallAs parameter to
	//     DELEGATED_ADMIN while signed in to your member account, ListStackSets returns
	//     all stack sets with service-managed permissions in the management account.
	ListStackSets(ctx context.Context, params *ListStackSetsInput, optFns ...func(*Options)) (*ListStackSetsOutput, error)
	// Returns the summary information for stacks whose status matches the specified
	// StackStatusFilter. Summary information for stacks that have been deleted is kept
	// for 90 days after the stack is deleted. If no StackStatusFilter is specified,
	// summary information for all stacks is returned (including existing stacks and
	// stacks that have been deleted).
	ListStacks(ctx context.Context, params *ListStacksInput, optFns ...func(*Options)) (*ListStacksOutput, error)
	// Returns a list of registration tokens for the specified extension(s).
	ListTypeRegistrations(ctx context.Context, params *ListTypeRegistrationsInput, optFns ...func(*Options)) (*ListTypeRegistrationsOutput, error)
	// Returns summary information about the versions of an extension.
	ListTypeVersions(ctx context.Context, params *ListTypeVersionsInput, optFns ...func(*Options)) (*ListTypeVersionsOutput, error)
	// Returns summary information about extension that have been registered with
	// CloudFormation.
	ListTypes(ctx context.Context, params *ListTypesInput, optFns ...func(*Options)) (*ListTypesOutput, error)
	// Publishes the specified extension to the CloudFormation registry as a public
	// extension in this Region. Public extensions are available for use by all
	// CloudFormation users. For more information about publishing extensions, see [Publishing extensions to make them available for public use]in
	// the CloudFormation Command Line Interface (CLI) User Guide.
	//
	// To publish an extension, you must be registered as a publisher with
	// CloudFormation. For more information, see [RegisterPublisher].
	//
	// [Publishing extensions to make them available for public use]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html
	// [RegisterPublisher]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html
	PublishType(ctx context.Context, params *PublishTypeInput, optFns ...func(*Options)) (*PublishTypeOutput, error)
	// Reports progress of a resource handler to CloudFormation.
	//
	// Reserved for use by the [CloudFormation CLI]. Don't use this API in your code.
	//
	// [CloudFormation CLI]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html
	RecordHandlerProgress(ctx context.Context, params *RecordHandlerProgressInput, optFns ...func(*Options)) (*RecordHandlerProgressOutput, error)
	// Registers your account as a publisher of public extensions in the
	// CloudFormation registry. Public extensions are available for use by all
	// CloudFormation users. This publisher ID applies to your account in all Amazon
	// Web Services Regions.
	//
	// For information about requirements for registering as a public extension
	// publisher, see [Prerequisite: Registering your account to publish CloudFormation extensions]in the CloudFormation Command Line Interface (CLI) User Guide.
	//
	// [Prerequisite: Registering your account to publish CloudFormation extensions]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs
	RegisterPublisher(ctx context.Context, params *RegisterPublisherInput, optFns ...func(*Options)) (*RegisterPublisherOutput, error)
	// Registers an extension with the CloudFormation service. Registering an
	// extension makes it available for use in CloudFormation templates in your Amazon
	// Web Services account, and includes:
	//
	//   - Validating the extension schema.
	//
	//   - Determining which handlers, if any, have been specified for the extension.
	//
	//   - Making the extension available for use in your account.
	//
	// For more information about how to develop extensions and ready them for
	// registration, see [Creating resource types using the CloudFormation CLI]in the CloudFormation Command Line Interface (CLI) User Guide.
	//
	// You can have a maximum of 50 resource extension versions registered at a time.
	// This maximum is per account and per Region. Use [DeregisterType]to deregister specific
	// extension versions if necessary.
	//
	// Once you have initiated a registration request using RegisterType, you can use DescribeTypeRegistration to monitor
	// the progress of the registration request.
	//
	// Once you have registered a private extension in your account and Region, use [SetTypeConfiguration]
	// to specify configuration properties for the extension. For more information, see
	// [Edit configuration data for extensions in your account]in the CloudFormation User Guide.
	//
	// [SetTypeConfiguration]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html
	// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
	// [Creating resource types using the CloudFormation CLI]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html
	// [DeregisterType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeregisterType.html
	RegisterType(ctx context.Context, params *RegisterTypeInput, optFns ...func(*Options)) (*RegisterTypeOutput, error)
	// When specifying RollbackStack , you preserve the state of previously provisioned
	// resources when an operation fails. You can check the status of the stack through
	// the DescribeStacksoperation.
	//
	// Rolls back the specified stack to the last known stable state from CREATE_FAILED
	// or UPDATE_FAILED stack statuses.
	//
	// This operation will delete a stack if it doesn't contain a last known stable
	// state. A last known stable state includes any status in a *_COMPLETE . This
	// includes the following stack statuses.
	//
	//   - CREATE_COMPLETE
	//
	//   - UPDATE_COMPLETE
	//
	//   - UPDATE_ROLLBACK_COMPLETE
	//
	//   - IMPORT_COMPLETE
	//
	//   - IMPORT_ROLLBACK_COMPLETE
	RollbackStack(ctx context.Context, params *RollbackStackInput, optFns ...func(*Options)) (*RollbackStackOutput, error)
	// Sets a stack policy for a specified stack.
	SetStackPolicy(ctx context.Context, params *SetStackPolicyInput, optFns ...func(*Options)) (*SetStackPolicyOutput, error)
	// Specifies the configuration data for a registered CloudFormation extension, in
	// the given account and Region.
	//
	// To view the current configuration data for an extension, refer to the
	// ConfigurationSchema element of [DescribeType]. For more information, see [Edit configuration data for extensions in your account] in the
	// CloudFormation User Guide.
	//
	// It's strongly recommended that you use dynamic references to restrict sensitive
	// configuration definitions, such as third-party credentials. For more details on
	// dynamic references, see [Specify values stored in other services using dynamic references]in the CloudFormation User Guide.
	//
	// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
	// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
	// [Specify values stored in other services using dynamic references]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
	SetTypeConfiguration(ctx context.Context, params *SetTypeConfigurationInput, optFns ...func(*Options)) (*SetTypeConfigurationOutput, error)
	// Specify the default version of an extension. The default version of an
	// extension will be used in CloudFormation operations.
	SetTypeDefaultVersion(ctx context.Context, params *SetTypeDefaultVersionInput, optFns ...func(*Options)) (*SetTypeDefaultVersionOutput, error)
	// Sends a signal to the specified resource with a success or failure status. You
	// can use the SignalResource operation in conjunction with a creation policy or
	// update policy. CloudFormation doesn't proceed with a stack creation or update
	// until resources receive the required number of signals or the timeout period is
	// exceeded. The SignalResource operation is useful in cases where you want to
	// send signals from anywhere other than an Amazon EC2 instance.
	SignalResource(ctx context.Context, params *SignalResourceInput, optFns ...func(*Options)) (*SignalResourceOutput, error)
	// Starts a scan of the resources in this account in this Region. You can the
	// status of a scan using the ListResourceScans API action.
	StartResourceScan(ctx context.Context, params *StartResourceScanInput, optFns ...func(*Options)) (*StartResourceScanOutput, error)
	// Stops an in-progress operation on a stack set and its associated stack
	// instances. StackSets will cancel all the unstarted stack instance deployments
	// and wait for those are in-progress to complete.
	StopStackSetOperation(ctx context.Context, params *StopStackSetOperationInput, optFns ...func(*Options)) (*StopStackSetOperationOutput, error)
	// Tests a registered extension to make sure it meets all necessary requirements
	// for being published in the CloudFormation registry.
	//
	//   - For resource types, this includes passing all contracts tests defined for
	//     the type.
	//
	//   - For modules, this includes determining if the module's model meets all
	//     necessary requirements.
	//
	// For more information, see [Testing your public extension before publishing] in the CloudFormation Command Line Interface (CLI)
	// User Guide.
	//
	// If you don't specify a version, CloudFormation uses the default version of the
	// extension in your account and Region for testing.
	//
	// To perform testing, CloudFormation assumes the execution role specified when
	// the type was registered. For more information, see [RegisterType].
	//
	// Once you've initiated testing on an extension using TestType , you can pass the
	// returned TypeVersionArn into [DescribeType] to monitor the current test status and test
	// status description for the extension.
	//
	// An extension must have a test status of PASSED before it can be published. For
	// more information, see [Publishing extensions to make them available for public use]in the CloudFormation Command Line Interface (CLI) User
	// Guide.
	//
	// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
	// [Testing your public extension before publishing]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing
	// [RegisterType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html
	// [Publishing extensions to make them available for public use]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html
	TestType(ctx context.Context, params *TestTypeInput, optFns ...func(*Options)) (*TestTypeOutput, error)
	// Updates a generated template. This can be used to change the name, add and
	// remove resources, refresh resources, and change the DeletionPolicy and
	// UpdateReplacePolicy settings. You can check the status of the update to the
	// generated template using the DescribeGeneratedTemplate API action.
	UpdateGeneratedTemplate(ctx context.Context, params *UpdateGeneratedTemplateInput, optFns ...func(*Options)) (*UpdateGeneratedTemplateOutput, error)
	// Updates a stack as specified in the template. After the call completes
	// successfully, the stack update starts. You can check the status of the stack
	// through the DescribeStacksaction.
	//
	// To get a copy of the template for an existing stack, you can use the GetTemplate action.
	//
	// For more information about updating a stack and monitoring the progress of the
	// update, see [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]in the CloudFormation User Guide.
	//
	// [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html
	UpdateStack(ctx context.Context, params *UpdateStackInput, optFns ...func(*Options)) (*UpdateStackOutput, error)
	// Updates the parameter values for stack instances for the specified accounts,
	// within the specified Amazon Web Services Regions. A stack instance refers to a
	// stack in a specific account and Region.
	//
	// You can only update stack instances in Amazon Web Services Regions and accounts
	// where they already exist; to create additional stack instances, use [CreateStackInstances].
	//
	// During stack set updates, any parameters overridden for a stack instance aren't
	// updated, but retain their overridden value.
	//
	// You can only update the parameter values that are specified in the stack set;
	// to add or delete a parameter itself, use [UpdateStackSet]to update the stack set template. If
	// you add a parameter to a template, before you can override the parameter value
	// specified in the stack set you must first use [UpdateStackSet]to update all stack instances
	// with the updated template and parameter value specified in the stack set. Once a
	// stack instance has been updated with the new parameter, you can then override
	// the parameter value using UpdateStackInstances .
	//
	// [CreateStackInstances]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStackInstances.html
	// [UpdateStackSet]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html
	UpdateStackInstances(ctx context.Context, params *UpdateStackInstancesInput, optFns ...func(*Options)) (*UpdateStackInstancesOutput, error)
	// Updates the stack set, and associated stack instances in the specified accounts
	// and Amazon Web Services Regions.
	//
	// Even if the stack set operation created by updating the stack set fails
	// (completely or partially, below or above a specified failure tolerance), the
	// stack set is updated with your changes. Subsequent CreateStackInstancescalls on the specified stack
	// set use the updated stack set.
	UpdateStackSet(ctx context.Context, params *UpdateStackSetInput, optFns ...func(*Options)) (*UpdateStackSetOutput, error)
	// Updates termination protection for the specified stack. If a user attempts to
	// delete a stack with termination protection enabled, the operation fails and the
	// stack remains unchanged. For more information, see [Protect a CloudFormation stack from being deleted]in the CloudFormation User
	// Guide.
	//
	// For [nested stacks], termination protection is set on the root stack and can't be changed
	// directly on the nested stack.
	//
	// [nested stacks]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html
	// [Protect a CloudFormation stack from being deleted]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
	UpdateTerminationProtection(ctx context.Context, params *UpdateTerminationProtectionInput, optFns ...func(*Options)) (*UpdateTerminationProtectionOutput, error)
	// Validates a specified template. CloudFormation first checks if the template is
	// valid JSON. If it isn't, CloudFormation checks if the template is valid YAML. If
	// both these checks fail, CloudFormation returns a template validation error.
	ValidateTemplate(ctx context.Context, params *ValidateTemplateInput, optFns ...func(*Options)) (*ValidateTemplateOutput, error)
}

CloudFormation provides an interface to the AWS CloudFormation service.

type CloudTrail added in v0.92.0

type CloudTrail interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() cloudtrail.Options
	// Adds one or more tags to a trail, event data store, dashboard, or channel, up
	// to a limit of 50. Overwrites an existing tag's value when a new value is
	// specified for an existing tag key. Tag key names must be unique; you cannot have
	// two keys with the same name but different values. If you specify a key without a
	// value, the tag will be created with the specified key and a value of null. You
	// can tag a trail or event data store that applies to all Amazon Web Services
	// Regions only from the Region in which the trail or event data store was created
	// (also known as its home Region).
	AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
	// Cancels a query if the query is not in a terminated state, such as CANCELLED ,
	// FAILED , TIMED_OUT , or FINISHED . You must specify an ARN value for
	// EventDataStore . The ID of the query that you want to cancel is also required.
	// When you run CancelQuery , the query status might show as CANCELLED even if the
	// operation is not yet finished.
	CancelQuery(ctx context.Context, params *CancelQueryInput, optFns ...func(*Options)) (*CancelQueryOutput, error)
	// Creates a channel for CloudTrail to ingest events from a partner or external
	// source. After you create a channel, a CloudTrail Lake event data store can log
	// events from the partner or source that you specify.
	CreateChannel(ctx context.Context, params *CreateChannelInput, optFns ...func(*Options)) (*CreateChannelOutput, error)
	//	Creates a custom dashboard or the Highlights dashboard.
	//
	//	 - Custom dashboards - Custom dashboards allow you to query events in any
	//	 event data store type. You can add up to 10 widgets to a custom dashboard. You
	//	 can manually refresh a custom dashboard, or you can set a refresh schedule.
	//
	//	 - Highlights dashboard - You can create the Highlights dashboard to see a
	//	 summary of key user activities and API usage across all your event data stores.
	//	 CloudTrail Lake manages the Highlights dashboard and refreshes the dashboard
	//	 every 6 hours. To create the Highlights dashboard, you must set and enable a
	//	 refresh schedule.
	//
	// CloudTrail runs queries to populate the dashboard's widgets during a manual or
	// scheduled refresh. CloudTrail must be granted permissions to run the StartQuery
	// operation on your behalf. To provide permissions, run the PutResourcePolicy
	// operation to attach a resource-based policy to each event data store. For more
	// information, see [Example: Allow CloudTrail to run queries to populate a dashboard]in the CloudTrail User Guide.
	//
	// To set a refresh schedule, CloudTrail must be granted permissions to run the
	// StartDashboardRefresh operation to refresh the dashboard on your behalf. To
	// provide permissions, run the PutResourcePolicy operation to attach a
	// resource-based policy to the dashboard. For more information, see [Resource-based policy example for a dashboard]in the
	// CloudTrail User Guide.
	//
	// For more information about dashboards, see [CloudTrail Lake dashboards] in the CloudTrail User Guide.
	//
	// [CloudTrail Lake dashboards]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-dashboard.html
	// [Example: Allow CloudTrail to run queries to populate a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard
	// [Resource-based policy example for a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-dashboards
	CreateDashboard(ctx context.Context, params *CreateDashboardInput, optFns ...func(*Options)) (*CreateDashboardOutput, error)
	// Creates a new event data store.
	CreateEventDataStore(ctx context.Context, params *CreateEventDataStoreInput, optFns ...func(*Options)) (*CreateEventDataStoreOutput, error)
	// Creates a trail that specifies the settings for delivery of log data to an
	// Amazon S3 bucket.
	CreateTrail(ctx context.Context, params *CreateTrailInput, optFns ...func(*Options)) (*CreateTrailOutput, error)
	// Deletes a channel.
	DeleteChannel(ctx context.Context, params *DeleteChannelInput, optFns ...func(*Options)) (*DeleteChannelOutput, error)
	//	Deletes the specified dashboard. You cannot delete a dashboard that has
	//
	// termination protection enabled.
	DeleteDashboard(ctx context.Context, params *DeleteDashboardInput, optFns ...func(*Options)) (*DeleteDashboardOutput, error)
	// Disables the event data store specified by EventDataStore , which accepts an
	// event data store ARN. After you run DeleteEventDataStore , the event data store
	// enters a PENDING_DELETION state, and is automatically deleted after a wait
	// period of seven days. TerminationProtectionEnabled must be set to False on the
	// event data store and the FederationStatus must be DISABLED . You cannot delete
	// an event data store if TerminationProtectionEnabled is True or the
	// FederationStatus is ENABLED .
	//
	// After you run DeleteEventDataStore on an event data store, you cannot run
	// ListQueries , DescribeQuery , or GetQueryResults on queries that are using an
	// event data store in a PENDING_DELETION state. An event data store in the
	// PENDING_DELETION state does not incur costs.
	DeleteEventDataStore(ctx context.Context, params *DeleteEventDataStoreInput, optFns ...func(*Options)) (*DeleteEventDataStoreOutput, error)
	//	Deletes the resource-based policy attached to the CloudTrail event data store,
	//
	// dashboard, or channel.
	DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
	// Deletes a trail. This operation must be called from the Region in which the
	// trail was created. DeleteTrail cannot be called on the shadow trails
	// (replicated trails in other Regions) of a trail that is enabled in all Regions.
	DeleteTrail(ctx context.Context, params *DeleteTrailInput, optFns ...func(*Options)) (*DeleteTrailOutput, error)
	// Removes CloudTrail delegated administrator permissions from a member account in
	// an organization.
	DeregisterOrganizationDelegatedAdmin(ctx context.Context, params *DeregisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*DeregisterOrganizationDelegatedAdminOutput, error)
	// Returns metadata about a query, including query run time in milliseconds,
	// number of events scanned and matched, and query status. If the query results
	// were delivered to an S3 bucket, the response also provides the S3 URI and the
	// delivery status.
	//
	// You must specify either QueryId or QueryAlias . Specifying the QueryAlias
	// parameter returns information about the last query run for the alias. You can
	// provide RefreshId along with QueryAlias to view the query results of a
	// dashboard query for the specified RefreshId .
	DescribeQuery(ctx context.Context, params *DescribeQueryInput, optFns ...func(*Options)) (*DescribeQueryOutput, error)
	// Retrieves settings for one or more trails associated with the current Region
	// for your account.
	DescribeTrails(ctx context.Context, params *DescribeTrailsInput, optFns ...func(*Options)) (*DescribeTrailsOutput, error)
	//	Disables Lake query federation on the specified event data store. When you
	//
	// disable federation, CloudTrail disables the integration with Glue, Lake
	// Formation, and Amazon Athena. After disabling Lake query federation, you can no
	// longer query your event data in Amazon Athena.
	//
	// No CloudTrail Lake data is deleted when you disable federation and you can
	// continue to run queries in CloudTrail Lake.
	DisableFederation(ctx context.Context, params *DisableFederationInput, optFns ...func(*Options)) (*DisableFederationOutput, error)
	//	Enables Lake query federation on the specified event data store. Federating an
	//
	// event data store lets you view the metadata associated with the event data store
	// in the Glue [Data Catalog]and run SQL queries against your event data using Amazon Athena.
	// The table metadata stored in the Glue Data Catalog lets the Athena query engine
	// know how to find, read, and process the data that you want to query.
	//
	// When you enable Lake query federation, CloudTrail creates a managed database
	// named aws:cloudtrail (if the database doesn't already exist) and a managed
	// federated table in the Glue Data Catalog. The event data store ID is used for
	// the table name. CloudTrail registers the role ARN and event data store in [Lake Formation], the
	// service responsible for allowing fine-grained access control of the federated
	// resources in the Glue Data Catalog.
	//
	// For more information about Lake query federation, see [Federate an event data store].
	//
	// [Federate an event data store]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html
	// [Lake Formation]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation-lake-formation.html
	// [Data Catalog]: https://docs.aws.amazon.com/glue/latest/dg/components-overview.html#data-catalog-intro
	EnableFederation(ctx context.Context, params *EnableFederationInput, optFns ...func(*Options)) (*EnableFederationOutput, error)
	//	Generates a query from a natural language prompt. This operation uses
	//
	// generative artificial intelligence (generative AI) to produce a ready-to-use SQL
	// query from the prompt.
	//
	// The prompt can be a question or a statement about the event data in your event
	// data store. For example, you can enter prompts like "What are my top errors in
	// the past month?" and “Give me a list of users that used SNS.”
	//
	// The prompt must be in English. For information about limitations, permissions,
	// and supported Regions, see [Create CloudTrail Lake queries from natural language prompts]in the CloudTrail user guide.
	//
	// Do not include any personally identifying, confidential, or sensitive
	// information in your prompts.
	//
	// This feature uses generative AI large language models (LLMs); we recommend
	// double-checking the LLM response.
	//
	// [Create CloudTrail Lake queries from natural language prompts]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-query-generator.html
	GenerateQuery(ctx context.Context, params *GenerateQueryInput, optFns ...func(*Options)) (*GenerateQueryOutput, error)
	// Returns information about a specific channel.
	GetChannel(ctx context.Context, params *GetChannelInput, optFns ...func(*Options)) (*GetChannelOutput, error)
	// Returns the specified dashboard.
	GetDashboard(ctx context.Context, params *GetDashboardInput, optFns ...func(*Options)) (*GetDashboardOutput, error)
	// Returns information about an event data store specified as either an ARN or the
	// ID portion of the ARN.
	GetEventDataStore(ctx context.Context, params *GetEventDataStoreInput, optFns ...func(*Options)) (*GetEventDataStoreOutput, error)
	// Describes the settings for the event selectors that you configured for your
	// trail. The information returned for your event selectors includes the following:
	//
	//   - If your event selector includes read-only events, write-only events, or all
	//     events. This applies to management events, data events, and network activity
	//     events.
	//
	//   - If your event selector includes management events.
	//
	//   - If your event selector includes network activity events, the event sources
	//     for which you are logging network activity events.
	//
	//   - If your event selector includes data events, the resources on which you are
	//     logging data events.
	//
	// For more information about logging management, data, and network activity
	// events, see the following topics in the CloudTrail User Guide:
	//
	// [Logging management events]
	//
	// [Logging data events]
	//
	// [Logging network activity events]
	//
	// [Logging network activity events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
	// [Logging management events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
	// [Logging data events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
	GetEventSelectors(ctx context.Context, params *GetEventSelectorsInput, optFns ...func(*Options)) (*GetEventSelectorsOutput, error)
	// Returns information about a specific import.
	GetImport(ctx context.Context, params *GetImportInput, optFns ...func(*Options)) (*GetImportOutput, error)
	// Describes the settings for the Insights event selectors that you configured for
	// your trail or event data store. GetInsightSelectors shows if CloudTrail
	// Insights event logging is enabled on the trail or event data store, and if it
	// is, which Insights types are enabled. If you run GetInsightSelectors on a trail
	// or event data store that does not have Insights events enabled, the operation
	// throws the exception InsightNotEnabledException
	//
	// Specify either the EventDataStore parameter to get Insights event selectors for
	// an event data store, or the TrailName parameter to the get Insights event
	// selectors for a trail. You cannot specify these parameters together.
	//
	// For more information, see [Logging CloudTrail Insights events] in the CloudTrail User Guide.
	//
	// [Logging CloudTrail Insights events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
	GetInsightSelectors(ctx context.Context, params *GetInsightSelectorsInput, optFns ...func(*Options)) (*GetInsightSelectorsOutput, error)
	// Gets event data results of a query. You must specify the QueryID value returned
	// by the StartQuery operation.
	GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error)
	//	Retrieves the JSON text of the resource-based policy document attached to the
	//
	// CloudTrail event data store, dashboard, or channel.
	GetResourcePolicy(ctx context.Context, params *GetResourcePolicyInput, optFns ...func(*Options)) (*GetResourcePolicyOutput, error)
	// Returns settings information for a specified trail.
	GetTrail(ctx context.Context, params *GetTrailInput, optFns ...func(*Options)) (*GetTrailOutput, error)
	// Returns a JSON-formatted list of information about the specified trail. Fields
	// include information on delivery errors, Amazon SNS and Amazon S3 errors, and
	// start and stop logging times for each trail. This operation returns trail status
	// from a single Region. To return trail status from all Regions, you must call the
	// operation on each Region.
	GetTrailStatus(ctx context.Context, params *GetTrailStatusInput, optFns ...func(*Options)) (*GetTrailStatusOutput, error)
	// Lists the channels in the current account, and their source names.
	ListChannels(ctx context.Context, params *ListChannelsInput, optFns ...func(*Options)) (*ListChannelsOutput, error)
	//	Returns information about all dashboards in the account, in the current
	//
	// Region.
	ListDashboards(ctx context.Context, params *ListDashboardsInput, optFns ...func(*Options)) (*ListDashboardsOutput, error)
	// Returns information about all event data stores in the account, in the current
	// Region.
	ListEventDataStores(ctx context.Context, params *ListEventDataStoresInput, optFns ...func(*Options)) (*ListEventDataStoresOutput, error)
	// Returns a list of failures for the specified import.
	ListImportFailures(ctx context.Context, params *ListImportFailuresInput, optFns ...func(*Options)) (*ListImportFailuresOutput, error)
	//	Returns information on all imports, or a select set of imports by ImportStatus
	//
	// or Destination .
	ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error)
	// Returns Insights metrics data for trails that have enabled Insights. The
	// request must include the EventSource , EventName , and InsightType parameters.
	//
	// If the InsightType is set to ApiErrorRateInsight , the request must also include
	// the ErrorCode parameter.
	//
	// The following are the available time periods for ListInsightsMetricData . Each
	// cutoff is inclusive.
	//
	//   - Data points with a period of 60 seconds (1-minute) are available for 15
	//     days.
	//
	//   - Data points with a period of 300 seconds (5-minute) are available for 63
	//     days.
	//
	//   - Data points with a period of 3600 seconds (1 hour) are available for 90
	//     days.
	//
	// Access to the ListInsightsMetricData API operation is linked to the
	// cloudtrail:LookupEvents action. To use this operation, you must have permissions
	// to perform the cloudtrail:LookupEvents action.
	ListInsightsMetricData(ctx context.Context, params *ListInsightsMetricDataInput, optFns ...func(*Options)) (*ListInsightsMetricDataOutput, error)
	// Returns all public keys whose private keys were used to sign the digest files
	// within the specified time range. The public key is needed to validate digest
	// files that were signed with its corresponding private key.
	//
	// CloudTrail uses different private and public key pairs per Region. Each digest
	// file is signed with a private key unique to its Region. When you validate a
	// digest file from a specific Region, you must look in the same Region for its
	// corresponding public key.
	ListPublicKeys(ctx context.Context, params *ListPublicKeysInput, optFns ...func(*Options)) (*ListPublicKeysOutput, error)
	// Returns a list of queries and query statuses for the past seven days. You must
	// specify an ARN value for EventDataStore . Optionally, to shorten the list of
	// results, you can specify a time range, formatted as timestamps, by adding
	// StartTime and EndTime parameters, and a QueryStatus value. Valid values for
	// QueryStatus include QUEUED , RUNNING , FINISHED , FAILED , TIMED_OUT , or
	// CANCELLED .
	ListQueries(ctx context.Context, params *ListQueriesInput, optFns ...func(*Options)) (*ListQueriesOutput, error)
	// Lists the tags for the specified trails, event data stores, dashboards, or
	// channels in the current Region.
	ListTags(ctx context.Context, params *ListTagsInput, optFns ...func(*Options)) (*ListTagsOutput, error)
	// Lists trails that are in the current account.
	ListTrails(ctx context.Context, params *ListTrailsInput, optFns ...func(*Options)) (*ListTrailsOutput, error)
	// Looks up [management events] or [CloudTrail Insights events] that are captured by CloudTrail. You can look up events that
	// occurred in a Region within the last 90 days.
	//
	// LookupEvents returns recent Insights events for trails that enable Insights. To
	// view Insights events for an event data store, you can run queries on your
	// Insights event data store, and you can also view the Lake dashboard for
	// Insights.
	//
	// Lookup supports the following attributes for management events:
	//
	//   - Amazon Web Services access key
	//
	//   - Event ID
	//
	//   - Event name
	//
	//   - Event source
	//
	//   - Read only
	//
	//   - Resource name
	//
	//   - Resource type
	//
	//   - User name
	//
	// Lookup supports the following attributes for Insights events:
	//
	//   - Event ID
	//
	//   - Event name
	//
	//   - Event source
	//
	// All attributes are optional. The default number of results returned is 50, with
	// a maximum of 50 possible. The response includes a token that you can use to get
	// the next page of results.
	//
	// The rate of lookup requests is limited to two per second, per account, per
	// Region. If this limit is exceeded, a throttling error occurs.
	//
	// [CloudTrail Insights events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-insights-events
	// [management events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events
	LookupEvents(ctx context.Context, params *LookupEventsInput, optFns ...func(*Options)) (*LookupEventsOutput, error)
	// Configures event selectors (also referred to as basic event selectors) or
	// advanced event selectors for your trail. You can use either
	// AdvancedEventSelectors or EventSelectors , but not both. If you apply
	// AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten.
	//
	// You can use AdvancedEventSelectors to log management events, data events for
	// all resource types, and network activity events.
	//
	// You can use EventSelectors to log management events and data events for the
	// following resource types:
	//
	//   - AWS::DynamoDB::Table
	//
	//   - AWS::Lambda::Function
	//
	//   - AWS::S3::Object
	//
	// You can't use EventSelectors to log network activity events.
	//
	// If you want your trail to log Insights events, be sure the event selector or
	// advanced event selector enables logging of the Insights event types you want
	// configured for your trail. For more information about logging Insights events,
	// see [Logging Insights events]in the CloudTrail User Guide. By default, trails created without specific
	// event selectors are configured to log all read and write management events, and
	// no data events or network activity events.
	//
	// When an event occurs in your account, CloudTrail evaluates the event selectors
	// or advanced event selectors in all trails. For each trail, if the event matches
	// any event selector, the trail processes and logs the event. If the event doesn't
	// match any event selector, the trail doesn't log the event.
	//
	// Example
	//
	//   - You create an event selector for a trail and specify that you want to log
	//     write-only events.
	//
	//   - The EC2 GetConsoleOutput and RunInstances API operations occur in your
	//     account.
	//
	//   - CloudTrail evaluates whether the events match your event selectors.
	//
	//   - The RunInstances is a write-only event and it matches your event selector.
	//     The trail logs the event.
	//
	//   - The GetConsoleOutput is a read-only event that doesn't match your event
	//     selector. The trail doesn't log the event.
	//
	// The PutEventSelectors operation must be called from the Region in which the
	// trail was created; otherwise, an InvalidHomeRegionException exception is thrown.
	//
	// You can configure up to five event selectors for each trail.
	//
	// You can add advanced event selectors, and conditions for your advanced event
	// selectors, up to a maximum of 500 values for all conditions and selectors on a
	// trail. For more information, see [Logging management events], [Logging data events], [Logging network activity events], and [Quotas in CloudTrail] in the CloudTrail User Guide.
	//
	// [Logging network activity events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
	// [Logging Insights events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
	// [Logging management events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
	// [Quotas in CloudTrail]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
	// [Logging data events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
	PutEventSelectors(ctx context.Context, params *PutEventSelectorsInput, optFns ...func(*Options)) (*PutEventSelectorsOutput, error)
	// Lets you enable Insights event logging by specifying the Insights selectors
	// that you want to enable on an existing trail or event data store. You also use
	// PutInsightSelectors to turn off Insights event logging, by passing an empty list
	// of Insights types. The valid Insights event types are ApiErrorRateInsight and
	// ApiCallRateInsight .
	//
	// To enable Insights on an event data store, you must specify the ARNs (or ID
	// suffix of the ARNs) for the source event data store ( EventDataStore ) and the
	// destination event data store ( InsightsDestination ). The source event data
	// store logs management events and enables Insights. The destination event data
	// store logs Insights events based upon the management event activity of the
	// source event data store. The source and destination event data stores must
	// belong to the same Amazon Web Services account.
	//
	// To log Insights events for a trail, you must specify the name ( TrailName ) of
	// the CloudTrail trail for which you want to change or add Insights selectors.
	//
	// To log CloudTrail Insights events on API call volume, the trail or event data
	// store must log write management events. To log CloudTrail Insights events on
	// API error rate, the trail or event data store must log read or write management
	// events. You can call GetEventSelectors on a trail to check whether the trail
	// logs management events. You can call GetEventDataStore on an event data store
	// to check whether the event data store logs management events.
	//
	// For more information, see [Logging CloudTrail Insights events] in the CloudTrail User Guide.
	//
	// [Logging CloudTrail Insights events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
	PutInsightSelectors(ctx context.Context, params *PutInsightSelectorsInput, optFns ...func(*Options)) (*PutInsightSelectorsOutput, error)
	//	Attaches a resource-based permission policy to a CloudTrail event data store,
	//
	// dashboard, or channel. For more information about resource-based policies, see [CloudTrail resource-based policy examples]
	// in the CloudTrail User Guide.
	//
	// [CloudTrail resource-based policy examples]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html
	PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
	// Registers an organization’s member account as the CloudTrail [delegated administrator].
	//
	// [delegated administrator]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-delegated-administrator.html
	RegisterOrganizationDelegatedAdmin(ctx context.Context, params *RegisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*RegisterOrganizationDelegatedAdminOutput, error)
	// Removes the specified tags from a trail, event data store, dashboard, or
	// channel.
	RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
	// Restores a deleted event data store specified by EventDataStore , which accepts
	// an event data store ARN. You can only restore a deleted event data store within
	// the seven-day wait period after deletion. Restoring an event data store can take
	// several minutes, depending on the size of the event data store.
	RestoreEventDataStore(ctx context.Context, params *RestoreEventDataStoreInput, optFns ...func(*Options)) (*RestoreEventDataStoreOutput, error)
	//	Starts a refresh of the specified dashboard.
	//
	// Each time a dashboard is refreshed, CloudTrail runs queries to populate the
	// dashboard's widgets. CloudTrail must be granted permissions to run the
	// StartQuery operation on your behalf. To provide permissions, run the
	// PutResourcePolicy operation to attach a resource-based policy to each event data
	// store. For more information, see [Example: Allow CloudTrail to run queries to populate a dashboard]in the CloudTrail User Guide.
	//
	// [Example: Allow CloudTrail to run queries to populate a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard
	StartDashboardRefresh(ctx context.Context, params *StartDashboardRefreshInput, optFns ...func(*Options)) (*StartDashboardRefreshOutput, error)
	// Starts the ingestion of live events on an event data store specified as either
	// an ARN or the ID portion of the ARN. To start ingestion, the event data store
	// Status must be STOPPED_INGESTION and the eventCategory must be Management , Data
	// , NetworkActivity , or ConfigurationItem .
	StartEventDataStoreIngestion(ctx context.Context, params *StartEventDataStoreIngestionInput, optFns ...func(*Options)) (*StartEventDataStoreIngestionOutput, error)
	//	Starts an import of logged trail events from a source S3 bucket to a
	//
	// destination event data store. By default, CloudTrail only imports events
	// contained in the S3 bucket's CloudTrail prefix and the prefixes inside the
	// CloudTrail prefix, and does not check prefixes for other Amazon Web Services
	// services. If you want to import CloudTrail events contained in another prefix,
	// you must include the prefix in the S3LocationUri . For more considerations about
	// importing trail events, see [Considerations for copying trail events]in the CloudTrail User Guide.
	//
	// When you start a new import, the Destinations and ImportSource parameters are
	// required. Before starting a new import, disable any access control lists (ACLs)
	// attached to the source S3 bucket. For more information about disabling ACLs, see
	// [Controlling ownership of objects and disabling ACLs for your bucket].
	//
	// When you retry an import, the ImportID parameter is required.
	//
	// If the destination event data store is for an organization, you must use the
	// management account to import trail events. You cannot use the delegated
	// administrator account for the organization.
	//
	// [Considerations for copying trail events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-copy-trail-to-lake.html#cloudtrail-trail-copy-considerations
	// [Controlling ownership of objects and disabling ACLs for your bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
	StartImport(ctx context.Context, params *StartImportInput, optFns ...func(*Options)) (*StartImportOutput, error)
	// Starts the recording of Amazon Web Services API calls and log file delivery for
	// a trail. For a trail that is enabled in all Regions, this operation must be
	// called from the Region in which the trail was created. This operation cannot be
	// called on the shadow trails (replicated trails in other Regions) of a trail that
	// is enabled in all Regions.
	StartLogging(ctx context.Context, params *StartLoggingInput, optFns ...func(*Options)) (*StartLoggingOutput, error)
	// Starts a CloudTrail Lake query. Use the QueryStatement parameter to provide
	// your SQL query, enclosed in single quotation marks. Use the optional
	// DeliveryS3Uri parameter to deliver the query results to an S3 bucket.
	//
	// StartQuery requires you specify either the QueryStatement parameter, or a
	// QueryAlias and any QueryParameters . In the current release, the QueryAlias and
	// QueryParameters parameters are used only for the queries that populate the
	// CloudTrail Lake dashboards.
	StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error)
	// Stops the ingestion of live events on an event data store specified as either
	// an ARN or the ID portion of the ARN. To stop ingestion, the event data store
	// Status must be ENABLED and the eventCategory must be Management , Data ,
	// NetworkActivity , or ConfigurationItem .
	StopEventDataStoreIngestion(ctx context.Context, params *StopEventDataStoreIngestionInput, optFns ...func(*Options)) (*StopEventDataStoreIngestionOutput, error)
	// Stops a specified import.
	StopImport(ctx context.Context, params *StopImportInput, optFns ...func(*Options)) (*StopImportOutput, error)
	// Suspends the recording of Amazon Web Services API calls and log file delivery
	// for the specified trail. Under most circumstances, there is no need to use this
	// action. You can update a trail without stopping it first. This action is the
	// only way to stop recording. For a trail enabled in all Regions, this operation
	// must be called from the Region in which the trail was created, or an
	// InvalidHomeRegionException will occur. This operation cannot be called on the
	// shadow trails (replicated trails in other Regions) of a trail enabled in all
	// Regions.
	StopLogging(ctx context.Context, params *StopLoggingInput, optFns ...func(*Options)) (*StopLoggingOutput, error)
	// Updates a channel specified by a required channel ARN or UUID.
	UpdateChannel(ctx context.Context, params *UpdateChannelInput, optFns ...func(*Options)) (*UpdateChannelOutput, error)
	//	Updates the specified dashboard.
	//
	// To set a refresh schedule, CloudTrail must be granted permissions to run the
	// StartDashboardRefresh operation to refresh the dashboard on your behalf. To
	// provide permissions, run the PutResourcePolicy operation to attach a
	// resource-based policy to the dashboard. For more information, see [Resource-based policy example for a dashboard]in the
	// CloudTrail User Guide.
	//
	// CloudTrail runs queries to populate the dashboard's widgets during a manual or
	// scheduled refresh. CloudTrail must be granted permissions to run the StartQuery
	// operation on your behalf. To provide permissions, run the PutResourcePolicy
	// operation to attach a resource-based policy to each event data store. For more
	// information, see [Example: Allow CloudTrail to run queries to populate a dashboard]in the CloudTrail User Guide.
	//
	// [Example: Allow CloudTrail to run queries to populate a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard
	// [Resource-based policy example for a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-dashboards
	UpdateDashboard(ctx context.Context, params *UpdateDashboardInput, optFns ...func(*Options)) (*UpdateDashboardOutput, error)
	// Updates an event data store. The required EventDataStore value is an ARN or the
	// ID portion of the ARN. Other parameters are optional, but at least one optional
	// parameter must be specified, or CloudTrail throws an error. RetentionPeriod is
	// in days, and valid values are integers between 7 and 3653 if the BillingMode is
	// set to EXTENDABLE_RETENTION_PRICING , or between 7 and 2557 if BillingMode is
	// set to FIXED_RETENTION_PRICING . By default, TerminationProtection is enabled.
	//
	// For event data stores for CloudTrail events, AdvancedEventSelectors includes or
	// excludes management, data, or network activity events in your event data store.
	// For more information about AdvancedEventSelectors , see [AdvancedEventSelectors].
	//
	// For event data stores for CloudTrail Insights events, Config configuration
	// items, Audit Manager evidence, or non-Amazon Web Services events,
	// AdvancedEventSelectors includes events of that type in your event data store.
	//
	// [AdvancedEventSelectors]: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html
	UpdateEventDataStore(ctx context.Context, params *UpdateEventDataStoreInput, optFns ...func(*Options)) (*UpdateEventDataStoreOutput, error)
	// Updates trail settings that control what events you are logging, and how to
	// handle log files. Changes to a trail do not require stopping the CloudTrail
	// service. Use this action to designate an existing bucket for log delivery. If
	// the existing bucket has previously been a target for CloudTrail log files, an
	// IAM policy exists for the bucket. UpdateTrail must be called from the Region in
	// which the trail was created; otherwise, an InvalidHomeRegionException is thrown.
	UpdateTrail(ctx context.Context, params *UpdateTrailInput, optFns ...func(*Options)) (*UpdateTrailOutput, error)
}

CloudTrail provides an interface to the AWS CloudTrail service.

type CloudWatchLogs added in v0.92.0

type CloudWatchLogs interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() cloudwatchlogs.Options
	// Associates the specified KMS key with either one log group in the account, or
	// with all stored CloudWatch Logs query insights results in the account.
	//
	// When you use AssociateKmsKey , you specify either the logGroupName parameter or
	// the resourceIdentifier parameter. You can't specify both of those parameters in
	// the same operation.
	//
	//   - Specify the logGroupName parameter to cause all log events stored in the log
	//     group to be encrypted with that key. Only the log events ingested after the key
	//     is associated are encrypted with that key.
	//
	// Associating a KMS key with a log group overrides any existing associations
	//
	//	between the log group and a KMS key. After a KMS key is associated with a log
	//	group, all newly ingested data for the log group is encrypted using the KMS key.
	//	This association is stored as long as the data encrypted with the KMS key is
	//	still within CloudWatch Logs. This enables CloudWatch Logs to decrypt this data
	//	whenever it is requested.
	//
	// Associating a key with a log group does not cause the results of queries of
	//
	//	that log group to be encrypted with that key. To have query results encrypted
	//	with a KMS key, you must use an AssociateKmsKey operation with the
	//	resourceIdentifier parameter that specifies a query-result resource.
	//
	//	- Specify the resourceIdentifier parameter with a query-result resource, to
	//	use that key to encrypt the stored results of all future [StartQuery]operations in the
	//	account. The response from a [GetQueryResults]operation will still return the query results in
	//	plain text.
	//
	// Even if you have not associated a key with your query results, the query
	//
	//	results are encrypted when stored, using the default CloudWatch Logs method.
	//
	// If you run a query from a monitoring account that queries logs in a source
	//
	//	account, the query results key from the monitoring account, if any, is used.
	//
	// If you delete the key that is used to encrypt log events or log group query
	// results, then all the associated stored log events or query results that were
	// encrypted with that key will be unencryptable and unusable.
	//
	// CloudWatch Logs supports only symmetric KMS keys. Do not use an associate an
	// asymmetric KMS key with your log group or query results. For more information,
	// see [Using Symmetric and Asymmetric Keys].
	//
	// It can take up to 5 minutes for this operation to take effect.
	//
	// If you attempt to associate a KMS key with a log group but the KMS key does not
	// exist or the KMS key is disabled, you receive an InvalidParameterException
	// error.
	//
	// [Using Symmetric and Asymmetric Keys]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
	//
	// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
	// [GetQueryResults]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html
	AssociateKmsKey(ctx context.Context, params *AssociateKmsKeyInput, optFns ...func(*Options)) (*AssociateKmsKeyOutput, error)
	// Cancels the specified export task.
	//
	// The task must be in the PENDING or RUNNING state.
	CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error)
	// Creates a delivery. A delivery is a connection between a logical delivery
	// source and a logical delivery destination that you have already created.
	//
	// Only some Amazon Web Services services support being configured as a delivery
	// source using this operation. These services are listed as Supported [V2
	// Permissions] in the table at [Enabling logging from Amazon Web Services services.]
	//
	// A delivery destination can represent a log group in CloudWatch Logs, an Amazon
	// S3 bucket, or a delivery stream in Firehose.
	//
	// To configure logs delivery between a supported Amazon Web Services service and
	// a destination, you must do the following:
	//
	//   - Create a delivery source, which is a logical object that represents the
	//     resource that is actually sending the logs. For more information, see [PutDeliverySource].
	//
	//   - Create a delivery destination, which is a logical object that represents
	//     the actual delivery destination. For more information, see [PutDeliveryDestination].
	//
	//   - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy]in the destination
	//     account to assign an IAM policy to the destination. This policy allows delivery
	//     to that destination.
	//
	//   - Use CreateDelivery to create a delivery by pairing exactly one delivery
	//     source and one delivery destination.
	//
	// You can configure a single delivery source to send logs to multiple
	// destinations by creating multiple deliveries. You can also create multiple
	// deliveries to configure multiple delivery sources to send logs to the same
	// delivery destination.
	//
	// To update an existing delivery configuration, use [UpdateDeliveryConfiguration].
	//
	// [PutDeliveryDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
	// [PutDeliverySource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
	// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
	// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
	// [UpdateDeliveryConfiguration]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateDeliveryConfiguration.html
	CreateDelivery(ctx context.Context, params *CreateDeliveryInput, optFns ...func(*Options)) (*CreateDeliveryOutput, error)
	// Creates an export task so that you can efficiently export data from a log group
	// to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must
	// use credentials that have permission to write to the S3 bucket that you specify
	// as the destination.
	//
	// Exporting log data to S3 buckets that are encrypted by KMS is supported.
	// Exporting log data to Amazon S3 buckets that have S3 Object Lock enabled with a
	// retention period is also supported.
	//
	// Exporting to S3 buckets that are encrypted with AES-256 is supported.
	//
	// This is an asynchronous call. If all the required information is provided, this
	// operation initiates an export task and responds with the ID of the task. After
	// the task has started, you can use [DescribeExportTasks]to get the status of the export task. Each
	// account can only have one active ( RUNNING or PENDING ) export task at a time.
	// To cancel an export task, use [CancelExportTask].
	//
	// You can export logs from multiple log groups or multiple time ranges to the
	// same S3 bucket. To separate log data for each export task, specify a prefix to
	// be used as the Amazon S3 key prefix for all exported objects.
	//
	// Time-based sorting on chunks of log data inside an exported file is not
	// guaranteed. You can sort the exported log field data by using Linux utilities.
	//
	// [CancelExportTask]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html
	// [DescribeExportTasks]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html
	CreateExportTask(ctx context.Context, params *CreateExportTaskInput, optFns ...func(*Options)) (*CreateExportTaskOutput, error)
	// Creates an anomaly detector that regularly scans one or more log groups and
	// look for patterns and anomalies in the logs.
	//
	// An anomaly detector can help surface issues by automatically discovering
	// anomalies in your log event traffic. An anomaly detector uses machine learning
	// algorithms to scan log events and find patterns.
	//
	// A pattern is a shared text structure that recurs among your log fields.
	// Patterns provide a useful tool for analyzing large sets of logs because a large
	// number of log events can often be compressed into a few patterns.
	//
	// The anomaly detector uses pattern recognition to find anomalies , which are
	// unusual log events. It uses the evaluationFrequency to compare current log
	// events and patterns with trained baselines.
	//
	// Fields within a pattern are called tokens. Fields that vary within a pattern,
	// such as a request ID or timestamp, are referred to as dynamic tokens and
	// represented by <> .
	//
	// The following is an example of a pattern:
	//
	//	[INFO] Request time: <
	//
	//	> ms
	//
	// This pattern represents log events like [INFO] Request time: 327 ms and other
	// similar log events that differ only by the number, in this csse 327. When the
	// pattern is displayed, the different numbers are replaced by <*>
	//
	// Any parts of log events that are masked as sensitive data are not scanned for
	// anomalies. For more information about masking sensitive data, see [Help protect sensitive log data with masking].
	//
	// [Help protect sensitive log data with masking]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
	CreateLogAnomalyDetector(ctx context.Context, params *CreateLogAnomalyDetectorInput, optFns ...func(*Options)) (*CreateLogAnomalyDetectorOutput, error)
	// Creates a log group with the specified name. You can create up to 1,000,000 log
	// groups per Region per account.
	//
	// You must use the following guidelines when naming a log group:
	//
	//   - Log group names must be unique within a Region for an Amazon Web Services
	//     account.
	//
	//   - Log group names can be between 1 and 512 characters long.
	//
	//   - Log group names consist of the following characters: a-z, A-Z, 0-9, '_'
	//     (underscore), '-' (hyphen), '/' (forward slash), '.' (period), and '#' (number
	//     sign)
	//
	//   - Log group names can't start with the string aws/
	//
	// When you create a log group, by default the log events in the log group do not
	// expire. To set a retention policy so that events expire and are deleted after a
	// specified time, use [PutRetentionPolicy].
	//
	// If you associate an KMS key with the log group, ingested data is encrypted
	// using the KMS key. This association is stored as long as the data encrypted with
	// the KMS key is still within CloudWatch Logs. This enables CloudWatch Logs to
	// decrypt this data whenever it is requested.
	//
	// If you attempt to associate a KMS key with the log group but the KMS key does
	// not exist or the KMS key is disabled, you receive an InvalidParameterException
	// error.
	//
	// CloudWatch Logs supports only symmetric KMS keys. Do not associate an
	// asymmetric KMS key with your log group. For more information, see [Using Symmetric and Asymmetric Keys].
	//
	// [Using Symmetric and Asymmetric Keys]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
	// [PutRetentionPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html
	CreateLogGroup(ctx context.Context, params *CreateLogGroupInput, optFns ...func(*Options)) (*CreateLogGroupOutput, error)
	// Creates a log stream for the specified log group. A log stream is a sequence of
	// log events that originate from a single source, such as an application instance
	// or a resource that is being monitored.
	//
	// There is no limit on the number of log streams that you can create for a log
	// group. There is a limit of 50 TPS on CreateLogStream operations, after which
	// transactions are throttled.
	//
	// You must use the following guidelines when naming a log stream:
	//
	//   - Log stream names must be unique within the log group.
	//
	//   - Log stream names can be between 1 and 512 characters long.
	//
	//   - Don't use ':' (colon) or '*' (asterisk) characters.
	CreateLogStream(ctx context.Context, params *CreateLogStreamInput, optFns ...func(*Options)) (*CreateLogStreamOutput, error)
	// Deletes a CloudWatch Logs account policy. This stops the account-wide policy
	// from applying to log groups in the account. If you delete a data protection
	// policy or subscription filter policy, any log-group level policies of those
	// types remain in effect.
	//
	// To use this operation, you must be signed on with the correct permissions
	// depending on the type of policy that you are deleting.
	//
	//   - To delete a data protection policy, you must have the
	//     logs:DeleteDataProtectionPolicy and logs:DeleteAccountPolicy permissions.
	//
	//   - To delete a subscription filter policy, you must have the
	//     logs:DeleteSubscriptionFilter and logs:DeleteAccountPolicy permissions.
	//
	//   - To delete a transformer policy, you must have the logs:DeleteTransformer and
	//     logs:DeleteAccountPolicy permissions.
	//
	//   - To delete a field index policy, you must have the logs:DeleteIndexPolicy and
	//     logs:DeleteAccountPolicy permissions.
	//
	// If you delete a field index policy, the indexing of the log events that
	// happened before you deleted the policy will still be used for up to 30 days to
	// improve CloudWatch Logs Insights queries.
	DeleteAccountPolicy(ctx context.Context, params *DeleteAccountPolicyInput, optFns ...func(*Options)) (*DeleteAccountPolicyOutput, error)
	// Deletes the data protection policy from the specified log group.
	//
	// For more information about data protection policies, see [PutDataProtectionPolicy].
	//
	// [PutDataProtectionPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
	DeleteDataProtectionPolicy(ctx context.Context, params *DeleteDataProtectionPolicyInput, optFns ...func(*Options)) (*DeleteDataProtectionPolicyOutput, error)
	// Deletes s delivery. A delivery is a connection between a logical delivery
	// source and a logical delivery destination. Deleting a delivery only deletes the
	// connection between the delivery source and delivery destination. It does not
	// delete the delivery destination or the delivery source.
	DeleteDelivery(ctx context.Context, params *DeleteDeliveryInput, optFns ...func(*Options)) (*DeleteDeliveryOutput, error)
	// Deletes a delivery destination. A delivery is a connection between a logical
	// delivery source and a logical delivery destination.
	//
	// You can't delete a delivery destination if any current deliveries are
	// associated with it. To find whether any deliveries are associated with this
	// delivery destination, use the [DescribeDeliveries]operation and check the deliveryDestinationArn
	// field in the results.
	//
	// [DescribeDeliveries]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
	DeleteDeliveryDestination(ctx context.Context, params *DeleteDeliveryDestinationInput, optFns ...func(*Options)) (*DeleteDeliveryDestinationOutput, error)
	// Deletes a delivery destination policy. For more information about these
	// policies, see [PutDeliveryDestinationPolicy].
	//
	// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
	DeleteDeliveryDestinationPolicy(ctx context.Context, params *DeleteDeliveryDestinationPolicyInput, optFns ...func(*Options)) (*DeleteDeliveryDestinationPolicyOutput, error)
	// Deletes a delivery source. A delivery is a connection between a logical
	// delivery source and a logical delivery destination.
	//
	// You can't delete a delivery source if any current deliveries are associated
	// with it. To find whether any deliveries are associated with this delivery
	// source, use the [DescribeDeliveries]operation and check the deliverySourceName field in the results.
	//
	// [DescribeDeliveries]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
	DeleteDeliverySource(ctx context.Context, params *DeleteDeliverySourceInput, optFns ...func(*Options)) (*DeleteDeliverySourceOutput, error)
	// Deletes the specified destination, and eventually disables all the subscription
	// filters that publish to it. This operation does not delete the physical resource
	// encapsulated by the destination.
	DeleteDestination(ctx context.Context, params *DeleteDestinationInput, optFns ...func(*Options)) (*DeleteDestinationOutput, error)
	// Deletes a log-group level field index policy that was applied to a single log
	// group. The indexing of the log events that happened before you delete the policy
	// will still be used for as many as 30 days to improve CloudWatch Logs Insights
	// queries.
	//
	// You can't use this operation to delete an account-level index policy. Instead,
	// use [DeletAccountPolicy].
	//
	// If you delete a log-group level field index policy and there is an
	// account-level field index policy, in a few minutes the log group begins using
	// that account-wide policy to index new incoming log events.
	//
	// [DeletAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteAccountPolicy.html
	DeleteIndexPolicy(ctx context.Context, params *DeleteIndexPolicyInput, optFns ...func(*Options)) (*DeleteIndexPolicyOutput, error)
	// Deletes the integration between CloudWatch Logs and OpenSearch Service. If your
	// integration has active vended logs dashboards, you must specify true for the
	// force parameter, otherwise the operation will fail. If you delete the
	// integration by setting force to true , all your vended logs dashboards powered
	// by OpenSearch Service will be deleted and the data that was on them will no
	// longer be accessible.
	DeleteIntegration(ctx context.Context, params *DeleteIntegrationInput, optFns ...func(*Options)) (*DeleteIntegrationOutput, error)
	// Deletes the specified CloudWatch Logs anomaly detector.
	DeleteLogAnomalyDetector(ctx context.Context, params *DeleteLogAnomalyDetectorInput, optFns ...func(*Options)) (*DeleteLogAnomalyDetectorOutput, error)
	// Deletes the specified log group and permanently deletes all the archived log
	// events associated with the log group.
	DeleteLogGroup(ctx context.Context, params *DeleteLogGroupInput, optFns ...func(*Options)) (*DeleteLogGroupOutput, error)
	// Deletes the specified log stream and permanently deletes all the archived log
	// events associated with the log stream.
	DeleteLogStream(ctx context.Context, params *DeleteLogStreamInput, optFns ...func(*Options)) (*DeleteLogStreamOutput, error)
	// Deletes the specified metric filter.
	DeleteMetricFilter(ctx context.Context, params *DeleteMetricFilterInput, optFns ...func(*Options)) (*DeleteMetricFilterOutput, error)
	// Deletes a saved CloudWatch Logs Insights query definition. A query definition
	// contains details about a saved CloudWatch Logs Insights query.
	//
	// Each DeleteQueryDefinition operation can delete one query definition.
	//
	// You must have the logs:DeleteQueryDefinition permission to be able to perform
	// this operation.
	DeleteQueryDefinition(ctx context.Context, params *DeleteQueryDefinitionInput, optFns ...func(*Options)) (*DeleteQueryDefinitionOutput, error)
	// Deletes a resource policy from this account. This revokes the access of the
	// identities in that policy to put log events to this account.
	DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
	// Deletes the specified retention policy.
	//
	// Log events do not expire if they belong to log groups without a retention
	// policy.
	DeleteRetentionPolicy(ctx context.Context, params *DeleteRetentionPolicyInput, optFns ...func(*Options)) (*DeleteRetentionPolicyOutput, error)
	// Deletes the specified subscription filter.
	DeleteSubscriptionFilter(ctx context.Context, params *DeleteSubscriptionFilterInput, optFns ...func(*Options)) (*DeleteSubscriptionFilterOutput, error)
	// Deletes the log transformer for the specified log group. As soon as you do
	// this, the transformation of incoming log events according to that transformer
	// stops. If this account has an account-level transformer that applies to this log
	// group, the log group begins using that account-level transformer when this
	// log-group level transformer is deleted.
	//
	// After you delete a transformer, be sure to edit any metric filters or
	// subscription filters that relied on the transformed versions of the log events.
	DeleteTransformer(ctx context.Context, params *DeleteTransformerInput, optFns ...func(*Options)) (*DeleteTransformerOutput, error)
	// Returns a list of all CloudWatch Logs account policies in the account.
	DescribeAccountPolicies(ctx context.Context, params *DescribeAccountPoliciesInput, optFns ...func(*Options)) (*DescribeAccountPoliciesOutput, error)
	// Use this operation to return the valid and default values that are used when
	// creating delivery sources, delivery destinations, and deliveries. For more
	// information about deliveries, see [CreateDelivery].
	//
	// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
	DescribeConfigurationTemplates(ctx context.Context, params *DescribeConfigurationTemplatesInput, optFns ...func(*Options)) (*DescribeConfigurationTemplatesOutput, error)
	// Retrieves a list of the deliveries that have been created in the account.
	//
	// A delivery is a connection between a [delivery source] and a [delivery destination].
	//
	// A delivery source represents an Amazon Web Services resource that sends logs to
	// an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3,
	// or Firehose. Only some Amazon Web Services services support being configured as
	// a delivery source. These services are listed in [Enable logging from Amazon Web Services services.]
	//
	// [delivery destination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
	// [delivery source]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
	// [Enable logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
	DescribeDeliveries(ctx context.Context, params *DescribeDeliveriesInput, optFns ...func(*Options)) (*DescribeDeliveriesOutput, error)
	// Retrieves a list of the delivery destinations that have been created in the
	// account.
	DescribeDeliveryDestinations(ctx context.Context, params *DescribeDeliveryDestinationsInput, optFns ...func(*Options)) (*DescribeDeliveryDestinationsOutput, error)
	// Retrieves a list of the delivery sources that have been created in the account.
	DescribeDeliverySources(ctx context.Context, params *DescribeDeliverySourcesInput, optFns ...func(*Options)) (*DescribeDeliverySourcesOutput, error)
	// Lists all your destinations. The results are ASCII-sorted by destination name.
	DescribeDestinations(ctx context.Context, params *DescribeDestinationsInput, optFns ...func(*Options)) (*DescribeDestinationsOutput, error)
	// Lists the specified export tasks. You can list all your export tasks or filter
	// the results based on task ID or task status.
	DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error)
	// Returns a list of field indexes listed in the field index policies of one or
	// more log groups. For more information about field index policies, see [PutIndexPolicy].
	//
	// [PutIndexPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
	DescribeFieldIndexes(ctx context.Context, params *DescribeFieldIndexesInput, optFns ...func(*Options)) (*DescribeFieldIndexesOutput, error)
	// Returns the field index policies of one or more log groups. For more
	// information about field index policies, see [PutIndexPolicy].
	//
	// If a specified log group has a log-group level index policy, that policy is
	// returned by this operation.
	//
	// If a specified log group doesn't have a log-group level index policy, but an
	// account-wide index policy applies to it, that account-wide policy is returned by
	// this operation.
	//
	// To find information about only account-level policies, use [DescribeAccountPolicies] instead.
	//
	// [PutIndexPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
	// [DescribeAccountPolicies]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html
	DescribeIndexPolicies(ctx context.Context, params *DescribeIndexPoliciesInput, optFns ...func(*Options)) (*DescribeIndexPoliciesOutput, error)
	// Lists the specified log groups. You can list all your log groups or filter the
	// results by prefix. The results are ASCII-sorted by log group name.
	//
	// CloudWatch Logs doesn't support IAM policies that control access to the
	// DescribeLogGroups action by using the aws:ResourceTag/key-name  condition key.
	// Other CloudWatch Logs actions do support the use of the
	// aws:ResourceTag/key-name condition key to control access. For more information
	// about using tags to control access, see [Controlling access to Amazon Web Services resources using tags].
	//
	// If you are using CloudWatch cross-account observability, you can use this
	// operation in a monitoring account and view data from the linked source accounts.
	// For more information, see [CloudWatch cross-account observability].
	//
	// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
	// [Controlling access to Amazon Web Services resources using tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	DescribeLogGroups(ctx context.Context, params *DescribeLogGroupsInput, optFns ...func(*Options)) (*DescribeLogGroupsOutput, error)
	// Lists the log streams for the specified log group. You can list all the log
	// streams or filter the results by prefix. You can also control how the results
	// are ordered.
	//
	// You can specify the log group to search by using either logGroupIdentifier or
	// logGroupName . You must include one of these two parameters, but you can't
	// include both.
	//
	// This operation has a limit of five transactions per second, after which
	// transactions are throttled.
	//
	// If you are using CloudWatch cross-account observability, you can use this
	// operation in a monitoring account and view data from the linked source accounts.
	// For more information, see [CloudWatch cross-account observability].
	//
	// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
	DescribeLogStreams(ctx context.Context, params *DescribeLogStreamsInput, optFns ...func(*Options)) (*DescribeLogStreamsOutput, error)
	// Lists the specified metric filters. You can list all of the metric filters or
	// filter the results by log name, prefix, metric name, or metric namespace. The
	// results are ASCII-sorted by filter name.
	DescribeMetricFilters(ctx context.Context, params *DescribeMetricFiltersInput, optFns ...func(*Options)) (*DescribeMetricFiltersOutput, error)
	// Returns a list of CloudWatch Logs Insights queries that are scheduled, running,
	// or have been run recently in this account. You can request all queries or limit
	// it to queries of a specific log group or queries with a certain status.
	DescribeQueries(ctx context.Context, params *DescribeQueriesInput, optFns ...func(*Options)) (*DescribeQueriesOutput, error)
	// This operation returns a paginated list of your saved CloudWatch Logs Insights
	// query definitions. You can retrieve query definitions from the current account
	// or from a source account that is linked to the current account.
	//
	// You can use the queryDefinitionNamePrefix parameter to limit the results to
	// only the query definitions that have names that start with a certain string.
	DescribeQueryDefinitions(ctx context.Context, params *DescribeQueryDefinitionsInput, optFns ...func(*Options)) (*DescribeQueryDefinitionsOutput, error)
	// Lists the resource policies in this account.
	DescribeResourcePolicies(ctx context.Context, params *DescribeResourcePoliciesInput, optFns ...func(*Options)) (*DescribeResourcePoliciesOutput, error)
	// Lists the subscription filters for the specified log group. You can list all
	// the subscription filters or filter the results by prefix. The results are
	// ASCII-sorted by filter name.
	DescribeSubscriptionFilters(ctx context.Context, params *DescribeSubscriptionFiltersInput, optFns ...func(*Options)) (*DescribeSubscriptionFiltersOutput, error)
	// Disassociates the specified KMS key from the specified log group or from all
	// CloudWatch Logs Insights query results in the account.
	//
	// When you use DisassociateKmsKey , you specify either the logGroupName parameter
	// or the resourceIdentifier parameter. You can't specify both of those parameters
	// in the same operation.
	//
	//   - Specify the logGroupName parameter to stop using the KMS key to encrypt
	//     future log events ingested and stored in the log group. Instead, they will be
	//     encrypted with the default CloudWatch Logs method. The log events that were
	//     ingested while the key was associated with the log group are still encrypted
	//     with that key. Therefore, CloudWatch Logs will need permissions for the key
	//     whenever that data is accessed.
	//
	//   - Specify the resourceIdentifier parameter with the query-result resource to
	//     stop using the KMS key to encrypt the results of all future [StartQuery]operations in the
	//     account. They will instead be encrypted with the default CloudWatch Logs method.
	//     The results from queries that ran while the key was associated with the account
	//     are still encrypted with that key. Therefore, CloudWatch Logs will need
	//     permissions for the key whenever that data is accessed.
	//
	// It can take up to 5 minutes for this operation to take effect.
	//
	// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
	DisassociateKmsKey(ctx context.Context, params *DisassociateKmsKeyInput, optFns ...func(*Options)) (*DisassociateKmsKeyOutput, error)
	// Lists log events from the specified log group. You can list all the log events
	// or filter the results using a filter pattern, a time range, and the name of the
	// log stream.
	//
	// You must have the logs:FilterLogEvents permission to perform this operation.
	//
	// You can specify the log group to search by using either logGroupIdentifier or
	// logGroupName . You must include one of these two parameters, but you can't
	// include both.
	//
	// By default, this operation returns as many log events as can fit in 1 MB (up to
	// 10,000 log events) or all the events found within the specified time range. If
	// the results include a token, that means there are more log events available. You
	// can get additional results by specifying the token in a subsequent call. This
	// operation can return empty results while there are more log events available
	// through the token.
	//
	// The returned log events are sorted by event timestamp, the timestamp when the
	// event was ingested by CloudWatch Logs, and the ID of the PutLogEvents request.
	//
	// If you are using CloudWatch cross-account observability, you can use this
	// operation in a monitoring account and view data from the linked source accounts.
	// For more information, see [CloudWatch cross-account observability].
	//
	// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
	FilterLogEvents(ctx context.Context, params *FilterLogEventsInput, optFns ...func(*Options)) (*FilterLogEventsOutput, error)
	// Returns information about a log group data protection policy.
	GetDataProtectionPolicy(ctx context.Context, params *GetDataProtectionPolicyInput, optFns ...func(*Options)) (*GetDataProtectionPolicyOutput, error)
	// Returns complete information about one logical delivery. A delivery is a
	// connection between a [delivery source]and a [delivery destination].
	//
	// A delivery source represents an Amazon Web Services resource that sends logs to
	// an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3,
	// or Firehose. Only some Amazon Web Services services support being configured as
	// a delivery source. These services are listed in [Enable logging from Amazon Web Services services.]
	//
	// You need to specify the delivery id in this operation. You can find the IDs of
	// the deliveries in your account with the [DescribeDeliveries]operation.
	//
	// [delivery destination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
	// [delivery source]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
	// [Enable logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
	// [DescribeDeliveries]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
	GetDelivery(ctx context.Context, params *GetDeliveryInput, optFns ...func(*Options)) (*GetDeliveryOutput, error)
	// Retrieves complete information about one delivery destination.
	GetDeliveryDestination(ctx context.Context, params *GetDeliveryDestinationInput, optFns ...func(*Options)) (*GetDeliveryDestinationOutput, error)
	// Retrieves the delivery destination policy assigned to the delivery destination
	// that you specify. For more information about delivery destinations and their
	// policies, see [PutDeliveryDestinationPolicy].
	//
	// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
	GetDeliveryDestinationPolicy(ctx context.Context, params *GetDeliveryDestinationPolicyInput, optFns ...func(*Options)) (*GetDeliveryDestinationPolicyOutput, error)
	// Retrieves complete information about one delivery source.
	GetDeliverySource(ctx context.Context, params *GetDeliverySourceInput, optFns ...func(*Options)) (*GetDeliverySourceOutput, error)
	// Returns information about one integration between CloudWatch Logs and
	// OpenSearch Service.
	GetIntegration(ctx context.Context, params *GetIntegrationInput, optFns ...func(*Options)) (*GetIntegrationOutput, error)
	// Retrieves information about the log anomaly detector that you specify.
	GetLogAnomalyDetector(ctx context.Context, params *GetLogAnomalyDetectorInput, optFns ...func(*Options)) (*GetLogAnomalyDetectorOutput, error)
	// Lists log events from the specified log stream. You can list all of the log
	// events or filter using a time range.
	//
	// By default, this operation returns as many log events as can fit in a response
	// size of 1MB (up to 10,000 log events). You can get additional log events by
	// specifying one of the tokens in a subsequent call. This operation can return
	// empty results while there are more log events available through the token.
	//
	// If you are using CloudWatch cross-account observability, you can use this
	// operation in a monitoring account and view data from the linked source accounts.
	// For more information, see [CloudWatch cross-account observability].
	//
	// You can specify the log group to search by using either logGroupIdentifier or
	// logGroupName . You must include one of these two parameters, but you can't
	// include both.
	//
	// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
	GetLogEvents(ctx context.Context, params *GetLogEventsInput, optFns ...func(*Options)) (*GetLogEventsOutput, error)
	// Returns a list of the fields that are included in log events in the specified
	// log group. Includes the percentage of log events that contain each field. The
	// search is limited to a time period that you specify.
	//
	// You can specify the log group to search by using either logGroupIdentifier or
	// logGroupName . You must specify one of these parameters, but you can't specify
	// both.
	//
	// In the results, fields that start with @ are fields generated by CloudWatch
	// Logs. For example, @timestamp is the timestamp of each log event. For more
	// information about the fields that are generated by CloudWatch logs, see [Supported Logs and Discovered Fields].
	//
	// The response results are sorted by the frequency percentage, starting with the
	// highest percentage.
	//
	// If you are using CloudWatch cross-account observability, you can use this
	// operation in a monitoring account and view data from the linked source accounts.
	// For more information, see [CloudWatch cross-account observability].
	//
	// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
	// [Supported Logs and Discovered Fields]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html
	GetLogGroupFields(ctx context.Context, params *GetLogGroupFieldsInput, optFns ...func(*Options)) (*GetLogGroupFieldsOutput, error)
	// Retrieves all of the fields and values of a single log event. All fields are
	// retrieved, even if the original query that produced the logRecordPointer
	// retrieved only a subset of fields. Fields are returned as field name/field value
	// pairs.
	//
	// The full unparsed log event is returned within @message .
	GetLogRecord(ctx context.Context, params *GetLogRecordInput, optFns ...func(*Options)) (*GetLogRecordOutput, error)
	// Returns the results from the specified query.
	//
	// Only the fields requested in the query are returned, along with a @ptr field,
	// which is the identifier for the log record. You can use the value of @ptr in a [GetLogRecord]
	// operation to get the full log record.
	//
	// GetQueryResults does not start running a query. To run a query, use [StartQuery]. For more
	// information about how long results of previous queries are available, see [CloudWatch Logs quotas].
	//
	// If the value of the Status field in the output is Running , this operation
	// returns only partial results. If you see a value of Scheduled or Running for
	// the status, you can retry the operation later to see the final results.
	//
	// If you are using CloudWatch cross-account observability, you can use this
	// operation in a monitoring account to start queries in linked source accounts.
	// For more information, see [CloudWatch cross-account observability].
	//
	// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
	// [GetLogRecord]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html
	// [CloudWatch Logs quotas]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch_limits_cwl.html
	// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
	GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error)
	// Returns the information about the log transformer associated with this log
	// group.
	//
	// This operation returns data only for transformers created at the log group
	// level. To get information for an account-level transformer, use [DescribeAccountPolicies].
	//
	// [DescribeAccountPolicies]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html
	GetTransformer(ctx context.Context, params *GetTransformerInput, optFns ...func(*Options)) (*GetTransformerOutput, error)
	// Returns a list of anomalies that log anomaly detectors have found. For details
	// about the structure format of each anomaly object that is returned, see the
	// example in this section.
	ListAnomalies(ctx context.Context, params *ListAnomaliesInput, optFns ...func(*Options)) (*ListAnomaliesOutput, error)
	// Returns a list of integrations between CloudWatch Logs and other services in
	// this account. Currently, only one integration can be created in an account, and
	// this integration must be with OpenSearch Service.
	ListIntegrations(ctx context.Context, params *ListIntegrationsInput, optFns ...func(*Options)) (*ListIntegrationsOutput, error)
	// Retrieves a list of the log anomaly detectors in the account.
	ListLogAnomalyDetectors(ctx context.Context, params *ListLogAnomalyDetectorsInput, optFns ...func(*Options)) (*ListLogAnomalyDetectorsOutput, error)
	// Returns a list of the log groups that were analyzed during a single CloudWatch
	// Logs Insights query. This can be useful for queries that use log group name
	// prefixes or the filterIndex command, because the log groups are dynamically
	// selected in these cases.
	//
	// For more information about field indexes, see [Create field indexes to improve query performance and reduce costs].
	//
	// [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
	ListLogGroupsForQuery(ctx context.Context, params *ListLogGroupsForQueryInput, optFns ...func(*Options)) (*ListLogGroupsForQueryOutput, error)
	// Displays the tags associated with a CloudWatch Logs resource. Currently, log
	// groups and destinations support tagging.
	ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
	// The ListTagsLogGroup operation is on the path to deprecation. We recommend that
	// you use [ListTagsForResource]instead.
	//
	// Lists the tags for the specified log group.
	//
	// Deprecated: Please use the generic tagging API ListTagsForResource
	//
	// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
	ListTagsLogGroup(ctx context.Context, params *ListTagsLogGroupInput, optFns ...func(*Options)) (*ListTagsLogGroupOutput, error)
	// Creates an account-level data protection policy, subscription filter policy, or
	// field index policy that applies to all log groups or a subset of log groups in
	// the account.
	//
	// # Data protection policy
	//
	// A data protection policy can help safeguard sensitive data that's ingested by
	// your log groups by auditing and masking the sensitive log data. Each account can
	// have only one account-level data protection policy.
	//
	// Sensitive data is detected and masked when it is ingested into a log group.
	// When you set a data protection policy, log events ingested into the log groups
	// before that time are not masked.
	//
	// If you use PutAccountPolicy to create a data protection policy for your whole
	// account, it applies to both existing log groups and all log groups that are
	// created later in this account. The account-level policy is applied to existing
	// log groups with eventual consistency. It might take up to 5 minutes before
	// sensitive data in existing log groups begins to be masked.
	//
	// By default, when a user views a log event that includes masked data, the
	// sensitive data is replaced by asterisks. A user who has the logs:Unmask
	// permission can use a [GetLogEvents]or [FilterLogEvents] operation with the unmask parameter set to true to
	// view the unmasked log events. Users with the logs:Unmask can also view unmasked
	// data in the CloudWatch Logs console by running a CloudWatch Logs Insights query
	// with the unmask query command.
	//
	// For more information, including a list of types of data that can be audited and
	// masked, see [Protect sensitive log data with masking].
	//
	// To use the PutAccountPolicy operation for a data protection policy, you must be
	// signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy
	// permissions.
	//
	// The PutAccountPolicy operation applies to all log groups in the account. You
	// can use [PutDataProtectionPolicy]to create a data protection policy that applies to just one log group.
	// If a log group has its own data protection policy and the account also has an
	// account-level data protection policy, then the two policies are cumulative. Any
	// sensitive term specified in either policy is masked.
	//
	// # Subscription filter policy
	//
	// A subscription filter policy sets up a real-time feed of log events from
	// CloudWatch Logs to other Amazon Web Services services. Account-level
	// subscription filter policies apply to both existing log groups and log groups
	// that are created later in this account. Supported destinations are Kinesis Data
	// Streams, Firehose, and Lambda. When log events are sent to the receiving
	// service, they are Base64 encoded and compressed with the GZIP format.
	//
	// The following destinations are supported for subscription filters:
	//
	//   - An Kinesis Data Streams data stream in the same account as the subscription
	//     policy, for same-account delivery.
	//
	//   - An Firehose data stream in the same account as the subscription policy, for
	//     same-account delivery.
	//
	//   - A Lambda function in the same account as the subscription policy, for
	//     same-account delivery.
	//
	//   - A logical destination in a different account created with [PutDestination], for
	//     cross-account delivery. Kinesis Data Streams and Firehose are supported as
	//     logical destinations.
	//
	// Each account can have one account-level subscription filter policy per Region.
	// If you are updating an existing filter, you must specify the correct name in
	// PolicyName . To perform a PutAccountPolicy subscription filter operation for
	// any destination except a Lambda function, you must also have the iam:PassRole
	// permission.
	//
	// # Transformer policy
	//
	// Creates or updates a log transformer policy for your account. You use log
	// transformers to transform log events into a different format, making them easier
	// for you to process and analyze. You can also transform logs from different
	// sources into standardized formats that contain relevant, source-specific
	// information. After you have created a transformer, CloudWatch Logs performs this
	// transformation at the time of log ingestion. You can then refer to the
	// transformed versions of the logs during operations such as querying with
	// CloudWatch Logs Insights or creating metric filters or subscription filters.
	//
	// You can also use a transformer to copy metadata from metadata keys into the log
	// events themselves. This metadata can include log group name, log stream name,
	// account ID and Region.
	//
	// A transformer for a log group is a series of processors, where each processor
	// applies one type of transformation to the log events ingested into this log
	// group. For more information about the available processors to use in a
	// transformer, see [Processors that you can use].
	//
	// Having log events in standardized format enables visibility across your
	// applications for your log analysis, reporting, and alarming needs. CloudWatch
	// Logs provides transformation for common log types with out-of-the-box
	// transformation templates for major Amazon Web Services log sources such as VPC
	// flow logs, Lambda, and Amazon RDS. You can use pre-built transformation
	// templates or create custom transformation policies.
	//
	// You can create transformers only for the log groups in the Standard log class.
	//
	// You can have one account-level transformer policy that applies to all log
	// groups in the account. Or you can create as many as 20 account-level transformer
	// policies that are each scoped to a subset of log groups with the
	// selectionCriteria parameter. If you have multiple account-level transformer
	// policies with selection criteria, no two of them can use the same or overlapping
	// log group name prefixes. For example, if you have one policy filtered to log
	// groups that start with my-log , you can't have another field index policy
	// filtered to my-logpprod or my-logging .
	//
	// You can also set up a transformer at the log-group level. For more information,
	// see [PutTransformer]. If there is both a log-group level transformer created with PutTransformer
	// and an account-level transformer that could apply to the same log group, the log
	// group uses only the log-group level transformer. It ignores the account-level
	// transformer.
	//
	// # Field index policy
	//
	// You can use field index policies to create indexes on fields found in log
	// events in the log group. Creating field indexes can help lower the scan volume
	// for CloudWatch Logs Insights queries that reference those fields, because these
	// queries attempt to skip the processing of log events that are known to not match
	// the indexed field. Good fields to index are fields that you often need to query
	// for and fields or values that match only a small fraction of the total log
	// events. Common examples of indexes include request ID, session ID, user IDs, or
	// instance IDs. For more information, see [Create field indexes to improve query performance and reduce costs]
	//
	// To find the fields that are in your log group events, use the [GetLogGroupFields] operation.
	//
	// For example, suppose you have created a field index for requestId . Then, any
	// CloudWatch Logs Insights query on that log group that includes requestId =
	// value or requestId in [value, value, ...] will attempt to process only the log
	// events where the indexed field matches the specified value.
	//
	// Matches of log events to the names of indexed fields are case-sensitive. For
	// example, an indexed field of RequestId won't match a log event containing
	// requestId .
	//
	// You can have one account-level field index policy that applies to all log
	// groups in the account. Or you can create as many as 20 account-level field index
	// policies that are each scoped to a subset of log groups with the
	// selectionCriteria parameter. If you have multiple account-level index policies
	// with selection criteria, no two of them can use the same or overlapping log
	// group name prefixes. For example, if you have one policy filtered to log groups
	// that start with my-log , you can't have another field index policy filtered to
	// my-logpprod or my-logging .
	//
	// If you create an account-level field index policy in a monitoring account in
	// cross-account observability, the policy is applied only to the monitoring
	// account and not to any source accounts.
	//
	// If you want to create a field index policy for a single log group, you can use [PutIndexPolicy]
	// instead of PutAccountPolicy . If you do so, that log group will use only that
	// log-group level policy, and will ignore the account-level policy that you create
	// with [PutAccountPolicy].
	//
	// [PutDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
	// [PutTransformer]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
	// [PutIndexPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
	// [PutDataProtectionPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
	// [Protect sensitive log data with masking]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
	// [FilterLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
	// [GetLogGroupFields]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html
	// [Processors that you can use]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
	// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
	// [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
	// [GetLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
	PutAccountPolicy(ctx context.Context, params *PutAccountPolicyInput, optFns ...func(*Options)) (*PutAccountPolicyOutput, error)
	// Creates a data protection policy for the specified log group. A data protection
	// policy can help safeguard sensitive data that's ingested by the log group by
	// auditing and masking the sensitive log data.
	//
	// Sensitive data is detected and masked when it is ingested into the log group.
	// When you set a data protection policy, log events ingested into the log group
	// before that time are not masked.
	//
	// By default, when a user views a log event that includes masked data, the
	// sensitive data is replaced by asterisks. A user who has the logs:Unmask
	// permission can use a [GetLogEvents]or [FilterLogEvents] operation with the unmask parameter set to true to
	// view the unmasked log events. Users with the logs:Unmask can also view unmasked
	// data in the CloudWatch Logs console by running a CloudWatch Logs Insights query
	// with the unmask query command.
	//
	// For more information, including a list of types of data that can be audited and
	// masked, see [Protect sensitive log data with masking].
	//
	// The PutDataProtectionPolicy operation applies to only the specified log group.
	// You can also use [PutAccountPolicy]to create an account-level data protection policy that applies
	// to all log groups in the account, including both existing log groups and log
	// groups that are created level. If a log group has its own data protection policy
	// and the account also has an account-level data protection policy, then the two
	// policies are cumulative. Any sensitive term specified in either policy is
	// masked.
	//
	// [Protect sensitive log data with masking]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
	// [FilterLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
	// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
	// [GetLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
	PutDataProtectionPolicy(ctx context.Context, params *PutDataProtectionPolicyInput, optFns ...func(*Options)) (*PutDataProtectionPolicyOutput, error)
	// Creates or updates a logical delivery destination. A delivery destination is an
	// Amazon Web Services resource that represents an Amazon Web Services service that
	// logs can be sent to. CloudWatch Logs, Amazon S3, and Firehose are supported as
	// logs delivery destinations.
	//
	// To configure logs delivery between a supported Amazon Web Services service and
	// a destination, you must do the following:
	//
	//   - Create a delivery source, which is a logical object that represents the
	//     resource that is actually sending the logs. For more information, see [PutDeliverySource].
	//
	//   - Use PutDeliveryDestination to create a delivery destination, which is a
	//     logical object that represents the actual delivery destination.
	//
	//   - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy]in the destination
	//     account to assign an IAM policy to the destination. This policy allows delivery
	//     to that destination.
	//
	//   - Use CreateDelivery to create a delivery by pairing exactly one delivery
	//     source and one delivery destination. For more information, see [CreateDelivery].
	//
	// You can configure a single delivery source to send logs to multiple
	// destinations by creating multiple deliveries. You can also create multiple
	// deliveries to configure multiple delivery sources to send logs to the same
	// delivery destination.
	//
	// Only some Amazon Web Services services support being configured as a delivery
	// source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from Amazon Web Services services.]
	//
	// If you use this operation to update an existing delivery destination, all the
	// current delivery destination parameters are overwritten with the new parameter
	// values that you specify.
	//
	// [PutDeliverySource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
	// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
	// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
	// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
	PutDeliveryDestination(ctx context.Context, params *PutDeliveryDestinationInput, optFns ...func(*Options)) (*PutDeliveryDestinationOutput, error)
	// Creates and assigns an IAM policy that grants permissions to CloudWatch Logs to
	// deliver logs cross-account to a specified destination in this account. To
	// configure the delivery of logs from an Amazon Web Services service in another
	// account to a logs delivery destination in the current account, you must do the
	// following:
	//
	//   - Create a delivery source, which is a logical object that represents the
	//     resource that is actually sending the logs. For more information, see [PutDeliverySource].
	//
	//   - Create a delivery destination, which is a logical object that represents
	//     the actual delivery destination. For more information, see [PutDeliveryDestination].
	//
	//   - Use this operation in the destination account to assign an IAM policy to
	//     the destination. This policy allows delivery to that destination.
	//
	//   - Create a delivery by pairing exactly one delivery source and one delivery
	//     destination. For more information, see [CreateDelivery].
	//
	// Only some Amazon Web Services services support being configured as a delivery
	// source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from Amazon Web Services services.]
	//
	// The contents of the policy must include two statements. One statement enables
	// general logs delivery, and the other allows delivery to the chosen destination.
	// See the examples for the needed policies.
	//
	// [PutDeliveryDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
	// [PutDeliverySource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
	// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
	// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
	PutDeliveryDestinationPolicy(ctx context.Context, params *PutDeliveryDestinationPolicyInput, optFns ...func(*Options)) (*PutDeliveryDestinationPolicyOutput, error)
	// Creates or updates a logical delivery source. A delivery source represents an
	// Amazon Web Services resource that sends logs to an logs delivery destination.
	// The destination can be CloudWatch Logs, Amazon S3, or Firehose.
	//
	// To configure logs delivery between a delivery destination and an Amazon Web
	// Services service that is supported as a delivery source, you must do the
	// following:
	//
	//   - Use PutDeliverySource to create a delivery source, which is a logical object
	//     that represents the resource that is actually sending the logs.
	//
	//   - Use PutDeliveryDestination to create a delivery destination, which is a
	//     logical object that represents the actual delivery destination. For more
	//     information, see [PutDeliveryDestination].
	//
	//   - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy]in the destination
	//     account to assign an IAM policy to the destination. This policy allows delivery
	//     to that destination.
	//
	//   - Use CreateDelivery to create a delivery by pairing exactly one delivery
	//     source and one delivery destination. For more information, see [CreateDelivery].
	//
	// You can configure a single delivery source to send logs to multiple
	// destinations by creating multiple deliveries. You can also create multiple
	// deliveries to configure multiple delivery sources to send logs to the same
	// delivery destination.
	//
	// Only some Amazon Web Services services support being configured as a delivery
	// source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from Amazon Web Services services.]
	//
	// If you use this operation to update an existing delivery source, all the
	// current delivery source parameters are overwritten with the new parameter values
	// that you specify.
	//
	// [PutDeliveryDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
	// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
	// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
	// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
	PutDeliverySource(ctx context.Context, params *PutDeliverySourceInput, optFns ...func(*Options)) (*PutDeliverySourceOutput, error)
	// Creates or updates a destination. This operation is used only to create
	// destinations for cross-account subscriptions.
	//
	// A destination encapsulates a physical resource (such as an Amazon Kinesis
	// stream). With a destination, you can subscribe to a real-time stream of log
	// events for a different account, ingested using [PutLogEvents].
	//
	// Through an access policy, a destination controls what is written to it. By
	// default, PutDestination does not set any access policy with the destination,
	// which means a cross-account user cannot call [PutSubscriptionFilter]against this destination. To
	// enable this, the destination owner must call [PutDestinationPolicy]after PutDestination .
	//
	// To perform a PutDestination operation, you must also have the iam:PassRole
	// permission.
	//
	// [PutSubscriptionFilter]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html
	// [PutLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
	// [PutDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html
	PutDestination(ctx context.Context, params *PutDestinationInput, optFns ...func(*Options)) (*PutDestinationOutput, error)
	// Creates or updates an access policy associated with an existing destination. An
	// access policy is an [IAM policy document]that is used to authorize claims to register a subscription
	// filter against a given destination.
	//
	// [IAM policy document]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html
	PutDestinationPolicy(ctx context.Context, params *PutDestinationPolicyInput, optFns ...func(*Options)) (*PutDestinationPolicyOutput, error)
	// Creates or updates a field index policy for the specified log group. Only log
	// groups in the Standard log class support field index policies. For more
	// information about log classes, see [Log classes].
	//
	// You can use field index policies to create field indexes on fields found in log
	// events in the log group. Creating field indexes speeds up and lowers the costs
	// for CloudWatch Logs Insights queries that reference those field indexes, because
	// these queries attempt to skip the processing of log events that are known to not
	// match the indexed field. Good fields to index are fields that you often need to
	// query for and fields or values that match only a small fraction of the total log
	// events. Common examples of indexes include request ID, session ID, userID, and
	// instance IDs. For more information, see [Create field indexes to improve query performance and reduce costs].
	//
	// To find the fields that are in your log group events, use the [GetLogGroupFields] operation.
	//
	// For example, suppose you have created a field index for requestId . Then, any
	// CloudWatch Logs Insights query on that log group that includes requestId =
	// value or requestId IN [value, value, ...] will process fewer log events to
	// reduce costs, and have improved performance.
	//
	// Each index policy has the following quotas and restrictions:
	//
	//   - As many as 20 fields can be included in the policy.
	//
	//   - Each field name can include as many as 100 characters.
	//
	// Matches of log events to the names of indexed fields are case-sensitive. For
	// example, a field index of RequestId won't match a log event containing requestId
	// .
	//
	// Log group-level field index policies created with PutIndexPolicy override
	// account-level field index policies created with [PutAccountPolicy]. If you use PutIndexPolicy to
	// create a field index policy for a log group, that log group uses only that
	// policy. The log group ignores any account-wide field index policy that you might
	// have created.
	//
	// [Log classes]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html
	// [GetLogGroupFields]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html
	// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
	// [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
	PutIndexPolicy(ctx context.Context, params *PutIndexPolicyInput, optFns ...func(*Options)) (*PutIndexPolicyOutput, error)
	// Creates an integration between CloudWatch Logs and another service in this
	// account. Currently, only integrations with OpenSearch Service are supported, and
	// currently you can have only one integration in your account.
	//
	// Integrating with OpenSearch Service makes it possible for you to create curated
	// vended logs dashboards, powered by OpenSearch Service analytics. For more
	// information, see [Vended log dashboards powered by Amazon OpenSearch Service].
	//
	// You can use this operation only to create a new integration. You can't modify
	// an existing integration.
	//
	// [Vended log dashboards powered by Amazon OpenSearch Service]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-OpenSearch-Dashboards.html
	PutIntegration(ctx context.Context, params *PutIntegrationInput, optFns ...func(*Options)) (*PutIntegrationOutput, error)
	// Uploads a batch of log events to the specified log stream.
	//
	// The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions
	// are always accepted and never return InvalidSequenceTokenException or
	// DataAlreadyAcceptedException even if the sequence token is not valid. You can
	// use parallel PutLogEvents actions on the same log stream.
	//
	// The batch of events must satisfy the following constraints:
	//
	//   - The maximum batch size is 1,048,576 bytes. This size is calculated as the
	//     sum of all event messages in UTF-8, plus 26 bytes for each log event.
	//
	//   - None of the log events in the batch can be more than 2 hours in the future.
	//
	//   - None of the log events in the batch can be more than 14 days in the past.
	//     Also, none of the log events can be from earlier than the retention period of
	//     the log group.
	//
	//   - The log events in the batch must be in chronological order by their
	//     timestamp. The timestamp is the time that the event occurred, expressed as the
	//     number of milliseconds after Jan 1, 1970 00:00:00 UTC . (In Amazon Web
	//     Services Tools for PowerShell and the Amazon Web Services SDK for .NET, the
	//     timestamp is specified in .NET format: yyyy-mm-ddThh:mm:ss . For example,
	//     2017-09-15T13:45:30 .)
	//
	//   - A batch of log events in a single request cannot span more than 24 hours.
	//     Otherwise, the operation fails.
	//
	//   - Each log event can be no larger than 256 KB.
	//
	//   - The maximum number of log events in a batch is 10,000.
	//
	//   - The quota of five requests per second per log stream has been removed.
	//     Instead, PutLogEvents actions are throttled based on a per-second per-account
	//     quota. You can request an increase to the per-second throttling quota by using
	//     the Service Quotas service.
	//
	// If a call to PutLogEvents returns "UnrecognizedClientException" the most likely
	// cause is a non-valid Amazon Web Services access key ID or secret key.
	PutLogEvents(ctx context.Context, params *PutLogEventsInput, optFns ...func(*Options)) (*PutLogEventsOutput, error)
	// Creates or updates a metric filter and associates it with the specified log
	// group. With metric filters, you can configure rules to extract metric data from
	// log events ingested through [PutLogEvents].
	//
	// The maximum number of metric filters that can be associated with a log group is
	// 100.
	//
	// Using regular expressions to create metric filters is supported. For these
	// filters, there is a quota of two regular expression patterns within a single
	// filter pattern. There is also a quota of five regular expression patterns per
	// log group. For more information about using regular expressions in metric
	// filters, see [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail].
	//
	// When you create a metric filter, you can also optionally assign a unit and
	// dimensions to the metric that is created.
	//
	// Metrics extracted from log events are charged as custom metrics. To prevent
	// unexpected high charges, do not specify high-cardinality fields such as
	// IPAddress or requestID as dimensions. Each different value found for a
	// dimension is treated as a separate metric and accrues charges as a separate
	// custom metric.
	//
	// CloudWatch Logs might disable a metric filter if it generates 1,000 different
	// name/value pairs for your specified dimensions within one hour.
	//
	// You can also set up a billing alarm to alert you if your charges are higher
	// than expected. For more information, see [Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges].
	//
	// [Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html
	// [PutLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
	// [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
	PutMetricFilter(ctx context.Context, params *PutMetricFilterInput, optFns ...func(*Options)) (*PutMetricFilterOutput, error)
	// Creates or updates a query definition for CloudWatch Logs Insights. For more
	// information, see [Analyzing Log Data with CloudWatch Logs Insights].
	//
	// To update a query definition, specify its queryDefinitionId in your request.
	// The values of name , queryString , and logGroupNames are changed to the values
	// that you specify in your update operation. No current values are retained from
	// the current query definition. For example, imagine updating a current query
	// definition that includes log groups. If you don't specify the logGroupNames
	// parameter in your update operation, the query definition changes to contain no
	// log groups.
	//
	// You must have the logs:PutQueryDefinition permission to be able to perform this
	// operation.
	//
	// [Analyzing Log Data with CloudWatch Logs Insights]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html
	PutQueryDefinition(ctx context.Context, params *PutQueryDefinitionInput, optFns ...func(*Options)) (*PutQueryDefinitionOutput, error)
	// Creates or updates a resource policy allowing other Amazon Web Services
	// services to put log events to this account, such as Amazon Route 53. An account
	// can have up to 10 resource policies per Amazon Web Services Region.
	PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
	// Sets the retention of the specified log group. With a retention policy, you can
	// configure the number of days for which to retain log events in the specified log
	// group.
	//
	// CloudWatch Logs doesn't immediately delete log events when they reach their
	// retention setting. It typically takes up to 72 hours after that before log
	// events are deleted, but in rare situations might take longer.
	//
	// To illustrate, imagine that you change a log group to have a longer retention
	// setting when it contains log events that are past the expiration date, but
	// haven't been deleted. Those log events will take up to 72 hours to be deleted
	// after the new retention date is reached. To make sure that log data is deleted
	// permanently, keep a log group at its lower retention setting until 72 hours
	// after the previous retention period ends. Alternatively, wait to change the
	// retention setting until you confirm that the earlier log events are deleted.
	//
	// When log events reach their retention setting they are marked for deletion.
	// After they are marked for deletion, they do not add to your archival storage
	// costs anymore, even if they are not actually deleted until later. These log
	// events marked for deletion are also not included when you use an API to retrieve
	// the storedBytes value to see how many bytes a log group is storing.
	PutRetentionPolicy(ctx context.Context, params *PutRetentionPolicyInput, optFns ...func(*Options)) (*PutRetentionPolicyOutput, error)
	// Creates or updates a subscription filter and associates it with the specified
	// log group. With subscription filters, you can subscribe to a real-time stream of
	// log events ingested through [PutLogEvents]and have them delivered to a specific destination.
	// When log events are sent to the receiving service, they are Base64 encoded and
	// compressed with the GZIP format.
	//
	// The following destinations are supported for subscription filters:
	//
	//   - An Amazon Kinesis data stream belonging to the same account as the
	//     subscription filter, for same-account delivery.
	//
	//   - A logical destination created with [PutDestination]that belongs to a different account, for
	//     cross-account delivery. We currently support Kinesis Data Streams and Firehose
	//     as logical destinations.
	//
	//   - An Amazon Kinesis Data Firehose delivery stream that belongs to the same
	//     account as the subscription filter, for same-account delivery.
	//
	//   - An Lambda function that belongs to the same account as the subscription
	//     filter, for same-account delivery.
	//
	// Each log group can have up to two subscription filters associated with it. If
	// you are updating an existing filter, you must specify the correct name in
	// filterName .
	//
	// Using regular expressions to create subscription filters is supported. For
	// these filters, there is a quotas of quota of two regular expression patterns
	// within a single filter pattern. There is also a quota of five regular expression
	// patterns per log group. For more information about using regular expressions in
	// subscription filters, see [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail].
	//
	// To perform a PutSubscriptionFilter operation for any destination except a
	// Lambda function, you must also have the iam:PassRole permission.
	//
	// [PutDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
	// [PutLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
	// [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
	PutSubscriptionFilter(ctx context.Context, params *PutSubscriptionFilterInput, optFns ...func(*Options)) (*PutSubscriptionFilterOutput, error)
	// Creates or updates a log transformer for a single log group. You use log
	// transformers to transform log events into a different format, making them easier
	// for you to process and analyze. You can also transform logs from different
	// sources into standardized formats that contains relevant, source-specific
	// information.
	//
	// After you have created a transformer, CloudWatch Logs performs the
	// transformations at the time of log ingestion. You can then refer to the
	// transformed versions of the logs during operations such as querying with
	// CloudWatch Logs Insights or creating metric filters or subscription filers.
	//
	// You can also use a transformer to copy metadata from metadata keys into the log
	// events themselves. This metadata can include log group name, log stream name,
	// account ID and Region.
	//
	// A transformer for a log group is a series of processors, where each processor
	// applies one type of transformation to the log events ingested into this log
	// group. The processors work one after another, in the order that you list them,
	// like a pipeline. For more information about the available processors to use in a
	// transformer, see [Processors that you can use].
	//
	// Having log events in standardized format enables visibility across your
	// applications for your log analysis, reporting, and alarming needs. CloudWatch
	// Logs provides transformation for common log types with out-of-the-box
	// transformation templates for major Amazon Web Services log sources such as VPC
	// flow logs, Lambda, and Amazon RDS. You can use pre-built transformation
	// templates or create custom transformation policies.
	//
	// You can create transformers only for the log groups in the Standard log class.
	//
	// You can also set up a transformer at the account level. For more information,
	// see [PutAccountPolicy]. If there is both a log-group level transformer created with PutTransformer
	// and an account-level transformer that could apply to the same log group, the log
	// group uses only the log-group level transformer. It ignores the account-level
	// transformer.
	//
	// [Processors that you can use]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
	// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
	PutTransformer(ctx context.Context, params *PutTransformerInput, optFns ...func(*Options)) (*PutTransformerOutput, error)
	// Starts a Live Tail streaming session for one or more log groups. A Live Tail
	// session returns a stream of log events that have been recently ingested in the
	// log groups. For more information, see [Use Live Tail to view logs in near real time].
	//
	// The response to this operation is a response stream, over which the server
	// sends live log events and the client receives them.
	//
	// The following objects are sent over the stream:
	//
	//   - A single [LiveTailSessionStart]object is sent at the start of the session.
	//
	//   - Every second, a [LiveTailSessionUpdate]object is sent. Each of these objects contains an array of
	//     the actual log events.
	//
	// If no new log events were ingested in the past second, the LiveTailSessionUpdate
	//
	//	object will contain an empty array.
	//
	// The array of log events contained in a LiveTailSessionUpdate can include as many
	//
	//	as 500 log events. If the number of log events matching the request exceeds 500
	//	per second, the log events are sampled down to 500 log events to be included in
	//	each LiveTailSessionUpdate object.
	//
	// If your client consumes the log events slower than the server produces them,
	//
	//	CloudWatch Logs buffers up to 10 LiveTailSessionUpdate events or 5000 log
	//	events, after which it starts dropping the oldest events.
	//
	//	- A [SessionStreamingException]object is returned if an unknown error occurs on the server side.
	//
	//	- A [SessionTimeoutException]object is returned when the session times out, after it has been kept
	//	open for three hours.
	//
	// You can end a session before it times out by closing the session stream or by
	// closing the client that is receiving the stream. The session also ends if the
	// established connection between the client and the server breaks.
	//
	// For examples of using an SDK to start a Live Tail session, see [Start a Live Tail session using an Amazon Web Services SDK].
	//
	// [LiveTailSessionStart]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionStart.html
	// [LiveTailSessionUpdate]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionUpdate.html
	// [Use Live Tail to view logs in near real time]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs_LiveTail.html
	// [Start a Live Tail session using an Amazon Web Services SDK]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/example_cloudwatch-logs_StartLiveTail_section.html
	//
	// [SessionTimeoutException]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTailResponseStream.html#CWL-Type-StartLiveTailResponseStream-SessionTimeoutException
	// [SessionStreamingException]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTailResponseStream.html#CWL-Type-StartLiveTailResponseStream-SessionStreamingException
	StartLiveTail(ctx context.Context, params *StartLiveTailInput, optFns ...func(*Options)) (*StartLiveTailOutput, error)
	// Starts a query of one or more log groups using CloudWatch Logs Insights. You
	// specify the log groups and time range to query and the query string to use.
	//
	// For more information, see [CloudWatch Logs Insights Query Syntax].
	//
	// After you run a query using StartQuery , the query results are stored by
	// CloudWatch Logs. You can use [GetQueryResults]to retrieve the results of a query, using the
	// queryId that StartQuery returns.
	//
	// To specify the log groups to query, a StartQuery operation must include one of
	// the following:
	//
	//   - Either exactly one of the following parameters: logGroupName , logGroupNames
	//     , or logGroupIdentifiers
	//
	//   - Or the queryString must include a SOURCE command to select log groups for
	//     the query. The SOURCE command can select log groups based on log group name
	//     prefix, account ID, and log class.
	//
	// For more information about the SOURCE command, see [SOURCE].
	//
	// If you have associated a KMS key with the query results in this account, then [StartQuery]
	// uses that key to encrypt the results when it stores them. If no key is
	// associated with query results, the query results are encrypted with the default
	// CloudWatch Logs encryption method.
	//
	// Queries time out after 60 minutes of runtime. If your queries are timing out,
	// reduce the time range being searched or partition your query into a number of
	// queries.
	//
	// If you are using CloudWatch cross-account observability, you can use this
	// operation in a monitoring account to start a query in a linked source account.
	// For more information, see [CloudWatch cross-account observability]. For a cross-account StartQuery operation, the query
	// definition must be defined in the monitoring account.
	//
	// You can have up to 30 concurrent CloudWatch Logs insights queries, including
	// queries that have been added to dashboards.
	//
	// [CloudWatch Logs Insights Query Syntax]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html
	// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
	// [SOURCE]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax-Source.html
	// [GetQueryResults]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html
	// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
	StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error)
	// Stops a CloudWatch Logs Insights query that is in progress. If the query has
	// already ended, the operation returns an error indicating that the specified
	// query is not running.
	StopQuery(ctx context.Context, params *StopQueryInput, optFns ...func(*Options)) (*StopQueryOutput, error)
	// The TagLogGroup operation is on the path to deprecation. We recommend that you
	// use [TagResource]instead.
	//
	// Adds or updates the specified tags for the specified log group.
	//
	// To list the tags for a log group, use [ListTagsForResource]. To remove tags, use [UntagResource].
	//
	// For more information about tags, see [Tag Log Groups in Amazon CloudWatch Logs] in the Amazon CloudWatch Logs User Guide.
	//
	// CloudWatch Logs doesn't support IAM policies that prevent users from assigning
	// specified tags to log groups using the aws:Resource/key-name  or aws:TagKeys
	// condition keys. For more information about using tags to control access, see [Controlling access to Amazon Web Services resources using tags].
	//
	// Deprecated: Please use the generic tagging API TagResource
	//
	// [TagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html
	// [UntagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html
	// [Tag Log Groups in Amazon CloudWatch Logs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#log-group-tagging
	// [Controlling access to Amazon Web Services resources using tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
	TagLogGroup(ctx context.Context, params *TagLogGroupInput, optFns ...func(*Options)) (*TagLogGroupOutput, error)
	// Assigns one or more tags (key-value pairs) to the specified CloudWatch Logs
	// resource. Currently, the only CloudWatch Logs resources that can be tagged are
	// log groups and destinations.
	//
	// Tags can help you organize and categorize your resources. You can also use them
	// to scope user permissions by granting a user permission to access or change only
	// resources with certain tag values.
	//
	// Tags don't have any semantic meaning to Amazon Web Services and are interpreted
	// strictly as strings of characters.
	//
	// You can use the TagResource action with a resource that already has tags. If
	// you specify a new tag key for the alarm, this tag is appended to the list of
	// tags associated with the alarm. If you specify a tag key that is already
	// associated with the alarm, the new tag value that you specify replaces the
	// previous value for that tag.
	//
	// You can associate as many as 50 tags with a CloudWatch Logs resource.
	TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
	// Tests the filter pattern of a metric filter against a sample of log event
	// messages. You can use this operation to validate the correctness of a metric
	// filter pattern.
	TestMetricFilter(ctx context.Context, params *TestMetricFilterInput, optFns ...func(*Options)) (*TestMetricFilterOutput, error)
	// Use this operation to test a log transformer. You enter the transformer
	// configuration and a set of log events to test with. The operation responds with
	// an array that includes the original log events and the transformed versions.
	TestTransformer(ctx context.Context, params *TestTransformerInput, optFns ...func(*Options)) (*TestTransformerOutput, error)
	// The UntagLogGroup operation is on the path to deprecation. We recommend that
	// you use [UntagResource]instead.
	//
	// Removes the specified tags from the specified log group.
	//
	// To list the tags for a log group, use [ListTagsForResource]. To add tags, use [TagResource].
	//
	// CloudWatch Logs doesn't support IAM policies that prevent users from assigning
	// specified tags to log groups using the aws:Resource/key-name  or aws:TagKeys
	// condition keys.
	//
	// Deprecated: Please use the generic tagging API UntagResource
	//
	// [TagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html
	// [UntagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html
	// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
	UntagLogGroup(ctx context.Context, params *UntagLogGroupInput, optFns ...func(*Options)) (*UntagLogGroupOutput, error)
	// Removes one or more tags from the specified resource.
	UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
	// Use this operation to suppress anomaly detection for a specified anomaly or
	// pattern. If you suppress an anomaly, CloudWatch Logs won't report new
	// occurrences of that anomaly and won't update that anomaly with new data. If you
	// suppress a pattern, CloudWatch Logs won't report any anomalies related to that
	// pattern.
	//
	// You must specify either anomalyId or patternId , but you can't specify both
	// parameters in the same operation.
	//
	// If you have previously used this operation to suppress detection of a pattern
	// or anomaly, you can use it again to cause CloudWatch Logs to end the
	// suppression. To do this, use this operation and specify the anomaly or pattern
	// to stop suppressing, and omit the suppressionType and suppressionPeriod
	// parameters.
	UpdateAnomaly(ctx context.Context, params *UpdateAnomalyInput, optFns ...func(*Options)) (*UpdateAnomalyOutput, error)
	// Use this operation to update the configuration of a [delivery] to change either the S3
	// path pattern or the format of the delivered logs. You can't use this operation
	// to change the source or destination of the delivery.
	//
	// [delivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_Delivery.html
	UpdateDeliveryConfiguration(ctx context.Context, params *UpdateDeliveryConfigurationInput, optFns ...func(*Options)) (*UpdateDeliveryConfigurationOutput, error)
	// Updates an existing log anomaly detector.
	UpdateLogAnomalyDetector(ctx context.Context, params *UpdateLogAnomalyDetectorInput, optFns ...func(*Options)) (*UpdateLogAnomalyDetectorOutput, error)
}

CloudWatchLogs provides an interface to the AWS CloudWatchLogs service.

type EC2 added in v0.94.0

type EC2 interface {
	// Accepts the Convertible Reserved Instance exchange quote described in the
	// GetReservedInstancesExchangeQuote call.
	AcceptReservedInstancesExchangeQuote(ctx context.Context, params *AcceptReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*AcceptReservedInstancesExchangeQuoteOutput, error)
	// Accepts a request to associate subnets with a transit gateway multicast domain.
	AcceptTransitGatewayMulticastDomainAssociations(ctx context.Context, params *AcceptTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*AcceptTransitGatewayMulticastDomainAssociationsOutput, error)
	// Accepts a transit gateway peering attachment request. The peering attachment
	// must be in the pendingAcceptance state.
	AcceptTransitGatewayPeeringAttachment(ctx context.Context, params *AcceptTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayPeeringAttachmentOutput, error)
	// Accepts a request to attach a VPC to a transit gateway. The VPC attachment must
	// be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to
	// view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment
	// to reject a VPC attachment request.
	AcceptTransitGatewayVpcAttachment(ctx context.Context, params *AcceptTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayVpcAttachmentOutput, error)
	// Accepts one or more interface VPC endpoint connection requests to your VPC
	// endpoint service.
	AcceptVpcEndpointConnections(ctx context.Context, params *AcceptVpcEndpointConnectionsInput, optFns ...func(*Options)) (*AcceptVpcEndpointConnectionsOutput, error)
	// Accept a VPC peering connection request. To accept a request, the VPC peering
	// connection must be in the pending-acceptance state, and you must be the owner of
	// the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC
	// peering connection requests. For an inter-Region VPC peering connection request,
	// you must accept the VPC peering connection in the Region of the accepter VPC.
	AcceptVpcPeeringConnection(ctx context.Context, params *AcceptVpcPeeringConnectionInput, optFns ...func(*Options)) (*AcceptVpcPeeringConnectionOutput, error)
	// Advertises an IPv4 or IPv6 address range that is provisioned for use with your
	// Amazon Web Services resources through bring your own IP addresses (BYOIP). You
	// can perform this operation at most once every 10 seconds, even if you specify
	// different address ranges each time. We recommend that you stop advertising the
	// BYOIP CIDR from other locations when you advertise it from Amazon Web Services.
	// To minimize down time, you can configure your Amazon Web Services resources to
	// use an address from a BYOIP CIDR before it is advertised, and then
	// simultaneously stop advertising it from the current location and start
	// advertising it through Amazon Web Services. It can take a few minutes before
	// traffic to the specified addresses starts routing to Amazon Web Services because
	// of BGP propagation delays. To stop advertising the BYOIP CIDR, use
	// WithdrawByoipCidr.
	AdvertiseByoipCidr(ctx context.Context, params *AdvertiseByoipCidrInput, optFns ...func(*Options)) (*AdvertiseByoipCidrOutput, error)
	// Allocates an Elastic IP address to your Amazon Web Services account. After you
	// allocate the Elastic IP address you can associate it with an instance or network
	// interface. After you release an Elastic IP address, it is released to the IP
	// address pool and can be allocated to a different Amazon Web Services account.
	// You can allocate an Elastic IP address from an address pool owned by Amazon Web
	// Services or from an address pool created from a public IPv4 address range that
	// you have brought to Amazon Web Services for use with your Amazon Web Services
	// resources using bring your own IP addresses (BYOIP). For more information, see
	// Bring Your Own IP Addresses (BYOIP)
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the
	// Amazon Elastic Compute Cloud User Guide. [EC2-VPC] If you release an Elastic IP
	// address, you might be able to recover it. You cannot recover an Elastic IP
	// address that you released after it is allocated to another Amazon Web Services
	// account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to
	// recover an Elastic IP address that you released, specify it in this operation.
	// An Elastic IP address is for use either in the EC2-Classic platform or in a VPC.
	// By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region
	// and 5 Elastic IP addresses for EC2-VPC per Region. For more information, see
	// Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide. You can allocate a carrier IP
	// address which is a public IP address from a telecommunication carrier, to a
	// network interface which resides in a subnet in a Wavelength Zone (for example an
	// EC2 instance).
	AllocateAddress(ctx context.Context, params *AllocateAddressInput, optFns ...func(*Options)) (*AllocateAddressOutput, error)
	// Allocates a Dedicated Host to your account. At a minimum, specify the supported
	// instance type or instance family, the Availability Zone in which to allocate the
	// host, and the number of hosts to allocate.
	AllocateHosts(ctx context.Context, params *AllocateHostsInput, optFns ...func(*Options)) (*AllocateHostsOutput, error)
	// Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment
	// from an IPAM pool to another resource or IPAM pool. For more information, see
	// Allocate CIDRs in the Amazon VPC IPAM User Guide.
	AllocateIpamPoolCidr(ctx context.Context, params *AllocateIpamPoolCidrInput, optFns ...func(*Options)) (*AllocateIpamPoolCidrOutput, error)
	// Applies a security group to the association between the target network and the
	// Client VPN endpoint. This action replaces the existing security groups with the
	// specified security groups.
	ApplySecurityGroupsToClientVpnTargetNetwork(ctx context.Context, params *ApplySecurityGroupsToClientVpnTargetNetworkInput, optFns ...func(*Options)) (*ApplySecurityGroupsToClientVpnTargetNetworkOutput, error)
	// Assigns one or more IPv6 addresses to the specified network interface. You can
	// specify one or more specific IPv6 addresses, or you can specify the number of
	// IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR
	// block range. You can assign as many IPv6 addresses to a network interface as you
	// can assign private IPv4 addresses, and the limit varies per instance type. For
	// information, see IP Addresses Per Network Interface Per Instance Type
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI)
	// in the Amazon Elastic Compute Cloud User Guide. You must specify either the IPv6
	// addresses or the IPv6 address count in the request. You can optionally use
	// Prefix Delegation on the network interface. You must specify either the IPV6
	// Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For
	// information, see  Assigning prefixes to Amazon EC2 network interfaces
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	AssignIpv6Addresses(ctx context.Context, params *AssignIpv6AddressesInput, optFns ...func(*Options)) (*AssignIpv6AddressesOutput, error)
	// Assigns one or more secondary private IP addresses to the specified network
	// interface. You can specify one or more specific secondary IP addresses, or you
	// can specify the number of secondary IP addresses to be automatically assigned
	// within the subnet's CIDR block range. The number of secondary IP addresses that
	// you can assign to an instance varies by instance type. For information about
	// instance types, see Instance Types
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the
	// Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP
	// addresses, see Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide. When you move a secondary
	// private IP address to another network interface, any Elastic IP address that is
	// associated with the IP address is also moved. Remapping an IP address is an
	// asynchronous operation. When you move an IP address from one network interface
	// to another, check network/interfaces/macs/mac/local-ipv4s in the instance
	// metadata to confirm that the remapping is complete. You must specify either the
	// IP addresses or the IP address count in the request. You can optionally use
	// Prefix Delegation on the network interface. You must specify either the IPv4
	// Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For
	// information, see  Assigning prefixes to Amazon EC2 network interfaces
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	AssignPrivateIpAddresses(ctx context.Context, params *AssignPrivateIpAddressesInput, optFns ...func(*Options)) (*AssignPrivateIpAddressesOutput, error)
	// Associates an Elastic IP address, or carrier IP address (for instances that are
	// in subnets in Wavelength Zones) with an instance or a network interface. Before
	// you can use an Elastic IP address, you must allocate it to your account. An
	// Elastic IP address is for use in either the EC2-Classic platform or in a VPC.
	// For more information, see Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide. [EC2-Classic, VPC in an
	// EC2-VPC-only account] If the Elastic IP address is already associated with a
	// different instance, it is disassociated from that instance and associated with
	// the specified instance. If you associate an Elastic IP address with an instance
	// that has an existing Elastic IP address, the existing address is disassociated
	// from the instance, but remains allocated to your account. [VPC in an EC2-Classic
	// account] If you don't specify a private IP address, the Elastic IP address is
	// associated with the primary IP address. If the Elastic IP address is already
	// associated with a different instance or a network interface, you get an error
	// unless you allow reassociation. You cannot associate an Elastic IP address with
	// an instance or network interface that has an existing Elastic IP address.
	// [Subnets in Wavelength Zones] You can associate an IP address from the
	// telecommunication carrier to the instance or network interface. You cannot
	// associate an Elastic IP address with an interface in a different network border
	// group. This is an idempotent operation. If you perform the operation more than
	// once, Amazon EC2 doesn't return an error, and you may be charged for each time
	// the Elastic IP address is remapped to the same instance. For more information,
	// see the Elastic IP Addresses section of Amazon EC2 Pricing
	// (http://aws.amazon.com/ec2/pricing/).
	AssociateAddress(ctx context.Context, params *AssociateAddressInput, optFns ...func(*Options)) (*AssociateAddressOutput, error)
	// Associates a target network with a Client VPN endpoint. A target network is a
	// subnet in a VPC. You can associate multiple subnets from the same VPC with a
	// Client VPN endpoint. You can associate only one subnet in each Availability
	// Zone. We recommend that you associate at least two subnets to provide
	// Availability Zone redundancy. If you specified a VPC when you created the Client
	// VPN endpoint or if you have previous subnet associations, the specified subnet
	// must be in the same VPC. To specify a subnet that's in a different VPC, you must
	// first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the
	// VPC that's associated with it.
	AssociateClientVpnTargetNetwork(ctx context.Context, params *AssociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*AssociateClientVpnTargetNetworkOutput, error)
	// Associates a set of DHCP options (that you've previously created) with the
	// specified VPC, or associates no DHCP options with the VPC. After you associate
	// the options with the VPC, any existing instances and all new instances that you
	// launch in that VPC use the options. You don't need to restart or relaunch the
	// instances. They automatically pick up the changes within a few hours, depending
	// on how frequently the instance renews its DHCP lease. You can explicitly renew
	// the lease using the operating system on the instance. For more information, see
	// DHCP options sets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
	// Amazon Virtual Private Cloud User Guide.
	AssociateDhcpOptions(ctx context.Context, params *AssociateDhcpOptionsInput, optFns ...func(*Options)) (*AssociateDhcpOptionsOutput, error)
	// Associates an Identity and Access Management (IAM) role with an Certificate
	// Manager (ACM) certificate. This enables the certificate to be used by the ACM
	// for Nitro Enclaves application inside an enclave. For more information, see
	// Certificate Manager for Nitro Enclaves
	// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) in
	// the Amazon Web Services Nitro Enclaves User Guide. When the IAM role is
	// associated with the ACM certificate, the certificate, certificate chain, and
	// encrypted private key are placed in an Amazon S3 bucket that only the associated
	// IAM role can access. The private key of the certificate is encrypted with an
	// Amazon Web Services managed key that has an attached attestation-based key
	// policy. To enable the IAM role to access the Amazon S3 object, you must grant it
	// permission to call s3:GetObject on the Amazon S3 bucket returned by the command.
	// To enable the IAM role to access the KMS key, you must grant it permission to
	// call kms:Decrypt on the KMS key returned by the command. For more information,
	// see  Grant the role permission to access the certificate and encryption key
	// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy)
	// in the Amazon Web Services Nitro Enclaves User Guide.
	AssociateEnclaveCertificateIamRole(ctx context.Context, params *AssociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*AssociateEnclaveCertificateIamRoleOutput, error)
	// Associates an IAM instance profile with a running or stopped instance. You
	// cannot associate more than one IAM instance profile with an instance.
	AssociateIamInstanceProfile(ctx context.Context, params *AssociateIamInstanceProfileInput, optFns ...func(*Options)) (*AssociateIamInstanceProfileOutput, error)
	// Associates one or more targets with an event window. Only one type of target
	// (instance IDs, Dedicated Host IDs, or tags) can be specified with an event
	// window. For more information, see Define event windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	AssociateInstanceEventWindow(ctx context.Context, params *AssociateInstanceEventWindowInput, optFns ...func(*Options)) (*AssociateInstanceEventWindowOutput, error)
	// Associates a subnet in your VPC or an internet gateway or virtual private
	// gateway attached to your VPC with a route table in your VPC. This association
	// causes traffic from the subnet or gateway to be routed according to the routes
	// in the route table. The action returns an association ID, which you need in
	// order to disassociate the route table later. A route table can be associated
	// with multiple subnets. For more information, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	AssociateRouteTable(ctx context.Context, params *AssociateRouteTableInput, optFns ...func(*Options)) (*AssociateRouteTableOutput, error)
	// Associates a CIDR block with your subnet. You can only associate a single IPv6
	// CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of
	// /64.
	AssociateSubnetCidrBlock(ctx context.Context, params *AssociateSubnetCidrBlockInput, optFns ...func(*Options)) (*AssociateSubnetCidrBlockOutput, error)
	// Associates the specified subnets and transit gateway attachments with the
	// specified transit gateway multicast domain. The transit gateway attachment must
	// be in the available state before you can add a resource. Use
	// DescribeTransitGatewayAttachments
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html)
	// to see the state of the attachment.
	AssociateTransitGatewayMulticastDomain(ctx context.Context, params *AssociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*AssociateTransitGatewayMulticastDomainOutput, error)
	// Associates the specified attachment with the specified transit gateway route
	// table. You can associate only one route table with an attachment.
	AssociateTransitGatewayRouteTable(ctx context.Context, params *AssociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*AssociateTransitGatewayRouteTableOutput, error)
	// This API action is currently in limited preview only. If you are interested in
	// using this feature, contact your account manager. Associates a branch network
	// interface with a trunk network interface. Before you create the association, run
	// the create-network-interface
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html)
	// command and set --interface-type to trunk. You must also create a network
	// interface for each branch network interface that you want to associate with the
	// trunk network interface.
	AssociateTrunkInterface(ctx context.Context, params *AssociateTrunkInterfaceInput, optFns ...func(*Options)) (*AssociateTrunkInterfaceOutput, error)
	// Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR
	// block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6
	// address pool that you provisioned through bring your own IP addresses (BYOIP
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). The IPv6
	// CIDR block size is fixed at /56. You must specify one of the following in the
	// request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR
	// block. For more information about associating CIDR blocks with your VPC and
	// applicable restrictions, see VPC and subnet sizing
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing)
	// in the Amazon Virtual Private Cloud User Guide.
	AssociateVpcCidrBlock(ctx context.Context, params *AssociateVpcCidrBlockInput, optFns ...func(*Options)) (*AssociateVpcCidrBlockOutput, error)
	// Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more
	// of the VPC's security groups. You cannot link an EC2-Classic instance to more
	// than one VPC at a time. You can only link an instance that's in the running
	// state. An instance is automatically unlinked from a VPC when it's stopped - you
	// can link it to the VPC again when you restart it. After you've linked an
	// instance, you cannot change the VPC security groups that are associated with it.
	// To change the security groups, you must first unlink the instance, and then link
	// it again. Linking your instance to a VPC is sometimes referred to as attaching
	// your instance.
	AttachClassicLinkVpc(ctx context.Context, params *AttachClassicLinkVpcInput, optFns ...func(*Options)) (*AttachClassicLinkVpcOutput, error)
	// Attaches an internet gateway or a virtual private gateway to a VPC, enabling
	// connectivity between the internet and the VPC. For more information about your
	// VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide
	// (https://docs.aws.amazon.com/vpc/latest/userguide/).
	AttachInternetGateway(ctx context.Context, params *AttachInternetGatewayInput, optFns ...func(*Options)) (*AttachInternetGatewayOutput, error)
	// Attaches a network interface to an instance.
	AttachNetworkInterface(ctx context.Context, params *AttachNetworkInterfaceInput, optFns ...func(*Options)) (*AttachNetworkInterfaceOutput, error)
	// Attaches an EBS volume to a running or stopped instance and exposes it to the
	// instance with the specified device name. Encrypted EBS volumes must be attached
	// to instances that support Amazon EBS encryption. For more information, see
	// Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide. After you attach an EBS volume, you
	// must make it available. For more information, see Make an EBS volume available
	// for use
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html). If
	// a volume has an Amazon Web Services Marketplace product code:
	//
	// * The volume can
	// be attached only to a stopped instance.
	//
	// * Amazon Web Services Marketplace
	// product codes are copied from the volume to the instance.
	//
	// * You must be
	// subscribed to the product.
	//
	// * The instance type and operating system of the
	// instance must support the product. For example, you can't detach a volume from a
	// Windows instance and attach it to a Linux instance.
	//
	// For more information, see
	// Attach an Amazon EBS volume to an instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	AttachVolume(ctx context.Context, params *AttachVolumeInput, optFns ...func(*Options)) (*AttachVolumeOutput, error)
	// Attaches a virtual private gateway to a VPC. You can attach one virtual private
	// gateway to one VPC at a time. For more information, see Amazon Web Services
	// Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in
	// the Amazon Web Services Site-to-Site VPN User Guide.
	AttachVpnGateway(ctx context.Context, params *AttachVpnGatewayInput, optFns ...func(*Options)) (*AttachVpnGatewayOutput, error)
	// Adds an ingress authorization rule to a Client VPN endpoint. Ingress
	// authorization rules act as firewall rules that grant access to networks. You
	// must configure ingress authorization rules to enable clients to access resources
	// in Amazon Web Services or on-premises networks.
	AuthorizeClientVpnIngress(ctx context.Context, params *AuthorizeClientVpnIngressInput, optFns ...func(*Options)) (*AuthorizeClientVpnIngressOutput, error)
	// [VPC only] Adds the specified outbound (egress) rules to a security group for
	// use with a VPC. An outbound rule permits instances to send traffic to the
	// specified IPv4 or IPv6 CIDR address ranges, or to the instances that are
	// associated with the specified source security groups. You specify a protocol for
	// each rule (for example, TCP). For the TCP and UDP protocols, you must also
	// specify the destination port or port range. For the ICMP protocol, you must also
	// specify the ICMP type and code. You can use -1 for the type or code to mean all
	// types or all codes. Rule changes are propagated to affected instances as quickly
	// as possible. However, a small delay might occur. For information about VPC
	// security group quotas, see Amazon VPC quotas
	// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
	AuthorizeSecurityGroupEgress(ctx context.Context, params *AuthorizeSecurityGroupEgressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupEgressOutput, error)
	// Adds the specified inbound (ingress) rules to a security group. An inbound rule
	// permits instances to receive traffic from the specified IPv4 or IPv6 CIDR
	// address range, or from the instances that are associated with the specified
	// destination security groups. You specify a protocol for each rule (for example,
	// TCP). For TCP and UDP, you must also specify the destination port or port range.
	// For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can
	// use -1 to mean all types or all codes. Rule changes are propagated to instances
	// within the security group as quickly as possible. However, a small delay might
	// occur. For more information about VPC security group quotas, see Amazon VPC
	// quotas
	// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
	AuthorizeSecurityGroupIngress(ctx context.Context, params *AuthorizeSecurityGroupIngressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupIngressOutput, error)
	// Bundles an Amazon instance store-backed Windows instance. During bundling, only
	// the root device volume (C:\) is bundled. Data on other instance store volumes is
	// not preserved. This action is not applicable for Linux/Unix instances or Windows
	// instances that are backed by Amazon EBS.
	BundleInstance(ctx context.Context, params *BundleInstanceInput, optFns ...func(*Options)) (*BundleInstanceOutput, error)
	// Cancels a bundling operation for an instance store-backed Windows instance.
	CancelBundleTask(ctx context.Context, params *CancelBundleTaskInput, optFns ...func(*Options)) (*CancelBundleTaskOutput, error)
	// Cancels the specified Capacity Reservation, releases the reserved capacity, and
	// changes the Capacity Reservation's state to cancelled. Instances running in the
	// reserved capacity continue running until you stop them. Stopped instances that
	// target the Capacity Reservation can no longer launch. Modify these instances to
	// either target a different Capacity Reservation, launch On-Demand Instance
	// capacity, or run in any open Capacity Reservation that has matching attributes
	// and sufficient capacity.
	CancelCapacityReservation(ctx context.Context, params *CancelCapacityReservationInput, optFns ...func(*Options)) (*CancelCapacityReservationOutput, error)
	// Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity
	// Reservation Fleet, the following happens:
	//
	// * The Capacity Reservation Fleet's
	// status changes to cancelled.
	//
	// * The individual Capacity Reservations in the
	// Fleet are cancelled. Instances running in the Capacity Reservations at the time
	// of cancelling the Fleet continue to run in shared capacity.
	//
	// * The Fleet stops
	// creating new Capacity Reservations.
	CancelCapacityReservationFleets(ctx context.Context, params *CancelCapacityReservationFleetsInput, optFns ...func(*Options)) (*CancelCapacityReservationFleetsOutput, error)
	// Cancels an active conversion task. The task can be the import of an instance or
	// volume. The action removes all artifacts of the conversion, including a
	// partially uploaded volume or instance. If the conversion is complete or is in
	// the process of transferring the final disk image, the command fails and returns
	// an exception. For more information, see Importing a Virtual Machine Using the
	// Amazon EC2 CLI
	// (https://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ec2-cli-vmimport-export.html).
	CancelConversionTask(ctx context.Context, params *CancelConversionTaskInput, optFns ...func(*Options)) (*CancelConversionTaskOutput, error)
	// Cancels an active export task. The request removes all artifacts of the export,
	// including any partially-created Amazon S3 objects. If the export task is
	// complete or is in the process of transferring the final disk image, the command
	// fails and returns an error.
	CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error)
	// Cancels an in-process import virtual machine or import snapshot task.
	CancelImportTask(ctx context.Context, params *CancelImportTaskInput, optFns ...func(*Options)) (*CancelImportTaskOutput, error)
	// Cancels the specified Reserved Instance listing in the Reserved Instance
	// Marketplace. For more information, see Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	CancelReservedInstancesListing(ctx context.Context, params *CancelReservedInstancesListingInput, optFns ...func(*Options)) (*CancelReservedInstancesListingOutput, error)
	// Cancels the specified Spot Fleet requests. After you cancel a Spot Fleet
	// request, the Spot Fleet launches no new Spot Instances. You must specify whether
	// the Spot Fleet should also terminate its Spot Instances. If you terminate the
	// instances, the Spot Fleet request enters the cancelled_terminating state.
	// Otherwise, the Spot Fleet request enters the cancelled_running state and the
	// instances continue to run until they are interrupted or you terminate them
	// manually.
	CancelSpotFleetRequests(ctx context.Context, params *CancelSpotFleetRequestsInput, optFns ...func(*Options)) (*CancelSpotFleetRequestsOutput, error)
	// Cancels one or more Spot Instance requests. Canceling a Spot Instance request
	// does not terminate running Spot Instances associated with the request.
	CancelSpotInstanceRequests(ctx context.Context, params *CancelSpotInstanceRequestsInput, optFns ...func(*Options)) (*CancelSpotInstanceRequestsOutput, error)
	// Determines whether a product code is associated with an instance. This action
	// can only be used by the owner of the product code. It is useful when a product
	// code owner must verify whether another user's instance is eligible for support.
	ConfirmProductInstance(ctx context.Context, params *ConfirmProductInstanceInput, optFns ...func(*Options)) (*ConfirmProductInstanceOutput, error)
	// Copies the specified Amazon FPGA Image (AFI) to the current Region.
	CopyFpgaImage(ctx context.Context, params *CopyFpgaImageInput, optFns ...func(*Options)) (*CopyFpgaImageOutput, error)
	// Initiates the copy of an AMI. You can copy an AMI from one Region to another, or
	// from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region,
	// from one Outpost to another, or within the same Outpost. To copy an AMI to
	// another partition, see CreateStoreImageTask
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html).
	// To copy an AMI from one Region to another, specify the source Region using
	// the
	//
	// SourceRegion parameter, and specify the destination Region using its
	// endpoint. Copies of encrypted backing snapshots for the AMI are encrypted.
	// Copies of unencrypted backing snapshots remain unencrypted, unless you set
	// Encrypted during the copy operation. You cannot create an unencrypted copy of an
	// encrypted backing snapshot. To copy an AMI from a Region to an Outpost, specify
	// the source Region using the
	//
	// SourceRegion parameter, and specify the ARN of the
	// destination Outpost using DestinationOutpostArn. Backing snapshots copied to an
	// Outpost are encrypted by default using the default encryption key for the
	// Region, or a different key that you specify in the request using KmsKeyId.
	// Outposts do not support unencrypted snapshots. For more information,  Amazon EBS
	// local snapshots on Outposts
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami)
	// in the Amazon Elastic Compute Cloud User Guide. For more information about the
	// prerequisites and limits when copying an AMI, see Copying an AMI
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	CopyImage(ctx context.Context, params *CopyImageInput, optFns ...func(*Options)) (*CopyImageOutput, error)
	// Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You
	// can copy a snapshot within the same Region, from one Region to another, or from
	// a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region,
	// from one Outpost to another, or within the same Outpost. You can use the
	// snapshot to create EBS volumes or Amazon Machine Images (AMIs). When copying
	// snapshots to a Region, copies of encrypted EBS snapshots remain encrypted.
	// Copies of unencrypted snapshots remain unencrypted, unless you enable encryption
	// for the snapshot copy operation. By default, encrypted snapshot copies use the
	// default Key Management Service (KMS) KMS key; however, you can specify a
	// different KMS key. To copy an encrypted snapshot that has been shared from
	// another account, you must have permissions for the KMS key used to encrypt the
	// snapshot. Snapshots copied to an Outpost are encrypted by default using the
	// default encryption key for the Region, or a different key that you specify in
	// the request using KmsKeyId. Outposts do not support unencrypted snapshots. For
	// more information,  Amazon EBS local snapshots on Outposts
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami)
	// in the Amazon Elastic Compute Cloud User Guide. Snapshots created by copying
	// another snapshot have an arbitrary volume ID that should not be used for any
	// purpose. For more information, see Copy an Amazon EBS snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	CopySnapshot(ctx context.Context, params *CopySnapshotInput, optFns ...func(*Options)) (*CopySnapshotOutput, error)
	// Creates a new Capacity Reservation with the specified attributes. Capacity
	// Reservations enable you to reserve capacity for your Amazon EC2 instances in a
	// specific Availability Zone for any duration. This gives you the flexibility to
	// selectively add capacity reservations and still get the Regional RI discounts
	// for that usage. By creating Capacity Reservations, you ensure that you always
	// have access to Amazon EC2 capacity when you need it, for as long as you need it.
	// For more information, see Capacity Reservations
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html)
	// in the Amazon EC2 User Guide. Your request to create a Capacity Reservation
	// could fail if Amazon EC2 does not have sufficient capacity to fulfill the
	// request. If your request fails due to Amazon EC2 capacity constraints, either
	// try again at a later time, try in a different Availability Zone, or request a
	// smaller capacity reservation. If your application is flexible across instance
	// types and sizes, try to create a Capacity Reservation with different instance
	// attributes. Your request could also fail if the requested quantity exceeds your
	// On-Demand Instance limit for the selected instance type. If your request fails
	// due to limit constraints, increase your On-Demand Instance limit for the
	// required instance type and try again. For more information about increasing your
	// instance limits, see Amazon EC2 Service Quotas
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)
	// in the Amazon EC2 User Guide.
	CreateCapacityReservation(ctx context.Context, params *CreateCapacityReservationInput, optFns ...func(*Options)) (*CreateCapacityReservationOutput, error)
	// Creates a Capacity Reservation Fleet. For more information, see Create a
	// Capacity Reservation Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-cr-fleets.html#create-crfleet)
	// in the Amazon EC2 User Guide.
	CreateCapacityReservationFleet(ctx context.Context, params *CreateCapacityReservationFleetInput, optFns ...func(*Options)) (*CreateCapacityReservationFleetOutput, error)
	// Creates a carrier gateway. For more information about carrier gateways, see
	// Carrier gateways
	// (https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#wavelength-carrier-gateway)
	// in the Amazon Web Services Wavelength Developer Guide.
	CreateCarrierGateway(ctx context.Context, params *CreateCarrierGatewayInput, optFns ...func(*Options)) (*CreateCarrierGatewayOutput, error)
	// Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create
	// and configure to enable and manage client VPN sessions. It is the destination
	// endpoint at which all client VPN sessions are terminated.
	CreateClientVpnEndpoint(ctx context.Context, params *CreateClientVpnEndpointInput, optFns ...func(*Options)) (*CreateClientVpnEndpointOutput, error)
	// Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has
	// a route table that describes the available destination network routes. Each
	// route in the route table specifies the path for traffic to specific resources or
	// networks.
	CreateClientVpnRoute(ctx context.Context, params *CreateClientVpnRouteInput, optFns ...func(*Options)) (*CreateClientVpnRouteOutput, error)
	// Provides information to Amazon Web Services about your VPN customer gateway
	// device. The customer gateway is the appliance at your end of the VPN connection.
	// (The device on the Amazon Web Services side of the VPN connection is the virtual
	// private gateway.) You must provide the internet-routable IP address of the
	// customer gateway's external interface. The IP address must be static and can be
	// behind a device performing network address translation (NAT). For devices that
	// use Border Gateway Protocol (BGP), you can also provide the device's BGP
	// Autonomous System Number (ASN). You can use an existing ASN assigned to your
	// network. If you don't have an ASN already, you can use a private ASN (in the
	// 64512 - 65534 range). Amazon EC2 supports all 4-byte ASN numbers in the range of
	// 1 - 2147483647, with the exception of the following:
	//
	// * 7224 - reserved in the
	// us-east-1 Region
	//
	// * 9059 - reserved in the eu-west-1 Region
	//
	// * 17943 - reserved
	// in the ap-southeast-1 Region
	//
	// * 10124 - reserved in the ap-northeast-1
	// Region
	//
	// For more information, see Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide. To create more than one customer gateway
	// with the same VPN type, IP address, and BGP ASN, specify a unique device name
	// for each customer gateway. Identical requests return information about the
	// existing customer gateway and do not create new customer gateways.
	CreateCustomerGateway(ctx context.Context, params *CreateCustomerGatewayInput, optFns ...func(*Options)) (*CreateCustomerGatewayOutput, error)
	// Creates a default subnet with a size /20 IPv4 CIDR block in the specified
	// Availability Zone in your default VPC. You can have only one default subnet per
	// Availability Zone. For more information, see Creating a default subnet
	// (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#create-default-subnet)
	// in the Amazon Virtual Private Cloud User Guide.
	CreateDefaultSubnet(ctx context.Context, params *CreateDefaultSubnetInput, optFns ...func(*Options)) (*CreateDefaultSubnetOutput, error)
	// Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in
	// each Availability Zone. For more information about the components of a default
	// VPC, see Default VPC and default subnets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) in the
	// Amazon Virtual Private Cloud User Guide. You cannot specify the components of
	// the default VPC yourself. If you deleted your previous default VPC, you can
	// create a default VPC. You cannot have more than one default VPC per Region. If
	// your account supports EC2-Classic, you cannot use this action to create a
	// default VPC in a Region that supports EC2-Classic. If you want a default VPC in
	// a Region that supports EC2-Classic, see "I really want a default VPC for my
	// existing EC2 account. Is that possible?" in the Default VPCs FAQ
	// (http://aws.amazon.com/vpc/faqs/#Default_VPCs).
	CreateDefaultVpc(ctx context.Context, params *CreateDefaultVpcInput, optFns ...func(*Options)) (*CreateDefaultVpcOutput, error)
	// Creates a set of DHCP options for your VPC. After creating the set, you must
	// associate it with the VPC, causing all existing and new instances that you
	// launch in the VPC to use this set of DHCP options. The following are the
	// individual DHCP options you can specify. For more information about the options,
	// see RFC 2132 (http://www.ietf.org/rfc/rfc2132.txt).
	//
	// * domain-name-servers - The
	// IP addresses of up to four domain name servers, or AmazonProvidedDNS. The
	// default DHCP option set specifies AmazonProvidedDNS. If specifying more than one
	// domain name server, specify the IP addresses in a single parameter, separated by
	// commas. To have your instance receive a custom DNS hostname as specified in
	// domain-name, you must set domain-name-servers to a custom DNS server.
	//
	// *
	// domain-name - If you're using AmazonProvidedDNS in us-east-1, specify
	// ec2.internal. If you're using AmazonProvidedDNS in another Region, specify
	// region.compute.internal (for example, ap-northeast-1.compute.internal).
	// Otherwise, specify a domain name (for example, ExampleCompany.com). This value
	// is used to complete unqualified DNS hostnames. Important: Some Linux operating
	// systems accept multiple domain names separated by spaces. However, Windows and
	// other Linux operating systems treat the value as a single domain, which results
	// in unexpected behavior. If your DHCP options set is associated with a VPC that
	// has instances with multiple operating systems, specify only one domain name.
	//
	// *
	// ntp-servers - The IP addresses of up to four Network Time Protocol (NTP)
	// servers.
	//
	// * netbios-name-servers - The IP addresses of up to four NetBIOS name
	// servers.
	//
	// * netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We
	// recommend that you specify 2 (broadcast and multicast are not currently
	// supported). For more information about these node types, see RFC 2132
	// (http://www.ietf.org/rfc/rfc2132.txt).
	//
	// Your VPC automatically starts out with a
	// set of DHCP options that includes only a DNS server that we provide
	// (AmazonProvidedDNS). If you create a set of options, and if your VPC has an
	// internet gateway, make sure to set the domain-name-servers option either to
	// AmazonProvidedDNS or to a domain name server of your choice. For more
	// information, see DHCP options sets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateDhcpOptions(ctx context.Context, params *CreateDhcpOptionsInput, optFns ...func(*Options)) (*CreateDhcpOptionsOutput, error)
	// [IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only
	// internet gateway is used to enable outbound communication over IPv6 from
	// instances in your VPC to the internet, and prevents hosts outside of your VPC
	// from initiating an IPv6 connection with your instance.
	CreateEgressOnlyInternetGateway(ctx context.Context, params *CreateEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*CreateEgressOnlyInternetGatewayOutput, error)
	// Launches an EC2 Fleet. You can create a single EC2 Fleet that includes multiple
	// launch specifications that vary by instance type, AMI, Availability Zone, or
	// subnet. For more information, see EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html) in the
	// Amazon EC2 User Guide.
	CreateFleet(ctx context.Context, params *CreateFleetInput, optFns ...func(*Options)) (*CreateFleetOutput, error)
	// Creates one or more flow logs to capture information about IP traffic for a
	// specific network interface, subnet, or VPC. Flow log data for a monitored
	// network interface is recorded as flow log records, which are log events
	// consisting of fields that describe the traffic flow. For more information, see
	// Flow log records
	// (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records)
	// in the Amazon Virtual Private Cloud User Guide. When publishing to CloudWatch
	// Logs, flow log records are published to a log group, and each network interface
	// has a unique log stream in the log group. When publishing to Amazon S3, flow log
	// records for all of the monitored network interfaces are published to a single
	// log file object that is stored in the specified bucket. For more information,
	// see VPC Flow Logs
	// (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html) in the Amazon
	// Virtual Private Cloud User Guide.
	CreateFlowLogs(ctx context.Context, params *CreateFlowLogsInput, optFns ...func(*Options)) (*CreateFlowLogsOutput, error)
	// Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).
	// The create operation is asynchronous. To verify that the AFI is ready for use,
	// check the output logs. An AFI contains the FPGA bitstream that is ready to
	// download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated
	// instances. For more information, see the Amazon Web Services FPGA Hardware
	// Development Kit (https://github.com/aws/aws-fpga/).
	CreateFpgaImage(ctx context.Context, params *CreateFpgaImageInput, optFns ...func(*Options)) (*CreateFpgaImageOutput, error)
	// Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is
	// either running or stopped. By default, Amazon EC2 shuts down and reboots the
	// instance before creating the AMI to ensure that everything on the instance is
	// stopped and in a consistent state during the creation process. If you're
	// confident that your instance is in a consistent state appropriate for AMI
	// creation, use the NoReboot parameter to prevent Amazon EC2 from shutting down
	// and rebooting the instance. If you customized your instance with instance store
	// volumes or Amazon EBS volumes in addition to the root device volume, the new AMI
	// contains block device mapping information for those volumes. When you launch an
	// instance from this new AMI, the instance automatically launches with those
	// additional volumes. For more information, see Creating Amazon EBS-Backed Linux
	// AMIs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateImage(ctx context.Context, params *CreateImageInput, optFns ...func(*Options)) (*CreateImageOutput, error)
	// Creates an event window in which scheduled events for the associated Amazon EC2
	// instances can run. You can define either a set of time ranges or a cron
	// expression when creating the event window, but not both. All event window times
	// are in UTC. You can create up to 200 event windows per Amazon Web Services
	// Region. When you create the event window, targets (instance IDs, Dedicated Host
	// IDs, or tags) are not yet associated with it. To ensure that the event window
	// can be used, you must associate one or more targets with it by using the
	// AssociateInstanceEventWindow API. Event windows are applicable only for
	// scheduled events that stop, reboot, or terminate instances. Event windows are
	// not applicable for:
	//
	// * Expedited scheduled events and network maintenance
	// events.
	//
	// * Unscheduled maintenance such as AutoRecovery and unplanned
	// reboots.
	//
	// For more information, see Define event windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	CreateInstanceEventWindow(ctx context.Context, params *CreateInstanceEventWindowInput, optFns ...func(*Options)) (*CreateInstanceEventWindowOutput, error)
	// Exports a running or stopped instance to an Amazon S3 bucket. For information
	// about the supported operating systems, image formats, and known limitations for
	// the types of instances you can export, see Exporting an instance as a VM Using
	// VM Import/Export
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) in the VM
	// Import/Export User Guide.
	CreateInstanceExportTask(ctx context.Context, params *CreateInstanceExportTaskInput, optFns ...func(*Options)) (*CreateInstanceExportTaskOutput, error)
	// Creates an internet gateway for use with a VPC. After creating the internet
	// gateway, you attach it to a VPC using AttachInternetGateway. For more
	// information about your VPC and internet gateway, see the Amazon Virtual Private
	// Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/).
	CreateInternetGateway(ctx context.Context, params *CreateInternetGatewayInput, optFns ...func(*Options)) (*CreateInternetGatewayOutput, error)
	// Create an IPAM. Amazon VCP IP Address Manager (IPAM) is a VPC feature that you
	// can use to automate your IP address management workflows including assigning,
	// tracking, troubleshooting, and auditing IP addresses across Amazon Web Services
	// Regions and accounts throughout your Amazon Web Services Organization. For more
	// information, see Create an IPAM in the Amazon VPC IPAM User Guide.
	CreateIpam(ctx context.Context, params *CreateIpamInput, optFns ...func(*Options)) (*CreateIpamOutput, error)
	// Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a
	// pool is a collection of contiguous IP addresses CIDRs. Pools enable you to
	// organize your IP addresses according to your routing and security needs. For
	// example, if you have separate routing and security needs for development and
	// production applications, you can create a pool for each. For more information,
	// see Create a top-level pool in the Amazon VPC IPAM User Guide.
	CreateIpamPool(ctx context.Context, params *CreateIpamPoolInput, optFns ...func(*Options)) (*CreateIpamPoolOutput, error)
	// Create an IPAM scope. In IPAM, a scope is the highest-level container within
	// IPAM. An IPAM contains two default scopes. Each scope represents the IP space
	// for a single network. The private scope is intended for all private IP address
	// space. The public scope is intended for all public IP address space. Scopes
	// enable you to reuse IP addresses across multiple unconnected networks without
	// causing IP address overlap or conflict. For more information, see Add a scope in
	// the Amazon VPC IPAM User Guide.
	CreateIpamScope(ctx context.Context, params *CreateIpamScopeInput, optFns ...func(*Options)) (*CreateIpamScopeOutput, error)
	// Creates an ED25519 or 2048-bit RSA key pair with the specified name. Amazon EC2
	// stores the public key and displays the private key for you to save to a file.
	// The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If
	// a key with the specified name already exists, Amazon EC2 returns an error. The
	// key pair returned to you is available only in the Amazon Web Services Region in
	// which you create it. If you prefer, you can create your own key pair using a
	// third-party tool and upload it to any Region using ImportKeyPair. You can have
	// up to 5,000 key pairs per Amazon Web Services Region. For more information, see
	// Amazon EC2 key pairs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	CreateKeyPair(ctx context.Context, params *CreateKeyPairInput, optFns ...func(*Options)) (*CreateKeyPairOutput, error)
	// Creates a launch template. A launch template contains the parameters to launch
	// an instance. When you launch an instance using RunInstances, you can specify a
	// launch template instead of providing the launch parameters in the request. For
	// more information, see Launching an instance from a launch template
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateLaunchTemplate(ctx context.Context, params *CreateLaunchTemplateInput, optFns ...func(*Options)) (*CreateLaunchTemplateOutput, error)
	// Creates a new version for a launch template. You can specify an existing version
	// of launch template from which to base the new version. Launch template versions
	// are numbered in the order in which they are created. You cannot specify, change,
	// or replace the numbering of launch template versions. For more information, see
	// Managing launch template versions
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#manage-launch-template-versions)in
	// the Amazon Elastic Compute Cloud User Guide.
	CreateLaunchTemplateVersion(ctx context.Context, params *CreateLaunchTemplateVersionInput, optFns ...func(*Options)) (*CreateLaunchTemplateVersionOutput, error)
	// Creates a static route for the specified local gateway route table.
	CreateLocalGatewayRoute(ctx context.Context, params *CreateLocalGatewayRouteInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteOutput, error)
	// Associates the specified VPC with the specified local gateway route table.
	CreateLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *CreateLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteTableVpcAssociationOutput, error)
	// Creates a managed prefix list. You can specify one or more entries for the
	// prefix list. Each entry consists of a CIDR block and an optional description.
	CreateManagedPrefixList(ctx context.Context, params *CreateManagedPrefixListInput, optFns ...func(*Options)) (*CreateManagedPrefixListOutput, error)
	// Creates a NAT gateway in the specified subnet. This action creates a network
	// interface in the specified subnet with a private IP address from the IP address
	// range of the subnet. You can create either a public NAT gateway or a private NAT
	// gateway. With a public NAT gateway, internet-bound traffic from a private subnet
	// can be routed to the NAT gateway, so that instances in a private subnet can
	// connect to the internet. With a private NAT gateway, private communication is
	// routed across VPCs and on-premises networks through a transit gateway or virtual
	// private gateway. Common use cases include running large workloads behind a small
	// pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and
	// communicating between overlapping networks. For more information, see NAT
	// gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html)
	// in the Amazon Virtual Private Cloud User Guide.
	CreateNatGateway(ctx context.Context, params *CreateNatGatewayInput, optFns ...func(*Options)) (*CreateNatGatewayOutput, error)
	// Creates a network ACL in a VPC. Network ACLs provide an optional layer of
	// security (in addition to security groups) for the instances in your VPC. For
	// more information, see Network ACLs
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
	// Virtual Private Cloud User Guide.
	CreateNetworkAcl(ctx context.Context, params *CreateNetworkAclInput, optFns ...func(*Options)) (*CreateNetworkAclOutput, error)
	// Creates an entry (a rule) in a network ACL with the specified rule number. Each
	// network ACL has a set of numbered ingress rules and a separate set of numbered
	// egress rules. When determining whether a packet should be allowed in or out of a
	// subnet associated with the ACL, we process the entries in the ACL according to
	// the rule numbers, in ascending order. Each network ACL has a set of ingress
	// rules and a separate set of egress rules. We recommend that you leave room
	// between the rule numbers (for example, 100, 110, 120, ...), and not number them
	// one right after the other (for example, 101, 102, 103, ...). This makes it
	// easier to add a rule between existing ones without having to renumber the rules.
	// After you add an entry, you can't modify it; you must either replace it, or
	// create an entry and delete the old one. For more information about network ACLs,
	// see Network ACLs
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
	// Virtual Private Cloud User Guide.
	CreateNetworkAclEntry(ctx context.Context, params *CreateNetworkAclEntryInput, optFns ...func(*Options)) (*CreateNetworkAclEntryOutput, error)
	// Creates a Network Access Scope. Amazon Web Services Network Access Analyzer
	// enables cloud networking and cloud operations teams to verify that their
	// networks on Amazon Web Services conform to their network security and governance
	// objectives. For more information, see the Amazon Web Services Network Access
	// Analyzer Guide
	// (https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/).
	CreateNetworkInsightsAccessScope(ctx context.Context, params *CreateNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*CreateNetworkInsightsAccessScopeOutput, error)
	// Creates a path to analyze for reachability. Reachability Analyzer enables you to
	// analyze and debug network reachability between two resources in your virtual
	// private cloud (VPC). For more information, see What is Reachability Analyzer
	// (https://docs.aws.amazon.com/vpc/latest/reachability/).
	CreateNetworkInsightsPath(ctx context.Context, params *CreateNetworkInsightsPathInput, optFns ...func(*Options)) (*CreateNetworkInsightsPathOutput, error)
	// Creates a network interface in the specified subnet. For more information about
	// network interfaces, see Elastic Network Interfaces
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateNetworkInterface(ctx context.Context, params *CreateNetworkInterfaceInput, optFns ...func(*Options)) (*CreateNetworkInterfaceOutput, error)
	// Grants an Amazon Web Services-authorized account permission to attach the
	// specified network interface to an instance in their account. You can grant
	// permission to a single Amazon Web Services account only, and only one account at
	// a time.
	CreateNetworkInterfacePermission(ctx context.Context, params *CreateNetworkInterfacePermissionInput, optFns ...func(*Options)) (*CreateNetworkInterfacePermissionOutput, error)
	// Creates a placement group in which to launch instances. The strategy of the
	// placement group determines how the instances are organized within the group. A
	// cluster placement group is a logical grouping of instances within a single
	// Availability Zone that benefit from low network latency, high network
	// throughput. A spread placement group places instances on distinct hardware. A
	// partition placement group places groups of instances in different partitions,
	// where instances in one partition do not share the same hardware with instances
	// in another partition. For more information, see Placement groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
	// the Amazon EC2 User Guide.
	CreatePlacementGroup(ctx context.Context, params *CreatePlacementGroupInput, optFns ...func(*Options)) (*CreatePlacementGroupOutput, error)
	// Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool
	// required for the public IPv4 CIDRs that you own and bring to Amazon Web Services
	// to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however,
	// use IPAM pools only. To monitor the status of pool creation, use
	// DescribePublicIpv4Pools
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html).
	CreatePublicIpv4Pool(ctx context.Context, params *CreatePublicIpv4PoolInput, optFns ...func(*Options)) (*CreatePublicIpv4PoolOutput, error)
	// Creates a root volume replacement task for an Amazon EC2 instance. The root
	// volume can either be restored to its initial launch state, or it can be restored
	// using a specific snapshot. For more information, see Replace a root volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateReplaceRootVolumeTask(ctx context.Context, params *CreateReplaceRootVolumeTaskInput, optFns ...func(*Options)) (*CreateReplaceRootVolumeTaskOutput, error)
	// Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the
	// Reserved Instance Marketplace. You can submit one Standard Reserved Instance
	// listing at a time. To get a list of your Standard Reserved Instances, you can
	// use the DescribeReservedInstances operation. Only Standard Reserved Instances
	// can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances
	// cannot be sold. The Reserved Instance Marketplace matches sellers who want to
	// resell Standard Reserved Instance capacity that they no longer need with buyers
	// who want to purchase additional capacity. Reserved Instances bought and sold
	// through the Reserved Instance Marketplace work like any other Reserved
	// Instances. To sell your Standard Reserved Instances, you must first register as
	// a seller in the Reserved Instance Marketplace. After completing the registration
	// process, you can create a Reserved Instance Marketplace listing of some or all
	// of your Standard Reserved Instances, and specify the upfront price to receive
	// for them. Your Standard Reserved Instance listings then become available for
	// purchase. To view the details of your Standard Reserved Instance listing, you
	// can use the DescribeReservedInstancesListings operation. For more information,
	// see Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	CreateReservedInstancesListing(ctx context.Context, params *CreateReservedInstancesListingInput, optFns ...func(*Options)) (*CreateReservedInstancesListingOutput, error)
	// Starts a task that restores an AMI from an Amazon S3 object that was previously
	// created by using CreateStoreImageTask
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html).
	// To use this API, you must have the required permissions. For more information,
	// see Permissions for storing and restoring AMIs using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
	// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
	// and restore an AMI using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	CreateRestoreImageTask(ctx context.Context, params *CreateRestoreImageTaskInput, optFns ...func(*Options)) (*CreateRestoreImageTaskOutput, error)
	// Creates a route in a route table within a VPC. You must specify one of the
	// following targets: internet gateway or virtual private gateway, NAT instance,
	// NAT gateway, VPC peering connection, network interface, egress-only internet
	// gateway, or transit gateway. When determining how to route traffic, we use the
	// route with the most specific match. For example, traffic is destined for the
	// IPv4 address 192.0.2.3, and the route table includes the following two IPv4
	// routes:
	//
	// * 192.0.2.0/24 (goes to some target A)
	//
	// * 192.0.2.0/28 (goes to some
	// target B)
	//
	// Both routes apply to the traffic destined for 192.0.2.3. However, the
	// second route in the list covers a smaller number of IP addresses and is
	// therefore more specific, so we use that route to determine where to target the
	// traffic. For more information about route tables, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateRoute(ctx context.Context, params *CreateRouteInput, optFns ...func(*Options)) (*CreateRouteOutput, error)
	// Creates a route table for the specified VPC. After you create a route table, you
	// can add routes and associate the table with a subnet. For more information, see
	// Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateRouteTable(ctx context.Context, params *CreateRouteTableInput, optFns ...func(*Options)) (*CreateRouteTableOutput, error)
	// Creates a security group. A security group acts as a virtual firewall for your
	// instance to control inbound and outbound traffic. For more information, see
	// Amazon EC2 security groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html)
	// in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC
	// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html)
	// in the Amazon Virtual Private Cloud User Guide. When you create a security
	// group, you specify a friendly name of your choice. You can have a security group
	// for use in EC2-Classic with the same name as a security group for use in a VPC.
	// However, you can't have two security groups for use in EC2-Classic with the same
	// name or two security groups for use in a VPC with the same name. You have a
	// default security group for use in EC2-Classic and a default security group for
	// use in your VPC. If you don't specify a security group when you launch an
	// instance, the instance is launched into the appropriate default security group.
	// A default security group includes a default rule that grants instances
	// unrestricted network access to each other. You can add or remove rules from your
	// security groups using AuthorizeSecurityGroupIngress,
	// AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and
	// RevokeSecurityGroupEgress. For more information about VPC security group limits,
	// see Amazon VPC Limits
	// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
	CreateSecurityGroup(ctx context.Context, params *CreateSecurityGroupInput, optFns ...func(*Options)) (*CreateSecurityGroupOutput, error)
	// Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use
	// snapshots for backups, to make copies of EBS volumes, and to save data before
	// shutting down an instance. You can create snapshots of volumes in a Region and
	// volumes on an Outpost. If you create a snapshot of a volume in a Region, the
	// snapshot must be stored in the same Region as the volume. If you create a
	// snapshot of a volume on an Outpost, the snapshot can be stored on the same
	// Outpost as the volume, or in the Region for that Outpost. When a snapshot is
	// created, any Amazon Web Services Marketplace product codes that are associated
	// with the source volume are propagated to the snapshot. You can take a snapshot
	// of an attached volume that is in use. However, snapshots only capture data that
	// has been written to your Amazon EBS volume at the time the snapshot command is
	// issued; this might exclude any data that has been cached by any applications or
	// the operating system. If you can pause any file systems on the volume long
	// enough to take a snapshot, your snapshot should be complete. However, if you
	// cannot pause all file writes to the volume, you should unmount the volume from
	// within the instance, issue the snapshot command, and then remount the volume to
	// ensure a consistent and complete snapshot. You may remount and use your volume
	// while the snapshot status is pending. To create a snapshot for Amazon EBS
	// volumes that serve as root devices, you should stop the instance before taking
	// the snapshot. Snapshots that are taken from encrypted volumes are automatically
	// encrypted. Volumes that are created from encrypted snapshots are also
	// automatically encrypted. Your encrypted volumes and any associated snapshots
	// always remain protected. You can tag your snapshots during creation. For more
	// information, see Tag your Amazon EC2 resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide. For more information, see Amazon
	// Elastic Block Store
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) and Amazon
	// EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	CreateSnapshot(ctx context.Context, params *CreateSnapshotInput, optFns ...func(*Options)) (*CreateSnapshotOutput, error)
	// Creates crash-consistent snapshots of multiple EBS volumes and stores the data
	// in S3. Volumes are chosen by specifying an instance. Any attached volumes will
	// produce one snapshot each that is crash-consistent across the instance. Boot
	// volumes can be excluded by changing the parameters. You can create multi-volume
	// snapshots of instances in a Region and instances on an Outpost. If you create
	// snapshots from an instance in a Region, the snapshots must be stored in the same
	// Region as the instance. If you create snapshots from an instance on an Outpost,
	// the snapshots can be stored on the same Outpost as the instance, or in the
	// Region for that Outpost.
	CreateSnapshots(ctx context.Context, params *CreateSnapshotsInput, optFns ...func(*Options)) (*CreateSnapshotsOutput, error)
	// Creates a data feed for Spot Instances, enabling you to view Spot Instance usage
	// logs. You can create one data feed per Amazon Web Services account. For more
	// information, see Spot Instance data feed
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in
	// the Amazon EC2 User Guide for Linux Instances.
	CreateSpotDatafeedSubscription(ctx context.Context, params *CreateSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*CreateSpotDatafeedSubscriptionOutput, error)
	// Stores an AMI as a single object in an Amazon S3 bucket. To use this API, you
	// must have the required permissions. For more information, see Permissions for
	// storing and restoring AMIs using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
	// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
	// and restore an AMI using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	CreateStoreImageTask(ctx context.Context, params *CreateStoreImageTaskInput, optFns ...func(*Options)) (*CreateStoreImageTaskOutput, error)
	// Creates a subnet in a specified VPC. You must specify an IPv4 CIDR block for the
	// subnet. After you create a subnet, you can't change its CIDR block. The allowed
	// block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP
	// addresses). The CIDR block must not overlap with the CIDR block of an existing
	// subnet in the VPC. If you've associated an IPv6 CIDR block with your VPC, you
	// can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.
	// Amazon Web Services reserves both the first four and the last IPv4 address in
	// each subnet's CIDR block. They're not available for use. If you add more than
	// one subnet to a VPC, they're set up in a star topology with a logical router in
	// the middle. When you stop an instance in a subnet, it retains its private IPv4
	// address. It's therefore possible to have a subnet with no running instances
	// (they're all stopped), but no remaining IP addresses available. For more
	// information about subnets, see Your VPC and subnets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the
	// Amazon Virtual Private Cloud User Guide.
	CreateSubnet(ctx context.Context, params *CreateSubnetInput, optFns ...func(*Options)) (*CreateSubnetOutput, error)
	// Creates a subnet CIDR reservation. For information about subnet CIDR
	// reservations, see Subnet CIDR reservations
	// (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html)
	// in the Amazon Virtual Private Cloud User Guide.
	CreateSubnetCidrReservation(ctx context.Context, params *CreateSubnetCidrReservationInput, optFns ...func(*Options)) (*CreateSubnetCidrReservationOutput, error)
	// Adds or overwrites only the specified tags for the specified Amazon EC2 resource
	// or resources. When you specify an existing tag key, the value is overwritten
	// with the new value. Each resource can have a maximum of 50 tags. Each tag
	// consists of a key and optional value. Tag keys must be unique per resource. For
	// more information about tags, see Tagging Your Resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide. For more information about creating IAM
	// policies that control users' access to resources based on tags, see Supported
	// Resource-Level Permissions for Amazon EC2 API Actions
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-iam-actions-resources.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateTags(ctx context.Context, params *CreateTagsInput, optFns ...func(*Options)) (*CreateTagsOutput, error)
	// Creates a Traffic Mirror filter. A Traffic Mirror filter is a set of rules that
	// defines the traffic to mirror. By default, no traffic is mirrored. To mirror
	// traffic, use CreateTrafficMirrorFilterRule
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.htm)
	// to add Traffic Mirror rules to the filter. The rules you add define what traffic
	// gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyTrafficMirrorFilterNetworkServices.html)
	// to mirror supported network services.
	CreateTrafficMirrorFilter(ctx context.Context, params *CreateTrafficMirrorFilterInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterOutput, error)
	// Creates a Traffic Mirror filter rule. A Traffic Mirror rule defines the Traffic
	// Mirror source traffic to mirror. You need the Traffic Mirror filter ID when you
	// create the rule.
	CreateTrafficMirrorFilterRule(ctx context.Context, params *CreateTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterRuleOutput, error)
	// Creates a Traffic Mirror session. A Traffic Mirror session actively copies
	// packets from a Traffic Mirror source to a Traffic Mirror target. Create a
	// filter, and then assign it to the session to define a subset of the traffic to
	// mirror, for example all TCP traffic. The Traffic Mirror source and the Traffic
	// Mirror target (monitoring appliances) can be in the same VPC, or in a different
	// VPC connected via VPC peering or a transit gateway. By default, no traffic is
	// mirrored. Use CreateTrafficMirrorFilter
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilter.htm)
	// to create filter rules that specify the traffic to mirror.
	CreateTrafficMirrorSession(ctx context.Context, params *CreateTrafficMirrorSessionInput, optFns ...func(*Options)) (*CreateTrafficMirrorSessionOutput, error)
	// Creates a target for your Traffic Mirror session. A Traffic Mirror target is the
	// destination for mirrored traffic. The Traffic Mirror source and the Traffic
	// Mirror target (monitoring appliances) can be in the same VPC, or in different
	// VPCs connected via VPC peering or a transit gateway. A Traffic Mirror target can
	// be a network interface, or a Network Load Balancer. To use the target in a
	// Traffic Mirror session, use CreateTrafficMirrorSession
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.htm).
	CreateTrafficMirrorTarget(ctx context.Context, params *CreateTrafficMirrorTargetInput, optFns ...func(*Options)) (*CreateTrafficMirrorTargetOutput, error)
	// Creates a transit gateway. You can use a transit gateway to interconnect your
	// virtual private clouds (VPC) and on-premises networks. After the transit gateway
	// enters the available state, you can attach your VPCs and VPN connections to the
	// transit gateway. To attach your VPCs, use CreateTransitGatewayVpcAttachment. To
	// attach a VPN connection, use CreateCustomerGateway to create a customer gateway
	// and specify the ID of the customer gateway and the ID of the transit gateway in
	// a call to CreateVpnConnection. When you create a transit gateway, we create a
	// default transit gateway route table and use it as the default association route
	// table and the default propagation route table. You can use
	// CreateTransitGatewayRouteTable to create additional transit gateway route
	// tables. If you disable automatic route propagation, we do not create a default
	// transit gateway route table. You can use
	// EnableTransitGatewayRouteTablePropagation to propagate routes from a resource
	// attachment to a transit gateway route table. If you disable automatic
	// associations, you can use AssociateTransitGatewayRouteTable to associate a
	// resource attachment with a transit gateway route table.
	CreateTransitGateway(ctx context.Context, params *CreateTransitGatewayInput, optFns ...func(*Options)) (*CreateTransitGatewayOutput, error)
	// Creates a Connect attachment from a specified transit gateway attachment. A
	// Connect attachment is a GRE-based tunnel attachment that you can use to
	// establish a connection between a transit gateway and an appliance. A Connect
	// attachment uses an existing VPC or Amazon Web Services Direct Connect attachment
	// as the underlying transport mechanism.
	CreateTransitGatewayConnect(ctx context.Context, params *CreateTransitGatewayConnectInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectOutput, error)
	// Creates a Connect peer for a specified transit gateway Connect attachment
	// between a transit gateway and an appliance. The peer address and transit gateway
	// address must be the same IP address family (IPv4 or IPv6). For more information,
	// see Connect peers
	// (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html#tgw-connect-peer)
	// in the Transit Gateways Guide.
	CreateTransitGatewayConnectPeer(ctx context.Context, params *CreateTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectPeerOutput, error)
	// Creates a multicast domain using the specified transit gateway. The transit
	// gateway must be in the available state before you create a domain. Use
	// DescribeTransitGateways
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html)
	// to see the state of transit gateway.
	CreateTransitGatewayMulticastDomain(ctx context.Context, params *CreateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*CreateTransitGatewayMulticastDomainOutput, error)
	// Requests a transit gateway peering attachment between the specified transit
	// gateway (requester) and a peer transit gateway (accepter). The transit gateways
	// must be in different Regions. The peer transit gateway can be in your account or
	// a different Amazon Web Services account. After you create the peering
	// attachment, the owner of the accepter transit gateway must accept the attachment
	// request.
	CreateTransitGatewayPeeringAttachment(ctx context.Context, params *CreateTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayPeeringAttachmentOutput, error)
	// Creates a reference (route) to a prefix list in a specified transit gateway
	// route table.
	CreateTransitGatewayPrefixListReference(ctx context.Context, params *CreateTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*CreateTransitGatewayPrefixListReferenceOutput, error)
	// Creates a static route for the specified transit gateway route table.
	CreateTransitGatewayRoute(ctx context.Context, params *CreateTransitGatewayRouteInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteOutput, error)
	// Creates a route table for the specified transit gateway.
	CreateTransitGatewayRouteTable(ctx context.Context, params *CreateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteTableOutput, error)
	// Attaches the specified VPC to the specified transit gateway. If you attach a VPC
	// with a CIDR range that overlaps the CIDR range of a VPC that is already
	// attached, the new VPC CIDR range is not propagated to the default propagation
	// route table. To send VPC traffic to an attached transit gateway, add a route to
	// the VPC route table using CreateRoute.
	CreateTransitGatewayVpcAttachment(ctx context.Context, params *CreateTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayVpcAttachmentOutput, error)
	// Creates an EBS volume that can be attached to an instance in the same
	// Availability Zone. You can create a new empty volume or restore a volume from an
	// EBS snapshot. Any Amazon Web Services Marketplace product codes from the
	// snapshot are propagated to the volume. You can create encrypted volumes.
	// Encrypted volumes must be attached to instances that support Amazon EBS
	// encryption. Volumes that are created from encrypted snapshots are also
	// automatically encrypted. For more information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide. You can tag your volumes during
	// creation. For more information, see Tag your Amazon EC2 resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide. For more information, see Create an
	// Amazon EBS volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-volume.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	CreateVolume(ctx context.Context, params *CreateVolumeInput, optFns ...func(*Options)) (*CreateVolumeOutput, error)
	// Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can
	// create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16
	// netmask (65,536 IPv4 addresses). For more information about how large to make
	// your VPC, see Your VPC and subnets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the
	// Amazon Virtual Private Cloud User Guide. You can optionally request an IPv6 CIDR
	// block for the VPC. You can request an Amazon-provided IPv6 CIDR block from
	// Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool
	// that you provisioned through bring your own IP addresses (BYOIP
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). By
	// default, each instance you launch in the VPC has the default DHCP options, which
	// include only a default DNS server that we provide (AmazonProvidedDNS). For more
	// information, see DHCP options sets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
	// Amazon Virtual Private Cloud User Guide. You can specify the instance tenancy
	// value for the VPC when you create it. You can't change this value for the VPC
	// after you create it. For more information, see Dedicated Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	CreateVpc(ctx context.Context, params *CreateVpcInput, optFns ...func(*Options)) (*CreateVpcOutput, error)
	// Creates a VPC endpoint for a specified service. An endpoint enables you to
	// create a private connection between your VPC and the service. The service may be
	// provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or
	// another Amazon Web Services account. For more information, see VPC Endpoints
	// (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the
	// Amazon Virtual Private Cloud User Guide. A gateway endpoint serves as a target
	// for a route in your route table for traffic destined for the Amazon Web Service.
	// You can specify an endpoint policy to attach to the endpoint, which will control
	// access to the service from your VPC. You can also specify the VPC route tables
	// that use the endpoint. An interface endpoint is a network interface in your
	// subnet that serves as an endpoint for communicating with the specified service.
	// You can specify the subnets in which to create an endpoint, and the security
	// groups to associate with the endpoint network interface. A GatewayLoadBalancer
	// endpoint is a network interface in your subnet that serves an endpoint for
	// communicating with a Gateway Load Balancer that you've configured as a VPC
	// endpoint service. Use DescribeVpcEndpointServices to get a list of supported
	// services.
	CreateVpcEndpoint(ctx context.Context, params *CreateVpcEndpointInput, optFns ...func(*Options)) (*CreateVpcEndpointOutput, error)
	// Creates a connection notification for a specified VPC endpoint or VPC endpoint
	// service. A connection notification notifies you of specific endpoint events. You
	// must create an SNS topic to receive notifications. For more information, see
	// Create a Topic (https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html) in
	// the Amazon Simple Notification Service Developer Guide. You can create a
	// connection notification for interface endpoints only.
	CreateVpcEndpointConnectionNotification(ctx context.Context, params *CreateVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*CreateVpcEndpointConnectionNotificationOutput, error)
	// Creates a VPC endpoint service configuration to which service consumers (Amazon
	// Web Services accounts, IAM users, and IAM roles) can connect. To create an
	// endpoint service configuration, you must first create one of the following for
	// your service:
	//
	// * A Network Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html).
	// Service consumers connect to your service using an interface endpoint.
	//
	// * A
	// Gateway Load Balancer
	// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/introduction.html).
	// Service consumers connect to your service using a Gateway Load Balancer
	// endpoint.
	//
	// For more information, see VPC Endpoint Services
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html) in the
	// Amazon Virtual Private Cloud User Guide. If you set the private DNS name, you
	// must prove that you own the private DNS domain name. For more information, see
	// VPC Endpoint Service Private DNS Name Verification
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html)
	// in the Amazon Virtual Private Cloud User Guide.
	CreateVpcEndpointServiceConfiguration(ctx context.Context, params *CreateVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*CreateVpcEndpointServiceConfigurationOutput, error)
	// Requests a VPC peering connection between two VPCs: a requester VPC that you own
	// and an accepter VPC with which to create the connection. The accepter VPC can
	// belong to another Amazon Web Services account and can be in a different Region
	// to the requester VPC. The requester VPC and accepter VPC cannot have overlapping
	// CIDR blocks. Limitations and rules apply to a VPC peering connection. For more
	// information, see the limitations
	// (https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations)
	// section in the VPC Peering Guide. The owner of the accepter VPC must accept the
	// peering request to activate the peering connection. The VPC peering connection
	// request expires after 7 days, after which it cannot be accepted or rejected. If
	// you create a VPC peering connection request between VPCs with overlapping CIDR
	// blocks, the VPC peering connection has a status of failed.
	CreateVpcPeeringConnection(ctx context.Context, params *CreateVpcPeeringConnectionInput, optFns ...func(*Options)) (*CreateVpcPeeringConnectionOutput, error)
	// Creates a VPN connection between an existing virtual private gateway or transit
	// gateway and a customer gateway. The supported connection type is ipsec.1. The
	// response includes information that you need to give to your network
	// administrator to configure your customer gateway. We strongly recommend that you
	// use HTTPS when calling this operation because the response contains sensitive
	// cryptographic information for configuring your customer gateway device. If you
	// decide to shut down your VPN connection for any reason and later create a new
	// VPN connection, you must reconfigure your customer gateway with the new
	// information returned from this call. This is an idempotent operation. If you
	// perform the operation more than once, Amazon EC2 doesn't return an error. For
	// more information, see Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	CreateVpnConnection(ctx context.Context, params *CreateVpnConnectionInput, optFns ...func(*Options)) (*CreateVpnConnectionOutput, error)
	// Creates a static route associated with a VPN connection between an existing
	// virtual private gateway and a VPN customer gateway. The static route allows
	// traffic to be routed from the virtual private gateway to the VPN customer
	// gateway. For more information, see Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	CreateVpnConnectionRoute(ctx context.Context, params *CreateVpnConnectionRouteInput, optFns ...func(*Options)) (*CreateVpnConnectionRouteOutput, error)
	// Creates a virtual private gateway. A virtual private gateway is the endpoint on
	// the VPC side of your VPN connection. You can create a virtual private gateway
	// before creating the VPC itself. For more information, see Amazon Web Services
	// Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in
	// the Amazon Web Services Site-to-Site VPN User Guide.
	CreateVpnGateway(ctx context.Context, params *CreateVpnGatewayInput, optFns ...func(*Options)) (*CreateVpnGatewayOutput, error)
	// Deletes a carrier gateway. If you do not delete the route that contains the
	// carrier gateway as the Target, the route is a blackhole route. For information
	// about how to delete a route, see DeleteRoute
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteRoute.html).
	DeleteCarrierGateway(ctx context.Context, params *DeleteCarrierGatewayInput, optFns ...func(*Options)) (*DeleteCarrierGatewayOutput, error)
	// Deletes the specified Client VPN endpoint. You must disassociate all target
	// networks before you can delete a Client VPN endpoint.
	DeleteClientVpnEndpoint(ctx context.Context, params *DeleteClientVpnEndpointInput, optFns ...func(*Options)) (*DeleteClientVpnEndpointOutput, error)
	// Deletes a route from a Client VPN endpoint. You can only delete routes that you
	// manually added using the CreateClientVpnRoute action. You cannot delete routes
	// that were automatically added when associating a subnet. To remove routes that
	// have been automatically added, disassociate the target subnet from the Client
	// VPN endpoint.
	DeleteClientVpnRoute(ctx context.Context, params *DeleteClientVpnRouteInput, optFns ...func(*Options)) (*DeleteClientVpnRouteOutput, error)
	// Deletes the specified customer gateway. You must delete the VPN connection
	// before you can delete the customer gateway.
	DeleteCustomerGateway(ctx context.Context, params *DeleteCustomerGatewayInput, optFns ...func(*Options)) (*DeleteCustomerGatewayOutput, error)
	// Deletes the specified set of DHCP options. You must disassociate the set of DHCP
	// options before you can delete it. You can disassociate the set of DHCP options
	// by associating either a new set of options or the default set of options with
	// the VPC.
	DeleteDhcpOptions(ctx context.Context, params *DeleteDhcpOptionsInput, optFns ...func(*Options)) (*DeleteDhcpOptionsOutput, error)
	// Deletes an egress-only internet gateway.
	DeleteEgressOnlyInternetGateway(ctx context.Context, params *DeleteEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*DeleteEgressOnlyInternetGatewayOutput, error)
	// Deletes the specified EC2 Fleet. After you delete an EC2 Fleet, it launches no
	// new instances. You must specify whether a deleted EC2 Fleet should also
	// terminate its instances. If you choose to terminate the instances, the EC2 Fleet
	// enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the
	// deleted_running state, and the instances continue to run until they are
	// interrupted or you terminate them manually. For instant fleets, EC2 Fleet must
	// terminate the instances when the fleet is deleted. A deleted instant fleet with
	// running instances is not supported. Restrictions
	//
	// * You can delete up to 25
	// instant fleets in a single request. If you exceed this number, no instant fleets
	// are deleted and an error is returned. There is no restriction on the number of
	// fleets of type maintain or request that can be deleted in a single request.
	//
	// *
	// Up to 1000 instances can be terminated in a single request to delete instant
	// fleets.
	//
	// For more information, see Delete an EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#delete-fleet)
	// in the Amazon EC2 User Guide.
	DeleteFleets(ctx context.Context, params *DeleteFleetsInput, optFns ...func(*Options)) (*DeleteFleetsOutput, error)
	// Deletes one or more flow logs.
	DeleteFlowLogs(ctx context.Context, params *DeleteFlowLogsInput, optFns ...func(*Options)) (*DeleteFlowLogsOutput, error)
	// Deletes the specified Amazon FPGA Image (AFI).
	DeleteFpgaImage(ctx context.Context, params *DeleteFpgaImageInput, optFns ...func(*Options)) (*DeleteFpgaImageOutput, error)
	// Deletes the specified event window. For more information, see Define event
	// windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	DeleteInstanceEventWindow(ctx context.Context, params *DeleteInstanceEventWindowInput, optFns ...func(*Options)) (*DeleteInstanceEventWindowOutput, error)
	// Deletes the specified internet gateway. You must detach the internet gateway
	// from the VPC before you can delete it.
	DeleteInternetGateway(ctx context.Context, params *DeleteInternetGatewayInput, optFns ...func(*Options)) (*DeleteInternetGatewayOutput, error)
	// Delete an IPAM. Deleting an IPAM removes all monitored data associated with the
	// IPAM including the historical data for CIDRs. You cannot delete an IPAM if there
	// are CIDRs provisioned to pools or if there are allocations in the pools within
	// the IPAM. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html).
	// To release allocations, see ReleaseIpamPoolAllocation
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html).
	// For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.
	DeleteIpam(ctx context.Context, params *DeleteIpamInput, optFns ...func(*Options)) (*DeleteIpamOutput, error)
	// Delete an IPAM pool. You cannot delete an IPAM pool if there are allocations in
	// it or CIDRs provisioned to it. To release allocations, see
	// ReleaseIpamPoolAllocation
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html).
	// To deprovision pool CIDRs, see DeprovisionIpamPoolCidr
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html).
	// For more information, see Delete a pool in the Amazon VPC IPAM User Guide.
	DeleteIpamPool(ctx context.Context, params *DeleteIpamPoolInput, optFns ...func(*Options)) (*DeleteIpamPoolOutput, error)
	// Delete the scope for an IPAM. You cannot delete the default scopes. For more
	// information, see Delete a scope in the Amazon VPC IPAM User Guide.
	DeleteIpamScope(ctx context.Context, params *DeleteIpamScopeInput, optFns ...func(*Options)) (*DeleteIpamScopeOutput, error)
	// Deletes the specified key pair, by removing the public key from Amazon EC2.
	DeleteKeyPair(ctx context.Context, params *DeleteKeyPairInput, optFns ...func(*Options)) (*DeleteKeyPairOutput, error)
	// Deletes a launch template. Deleting a launch template deletes all of its
	// versions.
	DeleteLaunchTemplate(ctx context.Context, params *DeleteLaunchTemplateInput, optFns ...func(*Options)) (*DeleteLaunchTemplateOutput, error)
	// Deletes one or more versions of a launch template. You cannot delete the default
	// version of a launch template; you must first assign a different version as the
	// default. If the default version is the only version for the launch template, you
	// must delete the entire launch template using DeleteLaunchTemplate.
	DeleteLaunchTemplateVersions(ctx context.Context, params *DeleteLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DeleteLaunchTemplateVersionsOutput, error)
	// Deletes the specified route from the specified local gateway route table.
	DeleteLocalGatewayRoute(ctx context.Context, params *DeleteLocalGatewayRouteInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteOutput, error)
	// Deletes the specified association between a VPC and local gateway route table.
	DeleteLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *DeleteLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteTableVpcAssociationOutput, error)
	// Deletes the specified managed prefix list. You must first remove all references
	// to the prefix list in your resources.
	DeleteManagedPrefixList(ctx context.Context, params *DeleteManagedPrefixListInput, optFns ...func(*Options)) (*DeleteManagedPrefixListOutput, error)
	// Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates
	// its Elastic IP address, but does not release the address from your account.
	// Deleting a NAT gateway does not delete any NAT gateway routes in your route
	// tables.
	DeleteNatGateway(ctx context.Context, params *DeleteNatGatewayInput, optFns ...func(*Options)) (*DeleteNatGatewayOutput, error)
	// Deletes the specified network ACL. You can't delete the ACL if it's associated
	// with any subnets. You can't delete the default network ACL.
	DeleteNetworkAcl(ctx context.Context, params *DeleteNetworkAclInput, optFns ...func(*Options)) (*DeleteNetworkAclOutput, error)
	// Deletes the specified ingress or egress entry (rule) from the specified network
	// ACL.
	DeleteNetworkAclEntry(ctx context.Context, params *DeleteNetworkAclEntryInput, optFns ...func(*Options)) (*DeleteNetworkAclEntryOutput, error)
	// Deletes the specified Network Access Scope.
	DeleteNetworkInsightsAccessScope(ctx context.Context, params *DeleteNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeOutput, error)
	// Deletes the specified Network Access Scope analysis.
	DeleteNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *DeleteNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeAnalysisOutput, error)
	// Deletes the specified network insights analysis.
	DeleteNetworkInsightsAnalysis(ctx context.Context, params *DeleteNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAnalysisOutput, error)
	// Deletes the specified path.
	DeleteNetworkInsightsPath(ctx context.Context, params *DeleteNetworkInsightsPathInput, optFns ...func(*Options)) (*DeleteNetworkInsightsPathOutput, error)
	// Deletes the specified network interface. You must detach the network interface
	// before you can delete it.
	DeleteNetworkInterface(ctx context.Context, params *DeleteNetworkInterfaceInput, optFns ...func(*Options)) (*DeleteNetworkInterfaceOutput, error)
	// Deletes a permission for a network interface. By default, you cannot delete the
	// permission if the account for which you're removing the permission has attached
	// the network interface to an instance. However, you can force delete the
	// permission, regardless of any attachment.
	DeleteNetworkInterfacePermission(ctx context.Context, params *DeleteNetworkInterfacePermissionInput, optFns ...func(*Options)) (*DeleteNetworkInterfacePermissionOutput, error)
	// Deletes the specified placement group. You must terminate all instances in the
	// placement group before you can delete the placement group. For more information,
	// see Placement groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
	// the Amazon EC2 User Guide.
	DeletePlacementGroup(ctx context.Context, params *DeletePlacementGroupInput, optFns ...func(*Options)) (*DeletePlacementGroupOutput, error)
	// Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required
	// for the public IPv4 CIDRs that you own and bring to Amazon Web Services to
	// manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use
	// IPAM pools only.
	DeletePublicIpv4Pool(ctx context.Context, params *DeletePublicIpv4PoolInput, optFns ...func(*Options)) (*DeletePublicIpv4PoolOutput, error)
	// Deletes the queued purchases for the specified Reserved Instances.
	DeleteQueuedReservedInstances(ctx context.Context, params *DeleteQueuedReservedInstancesInput, optFns ...func(*Options)) (*DeleteQueuedReservedInstancesOutput, error)
	// Deletes the specified route from the specified route table.
	DeleteRoute(ctx context.Context, params *DeleteRouteInput, optFns ...func(*Options)) (*DeleteRouteOutput, error)
	// Deletes the specified route table. You must disassociate the route table from
	// any subnets before you can delete it. You can't delete the main route table.
	DeleteRouteTable(ctx context.Context, params *DeleteRouteTableInput, optFns ...func(*Options)) (*DeleteRouteTableOutput, error)
	// Deletes a security group. If you attempt to delete a security group that is
	// associated with an instance, or is referenced by another security group, the
	// operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in
	// EC2-VPC.
	DeleteSecurityGroup(ctx context.Context, params *DeleteSecurityGroupInput, optFns ...func(*Options)) (*DeleteSecurityGroupOutput, error)
	// Deletes the specified snapshot. When you make periodic snapshots of a volume,
	// the snapshots are incremental, and only the blocks on the device that have
	// changed since your last snapshot are saved in the new snapshot. When you delete
	// a snapshot, only the data not needed for any other snapshot is removed. So
	// regardless of which prior snapshots have been deleted, all active snapshots will
	// have access to all the information needed to restore the volume. You cannot
	// delete a snapshot of the root device of an EBS volume used by a registered AMI.
	// You must first de-register the AMI before you can delete the snapshot. For more
	// information, see Delete an Amazon EBS snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-snapshot.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DeleteSnapshot(ctx context.Context, params *DeleteSnapshotInput, optFns ...func(*Options)) (*DeleteSnapshotOutput, error)
	// Deletes the data feed for Spot Instances.
	DeleteSpotDatafeedSubscription(ctx context.Context, params *DeleteSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DeleteSpotDatafeedSubscriptionOutput, error)
	// Deletes the specified subnet. You must terminate all running instances in the
	// subnet before you can delete the subnet.
	DeleteSubnet(ctx context.Context, params *DeleteSubnetInput, optFns ...func(*Options)) (*DeleteSubnetOutput, error)
	// Deletes a subnet CIDR reservation.
	DeleteSubnetCidrReservation(ctx context.Context, params *DeleteSubnetCidrReservationInput, optFns ...func(*Options)) (*DeleteSubnetCidrReservationOutput, error)
	// Deletes the specified set of tags from the specified set of resources. To list
	// the current tags, use DescribeTags. For more information about tags, see Tagging
	// Your Resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error)
	// Deletes the specified Traffic Mirror filter. You cannot delete a Traffic Mirror
	// filter that is in use by a Traffic Mirror session.
	DeleteTrafficMirrorFilter(ctx context.Context, params *DeleteTrafficMirrorFilterInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterOutput, error)
	// Deletes the specified Traffic Mirror rule.
	DeleteTrafficMirrorFilterRule(ctx context.Context, params *DeleteTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterRuleOutput, error)
	// Deletes the specified Traffic Mirror session.
	DeleteTrafficMirrorSession(ctx context.Context, params *DeleteTrafficMirrorSessionInput, optFns ...func(*Options)) (*DeleteTrafficMirrorSessionOutput, error)
	// Deletes the specified Traffic Mirror target. You cannot delete a Traffic Mirror
	// target that is in use by a Traffic Mirror session.
	DeleteTrafficMirrorTarget(ctx context.Context, params *DeleteTrafficMirrorTargetInput, optFns ...func(*Options)) (*DeleteTrafficMirrorTargetOutput, error)
	// Deletes the specified transit gateway.
	DeleteTransitGateway(ctx context.Context, params *DeleteTransitGatewayInput, optFns ...func(*Options)) (*DeleteTransitGatewayOutput, error)
	// Deletes the specified Connect attachment. You must first delete any Connect
	// peers for the attachment.
	DeleteTransitGatewayConnect(ctx context.Context, params *DeleteTransitGatewayConnectInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectOutput, error)
	// Deletes the specified Connect peer.
	DeleteTransitGatewayConnectPeer(ctx context.Context, params *DeleteTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectPeerOutput, error)
	// Deletes the specified transit gateway multicast domain.
	DeleteTransitGatewayMulticastDomain(ctx context.Context, params *DeleteTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DeleteTransitGatewayMulticastDomainOutput, error)
	// Deletes a transit gateway peering attachment.
	DeleteTransitGatewayPeeringAttachment(ctx context.Context, params *DeleteTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayPeeringAttachmentOutput, error)
	// Deletes a reference (route) to a prefix list in a specified transit gateway
	// route table.
	DeleteTransitGatewayPrefixListReference(ctx context.Context, params *DeleteTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*DeleteTransitGatewayPrefixListReferenceOutput, error)
	// Deletes the specified route from the specified transit gateway route table.
	DeleteTransitGatewayRoute(ctx context.Context, params *DeleteTransitGatewayRouteInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteOutput, error)
	// Deletes the specified transit gateway route table. You must disassociate the
	// route table from any transit gateway route tables before you can delete it.
	DeleteTransitGatewayRouteTable(ctx context.Context, params *DeleteTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteTableOutput, error)
	// Deletes the specified VPC attachment.
	DeleteTransitGatewayVpcAttachment(ctx context.Context, params *DeleteTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayVpcAttachmentOutput, error)
	// Deletes the specified EBS volume. The volume must be in the available state (not
	// attached to an instance). The volume can remain in the deleting state for
	// several minutes. For more information, see Delete an Amazon EBS volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DeleteVolume(ctx context.Context, params *DeleteVolumeInput, optFns ...func(*Options)) (*DeleteVolumeOutput, error)
	// Deletes the specified VPC. You must detach or delete all gateways and resources
	// that are associated with the VPC before you can delete it. For example, you must
	// terminate all instances running in the VPC, delete all security groups
	// associated with the VPC (except the default one), delete all route tables
	// associated with the VPC (except the default one), and so on.
	DeleteVpc(ctx context.Context, params *DeleteVpcInput, optFns ...func(*Options)) (*DeleteVpcOutput, error)
	// Deletes one or more VPC endpoint connection notifications.
	DeleteVpcEndpointConnectionNotifications(ctx context.Context, params *DeleteVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointConnectionNotificationsOutput, error)
	// Deletes one or more VPC endpoint service configurations in your account. Before
	// you delete the endpoint service configuration, you must reject any Available or
	// PendingAcceptance interface endpoint connections that are attached to the
	// service.
	DeleteVpcEndpointServiceConfigurations(ctx context.Context, params *DeleteVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointServiceConfigurationsOutput, error)
	// Deletes one or more specified VPC endpoints. You can delete any of the following
	// types of VPC endpoints.
	//
	// * Gateway endpoint,
	//
	// * Gateway Load Balancer
	// endpoint,
	//
	// * Interface endpoint
	//
	// The following rules apply when you delete a VPC
	// endpoint:
	//
	// * When you delete a gateway endpoint, we delete the endpoint routes
	// in the route tables that are associated with the endpoint.
	//
	// * When you delete a
	// Gateway Load Balancer endpoint, we delete the endpoint network interfaces. You
	// can only delete Gateway Load Balancer endpoints when the routes that are
	// associated with the endpoint are deleted.
	//
	// * When you delete an interface
	// endpoint, we delete the endpoint network interfaces.
	DeleteVpcEndpoints(ctx context.Context, params *DeleteVpcEndpointsInput, optFns ...func(*Options)) (*DeleteVpcEndpointsOutput, error)
	// Deletes a VPC peering connection. Either the owner of the requester VPC or the
	// owner of the accepter VPC can delete the VPC peering connection if it's in the
	// active state. The owner of the requester VPC can delete a VPC peering connection
	// in the pending-acceptance state. You cannot delete a VPC peering connection
	// that's in the failed state.
	DeleteVpcPeeringConnection(ctx context.Context, params *DeleteVpcPeeringConnectionInput, optFns ...func(*Options)) (*DeleteVpcPeeringConnectionOutput, error)
	// Deletes the specified VPN connection. If you're deleting the VPC and its
	// associated components, we recommend that you detach the virtual private gateway
	// from the VPC and delete the VPC before deleting the VPN connection. If you
	// believe that the tunnel credentials for your VPN connection have been
	// compromised, you can delete the VPN connection and create a new one that has new
	// keys, without needing to delete the VPC or virtual private gateway. If you
	// create a new VPN connection, you must reconfigure the customer gateway device
	// using the new configuration information returned with the new VPN connection ID.
	// For certificate-based authentication, delete all Certificate Manager (ACM)
	// private certificates used for the Amazon Web Services-side tunnel endpoints for
	// the VPN connection before deleting the VPN connection.
	DeleteVpnConnection(ctx context.Context, params *DeleteVpnConnectionInput, optFns ...func(*Options)) (*DeleteVpnConnectionOutput, error)
	// Deletes the specified static route associated with a VPN connection between an
	// existing virtual private gateway and a VPN customer gateway. The static route
	// allows traffic to be routed from the virtual private gateway to the VPN customer
	// gateway.
	DeleteVpnConnectionRoute(ctx context.Context, params *DeleteVpnConnectionRouteInput, optFns ...func(*Options)) (*DeleteVpnConnectionRouteOutput, error)
	// Deletes the specified virtual private gateway. You must first detach the virtual
	// private gateway from the VPC. Note that you don't need to delete the virtual
	// private gateway if you plan to delete and recreate the VPN connection between
	// your VPC and your network.
	DeleteVpnGateway(ctx context.Context, params *DeleteVpnGatewayInput, optFns ...func(*Options)) (*DeleteVpnGatewayOutput, error)
	// Releases the specified address range that you provisioned for use with your
	// Amazon Web Services resources through bring your own IP addresses (BYOIP) and
	// deletes the corresponding address pool. Before you can release an address range,
	// you must stop advertising it using WithdrawByoipCidr and you must not have any
	// IP addresses allocated from its address range.
	DeprovisionByoipCidr(ctx context.Context, params *DeprovisionByoipCidrInput, optFns ...func(*Options)) (*DeprovisionByoipCidrOutput, error)
	// Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from
	// a pool that has a source pool, the CIDR is recycled back into the source pool.
	// For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User
	// Guide.
	DeprovisionIpamPoolCidr(ctx context.Context, params *DeprovisionIpamPoolCidrInput, optFns ...func(*Options)) (*DeprovisionIpamPoolCidrOutput, error)
	// Deprovision a CIDR from a public IPv4 pool.
	DeprovisionPublicIpv4PoolCidr(ctx context.Context, params *DeprovisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*DeprovisionPublicIpv4PoolCidrOutput, error)
	// Deregisters the specified AMI. After you deregister an AMI, it can't be used to
	// launch new instances. If you deregister an AMI that matches a Recycle Bin
	// retention rule, the AMI is retained in the Recycle Bin for the specified
	// retention period. For more information, see Recycle Bin
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
	// Amazon Elastic Compute Cloud User Guide. When you deregister an AMI, it doesn't
	// affect any instances that you've already launched from the AMI. You'll continue
	// to incur usage costs for those instances until you terminate them. When you
	// deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was
	// created for the root volume of the instance during the AMI creation process.
	// When you deregister an instance store-backed AMI, it doesn't affect the files
	// that you uploaded to Amazon S3 when you created the AMI.
	DeregisterImage(ctx context.Context, params *DeregisterImageInput, optFns ...func(*Options)) (*DeregisterImageOutput, error)
	// Deregisters tag keys to prevent tags that have the specified tag keys from being
	// included in scheduled event notifications for resources in the Region.
	DeregisterInstanceEventNotificationAttributes(ctx context.Context, params *DeregisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DeregisterInstanceEventNotificationAttributesOutput, error)
	// Deregisters the specified members (network interfaces) from the transit gateway
	// multicast group.
	DeregisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupMembersOutput, error)
	// Deregisters the specified sources (network interfaces) from the transit gateway
	// multicast group.
	DeregisterTransitGatewayMulticastGroupSources(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupSourcesOutput, error)
	// Describes attributes of your Amazon Web Services account. The following are the
	// supported account attributes:
	//
	// * supported-platforms: Indicates whether your
	// account can launch instances into EC2-Classic and EC2-VPC, or only into
	// EC2-VPC.
	//
	// * default-vpc: The ID of the default VPC for your account, or none.
	//
	// *
	// max-instances: This attribute is no longer supported. The returned value does
	// not reflect your actual vCPU limit for running On-Demand Instances. For more
	// information, see On-Demand Instance Limits
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits)
	// in the Amazon Elastic Compute Cloud User Guide.
	//
	// *
	// vpc-max-security-groups-per-interface: The maximum number of security groups
	// that you can assign to a network interface.
	//
	// * max-elastic-ips: The maximum
	// number of Elastic IP addresses that you can allocate for use with
	// EC2-Classic.
	//
	// * vpc-max-elastic-ips: The maximum number of Elastic IP addresses
	// that you can allocate for use with EC2-VPC.
	DescribeAccountAttributes(ctx context.Context, params *DescribeAccountAttributesInput, optFns ...func(*Options)) (*DescribeAccountAttributesOutput, error)
	// Describes the specified Elastic IP addresses or all of your Elastic IP
	// addresses. An Elastic IP address is for use in either the EC2-Classic platform
	// or in a VPC. For more information, see Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DescribeAddresses(ctx context.Context, params *DescribeAddressesInput, optFns ...func(*Options)) (*DescribeAddressesOutput, error)
	// Describes the attributes of the specified Elastic IP addresses. For
	// requirements, see Using reverse DNS for email applications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
	DescribeAddressesAttribute(ctx context.Context, params *DescribeAddressesAttributeInput, optFns ...func(*Options)) (*DescribeAddressesAttributeOutput, error)
	// Describes the longer ID format settings for all resource types in a specific
	// Region. This request is useful for performing a quick audit to determine whether
	// a specific Region is fully opted in for longer IDs (17-character IDs). This
	// request only returns information about resource types that support longer IDs.
	// The following resource types support longer IDs: bundle | conversion-task |
	// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
	// | export-task | flow-log | image | import-task | instance | internet-gateway |
	// network-acl | network-acl-association | network-interface |
	// network-interface-attachment | prefix-list | reservation | route-table |
	// route-table-association | security-group | snapshot | subnet |
	// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
	// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.
	DescribeAggregateIdFormat(ctx context.Context, params *DescribeAggregateIdFormatInput, optFns ...func(*Options)) (*DescribeAggregateIdFormatOutput, error)
	// Describes the Availability Zones, Local Zones, and Wavelength Zones that are
	// available to you. If there is an event impacting a zone, you can use this
	// request to view the state and any provided messages for that zone. For more
	// information about Availability Zones, Local Zones, and Wavelength Zones, see
	// Regions and zones
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DescribeAvailabilityZones(ctx context.Context, params *DescribeAvailabilityZonesInput, optFns ...func(*Options)) (*DescribeAvailabilityZonesOutput, error)
	// Describes the specified bundle tasks or all of your bundle tasks. Completed
	// bundle tasks are listed for only a limited time. If your bundle task is no
	// longer in the list, you can still register an AMI from it. Just use
	// RegisterImage with the Amazon S3 bucket name and image manifest name you
	// provided to the bundle task.
	DescribeBundleTasks(ctx context.Context, params *DescribeBundleTasksInput, optFns ...func(*Options)) (*DescribeBundleTasksOutput, error)
	// Describes the IP address ranges that were specified in calls to
	// ProvisionByoipCidr. To describe the address pools that were created when you
	// provisioned the address ranges, use DescribePublicIpv4Pools or
	// DescribeIpv6Pools.
	DescribeByoipCidrs(ctx context.Context, params *DescribeByoipCidrsInput, optFns ...func(*Options)) (*DescribeByoipCidrsOutput, error)
	// Describes one or more Capacity Reservation Fleets.
	DescribeCapacityReservationFleets(ctx context.Context, params *DescribeCapacityReservationFleetsInput, optFns ...func(*Options)) (*DescribeCapacityReservationFleetsOutput, error)
	// Describes one or more of your Capacity Reservations. The results describe only
	// the Capacity Reservations in the Amazon Web Services Region that you're
	// currently using.
	DescribeCapacityReservations(ctx context.Context, params *DescribeCapacityReservationsInput, optFns ...func(*Options)) (*DescribeCapacityReservationsOutput, error)
	// Describes one or more of your carrier gateways.
	DescribeCarrierGateways(ctx context.Context, params *DescribeCarrierGatewaysInput, optFns ...func(*Options)) (*DescribeCarrierGatewaysOutput, error)
	// Describes one or more of your linked EC2-Classic instances. This request only
	// returns information about EC2-Classic instances linked to a VPC through
	// ClassicLink. You cannot use this request to return information about other
	// instances.
	DescribeClassicLinkInstances(ctx context.Context, params *DescribeClassicLinkInstancesInput, optFns ...func(*Options)) (*DescribeClassicLinkInstancesOutput, error)
	// Describes the authorization rules for a specified Client VPN endpoint.
	DescribeClientVpnAuthorizationRules(ctx context.Context, params *DescribeClientVpnAuthorizationRulesInput, optFns ...func(*Options)) (*DescribeClientVpnAuthorizationRulesOutput, error)
	// Describes active client connections and connections that have been terminated
	// within the last 60 minutes for the specified Client VPN endpoint.
	DescribeClientVpnConnections(ctx context.Context, params *DescribeClientVpnConnectionsInput, optFns ...func(*Options)) (*DescribeClientVpnConnectionsOutput, error)
	// Describes one or more Client VPN endpoints in the account.
	DescribeClientVpnEndpoints(ctx context.Context, params *DescribeClientVpnEndpointsInput, optFns ...func(*Options)) (*DescribeClientVpnEndpointsOutput, error)
	// Describes the routes for the specified Client VPN endpoint.
	DescribeClientVpnRoutes(ctx context.Context, params *DescribeClientVpnRoutesInput, optFns ...func(*Options)) (*DescribeClientVpnRoutesOutput, error)
	// Describes the target networks associated with the specified Client VPN endpoint.
	DescribeClientVpnTargetNetworks(ctx context.Context, params *DescribeClientVpnTargetNetworksInput, optFns ...func(*Options)) (*DescribeClientVpnTargetNetworksOutput, error)
	// Describes the specified customer-owned address pools or all of your
	// customer-owned address pools.
	DescribeCoipPools(ctx context.Context, params *DescribeCoipPoolsInput, optFns ...func(*Options)) (*DescribeCoipPoolsOutput, error)
	// Describes the specified conversion tasks or all your conversion tasks. For more
	// information, see the VM Import/Export User Guide
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/). For information about
	// the import manifest referenced by this API action, see VM Import Manifest
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
	DescribeConversionTasks(ctx context.Context, params *DescribeConversionTasksInput, optFns ...func(*Options)) (*DescribeConversionTasksOutput, error)
	// Describes one or more of your VPN customer gateways. For more information, see
	// Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	DescribeCustomerGateways(ctx context.Context, params *DescribeCustomerGatewaysInput, optFns ...func(*Options)) (*DescribeCustomerGatewaysOutput, error)
	// Describes one or more of your DHCP options sets. For more information, see DHCP
	// options sets
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
	// Amazon Virtual Private Cloud User Guide.
	DescribeDhcpOptions(ctx context.Context, params *DescribeDhcpOptionsInput, optFns ...func(*Options)) (*DescribeDhcpOptionsOutput, error)
	// Describes one or more of your egress-only internet gateways.
	DescribeEgressOnlyInternetGateways(ctx context.Context, params *DescribeEgressOnlyInternetGatewaysInput, optFns ...func(*Options)) (*DescribeEgressOnlyInternetGatewaysOutput, error)
	// Describes the Elastic Graphics accelerator associated with your instances. For
	// more information about Elastic Graphics, see Amazon Elastic Graphics
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html).
	DescribeElasticGpus(ctx context.Context, params *DescribeElasticGpusInput, optFns ...func(*Options)) (*DescribeElasticGpusOutput, error)
	// Describes the specified export image tasks or all of your export image tasks.
	DescribeExportImageTasks(ctx context.Context, params *DescribeExportImageTasksInput, optFns ...func(*Options)) (*DescribeExportImageTasksOutput, error)
	// Describes the specified export instance tasks or all of your export instance
	// tasks.
	DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error)
	// Describe details for Windows AMIs that are configured for faster launching.
	DescribeFastLaunchImages(ctx context.Context, params *DescribeFastLaunchImagesInput, optFns ...func(*Options)) (*DescribeFastLaunchImagesOutput, error)
	// Describes the state of fast snapshot restores for your snapshots.
	DescribeFastSnapshotRestores(ctx context.Context, params *DescribeFastSnapshotRestoresInput, optFns ...func(*Options)) (*DescribeFastSnapshotRestoresOutput, error)
	// Describes the events for the specified EC2 Fleet during the specified time. EC2
	// Fleet events are delayed by up to 30 seconds before they can be described. This
	// ensures that you can query by the last evaluated time and not miss a recorded
	// event. EC2 Fleet events are available for 48 hours. For more information, see
	// Monitor fleet events using Amazon EventBridge
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the
	// Amazon EC2 User Guide.
	DescribeFleetHistory(ctx context.Context, params *DescribeFleetHistoryInput, optFns ...func(*Options)) (*DescribeFleetHistoryOutput, error)
	// Describes the running instances for the specified EC2 Fleet. For more
	// information, see Monitor your EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet)
	// in the Amazon EC2 User Guide.
	DescribeFleetInstances(ctx context.Context, params *DescribeFleetInstancesInput, optFns ...func(*Options)) (*DescribeFleetInstancesOutput, error)
	// Describes the specified EC2 Fleets or all of your EC2 Fleets. For more
	// information, see Monitor your EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet)
	// in the Amazon EC2 User Guide.
	DescribeFleets(ctx context.Context, params *DescribeFleetsInput, optFns ...func(*Options)) (*DescribeFleetsOutput, error)
	// Describes one or more flow logs. To view the information in your flow logs (the
	// log streams for the network interfaces), you must use the CloudWatch Logs
	// console or the CloudWatch Logs API.
	DescribeFlowLogs(ctx context.Context, params *DescribeFlowLogsInput, optFns ...func(*Options)) (*DescribeFlowLogsOutput, error)
	// Describes the specified attribute of the specified Amazon FPGA Image (AFI).
	DescribeFpgaImageAttribute(ctx context.Context, params *DescribeFpgaImageAttributeInput, optFns ...func(*Options)) (*DescribeFpgaImageAttributeOutput, error)
	// Describes the Amazon FPGA Images (AFIs) available to you. These include public
	// AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services
	// accounts for which you have load permissions.
	DescribeFpgaImages(ctx context.Context, params *DescribeFpgaImagesInput, optFns ...func(*Options)) (*DescribeFpgaImagesOutput, error)
	// Describes the Dedicated Host reservations that are available to purchase. The
	// results describe all of the Dedicated Host reservation offerings, including
	// offerings that might not match the instance family and Region of your Dedicated
	// Hosts. When purchasing an offering, ensure that the instance family and Region
	// of the offering matches that of the Dedicated Hosts with which it is to be
	// associated. For more information about supported instance types, see Dedicated
	// Hosts
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html)
	// in the Amazon EC2 User Guide.
	DescribeHostReservationOfferings(ctx context.Context, params *DescribeHostReservationOfferingsInput, optFns ...func(*Options)) (*DescribeHostReservationOfferingsOutput, error)
	// Describes reservations that are associated with Dedicated Hosts in your account.
	DescribeHostReservations(ctx context.Context, params *DescribeHostReservationsInput, optFns ...func(*Options)) (*DescribeHostReservationsOutput, error)
	// Describes the specified Dedicated Hosts or all your Dedicated Hosts. The results
	// describe only the Dedicated Hosts in the Region you're currently using. All
	// listed instances consume capacity on your Dedicated Host. Dedicated Hosts that
	// have recently been released are listed with the state released.
	DescribeHosts(ctx context.Context, params *DescribeHostsInput, optFns ...func(*Options)) (*DescribeHostsOutput, error)
	// Describes your IAM instance profile associations.
	DescribeIamInstanceProfileAssociations(ctx context.Context, params *DescribeIamInstanceProfileAssociationsInput, optFns ...func(*Options)) (*DescribeIamInstanceProfileAssociationsOutput, error)
	// Describes the ID format settings for your resources on a per-Region basis, for
	// example, to view which resource types are enabled for longer IDs. This request
	// only returns information about resource types whose ID formats can be modified;
	// it does not return information about other resource types. The following
	// resource types support longer IDs: bundle | conversion-task | customer-gateway |
	// dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task |
	// flow-log | image | import-task | instance | internet-gateway | network-acl |
	// network-acl-association | network-interface | network-interface-attachment |
	// prefix-list | reservation | route-table | route-table-association |
	// security-group | snapshot | subnet | subnet-cidr-block-association | volume |
	// vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
	// vpn-connection | vpn-gateway. These settings apply to the IAM user who makes the
	// request; they do not apply to the entire Amazon Web Services account. By
	// default, an IAM user defaults to the same settings as the root user, unless they
	// explicitly override the settings by running the ModifyIdFormat command.
	// Resources created with longer IDs are visible to all IAM users, regardless of
	// these settings and provided that they have permission to use the relevant
	// Describe command for the resource type.
	DescribeIdFormat(ctx context.Context, params *DescribeIdFormatInput, optFns ...func(*Options)) (*DescribeIdFormatOutput, error)
	// Describes the ID format settings for resources for the specified IAM user, IAM
	// role, or root user. For example, you can view the resource types that are
	// enabled for longer IDs. This request only returns information about resource
	// types whose ID formats can be modified; it does not return information about
	// other resource types. For more information, see Resource IDs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
	// Amazon Elastic Compute Cloud User Guide. The following resource types support
	// longer IDs: bundle | conversion-task | customer-gateway | dhcp-options |
	// elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image
	// | import-task | instance | internet-gateway | network-acl |
	// network-acl-association | network-interface | network-interface-attachment |
	// prefix-list | reservation | route-table | route-table-association |
	// security-group | snapshot | subnet | subnet-cidr-block-association | volume |
	// vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
	// vpn-connection | vpn-gateway. These settings apply to the principal specified in
	// the request. They do not apply to the principal that makes the request.
	DescribeIdentityIdFormat(ctx context.Context, params *DescribeIdentityIdFormatInput, optFns ...func(*Options)) (*DescribeIdentityIdFormatOutput, error)
	// Describes the specified attribute of the specified AMI. You can specify only one
	// attribute at a time.
	DescribeImageAttribute(ctx context.Context, params *DescribeImageAttributeInput, optFns ...func(*Options)) (*DescribeImageAttributeOutput, error)
	// Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of
	// the images available to you. The images available to you include public images,
	// private images that you own, and private images owned by other Amazon Web
	// Services accounts for which you have explicit launch permissions. Recently
	// deregistered images appear in the returned results for a short interval and then
	// return empty results. After all instances that reference a deregistered AMI are
	// terminated, specifying the ID of the image will eventually return an error
	// indicating that the AMI ID cannot be found.
	DescribeImages(ctx context.Context, params *DescribeImagesInput, optFns ...func(*Options)) (*DescribeImagesOutput, error)
	// Displays details about an import virtual machine or import snapshot tasks that
	// are already created.
	DescribeImportImageTasks(ctx context.Context, params *DescribeImportImageTasksInput, optFns ...func(*Options)) (*DescribeImportImageTasksOutput, error)
	// Describes your import snapshot tasks.
	DescribeImportSnapshotTasks(ctx context.Context, params *DescribeImportSnapshotTasksInput, optFns ...func(*Options)) (*DescribeImportSnapshotTasksOutput, error)
	// Describes the specified attribute of the specified instance. You can specify
	// only one attribute at a time. Valid attribute values are: instanceType | kernel
	// | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior
	// | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck |
	// groupSet | ebsOptimized | sriovNetSupport
	DescribeInstanceAttribute(ctx context.Context, params *DescribeInstanceAttributeInput, optFns ...func(*Options)) (*DescribeInstanceAttributeOutput, error)
	// Describes the credit option for CPU usage of the specified burstable performance
	// instances. The credit options are standard and unlimited. If you do not specify
	// an instance ID, Amazon EC2 returns burstable performance instances with the
	// unlimited credit option, as well as instances that were previously configured as
	// T2, T3, and T3a with the unlimited credit option. For example, if you resize a
	// T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2
	// returns the M4 instance. If you specify one or more instance IDs, Amazon EC2
	// returns the credit option (standard or unlimited) of those instances. If you
	// specify an instance ID that is not valid, such as an instance that is not a
	// burstable performance instance, an error is returned. Recently terminated
	// instances might appear in the returned results. This interval is usually less
	// than one hour. If an Availability Zone is experiencing a service disruption and
	// you specify instance IDs in the affected zone, or do not specify any instance
	// IDs at all, the call fails. If you specify only instance IDs in an unaffected
	// zone, the call works normally. For more information, see Burstable performance
	// instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
	// in the Amazon EC2 User Guide.
	DescribeInstanceCreditSpecifications(ctx context.Context, params *DescribeInstanceCreditSpecificationsInput, optFns ...func(*Options)) (*DescribeInstanceCreditSpecificationsOutput, error)
	// Describes the tag keys that are registered to appear in scheduled event
	// notifications for resources in the current Region.
	DescribeInstanceEventNotificationAttributes(ctx context.Context, params *DescribeInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DescribeInstanceEventNotificationAttributesOutput, error)
	// Describes the specified event windows or all event windows. If you specify event
	// window IDs, the output includes information for only the specified event
	// windows. If you specify filters, the output includes information for only those
	// event windows that meet the filter criteria. If you do not specify event windows
	// IDs or filters, the output includes information for all event windows, which can
	// affect performance. We recommend that you use pagination to ensure that the
	// operation returns quickly and successfully. For more information, see Define
	// event windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	DescribeInstanceEventWindows(ctx context.Context, params *DescribeInstanceEventWindowsInput, optFns ...func(*Options)) (*DescribeInstanceEventWindowsOutput, error)
	// Describes the status of the specified instances or all of your instances. By
	// default, only running instances are described, unless you specifically indicate
	// to return the status of all instances. Instance status includes the following
	// components:
	//
	// * Status checks - Amazon EC2 performs status checks on running EC2
	// instances to identify hardware and software issues. For more information, see
	// Status checks for your instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html)
	// and Troubleshoot instances with failed status checks
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html)
	// in the Amazon EC2 User Guide.
	//
	// * Scheduled events - Amazon EC2 can schedule
	// events (such as reboot, stop, or terminate) for your instances related to
	// hardware issues, software updates, or system maintenance. For more information,
	// see Scheduled events for your instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html)
	// in the Amazon EC2 User Guide.
	//
	// * Instance state - You can manage your instances
	// from the moment you launch them through their termination. For more information,
	// see Instance lifecycle
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
	// in the Amazon EC2 User Guide.
	DescribeInstanceStatus(ctx context.Context, params *DescribeInstanceStatusInput, optFns ...func(*Options)) (*DescribeInstanceStatusOutput, error)
	// Returns a list of all instance types offered. The results can be filtered by
	// location (Region or Availability Zone). If no location is specified, the
	// instance types offered in the current Region are returned.
	DescribeInstanceTypeOfferings(ctx context.Context, params *DescribeInstanceTypeOfferingsInput, optFns ...func(*Options)) (*DescribeInstanceTypeOfferingsOutput, error)
	// Describes the details of the instance types that are offered in a location. The
	// results can be filtered by the attributes of the instance types.
	DescribeInstanceTypes(ctx context.Context, params *DescribeInstanceTypesInput, optFns ...func(*Options)) (*DescribeInstanceTypesOutput, error)
	// Describes the specified instances or all instances. If you specify instance IDs,
	// the output includes information for only the specified instances. If you specify
	// filters, the output includes information for only those instances that meet the
	// filter criteria. If you do not specify instance IDs or filters, the output
	// includes information for all instances, which can affect performance. We
	// recommend that you use pagination to ensure that the operation returns quickly
	// and successfully. If you specify an instance ID that is not valid, an error is
	// returned. If you specify an instance that you do not own, it is not included in
	// the output. Recently terminated instances might appear in the returned results.
	// This interval is usually less than one hour. If you describe instances in the
	// rare case where an Availability Zone is experiencing a service disruption and
	// you specify instance IDs that are in the affected zone, or do not specify any
	// instance IDs at all, the call fails. If you describe instances and specify only
	// instance IDs that are in an unaffected zone, the call works normally.
	DescribeInstances(ctx context.Context, params *DescribeInstancesInput, optFns ...func(*Options)) (*DescribeInstancesOutput, error)
	// Describes one or more of your internet gateways.
	DescribeInternetGateways(ctx context.Context, params *DescribeInternetGatewaysInput, optFns ...func(*Options)) (*DescribeInternetGatewaysOutput, error)
	// Get information about your IPAM pools.
	DescribeIpamPools(ctx context.Context, params *DescribeIpamPoolsInput, optFns ...func(*Options)) (*DescribeIpamPoolsOutput, error)
	// Get information about your IPAM scopes.
	DescribeIpamScopes(ctx context.Context, params *DescribeIpamScopesInput, optFns ...func(*Options)) (*DescribeIpamScopesOutput, error)
	// Get information about your IPAM pools. For more information, see What is IPAM?
	// in the Amazon VPC IPAM User Guide.
	DescribeIpams(ctx context.Context, params *DescribeIpamsInput, optFns ...func(*Options)) (*DescribeIpamsOutput, error)
	// Describes your IPv6 address pools.
	DescribeIpv6Pools(ctx context.Context, params *DescribeIpv6PoolsInput, optFns ...func(*Options)) (*DescribeIpv6PoolsOutput, error)
	// Describes the specified key pairs or all of your key pairs. For more information
	// about key pairs, see Amazon EC2 key pairs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DescribeKeyPairs(ctx context.Context, params *DescribeKeyPairsInput, optFns ...func(*Options)) (*DescribeKeyPairsOutput, error)
	// Describes one or more versions of a specified launch template. You can describe
	// all versions, individual versions, or a range of versions. You can also describe
	// all the latest versions or all the default versions of all the launch templates
	// in your account.
	DescribeLaunchTemplateVersions(ctx context.Context, params *DescribeLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DescribeLaunchTemplateVersionsOutput, error)
	// Describes one or more launch templates.
	DescribeLaunchTemplates(ctx context.Context, params *DescribeLaunchTemplatesInput, optFns ...func(*Options)) (*DescribeLaunchTemplatesOutput, error)
	// Describes the associations between virtual interface groups and local gateway
	// route tables.
	DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error)
	// Describes the specified associations between VPCs and local gateway route
	// tables.
	DescribeLocalGatewayRouteTableVpcAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVpcAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVpcAssociationsOutput, error)
	// Describes one or more local gateway route tables. By default, all local gateway
	// route tables are described. Alternatively, you can filter the results.
	DescribeLocalGatewayRouteTables(ctx context.Context, params *DescribeLocalGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTablesOutput, error)
	// Describes the specified local gateway virtual interface groups.
	DescribeLocalGatewayVirtualInterfaceGroups(ctx context.Context, params *DescribeLocalGatewayVirtualInterfaceGroupsInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfaceGroupsOutput, error)
	// Describes the specified local gateway virtual interfaces.
	DescribeLocalGatewayVirtualInterfaces(ctx context.Context, params *DescribeLocalGatewayVirtualInterfacesInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfacesOutput, error)
	// Describes one or more local gateways. By default, all local gateways are
	// described. Alternatively, you can filter the results.
	DescribeLocalGateways(ctx context.Context, params *DescribeLocalGatewaysInput, optFns ...func(*Options)) (*DescribeLocalGatewaysOutput, error)
	// Describes your managed prefix lists and any Amazon Web Services-managed prefix
	// lists. To view the entries for your prefix list, use
	// GetManagedPrefixListEntries.
	DescribeManagedPrefixLists(ctx context.Context, params *DescribeManagedPrefixListsInput, optFns ...func(*Options)) (*DescribeManagedPrefixListsOutput, error)
	// Describes your Elastic IP addresses that are being moved to the EC2-VPC
	// platform, or that are being restored to the EC2-Classic platform. This request
	// does not return information about any other Elastic IP addresses in your
	// account.
	DescribeMovingAddresses(ctx context.Context, params *DescribeMovingAddressesInput, optFns ...func(*Options)) (*DescribeMovingAddressesOutput, error)
	// Describes one or more of your NAT gateways.
	DescribeNatGateways(ctx context.Context, params *DescribeNatGatewaysInput, optFns ...func(*Options)) (*DescribeNatGatewaysOutput, error)
	// Describes one or more of your network ACLs. For more information, see Network
	// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the
	// Amazon Virtual Private Cloud User Guide.
	DescribeNetworkAcls(ctx context.Context, params *DescribeNetworkAclsInput, optFns ...func(*Options)) (*DescribeNetworkAclsOutput, error)
	// Describes the specified Network Access Scope analyses.
	DescribeNetworkInsightsAccessScopeAnalyses(ctx context.Context, params *DescribeNetworkInsightsAccessScopeAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopeAnalysesOutput, error)
	// Describes the specified Network Access Scopes.
	DescribeNetworkInsightsAccessScopes(ctx context.Context, params *DescribeNetworkInsightsAccessScopesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopesOutput, error)
	// Describes one or more of your network insights analyses.
	DescribeNetworkInsightsAnalyses(ctx context.Context, params *DescribeNetworkInsightsAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAnalysesOutput, error)
	// Describes one or more of your paths.
	DescribeNetworkInsightsPaths(ctx context.Context, params *DescribeNetworkInsightsPathsInput, optFns ...func(*Options)) (*DescribeNetworkInsightsPathsOutput, error)
	// Describes a network interface attribute. You can specify only one attribute at a
	// time.
	DescribeNetworkInterfaceAttribute(ctx context.Context, params *DescribeNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*DescribeNetworkInterfaceAttributeOutput, error)
	// Describes the permissions for your network interfaces.
	DescribeNetworkInterfacePermissions(ctx context.Context, params *DescribeNetworkInterfacePermissionsInput, optFns ...func(*Options)) (*DescribeNetworkInterfacePermissionsOutput, error)
	// Describes one or more of your network interfaces.
	DescribeNetworkInterfaces(ctx context.Context, params *DescribeNetworkInterfacesInput, optFns ...func(*Options)) (*DescribeNetworkInterfacesOutput, error)
	// Describes the specified placement groups or all of your placement groups. For
	// more information, see Placement groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
	// the Amazon EC2 User Guide.
	DescribePlacementGroups(ctx context.Context, params *DescribePlacementGroupsInput, optFns ...func(*Options)) (*DescribePlacementGroupsOutput, error)
	// Describes available Amazon Web Services services in a prefix list format, which
	// includes the prefix list name and prefix list ID of the service and the IP
	// address range for the service. We recommend that you use
	// DescribeManagedPrefixLists instead.
	DescribePrefixLists(ctx context.Context, params *DescribePrefixListsInput, optFns ...func(*Options)) (*DescribePrefixListsOutput, error)
	// Describes the ID format settings for the root user and all IAM roles and IAM
	// users that have explicitly specified a longer ID (17-character ID) preference.
	// By default, all IAM roles and IAM users default to the same ID settings as the
	// root user, unless they explicitly override the settings. This request is useful
	// for identifying those IAM users and IAM roles that have overridden the default
	// ID settings. The following resource types support longer IDs: bundle |
	// conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation |
	// elastic-ip-association | export-task | flow-log | image | import-task | instance
	// | internet-gateway | network-acl | network-acl-association | network-interface |
	// network-interface-attachment | prefix-list | reservation | route-table |
	// route-table-association | security-group | snapshot | subnet |
	// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
	// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.
	DescribePrincipalIdFormat(ctx context.Context, params *DescribePrincipalIdFormatInput, optFns ...func(*Options)) (*DescribePrincipalIdFormatOutput, error)
	// Describes the specified IPv4 address pools.
	DescribePublicIpv4Pools(ctx context.Context, params *DescribePublicIpv4PoolsInput, optFns ...func(*Options)) (*DescribePublicIpv4PoolsOutput, error)
	// Describes the Regions that are enabled for your account, or all Regions. For a
	// list of the Regions supported by Amazon EC2, see  Amazon Elastic Compute Cloud
	// endpoints and quotas
	// (https://docs.aws.amazon.com/general/latest/gr/ec2-service.html). For
	// information about enabling and disabling Regions for your account, see Managing
	// Amazon Web Services Regions
	// (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html) in the Amazon
	// Web Services General Reference.
	DescribeRegions(ctx context.Context, params *DescribeRegionsInput, optFns ...func(*Options)) (*DescribeRegionsOutput, error)
	// Describes a root volume replacement task. For more information, see Replace a
	// root volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root)
	// in the Amazon Elastic Compute Cloud User Guide.
	DescribeReplaceRootVolumeTasks(ctx context.Context, params *DescribeReplaceRootVolumeTasksInput, optFns ...func(*Options)) (*DescribeReplaceRootVolumeTasksOutput, error)
	// Describes one or more of the Reserved Instances that you purchased. For more
	// information about Reserved Instances, see Reserved Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html)
	// in the Amazon EC2 User Guide.
	DescribeReservedInstances(ctx context.Context, params *DescribeReservedInstancesInput, optFns ...func(*Options)) (*DescribeReservedInstancesOutput, error)
	// Describes your account's Reserved Instance listings in the Reserved Instance
	// Marketplace. The Reserved Instance Marketplace matches sellers who want to
	// resell Reserved Instance capacity that they no longer need with buyers who want
	// to purchase additional capacity. Reserved Instances bought and sold through the
	// Reserved Instance Marketplace work like any other Reserved Instances. As a
	// seller, you choose to list some or all of your Reserved Instances, and you
	// specify the upfront price to receive for them. Your Reserved Instances are then
	// listed in the Reserved Instance Marketplace and are available for purchase. As a
	// buyer, you specify the configuration of the Reserved Instance to purchase, and
	// the Marketplace matches what you're searching for with what's available. The
	// Marketplace first sells the lowest priced Reserved Instances to you, and
	// continues to sell available Reserved Instance listings to you until your demand
	// is met. You are charged based on the total price of all of the listings that you
	// purchase. For more information, see Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	DescribeReservedInstancesListings(ctx context.Context, params *DescribeReservedInstancesListingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesListingsOutput, error)
	// Describes the modifications made to your Reserved Instances. If no parameter is
	// specified, information about all your Reserved Instances modification requests
	// is returned. If a modification ID is specified, only information about the
	// specific modification is returned. For more information, see Modifying Reserved
	// Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the
	// Amazon EC2 User Guide.
	DescribeReservedInstancesModifications(ctx context.Context, params *DescribeReservedInstancesModificationsInput, optFns ...func(*Options)) (*DescribeReservedInstancesModificationsOutput, error)
	// Describes Reserved Instance offerings that are available for purchase. With
	// Reserved Instances, you purchase the right to launch instances for a period of
	// time. During that time period, you do not receive insufficient capacity errors,
	// and you pay a lower usage rate than the rate charged for On-Demand instances for
	// the actual time used. If you have listed your own Reserved Instances for sale in
	// the Reserved Instance Marketplace, they will be excluded from these results.
	// This is to ensure that you do not purchase your own Reserved Instances. For more
	// information, see Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	DescribeReservedInstancesOfferings(ctx context.Context, params *DescribeReservedInstancesOfferingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesOfferingsOutput, error)
	// Describes one or more of your route tables. Each subnet in your VPC must be
	// associated with a route table. If a subnet is not explicitly associated with any
	// route table, it is implicitly associated with the main route table. This command
	// does not return the subnet ID for implicit associations. For more information,
	// see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	DescribeRouteTables(ctx context.Context, params *DescribeRouteTablesInput, optFns ...func(*Options)) (*DescribeRouteTablesOutput, error)
	// Finds available schedules that meet the specified criteria. You can search for
	// an available schedule no more than 3 months in advance. You must meet the
	// minimum required duration of 1,200 hours per year. For example, the minimum
	// daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the
	// minimum monthly schedule is 100 hours. After you find a schedule that meets your
	// needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that
	// schedule.
	DescribeScheduledInstanceAvailability(ctx context.Context, params *DescribeScheduledInstanceAvailabilityInput, optFns ...func(*Options)) (*DescribeScheduledInstanceAvailabilityOutput, error)
	// Describes the specified Scheduled Instances or all your Scheduled Instances.
	DescribeScheduledInstances(ctx context.Context, params *DescribeScheduledInstancesInput, optFns ...func(*Options)) (*DescribeScheduledInstancesOutput, error)
	// [VPC only] Describes the VPCs on the other side of a VPC peering connection that
	// are referencing the security groups you've specified in this request.
	DescribeSecurityGroupReferences(ctx context.Context, params *DescribeSecurityGroupReferencesInput, optFns ...func(*Options)) (*DescribeSecurityGroupReferencesOutput, error)
	// Describes one or more of your security group rules.
	DescribeSecurityGroupRules(ctx context.Context, params *DescribeSecurityGroupRulesInput, optFns ...func(*Options)) (*DescribeSecurityGroupRulesOutput, error)
	// Describes the specified security groups or all of your security groups. A
	// security group is for use with instances either in the EC2-Classic platform or
	// in a specific VPC. For more information, see Amazon EC2 security groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html)
	// in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC
	// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html)
	// in the Amazon Virtual Private Cloud User Guide.
	DescribeSecurityGroups(ctx context.Context, params *DescribeSecurityGroupsInput, optFns ...func(*Options)) (*DescribeSecurityGroupsOutput, error)
	// Describes the specified attribute of the specified snapshot. You can specify
	// only one attribute at a time. For more information about EBS snapshots, see
	// Amazon EBS snapshots
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DescribeSnapshotAttribute(ctx context.Context, params *DescribeSnapshotAttributeInput, optFns ...func(*Options)) (*DescribeSnapshotAttributeOutput, error)
	// Describes the storage tier status of one or more Amazon EBS snapshots.
	DescribeSnapshotTierStatus(ctx context.Context, params *DescribeSnapshotTierStatusInput, optFns ...func(*Options)) (*DescribeSnapshotTierStatusOutput, error)
	// Describes the specified EBS snapshots available to you or all of the EBS
	// snapshots available to you. The snapshots available to you include public
	// snapshots, private snapshots that you own, and private snapshots owned by other
	// Amazon Web Services accounts for which you have explicit create volume
	// permissions. The create volume permissions fall into the following
	// categories:
	//
	// * public: The owner of the snapshot granted create volume
	// permissions for the snapshot to the all group. All Amazon Web Services accounts
	// have create volume permissions for these snapshots.
	//
	// * explicit: The owner of
	// the snapshot granted create volume permissions to a specific Amazon Web Services
	// account.
	//
	// * implicit: An Amazon Web Services account has implicit create volume
	// permissions for all snapshots it owns.
	//
	// The list of snapshots returned can be
	// filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services
	// accounts with create volume permissions. If no options are specified, Amazon EC2
	// returns all snapshots for which you have create volume permissions. If you
	// specify one or more snapshot IDs, only snapshots that have the specified IDs are
	// returned. If you specify an invalid snapshot ID, an error is returned. If you
	// specify a snapshot ID for which you do not have access, it is not included in
	// the returned results. If you specify one or more snapshot owners using the
	// OwnerIds option, only snapshots from the specified owners and for which you have
	// access are returned. The results can include the Amazon Web Services account IDs
	// of the specified owners, amazon for snapshots owned by Amazon, or self for
	// snapshots that you own. If you specify a list of restorable users, only
	// snapshots with create snapshot permissions for those users are returned. You can
	// specify Amazon Web Services account IDs (if you own the snapshots), self for
	// snapshots for which you own or have explicit permissions, or all for public
	// snapshots. If you are describing a long list of snapshots, we recommend that you
	// paginate the output to make the list more manageable. The MaxResults parameter
	// sets the maximum number of results returned in a single page. If the list of
	// results exceeds your MaxResults value, then that number of results is returned
	// along with a NextToken value that can be passed to a subsequent
	// DescribeSnapshots request to retrieve the remaining results. To get the state of
	// fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores. For
	// more information about EBS snapshots, see Amazon EBS snapshots
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DescribeSnapshots(ctx context.Context, params *DescribeSnapshotsInput, optFns ...func(*Options)) (*DescribeSnapshotsOutput, error)
	// Describes the data feed for Spot Instances. For more information, see Spot
	// Instance data feed
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in
	// the Amazon EC2 User Guide for Linux Instances.
	DescribeSpotDatafeedSubscription(ctx context.Context, params *DescribeSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DescribeSpotDatafeedSubscriptionOutput, error)
	// Describes the running instances for the specified Spot Fleet.
	DescribeSpotFleetInstances(ctx context.Context, params *DescribeSpotFleetInstancesInput, optFns ...func(*Options)) (*DescribeSpotFleetInstancesOutput, error)
	// Describes the events for the specified Spot Fleet request during the specified
	// time. Spot Fleet events are delayed by up to 30 seconds before they can be
	// described. This ensures that you can query by the last evaluated time and not
	// miss a recorded event. Spot Fleet events are available for 48 hours. For more
	// information, see Monitor fleet events using Amazon EventBridge
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the
	// Amazon EC2 User Guide for Linux Instances.
	DescribeSpotFleetRequestHistory(ctx context.Context, params *DescribeSpotFleetRequestHistoryInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestHistoryOutput, error)
	// Describes your Spot Fleet requests. Spot Fleet requests are deleted 48 hours
	// after they are canceled and their instances are terminated.
	DescribeSpotFleetRequests(ctx context.Context, params *DescribeSpotFleetRequestsInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestsOutput, error)
	// Describes the specified Spot Instance requests. You can use
	// DescribeSpotInstanceRequests to find a running Spot Instance by examining the
	// response. If the status of the Spot Instance is fulfilled, the instance ID
	// appears in the response and contains the identifier of the instance.
	// Alternatively, you can use DescribeInstances
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances)
	// with a filter to look for instances where the instance lifecycle is spot. We
	// recommend that you set MaxResults to a value between 5 and 1000 to limit the
	// number of results returned. This paginates the output, which makes the list more
	// manageable and returns the results faster. If the list of results exceeds your
	// MaxResults value, then that number of results is returned along with a NextToken
	// value that can be passed to a subsequent DescribeSpotInstanceRequests request to
	// retrieve the remaining results. Spot Instance requests are deleted four hours
	// after they are canceled and their instances are terminated.
	DescribeSpotInstanceRequests(ctx context.Context, params *DescribeSpotInstanceRequestsInput, optFns ...func(*Options)) (*DescribeSpotInstanceRequestsOutput, error)
	// Describes the Spot price history. For more information, see Spot Instance
	// pricing history
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances-history.html)
	// in the Amazon EC2 User Guide for Linux Instances. When you specify a start and
	// end time, the operation returns the prices of the instance types within that
	// time range. It also returns the last price change before the start time, which
	// is the effective price as of the start time.
	DescribeSpotPriceHistory(ctx context.Context, params *DescribeSpotPriceHistoryInput, optFns ...func(*Options)) (*DescribeSpotPriceHistoryOutput, error)
	// [VPC only] Describes the stale security group rules for security groups in a
	// specified VPC. Rules are stale when they reference a deleted security group in
	// the same VPC or in a peer VPC, or if they reference a security group in a peer
	// VPC for which the VPC peering connection has been deleted.
	DescribeStaleSecurityGroups(ctx context.Context, params *DescribeStaleSecurityGroupsInput, optFns ...func(*Options)) (*DescribeStaleSecurityGroupsOutput, error)
	// Describes the progress of the AMI store tasks. You can describe the store tasks
	// for specified AMIs. If you don't specify the AMIs, you get a paginated list of
	// store tasks from the last 31 days. For each AMI task, the response indicates if
	// the task is InProgress, Completed, or Failed. For tasks InProgress, the response
	// shows the estimated progress as a percentage. Tasks are listed in reverse
	// chronological order. Currently, only tasks from the past 31 days can be viewed.
	// To use this API, you must have the required permissions. For more information,
	// see Permissions for storing and restoring AMIs using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
	// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
	// and restore an AMI using Amazon S3
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	DescribeStoreImageTasks(ctx context.Context, params *DescribeStoreImageTasksInput, optFns ...func(*Options)) (*DescribeStoreImageTasksOutput, error)
	// Describes one or more of your subnets. For more information, see Your VPC and
	// subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in
	// the Amazon Virtual Private Cloud User Guide.
	DescribeSubnets(ctx context.Context, params *DescribeSubnetsInput, optFns ...func(*Options)) (*DescribeSubnetsOutput, error)
	// Describes the specified tags for your EC2 resources. For more information about
	// tags, see Tagging Your Resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
	// Describes one or more Traffic Mirror filters.
	DescribeTrafficMirrorFilters(ctx context.Context, params *DescribeTrafficMirrorFiltersInput, optFns ...func(*Options)) (*DescribeTrafficMirrorFiltersOutput, error)
	// Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror
	// sessions are described. Alternatively, you can filter the results.
	DescribeTrafficMirrorSessions(ctx context.Context, params *DescribeTrafficMirrorSessionsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorSessionsOutput, error)
	// Information about one or more Traffic Mirror targets.
	DescribeTrafficMirrorTargets(ctx context.Context, params *DescribeTrafficMirrorTargetsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorTargetsOutput, error)
	// Describes one or more attachments between resources and transit gateways. By
	// default, all attachments are described. Alternatively, you can filter the
	// results by attachment ID, attachment state, resource ID, or resource owner.
	DescribeTransitGatewayAttachments(ctx context.Context, params *DescribeTransitGatewayAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayAttachmentsOutput, error)
	// Describes one or more Connect peers.
	DescribeTransitGatewayConnectPeers(ctx context.Context, params *DescribeTransitGatewayConnectPeersInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectPeersOutput, error)
	// Describes one or more Connect attachments.
	DescribeTransitGatewayConnects(ctx context.Context, params *DescribeTransitGatewayConnectsInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectsOutput, error)
	// Describes one or more transit gateway multicast domains.
	DescribeTransitGatewayMulticastDomains(ctx context.Context, params *DescribeTransitGatewayMulticastDomainsInput, optFns ...func(*Options)) (*DescribeTransitGatewayMulticastDomainsOutput, error)
	// Describes your transit gateway peering attachments.
	DescribeTransitGatewayPeeringAttachments(ctx context.Context, params *DescribeTransitGatewayPeeringAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayPeeringAttachmentsOutput, error)
	// Describes one or more transit gateway route tables. By default, all transit
	// gateway route tables are described. Alternatively, you can filter the results.
	DescribeTransitGatewayRouteTables(ctx context.Context, params *DescribeTransitGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeTransitGatewayRouteTablesOutput, error)
	// Describes one or more VPC attachments. By default, all VPC attachments are
	// described. Alternatively, you can filter the results.
	DescribeTransitGatewayVpcAttachments(ctx context.Context, params *DescribeTransitGatewayVpcAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayVpcAttachmentsOutput, error)
	// Describes one or more transit gateways. By default, all transit gateways are
	// described. Alternatively, you can filter the results.
	DescribeTransitGateways(ctx context.Context, params *DescribeTransitGatewaysInput, optFns ...func(*Options)) (*DescribeTransitGatewaysOutput, error)
	// This API action is currently in limited preview only. If you are interested in
	// using this feature, contact your account manager. Describes one or more network
	// interface trunk associations.
	DescribeTrunkInterfaceAssociations(ctx context.Context, params *DescribeTrunkInterfaceAssociationsInput, optFns ...func(*Options)) (*DescribeTrunkInterfaceAssociationsOutput, error)
	// Describes the specified attribute of the specified volume. You can specify only
	// one attribute at a time. For more information about EBS volumes, see Amazon EBS
	// volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	DescribeVolumeAttribute(ctx context.Context, params *DescribeVolumeAttributeInput, optFns ...func(*Options)) (*DescribeVolumeAttributeOutput, error)
	// Describes the status of the specified volumes. Volume status provides the result
	// of the checks performed on your volumes to determine events that can impair the
	// performance of your volumes. The performance of a volume can be affected if an
	// issue occurs on the volume's underlying host. If the volume's underlying host
	// experiences a power outage or system issue, after the system is restored, there
	// could be data inconsistencies on the volume. Volume events notify you if this
	// occurs. Volume actions notify you if any action needs to be taken in response to
	// the event. The DescribeVolumeStatus operation provides the following information
	// about the specified volumes: Status: Reflects the current status of the volume.
	// The possible values are ok, impaired , warning, or insufficient-data. If all
	// checks pass, the overall status of the volume is ok. If the check fails, the
	// overall status is impaired. If the status is insufficient-data, then the checks
	// might still be taking place on your volume at the time. We recommend that you
	// retry the request. For more information about volume status, see Monitor the
	// status of your volumes
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html)
	// in the Amazon Elastic Compute Cloud User Guide. Events: Reflect the cause of a
	// volume status and might require you to take action. For example, if your volume
	// returns an impaired status, then the volume event might be
	// potential-data-inconsistency. This means that your volume has been affected by
	// an issue with the underlying host, has all I/O operations disabled, and might
	// have inconsistent data. Actions: Reflect the actions you might have to take in
	// response to an event. For example, if the status of the volume is impaired and
	// the volume event shows potential-data-inconsistency, then the action shows
	// enable-volume-io. This means that you may want to enable the I/O operations for
	// the volume by calling the EnableVolumeIO action and then check the volume for
	// data consistency. Volume status is based on the volume status checks, and does
	// not reflect the volume state. Therefore, volume status does not indicate volumes
	// in the error state (for example, when a volume is incapable of accepting I/O.)
	DescribeVolumeStatus(ctx context.Context, params *DescribeVolumeStatusInput, optFns ...func(*Options)) (*DescribeVolumeStatusOutput, error)
	// Describes the specified EBS volumes or all of your EBS volumes. If you are
	// describing a long list of volumes, we recommend that you paginate the output to
	// make the list more manageable. The MaxResults parameter sets the maximum number
	// of results returned in a single page. If the list of results exceeds your
	// MaxResults value, then that number of results is returned along with a NextToken
	// value that can be passed to a subsequent DescribeVolumes request to retrieve the
	// remaining results. For more information about EBS volumes, see Amazon EBS
	// volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	DescribeVolumes(ctx context.Context, params *DescribeVolumesInput, optFns ...func(*Options)) (*DescribeVolumesOutput, error)
	// Describes the most recent volume modification request for the specified EBS
	// volumes. If a volume has never been modified, some information in the output
	// will be null. If a volume has been modified more than once, the output includes
	// only the most recent modification request. You can also use CloudWatch Events to
	// check the status of a modification to an EBS volume. For information about
	// CloudWatch Events, see the Amazon CloudWatch Events User Guide
	// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). For more
	// information, see Monitor the progress of volume modifications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DescribeVolumesModifications(ctx context.Context, params *DescribeVolumesModificationsInput, optFns ...func(*Options)) (*DescribeVolumesModificationsOutput, error)
	// Describes the specified attribute of the specified VPC. You can specify only one
	// attribute at a time.
	DescribeVpcAttribute(ctx context.Context, params *DescribeVpcAttributeInput, optFns ...func(*Options)) (*DescribeVpcAttributeOutput, error)
	// Describes the ClassicLink status of one or more VPCs.
	DescribeVpcClassicLink(ctx context.Context, params *DescribeVpcClassicLinkInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkOutput, error)
	// Describes the ClassicLink DNS support status of one or more VPCs. If enabled,
	// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
	// address when addressed from an instance in the VPC to which it's linked.
	// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
	// address when addressed from a linked EC2-Classic instance. For more information,
	// see ClassicLink
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	DescribeVpcClassicLinkDnsSupport(ctx context.Context, params *DescribeVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkDnsSupportOutput, error)
	// Describes the connection notifications for VPC endpoints and VPC endpoint
	// services.
	DescribeVpcEndpointConnectionNotifications(ctx context.Context, params *DescribeVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionNotificationsOutput, error)
	// Describes the VPC endpoint connections to your VPC endpoint services, including
	// any endpoints that are pending your acceptance.
	DescribeVpcEndpointConnections(ctx context.Context, params *DescribeVpcEndpointConnectionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionsOutput, error)
	// Describes the VPC endpoint service configurations in your account (your
	// services).
	DescribeVpcEndpointServiceConfigurations(ctx context.Context, params *DescribeVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServiceConfigurationsOutput, error)
	// Describes the principals (service consumers) that are permitted to discover your
	// VPC endpoint service.
	DescribeVpcEndpointServicePermissions(ctx context.Context, params *DescribeVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicePermissionsOutput, error)
	// Describes available services to which you can create a VPC endpoint. When the
	// service provider and the consumer have different accounts in multiple
	// Availability Zones, and the consumer views the VPC endpoint service information,
	// the response only includes the common Availability Zones. For example, when the
	// service provider account uses us-east-1a and us-east-1c and the consumer uses
	// us-east-1a and us-east-1b, the response includes the VPC endpoint services in
	// the common Availability Zone, us-east-1a.
	DescribeVpcEndpointServices(ctx context.Context, params *DescribeVpcEndpointServicesInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicesOutput, error)
	// Describes one or more of your VPC endpoints.
	DescribeVpcEndpoints(ctx context.Context, params *DescribeVpcEndpointsInput, optFns ...func(*Options)) (*DescribeVpcEndpointsOutput, error)
	// Describes one or more of your VPC peering connections.
	DescribeVpcPeeringConnections(ctx context.Context, params *DescribeVpcPeeringConnectionsInput, optFns ...func(*Options)) (*DescribeVpcPeeringConnectionsOutput, error)
	// Describes one or more of your VPCs.
	DescribeVpcs(ctx context.Context, params *DescribeVpcsInput, optFns ...func(*Options)) (*DescribeVpcsOutput, error)
	// Describes one or more of your VPN connections. For more information, see Amazon
	// Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	DescribeVpnConnections(ctx context.Context, params *DescribeVpnConnectionsInput, optFns ...func(*Options)) (*DescribeVpnConnectionsOutput, error)
	// Describes one or more of your virtual private gateways. For more information,
	// see Amazon Web Services Site-to-Site VPN
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	DescribeVpnGateways(ctx context.Context, params *DescribeVpnGatewaysInput, optFns ...func(*Options)) (*DescribeVpnGatewaysOutput, error)
	// Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance
	// has been unlinked, the VPC security groups are no longer associated with it. An
	// instance is automatically unlinked from a VPC when it's stopped.
	DetachClassicLinkVpc(ctx context.Context, params *DetachClassicLinkVpcInput, optFns ...func(*Options)) (*DetachClassicLinkVpcOutput, error)
	// Detaches an internet gateway from a VPC, disabling connectivity between the
	// internet and the VPC. The VPC must not contain any running instances with
	// Elastic IP addresses or public IPv4 addresses.
	DetachInternetGateway(ctx context.Context, params *DetachInternetGatewayInput, optFns ...func(*Options)) (*DetachInternetGatewayOutput, error)
	// Detaches a network interface from an instance.
	DetachNetworkInterface(ctx context.Context, params *DetachNetworkInterfaceInput, optFns ...func(*Options)) (*DetachNetworkInterfaceOutput, error)
	// Detaches an EBS volume from an instance. Make sure to unmount any file systems
	// on the device within your operating system before detaching the volume. Failure
	// to do so can result in the volume becoming stuck in the busy state while
	// detaching. If this happens, detachment can be delayed indefinitely until you
	// unmount the volume, force detachment, reboot the instance, or all three. If an
	// EBS volume is the root device of an instance, it can't be detached while the
	// instance is running. To detach the root volume, stop the instance first. When a
	// volume with an Amazon Web Services Marketplace product code is detached from an
	// instance, the product code is no longer associated with the instance. For more
	// information, see Detach an Amazon EBS volume
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	DetachVolume(ctx context.Context, params *DetachVolumeInput, optFns ...func(*Options)) (*DetachVolumeOutput, error)
	// Detaches a virtual private gateway from a VPC. You do this if you're planning to
	// turn off the VPC and not use it anymore. You can confirm a virtual private
	// gateway has been completely detached from a VPC by describing the virtual
	// private gateway (any attachments to the virtual private gateway are also
	// described). You must wait for the attachment's state to switch to detached
	// before you can delete the VPC or attach a different VPC to the virtual private
	// gateway.
	DetachVpnGateway(ctx context.Context, params *DetachVpnGatewayInput, optFns ...func(*Options)) (*DetachVpnGatewayOutput, error)
	// Disables EBS encryption by default for your account in the current Region. After
	// you disable encryption by default, you can still create encrypted volumes by
	// enabling encryption when you create each volume. Disabling encryption by default
	// does not change the encryption status of your existing volumes. For more
	// information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DisableEbsEncryptionByDefault(ctx context.Context, params *DisableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*DisableEbsEncryptionByDefaultOutput, error)
	// Discontinue faster launching for a Windows AMI, and clean up existing
	// pre-provisioned snapshots. When you disable faster launching, the AMI uses the
	// standard launch process for each instance. All pre-provisioned snapshots must be
	// removed before you can enable faster launching again. To change these settings,
	// you must own the AMI.
	DisableFastLaunch(ctx context.Context, params *DisableFastLaunchInput, optFns ...func(*Options)) (*DisableFastLaunchOutput, error)
	// Disables fast snapshot restores for the specified snapshots in the specified
	// Availability Zones.
	DisableFastSnapshotRestores(ctx context.Context, params *DisableFastSnapshotRestoresInput, optFns ...func(*Options)) (*DisableFastSnapshotRestoresOutput, error)
	// Cancels the deprecation of the specified AMI. For more information, see
	// Deprecate an AMI
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	DisableImageDeprecation(ctx context.Context, params *DisableImageDeprecationInput, optFns ...func(*Options)) (*DisableImageDeprecationOutput, error)
	// Disable the IPAM account. For more information, see Enable integration with
	// Organizations in the Amazon VPC IPAM User Guide.
	DisableIpamOrganizationAdminAccount(ctx context.Context, params *DisableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*DisableIpamOrganizationAdminAccountOutput, error)
	// Disables access to the EC2 serial console of all instances for your account. By
	// default, access to the EC2 serial console is disabled for your account. For more
	// information, see Manage account access to the EC2 serial console
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
	// in the Amazon EC2 User Guide.
	DisableSerialConsoleAccess(ctx context.Context, params *DisableSerialConsoleAccessInput, optFns ...func(*Options)) (*DisableSerialConsoleAccessOutput, error)
	// Disables the specified resource attachment from propagating routes to the
	// specified propagation route table.
	DisableTransitGatewayRouteTablePropagation(ctx context.Context, params *DisableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*DisableTransitGatewayRouteTablePropagationOutput, error)
	// Disables a virtual private gateway (VGW) from propagating routes to a specified
	// route table of a VPC.
	DisableVgwRoutePropagation(ctx context.Context, params *DisableVgwRoutePropagationInput, optFns ...func(*Options)) (*DisableVgwRoutePropagationOutput, error)
	// Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that
	// has EC2-Classic instances linked to it.
	DisableVpcClassicLink(ctx context.Context, params *DisableVpcClassicLinkInput, optFns ...func(*Options)) (*DisableVpcClassicLinkOutput, error)
	// Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve
	// to public IP addresses when addressed between a linked EC2-Classic instance and
	// instances in the VPC to which it's linked. For more information, see ClassicLink
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
	// the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the
	// request.
	DisableVpcClassicLinkDnsSupport(ctx context.Context, params *DisableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DisableVpcClassicLinkDnsSupportOutput, error)
	// Disassociates an Elastic IP address from the instance or network interface it's
	// associated with. An Elastic IP address is for use in either the EC2-Classic
	// platform or in a VPC. For more information, see Elastic IP Addresses
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
	// in the Amazon Elastic Compute Cloud User Guide. This is an idempotent operation.
	// If you perform the operation more than once, Amazon EC2 doesn't return an error.
	DisassociateAddress(ctx context.Context, params *DisassociateAddressInput, optFns ...func(*Options)) (*DisassociateAddressOutput, error)
	// Disassociates a target network from the specified Client VPN endpoint. When you
	// disassociate the last target network from a Client VPN, the following
	// happens:
	//
	// * The route that was automatically added for the VPC is deleted
	//
	// * All
	// active client connections are terminated
	//
	// * New client connections are
	// disallowed
	//
	// * The Client VPN endpoint's status changes to pending-associate
	DisassociateClientVpnTargetNetwork(ctx context.Context, params *DisassociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*DisassociateClientVpnTargetNetworkOutput, error)
	// Disassociates an IAM role from an Certificate Manager (ACM) certificate.
	// Disassociating an IAM role from an ACM certificate removes the Amazon S3 object
	// that contains the certificate, certificate chain, and encrypted private key from
	// the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS
	// key used to encrypt the private key. This effectively revokes the role's
	// permission to use the certificate.
	DisassociateEnclaveCertificateIamRole(ctx context.Context, params *DisassociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*DisassociateEnclaveCertificateIamRoleOutput, error)
	// Disassociates an IAM instance profile from a running or stopped instance. Use
	// DescribeIamInstanceProfileAssociations to get the association ID.
	DisassociateIamInstanceProfile(ctx context.Context, params *DisassociateIamInstanceProfileInput, optFns ...func(*Options)) (*DisassociateIamInstanceProfileOutput, error)
	// Disassociates one or more targets from an event window. For more information,
	// see Define event windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	DisassociateInstanceEventWindow(ctx context.Context, params *DisassociateInstanceEventWindowInput, optFns ...func(*Options)) (*DisassociateInstanceEventWindowOutput, error)
	// Disassociates a subnet or gateway from a route table. After you perform this
	// action, the subnet no longer uses the routes in the route table. Instead, it
	// uses the routes in the VPC's main route table. For more information about route
	// tables, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	DisassociateRouteTable(ctx context.Context, params *DisassociateRouteTableInput, optFns ...func(*Options)) (*DisassociateRouteTableOutput, error)
	// Disassociates a CIDR block from a subnet. Currently, you can disassociate an
	// IPv6 CIDR block only. You must detach or delete all gateways and resources that
	// are associated with the CIDR block before you can disassociate it.
	DisassociateSubnetCidrBlock(ctx context.Context, params *DisassociateSubnetCidrBlockInput, optFns ...func(*Options)) (*DisassociateSubnetCidrBlockOutput, error)
	// Disassociates the specified subnets from the transit gateway multicast domain.
	DisassociateTransitGatewayMulticastDomain(ctx context.Context, params *DisassociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DisassociateTransitGatewayMulticastDomainOutput, error)
	// Disassociates a resource attachment from a transit gateway route table.
	DisassociateTransitGatewayRouteTable(ctx context.Context, params *DisassociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DisassociateTransitGatewayRouteTableOutput, error)
	// This API action is currently in limited preview only. If you are interested in
	// using this feature, contact your account manager. Removes an association between
	// a branch network interface with a trunk network interface.
	DisassociateTrunkInterface(ctx context.Context, params *DisassociateTrunkInterfaceInput, optFns ...func(*Options)) (*DisassociateTrunkInterfaceOutput, error)
	// Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must
	// specify its association ID. You can get the association ID by using
	// DescribeVpcs. You must detach or delete all gateways and resources that are
	// associated with the CIDR block before you can disassociate it. You cannot
	// disassociate the CIDR block with which you originally created the VPC (the
	// primary CIDR block).
	DisassociateVpcCidrBlock(ctx context.Context, params *DisassociateVpcCidrBlockInput, optFns ...func(*Options)) (*DisassociateVpcCidrBlockOutput, error)
	// Enables EBS encryption by default for your account in the current Region. After
	// you enable encryption by default, the EBS volumes that you create are always
	// encrypted, either using the default KMS key or the KMS key that you specified
	// when you created each volume. For more information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide. You can specify the default KMS key for
	// encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.
	// Enabling encryption by default has no effect on the encryption status of your
	// existing volumes. After you enable encryption by default, you can no longer
	// launch instances using instance types that do not support encryption. For more
	// information, see Supported instance types
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances).
	EnableEbsEncryptionByDefault(ctx context.Context, params *EnableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*EnableEbsEncryptionByDefaultOutput, error)
	// When you enable faster launching for a Windows AMI, images are pre-provisioned,
	// using snapshots to launch instances up to 65% faster. To create the optimized
	// Windows image, Amazon EC2 launches an instance and runs through Sysprep steps,
	// rebooting as required. Then it creates a set of reserved snapshots that are used
	// for subsequent launches. The reserved snapshots are automatically replenished as
	// they are used, depending on your settings for launch frequency. To change these
	// settings, you must own the AMI.
	EnableFastLaunch(ctx context.Context, params *EnableFastLaunchInput, optFns ...func(*Options)) (*EnableFastLaunchOutput, error)
	// Enables fast snapshot restores for the specified snapshots in the specified
	// Availability Zones. You get the full benefit of fast snapshot restores after
	// they enter the enabled state. To get the current state of fast snapshot
	// restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores,
	// use DisableFastSnapshotRestores. For more information, see Amazon EBS fast
	// snapshot restore
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-fast-snapshot-restore.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	EnableFastSnapshotRestores(ctx context.Context, params *EnableFastSnapshotRestoresInput, optFns ...func(*Options)) (*EnableFastSnapshotRestoresOutput, error)
	// Enables deprecation of the specified AMI at the specified date and time. For
	// more information, see Deprecate an AMI
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	EnableImageDeprecation(ctx context.Context, params *EnableImageDeprecationInput, optFns ...func(*Options)) (*EnableImageDeprecationOutput, error)
	// Enable an Organizations member account as the IPAM admin account. You cannot
	// select the Organizations management account as the IPAM admin account. For more
	// information, see Enable integration with Organizations in the Amazon VPC IPAM
	// User Guide.
	EnableIpamOrganizationAdminAccount(ctx context.Context, params *EnableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*EnableIpamOrganizationAdminAccountOutput, error)
	// Enables access to the EC2 serial console of all instances for your account. By
	// default, access to the EC2 serial console is disabled for your account. For more
	// information, see Manage account access to the EC2 serial console
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
	// in the Amazon EC2 User Guide.
	EnableSerialConsoleAccess(ctx context.Context, params *EnableSerialConsoleAccessInput, optFns ...func(*Options)) (*EnableSerialConsoleAccessOutput, error)
	// Enables the specified attachment to propagate routes to the specified
	// propagation route table.
	EnableTransitGatewayRouteTablePropagation(ctx context.Context, params *EnableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*EnableTransitGatewayRouteTablePropagationOutput, error)
	// Enables a virtual private gateway (VGW) to propagate routes to the specified
	// route table of a VPC.
	EnableVgwRoutePropagation(ctx context.Context, params *EnableVgwRoutePropagationInput, optFns ...func(*Options)) (*EnableVgwRoutePropagationOutput, error)
	// Enables I/O operations for a volume that had I/O operations disabled because the
	// data on the volume was potentially inconsistent.
	EnableVolumeIO(ctx context.Context, params *EnableVolumeIOInput, optFns ...func(*Options)) (*EnableVolumeIOOutput, error)
	// Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your
	// ClassicLink-enabled VPC to allow communication over private IP addresses. You
	// cannot enable your VPC for ClassicLink if any of your VPC route tables have
	// existing routes for address ranges within the 10.0.0.0/8 IP address range,
	// excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address
	// ranges. For more information, see ClassicLink
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	EnableVpcClassicLink(ctx context.Context, params *EnableVpcClassicLinkInput, optFns ...func(*Options)) (*EnableVpcClassicLinkOutput, error)
	// Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled,
	// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
	// address when addressed from an instance in the VPC to which it's linked.
	// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
	// address when addressed from a linked EC2-Classic instance. For more information,
	// see ClassicLink
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
	// the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the
	// request.
	EnableVpcClassicLinkDnsSupport(ctx context.Context, params *EnableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*EnableVpcClassicLinkDnsSupportOutput, error)
	// Downloads the client certificate revocation list for the specified Client VPN
	// endpoint.
	ExportClientVpnClientCertificateRevocationList(ctx context.Context, params *ExportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ExportClientVpnClientCertificateRevocationListOutput, error)
	// Downloads the contents of the Client VPN endpoint configuration file for the
	// specified Client VPN endpoint. The Client VPN endpoint configuration file
	// includes the Client VPN endpoint and certificate information clients need to
	// establish a connection with the Client VPN endpoint.
	ExportClientVpnClientConfiguration(ctx context.Context, params *ExportClientVpnClientConfigurationInput, optFns ...func(*Options)) (*ExportClientVpnClientConfigurationOutput, error)
	// Exports an Amazon Machine Image (AMI) to a VM file. For more information, see
	// Exporting a VM directly from an Amazon Machine Image (AMI)
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport_image.html) in
	// the VM Import/Export User Guide.
	ExportImage(ctx context.Context, params *ExportImageInput, optFns ...func(*Options)) (*ExportImageOutput, error)
	// Exports routes from the specified transit gateway route table to the specified
	// S3 bucket. By default, all routes are exported. Alternatively, you can filter by
	// CIDR range. The routes are saved to the specified bucket in a JSON file. For
	// more information, see Export Route Tables to Amazon S3
	// (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html#tgw-export-route-tables)
	// in Transit Gateways.
	ExportTransitGatewayRoutes(ctx context.Context, params *ExportTransitGatewayRoutesInput, optFns ...func(*Options)) (*ExportTransitGatewayRoutesOutput, error)
	// Returns the IAM roles that are associated with the specified ACM (ACM)
	// certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3
	// object key where the certificate, certificate chain, and encrypted private key
	// bundle are stored, and the ARN of the KMS key that's used to encrypt the private
	// key.
	GetAssociatedEnclaveCertificateIamRoles(ctx context.Context, params *GetAssociatedEnclaveCertificateIamRolesInput, optFns ...func(*Options)) (*GetAssociatedEnclaveCertificateIamRolesOutput, error)
	// Gets information about the IPv6 CIDR block associations for a specified IPv6
	// address pool.
	GetAssociatedIpv6PoolCidrs(ctx context.Context, params *GetAssociatedIpv6PoolCidrsInput, optFns ...func(*Options)) (*GetAssociatedIpv6PoolCidrsOutput, error)
	// Gets usage information about a Capacity Reservation. If the Capacity Reservation
	// is shared, it shows usage information for the Capacity Reservation owner and
	// each Amazon Web Services account that is currently using the shared capacity. If
	// the Capacity Reservation is not shared, it shows only the Capacity Reservation
	// owner's usage.
	GetCapacityReservationUsage(ctx context.Context, params *GetCapacityReservationUsageInput, optFns ...func(*Options)) (*GetCapacityReservationUsageOutput, error)
	// Describes the allocations from the specified customer-owned address pool.
	GetCoipPoolUsage(ctx context.Context, params *GetCoipPoolUsageInput, optFns ...func(*Options)) (*GetCoipPoolUsageOutput, error)
	// Gets the console output for the specified instance. For Linux instances, the
	// instance console output displays the exact console output that would normally be
	// displayed on a physical monitor attached to a computer. For Windows instances,
	// the instance console output includes the last three system event log errors. By
	// default, the console output returns buffered information that was posted shortly
	// after an instance transition state (start, stop, reboot, or terminate). This
	// information is available for at least one hour after the most recent post. Only
	// the most recent 64 KB of console output is available. You can optionally
	// retrieve the latest serial console output at any time during the instance
	// lifecycle. This option is supported on instance types that use the Nitro
	// hypervisor. For more information, see Instance console output
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html#instance-console-console-output)
	// in the Amazon EC2 User Guide.
	GetConsoleOutput(ctx context.Context, params *GetConsoleOutputInput, optFns ...func(*Options)) (*GetConsoleOutputOutput, error)
	// Retrieve a JPG-format screenshot of a running instance to help with
	// troubleshooting. The returned content is Base64-encoded.
	GetConsoleScreenshot(ctx context.Context, params *GetConsoleScreenshotInput, optFns ...func(*Options)) (*GetConsoleScreenshotOutput, error)
	// Describes the default credit option for CPU usage of a burstable performance
	// instance family. For more information, see Burstable performance instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
	// in the Amazon EC2 User Guide.
	GetDefaultCreditSpecification(ctx context.Context, params *GetDefaultCreditSpecificationInput, optFns ...func(*Options)) (*GetDefaultCreditSpecificationOutput, error)
	// Describes the default KMS key for EBS encryption by default for your account in
	// this Region. You can change the default KMS key for encryption by default using
	// ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. For more information, see
	// Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	GetEbsDefaultKmsKeyId(ctx context.Context, params *GetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*GetEbsDefaultKmsKeyIdOutput, error)
	// Describes whether EBS encryption by default is enabled for your account in the
	// current Region. For more information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	GetEbsEncryptionByDefault(ctx context.Context, params *GetEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*GetEbsEncryptionByDefaultOutput, error)
	// Generates a CloudFormation template that streamlines and automates the
	// integration of VPC flow logs with Amazon Athena. This make it easier for you to
	// query and gain insights from VPC flow logs data. Based on the information that
	// you provide, we configure resources in the template to do the following:
	//
	// *
	// Create a table in Athena that maps fields to a custom log format
	//
	// * Create a
	// Lambda function that updates the table with new partitions on a daily, weekly,
	// or monthly basis
	//
	// * Create a table partitioned between two timestamps in the
	// past
	//
	// * Create a set of named queries in Athena that you can use to get started
	// quickly
	GetFlowLogsIntegrationTemplate(ctx context.Context, params *GetFlowLogsIntegrationTemplateInput, optFns ...func(*Options)) (*GetFlowLogsIntegrationTemplateOutput, error)
	// Lists the resource groups to which a Capacity Reservation has been added.
	GetGroupsForCapacityReservation(ctx context.Context, params *GetGroupsForCapacityReservationInput, optFns ...func(*Options)) (*GetGroupsForCapacityReservationOutput, error)
	// Preview a reservation purchase with configurations that match those of your
	// Dedicated Host. You must have active Dedicated Hosts in your account before you
	// purchase a reservation. This is a preview of the PurchaseHostReservation action
	// and does not result in the offering being purchased.
	GetHostReservationPurchasePreview(ctx context.Context, params *GetHostReservationPurchasePreviewInput, optFns ...func(*Options)) (*GetHostReservationPurchasePreviewOutput, error)
	// Returns a list of instance types with the specified instance attributes. You can
	// use the response to preview the instance types without launching instances. Note
	// that the response does not consider capacity. When you specify multiple
	// parameters, you get instance types that satisfy all of the specified parameters.
	// If you specify multiple values for a parameter, you get instance types that
	// satisfy any of the specified values. For more information, see Preview instance
	// types with specified attributes
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html#spotfleet-get-instance-types-from-instance-requirements),
	// Attribute-based instance type selection for EC2 Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html),
	// Attribute-based instance type selection for Spot Fleet
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html),
	// and Spot placement score
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html)
	// in the Amazon EC2 User Guide, and Creating an Auto Scaling group using
	// attribute-based instance type selection
	// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-instance-type-requirements.html)
	// in the Amazon EC2 Auto Scaling User Guide.
	GetInstanceTypesFromInstanceRequirements(ctx context.Context, params *GetInstanceTypesFromInstanceRequirementsInput, optFns ...func(*Options)) (*GetInstanceTypesFromInstanceRequirementsOutput, error)
	// Retrieve historical information about a CIDR within an IPAM scope. For more
	// information, see View the history of IP addresses in the Amazon VPC IPAM User
	// Guide.
	GetIpamAddressHistory(ctx context.Context, params *GetIpamAddressHistoryInput, optFns ...func(*Options)) (*GetIpamAddressHistoryOutput, error)
	// Get a list of all the CIDR allocations in an IPAM pool.
	GetIpamPoolAllocations(ctx context.Context, params *GetIpamPoolAllocationsInput, optFns ...func(*Options)) (*GetIpamPoolAllocationsOutput, error)
	// Get the CIDRs provisioned to an IPAM pool.
	GetIpamPoolCidrs(ctx context.Context, params *GetIpamPoolCidrsInput, optFns ...func(*Options)) (*GetIpamPoolCidrsOutput, error)
	// Get information about the resources in a scope.
	GetIpamResourceCidrs(ctx context.Context, params *GetIpamResourceCidrsInput, optFns ...func(*Options)) (*GetIpamResourceCidrsOutput, error)
	// Retrieves the configuration data of the specified instance. You can use this
	// data to create a launch template. This action calls on other describe actions to
	// get instance information. Depending on your instance configuration, you may need
	// to allow the following actions in your IAM policy: DescribeSpotInstanceRequests,
	// DescribeInstanceCreditSpecifications, DescribeVolumes,
	// DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe*
	// depending on your instance requirements.
	GetLaunchTemplateData(ctx context.Context, params *GetLaunchTemplateDataInput, optFns ...func(*Options)) (*GetLaunchTemplateDataOutput, error)
	// Gets information about the resources that are associated with the specified
	// managed prefix list.
	GetManagedPrefixListAssociations(ctx context.Context, params *GetManagedPrefixListAssociationsInput, optFns ...func(*Options)) (*GetManagedPrefixListAssociationsOutput, error)
	// Gets information about the entries for a specified managed prefix list.
	GetManagedPrefixListEntries(ctx context.Context, params *GetManagedPrefixListEntriesInput, optFns ...func(*Options)) (*GetManagedPrefixListEntriesOutput, error)
	// Gets the findings for the specified Network Access Scope analysis.
	GetNetworkInsightsAccessScopeAnalysisFindings(ctx context.Context, params *GetNetworkInsightsAccessScopeAnalysisFindingsInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, error)
	// Gets the content for the specified Network Access Scope.
	GetNetworkInsightsAccessScopeContent(ctx context.Context, params *GetNetworkInsightsAccessScopeContentInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeContentOutput, error)
	// Retrieves the encrypted administrator password for a running Windows instance.
	// The Windows password is generated at boot by the EC2Config service or EC2Launch
	// scripts (Windows Server 2016 and later). This usually only happens the first
	// time an instance is launched. For more information, see EC2Config
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_WinAMI.html)
	// and EC2Launch
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html) in the
	// Amazon EC2 User Guide. For the EC2Config service, the password is not generated
	// for rebundled AMIs unless Ec2SetPassword is enabled before bundling. The
	// password is encrypted using the key pair that you specified when you launched
	// the instance. You must provide the corresponding key pair file. When you launch
	// an instance, password generation and encryption may take a few minutes. If you
	// try to retrieve the password before it's available, the output returns an empty
	// string. We recommend that you wait up to 15 minutes after launching an instance
	// before trying to retrieve the generated password.
	GetPasswordData(ctx context.Context, params *GetPasswordDataInput, optFns ...func(*Options)) (*GetPasswordDataOutput, error)
	// Returns a quote and exchange information for exchanging one or more specified
	// Convertible Reserved Instances for a new Convertible Reserved Instance. If the
	// exchange cannot be performed, the reason is returned in the response. Use
	// AcceptReservedInstancesExchangeQuote to perform the exchange.
	GetReservedInstancesExchangeQuote(ctx context.Context, params *GetReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*GetReservedInstancesExchangeQuoteOutput, error)
	// Retrieves the access status of your account to the EC2 serial console of all
	// instances. By default, access to the EC2 serial console is disabled for your
	// account. For more information, see Manage account access to the EC2 serial
	// console
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
	// in the Amazon EC2 User Guide.
	GetSerialConsoleAccessStatus(ctx context.Context, params *GetSerialConsoleAccessStatusInput, optFns ...func(*Options)) (*GetSerialConsoleAccessStatusOutput, error)
	// Calculates the Spot placement score for a Region or Availability Zone based on
	// the specified target capacity and compute requirements. You can specify your
	// compute requirements either by using InstanceRequirementsWithMetadata and
	// letting Amazon EC2 choose the optimal instance types to fulfill your Spot
	// request, or you can specify the instance types by using InstanceTypes. For more
	// information, see Spot placement score
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html)
	// in the Amazon EC2 User Guide.
	GetSpotPlacementScores(ctx context.Context, params *GetSpotPlacementScoresInput, optFns ...func(*Options)) (*GetSpotPlacementScoresOutput, error)
	// Gets information about the subnet CIDR reservations.
	GetSubnetCidrReservations(ctx context.Context, params *GetSubnetCidrReservationsInput, optFns ...func(*Options)) (*GetSubnetCidrReservationsOutput, error)
	// Lists the route tables to which the specified resource attachment propagates
	// routes.
	GetTransitGatewayAttachmentPropagations(ctx context.Context, params *GetTransitGatewayAttachmentPropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayAttachmentPropagationsOutput, error)
	// Gets information about the associations for the transit gateway multicast
	// domain.
	GetTransitGatewayMulticastDomainAssociations(ctx context.Context, params *GetTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayMulticastDomainAssociationsOutput, error)
	// Gets information about the prefix list references in a specified transit gateway
	// route table.
	GetTransitGatewayPrefixListReferences(ctx context.Context, params *GetTransitGatewayPrefixListReferencesInput, optFns ...func(*Options)) (*GetTransitGatewayPrefixListReferencesOutput, error)
	// Gets information about the associations for the specified transit gateway route
	// table.
	GetTransitGatewayRouteTableAssociations(ctx context.Context, params *GetTransitGatewayRouteTableAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTableAssociationsOutput, error)
	// Gets information about the route table propagations for the specified transit
	// gateway route table.
	GetTransitGatewayRouteTablePropagations(ctx context.Context, params *GetTransitGatewayRouteTablePropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTablePropagationsOutput, error)
	// Download an Amazon Web Services-provided sample configuration file to be used
	// with the customer gateway device specified for your Site-to-Site VPN connection.
	GetVpnConnectionDeviceSampleConfiguration(ctx context.Context, params *GetVpnConnectionDeviceSampleConfigurationInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceSampleConfigurationOutput, error)
	// Obtain a list of customer gateway devices for which sample configuration files
	// can be provided. The request has no additional parameters. You can also see the
	// list of device types with sample configuration files available under Your
	// customer gateway device
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html) in the Amazon Web
	// Services Site-to-Site VPN User Guide.
	GetVpnConnectionDeviceTypes(ctx context.Context, params *GetVpnConnectionDeviceTypesInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceTypesOutput, error)
	// Uploads a client certificate revocation list to the specified Client VPN
	// endpoint. Uploading a client certificate revocation list overwrites the existing
	// client certificate revocation list. Uploading a client certificate revocation
	// list resets existing client connections.
	ImportClientVpnClientCertificateRevocationList(ctx context.Context, params *ImportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ImportClientVpnClientCertificateRevocationListOutput, error)
	// Import single or multi-volume disk images or EBS snapshots into an Amazon
	// Machine Image (AMI). For more information, see Importing a VM as an image using
	// VM Import/Export
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html)
	// in the VM Import/Export User Guide.
	ImportImage(ctx context.Context, params *ImportImageInput, optFns ...func(*Options)) (*ImportImageOutput, error)
	// Creates an import instance task using metadata from the specified disk image.
	// This API action supports only single-volume VMs. To import multi-volume VMs, use
	// ImportImage instead. This API action is not supported by the Command Line
	// Interface (CLI). For information about using the Amazon EC2 CLI, which is
	// deprecated, see Importing a VM to Amazon EC2
	// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2)
	// in the Amazon EC2 CLI Reference PDF file. For information about the import
	// manifest referenced by this API action, see VM Import Manifest
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
	ImportInstance(ctx context.Context, params *ImportInstanceInput, optFns ...func(*Options)) (*ImportInstanceOutput, error)
	// Imports the public key from an RSA or ED25519 key pair that you created with a
	// third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services
	// creates the key pair and gives the keys to you (Amazon Web Services keeps a copy
	// of the public key). With ImportKeyPair, you create the key pair and give Amazon
	// Web Services just the public key. The private key is never transferred between
	// you and Amazon Web Services. For more information about key pairs, see Amazon
	// EC2 key pairs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	ImportKeyPair(ctx context.Context, params *ImportKeyPairInput, optFns ...func(*Options)) (*ImportKeyPairOutput, error)
	// Imports a disk into an EBS snapshot. For more information, see Importing a disk
	// as a snapshot using VM Import/Export
	// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-import-snapshot.html)
	// in the VM Import/Export User Guide.
	ImportSnapshot(ctx context.Context, params *ImportSnapshotInput, optFns ...func(*Options)) (*ImportSnapshotOutput, error)
	// Creates an import volume task using metadata from the specified disk image. This
	// API action supports only single-volume VMs. To import multi-volume VMs, use
	// ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.
	// This API action is not supported by the Command Line Interface (CLI). For
	// information about using the Amazon EC2 CLI, which is deprecated, see Importing
	// Disks to Amazon EBS
	// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#importing-your-volumes-into-amazon-ebs)
	// in the Amazon EC2 CLI Reference PDF file. For information about the import
	// manifest referenced by this API action, see VM Import Manifest
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
	ImportVolume(ctx context.Context, params *ImportVolumeInput, optFns ...func(*Options)) (*ImportVolumeOutput, error)
	// Lists one or more AMIs that are currently in the Recycle Bin. For more
	// information, see Recycle Bin
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	ListImagesInRecycleBin(ctx context.Context, params *ListImagesInRecycleBinInput, optFns ...func(*Options)) (*ListImagesInRecycleBinOutput, error)
	// Lists one or more snapshots that are currently in the Recycle Bin.
	ListSnapshotsInRecycleBin(ctx context.Context, params *ListSnapshotsInRecycleBinInput, optFns ...func(*Options)) (*ListSnapshotsInRecycleBinOutput, error)
	// Modifies an attribute of the specified Elastic IP address. For requirements, see
	// Using reverse DNS for email applications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
	ModifyAddressAttribute(ctx context.Context, params *ModifyAddressAttributeInput, optFns ...func(*Options)) (*ModifyAddressAttributeOutput, error)
	// Changes the opt-in status of the Local Zone and Wavelength Zone group for your
	// account. Use  DescribeAvailabilityZones
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html)
	// to view the value for GroupName.
	ModifyAvailabilityZoneGroup(ctx context.Context, params *ModifyAvailabilityZoneGroupInput, optFns ...func(*Options)) (*ModifyAvailabilityZoneGroupOutput, error)
	// Modifies a Capacity Reservation's capacity and the conditions under which it is
	// to be released. You cannot change a Capacity Reservation's instance type, EBS
	// optimization, instance store settings, platform, Availability Zone, or instance
	// eligibility. If you need to modify any of these attributes, we recommend that
	// you cancel the Capacity Reservation, and then create a new one with the required
	// attributes.
	ModifyCapacityReservation(ctx context.Context, params *ModifyCapacityReservationInput, optFns ...func(*Options)) (*ModifyCapacityReservationOutput, error)
	// Modifies a Capacity Reservation Fleet. When you modify the total target capacity
	// of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity
	// Reservations, or modifies or cancels existing Capacity Reservations in the Fleet
	// to meet the new total target capacity. When you modify the end date for the
	// Fleet, the end dates for all of the individual Capacity Reservations in the
	// Fleet are updated accordingly.
	ModifyCapacityReservationFleet(ctx context.Context, params *ModifyCapacityReservationFleetInput, optFns ...func(*Options)) (*ModifyCapacityReservationFleetOutput, error)
	// Modifies the specified Client VPN endpoint. Modifying the DNS server resets
	// existing client connections.
	ModifyClientVpnEndpoint(ctx context.Context, params *ModifyClientVpnEndpointInput, optFns ...func(*Options)) (*ModifyClientVpnEndpointOutput, error)
	// Modifies the default credit option for CPU usage of burstable performance
	// instances. The default credit option is set at the account level per Amazon Web
	// Services Region, and is specified per instance family. All new burstable
	// performance instances in the account launch using the default credit option.
	// ModifyDefaultCreditSpecification is an asynchronous operation, which works at an
	// Amazon Web Services Region level and modifies the credit option for each
	// Availability Zone. All zones in a Region are updated within five minutes. But if
	// instances are launched during this operation, they might not get the new credit
	// option until the zone is updated. To verify whether the update has occurred, you
	// can call GetDefaultCreditSpecification and check DefaultCreditSpecification for
	// updates. For more information, see Burstable performance instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
	// in the Amazon EC2 User Guide.
	ModifyDefaultCreditSpecification(ctx context.Context, params *ModifyDefaultCreditSpecificationInput, optFns ...func(*Options)) (*ModifyDefaultCreditSpecificationOutput, error)
	// Changes the default KMS key for EBS encryption by default for your account in
	// this Region. Amazon Web Services creates a unique Amazon Web Services managed
	// KMS key in each Region for use with encryption by default. If you change the
	// default KMS key to a symmetric customer managed KMS key, it is used instead of
	// the Amazon Web Services managed KMS key. To reset the default KMS key to the
	// Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon
	// EBS does not support asymmetric KMS keys. If you delete or disable the customer
	// managed KMS key that you specified for use with encryption by default, your
	// instances will fail to launch. For more information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	ModifyEbsDefaultKmsKeyId(ctx context.Context, params *ModifyEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ModifyEbsDefaultKmsKeyIdOutput, error)
	// Modifies the specified EC2 Fleet. You can only modify an EC2 Fleet request of
	// type maintain. While the EC2 Fleet is being modified, it is in the modifying
	// state. To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet
	// launches the additional Spot Instances according to the allocation strategy for
	// the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet
	// launches instances using the Spot Instance pool with the lowest price. If the
	// allocation strategy is diversified, the EC2 Fleet distributes the instances
	// across the Spot Instance pools. If the allocation strategy is
	// capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with
	// optimal capacity for the number of instances that are launching. To scale down
	// your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any
	// open requests that exceed the new target capacity. You can request that the EC2
	// Fleet terminate Spot Instances until the size of the fleet no longer exceeds the
	// new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet
	// terminates the instances with the highest price per unit. If the allocation
	// strategy is capacity-optimized, the EC2 Fleet terminates the instances in the
	// Spot Instance pools that have the least available Spot Instance capacity. If the
	// allocation strategy is diversified, the EC2 Fleet terminates instances across
	// the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep
	// the fleet at its current size, but not replace any Spot Instances that are
	// interrupted or that you terminate manually. If you are finished with your EC2
	// Fleet for now, but will use it again later, you can set the target capacity to
	// 0.
	ModifyFleet(ctx context.Context, params *ModifyFleetInput, optFns ...func(*Options)) (*ModifyFleetOutput, error)
	// Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
	ModifyFpgaImageAttribute(ctx context.Context, params *ModifyFpgaImageAttributeInput, optFns ...func(*Options)) (*ModifyFpgaImageAttributeOutput, error)
	// Modify the auto-placement setting of a Dedicated Host. When auto-placement is
	// enabled, any instances that you launch with a tenancy of host but without a
	// specific host ID are placed onto any available Dedicated Host in your account
	// that has auto-placement enabled. When auto-placement is disabled, you need to
	// provide a host ID to have the instance launch onto a specific host. If no host
	// ID is provided, the instance is launched onto a suitable host with
	// auto-placement enabled. You can also use this API action to modify a Dedicated
	// Host to support either multiple instance types in an instance family, or to
	// support a specific instance type only.
	ModifyHosts(ctx context.Context, params *ModifyHostsInput, optFns ...func(*Options)) (*ModifyHostsOutput, error)
	// Modifies the ID format for the specified resource on a per-Region basis. You can
	// specify that resources should receive longer IDs (17-character IDs) when they
	// are created. This request can only be used to modify longer ID settings for
	// resource types that are within the opt-in period. Resources currently in their
	// opt-in period include: bundle | conversion-task | customer-gateway |
	// dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task |
	// flow-log | image | import-task | internet-gateway | network-acl |
	// network-acl-association | network-interface | network-interface-attachment |
	// prefix-list | route-table | route-table-association | security-group | subnet |
	// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
	// | vpc-peering-connection | vpn-connection | vpn-gateway. This setting applies to
	// the IAM user who makes the request; it does not apply to the entire Amazon Web
	// Services account. By default, an IAM user defaults to the same settings as the
	// root user. If you're using this action as the root user, then these settings
	// apply to the entire account, unless an IAM user explicitly overrides these
	// settings for themselves. For more information, see Resource IDs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
	// Amazon Elastic Compute Cloud User Guide. Resources created with longer IDs are
	// visible to all IAM roles and users, regardless of these settings and provided
	// that they have permission to use the relevant Describe command for the resource
	// type.
	ModifyIdFormat(ctx context.Context, params *ModifyIdFormatInput, optFns ...func(*Options)) (*ModifyIdFormatOutput, error)
	// Modifies the ID format of a resource for a specified IAM user, IAM role, or the
	// root user for an account; or all IAM users, IAM roles, and the root user for an
	// account. You can specify that resources should receive longer IDs (17-character
	// IDs) when they are created. This request can only be used to modify longer ID
	// settings for resource types that are within the opt-in period. Resources
	// currently in their opt-in period include: bundle | conversion-task |
	// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
	// | export-task | flow-log | image | import-task | internet-gateway | network-acl
	// | network-acl-association | network-interface | network-interface-attachment |
	// prefix-list | route-table | route-table-association | security-group | subnet |
	// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
	// | vpc-peering-connection | vpn-connection | vpn-gateway. For more information,
	// see Resource IDs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
	// Amazon Elastic Compute Cloud User Guide. This setting applies to the principal
	// specified in the request; it does not apply to the principal that makes the
	// request. Resources created with longer IDs are visible to all IAM roles and
	// users, regardless of these settings and provided that they have permission to
	// use the relevant Describe command for the resource type.
	ModifyIdentityIdFormat(ctx context.Context, params *ModifyIdentityIdFormatInput, optFns ...func(*Options)) (*ModifyIdentityIdFormatOutput, error)
	// Modifies the specified attribute of the specified AMI. You can specify only one
	// attribute at a time. You can use the Attribute parameter to specify the
	// attribute or one of the following parameters: Description or LaunchPermission.
	// Images with an Amazon Web Services Marketplace product code cannot be made
	// public. To enable the SriovNetSupport enhanced networking attribute of an image,
	// enable SriovNetSupport on an instance and create an AMI from the instance.
	ModifyImageAttribute(ctx context.Context, params *ModifyImageAttributeInput, optFns ...func(*Options)) (*ModifyImageAttributeOutput, error)
	// Modifies the specified attribute of the specified instance. You can specify only
	// one attribute at a time. Note: Using this action to change the security groups
	// associated with an elastic network interface (ENI) attached to an instance in a
	// VPC can result in an error if the instance has more than one ENI. To change the
	// security groups associated with an ENI attached to an instance that has multiple
	// ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action. To
	// modify some attributes, the instance must be stopped. For more information, see
	// Modify a stopped instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html)
	// in the Amazon EC2 User Guide.
	ModifyInstanceAttribute(ctx context.Context, params *ModifyInstanceAttributeInput, optFns ...func(*Options)) (*ModifyInstanceAttributeOutput, error)
	// Modifies the Capacity Reservation settings for a stopped instance. Use this
	// action to configure an instance to target a specific Capacity Reservation, run
	// in any open Capacity Reservation with matching attributes, or run On-Demand
	// Instance capacity.
	ModifyInstanceCapacityReservationAttributes(ctx context.Context, params *ModifyInstanceCapacityReservationAttributesInput, optFns ...func(*Options)) (*ModifyInstanceCapacityReservationAttributesOutput, error)
	// Modifies the credit option for CPU usage on a running or stopped burstable
	// performance instance. The credit options are standard and unlimited. For more
	// information, see Burstable performance instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
	// in the Amazon EC2 User Guide.
	ModifyInstanceCreditSpecification(ctx context.Context, params *ModifyInstanceCreditSpecificationInput, optFns ...func(*Options)) (*ModifyInstanceCreditSpecificationOutput, error)
	// Modifies the start time for a scheduled Amazon EC2 instance event.
	ModifyInstanceEventStartTime(ctx context.Context, params *ModifyInstanceEventStartTimeInput, optFns ...func(*Options)) (*ModifyInstanceEventStartTimeOutput, error)
	// Modifies the specified event window. You can define either a set of time ranges
	// or a cron expression when modifying the event window, but not both. To modify
	// the targets associated with the event window, use the
	// AssociateInstanceEventWindow and DisassociateInstanceEventWindow API. If Amazon
	// Web Services has already scheduled an event, modifying an event window won't
	// change the time of the scheduled event. For more information, see Define event
	// windows for scheduled events
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
	// Amazon EC2 User Guide.
	ModifyInstanceEventWindow(ctx context.Context, params *ModifyInstanceEventWindowInput, optFns ...func(*Options)) (*ModifyInstanceEventWindowOutput, error)
	// Modifies the recovery behavior of your instance to disable simplified automatic
	// recovery or set the recovery behavior to default. The default configuration will
	// not enable simplified automatic recovery for an unsupported instance type. For
	// more information, see Simplified automatic recovery
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery).
	ModifyInstanceMaintenanceOptions(ctx context.Context, params *ModifyInstanceMaintenanceOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMaintenanceOptionsOutput, error)
	// Modify the instance metadata parameters on a running or stopped instance. When
	// you modify the parameters on a stopped instance, they are applied when the
	// instance is started. When you modify the parameters on a running instance, the
	// API responds with a state of “pending”. After the parameter modifications are
	// successfully applied to the instance, the state of the modifications changes
	// from “pending” to “applied” in subsequent describe-instances API calls. For more
	// information, see Instance metadata and user data
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
	// in the Amazon EC2 User Guide.
	ModifyInstanceMetadataOptions(ctx context.Context, params *ModifyInstanceMetadataOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMetadataOptionsOutput, error)
	// Modifies the placement attributes for a specified instance. You can do the
	// following:
	//
	// * Modify the affinity between an instance and a Dedicated Host
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html).
	// When affinity is set to host and the instance is not associated with a specific
	// Dedicated Host, the next time the instance is launched, it is automatically
	// associated with the host on which it lands. If the instance is restarted or
	// rebooted, this relationship persists.
	//
	// * Change the Dedicated Host with which an
	// instance is associated.
	//
	// * Change the instance tenancy of an instance.
	//
	// * Move
	// an instance to or from a placement group
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html).
	//
	// At
	// least one attribute for affinity, host ID, tenancy, or placement group name must
	// be specified in the request. Affinity and tenancy can be modified in the same
	// request. To modify the host ID, tenancy, placement group, or partition for an
	// instance, the instance must be in the stopped state.
	ModifyInstancePlacement(ctx context.Context, params *ModifyInstancePlacementInput, optFns ...func(*Options)) (*ModifyInstancePlacementOutput, error)
	// Modify the configurations of an IPAM.
	ModifyIpam(ctx context.Context, params *ModifyIpamInput, optFns ...func(*Options)) (*ModifyIpamOutput, error)
	// Modify the configurations of an IPAM pool. For more information, see Modify a
	// pool in the Amazon VPC IPAM User Guide.
	ModifyIpamPool(ctx context.Context, params *ModifyIpamPoolInput, optFns ...func(*Options)) (*ModifyIpamPoolOutput, error)
	// Modify a resource CIDR. You can use this action to transfer resource CIDRs
	// between scopes and ignore resource CIDRs that you do not want to manage. If set
	// to false, the resource will not be tracked for overlap, it cannot be
	// auto-imported into a pool, and it will be removed from any pool it has an
	// allocation in. For more information, see Move resource CIDRs between scopes and
	// Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.
	ModifyIpamResourceCidr(ctx context.Context, params *ModifyIpamResourceCidrInput, optFns ...func(*Options)) (*ModifyIpamResourceCidrOutput, error)
	// Modify an IPAM scope.
	ModifyIpamScope(ctx context.Context, params *ModifyIpamScopeInput, optFns ...func(*Options)) (*ModifyIpamScopeOutput, error)
	// Modifies a launch template. You can specify which version of the launch template
	// to set as the default version. When launching an instance, the default version
	// applies when a launch template version is not specified.
	ModifyLaunchTemplate(ctx context.Context, params *ModifyLaunchTemplateInput, optFns ...func(*Options)) (*ModifyLaunchTemplateOutput, error)
	// Modifies the specified managed prefix list. Adding or removing entries in a
	// prefix list creates a new version of the prefix list. Changing the name of the
	// prefix list does not affect the version. If you specify a current version number
	// that does not match the true current version number, the request fails.
	ModifyManagedPrefixList(ctx context.Context, params *ModifyManagedPrefixListInput, optFns ...func(*Options)) (*ModifyManagedPrefixListOutput, error)
	// Modifies the specified network interface attribute. You can specify only one
	// attribute at a time. You can use this action to attach and detach security
	// groups from an existing EC2 instance.
	ModifyNetworkInterfaceAttribute(ctx context.Context, params *ModifyNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ModifyNetworkInterfaceAttributeOutput, error)
	// Modifies the options for instance hostnames for the specified instance.
	ModifyPrivateDnsNameOptions(ctx context.Context, params *ModifyPrivateDnsNameOptionsInput, optFns ...func(*Options)) (*ModifyPrivateDnsNameOptionsOutput, error)
	// Modifies the Availability Zone, instance count, instance type, or network
	// platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved
	// Instances to be modified must be identical, except for Availability Zone,
	// network platform, and instance type. For more information, see Modifying
	// Reserved Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the
	// Amazon EC2 User Guide.
	ModifyReservedInstances(ctx context.Context, params *ModifyReservedInstancesInput, optFns ...func(*Options)) (*ModifyReservedInstancesOutput, error)
	// Modifies the rules of a security group.
	ModifySecurityGroupRules(ctx context.Context, params *ModifySecurityGroupRulesInput, optFns ...func(*Options)) (*ModifySecurityGroupRulesOutput, error)
	// Adds or removes permission settings for the specified snapshot. You may add or
	// remove specified Amazon Web Services account IDs from a snapshot's list of
	// create volume permissions, but you cannot do both in a single operation. If you
	// need to both add and remove account IDs for a snapshot, you must use multiple
	// operations. You can make up to 500 modifications to a snapshot in a single
	// operation. Encrypted snapshots and snapshots with Amazon Web Services
	// Marketplace product codes cannot be made public. Snapshots encrypted with your
	// default KMS key cannot be shared with other accounts. For more information about
	// modifying snapshot permissions, see Share a snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	ModifySnapshotAttribute(ctx context.Context, params *ModifySnapshotAttributeInput, optFns ...func(*Options)) (*ModifySnapshotAttributeOutput, error)
	// Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to
	// a full snapshot that includes all of the blocks of data that were written to the
	// volume at the time the snapshot was created, and moved from the standard tier to
	// the archive tier. For more information, see Archive Amazon EBS snapshots
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-archive.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	ModifySnapshotTier(ctx context.Context, params *ModifySnapshotTierInput, optFns ...func(*Options)) (*ModifySnapshotTierOutput, error)
	// Modifies the specified Spot Fleet request. You can only modify a Spot Fleet
	// request of type maintain. While the Spot Fleet request is being modified, it is
	// in the modifying state. To scale up your Spot Fleet, increase its target
	// capacity. The Spot Fleet launches the additional Spot Instances according to the
	// allocation strategy for the Spot Fleet request. If the allocation strategy is
	// lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with
	// the lowest price. If the allocation strategy is diversified, the Spot Fleet
	// distributes the instances across the Spot Instance pools. If the allocation
	// strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance
	// pools with optimal capacity for the number of instances that are launching. To
	// scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet
	// cancels any open requests that exceed the new target capacity. You can request
	// that the Spot Fleet terminate Spot Instances until the size of the fleet no
	// longer exceeds the new target capacity. If the allocation strategy is
	// lowestPrice, the Spot Fleet terminates the instances with the highest price per
	// unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates
	// the instances in the Spot Instance pools that have the least available Spot
	// Instance capacity. If the allocation strategy is diversified, the Spot Fleet
	// terminates instances across the Spot Instance pools. Alternatively, you can
	// request that the Spot Fleet keep the fleet at its current size, but not replace
	// any Spot Instances that are interrupted or that you terminate manually. If you
	// are finished with your Spot Fleet for now, but will use it again later, you can
	// set the target capacity to 0.
	ModifySpotFleetRequest(ctx context.Context, params *ModifySpotFleetRequestInput, optFns ...func(*Options)) (*ModifySpotFleetRequestOutput, error)
	// Modifies a subnet attribute. You can only modify one attribute at a time. Use
	// this action to modify subnets on Amazon Web Services Outposts.
	//
	// * To modify a
	// subnet on an Outpost rack, set both MapCustomerOwnedIpOnLaunch and
	// CustomerOwnedIpv4Pool. These two parameters act as a single attribute.
	//
	// * To
	// modify a subnet on an Outpost server, set either EnableLniAtDeviceIndex or
	// DisableLniAtDeviceIndex.
	//
	// For more information about Amazon Web Services
	// Outposts, see the following:
	//
	// * Outpost servers
	// (https://docs.aws.amazon.com/outposts/latest/userguide/how-servers-work.html)
	//
	// *
	// Outpost racks
	// (https://docs.aws.amazon.com/outposts/latest/userguide/how-racks-work.html)
	ModifySubnetAttribute(ctx context.Context, params *ModifySubnetAttributeInput, optFns ...func(*Options)) (*ModifySubnetAttributeOutput, error)
	// Allows or restricts mirroring network services. By default, Amazon DNS network
	// services are not eligible for Traffic Mirror. Use AddNetworkServices to add
	// network services to a Traffic Mirror filter. When a network service is added to
	// the Traffic Mirror filter, all traffic related to that network service will be
	// mirrored. When you no longer want to mirror network services, use
	// RemoveNetworkServices to remove the network services from the Traffic Mirror
	// filter.
	ModifyTrafficMirrorFilterNetworkServices(ctx context.Context, params *ModifyTrafficMirrorFilterNetworkServicesInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterNetworkServicesOutput, error)
	// Modifies the specified Traffic Mirror rule. DestinationCidrBlock and
	// SourceCidrBlock must both be an IPv4 range or an IPv6 range.
	ModifyTrafficMirrorFilterRule(ctx context.Context, params *ModifyTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterRuleOutput, error)
	// Modifies a Traffic Mirror session.
	ModifyTrafficMirrorSession(ctx context.Context, params *ModifyTrafficMirrorSessionInput, optFns ...func(*Options)) (*ModifyTrafficMirrorSessionOutput, error)
	// Modifies the specified transit gateway. When you modify a transit gateway, the
	// modified options are applied to new transit gateway attachments only. Your
	// existing transit gateway attachments are not modified.
	ModifyTransitGateway(ctx context.Context, params *ModifyTransitGatewayInput, optFns ...func(*Options)) (*ModifyTransitGatewayOutput, error)
	// Modifies a reference (route) to a prefix list in a specified transit gateway
	// route table.
	ModifyTransitGatewayPrefixListReference(ctx context.Context, params *ModifyTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*ModifyTransitGatewayPrefixListReferenceOutput, error)
	// Modifies the specified VPC attachment.
	ModifyTransitGatewayVpcAttachment(ctx context.Context, params *ModifyTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ModifyTransitGatewayVpcAttachmentOutput, error)
	// You can modify several parameters of an existing EBS volume, including volume
	// size, volume type, and IOPS capacity. If your EBS volume is attached to a
	// current-generation EC2 instance type, you might be able to apply these changes
	// without stopping the instance or detaching the volume from it. For more
	// information about modifying EBS volumes, see Amazon EBS Elastic Volumes
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modify-volume.html)
	// (Linux instances) or Amazon EBS Elastic Volumes
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-modify-volume.html)
	// (Windows instances). When you complete a resize operation on your volume, you
	// need to extend the volume's file-system size to take advantage of the new
	// storage capacity. For more information, see Extend a Linux file system
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#recognize-expanded-volume-linux)
	// or Extend a Windows file system
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-expand-volume.html#recognize-expanded-volume-windows).
	// You can use CloudWatch Events to check the status of a modification to an EBS
	// volume. For information about CloudWatch Events, see the Amazon CloudWatch
	// Events User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/).
	// You can also track the status of a modification using
	// DescribeVolumesModifications. For information about tracking status changes
	// using either method, see Monitor the progress of volume modifications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html).
	// With previous-generation instance types, resizing an EBS volume might require
	// detaching and reattaching the volume or stopping and restarting the instance. If
	// you reach the maximum volume modification rate per volume limit, you must wait
	// at least six hours before applying further modifications to the affected EBS
	// volume.
	ModifyVolume(ctx context.Context, params *ModifyVolumeInput, optFns ...func(*Options)) (*ModifyVolumeOutput, error)
	// Modifies a volume attribute. By default, all I/O operations for the volume are
	// suspended when the data on the volume is determined to be potentially
	// inconsistent, to prevent undetectable, latent data corruption. The I/O access to
	// the volume can be resumed by first enabling I/O access and then checking the
	// data consistency on your volume. You can change the default behavior to resume
	// I/O operations. We recommend that you change this only for boot volumes or for
	// volumes that are stateless or disposable.
	ModifyVolumeAttribute(ctx context.Context, params *ModifyVolumeAttributeInput, optFns ...func(*Options)) (*ModifyVolumeAttributeOutput, error)
	// Modifies the specified attribute of the specified VPC.
	ModifyVpcAttribute(ctx context.Context, params *ModifyVpcAttributeInput, optFns ...func(*Options)) (*ModifyVpcAttributeOutput, error)
	// Modifies attributes of a specified VPC endpoint. The attributes that you can
	// modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load
	// Balancer). For more information, see VPC Endpoints
	// (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the
	// Amazon Virtual Private Cloud User Guide.
	ModifyVpcEndpoint(ctx context.Context, params *ModifyVpcEndpointInput, optFns ...func(*Options)) (*ModifyVpcEndpointOutput, error)
	// Modifies a connection notification for VPC endpoint or VPC endpoint service. You
	// can change the SNS topic for the notification, or the events for which to be
	// notified.
	ModifyVpcEndpointConnectionNotification(ctx context.Context, params *ModifyVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*ModifyVpcEndpointConnectionNotificationOutput, error)
	// Modifies the attributes of your VPC endpoint service configuration. You can
	// change the Network Load Balancers or Gateway Load Balancers for your service,
	// and you can specify whether acceptance is required for requests to connect to
	// your endpoint service through an interface VPC endpoint. If you set or modify
	// the private DNS name, you must prove that you own the private DNS domain name.
	// For more information, see VPC Endpoint Service Private DNS Name Verification
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html)
	// in the Amazon Virtual Private Cloud User Guide.
	ModifyVpcEndpointServiceConfiguration(ctx context.Context, params *ModifyVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*ModifyVpcEndpointServiceConfigurationOutput, error)
	// Modifies the payer responsibility for your VPC endpoint service.
	ModifyVpcEndpointServicePayerResponsibility(ctx context.Context, params *ModifyVpcEndpointServicePayerResponsibilityInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePayerResponsibilityOutput, error)
	// Modifies the permissions for your VPC endpoint service
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html). You
	// can add or remove permissions for service consumers (IAM users, IAM roles, and
	// Amazon Web Services accounts) to connect to your endpoint service. If you grant
	// permissions to all principals, the service is public. Any users who know the
	// name of a public service can send a request to attach an endpoint. If the
	// service does not require manual approval, attachments are automatically
	// approved.
	ModifyVpcEndpointServicePermissions(ctx context.Context, params *ModifyVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePermissionsOutput, error)
	// Modifies the VPC peering connection options on one side of a VPC peering
	// connection. You can do the following:
	//
	// * Enable/disable communication over the
	// peering connection between an EC2-Classic instance that's linked to your VPC
	// (using ClassicLink) and instances in the peer VPC.
	//
	// * Enable/disable
	// communication over the peering connection between instances in your VPC and an
	// EC2-Classic instance that's linked to the peer VPC.
	//
	// * Enable/disable the
	// ability to resolve public DNS hostnames to private IP addresses when queried
	// from instances in the peer VPC.
	//
	// If the peered VPCs are in the same Amazon Web
	// Services account, you can enable DNS resolution for queries from the local VPC.
	// This ensures that queries from the local VPC resolve to private IP addresses in
	// the peer VPC. This option is not available if the peered VPCs are in different
	// different Amazon Web Services accounts or different Regions. For peered VPCs in
	// different Amazon Web Services accounts, each Amazon Web Services account owner
	// must initiate a separate request to modify the peering connection options. For
	// inter-region peering connections, you must use the Region for the requester VPC
	// to modify the requester VPC peering options and the Region for the accepter VPC
	// to modify the accepter VPC peering options. To verify which VPCs are the
	// accepter and the requester for a VPC peering connection, use the
	// DescribeVpcPeeringConnections command.
	ModifyVpcPeeringConnectionOptions(ctx context.Context, params *ModifyVpcPeeringConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpcPeeringConnectionOptionsOutput, error)
	// Modifies the instance tenancy attribute of the specified VPC. You can change the
	// instance tenancy attribute of a VPC to default only. You cannot change the
	// instance tenancy attribute to dedicated. After you modify the tenancy of the
	// VPC, any new instances that you launch into the VPC have a tenancy of default,
	// unless you specify otherwise during launch. The tenancy of any existing
	// instances in the VPC is not affected. For more information, see Dedicated
	// Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	ModifyVpcTenancy(ctx context.Context, params *ModifyVpcTenancyInput, optFns ...func(*Options)) (*ModifyVpcTenancyOutput, error)
	// Modifies the customer gateway or the target gateway of an Amazon Web Services
	// Site-to-Site VPN connection. To modify the target gateway, the following
	// migration options are available:
	//
	// * An existing virtual private gateway to a new
	// virtual private gateway
	//
	// * An existing virtual private gateway to a transit
	// gateway
	//
	// * An existing transit gateway to a new transit gateway
	//
	// * An existing
	// transit gateway to a virtual private gateway
	//
	// Before you perform the migration
	// to the new gateway, you must configure the new gateway. Use CreateVpnGateway to
	// create a virtual private gateway, or CreateTransitGateway to create a transit
	// gateway. This step is required when you migrate from a virtual private gateway
	// with static routes to a transit gateway. You must delete the static routes
	// before you migrate to the new gateway. Keep a copy of the static route before
	// you delete it. You will need to add back these routes to the transit gateway
	// after the VPN connection migration is complete. After you migrate to the new
	// gateway, you might need to modify your VPC route table. Use CreateRoute and
	// DeleteRoute to make the changes described in Update VPC route tables
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing)
	// in the Amazon Web Services Site-to-Site VPN User Guide. When the new gateway is
	// a transit gateway, modify the transit gateway route table to allow traffic
	// between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use
	// CreateTransitGatewayRoute to add the routes. If you deleted VPN static routes,
	// you must add the static routes to the transit gateway route table. After you
	// perform this operation, the VPN endpoint's IP addresses on the Amazon Web
	// Services side and the tunnel options remain intact. Your Amazon Web Services
	// Site-to-Site VPN connection will be temporarily unavailable for a brief period
	// while we provision the new endpoints.
	ModifyVpnConnection(ctx context.Context, params *ModifyVpnConnectionInput, optFns ...func(*Options)) (*ModifyVpnConnectionOutput, error)
	// Modifies the connection options for your Site-to-Site VPN connection. When you
	// modify the VPN connection options, the VPN endpoint IP addresses on the Amazon
	// Web Services side do not change, and the tunnel options do not change. Your VPN
	// connection will be temporarily unavailable for a brief period while the VPN
	// connection is updated.
	ModifyVpnConnectionOptions(ctx context.Context, params *ModifyVpnConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpnConnectionOptionsOutput, error)
	// Modifies the VPN tunnel endpoint certificate.
	ModifyVpnTunnelCertificate(ctx context.Context, params *ModifyVpnTunnelCertificateInput, optFns ...func(*Options)) (*ModifyVpnTunnelCertificateOutput, error)
	// Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN
	// connection. You can modify multiple options for a tunnel in a single request,
	// but you can only modify one tunnel at a time. For more information, see
	// Site-to-Site VPN tunnel options for your Site-to-Site VPN connection
	// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html) in the Amazon
	// Web Services Site-to-Site VPN User Guide.
	ModifyVpnTunnelOptions(ctx context.Context, params *ModifyVpnTunnelOptionsInput, optFns ...func(*Options)) (*ModifyVpnTunnelOptionsOutput, error)
	// Enables detailed monitoring for a running instance. Otherwise, basic monitoring
	// is enabled. For more information, see Monitor your instances using CloudWatch
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in
	// the Amazon EC2 User Guide. To disable detailed monitoring, see
	// UnmonitorInstances
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_UnmonitorInstances.html).
	MonitorInstances(ctx context.Context, params *MonitorInstancesInput, optFns ...func(*Options)) (*MonitorInstancesOutput, error)
	// Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC
	// platform. The Elastic IP address must be allocated to your account for more than
	// 24 hours, and it must not be associated with an instance. After the Elastic IP
	// address is moved, it is no longer available for use in the EC2-Classic platform,
	// unless you move it back using the RestoreAddressToClassic request. You cannot
	// move an Elastic IP address that was originally allocated for use in the EC2-VPC
	// platform to the EC2-Classic platform.
	MoveAddressToVpc(ctx context.Context, params *MoveAddressToVpcInput, optFns ...func(*Options)) (*MoveAddressToVpcOutput, error)
	// Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool. If you already have an
	// IPv4 BYOIP CIDR with Amazon Web Services, you can move the CIDR to IPAM from a
	// public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a
	// new IP address to Amazon Web Services for the first time, complete the steps in
	// Tutorial: BYOIP address CIDRs to IPAM.
	MoveByoipCidrToIpam(ctx context.Context, params *MoveByoipCidrToIpamInput, optFns ...func(*Options)) (*MoveByoipCidrToIpamOutput, error)
	// Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services
	// resources through bring your own IP addresses (BYOIP) and creates a
	// corresponding address pool. After the address range is provisioned, it is ready
	// to be advertised using AdvertiseByoipCidr. Amazon Web Services verifies that you
	// own the address range and are authorized to advertise it. You must ensure that
	// the address range is registered to you and that you created an RPKI ROA to
	// authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more
	// information, see Bring your own IP addresses (BYOIP)
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the
	// Amazon Elastic Compute Cloud User Guide. Provisioning an address range is an
	// asynchronous operation, so the call returns immediately, but the address range
	// is not ready to use until its status changes from pending-provision to
	// provisioned. To monitor the status of an address range, use DescribeByoipCidrs.
	// To allocate an Elastic IP address from your IPv4 address pool, use
	// AllocateAddress with either the specific address from the address pool or the ID
	// of the address pool.
	ProvisionByoipCidr(ctx context.Context, params *ProvisionByoipCidrInput, optFns ...func(*Options)) (*ProvisionByoipCidrOutput, error)
	// Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs
	// to a top-level pool or to transfer a CIDR from a top-level pool to a pool within
	// it. For more information, see Provision CIDRs to pools in the Amazon VPC IPAM
	// User Guide.
	ProvisionIpamPoolCidr(ctx context.Context, params *ProvisionIpamPoolCidrInput, optFns ...func(*Options)) (*ProvisionIpamPoolCidrOutput, error)
	// Provision a CIDR to a public IPv4 pool. For more information about IPAM, see
	// What is IPAM? in the Amazon VPC IPAM User Guide.
	ProvisionPublicIpv4PoolCidr(ctx context.Context, params *ProvisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*ProvisionPublicIpv4PoolCidrOutput, error)
	// Purchase a reservation with configurations that match those of your Dedicated
	// Host. You must have active Dedicated Hosts in your account before you purchase a
	// reservation. This action results in the specified reservation being purchased
	// and charged to your account.
	PurchaseHostReservation(ctx context.Context, params *PurchaseHostReservationInput, optFns ...func(*Options)) (*PurchaseHostReservationOutput, error)
	// Purchases a Reserved Instance for use with your account. With Reserved
	// Instances, you pay a lower hourly rate compared to On-Demand instance pricing.
	// Use DescribeReservedInstancesOfferings to get a list of Reserved Instance
	// offerings that match your specifications. After you've purchased a Reserved
	// Instance, you can check for your new Reserved Instance with
	// DescribeReservedInstances. To queue a purchase for a future date and time,
	// specify a purchase time. If you do not specify a purchase time, the default is
	// the current time. For more information, see Reserved Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html)
	// and Reserved Instance Marketplace
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
	// the Amazon EC2 User Guide.
	PurchaseReservedInstancesOffering(ctx context.Context, params *PurchaseReservedInstancesOfferingInput, optFns ...func(*Options)) (*PurchaseReservedInstancesOfferingOutput, error)
	// Purchases the Scheduled Instances with the specified schedule. Scheduled
	// Instances enable you to purchase Amazon EC2 compute capacity by the hour for a
	// one-year term. Before you can purchase a Scheduled Instance, you must call
	// DescribeScheduledInstanceAvailability to check for available schedules and
	// obtain a purchase token. After you purchase a Scheduled Instance, you must call
	// RunScheduledInstances during each scheduled time period. After you purchase a
	// Scheduled Instance, you can't cancel, modify, or resell your purchase.
	PurchaseScheduledInstances(ctx context.Context, params *PurchaseScheduledInstancesInput, optFns ...func(*Options)) (*PurchaseScheduledInstancesOutput, error)
	// Requests a reboot of the specified instances. This operation is asynchronous; it
	// only queues a request to reboot the specified instances. The operation succeeds
	// if the instances are valid and belong to you. Requests to reboot terminated
	// instances are ignored. If an instance does not cleanly shut down within a few
	// minutes, Amazon EC2 performs a hard reboot. For more information about
	// troubleshooting, see Troubleshoot an unreachable instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html) in
	// the Amazon EC2 User Guide.
	RebootInstances(ctx context.Context, params *RebootInstancesInput, optFns ...func(*Options)) (*RebootInstancesOutput, error)
	// Registers an AMI. When you're creating an AMI, this is the final step you must
	// complete before you can launch an instance from the AMI. For more information
	// about creating AMIs, see Creating your own AMIs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami.html) in
	// the Amazon Elastic Compute Cloud User Guide. For Amazon EBS-backed instances,
	// CreateImage creates and registers the AMI in a single request, so you don't have
	// to register the AMI yourself. If needed, you can deregister an AMI at any time.
	// Any modifications you make to an AMI backed by an instance store volume
	// invalidates its registration. If you make changes to an image, deregister the
	// previous image and register the new image. Register a snapshot of a root device
	// volume You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a
	// snapshot of a root device volume. You specify the snapshot using a block device
	// mapping. You can't set the encryption state of the volume using the block device
	// mapping. If the snapshot is encrypted, or encryption by default is enabled, the
	// root volume of an instance launched from the AMI is encrypted. For more
	// information, see Create a Linux AMI from a snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html#creating-launching-ami-from-snapshot)
	// and Use encryption with Amazon EBS-backed AMIs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide. Amazon Web Services Marketplace product
	// codes If any snapshots have Amazon Web Services Marketplace product codes, they
	// are copied to the new AMI. Windows and some Linux distributions, such as Red Hat
	// Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon
	// EC2 billing product code associated with an AMI to verify the subscription
	// status for package updates. To create a new AMI for operating systems that
	// require a billing product code, instead of registering the AMI, do the following
	// to preserve the billing product code association:
	//
	// * Launch an instance from an
	// existing AMI with that billing product code.
	//
	// * Customize the instance.
	//
	// *
	// Create an AMI from the instance using CreateImage.
	//
	// If you purchase a Reserved
	// Instance to apply to an On-Demand Instance that was launched from an AMI with a
	// billing product code, make sure that the Reserved Instance has the matching
	// billing product code. If you purchase a Reserved Instance without the matching
	// billing product code, the Reserved Instance will not be applied to the On-Demand
	// Instance. For information about how to obtain the platform details and billing
	// information of an AMI, see Understanding AMI billing
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html) in
	// the Amazon Elastic Compute Cloud User Guide.
	RegisterImage(ctx context.Context, params *RegisterImageInput, optFns ...func(*Options)) (*RegisterImageOutput, error)
	// Registers a set of tag keys to include in scheduled event notifications for your
	// resources. To remove tags, use DeregisterInstanceEventNotificationAttributes
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeregisterInstanceEventNotificationAttributes.html).
	RegisterInstanceEventNotificationAttributes(ctx context.Context, params *RegisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*RegisterInstanceEventNotificationAttributesOutput, error)
	// Registers members (network interfaces) with the transit gateway multicast group.
	// A member is a network interface associated with a supported EC2 instance that
	// receives multicast traffic. For information about supported instances, see
	// Multicast Consideration
	// (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits)
	// in Amazon VPC Transit Gateways. After you add the members, use
	// SearchTransitGatewayMulticastGroups
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html)
	// to verify that the members were added to the transit gateway multicast group.
	RegisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *RegisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupMembersOutput, error)
	// Registers sources (network interfaces) with the specified transit gateway
	// multicast group. A multicast source is a network interface attached to a
	// supported instance that sends multicast traffic. For information about supported
	// instances, see Multicast Considerations
	// (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits)
	// in Amazon VPC Transit Gateways. After you add the source, use
	// SearchTransitGatewayMulticastGroups
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html)
	// to verify that the source was added to the multicast group.
	RegisterTransitGatewayMulticastGroupSources(ctx context.Context, params *RegisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupSourcesOutput, error)
	// Rejects a request to associate cross-account subnets with a transit gateway
	// multicast domain.
	RejectTransitGatewayMulticastDomainAssociations(ctx context.Context, params *RejectTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*RejectTransitGatewayMulticastDomainAssociationsOutput, error)
	// Rejects a transit gateway peering attachment request.
	RejectTransitGatewayPeeringAttachment(ctx context.Context, params *RejectTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayPeeringAttachmentOutput, error)
	// Rejects a request to attach a VPC to a transit gateway. The VPC attachment must
	// be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to
	// view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment
	// to accept a VPC attachment request.
	RejectTransitGatewayVpcAttachment(ctx context.Context, params *RejectTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayVpcAttachmentOutput, error)
	// Rejects one or more VPC endpoint connection requests to your VPC endpoint
	// service.
	RejectVpcEndpointConnections(ctx context.Context, params *RejectVpcEndpointConnectionsInput, optFns ...func(*Options)) (*RejectVpcEndpointConnectionsOutput, error)
	// Rejects a VPC peering connection request. The VPC peering connection must be in
	// the pending-acceptance state. Use the DescribeVpcPeeringConnections request to
	// view your outstanding VPC peering connection requests. To delete an active VPC
	// peering connection, or to delete a VPC peering connection request that you
	// initiated, use DeleteVpcPeeringConnection.
	RejectVpcPeeringConnection(ctx context.Context, params *RejectVpcPeeringConnectionInput, optFns ...func(*Options)) (*RejectVpcPeeringConnectionOutput, error)
	// Releases the specified Elastic IP address. [EC2-Classic, default VPC] Releasing
	// an Elastic IP address automatically disassociates it from any instance that it's
	// associated with. To disassociate an Elastic IP address without releasing it, use
	// DisassociateAddress. [Nondefault VPC] You must use DisassociateAddress to
	// disassociate the Elastic IP address before you can release it. Otherwise, Amazon
	// EC2 returns an error (InvalidIPAddress.InUse). After releasing an Elastic IP
	// address, it is released to the IP address pool. Be sure to update your DNS
	// records and any servers or devices that communicate with the address. If you
	// attempt to release an Elastic IP address that you already released, you'll get
	// an AuthFailure error if the address is already allocated to another Amazon Web
	// Services account. [EC2-VPC] After you release an Elastic IP address for use in a
	// VPC, you might be able to recover it. For more information, see AllocateAddress.
	ReleaseAddress(ctx context.Context, params *ReleaseAddressInput, optFns ...func(*Options)) (*ReleaseAddressOutput, error)
	// When you no longer want to use an On-Demand Dedicated Host it can be released.
	// On-Demand billing is stopped and the host goes into released state. The host ID
	// of Dedicated Hosts that have been released can no longer be specified in another
	// request, for example, to modify the host. You must stop or terminate all
	// instances on a host before it can be released. When Dedicated Hosts are
	// released, it may take some time for them to stop counting toward your limit and
	// you may receive capacity errors when trying to allocate new Dedicated Hosts.
	// Wait a few minutes and then try again. Released hosts still appear in a
	// DescribeHosts response.
	ReleaseHosts(ctx context.Context, params *ReleaseHostsInput, optFns ...func(*Options)) (*ReleaseHostsOutput, error)
	// Release an allocation within an IPAM pool. You can only use this action to
	// release manual allocations. To remove an allocation for a resource without
	// deleting the resource, set its monitored state to false using
	// ModifyIpamResourceCidr
	// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html).
	// For more information, see Release an allocation in the Amazon VPC IPAM User
	// Guide.
	ReleaseIpamPoolAllocation(ctx context.Context, params *ReleaseIpamPoolAllocationInput, optFns ...func(*Options)) (*ReleaseIpamPoolAllocationOutput, error)
	// Replaces an IAM instance profile for the specified running instance. You can use
	// this action to change the IAM instance profile that's associated with an
	// instance without having to disassociate the existing IAM instance profile first.
	// Use DescribeIamInstanceProfileAssociations to get the association ID.
	ReplaceIamInstanceProfileAssociation(ctx context.Context, params *ReplaceIamInstanceProfileAssociationInput, optFns ...func(*Options)) (*ReplaceIamInstanceProfileAssociationOutput, error)
	// Changes which network ACL a subnet is associated with. By default when you
	// create a subnet, it's automatically associated with the default network ACL. For
	// more information, see Network ACLs
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
	// Virtual Private Cloud User Guide. This is an idempotent operation.
	ReplaceNetworkAclAssociation(ctx context.Context, params *ReplaceNetworkAclAssociationInput, optFns ...func(*Options)) (*ReplaceNetworkAclAssociationOutput, error)
	// Replaces an entry (rule) in a network ACL. For more information, see Network
	// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the
	// Amazon Virtual Private Cloud User Guide.
	ReplaceNetworkAclEntry(ctx context.Context, params *ReplaceNetworkAclEntryInput, optFns ...func(*Options)) (*ReplaceNetworkAclEntryOutput, error)
	// Replaces an existing route within a route table in a VPC. You must provide only
	// one of the following: internet gateway, virtual private gateway, NAT instance,
	// NAT gateway, VPC peering connection, network interface, egress-only internet
	// gateway, or transit gateway. For more information, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide.
	ReplaceRoute(ctx context.Context, params *ReplaceRouteInput, optFns ...func(*Options)) (*ReplaceRouteOutput, error)
	// Changes the route table associated with a given subnet, internet gateway, or
	// virtual private gateway in a VPC. After the operation completes, the subnet or
	// gateway uses the routes in the new route table. For more information about route
	// tables, see Route tables
	// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
	// Amazon Virtual Private Cloud User Guide. You can also use this operation to
	// change which table is the main route table in the VPC. Specify the main route
	// table's association ID and the route table ID of the new main route table.
	ReplaceRouteTableAssociation(ctx context.Context, params *ReplaceRouteTableAssociationInput, optFns ...func(*Options)) (*ReplaceRouteTableAssociationOutput, error)
	// Replaces the specified route in the specified transit gateway route table.
	ReplaceTransitGatewayRoute(ctx context.Context, params *ReplaceTransitGatewayRouteInput, optFns ...func(*Options)) (*ReplaceTransitGatewayRouteOutput, error)
	// Submits feedback about the status of an instance. The instance must be in the
	// running state. If your experience with the instance differs from the instance
	// status returned by DescribeInstanceStatus, use ReportInstanceStatus to report
	// your experience with the instance. Amazon EC2 collects this information to
	// improve the accuracy of status checks. Use of this action does not change the
	// value returned by DescribeInstanceStatus.
	ReportInstanceStatus(ctx context.Context, params *ReportInstanceStatusInput, optFns ...func(*Options)) (*ReportInstanceStatusOutput, error)
	// Creates a Spot Fleet request. The Spot Fleet request specifies the total target
	// capacity and the On-Demand target capacity. Amazon EC2 calculates the difference
	// between the total capacity and On-Demand capacity, and launches the difference
	// as Spot capacity. You can submit a single request that includes multiple launch
	// specifications that vary by instance type, AMI, Availability Zone, or subnet. By
	// default, the Spot Fleet requests Spot Instances in the Spot Instance pool where
	// the price per unit is the lowest. Each launch specification can include its own
	// instance weighting that reflects the value of the instance type to your
	// application workload. Alternatively, you can specify that the Spot Fleet
	// distribute the target capacity across the Spot pools included in its launch
	// specifications. By ensuring that the Spot Instances in your Spot Fleet are in
	// different Spot pools, you can improve the availability of your fleet. You can
	// specify tags for the Spot Fleet request and instances launched by the fleet. You
	// cannot tag other resource types in a Spot Fleet request because only the
	// spot-fleet-request and instance resource types are supported. For more
	// information, see Spot Fleet requests
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html)
	// in the Amazon EC2 User Guide for Linux Instances.
	RequestSpotFleet(ctx context.Context, params *RequestSpotFleetInput, optFns ...func(*Options)) (*RequestSpotFleetOutput, error)
	// Creates a Spot Instance request. For more information, see Spot Instance
	// requests
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html) in the
	// Amazon EC2 User Guide for Linux Instances.
	RequestSpotInstances(ctx context.Context, params *RequestSpotInstancesInput, optFns ...func(*Options)) (*RequestSpotInstancesOutput, error)
	// Resets the attribute of the specified IP address. For requirements, see Using
	// reverse DNS for email applications
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
	ResetAddressAttribute(ctx context.Context, params *ResetAddressAttributeInput, optFns ...func(*Options)) (*ResetAddressAttributeOutput, error)
	// Resets the default KMS key for EBS encryption for your account in this Region to
	// the Amazon Web Services managed KMS key for EBS. After resetting the default KMS
	// key to the Amazon Web Services managed KMS key, you can continue to encrypt by a
	// customer managed KMS key by specifying it when you create the volume. For more
	// information, see Amazon EBS encryption
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	ResetEbsDefaultKmsKeyId(ctx context.Context, params *ResetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ResetEbsDefaultKmsKeyIdOutput, error)
	// Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its
	// default value. You can only reset the load permission attribute.
	ResetFpgaImageAttribute(ctx context.Context, params *ResetFpgaImageAttributeInput, optFns ...func(*Options)) (*ResetFpgaImageAttributeOutput, error)
	// Resets an attribute of an AMI to its default value.
	ResetImageAttribute(ctx context.Context, params *ResetImageAttributeInput, optFns ...func(*Options)) (*ResetImageAttributeOutput, error)
	// Resets an attribute of an instance to its default value. To reset the kernel or
	// ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck,
	// the instance can be either running or stopped. The sourceDestCheck attribute
	// controls whether source/destination checking is enabled. The default value is
	// true, which means checking is enabled. This value must be false for a NAT
	// instance to perform NAT. For more information, see NAT Instances
	// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html)
	// in the Amazon VPC User Guide.
	ResetInstanceAttribute(ctx context.Context, params *ResetInstanceAttributeInput, optFns ...func(*Options)) (*ResetInstanceAttributeOutput, error)
	// Resets a network interface attribute. You can specify only one attribute at a
	// time.
	ResetNetworkInterfaceAttribute(ctx context.Context, params *ResetNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ResetNetworkInterfaceAttributeOutput, error)
	// Resets permission settings for the specified snapshot. For more information
	// about modifying snapshot permissions, see Share a snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	ResetSnapshotAttribute(ctx context.Context, params *ResetSnapshotAttributeInput, optFns ...func(*Options)) (*ResetSnapshotAttributeOutput, error)
	// Restores an Elastic IP address that was previously moved to the EC2-VPC platform
	// back to the EC2-Classic platform. You cannot move an Elastic IP address that was
	// originally allocated for use in EC2-VPC. The Elastic IP address must not be
	// associated with an instance or network interface.
	RestoreAddressToClassic(ctx context.Context, params *RestoreAddressToClassicInput, optFns ...func(*Options)) (*RestoreAddressToClassicOutput, error)
	// Restores an AMI from the Recycle Bin. For more information, see Recycle Bin
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
	// Amazon Elastic Compute Cloud User Guide.
	RestoreImageFromRecycleBin(ctx context.Context, params *RestoreImageFromRecycleBinInput, optFns ...func(*Options)) (*RestoreImageFromRecycleBinOutput, error)
	// Restores the entries from a previous version of a managed prefix list to a new
	// version of the prefix list.
	RestoreManagedPrefixListVersion(ctx context.Context, params *RestoreManagedPrefixListVersionInput, optFns ...func(*Options)) (*RestoreManagedPrefixListVersionOutput, error)
	// Restores a snapshot from the Recycle Bin. For more information, see Restore
	// snapshots from the Recycle Bin
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin-working-with-snaps.html#recycle-bin-restore-snaps)
	// in the Amazon Elastic Compute Cloud User Guide.
	RestoreSnapshotFromRecycleBin(ctx context.Context, params *RestoreSnapshotFromRecycleBinInput, optFns ...func(*Options)) (*RestoreSnapshotFromRecycleBinOutput, error)
	// Restores an archived Amazon EBS snapshot for use temporarily or permanently, or
	// modifies the restore period or restore type for a snapshot that was previously
	// temporarily restored. For more information see  Restore an archived snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#restore-archived-snapshot)
	// and  modify the restore period or restore type for a temporarily restored
	// snapshot
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#modify-temp-restore-period)
	// in the Amazon Elastic Compute Cloud User Guide.
	RestoreSnapshotTier(ctx context.Context, params *RestoreSnapshotTierInput, optFns ...func(*Options)) (*RestoreSnapshotTierOutput, error)
	// Removes an ingress authorization rule from a Client VPN endpoint.
	RevokeClientVpnIngress(ctx context.Context, params *RevokeClientVpnIngressInput, optFns ...func(*Options)) (*RevokeClientVpnIngressOutput, error)
	// [VPC only] Removes the specified outbound (egress) rules from a security group
	// for EC2-VPC. This action does not apply to security groups for use in
	// EC2-Classic. You can specify rules using either rule IDs or security group rule
	// properties. If you use rule properties, the values that you specify (for
	// example, ports) must match the existing rule's values exactly. Each rule has a
	// protocol, from and to ports, and destination (CIDR range, security group, or
	// prefix list). For the TCP and UDP protocols, you must also specify the
	// destination port or range of ports. For the ICMP protocol, you must also specify
	// the ICMP type and code. If the security group rule has a description, you do not
	// need to specify the description to revoke the rule. [Default VPC] If the values
	// you specify do not match the existing rule's values, no error is returned, and
	// the output describes the security group rules that were not revoked. Amazon Web
	// Services recommends that you describe the security group to verify that the
	// rules were removed. Rule changes are propagated to instances within the security
	// group as quickly as possible. However, a small delay might occur.
	RevokeSecurityGroupEgress(ctx context.Context, params *RevokeSecurityGroupEgressInput, optFns ...func(*Options)) (*RevokeSecurityGroupEgressOutput, error)
	// Removes the specified inbound (ingress) rules from a security group. You can
	// specify rules using either rule IDs or security group rule properties. If you
	// use rule properties, the values that you specify (for example, ports) must match
	// the existing rule's values exactly. Each rule has a protocol, from and to ports,
	// and source (CIDR range, security group, or prefix list). For the TCP and UDP
	// protocols, you must also specify the destination port or range of ports. For the
	// ICMP protocol, you must also specify the ICMP type and code. If the security
	// group rule has a description, you do not need to specify the description to
	// revoke the rule. [EC2-Classic, default VPC] If the values you specify do not
	// match the existing rule's values, no error is returned, and the output describes
	// the security group rules that were not revoked. Amazon Web Services recommends
	// that you describe the security group to verify that the rules were removed. Rule
	// changes are propagated to instances within the security group as quickly as
	// possible. However, a small delay might occur.
	RevokeSecurityGroupIngress(ctx context.Context, params *RevokeSecurityGroupIngressInput, optFns ...func(*Options)) (*RevokeSecurityGroupIngressOutput, error)
	// Launches the specified number of instances using an AMI for which you have
	// permissions. You can specify a number of options, or leave the default options.
	// The following rules apply:
	//
	// * [EC2-VPC] If you don't specify a subnet ID, we
	// choose a default subnet from your default VPC for you. If you don't have a
	// default VPC, you must specify a subnet ID in the request.
	//
	// * [EC2-Classic] If
	// don't specify an Availability Zone, we choose one for you.
	//
	// * Some instance
	// types must be launched into a VPC. If you do not have a default VPC, or if you
	// do not specify a subnet ID, the request fails. For more information, see
	// Instance types available only in a VPC
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html#vpc-only-instance-types).
	//
	// *
	// [EC2-VPC] All instances have a network interface with a primary private IPv4
	// address. If you don't specify this address, we choose one from the IPv4 range of
	// your subnet.
	//
	// * Not all instance types support IPv6 addresses. For more
	// information, see Instance types
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html).
	//
	// * If
	// you don't specify a security group ID, we use the default security group. For
	// more information, see Security groups
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html).
	//
	// *
	// If any of the AMIs have a product code attached for which the user has not
	// subscribed, the request fails.
	//
	// You can create a launch template
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html),
	// which is a resource that contains the parameters to launch an instance. When you
	// launch an instance using RunInstances, you can specify the launch template
	// instead of specifying the launch parameters. To ensure faster instance launches,
	// break up large requests into smaller batches. For example, create five separate
	// launch requests for 100 instances each instead of one launch request for 500
	// instances. An instance is ready for you to use when it's in the running state.
	// You can check the state of your instance using DescribeInstances. You can tag
	// instances and EBS volumes during launch, after launch, or both. For more
	// information, see CreateTags and Tagging your Amazon EC2 resources
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html). Linux
	// instances have access to the public key of the key pair at boot. You can use
	// this key to provide secure access to the instance. Amazon EC2 public images use
	// this feature to provide secure access without passwords. For more information,
	// see Key pairs
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). For
	// troubleshooting, see What to do if an instance immediately terminates
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html),
	// and Troubleshooting connecting to your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html).
	RunInstances(ctx context.Context, params *RunInstancesInput, optFns ...func(*Options)) (*RunInstancesOutput, error)
	// Launches the specified Scheduled Instances. Before you can launch a Scheduled
	// Instance, you must purchase it and obtain an identifier using
	// PurchaseScheduledInstances. You must launch a Scheduled Instance during its
	// scheduled time period. You can't stop or reboot a Scheduled Instance, but you
	// can terminate it as needed. If you terminate a Scheduled Instance before the
	// current scheduled time period ends, you can launch it again after a few minutes.
	// For more information, see Scheduled Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html)
	// in the Amazon EC2 User Guide.
	RunScheduledInstances(ctx context.Context, params *RunScheduledInstancesInput, optFns ...func(*Options)) (*RunScheduledInstancesOutput, error)
	// Searches for routes in the specified local gateway route table.
	SearchLocalGatewayRoutes(ctx context.Context, params *SearchLocalGatewayRoutesInput, optFns ...func(*Options)) (*SearchLocalGatewayRoutesOutput, error)
	// Searches one or more transit gateway multicast groups and returns the group
	// membership information.
	SearchTransitGatewayMulticastGroups(ctx context.Context, params *SearchTransitGatewayMulticastGroupsInput, optFns ...func(*Options)) (*SearchTransitGatewayMulticastGroupsOutput, error)
	// Searches for routes in the specified transit gateway route table.
	SearchTransitGatewayRoutes(ctx context.Context, params *SearchTransitGatewayRoutesInput, optFns ...func(*Options)) (*SearchTransitGatewayRoutesOutput, error)
	// Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a
	// kernel panic (on Linux instances), or a blue screen/stop error (on Windows
	// instances). For instances based on Intel and AMD processors, the interrupt is
	// received as a non-maskable interrupt (NMI). In general, the operating system
	// crashes and reboots when a kernel panic or stop error is triggered. The
	// operating system can also be configured to perform diagnostic tasks, such as
	// generating a memory dump file, loading a secondary kernel, or obtaining a call
	// trace. Before sending a diagnostic interrupt to your instance, ensure that its
	// operating system is configured to perform the required diagnostic tasks. For
	// more information about configuring your operating system to generate a crash
	// dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt
	// (for advanced users)
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/diagnostic-interrupt.html)
	// (Linux instances) or Send a diagnostic interrupt (for advanced users)
	// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/diagnostic-interrupt.html)
	// (Windows instances).
	SendDiagnosticInterrupt(ctx context.Context, params *SendDiagnosticInterruptInput, optFns ...func(*Options)) (*SendDiagnosticInterruptOutput, error)
	// Starts an Amazon EBS-backed instance that you've previously stopped. Instances
	// that use Amazon EBS volumes as their root devices can be quickly stopped and
	// started. When an instance is stopped, the compute resources are released and you
	// are not billed for instance usage. However, your root partition Amazon EBS
	// volume remains and continues to persist your data, and you are charged for
	// Amazon EBS volume usage. You can restart your instance at any time. Every time
	// you start your instance, Amazon EC2 charges a one-minute minimum for instance
	// usage, and thereafter charges per second for instance usage. Before stopping an
	// instance, make sure it is in a state from which it can be restarted. Stopping an
	// instance does not preserve data stored in RAM. Performing this operation on an
	// instance that uses an instance store as its root device returns an error. If you
	// attempt to start a T3 instance with host tenancy and the unlimted CPU credit
	// option, the request fails. The unlimited CPU credit option is not supported on
	// Dedicated Hosts. Before you start the instance, either change its CPU credit
	// option to standard, or change its tenancy to default or dedicated. For more
	// information, see Stop and start your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html) in the
	// Amazon EC2 User Guide.
	StartInstances(ctx context.Context, params *StartInstancesInput, optFns ...func(*Options)) (*StartInstancesOutput, error)
	// Starts analyzing the specified Network Access Scope.
	StartNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *StartNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAccessScopeAnalysisOutput, error)
	// Starts analyzing the specified path. If the path is reachable, the operation
	// returns the shortest feasible path.
	StartNetworkInsightsAnalysis(ctx context.Context, params *StartNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAnalysisOutput, error)
	// Initiates the verification process to prove that the service provider owns the
	// private DNS name domain for the endpoint service. The service provider must
	// successfully perform the verification before the consumer can use the name to
	// access the service. Before the service provider runs this command, they must add
	// a record to the DNS server. For more information, see Adding a TXT Record to
	// Your Domain's DNS Server
	// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html#add-dns-txt-record)
	// in the Amazon VPC User Guide.
	StartVpcEndpointServicePrivateDnsVerification(ctx context.Context, params *StartVpcEndpointServicePrivateDnsVerificationInput, optFns ...func(*Options)) (*StartVpcEndpointServicePrivateDnsVerificationOutput, error)
	// Stops an Amazon EBS-backed instance. You can use the Stop action to hibernate an
	// instance if the instance is enabled for hibernation
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#enabling-hibernation)
	// and it meets the hibernation prerequisites
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites).
	// For more information, see Hibernate your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) in the
	// Amazon EC2 User Guide. We don't charge usage for a stopped instance, or data
	// transfer fees; however, your root partition Amazon EBS volume remains and
	// continues to persist your data, and you are charged for Amazon EBS volume usage.
	// Every time you start your instance, Amazon EC2 charges a one-minute minimum for
	// instance usage, and thereafter charges per second for instance usage. You can't
	// stop or hibernate instance store-backed instances. You can't use the Stop action
	// to hibernate Spot Instances, but you can specify that Amazon EC2 should
	// hibernate Spot Instances when they are interrupted. For more information, see
	// Hibernating interrupted Spot Instances
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances)
	// in the Amazon EC2 User Guide. When you stop or hibernate an instance, we shut it
	// down. You can restart your instance at any time. Before stopping or hibernating
	// an instance, make sure it is in a state from which it can be restarted. Stopping
	// an instance does not preserve data stored in RAM, but hibernating an instance
	// does preserve data stored in RAM. If an instance cannot hibernate successfully,
	// a normal shutdown occurs. Stopping and hibernating an instance is different to
	// rebooting or terminating it. For example, when you stop or hibernate an
	// instance, the root device and any other devices attached to the instance
	// persist. When you terminate an instance, the root device and any other devices
	// attached during the instance launch are automatically deleted. For more
	// information about the differences between rebooting, stopping, hibernating, and
	// terminating instances, see Instance lifecycle
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
	// in the Amazon EC2 User Guide. When you stop an instance, we attempt to shut it
	// down forcibly after a short while. If your instance appears stuck in the
	// stopping state after a period of time, there may be an issue with the underlying
	// host computer. For more information, see Troubleshoot stopping your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesStopping.html)
	// in the Amazon EC2 User Guide.
	StopInstances(ctx context.Context, params *StopInstancesInput, optFns ...func(*Options)) (*StopInstancesOutput, error)
	// Terminates active Client VPN endpoint connections. This action can be used to
	// terminate a specific client connection, or up to five connections established by
	// a specific user.
	TerminateClientVpnConnections(ctx context.Context, params *TerminateClientVpnConnectionsInput, optFns ...func(*Options)) (*TerminateClientVpnConnectionsOutput, error)
	// Shuts down the specified instances. This operation is idempotent; if you
	// terminate an instance more than once, each call succeeds. If you specify
	// multiple instances and the request fails (for example, because of a single
	// incorrect instance ID), none of the instances are terminated. If you terminate
	// multiple instances across multiple Availability Zones, and one or more of the
	// specified instances are enabled for termination protection, the request fails
	// with the following results:
	//
	// * The specified instances that are in the same
	// Availability Zone as the protected instance are not terminated.
	//
	// * The specified
	// instances that are in different Availability Zones, where no other specified
	// instances are protected, are successfully terminated.
	//
	// For example, say you have
	// the following instances:
	//
	// * Instance A: us-east-1a; Not protected
	//
	// * Instance B:
	// us-east-1a; Not protected
	//
	// * Instance C: us-east-1b; Protected
	//
	// * Instance D:
	// us-east-1b; not protected
	//
	// If you attempt to terminate all of these instances in
	// the same request, the request reports failure with the following results:
	//
	// *
	// Instance A and Instance B are successfully terminated because none of the
	// specified instances in us-east-1a are enabled for termination protection.
	//
	// *
	// Instance C and Instance D fail to terminate because at least one of the
	// specified instances in us-east-1b (Instance C) is enabled for termination
	// protection.
	//
	// Terminated instances remain visible after termination (for
	// approximately one hour). By default, Amazon EC2 deletes all EBS volumes that
	// were attached when the instance launched. Volumes attached after instance launch
	// continue running. You can stop, start, and terminate EBS-backed instances. You
	// can only terminate instance store-backed instances. What happens to an instance
	// differs if you stop it or terminate it. For example, when you stop an instance,
	// the root device and any other devices attached to the instance persist. When you
	// terminate an instance, any attached EBS volumes with the DeleteOnTermination
	// block device mapping parameter set to true are automatically deleted. For more
	// information about the differences between stopping and terminating instances,
	// see Instance lifecycle
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
	// in the Amazon EC2 User Guide. For more information about troubleshooting, see
	// Troubleshooting terminating your instance
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesShuttingDown.html)
	// in the Amazon EC2 User Guide.
	TerminateInstances(ctx context.Context, params *TerminateInstancesInput, optFns ...func(*Options)) (*TerminateInstancesOutput, error)
	// Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a
	// network interface.
	UnassignIpv6Addresses(ctx context.Context, params *UnassignIpv6AddressesInput, optFns ...func(*Options)) (*UnassignIpv6AddressesOutput, error)
	// Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation
	// prefixes from a network interface.
	UnassignPrivateIpAddresses(ctx context.Context, params *UnassignPrivateIpAddressesInput, optFns ...func(*Options)) (*UnassignPrivateIpAddressesOutput, error)
	// Disables detailed monitoring for a running instance. For more information, see
	// Monitoring your instances and volumes
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in
	// the Amazon EC2 User Guide.
	UnmonitorInstances(ctx context.Context, params *UnmonitorInstancesInput, optFns ...func(*Options)) (*UnmonitorInstancesOutput, error)
	// [VPC only] Updates the description of an egress (outbound) security group rule.
	// You can replace an existing description, or add a description to a rule that did
	// not have one previously. You can remove a description for a security group rule
	// by omitting the description parameter in the request.
	UpdateSecurityGroupRuleDescriptionsEgress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsEgressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsEgressOutput, error)
	// Updates the description of an ingress (inbound) security group rule. You can
	// replace an existing description, or add a description to a rule that did not
	// have one previously. You can remove a description for a security group rule by
	// omitting the description parameter in the request.
	UpdateSecurityGroupRuleDescriptionsIngress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsIngressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsIngressOutput, error)
	// Stops advertising an address range that is provisioned as an address pool. You
	// can perform this operation at most once every 10 seconds, even if you specify
	// different address ranges each time. It can take a few minutes before traffic to
	// the specified addresses stops routing to Amazon Web Services because of BGP
	// propagation delays.
	WithdrawByoipCidr(ctx context.Context, params *WithdrawByoipCidrInput, optFns ...func(*Options)) (*WithdrawByoipCidrOutput, error)
}

EC2 provides an interface to the AWS EC2 service.

type EKS added in v0.98.0

type EKS interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() eks.Options
	// Associates an access policy and its scope to an access entry. For more
	// information about associating access policies, see [Associating and disassociating access policies to and from access entries]in the Amazon EKS User Guide.
	//
	// [Associating and disassociating access policies to and from access entries]: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html
	AssociateAccessPolicy(ctx context.Context, params *AssociateAccessPolicyInput, optFns ...func(*Options)) (*AssociateAccessPolicyOutput, error)
	// Associates an encryption configuration to an existing cluster.
	//
	// Use this API to enable encryption on existing clusters that don't already have
	// encryption enabled. This allows you to implement a defense-in-depth security
	// strategy without migrating applications to new Amazon EKS clusters.
	AssociateEncryptionConfig(ctx context.Context, params *AssociateEncryptionConfigInput, optFns ...func(*Options)) (*AssociateEncryptionConfigOutput, error)
	// Associates an identity provider configuration to a cluster.
	//
	// If you want to authenticate identities using an identity provider, you can
	// create an identity provider configuration and associate it to your cluster.
	// After configuring authentication to your cluster you can create Kubernetes Role
	// and ClusterRole objects, assign permissions to them, and then bind them to the
	// identities using Kubernetes RoleBinding and ClusterRoleBinding objects. For
	// more information see [Using RBAC Authorization]in the Kubernetes documentation.
	//
	// [Using RBAC Authorization]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
	AssociateIdentityProviderConfig(ctx context.Context, params *AssociateIdentityProviderConfigInput, optFns ...func(*Options)) (*AssociateIdentityProviderConfigOutput, error)
	// Creates an access entry.
	//
	// An access entry allows an IAM principal to access your cluster. Access entries
	// can replace the need to maintain entries in the aws-auth ConfigMap for
	// authentication. You have the following options for authorizing an IAM principal
	// to access Kubernetes objects on your cluster: Kubernetes role-based access
	// control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you
	// to create and manage Kubernetes Role , ClusterRole , RoleBinding , and
	// ClusterRoleBinding objects, in addition to managing access entries. If you use
	// Amazon EKS authorization exclusively, you don't need to create and manage
	// Kubernetes Role , ClusterRole , RoleBinding , and ClusterRoleBinding objects.
	//
	// For more information about access entries, see [Access entries] in the Amazon EKS User Guide.
	//
	// [Access entries]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
	CreateAccessEntry(ctx context.Context, params *CreateAccessEntryInput, optFns ...func(*Options)) (*CreateAccessEntryOutput, error)
	// Creates an Amazon EKS add-on.
	//
	// Amazon EKS add-ons help to automate the provisioning and lifecycle management
	// of common operational software for Amazon EKS clusters. For more information,
	// see [Amazon EKS add-ons]in the Amazon EKS User Guide.
	//
	// [Amazon EKS add-ons]: https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
	CreateAddon(ctx context.Context, params *CreateAddonInput, optFns ...func(*Options)) (*CreateAddonOutput, error)
	// Creates an Amazon EKS control plane.
	//
	// The Amazon EKS control plane consists of control plane instances that run the
	// Kubernetes software, such as etcd and the API server. The control plane runs in
	// an account managed by Amazon Web Services, and the Kubernetes API is exposed by
	// the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is
	// single tenant and unique. It runs on its own set of Amazon EC2 instances.
	//
	// The cluster control plane is provisioned across multiple Availability Zones and
	// fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also
	// provisions elastic network interfaces in your VPC subnets to provide
	// connectivity from the control plane instances to the nodes (for example, to
	// support kubectl exec , logs , and proxy data flows).
	//
	// Amazon EKS nodes run in your Amazon Web Services account and connect to your
	// cluster's control plane over the Kubernetes API server endpoint and a
	// certificate file that is created for your cluster.
	//
	// You can use the endpointPublicAccess and endpointPrivateAccess parameters to
	// enable or disable public and private access to your cluster's Kubernetes API
	// server endpoint. By default, public access is enabled, and private access is
	// disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control]in the Amazon EKS User Guide .
	//
	// You can use the logging parameter to enable or disable exporting the Kubernetes
	// control plane logs for your cluster to CloudWatch Logs. By default, cluster
	// control plane logs aren't exported to CloudWatch Logs. For more information, see
	// [Amazon EKS Cluster Control Plane Logs]in the Amazon EKS User Guide .
	//
	// CloudWatch Logs ingestion, archive storage, and data scanning rates apply to
	// exported control plane logs. For more information, see [CloudWatch Pricing].
	//
	// In most cases, it takes several minutes to create a cluster. After you create
	// an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate
	// with the API server and launch nodes into your cluster. For more information,
	// see [Allowing users to access your cluster]and [Launching Amazon EKS nodes] in the Amazon EKS User Guide.
	//
	// [Allowing users to access your cluster]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html
	// [CloudWatch Pricing]: http://aws.amazon.com/cloudwatch/pricing/
	// [Amazon EKS Cluster Control Plane Logs]: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html
	// [Amazon EKS Cluster Endpoint Access Control]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
	// [Launching Amazon EKS nodes]: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
	CreateCluster(ctx context.Context, params *CreateClusterInput, optFns ...func(*Options)) (*CreateClusterOutput, error)
	// Creates an EKS Anywhere subscription. When a subscription is created, it is a
	// contract agreement for the length of the term specified in the request. Licenses
	// that are used to validate support are provisioned in Amazon Web Services License
	// Manager and the caller account is granted access to EKS Anywhere Curated
	// Packages.
	CreateEksAnywhereSubscription(ctx context.Context, params *CreateEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*CreateEksAnywhereSubscriptionOutput, error)
	// Creates an Fargate profile for your Amazon EKS cluster. You must have at least
	// one Fargate profile in a cluster to be able to run pods on Fargate.
	//
	// The Fargate profile allows an administrator to declare which pods run on
	// Fargate and specify which pods run on which Fargate profile. This declaration is
	// done through the profile’s selectors. Each profile can have up to five selectors
	// that contain a namespace and labels. A namespace is required for every selector.
	// The label field consists of multiple optional key-value pairs. Pods that match
	// the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of
	// the selectors in the Fargate profile, then that pod is run on Fargate.
	//
	// When you create a Fargate profile, you must specify a pod execution role to use
	// with the pods that are scheduled with the profile. This role is added to the
	// cluster's Kubernetes [Role Based Access Control](RBAC) for authorization so that the kubelet that is
	// running on the Fargate infrastructure can register with your Amazon EKS cluster
	// so that it can appear in your cluster as a node. The pod execution role also
	// provides IAM permissions to the Fargate infrastructure to allow read access to
	// Amazon ECR image repositories. For more information, see [Pod Execution Role]in the Amazon EKS User
	// Guide.
	//
	// Fargate profiles are immutable. However, you can create a new updated profile
	// to replace an existing profile and then delete the original after the updated
	// profile has finished creating.
	//
	// If any Fargate profiles in a cluster are in the DELETING status, you must wait
	// for that Fargate profile to finish deleting before you can create any other
	// profiles in that cluster.
	//
	// For more information, see [Fargate profile] in the Amazon EKS User Guide.
	//
	// [Role Based Access Control]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
	// [Fargate profile]: https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html
	// [Pod Execution Role]: https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html
	CreateFargateProfile(ctx context.Context, params *CreateFargateProfileInput, optFns ...func(*Options)) (*CreateFargateProfileOutput, error)
	// Creates a managed node group for an Amazon EKS cluster.
	//
	// You can only create a node group for your cluster that is equal to the current
	// Kubernetes version for the cluster. All node groups are created with the latest
	// AMI release version for the respective minor Kubernetes version of the cluster,
	// unless you deploy a custom AMI using a launch template. For more information
	// about using launch templates, see [Customizing managed nodes with launch templates].
	//
	// An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and
	// associated Amazon EC2 instances that are managed by Amazon Web Services for an
	// Amazon EKS cluster. For more information, see [Managed node groups]in the Amazon EKS User Guide.
	//
	// Windows AMI types are only supported for commercial Amazon Web Services Regions
	// that support Windows on Amazon EKS.
	//
	// [Customizing managed nodes with launch templates]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
	// [Managed node groups]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
	CreateNodegroup(ctx context.Context, params *CreateNodegroupInput, optFns ...func(*Options)) (*CreateNodegroupOutput, error)
	// Creates an EKS Pod Identity association between a service account in an Amazon
	// EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give
	// temporary IAM credentials to pods and the credentials are rotated automatically.
	//
	// Amazon EKS Pod Identity associations provide the ability to manage credentials
	// for your applications, similar to the way that Amazon EC2 instance profiles
	// provide credentials to Amazon EC2 instances.
	//
	// If a pod uses a service account that has an association, Amazon EKS sets
	// environment variables in the containers of the pod. The environment variables
	// configure the Amazon Web Services SDKs, including the Command Line Interface, to
	// use the EKS Pod Identity credentials.
	//
	// Pod Identity is a simpler method than IAM roles for service accounts, as this
	// method doesn't use OIDC identity providers. Additionally, you can configure a
	// role for Pod Identity once, and reuse it across clusters.
	CreatePodIdentityAssociation(ctx context.Context, params *CreatePodIdentityAssociationInput, optFns ...func(*Options)) (*CreatePodIdentityAssociationOutput, error)
	// Deletes an access entry.
	//
	// Deleting an access entry of a type other than Standard can cause your cluster
	// to function improperly. If you delete an access entry in error, you can recreate
	// it.
	DeleteAccessEntry(ctx context.Context, params *DeleteAccessEntryInput, optFns ...func(*Options)) (*DeleteAccessEntryOutput, error)
	// Deletes an Amazon EKS add-on.
	//
	// When you remove an add-on, it's deleted from the cluster. You can always
	// manually start an add-on on the cluster using the Kubernetes API.
	DeleteAddon(ctx context.Context, params *DeleteAddonInput, optFns ...func(*Options)) (*DeleteAddonOutput, error)
	// Deletes an Amazon EKS cluster control plane.
	//
	// If you have active services in your cluster that are associated with a load
	// balancer, you must delete those services before deleting the cluster so that the
	// load balancers are deleted properly. Otherwise, you can have orphaned resources
	// in your VPC that prevent you from being able to delete the VPC. For more
	// information, see [Deleting a cluster]in the Amazon EKS User Guide.
	//
	// If you have managed node groups or Fargate profiles attached to the cluster,
	// you must delete them first. For more information, see DeleteNodgroup and
	// DeleteFargateProfile .
	//
	// [Deleting a cluster]: https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html
	DeleteCluster(ctx context.Context, params *DeleteClusterInput, optFns ...func(*Options)) (*DeleteClusterOutput, error)
	// Deletes an expired or inactive subscription. Deleting inactive subscriptions
	// removes them from the Amazon Web Services Management Console view and from
	// list/describe API responses. Subscriptions can only be cancelled within 7 days
	// of creation and are cancelled by creating a ticket in the Amazon Web Services
	// Support Center.
	DeleteEksAnywhereSubscription(ctx context.Context, params *DeleteEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*DeleteEksAnywhereSubscriptionOutput, error)
	// Deletes an Fargate profile.
	//
	// When you delete a Fargate profile, any Pod running on Fargate that was created
	// with the profile is deleted. If the Pod matches another Fargate profile, then
	// it is scheduled on Fargate with that profile. If it no longer matches any
	// Fargate profiles, then it's not scheduled on Fargate and may remain in a pending
	// state.
	//
	// Only one Fargate profile in a cluster can be in the DELETING status at a time.
	// You must wait for a Fargate profile to finish deleting before you can delete any
	// other profiles in that cluster.
	DeleteFargateProfile(ctx context.Context, params *DeleteFargateProfileInput, optFns ...func(*Options)) (*DeleteFargateProfileOutput, error)
	// Deletes a managed node group.
	DeleteNodegroup(ctx context.Context, params *DeleteNodegroupInput, optFns ...func(*Options)) (*DeleteNodegroupOutput, error)
	// Deletes a EKS Pod Identity association.
	//
	// The temporary Amazon Web Services credentials from the previous IAM role
	// session might still be valid until the session expiry. If you need to
	// immediately revoke the temporary session credentials, then go to the role in the
	// IAM console.
	DeletePodIdentityAssociation(ctx context.Context, params *DeletePodIdentityAssociationInput, optFns ...func(*Options)) (*DeletePodIdentityAssociationOutput, error)
	// Deregisters a connected cluster to remove it from the Amazon EKS control plane.
	//
	// A connected cluster is a Kubernetes cluster that you've connected to your
	// control plane using the [Amazon EKS Connector].
	//
	// [Amazon EKS Connector]: https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
	DeregisterCluster(ctx context.Context, params *DeregisterClusterInput, optFns ...func(*Options)) (*DeregisterClusterOutput, error)
	// Describes an access entry.
	DescribeAccessEntry(ctx context.Context, params *DescribeAccessEntryInput, optFns ...func(*Options)) (*DescribeAccessEntryOutput, error)
	// Describes an Amazon EKS add-on.
	DescribeAddon(ctx context.Context, params *DescribeAddonInput, optFns ...func(*Options)) (*DescribeAddonOutput, error)
	// Returns configuration options.
	DescribeAddonConfiguration(ctx context.Context, params *DescribeAddonConfigurationInput, optFns ...func(*Options)) (*DescribeAddonConfigurationOutput, error)
	// Describes the versions for an add-on.
	//
	// Information such as the Kubernetes versions that you can use the add-on with,
	// the owner , publisher , and the type of the add-on are returned.
	DescribeAddonVersions(ctx context.Context, params *DescribeAddonVersionsInput, optFns ...func(*Options)) (*DescribeAddonVersionsOutput, error)
	// Describes an Amazon EKS cluster.
	//
	// The API server endpoint and certificate authority data returned by this
	// operation are required for kubelet and kubectl to communicate with your
	// Kubernetes API server. For more information, see [Creating or updating a kubeconfig file for an Amazon EKS cluster]kubeconfig .
	//
	// The API server endpoint and certificate authority data aren't available until
	// the cluster reaches the ACTIVE state.
	//
	// [Creating or updating a kubeconfig file for an Amazon EKS cluster]: https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
	DescribeCluster(ctx context.Context, params *DescribeClusterInput, optFns ...func(*Options)) (*DescribeClusterOutput, error)
	// Returns descriptive information about a subscription.
	DescribeEksAnywhereSubscription(ctx context.Context, params *DescribeEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*DescribeEksAnywhereSubscriptionOutput, error)
	// Describes an Fargate profile.
	DescribeFargateProfile(ctx context.Context, params *DescribeFargateProfileInput, optFns ...func(*Options)) (*DescribeFargateProfileOutput, error)
	// Describes an identity provider configuration.
	DescribeIdentityProviderConfig(ctx context.Context, params *DescribeIdentityProviderConfigInput, optFns ...func(*Options)) (*DescribeIdentityProviderConfigOutput, error)
	// Returns details about an insight that you specify using its ID.
	DescribeInsight(ctx context.Context, params *DescribeInsightInput, optFns ...func(*Options)) (*DescribeInsightOutput, error)
	// Describes a managed node group.
	DescribeNodegroup(ctx context.Context, params *DescribeNodegroupInput, optFns ...func(*Options)) (*DescribeNodegroupOutput, error)
	// Returns descriptive information about an EKS Pod Identity association.
	//
	// This action requires the ID of the association. You can get the ID from the
	// response to the CreatePodIdentityAssocation for newly created associations. Or,
	// you can list the IDs for associations with ListPodIdentityAssociations and
	// filter the list by namespace or service account.
	DescribePodIdentityAssociation(ctx context.Context, params *DescribePodIdentityAssociationInput, optFns ...func(*Options)) (*DescribePodIdentityAssociationOutput, error)
	// Describes an update to an Amazon EKS resource.
	//
	// When the status of the update is Succeeded , the update is complete. If an
	// update fails, the status is Failed , and an error detail explains the reason for
	// the failure.
	DescribeUpdate(ctx context.Context, params *DescribeUpdateInput, optFns ...func(*Options)) (*DescribeUpdateOutput, error)
	// Disassociates an access policy from an access entry.
	DisassociateAccessPolicy(ctx context.Context, params *DisassociateAccessPolicyInput, optFns ...func(*Options)) (*DisassociateAccessPolicyOutput, error)
	// Disassociates an identity provider configuration from a cluster.
	//
	// If you disassociate an identity provider from your cluster, users included in
	// the provider can no longer access the cluster. However, you can still access the
	// cluster with IAM principals.
	DisassociateIdentityProviderConfig(ctx context.Context, params *DisassociateIdentityProviderConfigInput, optFns ...func(*Options)) (*DisassociateIdentityProviderConfigOutput, error)
	// Lists the access entries for your cluster.
	ListAccessEntries(ctx context.Context, params *ListAccessEntriesInput, optFns ...func(*Options)) (*ListAccessEntriesOutput, error)
	// Lists the available access policies.
	ListAccessPolicies(ctx context.Context, params *ListAccessPoliciesInput, optFns ...func(*Options)) (*ListAccessPoliciesOutput, error)
	// Lists the installed add-ons.
	ListAddons(ctx context.Context, params *ListAddonsInput, optFns ...func(*Options)) (*ListAddonsOutput, error)
	// Lists the access policies associated with an access entry.
	ListAssociatedAccessPolicies(ctx context.Context, params *ListAssociatedAccessPoliciesInput, optFns ...func(*Options)) (*ListAssociatedAccessPoliciesOutput, error)
	// Lists the Amazon EKS clusters in your Amazon Web Services account in the
	// specified Amazon Web Services Region.
	ListClusters(ctx context.Context, params *ListClustersInput, optFns ...func(*Options)) (*ListClustersOutput, error)
	// Displays the full description of the subscription.
	ListEksAnywhereSubscriptions(ctx context.Context, params *ListEksAnywhereSubscriptionsInput, optFns ...func(*Options)) (*ListEksAnywhereSubscriptionsOutput, error)
	// Lists the Fargate profiles associated with the specified cluster in your Amazon
	// Web Services account in the specified Amazon Web Services Region.
	ListFargateProfiles(ctx context.Context, params *ListFargateProfilesInput, optFns ...func(*Options)) (*ListFargateProfilesOutput, error)
	// Lists the identity provider configurations for your cluster.
	ListIdentityProviderConfigs(ctx context.Context, params *ListIdentityProviderConfigsInput, optFns ...func(*Options)) (*ListIdentityProviderConfigsOutput, error)
	// Returns a list of all insights checked for against the specified cluster. You
	// can filter which insights are returned by category, associated Kubernetes
	// version, and status.
	ListInsights(ctx context.Context, params *ListInsightsInput, optFns ...func(*Options)) (*ListInsightsOutput, error)
	// Lists the managed node groups associated with the specified cluster in your
	// Amazon Web Services account in the specified Amazon Web Services Region.
	// Self-managed node groups aren't listed.
	ListNodegroups(ctx context.Context, params *ListNodegroupsInput, optFns ...func(*Options)) (*ListNodegroupsOutput, error)
	// List the EKS Pod Identity associations in a cluster. You can filter the list by
	// the namespace that the association is in or the service account that the
	// association uses.
	ListPodIdentityAssociations(ctx context.Context, params *ListPodIdentityAssociationsInput, optFns ...func(*Options)) (*ListPodIdentityAssociationsOutput, error)
	// List the tags for an Amazon EKS resource.
	ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
	// Lists the updates associated with an Amazon EKS resource in your Amazon Web
	// Services account, in the specified Amazon Web Services Region.
	ListUpdates(ctx context.Context, params *ListUpdatesInput, optFns ...func(*Options)) (*ListUpdatesOutput, error)
	// Connects a Kubernetes cluster to the Amazon EKS control plane.
	//
	// Any Kubernetes cluster can be connected to the Amazon EKS control plane to view
	// current information about the cluster and its nodes.
	//
	// Cluster connection requires two steps. First, send a RegisterClusterRequest to add it to the Amazon
	// EKS control plane.
	//
	// Second, a [Manifest] containing the activationID and activationCode must be applied to
	// the Kubernetes cluster through it's native provider to provide visibility.
	//
	// After the manifest is updated and applied, the connected cluster is visible to
	// the Amazon EKS control plane. If the manifest isn't applied within three days,
	// the connected cluster will no longer be visible and must be deregistered using
	// DeregisterCluster .
	//
	// [Manifest]: https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml
	RegisterCluster(ctx context.Context, params *RegisterClusterInput, optFns ...func(*Options)) (*RegisterClusterOutput, error)
	// Associates the specified tags to an Amazon EKS resource with the specified
	// resourceArn . If existing tags on a resource are not specified in the request
	// parameters, they aren't changed. When a resource is deleted, the tags associated
	// with that resource are also deleted. Tags that you create for Amazon EKS
	// resources don't propagate to any other resources associated with the cluster.
	// For example, if you tag a cluster with this operation, that tag doesn't
	// automatically propagate to the subnets and nodes associated with the cluster.
	TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
	// Deletes specified tags from an Amazon EKS resource.
	UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
	// Updates an access entry.
	UpdateAccessEntry(ctx context.Context, params *UpdateAccessEntryInput, optFns ...func(*Options)) (*UpdateAccessEntryOutput, error)
	// Updates an Amazon EKS add-on.
	UpdateAddon(ctx context.Context, params *UpdateAddonInput, optFns ...func(*Options)) (*UpdateAddonOutput, error)
	// Updates an Amazon EKS cluster configuration. Your cluster continues to function
	// during the update. The response output includes an update ID that you can use to
	// track the status of your cluster update with DescribeUpdate "/>.
	//
	// You can use this API operation to enable or disable exporting the Kubernetes
	// control plane logs for your cluster to CloudWatch Logs. By default, cluster
	// control plane logs aren't exported to CloudWatch Logs. For more information, see
	// [Amazon EKS Cluster control plane logs]in the Amazon EKS User Guide .
	//
	// CloudWatch Logs ingestion, archive storage, and data scanning rates apply to
	// exported control plane logs. For more information, see [CloudWatch Pricing].
	//
	// You can also use this API operation to enable or disable public and private
	// access to your cluster's Kubernetes API server endpoint. By default, public
	// access is enabled, and private access is disabled. For more information, see [Amazon EKS cluster endpoint access control]in
	// the Amazon EKS User Guide .
	//
	// You can also use this API operation to choose different subnets and security
	// groups for the cluster. You must specify at least two subnets that are in
	// different Availability Zones. You can't change which VPC the subnets are from,
	// the subnets must be in the same VPC as the subnets that the cluster was created
	// with. For more information about the VPC requirements, see [https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html]in the Amazon EKS
	// User Guide .
	//
	// You can also use this API operation to enable or disable ARC zonal shift. If
	// zonal shift is enabled, Amazon Web Services configures zonal autoshift for the
	// cluster.
	//
	// Cluster updates are asynchronous, and they should finish within a few minutes.
	// During an update, the cluster status moves to UPDATING (this status transition
	// is eventually consistent). When the update is complete (either Failed or
	// Successful ), the cluster status moves to Active .
	//
	// [Amazon EKS Cluster control plane logs]: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html
	// [CloudWatch Pricing]: http://aws.amazon.com/cloudwatch/pricing/
	// [https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html]: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html
	// [Amazon EKS cluster endpoint access control]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
	UpdateClusterConfig(ctx context.Context, params *UpdateClusterConfigInput, optFns ...func(*Options)) (*UpdateClusterConfigOutput, error)
	// Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster
	// continues to function during the update. The response output includes an update
	// ID that you can use to track the status of your cluster update with the DescribeUpdateAPI
	// operation.
	//
	// Cluster updates are asynchronous, and they should finish within a few minutes.
	// During an update, the cluster status moves to UPDATING (this status transition
	// is eventually consistent). When the update is complete (either Failed or
	// Successful ), the cluster status moves to Active .
	//
	// If your cluster has managed node groups attached to it, all of your node
	// groups’ Kubernetes versions must match the cluster’s Kubernetes version in order
	// to update the cluster to a new Kubernetes version.
	UpdateClusterVersion(ctx context.Context, params *UpdateClusterVersionInput, optFns ...func(*Options)) (*UpdateClusterVersionOutput, error)
	// Update an EKS Anywhere Subscription. Only auto renewal and tags can be updated
	// after subscription creation.
	UpdateEksAnywhereSubscription(ctx context.Context, params *UpdateEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*UpdateEksAnywhereSubscriptionOutput, error)
	// Updates an Amazon EKS managed node group configuration. Your node group
	// continues to function during the update. The response output includes an update
	// ID that you can use to track the status of your node group update with the DescribeUpdateAPI
	// operation. Currently you can update the Kubernetes labels for a node group or
	// the scaling configuration.
	UpdateNodegroupConfig(ctx context.Context, params *UpdateNodegroupConfigInput, optFns ...func(*Options)) (*UpdateNodegroupConfigOutput, error)
	// Updates the Kubernetes version or AMI version of an Amazon EKS managed node
	// group.
	//
	// You can update a node group using a launch template only if the node group was
	// originally deployed with a launch template. If you need to update a custom AMI
	// in a node group that was deployed with a launch template, then update your
	// custom AMI, specify the new ID in a new version of the launch template, and then
	// update the node group to the new version of the launch template.
	//
	// If you update without a launch template, then you can update to the latest
	// available AMI version of a node group's current Kubernetes version by not
	// specifying a Kubernetes version in the request. You can update to the latest AMI
	// version of your cluster's current Kubernetes version by specifying your
	// cluster's Kubernetes version in the request. For information about Linux
	// versions, see [Amazon EKS optimized Amazon Linux AMI versions]in the Amazon EKS User Guide. For information about Windows
	// versions, see [Amazon EKS optimized Windows AMI versions]in the Amazon EKS User Guide.
	//
	// You cannot roll back a node group to an earlier Kubernetes version or AMI
	// version.
	//
	// When a node in a managed node group is terminated due to a scaling action or
	// update, every Pod on that node is drained first. Amazon EKS attempts to drain
	// the nodes gracefully and will fail if it is unable to do so. You can force the
	// update if Amazon EKS is unable to drain the nodes as a result of a Pod
	// disruption budget issue.
	//
	// [Amazon EKS optimized Amazon Linux AMI versions]: https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html
	// [Amazon EKS optimized Windows AMI versions]: https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html
	UpdateNodegroupVersion(ctx context.Context, params *UpdateNodegroupVersionInput, optFns ...func(*Options)) (*UpdateNodegroupVersionOutput, error)
	// Updates a EKS Pod Identity association. Only the IAM role can be changed; an
	// association can't be moved between clusters, namespaces, or service accounts. If
	// you need to edit the namespace or service account, you need to delete the
	// association and then create a new association with your desired settings.
	UpdatePodIdentityAssociation(ctx context.Context, params *UpdatePodIdentityAssociationInput, optFns ...func(*Options)) (*UpdatePodIdentityAssociationOutput, error)
}

EKS provides an interface to the AWS EKS service.

type ELB added in v0.91.0

type ELB interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() elasticloadbalancing.Options
	// Adds the specified tags to the specified load balancer. Each load balancer can
	// have a maximum of 10 tags.
	//
	// Each tag consists of a key and an optional value. If a tag with the same key is
	// already associated with the load balancer, AddTags updates its value.
	//
	// For more information, see [Tag Your Classic Load Balancer] in the Classic Load Balancers Guide.
	//
	// [Tag Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/add-remove-tags.html
	AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
	// Associates one or more security groups with your load balancer in a virtual
	// private cloud (VPC). The specified security groups override the previously
	// associated security groups.
	//
	// For more information, see [Security Groups for Load Balancers in a VPC] in the Classic Load Balancers Guide.
	//
	// [Security Groups for Load Balancers in a VPC]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-security-groups
	ApplySecurityGroupsToLoadBalancer(ctx context.Context, params *ApplySecurityGroupsToLoadBalancerInput, optFns ...func(*Options)) (*ApplySecurityGroupsToLoadBalancerOutput, error)
	// Adds one or more subnets to the set of configured subnets for the specified
	// load balancer.
	//
	// The load balancer evenly distributes requests across all registered subnets.
	// For more information, see [Add or Remove Subnets for Your Load Balancer in a VPC]in the Classic Load Balancers Guide.
	//
	// [Add or Remove Subnets for Your Load Balancer in a VPC]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html
	AttachLoadBalancerToSubnets(ctx context.Context, params *AttachLoadBalancerToSubnetsInput, optFns ...func(*Options)) (*AttachLoadBalancerToSubnetsOutput, error)
	// Specifies the health check settings to use when evaluating the health state of
	// your EC2 instances.
	//
	// For more information, see [Configure Health Checks for Your Load Balancer] in the Classic Load Balancers Guide.
	//
	// [Configure Health Checks for Your Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html
	ConfigureHealthCheck(ctx context.Context, params *ConfigureHealthCheckInput, optFns ...func(*Options)) (*ConfigureHealthCheckOutput, error)
	// Generates a stickiness policy with sticky session lifetimes that follow that of
	// an application-generated cookie. This policy can be associated only with
	// HTTP/HTTPS listeners.
	//
	// This policy is similar to the policy created by CreateLBCookieStickinessPolicy, except that the lifetime of
	// the special Elastic Load Balancing cookie, AWSELB , follows the lifetime of the
	// application-generated cookie specified in the policy configuration. The load
	// balancer only inserts a new stickiness cookie when the application response
	// includes a new application cookie.
	//
	// If the application cookie is explicitly removed or expires, the session stops
	// being sticky until a new application cookie is issued.
	//
	// For more information, see [Application-Controlled Session Stickiness] in the Classic Load Balancers Guide.
	//
	// [Application-Controlled Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application
	CreateAppCookieStickinessPolicy(ctx context.Context, params *CreateAppCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateAppCookieStickinessPolicyOutput, error)
	// Generates a stickiness policy with sticky session lifetimes controlled by the
	// lifetime of the browser (user-agent) or a specified expiration period. This
	// policy can be associated only with HTTP/HTTPS listeners.
	//
	// When a load balancer implements this policy, the load balancer uses a special
	// cookie to track the instance for each request. When the load balancer receives a
	// request, it first checks to see if this cookie is present in the request. If so,
	// the load balancer sends the request to the application server specified in the
	// cookie. If not, the load balancer sends the request to a server that is chosen
	// based on the existing load-balancing algorithm.
	//
	// A cookie is inserted into the response for binding subsequent requests from the
	// same user to that server. The validity of the cookie is based on the cookie
	// expiration time, which is specified in the policy configuration.
	//
	// For more information, see [Duration-Based Session Stickiness] in the Classic Load Balancers Guide.
	//
	// [Duration-Based Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration
	CreateLBCookieStickinessPolicy(ctx context.Context, params *CreateLBCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateLBCookieStickinessPolicyOutput, error)
	// Creates a Classic Load Balancer.
	//
	// You can add listeners, security groups, subnets, and tags when you create your
	// load balancer, or you can add them later using CreateLoadBalancerListeners, ApplySecurityGroupsToLoadBalancer, AttachLoadBalancerToSubnets, and AddTags.
	//
	// To describe your current load balancers, see DescribeLoadBalancers. When you are finished with a
	// load balancer, you can delete it using DeleteLoadBalancer.
	//
	// You can create up to 20 load balancers per region per account. You can request
	// an increase for the number of load balancers for your account. For more
	// information, see [Limits for Your Classic Load Balancer]in the Classic Load Balancers Guide.
	//
	// [Limits for Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html
	CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
	// Creates one or more listeners for the specified load balancer. If a listener
	// with the specified port does not already exist, it is created; otherwise, the
	// properties of the new listener must match the properties of the existing
	// listener.
	//
	// For more information, see [Listeners for Your Classic Load Balancer] in the Classic Load Balancers Guide.
	//
	// [Listeners for Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html
	CreateLoadBalancerListeners(ctx context.Context, params *CreateLoadBalancerListenersInput, optFns ...func(*Options)) (*CreateLoadBalancerListenersOutput, error)
	// Creates a policy with the specified attributes for the specified load balancer.
	//
	// Policies are settings that are saved for your load balancer and that can be
	// applied to the listener or the application server, depending on the policy type.
	CreateLoadBalancerPolicy(ctx context.Context, params *CreateLoadBalancerPolicyInput, optFns ...func(*Options)) (*CreateLoadBalancerPolicyOutput, error)
	// Deletes the specified load balancer.
	//
	// If you are attempting to recreate a load balancer, you must reconfigure all
	// settings. The DNS name associated with a deleted load balancer are no longer
	// usable. The name and associated DNS record of the deleted load balancer no
	// longer exist and traffic sent to any of its IP addresses is no longer delivered
	// to your instances.
	//
	// If the load balancer does not exist or has already been deleted, the call to
	// DeleteLoadBalancer still succeeds.
	DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
	// Deletes the specified listeners from the specified load balancer.
	DeleteLoadBalancerListeners(ctx context.Context, params *DeleteLoadBalancerListenersInput, optFns ...func(*Options)) (*DeleteLoadBalancerListenersOutput, error)
	// Deletes the specified policy from the specified load balancer. This policy must
	// not be enabled for any listeners.
	DeleteLoadBalancerPolicy(ctx context.Context, params *DeleteLoadBalancerPolicyInput, optFns ...func(*Options)) (*DeleteLoadBalancerPolicyOutput, error)
	// Deregisters the specified instances from the specified load balancer. After the
	// instance is deregistered, it no longer receives traffic from the load balancer.
	//
	// You can use DescribeLoadBalancers to verify that the instance is deregistered from the load balancer.
	//
	// For more information, see [Register or De-Register EC2 Instances] in the Classic Load Balancers Guide.
	//
	// [Register or De-Register EC2 Instances]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html
	DeregisterInstancesFromLoadBalancer(ctx context.Context, params *DeregisterInstancesFromLoadBalancerInput, optFns ...func(*Options)) (*DeregisterInstancesFromLoadBalancerOutput, error)
	// Describes the current Elastic Load Balancing resource limits for your AWS
	// account.
	//
	// For more information, see [Limits for Your Classic Load Balancer] in the Classic Load Balancers Guide.
	//
	// [Limits for Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html
	DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
	// Describes the state of the specified instances with respect to the specified
	// load balancer. If no instances are specified, the call describes the state of
	// all instances that are currently registered with the load balancer. If instances
	// are specified, their state is returned even if they are no longer registered
	// with the load balancer. The state of terminated instances is not returned.
	DescribeInstanceHealth(ctx context.Context, params *DescribeInstanceHealthInput, optFns ...func(*Options)) (*DescribeInstanceHealthOutput, error)
	// Describes the attributes for the specified load balancer.
	DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
	// Describes the specified policies.
	//
	// If you specify a load balancer name, the action returns the descriptions of all
	// policies created for the load balancer. If you specify a policy name associated
	// with your load balancer, the action returns the description of that policy. If
	// you don't specify a load balancer name, the action returns descriptions of the
	// specified sample policies, or descriptions of all sample policies. The names of
	// the sample policies have the ELBSample- prefix.
	DescribeLoadBalancerPolicies(ctx context.Context, params *DescribeLoadBalancerPoliciesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPoliciesOutput, error)
	// Describes the specified load balancer policy types or all load balancer policy
	// types.
	//
	// The description of each type indicates how it can be used. For example, some
	// policies can be used only with layer 7 listeners, some policies can be used only
	// with layer 4 listeners, and some policies can be used only with your EC2
	// instances.
	//
	// You can use CreateLoadBalancerPolicy to create a policy configuration for any of these policy types.
	// Then, depending on the policy type, use either SetLoadBalancerPoliciesOfListeneror SetLoadBalancerPoliciesForBackendServer to set the policy.
	DescribeLoadBalancerPolicyTypes(ctx context.Context, params *DescribeLoadBalancerPolicyTypesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPolicyTypesOutput, error)
	// Describes the specified the load balancers. If no load balancers are specified,
	// the call describes all of your load balancers.
	DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
	// Describes the tags associated with the specified load balancers.
	DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
	// Removes the specified subnets from the set of configured subnets for the load
	// balancer.
	//
	// After a subnet is removed, all EC2 instances registered with the load balancer
	// in the removed subnet go into the OutOfService state. Then, the load balancer
	// balances the traffic among the remaining routable subnets.
	DetachLoadBalancerFromSubnets(ctx context.Context, params *DetachLoadBalancerFromSubnetsInput, optFns ...func(*Options)) (*DetachLoadBalancerFromSubnetsOutput, error)
	// Removes the specified Availability Zones from the set of Availability Zones for
	// the specified load balancer in EC2-Classic or a default VPC.
	//
	// For load balancers in a non-default VPC, use DetachLoadBalancerFromSubnets.
	//
	// There must be at least one Availability Zone registered with a load balancer at
	// all times. After an Availability Zone is removed, all instances registered with
	// the load balancer that are in the removed Availability Zone go into the
	// OutOfService state. Then, the load balancer attempts to equally balance the
	// traffic among its remaining Availability Zones.
	//
	// For more information, see [Add or Remove Availability Zones] in the Classic Load Balancers Guide.
	//
	// [Add or Remove Availability Zones]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html
	DisableAvailabilityZonesForLoadBalancer(ctx context.Context, params *DisableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*DisableAvailabilityZonesForLoadBalancerOutput, error)
	// Adds the specified Availability Zones to the set of Availability Zones for the
	// specified load balancer in EC2-Classic or a default VPC.
	//
	// For load balancers in a non-default VPC, use AttachLoadBalancerToSubnets.
	//
	// The load balancer evenly distributes requests across all its registered
	// Availability Zones that contain instances. For more information, see [Add or Remove Availability Zones]in the
	// Classic Load Balancers Guide.
	//
	// [Add or Remove Availability Zones]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html
	EnableAvailabilityZonesForLoadBalancer(ctx context.Context, params *EnableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*EnableAvailabilityZonesForLoadBalancerOutput, error)
	// Modifies the attributes of the specified load balancer.
	//
	// You can modify the load balancer attributes, such as AccessLogs ,
	// ConnectionDraining , and CrossZoneLoadBalancing by either enabling or disabling
	// them. Or, you can modify the load balancer attribute ConnectionSettings by
	// specifying an idle connection timeout value for your load balancer.
	//
	// For more information, see the following in the Classic Load Balancers Guide:
	//
	// [Cross-Zone Load Balancing]
	//
	// [Connection Draining]
	//
	// [Access Logs]
	//
	// [Idle Connection Timeout]
	//
	// [Cross-Zone Load Balancing]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-crosszone-lb.html
	// [Idle Connection Timeout]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html
	// [Access Logs]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html
	// [Connection Draining]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-conn-drain.html
	ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
	// Adds the specified instances to the specified load balancer.
	//
	// The instance must be a running instance in the same network as the load
	// balancer (EC2-Classic or the same VPC). If you have EC2-Classic instances and a
	// load balancer in a VPC with ClassicLink enabled, you can link the EC2-Classic
	// instances to that VPC and then register the linked EC2-Classic instances with
	// the load balancer in the VPC.
	//
	// Note that RegisterInstanceWithLoadBalancer completes when the request has been
	// registered. Instance registration takes a little time to complete. To check the
	// state of the registered instances, use DescribeLoadBalancersor DescribeInstanceHealth.
	//
	// After the instance is registered, it starts receiving traffic and requests from
	// the load balancer. Any instance that is not in one of the Availability Zones
	// registered for the load balancer is moved to the OutOfService state. If an
	// Availability Zone is added to the load balancer later, any instances registered
	// with the load balancer move to the InService state.
	//
	// To deregister instances from a load balancer, use DeregisterInstancesFromLoadBalancer.
	//
	// For more information, see [Register or De-Register EC2 Instances] in the Classic Load Balancers Guide.
	//
	// [Register or De-Register EC2 Instances]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html
	RegisterInstancesWithLoadBalancer(ctx context.Context, params *RegisterInstancesWithLoadBalancerInput, optFns ...func(*Options)) (*RegisterInstancesWithLoadBalancerOutput, error)
	// Removes one or more tags from the specified load balancer.
	RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
	// Sets the certificate that terminates the specified listener's SSL connections.
	// The specified certificate replaces any prior certificate that was used on the
	// same load balancer and port.
	//
	// For more information about updating your SSL certificate, see [Replace the SSL Certificate for Your Load Balancer] in the Classic
	// Load Balancers Guide.
	//
	// [Replace the SSL Certificate for Your Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-update-ssl-cert.html
	SetLoadBalancerListenerSSLCertificate(ctx context.Context, params *SetLoadBalancerListenerSSLCertificateInput, optFns ...func(*Options)) (*SetLoadBalancerListenerSSLCertificateOutput, error)
	// Replaces the set of policies associated with the specified port on which the
	// EC2 instance is listening with a new set of policies. At this time, only the
	// back-end server authentication policy type can be applied to the instance ports;
	// this policy type is composed of multiple public key policies.
	//
	// Each time you use SetLoadBalancerPoliciesForBackendServer to enable the
	// policies, use the PolicyNames parameter to list the policies that you want to
	// enable.
	//
	// You can use DescribeLoadBalancers or DescribeLoadBalancerPolicies to verify that the policy is associated with the EC2 instance.
	//
	// For more information about enabling back-end instance authentication, see [Configure Back-end Instance Authentication] in
	// the Classic Load Balancers Guide. For more information about Proxy Protocol, see
	// [Configure Proxy Protocol Support]in the Classic Load Balancers Guide.
	//
	// [Configure Back-end Instance Authentication]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html#configure_backendauth_clt
	// [Configure Proxy Protocol Support]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
	SetLoadBalancerPoliciesForBackendServer(ctx context.Context, params *SetLoadBalancerPoliciesForBackendServerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesForBackendServerOutput, error)
	// Replaces the current set of policies for the specified load balancer port with
	// the specified set of policies.
	//
	// To enable back-end server authentication, use SetLoadBalancerPoliciesForBackendServer.
	//
	// For more information about setting policies, see [Update the SSL Negotiation Configuration], [Duration-Based Session Stickiness], and [Application-Controlled Session Stickiness] in the Classic Load
	// Balancers Guide.
	//
	// [Update the SSL Negotiation Configuration]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-config-update.html
	// [Duration-Based Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration
	// [Application-Controlled Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application
	SetLoadBalancerPoliciesOfListener(ctx context.Context, params *SetLoadBalancerPoliciesOfListenerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesOfListenerOutput, error)
}

ELB provides an interface to the AWS ELB service.

type ELBV2 added in v0.91.0

type ELBV2 interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() elasticloadbalancingv2.Options
	// Adds the specified SSL server certificate to the certificate list for the
	// specified HTTPS or TLS listener.
	//
	// If the certificate in already in the certificate list, the call is successful
	// but the certificate is not added again.
	//
	// For more information, see [HTTPS listeners] in the Application Load Balancers Guide or [TLS listeners] in the
	// Network Load Balancers Guide.
	//
	// [TLS listeners]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html
	// [HTTPS listeners]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
	AddListenerCertificates(ctx context.Context, params *AddListenerCertificatesInput, optFns ...func(*Options)) (*AddListenerCertificatesOutput, error)
	// Adds the specified tags to the specified Elastic Load Balancing resource. You
	// can tag your Application Load Balancers, Network Load Balancers, Gateway Load
	// Balancers, target groups, trust stores, listeners, and rules.
	//
	// Each tag consists of a key and an optional value. If a resource already has a
	// tag with the same key, AddTags updates its value.
	AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
	// Adds the specified revocation file to the specified trust store.
	AddTrustStoreRevocations(ctx context.Context, params *AddTrustStoreRevocationsInput, optFns ...func(*Options)) (*AddTrustStoreRevocationsOutput, error)
	// Creates a listener for the specified Application Load Balancer, Network Load
	// Balancer, or Gateway Load Balancer.
	//
	// For more information, see the following:
	//
	// [Listeners for your Application Load Balancers]
	//
	// [Listeners for your Network Load Balancers]
	//
	// [Listeners for your Gateway Load Balancers]
	//
	// This operation is idempotent, which means that it completes at most one time.
	// If you attempt to create multiple listeners with the same settings, each call
	// succeeds.
	//
	// [Listeners for your Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-listeners.html
	// [Listeners for your Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
	// [Listeners for your Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-listeners.html
	CreateListener(ctx context.Context, params *CreateListenerInput, optFns ...func(*Options)) (*CreateListenerOutput, error)
	// Creates an Application Load Balancer, Network Load Balancer, or Gateway Load
	// Balancer.
	//
	// For more information, see the following:
	//
	// [Application Load Balancers]
	//
	// [Network Load Balancers]
	//
	// [Gateway Load Balancers]
	//
	// This operation is idempotent, which means that it completes at most one time.
	// If you attempt to create multiple load balancers with the same settings, each
	// call succeeds.
	//
	// [Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html
	// [Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html
	// [Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html
	CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
	// Creates a rule for the specified listener. The listener must be associated with
	// an Application Load Balancer.
	//
	// Each rule consists of a priority, one or more actions, and one or more
	// conditions. Rules are evaluated in priority order, from the lowest value to the
	// highest value. When the conditions for a rule are met, its actions are
	// performed. If the conditions for no rules are met, the actions for the default
	// rule are performed. For more information, see [Listener rules]in the Application Load Balancers
	// Guide.
	//
	// [Listener rules]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules
	CreateRule(ctx context.Context, params *CreateRuleInput, optFns ...func(*Options)) (*CreateRuleOutput, error)
	// Creates a target group.
	//
	// For more information, see the following:
	//
	// [Target groups for your Application Load Balancers]
	//
	// [Target groups for your Network Load Balancers]
	//
	// [Target groups for your Gateway Load Balancers]
	//
	// This operation is idempotent, which means that it completes at most one time.
	// If you attempt to create multiple target groups with the same settings, each
	// call succeeds.
	//
	// [Target groups for your Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html
	// [Target groups for your Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html
	// [Target groups for your Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html
	CreateTargetGroup(ctx context.Context, params *CreateTargetGroupInput, optFns ...func(*Options)) (*CreateTargetGroupOutput, error)
	// Creates a trust store.
	CreateTrustStore(ctx context.Context, params *CreateTrustStoreInput, optFns ...func(*Options)) (*CreateTrustStoreOutput, error)
	// Deletes the specified listener.
	//
	// Alternatively, your listener is deleted when you delete the load balancer to
	// which it is attached.
	DeleteListener(ctx context.Context, params *DeleteListenerInput, optFns ...func(*Options)) (*DeleteListenerOutput, error)
	// Deletes the specified Application Load Balancer, Network Load Balancer, or
	// Gateway Load Balancer. Deleting a load balancer also deletes its listeners.
	//
	// You can't delete a load balancer if deletion protection is enabled. If the load
	// balancer does not exist or has already been deleted, the call succeeds.
	//
	// Deleting a load balancer does not affect its registered targets. For example,
	// your EC2 instances continue to run and are still registered to their target
	// groups. If you no longer need these EC2 instances, you can stop or terminate
	// them.
	DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
	// Deletes the specified rule.
	//
	// You can't delete the default rule.
	DeleteRule(ctx context.Context, params *DeleteRuleInput, optFns ...func(*Options)) (*DeleteRuleOutput, error)
	// Deletes a shared trust store association.
	DeleteSharedTrustStoreAssociation(ctx context.Context, params *DeleteSharedTrustStoreAssociationInput, optFns ...func(*Options)) (*DeleteSharedTrustStoreAssociationOutput, error)
	// Deletes the specified target group.
	//
	// You can delete a target group if it is not referenced by any actions. Deleting
	// a target group also deletes any associated health checks. Deleting a target
	// group does not affect its registered targets. For example, any EC2 instances
	// continue to run until you stop or terminate them.
	DeleteTargetGroup(ctx context.Context, params *DeleteTargetGroupInput, optFns ...func(*Options)) (*DeleteTargetGroupOutput, error)
	// Deletes a trust store.
	DeleteTrustStore(ctx context.Context, params *DeleteTrustStoreInput, optFns ...func(*Options)) (*DeleteTrustStoreOutput, error)
	// Deregisters the specified targets from the specified target group. After the
	// targets are deregistered, they no longer receive traffic from the load balancer.
	//
	// The load balancer stops sending requests to targets that are deregistering, but
	// uses connection draining to ensure that in-flight traffic completes on the
	// existing connections. This deregistration delay is configured by default but can
	// be updated for each target group.
	//
	// For more information, see the following:
	//
	// [Deregistration delay]
	//   - in the Application Load Balancers User Guide
	//
	// [Deregistration delay]
	//   - in the Network Load Balancers User Guide
	//
	// [Deregistration delay]
	//   - in the Gateway Load Balancers User Guide
	//
	// Note: If the specified target does not exist, the action returns successfully.
	//
	// [Deregistration delay]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#deregistration-delay
	DeregisterTargets(ctx context.Context, params *DeregisterTargetsInput, optFns ...func(*Options)) (*DeregisterTargetsOutput, error)
	// Describes the current Elastic Load Balancing resource limits for your Amazon
	// Web Services account.
	//
	// For more information, see the following:
	//
	// [Quotas for your Application Load Balancers]
	//
	// [Quotas for your Network Load Balancers]
	//
	// [Quotas for your Gateway Load Balancers]
	//
	// [Quotas for your Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html
	// [Quotas for your Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html
	// [Quotas for your Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html
	DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
	// Describes the capacity reservation status for the specified load balancer.
	DescribeCapacityReservation(ctx context.Context, params *DescribeCapacityReservationInput, optFns ...func(*Options)) (*DescribeCapacityReservationOutput, error)
	// Describes the attributes for the specified listener.
	DescribeListenerAttributes(ctx context.Context, params *DescribeListenerAttributesInput, optFns ...func(*Options)) (*DescribeListenerAttributesOutput, error)
	// Describes the default certificate and the certificate list for the specified
	// HTTPS or TLS listener.
	//
	// If the default certificate is also in the certificate list, it appears twice in
	// the results (once with IsDefault set to true and once with IsDefault set to
	// false).
	//
	// For more information, see [SSL certificates] in the Application Load Balancers Guide or [Server certificates] in the
	// Network Load Balancers Guide.
	//
	// [Server certificates]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificate
	// [SSL certificates]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#https-listener-certificates
	DescribeListenerCertificates(ctx context.Context, params *DescribeListenerCertificatesInput, optFns ...func(*Options)) (*DescribeListenerCertificatesOutput, error)
	// Describes the specified listeners or the listeners for the specified
	// Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. You
	// must specify either a load balancer or one or more listeners.
	DescribeListeners(ctx context.Context, params *DescribeListenersInput, optFns ...func(*Options)) (*DescribeListenersOutput, error)
	// Describes the attributes for the specified Application Load Balancer, Network
	// Load Balancer, or Gateway Load Balancer.
	//
	// For more information, see the following:
	//
	// [Load balancer attributes]
	//   - in the Application Load Balancers Guide
	//
	// [Load balancer attributes]
	//   - in the Network Load Balancers Guide
	//
	// [Load balancer attributes]
	//   - in the Gateway Load Balancers Guide
	//
	// [Load balancer attributes]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html#load-balancer-attributes
	DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
	// Describes the specified load balancers or all of your load balancers.
	DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
	// Describes the specified rules or the rules for the specified listener. You must
	// specify either a listener or one or more rules.
	DescribeRules(ctx context.Context, params *DescribeRulesInput, optFns ...func(*Options)) (*DescribeRulesOutput, error)
	// Describes the specified policies or all policies used for SSL negotiation.
	//
	// For more information, see [Security policies] in the Application Load Balancers Guide or [Security policies] in the
	// Network Load Balancers Guide.
	//
	// [Security policies]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies
	DescribeSSLPolicies(ctx context.Context, params *DescribeSSLPoliciesInput, optFns ...func(*Options)) (*DescribeSSLPoliciesOutput, error)
	// Describes the tags for the specified Elastic Load Balancing resources. You can
	// describe the tags for one or more Application Load Balancers, Network Load
	// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
	DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
	// Describes the attributes for the specified target group.
	//
	// For more information, see the following:
	//
	// [Target group attributes]
	//   - in the Application Load Balancers Guide
	//
	// [Target group attributes]
	//   - in the Network Load Balancers Guide
	//
	// [Target group attributes]
	//   - in the Gateway Load Balancers Guide
	//
	// [Target group attributes]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#target-group-attributes
	DescribeTargetGroupAttributes(ctx context.Context, params *DescribeTargetGroupAttributesInput, optFns ...func(*Options)) (*DescribeTargetGroupAttributesOutput, error)
	// Describes the specified target groups or all of your target groups. By default,
	// all target groups are described. Alternatively, you can specify one of the
	// following to filter the results: the ARN of the load balancer, the names of one
	// or more target groups, or the ARNs of one or more target groups.
	DescribeTargetGroups(ctx context.Context, params *DescribeTargetGroupsInput, optFns ...func(*Options)) (*DescribeTargetGroupsOutput, error)
	// Describes the health of the specified targets or all of your targets.
	DescribeTargetHealth(ctx context.Context, params *DescribeTargetHealthInput, optFns ...func(*Options)) (*DescribeTargetHealthOutput, error)
	// Describes all resources associated with the specified trust store.
	DescribeTrustStoreAssociations(ctx context.Context, params *DescribeTrustStoreAssociationsInput, optFns ...func(*Options)) (*DescribeTrustStoreAssociationsOutput, error)
	// Describes the revocation files in use by the specified trust store or
	// revocation files.
	DescribeTrustStoreRevocations(ctx context.Context, params *DescribeTrustStoreRevocationsInput, optFns ...func(*Options)) (*DescribeTrustStoreRevocationsOutput, error)
	// Describes all trust stores for the specified account.
	DescribeTrustStores(ctx context.Context, params *DescribeTrustStoresInput, optFns ...func(*Options)) (*DescribeTrustStoresOutput, error)
	// Retrieves the resource policy for a specified resource.
	GetResourcePolicy(ctx context.Context, params *GetResourcePolicyInput, optFns ...func(*Options)) (*GetResourcePolicyOutput, error)
	// Retrieves the ca certificate bundle.
	//
	// This action returns a pre-signed S3 URI which is active for ten minutes.
	GetTrustStoreCaCertificatesBundle(ctx context.Context, params *GetTrustStoreCaCertificatesBundleInput, optFns ...func(*Options)) (*GetTrustStoreCaCertificatesBundleOutput, error)
	// Retrieves the specified revocation file.
	//
	// This action returns a pre-signed S3 URI which is active for ten minutes.
	GetTrustStoreRevocationContent(ctx context.Context, params *GetTrustStoreRevocationContentInput, optFns ...func(*Options)) (*GetTrustStoreRevocationContentOutput, error)
	// Modifies the capacity reservation of the specified load balancer.
	//
	// When modifying capacity reservation, you must include at least one
	// MinimumLoadBalancerCapacity or ResetCapacityReservation .
	ModifyCapacityReservation(ctx context.Context, params *ModifyCapacityReservationInput, optFns ...func(*Options)) (*ModifyCapacityReservationOutput, error)
	// Replaces the specified properties of the specified listener. Any properties
	// that you do not specify remain unchanged.
	//
	// Changing the protocol from HTTPS to HTTP, or from TLS to TCP, removes the
	// security policy and default certificate properties. If you change the protocol
	// from HTTP to HTTPS, or from TCP to TLS, you must add the security policy and
	// default certificate properties.
	//
	// To add an item to a list, remove an item from a list, or update an item in a
	// list, you must provide the entire list. For example, to add an action, specify a
	// list with the current actions plus the new action.
	ModifyListener(ctx context.Context, params *ModifyListenerInput, optFns ...func(*Options)) (*ModifyListenerOutput, error)
	// Modifies the specified attributes of the specified listener.
	ModifyListenerAttributes(ctx context.Context, params *ModifyListenerAttributesInput, optFns ...func(*Options)) (*ModifyListenerAttributesOutput, error)
	// Modifies the specified attributes of the specified Application Load Balancer,
	// Network Load Balancer, or Gateway Load Balancer.
	//
	// If any of the specified attributes can't be modified as requested, the call
	// fails. Any existing attributes that you do not modify retain their current
	// values.
	ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
	// Replaces the specified properties of the specified rule. Any properties that
	// you do not specify are unchanged.
	//
	// To add an item to a list, remove an item from a list, or update an item in a
	// list, you must provide the entire list. For example, to add an action, specify a
	// list with the current actions plus the new action.
	ModifyRule(ctx context.Context, params *ModifyRuleInput, optFns ...func(*Options)) (*ModifyRuleOutput, error)
	// Modifies the health checks used when evaluating the health state of the targets
	// in the specified target group.
	ModifyTargetGroup(ctx context.Context, params *ModifyTargetGroupInput, optFns ...func(*Options)) (*ModifyTargetGroupOutput, error)
	// Modifies the specified attributes of the specified target group.
	ModifyTargetGroupAttributes(ctx context.Context, params *ModifyTargetGroupAttributesInput, optFns ...func(*Options)) (*ModifyTargetGroupAttributesOutput, error)
	// Update the ca certificate bundle for the specified trust store.
	ModifyTrustStore(ctx context.Context, params *ModifyTrustStoreInput, optFns ...func(*Options)) (*ModifyTrustStoreOutput, error)
	// Registers the specified targets with the specified target group.
	//
	// If the target is an EC2 instance, it must be in the running state when you
	// register it.
	//
	// By default, the load balancer routes requests to registered targets using the
	// protocol and port for the target group. Alternatively, you can override the port
	// for a target when you register it. You can register each EC2 instance or IP
	// address with the same target group multiple times using different ports.
	//
	// With a Network Load Balancer, you can't register instances by instance ID if
	// they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1,
	// G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these types by
	// IP address.
	RegisterTargets(ctx context.Context, params *RegisterTargetsInput, optFns ...func(*Options)) (*RegisterTargetsOutput, error)
	// Removes the specified certificate from the certificate list for the specified
	// HTTPS or TLS listener.
	RemoveListenerCertificates(ctx context.Context, params *RemoveListenerCertificatesInput, optFns ...func(*Options)) (*RemoveListenerCertificatesOutput, error)
	// Removes the specified tags from the specified Elastic Load Balancing resources.
	// You can remove the tags for one or more Application Load Balancers, Network Load
	// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
	RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
	// Removes the specified revocation file from the specified trust store.
	RemoveTrustStoreRevocations(ctx context.Context, params *RemoveTrustStoreRevocationsInput, optFns ...func(*Options)) (*RemoveTrustStoreRevocationsOutput, error)
	// Sets the type of IP addresses used by the subnets of the specified load
	// balancer.
	SetIpAddressType(ctx context.Context, params *SetIpAddressTypeInput, optFns ...func(*Options)) (*SetIpAddressTypeOutput, error)
	// Sets the priorities of the specified rules.
	//
	// You can reorder the rules as long as there are no priority conflicts in the new
	// order. Any existing rules that you do not specify retain their current priority.
	SetRulePriorities(ctx context.Context, params *SetRulePrioritiesInput, optFns ...func(*Options)) (*SetRulePrioritiesOutput, error)
	// Associates the specified security groups with the specified Application Load
	// Balancer or Network Load Balancer. The specified security groups override the
	// previously associated security groups.
	//
	// You can't perform this operation on a Network Load Balancer unless you
	// specified a security group for the load balancer when you created it.
	//
	// You can't associate a security group with a Gateway Load Balancer.
	SetSecurityGroups(ctx context.Context, params *SetSecurityGroupsInput, optFns ...func(*Options)) (*SetSecurityGroupsOutput, error)
	// Enables the Availability Zones for the specified public subnets for the
	// specified Application Load Balancer, Network Load Balancer or Gateway Load
	// Balancer. The specified subnets replace the previously enabled subnets.
	//
	// When you specify subnets for a Network Load Balancer, or Gateway Load Balancer
	// you must include all subnets that were enabled previously, with their existing
	// configurations, plus any additional subnets.
	SetSubnets(ctx context.Context, params *SetSubnetsInput, optFns ...func(*Options)) (*SetSubnetsOutput, error)
}

ELBV2 provides an interface to the AWS ELBV2 service.

type IAM added in v0.94.0

type IAM interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() iam.Options
	// Adds a new client ID (also known as audience) to the list of client IDs already
	// registered for the specified IAM OpenID Connect (OIDC) provider resource.
	//
	// This operation is idempotent; it does not fail or return an error if you add an
	// existing client ID to the provider.
	AddClientIDToOpenIDConnectProvider(ctx context.Context, params *AddClientIDToOpenIDConnectProviderInput, optFns ...func(*Options)) (*AddClientIDToOpenIDConnectProviderOutput, error)
	// Adds the specified IAM role to the specified instance profile. An instance
	// profile can contain only one role, and this quota cannot be increased. You can
	// remove the existing role and then add a different role to an instance profile.
	// You must then wait for the change to appear across all of Amazon Web Services
	// because of [eventual consistency]. To force the change, you must [disassociate the instance profile] and then [associate the instance profile], or you can stop your
	// instance and then restart it.
	//
	// The caller of this operation must be granted the PassRole permission on the IAM
	// role by a permissions policy.
	//
	// For more information about roles, see [IAM roles] in the IAM User Guide. For more
	// information about instance profiles, see [Using instance profiles]in the IAM User Guide.
	//
	// [disassociate the instance profile]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
	// [associate the instance profile]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
	// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
	// [eventual consistency]: https://en.wikipedia.org/wiki/Eventual_consistency
	// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
	AddRoleToInstanceProfile(ctx context.Context, params *AddRoleToInstanceProfileInput, optFns ...func(*Options)) (*AddRoleToInstanceProfileOutput, error)
	// Adds the specified user to the specified group.
	AddUserToGroup(ctx context.Context, params *AddUserToGroupInput, optFns ...func(*Options)) (*AddUserToGroupOutput, error)
	// Attaches the specified managed policy to the specified IAM group.
	//
	// You use this operation to attach a managed policy to a group. To embed an
	// inline policy in a group, use [PutGroupPolicy]PutGroupPolicy .
	//
	// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
	// the IAM User Guide.
	//
	// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [PutGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html
	// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	AttachGroupPolicy(ctx context.Context, params *AttachGroupPolicyInput, optFns ...func(*Options)) (*AttachGroupPolicyOutput, error)
	// Attaches the specified managed policy to the specified IAM role. When you
	// attach a managed policy to a role, the managed policy becomes part of the role's
	// permission (access) policy.
	//
	// You cannot use a managed policy as the role's trust policy. The role's trust
	// policy is created at the same time as the role, using [CreateRole]CreateRole . You can
	// update a role's trust policy using [UpdateAssumerolePolicy]UpdateAssumerolePolicy .
	//
	// Use this operation to attach a managed policy to a role. To embed an inline
	// policy in a role, use [PutRolePolicy]PutRolePolicy . For more information about policies, see [Managed policies and inline policies]
	// in the IAM User Guide.
	//
	// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
	// the IAM User Guide.
	//
	// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
	// [UpdateAssumerolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
	// [PutRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html
	// [CreateRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	AttachRolePolicy(ctx context.Context, params *AttachRolePolicyInput, optFns ...func(*Options)) (*AttachRolePolicyOutput, error)
	// Attaches the specified managed policy to the specified user.
	//
	// You use this operation to attach a managed policy to a user. To embed an inline
	// policy in a user, use [PutUserPolicy]PutUserPolicy .
	//
	// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
	// the IAM User Guide.
	//
	// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
	// [PutUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	AttachUserPolicy(ctx context.Context, params *AttachUserPolicyInput, optFns ...func(*Options)) (*AttachUserPolicyOutput, error)
	// Changes the password of the IAM user who is calling this operation. This
	// operation can be performed using the CLI, the Amazon Web Services API, or the My
	// Security Credentials page in the Amazon Web Services Management Console. The
	// Amazon Web Services account root user password is not affected by this
	// operation.
	//
	// Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM
	// console to change the password for any IAM user. For more information about
	// modifying passwords, see [Managing passwords]in the IAM User Guide.
	//
	// [Managing passwords]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
	ChangePassword(ctx context.Context, params *ChangePasswordInput, optFns ...func(*Options)) (*ChangePasswordOutput, error)
	//	Creates a new Amazon Web Services secret access key and corresponding Amazon
	//
	// Web Services access key ID for the specified user. The default status for new
	// keys is Active .
	//
	// If you do not specify a user name, IAM determines the user name implicitly
	// based on the Amazon Web Services access key ID signing the request. This
	// operation works for access keys under the Amazon Web Services account.
	// Consequently, you can use this operation to manage Amazon Web Services account
	// root user credentials. This is true even if the Amazon Web Services account has
	// no associated users.
	//
	// For information about quotas on the number of keys you can create, see [IAM and STS quotas] in the
	// IAM User Guide.
	//
	// To ensure the security of your Amazon Web Services account, the secret access
	// key is accessible only during key and user creation. You must save the key (for
	// example, in a text file) if you want to be able to access it again. If a secret
	// key is lost, you can delete the access keys for the associated user and then
	// create new keys.
	//
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	CreateAccessKey(ctx context.Context, params *CreateAccessKeyInput, optFns ...func(*Options)) (*CreateAccessKeyOutput, error)
	// Creates an alias for your Amazon Web Services account. For information about
	// using an Amazon Web Services account alias, see [Creating, deleting, and listing an Amazon Web Services account alias]in the Amazon Web Services
	// Sign-In User Guide.
	//
	// [Creating, deleting, and listing an Amazon Web Services account alias]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
	CreateAccountAlias(ctx context.Context, params *CreateAccountAliasInput, optFns ...func(*Options)) (*CreateAccountAliasOutput, error)
	// Creates a new group.
	//
	// For information about the number of groups you can create, see [IAM and STS quotas] in the IAM User
	// Guide.
	//
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	CreateGroup(ctx context.Context, params *CreateGroupInput, optFns ...func(*Options)) (*CreateGroupOutput, error)
	//	Creates a new instance profile. For information about instance profiles, see [Using roles for applications on Amazon EC2]
	//
	// in the IAM User Guide, and [Instance profiles]in the Amazon EC2 User Guide.
	//
	// For information about the number of instance profiles you can create, see [IAM object quotas] in
	// the IAM User Guide.
	//
	// [Instance profiles]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile
	// [IAM object quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	//
	// [Using roles for applications on Amazon EC2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
	CreateInstanceProfile(ctx context.Context, params *CreateInstanceProfileInput, optFns ...func(*Options)) (*CreateInstanceProfileOutput, error)
	// Creates a password for the specified IAM user. A password allows an IAM user to
	// access Amazon Web Services services through the Amazon Web Services Management
	// Console.
	//
	// You can use the CLI, the Amazon Web Services API, or the Users page in the IAM
	// console to create a password for any IAM user. Use ChangePasswordto update your own existing
	// password in the My Security Credentials page in the Amazon Web Services
	// Management Console.
	//
	// For more information about managing passwords, see [Managing passwords] in the IAM User Guide.
	//
	// [Managing passwords]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
	CreateLoginProfile(ctx context.Context, params *CreateLoginProfileInput, optFns ...func(*Options)) (*CreateLoginProfileOutput, error)
	// Creates an IAM entity to describe an identity provider (IdP) that supports [OpenID Connect (OIDC)].
	//
	// The OIDC provider that you create with this operation can be used as a
	// principal in a role's trust policy. Such a policy establishes a trust
	// relationship between Amazon Web Services and the OIDC provider.
	//
	// If you are using an OIDC identity provider from Google, Facebook, or Amazon
	// Cognito, you don't need to create a separate IAM identity provider. These OIDC
	// identity providers are already built-in to Amazon Web Services and are available
	// for your use. Instead, you can move directly to creating new roles using your
	// identity provider. To learn more, see [Creating a role for web identity or OpenID connect federation]in the IAM User Guide.
	//
	// When you create the IAM OIDC provider, you specify the following:
	//
	//   - The URL of the OIDC identity provider (IdP) to trust
	//
	//   - A list of client IDs (also known as audiences) that identify the
	//     application or applications allowed to authenticate using the OIDC provider
	//
	//   - A list of tags that are attached to the specified IAM OIDC provider
	//
	//   - A list of thumbprints of one or more server certificates that the IdP uses
	//
	// You get all of this information from the OIDC IdP you want to use to access
	// Amazon Web Services.
	//
	// Amazon Web Services secures communication with OIDC identity providers (IdPs)
	// using our library of trusted root certificate authorities (CAs) to verify the
	// JSON Web Key Set (JWKS) endpoint's TLS certificate. If your OIDC IdP relies on a
	// certificate that is not signed by one of these trusted CAs, only then we secure
	// communication using the thumbprints set in the IdP's configuration.
	//
	// The trust for the OIDC provider is derived from the IAM provider that this
	// operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvideroperation to
	// highly privileged users.
	//
	// [OpenID Connect (OIDC)]: http://openid.net/connect/
	// [Creating a role for web identity or OpenID connect federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
	CreateOpenIDConnectProvider(ctx context.Context, params *CreateOpenIDConnectProviderInput, optFns ...func(*Options)) (*CreateOpenIDConnectProviderOutput, error)
	// Creates a new managed policy for your Amazon Web Services account.
	//
	// This operation creates a policy version with a version identifier of v1 and
	// sets v1 as the policy's default version. For more information about policy
	// versions, see [Versioning for managed policies]in the IAM User Guide.
	//
	// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
	// the IAM User Guide.
	//
	// For more information about managed policies in general, see [Managed policies and inline policies] in the IAM User
	// Guide.
	//
	// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
	// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	CreatePolicy(ctx context.Context, params *CreatePolicyInput, optFns ...func(*Options)) (*CreatePolicyOutput, error)
	// Creates a new version of the specified managed policy. To update a managed
	// policy, you create a new policy version. A managed policy can have up to five
	// versions. If the policy has five versions, you must delete an existing version
	// using DeletePolicyVersionbefore you create a new version.
	//
	// Optionally, you can set the new version as the policy's default version. The
	// default version is the version that is in effect for the IAM users, groups, and
	// roles to which the policy is attached.
	//
	// For more information about managed policy versions, see [Versioning for managed policies] in the IAM User Guide.
	//
	// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
	CreatePolicyVersion(ctx context.Context, params *CreatePolicyVersionInput, optFns ...func(*Options)) (*CreatePolicyVersionOutput, error)
	// Creates a new role for your Amazon Web Services account.
	//
	// For more information about roles, see [IAM roles] in the IAM User Guide. For information
	// about quotas for role names and the number of roles you can create, see [IAM and STS quotas]in the
	// IAM User Guide.
	//
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
	CreateRole(ctx context.Context, params *CreateRoleInput, optFns ...func(*Options)) (*CreateRoleOutput, error)
	// Creates an IAM resource that describes an identity provider (IdP) that supports
	// SAML 2.0.
	//
	// The SAML provider resource that you create with this operation can be used as a
	// principal in an IAM role's trust policy. Such a policy can enable federated
	// users who sign in using the SAML IdP to assume the role. You can create an IAM
	// role that supports Web-based single sign-on (SSO) to the Amazon Web Services
	// Management Console or one that supports API access to Amazon Web Services.
	//
	// When you create the SAML provider resource, you upload a SAML metadata document
	// that you get from your IdP. That document includes the issuer's name, expiration
	// information, and keys that can be used to validate the SAML authentication
	// response (assertions) that the IdP sends. You must generate the metadata
	// document using the identity management software that is used as your
	// organization's IdP.
	//
	// This operation requires [Signature Version 4].
	//
	// For more information, see [Enabling SAML 2.0 federated users to access the Amazon Web Services Management Console] and [About SAML 2.0-based federation] in the IAM User Guide.
	//
	// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
	// [About SAML 2.0-based federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
	// [Enabling SAML 2.0 federated users to access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
	CreateSAMLProvider(ctx context.Context, params *CreateSAMLProviderInput, optFns ...func(*Options)) (*CreateSAMLProviderOutput, error)
	// Creates an IAM role that is linked to a specific Amazon Web Services service.
	// The service controls the attached policies and when the role can be deleted.
	// This helps ensure that the service is not broken by an unexpectedly changed or
	// deleted role, which could put your Amazon Web Services resources into an unknown
	// state. Allowing the service to control the role helps improve service stability
	// and proper cleanup when a service and its role are no longer needed. For more
	// information, see [Using service-linked roles]in the IAM User Guide.
	//
	// To attach a policy to this service-linked role, you must make the request using
	// the Amazon Web Services service that depends on this role.
	//
	// [Using service-linked roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
	CreateServiceLinkedRole(ctx context.Context, params *CreateServiceLinkedRoleInput, optFns ...func(*Options)) (*CreateServiceLinkedRoleOutput, error)
	// Generates a set of credentials consisting of a user name and password that can
	// be used to access the service specified in the request. These credentials are
	// generated by IAM, and can be used only for the specified service.
	//
	// You can have a maximum of two sets of service-specific credentials for each
	// supported service per user.
	//
	// You can create service-specific credentials for CodeCommit and Amazon Keyspaces
	// (for Apache Cassandra).
	//
	// You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.
	//
	// For more information about service-specific credentials, see [Using IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys] in the IAM User
	// Guide.
	//
	// [Using IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html
	CreateServiceSpecificCredential(ctx context.Context, params *CreateServiceSpecificCredentialInput, optFns ...func(*Options)) (*CreateServiceSpecificCredentialOutput, error)
	// Creates a new IAM user for your Amazon Web Services account.
	//
	// For information about quotas for the number of IAM users you can create, see [IAM and STS quotas]
	// in the IAM User Guide.
	//
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	CreateUser(ctx context.Context, params *CreateUserInput, optFns ...func(*Options)) (*CreateUserOutput, error)
	// Creates a new virtual MFA device for the Amazon Web Services account. After
	// creating the virtual MFA, use EnableMFADeviceto attach the MFA device to an IAM user. For more
	// information about creating and working with virtual MFA devices, see [Using a virtual MFA device]in the IAM
	// User Guide.
	//
	// For information about the maximum number of MFA devices you can create, see [IAM and STS quotas] in
	// the IAM User Guide.
	//
	// The seed information contained in the QR code and the Base32 string should be
	// treated like any other secret access information. In other words, protect the
	// seed information as you would your Amazon Web Services access keys or your
	// passwords. After you provision your virtual device, you should ensure that the
	// information is destroyed following secure procedures.
	//
	// [Using a virtual MFA device]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	CreateVirtualMFADevice(ctx context.Context, params *CreateVirtualMFADeviceInput, optFns ...func(*Options)) (*CreateVirtualMFADeviceOutput, error)
	// Deactivates the specified MFA device and removes it from association with the
	// user name for which it was originally enabled.
	//
	// For more information about creating and working with virtual MFA devices, see [Enabling a virtual multi-factor authentication (MFA) device]
	// in the IAM User Guide.
	//
	// [Enabling a virtual multi-factor authentication (MFA) device]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
	DeactivateMFADevice(ctx context.Context, params *DeactivateMFADeviceInput, optFns ...func(*Options)) (*DeactivateMFADeviceOutput, error)
	// Deletes the access key pair associated with the specified IAM user.
	//
	// If you do not specify a user name, IAM determines the user name implicitly
	// based on the Amazon Web Services access key ID signing the request. This
	// operation works for access keys under the Amazon Web Services account.
	// Consequently, you can use this operation to manage Amazon Web Services account
	// root user credentials even if the Amazon Web Services account has no associated
	// users.
	DeleteAccessKey(ctx context.Context, params *DeleteAccessKeyInput, optFns ...func(*Options)) (*DeleteAccessKeyOutput, error)
	//	Deletes the specified Amazon Web Services account alias. For information about
	//
	// using an Amazon Web Services account alias, see [Creating, deleting, and listing an Amazon Web Services account alias]in the Amazon Web Services
	// Sign-In User Guide.
	//
	// [Creating, deleting, and listing an Amazon Web Services account alias]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
	DeleteAccountAlias(ctx context.Context, params *DeleteAccountAliasInput, optFns ...func(*Options)) (*DeleteAccountAliasOutput, error)
	// Deletes the password policy for the Amazon Web Services account. There are no
	// parameters.
	DeleteAccountPasswordPolicy(ctx context.Context, params *DeleteAccountPasswordPolicyInput, optFns ...func(*Options)) (*DeleteAccountPasswordPolicyOutput, error)
	// Deletes the specified IAM group. The group must not contain any users or have
	// any attached policies.
	DeleteGroup(ctx context.Context, params *DeleteGroupInput, optFns ...func(*Options)) (*DeleteGroupOutput, error)
	// Deletes the specified inline policy that is embedded in the specified IAM group.
	//
	// A group can also have managed policies attached to it. To detach a managed
	// policy from a group, use DetachGroupPolicy. For more information about policies, refer to [Managed policies and inline policies] in
	// the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	DeleteGroupPolicy(ctx context.Context, params *DeleteGroupPolicyInput, optFns ...func(*Options)) (*DeleteGroupPolicyOutput, error)
	// Deletes the specified instance profile. The instance profile must not have an
	// associated role.
	//
	// Make sure that you do not have any Amazon EC2 instances running with the
	// instance profile you are about to delete. Deleting a role or instance profile
	// that is associated with a running instance will break any applications running
	// on the instance.
	//
	// For more information about instance profiles, see [Using instance profiles] in the IAM User Guide.
	//
	// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
	DeleteInstanceProfile(ctx context.Context, params *DeleteInstanceProfileInput, optFns ...func(*Options)) (*DeleteInstanceProfileOutput, error)
	// Deletes the password for the specified IAM user, For more information, see [Managing passwords for IAM users].
	//
	// You can use the CLI, the Amazon Web Services API, or the Users page in the IAM
	// console to delete a password for any IAM user. You can use ChangePasswordto update, but not
	// delete, your own password in the My Security Credentials page in the Amazon Web
	// Services Management Console.
	//
	// Deleting a user's password does not prevent a user from accessing Amazon Web
	// Services through the command line interface or the API. To prevent all user
	// access, you must also either make any access keys inactive or delete them. For
	// more information about making keys inactive or deleting them, see UpdateAccessKeyand DeleteAccessKey.
	//
	// [Managing passwords for IAM users]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html
	DeleteLoginProfile(ctx context.Context, params *DeleteLoginProfileInput, optFns ...func(*Options)) (*DeleteLoginProfileOutput, error)
	// Deletes an OpenID Connect identity provider (IdP) resource object in IAM.
	//
	// Deleting an IAM OIDC provider resource does not update any roles that reference
	// the provider as a principal in their trust policies. Any attempt to assume a
	// role that references a deleted provider fails.
	//
	// This operation is idempotent; it does not fail or return an error if you call
	// the operation for a provider that does not exist.
	DeleteOpenIDConnectProvider(ctx context.Context, params *DeleteOpenIDConnectProviderInput, optFns ...func(*Options)) (*DeleteOpenIDConnectProviderOutput, error)
	// Deletes the specified managed policy.
	//
	// Before you can delete a managed policy, you must first detach the policy from
	// all users, groups, and roles that it is attached to. In addition, you must
	// delete all the policy's versions. The following steps describe the process for
	// deleting a managed policy:
	//
	//   - Detach the policy from all users, groups, and roles that the policy is
	//     attached to, using DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy. To list all the users, groups, and roles that a
	//     policy is attached to, use ListEntitiesForPolicy.
	//
	//   - Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions,
	//     use ListPolicyVersions. You cannot use DeletePolicyVersionto delete the version that is marked as the default
	//     version. You delete the policy's default version in the next step of the
	//     process.
	//
	//   - Delete the policy (this automatically deletes the policy's default version)
	//     using this operation.
	//
	// For information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error)
	// Deletes the specified version from the specified managed policy.
	//
	// You cannot delete the default version from a policy using this operation. To
	// delete the default version from a policy, use DeletePolicy. To find out which version of a
	// policy is marked as the default version, use ListPolicyVersions.
	//
	// For information about versions for managed policies, see [Versioning for managed policies] in the IAM User Guide.
	//
	// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
	DeletePolicyVersion(ctx context.Context, params *DeletePolicyVersionInput, optFns ...func(*Options)) (*DeletePolicyVersionOutput, error)
	// Deletes the specified role. Unlike the Amazon Web Services Management Console,
	// when you delete a role programmatically, you must delete the items attached to
	// the role manually, or the deletion fails. For more information, see [Deleting an IAM role]. Before
	// attempting to delete a role, remove the following attached items:
	//
	//   - Inline policies (DeleteRolePolicy )
	//
	//   - Attached managed policies (DetachRolePolicy )
	//
	//   - Instance profile (RemoveRoleFromInstanceProfile )
	//
	//   - Optional – Delete instance profile after detaching from role for resource
	//     clean up (DeleteInstanceProfile )
	//
	// Make sure that you do not have any Amazon EC2 instances running with the role
	// you are about to delete. Deleting a role or instance profile that is associated
	// with a running instance will break any applications running on the instance.
	//
	// [Deleting an IAM role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli
	DeleteRole(ctx context.Context, params *DeleteRoleInput, optFns ...func(*Options)) (*DeleteRoleOutput, error)
	// Deletes the permissions boundary for the specified IAM role.
	//
	// You cannot set the boundary for a service-linked role.
	//
	// Deleting the permissions boundary for a role might increase its permissions.
	// For example, it might allow anyone who assumes the role to perform all the
	// actions granted in its permissions policies.
	DeleteRolePermissionsBoundary(ctx context.Context, params *DeleteRolePermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteRolePermissionsBoundaryOutput, error)
	// Deletes the specified inline policy that is embedded in the specified IAM role.
	//
	// A role can also have managed policies attached to it. To detach a managed
	// policy from a role, use DetachRolePolicy. For more information about policies, refer to [Managed policies and inline policies] in the
	// IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	DeleteRolePolicy(ctx context.Context, params *DeleteRolePolicyInput, optFns ...func(*Options)) (*DeleteRolePolicyOutput, error)
	// Deletes a SAML provider resource in IAM.
	//
	// Deleting the provider resource from IAM does not update any roles that
	// reference the SAML provider resource's ARN as a principal in their trust
	// policies. Any attempt to assume a role that references a non-existent provider
	// resource ARN fails.
	//
	// This operation requires [Signature Version 4].
	//
	// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
	DeleteSAMLProvider(ctx context.Context, params *DeleteSAMLProviderInput, optFns ...func(*Options)) (*DeleteSAMLProviderOutput, error)
	// Deletes the specified SSH public key.
	//
	// The SSH public key deleted by this operation is used only for authenticating
	// the associated IAM user to an CodeCommit repository. For more information about
	// using SSH keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the
	// CodeCommit User Guide.
	//
	// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
	DeleteSSHPublicKey(ctx context.Context, params *DeleteSSHPublicKeyInput, optFns ...func(*Options)) (*DeleteSSHPublicKeyOutput, error)
	// Deletes the specified server certificate.
	//
	// For more information about working with server certificates, see [Working with server certificates] in the IAM
	// User Guide. This topic also includes a list of Amazon Web Services services that
	// can use the server certificates that you manage with IAM.
	//
	// If you are using a server certificate with Elastic Load Balancing, deleting the
	// certificate could have implications for your application. If Elastic Load
	// Balancing doesn't detect the deletion of bound certificates, it may continue to
	// use the certificates. This could cause Elastic Load Balancing to stop accepting
	// traffic. We recommend that you remove the reference to the certificate from
	// Elastic Load Balancing before using this command to delete the certificate. For
	// more information, see [DeleteLoadBalancerListeners]in the Elastic Load Balancing API Reference.
	//
	// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
	// [DeleteLoadBalancerListeners]: https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html
	DeleteServerCertificate(ctx context.Context, params *DeleteServerCertificateInput, optFns ...func(*Options)) (*DeleteServerCertificateOutput, error)
	// Submits a service-linked role deletion request and returns a DeletionTaskId ,
	// which you can use to check the status of the deletion. Before you call this
	// operation, confirm that the role has no active sessions and that any resources
	// used by the role in the linked service are deleted. If you call this operation
	// more than once for the same service-linked role and an earlier deletion task is
	// not complete, then the DeletionTaskId of the earlier request is returned.
	//
	// If you submit a deletion request for a service-linked role whose linked service
	// is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus
	// operation returns the reason for the failure, usually including the resources
	// that must be deleted. To delete the service-linked role, you must first remove
	// those resources from the linked service and then submit the deletion request
	// again. Resources are specific to the service that is linked to the role. For
	// more information about removing resources from a service, see the [Amazon Web Services documentation]for your
	// service.
	//
	// For more information about service-linked roles, see [Roles terms and concepts: Amazon Web Services service-linked role] in the IAM User Guide.
	//
	// [Roles terms and concepts: Amazon Web Services service-linked role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role
	// [Amazon Web Services documentation]: http://docs.aws.amazon.com/
	DeleteServiceLinkedRole(ctx context.Context, params *DeleteServiceLinkedRoleInput, optFns ...func(*Options)) (*DeleteServiceLinkedRoleOutput, error)
	// Deletes the specified service-specific credential.
	DeleteServiceSpecificCredential(ctx context.Context, params *DeleteServiceSpecificCredentialInput, optFns ...func(*Options)) (*DeleteServiceSpecificCredentialOutput, error)
	// Deletes a signing certificate associated with the specified IAM user.
	//
	// If you do not specify a user name, IAM determines the user name implicitly
	// based on the Amazon Web Services access key ID signing the request. This
	// operation works for access keys under the Amazon Web Services account.
	// Consequently, you can use this operation to manage Amazon Web Services account
	// root user credentials even if the Amazon Web Services account has no associated
	// IAM users.
	DeleteSigningCertificate(ctx context.Context, params *DeleteSigningCertificateInput, optFns ...func(*Options)) (*DeleteSigningCertificateOutput, error)
	// Deletes the specified IAM user. Unlike the Amazon Web Services Management
	// Console, when you delete a user programmatically, you must delete the items
	// attached to the user manually, or the deletion fails. For more information, see [Deleting an IAM user]
	// . Before attempting to delete a user, remove the following items:
	//
	//   - Password (DeleteLoginProfile )
	//
	//   - Access keys (DeleteAccessKey )
	//
	//   - Signing certificate (DeleteSigningCertificate )
	//
	//   - SSH public key (DeleteSSHPublicKey )
	//
	//   - Git credentials (DeleteServiceSpecificCredential )
	//
	//   - Multi-factor authentication (MFA) device (DeactivateMFADevice , DeleteVirtualMFADevice)
	//
	//   - Inline policies (DeleteUserPolicy )
	//
	//   - Attached managed policies (DetachUserPolicy )
	//
	//   - Group memberships (RemoveUserFromGroup )
	//
	// [Deleting an IAM user]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli
	DeleteUser(ctx context.Context, params *DeleteUserInput, optFns ...func(*Options)) (*DeleteUserOutput, error)
	// Deletes the permissions boundary for the specified IAM user.
	//
	// Deleting the permissions boundary for a user might increase its permissions by
	// allowing the user to perform all the actions granted in its permissions
	// policies.
	DeleteUserPermissionsBoundary(ctx context.Context, params *DeleteUserPermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteUserPermissionsBoundaryOutput, error)
	// Deletes the specified inline policy that is embedded in the specified IAM user.
	//
	// A user can also have managed policies attached to it. To detach a managed
	// policy from a user, use DetachUserPolicy. For more information about policies, refer to [Managed policies and inline policies] in the
	// IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	DeleteUserPolicy(ctx context.Context, params *DeleteUserPolicyInput, optFns ...func(*Options)) (*DeleteUserPolicyOutput, error)
	// Deletes a virtual MFA device.
	//
	// You must deactivate a user's virtual MFA device before you can delete it. For
	// information about deactivating MFA devices, see DeactivateMFADevice.
	DeleteVirtualMFADevice(ctx context.Context, params *DeleteVirtualMFADeviceInput, optFns ...func(*Options)) (*DeleteVirtualMFADeviceOutput, error)
	// Removes the specified managed policy from the specified IAM group.
	//
	// A group can also have inline policies embedded with it. To delete an inline
	// policy, use DeleteGroupPolicy. For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	DetachGroupPolicy(ctx context.Context, params *DetachGroupPolicyInput, optFns ...func(*Options)) (*DetachGroupPolicyOutput, error)
	// Removes the specified managed policy from the specified role.
	//
	// A role can also have inline policies embedded with it. To delete an inline
	// policy, use DeleteRolePolicy. For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	DetachRolePolicy(ctx context.Context, params *DetachRolePolicyInput, optFns ...func(*Options)) (*DetachRolePolicyOutput, error)
	// Removes the specified managed policy from the specified user.
	//
	// A user can also have inline policies embedded with it. To delete an inline
	// policy, use DeleteUserPolicy. For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	DetachUserPolicy(ctx context.Context, params *DetachUserPolicyInput, optFns ...func(*Options)) (*DetachUserPolicyOutput, error)
	// Disables the management of privileged root user credentials across member
	// accounts in your organization. When you disable this feature, the management
	// account and the delegated admininstrator for IAM can no longer manage root user
	// credentials for member accounts in your organization.
	DisableOrganizationsRootCredentialsManagement(ctx context.Context, params *DisableOrganizationsRootCredentialsManagementInput, optFns ...func(*Options)) (*DisableOrganizationsRootCredentialsManagementOutput, error)
	// Disables root user sessions for privileged tasks across member accounts in your
	// organization. When you disable this feature, the management account and the
	// delegated admininstrator for IAM can no longer perform privileged tasks on
	// member accounts in your organization.
	DisableOrganizationsRootSessions(ctx context.Context, params *DisableOrganizationsRootSessionsInput, optFns ...func(*Options)) (*DisableOrganizationsRootSessionsOutput, error)
	// Enables the specified MFA device and associates it with the specified IAM user.
	// When enabled, the MFA device is required for every subsequent login by the IAM
	// user associated with the device.
	EnableMFADevice(ctx context.Context, params *EnableMFADeviceInput, optFns ...func(*Options)) (*EnableMFADeviceOutput, error)
	// Enables the management of privileged root user credentials across member
	// accounts in your organization. When you enable root credentials management for [centralized root access]
	// , the management account and the delegated admininstrator for IAM can manage
	// root user credentials for member accounts in your organization.
	//
	// Before you enable centralized root access, you must have an account configured
	// with the following settings:
	//
	//   - You must manage your Amazon Web Services accounts in [Organizations].
	//
	//   - Enable trusted access for Identity and Access Management in Organizations.
	//     For details, see [IAM and Organizations]in the Organizations User Guide.
	//
	// [Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
	// [centralized root access]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
	// [IAM and Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ra.html
	EnableOrganizationsRootCredentialsManagement(ctx context.Context, params *EnableOrganizationsRootCredentialsManagementInput, optFns ...func(*Options)) (*EnableOrganizationsRootCredentialsManagementOutput, error)
	// Allows the management account or delegated administrator to perform privileged
	// tasks on member accounts in your organization. For more information, see [Centrally manage root access for member accounts]in the
	// Identity and Access Management User Guide.
	//
	// Before you enable this feature, you must have an account configured with the
	// following settings:
	//
	//   - You must manage your Amazon Web Services accounts in [Organizations].
	//
	//   - Enable trusted access for Identity and Access Management in Organizations.
	//     For details, see [IAM and Organizations]in the Organizations User Guide.
	//
	// [Centrally manage root access for member accounts]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
	// [Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
	// [IAM and Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ra.html
	EnableOrganizationsRootSessions(ctx context.Context, params *EnableOrganizationsRootSessionsInput, optFns ...func(*Options)) (*EnableOrganizationsRootSessionsOutput, error)
	//	Generates a credential report for the Amazon Web Services account. For more
	//
	// information about the credential report, see [Getting credential reports]in the IAM User Guide.
	//
	// [Getting credential reports]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
	GenerateCredentialReport(ctx context.Context, params *GenerateCredentialReportInput, optFns ...func(*Options)) (*GenerateCredentialReportOutput, error)
	// Generates a report for service last accessed data for Organizations. You can
	// generate a report for any entities (organization root, organizational unit, or
	// account) or policies in your organization.
	//
	// To call this operation, you must be signed in using your Organizations
	// management account credentials. You can use your long-term IAM user or root user
	// credentials, or temporary credentials from assuming an IAM role. SCPs must be
	// enabled for your organization root. You must have the required IAM and
	// Organizations permissions. For more information, see [Refining permissions using service last accessed data]in the IAM User Guide.
	//
	// You can generate a service last accessed data report for entities by specifying
	// only the entity's path. This data includes a list of services that are allowed
	// by any service control policies (SCPs) that apply to the entity.
	//
	// You can generate a service last accessed data report for a policy by specifying
	// an entity's path and an optional Organizations policy ID. This data includes a
	// list of services that are allowed by the specified SCP.
	//
	// For each service in both report types, the data includes the most recent
	// account activity that the policy allows to account principals in the entity or
	// the entity's children. For important information about the data, reporting
	// period, permissions required, troubleshooting, and supported Regions see [Reducing permissions using service last accessed data]in the
	// IAM User Guide.
	//
	// The data includes all attempts to access Amazon Web Services, not just the
	// successful ones. This includes all attempts that were made using the Amazon Web
	// Services Management Console, the Amazon Web Services API through any of the
	// SDKs, or any of the command line tools. An unexpected entry in the service last
	// accessed data does not mean that an account has been compromised, because the
	// request might have been denied. Refer to your CloudTrail logs as the
	// authoritative source for information about all API calls and whether they were
	// successful or denied access. For more information, see [Logging IAM events with CloudTrail]in the IAM User Guide.
	//
	// This operation returns a JobId . Use this parameter in the GetOrganizationsAccessReport operation to check
	// the status of the report generation. To check the status of this request, use
	// the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response
	// parameter. When the job is complete, you can retrieve the report.
	//
	// To generate a service last accessed data report for entities, specify an entity
	// path without specifying the optional Organizations policy ID. The type of entity
	// that you specify determines the data returned in the report.
	//
	//   - Root – When you specify the organizations root as the entity, the resulting
	//     report lists all of the services allowed by SCPs that are attached to your root.
	//     For each service, the report includes data for all accounts in your organization
	//     except the management account, because the management account is not limited by
	//     SCPs.
	//
	//   - OU – When you specify an organizational unit (OU) as the entity, the
	//     resulting report lists all of the services allowed by SCPs that are attached to
	//     the OU and its parents. For each service, the report includes data for all
	//     accounts in the OU or its children. This data excludes the management account,
	//     because the management account is not limited by SCPs.
	//
	//   - management account – When you specify the management account, the resulting
	//     report lists all Amazon Web Services services, because the management account is
	//     not limited by SCPs. For each service, the report includes data for only the
	//     management account.
	//
	//   - Account – When you specify another account as the entity, the resulting
	//     report lists all of the services allowed by SCPs that are attached to the
	//     account and its parents. For each service, the report includes data for only the
	//     specified account.
	//
	// To generate a service last accessed data report for policies, specify an entity
	// path and the optional Organizations policy ID. The type of entity that you
	// specify determines the data returned for each service.
	//
	//   - Root – When you specify the root entity and a policy ID, the resulting
	//     report lists all of the services that are allowed by the specified SCP. For each
	//     service, the report includes data for all accounts in your organization to which
	//     the SCP applies. This data excludes the management account, because the
	//     management account is not limited by SCPs. If the SCP is not attached to any
	//     entities in the organization, then the report will return a list of services
	//     with no data.
	//
	//   - OU – When you specify an OU entity and a policy ID, the resulting report
	//     lists all of the services that are allowed by the specified SCP. For each
	//     service, the report includes data for all accounts in the OU or its children to
	//     which the SCP applies. This means that other accounts outside the OU that are
	//     affected by the SCP might not be included in the data. This data excludes the
	//     management account, because the management account is not limited by SCPs. If
	//     the SCP is not attached to the OU or one of its children, the report will return
	//     a list of services with no data.
	//
	//   - management account – When you specify the management account, the resulting
	//     report lists all Amazon Web Services services, because the management account is
	//     not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is
	//     ignored. For each service, the report includes data for only the management
	//     account.
	//
	//   - Account – When you specify another account entity and a policy ID, the
	//     resulting report lists all of the services that are allowed by the specified
	//     SCP. For each service, the report includes data for only the specified account.
	//     This means that other accounts in the organization that are affected by the SCP
	//     might not be included in the data. If the SCP is not attached to the account,
	//     the report will return a list of services with no data.
	//
	// Service last accessed data does not use other policy types when determining
	// whether a principal could access a service. These other policy types include
	// identity-based policies, resource-based policies, access control lists, IAM
	// permissions boundaries, and STS assume role policies. It only applies SCP logic.
	// For more about the evaluation of policy types, see [Evaluating policies]in the IAM User Guide.
	//
	// For more information about service last accessed data, see [Reducing policy scope by viewing user activity] in the IAM User
	// Guide.
	//
	// [Logging IAM events with CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
	// [Refining permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
	// [Reducing permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
	// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
	// [Reducing policy scope by viewing user activity]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
	GenerateOrganizationsAccessReport(ctx context.Context, params *GenerateOrganizationsAccessReportInput, optFns ...func(*Options)) (*GenerateOrganizationsAccessReportOutput, error)
	// Generates a report that includes details about when an IAM resource (user,
	// group, role, or policy) was last used in an attempt to access Amazon Web
	// Services services. Recent activity usually appears within four hours. IAM
	// reports activity for at least the last 400 days, or less if your Region began
	// supporting this feature within the last year. For more information, see [Regions where data is tracked]. For
	// more information about services and actions for which action last accessed
	// information is displayed, see [IAM action last accessed information services and actions].
	//
	// The service last accessed data includes all attempts to access an Amazon Web
	// Services API, not just the successful ones. This includes all attempts that were
	// made using the Amazon Web Services Management Console, the Amazon Web Services
	// API through any of the SDKs, or any of the command line tools. An unexpected
	// entry in the service last accessed data does not mean that your account has been
	// compromised, because the request might have been denied. Refer to your
	// CloudTrail logs as the authoritative source for information about all API calls
	// and whether they were successful or denied access. For more information, see [Logging IAM events with CloudTrail]in
	// the IAM User Guide.
	//
	// The GenerateServiceLastAccessedDetails operation returns a JobId . Use this
	// parameter in the following operations to retrieve the following details from
	// your report:
	//
	// GetServiceLastAccessedDetails
	//   - – Use this operation for users, groups, roles, or policies to list every
	//     Amazon Web Services service that the resource could access using permissions
	//     policies. For each service, the response includes information about the most
	//     recent access attempt.
	//
	// The JobId returned by GenerateServiceLastAccessedDetail must be used by the same
	//
	//	role within a session, or by the same user when used to call
	//	GetServiceLastAccessedDetail .
	//
	// GetServiceLastAccessedDetailsWithEntities
	//   - – Use this operation for groups and policies to list information about the
	//     associated entities (users or roles) that attempted to access a specific Amazon
	//     Web Services service.
	//
	// To check the status of the GenerateServiceLastAccessedDetails request, use the
	// JobId parameter in the same operations and test the JobStatus response
	// parameter.
	//
	// For additional information about the permissions policies that allow an
	// identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccessoperation.
	//
	// Service last accessed data does not use other policy types when determining
	// whether a resource could access a service. These other policy types include
	// resource-based policies, access control lists, Organizations policies, IAM
	// permissions boundaries, and STS assume role policies. It only applies
	// permissions policy logic. For more about the evaluation of policy types, see [Evaluating policies]in
	// the IAM User Guide.
	//
	// For more information about service and action last accessed data, see [Reducing permissions using service last accessed data] in the
	// IAM User Guide.
	//
	// [Logging IAM events with CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
	// [Reducing permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
	// [Regions where data is tracked]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
	// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
	// [IAM action last accessed information services and actions]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-action-last-accessed.html
	GenerateServiceLastAccessedDetails(ctx context.Context, params *GenerateServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GenerateServiceLastAccessedDetailsOutput, error)
	// Retrieves information about when the specified access key was last used. The
	// information includes the date and time of last use, along with the Amazon Web
	// Services service and Region that were specified in the last request made with
	// that key.
	GetAccessKeyLastUsed(ctx context.Context, params *GetAccessKeyLastUsedInput, optFns ...func(*Options)) (*GetAccessKeyLastUsedOutput, error)
	// Retrieves information about all IAM users, groups, roles, and policies in your
	// Amazon Web Services account, including their relationships to one another. Use
	// this operation to obtain a snapshot of the configuration of IAM permissions
	// (users, groups, roles, and policies) in your account.
	//
	// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
	// use a URL decoding method to convert the policy back to plain JSON text. For
	// example, if you use Java, you can use the decode method of the
	// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
	// provide similar functionality.
	//
	// You can optionally filter the results using the Filter parameter. You can
	// paginate the results using the MaxItems and Marker parameters.
	//
	// [RFC 3986]: https://tools.ietf.org/html/rfc3986
	GetAccountAuthorizationDetails(ctx context.Context, params *GetAccountAuthorizationDetailsInput, optFns ...func(*Options)) (*GetAccountAuthorizationDetailsOutput, error)
	// Retrieves the password policy for the Amazon Web Services account. This tells
	// you the complexity requirements and mandatory rotation periods for the IAM user
	// passwords in your account. For more information about using a password policy,
	// see [Managing an IAM password policy].
	//
	// [Managing an IAM password policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
	GetAccountPasswordPolicy(ctx context.Context, params *GetAccountPasswordPolicyInput, optFns ...func(*Options)) (*GetAccountPasswordPolicyOutput, error)
	// Retrieves information about IAM entity usage and IAM quotas in the Amazon Web
	// Services account.
	//
	// For information about IAM quotas, see [IAM and STS quotas] in the IAM User Guide.
	//
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	GetAccountSummary(ctx context.Context, params *GetAccountSummaryInput, optFns ...func(*Options)) (*GetAccountSummaryOutput, error)
	// Gets a list of all of the context keys referenced in the input policies. The
	// policies are supplied as a list of one or more strings. To get the context keys
	// from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.
	//
	// Context keys are variables maintained by Amazon Web Services and its services
	// that provide details about the context of an API query request. Context keys can
	// be evaluated by testing against a value specified in an IAM policy. Use
	// GetContextKeysForCustomPolicy to understand what key names and values you must
	// supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form
	// here for clarity but must be URL encoded to be included as a part of a real HTML
	// request.
	GetContextKeysForCustomPolicy(ctx context.Context, params *GetContextKeysForCustomPolicyInput, optFns ...func(*Options)) (*GetContextKeysForCustomPolicyOutput, error)
	// Gets a list of all of the context keys referenced in all the IAM policies that
	// are attached to the specified IAM entity. The entity can be an IAM user, group,
	// or role. If you specify a user, then the request also includes all of the
	// policies attached to groups that the user is a member of.
	//
	// You can optionally include a list of one or more additional policies, specified
	// as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy
	// instead.
	//
	// Note: This operation discloses information about the permissions granted to
	// other users. If you do not want users to see other user's permissions, then
	// consider allowing them to use GetContextKeysForCustomPolicyinstead.
	//
	// Context keys are variables maintained by Amazon Web Services and its services
	// that provide details about the context of an API query request. Context keys can
	// be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicyto understand
	// what key names and values you must supply when you call SimulatePrincipalPolicy.
	GetContextKeysForPrincipalPolicy(ctx context.Context, params *GetContextKeysForPrincipalPolicyInput, optFns ...func(*Options)) (*GetContextKeysForPrincipalPolicyOutput, error)
	//	Retrieves a credential report for the Amazon Web Services account. For more
	//
	// information about the credential report, see [Getting credential reports]in the IAM User Guide.
	//
	// [Getting credential reports]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
	GetCredentialReport(ctx context.Context, params *GetCredentialReportInput, optFns ...func(*Options)) (*GetCredentialReportOutput, error)
	//	Returns a list of IAM users that are in the specified IAM group. You can
	//
	// paginate the results using the MaxItems and Marker parameters.
	GetGroup(ctx context.Context, params *GetGroupInput, optFns ...func(*Options)) (*GetGroupOutput, error)
	// Retrieves the specified inline policy document that is embedded in the
	// specified IAM group.
	//
	// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
	// use a URL decoding method to convert the policy back to plain JSON text. For
	// example, if you use Java, you can use the decode method of the
	// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
	// provide similar functionality.
	//
	// An IAM group can also have managed policies attached to it. To retrieve a
	// managed policy document that is attached to a group, use GetPolicyto determine the
	// policy's default version, then use GetPolicyVersionto retrieve the policy document.
	//
	// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [RFC 3986]: https://tools.ietf.org/html/rfc3986
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	GetGroupPolicy(ctx context.Context, params *GetGroupPolicyInput, optFns ...func(*Options)) (*GetGroupPolicyOutput, error)
	//	Retrieves information about the specified instance profile, including the
	//
	// instance profile's path, GUID, ARN, and role. For more information about
	// instance profiles, see [Using instance profiles]in the IAM User Guide.
	//
	// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
	GetInstanceProfile(ctx context.Context, params *GetInstanceProfileInput, optFns ...func(*Options)) (*GetInstanceProfileOutput, error)
	// Retrieves the user name for the specified IAM user. A login profile is created
	// when you create a password for the user to access the Amazon Web Services
	// Management Console. If the user does not exist or does not have a password, the
	// operation returns a 404 ( NoSuchEntity ) error.
	//
	// If you create an IAM user with access to the console, the CreateDate reflects
	// the date you created the initial password for the user.
	//
	// If you create an IAM user with programmatic access, and then later add a
	// password for the user to access the Amazon Web Services Management Console, the
	// CreateDate reflects the initial password creation date. A user with programmatic
	// access does not have a login profile unless you create a password for the user
	// to access the Amazon Web Services Management Console.
	GetLoginProfile(ctx context.Context, params *GetLoginProfileInput, optFns ...func(*Options)) (*GetLoginProfileOutput, error)
	// Retrieves information about an MFA device for a specified user.
	GetMFADevice(ctx context.Context, params *GetMFADeviceInput, optFns ...func(*Options)) (*GetMFADeviceOutput, error)
	// Returns information about the specified OpenID Connect (OIDC) provider resource
	// object in IAM.
	GetOpenIDConnectProvider(ctx context.Context, params *GetOpenIDConnectProviderInput, optFns ...func(*Options)) (*GetOpenIDConnectProviderOutput, error)
	// Retrieves the service last accessed data report for Organizations that was
	// previously generated using the GenerateOrganizationsAccessReportoperation. This operation retrieves the status
	// of your report job and the report contents.
	//
	// Depending on the parameters that you passed when you generated the report, the
	// data returned could include different information. For details, see GenerateOrganizationsAccessReport.
	//
	// To call this operation, you must be signed in to the management account in your
	// organization. SCPs must be enabled for your organization root. You must have
	// permissions to perform this operation. For more information, see [Refining permissions using service last accessed data]in the IAM
	// User Guide.
	//
	// For each service that principals in an account (root user, IAM users, or IAM
	// roles) could access using SCPs, the operation returns details about the most
	// recent access attempt. If there was no attempt, the service is listed without
	// details about the most recent attempt to access the service. If the operation
	// fails, it returns the reason that it failed.
	//
	// By default, the list is sorted by service namespace.
	//
	// [Refining permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
	GetOrganizationsAccessReport(ctx context.Context, params *GetOrganizationsAccessReportInput, optFns ...func(*Options)) (*GetOrganizationsAccessReportOutput, error)
	// Retrieves information about the specified managed policy, including the
	// policy's default version and the total number of IAM users, groups, and roles to
	// which the policy is attached. To retrieve the list of the specific users,
	// groups, and roles that the policy is attached to, use ListEntitiesForPolicy. This operation returns
	// metadata about the policy. To retrieve the actual policy document for a specific
	// version of the policy, use GetPolicyVersion.
	//
	// This operation retrieves information about managed policies. To retrieve
	// information about an inline policy that is embedded with an IAM user, group, or
	// role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.
	//
	// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	GetPolicy(ctx context.Context, params *GetPolicyInput, optFns ...func(*Options)) (*GetPolicyOutput, error)
	// Retrieves information about the specified version of the specified managed
	// policy, including the policy document.
	//
	// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
	// use a URL decoding method to convert the policy back to plain JSON text. For
	// example, if you use Java, you can use the decode method of the
	// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
	// provide similar functionality.
	//
	// To list the available versions for a policy, use ListPolicyVersions.
	//
	// This operation retrieves information about managed policies. To retrieve
	// information about an inline policy that is embedded in a user, group, or role,
	// use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.
	//
	// For more information about the types of policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// For more information about managed policy versions, see [Versioning for managed policies] in the IAM User Guide.
	//
	// [RFC 3986]: https://tools.ietf.org/html/rfc3986
	// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	GetPolicyVersion(ctx context.Context, params *GetPolicyVersionInput, optFns ...func(*Options)) (*GetPolicyVersionOutput, error)
	// Retrieves information about the specified role, including the role's path,
	// GUID, ARN, and the role's trust policy that grants permission to assume the
	// role. For more information about roles, see [IAM roles]in the IAM User Guide.
	//
	// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
	// use a URL decoding method to convert the policy back to plain JSON text. For
	// example, if you use Java, you can use the decode method of the
	// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
	// provide similar functionality.
	//
	// [RFC 3986]: https://tools.ietf.org/html/rfc3986
	// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
	GetRole(ctx context.Context, params *GetRoleInput, optFns ...func(*Options)) (*GetRoleOutput, error)
	// Retrieves the specified inline policy document that is embedded with the
	// specified IAM role.
	//
	// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
	// use a URL decoding method to convert the policy back to plain JSON text. For
	// example, if you use Java, you can use the decode method of the
	// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
	// provide similar functionality.
	//
	// An IAM role can also have managed policies attached to it. To retrieve a
	// managed policy document that is attached to a role, use GetPolicyto determine the
	// policy's default version, then use GetPolicyVersionto retrieve the policy document.
	//
	// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// For more information about roles, see [IAM roles] in the IAM User Guide.
	//
	// [RFC 3986]: https://tools.ietf.org/html/rfc3986
	// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	GetRolePolicy(ctx context.Context, params *GetRolePolicyInput, optFns ...func(*Options)) (*GetRolePolicyOutput, error)
	// Returns the SAML provider metadocument that was uploaded when the IAM SAML
	// provider resource object was created or updated.
	//
	// This operation requires [Signature Version 4].
	//
	// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
	GetSAMLProvider(ctx context.Context, params *GetSAMLProviderInput, optFns ...func(*Options)) (*GetSAMLProviderOutput, error)
	// Retrieves the specified SSH public key, including metadata about the key.
	//
	// The SSH public key retrieved by this operation is used only for authenticating
	// the associated IAM user to an CodeCommit repository. For more information about
	// using SSH keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the
	// CodeCommit User Guide.
	//
	// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
	GetSSHPublicKey(ctx context.Context, params *GetSSHPublicKeyInput, optFns ...func(*Options)) (*GetSSHPublicKeyOutput, error)
	// Retrieves information about the specified server certificate stored in IAM.
	//
	// For more information about working with server certificates, see [Working with server certificates] in the IAM
	// User Guide. This topic includes a list of Amazon Web Services services that can
	// use the server certificates that you manage with IAM.
	//
	// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
	GetServerCertificate(ctx context.Context, params *GetServerCertificateInput, optFns ...func(*Options)) (*GetServerCertificateOutput, error)
	// Retrieves a service last accessed report that was created using the
	// GenerateServiceLastAccessedDetails operation. You can use the JobId parameter
	// in GetServiceLastAccessedDetails to retrieve the status of your report job.
	// When the report is complete, you can retrieve the generated report. The report
	// includes a list of Amazon Web Services services that the resource (user, group,
	// role, or managed policy) can access.
	//
	// Service last accessed data does not use other policy types when determining
	// whether a resource could access a service. These other policy types include
	// resource-based policies, access control lists, Organizations policies, IAM
	// permissions boundaries, and STS assume role policies. It only applies
	// permissions policy logic. For more about the evaluation of policy types, see [Evaluating policies]in
	// the IAM User Guide.
	//
	// For each service that the resource could access using permissions policies, the
	// operation returns details about the most recent access attempt. If there was no
	// attempt, the service is listed without details about the most recent attempt to
	// access the service. If the operation fails, the GetServiceLastAccessedDetails
	// operation returns the reason that it failed.
	//
	// The GetServiceLastAccessedDetails operation returns a list of services. This
	// list includes the number of entities that have attempted to access the service
	// and the date and time of the last attempt. It also returns the ARN of the
	// following entity, depending on the resource ARN that you used to generate the
	// report:
	//
	//   - User – Returns the user ARN that you used to generate the report
	//
	//   - Group – Returns the ARN of the group member (user) that last attempted to
	//     access the service
	//
	//   - Role – Returns the role ARN that you used to generate the report
	//
	//   - Policy – Returns the ARN of the user or role that last used the policy to
	//     attempt to access the service
	//
	// By default, the list is sorted by service namespace.
	//
	// If you specified ACTION_LEVEL granularity when you generated the report, this
	// operation returns service and action last accessed data. This includes the most
	// recent access attempt for each tracked action within a service. Otherwise, this
	// operation returns only service data.
	//
	// For more information about service and action last accessed data, see [Reducing permissions using service last accessed data] in the
	// IAM User Guide.
	//
	// [Reducing permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
	// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
	GetServiceLastAccessedDetails(ctx context.Context, params *GetServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsOutput, error)
	// After you generate a group or policy report using the
	// GenerateServiceLastAccessedDetails operation, you can use the JobId parameter
	// in GetServiceLastAccessedDetailsWithEntities . This operation retrieves the
	// status of your report job and a list of entities that could have used group or
	// policy permissions to access the specified service.
	//
	//   - Group – For a group report, this operation returns a list of users in the
	//     group that could have used the group’s policies in an attempt to access the
	//     service.
	//
	//   - Policy – For a policy report, this operation returns a list of entities
	//     (users or roles) that could have used the policy in an attempt to access the
	//     service.
	//
	// You can also use this operation for user or role reports to retrieve details
	// about those entities.
	//
	// If the operation fails, the GetServiceLastAccessedDetailsWithEntities operation
	// returns the reason that it failed.
	//
	// By default, the list of associated entities is sorted by date, with the most
	// recent access listed first.
	GetServiceLastAccessedDetailsWithEntities(ctx context.Context, params *GetServiceLastAccessedDetailsWithEntitiesInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsWithEntitiesOutput, error)
	// Retrieves the status of your service-linked role deletion. After you use DeleteServiceLinkedRole to
	// submit a service-linked role for deletion, you can use the DeletionTaskId
	// parameter in GetServiceLinkedRoleDeletionStatus to check the status of the
	// deletion. If the deletion fails, this operation returns the reason that it
	// failed, if that information is returned by the service.
	GetServiceLinkedRoleDeletionStatus(ctx context.Context, params *GetServiceLinkedRoleDeletionStatusInput, optFns ...func(*Options)) (*GetServiceLinkedRoleDeletionStatusOutput, error)
	// Retrieves information about the specified IAM user, including the user's
	// creation date, path, unique ID, and ARN.
	//
	// If you do not specify a user name, IAM determines the user name implicitly
	// based on the Amazon Web Services access key ID used to sign the request to this
	// operation.
	GetUser(ctx context.Context, params *GetUserInput, optFns ...func(*Options)) (*GetUserOutput, error)
	// Retrieves the specified inline policy document that is embedded in the
	// specified IAM user.
	//
	// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
	// use a URL decoding method to convert the policy back to plain JSON text. For
	// example, if you use Java, you can use the decode method of the
	// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
	// provide similar functionality.
	//
	// An IAM user can also have managed policies attached to it. To retrieve a
	// managed policy document that is attached to a user, use GetPolicyto determine the
	// policy's default version. Then use GetPolicyVersionto retrieve the policy document.
	//
	// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [RFC 3986]: https://tools.ietf.org/html/rfc3986
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	GetUserPolicy(ctx context.Context, params *GetUserPolicyInput, optFns ...func(*Options)) (*GetUserPolicyOutput, error)
	// Returns information about the access key IDs associated with the specified IAM
	// user. If there is none, the operation returns an empty list.
	//
	// Although each user is limited to a small number of keys, you can still paginate
	// the results using the MaxItems and Marker parameters.
	//
	// If the UserName is not specified, the user name is determined implicitly based
	// on the Amazon Web Services access key ID used to sign the request. If a
	// temporary access key is used, then UserName is required. If a long-term key is
	// assigned to the user, then UserName is not required.
	//
	// This operation works for access keys under the Amazon Web Services account. If
	// the Amazon Web Services account has no associated users, the root user returns
	// it's own access key IDs by running this command.
	//
	// To ensure the security of your Amazon Web Services account, the secret access
	// key is accessible only during key and user creation.
	ListAccessKeys(ctx context.Context, params *ListAccessKeysInput, optFns ...func(*Options)) (*ListAccessKeysOutput, error)
	// Lists the account alias associated with the Amazon Web Services account (Note:
	// you can have only one). For information about using an Amazon Web Services
	// account alias, see [Creating, deleting, and listing an Amazon Web Services account alias]in the Amazon Web Services Sign-In User Guide.
	//
	// [Creating, deleting, and listing an Amazon Web Services account alias]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
	ListAccountAliases(ctx context.Context, params *ListAccountAliasesInput, optFns ...func(*Options)) (*ListAccountAliasesOutput, error)
	// Lists all managed policies that are attached to the specified IAM group.
	//
	// An IAM group can also have inline policies embedded with it. To list the inline
	// policies for a group, use ListGroupPolicies. For information about policies, see [Managed policies and inline policies] in the IAM
	// User Guide.
	//
	// You can paginate the results using the MaxItems and Marker parameters. You can
	// use the PathPrefix parameter to limit the list of policies to only those
	// matching the specified path prefix. If there are no policies attached to the
	// specified group (or none that match the specified path prefix), the operation
	// returns an empty list.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	ListAttachedGroupPolicies(ctx context.Context, params *ListAttachedGroupPoliciesInput, optFns ...func(*Options)) (*ListAttachedGroupPoliciesOutput, error)
	// Lists all managed policies that are attached to the specified IAM role.
	//
	// An IAM role can also have inline policies embedded with it. To list the inline
	// policies for a role, use ListRolePolicies. For information about policies, see [Managed policies and inline policies] in the IAM User
	// Guide.
	//
	// You can paginate the results using the MaxItems and Marker parameters. You can
	// use the PathPrefix parameter to limit the list of policies to only those
	// matching the specified path prefix. If there are no policies attached to the
	// specified role (or none that match the specified path prefix), the operation
	// returns an empty list.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	ListAttachedRolePolicies(ctx context.Context, params *ListAttachedRolePoliciesInput, optFns ...func(*Options)) (*ListAttachedRolePoliciesOutput, error)
	// Lists all managed policies that are attached to the specified IAM user.
	//
	// An IAM user can also have inline policies embedded with it. To list the inline
	// policies for a user, use ListUserPolicies. For information about policies, see [Managed policies and inline policies] in the IAM User
	// Guide.
	//
	// You can paginate the results using the MaxItems and Marker parameters. You can
	// use the PathPrefix parameter to limit the list of policies to only those
	// matching the specified path prefix. If there are no policies attached to the
	// specified group (or none that match the specified path prefix), the operation
	// returns an empty list.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	ListAttachedUserPolicies(ctx context.Context, params *ListAttachedUserPoliciesInput, optFns ...func(*Options)) (*ListAttachedUserPoliciesOutput, error)
	// Lists all IAM users, groups, and roles that the specified managed policy is
	// attached to.
	//
	// You can use the optional EntityFilter parameter to limit the results to a
	// particular type of entity (users, groups, or roles). For example, to list only
	// the roles that are attached to the specified policy, set EntityFilter to Role .
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	ListEntitiesForPolicy(ctx context.Context, params *ListEntitiesForPolicyInput, optFns ...func(*Options)) (*ListEntitiesForPolicyOutput, error)
	// Lists the names of the inline policies that are embedded in the specified IAM
	// group.
	//
	// An IAM group can also have managed policies attached to it. To list the managed
	// policies that are attached to a group, use ListAttachedGroupPolicies. For more information about
	// policies, see [Managed policies and inline policies]in the IAM User Guide.
	//
	// You can paginate the results using the MaxItems and Marker parameters. If there
	// are no inline policies embedded with the specified group, the operation returns
	// an empty list.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	ListGroupPolicies(ctx context.Context, params *ListGroupPoliciesInput, optFns ...func(*Options)) (*ListGroupPoliciesOutput, error)
	// Lists the IAM groups that have the specified path prefix.
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	ListGroups(ctx context.Context, params *ListGroupsInput, optFns ...func(*Options)) (*ListGroupsOutput, error)
	// Lists the IAM groups that the specified IAM user belongs to.
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	ListGroupsForUser(ctx context.Context, params *ListGroupsForUserInput, optFns ...func(*Options)) (*ListGroupsForUserOutput, error)
	// Lists the tags that are attached to the specified IAM instance profile. The
	// returned list of tags is sorted by tag key. For more information about tagging,
	// see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	ListInstanceProfileTags(ctx context.Context, params *ListInstanceProfileTagsInput, optFns ...func(*Options)) (*ListInstanceProfileTagsOutput, error)
	// Lists the instance profiles that have the specified path prefix. If there are
	// none, the operation returns an empty list. For more information about instance
	// profiles, see [Using instance profiles]in the IAM User Guide.
	//
	// IAM resource-listing operations return a subset of the available attributes for
	// the resource. For example, this operation does not return tags, even though they
	// are an attribute of the returned object. To view all of the information for an
	// instance profile, see GetInstanceProfile.
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	//
	// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
	ListInstanceProfiles(ctx context.Context, params *ListInstanceProfilesInput, optFns ...func(*Options)) (*ListInstanceProfilesOutput, error)
	// Lists the instance profiles that have the specified associated IAM role. If
	// there are none, the operation returns an empty list. For more information about
	// instance profiles, go to [Using instance profiles]in the IAM User Guide.
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	//
	// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
	ListInstanceProfilesForRole(ctx context.Context, params *ListInstanceProfilesForRoleInput, optFns ...func(*Options)) (*ListInstanceProfilesForRoleOutput, error)
	// Lists the tags that are attached to the specified IAM virtual multi-factor
	// authentication (MFA) device. The returned list of tags is sorted by tag key. For
	// more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	ListMFADeviceTags(ctx context.Context, params *ListMFADeviceTagsInput, optFns ...func(*Options)) (*ListMFADeviceTagsOutput, error)
	// Lists the MFA devices for an IAM user. If the request includes a IAM user name,
	// then this operation lists all the MFA devices associated with the specified
	// user. If you do not specify a user name, IAM determines the user name implicitly
	// based on the Amazon Web Services access key ID signing the request for this
	// operation.
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	ListMFADevices(ctx context.Context, params *ListMFADevicesInput, optFns ...func(*Options)) (*ListMFADevicesOutput, error)
	// Lists the tags that are attached to the specified OpenID Connect
	// (OIDC)-compatible identity provider. The returned list of tags is sorted by tag
	// key. For more information, see [About web identity federation].
	//
	// For more information about tagging, see [Tagging IAM resources] in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
	ListOpenIDConnectProviderTags(ctx context.Context, params *ListOpenIDConnectProviderTagsInput, optFns ...func(*Options)) (*ListOpenIDConnectProviderTagsOutput, error)
	// Lists information about the IAM OpenID Connect (OIDC) provider resource objects
	// defined in the Amazon Web Services account.
	//
	// IAM resource-listing operations return a subset of the available attributes for
	// the resource. For example, this operation does not return tags, even though they
	// are an attribute of the returned object. To view all of the information for an
	// OIDC provider, see GetOpenIDConnectProvider.
	ListOpenIDConnectProviders(ctx context.Context, params *ListOpenIDConnectProvidersInput, optFns ...func(*Options)) (*ListOpenIDConnectProvidersOutput, error)
	// Lists the centralized root access features enabled for your organization. For
	// more information, see [Centrally manage root access for member accounts].
	//
	// [Centrally manage root access for member accounts]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
	ListOrganizationsFeatures(ctx context.Context, params *ListOrganizationsFeaturesInput, optFns ...func(*Options)) (*ListOrganizationsFeaturesOutput, error)
	// Lists all the managed policies that are available in your Amazon Web Services
	// account, including your own customer-defined managed policies and all Amazon Web
	// Services managed policies.
	//
	// You can filter the list of policies that is returned using the optional
	// OnlyAttached , Scope , and PathPrefix parameters. For example, to list only the
	// customer managed policies in your Amazon Web Services account, set Scope to
	// Local . To list only Amazon Web Services managed policies, set Scope to AWS .
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	//
	// For more information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// IAM resource-listing operations return a subset of the available attributes for
	// the resource. For example, this operation does not return tags, even though they
	// are an attribute of the returned object. To view all of the information for a
	// customer manged policy, see GetPolicy.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	ListPolicies(ctx context.Context, params *ListPoliciesInput, optFns ...func(*Options)) (*ListPoliciesOutput, error)
	// Retrieves a list of policies that the IAM identity (user, group, or role) can
	// use to access each specified service.
	//
	// This operation does not use other policy types when determining whether a
	// resource could access a service. These other policy types include resource-based
	// policies, access control lists, Organizations policies, IAM permissions
	// boundaries, and STS assume role policies. It only applies permissions policy
	// logic. For more about the evaluation of policy types, see [Evaluating policies]in the IAM User Guide.
	//
	// The list of policies returned by the operation depends on the ARN of the
	// identity that you provide.
	//
	//   - User – The list of policies includes the managed and inline policies that
	//     are attached to the user directly. The list also includes any additional managed
	//     and inline policies that are attached to the group to which the user belongs.
	//
	//   - Group – The list of policies includes only the managed and inline policies
	//     that are attached to the group directly. Policies that are attached to the
	//     group’s user are not included.
	//
	//   - Role – The list of policies includes only the managed and inline policies
	//     that are attached to the role.
	//
	// For each managed policy, this operation returns the ARN and policy name. For
	// each inline policy, it returns the policy name and the entity to which it is
	// attached. Inline policies do not have an ARN. For more information about these
	// policy types, see [Managed policies and inline policies]in the IAM User Guide.
	//
	// Policies that are attached to users and roles as permissions boundaries are not
	// returned. To view which managed policy is currently used to set the permissions
	// boundary for a user or role, use the GetUseror GetRole operations.
	//
	// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
	ListPoliciesGrantingServiceAccess(ctx context.Context, params *ListPoliciesGrantingServiceAccessInput, optFns ...func(*Options)) (*ListPoliciesGrantingServiceAccessOutput, error)
	// Lists the tags that are attached to the specified IAM customer managed policy.
	// The returned list of tags is sorted by tag key. For more information about
	// tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	ListPolicyTags(ctx context.Context, params *ListPolicyTagsInput, optFns ...func(*Options)) (*ListPolicyTagsOutput, error)
	// Lists information about the versions of the specified managed policy, including
	// the version that is currently set as the policy's default version.
	//
	// For more information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	ListPolicyVersions(ctx context.Context, params *ListPolicyVersionsInput, optFns ...func(*Options)) (*ListPolicyVersionsOutput, error)
	// Lists the names of the inline policies that are embedded in the specified IAM
	// role.
	//
	// An IAM role can also have managed policies attached to it. To list the managed
	// policies that are attached to a role, use ListAttachedRolePolicies. For more information about
	// policies, see [Managed policies and inline policies]in the IAM User Guide.
	//
	// You can paginate the results using the MaxItems and Marker parameters. If there
	// are no inline policies embedded with the specified role, the operation returns
	// an empty list.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	ListRolePolicies(ctx context.Context, params *ListRolePoliciesInput, optFns ...func(*Options)) (*ListRolePoliciesOutput, error)
	// Lists the tags that are attached to the specified role. The returned list of
	// tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources]in the IAM
	// User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	ListRoleTags(ctx context.Context, params *ListRoleTagsInput, optFns ...func(*Options)) (*ListRoleTagsOutput, error)
	// Lists the IAM roles that have the specified path prefix. If there are none, the
	// operation returns an empty list. For more information about roles, see [IAM roles]in the
	// IAM User Guide.
	//
	// IAM resource-listing operations return a subset of the available attributes for
	// the resource. This operation does not return the following attributes, even
	// though they are an attribute of the returned object:
	//
	//   - PermissionsBoundary
	//
	//   - RoleLastUsed
	//
	//   - Tags
	//
	// To view all of the information for a role, see GetRole.
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	//
	// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
	ListRoles(ctx context.Context, params *ListRolesInput, optFns ...func(*Options)) (*ListRolesOutput, error)
	// Lists the tags that are attached to the specified Security Assertion Markup
	// Language (SAML) identity provider. The returned list of tags is sorted by tag
	// key. For more information, see [About SAML 2.0-based federation].
	//
	// For more information about tagging, see [Tagging IAM resources] in the IAM User Guide.
	//
	// [About SAML 2.0-based federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	ListSAMLProviderTags(ctx context.Context, params *ListSAMLProviderTagsInput, optFns ...func(*Options)) (*ListSAMLProviderTagsOutput, error)
	// Lists the SAML provider resource objects defined in IAM in the account. IAM
	// resource-listing operations return a subset of the available attributes for the
	// resource. For example, this operation does not return tags, even though they are
	// an attribute of the returned object. To view all of the information for a SAML
	// provider, see GetSAMLProvider.
	//
	// This operation requires [Signature Version 4].
	//
	// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
	ListSAMLProviders(ctx context.Context, params *ListSAMLProvidersInput, optFns ...func(*Options)) (*ListSAMLProvidersOutput, error)
	// Returns information about the SSH public keys associated with the specified IAM
	// user. If none exists, the operation returns an empty list.
	//
	// The SSH public keys returned by this operation are used only for authenticating
	// the IAM user to an CodeCommit repository. For more information about using SSH
	// keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the CodeCommit User
	// Guide.
	//
	// Although each user is limited to a small number of keys, you can still paginate
	// the results using the MaxItems and Marker parameters.
	//
	// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
	ListSSHPublicKeys(ctx context.Context, params *ListSSHPublicKeysInput, optFns ...func(*Options)) (*ListSSHPublicKeysOutput, error)
	// Lists the tags that are attached to the specified IAM server certificate. The
	// returned list of tags is sorted by tag key. For more information about tagging,
	// see [Tagging IAM resources]in the IAM User Guide.
	//
	// For certificates in a Region supported by Certificate Manager (ACM), we
	// recommend that you don't use IAM server certificates. Instead, use ACM to
	// provision, manage, and deploy your server certificates. For more information
	// about IAM server certificates, [Working with server certificates]in the IAM User Guide.
	//
	// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	ListServerCertificateTags(ctx context.Context, params *ListServerCertificateTagsInput, optFns ...func(*Options)) (*ListServerCertificateTagsOutput, error)
	// Lists the server certificates stored in IAM that have the specified path
	// prefix. If none exist, the operation returns an empty list.
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	//
	// For more information about working with server certificates, see [Working with server certificates] in the IAM
	// User Guide. This topic also includes a list of Amazon Web Services services that
	// can use the server certificates that you manage with IAM.
	//
	// IAM resource-listing operations return a subset of the available attributes for
	// the resource. For example, this operation does not return tags, even though they
	// are an attribute of the returned object. To view all of the information for a
	// servercertificate, see GetServerCertificate.
	//
	// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
	ListServerCertificates(ctx context.Context, params *ListServerCertificatesInput, optFns ...func(*Options)) (*ListServerCertificatesOutput, error)
	// Returns information about the service-specific credentials associated with the
	// specified IAM user. If none exists, the operation returns an empty list. The
	// service-specific credentials returned by this operation are used only for
	// authenticating the IAM user to a specific service. For more information about
	// using service-specific credentials to authenticate to an Amazon Web Services
	// service, see [Set up service-specific credentials]in the CodeCommit User Guide.
	//
	// [Set up service-specific credentials]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html
	ListServiceSpecificCredentials(ctx context.Context, params *ListServiceSpecificCredentialsInput, optFns ...func(*Options)) (*ListServiceSpecificCredentialsOutput, error)
	// Returns information about the signing certificates associated with the
	// specified IAM user. If none exists, the operation returns an empty list.
	//
	// Although each user is limited to a small number of signing certificates, you
	// can still paginate the results using the MaxItems and Marker parameters.
	//
	// If the UserName field is not specified, the user name is determined implicitly
	// based on the Amazon Web Services access key ID used to sign the request for this
	// operation. This operation works for access keys under the Amazon Web Services
	// account. Consequently, you can use this operation to manage Amazon Web Services
	// account root user credentials even if the Amazon Web Services account has no
	// associated users.
	ListSigningCertificates(ctx context.Context, params *ListSigningCertificatesInput, optFns ...func(*Options)) (*ListSigningCertificatesOutput, error)
	// Lists the names of the inline policies embedded in the specified IAM user.
	//
	// An IAM user can also have managed policies attached to it. To list the managed
	// policies that are attached to a user, use ListAttachedUserPolicies. For more information about
	// policies, see [Managed policies and inline policies]in the IAM User Guide.
	//
	// You can paginate the results using the MaxItems and Marker parameters. If there
	// are no inline policies embedded with the specified user, the operation returns
	// an empty list.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	ListUserPolicies(ctx context.Context, params *ListUserPoliciesInput, optFns ...func(*Options)) (*ListUserPoliciesOutput, error)
	// Lists the tags that are attached to the specified IAM user. The returned list
	// of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources]in the
	// IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	ListUserTags(ctx context.Context, params *ListUserTagsInput, optFns ...func(*Options)) (*ListUserTagsOutput, error)
	// Lists the IAM users that have the specified path prefix. If no path prefix is
	// specified, the operation returns all users in the Amazon Web Services account.
	// If there are none, the operation returns an empty list.
	//
	// IAM resource-listing operations return a subset of the available attributes for
	// the resource. This operation does not return the following attributes, even
	// though they are an attribute of the returned object:
	//
	//   - PermissionsBoundary
	//
	//   - Tags
	//
	// To view all of the information for a user, see GetUser.
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	ListUsers(ctx context.Context, params *ListUsersInput, optFns ...func(*Options)) (*ListUsersOutput, error)
	// Lists the virtual MFA devices defined in the Amazon Web Services account by
	// assignment status. If you do not specify an assignment status, the operation
	// returns a list of all virtual MFA devices. Assignment status can be Assigned ,
	// Unassigned , or Any .
	//
	// IAM resource-listing operations return a subset of the available attributes for
	// the resource. For example, this operation does not return tags, even though they
	// are an attribute of the returned object. To view tag information for a virtual
	// MFA device, see ListMFADeviceTags.
	//
	// You can paginate the results using the MaxItems and Marker parameters.
	ListVirtualMFADevices(ctx context.Context, params *ListVirtualMFADevicesInput, optFns ...func(*Options)) (*ListVirtualMFADevicesOutput, error)
	// Adds or updates an inline policy document that is embedded in the specified IAM
	// group.
	//
	// A user can also have managed policies attached to it. To attach a managed
	// policy to a group, use [AttachGroupPolicy]AttachGroupPolicy . To create a new managed policy, use [CreatePolicy]
	// CreatePolicy . For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// For information about the maximum number of inline policies that you can embed
	// in a group, see [IAM and STS quotas]in the IAM User Guide.
	//
	// Because policy documents can be large, you should use POST rather than GET when
	// calling PutGroupPolicy . For general information about using the Query API with
	// IAM, see [Making query requests]in the IAM User Guide.
	//
	// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
	// [AttachGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	PutGroupPolicy(ctx context.Context, params *PutGroupPolicyInput, optFns ...func(*Options)) (*PutGroupPolicyOutput, error)
	// Adds or updates the policy that is specified as the IAM role's permissions
	// boundary. You can use an Amazon Web Services managed policy or a customer
	// managed policy to set the boundary for a role. Use the boundary to control the
	// maximum permissions that the role can have. Setting a permissions boundary is an
	// advanced feature that can affect the permissions for the role.
	//
	// You cannot set the boundary for a service-linked role.
	//
	// Policies used as permissions boundaries do not provide permissions. You must
	// also attach a permissions policy to the role. To learn how the effective
	// permissions for a role are evaluated, see [IAM JSON policy evaluation logic]in the IAM User Guide.
	//
	// [IAM JSON policy evaluation logic]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
	PutRolePermissionsBoundary(ctx context.Context, params *PutRolePermissionsBoundaryInput, optFns ...func(*Options)) (*PutRolePermissionsBoundaryOutput, error)
	// Adds or updates an inline policy document that is embedded in the specified IAM
	// role.
	//
	// When you embed an inline policy in a role, the inline policy is used as part of
	// the role's access (permissions) policy. The role's trust policy is created at
	// the same time as the role, using [CreateRole]CreateRole . You can update a role's trust
	// policy using [UpdateAssumeRolePolicy]UpdateAssumeRolePolicy . For more information about roles, see [IAM roles] in
	// the IAM User Guide.
	//
	// A role can also have a managed policy attached to it. To attach a managed
	// policy to a role, use [AttachRolePolicy]AttachRolePolicy . To create a new managed policy, use [CreatePolicy]
	// CreatePolicy . For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// For information about the maximum number of inline policies that you can embed
	// with a role, see [IAM and STS quotas]in the IAM User Guide.
	//
	// Because policy documents can be large, you should use POST rather than GET when
	// calling PutRolePolicy . For general information about using the Query API with
	// IAM, see [Making query requests]in the IAM User Guide.
	//
	// [UpdateAssumeRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
	// [AttachRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html
	// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
	// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
	// [CreateRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	PutRolePolicy(ctx context.Context, params *PutRolePolicyInput, optFns ...func(*Options)) (*PutRolePolicyOutput, error)
	// Adds or updates the policy that is specified as the IAM user's permissions
	// boundary. You can use an Amazon Web Services managed policy or a customer
	// managed policy to set the boundary for a user. Use the boundary to control the
	// maximum permissions that the user can have. Setting a permissions boundary is an
	// advanced feature that can affect the permissions for the user.
	//
	// Policies that are used as permissions boundaries do not provide permissions.
	// You must also attach a permissions policy to the user. To learn how the
	// effective permissions for a user are evaluated, see [IAM JSON policy evaluation logic]in the IAM User Guide.
	//
	// [IAM JSON policy evaluation logic]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
	PutUserPermissionsBoundary(ctx context.Context, params *PutUserPermissionsBoundaryInput, optFns ...func(*Options)) (*PutUserPermissionsBoundaryOutput, error)
	// Adds or updates an inline policy document that is embedded in the specified IAM
	// user.
	//
	// An IAM user can also have a managed policy attached to it. To attach a managed
	// policy to a user, use [AttachUserPolicy]AttachUserPolicy . To create a new managed policy, use [CreatePolicy]
	// CreatePolicy . For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// For information about the maximum number of inline policies that you can embed
	// in a user, see [IAM and STS quotas]in the IAM User Guide.
	//
	// Because policy documents can be large, you should use POST rather than GET when
	// calling PutUserPolicy . For general information about using the Query API with
	// IAM, see [Making query requests]in the IAM User Guide.
	//
	// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
	// [AttachUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	PutUserPolicy(ctx context.Context, params *PutUserPolicyInput, optFns ...func(*Options)) (*PutUserPolicyOutput, error)
	// Removes the specified client ID (also known as audience) from the list of
	// client IDs registered for the specified IAM OpenID Connect (OIDC) provider
	// resource object.
	//
	// This operation is idempotent; it does not fail or return an error if you try to
	// remove a client ID that does not exist.
	RemoveClientIDFromOpenIDConnectProvider(ctx context.Context, params *RemoveClientIDFromOpenIDConnectProviderInput, optFns ...func(*Options)) (*RemoveClientIDFromOpenIDConnectProviderOutput, error)
	// Removes the specified IAM role from the specified Amazon EC2 instance profile.
	//
	// Make sure that you do not have any Amazon EC2 instances running with the role
	// you are about to remove from the instance profile. Removing a role from an
	// instance profile that is associated with a running instance might break any
	// applications running on the instance.
	//
	// For more information about roles, see [IAM roles] in the IAM User Guide. For more
	// information about instance profiles, see [Using instance profiles]in the IAM User Guide.
	//
	// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
	// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
	RemoveRoleFromInstanceProfile(ctx context.Context, params *RemoveRoleFromInstanceProfileInput, optFns ...func(*Options)) (*RemoveRoleFromInstanceProfileOutput, error)
	// Removes the specified user from the specified group.
	RemoveUserFromGroup(ctx context.Context, params *RemoveUserFromGroupInput, optFns ...func(*Options)) (*RemoveUserFromGroupOutput, error)
	// Resets the password for a service-specific credential. The new password is
	// Amazon Web Services generated and cryptographically strong. It cannot be
	// configured by the user. Resetting the password immediately invalidates the
	// previous password associated with this user.
	ResetServiceSpecificCredential(ctx context.Context, params *ResetServiceSpecificCredentialInput, optFns ...func(*Options)) (*ResetServiceSpecificCredentialOutput, error)
	// Synchronizes the specified MFA device with its IAM resource object on the
	// Amazon Web Services servers.
	//
	// For more information about creating and working with virtual MFA devices, see [Using a virtual MFA device]
	// in the IAM User Guide.
	//
	// [Using a virtual MFA device]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
	ResyncMFADevice(ctx context.Context, params *ResyncMFADeviceInput, optFns ...func(*Options)) (*ResyncMFADeviceOutput, error)
	// Sets the specified version of the specified policy as the policy's default
	// (operative) version.
	//
	// This operation affects all users, groups, and roles that the policy is attached
	// to. To list the users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy.
	//
	// For information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
	SetDefaultPolicyVersion(ctx context.Context, params *SetDefaultPolicyVersionInput, optFns ...func(*Options)) (*SetDefaultPolicyVersionOutput, error)
	// Sets the specified version of the global endpoint token as the token version
	// used for the Amazon Web Services account.
	//
	// By default, Security Token Service (STS) is available as a global service, and
	// all STS requests go to a single endpoint at https://sts.amazonaws.com . Amazon
	// Web Services recommends using Regional STS endpoints to reduce latency, build in
	// redundancy, and increase session token availability. For information about
	// Regional endpoints for STS, see [Security Token Service endpoints and quotas]in the Amazon Web Services General Reference.
	//
	// If you make an STS call to the global endpoint, the resulting session tokens
	// might be valid in some Regions but not others. It depends on the version that is
	// set in this operation. Version 1 tokens are valid only in Amazon Web Services
	// Regions that are available by default. These tokens do not work in manually
	// enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in
	// all Regions. However, version 2 tokens are longer and might affect systems where
	// you temporarily store tokens. For information, see [Activating and deactivating STS in an Amazon Web Services Region]in the IAM User Guide.
	//
	// To view the current session token version, see the GlobalEndpointTokenVersion
	// entry in the response of the GetAccountSummaryoperation.
	//
	// [Activating and deactivating STS in an Amazon Web Services Region]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
	// [Security Token Service endpoints and quotas]: https://docs.aws.amazon.com/general/latest/gr/sts.html
	SetSecurityTokenServicePreferences(ctx context.Context, params *SetSecurityTokenServicePreferencesInput, optFns ...func(*Options)) (*SetSecurityTokenServicePreferencesOutput, error)
	// Simulate how a set of IAM policies and optionally a resource-based policy works
	// with a list of API operations and Amazon Web Services resources to determine the
	// policies' effective permissions. The policies are provided as strings.
	//
	// The simulation does not perform the API operations; it only checks the
	// authorization to determine if the simulated policies allow or deny the
	// operations. You can simulate resources that don't exist in your account.
	//
	// If you want to simulate existing policies that are attached to an IAM user,
	// group, or role, use SimulatePrincipalPolicyinstead.
	//
	// Context keys are variables that are maintained by Amazon Web Services and its
	// services and which provide details about the context of an API query request.
	// You can use the Condition element of an IAM policy to evaluate context keys. To
	// get the list of context keys that the policies require for correct simulation,
	// use GetContextKeysForCustomPolicy.
	//
	// If the output is long, you can use MaxItems and Marker parameters to paginate
	// the results.
	//
	// The IAM policy simulator evaluates statements in the identity-based policy and
	// the inputs that you provide during simulation. The policy simulator results can
	// differ from your live Amazon Web Services environment. We recommend that you
	// check your policies against your live Amazon Web Services environment after
	// testing using the policy simulator to confirm that you have the desired results.
	// For more information about using the policy simulator, see [Testing IAM policies with the IAM policy simulator]in the IAM User
	// Guide.
	//
	// [Testing IAM policies with the IAM policy simulator]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
	SimulateCustomPolicy(ctx context.Context, params *SimulateCustomPolicyInput, optFns ...func(*Options)) (*SimulateCustomPolicyOutput, error)
	// Simulate how a set of IAM policies attached to an IAM entity works with a list
	// of API operations and Amazon Web Services resources to determine the policies'
	// effective permissions. The entity can be an IAM user, group, or role. If you
	// specify a user, then the simulation also includes all of the policies that are
	// attached to groups that the user belongs to. You can simulate resources that
	// don't exist in your account.
	//
	// You can optionally include a list of one or more additional policies specified
	// as strings to include in the simulation. If you want to simulate only policies
	// specified as strings, use SimulateCustomPolicyinstead.
	//
	// You can also optionally include one resource-based policy to be evaluated with
	// each of the resources included in the simulation for IAM users only.
	//
	// The simulation does not perform the API operations; it only checks the
	// authorization to determine if the simulated policies allow or deny the
	// operations.
	//
	// Note: This operation discloses information about the permissions granted to
	// other users. If you do not want users to see other user's permissions, then
	// consider allowing them to use SimulateCustomPolicyinstead.
	//
	// Context keys are variables maintained by Amazon Web Services and its services
	// that provide details about the context of an API query request. You can use the
	// Condition element of an IAM policy to evaluate context keys. To get the list of
	// context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.
	//
	// If the output is long, you can use the MaxItems and Marker parameters to
	// paginate the results.
	//
	// The IAM policy simulator evaluates statements in the identity-based policy and
	// the inputs that you provide during simulation. The policy simulator results can
	// differ from your live Amazon Web Services environment. We recommend that you
	// check your policies against your live Amazon Web Services environment after
	// testing using the policy simulator to confirm that you have the desired results.
	// For more information about using the policy simulator, see [Testing IAM policies with the IAM policy simulator]in the IAM User
	// Guide.
	//
	// [Testing IAM policies with the IAM policy simulator]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
	SimulatePrincipalPolicy(ctx context.Context, params *SimulatePrincipalPolicyInput, optFns ...func(*Options)) (*SimulatePrincipalPolicyOutput, error)
	// Adds one or more tags to an IAM instance profile. If a tag with the same key
	// name already exists, then that tag is overwritten with the new value.
	//
	// Each tag consists of a key name and an associated value. By assigning tags to
	// your resources, you can do the following:
	//
	//   - Administrative grouping and discovery - Attach tags to resources to aid in
	//     organization and search. For example, you could search for all resources with
	//     the key name Project and the value MyImportantProject. Or search for all
	//     resources with the key name Cost Center and the value 41200.
	//
	//   - Access control - Include tags in IAM user-based and resource-based
	//     policies. You can use tags to restrict access to only an IAM instance profile
	//     that has a specified tag attached. For examples of policies that show how to use
	//     tags to control access, see [Control access using IAM tags]in the IAM User Guide.
	//
	//   - If any one of the tags is invalid or if you exceed the allowed maximum
	//     number of tags, then the entire request fails and the resource is not created.
	//     For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	//   - Amazon Web Services always interprets the tag Value as a single string. If
	//     you need to store an array, you can store comma-separated values in the string.
	//     However, you must interpret the value in your code.
	//
	// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	TagInstanceProfile(ctx context.Context, params *TagInstanceProfileInput, optFns ...func(*Options)) (*TagInstanceProfileOutput, error)
	// Adds one or more tags to an IAM virtual multi-factor authentication (MFA)
	// device. If a tag with the same key name already exists, then that tag is
	// overwritten with the new value.
	//
	// A tag consists of a key name and an associated value. By assigning tags to your
	// resources, you can do the following:
	//
	//   - Administrative grouping and discovery - Attach tags to resources to aid in
	//     organization and search. For example, you could search for all resources with
	//     the key name Project and the value MyImportantProject. Or search for all
	//     resources with the key name Cost Center and the value 41200.
	//
	//   - Access control - Include tags in IAM user-based and resource-based
	//     policies. You can use tags to restrict access to only an IAM virtual MFA device
	//     that has a specified tag attached. For examples of policies that show how to use
	//     tags to control access, see [Control access using IAM tags]in the IAM User Guide.
	//
	//   - If any one of the tags is invalid or if you exceed the allowed maximum
	//     number of tags, then the entire request fails and the resource is not created.
	//     For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	//   - Amazon Web Services always interprets the tag Value as a single string. If
	//     you need to store an array, you can store comma-separated values in the string.
	//     However, you must interpret the value in your code.
	//
	// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	TagMFADevice(ctx context.Context, params *TagMFADeviceInput, optFns ...func(*Options)) (*TagMFADeviceOutput, error)
	// Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider.
	// For more information about these providers, see [About web identity federation]. If a tag with the same key
	// name already exists, then that tag is overwritten with the new value.
	//
	// A tag consists of a key name and an associated value. By assigning tags to your
	// resources, you can do the following:
	//
	//   - Administrative grouping and discovery - Attach tags to resources to aid in
	//     organization and search. For example, you could search for all resources with
	//     the key name Project and the value MyImportantProject. Or search for all
	//     resources with the key name Cost Center and the value 41200.
	//
	//   - Access control - Include tags in IAM identity-based and resource-based
	//     policies. You can use tags to restrict access to only an OIDC provider that has
	//     a specified tag attached. For examples of policies that show how to use tags to
	//     control access, see [Control access using IAM tags]in the IAM User Guide.
	//
	//   - If any one of the tags is invalid or if you exceed the allowed maximum
	//     number of tags, then the entire request fails and the resource is not created.
	//     For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	//   - Amazon Web Services always interprets the tag Value as a single string. If
	//     you need to store an array, you can store comma-separated values in the string.
	//     However, you must interpret the value in your code.
	//
	// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
	TagOpenIDConnectProvider(ctx context.Context, params *TagOpenIDConnectProviderInput, optFns ...func(*Options)) (*TagOpenIDConnectProviderOutput, error)
	// Adds one or more tags to an IAM customer managed policy. If a tag with the same
	// key name already exists, then that tag is overwritten with the new value.
	//
	// A tag consists of a key name and an associated value. By assigning tags to your
	// resources, you can do the following:
	//
	//   - Administrative grouping and discovery - Attach tags to resources to aid in
	//     organization and search. For example, you could search for all resources with
	//     the key name Project and the value MyImportantProject. Or search for all
	//     resources with the key name Cost Center and the value 41200.
	//
	//   - Access control - Include tags in IAM user-based and resource-based
	//     policies. You can use tags to restrict access to only an IAM customer managed
	//     policy that has a specified tag attached. For examples of policies that show how
	//     to use tags to control access, see [Control access using IAM tags]in the IAM User Guide.
	//
	//   - If any one of the tags is invalid or if you exceed the allowed maximum
	//     number of tags, then the entire request fails and the resource is not created.
	//     For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	//   - Amazon Web Services always interprets the tag Value as a single string. If
	//     you need to store an array, you can store comma-separated values in the string.
	//     However, you must interpret the value in your code.
	//
	// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	TagPolicy(ctx context.Context, params *TagPolicyInput, optFns ...func(*Options)) (*TagPolicyOutput, error)
	// Adds one or more tags to an IAM role. The role can be a regular role or a
	// service-linked role. If a tag with the same key name already exists, then that
	// tag is overwritten with the new value.
	//
	// A tag consists of a key name and an associated value. By assigning tags to your
	// resources, you can do the following:
	//
	//   - Administrative grouping and discovery - Attach tags to resources to aid in
	//     organization and search. For example, you could search for all resources with
	//     the key name Project and the value MyImportantProject. Or search for all
	//     resources with the key name Cost Center and the value 41200.
	//
	//   - Access control - Include tags in IAM user-based and resource-based
	//     policies. You can use tags to restrict access to only an IAM role that has a
	//     specified tag attached. You can also restrict access to only those resources
	//     that have a certain tag attached. For examples of policies that show how to use
	//     tags to control access, see [Control access using IAM tags]in the IAM User Guide.
	//
	//   - Cost allocation - Use tags to help track which individuals and teams are
	//     using which Amazon Web Services resources.
	//
	//   - If any one of the tags is invalid or if you exceed the allowed maximum
	//     number of tags, then the entire request fails and the resource is not created.
	//     For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	//   - Amazon Web Services always interprets the tag Value as a single string. If
	//     you need to store an array, you can store comma-separated values in the string.
	//     However, you must interpret the value in your code.
	//
	// For more information about tagging, see [Tagging IAM identities] in the IAM User Guide.
	//
	// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	// [Tagging IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	TagRole(ctx context.Context, params *TagRoleInput, optFns ...func(*Options)) (*TagRoleOutput, error)
	// Adds one or more tags to a Security Assertion Markup Language (SAML) identity
	// provider. For more information about these providers, see [About SAML 2.0-based federation]. If a tag with the
	// same key name already exists, then that tag is overwritten with the new value.
	//
	// A tag consists of a key name and an associated value. By assigning tags to your
	// resources, you can do the following:
	//
	//   - Administrative grouping and discovery - Attach tags to resources to aid in
	//     organization and search. For example, you could search for all resources with
	//     the key name Project and the value MyImportantProject. Or search for all
	//     resources with the key name Cost Center and the value 41200.
	//
	//   - Access control - Include tags in IAM user-based and resource-based
	//     policies. You can use tags to restrict access to only a SAML identity provider
	//     that has a specified tag attached. For examples of policies that show how to use
	//     tags to control access, see [Control access using IAM tags]in the IAM User Guide.
	//
	//   - If any one of the tags is invalid or if you exceed the allowed maximum
	//     number of tags, then the entire request fails and the resource is not created.
	//     For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	//   - Amazon Web Services always interprets the tag Value as a single string. If
	//     you need to store an array, you can store comma-separated values in the string.
	//     However, you must interpret the value in your code.
	//
	// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	// [About SAML 2.0-based federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	TagSAMLProvider(ctx context.Context, params *TagSAMLProviderInput, optFns ...func(*Options)) (*TagSAMLProviderOutput, error)
	// Adds one or more tags to an IAM server certificate. If a tag with the same key
	// name already exists, then that tag is overwritten with the new value.
	//
	// For certificates in a Region supported by Certificate Manager (ACM), we
	// recommend that you don't use IAM server certificates. Instead, use ACM to
	// provision, manage, and deploy your server certificates. For more information
	// about IAM server certificates, [Working with server certificates]in the IAM User Guide.
	//
	// A tag consists of a key name and an associated value. By assigning tags to your
	// resources, you can do the following:
	//
	//   - Administrative grouping and discovery - Attach tags to resources to aid in
	//     organization and search. For example, you could search for all resources with
	//     the key name Project and the value MyImportantProject. Or search for all
	//     resources with the key name Cost Center and the value 41200.
	//
	//   - Access control - Include tags in IAM user-based and resource-based
	//     policies. You can use tags to restrict access to only a server certificate that
	//     has a specified tag attached. For examples of policies that show how to use tags
	//     to control access, see [Control access using IAM tags]in the IAM User Guide.
	//
	//   - Cost allocation - Use tags to help track which individuals and teams are
	//     using which Amazon Web Services resources.
	//
	//   - If any one of the tags is invalid or if you exceed the allowed maximum
	//     number of tags, then the entire request fails and the resource is not created.
	//     For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	//   - Amazon Web Services always interprets the tag Value as a single string. If
	//     you need to store an array, you can store comma-separated values in the string.
	//     However, you must interpret the value in your code.
	//
	// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	TagServerCertificate(ctx context.Context, params *TagServerCertificateInput, optFns ...func(*Options)) (*TagServerCertificateOutput, error)
	// Adds one or more tags to an IAM user. If a tag with the same key name already
	// exists, then that tag is overwritten with the new value.
	//
	// A tag consists of a key name and an associated value. By assigning tags to your
	// resources, you can do the following:
	//
	//   - Administrative grouping and discovery - Attach tags to resources to aid in
	//     organization and search. For example, you could search for all resources with
	//     the key name Project and the value MyImportantProject. Or search for all
	//     resources with the key name Cost Center and the value 41200.
	//
	//   - Access control - Include tags in IAM identity-based and resource-based
	//     policies. You can use tags to restrict access to only an IAM requesting user
	//     that has a specified tag attached. You can also restrict access to only those
	//     resources that have a certain tag attached. For examples of policies that show
	//     how to use tags to control access, see [Control access using IAM tags]in the IAM User Guide.
	//
	//   - Cost allocation - Use tags to help track which individuals and teams are
	//     using which Amazon Web Services resources.
	//
	//   - If any one of the tags is invalid or if you exceed the allowed maximum
	//     number of tags, then the entire request fails and the resource is not created.
	//     For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	//   - Amazon Web Services always interprets the tag Value as a single string. If
	//     you need to store an array, you can store comma-separated values in the string.
	//     However, you must interpret the value in your code.
	//
	// For more information about tagging, see [Tagging IAM identities] in the IAM User Guide.
	//
	// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	// [Tagging IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	TagUser(ctx context.Context, params *TagUserInput, optFns ...func(*Options)) (*TagUserOutput, error)
	// Removes the specified tags from the IAM instance profile. For more information
	// about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	UntagInstanceProfile(ctx context.Context, params *UntagInstanceProfileInput, optFns ...func(*Options)) (*UntagInstanceProfileOutput, error)
	// Removes the specified tags from the IAM virtual multi-factor authentication
	// (MFA) device. For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	UntagMFADevice(ctx context.Context, params *UntagMFADeviceInput, optFns ...func(*Options)) (*UntagMFADeviceOutput, error)
	// Removes the specified tags from the specified OpenID Connect (OIDC)-compatible
	// identity provider in IAM. For more information about OIDC providers, see [About web identity federation]. For
	// more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
	UntagOpenIDConnectProvider(ctx context.Context, params *UntagOpenIDConnectProviderInput, optFns ...func(*Options)) (*UntagOpenIDConnectProviderOutput, error)
	// Removes the specified tags from the customer managed policy. For more
	// information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	UntagPolicy(ctx context.Context, params *UntagPolicyInput, optFns ...func(*Options)) (*UntagPolicyOutput, error)
	// Removes the specified tags from the role. For more information about tagging,
	// see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	UntagRole(ctx context.Context, params *UntagRoleInput, optFns ...func(*Options)) (*UntagRoleOutput, error)
	// Removes the specified tags from the specified Security Assertion Markup
	// Language (SAML) identity provider in IAM. For more information about these
	// providers, see [About web identity federation]. For more information about tagging, see [Tagging IAM resources] in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
	UntagSAMLProvider(ctx context.Context, params *UntagSAMLProviderInput, optFns ...func(*Options)) (*UntagSAMLProviderOutput, error)
	// Removes the specified tags from the IAM server certificate. For more
	// information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// For certificates in a Region supported by Certificate Manager (ACM), we
	// recommend that you don't use IAM server certificates. Instead, use ACM to
	// provision, manage, and deploy your server certificates. For more information
	// about IAM server certificates, [Working with server certificates]in the IAM User Guide.
	//
	// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	UntagServerCertificate(ctx context.Context, params *UntagServerCertificateInput, optFns ...func(*Options)) (*UntagServerCertificateOutput, error)
	// Removes the specified tags from the user. For more information about tagging,
	// see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	UntagUser(ctx context.Context, params *UntagUserInput, optFns ...func(*Options)) (*UntagUserOutput, error)
	// Changes the status of the specified access key from Active to Inactive, or vice
	// versa. This operation can be used to disable a user's key as part of a key
	// rotation workflow.
	//
	// If the UserName is not specified, the user name is determined implicitly based
	// on the Amazon Web Services access key ID used to sign the request. If a
	// temporary access key is used, then UserName is required. If a long-term key is
	// assigned to the user, then UserName is not required. This operation works for
	// access keys under the Amazon Web Services account. Consequently, you can use
	// this operation to manage Amazon Web Services account root user credentials even
	// if the Amazon Web Services account has no associated users.
	//
	// For information about rotating keys, see [Managing keys and certificates] in the IAM User Guide.
	//
	// [Managing keys and certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html
	UpdateAccessKey(ctx context.Context, params *UpdateAccessKeyInput, optFns ...func(*Options)) (*UpdateAccessKeyOutput, error)
	// Updates the password policy settings for the Amazon Web Services account.
	//
	// This operation does not support partial updates. No parameters are required,
	// but if you do not specify a parameter, that parameter's value reverts to its
	// default value. See the Request Parameters section for each parameter's default
	// value. Also note that some parameters do not allow the default parameter to be
	// explicitly set. Instead, to invoke the default value, do not include that
	// parameter when you invoke the operation.
	//
	// For more information about using a password policy, see [Managing an IAM password policy] in the IAM User Guide.
	//
	// [Managing an IAM password policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
	UpdateAccountPasswordPolicy(ctx context.Context, params *UpdateAccountPasswordPolicyInput, optFns ...func(*Options)) (*UpdateAccountPasswordPolicyOutput, error)
	// Updates the policy that grants an IAM entity permission to assume a role. This
	// is typically referred to as the "role trust policy". For more information about
	// roles, see [Using roles to delegate permissions and federate identities].
	//
	// [Using roles to delegate permissions and federate identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
	UpdateAssumeRolePolicy(ctx context.Context, params *UpdateAssumeRolePolicyInput, optFns ...func(*Options)) (*UpdateAssumeRolePolicyOutput, error)
	// Updates the name and/or the path of the specified IAM group.
	//
	// You should understand the implications of changing a group's path or name. For
	// more information, see [Renaming users and groups]in the IAM User Guide.
	//
	// The person making the request (the principal), must have permission to change
	// the role group with the old name and the new name. For example, to change the
	// group named Managers to MGRs , the principal must have a policy that allows them
	// to update both groups. If the principal has permission to update the Managers
	// group, but not the MGRs group, then the update fails. For more information
	// about permissions, see [Access management].
	//
	// [Access management]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
	// [Renaming users and groups]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html
	UpdateGroup(ctx context.Context, params *UpdateGroupInput, optFns ...func(*Options)) (*UpdateGroupOutput, error)
	// Changes the password for the specified IAM user. You can use the CLI, the
	// Amazon Web Services API, or the Users page in the IAM console to change the
	// password for any IAM user. Use ChangePasswordto change your own password in the My Security
	// Credentials page in the Amazon Web Services Management Console.
	//
	// For more information about modifying passwords, see [Managing passwords] in the IAM User Guide.
	//
	// [Managing passwords]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
	UpdateLoginProfile(ctx context.Context, params *UpdateLoginProfileInput, optFns ...func(*Options)) (*UpdateLoginProfileOutput, error)
	// Replaces the existing list of server certificate thumbprints associated with an
	// OpenID Connect (OIDC) provider resource object with a new list of thumbprints.
	//
	// The list that you pass with this operation completely replaces the existing
	// list of thumbprints. (The lists are not merged.)
	//
	// Typically, you need to update a thumbprint only when the identity provider
	// certificate changes, which occurs rarely. However, if the provider's certificate
	// does change, any attempt to assume an IAM role that specifies the OIDC provider
	// as a principal fails until the certificate thumbprint is updated.
	//
	// Amazon Web Services secures communication with OIDC identity providers (IdPs)
	// using our library of trusted root certificate authorities (CAs) to verify the
	// JSON Web Key Set (JWKS) endpoint's TLS certificate. If your OIDC IdP relies on a
	// certificate that is not signed by one of these trusted CAs, only then we secure
	// communication using the thumbprints set in the IdP's configuration.
	//
	// Trust for the OIDC provider is derived from the provider certificate and is
	// validated by the thumbprint. Therefore, it is best to limit access to the
	// UpdateOpenIDConnectProviderThumbprint operation to highly privileged users.
	UpdateOpenIDConnectProviderThumbprint(ctx context.Context, params *UpdateOpenIDConnectProviderThumbprintInput, optFns ...func(*Options)) (*UpdateOpenIDConnectProviderThumbprintOutput, error)
	// Updates the description or maximum session duration setting of a role.
	UpdateRole(ctx context.Context, params *UpdateRoleInput, optFns ...func(*Options)) (*UpdateRoleOutput, error)
	// Use UpdateRole instead.
	//
	// Modifies only the description of a role. This operation performs the same
	// function as the Description parameter in the UpdateRole operation.
	UpdateRoleDescription(ctx context.Context, params *UpdateRoleDescriptionInput, optFns ...func(*Options)) (*UpdateRoleDescriptionOutput, error)
	// Updates the metadata document for an existing SAML provider resource object.
	//
	// This operation requires [Signature Version 4].
	//
	// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
	UpdateSAMLProvider(ctx context.Context, params *UpdateSAMLProviderInput, optFns ...func(*Options)) (*UpdateSAMLProviderOutput, error)
	// Sets the status of an IAM user's SSH public key to active or inactive. SSH
	// public keys that are inactive cannot be used for authentication. This operation
	// can be used to disable a user's SSH public key as part of a key rotation work
	// flow.
	//
	// The SSH public key affected by this operation is used only for authenticating
	// the associated IAM user to an CodeCommit repository. For more information about
	// using SSH keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the
	// CodeCommit User Guide.
	//
	// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
	UpdateSSHPublicKey(ctx context.Context, params *UpdateSSHPublicKeyInput, optFns ...func(*Options)) (*UpdateSSHPublicKeyOutput, error)
	// Updates the name and/or the path of the specified server certificate stored in
	// IAM.
	//
	// For more information about working with server certificates, see [Working with server certificates] in the IAM
	// User Guide. This topic also includes a list of Amazon Web Services services that
	// can use the server certificates that you manage with IAM.
	//
	// You should understand the implications of changing a server certificate's path
	// or name. For more information, see [Renaming a server certificate]in the IAM User Guide.
	//
	// The person making the request (the principal), must have permission to change
	// the server certificate with the old name and the new name. For example, to
	// change the certificate named ProductionCert to ProdCert , the principal must
	// have a policy that allows them to update both certificates. If the principal has
	// permission to update the ProductionCert group, but not the ProdCert
	// certificate, then the update fails. For more information about permissions, see [Access management]
	// in the IAM User Guide.
	//
	// [Renaming a server certificate]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts
	// [Access management]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
	// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
	UpdateServerCertificate(ctx context.Context, params *UpdateServerCertificateInput, optFns ...func(*Options)) (*UpdateServerCertificateOutput, error)
	// Sets the status of a service-specific credential to Active or Inactive .
	// Service-specific credentials that are inactive cannot be used for authentication
	// to the service. This operation can be used to disable a user's service-specific
	// credential as part of a credential rotation work flow.
	UpdateServiceSpecificCredential(ctx context.Context, params *UpdateServiceSpecificCredentialInput, optFns ...func(*Options)) (*UpdateServiceSpecificCredentialOutput, error)
	// Changes the status of the specified user signing certificate from active to
	// disabled, or vice versa. This operation can be used to disable an IAM user's
	// signing certificate as part of a certificate rotation work flow.
	//
	// If the UserName field is not specified, the user name is determined implicitly
	// based on the Amazon Web Services access key ID used to sign the request. This
	// operation works for access keys under the Amazon Web Services account.
	// Consequently, you can use this operation to manage Amazon Web Services account
	// root user credentials even if the Amazon Web Services account has no associated
	// users.
	UpdateSigningCertificate(ctx context.Context, params *UpdateSigningCertificateInput, optFns ...func(*Options)) (*UpdateSigningCertificateOutput, error)
	// Updates the name and/or the path of the specified IAM user.
	//
	// You should understand the implications of changing an IAM user's path or name.
	// For more information, see [Renaming an IAM user]and [Renaming an IAM group] in the IAM User Guide.
	//
	// To change a user name, the requester must have appropriate permissions on both
	// the source object and the target object. For example, to change Bob to Robert,
	// the entity making the request must have permission on Bob and Robert, or must
	// have permission on all (*). For more information about permissions, see [Permissions and policies].
	//
	// [Renaming an IAM user]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming
	// [Renaming an IAM group]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html
	// [Permissions and policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html
	UpdateUser(ctx context.Context, params *UpdateUserInput, optFns ...func(*Options)) (*UpdateUserOutput, error)
	// Uploads an SSH public key and associates it with the specified IAM user.
	//
	// The SSH public key uploaded by this operation can be used only for
	// authenticating the associated IAM user to an CodeCommit repository. For more
	// information about using SSH keys to authenticate to an CodeCommit repository,
	// see [Set up CodeCommit for SSH connections]in the CodeCommit User Guide.
	//
	// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
	UploadSSHPublicKey(ctx context.Context, params *UploadSSHPublicKeyInput, optFns ...func(*Options)) (*UploadSSHPublicKeyOutput, error)
	// Uploads a server certificate entity for the Amazon Web Services account. The
	// server certificate entity includes a public key certificate, a private key, and
	// an optional certificate chain, which should all be PEM-encoded.
	//
	// We recommend that you use [Certificate Manager] to provision, manage, and deploy your server
	// certificates. With ACM you can request a certificate, deploy it to Amazon Web
	// Services resources, and let ACM handle certificate renewals for you.
	// Certificates provided by ACM are free. For more information about using ACM, see
	// the [Certificate Manager User Guide].
	//
	// For more information about working with server certificates, see [Working with server certificates] in the IAM
	// User Guide. This topic includes a list of Amazon Web Services services that can
	// use the server certificates that you manage with IAM.
	//
	// For information about the number of server certificates you can upload, see [IAM and STS quotas] in
	// the IAM User Guide.
	//
	// Because the body of the public key certificate, private key, and the
	// certificate chain can be large, you should use POST rather than GET when calling
	// UploadServerCertificate . For information about setting up signatures and
	// authorization through the API, see [Signing Amazon Web Services API requests]in the Amazon Web Services General
	// Reference. For general information about using the Query API with IAM, see [Calling the API by making HTTP query requests]in
	// the IAM User Guide.
	//
	// [Certificate Manager]: https://docs.aws.amazon.com/acm/
	// [Certificate Manager User Guide]: https://docs.aws.amazon.com/acm/latest/userguide/
	// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
	// [Signing Amazon Web Services API requests]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
	// [Calling the API by making HTTP query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html
	UploadServerCertificate(ctx context.Context, params *UploadServerCertificateInput, optFns ...func(*Options)) (*UploadServerCertificateOutput, error)
	// Uploads an X.509 signing certificate and associates it with the specified IAM
	// user. Some Amazon Web Services services require you to use certificates to
	// validate requests that are signed with a corresponding private key. When you
	// upload the certificate, its default status is Active .
	//
	// For information about when you would use an X.509 signing certificate, see [Managing server certificates in IAM] in
	// the IAM User Guide.
	//
	// If the UserName is not specified, the IAM user name is determined implicitly
	// based on the Amazon Web Services access key ID used to sign the request. This
	// operation works for access keys under the Amazon Web Services account.
	// Consequently, you can use this operation to manage Amazon Web Services account
	// root user credentials even if the Amazon Web Services account has no associated
	// users.
	//
	// Because the body of an X.509 certificate can be large, you should use POST
	// rather than GET when calling UploadSigningCertificate . For information about
	// setting up signatures and authorization through the API, see [Signing Amazon Web Services API requests]in the Amazon Web
	// Services General Reference. For general information about using the Query API
	// with IAM, see [Making query requests]in the IAM User Guide.
	//
	// [Managing server certificates in IAM]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
	// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
	// [Signing Amazon Web Services API requests]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
	UploadSigningCertificate(ctx context.Context, params *UploadSigningCertificateInput, optFns ...func(*Options)) (*UploadSigningCertificateOutput, error)
}

IAM provides an interface to the AWS IAM service.

type Outposts added in v0.112.0

type Outposts interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() outposts.Options
	// Cancels the capacity task.
	CancelCapacityTask(ctx context.Context, params *CancelCapacityTaskInput, optFns ...func(*Options)) (*CancelCapacityTaskOutput, error)
	// Cancels the specified order for an Outpost.
	CancelOrder(ctx context.Context, params *CancelOrderInput, optFns ...func(*Options)) (*CancelOrderOutput, error)
	// Creates an order for an Outpost.
	CreateOrder(ctx context.Context, params *CreateOrderInput, optFns ...func(*Options)) (*CreateOrderOutput, error)
	// Creates an Outpost.
	//
	// You can specify either an Availability one or an AZ ID.
	CreateOutpost(ctx context.Context, params *CreateOutpostInput, optFns ...func(*Options)) (*CreateOutpostOutput, error)
	// Creates a site for an Outpost.
	CreateSite(ctx context.Context, params *CreateSiteInput, optFns ...func(*Options)) (*CreateSiteOutput, error)
	// Deletes the specified Outpost.
	DeleteOutpost(ctx context.Context, params *DeleteOutpostInput, optFns ...func(*Options)) (*DeleteOutpostOutput, error)
	// Deletes the specified site.
	DeleteSite(ctx context.Context, params *DeleteSiteInput, optFns ...func(*Options)) (*DeleteSiteOutput, error)
	// Gets details of the specified capacity task.
	GetCapacityTask(ctx context.Context, params *GetCapacityTaskInput, optFns ...func(*Options)) (*GetCapacityTaskOutput, error)
	// Gets information about the specified catalog item.
	GetCatalogItem(ctx context.Context, params *GetCatalogItemInput, optFns ...func(*Options)) (*GetCatalogItemOutput, error)
	//	Amazon Web Services uses this action to install Outpost servers.
	//
	// Gets information about the specified connection.
	//
	// Use CloudTrail to monitor this action or Amazon Web Services managed policy for
	// Amazon Web Services Outposts to secure it. For more information, see [Amazon Web Services managed policies for Amazon Web Services Outposts]and [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail] in
	// the Amazon Web Services Outposts User Guide.
	//
	// [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail]: https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html
	// [Amazon Web Services managed policies for Amazon Web Services Outposts]: https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html
	GetConnection(ctx context.Context, params *GetConnectionInput, optFns ...func(*Options)) (*GetConnectionOutput, error)
	// Gets information about the specified order.
	GetOrder(ctx context.Context, params *GetOrderInput, optFns ...func(*Options)) (*GetOrderOutput, error)
	// Gets information about the specified Outpost.
	GetOutpost(ctx context.Context, params *GetOutpostInput, optFns ...func(*Options)) (*GetOutpostOutput, error)
	// Gets the instance types for the specified Outpost.
	GetOutpostInstanceTypes(ctx context.Context, params *GetOutpostInstanceTypesInput, optFns ...func(*Options)) (*GetOutpostInstanceTypesOutput, error)
	// Gets the instance types that an Outpost can support in InstanceTypeCapacity .
	// This will generally include instance types that are not currently configured and
	// therefore cannot be launched with the current Outpost capacity configuration.
	GetOutpostSupportedInstanceTypes(ctx context.Context, params *GetOutpostSupportedInstanceTypesInput, optFns ...func(*Options)) (*GetOutpostSupportedInstanceTypesOutput, error)
	// Gets information about the specified Outpost site.
	GetSite(ctx context.Context, params *GetSiteInput, optFns ...func(*Options)) (*GetSiteOutput, error)
	// Gets the site address of the specified site.
	GetSiteAddress(ctx context.Context, params *GetSiteAddressInput, optFns ...func(*Options)) (*GetSiteAddressOutput, error)
	// A list of Amazon EC2 instances, belonging to all accounts, running on the
	// specified Outpost. Does not include Amazon EBS or Amazon S3 instances.
	ListAssetInstances(ctx context.Context, params *ListAssetInstancesInput, optFns ...func(*Options)) (*ListAssetInstancesOutput, error)
	// Lists the hardware assets for the specified Outpost.
	//
	// Use filters to return specific results. If you specify multiple filters, the
	// results include only the resources that match all of the specified filters. For
	// a filter where you can specify multiple values, the results include items that
	// match any of the values that you specify for the filter.
	ListAssets(ctx context.Context, params *ListAssetsInput, optFns ...func(*Options)) (*ListAssetsOutput, error)
	// A list of Amazon EC2 instances running on the Outpost and belonging to the
	// account that initiated the capacity task. Use this list to specify the instances
	// you cannot stop to free up capacity to run the capacity task.
	ListBlockingInstancesForCapacityTask(ctx context.Context, params *ListBlockingInstancesForCapacityTaskInput, optFns ...func(*Options)) (*ListBlockingInstancesForCapacityTaskOutput, error)
	// Lists the capacity tasks for your Amazon Web Services account.
	//
	// Use filters to return specific results. If you specify multiple filters, the
	// results include only the resources that match all of the specified filters. For
	// a filter where you can specify multiple values, the results include items that
	// match any of the values that you specify for the filter.
	ListCapacityTasks(ctx context.Context, params *ListCapacityTasksInput, optFns ...func(*Options)) (*ListCapacityTasksOutput, error)
	// Lists the items in the catalog.
	//
	// Use filters to return specific results. If you specify multiple filters, the
	// results include only the resources that match all of the specified filters. For
	// a filter where you can specify multiple values, the results include items that
	// match any of the values that you specify for the filter.
	ListCatalogItems(ctx context.Context, params *ListCatalogItemsInput, optFns ...func(*Options)) (*ListCatalogItemsOutput, error)
	// Lists the Outpost orders for your Amazon Web Services account.
	ListOrders(ctx context.Context, params *ListOrdersInput, optFns ...func(*Options)) (*ListOrdersOutput, error)
	// Lists the Outposts for your Amazon Web Services account.
	//
	// Use filters to return specific results. If you specify multiple filters, the
	// results include only the resources that match all of the specified filters. For
	// a filter where you can specify multiple values, the results include items that
	// match any of the values that you specify for the filter.
	ListOutposts(ctx context.Context, params *ListOutpostsInput, optFns ...func(*Options)) (*ListOutpostsOutput, error)
	// Lists the Outpost sites for your Amazon Web Services account. Use filters to
	// return specific results.
	//
	// Use filters to return specific results. If you specify multiple filters, the
	// results include only the resources that match all of the specified filters. For
	// a filter where you can specify multiple values, the results include items that
	// match any of the values that you specify for the filter.
	ListSites(ctx context.Context, params *ListSitesInput, optFns ...func(*Options)) (*ListSitesOutput, error)
	// Lists the tags for the specified resource.
	ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
	// Starts the specified capacity task. You can have one active capacity task per
	// order or Outpost.
	StartCapacityTask(ctx context.Context, params *StartCapacityTaskInput, optFns ...func(*Options)) (*StartCapacityTaskOutput, error)
	//	Amazon Web Services uses this action to install Outpost servers.
	//
	// Starts the connection required for Outpost server installation.
	//
	// Use CloudTrail to monitor this action or Amazon Web Services managed policy for
	// Amazon Web Services Outposts to secure it. For more information, see [Amazon Web Services managed policies for Amazon Web Services Outposts]and [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail] in
	// the Amazon Web Services Outposts User Guide.
	//
	// [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail]: https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html
	// [Amazon Web Services managed policies for Amazon Web Services Outposts]: https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html
	StartConnection(ctx context.Context, params *StartConnectionInput, optFns ...func(*Options)) (*StartConnectionOutput, error)
	// Adds tags to the specified resource.
	TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
	// Removes tags from the specified resource.
	UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
	// Updates an Outpost.
	UpdateOutpost(ctx context.Context, params *UpdateOutpostInput, optFns ...func(*Options)) (*UpdateOutpostOutput, error)
	// Updates the specified site.
	UpdateSite(ctx context.Context, params *UpdateSiteInput, optFns ...func(*Options)) (*UpdateSiteOutput, error)
	// Updates the address of the specified site.
	//
	// You can't update a site address if there is an order in progress. You must wait
	// for the order to complete or cancel the order.
	//
	// You can update the operating address before you place an order at the site, or
	// after all Outposts that belong to the site have been deactivated.
	UpdateSiteAddress(ctx context.Context, params *UpdateSiteAddressInput, optFns ...func(*Options)) (*UpdateSiteAddressOutput, error)
	// Update the physical and logistical details for a rack at a site. For more
	// information about hardware requirements for racks, see [Network readiness checklist]in the Amazon Web
	// Services Outposts User Guide.
	//
	// To update a rack at a site with an order of IN_PROGRESS , you must wait for the
	// order to complete or cancel the order.
	//
	// [Network readiness checklist]: https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#checklist
	UpdateSiteRackPhysicalProperties(ctx context.Context, params *UpdateSiteRackPhysicalPropertiesInput, optFns ...func(*Options)) (*UpdateSiteRackPhysicalPropertiesOutput, error)
}

Outposts provides an interface to the AWS Outposts service.

type SSM added in v0.91.0

type SSM interface {
	// Options returns a copy of the client configuration.
	//
	// Callers SHOULD NOT perform mutations on any inner structures within client
	// config. Config overrides should instead be made on a per-operation basis through
	// functional options.
	Options() ssm.Options
	// Adds or overwrites one or more tags for the specified resource. Tags are
	// metadata that you can assign to your automations, documents, managed nodes,
	// maintenance windows, Parameter Store parameters, and patch baselines. Tags
	// enable you to categorize your resources in different ways, for example, by
	// purpose, owner, or environment. Each tag consists of a key and an optional
	// value, both of which you define. For example, you could define a set of tags for
	// your account's managed nodes that helps you track each node's owner and stack
	// level. For example:
	//
	//   - Key=Owner,Value=DbAdmin
	//
	//   - Key=Owner,Value=SysAdmin
	//
	//   - Key=Owner,Value=Dev
	//
	//   - Key=Stack,Value=Production
	//
	//   - Key=Stack,Value=Pre-Production
	//
	//   - Key=Stack,Value=Test
	//
	// Most resources can have a maximum of 50 tags. Automations can have a maximum of
	// 5 tags.
	//
	// We recommend that you devise a set of tag keys that meets your needs for each
	// resource type. Using a consistent set of tag keys makes it easier for you to
	// manage your resources. You can search and filter the resources based on the tags
	// you add. Tags don't have any semantic meaning to and are interpreted strictly as
	// a string of characters.
	//
	// For more information about using tags with Amazon Elastic Compute Cloud (Amazon
	// EC2) instances, see [Tag your Amazon EC2 resources]in the Amazon EC2 User Guide.
	//
	// [Tag your Amazon EC2 resources]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
	AddTagsToResource(ctx context.Context, params *AddTagsToResourceInput, optFns ...func(*Options)) (*AddTagsToResourceOutput, error)
	// Associates a related item to a Systems Manager OpsCenter OpsItem. For example,
	// you can associate an Incident Manager incident or analysis with an OpsItem.
	// Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems
	// Manager.
	AssociateOpsItemRelatedItem(ctx context.Context, params *AssociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*AssociateOpsItemRelatedItemOutput, error)
	// Attempts to cancel the command specified by the Command ID. There is no
	// guarantee that the command will be terminated and the underlying process
	// stopped.
	CancelCommand(ctx context.Context, params *CancelCommandInput, optFns ...func(*Options)) (*CancelCommandOutput, error)
	// Stops a maintenance window execution that is already in progress and cancels
	// any tasks in the window that haven't already starting running. Tasks already in
	// progress will continue to completion.
	CancelMaintenanceWindowExecution(ctx context.Context, params *CancelMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*CancelMaintenanceWindowExecutionOutput, error)
	// Generates an activation code and activation ID you can use to register your
	// on-premises servers, edge devices, or virtual machine (VM) with Amazon Web
	// Services Systems Manager. Registering these machines with Systems Manager makes
	// it possible to manage them using Systems Manager capabilities. You use the
	// activation code and ID when installing SSM Agent on machines in your hybrid
	// environment. For more information about requirements for managing on-premises
	// machines using Systems Manager, see [Using Amazon Web Services Systems Manager in hybrid and multicloud environments]in the Amazon Web Services Systems Manager
	// User Guide.
	//
	// Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and
	// on-premises servers and VMs that are configured for Systems Manager are all
	// called managed nodes.
	//
	// [Using Amazon Web Services Systems Manager in hybrid and multicloud environments]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-hybrid-multicloud.html
	CreateActivation(ctx context.Context, params *CreateActivationInput, optFns ...func(*Options)) (*CreateActivationOutput, error)
	// A State Manager association defines the state that you want to maintain on your
	// managed nodes. For example, an association can specify that anti-virus software
	// must be installed and running on your managed nodes, or that certain ports must
	// be closed. For static targets, the association specifies a schedule for when the
	// configuration is reapplied. For dynamic targets, such as an Amazon Web Services
	// resource group or an Amazon Web Services autoscaling group, State Manager, a
	// capability of Amazon Web Services Systems Manager applies the configuration when
	// new managed nodes are added to the group. The association also specifies actions
	// to take when applying the configuration. For example, an association for
	// anti-virus software might run once a day. If the software isn't installed, then
	// State Manager installs it. If the software is installed, but the service isn't
	// running, then the association might instruct State Manager to start the service.
	CreateAssociation(ctx context.Context, params *CreateAssociationInput, optFns ...func(*Options)) (*CreateAssociationOutput, error)
	// Associates the specified Amazon Web Services Systems Manager document (SSM
	// document) with the specified managed nodes or targets.
	//
	// When you associate a document with one or more managed nodes using IDs or tags,
	// Amazon Web Services Systems Manager Agent (SSM Agent) running on the managed
	// node processes the document and configures the node as specified.
	//
	// If you associate a document with a managed node that already has an associated
	// document, the system returns the AssociationAlreadyExists exception.
	CreateAssociationBatch(ctx context.Context, params *CreateAssociationBatchInput, optFns ...func(*Options)) (*CreateAssociationBatchOutput, error)
	// Creates a Amazon Web Services Systems Manager (SSM document). An SSM document
	// defines the actions that Systems Manager performs on your managed nodes. For
	// more information about SSM documents, including information about supported
	// schemas, features, and syntax, see [Amazon Web Services Systems Manager Documents]in the Amazon Web Services Systems Manager
	// User Guide.
	//
	// [Amazon Web Services Systems Manager Documents]: https://docs.aws.amazon.com/systems-manager/latest/userguide/documents.html
	CreateDocument(ctx context.Context, params *CreateDocumentInput, optFns ...func(*Options)) (*CreateDocumentOutput, error)
	// Creates a new maintenance window.
	//
	// The value you specify for Duration determines the specific end time for the
	// maintenance window based on the time it begins. No maintenance window tasks are
	// permitted to start after the resulting endtime minus the number of hours you
	// specify for Cutoff . For example, if the maintenance window starts at 3 PM, the
	// duration is three hours, and the value you specify for Cutoff is one hour, no
	// maintenance window tasks can start after 5 PM.
	CreateMaintenanceWindow(ctx context.Context, params *CreateMaintenanceWindowInput, optFns ...func(*Options)) (*CreateMaintenanceWindowOutput, error)
	// Creates a new OpsItem. You must have permission in Identity and Access
	// Management (IAM) to create a new OpsItem. For more information, see [Set up OpsCenter]in the
	// Amazon Web Services Systems Manager User Guide.
	//
	// Operations engineers and IT professionals use Amazon Web Services Systems
	// Manager OpsCenter to view, investigate, and remediate operational issues
	// impacting the performance and health of their Amazon Web Services resources. For
	// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
	//
	// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
	// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
	CreateOpsItem(ctx context.Context, params *CreateOpsItemInput, optFns ...func(*Options)) (*CreateOpsItemOutput, error)
	// If you create a new application in Application Manager, Amazon Web Services
	// Systems Manager calls this API operation to specify information about the new
	// application, including the application type.
	CreateOpsMetadata(ctx context.Context, params *CreateOpsMetadataInput, optFns ...func(*Options)) (*CreateOpsMetadataOutput, error)
	// Creates a patch baseline.
	//
	// For information about valid key-value pairs in PatchFilters for each supported
	// operating system type, see PatchFilter.
	CreatePatchBaseline(ctx context.Context, params *CreatePatchBaselineInput, optFns ...func(*Options)) (*CreatePatchBaselineOutput, error)
	// A resource data sync helps you view data from multiple sources in a single
	// location. Amazon Web Services Systems Manager offers two types of resource data
	// sync: SyncToDestination and SyncFromSource .
	//
	// You can configure Systems Manager Inventory to use the SyncToDestination type
	// to synchronize Inventory data from multiple Amazon Web Services Regions to a
	// single Amazon Simple Storage Service (Amazon S3) bucket. For more information,
	// see [Creating a resource data sync for Inventory]in the Amazon Web Services Systems Manager User Guide.
	//
	// You can configure Systems Manager Explorer to use the SyncFromSource type to
	// synchronize operational work items (OpsItems) and operational data (OpsData)
	// from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This
	// type can synchronize OpsItems and OpsData from multiple Amazon Web Services
	// accounts and Amazon Web Services Regions or EntireOrganization by using
	// Organizations. For more information, see [Setting up Systems Manager Explorer to display data from multiple accounts and Regions]in the Amazon Web Services Systems
	// Manager User Guide.
	//
	// A resource data sync is an asynchronous operation that returns immediately.
	// After a successful initial sync is completed, the system continuously syncs
	// data. To check the status of a sync, use the ListResourceDataSync.
	//
	// By default, data isn't encrypted in Amazon S3. We strongly recommend that you
	// enable encryption in Amazon S3 to ensure secure data storage. We also recommend
	// that you secure access to the Amazon S3 bucket by creating a restrictive bucket
	// policy.
	//
	// [Setting up Systems Manager Explorer to display data from multiple accounts and Regions]: https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer-resource-data-sync.html
	// [Creating a resource data sync for Inventory]: https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-create-resource-data-sync.html
	CreateResourceDataSync(ctx context.Context, params *CreateResourceDataSyncInput, optFns ...func(*Options)) (*CreateResourceDataSyncOutput, error)
	// Deletes an activation. You aren't required to delete an activation. If you
	// delete an activation, you can no longer use it to register additional managed
	// nodes. Deleting an activation doesn't de-register managed nodes. You must
	// manually de-register managed nodes.
	DeleteActivation(ctx context.Context, params *DeleteActivationInput, optFns ...func(*Options)) (*DeleteActivationOutput, error)
	// Disassociates the specified Amazon Web Services Systems Manager document (SSM
	// document) from the specified managed node. If you created the association by
	// using the Targets parameter, then you must delete the association by using the
	// association ID.
	//
	// When you disassociate a document from a managed node, it doesn't change the
	// configuration of the node. To change the configuration state of a managed node
	// after you disassociate a document, you must create a new document with the
	// desired configuration and associate it with the node.
	DeleteAssociation(ctx context.Context, params *DeleteAssociationInput, optFns ...func(*Options)) (*DeleteAssociationOutput, error)
	// Deletes the Amazon Web Services Systems Manager document (SSM document) and all
	// managed node associations to the document.
	//
	// Before you delete the document, we recommend that you use DeleteAssociation to disassociate all
	// managed nodes that are associated with the document.
	DeleteDocument(ctx context.Context, params *DeleteDocumentInput, optFns ...func(*Options)) (*DeleteDocumentOutput, error)
	// Delete a custom inventory type or the data associated with a custom Inventory
	// type. Deleting a custom inventory type is also referred to as deleting a custom
	// inventory schema.
	DeleteInventory(ctx context.Context, params *DeleteInventoryInput, optFns ...func(*Options)) (*DeleteInventoryOutput, error)
	// Deletes a maintenance window.
	DeleteMaintenanceWindow(ctx context.Context, params *DeleteMaintenanceWindowInput, optFns ...func(*Options)) (*DeleteMaintenanceWindowOutput, error)
	// Delete an OpsItem. You must have permission in Identity and Access Management
	// (IAM) to delete an OpsItem.
	//
	// Note the following important information about this operation.
	//
	//   - Deleting an OpsItem is irreversible. You can't restore a deleted OpsItem.
	//
	//   - This operation uses an eventual consistency model, which means the system
	//     can take a few minutes to complete this operation. If you delete an OpsItem and
	//     immediately call, for example, GetOpsItem, the deleted OpsItem might still appear in
	//     the response.
	//
	//   - This operation is idempotent. The system doesn't throw an exception if you
	//     repeatedly call this operation for the same OpsItem. If the first call is
	//     successful, all additional calls return the same successful response as the
	//     first call.
	//
	//   - This operation doesn't support cross-account calls. A delegated
	//     administrator or management account can't delete OpsItems in other accounts,
	//     even if OpsCenter has been set up for cross-account administration. For more
	//     information about cross-account administration, see [Setting up OpsCenter to centrally manage OpsItems across accounts]in the Systems Manager
	//     User Guide.
	//
	// [Setting up OpsCenter to centrally manage OpsItems across accounts]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setting-up-cross-account.html
	DeleteOpsItem(ctx context.Context, params *DeleteOpsItemInput, optFns ...func(*Options)) (*DeleteOpsItemOutput, error)
	// Delete OpsMetadata related to an application.
	DeleteOpsMetadata(ctx context.Context, params *DeleteOpsMetadataInput, optFns ...func(*Options)) (*DeleteOpsMetadataOutput, error)
	// Delete a parameter from the system. After deleting a parameter, wait for at
	// least 30 seconds to create a parameter with the same name.
	DeleteParameter(ctx context.Context, params *DeleteParameterInput, optFns ...func(*Options)) (*DeleteParameterOutput, error)
	// Delete a list of parameters. After deleting a parameter, wait for at least 30
	// seconds to create a parameter with the same name.
	DeleteParameters(ctx context.Context, params *DeleteParametersInput, optFns ...func(*Options)) (*DeleteParametersOutput, error)
	// Deletes a patch baseline.
	DeletePatchBaseline(ctx context.Context, params *DeletePatchBaselineInput, optFns ...func(*Options)) (*DeletePatchBaselineOutput, error)
	// Deletes a resource data sync configuration. After the configuration is deleted,
	// changes to data on managed nodes are no longer synced to or from the target.
	// Deleting a sync configuration doesn't delete data.
	DeleteResourceDataSync(ctx context.Context, params *DeleteResourceDataSyncInput, optFns ...func(*Options)) (*DeleteResourceDataSyncOutput, error)
	// Deletes a Systems Manager resource policy. A resource policy helps you to
	// define the IAM entity (for example, an Amazon Web Services account) that can
	// manage your Systems Manager resources. The following resources support Systems
	// Manager resource policies.
	//
	//   - OpsItemGroup - The resource policy for OpsItemGroup enables Amazon Web
	//     Services accounts to view and interact with OpsCenter operational work items
	//     (OpsItems).
	//
	//   - Parameter - The resource policy is used to share a parameter with other
	//     accounts using Resource Access Manager (RAM). For more information about
	//     cross-account sharing of parameters, see [Working with shared parameters]in the Amazon Web Services Systems
	//     Manager User Guide.
	//
	// [Working with shared parameters]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html
	DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
	// Removes the server or virtual machine from the list of registered servers. You
	// can reregister the node again at any time. If you don't plan to use Run Command
	// on the server, we suggest uninstalling SSM Agent first.
	DeregisterManagedInstance(ctx context.Context, params *DeregisterManagedInstanceInput, optFns ...func(*Options)) (*DeregisterManagedInstanceOutput, error)
	// Removes a patch group from a patch baseline.
	DeregisterPatchBaselineForPatchGroup(ctx context.Context, params *DeregisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*DeregisterPatchBaselineForPatchGroupOutput, error)
	// Removes a target from a maintenance window.
	DeregisterTargetFromMaintenanceWindow(ctx context.Context, params *DeregisterTargetFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTargetFromMaintenanceWindowOutput, error)
	// Removes a task from a maintenance window.
	DeregisterTaskFromMaintenanceWindow(ctx context.Context, params *DeregisterTaskFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTaskFromMaintenanceWindowOutput, error)
	// Describes details about the activation, such as the date and time the
	// activation was created, its expiration date, the Identity and Access Management
	// (IAM) role assigned to the managed nodes in the activation, and the number of
	// nodes registered by using this activation.
	DescribeActivations(ctx context.Context, params *DescribeActivationsInput, optFns ...func(*Options)) (*DescribeActivationsOutput, error)
	// Describes the association for the specified target or managed node. If you
	// created the association by using the Targets parameter, then you must retrieve
	// the association by using the association ID.
	DescribeAssociation(ctx context.Context, params *DescribeAssociationInput, optFns ...func(*Options)) (*DescribeAssociationOutput, error)
	// Views information about a specific execution of a specific association.
	DescribeAssociationExecutionTargets(ctx context.Context, params *DescribeAssociationExecutionTargetsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionTargetsOutput, error)
	// Views all executions for a specific association ID.
	DescribeAssociationExecutions(ctx context.Context, params *DescribeAssociationExecutionsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionsOutput, error)
	// Provides details about all active and terminated Automation executions.
	DescribeAutomationExecutions(ctx context.Context, params *DescribeAutomationExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationExecutionsOutput, error)
	// Information about all active and terminated step executions in an Automation
	// workflow.
	DescribeAutomationStepExecutions(ctx context.Context, params *DescribeAutomationStepExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationStepExecutionsOutput, error)
	// Lists all patches eligible to be included in a patch baseline.
	//
	// Currently, DescribeAvailablePatches supports only the Amazon Linux 1, Amazon
	// Linux 2, and Windows Server operating systems.
	DescribeAvailablePatches(ctx context.Context, params *DescribeAvailablePatchesInput, optFns ...func(*Options)) (*DescribeAvailablePatchesOutput, error)
	// Describes the specified Amazon Web Services Systems Manager document (SSM
	// document).
	DescribeDocument(ctx context.Context, params *DescribeDocumentInput, optFns ...func(*Options)) (*DescribeDocumentOutput, error)
	// Describes the permissions for a Amazon Web Services Systems Manager document
	// (SSM document). If you created the document, you are the owner. If a document is
	// shared, it can either be shared privately (by specifying a user's Amazon Web
	// Services account ID) or publicly (All).
	DescribeDocumentPermission(ctx context.Context, params *DescribeDocumentPermissionInput, optFns ...func(*Options)) (*DescribeDocumentPermissionOutput, error)
	// All associations for the managed nodes.
	DescribeEffectiveInstanceAssociations(ctx context.Context, params *DescribeEffectiveInstanceAssociationsInput, optFns ...func(*Options)) (*DescribeEffectiveInstanceAssociationsOutput, error)
	// Retrieves the current effective patches (the patch and the approval state) for
	// the specified patch baseline. Applies to patch baselines for Windows only.
	DescribeEffectivePatchesForPatchBaseline(ctx context.Context, params *DescribeEffectivePatchesForPatchBaselineInput, optFns ...func(*Options)) (*DescribeEffectivePatchesForPatchBaselineOutput, error)
	// The status of the associations for the managed nodes.
	DescribeInstanceAssociationsStatus(ctx context.Context, params *DescribeInstanceAssociationsStatusInput, optFns ...func(*Options)) (*DescribeInstanceAssociationsStatusOutput, error)
	// Provides information about one or more of your managed nodes, including the
	// operating system platform, SSM Agent version, association status, and IP
	// address. This operation does not return information for nodes that are either
	// Stopped or Terminated.
	//
	// If you specify one or more node IDs, the operation returns information for
	// those managed nodes. If you don't specify node IDs, it returns information for
	// all your managed nodes. If you specify a node ID that isn't valid or a node that
	// you don't own, you receive an error.
	//
	// The IamRole field returned for this API operation is the role assigned to an
	// Amazon EC2 instance configured with a Systems Manager Quick Setup host
	// management configuration or the role assigned to an on-premises managed node.
	DescribeInstanceInformation(ctx context.Context, params *DescribeInstanceInformationInput, optFns ...func(*Options)) (*DescribeInstanceInformationOutput, error)
	// Retrieves the high-level patch state of one or more managed nodes.
	DescribeInstancePatchStates(ctx context.Context, params *DescribeInstancePatchStatesInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesOutput, error)
	// Retrieves the high-level patch state for the managed nodes in the specified
	// patch group.
	DescribeInstancePatchStatesForPatchGroup(ctx context.Context, params *DescribeInstancePatchStatesForPatchGroupInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesForPatchGroupOutput, error)
	// Retrieves information about the patches on the specified managed node and their
	// state relative to the patch baseline being used for the node.
	DescribeInstancePatches(ctx context.Context, params *DescribeInstancePatchesInput, optFns ...func(*Options)) (*DescribeInstancePatchesOutput, error)
	// An API operation used by the Systems Manager console to display information
	// about Systems Manager managed nodes.
	DescribeInstanceProperties(ctx context.Context, params *DescribeInstancePropertiesInput, optFns ...func(*Options)) (*DescribeInstancePropertiesOutput, error)
	// Describes a specific delete inventory operation.
	DescribeInventoryDeletions(ctx context.Context, params *DescribeInventoryDeletionsInput, optFns ...func(*Options)) (*DescribeInventoryDeletionsOutput, error)
	// Retrieves the individual task executions (one per target) for a particular task
	// run as part of a maintenance window execution.
	DescribeMaintenanceWindowExecutionTaskInvocations(ctx context.Context, params *DescribeMaintenanceWindowExecutionTaskInvocationsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTaskInvocationsOutput, error)
	// For a given maintenance window execution, lists the tasks that were run.
	DescribeMaintenanceWindowExecutionTasks(ctx context.Context, params *DescribeMaintenanceWindowExecutionTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTasksOutput, error)
	// Lists the executions of a maintenance window. This includes information about
	// when the maintenance window was scheduled to be active, and information about
	// tasks registered and run with the maintenance window.
	DescribeMaintenanceWindowExecutions(ctx context.Context, params *DescribeMaintenanceWindowExecutionsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionsOutput, error)
	// Retrieves information about upcoming executions of a maintenance window.
	DescribeMaintenanceWindowSchedule(ctx context.Context, params *DescribeMaintenanceWindowScheduleInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowScheduleOutput, error)
	// Lists the targets registered with the maintenance window.
	DescribeMaintenanceWindowTargets(ctx context.Context, params *DescribeMaintenanceWindowTargetsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTargetsOutput, error)
	// Lists the tasks in a maintenance window.
	//
	// For maintenance window tasks without a specified target, you can't supply
	// values for --max-errors and --max-concurrency . Instead, the system inserts a
	// placeholder value of 1 , which may be reported in the response to this command.
	// These values don't affect the running of your task and can be ignored.
	DescribeMaintenanceWindowTasks(ctx context.Context, params *DescribeMaintenanceWindowTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTasksOutput, error)
	// Retrieves the maintenance windows in an Amazon Web Services account.
	DescribeMaintenanceWindows(ctx context.Context, params *DescribeMaintenanceWindowsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsOutput, error)
	// Retrieves information about the maintenance window targets or tasks that a
	// managed node is associated with.
	DescribeMaintenanceWindowsForTarget(ctx context.Context, params *DescribeMaintenanceWindowsForTargetInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsForTargetOutput, error)
	// Query a set of OpsItems. You must have permission in Identity and Access
	// Management (IAM) to query a list of OpsItems. For more information, see [Set up OpsCenter]in the
	// Amazon Web Services Systems Manager User Guide.
	//
	// Operations engineers and IT professionals use Amazon Web Services Systems
	// Manager OpsCenter to view, investigate, and remediate operational issues
	// impacting the performance and health of their Amazon Web Services resources. For
	// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
	//
	// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
	// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
	DescribeOpsItems(ctx context.Context, params *DescribeOpsItemsInput, optFns ...func(*Options)) (*DescribeOpsItemsOutput, error)
	// Lists the parameters in your Amazon Web Services account or the parameters
	// shared with you when you enable the [Shared]option.
	//
	// Request results are returned on a best-effort basis. If you specify MaxResults
	// in the request, the response includes information up to the limit specified. The
	// number of items returned, however, can be between zero and the value of
	// MaxResults . If the service reaches an internal limit while processing the
	// results, it stops the operation and returns the matching values up to that point
	// and a NextToken . You can specify the NextToken in a subsequent call to get the
	// next set of results.
	//
	// If you change the KMS key alias for the KMS key used to encrypt a parameter,
	// then you must also update the key alias the parameter uses to reference KMS.
	// Otherwise, DescribeParameters retrieves whatever the original key alias was
	// referencing.
	//
	// [Shared]: https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html#systemsmanager-DescribeParameters-request-Shared
	DescribeParameters(ctx context.Context, params *DescribeParametersInput, optFns ...func(*Options)) (*DescribeParametersOutput, error)
	// Lists the patch baselines in your Amazon Web Services account.
	DescribePatchBaselines(ctx context.Context, params *DescribePatchBaselinesInput, optFns ...func(*Options)) (*DescribePatchBaselinesOutput, error)
	// Returns high-level aggregated patch compliance state information for a patch
	// group.
	DescribePatchGroupState(ctx context.Context, params *DescribePatchGroupStateInput, optFns ...func(*Options)) (*DescribePatchGroupStateOutput, error)
	// Lists all patch groups that have been registered with patch baselines.
	DescribePatchGroups(ctx context.Context, params *DescribePatchGroupsInput, optFns ...func(*Options)) (*DescribePatchGroupsOutput, error)
	// Lists the properties of available patches organized by product, product family,
	// classification, severity, and other properties of available patches. You can use
	// the reported properties in the filters you specify in requests for operations
	// such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.
	//
	// The following section lists the properties that can be used in filters for each
	// major operating system type:
	//
	// AMAZON_LINUX Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
	//
	// AMAZON_LINUX_2 Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
	//
	// AMAZON_LINUX_2023 Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
	//
	// CENTOS Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
	//
	// DEBIAN Valid properties: PRODUCT | PRIORITY
	//
	// MACOS Valid properties: PRODUCT | CLASSIFICATION
	//
	// ORACLE_LINUX Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
	//
	// REDHAT_ENTERPRISE_LINUX Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
	//
	// SUSE Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
	//
	// UBUNTU Valid properties: PRODUCT | PRIORITY
	//
	// WINDOWS Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION |
	// MSRC_SEVERITY
	DescribePatchProperties(ctx context.Context, params *DescribePatchPropertiesInput, optFns ...func(*Options)) (*DescribePatchPropertiesOutput, error)
	// Retrieves a list of all active sessions (both connected and disconnected) or
	// terminated sessions from the past 30 days.
	DescribeSessions(ctx context.Context, params *DescribeSessionsInput, optFns ...func(*Options)) (*DescribeSessionsOutput, error)
	// Deletes the association between an OpsItem and a related item. For example,
	// this API operation can delete an Incident Manager incident from an OpsItem.
	// Incident Manager is a capability of Amazon Web Services Systems Manager.
	DisassociateOpsItemRelatedItem(ctx context.Context, params *DisassociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*DisassociateOpsItemRelatedItemOutput, error)
	// Get detailed information about a particular Automation execution.
	GetAutomationExecution(ctx context.Context, params *GetAutomationExecutionInput, optFns ...func(*Options)) (*GetAutomationExecutionOutput, error)
	// Gets the state of a Amazon Web Services Systems Manager change calendar at the
	// current time or a specified time. If you specify a time, GetCalendarState
	// returns the state of the calendar at that specific time, and returns the next
	// time that the change calendar state will transition. If you don't specify a
	// time, GetCalendarState uses the current time. Change Calendar entries have two
	// possible states: OPEN or CLOSED .
	//
	// If you specify more than one calendar in a request, the command returns the
	// status of OPEN only if all calendars in the request are open. If one or more
	// calendars in the request are closed, the status returned is CLOSED .
	//
	// For more information about Change Calendar, a capability of Amazon Web Services
	// Systems Manager, see [Amazon Web Services Systems Manager Change Calendar]in the Amazon Web Services Systems Manager User Guide.
	//
	// [Amazon Web Services Systems Manager Change Calendar]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html
	GetCalendarState(ctx context.Context, params *GetCalendarStateInput, optFns ...func(*Options)) (*GetCalendarStateOutput, error)
	// Returns detailed information about command execution for an invocation or
	// plugin. The Run Command API follows an eventual consistency model, due to the
	// distributed nature of the system supporting the API. This means that the result
	// of an API command you run that affects your resources might not be immediately
	// visible to all subsequent commands you run. You should keep this in mind when
	// you carry out an API command that immediately follows a previous API command.
	//
	// GetCommandInvocation only gives the execution status of a plugin in a document.
	// To get the command execution status on a specific managed node, use ListCommandInvocations. To get
	// the command execution status across managed nodes, use ListCommands.
	GetCommandInvocation(ctx context.Context, params *GetCommandInvocationInput, optFns ...func(*Options)) (*GetCommandInvocationOutput, error)
	// Retrieves the Session Manager connection status for a managed node to determine
	// whether it is running and ready to receive Session Manager connections.
	GetConnectionStatus(ctx context.Context, params *GetConnectionStatusInput, optFns ...func(*Options)) (*GetConnectionStatusOutput, error)
	// Retrieves the default patch baseline. Amazon Web Services Systems Manager
	// supports creating multiple default patch baselines. For example, you can create
	// a default patch baseline for each operating system.
	//
	// If you don't specify an operating system value, the default patch baseline for
	// Windows is returned.
	GetDefaultPatchBaseline(ctx context.Context, params *GetDefaultPatchBaselineInput, optFns ...func(*Options)) (*GetDefaultPatchBaselineOutput, error)
	// Retrieves the current snapshot for the patch baseline the managed node uses.
	// This API is primarily used by the AWS-RunPatchBaseline Systems Manager document
	// (SSM document).
	//
	// If you run the command locally, such as with the Command Line Interface (CLI),
	// the system attempts to use your local Amazon Web Services credentials and the
	// operation fails. To avoid this, you can run the command in the Amazon Web
	// Services Systems Manager console. Use Run Command, a capability of Amazon Web
	// Services Systems Manager, with an SSM document that enables you to target a
	// managed node with a script or command. For example, run the command using the
	// AWS-RunShellScript document or the AWS-RunPowerShellScript document.
	GetDeployablePatchSnapshotForInstance(ctx context.Context, params *GetDeployablePatchSnapshotForInstanceInput, optFns ...func(*Options)) (*GetDeployablePatchSnapshotForInstanceOutput, error)
	// Gets the contents of the specified Amazon Web Services Systems Manager document
	// (SSM document).
	GetDocument(ctx context.Context, params *GetDocumentInput, optFns ...func(*Options)) (*GetDocumentOutput, error)
	// Initiates the process of retrieving an existing preview that shows the effects
	// that running a specified Automation runbook would have on the targeted
	// resources.
	GetExecutionPreview(ctx context.Context, params *GetExecutionPreviewInput, optFns ...func(*Options)) (*GetExecutionPreviewOutput, error)
	// Query inventory information. This includes managed node status, such as Stopped
	// or Terminated .
	GetInventory(ctx context.Context, params *GetInventoryInput, optFns ...func(*Options)) (*GetInventoryOutput, error)
	// Return a list of inventory type names for the account, or return a list of
	// attribute names for a specific Inventory item type.
	GetInventorySchema(ctx context.Context, params *GetInventorySchemaInput, optFns ...func(*Options)) (*GetInventorySchemaOutput, error)
	// Retrieves a maintenance window.
	GetMaintenanceWindow(ctx context.Context, params *GetMaintenanceWindowInput, optFns ...func(*Options)) (*GetMaintenanceWindowOutput, error)
	// Retrieves details about a specific a maintenance window execution.
	GetMaintenanceWindowExecution(ctx context.Context, params *GetMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionOutput, error)
	// Retrieves the details about a specific task run as part of a maintenance window
	// execution.
	GetMaintenanceWindowExecutionTask(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskOutput, error)
	// Retrieves information about a specific task running on a specific target.
	GetMaintenanceWindowExecutionTaskInvocation(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInvocationInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskInvocationOutput, error)
	// Retrieves the details of a maintenance window task.
	//
	// For maintenance window tasks without a specified target, you can't supply
	// values for --max-errors and --max-concurrency . Instead, the system inserts a
	// placeholder value of 1 , which may be reported in the response to this command.
	// These values don't affect the running of your task and can be ignored.
	//
	// To retrieve a list of tasks in a maintenance window, instead use the DescribeMaintenanceWindowTasks command.
	GetMaintenanceWindowTask(ctx context.Context, params *GetMaintenanceWindowTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowTaskOutput, error)
	// Get information about an OpsItem by using the ID. You must have permission in
	// Identity and Access Management (IAM) to view information about an OpsItem. For
	// more information, see [Set up OpsCenter]in the Amazon Web Services Systems Manager User Guide.
	//
	// Operations engineers and IT professionals use Amazon Web Services Systems
	// Manager OpsCenter to view, investigate, and remediate operational issues
	// impacting the performance and health of their Amazon Web Services resources. For
	// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
	//
	// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
	// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
	GetOpsItem(ctx context.Context, params *GetOpsItemInput, optFns ...func(*Options)) (*GetOpsItemOutput, error)
	// View operational metadata related to an application in Application Manager.
	GetOpsMetadata(ctx context.Context, params *GetOpsMetadataInput, optFns ...func(*Options)) (*GetOpsMetadataOutput, error)
	// View a summary of operations metadata (OpsData) based on specified filters and
	// aggregators. OpsData can include information about Amazon Web Services Systems
	// Manager OpsCenter operational workitems (OpsItems) as well as information about
	// any Amazon Web Services resource or service configured to report OpsData to
	// Amazon Web Services Systems Manager Explorer.
	GetOpsSummary(ctx context.Context, params *GetOpsSummaryInput, optFns ...func(*Options)) (*GetOpsSummaryOutput, error)
	// Get information about a single parameter by specifying the parameter name.
	//
	// To get information about more than one parameter at a time, use the GetParameters operation.
	GetParameter(ctx context.Context, params *GetParameterInput, optFns ...func(*Options)) (*GetParameterOutput, error)
	// Retrieves the history of all changes to a parameter.
	//
	// If you change the KMS key alias for the KMS key used to encrypt a parameter,
	// then you must also update the key alias the parameter uses to reference KMS.
	// Otherwise, GetParameterHistory retrieves whatever the original key alias was
	// referencing.
	GetParameterHistory(ctx context.Context, params *GetParameterHistoryInput, optFns ...func(*Options)) (*GetParameterHistoryOutput, error)
	// Get information about one or more parameters by specifying multiple parameter
	// names.
	//
	// To get information about a single parameter, you can use the GetParameter operation instead.
	GetParameters(ctx context.Context, params *GetParametersInput, optFns ...func(*Options)) (*GetParametersOutput, error)
	// Retrieve information about one or more parameters in a specific hierarchy.
	//
	// Request results are returned on a best-effort basis. If you specify MaxResults
	// in the request, the response includes information up to the limit specified. The
	// number of items returned, however, can be between zero and the value of
	// MaxResults . If the service reaches an internal limit while processing the
	// results, it stops the operation and returns the matching values up to that point
	// and a NextToken . You can specify the NextToken in a subsequent call to get the
	// next set of results.
	GetParametersByPath(ctx context.Context, params *GetParametersByPathInput, optFns ...func(*Options)) (*GetParametersByPathOutput, error)
	// Retrieves information about a patch baseline.
	GetPatchBaseline(ctx context.Context, params *GetPatchBaselineInput, optFns ...func(*Options)) (*GetPatchBaselineOutput, error)
	// Retrieves the patch baseline that should be used for the specified patch group.
	GetPatchBaselineForPatchGroup(ctx context.Context, params *GetPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*GetPatchBaselineForPatchGroupOutput, error)
	// Returns an array of the Policy object.
	GetResourcePolicies(ctx context.Context, params *GetResourcePoliciesInput, optFns ...func(*Options)) (*GetResourcePoliciesOutput, error)
	// ServiceSetting is an account-level setting for an Amazon Web Services service.
	// This setting defines how a user interacts with or uses a service or a feature of
	// a service. For example, if an Amazon Web Services service charges money to the
	// account based on feature or service usage, then the Amazon Web Services service
	// team might create a default setting of false . This means the user can't use
	// this feature unless they change the setting to true and intentionally opt in
	// for a paid feature.
	//
	// Services map a SettingId object to a setting value. Amazon Web Services
	// services teams define the default value for a SettingId . You can't create a new
	// SettingId , but you can overwrite the default value if you have the
	// ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API operation to
	// change the default setting. Or use the ResetServiceSettingto change the value back to the original
	// value defined by the Amazon Web Services service team.
	//
	// Query the current service setting for the Amazon Web Services account.
	GetServiceSetting(ctx context.Context, params *GetServiceSettingInput, optFns ...func(*Options)) (*GetServiceSettingOutput, error)
	// A parameter label is a user-defined alias to help you manage different versions
	// of a parameter. When you modify a parameter, Amazon Web Services Systems Manager
	// automatically saves a new version and increments the version number by one. A
	// label can help you remember the purpose of a parameter when there are multiple
	// versions.
	//
	// Parameter labels have the following requirements and restrictions.
	//
	//   - A version of a parameter can have a maximum of 10 labels.
	//
	//   - You can't attach the same label to different versions of the same
	//     parameter. For example, if version 1 has the label Production, then you can't
	//     attach Production to version 2.
	//
	//   - You can move a label from one version of a parameter to another.
	//
	//   - You can't create a label when you create a new parameter. You must attach a
	//     label to a specific version of a parameter.
	//
	//   - If you no longer want to use a parameter label, then you can either delete
	//     it or move it to a different version of a parameter.
	//
	//   - A label can have a maximum of 100 characters.
	//
	//   - Labels can contain letters (case sensitive), numbers, periods (.), hyphens
	//     (-), or underscores (_).
	//
	//   - Labels can't begin with a number, " aws " or " ssm " (not case sensitive).
	//     If a label fails to meet these requirements, then the label isn't associated
	//     with a parameter and the system displays it in the list of InvalidLabels.
	LabelParameterVersion(ctx context.Context, params *LabelParameterVersionInput, optFns ...func(*Options)) (*LabelParameterVersionOutput, error)
	// Retrieves all versions of an association for a specific association ID.
	ListAssociationVersions(ctx context.Context, params *ListAssociationVersionsInput, optFns ...func(*Options)) (*ListAssociationVersionsOutput, error)
	// Returns all State Manager associations in the current Amazon Web Services
	// account and Amazon Web Services Region. You can limit the results to a specific
	// State Manager association document or managed node by specifying a filter. State
	// Manager is a capability of Amazon Web Services Systems Manager.
	ListAssociations(ctx context.Context, params *ListAssociationsInput, optFns ...func(*Options)) (*ListAssociationsOutput, error)
	// An invocation is copy of a command sent to a specific managed node. A command
	// can apply to one or more managed nodes. A command invocation applies to one
	// managed node. For example, if a user runs SendCommand against three managed
	// nodes, then a command invocation is created for each requested managed node ID.
	// ListCommandInvocations provide status about command execution.
	ListCommandInvocations(ctx context.Context, params *ListCommandInvocationsInput, optFns ...func(*Options)) (*ListCommandInvocationsOutput, error)
	// Lists the commands requested by users of the Amazon Web Services account.
	ListCommands(ctx context.Context, params *ListCommandsInput, optFns ...func(*Options)) (*ListCommandsOutput, error)
	// For a specified resource ID, this API operation returns a list of compliance
	// statuses for different resource types. Currently, you can only specify one
	// resource ID per call. List results depend on the criteria specified in the
	// filter.
	ListComplianceItems(ctx context.Context, params *ListComplianceItemsInput, optFns ...func(*Options)) (*ListComplianceItemsOutput, error)
	// Returns a summary count of compliant and non-compliant resources for a
	// compliance type. For example, this call can return State Manager associations,
	// patches, or custom compliance types according to the filter criteria that you
	// specify.
	ListComplianceSummaries(ctx context.Context, params *ListComplianceSummariesInput, optFns ...func(*Options)) (*ListComplianceSummariesOutput, error)
	// Information about approval reviews for a version of a change template in Change
	// Manager.
	ListDocumentMetadataHistory(ctx context.Context, params *ListDocumentMetadataHistoryInput, optFns ...func(*Options)) (*ListDocumentMetadataHistoryOutput, error)
	// List all versions for a document.
	ListDocumentVersions(ctx context.Context, params *ListDocumentVersionsInput, optFns ...func(*Options)) (*ListDocumentVersionsOutput, error)
	// Returns all Systems Manager (SSM) documents in the current Amazon Web Services
	// account and Amazon Web Services Region. You can limit the results of this
	// request by using a filter.
	ListDocuments(ctx context.Context, params *ListDocumentsInput, optFns ...func(*Options)) (*ListDocumentsOutput, error)
	// A list of inventory items returned by the request.
	ListInventoryEntries(ctx context.Context, params *ListInventoryEntriesInput, optFns ...func(*Options)) (*ListInventoryEntriesOutput, error)
	// Takes in filters and returns a list of managed nodes matching the filter
	// criteria.
	ListNodes(ctx context.Context, params *ListNodesInput, optFns ...func(*Options)) (*ListNodesOutput, error)
	// Generates a summary of managed instance/node metadata based on the filters and
	// aggregators you specify. Results are grouped by the input aggregator you
	// specify.
	ListNodesSummary(ctx context.Context, params *ListNodesSummaryInput, optFns ...func(*Options)) (*ListNodesSummaryOutput, error)
	// Returns a list of all OpsItem events in the current Amazon Web Services Region
	// and Amazon Web Services account. You can limit the results to events associated
	// with specific OpsItems by specifying a filter.
	ListOpsItemEvents(ctx context.Context, params *ListOpsItemEventsInput, optFns ...func(*Options)) (*ListOpsItemEventsOutput, error)
	// Lists all related-item resources associated with a Systems Manager OpsCenter
	// OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager.
	ListOpsItemRelatedItems(ctx context.Context, params *ListOpsItemRelatedItemsInput, optFns ...func(*Options)) (*ListOpsItemRelatedItemsOutput, error)
	// Amazon Web Services Systems Manager calls this API operation when displaying
	// all Application Manager OpsMetadata objects or blobs.
	ListOpsMetadata(ctx context.Context, params *ListOpsMetadataInput, optFns ...func(*Options)) (*ListOpsMetadataOutput, error)
	// Returns a resource-level summary count. The summary includes information about
	// compliant and non-compliant statuses and detailed compliance-item severity
	// counts, according to the filter criteria you specify.
	ListResourceComplianceSummaries(ctx context.Context, params *ListResourceComplianceSummariesInput, optFns ...func(*Options)) (*ListResourceComplianceSummariesOutput, error)
	// Lists your resource data sync configurations. Includes information about the
	// last time a sync attempted to start, the last sync status, and the last time a
	// sync successfully completed.
	//
	// The number of sync configurations might be too large to return using a single
	// call to ListResourceDataSync . You can limit the number of sync configurations
	// returned by using the MaxResults parameter. To determine whether there are more
	// sync configurations to list, check the value of NextToken in the output. If
	// there are more sync configurations to list, you can request them by specifying
	// the NextToken returned in the call to the parameter of a subsequent call.
	ListResourceDataSync(ctx context.Context, params *ListResourceDataSyncInput, optFns ...func(*Options)) (*ListResourceDataSyncOutput, error)
	// Returns a list of the tags assigned to the specified resource.
	//
	// For information about the ID format for each supported resource type, see AddTagsToResource.
	ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
	// Shares a Amazon Web Services Systems Manager document (SSM document)publicly or
	// privately. If you share a document privately, you must specify the Amazon Web
	// Services user IDs for those people who can use the document. If you share a
	// document publicly, you must specify All as the account ID.
	ModifyDocumentPermission(ctx context.Context, params *ModifyDocumentPermissionInput, optFns ...func(*Options)) (*ModifyDocumentPermissionOutput, error)
	// Registers a compliance type and other compliance details on a designated
	// resource. This operation lets you register custom compliance details with a
	// resource. This call overwrites existing compliance information on the resource,
	// so you must provide a full list of compliance items each time that you send the
	// request.
	//
	// ComplianceType can be one of the following:
	//
	//   - ExecutionId: The execution ID when the patch, association, or custom
	//     compliance item was applied.
	//
	//   - ExecutionType: Specify patch, association, or Custom: string .
	//
	//   - ExecutionTime. The time the patch, association, or custom compliance item
	//     was applied to the managed node.
	//
	//   - Id: The patch, association, or custom compliance ID.
	//
	//   - Title: A title.
	//
	//   - Status: The status of the compliance item. For example, approved for
	//     patches, or Failed for associations.
	//
	//   - Severity: A patch severity. For example, Critical .
	//
	//   - DocumentName: An SSM document name. For example, AWS-RunPatchBaseline .
	//
	//   - DocumentVersion: An SSM document version number. For example, 4.
	//
	//   - Classification: A patch classification. For example, security updates .
	//
	//   - PatchBaselineId: A patch baseline ID.
	//
	//   - PatchSeverity: A patch severity. For example, Critical .
	//
	//   - PatchState: A patch state. For example, InstancesWithFailedPatches .
	//
	//   - PatchGroup: The name of a patch group.
	//
	//   - InstalledTime: The time the association, patch, or custom compliance item
	//     was applied to the resource. Specify the time by using the following format:
	//     yyyy-MM-dd'T'HH:mm:ss'Z'
	PutComplianceItems(ctx context.Context, params *PutComplianceItemsInput, optFns ...func(*Options)) (*PutComplianceItemsOutput, error)
	// Bulk update custom inventory items on one or more managed nodes. The request
	// adds an inventory item, if it doesn't already exist, or updates an inventory
	// item, if it does exist.
	PutInventory(ctx context.Context, params *PutInventoryInput, optFns ...func(*Options)) (*PutInventoryOutput, error)
	// Add a parameter to the system.
	PutParameter(ctx context.Context, params *PutParameterInput, optFns ...func(*Options)) (*PutParameterOutput, error)
	// Creates or updates a Systems Manager resource policy. A resource policy helps
	// you to define the IAM entity (for example, an Amazon Web Services account) that
	// can manage your Systems Manager resources. The following resources support
	// Systems Manager resource policies.
	//
	//   - OpsItemGroup - The resource policy for OpsItemGroup enables Amazon Web
	//     Services accounts to view and interact with OpsCenter operational work items
	//     (OpsItems).
	//
	//   - Parameter - The resource policy is used to share a parameter with other
	//     accounts using Resource Access Manager (RAM).
	//
	// To share a parameter, it must be in the advanced parameter tier. For
	//
	//	information about parameter tiers, see [Managing parameter tiers]. For information about changing an
	//	existing standard parameter to an advanced parameter, see [Changing a standard parameter to an advanced parameter].
	//
	// To share a SecureString parameter, it must be encrypted with a customer managed
	//
	//	key, and you must share the key separately through Key Management Service.
	//	Amazon Web Services managed keys cannot be shared. Parameters encrypted with the
	//	default Amazon Web Services managed key can be updated to use a customer managed
	//	key instead. For KMS key definitions, see [KMS concepts]in the Key Management Service
	//	Developer Guide.
	//
	// While you can share a parameter using the Systems Manager PutResourcePolicy
	//
	//	operation, we recommend using Resource Access Manager (RAM) instead. This is
	//	because using PutResourcePolicy requires the extra step of promoting the
	//	parameter to a standard RAM Resource Share using the RAM [PromoteResourceShareCreatedFromPolicy]API operation.
	//	Otherwise, the parameter won't be returned by the Systems Manager [DescribeParameters]API
	//	operation using the --shared option.
	//
	// For more information, see [Sharing a parameter]in the Amazon Web Services Systems Manager User Guide
	//
	// [Sharing a parameter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html#share
	//
	// [Managing parameter tiers]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html
	// [Changing a standard parameter to an advanced parameter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html#parameter-store-advanced-parameters-enabling
	// [PromoteResourceShareCreatedFromPolicy]: https://docs.aws.amazon.com/ram/latest/APIReference/API_PromoteResourceShareCreatedFromPolicy.html
	// [KMS concepts]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html
	// [DescribeParameters]: https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html
	PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
	// Defines the default patch baseline for the relevant operating system.
	//
	// To reset the Amazon Web Services-predefined patch baseline as the default,
	// specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID
	// value. For example, for CentOS, specify
	// arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of
	// pb-0574b43a65ea646ed .
	RegisterDefaultPatchBaseline(ctx context.Context, params *RegisterDefaultPatchBaselineInput, optFns ...func(*Options)) (*RegisterDefaultPatchBaselineOutput, error)
	// Registers a patch baseline for a patch group.
	RegisterPatchBaselineForPatchGroup(ctx context.Context, params *RegisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*RegisterPatchBaselineForPatchGroupOutput, error)
	// Registers a target with a maintenance window.
	RegisterTargetWithMaintenanceWindow(ctx context.Context, params *RegisterTargetWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTargetWithMaintenanceWindowOutput, error)
	// Adds a new task to a maintenance window.
	RegisterTaskWithMaintenanceWindow(ctx context.Context, params *RegisterTaskWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTaskWithMaintenanceWindowOutput, error)
	// Removes tag keys from the specified resource.
	RemoveTagsFromResource(ctx context.Context, params *RemoveTagsFromResourceInput, optFns ...func(*Options)) (*RemoveTagsFromResourceOutput, error)
	// ServiceSetting is an account-level setting for an Amazon Web Services service.
	// This setting defines how a user interacts with or uses a service or a feature of
	// a service. For example, if an Amazon Web Services service charges money to the
	// account based on feature or service usage, then the Amazon Web Services service
	// team might create a default setting of "false". This means the user can't use
	// this feature unless they change the setting to "true" and intentionally opt in
	// for a paid feature.
	//
	// Services map a SettingId object to a setting value. Amazon Web Services
	// services teams define the default value for a SettingId . You can't create a new
	// SettingId , but you can overwrite the default value if you have the
	// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to
	// view the current value. Use the UpdateServiceSettingAPI operation to change the default setting.
	//
	// Reset the service setting for the account to the default value as provisioned
	// by the Amazon Web Services service team.
	ResetServiceSetting(ctx context.Context, params *ResetServiceSettingInput, optFns ...func(*Options)) (*ResetServiceSettingOutput, error)
	// Reconnects a session to a managed node after it has been disconnected.
	// Connections can be resumed for disconnected sessions, but not terminated
	// sessions.
	//
	// This command is primarily for use by client machines to automatically reconnect
	// during intermittent network issues. It isn't intended for any other use.
	ResumeSession(ctx context.Context, params *ResumeSessionInput, optFns ...func(*Options)) (*ResumeSessionOutput, error)
	// Sends a signal to an Automation execution to change the current behavior or
	// status of the execution.
	SendAutomationSignal(ctx context.Context, params *SendAutomationSignalInput, optFns ...func(*Options)) (*SendAutomationSignalOutput, error)
	// Runs commands on one or more managed nodes.
	SendCommand(ctx context.Context, params *SendCommandInput, optFns ...func(*Options)) (*SendCommandOutput, error)
	// Runs an association immediately and only one time. This operation can be
	// helpful when troubleshooting associations.
	StartAssociationsOnce(ctx context.Context, params *StartAssociationsOnceInput, optFns ...func(*Options)) (*StartAssociationsOnceOutput, error)
	// Initiates execution of an Automation runbook.
	StartAutomationExecution(ctx context.Context, params *StartAutomationExecutionInput, optFns ...func(*Options)) (*StartAutomationExecutionOutput, error)
	// Creates a change request for Change Manager. The Automation runbooks specified
	// in the change request run only after all required approvals for the change
	// request have been received.
	StartChangeRequestExecution(ctx context.Context, params *StartChangeRequestExecutionInput, optFns ...func(*Options)) (*StartChangeRequestExecutionOutput, error)
	// Initiates the process of creating a preview showing the effects that running a
	// specified Automation runbook would have on the targeted resources.
	StartExecutionPreview(ctx context.Context, params *StartExecutionPreviewInput, optFns ...func(*Options)) (*StartExecutionPreviewOutput, error)
	// Initiates a connection to a target (for example, a managed node) for a Session
	// Manager session. Returns a URL and token that can be used to open a WebSocket
	// connection for sending input and receiving outputs.
	//
	// Amazon Web Services CLI usage: start-session is an interactive command that
	// requires the Session Manager plugin to be installed on the client machine making
	// the call. For information, see [Install the Session Manager plugin for the Amazon Web Services CLI]in the Amazon Web Services Systems Manager User
	// Guide.
	//
	// Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't
	// currently supported by Amazon Web Services Tools for PowerShell on Windows local
	// machines.
	//
	// [Install the Session Manager plugin for the Amazon Web Services CLI]: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html
	StartSession(ctx context.Context, params *StartSessionInput, optFns ...func(*Options)) (*StartSessionOutput, error)
	// Stop an Automation that is currently running.
	StopAutomationExecution(ctx context.Context, params *StopAutomationExecutionInput, optFns ...func(*Options)) (*StopAutomationExecutionOutput, error)
	// Permanently ends a session and closes the data connection between the Session
	// Manager client and SSM Agent on the managed node. A terminated session can't be
	// resumed.
	TerminateSession(ctx context.Context, params *TerminateSessionInput, optFns ...func(*Options)) (*TerminateSessionOutput, error)
	// Remove a label or labels from a parameter.
	UnlabelParameterVersion(ctx context.Context, params *UnlabelParameterVersionInput, optFns ...func(*Options)) (*UnlabelParameterVersionOutput, error)
	// Updates an association. You can update the association name and version, the
	// document version, schedule, parameters, and Amazon Simple Storage Service
	// (Amazon S3) output. When you call UpdateAssociation , the system removes all
	// optional parameters from the request and overwrites the association with null
	// values for those parameters. This is by design. You must specify all optional
	// parameters in the call, even if you are not changing the parameters. This
	// includes the Name parameter. Before calling this API action, we recommend that
	// you call the DescribeAssociationAPI operation and make a note of all optional parameters required
	// for your UpdateAssociation call.
	//
	// In order to call this API operation, a user, group, or role must be granted
	// permission to call the DescribeAssociationAPI operation. If you don't have permission to call
	// DescribeAssociation , then you receive the following error: An error occurred
	// (AccessDeniedException) when calling the UpdateAssociation operation: User:
	// isn't authorized to perform: ssm:DescribeAssociation on resource:
	//
	// When you update an association, the association immediately runs against the
	// specified targets. You can add the ApplyOnlyAtCronInterval parameter to run the
	// association during the next schedule run.
	UpdateAssociation(ctx context.Context, params *UpdateAssociationInput, optFns ...func(*Options)) (*UpdateAssociationOutput, error)
	// Updates the status of the Amazon Web Services Systems Manager document (SSM
	// document) associated with the specified managed node.
	//
	// UpdateAssociationStatus is primarily used by the Amazon Web Services Systems
	// Manager Agent (SSM Agent) to report status updates about your associations and
	// is only used for associations created with the InstanceId legacy parameter.
	UpdateAssociationStatus(ctx context.Context, params *UpdateAssociationStatusInput, optFns ...func(*Options)) (*UpdateAssociationStatusOutput, error)
	// Updates one or more values for an SSM document.
	UpdateDocument(ctx context.Context, params *UpdateDocumentInput, optFns ...func(*Options)) (*UpdateDocumentOutput, error)
	// Set the default version of a document.
	//
	// If you change a document version for a State Manager association, Systems
	// Manager immediately runs the association unless you previously specifed the
	// apply-only-at-cron-interval parameter.
	UpdateDocumentDefaultVersion(ctx context.Context, params *UpdateDocumentDefaultVersionInput, optFns ...func(*Options)) (*UpdateDocumentDefaultVersionOutput, error)
	// Updates information related to approval reviews for a specific version of a
	// change template in Change Manager.
	UpdateDocumentMetadata(ctx context.Context, params *UpdateDocumentMetadataInput, optFns ...func(*Options)) (*UpdateDocumentMetadataOutput, error)
	// Updates an existing maintenance window. Only specified parameters are modified.
	//
	// The value you specify for Duration determines the specific end time for the
	// maintenance window based on the time it begins. No maintenance window tasks are
	// permitted to start after the resulting endtime minus the number of hours you
	// specify for Cutoff . For example, if the maintenance window starts at 3 PM, the
	// duration is three hours, and the value you specify for Cutoff is one hour, no
	// maintenance window tasks can start after 5 PM.
	UpdateMaintenanceWindow(ctx context.Context, params *UpdateMaintenanceWindowInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowOutput, error)
	// Modifies the target of an existing maintenance window. You can change the
	// following:
	//
	//   - Name
	//
	//   - Description
	//
	//   - Owner
	//
	//   - IDs for an ID target
	//
	//   - Tags for a Tag target
	//
	//   - From any supported tag type to another. The three supported tag types are
	//     ID target, Tag target, and resource group. For more information, see Target.
	//
	// If a parameter is null, then the corresponding field isn't modified.
	UpdateMaintenanceWindowTarget(ctx context.Context, params *UpdateMaintenanceWindowTargetInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTargetOutput, error)
	// Modifies a task assigned to a maintenance window. You can't change the task
	// type, but you can change the following values:
	//
	//   - TaskARN . For example, you can change a RUN_COMMAND task from
	//     AWS-RunPowerShellScript to AWS-RunShellScript .
	//
	//   - ServiceRoleArn
	//
	//   - TaskInvocationParameters
	//
	//   - Priority
	//
	//   - MaxConcurrency
	//
	//   - MaxErrors
	//
	// One or more targets must be specified for maintenance window Run Command-type
	// tasks. Depending on the task, targets are optional for other maintenance window
	// task types (Automation, Lambda, and Step Functions). For more information about
	// running tasks that don't specify targets, see [Registering maintenance window tasks without targets]in the Amazon Web Services
	// Systems Manager User Guide.
	//
	// If the value for a parameter in UpdateMaintenanceWindowTask is null, then the
	// corresponding field isn't modified. If you set Replace to true, then all fields
	// required by the RegisterTaskWithMaintenanceWindowoperation are required for this request. Optional fields that
	// aren't specified are set to null.
	//
	// When you update a maintenance window task that has options specified in
	// TaskInvocationParameters , you must provide again all the
	// TaskInvocationParameters values that you want to retain. The values you don't
	// specify again are removed. For example, suppose that when you registered a Run
	// Command task, you specified TaskInvocationParameters values for Comment ,
	// NotificationConfig , and OutputS3BucketName . If you update the maintenance
	// window task and specify only a different OutputS3BucketName value, the values
	// for Comment and NotificationConfig are removed.
	//
	// [Registering maintenance window tasks without targets]: https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html
	UpdateMaintenanceWindowTask(ctx context.Context, params *UpdateMaintenanceWindowTaskInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTaskOutput, error)
	// Changes the Identity and Access Management (IAM) role that is assigned to the
	// on-premises server, edge device, or virtual machines (VM). IAM roles are first
	// assigned to these hybrid nodes during the activation process. For more
	// information, see CreateActivation.
	UpdateManagedInstanceRole(ctx context.Context, params *UpdateManagedInstanceRoleInput, optFns ...func(*Options)) (*UpdateManagedInstanceRoleOutput, error)
	// Edit or change an OpsItem. You must have permission in Identity and Access
	// Management (IAM) to update an OpsItem. For more information, see [Set up OpsCenter]in the Amazon
	// Web Services Systems Manager User Guide.
	//
	// Operations engineers and IT professionals use Amazon Web Services Systems
	// Manager OpsCenter to view, investigate, and remediate operational issues
	// impacting the performance and health of their Amazon Web Services resources. For
	// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
	//
	// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
	// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
	UpdateOpsItem(ctx context.Context, params *UpdateOpsItemInput, optFns ...func(*Options)) (*UpdateOpsItemOutput, error)
	// Amazon Web Services Systems Manager calls this API operation when you edit
	// OpsMetadata in Application Manager.
	UpdateOpsMetadata(ctx context.Context, params *UpdateOpsMetadataInput, optFns ...func(*Options)) (*UpdateOpsMetadataOutput, error)
	// Modifies an existing patch baseline. Fields not specified in the request are
	// left unchanged.
	//
	// For information about valid key-value pairs in PatchFilters for each supported
	// operating system type, see PatchFilter.
	UpdatePatchBaseline(ctx context.Context, params *UpdatePatchBaselineInput, optFns ...func(*Options)) (*UpdatePatchBaselineOutput, error)
	// Update a resource data sync. After you create a resource data sync for a
	// Region, you can't change the account options for that sync. For example, if you
	// create a sync in the us-east-2 (Ohio) Region and you choose the Include only
	// the current account option, you can't edit that sync later and choose the
	// Include all accounts from my Organizations configuration option. Instead, you
	// must delete the first resource data sync, and create a new one.
	//
	// This API operation only supports a resource data sync that was created with a
	// SyncFromSource SyncType .
	UpdateResourceDataSync(ctx context.Context, params *UpdateResourceDataSyncInput, optFns ...func(*Options)) (*UpdateResourceDataSyncOutput, error)
	// ServiceSetting is an account-level setting for an Amazon Web Services service.
	// This setting defines how a user interacts with or uses a service or a feature of
	// a service. For example, if an Amazon Web Services service charges money to the
	// account based on feature or service usage, then the Amazon Web Services service
	// team might create a default setting of "false". This means the user can't use
	// this feature unless they change the setting to "true" and intentionally opt in
	// for a paid feature.
	//
	// Services map a SettingId object to a setting value. Amazon Web Services
	// services teams define the default value for a SettingId . You can't create a new
	// SettingId , but you can overwrite the default value if you have the
	// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to
	// view the current value. Or, use the ResetServiceSettingto change the value back to the original
	// value defined by the Amazon Web Services service team.
	//
	// Update the service setting for the account.
	UpdateServiceSetting(ctx context.Context, params *UpdateServiceSettingInput, optFns ...func(*Options)) (*UpdateServiceSettingOutput, error)
}

SSM provides an interface to the AWS SSM service.

type STS

type STS interface {
	// GetCallerIdentity returns details about the IAM user or role whose credentials are used to call
	// the operation. No permissions are required to perform this operation. If an
	// administrator attaches a policy to your identity that explicitly denies access
	// to the sts:GetCallerIdentity action, you can still perform this operation.
	// Permissions are not required because the same information is returned when
	// access is denied. To view an example response, see I Am Not Authorized to
	// Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
	// in the IAM User Guide.
	GetCallerIdentity(ctx context.Context, params *sts.GetCallerIdentityInput, optFns ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
}

STS provides an interface to the AWS STS service.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL