Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ASG ¶ added in v0.92.0
type ASG interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() autoscaling.Options
// Attaches one or more EC2 instances to the specified Auto Scaling group.
//
// When you attach instances, Amazon EC2 Auto Scaling increases the desired
// capacity of the group by the number of instances being attached. If the number
// of instances being attached plus the desired capacity of the group exceeds the
// maximum size of the group, the operation fails.
//
// If there is a Classic Load Balancer attached to your Auto Scaling group, the
// instances are also registered with the load balancer. If there are target groups
// attached to your Auto Scaling group, the instances are also registered with the
// target groups.
//
// For more information, see [Detach or attach instances] in the Amazon EC2 Auto Scaling User Guide.
//
// [Detach or attach instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-detach-attach-instances.html
AttachInstances(ctx context.Context, params *AttachInstancesInput, optFns ...func(*Options)) (*AttachInstancesOutput, error)
// This API operation is superseded by [AttachTrafficSources], which can attach multiple traffic sources
// types. We recommend using AttachTrafficSources to simplify how you manage
// traffic sources. However, we continue to support AttachLoadBalancerTargetGroups
// . You can use both the original AttachLoadBalancerTargetGroups API operation
// and AttachTrafficSources on the same Auto Scaling group.
//
// Attaches one or more target groups to the specified Auto Scaling group.
//
// This operation is used with the following load balancer types:
//
// - Application Load Balancer - Operates at the application layer (layer 7) and
// supports HTTP and HTTPS.
//
// - Network Load Balancer - Operates at the transport layer (layer 4) and
// supports TCP, TLS, and UDP.
//
// - Gateway Load Balancer - Operates at the network layer (layer 3).
//
// To describe the target groups for an Auto Scaling group, call the [DescribeLoadBalancerTargetGroups] API. To
// detach the target group from the Auto Scaling group, call the [DetachLoadBalancerTargetGroups]API.
//
// This operation is additive and does not detach existing target groups or
// Classic Load Balancers from the Auto Scaling group.
//
// For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [DescribeLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancerTargetGroups.html
// [DetachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachLoadBalancerTargetGroups.html
// [AttachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
AttachLoadBalancerTargetGroups(ctx context.Context, params *AttachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*AttachLoadBalancerTargetGroupsOutput, error)
// This API operation is superseded by [https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html], which can attach multiple traffic sources
// types. We recommend using AttachTrafficSources to simplify how you manage
// traffic sources. However, we continue to support AttachLoadBalancers . You can
// use both the original AttachLoadBalancers API operation and AttachTrafficSources
// on the same Auto Scaling group.
//
// Attaches one or more Classic Load Balancers to the specified Auto Scaling
// group. Amazon EC2 Auto Scaling registers the running instances with these
// Classic Load Balancers.
//
// To describe the load balancers for an Auto Scaling group, call the [DescribeLoadBalancers] API. To
// detach a load balancer from the Auto Scaling group, call the [DetachLoadBalancers]API.
//
// This operation is additive and does not detach existing Classic Load Balancers
// or target groups from the Auto Scaling group.
//
// For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [DetachLoadBalancers]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachLoadBalancers.html
// [DescribeLoadBalancers]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancers.html
// [https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
AttachLoadBalancers(ctx context.Context, params *AttachLoadBalancersInput, optFns ...func(*Options)) (*AttachLoadBalancersOutput, error)
// Attaches one or more traffic sources to the specified Auto Scaling group.
//
// You can use any of the following as traffic sources for an Auto Scaling group:
//
// - Application Load Balancer
//
// - Classic Load Balancer
//
// - Gateway Load Balancer
//
// - Network Load Balancer
//
// - VPC Lattice
//
// This operation is additive and does not detach existing traffic sources from
// the Auto Scaling group.
//
// After the operation completes, use the [DescribeTrafficSources] API to return details about the state
// of the attachments between traffic sources and your Auto Scaling group. To
// detach a traffic source from the Auto Scaling group, call the [DetachTrafficSources]API.
//
// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
// [DetachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachTrafficSources.html
AttachTrafficSources(ctx context.Context, params *AttachTrafficSourcesInput, optFns ...func(*Options)) (*AttachTrafficSourcesOutput, error)
// Deletes one or more scheduled actions for the specified Auto Scaling group.
BatchDeleteScheduledAction(ctx context.Context, params *BatchDeleteScheduledActionInput, optFns ...func(*Options)) (*BatchDeleteScheduledActionOutput, error)
// Creates or updates one or more scheduled scaling actions for an Auto Scaling
// group.
BatchPutScheduledUpdateGroupAction(ctx context.Context, params *BatchPutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*BatchPutScheduledUpdateGroupActionOutput, error)
// Cancels an instance refresh or rollback that is in progress. If an instance
// refresh or rollback is not in progress, an ActiveInstanceRefreshNotFound error
// occurs.
//
// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
// update instances in your Auto Scaling group after you make configuration
// changes.
//
// When you cancel an instance refresh, this does not roll back any changes that
// it made. Use the [RollbackInstanceRefresh]API to roll back instead.
//
// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
// [RollbackInstanceRefresh]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_RollbackInstanceRefresh.html
CancelInstanceRefresh(ctx context.Context, params *CancelInstanceRefreshInput, optFns ...func(*Options)) (*CancelInstanceRefreshOutput, error)
// Completes the lifecycle action for the specified token or instance with the
// specified result.
//
// This step is a part of the procedure for adding a lifecycle hook to an Auto
// Scaling group:
//
// - (Optional) Create a launch template or launch configuration with a user
// data script that runs while an instance is in a wait state due to a lifecycle
// hook.
//
// - (Optional) Create a Lambda function and a rule that allows Amazon
// EventBridge to invoke your Lambda function when an instance is put into a wait
// state due to a lifecycle hook.
//
// - (Optional) Create a notification target and an IAM role. The target can be
// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
// Auto Scaling to publish lifecycle notifications to the target.
//
// - Create the lifecycle hook. Specify whether the hook is used when the
// instances launch or terminate.
//
// - If you need more time, record the lifecycle action heartbeat to keep the
// instance in a wait state.
//
// - If you finish before the timeout period ends, send a callback by using the [CompleteLifecycleAction]
// API call.
//
// For more information, see [Complete a lifecycle action] in the Amazon EC2 Auto Scaling User Guide.
//
// [CompleteLifecycleAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CompleteLifecycleAction.html
// [Complete a lifecycle action]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/completing-lifecycle-hooks.html
CompleteLifecycleAction(ctx context.Context, params *CompleteLifecycleActionInput, optFns ...func(*Options)) (*CompleteLifecycleActionOutput, error)
// We strongly recommend using a launch template when calling this operation to
//
// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2.
//
// Creates an Auto Scaling group with the specified name and attributes.
//
// If you exceed your maximum limit of Auto Scaling groups, the call fails. To
// query this limit, call the [DescribeAccountLimits]API. For information about updating this limit, see [Quotas for Amazon EC2 Auto Scaling]
// in the Amazon EC2 Auto Scaling User Guide.
//
// If you're new to Amazon EC2 Auto Scaling, see the introductory tutorials in [Get started with Amazon EC2 Auto Scaling] in
// the Amazon EC2 Auto Scaling User Guide.
//
// Every Auto Scaling group has three size properties ( DesiredCapacity , MaxSize ,
// and MinSize ). Usually, you set these sizes based on a specific number of
// instances. However, if you configure a mixed instances policy that defines
// weights for the instance types, you must specify these sizes with the same units
// that you use for weighting instances.
//
// [DescribeAccountLimits]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAccountLimits.html
// [Get started with Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/get-started-with-ec2-auto-scaling.html
// [Quotas for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html
CreateAutoScalingGroup(ctx context.Context, params *CreateAutoScalingGroupInput, optFns ...func(*Options)) (*CreateAutoScalingGroupOutput, error)
// Creates a launch configuration.
//
// If you exceed your maximum limit of launch configurations, the call fails. To
// query this limit, call the [DescribeAccountLimits]API. For information about updating this limit, see [Quotas for Amazon EC2 Auto Scaling]
// in the Amazon EC2 Auto Scaling User Guide.
//
// For more information, see [Launch configurations] in the Amazon EC2 Auto Scaling User Guide.
//
// Amazon EC2 Auto Scaling configures instances launched as part of an Auto
// Scaling group using either a launch template or a launch configuration. We
// strongly recommend that you do not use launch configurations. They do not
// provide full functionality for Amazon EC2 Auto Scaling or Amazon EC2. For
// information about using launch templates, see [Launch templates]in the Amazon EC2 Auto Scaling
// User Guide.
//
// [DescribeAccountLimits]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAccountLimits.html
// [Quotas for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html
// [Launch configurations]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html
// [Launch templates]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-templates.html
CreateLaunchConfiguration(ctx context.Context, params *CreateLaunchConfigurationInput, optFns ...func(*Options)) (*CreateLaunchConfigurationOutput, error)
// Creates or updates tags for the specified Auto Scaling group.
//
// When you specify a tag with a key that already exists, the operation overwrites
// the previous tag definition, and you do not get an error message.
//
// For more information, see [Tag Auto Scaling groups and instances] in the Amazon EC2 Auto Scaling User Guide.
//
// [Tag Auto Scaling groups and instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html
CreateOrUpdateTags(ctx context.Context, params *CreateOrUpdateTagsInput, optFns ...func(*Options)) (*CreateOrUpdateTagsOutput, error)
// Deletes the specified Auto Scaling group.
//
// If the group has instances or scaling activities in progress, you must specify
// the option to force the deletion in order for it to succeed. The force delete
// operation will also terminate the EC2 instances. If the group has a warm pool,
// the force delete option also deletes the warm pool.
//
// To remove instances from the Auto Scaling group before deleting it, call the [DetachInstances]
// API with the list of instances and the option to decrement the desired capacity.
// This ensures that Amazon EC2 Auto Scaling does not launch replacement instances.
//
// To terminate all instances before deleting the Auto Scaling group, call the [UpdateAutoScalingGroup]
// API and set the minimum size and desired capacity of the Auto Scaling group to
// zero.
//
// If the group has scaling policies, deleting the group deletes the policies, the
// underlying alarm actions, and any alarm that no longer has an associated action.
//
// For more information, see [Delete your Auto Scaling infrastructure] in the Amazon EC2 Auto Scaling User Guide.
//
// [Delete your Auto Scaling infrastructure]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-process-shutdown.html
// [DetachInstances]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachInstances.html
// [UpdateAutoScalingGroup]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_UpdateAutoScalingGroup.html
DeleteAutoScalingGroup(ctx context.Context, params *DeleteAutoScalingGroupInput, optFns ...func(*Options)) (*DeleteAutoScalingGroupOutput, error)
// Deletes the specified launch configuration.
//
// The launch configuration must not be attached to an Auto Scaling group. When
// this call completes, the launch configuration is no longer available for use.
DeleteLaunchConfiguration(ctx context.Context, params *DeleteLaunchConfigurationInput, optFns ...func(*Options)) (*DeleteLaunchConfigurationOutput, error)
// Deletes the specified lifecycle hook.
//
// If there are any outstanding lifecycle actions, they are completed first (
// ABANDON for launching instances, CONTINUE for terminating instances).
DeleteLifecycleHook(ctx context.Context, params *DeleteLifecycleHookInput, optFns ...func(*Options)) (*DeleteLifecycleHookOutput, error)
// Deletes the specified notification.
DeleteNotificationConfiguration(ctx context.Context, params *DeleteNotificationConfigurationInput, optFns ...func(*Options)) (*DeleteNotificationConfigurationOutput, error)
// Deletes the specified scaling policy.
//
// Deleting either a step scaling policy or a simple scaling policy deletes the
// underlying alarm action, but does not delete the alarm, even if it no longer has
// an associated action.
//
// For more information, see [Delete a scaling policy] in the Amazon EC2 Auto Scaling User Guide.
//
// [Delete a scaling policy]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/deleting-scaling-policy.html
DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error)
// Deletes the specified scheduled action.
DeleteScheduledAction(ctx context.Context, params *DeleteScheduledActionInput, optFns ...func(*Options)) (*DeleteScheduledActionOutput, error)
// Deletes the specified tags.
DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error)
// Deletes the warm pool for the specified Auto Scaling group.
//
// For more information, see [Warm pools for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Warm pools for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html
DeleteWarmPool(ctx context.Context, params *DeleteWarmPoolInput, optFns ...func(*Options)) (*DeleteWarmPoolOutput, error)
// Describes the current Amazon EC2 Auto Scaling resource quotas for your account.
//
// When you establish an Amazon Web Services account, the account has initial
// quotas on the maximum number of Auto Scaling groups and launch configurations
// that you can create in a given Region. For more information, see [Quotas for Amazon EC2 Auto Scaling]in the Amazon
// EC2 Auto Scaling User Guide.
//
// [Quotas for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Describes the available adjustment types for step scaling and simple scaling
// policies.
//
// The following adjustment types are supported:
//
// - ChangeInCapacity
//
// - ExactCapacity
//
// - PercentChangeInCapacity
DescribeAdjustmentTypes(ctx context.Context, params *DescribeAdjustmentTypesInput, optFns ...func(*Options)) (*DescribeAdjustmentTypesOutput, error)
// Gets information about the Auto Scaling groups in the account and Region.
//
// If you specify Auto Scaling group names, the output includes information for
// only the specified Auto Scaling groups. If you specify filters, the output
// includes information for only those Auto Scaling groups that meet the filter
// criteria. If you do not specify group names or filters, the output includes
// information for all Auto Scaling groups.
//
// This operation also returns information about instances in Auto Scaling groups.
// To retrieve information about the instances in a warm pool, you must call the [DescribeWarmPool]
// API.
//
// [DescribeWarmPool]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeWarmPool.html
DescribeAutoScalingGroups(ctx context.Context, params *DescribeAutoScalingGroupsInput, optFns ...func(*Options)) (*DescribeAutoScalingGroupsOutput, error)
// Gets information about the Auto Scaling instances in the account and Region.
DescribeAutoScalingInstances(ctx context.Context, params *DescribeAutoScalingInstancesInput, optFns ...func(*Options)) (*DescribeAutoScalingInstancesOutput, error)
// Describes the notification types that are supported by Amazon EC2 Auto Scaling.
DescribeAutoScalingNotificationTypes(ctx context.Context, params *DescribeAutoScalingNotificationTypesInput, optFns ...func(*Options)) (*DescribeAutoScalingNotificationTypesOutput, error)
// Gets information about the instance refreshes for the specified Auto Scaling
// group from the previous six weeks.
//
// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
// update instances in your Auto Scaling group after you make configuration
// changes.
//
// To help you determine the status of an instance refresh, Amazon EC2 Auto
// Scaling returns information about the instance refreshes you previously
// initiated, including their status, start time, end time, the percentage of the
// instance refresh that is complete, and the number of instances remaining to
// update before the instance refresh is complete. If a rollback is initiated while
// an instance refresh is in progress, Amazon EC2 Auto Scaling also returns
// information about the rollback of the instance refresh.
//
// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
DescribeInstanceRefreshes(ctx context.Context, params *DescribeInstanceRefreshesInput, optFns ...func(*Options)) (*DescribeInstanceRefreshesOutput, error)
// Gets information about the launch configurations in the account and Region.
DescribeLaunchConfigurations(ctx context.Context, params *DescribeLaunchConfigurationsInput, optFns ...func(*Options)) (*DescribeLaunchConfigurationsOutput, error)
// Describes the available types of lifecycle hooks.
//
// The following hook types are supported:
//
// - autoscaling:EC2_INSTANCE_LAUNCHING
//
// - autoscaling:EC2_INSTANCE_TERMINATING
DescribeLifecycleHookTypes(ctx context.Context, params *DescribeLifecycleHookTypesInput, optFns ...func(*Options)) (*DescribeLifecycleHookTypesOutput, error)
// Gets information about the lifecycle hooks for the specified Auto Scaling group.
DescribeLifecycleHooks(ctx context.Context, params *DescribeLifecycleHooksInput, optFns ...func(*Options)) (*DescribeLifecycleHooksOutput, error)
// This API operation is superseded by [DescribeTrafficSources], which can describe multiple traffic
// sources types. We recommend using DetachTrafficSources to simplify how you
// manage traffic sources. However, we continue to support
// DescribeLoadBalancerTargetGroups . You can use both the original
// DescribeLoadBalancerTargetGroups API operation and DescribeTrafficSources on
// the same Auto Scaling group.
//
// Gets information about the Elastic Load Balancing target groups for the
// specified Auto Scaling group.
//
// To determine the attachment status of the target group, use the State element
// in the response. When you attach a target group to an Auto Scaling group, the
// initial State value is Adding . The state transitions to Added after all Auto
// Scaling instances are registered with the target group. If Elastic Load
// Balancing health checks are enabled for the Auto Scaling group, the state
// transitions to InService after at least one Auto Scaling instance passes the
// health check. When the target group is in the InService state, Amazon EC2 Auto
// Scaling can terminate and replace any instances that are reported as unhealthy.
// If no registered instances pass the health checks, the target group doesn't
// enter the InService state.
//
// Target groups also have an InService state if you attach them in the [CreateAutoScalingGroup] API call.
// If your target group state is InService , but it is not working properly, check
// the scaling activities by calling [DescribeScalingActivities]and take any corrective actions necessary.
//
// For help with failed health checks, see [Troubleshooting Amazon EC2 Auto Scaling: Health checks] in the Amazon EC2 Auto Scaling User
// Guide. For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]in the Amazon EC2 Auto Scaling User Guide.
//
// You can use this operation to describe target groups that were attached by
// using [AttachLoadBalancerTargetGroups], but not for target groups that were attached by using [AttachTrafficSources].
//
// [Troubleshooting Amazon EC2 Auto Scaling: Health checks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html
// [AttachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachLoadBalancerTargetGroups.html
// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
// [CreateAutoScalingGroup]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CreateAutoScalingGroup.html
// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
// [AttachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
DescribeLoadBalancerTargetGroups(ctx context.Context, params *DescribeLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DescribeLoadBalancerTargetGroupsOutput, error)
// This API operation is superseded by [DescribeTrafficSources], which can describe multiple traffic
// sources types. We recommend using DescribeTrafficSources to simplify how you
// manage traffic sources. However, we continue to support DescribeLoadBalancers .
// You can use both the original DescribeLoadBalancers API operation and
// DescribeTrafficSources on the same Auto Scaling group.
//
// Gets information about the load balancers for the specified Auto Scaling group.
//
// This operation describes only Classic Load Balancers. If you have Application
// Load Balancers, Network Load Balancers, or Gateway Load Balancers, use the [DescribeLoadBalancerTargetGroups]API
// instead.
//
// To determine the attachment status of the load balancer, use the State element
// in the response. When you attach a load balancer to an Auto Scaling group, the
// initial State value is Adding . The state transitions to Added after all Auto
// Scaling instances are registered with the load balancer. If Elastic Load
// Balancing health checks are enabled for the Auto Scaling group, the state
// transitions to InService after at least one Auto Scaling instance passes the
// health check. When the load balancer is in the InService state, Amazon EC2 Auto
// Scaling can terminate and replace any instances that are reported as unhealthy.
// If no registered instances pass the health checks, the load balancer doesn't
// enter the InService state.
//
// Load balancers also have an InService state if you attach them in the [CreateAutoScalingGroup] API
// call. If your load balancer state is InService , but it is not working properly,
// check the scaling activities by calling [DescribeScalingActivities]and take any corrective actions
// necessary.
//
// For help with failed health checks, see [Troubleshooting Amazon EC2 Auto Scaling: Health checks] in the Amazon EC2 Auto Scaling User
// Guide. For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]in the Amazon EC2 Auto Scaling User Guide.
//
// [Troubleshooting Amazon EC2 Auto Scaling: Health checks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html
// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
// [DescribeLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancerTargetGroups.html
// [CreateAutoScalingGroup]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CreateAutoScalingGroup.html
// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
// Describes the available CloudWatch metrics for Amazon EC2 Auto Scaling.
DescribeMetricCollectionTypes(ctx context.Context, params *DescribeMetricCollectionTypesInput, optFns ...func(*Options)) (*DescribeMetricCollectionTypesOutput, error)
// Gets information about the Amazon SNS notifications that are configured for one
// or more Auto Scaling groups.
DescribeNotificationConfigurations(ctx context.Context, params *DescribeNotificationConfigurationsInput, optFns ...func(*Options)) (*DescribeNotificationConfigurationsOutput, error)
// Gets information about the scaling policies in the account and Region.
DescribePolicies(ctx context.Context, params *DescribePoliciesInput, optFns ...func(*Options)) (*DescribePoliciesOutput, error)
// Gets information about the scaling activities in the account and Region.
//
// When scaling events occur, you see a record of the scaling activity in the
// scaling activities. For more information, see [Verify a scaling activity for an Auto Scaling group]in the Amazon EC2 Auto Scaling
// User Guide.
//
// If the scaling event succeeds, the value of the StatusCode element in the
// response is Successful . If an attempt to launch instances failed, the
// StatusCode value is Failed or Cancelled and the StatusMessage element in the
// response indicates the cause of the failure. For help interpreting the
// StatusMessage , see [Troubleshooting Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Troubleshooting Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/CHAP_Troubleshooting.html
// [Verify a scaling activity for an Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html
DescribeScalingActivities(ctx context.Context, params *DescribeScalingActivitiesInput, optFns ...func(*Options)) (*DescribeScalingActivitiesOutput, error)
// Describes the scaling process types for use with the [ResumeProcesses] and [SuspendProcesses] APIs.
//
// [ResumeProcesses]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_ResumeProcesses.html
// [SuspendProcesses]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_SuspendProcesses.html
DescribeScalingProcessTypes(ctx context.Context, params *DescribeScalingProcessTypesInput, optFns ...func(*Options)) (*DescribeScalingProcessTypesOutput, error)
// Gets information about the scheduled actions that haven't run or that have not
// reached their end time.
//
// To describe the scaling activities for scheduled actions that have already run,
// call the [DescribeScalingActivities]API.
//
// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
DescribeScheduledActions(ctx context.Context, params *DescribeScheduledActionsInput, optFns ...func(*Options)) (*DescribeScheduledActionsOutput, error)
// Describes the specified tags.
//
// You can use filters to limit the results. For example, you can query for the
// tags for a specific Auto Scaling group. You can specify multiple values for a
// filter. A tag must match at least one of the specified values for it to be
// included in the results.
//
// You can also specify multiple filters. The result includes information for a
// particular tag only if it matches all the filters. If there's no match, no
// special message is returned.
//
// For more information, see [Tag Auto Scaling groups and instances] in the Amazon EC2 Auto Scaling User Guide.
//
// [Tag Auto Scaling groups and instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Describes the termination policies supported by Amazon EC2 Auto Scaling.
//
// For more information, see [Configure termination policies for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Configure termination policies for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html
DescribeTerminationPolicyTypes(ctx context.Context, params *DescribeTerminationPolicyTypesInput, optFns ...func(*Options)) (*DescribeTerminationPolicyTypesOutput, error)
// Gets information about the traffic sources for the specified Auto Scaling group.
//
// You can optionally provide a traffic source type. If you provide a traffic
// source type, then the results only include that traffic source type.
//
// If you do not provide a traffic source type, then the results include all the
// traffic sources for the specified Auto Scaling group.
DescribeTrafficSources(ctx context.Context, params *DescribeTrafficSourcesInput, optFns ...func(*Options)) (*DescribeTrafficSourcesOutput, error)
// Gets information about a warm pool and its instances.
//
// For more information, see [Warm pools for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Warm pools for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html
DescribeWarmPool(ctx context.Context, params *DescribeWarmPoolInput, optFns ...func(*Options)) (*DescribeWarmPoolOutput, error)
// Removes one or more instances from the specified Auto Scaling group.
//
// After the instances are detached, you can manage them independent of the Auto
// Scaling group.
//
// If you do not specify the option to decrement the desired capacity, Amazon EC2
// Auto Scaling launches instances to replace the ones that are detached.
//
// If there is a Classic Load Balancer attached to the Auto Scaling group, the
// instances are deregistered from the load balancer. If there are target groups
// attached to the Auto Scaling group, the instances are deregistered from the
// target groups.
//
// For more information, see [Detach or attach instances] in the Amazon EC2 Auto Scaling User Guide.
//
// [Detach or attach instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-detach-attach-instances.html
DetachInstances(ctx context.Context, params *DetachInstancesInput, optFns ...func(*Options)) (*DetachInstancesOutput, error)
// This API operation is superseded by [DetachTrafficSources], which can detach multiple traffic sources
// types. We recommend using DetachTrafficSources to simplify how you manage
// traffic sources. However, we continue to support DetachLoadBalancerTargetGroups
// . You can use both the original DetachLoadBalancerTargetGroups API operation
// and DetachTrafficSources on the same Auto Scaling group.
//
// Detaches one or more target groups from the specified Auto Scaling group.
//
// When you detach a target group, it enters the Removing state while
// deregistering the instances in the group. When all instances are deregistered,
// then you can no longer describe the target group using the [DescribeLoadBalancerTargetGroups]API call. The
// instances remain running.
//
// You can use this operation to detach target groups that were attached by using [AttachLoadBalancerTargetGroups]
// , but not for target groups that were attached by using [AttachTrafficSources].
//
// [AttachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachLoadBalancerTargetGroups.html
// [DescribeLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancerTargetGroups.html
// [DetachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
// [AttachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
DetachLoadBalancerTargetGroups(ctx context.Context, params *DetachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*DetachLoadBalancerTargetGroupsOutput, error)
// This API operation is superseded by [DetachTrafficSources], which can detach multiple traffic sources
// types. We recommend using DetachTrafficSources to simplify how you manage
// traffic sources. However, we continue to support DetachLoadBalancers . You can
// use both the original DetachLoadBalancers API operation and DetachTrafficSources
// on the same Auto Scaling group.
//
// Detaches one or more Classic Load Balancers from the specified Auto Scaling
// group.
//
// This operation detaches only Classic Load Balancers. If you have Application
// Load Balancers, Network Load Balancers, or Gateway Load Balancers, use the [DetachLoadBalancerTargetGroups]API
// instead.
//
// When you detach a load balancer, it enters the Removing state while
// deregistering the instances in the group. When all instances are deregistered,
// then you can no longer describe the load balancer using the [DescribeLoadBalancers]API call. The
// instances remain running.
//
// [DetachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachLoadBalancerTargetGroups.html
// [DescribeLoadBalancers]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancers.html
// [DetachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachTrafficSources.html
DetachLoadBalancers(ctx context.Context, params *DetachLoadBalancersInput, optFns ...func(*Options)) (*DetachLoadBalancersOutput, error)
// Detaches one or more traffic sources from the specified Auto Scaling group.
//
// When you detach a traffic source, it enters the Removing state while
// deregistering the instances in the group. When all instances are deregistered,
// then you can no longer describe the traffic source using the [DescribeTrafficSources]API call. The
// instances continue to run.
//
// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
DetachTrafficSources(ctx context.Context, params *DetachTrafficSourcesInput, optFns ...func(*Options)) (*DetachTrafficSourcesOutput, error)
// Disables group metrics collection for the specified Auto Scaling group.
DisableMetricsCollection(ctx context.Context, params *DisableMetricsCollectionInput, optFns ...func(*Options)) (*DisableMetricsCollectionOutput, error)
// Enables group metrics collection for the specified Auto Scaling group.
//
// You can use these metrics to track changes in an Auto Scaling group and to set
// alarms on threshold values. You can view group metrics using the Amazon EC2 Auto
// Scaling console or the CloudWatch console. For more information, see [Monitor CloudWatch metrics for your Auto Scaling groups and instances]in the
// Amazon EC2 Auto Scaling User Guide.
//
// [Monitor CloudWatch metrics for your Auto Scaling groups and instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-cloudwatch-monitoring.html
EnableMetricsCollection(ctx context.Context, params *EnableMetricsCollectionInput, optFns ...func(*Options)) (*EnableMetricsCollectionOutput, error)
// Moves the specified instances into the standby state.
//
// If you choose to decrement the desired capacity of the Auto Scaling group, the
// instances can enter standby as long as the desired capacity of the Auto Scaling
// group after the instances are placed into standby is equal to or greater than
// the minimum capacity of the group.
//
// If you choose not to decrement the desired capacity of the Auto Scaling group,
// the Auto Scaling group launches new instances to replace the instances on
// standby.
//
// For more information, see [Temporarily removing instances from your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [Temporarily removing instances from your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html
EnterStandby(ctx context.Context, params *EnterStandbyInput, optFns ...func(*Options)) (*EnterStandbyOutput, error)
// Executes the specified policy. This can be useful for testing the design of
// your scaling policy.
ExecutePolicy(ctx context.Context, params *ExecutePolicyInput, optFns ...func(*Options)) (*ExecutePolicyOutput, error)
// Moves the specified instances out of the standby state.
//
// After you put the instances back in service, the desired capacity is
// incremented.
//
// For more information, see [Temporarily removing instances from your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [Temporarily removing instances from your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html
ExitStandby(ctx context.Context, params *ExitStandbyInput, optFns ...func(*Options)) (*ExitStandbyOutput, error)
// Retrieves the forecast data for a predictive scaling policy.
//
// Load forecasts are predictions of the hourly load values using historical load
// data from CloudWatch and an analysis of historical trends. Capacity forecasts
// are represented as predicted values for the minimum capacity that is needed on
// an hourly basis, based on the hourly load forecast.
//
// A minimum of 24 hours of data is required to create the initial forecasts.
// However, having a full 14 days of historical data results in more accurate
// forecasts.
//
// For more information, see [Predictive scaling for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Predictive scaling for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html
GetPredictiveScalingForecast(ctx context.Context, params *GetPredictiveScalingForecastInput, optFns ...func(*Options)) (*GetPredictiveScalingForecastOutput, error)
// Creates or updates a lifecycle hook for the specified Auto Scaling group.
//
// Lifecycle hooks let you create solutions that are aware of events in the Auto
// Scaling instance lifecycle, and then perform a custom action on instances when
// the corresponding lifecycle event occurs.
//
// This step is a part of the procedure for adding a lifecycle hook to an Auto
// Scaling group:
//
// - (Optional) Create a launch template or launch configuration with a user
// data script that runs while an instance is in a wait state due to a lifecycle
// hook.
//
// - (Optional) Create a Lambda function and a rule that allows Amazon
// EventBridge to invoke your Lambda function when an instance is put into a wait
// state due to a lifecycle hook.
//
// - (Optional) Create a notification target and an IAM role. The target can be
// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
// Auto Scaling to publish lifecycle notifications to the target.
//
// - Create the lifecycle hook. Specify whether the hook is used when the
// instances launch or terminate.
//
// - If you need more time, record the lifecycle action heartbeat to keep the
// instance in a wait state using the [RecordLifecycleActionHeartbeat]API call.
//
// - If you finish before the timeout period ends, send a callback by using the [CompleteLifecycleAction]
// API call.
//
// For more information, see [Amazon EC2 Auto Scaling lifecycle hooks] in the Amazon EC2 Auto Scaling User Guide.
//
// If you exceed your maximum limit of lifecycle hooks, which by default is 50 per
// Auto Scaling group, the call fails.
//
// You can view the lifecycle hooks for an Auto Scaling group using the [DescribeLifecycleHooks] API call.
// If you are no longer using a lifecycle hook, you can delete it by calling the [DeleteLifecycleHook]
// API.
//
// [RecordLifecycleActionHeartbeat]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_RecordLifecycleActionHeartbeat.html
// [CompleteLifecycleAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CompleteLifecycleAction.html
// [Amazon EC2 Auto Scaling lifecycle hooks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
// [DescribeLifecycleHooks]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLifecycleHooks.html
// [DeleteLifecycleHook]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeleteLifecycleHook.html
PutLifecycleHook(ctx context.Context, params *PutLifecycleHookInput, optFns ...func(*Options)) (*PutLifecycleHookOutput, error)
// Configures an Auto Scaling group to send notifications when specified events
// take place. Subscribers to the specified topic can have messages delivered to an
// endpoint such as a web server or an email address.
//
// This configuration overwrites any existing configuration.
//
// For more information, see [Amazon SNS notification options for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// If you exceed your maximum limit of SNS topics, which is 10 per Auto Scaling
// group, the call fails.
//
// [Amazon SNS notification options for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-sns-notifications.html
PutNotificationConfiguration(ctx context.Context, params *PutNotificationConfigurationInput, optFns ...func(*Options)) (*PutNotificationConfigurationOutput, error)
// Creates or updates a scaling policy for an Auto Scaling group. Scaling policies
// are used to scale an Auto Scaling group based on configurable metrics. If no
// policies are defined, the dynamic scaling and predictive scaling features are
// not used.
//
// For more information about using dynamic scaling, see [Target tracking scaling policies] and [Step and simple scaling policies] in the Amazon EC2
// Auto Scaling User Guide.
//
// For more information about using predictive scaling, see [Predictive scaling for Amazon EC2 Auto Scaling] in the Amazon EC2
// Auto Scaling User Guide.
//
// You can view the scaling policies for an Auto Scaling group using the [DescribePolicies] API
// call. If you are no longer using a scaling policy, you can delete it by calling
// the [DeletePolicy]API.
//
// [Step and simple scaling policies]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html
// [DeletePolicy]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeletePolicy.html
// [Target tracking scaling policies]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html
// [DescribePolicies]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribePolicies.html
// [Predictive scaling for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html
PutScalingPolicy(ctx context.Context, params *PutScalingPolicyInput, optFns ...func(*Options)) (*PutScalingPolicyOutput, error)
// Creates or updates a scheduled scaling action for an Auto Scaling group.
//
// For more information, see [Scheduled scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// You can view the scheduled actions for an Auto Scaling group using the [DescribeScheduledActions] API
// call. If you are no longer using a scheduled action, you can delete it by
// calling the [DeleteScheduledAction]API.
//
// If you try to schedule your action in the past, Amazon EC2 Auto Scaling returns
// an error message.
//
// [DeleteScheduledAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeleteScheduledAction.html
// [DescribeScheduledActions]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScheduledActions.html
// [Scheduled scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scheduled-scaling.html
PutScheduledUpdateGroupAction(ctx context.Context, params *PutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*PutScheduledUpdateGroupActionOutput, error)
// Creates or updates a warm pool for the specified Auto Scaling group. A warm
// pool is a pool of pre-initialized EC2 instances that sits alongside the Auto
// Scaling group. Whenever your application needs to scale out, the Auto Scaling
// group can draw on the warm pool to meet its new desired capacity.
//
// This operation must be called from the Region in which the Auto Scaling group
// was created.
//
// You can view the instances in the warm pool using the [DescribeWarmPool] API call. If you are no
// longer using a warm pool, you can delete it by calling the [DeleteWarmPool]API.
//
// For more information, see [Warm pools for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [DeleteWarmPool]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeleteWarmPool.html
// [DescribeWarmPool]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeWarmPool.html
// [Warm pools for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html
PutWarmPool(ctx context.Context, params *PutWarmPoolInput, optFns ...func(*Options)) (*PutWarmPoolOutput, error)
// Records a heartbeat for the lifecycle action associated with the specified
// token or instance. This extends the timeout by the length of time defined using
// the [PutLifecycleHook]API call.
//
// This step is a part of the procedure for adding a lifecycle hook to an Auto
// Scaling group:
//
// - (Optional) Create a launch template or launch configuration with a user
// data script that runs while an instance is in a wait state due to a lifecycle
// hook.
//
// - (Optional) Create a Lambda function and a rule that allows Amazon
// EventBridge to invoke your Lambda function when an instance is put into a wait
// state due to a lifecycle hook.
//
// - (Optional) Create a notification target and an IAM role. The target can be
// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
// Auto Scaling to publish lifecycle notifications to the target.
//
// - Create the lifecycle hook. Specify whether the hook is used when the
// instances launch or terminate.
//
// - If you need more time, record the lifecycle action heartbeat to keep the
// instance in a wait state.
//
// - If you finish before the timeout period ends, send a callback by using the [CompleteLifecycleAction]
// API call.
//
// For more information, see [Amazon EC2 Auto Scaling lifecycle hooks] in the Amazon EC2 Auto Scaling User Guide.
//
// [CompleteLifecycleAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CompleteLifecycleAction.html
// [Amazon EC2 Auto Scaling lifecycle hooks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
// [PutLifecycleHook]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutLifecycleHook.html
RecordLifecycleActionHeartbeat(ctx context.Context, params *RecordLifecycleActionHeartbeatInput, optFns ...func(*Options)) (*RecordLifecycleActionHeartbeatOutput, error)
// Resumes the specified suspended auto scaling processes, or all suspended
// process, for the specified Auto Scaling group.
//
// For more information, see [Suspend and resume Amazon EC2 Auto Scaling processes] in the Amazon EC2 Auto Scaling User Guide.
//
// [Suspend and resume Amazon EC2 Auto Scaling processes]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html
ResumeProcesses(ctx context.Context, params *ResumeProcessesInput, optFns ...func(*Options)) (*ResumeProcessesOutput, error)
// Cancels an instance refresh that is in progress and rolls back any changes that
// it made. Amazon EC2 Auto Scaling replaces any instances that were replaced
// during the instance refresh. This restores your Auto Scaling group to the
// configuration that it was using before the start of the instance refresh.
//
// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
// update instances in your Auto Scaling group after you make configuration
// changes.
//
// A rollback is not supported in the following situations:
//
// - There is no desired configuration specified for the instance refresh.
//
// - The Auto Scaling group has a launch template that uses an Amazon Web
// Services Systems Manager parameter instead of an AMI ID for the ImageId
// property.
//
// - The Auto Scaling group uses the launch template's $Latest or $Default
// version.
//
// When you receive a successful response from this operation, Amazon EC2 Auto
// Scaling immediately begins replacing instances. You can check the status of this
// operation through the [DescribeInstanceRefreshes]API operation.
//
// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
// [DescribeInstanceRefreshes]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeInstanceRefreshes.html
RollbackInstanceRefresh(ctx context.Context, params *RollbackInstanceRefreshInput, optFns ...func(*Options)) (*RollbackInstanceRefreshOutput, error)
// Sets the size of the specified Auto Scaling group.
//
// If a scale-in activity occurs as a result of a new DesiredCapacity value that
// is lower than the current size of the group, the Auto Scaling group uses its
// termination policy to determine which instances to terminate.
//
// For more information, see [Manual scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Manual scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scaling-manually.html
SetDesiredCapacity(ctx context.Context, params *SetDesiredCapacityInput, optFns ...func(*Options)) (*SetDesiredCapacityOutput, error)
// Sets the health status of the specified instance.
//
// For more information, see [Set up a custom health check for your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [Set up a custom health check for your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/set-up-a-custom-health-check.html
SetInstanceHealth(ctx context.Context, params *SetInstanceHealthInput, optFns ...func(*Options)) (*SetInstanceHealthOutput, error)
// Updates the instance protection settings of the specified instances. This
// operation cannot be called on instances in a warm pool.
//
// For more information, see [Use instance scale-in protection] in the Amazon EC2 Auto Scaling User Guide.
//
// If you exceed your maximum limit of instance IDs, which is 50 per Auto Scaling
// group, the call fails.
//
// [Use instance scale-in protection]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html
SetInstanceProtection(ctx context.Context, params *SetInstanceProtectionInput, optFns ...func(*Options)) (*SetInstanceProtectionOutput, error)
// Starts an instance refresh.
//
// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
// update instances in your Auto Scaling group. This feature is helpful, for
// example, when you have a new AMI or a new user data script. You just need to
// create a new launch template that specifies the new AMI or user data script.
// Then start an instance refresh to immediately begin the process of updating
// instances in the group.
//
// If successful, the request's response contains a unique ID that you can use to
// track the progress of the instance refresh. To query its status, call the [DescribeInstanceRefreshes]API.
// To describe the instance refreshes that have already run, call the [DescribeInstanceRefreshes]API. To
// cancel an instance refresh that is in progress, use the [CancelInstanceRefresh]API.
//
// An instance refresh might fail for several reasons, such as EC2 launch
// failures, misconfigured health checks, or not ignoring or allowing the
// termination of instances that are in Standby state or protected from scale in.
// You can monitor for failed EC2 launches using the scaling activities. To find
// the scaling activities, call the [DescribeScalingActivities]API.
//
// If you enable auto rollback, your Auto Scaling group will be rolled back
// automatically when the instance refresh fails. You can enable this feature
// before starting an instance refresh by specifying the AutoRollback property in
// the instance refresh preferences. Otherwise, to roll back an instance refresh
// before it finishes, use the [RollbackInstanceRefresh]API.
//
// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
// [DescribeInstanceRefreshes]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeInstanceRefreshes.html
// [CancelInstanceRefresh]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CancelInstanceRefresh.html
// [RollbackInstanceRefresh]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_RollbackInstanceRefresh.html
StartInstanceRefresh(ctx context.Context, params *StartInstanceRefreshInput, optFns ...func(*Options)) (*StartInstanceRefreshOutput, error)
// Suspends the specified auto scaling processes, or all processes, for the
// specified Auto Scaling group.
//
// If you suspend either the Launch or Terminate process types, it can prevent
// other process types from functioning properly. For more information, see [Suspend and resume Amazon EC2 Auto Scaling processes]in the
// Amazon EC2 Auto Scaling User Guide.
//
// To resume processes that have been suspended, call the [ResumeProcesses] API.
//
// [ResumeProcesses]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_ResumeProcesses.html
// [Suspend and resume Amazon EC2 Auto Scaling processes]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html
SuspendProcesses(ctx context.Context, params *SuspendProcessesInput, optFns ...func(*Options)) (*SuspendProcessesOutput, error)
// Terminates the specified instance and optionally adjusts the desired group
// size. This operation cannot be called on instances in a warm pool.
//
// This call simply makes a termination request. The instance is not terminated
// immediately. When an instance is terminated, the instance status changes to
// terminated . You can't connect to or start an instance after you've terminated
// it.
//
// If you do not specify the option to decrement the desired capacity, Amazon EC2
// Auto Scaling launches instances to replace the ones that are terminated.
//
// By default, Amazon EC2 Auto Scaling balances instances across all Availability
// Zones. If you decrement the desired capacity, your Auto Scaling group can become
// unbalanced between Availability Zones. Amazon EC2 Auto Scaling tries to
// rebalance the group, and rebalancing might terminate instances in other zones.
// For more information, see [Manual scaling]in the Amazon EC2 Auto Scaling User Guide.
//
// [Manual scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scaling-manually.html
TerminateInstanceInAutoScalingGroup(ctx context.Context, params *TerminateInstanceInAutoScalingGroupInput, optFns ...func(*Options)) (*TerminateInstanceInAutoScalingGroupOutput, error)
// We strongly recommend that all Auto Scaling groups use launch templates to
//
// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2.
//
// Updates the configuration for the specified Auto Scaling group.
//
// To update an Auto Scaling group, specify the name of the group and the property
// that you want to change. Any properties that you don't specify are not changed
// by this update request. The new settings take effect on any scaling activities
// after this call returns.
//
// If you associate a new launch configuration or template with an Auto Scaling
// group, all new instances will get the updated configuration. Existing instances
// continue to run with the configuration that they were originally launched with.
// When you update a group to specify a mixed instances policy instead of a launch
// configuration or template, existing instances may be replaced to match the new
// purchasing options that you specified in the policy. For example, if the group
// currently has 100% On-Demand capacity and the policy specifies 50% Spot
// capacity, this means that half of your instances will be gradually terminated
// and relaunched as Spot Instances. When replacing instances, Amazon EC2 Auto
// Scaling launches new instances before terminating the old ones, so that updating
// your group does not compromise the performance or availability of your
// application.
//
// Note the following about changing DesiredCapacity , MaxSize , or MinSize :
//
// - If a scale-in activity occurs as a result of a new DesiredCapacity value
// that is lower than the current size of the group, the Auto Scaling group uses
// its termination policy to determine which instances to terminate.
//
// - If you specify a new value for MinSize without specifying a value for
// DesiredCapacity , and the new MinSize is larger than the current size of the
// group, this sets the group's DesiredCapacity to the new MinSize value.
//
// - If you specify a new value for MaxSize without specifying a value for
// DesiredCapacity , and the new MaxSize is smaller than the current size of the
// group, this sets the group's DesiredCapacity to the new MaxSize value.
//
// To see which properties have been set, call the [DescribeAutoScalingGroups] API. To view the scaling
// policies for an Auto Scaling group, call the [DescribePolicies]API. If the group has scaling
// policies, you can update them by calling the [PutScalingPolicy]API.
//
// [DescribeAutoScalingGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAutoScalingGroups.html
// [DescribePolicies]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribePolicies.html
// [PutScalingPolicy]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutScalingPolicy.html
UpdateAutoScalingGroup(ctx context.Context, params *UpdateAutoScalingGroupInput, optFns ...func(*Options)) (*UpdateAutoScalingGroupOutput, error)
}
ASG provides an interface to the AWS ASG service.
type CloudFormation ¶
type CloudFormation interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() cloudformation.Options
// Activate trusted access with Organizations. With trusted access between
// StackSets and Organizations activated, the management account has permissions to
// create and manage StackSets for your organization.
ActivateOrganizationsAccess(ctx context.Context, params *ActivateOrganizationsAccessInput, optFns ...func(*Options)) (*ActivateOrganizationsAccessOutput, error)
// Activates a public third-party extension, making it available for use in stack
// templates. Once you have activated a public third-party extension in your
// account and Region, use [SetTypeConfiguration]to specify configuration properties for the extension.
// For more information, see [Using public extensions]in the CloudFormation User Guide.
//
// [SetTypeConfiguration]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html
// [Using public extensions]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html
ActivateType(ctx context.Context, params *ActivateTypeInput, optFns ...func(*Options)) (*ActivateTypeOutput, error)
// Returns configuration data for the specified CloudFormation extensions, from
// the CloudFormation registry for the account and Region.
//
// For more information, see [Edit configuration data for extensions in your account] in the CloudFormation User Guide.
//
// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
BatchDescribeTypeConfigurations(ctx context.Context, params *BatchDescribeTypeConfigurationsInput, optFns ...func(*Options)) (*BatchDescribeTypeConfigurationsOutput, error)
// Cancels an update on the specified stack. If the call completes successfully,
// the stack rolls back the update and reverts to the previous stack configuration.
//
// You can cancel only stacks that are in the UPDATE_IN_PROGRESS state.
CancelUpdateStack(ctx context.Context, params *CancelUpdateStackInput, optFns ...func(*Options)) (*CancelUpdateStackOutput, error)
// For a specified stack that's in the UPDATE_ROLLBACK_FAILED state, continues
// rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause
// of the failure, you can manually [fix the error]and continue the rollback. By continuing the
// rollback, you can return your stack to a working state (the
// UPDATE_ROLLBACK_COMPLETE state), and then try to update the stack again.
//
// A stack goes into the UPDATE_ROLLBACK_FAILED state when CloudFormation can't
// roll back all changes after a failed stack update. For example, you might have a
// stack that's rolling back to an old database instance that was deleted outside
// of CloudFormation. Because CloudFormation doesn't know the database was deleted,
// it assumes that the database instance still exists and attempts to roll back to
// it, causing the update rollback to fail.
//
// [fix the error]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed
ContinueUpdateRollback(ctx context.Context, params *ContinueUpdateRollbackInput, optFns ...func(*Options)) (*ContinueUpdateRollbackOutput, error)
// Creates a list of changes that will be applied to a stack so that you can
// review the changes before executing them. You can create a change set for a
// stack that doesn't exist or an existing stack. If you create a change set for a
// stack that doesn't exist, the change set shows all of the resources that
// CloudFormation will create. If you create a change set for an existing stack,
// CloudFormation compares the stack's information with the information that you
// submit in the change set and lists the differences. Use change sets to
// understand which resources CloudFormation will create or change, and how it will
// change resources in an existing stack, before you create or update a stack.
//
// To create a change set for a stack that doesn't exist, for the ChangeSetType
// parameter, specify CREATE . To create a change set for an existing stack,
// specify UPDATE for the ChangeSetType parameter. To create a change set for an
// import operation, specify IMPORT for the ChangeSetType parameter. After the
// CreateChangeSet call successfully completes, CloudFormation starts creating the
// change set. To check the status of the change set or to review it, use the DescribeChangeSet
// action.
//
// When you are satisfied with the changes the change set will make, execute the
// change set by using the ExecuteChangeSetaction. CloudFormation doesn't make changes until you
// execute the change set.
//
// To create a change set for the entire stack hierarchy, set IncludeNestedStacks
// to True .
CreateChangeSet(ctx context.Context, params *CreateChangeSetInput, optFns ...func(*Options)) (*CreateChangeSetOutput, error)
// Creates a template from existing resources that are not already managed with
// CloudFormation. You can check the status of the template generation using the
// DescribeGeneratedTemplate API action.
CreateGeneratedTemplate(ctx context.Context, params *CreateGeneratedTemplateInput, optFns ...func(*Options)) (*CreateGeneratedTemplateOutput, error)
// Creates a stack as specified in the template. After the call completes
// successfully, the stack creation starts. You can check the status of the stack
// through the DescribeStacksoperation.
//
// For more information about creating a stack and monitoring stack progress, see [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]
// in the CloudFormation User Guide.
//
// [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html
CreateStack(ctx context.Context, params *CreateStackInput, optFns ...func(*Options)) (*CreateStackOutput, error)
// Creates stack instances for the specified accounts, within the specified Amazon
// Web Services Regions. A stack instance refers to a stack in a specific account
// and Region. You must specify at least one value for either Accounts or
// DeploymentTargets , and you must specify at least one value for Regions .
CreateStackInstances(ctx context.Context, params *CreateStackInstancesInput, optFns ...func(*Options)) (*CreateStackInstancesOutput, error)
// Creates a stack set.
CreateStackSet(ctx context.Context, params *CreateStackSetInput, optFns ...func(*Options)) (*CreateStackSetOutput, error)
// Deactivates trusted access with Organizations. If trusted access is
// deactivated, the management account does not have permissions to create and
// manage service-managed StackSets for your organization.
DeactivateOrganizationsAccess(ctx context.Context, params *DeactivateOrganizationsAccessInput, optFns ...func(*Options)) (*DeactivateOrganizationsAccessOutput, error)
// Deactivates a public extension that was previously activated in this account
// and Region.
//
// Once deactivated, an extension can't be used in any CloudFormation operation.
// This includes stack update operations where the stack template includes the
// extension, even if no updates are being made to the extension. In addition,
// deactivated extensions aren't automatically updated if a new version of the
// extension is released.
DeactivateType(ctx context.Context, params *DeactivateTypeInput, optFns ...func(*Options)) (*DeactivateTypeOutput, error)
// Deletes the specified change set. Deleting change sets ensures that no one
// executes the wrong change set.
//
// If the call successfully completes, CloudFormation successfully deleted the
// change set.
//
// If IncludeNestedStacks specifies True during the creation of the nested change
// set, then DeleteChangeSet will delete all change sets that belong to the stacks
// hierarchy and will also delete all change sets for nested stacks with the status
// of REVIEW_IN_PROGRESS .
DeleteChangeSet(ctx context.Context, params *DeleteChangeSetInput, optFns ...func(*Options)) (*DeleteChangeSetOutput, error)
// Deleted a generated template.
DeleteGeneratedTemplate(ctx context.Context, params *DeleteGeneratedTemplateInput, optFns ...func(*Options)) (*DeleteGeneratedTemplateOutput, error)
// Deletes a specified stack. Once the call completes successfully, stack deletion
// starts. Deleted stacks don't show up in the DescribeStacksoperation if the deletion has been
// completed successfully.
//
// For more information about deleting a stack, see [Delete a stack from the CloudFormation console] in the CloudFormation User
// Guide.
//
// [Delete a stack from the CloudFormation console]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-delete-stack.html
DeleteStack(ctx context.Context, params *DeleteStackInput, optFns ...func(*Options)) (*DeleteStackOutput, error)
// Deletes stack instances for the specified accounts, in the specified Amazon Web
// Services Regions.
DeleteStackInstances(ctx context.Context, params *DeleteStackInstancesInput, optFns ...func(*Options)) (*DeleteStackInstancesOutput, error)
// Deletes a stack set. Before you can delete a stack set, all its member stack
// instances must be deleted. For more information about how to complete this, see DeleteStackInstances
// .
DeleteStackSet(ctx context.Context, params *DeleteStackSetInput, optFns ...func(*Options)) (*DeleteStackSetOutput, error)
// Marks an extension or extension version as DEPRECATED in the CloudFormation
// registry, removing it from active use. Deprecated extensions or extension
// versions cannot be used in CloudFormation operations.
//
// To deregister an entire extension, you must individually deregister all active
// versions of that extension. If an extension has only a single active version,
// deregistering that version results in the extension itself being deregistered
// and marked as deprecated in the registry.
//
// You can't deregister the default version of an extension if there are other
// active version of that extension. If you do deregister the default version of an
// extension, the extension type itself is deregistered as well and marked as
// deprecated.
//
// To view the deprecation status of an extension or extension version, use [DescribeType].
//
// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
DeregisterType(ctx context.Context, params *DeregisterTypeInput, optFns ...func(*Options)) (*DeregisterTypeOutput, error)
// Retrieves your account's CloudFormation limits, such as the maximum number of
// stacks that you can create in your account. For more information about account
// limits, see [Understand CloudFormation quotas]in the CloudFormation User Guide.
//
// [Understand CloudFormation quotas]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Returns the inputs for the change set and a list of changes that CloudFormation
// will make if you execute the change set. For more information, see [Update CloudFormation stacks using change sets]in the
// CloudFormation User Guide.
//
// [Update CloudFormation stacks using change sets]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html
DescribeChangeSet(ctx context.Context, params *DescribeChangeSetInput, optFns ...func(*Options)) (*DescribeChangeSetOutput, error)
// Returns hook-related information for the change set and a list of changes that
// CloudFormation makes when you run the change set.
DescribeChangeSetHooks(ctx context.Context, params *DescribeChangeSetHooksInput, optFns ...func(*Options)) (*DescribeChangeSetHooksOutput, error)
// Describes a generated template. The output includes details about the progress
// of the creation of a generated template started by a CreateGeneratedTemplate
// API action or the update of a generated template started with an
// UpdateGeneratedTemplate API action.
DescribeGeneratedTemplate(ctx context.Context, params *DescribeGeneratedTemplateInput, optFns ...func(*Options)) (*DescribeGeneratedTemplateOutput, error)
// Retrieves information about the account's OrganizationAccess status. This API
// can be called either by the management account or the delegated administrator by
// using the CallAs parameter. This API can also be called without the CallAs
// parameter by the management account.
DescribeOrganizationsAccess(ctx context.Context, params *DescribeOrganizationsAccessInput, optFns ...func(*Options)) (*DescribeOrganizationsAccessOutput, error)
// Returns information about a CloudFormation extension publisher.
//
// If you don't supply a PublisherId , and you have registered as an extension
// publisher, DescribePublisher returns information about your own publisher
// account.
//
// For more information about registering as a publisher, see:
//
// [RegisterPublisher]
//
// [Publishing extensions to make them available for public use]
// - in the CloudFormation Command Line Interface (CLI) User Guide
//
// [Publishing extensions to make them available for public use]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html
// [RegisterPublisher]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html
DescribePublisher(ctx context.Context, params *DescribePublisherInput, optFns ...func(*Options)) (*DescribePublisherOutput, error)
// Describes details of a resource scan.
DescribeResourceScan(ctx context.Context, params *DescribeResourceScanInput, optFns ...func(*Options)) (*DescribeResourceScanOutput, error)
// Returns information about a stack drift detection operation. A stack drift
// detection operation detects whether a stack's actual configuration differs, or
// has drifted, from its expected configuration, as defined in the stack template
// and any values specified as template parameters. A stack is considered to have
// drifted if one or more of its resources have drifted. For more information about
// stack and resource drift, see [Detect unmanaged configuration changes to stacks and resources with drift detection].
//
// Use DetectStackDrift to initiate a stack drift detection operation. DetectStackDrift returns a
// StackDriftDetectionId you can use to monitor the progress of the operation using
// DescribeStackDriftDetectionStatus . Once the drift detection operation has
// completed, use DescribeStackResourceDriftsto return drift information about the stack and its resources.
//
// [Detect unmanaged configuration changes to stacks and resources with drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
DescribeStackDriftDetectionStatus(ctx context.Context, params *DescribeStackDriftDetectionStatusInput, optFns ...func(*Options)) (*DescribeStackDriftDetectionStatusOutput, error)
// Returns all stack related events for a specified stack in reverse chronological
// order. For more information about a stack's event history, see [Understand CloudFormation stack creation events]in the
// CloudFormation User Guide.
//
// You can list events for stacks that have failed to create or have been deleted
// by specifying the unique stack identifier (stack ID).
//
// [Understand CloudFormation stack creation events]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stack-resource-configuration-complete.html
DescribeStackEvents(ctx context.Context, params *DescribeStackEventsInput, optFns ...func(*Options)) (*DescribeStackEventsOutput, error)
// Returns the stack instance that's associated with the specified StackSet,
// Amazon Web Services account, and Amazon Web Services Region.
//
// For a list of stack instances that are associated with a specific StackSet, use ListStackInstances
// .
DescribeStackInstance(ctx context.Context, params *DescribeStackInstanceInput, optFns ...func(*Options)) (*DescribeStackInstanceOutput, error)
// Returns a description of the specified resource in the specified stack.
//
// For deleted stacks, DescribeStackResource returns resource information for up
// to 90 days after the stack has been deleted.
DescribeStackResource(ctx context.Context, params *DescribeStackResourceInput, optFns ...func(*Options)) (*DescribeStackResourceOutput, error)
// Returns drift information for the resources that have been checked for drift in
// the specified stack. This includes actual and expected configuration values for
// resources where CloudFormation detects configuration drift.
//
// For a given stack, there will be one StackResourceDrift for each stack resource
// that has been checked for drift. Resources that haven't yet been checked for
// drift aren't included. Resources that don't currently support drift detection
// aren't checked, and so not included. For a list of resources that support drift
// detection, see [Resource type support for imports and drift detection].
//
// Use DetectStackResourceDrift to detect drift on individual resources, or DetectStackDrift to detect drift on all
// supported resources for a given stack.
//
// [Resource type support for imports and drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
DescribeStackResourceDrifts(ctx context.Context, params *DescribeStackResourceDriftsInput, optFns ...func(*Options)) (*DescribeStackResourceDriftsOutput, error)
// Returns Amazon Web Services resource descriptions for running and deleted
// stacks. If StackName is specified, all the associated resources that are part
// of the stack are returned. If PhysicalResourceId is specified, the associated
// resources of the stack that the resource belongs to are returned.
//
// Only the first 100 resources will be returned. If your stack has more resources
// than this, you should use ListStackResources instead.
//
// For deleted stacks, DescribeStackResources returns resource information for up
// to 90 days after the stack has been deleted.
//
// You must specify either StackName or PhysicalResourceId , but not both. In
// addition, you can specify LogicalResourceId to filter the returned result. For
// more information about resources, the LogicalResourceId and PhysicalResourceId ,
// see the [CloudFormation User Guide].
//
// A ValidationError is returned if you specify both StackName and
// PhysicalResourceId in the same request.
//
// [CloudFormation User Guide]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/
DescribeStackResources(ctx context.Context, params *DescribeStackResourcesInput, optFns ...func(*Options)) (*DescribeStackResourcesOutput, error)
// Returns the description of the specified StackSet.
DescribeStackSet(ctx context.Context, params *DescribeStackSetInput, optFns ...func(*Options)) (*DescribeStackSetOutput, error)
// Returns the description of the specified StackSet operation.
DescribeStackSetOperation(ctx context.Context, params *DescribeStackSetOperationInput, optFns ...func(*Options)) (*DescribeStackSetOperationOutput, error)
// Returns the description for the specified stack; if no stack name was
// specified, then it returns the description for all the stacks created. For more
// information about a stack's event history, see [Understand CloudFormation stack creation events]in the CloudFormation User Guide.
//
// If the stack doesn't exist, a ValidationError is returned.
//
// [Understand CloudFormation stack creation events]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stack-resource-configuration-complete.html
DescribeStacks(ctx context.Context, params *DescribeStacksInput, optFns ...func(*Options)) (*DescribeStacksOutput, error)
// Returns detailed information about an extension that has been registered.
//
// If you specify a VersionId , DescribeType returns information about that
// specific extension version. Otherwise, it returns information about the default
// extension version.
DescribeType(ctx context.Context, params *DescribeTypeInput, optFns ...func(*Options)) (*DescribeTypeOutput, error)
// Returns information about an extension's registration, including its current
// status and type and version identifiers.
//
// When you initiate a registration request using RegisterType, you can then use DescribeTypeRegistration to monitor
// the progress of that registration request.
//
// Once the registration request has completed, use DescribeType to return detailed
// information about an extension.
DescribeTypeRegistration(ctx context.Context, params *DescribeTypeRegistrationInput, optFns ...func(*Options)) (*DescribeTypeRegistrationOutput, error)
// Detects whether a stack's actual configuration differs, or has drifted, from
// its expected configuration, as defined in the stack template and any values
// specified as template parameters. For each resource in the stack that supports
// drift detection, CloudFormation compares the actual configuration of the
// resource with its expected template configuration. Only resource properties
// explicitly defined in the stack template are checked for drift. A stack is
// considered to have drifted if one or more of its resources differ from their
// expected template configurations. For more information, see [Detect unmanaged configuration changes to stacks and resources with drift detection].
//
// Use DetectStackDrift to detect drift on all supported resources for a given
// stack, or DetectStackResourceDriftto detect drift on individual resources.
//
// For a list of stack resources that currently support drift detection, see [Resource type support for imports and drift detection].
//
// DetectStackDrift can take up to several minutes, depending on the number of
// resources contained within the stack. Use DescribeStackDriftDetectionStatusto monitor the progress of a detect
// stack drift operation. Once the drift detection operation has completed, use DescribeStackResourceDriftsto
// return drift information about the stack and its resources.
//
// When detecting drift on a stack, CloudFormation doesn't detect drift on any
// nested stacks belonging to that stack. Perform DetectStackDrift directly on the
// nested stack itself.
//
// [Resource type support for imports and drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
// [Detect unmanaged configuration changes to stacks and resources with drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
DetectStackDrift(ctx context.Context, params *DetectStackDriftInput, optFns ...func(*Options)) (*DetectStackDriftOutput, error)
// Returns information about whether a resource's actual configuration differs, or
// has drifted, from its expected configuration, as defined in the stack template
// and any values specified as template parameters. This information includes
// actual and expected property values for resources in which CloudFormation
// detects drift. Only resource properties explicitly defined in the stack template
// are checked for drift. For more information about stack and resource drift, see [Detect unmanaged configuration changes to stacks and resources with drift detection]
// .
//
// Use DetectStackResourceDrift to detect drift on individual resources, or DetectStackDrift to
// detect drift on all resources in a given stack that support drift detection.
//
// Resources that don't currently support drift detection can't be checked. For a
// list of resources that support drift detection, see [Resource type support for imports and drift detection].
//
// [Resource type support for imports and drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
// [Detect unmanaged configuration changes to stacks and resources with drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
DetectStackResourceDrift(ctx context.Context, params *DetectStackResourceDriftInput, optFns ...func(*Options)) (*DetectStackResourceDriftOutput, error)
// Detect drift on a stack set. When CloudFormation performs drift detection on a
// stack set, it performs drift detection on the stack associated with each stack
// instance in the stack set. For more information, see [How CloudFormation performs drift detection on a stack set].
//
// DetectStackSetDrift returns the OperationId of the stack set drift detection
// operation. Use this operation id with DescribeStackSetOperationto monitor the progress of the drift
// detection operation. The drift detection operation may take some time, depending
// on the number of stack instances included in the stack set, in addition to the
// number of resources included in each stack.
//
// Once the operation has completed, use the following actions to return drift
// information:
//
// - Use DescribeStackSetto return detailed information about the stack set, including detailed
// information about the last completed drift operation performed on the stack set.
// (Information about drift operations that are in progress isn't included.)
//
// - Use ListStackInstancesto return a list of stack instances belonging to the stack set,
// including the drift status and last drift time checked of each instance.
//
// - Use DescribeStackInstanceto return detailed information about a specific stack instance,
// including its drift status and last drift time checked.
//
// For more information about performing a drift detection operation on a stack
// set, see [Detecting unmanaged changes in stack sets].
//
// You can only run a single drift detection operation on a given stack set at one
// time.
//
// To stop a drift detection stack set operation, use StopStackSetOperation.
//
// [Detecting unmanaged changes in stack sets]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html
// [How CloudFormation performs drift detection on a stack set]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html
DetectStackSetDrift(ctx context.Context, params *DetectStackSetDriftInput, optFns ...func(*Options)) (*DetectStackSetDriftOutput, error)
// Returns the estimated monthly cost of a template. The return value is an Amazon
// Web Services Simple Monthly Calculator URL with a query string that describes
// the resources required to run the template.
EstimateTemplateCost(ctx context.Context, params *EstimateTemplateCostInput, optFns ...func(*Options)) (*EstimateTemplateCostOutput, error)
// Updates a stack using the input information that was provided when the
// specified change set was created. After the call successfully completes,
// CloudFormation starts updating the stack. Use the DescribeStacksaction to view the status of
// the update.
//
// When you execute a change set, CloudFormation deletes all other change sets
// associated with the stack because they aren't valid for the updated stack.
//
// If a stack policy is associated with the stack, CloudFormation enforces the
// policy during the update. You can't specify a temporary stack policy that
// overrides the current policy.
//
// To create a change set for the entire stack hierarchy, IncludeNestedStacks must
// have been set to True .
ExecuteChangeSet(ctx context.Context, params *ExecuteChangeSetInput, optFns ...func(*Options)) (*ExecuteChangeSetOutput, error)
// Retrieves a generated template. If the template is in an InProgress or Pending
// status then the template returned will be the template when the template was
// last in a Complete status. If the template has not yet been in a Complete
// status then an empty template will be returned.
GetGeneratedTemplate(ctx context.Context, params *GetGeneratedTemplateInput, optFns ...func(*Options)) (*GetGeneratedTemplateOutput, error)
// Returns the stack policy for a specified stack. If a stack doesn't have a
// policy, a null value is returned.
GetStackPolicy(ctx context.Context, params *GetStackPolicyInput, optFns ...func(*Options)) (*GetStackPolicyOutput, error)
// Returns the template body for a specified stack. You can get the template for
// running or deleted stacks.
//
// For deleted stacks, GetTemplate returns the template for up to 90 days after
// the stack has been deleted.
//
// If the template doesn't exist, a ValidationError is returned.
GetTemplate(ctx context.Context, params *GetTemplateInput, optFns ...func(*Options)) (*GetTemplateOutput, error)
// Returns information about a new or existing template. The GetTemplateSummary
// action is useful for viewing parameter information, such as default parameter
// values and parameter types, before you create or update a stack or stack set.
//
// You can use the GetTemplateSummary action when you submit a template, or you
// can get template information for a stack set, or a running or deleted stack.
//
// For deleted stacks, GetTemplateSummary returns the template information for up
// to 90 days after the stack has been deleted. If the template doesn't exist, a
// ValidationError is returned.
GetTemplateSummary(ctx context.Context, params *GetTemplateSummaryInput, optFns ...func(*Options)) (*GetTemplateSummaryOutput, error)
// Import existing stacks into a new stack sets. Use the stack import operation to
// import up to 10 stacks into a new stack set in the same account as the source
// stack or in a different administrator account and Region, by specifying the
// stack ID of the stack you intend to import.
ImportStacksToStackSet(ctx context.Context, params *ImportStacksToStackSetInput, optFns ...func(*Options)) (*ImportStacksToStackSetOutput, error)
// Returns the ID and status of each active change set for a stack. For example,
// CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or
// CREATE_PENDING state.
ListChangeSets(ctx context.Context, params *ListChangeSetsInput, optFns ...func(*Options)) (*ListChangeSetsOutput, error)
// Lists all exported output values in the account and Region in which you call
// this action. Use this action to see the exported output values that you can
// import into other stacks. To import values, use the [Fn::ImportValue]function.
//
// For more information, see [Get exported outputs from a deployed CloudFormation stack].
//
// [Get exported outputs from a deployed CloudFormation stack]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html
// [Fn::ImportValue]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html
ListExports(ctx context.Context, params *ListExportsInput, optFns ...func(*Options)) (*ListExportsOutput, error)
// Lists your generated templates in this Region.
ListGeneratedTemplates(ctx context.Context, params *ListGeneratedTemplatesInput, optFns ...func(*Options)) (*ListGeneratedTemplatesOutput, error)
// Returns summaries of invoked Hooks when a change set or Cloud Control API
// operation target is provided.
ListHookResults(ctx context.Context, params *ListHookResultsInput, optFns ...func(*Options)) (*ListHookResultsOutput, error)
// Lists all stacks that are importing an exported output value. To modify or
// remove an exported output value, first use this action to see which stacks are
// using it. To see the exported output values in your account, see ListExports.
//
// For more information about importing an exported output value, see the [Fn::ImportValue]
// function.
//
// [Fn::ImportValue]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html
ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error)
// Lists the related resources for a list of resources from a resource scan. The
// response indicates whether each returned resource is already managed by
// CloudFormation.
ListResourceScanRelatedResources(ctx context.Context, params *ListResourceScanRelatedResourcesInput, optFns ...func(*Options)) (*ListResourceScanRelatedResourcesOutput, error)
// Lists the resources from a resource scan. The results can be filtered by
// resource identifier, resource type prefix, tag key, and tag value. Only
// resources that match all specified filters are returned. The response indicates
// whether each returned resource is already managed by CloudFormation.
ListResourceScanResources(ctx context.Context, params *ListResourceScanResourcesInput, optFns ...func(*Options)) (*ListResourceScanResourcesOutput, error)
// List the resource scans from newest to oldest. By default it will return up to
// 10 resource scans.
ListResourceScans(ctx context.Context, params *ListResourceScansInput, optFns ...func(*Options)) (*ListResourceScansOutput, error)
// Returns drift information for resources in a stack instance.
//
// ListStackInstanceResourceDrifts returns drift information for the most recent
// drift detection operation. If an operation is in progress, it may only return
// partial results.
ListStackInstanceResourceDrifts(ctx context.Context, params *ListStackInstanceResourceDriftsInput, optFns ...func(*Options)) (*ListStackInstanceResourceDriftsOutput, error)
// Returns summary information about stack instances that are associated with the
// specified stack set. You can filter for stack instances that are associated with
// a specific Amazon Web Services account name or Region, or that have a specific
// status.
ListStackInstances(ctx context.Context, params *ListStackInstancesInput, optFns ...func(*Options)) (*ListStackInstancesOutput, error)
// Returns descriptions of all resources of the specified stack.
//
// For deleted stacks, ListStackResources returns resource information for up to
// 90 days after the stack has been deleted.
ListStackResources(ctx context.Context, params *ListStackResourcesInput, optFns ...func(*Options)) (*ListStackResourcesOutput, error)
// Returns summary information about deployment targets for a stack set.
ListStackSetAutoDeploymentTargets(ctx context.Context, params *ListStackSetAutoDeploymentTargetsInput, optFns ...func(*Options)) (*ListStackSetAutoDeploymentTargetsOutput, error)
// Returns summary information about the results of a stack set operation.
ListStackSetOperationResults(ctx context.Context, params *ListStackSetOperationResultsInput, optFns ...func(*Options)) (*ListStackSetOperationResultsOutput, error)
// Returns summary information about operations performed on a stack set.
ListStackSetOperations(ctx context.Context, params *ListStackSetOperationsInput, optFns ...func(*Options)) (*ListStackSetOperationsOutput, error)
// Returns summary information about stack sets that are associated with the user.
//
// - [Self-managed permissions] If you set the CallAs parameter to SELF while
// signed in to your Amazon Web Services account, ListStackSets returns all
// self-managed stack sets in your Amazon Web Services account.
//
// - [Service-managed permissions] If you set the CallAs parameter to SELF while
// signed in to the organization's management account, ListStackSets returns all
// stack sets in the management account.
//
// - [Service-managed permissions] If you set the CallAs parameter to
// DELEGATED_ADMIN while signed in to your member account, ListStackSets returns
// all stack sets with service-managed permissions in the management account.
ListStackSets(ctx context.Context, params *ListStackSetsInput, optFns ...func(*Options)) (*ListStackSetsOutput, error)
// Returns the summary information for stacks whose status matches the specified
// StackStatusFilter. Summary information for stacks that have been deleted is kept
// for 90 days after the stack is deleted. If no StackStatusFilter is specified,
// summary information for all stacks is returned (including existing stacks and
// stacks that have been deleted).
ListStacks(ctx context.Context, params *ListStacksInput, optFns ...func(*Options)) (*ListStacksOutput, error)
// Returns a list of registration tokens for the specified extension(s).
ListTypeRegistrations(ctx context.Context, params *ListTypeRegistrationsInput, optFns ...func(*Options)) (*ListTypeRegistrationsOutput, error)
// Returns summary information about the versions of an extension.
ListTypeVersions(ctx context.Context, params *ListTypeVersionsInput, optFns ...func(*Options)) (*ListTypeVersionsOutput, error)
// Returns summary information about extension that have been registered with
// CloudFormation.
ListTypes(ctx context.Context, params *ListTypesInput, optFns ...func(*Options)) (*ListTypesOutput, error)
// Publishes the specified extension to the CloudFormation registry as a public
// extension in this Region. Public extensions are available for use by all
// CloudFormation users. For more information about publishing extensions, see [Publishing extensions to make them available for public use]in
// the CloudFormation Command Line Interface (CLI) User Guide.
//
// To publish an extension, you must be registered as a publisher with
// CloudFormation. For more information, see [RegisterPublisher].
//
// [Publishing extensions to make them available for public use]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html
// [RegisterPublisher]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html
PublishType(ctx context.Context, params *PublishTypeInput, optFns ...func(*Options)) (*PublishTypeOutput, error)
// Reports progress of a resource handler to CloudFormation.
//
// Reserved for use by the [CloudFormation CLI]. Don't use this API in your code.
//
// [CloudFormation CLI]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html
RecordHandlerProgress(ctx context.Context, params *RecordHandlerProgressInput, optFns ...func(*Options)) (*RecordHandlerProgressOutput, error)
// Registers your account as a publisher of public extensions in the
// CloudFormation registry. Public extensions are available for use by all
// CloudFormation users. This publisher ID applies to your account in all Amazon
// Web Services Regions.
//
// For information about requirements for registering as a public extension
// publisher, see [Prerequisite: Registering your account to publish CloudFormation extensions]in the CloudFormation Command Line Interface (CLI) User Guide.
//
// [Prerequisite: Registering your account to publish CloudFormation extensions]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs
RegisterPublisher(ctx context.Context, params *RegisterPublisherInput, optFns ...func(*Options)) (*RegisterPublisherOutput, error)
// Registers an extension with the CloudFormation service. Registering an
// extension makes it available for use in CloudFormation templates in your Amazon
// Web Services account, and includes:
//
// - Validating the extension schema.
//
// - Determining which handlers, if any, have been specified for the extension.
//
// - Making the extension available for use in your account.
//
// For more information about how to develop extensions and ready them for
// registration, see [Creating resource types using the CloudFormation CLI]in the CloudFormation Command Line Interface (CLI) User Guide.
//
// You can have a maximum of 50 resource extension versions registered at a time.
// This maximum is per account and per Region. Use [DeregisterType]to deregister specific
// extension versions if necessary.
//
// Once you have initiated a registration request using RegisterType, you can use DescribeTypeRegistration to monitor
// the progress of the registration request.
//
// Once you have registered a private extension in your account and Region, use [SetTypeConfiguration]
// to specify configuration properties for the extension. For more information, see
// [Edit configuration data for extensions in your account]in the CloudFormation User Guide.
//
// [SetTypeConfiguration]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html
// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
// [Creating resource types using the CloudFormation CLI]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html
// [DeregisterType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeregisterType.html
RegisterType(ctx context.Context, params *RegisterTypeInput, optFns ...func(*Options)) (*RegisterTypeOutput, error)
// When specifying RollbackStack , you preserve the state of previously provisioned
// resources when an operation fails. You can check the status of the stack through
// the DescribeStacksoperation.
//
// Rolls back the specified stack to the last known stable state from CREATE_FAILED
// or UPDATE_FAILED stack statuses.
//
// This operation will delete a stack if it doesn't contain a last known stable
// state. A last known stable state includes any status in a *_COMPLETE . This
// includes the following stack statuses.
//
// - CREATE_COMPLETE
//
// - UPDATE_COMPLETE
//
// - UPDATE_ROLLBACK_COMPLETE
//
// - IMPORT_COMPLETE
//
// - IMPORT_ROLLBACK_COMPLETE
RollbackStack(ctx context.Context, params *RollbackStackInput, optFns ...func(*Options)) (*RollbackStackOutput, error)
// Sets a stack policy for a specified stack.
SetStackPolicy(ctx context.Context, params *SetStackPolicyInput, optFns ...func(*Options)) (*SetStackPolicyOutput, error)
// Specifies the configuration data for a registered CloudFormation extension, in
// the given account and Region.
//
// To view the current configuration data for an extension, refer to the
// ConfigurationSchema element of [DescribeType]. For more information, see [Edit configuration data for extensions in your account] in the
// CloudFormation User Guide.
//
// It's strongly recommended that you use dynamic references to restrict sensitive
// configuration definitions, such as third-party credentials. For more details on
// dynamic references, see [Specify values stored in other services using dynamic references]in the CloudFormation User Guide.
//
// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
// [Specify values stored in other services using dynamic references]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
SetTypeConfiguration(ctx context.Context, params *SetTypeConfigurationInput, optFns ...func(*Options)) (*SetTypeConfigurationOutput, error)
// Specify the default version of an extension. The default version of an
// extension will be used in CloudFormation operations.
SetTypeDefaultVersion(ctx context.Context, params *SetTypeDefaultVersionInput, optFns ...func(*Options)) (*SetTypeDefaultVersionOutput, error)
// Sends a signal to the specified resource with a success or failure status. You
// can use the SignalResource operation in conjunction with a creation policy or
// update policy. CloudFormation doesn't proceed with a stack creation or update
// until resources receive the required number of signals or the timeout period is
// exceeded. The SignalResource operation is useful in cases where you want to
// send signals from anywhere other than an Amazon EC2 instance.
SignalResource(ctx context.Context, params *SignalResourceInput, optFns ...func(*Options)) (*SignalResourceOutput, error)
// Starts a scan of the resources in this account in this Region. You can the
// status of a scan using the ListResourceScans API action.
StartResourceScan(ctx context.Context, params *StartResourceScanInput, optFns ...func(*Options)) (*StartResourceScanOutput, error)
// Stops an in-progress operation on a stack set and its associated stack
// instances. StackSets will cancel all the unstarted stack instance deployments
// and wait for those are in-progress to complete.
StopStackSetOperation(ctx context.Context, params *StopStackSetOperationInput, optFns ...func(*Options)) (*StopStackSetOperationOutput, error)
// Tests a registered extension to make sure it meets all necessary requirements
// for being published in the CloudFormation registry.
//
// - For resource types, this includes passing all contracts tests defined for
// the type.
//
// - For modules, this includes determining if the module's model meets all
// necessary requirements.
//
// For more information, see [Testing your public extension before publishing] in the CloudFormation Command Line Interface (CLI)
// User Guide.
//
// If you don't specify a version, CloudFormation uses the default version of the
// extension in your account and Region for testing.
//
// To perform testing, CloudFormation assumes the execution role specified when
// the type was registered. For more information, see [RegisterType].
//
// Once you've initiated testing on an extension using TestType , you can pass the
// returned TypeVersionArn into [DescribeType] to monitor the current test status and test
// status description for the extension.
//
// An extension must have a test status of PASSED before it can be published. For
// more information, see [Publishing extensions to make them available for public use]in the CloudFormation Command Line Interface (CLI) User
// Guide.
//
// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
// [Testing your public extension before publishing]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing
// [RegisterType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html
// [Publishing extensions to make them available for public use]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html
TestType(ctx context.Context, params *TestTypeInput, optFns ...func(*Options)) (*TestTypeOutput, error)
// Updates a generated template. This can be used to change the name, add and
// remove resources, refresh resources, and change the DeletionPolicy and
// UpdateReplacePolicy settings. You can check the status of the update to the
// generated template using the DescribeGeneratedTemplate API action.
UpdateGeneratedTemplate(ctx context.Context, params *UpdateGeneratedTemplateInput, optFns ...func(*Options)) (*UpdateGeneratedTemplateOutput, error)
// Updates a stack as specified in the template. After the call completes
// successfully, the stack update starts. You can check the status of the stack
// through the DescribeStacksaction.
//
// To get a copy of the template for an existing stack, you can use the GetTemplate action.
//
// For more information about updating a stack and monitoring the progress of the
// update, see [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]in the CloudFormation User Guide.
//
// [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html
UpdateStack(ctx context.Context, params *UpdateStackInput, optFns ...func(*Options)) (*UpdateStackOutput, error)
// Updates the parameter values for stack instances for the specified accounts,
// within the specified Amazon Web Services Regions. A stack instance refers to a
// stack in a specific account and Region.
//
// You can only update stack instances in Amazon Web Services Regions and accounts
// where they already exist; to create additional stack instances, use [CreateStackInstances].
//
// During stack set updates, any parameters overridden for a stack instance aren't
// updated, but retain their overridden value.
//
// You can only update the parameter values that are specified in the stack set;
// to add or delete a parameter itself, use [UpdateStackSet]to update the stack set template. If
// you add a parameter to a template, before you can override the parameter value
// specified in the stack set you must first use [UpdateStackSet]to update all stack instances
// with the updated template and parameter value specified in the stack set. Once a
// stack instance has been updated with the new parameter, you can then override
// the parameter value using UpdateStackInstances .
//
// [CreateStackInstances]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStackInstances.html
// [UpdateStackSet]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html
UpdateStackInstances(ctx context.Context, params *UpdateStackInstancesInput, optFns ...func(*Options)) (*UpdateStackInstancesOutput, error)
// Updates the stack set, and associated stack instances in the specified accounts
// and Amazon Web Services Regions.
//
// Even if the stack set operation created by updating the stack set fails
// (completely or partially, below or above a specified failure tolerance), the
// stack set is updated with your changes. Subsequent CreateStackInstancescalls on the specified stack
// set use the updated stack set.
UpdateStackSet(ctx context.Context, params *UpdateStackSetInput, optFns ...func(*Options)) (*UpdateStackSetOutput, error)
// Updates termination protection for the specified stack. If a user attempts to
// delete a stack with termination protection enabled, the operation fails and the
// stack remains unchanged. For more information, see [Protect a CloudFormation stack from being deleted]in the CloudFormation User
// Guide.
//
// For [nested stacks], termination protection is set on the root stack and can't be changed
// directly on the nested stack.
//
// [nested stacks]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html
// [Protect a CloudFormation stack from being deleted]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
UpdateTerminationProtection(ctx context.Context, params *UpdateTerminationProtectionInput, optFns ...func(*Options)) (*UpdateTerminationProtectionOutput, error)
// Validates a specified template. CloudFormation first checks if the template is
// valid JSON. If it isn't, CloudFormation checks if the template is valid YAML. If
// both these checks fail, CloudFormation returns a template validation error.
ValidateTemplate(ctx context.Context, params *ValidateTemplateInput, optFns ...func(*Options)) (*ValidateTemplateOutput, error)
}
CloudFormation provides an interface to the AWS CloudFormation service.
type CloudTrail ¶ added in v0.92.0
type CloudTrail interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() cloudtrail.Options
// Adds one or more tags to a trail, event data store, dashboard, or channel, up
// to a limit of 50. Overwrites an existing tag's value when a new value is
// specified for an existing tag key. Tag key names must be unique; you cannot have
// two keys with the same name but different values. If you specify a key without a
// value, the tag will be created with the specified key and a value of null. You
// can tag a trail or event data store that applies to all Amazon Web Services
// Regions only from the Region in which the trail or event data store was created
// (also known as its home Region).
AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
// Cancels a query if the query is not in a terminated state, such as CANCELLED ,
// FAILED , TIMED_OUT , or FINISHED . You must specify an ARN value for
// EventDataStore . The ID of the query that you want to cancel is also required.
// When you run CancelQuery , the query status might show as CANCELLED even if the
// operation is not yet finished.
CancelQuery(ctx context.Context, params *CancelQueryInput, optFns ...func(*Options)) (*CancelQueryOutput, error)
// Creates a channel for CloudTrail to ingest events from a partner or external
// source. After you create a channel, a CloudTrail Lake event data store can log
// events from the partner or source that you specify.
CreateChannel(ctx context.Context, params *CreateChannelInput, optFns ...func(*Options)) (*CreateChannelOutput, error)
// Creates a custom dashboard or the Highlights dashboard.
//
// - Custom dashboards - Custom dashboards allow you to query events in any
// event data store type. You can add up to 10 widgets to a custom dashboard. You
// can manually refresh a custom dashboard, or you can set a refresh schedule.
//
// - Highlights dashboard - You can create the Highlights dashboard to see a
// summary of key user activities and API usage across all your event data stores.
// CloudTrail Lake manages the Highlights dashboard and refreshes the dashboard
// every 6 hours. To create the Highlights dashboard, you must set and enable a
// refresh schedule.
//
// CloudTrail runs queries to populate the dashboard's widgets during a manual or
// scheduled refresh. CloudTrail must be granted permissions to run the StartQuery
// operation on your behalf. To provide permissions, run the PutResourcePolicy
// operation to attach a resource-based policy to each event data store. For more
// information, see [Example: Allow CloudTrail to run queries to populate a dashboard]in the CloudTrail User Guide.
//
// To set a refresh schedule, CloudTrail must be granted permissions to run the
// StartDashboardRefresh operation to refresh the dashboard on your behalf. To
// provide permissions, run the PutResourcePolicy operation to attach a
// resource-based policy to the dashboard. For more information, see [Resource-based policy example for a dashboard]in the
// CloudTrail User Guide.
//
// For more information about dashboards, see [CloudTrail Lake dashboards] in the CloudTrail User Guide.
//
// [CloudTrail Lake dashboards]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-dashboard.html
// [Example: Allow CloudTrail to run queries to populate a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard
// [Resource-based policy example for a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-dashboards
CreateDashboard(ctx context.Context, params *CreateDashboardInput, optFns ...func(*Options)) (*CreateDashboardOutput, error)
// Creates a new event data store.
CreateEventDataStore(ctx context.Context, params *CreateEventDataStoreInput, optFns ...func(*Options)) (*CreateEventDataStoreOutput, error)
// Creates a trail that specifies the settings for delivery of log data to an
// Amazon S3 bucket.
CreateTrail(ctx context.Context, params *CreateTrailInput, optFns ...func(*Options)) (*CreateTrailOutput, error)
// Deletes a channel.
DeleteChannel(ctx context.Context, params *DeleteChannelInput, optFns ...func(*Options)) (*DeleteChannelOutput, error)
// Deletes the specified dashboard. You cannot delete a dashboard that has
//
// termination protection enabled.
DeleteDashboard(ctx context.Context, params *DeleteDashboardInput, optFns ...func(*Options)) (*DeleteDashboardOutput, error)
// Disables the event data store specified by EventDataStore , which accepts an
// event data store ARN. After you run DeleteEventDataStore , the event data store
// enters a PENDING_DELETION state, and is automatically deleted after a wait
// period of seven days. TerminationProtectionEnabled must be set to False on the
// event data store and the FederationStatus must be DISABLED . You cannot delete
// an event data store if TerminationProtectionEnabled is True or the
// FederationStatus is ENABLED .
//
// After you run DeleteEventDataStore on an event data store, you cannot run
// ListQueries , DescribeQuery , or GetQueryResults on queries that are using an
// event data store in a PENDING_DELETION state. An event data store in the
// PENDING_DELETION state does not incur costs.
DeleteEventDataStore(ctx context.Context, params *DeleteEventDataStoreInput, optFns ...func(*Options)) (*DeleteEventDataStoreOutput, error)
// Deletes the resource-based policy attached to the CloudTrail event data store,
//
// dashboard, or channel.
DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
// Deletes a trail. This operation must be called from the Region in which the
// trail was created. DeleteTrail cannot be called on the shadow trails
// (replicated trails in other Regions) of a trail that is enabled in all Regions.
DeleteTrail(ctx context.Context, params *DeleteTrailInput, optFns ...func(*Options)) (*DeleteTrailOutput, error)
// Removes CloudTrail delegated administrator permissions from a member account in
// an organization.
DeregisterOrganizationDelegatedAdmin(ctx context.Context, params *DeregisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*DeregisterOrganizationDelegatedAdminOutput, error)
// Returns metadata about a query, including query run time in milliseconds,
// number of events scanned and matched, and query status. If the query results
// were delivered to an S3 bucket, the response also provides the S3 URI and the
// delivery status.
//
// You must specify either QueryId or QueryAlias . Specifying the QueryAlias
// parameter returns information about the last query run for the alias. You can
// provide RefreshId along with QueryAlias to view the query results of a
// dashboard query for the specified RefreshId .
DescribeQuery(ctx context.Context, params *DescribeQueryInput, optFns ...func(*Options)) (*DescribeQueryOutput, error)
// Retrieves settings for one or more trails associated with the current Region
// for your account.
DescribeTrails(ctx context.Context, params *DescribeTrailsInput, optFns ...func(*Options)) (*DescribeTrailsOutput, error)
// Disables Lake query federation on the specified event data store. When you
//
// disable federation, CloudTrail disables the integration with Glue, Lake
// Formation, and Amazon Athena. After disabling Lake query federation, you can no
// longer query your event data in Amazon Athena.
//
// No CloudTrail Lake data is deleted when you disable federation and you can
// continue to run queries in CloudTrail Lake.
DisableFederation(ctx context.Context, params *DisableFederationInput, optFns ...func(*Options)) (*DisableFederationOutput, error)
// Enables Lake query federation on the specified event data store. Federating an
//
// event data store lets you view the metadata associated with the event data store
// in the Glue [Data Catalog]and run SQL queries against your event data using Amazon Athena.
// The table metadata stored in the Glue Data Catalog lets the Athena query engine
// know how to find, read, and process the data that you want to query.
//
// When you enable Lake query federation, CloudTrail creates a managed database
// named aws:cloudtrail (if the database doesn't already exist) and a managed
// federated table in the Glue Data Catalog. The event data store ID is used for
// the table name. CloudTrail registers the role ARN and event data store in [Lake Formation], the
// service responsible for allowing fine-grained access control of the federated
// resources in the Glue Data Catalog.
//
// For more information about Lake query federation, see [Federate an event data store].
//
// [Federate an event data store]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html
// [Lake Formation]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation-lake-formation.html
// [Data Catalog]: https://docs.aws.amazon.com/glue/latest/dg/components-overview.html#data-catalog-intro
EnableFederation(ctx context.Context, params *EnableFederationInput, optFns ...func(*Options)) (*EnableFederationOutput, error)
// Generates a query from a natural language prompt. This operation uses
//
// generative artificial intelligence (generative AI) to produce a ready-to-use SQL
// query from the prompt.
//
// The prompt can be a question or a statement about the event data in your event
// data store. For example, you can enter prompts like "What are my top errors in
// the past month?" and “Give me a list of users that used SNS.”
//
// The prompt must be in English. For information about limitations, permissions,
// and supported Regions, see [Create CloudTrail Lake queries from natural language prompts]in the CloudTrail user guide.
//
// Do not include any personally identifying, confidential, or sensitive
// information in your prompts.
//
// This feature uses generative AI large language models (LLMs); we recommend
// double-checking the LLM response.
//
// [Create CloudTrail Lake queries from natural language prompts]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-query-generator.html
GenerateQuery(ctx context.Context, params *GenerateQueryInput, optFns ...func(*Options)) (*GenerateQueryOutput, error)
// Returns information about a specific channel.
GetChannel(ctx context.Context, params *GetChannelInput, optFns ...func(*Options)) (*GetChannelOutput, error)
// Returns the specified dashboard.
GetDashboard(ctx context.Context, params *GetDashboardInput, optFns ...func(*Options)) (*GetDashboardOutput, error)
// Returns information about an event data store specified as either an ARN or the
// ID portion of the ARN.
GetEventDataStore(ctx context.Context, params *GetEventDataStoreInput, optFns ...func(*Options)) (*GetEventDataStoreOutput, error)
// Describes the settings for the event selectors that you configured for your
// trail. The information returned for your event selectors includes the following:
//
// - If your event selector includes read-only events, write-only events, or all
// events. This applies to management events, data events, and network activity
// events.
//
// - If your event selector includes management events.
//
// - If your event selector includes network activity events, the event sources
// for which you are logging network activity events.
//
// - If your event selector includes data events, the resources on which you are
// logging data events.
//
// For more information about logging management, data, and network activity
// events, see the following topics in the CloudTrail User Guide:
//
// [Logging management events]
//
// [Logging data events]
//
// [Logging network activity events]
//
// [Logging network activity events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
// [Logging management events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
// [Logging data events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
GetEventSelectors(ctx context.Context, params *GetEventSelectorsInput, optFns ...func(*Options)) (*GetEventSelectorsOutput, error)
// Returns information about a specific import.
GetImport(ctx context.Context, params *GetImportInput, optFns ...func(*Options)) (*GetImportOutput, error)
// Describes the settings for the Insights event selectors that you configured for
// your trail or event data store. GetInsightSelectors shows if CloudTrail
// Insights event logging is enabled on the trail or event data store, and if it
// is, which Insights types are enabled. If you run GetInsightSelectors on a trail
// or event data store that does not have Insights events enabled, the operation
// throws the exception InsightNotEnabledException
//
// Specify either the EventDataStore parameter to get Insights event selectors for
// an event data store, or the TrailName parameter to the get Insights event
// selectors for a trail. You cannot specify these parameters together.
//
// For more information, see [Logging CloudTrail Insights events] in the CloudTrail User Guide.
//
// [Logging CloudTrail Insights events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
GetInsightSelectors(ctx context.Context, params *GetInsightSelectorsInput, optFns ...func(*Options)) (*GetInsightSelectorsOutput, error)
// Gets event data results of a query. You must specify the QueryID value returned
// by the StartQuery operation.
GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error)
// Retrieves the JSON text of the resource-based policy document attached to the
//
// CloudTrail event data store, dashboard, or channel.
GetResourcePolicy(ctx context.Context, params *GetResourcePolicyInput, optFns ...func(*Options)) (*GetResourcePolicyOutput, error)
// Returns settings information for a specified trail.
GetTrail(ctx context.Context, params *GetTrailInput, optFns ...func(*Options)) (*GetTrailOutput, error)
// Returns a JSON-formatted list of information about the specified trail. Fields
// include information on delivery errors, Amazon SNS and Amazon S3 errors, and
// start and stop logging times for each trail. This operation returns trail status
// from a single Region. To return trail status from all Regions, you must call the
// operation on each Region.
GetTrailStatus(ctx context.Context, params *GetTrailStatusInput, optFns ...func(*Options)) (*GetTrailStatusOutput, error)
// Lists the channels in the current account, and their source names.
ListChannels(ctx context.Context, params *ListChannelsInput, optFns ...func(*Options)) (*ListChannelsOutput, error)
// Returns information about all dashboards in the account, in the current
//
// Region.
ListDashboards(ctx context.Context, params *ListDashboardsInput, optFns ...func(*Options)) (*ListDashboardsOutput, error)
// Returns information about all event data stores in the account, in the current
// Region.
ListEventDataStores(ctx context.Context, params *ListEventDataStoresInput, optFns ...func(*Options)) (*ListEventDataStoresOutput, error)
// Returns a list of failures for the specified import.
ListImportFailures(ctx context.Context, params *ListImportFailuresInput, optFns ...func(*Options)) (*ListImportFailuresOutput, error)
// Returns information on all imports, or a select set of imports by ImportStatus
//
// or Destination .
ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error)
// Returns Insights metrics data for trails that have enabled Insights. The
// request must include the EventSource , EventName , and InsightType parameters.
//
// If the InsightType is set to ApiErrorRateInsight , the request must also include
// the ErrorCode parameter.
//
// The following are the available time periods for ListInsightsMetricData . Each
// cutoff is inclusive.
//
// - Data points with a period of 60 seconds (1-minute) are available for 15
// days.
//
// - Data points with a period of 300 seconds (5-minute) are available for 63
// days.
//
// - Data points with a period of 3600 seconds (1 hour) are available for 90
// days.
//
// Access to the ListInsightsMetricData API operation is linked to the
// cloudtrail:LookupEvents action. To use this operation, you must have permissions
// to perform the cloudtrail:LookupEvents action.
ListInsightsMetricData(ctx context.Context, params *ListInsightsMetricDataInput, optFns ...func(*Options)) (*ListInsightsMetricDataOutput, error)
// Returns all public keys whose private keys were used to sign the digest files
// within the specified time range. The public key is needed to validate digest
// files that were signed with its corresponding private key.
//
// CloudTrail uses different private and public key pairs per Region. Each digest
// file is signed with a private key unique to its Region. When you validate a
// digest file from a specific Region, you must look in the same Region for its
// corresponding public key.
ListPublicKeys(ctx context.Context, params *ListPublicKeysInput, optFns ...func(*Options)) (*ListPublicKeysOutput, error)
// Returns a list of queries and query statuses for the past seven days. You must
// specify an ARN value for EventDataStore . Optionally, to shorten the list of
// results, you can specify a time range, formatted as timestamps, by adding
// StartTime and EndTime parameters, and a QueryStatus value. Valid values for
// QueryStatus include QUEUED , RUNNING , FINISHED , FAILED , TIMED_OUT , or
// CANCELLED .
ListQueries(ctx context.Context, params *ListQueriesInput, optFns ...func(*Options)) (*ListQueriesOutput, error)
// Lists the tags for the specified trails, event data stores, dashboards, or
// channels in the current Region.
ListTags(ctx context.Context, params *ListTagsInput, optFns ...func(*Options)) (*ListTagsOutput, error)
// Lists trails that are in the current account.
ListTrails(ctx context.Context, params *ListTrailsInput, optFns ...func(*Options)) (*ListTrailsOutput, error)
// Looks up [management events] or [CloudTrail Insights events] that are captured by CloudTrail. You can look up events that
// occurred in a Region within the last 90 days.
//
// LookupEvents returns recent Insights events for trails that enable Insights. To
// view Insights events for an event data store, you can run queries on your
// Insights event data store, and you can also view the Lake dashboard for
// Insights.
//
// Lookup supports the following attributes for management events:
//
// - Amazon Web Services access key
//
// - Event ID
//
// - Event name
//
// - Event source
//
// - Read only
//
// - Resource name
//
// - Resource type
//
// - User name
//
// Lookup supports the following attributes for Insights events:
//
// - Event ID
//
// - Event name
//
// - Event source
//
// All attributes are optional. The default number of results returned is 50, with
// a maximum of 50 possible. The response includes a token that you can use to get
// the next page of results.
//
// The rate of lookup requests is limited to two per second, per account, per
// Region. If this limit is exceeded, a throttling error occurs.
//
// [CloudTrail Insights events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-insights-events
// [management events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events
LookupEvents(ctx context.Context, params *LookupEventsInput, optFns ...func(*Options)) (*LookupEventsOutput, error)
// Configures event selectors (also referred to as basic event selectors) or
// advanced event selectors for your trail. You can use either
// AdvancedEventSelectors or EventSelectors , but not both. If you apply
// AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten.
//
// You can use AdvancedEventSelectors to log management events, data events for
// all resource types, and network activity events.
//
// You can use EventSelectors to log management events and data events for the
// following resource types:
//
// - AWS::DynamoDB::Table
//
// - AWS::Lambda::Function
//
// - AWS::S3::Object
//
// You can't use EventSelectors to log network activity events.
//
// If you want your trail to log Insights events, be sure the event selector or
// advanced event selector enables logging of the Insights event types you want
// configured for your trail. For more information about logging Insights events,
// see [Logging Insights events]in the CloudTrail User Guide. By default, trails created without specific
// event selectors are configured to log all read and write management events, and
// no data events or network activity events.
//
// When an event occurs in your account, CloudTrail evaluates the event selectors
// or advanced event selectors in all trails. For each trail, if the event matches
// any event selector, the trail processes and logs the event. If the event doesn't
// match any event selector, the trail doesn't log the event.
//
// Example
//
// - You create an event selector for a trail and specify that you want to log
// write-only events.
//
// - The EC2 GetConsoleOutput and RunInstances API operations occur in your
// account.
//
// - CloudTrail evaluates whether the events match your event selectors.
//
// - The RunInstances is a write-only event and it matches your event selector.
// The trail logs the event.
//
// - The GetConsoleOutput is a read-only event that doesn't match your event
// selector. The trail doesn't log the event.
//
// The PutEventSelectors operation must be called from the Region in which the
// trail was created; otherwise, an InvalidHomeRegionException exception is thrown.
//
// You can configure up to five event selectors for each trail.
//
// You can add advanced event selectors, and conditions for your advanced event
// selectors, up to a maximum of 500 values for all conditions and selectors on a
// trail. For more information, see [Logging management events], [Logging data events], [Logging network activity events], and [Quotas in CloudTrail] in the CloudTrail User Guide.
//
// [Logging network activity events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
// [Logging Insights events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
// [Logging management events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
// [Quotas in CloudTrail]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
// [Logging data events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
PutEventSelectors(ctx context.Context, params *PutEventSelectorsInput, optFns ...func(*Options)) (*PutEventSelectorsOutput, error)
// Lets you enable Insights event logging by specifying the Insights selectors
// that you want to enable on an existing trail or event data store. You also use
// PutInsightSelectors to turn off Insights event logging, by passing an empty list
// of Insights types. The valid Insights event types are ApiErrorRateInsight and
// ApiCallRateInsight .
//
// To enable Insights on an event data store, you must specify the ARNs (or ID
// suffix of the ARNs) for the source event data store ( EventDataStore ) and the
// destination event data store ( InsightsDestination ). The source event data
// store logs management events and enables Insights. The destination event data
// store logs Insights events based upon the management event activity of the
// source event data store. The source and destination event data stores must
// belong to the same Amazon Web Services account.
//
// To log Insights events for a trail, you must specify the name ( TrailName ) of
// the CloudTrail trail for which you want to change or add Insights selectors.
//
// To log CloudTrail Insights events on API call volume, the trail or event data
// store must log write management events. To log CloudTrail Insights events on
// API error rate, the trail or event data store must log read or write management
// events. You can call GetEventSelectors on a trail to check whether the trail
// logs management events. You can call GetEventDataStore on an event data store
// to check whether the event data store logs management events.
//
// For more information, see [Logging CloudTrail Insights events] in the CloudTrail User Guide.
//
// [Logging CloudTrail Insights events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
PutInsightSelectors(ctx context.Context, params *PutInsightSelectorsInput, optFns ...func(*Options)) (*PutInsightSelectorsOutput, error)
// Attaches a resource-based permission policy to a CloudTrail event data store,
//
// dashboard, or channel. For more information about resource-based policies, see [CloudTrail resource-based policy examples]
// in the CloudTrail User Guide.
//
// [CloudTrail resource-based policy examples]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html
PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
// Registers an organization’s member account as the CloudTrail [delegated administrator].
//
// [delegated administrator]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-delegated-administrator.html
RegisterOrganizationDelegatedAdmin(ctx context.Context, params *RegisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*RegisterOrganizationDelegatedAdminOutput, error)
// Removes the specified tags from a trail, event data store, dashboard, or
// channel.
RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
// Restores a deleted event data store specified by EventDataStore , which accepts
// an event data store ARN. You can only restore a deleted event data store within
// the seven-day wait period after deletion. Restoring an event data store can take
// several minutes, depending on the size of the event data store.
RestoreEventDataStore(ctx context.Context, params *RestoreEventDataStoreInput, optFns ...func(*Options)) (*RestoreEventDataStoreOutput, error)
// Starts a refresh of the specified dashboard.
//
// Each time a dashboard is refreshed, CloudTrail runs queries to populate the
// dashboard's widgets. CloudTrail must be granted permissions to run the
// StartQuery operation on your behalf. To provide permissions, run the
// PutResourcePolicy operation to attach a resource-based policy to each event data
// store. For more information, see [Example: Allow CloudTrail to run queries to populate a dashboard]in the CloudTrail User Guide.
//
// [Example: Allow CloudTrail to run queries to populate a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard
StartDashboardRefresh(ctx context.Context, params *StartDashboardRefreshInput, optFns ...func(*Options)) (*StartDashboardRefreshOutput, error)
// Starts the ingestion of live events on an event data store specified as either
// an ARN or the ID portion of the ARN. To start ingestion, the event data store
// Status must be STOPPED_INGESTION and the eventCategory must be Management , Data
// , NetworkActivity , or ConfigurationItem .
StartEventDataStoreIngestion(ctx context.Context, params *StartEventDataStoreIngestionInput, optFns ...func(*Options)) (*StartEventDataStoreIngestionOutput, error)
// Starts an import of logged trail events from a source S3 bucket to a
//
// destination event data store. By default, CloudTrail only imports events
// contained in the S3 bucket's CloudTrail prefix and the prefixes inside the
// CloudTrail prefix, and does not check prefixes for other Amazon Web Services
// services. If you want to import CloudTrail events contained in another prefix,
// you must include the prefix in the S3LocationUri . For more considerations about
// importing trail events, see [Considerations for copying trail events]in the CloudTrail User Guide.
//
// When you start a new import, the Destinations and ImportSource parameters are
// required. Before starting a new import, disable any access control lists (ACLs)
// attached to the source S3 bucket. For more information about disabling ACLs, see
// [Controlling ownership of objects and disabling ACLs for your bucket].
//
// When you retry an import, the ImportID parameter is required.
//
// If the destination event data store is for an organization, you must use the
// management account to import trail events. You cannot use the delegated
// administrator account for the organization.
//
// [Considerations for copying trail events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-copy-trail-to-lake.html#cloudtrail-trail-copy-considerations
// [Controlling ownership of objects and disabling ACLs for your bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
StartImport(ctx context.Context, params *StartImportInput, optFns ...func(*Options)) (*StartImportOutput, error)
// Starts the recording of Amazon Web Services API calls and log file delivery for
// a trail. For a trail that is enabled in all Regions, this operation must be
// called from the Region in which the trail was created. This operation cannot be
// called on the shadow trails (replicated trails in other Regions) of a trail that
// is enabled in all Regions.
StartLogging(ctx context.Context, params *StartLoggingInput, optFns ...func(*Options)) (*StartLoggingOutput, error)
// Starts a CloudTrail Lake query. Use the QueryStatement parameter to provide
// your SQL query, enclosed in single quotation marks. Use the optional
// DeliveryS3Uri parameter to deliver the query results to an S3 bucket.
//
// StartQuery requires you specify either the QueryStatement parameter, or a
// QueryAlias and any QueryParameters . In the current release, the QueryAlias and
// QueryParameters parameters are used only for the queries that populate the
// CloudTrail Lake dashboards.
StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error)
// Stops the ingestion of live events on an event data store specified as either
// an ARN or the ID portion of the ARN. To stop ingestion, the event data store
// Status must be ENABLED and the eventCategory must be Management , Data ,
// NetworkActivity , or ConfigurationItem .
StopEventDataStoreIngestion(ctx context.Context, params *StopEventDataStoreIngestionInput, optFns ...func(*Options)) (*StopEventDataStoreIngestionOutput, error)
// Stops a specified import.
StopImport(ctx context.Context, params *StopImportInput, optFns ...func(*Options)) (*StopImportOutput, error)
// Suspends the recording of Amazon Web Services API calls and log file delivery
// for the specified trail. Under most circumstances, there is no need to use this
// action. You can update a trail without stopping it first. This action is the
// only way to stop recording. For a trail enabled in all Regions, this operation
// must be called from the Region in which the trail was created, or an
// InvalidHomeRegionException will occur. This operation cannot be called on the
// shadow trails (replicated trails in other Regions) of a trail enabled in all
// Regions.
StopLogging(ctx context.Context, params *StopLoggingInput, optFns ...func(*Options)) (*StopLoggingOutput, error)
// Updates a channel specified by a required channel ARN or UUID.
UpdateChannel(ctx context.Context, params *UpdateChannelInput, optFns ...func(*Options)) (*UpdateChannelOutput, error)
// Updates the specified dashboard.
//
// To set a refresh schedule, CloudTrail must be granted permissions to run the
// StartDashboardRefresh operation to refresh the dashboard on your behalf. To
// provide permissions, run the PutResourcePolicy operation to attach a
// resource-based policy to the dashboard. For more information, see [Resource-based policy example for a dashboard]in the
// CloudTrail User Guide.
//
// CloudTrail runs queries to populate the dashboard's widgets during a manual or
// scheduled refresh. CloudTrail must be granted permissions to run the StartQuery
// operation on your behalf. To provide permissions, run the PutResourcePolicy
// operation to attach a resource-based policy to each event data store. For more
// information, see [Example: Allow CloudTrail to run queries to populate a dashboard]in the CloudTrail User Guide.
//
// [Example: Allow CloudTrail to run queries to populate a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard
// [Resource-based policy example for a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-dashboards
UpdateDashboard(ctx context.Context, params *UpdateDashboardInput, optFns ...func(*Options)) (*UpdateDashboardOutput, error)
// Updates an event data store. The required EventDataStore value is an ARN or the
// ID portion of the ARN. Other parameters are optional, but at least one optional
// parameter must be specified, or CloudTrail throws an error. RetentionPeriod is
// in days, and valid values are integers between 7 and 3653 if the BillingMode is
// set to EXTENDABLE_RETENTION_PRICING , or between 7 and 2557 if BillingMode is
// set to FIXED_RETENTION_PRICING . By default, TerminationProtection is enabled.
//
// For event data stores for CloudTrail events, AdvancedEventSelectors includes or
// excludes management, data, or network activity events in your event data store.
// For more information about AdvancedEventSelectors , see [AdvancedEventSelectors].
//
// For event data stores for CloudTrail Insights events, Config configuration
// items, Audit Manager evidence, or non-Amazon Web Services events,
// AdvancedEventSelectors includes events of that type in your event data store.
//
// [AdvancedEventSelectors]: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html
UpdateEventDataStore(ctx context.Context, params *UpdateEventDataStoreInput, optFns ...func(*Options)) (*UpdateEventDataStoreOutput, error)
// Updates trail settings that control what events you are logging, and how to
// handle log files. Changes to a trail do not require stopping the CloudTrail
// service. Use this action to designate an existing bucket for log delivery. If
// the existing bucket has previously been a target for CloudTrail log files, an
// IAM policy exists for the bucket. UpdateTrail must be called from the Region in
// which the trail was created; otherwise, an InvalidHomeRegionException is thrown.
UpdateTrail(ctx context.Context, params *UpdateTrailInput, optFns ...func(*Options)) (*UpdateTrailOutput, error)
}
CloudTrail provides an interface to the AWS CloudTrail service.
type CloudWatchLogs ¶ added in v0.92.0
type CloudWatchLogs interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() cloudwatchlogs.Options
// Associates the specified KMS key with either one log group in the account, or
// with all stored CloudWatch Logs query insights results in the account.
//
// When you use AssociateKmsKey , you specify either the logGroupName parameter or
// the resourceIdentifier parameter. You can't specify both of those parameters in
// the same operation.
//
// - Specify the logGroupName parameter to cause all log events stored in the log
// group to be encrypted with that key. Only the log events ingested after the key
// is associated are encrypted with that key.
//
// Associating a KMS key with a log group overrides any existing associations
//
// between the log group and a KMS key. After a KMS key is associated with a log
// group, all newly ingested data for the log group is encrypted using the KMS key.
// This association is stored as long as the data encrypted with the KMS key is
// still within CloudWatch Logs. This enables CloudWatch Logs to decrypt this data
// whenever it is requested.
//
// Associating a key with a log group does not cause the results of queries of
//
// that log group to be encrypted with that key. To have query results encrypted
// with a KMS key, you must use an AssociateKmsKey operation with the
// resourceIdentifier parameter that specifies a query-result resource.
//
// - Specify the resourceIdentifier parameter with a query-result resource, to
// use that key to encrypt the stored results of all future [StartQuery]operations in the
// account. The response from a [GetQueryResults]operation will still return the query results in
// plain text.
//
// Even if you have not associated a key with your query results, the query
//
// results are encrypted when stored, using the default CloudWatch Logs method.
//
// If you run a query from a monitoring account that queries logs in a source
//
// account, the query results key from the monitoring account, if any, is used.
//
// If you delete the key that is used to encrypt log events or log group query
// results, then all the associated stored log events or query results that were
// encrypted with that key will be unencryptable and unusable.
//
// CloudWatch Logs supports only symmetric KMS keys. Do not use an associate an
// asymmetric KMS key with your log group or query results. For more information,
// see [Using Symmetric and Asymmetric Keys].
//
// It can take up to 5 minutes for this operation to take effect.
//
// If you attempt to associate a KMS key with a log group but the KMS key does not
// exist or the KMS key is disabled, you receive an InvalidParameterException
// error.
//
// [Using Symmetric and Asymmetric Keys]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
//
// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
// [GetQueryResults]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html
AssociateKmsKey(ctx context.Context, params *AssociateKmsKeyInput, optFns ...func(*Options)) (*AssociateKmsKeyOutput, error)
// Cancels the specified export task.
//
// The task must be in the PENDING or RUNNING state.
CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error)
// Creates a delivery. A delivery is a connection between a logical delivery
// source and a logical delivery destination that you have already created.
//
// Only some Amazon Web Services services support being configured as a delivery
// source using this operation. These services are listed as Supported [V2
// Permissions] in the table at [Enabling logging from Amazon Web Services services.]
//
// A delivery destination can represent a log group in CloudWatch Logs, an Amazon
// S3 bucket, or a delivery stream in Firehose.
//
// To configure logs delivery between a supported Amazon Web Services service and
// a destination, you must do the following:
//
// - Create a delivery source, which is a logical object that represents the
// resource that is actually sending the logs. For more information, see [PutDeliverySource].
//
// - Create a delivery destination, which is a logical object that represents
// the actual delivery destination. For more information, see [PutDeliveryDestination].
//
// - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy]in the destination
// account to assign an IAM policy to the destination. This policy allows delivery
// to that destination.
//
// - Use CreateDelivery to create a delivery by pairing exactly one delivery
// source and one delivery destination.
//
// You can configure a single delivery source to send logs to multiple
// destinations by creating multiple deliveries. You can also create multiple
// deliveries to configure multiple delivery sources to send logs to the same
// delivery destination.
//
// To update an existing delivery configuration, use [UpdateDeliveryConfiguration].
//
// [PutDeliveryDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [PutDeliverySource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
// [UpdateDeliveryConfiguration]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateDeliveryConfiguration.html
CreateDelivery(ctx context.Context, params *CreateDeliveryInput, optFns ...func(*Options)) (*CreateDeliveryOutput, error)
// Creates an export task so that you can efficiently export data from a log group
// to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must
// use credentials that have permission to write to the S3 bucket that you specify
// as the destination.
//
// Exporting log data to S3 buckets that are encrypted by KMS is supported.
// Exporting log data to Amazon S3 buckets that have S3 Object Lock enabled with a
// retention period is also supported.
//
// Exporting to S3 buckets that are encrypted with AES-256 is supported.
//
// This is an asynchronous call. If all the required information is provided, this
// operation initiates an export task and responds with the ID of the task. After
// the task has started, you can use [DescribeExportTasks]to get the status of the export task. Each
// account can only have one active ( RUNNING or PENDING ) export task at a time.
// To cancel an export task, use [CancelExportTask].
//
// You can export logs from multiple log groups or multiple time ranges to the
// same S3 bucket. To separate log data for each export task, specify a prefix to
// be used as the Amazon S3 key prefix for all exported objects.
//
// Time-based sorting on chunks of log data inside an exported file is not
// guaranteed. You can sort the exported log field data by using Linux utilities.
//
// [CancelExportTask]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html
// [DescribeExportTasks]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html
CreateExportTask(ctx context.Context, params *CreateExportTaskInput, optFns ...func(*Options)) (*CreateExportTaskOutput, error)
// Creates an anomaly detector that regularly scans one or more log groups and
// look for patterns and anomalies in the logs.
//
// An anomaly detector can help surface issues by automatically discovering
// anomalies in your log event traffic. An anomaly detector uses machine learning
// algorithms to scan log events and find patterns.
//
// A pattern is a shared text structure that recurs among your log fields.
// Patterns provide a useful tool for analyzing large sets of logs because a large
// number of log events can often be compressed into a few patterns.
//
// The anomaly detector uses pattern recognition to find anomalies , which are
// unusual log events. It uses the evaluationFrequency to compare current log
// events and patterns with trained baselines.
//
// Fields within a pattern are called tokens. Fields that vary within a pattern,
// such as a request ID or timestamp, are referred to as dynamic tokens and
// represented by <> .
//
// The following is an example of a pattern:
//
// [INFO] Request time: <
//
// > ms
//
// This pattern represents log events like [INFO] Request time: 327 ms and other
// similar log events that differ only by the number, in this csse 327. When the
// pattern is displayed, the different numbers are replaced by <*>
//
// Any parts of log events that are masked as sensitive data are not scanned for
// anomalies. For more information about masking sensitive data, see [Help protect sensitive log data with masking].
//
// [Help protect sensitive log data with masking]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
CreateLogAnomalyDetector(ctx context.Context, params *CreateLogAnomalyDetectorInput, optFns ...func(*Options)) (*CreateLogAnomalyDetectorOutput, error)
// Creates a log group with the specified name. You can create up to 1,000,000 log
// groups per Region per account.
//
// You must use the following guidelines when naming a log group:
//
// - Log group names must be unique within a Region for an Amazon Web Services
// account.
//
// - Log group names can be between 1 and 512 characters long.
//
// - Log group names consist of the following characters: a-z, A-Z, 0-9, '_'
// (underscore), '-' (hyphen), '/' (forward slash), '.' (period), and '#' (number
// sign)
//
// - Log group names can't start with the string aws/
//
// When you create a log group, by default the log events in the log group do not
// expire. To set a retention policy so that events expire and are deleted after a
// specified time, use [PutRetentionPolicy].
//
// If you associate an KMS key with the log group, ingested data is encrypted
// using the KMS key. This association is stored as long as the data encrypted with
// the KMS key is still within CloudWatch Logs. This enables CloudWatch Logs to
// decrypt this data whenever it is requested.
//
// If you attempt to associate a KMS key with the log group but the KMS key does
// not exist or the KMS key is disabled, you receive an InvalidParameterException
// error.
//
// CloudWatch Logs supports only symmetric KMS keys. Do not associate an
// asymmetric KMS key with your log group. For more information, see [Using Symmetric and Asymmetric Keys].
//
// [Using Symmetric and Asymmetric Keys]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
// [PutRetentionPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html
CreateLogGroup(ctx context.Context, params *CreateLogGroupInput, optFns ...func(*Options)) (*CreateLogGroupOutput, error)
// Creates a log stream for the specified log group. A log stream is a sequence of
// log events that originate from a single source, such as an application instance
// or a resource that is being monitored.
//
// There is no limit on the number of log streams that you can create for a log
// group. There is a limit of 50 TPS on CreateLogStream operations, after which
// transactions are throttled.
//
// You must use the following guidelines when naming a log stream:
//
// - Log stream names must be unique within the log group.
//
// - Log stream names can be between 1 and 512 characters long.
//
// - Don't use ':' (colon) or '*' (asterisk) characters.
CreateLogStream(ctx context.Context, params *CreateLogStreamInput, optFns ...func(*Options)) (*CreateLogStreamOutput, error)
// Deletes a CloudWatch Logs account policy. This stops the account-wide policy
// from applying to log groups in the account. If you delete a data protection
// policy or subscription filter policy, any log-group level policies of those
// types remain in effect.
//
// To use this operation, you must be signed on with the correct permissions
// depending on the type of policy that you are deleting.
//
// - To delete a data protection policy, you must have the
// logs:DeleteDataProtectionPolicy and logs:DeleteAccountPolicy permissions.
//
// - To delete a subscription filter policy, you must have the
// logs:DeleteSubscriptionFilter and logs:DeleteAccountPolicy permissions.
//
// - To delete a transformer policy, you must have the logs:DeleteTransformer and
// logs:DeleteAccountPolicy permissions.
//
// - To delete a field index policy, you must have the logs:DeleteIndexPolicy and
// logs:DeleteAccountPolicy permissions.
//
// If you delete a field index policy, the indexing of the log events that
// happened before you deleted the policy will still be used for up to 30 days to
// improve CloudWatch Logs Insights queries.
DeleteAccountPolicy(ctx context.Context, params *DeleteAccountPolicyInput, optFns ...func(*Options)) (*DeleteAccountPolicyOutput, error)
// Deletes the data protection policy from the specified log group.
//
// For more information about data protection policies, see [PutDataProtectionPolicy].
//
// [PutDataProtectionPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
DeleteDataProtectionPolicy(ctx context.Context, params *DeleteDataProtectionPolicyInput, optFns ...func(*Options)) (*DeleteDataProtectionPolicyOutput, error)
// Deletes s delivery. A delivery is a connection between a logical delivery
// source and a logical delivery destination. Deleting a delivery only deletes the
// connection between the delivery source and delivery destination. It does not
// delete the delivery destination or the delivery source.
DeleteDelivery(ctx context.Context, params *DeleteDeliveryInput, optFns ...func(*Options)) (*DeleteDeliveryOutput, error)
// Deletes a delivery destination. A delivery is a connection between a logical
// delivery source and a logical delivery destination.
//
// You can't delete a delivery destination if any current deliveries are
// associated with it. To find whether any deliveries are associated with this
// delivery destination, use the [DescribeDeliveries]operation and check the deliveryDestinationArn
// field in the results.
//
// [DescribeDeliveries]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
DeleteDeliveryDestination(ctx context.Context, params *DeleteDeliveryDestinationInput, optFns ...func(*Options)) (*DeleteDeliveryDestinationOutput, error)
// Deletes a delivery destination policy. For more information about these
// policies, see [PutDeliveryDestinationPolicy].
//
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
DeleteDeliveryDestinationPolicy(ctx context.Context, params *DeleteDeliveryDestinationPolicyInput, optFns ...func(*Options)) (*DeleteDeliveryDestinationPolicyOutput, error)
// Deletes a delivery source. A delivery is a connection between a logical
// delivery source and a logical delivery destination.
//
// You can't delete a delivery source if any current deliveries are associated
// with it. To find whether any deliveries are associated with this delivery
// source, use the [DescribeDeliveries]operation and check the deliverySourceName field in the results.
//
// [DescribeDeliveries]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
DeleteDeliverySource(ctx context.Context, params *DeleteDeliverySourceInput, optFns ...func(*Options)) (*DeleteDeliverySourceOutput, error)
// Deletes the specified destination, and eventually disables all the subscription
// filters that publish to it. This operation does not delete the physical resource
// encapsulated by the destination.
DeleteDestination(ctx context.Context, params *DeleteDestinationInput, optFns ...func(*Options)) (*DeleteDestinationOutput, error)
// Deletes a log-group level field index policy that was applied to a single log
// group. The indexing of the log events that happened before you delete the policy
// will still be used for as many as 30 days to improve CloudWatch Logs Insights
// queries.
//
// You can't use this operation to delete an account-level index policy. Instead,
// use [DeletAccountPolicy].
//
// If you delete a log-group level field index policy and there is an
// account-level field index policy, in a few minutes the log group begins using
// that account-wide policy to index new incoming log events.
//
// [DeletAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteAccountPolicy.html
DeleteIndexPolicy(ctx context.Context, params *DeleteIndexPolicyInput, optFns ...func(*Options)) (*DeleteIndexPolicyOutput, error)
// Deletes the integration between CloudWatch Logs and OpenSearch Service. If your
// integration has active vended logs dashboards, you must specify true for the
// force parameter, otherwise the operation will fail. If you delete the
// integration by setting force to true , all your vended logs dashboards powered
// by OpenSearch Service will be deleted and the data that was on them will no
// longer be accessible.
DeleteIntegration(ctx context.Context, params *DeleteIntegrationInput, optFns ...func(*Options)) (*DeleteIntegrationOutput, error)
// Deletes the specified CloudWatch Logs anomaly detector.
DeleteLogAnomalyDetector(ctx context.Context, params *DeleteLogAnomalyDetectorInput, optFns ...func(*Options)) (*DeleteLogAnomalyDetectorOutput, error)
// Deletes the specified log group and permanently deletes all the archived log
// events associated with the log group.
DeleteLogGroup(ctx context.Context, params *DeleteLogGroupInput, optFns ...func(*Options)) (*DeleteLogGroupOutput, error)
// Deletes the specified log stream and permanently deletes all the archived log
// events associated with the log stream.
DeleteLogStream(ctx context.Context, params *DeleteLogStreamInput, optFns ...func(*Options)) (*DeleteLogStreamOutput, error)
// Deletes the specified metric filter.
DeleteMetricFilter(ctx context.Context, params *DeleteMetricFilterInput, optFns ...func(*Options)) (*DeleteMetricFilterOutput, error)
// Deletes a saved CloudWatch Logs Insights query definition. A query definition
// contains details about a saved CloudWatch Logs Insights query.
//
// Each DeleteQueryDefinition operation can delete one query definition.
//
// You must have the logs:DeleteQueryDefinition permission to be able to perform
// this operation.
DeleteQueryDefinition(ctx context.Context, params *DeleteQueryDefinitionInput, optFns ...func(*Options)) (*DeleteQueryDefinitionOutput, error)
// Deletes a resource policy from this account. This revokes the access of the
// identities in that policy to put log events to this account.
DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
// Deletes the specified retention policy.
//
// Log events do not expire if they belong to log groups without a retention
// policy.
DeleteRetentionPolicy(ctx context.Context, params *DeleteRetentionPolicyInput, optFns ...func(*Options)) (*DeleteRetentionPolicyOutput, error)
// Deletes the specified subscription filter.
DeleteSubscriptionFilter(ctx context.Context, params *DeleteSubscriptionFilterInput, optFns ...func(*Options)) (*DeleteSubscriptionFilterOutput, error)
// Deletes the log transformer for the specified log group. As soon as you do
// this, the transformation of incoming log events according to that transformer
// stops. If this account has an account-level transformer that applies to this log
// group, the log group begins using that account-level transformer when this
// log-group level transformer is deleted.
//
// After you delete a transformer, be sure to edit any metric filters or
// subscription filters that relied on the transformed versions of the log events.
DeleteTransformer(ctx context.Context, params *DeleteTransformerInput, optFns ...func(*Options)) (*DeleteTransformerOutput, error)
// Returns a list of all CloudWatch Logs account policies in the account.
DescribeAccountPolicies(ctx context.Context, params *DescribeAccountPoliciesInput, optFns ...func(*Options)) (*DescribeAccountPoliciesOutput, error)
// Use this operation to return the valid and default values that are used when
// creating delivery sources, delivery destinations, and deliveries. For more
// information about deliveries, see [CreateDelivery].
//
// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
DescribeConfigurationTemplates(ctx context.Context, params *DescribeConfigurationTemplatesInput, optFns ...func(*Options)) (*DescribeConfigurationTemplatesOutput, error)
// Retrieves a list of the deliveries that have been created in the account.
//
// A delivery is a connection between a [delivery source] and a [delivery destination].
//
// A delivery source represents an Amazon Web Services resource that sends logs to
// an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3,
// or Firehose. Only some Amazon Web Services services support being configured as
// a delivery source. These services are listed in [Enable logging from Amazon Web Services services.]
//
// [delivery destination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [delivery source]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enable logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
DescribeDeliveries(ctx context.Context, params *DescribeDeliveriesInput, optFns ...func(*Options)) (*DescribeDeliveriesOutput, error)
// Retrieves a list of the delivery destinations that have been created in the
// account.
DescribeDeliveryDestinations(ctx context.Context, params *DescribeDeliveryDestinationsInput, optFns ...func(*Options)) (*DescribeDeliveryDestinationsOutput, error)
// Retrieves a list of the delivery sources that have been created in the account.
DescribeDeliverySources(ctx context.Context, params *DescribeDeliverySourcesInput, optFns ...func(*Options)) (*DescribeDeliverySourcesOutput, error)
// Lists all your destinations. The results are ASCII-sorted by destination name.
DescribeDestinations(ctx context.Context, params *DescribeDestinationsInput, optFns ...func(*Options)) (*DescribeDestinationsOutput, error)
// Lists the specified export tasks. You can list all your export tasks or filter
// the results based on task ID or task status.
DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error)
// Returns a list of field indexes listed in the field index policies of one or
// more log groups. For more information about field index policies, see [PutIndexPolicy].
//
// [PutIndexPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
DescribeFieldIndexes(ctx context.Context, params *DescribeFieldIndexesInput, optFns ...func(*Options)) (*DescribeFieldIndexesOutput, error)
// Returns the field index policies of one or more log groups. For more
// information about field index policies, see [PutIndexPolicy].
//
// If a specified log group has a log-group level index policy, that policy is
// returned by this operation.
//
// If a specified log group doesn't have a log-group level index policy, but an
// account-wide index policy applies to it, that account-wide policy is returned by
// this operation.
//
// To find information about only account-level policies, use [DescribeAccountPolicies] instead.
//
// [PutIndexPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
// [DescribeAccountPolicies]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html
DescribeIndexPolicies(ctx context.Context, params *DescribeIndexPoliciesInput, optFns ...func(*Options)) (*DescribeIndexPoliciesOutput, error)
// Lists the specified log groups. You can list all your log groups or filter the
// results by prefix. The results are ASCII-sorted by log group name.
//
// CloudWatch Logs doesn't support IAM policies that control access to the
// DescribeLogGroups action by using the aws:ResourceTag/key-name condition key.
// Other CloudWatch Logs actions do support the use of the
// aws:ResourceTag/key-name condition key to control access. For more information
// about using tags to control access, see [Controlling access to Amazon Web Services resources using tags].
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [Controlling access to Amazon Web Services resources using tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
DescribeLogGroups(ctx context.Context, params *DescribeLogGroupsInput, optFns ...func(*Options)) (*DescribeLogGroupsOutput, error)
// Lists the log streams for the specified log group. You can list all the log
// streams or filter the results by prefix. You can also control how the results
// are ordered.
//
// You can specify the log group to search by using either logGroupIdentifier or
// logGroupName . You must include one of these two parameters, but you can't
// include both.
//
// This operation has a limit of five transactions per second, after which
// transactions are throttled.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
DescribeLogStreams(ctx context.Context, params *DescribeLogStreamsInput, optFns ...func(*Options)) (*DescribeLogStreamsOutput, error)
// Lists the specified metric filters. You can list all of the metric filters or
// filter the results by log name, prefix, metric name, or metric namespace. The
// results are ASCII-sorted by filter name.
DescribeMetricFilters(ctx context.Context, params *DescribeMetricFiltersInput, optFns ...func(*Options)) (*DescribeMetricFiltersOutput, error)
// Returns a list of CloudWatch Logs Insights queries that are scheduled, running,
// or have been run recently in this account. You can request all queries or limit
// it to queries of a specific log group or queries with a certain status.
DescribeQueries(ctx context.Context, params *DescribeQueriesInput, optFns ...func(*Options)) (*DescribeQueriesOutput, error)
// This operation returns a paginated list of your saved CloudWatch Logs Insights
// query definitions. You can retrieve query definitions from the current account
// or from a source account that is linked to the current account.
//
// You can use the queryDefinitionNamePrefix parameter to limit the results to
// only the query definitions that have names that start with a certain string.
DescribeQueryDefinitions(ctx context.Context, params *DescribeQueryDefinitionsInput, optFns ...func(*Options)) (*DescribeQueryDefinitionsOutput, error)
// Lists the resource policies in this account.
DescribeResourcePolicies(ctx context.Context, params *DescribeResourcePoliciesInput, optFns ...func(*Options)) (*DescribeResourcePoliciesOutput, error)
// Lists the subscription filters for the specified log group. You can list all
// the subscription filters or filter the results by prefix. The results are
// ASCII-sorted by filter name.
DescribeSubscriptionFilters(ctx context.Context, params *DescribeSubscriptionFiltersInput, optFns ...func(*Options)) (*DescribeSubscriptionFiltersOutput, error)
// Disassociates the specified KMS key from the specified log group or from all
// CloudWatch Logs Insights query results in the account.
//
// When you use DisassociateKmsKey , you specify either the logGroupName parameter
// or the resourceIdentifier parameter. You can't specify both of those parameters
// in the same operation.
//
// - Specify the logGroupName parameter to stop using the KMS key to encrypt
// future log events ingested and stored in the log group. Instead, they will be
// encrypted with the default CloudWatch Logs method. The log events that were
// ingested while the key was associated with the log group are still encrypted
// with that key. Therefore, CloudWatch Logs will need permissions for the key
// whenever that data is accessed.
//
// - Specify the resourceIdentifier parameter with the query-result resource to
// stop using the KMS key to encrypt the results of all future [StartQuery]operations in the
// account. They will instead be encrypted with the default CloudWatch Logs method.
// The results from queries that ran while the key was associated with the account
// are still encrypted with that key. Therefore, CloudWatch Logs will need
// permissions for the key whenever that data is accessed.
//
// It can take up to 5 minutes for this operation to take effect.
//
// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
DisassociateKmsKey(ctx context.Context, params *DisassociateKmsKeyInput, optFns ...func(*Options)) (*DisassociateKmsKeyOutput, error)
// Lists log events from the specified log group. You can list all the log events
// or filter the results using a filter pattern, a time range, and the name of the
// log stream.
//
// You must have the logs:FilterLogEvents permission to perform this operation.
//
// You can specify the log group to search by using either logGroupIdentifier or
// logGroupName . You must include one of these two parameters, but you can't
// include both.
//
// By default, this operation returns as many log events as can fit in 1 MB (up to
// 10,000 log events) or all the events found within the specified time range. If
// the results include a token, that means there are more log events available. You
// can get additional results by specifying the token in a subsequent call. This
// operation can return empty results while there are more log events available
// through the token.
//
// The returned log events are sorted by event timestamp, the timestamp when the
// event was ingested by CloudWatch Logs, and the ID of the PutLogEvents request.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
FilterLogEvents(ctx context.Context, params *FilterLogEventsInput, optFns ...func(*Options)) (*FilterLogEventsOutput, error)
// Returns information about a log group data protection policy.
GetDataProtectionPolicy(ctx context.Context, params *GetDataProtectionPolicyInput, optFns ...func(*Options)) (*GetDataProtectionPolicyOutput, error)
// Returns complete information about one logical delivery. A delivery is a
// connection between a [delivery source]and a [delivery destination].
//
// A delivery source represents an Amazon Web Services resource that sends logs to
// an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3,
// or Firehose. Only some Amazon Web Services services support being configured as
// a delivery source. These services are listed in [Enable logging from Amazon Web Services services.]
//
// You need to specify the delivery id in this operation. You can find the IDs of
// the deliveries in your account with the [DescribeDeliveries]operation.
//
// [delivery destination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [delivery source]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enable logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [DescribeDeliveries]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
GetDelivery(ctx context.Context, params *GetDeliveryInput, optFns ...func(*Options)) (*GetDeliveryOutput, error)
// Retrieves complete information about one delivery destination.
GetDeliveryDestination(ctx context.Context, params *GetDeliveryDestinationInput, optFns ...func(*Options)) (*GetDeliveryDestinationOutput, error)
// Retrieves the delivery destination policy assigned to the delivery destination
// that you specify. For more information about delivery destinations and their
// policies, see [PutDeliveryDestinationPolicy].
//
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
GetDeliveryDestinationPolicy(ctx context.Context, params *GetDeliveryDestinationPolicyInput, optFns ...func(*Options)) (*GetDeliveryDestinationPolicyOutput, error)
// Retrieves complete information about one delivery source.
GetDeliverySource(ctx context.Context, params *GetDeliverySourceInput, optFns ...func(*Options)) (*GetDeliverySourceOutput, error)
// Returns information about one integration between CloudWatch Logs and
// OpenSearch Service.
GetIntegration(ctx context.Context, params *GetIntegrationInput, optFns ...func(*Options)) (*GetIntegrationOutput, error)
// Retrieves information about the log anomaly detector that you specify.
GetLogAnomalyDetector(ctx context.Context, params *GetLogAnomalyDetectorInput, optFns ...func(*Options)) (*GetLogAnomalyDetectorOutput, error)
// Lists log events from the specified log stream. You can list all of the log
// events or filter using a time range.
//
// By default, this operation returns as many log events as can fit in a response
// size of 1MB (up to 10,000 log events). You can get additional log events by
// specifying one of the tokens in a subsequent call. This operation can return
// empty results while there are more log events available through the token.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// You can specify the log group to search by using either logGroupIdentifier or
// logGroupName . You must include one of these two parameters, but you can't
// include both.
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
GetLogEvents(ctx context.Context, params *GetLogEventsInput, optFns ...func(*Options)) (*GetLogEventsOutput, error)
// Returns a list of the fields that are included in log events in the specified
// log group. Includes the percentage of log events that contain each field. The
// search is limited to a time period that you specify.
//
// You can specify the log group to search by using either logGroupIdentifier or
// logGroupName . You must specify one of these parameters, but you can't specify
// both.
//
// In the results, fields that start with @ are fields generated by CloudWatch
// Logs. For example, @timestamp is the timestamp of each log event. For more
// information about the fields that are generated by CloudWatch logs, see [Supported Logs and Discovered Fields].
//
// The response results are sorted by the frequency percentage, starting with the
// highest percentage.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [Supported Logs and Discovered Fields]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html
GetLogGroupFields(ctx context.Context, params *GetLogGroupFieldsInput, optFns ...func(*Options)) (*GetLogGroupFieldsOutput, error)
// Retrieves all of the fields and values of a single log event. All fields are
// retrieved, even if the original query that produced the logRecordPointer
// retrieved only a subset of fields. Fields are returned as field name/field value
// pairs.
//
// The full unparsed log event is returned within @message .
GetLogRecord(ctx context.Context, params *GetLogRecordInput, optFns ...func(*Options)) (*GetLogRecordOutput, error)
// Returns the results from the specified query.
//
// Only the fields requested in the query are returned, along with a @ptr field,
// which is the identifier for the log record. You can use the value of @ptr in a [GetLogRecord]
// operation to get the full log record.
//
// GetQueryResults does not start running a query. To run a query, use [StartQuery]. For more
// information about how long results of previous queries are available, see [CloudWatch Logs quotas].
//
// If the value of the Status field in the output is Running , this operation
// returns only partial results. If you see a value of Scheduled or Running for
// the status, you can retry the operation later to see the final results.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account to start queries in linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [GetLogRecord]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html
// [CloudWatch Logs quotas]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch_limits_cwl.html
// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
GetQueryResults(ctx context.Context, params *GetQueryResultsInput, optFns ...func(*Options)) (*GetQueryResultsOutput, error)
// Returns the information about the log transformer associated with this log
// group.
//
// This operation returns data only for transformers created at the log group
// level. To get information for an account-level transformer, use [DescribeAccountPolicies].
//
// [DescribeAccountPolicies]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html
GetTransformer(ctx context.Context, params *GetTransformerInput, optFns ...func(*Options)) (*GetTransformerOutput, error)
// Returns a list of anomalies that log anomaly detectors have found. For details
// about the structure format of each anomaly object that is returned, see the
// example in this section.
ListAnomalies(ctx context.Context, params *ListAnomaliesInput, optFns ...func(*Options)) (*ListAnomaliesOutput, error)
// Returns a list of integrations between CloudWatch Logs and other services in
// this account. Currently, only one integration can be created in an account, and
// this integration must be with OpenSearch Service.
ListIntegrations(ctx context.Context, params *ListIntegrationsInput, optFns ...func(*Options)) (*ListIntegrationsOutput, error)
// Retrieves a list of the log anomaly detectors in the account.
ListLogAnomalyDetectors(ctx context.Context, params *ListLogAnomalyDetectorsInput, optFns ...func(*Options)) (*ListLogAnomalyDetectorsOutput, error)
// Returns a list of the log groups that were analyzed during a single CloudWatch
// Logs Insights query. This can be useful for queries that use log group name
// prefixes or the filterIndex command, because the log groups are dynamically
// selected in these cases.
//
// For more information about field indexes, see [Create field indexes to improve query performance and reduce costs].
//
// [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
ListLogGroupsForQuery(ctx context.Context, params *ListLogGroupsForQueryInput, optFns ...func(*Options)) (*ListLogGroupsForQueryOutput, error)
// Displays the tags associated with a CloudWatch Logs resource. Currently, log
// groups and destinations support tagging.
ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
// The ListTagsLogGroup operation is on the path to deprecation. We recommend that
// you use [ListTagsForResource]instead.
//
// Lists the tags for the specified log group.
//
// Deprecated: Please use the generic tagging API ListTagsForResource
//
// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
ListTagsLogGroup(ctx context.Context, params *ListTagsLogGroupInput, optFns ...func(*Options)) (*ListTagsLogGroupOutput, error)
// Creates an account-level data protection policy, subscription filter policy, or
// field index policy that applies to all log groups or a subset of log groups in
// the account.
//
// # Data protection policy
//
// A data protection policy can help safeguard sensitive data that's ingested by
// your log groups by auditing and masking the sensitive log data. Each account can
// have only one account-level data protection policy.
//
// Sensitive data is detected and masked when it is ingested into a log group.
// When you set a data protection policy, log events ingested into the log groups
// before that time are not masked.
//
// If you use PutAccountPolicy to create a data protection policy for your whole
// account, it applies to both existing log groups and all log groups that are
// created later in this account. The account-level policy is applied to existing
// log groups with eventual consistency. It might take up to 5 minutes before
// sensitive data in existing log groups begins to be masked.
//
// By default, when a user views a log event that includes masked data, the
// sensitive data is replaced by asterisks. A user who has the logs:Unmask
// permission can use a [GetLogEvents]or [FilterLogEvents] operation with the unmask parameter set to true to
// view the unmasked log events. Users with the logs:Unmask can also view unmasked
// data in the CloudWatch Logs console by running a CloudWatch Logs Insights query
// with the unmask query command.
//
// For more information, including a list of types of data that can be audited and
// masked, see [Protect sensitive log data with masking].
//
// To use the PutAccountPolicy operation for a data protection policy, you must be
// signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy
// permissions.
//
// The PutAccountPolicy operation applies to all log groups in the account. You
// can use [PutDataProtectionPolicy]to create a data protection policy that applies to just one log group.
// If a log group has its own data protection policy and the account also has an
// account-level data protection policy, then the two policies are cumulative. Any
// sensitive term specified in either policy is masked.
//
// # Subscription filter policy
//
// A subscription filter policy sets up a real-time feed of log events from
// CloudWatch Logs to other Amazon Web Services services. Account-level
// subscription filter policies apply to both existing log groups and log groups
// that are created later in this account. Supported destinations are Kinesis Data
// Streams, Firehose, and Lambda. When log events are sent to the receiving
// service, they are Base64 encoded and compressed with the GZIP format.
//
// The following destinations are supported for subscription filters:
//
// - An Kinesis Data Streams data stream in the same account as the subscription
// policy, for same-account delivery.
//
// - An Firehose data stream in the same account as the subscription policy, for
// same-account delivery.
//
// - A Lambda function in the same account as the subscription policy, for
// same-account delivery.
//
// - A logical destination in a different account created with [PutDestination], for
// cross-account delivery. Kinesis Data Streams and Firehose are supported as
// logical destinations.
//
// Each account can have one account-level subscription filter policy per Region.
// If you are updating an existing filter, you must specify the correct name in
// PolicyName . To perform a PutAccountPolicy subscription filter operation for
// any destination except a Lambda function, you must also have the iam:PassRole
// permission.
//
// # Transformer policy
//
// Creates or updates a log transformer policy for your account. You use log
// transformers to transform log events into a different format, making them easier
// for you to process and analyze. You can also transform logs from different
// sources into standardized formats that contain relevant, source-specific
// information. After you have created a transformer, CloudWatch Logs performs this
// transformation at the time of log ingestion. You can then refer to the
// transformed versions of the logs during operations such as querying with
// CloudWatch Logs Insights or creating metric filters or subscription filters.
//
// You can also use a transformer to copy metadata from metadata keys into the log
// events themselves. This metadata can include log group name, log stream name,
// account ID and Region.
//
// A transformer for a log group is a series of processors, where each processor
// applies one type of transformation to the log events ingested into this log
// group. For more information about the available processors to use in a
// transformer, see [Processors that you can use].
//
// Having log events in standardized format enables visibility across your
// applications for your log analysis, reporting, and alarming needs. CloudWatch
// Logs provides transformation for common log types with out-of-the-box
// transformation templates for major Amazon Web Services log sources such as VPC
// flow logs, Lambda, and Amazon RDS. You can use pre-built transformation
// templates or create custom transformation policies.
//
// You can create transformers only for the log groups in the Standard log class.
//
// You can have one account-level transformer policy that applies to all log
// groups in the account. Or you can create as many as 20 account-level transformer
// policies that are each scoped to a subset of log groups with the
// selectionCriteria parameter. If you have multiple account-level transformer
// policies with selection criteria, no two of them can use the same or overlapping
// log group name prefixes. For example, if you have one policy filtered to log
// groups that start with my-log , you can't have another field index policy
// filtered to my-logpprod or my-logging .
//
// You can also set up a transformer at the log-group level. For more information,
// see [PutTransformer]. If there is both a log-group level transformer created with PutTransformer
// and an account-level transformer that could apply to the same log group, the log
// group uses only the log-group level transformer. It ignores the account-level
// transformer.
//
// # Field index policy
//
// You can use field index policies to create indexes on fields found in log
// events in the log group. Creating field indexes can help lower the scan volume
// for CloudWatch Logs Insights queries that reference those fields, because these
// queries attempt to skip the processing of log events that are known to not match
// the indexed field. Good fields to index are fields that you often need to query
// for and fields or values that match only a small fraction of the total log
// events. Common examples of indexes include request ID, session ID, user IDs, or
// instance IDs. For more information, see [Create field indexes to improve query performance and reduce costs]
//
// To find the fields that are in your log group events, use the [GetLogGroupFields] operation.
//
// For example, suppose you have created a field index for requestId . Then, any
// CloudWatch Logs Insights query on that log group that includes requestId =
// value or requestId in [value, value, ...] will attempt to process only the log
// events where the indexed field matches the specified value.
//
// Matches of log events to the names of indexed fields are case-sensitive. For
// example, an indexed field of RequestId won't match a log event containing
// requestId .
//
// You can have one account-level field index policy that applies to all log
// groups in the account. Or you can create as many as 20 account-level field index
// policies that are each scoped to a subset of log groups with the
// selectionCriteria parameter. If you have multiple account-level index policies
// with selection criteria, no two of them can use the same or overlapping log
// group name prefixes. For example, if you have one policy filtered to log groups
// that start with my-log , you can't have another field index policy filtered to
// my-logpprod or my-logging .
//
// If you create an account-level field index policy in a monitoring account in
// cross-account observability, the policy is applied only to the monitoring
// account and not to any source accounts.
//
// If you want to create a field index policy for a single log group, you can use [PutIndexPolicy]
// instead of PutAccountPolicy . If you do so, that log group will use only that
// log-group level policy, and will ignore the account-level policy that you create
// with [PutAccountPolicy].
//
// [PutDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
// [PutTransformer]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
// [PutIndexPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
// [PutDataProtectionPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
// [Protect sensitive log data with masking]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
// [FilterLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
// [GetLogGroupFields]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html
// [Processors that you can use]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
// [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
// [GetLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
PutAccountPolicy(ctx context.Context, params *PutAccountPolicyInput, optFns ...func(*Options)) (*PutAccountPolicyOutput, error)
// Creates a data protection policy for the specified log group. A data protection
// policy can help safeguard sensitive data that's ingested by the log group by
// auditing and masking the sensitive log data.
//
// Sensitive data is detected and masked when it is ingested into the log group.
// When you set a data protection policy, log events ingested into the log group
// before that time are not masked.
//
// By default, when a user views a log event that includes masked data, the
// sensitive data is replaced by asterisks. A user who has the logs:Unmask
// permission can use a [GetLogEvents]or [FilterLogEvents] operation with the unmask parameter set to true to
// view the unmasked log events. Users with the logs:Unmask can also view unmasked
// data in the CloudWatch Logs console by running a CloudWatch Logs Insights query
// with the unmask query command.
//
// For more information, including a list of types of data that can be audited and
// masked, see [Protect sensitive log data with masking].
//
// The PutDataProtectionPolicy operation applies to only the specified log group.
// You can also use [PutAccountPolicy]to create an account-level data protection policy that applies
// to all log groups in the account, including both existing log groups and log
// groups that are created level. If a log group has its own data protection policy
// and the account also has an account-level data protection policy, then the two
// policies are cumulative. Any sensitive term specified in either policy is
// masked.
//
// [Protect sensitive log data with masking]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
// [FilterLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
// [GetLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
PutDataProtectionPolicy(ctx context.Context, params *PutDataProtectionPolicyInput, optFns ...func(*Options)) (*PutDataProtectionPolicyOutput, error)
// Creates or updates a logical delivery destination. A delivery destination is an
// Amazon Web Services resource that represents an Amazon Web Services service that
// logs can be sent to. CloudWatch Logs, Amazon S3, and Firehose are supported as
// logs delivery destinations.
//
// To configure logs delivery between a supported Amazon Web Services service and
// a destination, you must do the following:
//
// - Create a delivery source, which is a logical object that represents the
// resource that is actually sending the logs. For more information, see [PutDeliverySource].
//
// - Use PutDeliveryDestination to create a delivery destination, which is a
// logical object that represents the actual delivery destination.
//
// - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy]in the destination
// account to assign an IAM policy to the destination. This policy allows delivery
// to that destination.
//
// - Use CreateDelivery to create a delivery by pairing exactly one delivery
// source and one delivery destination. For more information, see [CreateDelivery].
//
// You can configure a single delivery source to send logs to multiple
// destinations by creating multiple deliveries. You can also create multiple
// deliveries to configure multiple delivery sources to send logs to the same
// delivery destination.
//
// Only some Amazon Web Services services support being configured as a delivery
// source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from Amazon Web Services services.]
//
// If you use this operation to update an existing delivery destination, all the
// current delivery destination parameters are overwritten with the new parameter
// values that you specify.
//
// [PutDeliverySource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
PutDeliveryDestination(ctx context.Context, params *PutDeliveryDestinationInput, optFns ...func(*Options)) (*PutDeliveryDestinationOutput, error)
// Creates and assigns an IAM policy that grants permissions to CloudWatch Logs to
// deliver logs cross-account to a specified destination in this account. To
// configure the delivery of logs from an Amazon Web Services service in another
// account to a logs delivery destination in the current account, you must do the
// following:
//
// - Create a delivery source, which is a logical object that represents the
// resource that is actually sending the logs. For more information, see [PutDeliverySource].
//
// - Create a delivery destination, which is a logical object that represents
// the actual delivery destination. For more information, see [PutDeliveryDestination].
//
// - Use this operation in the destination account to assign an IAM policy to
// the destination. This policy allows delivery to that destination.
//
// - Create a delivery by pairing exactly one delivery source and one delivery
// destination. For more information, see [CreateDelivery].
//
// Only some Amazon Web Services services support being configured as a delivery
// source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from Amazon Web Services services.]
//
// The contents of the policy must include two statements. One statement enables
// general logs delivery, and the other allows delivery to the chosen destination.
// See the examples for the needed policies.
//
// [PutDeliveryDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [PutDeliverySource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
PutDeliveryDestinationPolicy(ctx context.Context, params *PutDeliveryDestinationPolicyInput, optFns ...func(*Options)) (*PutDeliveryDestinationPolicyOutput, error)
// Creates or updates a logical delivery source. A delivery source represents an
// Amazon Web Services resource that sends logs to an logs delivery destination.
// The destination can be CloudWatch Logs, Amazon S3, or Firehose.
//
// To configure logs delivery between a delivery destination and an Amazon Web
// Services service that is supported as a delivery source, you must do the
// following:
//
// - Use PutDeliverySource to create a delivery source, which is a logical object
// that represents the resource that is actually sending the logs.
//
// - Use PutDeliveryDestination to create a delivery destination, which is a
// logical object that represents the actual delivery destination. For more
// information, see [PutDeliveryDestination].
//
// - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy]in the destination
// account to assign an IAM policy to the destination. This policy allows delivery
// to that destination.
//
// - Use CreateDelivery to create a delivery by pairing exactly one delivery
// source and one delivery destination. For more information, see [CreateDelivery].
//
// You can configure a single delivery source to send logs to multiple
// destinations by creating multiple deliveries. You can also create multiple
// deliveries to configure multiple delivery sources to send logs to the same
// delivery destination.
//
// Only some Amazon Web Services services support being configured as a delivery
// source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from Amazon Web Services services.]
//
// If you use this operation to update an existing delivery source, all the
// current delivery source parameters are overwritten with the new parameter values
// that you specify.
//
// [PutDeliveryDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
PutDeliverySource(ctx context.Context, params *PutDeliverySourceInput, optFns ...func(*Options)) (*PutDeliverySourceOutput, error)
// Creates or updates a destination. This operation is used only to create
// destinations for cross-account subscriptions.
//
// A destination encapsulates a physical resource (such as an Amazon Kinesis
// stream). With a destination, you can subscribe to a real-time stream of log
// events for a different account, ingested using [PutLogEvents].
//
// Through an access policy, a destination controls what is written to it. By
// default, PutDestination does not set any access policy with the destination,
// which means a cross-account user cannot call [PutSubscriptionFilter]against this destination. To
// enable this, the destination owner must call [PutDestinationPolicy]after PutDestination .
//
// To perform a PutDestination operation, you must also have the iam:PassRole
// permission.
//
// [PutSubscriptionFilter]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html
// [PutLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
// [PutDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html
PutDestination(ctx context.Context, params *PutDestinationInput, optFns ...func(*Options)) (*PutDestinationOutput, error)
// Creates or updates an access policy associated with an existing destination. An
// access policy is an [IAM policy document]that is used to authorize claims to register a subscription
// filter against a given destination.
//
// [IAM policy document]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html
PutDestinationPolicy(ctx context.Context, params *PutDestinationPolicyInput, optFns ...func(*Options)) (*PutDestinationPolicyOutput, error)
// Creates or updates a field index policy for the specified log group. Only log
// groups in the Standard log class support field index policies. For more
// information about log classes, see [Log classes].
//
// You can use field index policies to create field indexes on fields found in log
// events in the log group. Creating field indexes speeds up and lowers the costs
// for CloudWatch Logs Insights queries that reference those field indexes, because
// these queries attempt to skip the processing of log events that are known to not
// match the indexed field. Good fields to index are fields that you often need to
// query for and fields or values that match only a small fraction of the total log
// events. Common examples of indexes include request ID, session ID, userID, and
// instance IDs. For more information, see [Create field indexes to improve query performance and reduce costs].
//
// To find the fields that are in your log group events, use the [GetLogGroupFields] operation.
//
// For example, suppose you have created a field index for requestId . Then, any
// CloudWatch Logs Insights query on that log group that includes requestId =
// value or requestId IN [value, value, ...] will process fewer log events to
// reduce costs, and have improved performance.
//
// Each index policy has the following quotas and restrictions:
//
// - As many as 20 fields can be included in the policy.
//
// - Each field name can include as many as 100 characters.
//
// Matches of log events to the names of indexed fields are case-sensitive. For
// example, a field index of RequestId won't match a log event containing requestId
// .
//
// Log group-level field index policies created with PutIndexPolicy override
// account-level field index policies created with [PutAccountPolicy]. If you use PutIndexPolicy to
// create a field index policy for a log group, that log group uses only that
// policy. The log group ignores any account-wide field index policy that you might
// have created.
//
// [Log classes]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html
// [GetLogGroupFields]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html
// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
// [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
PutIndexPolicy(ctx context.Context, params *PutIndexPolicyInput, optFns ...func(*Options)) (*PutIndexPolicyOutput, error)
// Creates an integration between CloudWatch Logs and another service in this
// account. Currently, only integrations with OpenSearch Service are supported, and
// currently you can have only one integration in your account.
//
// Integrating with OpenSearch Service makes it possible for you to create curated
// vended logs dashboards, powered by OpenSearch Service analytics. For more
// information, see [Vended log dashboards powered by Amazon OpenSearch Service].
//
// You can use this operation only to create a new integration. You can't modify
// an existing integration.
//
// [Vended log dashboards powered by Amazon OpenSearch Service]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-OpenSearch-Dashboards.html
PutIntegration(ctx context.Context, params *PutIntegrationInput, optFns ...func(*Options)) (*PutIntegrationOutput, error)
// Uploads a batch of log events to the specified log stream.
//
// The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions
// are always accepted and never return InvalidSequenceTokenException or
// DataAlreadyAcceptedException even if the sequence token is not valid. You can
// use parallel PutLogEvents actions on the same log stream.
//
// The batch of events must satisfy the following constraints:
//
// - The maximum batch size is 1,048,576 bytes. This size is calculated as the
// sum of all event messages in UTF-8, plus 26 bytes for each log event.
//
// - None of the log events in the batch can be more than 2 hours in the future.
//
// - None of the log events in the batch can be more than 14 days in the past.
// Also, none of the log events can be from earlier than the retention period of
// the log group.
//
// - The log events in the batch must be in chronological order by their
// timestamp. The timestamp is the time that the event occurred, expressed as the
// number of milliseconds after Jan 1, 1970 00:00:00 UTC . (In Amazon Web
// Services Tools for PowerShell and the Amazon Web Services SDK for .NET, the
// timestamp is specified in .NET format: yyyy-mm-ddThh:mm:ss . For example,
// 2017-09-15T13:45:30 .)
//
// - A batch of log events in a single request cannot span more than 24 hours.
// Otherwise, the operation fails.
//
// - Each log event can be no larger than 256 KB.
//
// - The maximum number of log events in a batch is 10,000.
//
// - The quota of five requests per second per log stream has been removed.
// Instead, PutLogEvents actions are throttled based on a per-second per-account
// quota. You can request an increase to the per-second throttling quota by using
// the Service Quotas service.
//
// If a call to PutLogEvents returns "UnrecognizedClientException" the most likely
// cause is a non-valid Amazon Web Services access key ID or secret key.
PutLogEvents(ctx context.Context, params *PutLogEventsInput, optFns ...func(*Options)) (*PutLogEventsOutput, error)
// Creates or updates a metric filter and associates it with the specified log
// group. With metric filters, you can configure rules to extract metric data from
// log events ingested through [PutLogEvents].
//
// The maximum number of metric filters that can be associated with a log group is
// 100.
//
// Using regular expressions to create metric filters is supported. For these
// filters, there is a quota of two regular expression patterns within a single
// filter pattern. There is also a quota of five regular expression patterns per
// log group. For more information about using regular expressions in metric
// filters, see [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail].
//
// When you create a metric filter, you can also optionally assign a unit and
// dimensions to the metric that is created.
//
// Metrics extracted from log events are charged as custom metrics. To prevent
// unexpected high charges, do not specify high-cardinality fields such as
// IPAddress or requestID as dimensions. Each different value found for a
// dimension is treated as a separate metric and accrues charges as a separate
// custom metric.
//
// CloudWatch Logs might disable a metric filter if it generates 1,000 different
// name/value pairs for your specified dimensions within one hour.
//
// You can also set up a billing alarm to alert you if your charges are higher
// than expected. For more information, see [Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges].
//
// [Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html
// [PutLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
// [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
PutMetricFilter(ctx context.Context, params *PutMetricFilterInput, optFns ...func(*Options)) (*PutMetricFilterOutput, error)
// Creates or updates a query definition for CloudWatch Logs Insights. For more
// information, see [Analyzing Log Data with CloudWatch Logs Insights].
//
// To update a query definition, specify its queryDefinitionId in your request.
// The values of name , queryString , and logGroupNames are changed to the values
// that you specify in your update operation. No current values are retained from
// the current query definition. For example, imagine updating a current query
// definition that includes log groups. If you don't specify the logGroupNames
// parameter in your update operation, the query definition changes to contain no
// log groups.
//
// You must have the logs:PutQueryDefinition permission to be able to perform this
// operation.
//
// [Analyzing Log Data with CloudWatch Logs Insights]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html
PutQueryDefinition(ctx context.Context, params *PutQueryDefinitionInput, optFns ...func(*Options)) (*PutQueryDefinitionOutput, error)
// Creates or updates a resource policy allowing other Amazon Web Services
// services to put log events to this account, such as Amazon Route 53. An account
// can have up to 10 resource policies per Amazon Web Services Region.
PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
// Sets the retention of the specified log group. With a retention policy, you can
// configure the number of days for which to retain log events in the specified log
// group.
//
// CloudWatch Logs doesn't immediately delete log events when they reach their
// retention setting. It typically takes up to 72 hours after that before log
// events are deleted, but in rare situations might take longer.
//
// To illustrate, imagine that you change a log group to have a longer retention
// setting when it contains log events that are past the expiration date, but
// haven't been deleted. Those log events will take up to 72 hours to be deleted
// after the new retention date is reached. To make sure that log data is deleted
// permanently, keep a log group at its lower retention setting until 72 hours
// after the previous retention period ends. Alternatively, wait to change the
// retention setting until you confirm that the earlier log events are deleted.
//
// When log events reach their retention setting they are marked for deletion.
// After they are marked for deletion, they do not add to your archival storage
// costs anymore, even if they are not actually deleted until later. These log
// events marked for deletion are also not included when you use an API to retrieve
// the storedBytes value to see how many bytes a log group is storing.
PutRetentionPolicy(ctx context.Context, params *PutRetentionPolicyInput, optFns ...func(*Options)) (*PutRetentionPolicyOutput, error)
// Creates or updates a subscription filter and associates it with the specified
// log group. With subscription filters, you can subscribe to a real-time stream of
// log events ingested through [PutLogEvents]and have them delivered to a specific destination.
// When log events are sent to the receiving service, they are Base64 encoded and
// compressed with the GZIP format.
//
// The following destinations are supported for subscription filters:
//
// - An Amazon Kinesis data stream belonging to the same account as the
// subscription filter, for same-account delivery.
//
// - A logical destination created with [PutDestination]that belongs to a different account, for
// cross-account delivery. We currently support Kinesis Data Streams and Firehose
// as logical destinations.
//
// - An Amazon Kinesis Data Firehose delivery stream that belongs to the same
// account as the subscription filter, for same-account delivery.
//
// - An Lambda function that belongs to the same account as the subscription
// filter, for same-account delivery.
//
// Each log group can have up to two subscription filters associated with it. If
// you are updating an existing filter, you must specify the correct name in
// filterName .
//
// Using regular expressions to create subscription filters is supported. For
// these filters, there is a quotas of quota of two regular expression patterns
// within a single filter pattern. There is also a quota of five regular expression
// patterns per log group. For more information about using regular expressions in
// subscription filters, see [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail].
//
// To perform a PutSubscriptionFilter operation for any destination except a
// Lambda function, you must also have the iam:PassRole permission.
//
// [PutDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
// [PutLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
// [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
PutSubscriptionFilter(ctx context.Context, params *PutSubscriptionFilterInput, optFns ...func(*Options)) (*PutSubscriptionFilterOutput, error)
// Creates or updates a log transformer for a single log group. You use log
// transformers to transform log events into a different format, making them easier
// for you to process and analyze. You can also transform logs from different
// sources into standardized formats that contains relevant, source-specific
// information.
//
// After you have created a transformer, CloudWatch Logs performs the
// transformations at the time of log ingestion. You can then refer to the
// transformed versions of the logs during operations such as querying with
// CloudWatch Logs Insights or creating metric filters or subscription filers.
//
// You can also use a transformer to copy metadata from metadata keys into the log
// events themselves. This metadata can include log group name, log stream name,
// account ID and Region.
//
// A transformer for a log group is a series of processors, where each processor
// applies one type of transformation to the log events ingested into this log
// group. The processors work one after another, in the order that you list them,
// like a pipeline. For more information about the available processors to use in a
// transformer, see [Processors that you can use].
//
// Having log events in standardized format enables visibility across your
// applications for your log analysis, reporting, and alarming needs. CloudWatch
// Logs provides transformation for common log types with out-of-the-box
// transformation templates for major Amazon Web Services log sources such as VPC
// flow logs, Lambda, and Amazon RDS. You can use pre-built transformation
// templates or create custom transformation policies.
//
// You can create transformers only for the log groups in the Standard log class.
//
// You can also set up a transformer at the account level. For more information,
// see [PutAccountPolicy]. If there is both a log-group level transformer created with PutTransformer
// and an account-level transformer that could apply to the same log group, the log
// group uses only the log-group level transformer. It ignores the account-level
// transformer.
//
// [Processors that you can use]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
PutTransformer(ctx context.Context, params *PutTransformerInput, optFns ...func(*Options)) (*PutTransformerOutput, error)
// Starts a Live Tail streaming session for one or more log groups. A Live Tail
// session returns a stream of log events that have been recently ingested in the
// log groups. For more information, see [Use Live Tail to view logs in near real time].
//
// The response to this operation is a response stream, over which the server
// sends live log events and the client receives them.
//
// The following objects are sent over the stream:
//
// - A single [LiveTailSessionStart]object is sent at the start of the session.
//
// - Every second, a [LiveTailSessionUpdate]object is sent. Each of these objects contains an array of
// the actual log events.
//
// If no new log events were ingested in the past second, the LiveTailSessionUpdate
//
// object will contain an empty array.
//
// The array of log events contained in a LiveTailSessionUpdate can include as many
//
// as 500 log events. If the number of log events matching the request exceeds 500
// per second, the log events are sampled down to 500 log events to be included in
// each LiveTailSessionUpdate object.
//
// If your client consumes the log events slower than the server produces them,
//
// CloudWatch Logs buffers up to 10 LiveTailSessionUpdate events or 5000 log
// events, after which it starts dropping the oldest events.
//
// - A [SessionStreamingException]object is returned if an unknown error occurs on the server side.
//
// - A [SessionTimeoutException]object is returned when the session times out, after it has been kept
// open for three hours.
//
// You can end a session before it times out by closing the session stream or by
// closing the client that is receiving the stream. The session also ends if the
// established connection between the client and the server breaks.
//
// For examples of using an SDK to start a Live Tail session, see [Start a Live Tail session using an Amazon Web Services SDK].
//
// [LiveTailSessionStart]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionStart.html
// [LiveTailSessionUpdate]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionUpdate.html
// [Use Live Tail to view logs in near real time]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs_LiveTail.html
// [Start a Live Tail session using an Amazon Web Services SDK]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/example_cloudwatch-logs_StartLiveTail_section.html
//
// [SessionTimeoutException]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTailResponseStream.html#CWL-Type-StartLiveTailResponseStream-SessionTimeoutException
// [SessionStreamingException]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTailResponseStream.html#CWL-Type-StartLiveTailResponseStream-SessionStreamingException
StartLiveTail(ctx context.Context, params *StartLiveTailInput, optFns ...func(*Options)) (*StartLiveTailOutput, error)
// Starts a query of one or more log groups using CloudWatch Logs Insights. You
// specify the log groups and time range to query and the query string to use.
//
// For more information, see [CloudWatch Logs Insights Query Syntax].
//
// After you run a query using StartQuery , the query results are stored by
// CloudWatch Logs. You can use [GetQueryResults]to retrieve the results of a query, using the
// queryId that StartQuery returns.
//
// To specify the log groups to query, a StartQuery operation must include one of
// the following:
//
// - Either exactly one of the following parameters: logGroupName , logGroupNames
// , or logGroupIdentifiers
//
// - Or the queryString must include a SOURCE command to select log groups for
// the query. The SOURCE command can select log groups based on log group name
// prefix, account ID, and log class.
//
// For more information about the SOURCE command, see [SOURCE].
//
// If you have associated a KMS key with the query results in this account, then [StartQuery]
// uses that key to encrypt the results when it stores them. If no key is
// associated with query results, the query results are encrypted with the default
// CloudWatch Logs encryption method.
//
// Queries time out after 60 minutes of runtime. If your queries are timing out,
// reduce the time range being searched or partition your query into a number of
// queries.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account to start a query in a linked source account.
// For more information, see [CloudWatch cross-account observability]. For a cross-account StartQuery operation, the query
// definition must be defined in the monitoring account.
//
// You can have up to 30 concurrent CloudWatch Logs insights queries, including
// queries that have been added to dashboards.
//
// [CloudWatch Logs Insights Query Syntax]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [SOURCE]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax-Source.html
// [GetQueryResults]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html
// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
StartQuery(ctx context.Context, params *StartQueryInput, optFns ...func(*Options)) (*StartQueryOutput, error)
// Stops a CloudWatch Logs Insights query that is in progress. If the query has
// already ended, the operation returns an error indicating that the specified
// query is not running.
StopQuery(ctx context.Context, params *StopQueryInput, optFns ...func(*Options)) (*StopQueryOutput, error)
// The TagLogGroup operation is on the path to deprecation. We recommend that you
// use [TagResource]instead.
//
// Adds or updates the specified tags for the specified log group.
//
// To list the tags for a log group, use [ListTagsForResource]. To remove tags, use [UntagResource].
//
// For more information about tags, see [Tag Log Groups in Amazon CloudWatch Logs] in the Amazon CloudWatch Logs User Guide.
//
// CloudWatch Logs doesn't support IAM policies that prevent users from assigning
// specified tags to log groups using the aws:Resource/key-name or aws:TagKeys
// condition keys. For more information about using tags to control access, see [Controlling access to Amazon Web Services resources using tags].
//
// Deprecated: Please use the generic tagging API TagResource
//
// [TagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html
// [UntagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html
// [Tag Log Groups in Amazon CloudWatch Logs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#log-group-tagging
// [Controlling access to Amazon Web Services resources using tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
TagLogGroup(ctx context.Context, params *TagLogGroupInput, optFns ...func(*Options)) (*TagLogGroupOutput, error)
// Assigns one or more tags (key-value pairs) to the specified CloudWatch Logs
// resource. Currently, the only CloudWatch Logs resources that can be tagged are
// log groups and destinations.
//
// Tags can help you organize and categorize your resources. You can also use them
// to scope user permissions by granting a user permission to access or change only
// resources with certain tag values.
//
// Tags don't have any semantic meaning to Amazon Web Services and are interpreted
// strictly as strings of characters.
//
// You can use the TagResource action with a resource that already has tags. If
// you specify a new tag key for the alarm, this tag is appended to the list of
// tags associated with the alarm. If you specify a tag key that is already
// associated with the alarm, the new tag value that you specify replaces the
// previous value for that tag.
//
// You can associate as many as 50 tags with a CloudWatch Logs resource.
TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
// Tests the filter pattern of a metric filter against a sample of log event
// messages. You can use this operation to validate the correctness of a metric
// filter pattern.
TestMetricFilter(ctx context.Context, params *TestMetricFilterInput, optFns ...func(*Options)) (*TestMetricFilterOutput, error)
// Use this operation to test a log transformer. You enter the transformer
// configuration and a set of log events to test with. The operation responds with
// an array that includes the original log events and the transformed versions.
TestTransformer(ctx context.Context, params *TestTransformerInput, optFns ...func(*Options)) (*TestTransformerOutput, error)
// The UntagLogGroup operation is on the path to deprecation. We recommend that
// you use [UntagResource]instead.
//
// Removes the specified tags from the specified log group.
//
// To list the tags for a log group, use [ListTagsForResource]. To add tags, use [TagResource].
//
// CloudWatch Logs doesn't support IAM policies that prevent users from assigning
// specified tags to log groups using the aws:Resource/key-name or aws:TagKeys
// condition keys.
//
// Deprecated: Please use the generic tagging API UntagResource
//
// [TagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html
// [UntagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html
// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
UntagLogGroup(ctx context.Context, params *UntagLogGroupInput, optFns ...func(*Options)) (*UntagLogGroupOutput, error)
// Removes one or more tags from the specified resource.
UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
// Use this operation to suppress anomaly detection for a specified anomaly or
// pattern. If you suppress an anomaly, CloudWatch Logs won't report new
// occurrences of that anomaly and won't update that anomaly with new data. If you
// suppress a pattern, CloudWatch Logs won't report any anomalies related to that
// pattern.
//
// You must specify either anomalyId or patternId , but you can't specify both
// parameters in the same operation.
//
// If you have previously used this operation to suppress detection of a pattern
// or anomaly, you can use it again to cause CloudWatch Logs to end the
// suppression. To do this, use this operation and specify the anomaly or pattern
// to stop suppressing, and omit the suppressionType and suppressionPeriod
// parameters.
UpdateAnomaly(ctx context.Context, params *UpdateAnomalyInput, optFns ...func(*Options)) (*UpdateAnomalyOutput, error)
// Use this operation to update the configuration of a [delivery] to change either the S3
// path pattern or the format of the delivered logs. You can't use this operation
// to change the source or destination of the delivery.
//
// [delivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_Delivery.html
UpdateDeliveryConfiguration(ctx context.Context, params *UpdateDeliveryConfigurationInput, optFns ...func(*Options)) (*UpdateDeliveryConfigurationOutput, error)
// Updates an existing log anomaly detector.
UpdateLogAnomalyDetector(ctx context.Context, params *UpdateLogAnomalyDetectorInput, optFns ...func(*Options)) (*UpdateLogAnomalyDetectorOutput, error)
}
CloudWatchLogs provides an interface to the AWS CloudWatchLogs service.
type EC2 ¶ added in v0.94.0
type EC2 interface {
// Accepts the Convertible Reserved Instance exchange quote described in the
// GetReservedInstancesExchangeQuote call.
AcceptReservedInstancesExchangeQuote(ctx context.Context, params *AcceptReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*AcceptReservedInstancesExchangeQuoteOutput, error)
// Accepts a request to associate subnets with a transit gateway multicast domain.
AcceptTransitGatewayMulticastDomainAssociations(ctx context.Context, params *AcceptTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*AcceptTransitGatewayMulticastDomainAssociationsOutput, error)
// Accepts a transit gateway peering attachment request. The peering attachment
// must be in the pendingAcceptance state.
AcceptTransitGatewayPeeringAttachment(ctx context.Context, params *AcceptTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayPeeringAttachmentOutput, error)
// Accepts a request to attach a VPC to a transit gateway. The VPC attachment must
// be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to
// view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment
// to reject a VPC attachment request.
AcceptTransitGatewayVpcAttachment(ctx context.Context, params *AcceptTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*AcceptTransitGatewayVpcAttachmentOutput, error)
// Accepts one or more interface VPC endpoint connection requests to your VPC
// endpoint service.
AcceptVpcEndpointConnections(ctx context.Context, params *AcceptVpcEndpointConnectionsInput, optFns ...func(*Options)) (*AcceptVpcEndpointConnectionsOutput, error)
// Accept a VPC peering connection request. To accept a request, the VPC peering
// connection must be in the pending-acceptance state, and you must be the owner of
// the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC
// peering connection requests. For an inter-Region VPC peering connection request,
// you must accept the VPC peering connection in the Region of the accepter VPC.
AcceptVpcPeeringConnection(ctx context.Context, params *AcceptVpcPeeringConnectionInput, optFns ...func(*Options)) (*AcceptVpcPeeringConnectionOutput, error)
// Advertises an IPv4 or IPv6 address range that is provisioned for use with your
// Amazon Web Services resources through bring your own IP addresses (BYOIP). You
// can perform this operation at most once every 10 seconds, even if you specify
// different address ranges each time. We recommend that you stop advertising the
// BYOIP CIDR from other locations when you advertise it from Amazon Web Services.
// To minimize down time, you can configure your Amazon Web Services resources to
// use an address from a BYOIP CIDR before it is advertised, and then
// simultaneously stop advertising it from the current location and start
// advertising it through Amazon Web Services. It can take a few minutes before
// traffic to the specified addresses starts routing to Amazon Web Services because
// of BGP propagation delays. To stop advertising the BYOIP CIDR, use
// WithdrawByoipCidr.
AdvertiseByoipCidr(ctx context.Context, params *AdvertiseByoipCidrInput, optFns ...func(*Options)) (*AdvertiseByoipCidrOutput, error)
// Allocates an Elastic IP address to your Amazon Web Services account. After you
// allocate the Elastic IP address you can associate it with an instance or network
// interface. After you release an Elastic IP address, it is released to the IP
// address pool and can be allocated to a different Amazon Web Services account.
// You can allocate an Elastic IP address from an address pool owned by Amazon Web
// Services or from an address pool created from a public IPv4 address range that
// you have brought to Amazon Web Services for use with your Amazon Web Services
// resources using bring your own IP addresses (BYOIP). For more information, see
// Bring Your Own IP Addresses (BYOIP)
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the
// Amazon Elastic Compute Cloud User Guide. [EC2-VPC] If you release an Elastic IP
// address, you might be able to recover it. You cannot recover an Elastic IP
// address that you released after it is allocated to another Amazon Web Services
// account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to
// recover an Elastic IP address that you released, specify it in this operation.
// An Elastic IP address is for use either in the EC2-Classic platform or in a VPC.
// By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region
// and 5 Elastic IP addresses for EC2-VPC per Region. For more information, see
// Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide. You can allocate a carrier IP
// address which is a public IP address from a telecommunication carrier, to a
// network interface which resides in a subnet in a Wavelength Zone (for example an
// EC2 instance).
AllocateAddress(ctx context.Context, params *AllocateAddressInput, optFns ...func(*Options)) (*AllocateAddressOutput, error)
// Allocates a Dedicated Host to your account. At a minimum, specify the supported
// instance type or instance family, the Availability Zone in which to allocate the
// host, and the number of hosts to allocate.
AllocateHosts(ctx context.Context, params *AllocateHostsInput, optFns ...func(*Options)) (*AllocateHostsOutput, error)
// Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment
// from an IPAM pool to another resource or IPAM pool. For more information, see
// Allocate CIDRs in the Amazon VPC IPAM User Guide.
AllocateIpamPoolCidr(ctx context.Context, params *AllocateIpamPoolCidrInput, optFns ...func(*Options)) (*AllocateIpamPoolCidrOutput, error)
// Applies a security group to the association between the target network and the
// Client VPN endpoint. This action replaces the existing security groups with the
// specified security groups.
ApplySecurityGroupsToClientVpnTargetNetwork(ctx context.Context, params *ApplySecurityGroupsToClientVpnTargetNetworkInput, optFns ...func(*Options)) (*ApplySecurityGroupsToClientVpnTargetNetworkOutput, error)
// Assigns one or more IPv6 addresses to the specified network interface. You can
// specify one or more specific IPv6 addresses, or you can specify the number of
// IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR
// block range. You can assign as many IPv6 addresses to a network interface as you
// can assign private IPv4 addresses, and the limit varies per instance type. For
// information, see IP Addresses Per Network Interface Per Instance Type
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI)
// in the Amazon Elastic Compute Cloud User Guide. You must specify either the IPv6
// addresses or the IPv6 address count in the request. You can optionally use
// Prefix Delegation on the network interface. You must specify either the IPV6
// Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For
// information, see Assigning prefixes to Amazon EC2 network interfaces
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the
// Amazon Elastic Compute Cloud User Guide.
AssignIpv6Addresses(ctx context.Context, params *AssignIpv6AddressesInput, optFns ...func(*Options)) (*AssignIpv6AddressesOutput, error)
// Assigns one or more secondary private IP addresses to the specified network
// interface. You can specify one or more specific secondary IP addresses, or you
// can specify the number of secondary IP addresses to be automatically assigned
// within the subnet's CIDR block range. The number of secondary IP addresses that
// you can assign to an instance varies by instance type. For information about
// instance types, see Instance Types
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the
// Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP
// addresses, see Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide. When you move a secondary
// private IP address to another network interface, any Elastic IP address that is
// associated with the IP address is also moved. Remapping an IP address is an
// asynchronous operation. When you move an IP address from one network interface
// to another, check network/interfaces/macs/mac/local-ipv4s in the instance
// metadata to confirm that the remapping is complete. You must specify either the
// IP addresses or the IP address count in the request. You can optionally use
// Prefix Delegation on the network interface. You must specify either the IPv4
// Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For
// information, see Assigning prefixes to Amazon EC2 network interfaces
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the
// Amazon Elastic Compute Cloud User Guide.
AssignPrivateIpAddresses(ctx context.Context, params *AssignPrivateIpAddressesInput, optFns ...func(*Options)) (*AssignPrivateIpAddressesOutput, error)
// Associates an Elastic IP address, or carrier IP address (for instances that are
// in subnets in Wavelength Zones) with an instance or a network interface. Before
// you can use an Elastic IP address, you must allocate it to your account. An
// Elastic IP address is for use in either the EC2-Classic platform or in a VPC.
// For more information, see Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide. [EC2-Classic, VPC in an
// EC2-VPC-only account] If the Elastic IP address is already associated with a
// different instance, it is disassociated from that instance and associated with
// the specified instance. If you associate an Elastic IP address with an instance
// that has an existing Elastic IP address, the existing address is disassociated
// from the instance, but remains allocated to your account. [VPC in an EC2-Classic
// account] If you don't specify a private IP address, the Elastic IP address is
// associated with the primary IP address. If the Elastic IP address is already
// associated with a different instance or a network interface, you get an error
// unless you allow reassociation. You cannot associate an Elastic IP address with
// an instance or network interface that has an existing Elastic IP address.
// [Subnets in Wavelength Zones] You can associate an IP address from the
// telecommunication carrier to the instance or network interface. You cannot
// associate an Elastic IP address with an interface in a different network border
// group. This is an idempotent operation. If you perform the operation more than
// once, Amazon EC2 doesn't return an error, and you may be charged for each time
// the Elastic IP address is remapped to the same instance. For more information,
// see the Elastic IP Addresses section of Amazon EC2 Pricing
// (http://aws.amazon.com/ec2/pricing/).
AssociateAddress(ctx context.Context, params *AssociateAddressInput, optFns ...func(*Options)) (*AssociateAddressOutput, error)
// Associates a target network with a Client VPN endpoint. A target network is a
// subnet in a VPC. You can associate multiple subnets from the same VPC with a
// Client VPN endpoint. You can associate only one subnet in each Availability
// Zone. We recommend that you associate at least two subnets to provide
// Availability Zone redundancy. If you specified a VPC when you created the Client
// VPN endpoint or if you have previous subnet associations, the specified subnet
// must be in the same VPC. To specify a subnet that's in a different VPC, you must
// first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the
// VPC that's associated with it.
AssociateClientVpnTargetNetwork(ctx context.Context, params *AssociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*AssociateClientVpnTargetNetworkOutput, error)
// Associates a set of DHCP options (that you've previously created) with the
// specified VPC, or associates no DHCP options with the VPC. After you associate
// the options with the VPC, any existing instances and all new instances that you
// launch in that VPC use the options. You don't need to restart or relaunch the
// instances. They automatically pick up the changes within a few hours, depending
// on how frequently the instance renews its DHCP lease. You can explicitly renew
// the lease using the operating system on the instance. For more information, see
// DHCP options sets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
// Amazon Virtual Private Cloud User Guide.
AssociateDhcpOptions(ctx context.Context, params *AssociateDhcpOptionsInput, optFns ...func(*Options)) (*AssociateDhcpOptionsOutput, error)
// Associates an Identity and Access Management (IAM) role with an Certificate
// Manager (ACM) certificate. This enables the certificate to be used by the ACM
// for Nitro Enclaves application inside an enclave. For more information, see
// Certificate Manager for Nitro Enclaves
// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) in
// the Amazon Web Services Nitro Enclaves User Guide. When the IAM role is
// associated with the ACM certificate, the certificate, certificate chain, and
// encrypted private key are placed in an Amazon S3 bucket that only the associated
// IAM role can access. The private key of the certificate is encrypted with an
// Amazon Web Services managed key that has an attached attestation-based key
// policy. To enable the IAM role to access the Amazon S3 object, you must grant it
// permission to call s3:GetObject on the Amazon S3 bucket returned by the command.
// To enable the IAM role to access the KMS key, you must grant it permission to
// call kms:Decrypt on the KMS key returned by the command. For more information,
// see Grant the role permission to access the certificate and encryption key
// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy)
// in the Amazon Web Services Nitro Enclaves User Guide.
AssociateEnclaveCertificateIamRole(ctx context.Context, params *AssociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*AssociateEnclaveCertificateIamRoleOutput, error)
// Associates an IAM instance profile with a running or stopped instance. You
// cannot associate more than one IAM instance profile with an instance.
AssociateIamInstanceProfile(ctx context.Context, params *AssociateIamInstanceProfileInput, optFns ...func(*Options)) (*AssociateIamInstanceProfileOutput, error)
// Associates one or more targets with an event window. Only one type of target
// (instance IDs, Dedicated Host IDs, or tags) can be specified with an event
// window. For more information, see Define event windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
AssociateInstanceEventWindow(ctx context.Context, params *AssociateInstanceEventWindowInput, optFns ...func(*Options)) (*AssociateInstanceEventWindowOutput, error)
// Associates a subnet in your VPC or an internet gateway or virtual private
// gateway attached to your VPC with a route table in your VPC. This association
// causes traffic from the subnet or gateway to be routed according to the routes
// in the route table. The action returns an association ID, which you need in
// order to disassociate the route table later. A route table can be associated
// with multiple subnets. For more information, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
AssociateRouteTable(ctx context.Context, params *AssociateRouteTableInput, optFns ...func(*Options)) (*AssociateRouteTableOutput, error)
// Associates a CIDR block with your subnet. You can only associate a single IPv6
// CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of
// /64.
AssociateSubnetCidrBlock(ctx context.Context, params *AssociateSubnetCidrBlockInput, optFns ...func(*Options)) (*AssociateSubnetCidrBlockOutput, error)
// Associates the specified subnets and transit gateway attachments with the
// specified transit gateway multicast domain. The transit gateway attachment must
// be in the available state before you can add a resource. Use
// DescribeTransitGatewayAttachments
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html)
// to see the state of the attachment.
AssociateTransitGatewayMulticastDomain(ctx context.Context, params *AssociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*AssociateTransitGatewayMulticastDomainOutput, error)
// Associates the specified attachment with the specified transit gateway route
// table. You can associate only one route table with an attachment.
AssociateTransitGatewayRouteTable(ctx context.Context, params *AssociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*AssociateTransitGatewayRouteTableOutput, error)
// This API action is currently in limited preview only. If you are interested in
// using this feature, contact your account manager. Associates a branch network
// interface with a trunk network interface. Before you create the association, run
// the create-network-interface
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html)
// command and set --interface-type to trunk. You must also create a network
// interface for each branch network interface that you want to associate with the
// trunk network interface.
AssociateTrunkInterface(ctx context.Context, params *AssociateTrunkInterfaceInput, optFns ...func(*Options)) (*AssociateTrunkInterfaceOutput, error)
// Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR
// block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6
// address pool that you provisioned through bring your own IP addresses (BYOIP
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). The IPv6
// CIDR block size is fixed at /56. You must specify one of the following in the
// request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR
// block. For more information about associating CIDR blocks with your VPC and
// applicable restrictions, see VPC and subnet sizing
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing)
// in the Amazon Virtual Private Cloud User Guide.
AssociateVpcCidrBlock(ctx context.Context, params *AssociateVpcCidrBlockInput, optFns ...func(*Options)) (*AssociateVpcCidrBlockOutput, error)
// Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more
// of the VPC's security groups. You cannot link an EC2-Classic instance to more
// than one VPC at a time. You can only link an instance that's in the running
// state. An instance is automatically unlinked from a VPC when it's stopped - you
// can link it to the VPC again when you restart it. After you've linked an
// instance, you cannot change the VPC security groups that are associated with it.
// To change the security groups, you must first unlink the instance, and then link
// it again. Linking your instance to a VPC is sometimes referred to as attaching
// your instance.
AttachClassicLinkVpc(ctx context.Context, params *AttachClassicLinkVpcInput, optFns ...func(*Options)) (*AttachClassicLinkVpcOutput, error)
// Attaches an internet gateway or a virtual private gateway to a VPC, enabling
// connectivity between the internet and the VPC. For more information about your
// VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide
// (https://docs.aws.amazon.com/vpc/latest/userguide/).
AttachInternetGateway(ctx context.Context, params *AttachInternetGatewayInput, optFns ...func(*Options)) (*AttachInternetGatewayOutput, error)
// Attaches a network interface to an instance.
AttachNetworkInterface(ctx context.Context, params *AttachNetworkInterfaceInput, optFns ...func(*Options)) (*AttachNetworkInterfaceOutput, error)
// Attaches an EBS volume to a running or stopped instance and exposes it to the
// instance with the specified device name. Encrypted EBS volumes must be attached
// to instances that support Amazon EBS encryption. For more information, see
// Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide. After you attach an EBS volume, you
// must make it available. For more information, see Make an EBS volume available
// for use
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html). If
// a volume has an Amazon Web Services Marketplace product code:
//
// * The volume can
// be attached only to a stopped instance.
//
// * Amazon Web Services Marketplace
// product codes are copied from the volume to the instance.
//
// * You must be
// subscribed to the product.
//
// * The instance type and operating system of the
// instance must support the product. For example, you can't detach a volume from a
// Windows instance and attach it to a Linux instance.
//
// For more information, see
// Attach an Amazon EBS volume to an instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html)
// in the Amazon Elastic Compute Cloud User Guide.
AttachVolume(ctx context.Context, params *AttachVolumeInput, optFns ...func(*Options)) (*AttachVolumeOutput, error)
// Attaches a virtual private gateway to a VPC. You can attach one virtual private
// gateway to one VPC at a time. For more information, see Amazon Web Services
// Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in
// the Amazon Web Services Site-to-Site VPN User Guide.
AttachVpnGateway(ctx context.Context, params *AttachVpnGatewayInput, optFns ...func(*Options)) (*AttachVpnGatewayOutput, error)
// Adds an ingress authorization rule to a Client VPN endpoint. Ingress
// authorization rules act as firewall rules that grant access to networks. You
// must configure ingress authorization rules to enable clients to access resources
// in Amazon Web Services or on-premises networks.
AuthorizeClientVpnIngress(ctx context.Context, params *AuthorizeClientVpnIngressInput, optFns ...func(*Options)) (*AuthorizeClientVpnIngressOutput, error)
// [VPC only] Adds the specified outbound (egress) rules to a security group for
// use with a VPC. An outbound rule permits instances to send traffic to the
// specified IPv4 or IPv6 CIDR address ranges, or to the instances that are
// associated with the specified source security groups. You specify a protocol for
// each rule (for example, TCP). For the TCP and UDP protocols, you must also
// specify the destination port or port range. For the ICMP protocol, you must also
// specify the ICMP type and code. You can use -1 for the type or code to mean all
// types or all codes. Rule changes are propagated to affected instances as quickly
// as possible. However, a small delay might occur. For information about VPC
// security group quotas, see Amazon VPC quotas
// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
AuthorizeSecurityGroupEgress(ctx context.Context, params *AuthorizeSecurityGroupEgressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupEgressOutput, error)
// Adds the specified inbound (ingress) rules to a security group. An inbound rule
// permits instances to receive traffic from the specified IPv4 or IPv6 CIDR
// address range, or from the instances that are associated with the specified
// destination security groups. You specify a protocol for each rule (for example,
// TCP). For TCP and UDP, you must also specify the destination port or port range.
// For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can
// use -1 to mean all types or all codes. Rule changes are propagated to instances
// within the security group as quickly as possible. However, a small delay might
// occur. For more information about VPC security group quotas, see Amazon VPC
// quotas
// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
AuthorizeSecurityGroupIngress(ctx context.Context, params *AuthorizeSecurityGroupIngressInput, optFns ...func(*Options)) (*AuthorizeSecurityGroupIngressOutput, error)
// Bundles an Amazon instance store-backed Windows instance. During bundling, only
// the root device volume (C:\) is bundled. Data on other instance store volumes is
// not preserved. This action is not applicable for Linux/Unix instances or Windows
// instances that are backed by Amazon EBS.
BundleInstance(ctx context.Context, params *BundleInstanceInput, optFns ...func(*Options)) (*BundleInstanceOutput, error)
// Cancels a bundling operation for an instance store-backed Windows instance.
CancelBundleTask(ctx context.Context, params *CancelBundleTaskInput, optFns ...func(*Options)) (*CancelBundleTaskOutput, error)
// Cancels the specified Capacity Reservation, releases the reserved capacity, and
// changes the Capacity Reservation's state to cancelled. Instances running in the
// reserved capacity continue running until you stop them. Stopped instances that
// target the Capacity Reservation can no longer launch. Modify these instances to
// either target a different Capacity Reservation, launch On-Demand Instance
// capacity, or run in any open Capacity Reservation that has matching attributes
// and sufficient capacity.
CancelCapacityReservation(ctx context.Context, params *CancelCapacityReservationInput, optFns ...func(*Options)) (*CancelCapacityReservationOutput, error)
// Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity
// Reservation Fleet, the following happens:
//
// * The Capacity Reservation Fleet's
// status changes to cancelled.
//
// * The individual Capacity Reservations in the
// Fleet are cancelled. Instances running in the Capacity Reservations at the time
// of cancelling the Fleet continue to run in shared capacity.
//
// * The Fleet stops
// creating new Capacity Reservations.
CancelCapacityReservationFleets(ctx context.Context, params *CancelCapacityReservationFleetsInput, optFns ...func(*Options)) (*CancelCapacityReservationFleetsOutput, error)
// Cancels an active conversion task. The task can be the import of an instance or
// volume. The action removes all artifacts of the conversion, including a
// partially uploaded volume or instance. If the conversion is complete or is in
// the process of transferring the final disk image, the command fails and returns
// an exception. For more information, see Importing a Virtual Machine Using the
// Amazon EC2 CLI
// (https://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ec2-cli-vmimport-export.html).
CancelConversionTask(ctx context.Context, params *CancelConversionTaskInput, optFns ...func(*Options)) (*CancelConversionTaskOutput, error)
// Cancels an active export task. The request removes all artifacts of the export,
// including any partially-created Amazon S3 objects. If the export task is
// complete or is in the process of transferring the final disk image, the command
// fails and returns an error.
CancelExportTask(ctx context.Context, params *CancelExportTaskInput, optFns ...func(*Options)) (*CancelExportTaskOutput, error)
// Cancels an in-process import virtual machine or import snapshot task.
CancelImportTask(ctx context.Context, params *CancelImportTaskInput, optFns ...func(*Options)) (*CancelImportTaskOutput, error)
// Cancels the specified Reserved Instance listing in the Reserved Instance
// Marketplace. For more information, see Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
CancelReservedInstancesListing(ctx context.Context, params *CancelReservedInstancesListingInput, optFns ...func(*Options)) (*CancelReservedInstancesListingOutput, error)
// Cancels the specified Spot Fleet requests. After you cancel a Spot Fleet
// request, the Spot Fleet launches no new Spot Instances. You must specify whether
// the Spot Fleet should also terminate its Spot Instances. If you terminate the
// instances, the Spot Fleet request enters the cancelled_terminating state.
// Otherwise, the Spot Fleet request enters the cancelled_running state and the
// instances continue to run until they are interrupted or you terminate them
// manually.
CancelSpotFleetRequests(ctx context.Context, params *CancelSpotFleetRequestsInput, optFns ...func(*Options)) (*CancelSpotFleetRequestsOutput, error)
// Cancels one or more Spot Instance requests. Canceling a Spot Instance request
// does not terminate running Spot Instances associated with the request.
CancelSpotInstanceRequests(ctx context.Context, params *CancelSpotInstanceRequestsInput, optFns ...func(*Options)) (*CancelSpotInstanceRequestsOutput, error)
// Determines whether a product code is associated with an instance. This action
// can only be used by the owner of the product code. It is useful when a product
// code owner must verify whether another user's instance is eligible for support.
ConfirmProductInstance(ctx context.Context, params *ConfirmProductInstanceInput, optFns ...func(*Options)) (*ConfirmProductInstanceOutput, error)
// Copies the specified Amazon FPGA Image (AFI) to the current Region.
CopyFpgaImage(ctx context.Context, params *CopyFpgaImageInput, optFns ...func(*Options)) (*CopyFpgaImageOutput, error)
// Initiates the copy of an AMI. You can copy an AMI from one Region to another, or
// from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region,
// from one Outpost to another, or within the same Outpost. To copy an AMI to
// another partition, see CreateStoreImageTask
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html).
// To copy an AMI from one Region to another, specify the source Region using
// the
//
// SourceRegion parameter, and specify the destination Region using its
// endpoint. Copies of encrypted backing snapshots for the AMI are encrypted.
// Copies of unencrypted backing snapshots remain unencrypted, unless you set
// Encrypted during the copy operation. You cannot create an unencrypted copy of an
// encrypted backing snapshot. To copy an AMI from a Region to an Outpost, specify
// the source Region using the
//
// SourceRegion parameter, and specify the ARN of the
// destination Outpost using DestinationOutpostArn. Backing snapshots copied to an
// Outpost are encrypted by default using the default encryption key for the
// Region, or a different key that you specify in the request using KmsKeyId.
// Outposts do not support unencrypted snapshots. For more information, Amazon EBS
// local snapshots on Outposts
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami)
// in the Amazon Elastic Compute Cloud User Guide. For more information about the
// prerequisites and limits when copying an AMI, see Copying an AMI
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html) in the
// Amazon Elastic Compute Cloud User Guide.
CopyImage(ctx context.Context, params *CopyImageInput, optFns ...func(*Options)) (*CopyImageOutput, error)
// Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You
// can copy a snapshot within the same Region, from one Region to another, or from
// a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region,
// from one Outpost to another, or within the same Outpost. You can use the
// snapshot to create EBS volumes or Amazon Machine Images (AMIs). When copying
// snapshots to a Region, copies of encrypted EBS snapshots remain encrypted.
// Copies of unencrypted snapshots remain unencrypted, unless you enable encryption
// for the snapshot copy operation. By default, encrypted snapshot copies use the
// default Key Management Service (KMS) KMS key; however, you can specify a
// different KMS key. To copy an encrypted snapshot that has been shared from
// another account, you must have permissions for the KMS key used to encrypt the
// snapshot. Snapshots copied to an Outpost are encrypted by default using the
// default encryption key for the Region, or a different key that you specify in
// the request using KmsKeyId. Outposts do not support unencrypted snapshots. For
// more information, Amazon EBS local snapshots on Outposts
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami)
// in the Amazon Elastic Compute Cloud User Guide. Snapshots created by copying
// another snapshot have an arbitrary volume ID that should not be used for any
// purpose. For more information, see Copy an Amazon EBS snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html) in
// the Amazon Elastic Compute Cloud User Guide.
CopySnapshot(ctx context.Context, params *CopySnapshotInput, optFns ...func(*Options)) (*CopySnapshotOutput, error)
// Creates a new Capacity Reservation with the specified attributes. Capacity
// Reservations enable you to reserve capacity for your Amazon EC2 instances in a
// specific Availability Zone for any duration. This gives you the flexibility to
// selectively add capacity reservations and still get the Regional RI discounts
// for that usage. By creating Capacity Reservations, you ensure that you always
// have access to Amazon EC2 capacity when you need it, for as long as you need it.
// For more information, see Capacity Reservations
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html)
// in the Amazon EC2 User Guide. Your request to create a Capacity Reservation
// could fail if Amazon EC2 does not have sufficient capacity to fulfill the
// request. If your request fails due to Amazon EC2 capacity constraints, either
// try again at a later time, try in a different Availability Zone, or request a
// smaller capacity reservation. If your application is flexible across instance
// types and sizes, try to create a Capacity Reservation with different instance
// attributes. Your request could also fail if the requested quantity exceeds your
// On-Demand Instance limit for the selected instance type. If your request fails
// due to limit constraints, increase your On-Demand Instance limit for the
// required instance type and try again. For more information about increasing your
// instance limits, see Amazon EC2 Service Quotas
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)
// in the Amazon EC2 User Guide.
CreateCapacityReservation(ctx context.Context, params *CreateCapacityReservationInput, optFns ...func(*Options)) (*CreateCapacityReservationOutput, error)
// Creates a Capacity Reservation Fleet. For more information, see Create a
// Capacity Reservation Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-cr-fleets.html#create-crfleet)
// in the Amazon EC2 User Guide.
CreateCapacityReservationFleet(ctx context.Context, params *CreateCapacityReservationFleetInput, optFns ...func(*Options)) (*CreateCapacityReservationFleetOutput, error)
// Creates a carrier gateway. For more information about carrier gateways, see
// Carrier gateways
// (https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#wavelength-carrier-gateway)
// in the Amazon Web Services Wavelength Developer Guide.
CreateCarrierGateway(ctx context.Context, params *CreateCarrierGatewayInput, optFns ...func(*Options)) (*CreateCarrierGatewayOutput, error)
// Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create
// and configure to enable and manage client VPN sessions. It is the destination
// endpoint at which all client VPN sessions are terminated.
CreateClientVpnEndpoint(ctx context.Context, params *CreateClientVpnEndpointInput, optFns ...func(*Options)) (*CreateClientVpnEndpointOutput, error)
// Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has
// a route table that describes the available destination network routes. Each
// route in the route table specifies the path for traffic to specific resources or
// networks.
CreateClientVpnRoute(ctx context.Context, params *CreateClientVpnRouteInput, optFns ...func(*Options)) (*CreateClientVpnRouteOutput, error)
// Provides information to Amazon Web Services about your VPN customer gateway
// device. The customer gateway is the appliance at your end of the VPN connection.
// (The device on the Amazon Web Services side of the VPN connection is the virtual
// private gateway.) You must provide the internet-routable IP address of the
// customer gateway's external interface. The IP address must be static and can be
// behind a device performing network address translation (NAT). For devices that
// use Border Gateway Protocol (BGP), you can also provide the device's BGP
// Autonomous System Number (ASN). You can use an existing ASN assigned to your
// network. If you don't have an ASN already, you can use a private ASN (in the
// 64512 - 65534 range). Amazon EC2 supports all 4-byte ASN numbers in the range of
// 1 - 2147483647, with the exception of the following:
//
// * 7224 - reserved in the
// us-east-1 Region
//
// * 9059 - reserved in the eu-west-1 Region
//
// * 17943 - reserved
// in the ap-southeast-1 Region
//
// * 10124 - reserved in the ap-northeast-1
// Region
//
// For more information, see Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide. To create more than one customer gateway
// with the same VPN type, IP address, and BGP ASN, specify a unique device name
// for each customer gateway. Identical requests return information about the
// existing customer gateway and do not create new customer gateways.
CreateCustomerGateway(ctx context.Context, params *CreateCustomerGatewayInput, optFns ...func(*Options)) (*CreateCustomerGatewayOutput, error)
// Creates a default subnet with a size /20 IPv4 CIDR block in the specified
// Availability Zone in your default VPC. You can have only one default subnet per
// Availability Zone. For more information, see Creating a default subnet
// (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#create-default-subnet)
// in the Amazon Virtual Private Cloud User Guide.
CreateDefaultSubnet(ctx context.Context, params *CreateDefaultSubnetInput, optFns ...func(*Options)) (*CreateDefaultSubnetOutput, error)
// Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in
// each Availability Zone. For more information about the components of a default
// VPC, see Default VPC and default subnets
// (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) in the
// Amazon Virtual Private Cloud User Guide. You cannot specify the components of
// the default VPC yourself. If you deleted your previous default VPC, you can
// create a default VPC. You cannot have more than one default VPC per Region. If
// your account supports EC2-Classic, you cannot use this action to create a
// default VPC in a Region that supports EC2-Classic. If you want a default VPC in
// a Region that supports EC2-Classic, see "I really want a default VPC for my
// existing EC2 account. Is that possible?" in the Default VPCs FAQ
// (http://aws.amazon.com/vpc/faqs/#Default_VPCs).
CreateDefaultVpc(ctx context.Context, params *CreateDefaultVpcInput, optFns ...func(*Options)) (*CreateDefaultVpcOutput, error)
// Creates a set of DHCP options for your VPC. After creating the set, you must
// associate it with the VPC, causing all existing and new instances that you
// launch in the VPC to use this set of DHCP options. The following are the
// individual DHCP options you can specify. For more information about the options,
// see RFC 2132 (http://www.ietf.org/rfc/rfc2132.txt).
//
// * domain-name-servers - The
// IP addresses of up to four domain name servers, or AmazonProvidedDNS. The
// default DHCP option set specifies AmazonProvidedDNS. If specifying more than one
// domain name server, specify the IP addresses in a single parameter, separated by
// commas. To have your instance receive a custom DNS hostname as specified in
// domain-name, you must set domain-name-servers to a custom DNS server.
//
// *
// domain-name - If you're using AmazonProvidedDNS in us-east-1, specify
// ec2.internal. If you're using AmazonProvidedDNS in another Region, specify
// region.compute.internal (for example, ap-northeast-1.compute.internal).
// Otherwise, specify a domain name (for example, ExampleCompany.com). This value
// is used to complete unqualified DNS hostnames. Important: Some Linux operating
// systems accept multiple domain names separated by spaces. However, Windows and
// other Linux operating systems treat the value as a single domain, which results
// in unexpected behavior. If your DHCP options set is associated with a VPC that
// has instances with multiple operating systems, specify only one domain name.
//
// *
// ntp-servers - The IP addresses of up to four Network Time Protocol (NTP)
// servers.
//
// * netbios-name-servers - The IP addresses of up to four NetBIOS name
// servers.
//
// * netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We
// recommend that you specify 2 (broadcast and multicast are not currently
// supported). For more information about these node types, see RFC 2132
// (http://www.ietf.org/rfc/rfc2132.txt).
//
// Your VPC automatically starts out with a
// set of DHCP options that includes only a DNS server that we provide
// (AmazonProvidedDNS). If you create a set of options, and if your VPC has an
// internet gateway, make sure to set the domain-name-servers option either to
// AmazonProvidedDNS or to a domain name server of your choice. For more
// information, see DHCP options sets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateDhcpOptions(ctx context.Context, params *CreateDhcpOptionsInput, optFns ...func(*Options)) (*CreateDhcpOptionsOutput, error)
// [IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only
// internet gateway is used to enable outbound communication over IPv6 from
// instances in your VPC to the internet, and prevents hosts outside of your VPC
// from initiating an IPv6 connection with your instance.
CreateEgressOnlyInternetGateway(ctx context.Context, params *CreateEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*CreateEgressOnlyInternetGatewayOutput, error)
// Launches an EC2 Fleet. You can create a single EC2 Fleet that includes multiple
// launch specifications that vary by instance type, AMI, Availability Zone, or
// subnet. For more information, see EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html) in the
// Amazon EC2 User Guide.
CreateFleet(ctx context.Context, params *CreateFleetInput, optFns ...func(*Options)) (*CreateFleetOutput, error)
// Creates one or more flow logs to capture information about IP traffic for a
// specific network interface, subnet, or VPC. Flow log data for a monitored
// network interface is recorded as flow log records, which are log events
// consisting of fields that describe the traffic flow. For more information, see
// Flow log records
// (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records)
// in the Amazon Virtual Private Cloud User Guide. When publishing to CloudWatch
// Logs, flow log records are published to a log group, and each network interface
// has a unique log stream in the log group. When publishing to Amazon S3, flow log
// records for all of the monitored network interfaces are published to a single
// log file object that is stored in the specified bucket. For more information,
// see VPC Flow Logs
// (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html) in the Amazon
// Virtual Private Cloud User Guide.
CreateFlowLogs(ctx context.Context, params *CreateFlowLogsInput, optFns ...func(*Options)) (*CreateFlowLogsOutput, error)
// Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).
// The create operation is asynchronous. To verify that the AFI is ready for use,
// check the output logs. An AFI contains the FPGA bitstream that is ready to
// download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated
// instances. For more information, see the Amazon Web Services FPGA Hardware
// Development Kit (https://github.com/aws/aws-fpga/).
CreateFpgaImage(ctx context.Context, params *CreateFpgaImageInput, optFns ...func(*Options)) (*CreateFpgaImageOutput, error)
// Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is
// either running or stopped. By default, Amazon EC2 shuts down and reboots the
// instance before creating the AMI to ensure that everything on the instance is
// stopped and in a consistent state during the creation process. If you're
// confident that your instance is in a consistent state appropriate for AMI
// creation, use the NoReboot parameter to prevent Amazon EC2 from shutting down
// and rebooting the instance. If you customized your instance with instance store
// volumes or Amazon EBS volumes in addition to the root device volume, the new AMI
// contains block device mapping information for those volumes. When you launch an
// instance from this new AMI, the instance automatically launches with those
// additional volumes. For more information, see Creating Amazon EBS-Backed Linux
// AMIs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html)
// in the Amazon Elastic Compute Cloud User Guide.
CreateImage(ctx context.Context, params *CreateImageInput, optFns ...func(*Options)) (*CreateImageOutput, error)
// Creates an event window in which scheduled events for the associated Amazon EC2
// instances can run. You can define either a set of time ranges or a cron
// expression when creating the event window, but not both. All event window times
// are in UTC. You can create up to 200 event windows per Amazon Web Services
// Region. When you create the event window, targets (instance IDs, Dedicated Host
// IDs, or tags) are not yet associated with it. To ensure that the event window
// can be used, you must associate one or more targets with it by using the
// AssociateInstanceEventWindow API. Event windows are applicable only for
// scheduled events that stop, reboot, or terminate instances. Event windows are
// not applicable for:
//
// * Expedited scheduled events and network maintenance
// events.
//
// * Unscheduled maintenance such as AutoRecovery and unplanned
// reboots.
//
// For more information, see Define event windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
CreateInstanceEventWindow(ctx context.Context, params *CreateInstanceEventWindowInput, optFns ...func(*Options)) (*CreateInstanceEventWindowOutput, error)
// Exports a running or stopped instance to an Amazon S3 bucket. For information
// about the supported operating systems, image formats, and known limitations for
// the types of instances you can export, see Exporting an instance as a VM Using
// VM Import/Export
// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) in the VM
// Import/Export User Guide.
CreateInstanceExportTask(ctx context.Context, params *CreateInstanceExportTaskInput, optFns ...func(*Options)) (*CreateInstanceExportTaskOutput, error)
// Creates an internet gateway for use with a VPC. After creating the internet
// gateway, you attach it to a VPC using AttachInternetGateway. For more
// information about your VPC and internet gateway, see the Amazon Virtual Private
// Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/).
CreateInternetGateway(ctx context.Context, params *CreateInternetGatewayInput, optFns ...func(*Options)) (*CreateInternetGatewayOutput, error)
// Create an IPAM. Amazon VCP IP Address Manager (IPAM) is a VPC feature that you
// can use to automate your IP address management workflows including assigning,
// tracking, troubleshooting, and auditing IP addresses across Amazon Web Services
// Regions and accounts throughout your Amazon Web Services Organization. For more
// information, see Create an IPAM in the Amazon VPC IPAM User Guide.
CreateIpam(ctx context.Context, params *CreateIpamInput, optFns ...func(*Options)) (*CreateIpamOutput, error)
// Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a
// pool is a collection of contiguous IP addresses CIDRs. Pools enable you to
// organize your IP addresses according to your routing and security needs. For
// example, if you have separate routing and security needs for development and
// production applications, you can create a pool for each. For more information,
// see Create a top-level pool in the Amazon VPC IPAM User Guide.
CreateIpamPool(ctx context.Context, params *CreateIpamPoolInput, optFns ...func(*Options)) (*CreateIpamPoolOutput, error)
// Create an IPAM scope. In IPAM, a scope is the highest-level container within
// IPAM. An IPAM contains two default scopes. Each scope represents the IP space
// for a single network. The private scope is intended for all private IP address
// space. The public scope is intended for all public IP address space. Scopes
// enable you to reuse IP addresses across multiple unconnected networks without
// causing IP address overlap or conflict. For more information, see Add a scope in
// the Amazon VPC IPAM User Guide.
CreateIpamScope(ctx context.Context, params *CreateIpamScopeInput, optFns ...func(*Options)) (*CreateIpamScopeOutput, error)
// Creates an ED25519 or 2048-bit RSA key pair with the specified name. Amazon EC2
// stores the public key and displays the private key for you to save to a file.
// The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If
// a key with the specified name already exists, Amazon EC2 returns an error. The
// key pair returned to you is available only in the Amazon Web Services Region in
// which you create it. If you prefer, you can create your own key pair using a
// third-party tool and upload it to any Region using ImportKeyPair. You can have
// up to 5,000 key pairs per Amazon Web Services Region. For more information, see
// Amazon EC2 key pairs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
// Amazon Elastic Compute Cloud User Guide.
CreateKeyPair(ctx context.Context, params *CreateKeyPairInput, optFns ...func(*Options)) (*CreateKeyPairOutput, error)
// Creates a launch template. A launch template contains the parameters to launch
// an instance. When you launch an instance using RunInstances, you can specify a
// launch template instead of providing the launch parameters in the request. For
// more information, see Launching an instance from a launch template
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html)
// in the Amazon Elastic Compute Cloud User Guide.
CreateLaunchTemplate(ctx context.Context, params *CreateLaunchTemplateInput, optFns ...func(*Options)) (*CreateLaunchTemplateOutput, error)
// Creates a new version for a launch template. You can specify an existing version
// of launch template from which to base the new version. Launch template versions
// are numbered in the order in which they are created. You cannot specify, change,
// or replace the numbering of launch template versions. For more information, see
// Managing launch template versions
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#manage-launch-template-versions)in
// the Amazon Elastic Compute Cloud User Guide.
CreateLaunchTemplateVersion(ctx context.Context, params *CreateLaunchTemplateVersionInput, optFns ...func(*Options)) (*CreateLaunchTemplateVersionOutput, error)
// Creates a static route for the specified local gateway route table.
CreateLocalGatewayRoute(ctx context.Context, params *CreateLocalGatewayRouteInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteOutput, error)
// Associates the specified VPC with the specified local gateway route table.
CreateLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *CreateLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*CreateLocalGatewayRouteTableVpcAssociationOutput, error)
// Creates a managed prefix list. You can specify one or more entries for the
// prefix list. Each entry consists of a CIDR block and an optional description.
CreateManagedPrefixList(ctx context.Context, params *CreateManagedPrefixListInput, optFns ...func(*Options)) (*CreateManagedPrefixListOutput, error)
// Creates a NAT gateway in the specified subnet. This action creates a network
// interface in the specified subnet with a private IP address from the IP address
// range of the subnet. You can create either a public NAT gateway or a private NAT
// gateway. With a public NAT gateway, internet-bound traffic from a private subnet
// can be routed to the NAT gateway, so that instances in a private subnet can
// connect to the internet. With a private NAT gateway, private communication is
// routed across VPCs and on-premises networks through a transit gateway or virtual
// private gateway. Common use cases include running large workloads behind a small
// pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and
// communicating between overlapping networks. For more information, see NAT
// gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html)
// in the Amazon Virtual Private Cloud User Guide.
CreateNatGateway(ctx context.Context, params *CreateNatGatewayInput, optFns ...func(*Options)) (*CreateNatGatewayOutput, error)
// Creates a network ACL in a VPC. Network ACLs provide an optional layer of
// security (in addition to security groups) for the instances in your VPC. For
// more information, see Network ACLs
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
// Virtual Private Cloud User Guide.
CreateNetworkAcl(ctx context.Context, params *CreateNetworkAclInput, optFns ...func(*Options)) (*CreateNetworkAclOutput, error)
// Creates an entry (a rule) in a network ACL with the specified rule number. Each
// network ACL has a set of numbered ingress rules and a separate set of numbered
// egress rules. When determining whether a packet should be allowed in or out of a
// subnet associated with the ACL, we process the entries in the ACL according to
// the rule numbers, in ascending order. Each network ACL has a set of ingress
// rules and a separate set of egress rules. We recommend that you leave room
// between the rule numbers (for example, 100, 110, 120, ...), and not number them
// one right after the other (for example, 101, 102, 103, ...). This makes it
// easier to add a rule between existing ones without having to renumber the rules.
// After you add an entry, you can't modify it; you must either replace it, or
// create an entry and delete the old one. For more information about network ACLs,
// see Network ACLs
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
// Virtual Private Cloud User Guide.
CreateNetworkAclEntry(ctx context.Context, params *CreateNetworkAclEntryInput, optFns ...func(*Options)) (*CreateNetworkAclEntryOutput, error)
// Creates a Network Access Scope. Amazon Web Services Network Access Analyzer
// enables cloud networking and cloud operations teams to verify that their
// networks on Amazon Web Services conform to their network security and governance
// objectives. For more information, see the Amazon Web Services Network Access
// Analyzer Guide
// (https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/).
CreateNetworkInsightsAccessScope(ctx context.Context, params *CreateNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*CreateNetworkInsightsAccessScopeOutput, error)
// Creates a path to analyze for reachability. Reachability Analyzer enables you to
// analyze and debug network reachability between two resources in your virtual
// private cloud (VPC). For more information, see What is Reachability Analyzer
// (https://docs.aws.amazon.com/vpc/latest/reachability/).
CreateNetworkInsightsPath(ctx context.Context, params *CreateNetworkInsightsPathInput, optFns ...func(*Options)) (*CreateNetworkInsightsPathOutput, error)
// Creates a network interface in the specified subnet. For more information about
// network interfaces, see Elastic Network Interfaces
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateNetworkInterface(ctx context.Context, params *CreateNetworkInterfaceInput, optFns ...func(*Options)) (*CreateNetworkInterfaceOutput, error)
// Grants an Amazon Web Services-authorized account permission to attach the
// specified network interface to an instance in their account. You can grant
// permission to a single Amazon Web Services account only, and only one account at
// a time.
CreateNetworkInterfacePermission(ctx context.Context, params *CreateNetworkInterfacePermissionInput, optFns ...func(*Options)) (*CreateNetworkInterfacePermissionOutput, error)
// Creates a placement group in which to launch instances. The strategy of the
// placement group determines how the instances are organized within the group. A
// cluster placement group is a logical grouping of instances within a single
// Availability Zone that benefit from low network latency, high network
// throughput. A spread placement group places instances on distinct hardware. A
// partition placement group places groups of instances in different partitions,
// where instances in one partition do not share the same hardware with instances
// in another partition. For more information, see Placement groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
// the Amazon EC2 User Guide.
CreatePlacementGroup(ctx context.Context, params *CreatePlacementGroupInput, optFns ...func(*Options)) (*CreatePlacementGroupOutput, error)
// Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool
// required for the public IPv4 CIDRs that you own and bring to Amazon Web Services
// to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however,
// use IPAM pools only. To monitor the status of pool creation, use
// DescribePublicIpv4Pools
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html).
CreatePublicIpv4Pool(ctx context.Context, params *CreatePublicIpv4PoolInput, optFns ...func(*Options)) (*CreatePublicIpv4PoolOutput, error)
// Creates a root volume replacement task for an Amazon EC2 instance. The root
// volume can either be restored to its initial launch state, or it can be restored
// using a specific snapshot. For more information, see Replace a root volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root)
// in the Amazon Elastic Compute Cloud User Guide.
CreateReplaceRootVolumeTask(ctx context.Context, params *CreateReplaceRootVolumeTaskInput, optFns ...func(*Options)) (*CreateReplaceRootVolumeTaskOutput, error)
// Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the
// Reserved Instance Marketplace. You can submit one Standard Reserved Instance
// listing at a time. To get a list of your Standard Reserved Instances, you can
// use the DescribeReservedInstances operation. Only Standard Reserved Instances
// can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances
// cannot be sold. The Reserved Instance Marketplace matches sellers who want to
// resell Standard Reserved Instance capacity that they no longer need with buyers
// who want to purchase additional capacity. Reserved Instances bought and sold
// through the Reserved Instance Marketplace work like any other Reserved
// Instances. To sell your Standard Reserved Instances, you must first register as
// a seller in the Reserved Instance Marketplace. After completing the registration
// process, you can create a Reserved Instance Marketplace listing of some or all
// of your Standard Reserved Instances, and specify the upfront price to receive
// for them. Your Standard Reserved Instance listings then become available for
// purchase. To view the details of your Standard Reserved Instance listing, you
// can use the DescribeReservedInstancesListings operation. For more information,
// see Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
CreateReservedInstancesListing(ctx context.Context, params *CreateReservedInstancesListingInput, optFns ...func(*Options)) (*CreateReservedInstancesListingOutput, error)
// Starts a task that restores an AMI from an Amazon S3 object that was previously
// created by using CreateStoreImageTask
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html).
// To use this API, you must have the required permissions. For more information,
// see Permissions for storing and restoring AMIs using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
// and restore an AMI using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
// the Amazon Elastic Compute Cloud User Guide.
CreateRestoreImageTask(ctx context.Context, params *CreateRestoreImageTaskInput, optFns ...func(*Options)) (*CreateRestoreImageTaskOutput, error)
// Creates a route in a route table within a VPC. You must specify one of the
// following targets: internet gateway or virtual private gateway, NAT instance,
// NAT gateway, VPC peering connection, network interface, egress-only internet
// gateway, or transit gateway. When determining how to route traffic, we use the
// route with the most specific match. For example, traffic is destined for the
// IPv4 address 192.0.2.3, and the route table includes the following two IPv4
// routes:
//
// * 192.0.2.0/24 (goes to some target A)
//
// * 192.0.2.0/28 (goes to some
// target B)
//
// Both routes apply to the traffic destined for 192.0.2.3. However, the
// second route in the list covers a smaller number of IP addresses and is
// therefore more specific, so we use that route to determine where to target the
// traffic. For more information about route tables, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateRoute(ctx context.Context, params *CreateRouteInput, optFns ...func(*Options)) (*CreateRouteOutput, error)
// Creates a route table for the specified VPC. After you create a route table, you
// can add routes and associate the table with a subnet. For more information, see
// Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateRouteTable(ctx context.Context, params *CreateRouteTableInput, optFns ...func(*Options)) (*CreateRouteTableOutput, error)
// Creates a security group. A security group acts as a virtual firewall for your
// instance to control inbound and outbound traffic. For more information, see
// Amazon EC2 security groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html)
// in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC
// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html)
// in the Amazon Virtual Private Cloud User Guide. When you create a security
// group, you specify a friendly name of your choice. You can have a security group
// for use in EC2-Classic with the same name as a security group for use in a VPC.
// However, you can't have two security groups for use in EC2-Classic with the same
// name or two security groups for use in a VPC with the same name. You have a
// default security group for use in EC2-Classic and a default security group for
// use in your VPC. If you don't specify a security group when you launch an
// instance, the instance is launched into the appropriate default security group.
// A default security group includes a default rule that grants instances
// unrestricted network access to each other. You can add or remove rules from your
// security groups using AuthorizeSecurityGroupIngress,
// AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and
// RevokeSecurityGroupEgress. For more information about VPC security group limits,
// see Amazon VPC Limits
// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html).
CreateSecurityGroup(ctx context.Context, params *CreateSecurityGroupInput, optFns ...func(*Options)) (*CreateSecurityGroupOutput, error)
// Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use
// snapshots for backups, to make copies of EBS volumes, and to save data before
// shutting down an instance. You can create snapshots of volumes in a Region and
// volumes on an Outpost. If you create a snapshot of a volume in a Region, the
// snapshot must be stored in the same Region as the volume. If you create a
// snapshot of a volume on an Outpost, the snapshot can be stored on the same
// Outpost as the volume, or in the Region for that Outpost. When a snapshot is
// created, any Amazon Web Services Marketplace product codes that are associated
// with the source volume are propagated to the snapshot. You can take a snapshot
// of an attached volume that is in use. However, snapshots only capture data that
// has been written to your Amazon EBS volume at the time the snapshot command is
// issued; this might exclude any data that has been cached by any applications or
// the operating system. If you can pause any file systems on the volume long
// enough to take a snapshot, your snapshot should be complete. However, if you
// cannot pause all file writes to the volume, you should unmount the volume from
// within the instance, issue the snapshot command, and then remount the volume to
// ensure a consistent and complete snapshot. You may remount and use your volume
// while the snapshot status is pending. To create a snapshot for Amazon EBS
// volumes that serve as root devices, you should stop the instance before taking
// the snapshot. Snapshots that are taken from encrypted volumes are automatically
// encrypted. Volumes that are created from encrypted snapshots are also
// automatically encrypted. Your encrypted volumes and any associated snapshots
// always remain protected. You can tag your snapshots during creation. For more
// information, see Tag your Amazon EC2 resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide. For more information, see Amazon
// Elastic Block Store
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) and Amazon
// EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
CreateSnapshot(ctx context.Context, params *CreateSnapshotInput, optFns ...func(*Options)) (*CreateSnapshotOutput, error)
// Creates crash-consistent snapshots of multiple EBS volumes and stores the data
// in S3. Volumes are chosen by specifying an instance. Any attached volumes will
// produce one snapshot each that is crash-consistent across the instance. Boot
// volumes can be excluded by changing the parameters. You can create multi-volume
// snapshots of instances in a Region and instances on an Outpost. If you create
// snapshots from an instance in a Region, the snapshots must be stored in the same
// Region as the instance. If you create snapshots from an instance on an Outpost,
// the snapshots can be stored on the same Outpost as the instance, or in the
// Region for that Outpost.
CreateSnapshots(ctx context.Context, params *CreateSnapshotsInput, optFns ...func(*Options)) (*CreateSnapshotsOutput, error)
// Creates a data feed for Spot Instances, enabling you to view Spot Instance usage
// logs. You can create one data feed per Amazon Web Services account. For more
// information, see Spot Instance data feed
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in
// the Amazon EC2 User Guide for Linux Instances.
CreateSpotDatafeedSubscription(ctx context.Context, params *CreateSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*CreateSpotDatafeedSubscriptionOutput, error)
// Stores an AMI as a single object in an Amazon S3 bucket. To use this API, you
// must have the required permissions. For more information, see Permissions for
// storing and restoring AMIs using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
// and restore an AMI using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
// the Amazon Elastic Compute Cloud User Guide.
CreateStoreImageTask(ctx context.Context, params *CreateStoreImageTaskInput, optFns ...func(*Options)) (*CreateStoreImageTaskOutput, error)
// Creates a subnet in a specified VPC. You must specify an IPv4 CIDR block for the
// subnet. After you create a subnet, you can't change its CIDR block. The allowed
// block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP
// addresses). The CIDR block must not overlap with the CIDR block of an existing
// subnet in the VPC. If you've associated an IPv6 CIDR block with your VPC, you
// can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.
// Amazon Web Services reserves both the first four and the last IPv4 address in
// each subnet's CIDR block. They're not available for use. If you add more than
// one subnet to a VPC, they're set up in a star topology with a logical router in
// the middle. When you stop an instance in a subnet, it retains its private IPv4
// address. It's therefore possible to have a subnet with no running instances
// (they're all stopped), but no remaining IP addresses available. For more
// information about subnets, see Your VPC and subnets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the
// Amazon Virtual Private Cloud User Guide.
CreateSubnet(ctx context.Context, params *CreateSubnetInput, optFns ...func(*Options)) (*CreateSubnetOutput, error)
// Creates a subnet CIDR reservation. For information about subnet CIDR
// reservations, see Subnet CIDR reservations
// (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html)
// in the Amazon Virtual Private Cloud User Guide.
CreateSubnetCidrReservation(ctx context.Context, params *CreateSubnetCidrReservationInput, optFns ...func(*Options)) (*CreateSubnetCidrReservationOutput, error)
// Adds or overwrites only the specified tags for the specified Amazon EC2 resource
// or resources. When you specify an existing tag key, the value is overwritten
// with the new value. Each resource can have a maximum of 50 tags. Each tag
// consists of a key and optional value. Tag keys must be unique per resource. For
// more information about tags, see Tagging Your Resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide. For more information about creating IAM
// policies that control users' access to resources based on tags, see Supported
// Resource-Level Permissions for Amazon EC2 API Actions
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-iam-actions-resources.html)
// in the Amazon Elastic Compute Cloud User Guide.
CreateTags(ctx context.Context, params *CreateTagsInput, optFns ...func(*Options)) (*CreateTagsOutput, error)
// Creates a Traffic Mirror filter. A Traffic Mirror filter is a set of rules that
// defines the traffic to mirror. By default, no traffic is mirrored. To mirror
// traffic, use CreateTrafficMirrorFilterRule
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.htm)
// to add Traffic Mirror rules to the filter. The rules you add define what traffic
// gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyTrafficMirrorFilterNetworkServices.html)
// to mirror supported network services.
CreateTrafficMirrorFilter(ctx context.Context, params *CreateTrafficMirrorFilterInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterOutput, error)
// Creates a Traffic Mirror filter rule. A Traffic Mirror rule defines the Traffic
// Mirror source traffic to mirror. You need the Traffic Mirror filter ID when you
// create the rule.
CreateTrafficMirrorFilterRule(ctx context.Context, params *CreateTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*CreateTrafficMirrorFilterRuleOutput, error)
// Creates a Traffic Mirror session. A Traffic Mirror session actively copies
// packets from a Traffic Mirror source to a Traffic Mirror target. Create a
// filter, and then assign it to the session to define a subset of the traffic to
// mirror, for example all TCP traffic. The Traffic Mirror source and the Traffic
// Mirror target (monitoring appliances) can be in the same VPC, or in a different
// VPC connected via VPC peering or a transit gateway. By default, no traffic is
// mirrored. Use CreateTrafficMirrorFilter
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilter.htm)
// to create filter rules that specify the traffic to mirror.
CreateTrafficMirrorSession(ctx context.Context, params *CreateTrafficMirrorSessionInput, optFns ...func(*Options)) (*CreateTrafficMirrorSessionOutput, error)
// Creates a target for your Traffic Mirror session. A Traffic Mirror target is the
// destination for mirrored traffic. The Traffic Mirror source and the Traffic
// Mirror target (monitoring appliances) can be in the same VPC, or in different
// VPCs connected via VPC peering or a transit gateway. A Traffic Mirror target can
// be a network interface, or a Network Load Balancer. To use the target in a
// Traffic Mirror session, use CreateTrafficMirrorSession
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.htm).
CreateTrafficMirrorTarget(ctx context.Context, params *CreateTrafficMirrorTargetInput, optFns ...func(*Options)) (*CreateTrafficMirrorTargetOutput, error)
// Creates a transit gateway. You can use a transit gateway to interconnect your
// virtual private clouds (VPC) and on-premises networks. After the transit gateway
// enters the available state, you can attach your VPCs and VPN connections to the
// transit gateway. To attach your VPCs, use CreateTransitGatewayVpcAttachment. To
// attach a VPN connection, use CreateCustomerGateway to create a customer gateway
// and specify the ID of the customer gateway and the ID of the transit gateway in
// a call to CreateVpnConnection. When you create a transit gateway, we create a
// default transit gateway route table and use it as the default association route
// table and the default propagation route table. You can use
// CreateTransitGatewayRouteTable to create additional transit gateway route
// tables. If you disable automatic route propagation, we do not create a default
// transit gateway route table. You can use
// EnableTransitGatewayRouteTablePropagation to propagate routes from a resource
// attachment to a transit gateway route table. If you disable automatic
// associations, you can use AssociateTransitGatewayRouteTable to associate a
// resource attachment with a transit gateway route table.
CreateTransitGateway(ctx context.Context, params *CreateTransitGatewayInput, optFns ...func(*Options)) (*CreateTransitGatewayOutput, error)
// Creates a Connect attachment from a specified transit gateway attachment. A
// Connect attachment is a GRE-based tunnel attachment that you can use to
// establish a connection between a transit gateway and an appliance. A Connect
// attachment uses an existing VPC or Amazon Web Services Direct Connect attachment
// as the underlying transport mechanism.
CreateTransitGatewayConnect(ctx context.Context, params *CreateTransitGatewayConnectInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectOutput, error)
// Creates a Connect peer for a specified transit gateway Connect attachment
// between a transit gateway and an appliance. The peer address and transit gateway
// address must be the same IP address family (IPv4 or IPv6). For more information,
// see Connect peers
// (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html#tgw-connect-peer)
// in the Transit Gateways Guide.
CreateTransitGatewayConnectPeer(ctx context.Context, params *CreateTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*CreateTransitGatewayConnectPeerOutput, error)
// Creates a multicast domain using the specified transit gateway. The transit
// gateway must be in the available state before you create a domain. Use
// DescribeTransitGateways
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html)
// to see the state of transit gateway.
CreateTransitGatewayMulticastDomain(ctx context.Context, params *CreateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*CreateTransitGatewayMulticastDomainOutput, error)
// Requests a transit gateway peering attachment between the specified transit
// gateway (requester) and a peer transit gateway (accepter). The transit gateways
// must be in different Regions. The peer transit gateway can be in your account or
// a different Amazon Web Services account. After you create the peering
// attachment, the owner of the accepter transit gateway must accept the attachment
// request.
CreateTransitGatewayPeeringAttachment(ctx context.Context, params *CreateTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayPeeringAttachmentOutput, error)
// Creates a reference (route) to a prefix list in a specified transit gateway
// route table.
CreateTransitGatewayPrefixListReference(ctx context.Context, params *CreateTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*CreateTransitGatewayPrefixListReferenceOutput, error)
// Creates a static route for the specified transit gateway route table.
CreateTransitGatewayRoute(ctx context.Context, params *CreateTransitGatewayRouteInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteOutput, error)
// Creates a route table for the specified transit gateway.
CreateTransitGatewayRouteTable(ctx context.Context, params *CreateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*CreateTransitGatewayRouteTableOutput, error)
// Attaches the specified VPC to the specified transit gateway. If you attach a VPC
// with a CIDR range that overlaps the CIDR range of a VPC that is already
// attached, the new VPC CIDR range is not propagated to the default propagation
// route table. To send VPC traffic to an attached transit gateway, add a route to
// the VPC route table using CreateRoute.
CreateTransitGatewayVpcAttachment(ctx context.Context, params *CreateTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*CreateTransitGatewayVpcAttachmentOutput, error)
// Creates an EBS volume that can be attached to an instance in the same
// Availability Zone. You can create a new empty volume or restore a volume from an
// EBS snapshot. Any Amazon Web Services Marketplace product codes from the
// snapshot are propagated to the volume. You can create encrypted volumes.
// Encrypted volumes must be attached to instances that support Amazon EBS
// encryption. Volumes that are created from encrypted snapshots are also
// automatically encrypted. For more information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide. You can tag your volumes during
// creation. For more information, see Tag your Amazon EC2 resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide. For more information, see Create an
// Amazon EBS volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-volume.html)
// in the Amazon Elastic Compute Cloud User Guide.
CreateVolume(ctx context.Context, params *CreateVolumeInput, optFns ...func(*Options)) (*CreateVolumeOutput, error)
// Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can
// create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16
// netmask (65,536 IPv4 addresses). For more information about how large to make
// your VPC, see Your VPC and subnets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the
// Amazon Virtual Private Cloud User Guide. You can optionally request an IPv6 CIDR
// block for the VPC. You can request an Amazon-provided IPv6 CIDR block from
// Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool
// that you provisioned through bring your own IP addresses (BYOIP
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). By
// default, each instance you launch in the VPC has the default DHCP options, which
// include only a default DNS server that we provide (AmazonProvidedDNS). For more
// information, see DHCP options sets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
// Amazon Virtual Private Cloud User Guide. You can specify the instance tenancy
// value for the VPC when you create it. You can't change this value for the VPC
// after you create it. For more information, see Dedicated Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in
// the Amazon Elastic Compute Cloud User Guide.
CreateVpc(ctx context.Context, params *CreateVpcInput, optFns ...func(*Options)) (*CreateVpcOutput, error)
// Creates a VPC endpoint for a specified service. An endpoint enables you to
// create a private connection between your VPC and the service. The service may be
// provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or
// another Amazon Web Services account. For more information, see VPC Endpoints
// (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the
// Amazon Virtual Private Cloud User Guide. A gateway endpoint serves as a target
// for a route in your route table for traffic destined for the Amazon Web Service.
// You can specify an endpoint policy to attach to the endpoint, which will control
// access to the service from your VPC. You can also specify the VPC route tables
// that use the endpoint. An interface endpoint is a network interface in your
// subnet that serves as an endpoint for communicating with the specified service.
// You can specify the subnets in which to create an endpoint, and the security
// groups to associate with the endpoint network interface. A GatewayLoadBalancer
// endpoint is a network interface in your subnet that serves an endpoint for
// communicating with a Gateway Load Balancer that you've configured as a VPC
// endpoint service. Use DescribeVpcEndpointServices to get a list of supported
// services.
CreateVpcEndpoint(ctx context.Context, params *CreateVpcEndpointInput, optFns ...func(*Options)) (*CreateVpcEndpointOutput, error)
// Creates a connection notification for a specified VPC endpoint or VPC endpoint
// service. A connection notification notifies you of specific endpoint events. You
// must create an SNS topic to receive notifications. For more information, see
// Create a Topic (https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html) in
// the Amazon Simple Notification Service Developer Guide. You can create a
// connection notification for interface endpoints only.
CreateVpcEndpointConnectionNotification(ctx context.Context, params *CreateVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*CreateVpcEndpointConnectionNotificationOutput, error)
// Creates a VPC endpoint service configuration to which service consumers (Amazon
// Web Services accounts, IAM users, and IAM roles) can connect. To create an
// endpoint service configuration, you must first create one of the following for
// your service:
//
// * A Network Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html).
// Service consumers connect to your service using an interface endpoint.
//
// * A
// Gateway Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/introduction.html).
// Service consumers connect to your service using a Gateway Load Balancer
// endpoint.
//
// For more information, see VPC Endpoint Services
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html) in the
// Amazon Virtual Private Cloud User Guide. If you set the private DNS name, you
// must prove that you own the private DNS domain name. For more information, see
// VPC Endpoint Service Private DNS Name Verification
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html)
// in the Amazon Virtual Private Cloud User Guide.
CreateVpcEndpointServiceConfiguration(ctx context.Context, params *CreateVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*CreateVpcEndpointServiceConfigurationOutput, error)
// Requests a VPC peering connection between two VPCs: a requester VPC that you own
// and an accepter VPC with which to create the connection. The accepter VPC can
// belong to another Amazon Web Services account and can be in a different Region
// to the requester VPC. The requester VPC and accepter VPC cannot have overlapping
// CIDR blocks. Limitations and rules apply to a VPC peering connection. For more
// information, see the limitations
// (https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations)
// section in the VPC Peering Guide. The owner of the accepter VPC must accept the
// peering request to activate the peering connection. The VPC peering connection
// request expires after 7 days, after which it cannot be accepted or rejected. If
// you create a VPC peering connection request between VPCs with overlapping CIDR
// blocks, the VPC peering connection has a status of failed.
CreateVpcPeeringConnection(ctx context.Context, params *CreateVpcPeeringConnectionInput, optFns ...func(*Options)) (*CreateVpcPeeringConnectionOutput, error)
// Creates a VPN connection between an existing virtual private gateway or transit
// gateway and a customer gateway. The supported connection type is ipsec.1. The
// response includes information that you need to give to your network
// administrator to configure your customer gateway. We strongly recommend that you
// use HTTPS when calling this operation because the response contains sensitive
// cryptographic information for configuring your customer gateway device. If you
// decide to shut down your VPN connection for any reason and later create a new
// VPN connection, you must reconfigure your customer gateway with the new
// information returned from this call. This is an idempotent operation. If you
// perform the operation more than once, Amazon EC2 doesn't return an error. For
// more information, see Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
CreateVpnConnection(ctx context.Context, params *CreateVpnConnectionInput, optFns ...func(*Options)) (*CreateVpnConnectionOutput, error)
// Creates a static route associated with a VPN connection between an existing
// virtual private gateway and a VPN customer gateway. The static route allows
// traffic to be routed from the virtual private gateway to the VPN customer
// gateway. For more information, see Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
CreateVpnConnectionRoute(ctx context.Context, params *CreateVpnConnectionRouteInput, optFns ...func(*Options)) (*CreateVpnConnectionRouteOutput, error)
// Creates a virtual private gateway. A virtual private gateway is the endpoint on
// the VPC side of your VPN connection. You can create a virtual private gateway
// before creating the VPC itself. For more information, see Amazon Web Services
// Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in
// the Amazon Web Services Site-to-Site VPN User Guide.
CreateVpnGateway(ctx context.Context, params *CreateVpnGatewayInput, optFns ...func(*Options)) (*CreateVpnGatewayOutput, error)
// Deletes a carrier gateway. If you do not delete the route that contains the
// carrier gateway as the Target, the route is a blackhole route. For information
// about how to delete a route, see DeleteRoute
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteRoute.html).
DeleteCarrierGateway(ctx context.Context, params *DeleteCarrierGatewayInput, optFns ...func(*Options)) (*DeleteCarrierGatewayOutput, error)
// Deletes the specified Client VPN endpoint. You must disassociate all target
// networks before you can delete a Client VPN endpoint.
DeleteClientVpnEndpoint(ctx context.Context, params *DeleteClientVpnEndpointInput, optFns ...func(*Options)) (*DeleteClientVpnEndpointOutput, error)
// Deletes a route from a Client VPN endpoint. You can only delete routes that you
// manually added using the CreateClientVpnRoute action. You cannot delete routes
// that were automatically added when associating a subnet. To remove routes that
// have been automatically added, disassociate the target subnet from the Client
// VPN endpoint.
DeleteClientVpnRoute(ctx context.Context, params *DeleteClientVpnRouteInput, optFns ...func(*Options)) (*DeleteClientVpnRouteOutput, error)
// Deletes the specified customer gateway. You must delete the VPN connection
// before you can delete the customer gateway.
DeleteCustomerGateway(ctx context.Context, params *DeleteCustomerGatewayInput, optFns ...func(*Options)) (*DeleteCustomerGatewayOutput, error)
// Deletes the specified set of DHCP options. You must disassociate the set of DHCP
// options before you can delete it. You can disassociate the set of DHCP options
// by associating either a new set of options or the default set of options with
// the VPC.
DeleteDhcpOptions(ctx context.Context, params *DeleteDhcpOptionsInput, optFns ...func(*Options)) (*DeleteDhcpOptionsOutput, error)
// Deletes an egress-only internet gateway.
DeleteEgressOnlyInternetGateway(ctx context.Context, params *DeleteEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*DeleteEgressOnlyInternetGatewayOutput, error)
// Deletes the specified EC2 Fleet. After you delete an EC2 Fleet, it launches no
// new instances. You must specify whether a deleted EC2 Fleet should also
// terminate its instances. If you choose to terminate the instances, the EC2 Fleet
// enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the
// deleted_running state, and the instances continue to run until they are
// interrupted or you terminate them manually. For instant fleets, EC2 Fleet must
// terminate the instances when the fleet is deleted. A deleted instant fleet with
// running instances is not supported. Restrictions
//
// * You can delete up to 25
// instant fleets in a single request. If you exceed this number, no instant fleets
// are deleted and an error is returned. There is no restriction on the number of
// fleets of type maintain or request that can be deleted in a single request.
//
// *
// Up to 1000 instances can be terminated in a single request to delete instant
// fleets.
//
// For more information, see Delete an EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#delete-fleet)
// in the Amazon EC2 User Guide.
DeleteFleets(ctx context.Context, params *DeleteFleetsInput, optFns ...func(*Options)) (*DeleteFleetsOutput, error)
// Deletes one or more flow logs.
DeleteFlowLogs(ctx context.Context, params *DeleteFlowLogsInput, optFns ...func(*Options)) (*DeleteFlowLogsOutput, error)
// Deletes the specified Amazon FPGA Image (AFI).
DeleteFpgaImage(ctx context.Context, params *DeleteFpgaImageInput, optFns ...func(*Options)) (*DeleteFpgaImageOutput, error)
// Deletes the specified event window. For more information, see Define event
// windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
DeleteInstanceEventWindow(ctx context.Context, params *DeleteInstanceEventWindowInput, optFns ...func(*Options)) (*DeleteInstanceEventWindowOutput, error)
// Deletes the specified internet gateway. You must detach the internet gateway
// from the VPC before you can delete it.
DeleteInternetGateway(ctx context.Context, params *DeleteInternetGatewayInput, optFns ...func(*Options)) (*DeleteInternetGatewayOutput, error)
// Delete an IPAM. Deleting an IPAM removes all monitored data associated with the
// IPAM including the historical data for CIDRs. You cannot delete an IPAM if there
// are CIDRs provisioned to pools or if there are allocations in the pools within
// the IPAM. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html).
// To release allocations, see ReleaseIpamPoolAllocation
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html).
// For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.
DeleteIpam(ctx context.Context, params *DeleteIpamInput, optFns ...func(*Options)) (*DeleteIpamOutput, error)
// Delete an IPAM pool. You cannot delete an IPAM pool if there are allocations in
// it or CIDRs provisioned to it. To release allocations, see
// ReleaseIpamPoolAllocation
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html).
// To deprovision pool CIDRs, see DeprovisionIpamPoolCidr
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html).
// For more information, see Delete a pool in the Amazon VPC IPAM User Guide.
DeleteIpamPool(ctx context.Context, params *DeleteIpamPoolInput, optFns ...func(*Options)) (*DeleteIpamPoolOutput, error)
// Delete the scope for an IPAM. You cannot delete the default scopes. For more
// information, see Delete a scope in the Amazon VPC IPAM User Guide.
DeleteIpamScope(ctx context.Context, params *DeleteIpamScopeInput, optFns ...func(*Options)) (*DeleteIpamScopeOutput, error)
// Deletes the specified key pair, by removing the public key from Amazon EC2.
DeleteKeyPair(ctx context.Context, params *DeleteKeyPairInput, optFns ...func(*Options)) (*DeleteKeyPairOutput, error)
// Deletes a launch template. Deleting a launch template deletes all of its
// versions.
DeleteLaunchTemplate(ctx context.Context, params *DeleteLaunchTemplateInput, optFns ...func(*Options)) (*DeleteLaunchTemplateOutput, error)
// Deletes one or more versions of a launch template. You cannot delete the default
// version of a launch template; you must first assign a different version as the
// default. If the default version is the only version for the launch template, you
// must delete the entire launch template using DeleteLaunchTemplate.
DeleteLaunchTemplateVersions(ctx context.Context, params *DeleteLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DeleteLaunchTemplateVersionsOutput, error)
// Deletes the specified route from the specified local gateway route table.
DeleteLocalGatewayRoute(ctx context.Context, params *DeleteLocalGatewayRouteInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteOutput, error)
// Deletes the specified association between a VPC and local gateway route table.
DeleteLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *DeleteLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*DeleteLocalGatewayRouteTableVpcAssociationOutput, error)
// Deletes the specified managed prefix list. You must first remove all references
// to the prefix list in your resources.
DeleteManagedPrefixList(ctx context.Context, params *DeleteManagedPrefixListInput, optFns ...func(*Options)) (*DeleteManagedPrefixListOutput, error)
// Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates
// its Elastic IP address, but does not release the address from your account.
// Deleting a NAT gateway does not delete any NAT gateway routes in your route
// tables.
DeleteNatGateway(ctx context.Context, params *DeleteNatGatewayInput, optFns ...func(*Options)) (*DeleteNatGatewayOutput, error)
// Deletes the specified network ACL. You can't delete the ACL if it's associated
// with any subnets. You can't delete the default network ACL.
DeleteNetworkAcl(ctx context.Context, params *DeleteNetworkAclInput, optFns ...func(*Options)) (*DeleteNetworkAclOutput, error)
// Deletes the specified ingress or egress entry (rule) from the specified network
// ACL.
DeleteNetworkAclEntry(ctx context.Context, params *DeleteNetworkAclEntryInput, optFns ...func(*Options)) (*DeleteNetworkAclEntryOutput, error)
// Deletes the specified Network Access Scope.
DeleteNetworkInsightsAccessScope(ctx context.Context, params *DeleteNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeOutput, error)
// Deletes the specified Network Access Scope analysis.
DeleteNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *DeleteNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAccessScopeAnalysisOutput, error)
// Deletes the specified network insights analysis.
DeleteNetworkInsightsAnalysis(ctx context.Context, params *DeleteNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*DeleteNetworkInsightsAnalysisOutput, error)
// Deletes the specified path.
DeleteNetworkInsightsPath(ctx context.Context, params *DeleteNetworkInsightsPathInput, optFns ...func(*Options)) (*DeleteNetworkInsightsPathOutput, error)
// Deletes the specified network interface. You must detach the network interface
// before you can delete it.
DeleteNetworkInterface(ctx context.Context, params *DeleteNetworkInterfaceInput, optFns ...func(*Options)) (*DeleteNetworkInterfaceOutput, error)
// Deletes a permission for a network interface. By default, you cannot delete the
// permission if the account for which you're removing the permission has attached
// the network interface to an instance. However, you can force delete the
// permission, regardless of any attachment.
DeleteNetworkInterfacePermission(ctx context.Context, params *DeleteNetworkInterfacePermissionInput, optFns ...func(*Options)) (*DeleteNetworkInterfacePermissionOutput, error)
// Deletes the specified placement group. You must terminate all instances in the
// placement group before you can delete the placement group. For more information,
// see Placement groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
// the Amazon EC2 User Guide.
DeletePlacementGroup(ctx context.Context, params *DeletePlacementGroupInput, optFns ...func(*Options)) (*DeletePlacementGroupOutput, error)
// Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required
// for the public IPv4 CIDRs that you own and bring to Amazon Web Services to
// manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use
// IPAM pools only.
DeletePublicIpv4Pool(ctx context.Context, params *DeletePublicIpv4PoolInput, optFns ...func(*Options)) (*DeletePublicIpv4PoolOutput, error)
// Deletes the queued purchases for the specified Reserved Instances.
DeleteQueuedReservedInstances(ctx context.Context, params *DeleteQueuedReservedInstancesInput, optFns ...func(*Options)) (*DeleteQueuedReservedInstancesOutput, error)
// Deletes the specified route from the specified route table.
DeleteRoute(ctx context.Context, params *DeleteRouteInput, optFns ...func(*Options)) (*DeleteRouteOutput, error)
// Deletes the specified route table. You must disassociate the route table from
// any subnets before you can delete it. You can't delete the main route table.
DeleteRouteTable(ctx context.Context, params *DeleteRouteTableInput, optFns ...func(*Options)) (*DeleteRouteTableOutput, error)
// Deletes a security group. If you attempt to delete a security group that is
// associated with an instance, or is referenced by another security group, the
// operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in
// EC2-VPC.
DeleteSecurityGroup(ctx context.Context, params *DeleteSecurityGroupInput, optFns ...func(*Options)) (*DeleteSecurityGroupOutput, error)
// Deletes the specified snapshot. When you make periodic snapshots of a volume,
// the snapshots are incremental, and only the blocks on the device that have
// changed since your last snapshot are saved in the new snapshot. When you delete
// a snapshot, only the data not needed for any other snapshot is removed. So
// regardless of which prior snapshots have been deleted, all active snapshots will
// have access to all the information needed to restore the volume. You cannot
// delete a snapshot of the root device of an EBS volume used by a registered AMI.
// You must first de-register the AMI before you can delete the snapshot. For more
// information, see Delete an Amazon EBS snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-snapshot.html)
// in the Amazon Elastic Compute Cloud User Guide.
DeleteSnapshot(ctx context.Context, params *DeleteSnapshotInput, optFns ...func(*Options)) (*DeleteSnapshotOutput, error)
// Deletes the data feed for Spot Instances.
DeleteSpotDatafeedSubscription(ctx context.Context, params *DeleteSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DeleteSpotDatafeedSubscriptionOutput, error)
// Deletes the specified subnet. You must terminate all running instances in the
// subnet before you can delete the subnet.
DeleteSubnet(ctx context.Context, params *DeleteSubnetInput, optFns ...func(*Options)) (*DeleteSubnetOutput, error)
// Deletes a subnet CIDR reservation.
DeleteSubnetCidrReservation(ctx context.Context, params *DeleteSubnetCidrReservationInput, optFns ...func(*Options)) (*DeleteSubnetCidrReservationOutput, error)
// Deletes the specified set of tags from the specified set of resources. To list
// the current tags, use DescribeTags. For more information about tags, see Tagging
// Your Resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide.
DeleteTags(ctx context.Context, params *DeleteTagsInput, optFns ...func(*Options)) (*DeleteTagsOutput, error)
// Deletes the specified Traffic Mirror filter. You cannot delete a Traffic Mirror
// filter that is in use by a Traffic Mirror session.
DeleteTrafficMirrorFilter(ctx context.Context, params *DeleteTrafficMirrorFilterInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterOutput, error)
// Deletes the specified Traffic Mirror rule.
DeleteTrafficMirrorFilterRule(ctx context.Context, params *DeleteTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*DeleteTrafficMirrorFilterRuleOutput, error)
// Deletes the specified Traffic Mirror session.
DeleteTrafficMirrorSession(ctx context.Context, params *DeleteTrafficMirrorSessionInput, optFns ...func(*Options)) (*DeleteTrafficMirrorSessionOutput, error)
// Deletes the specified Traffic Mirror target. You cannot delete a Traffic Mirror
// target that is in use by a Traffic Mirror session.
DeleteTrafficMirrorTarget(ctx context.Context, params *DeleteTrafficMirrorTargetInput, optFns ...func(*Options)) (*DeleteTrafficMirrorTargetOutput, error)
// Deletes the specified transit gateway.
DeleteTransitGateway(ctx context.Context, params *DeleteTransitGatewayInput, optFns ...func(*Options)) (*DeleteTransitGatewayOutput, error)
// Deletes the specified Connect attachment. You must first delete any Connect
// peers for the attachment.
DeleteTransitGatewayConnect(ctx context.Context, params *DeleteTransitGatewayConnectInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectOutput, error)
// Deletes the specified Connect peer.
DeleteTransitGatewayConnectPeer(ctx context.Context, params *DeleteTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*DeleteTransitGatewayConnectPeerOutput, error)
// Deletes the specified transit gateway multicast domain.
DeleteTransitGatewayMulticastDomain(ctx context.Context, params *DeleteTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DeleteTransitGatewayMulticastDomainOutput, error)
// Deletes a transit gateway peering attachment.
DeleteTransitGatewayPeeringAttachment(ctx context.Context, params *DeleteTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayPeeringAttachmentOutput, error)
// Deletes a reference (route) to a prefix list in a specified transit gateway
// route table.
DeleteTransitGatewayPrefixListReference(ctx context.Context, params *DeleteTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*DeleteTransitGatewayPrefixListReferenceOutput, error)
// Deletes the specified route from the specified transit gateway route table.
DeleteTransitGatewayRoute(ctx context.Context, params *DeleteTransitGatewayRouteInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteOutput, error)
// Deletes the specified transit gateway route table. You must disassociate the
// route table from any transit gateway route tables before you can delete it.
DeleteTransitGatewayRouteTable(ctx context.Context, params *DeleteTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DeleteTransitGatewayRouteTableOutput, error)
// Deletes the specified VPC attachment.
DeleteTransitGatewayVpcAttachment(ctx context.Context, params *DeleteTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*DeleteTransitGatewayVpcAttachmentOutput, error)
// Deletes the specified EBS volume. The volume must be in the available state (not
// attached to an instance). The volume can remain in the deleting state for
// several minutes. For more information, see Delete an Amazon EBS volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html)
// in the Amazon Elastic Compute Cloud User Guide.
DeleteVolume(ctx context.Context, params *DeleteVolumeInput, optFns ...func(*Options)) (*DeleteVolumeOutput, error)
// Deletes the specified VPC. You must detach or delete all gateways and resources
// that are associated with the VPC before you can delete it. For example, you must
// terminate all instances running in the VPC, delete all security groups
// associated with the VPC (except the default one), delete all route tables
// associated with the VPC (except the default one), and so on.
DeleteVpc(ctx context.Context, params *DeleteVpcInput, optFns ...func(*Options)) (*DeleteVpcOutput, error)
// Deletes one or more VPC endpoint connection notifications.
DeleteVpcEndpointConnectionNotifications(ctx context.Context, params *DeleteVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointConnectionNotificationsOutput, error)
// Deletes one or more VPC endpoint service configurations in your account. Before
// you delete the endpoint service configuration, you must reject any Available or
// PendingAcceptance interface endpoint connections that are attached to the
// service.
DeleteVpcEndpointServiceConfigurations(ctx context.Context, params *DeleteVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DeleteVpcEndpointServiceConfigurationsOutput, error)
// Deletes one or more specified VPC endpoints. You can delete any of the following
// types of VPC endpoints.
//
// * Gateway endpoint,
//
// * Gateway Load Balancer
// endpoint,
//
// * Interface endpoint
//
// The following rules apply when you delete a VPC
// endpoint:
//
// * When you delete a gateway endpoint, we delete the endpoint routes
// in the route tables that are associated with the endpoint.
//
// * When you delete a
// Gateway Load Balancer endpoint, we delete the endpoint network interfaces. You
// can only delete Gateway Load Balancer endpoints when the routes that are
// associated with the endpoint are deleted.
//
// * When you delete an interface
// endpoint, we delete the endpoint network interfaces.
DeleteVpcEndpoints(ctx context.Context, params *DeleteVpcEndpointsInput, optFns ...func(*Options)) (*DeleteVpcEndpointsOutput, error)
// Deletes a VPC peering connection. Either the owner of the requester VPC or the
// owner of the accepter VPC can delete the VPC peering connection if it's in the
// active state. The owner of the requester VPC can delete a VPC peering connection
// in the pending-acceptance state. You cannot delete a VPC peering connection
// that's in the failed state.
DeleteVpcPeeringConnection(ctx context.Context, params *DeleteVpcPeeringConnectionInput, optFns ...func(*Options)) (*DeleteVpcPeeringConnectionOutput, error)
// Deletes the specified VPN connection. If you're deleting the VPC and its
// associated components, we recommend that you detach the virtual private gateway
// from the VPC and delete the VPC before deleting the VPN connection. If you
// believe that the tunnel credentials for your VPN connection have been
// compromised, you can delete the VPN connection and create a new one that has new
// keys, without needing to delete the VPC or virtual private gateway. If you
// create a new VPN connection, you must reconfigure the customer gateway device
// using the new configuration information returned with the new VPN connection ID.
// For certificate-based authentication, delete all Certificate Manager (ACM)
// private certificates used for the Amazon Web Services-side tunnel endpoints for
// the VPN connection before deleting the VPN connection.
DeleteVpnConnection(ctx context.Context, params *DeleteVpnConnectionInput, optFns ...func(*Options)) (*DeleteVpnConnectionOutput, error)
// Deletes the specified static route associated with a VPN connection between an
// existing virtual private gateway and a VPN customer gateway. The static route
// allows traffic to be routed from the virtual private gateway to the VPN customer
// gateway.
DeleteVpnConnectionRoute(ctx context.Context, params *DeleteVpnConnectionRouteInput, optFns ...func(*Options)) (*DeleteVpnConnectionRouteOutput, error)
// Deletes the specified virtual private gateway. You must first detach the virtual
// private gateway from the VPC. Note that you don't need to delete the virtual
// private gateway if you plan to delete and recreate the VPN connection between
// your VPC and your network.
DeleteVpnGateway(ctx context.Context, params *DeleteVpnGatewayInput, optFns ...func(*Options)) (*DeleteVpnGatewayOutput, error)
// Releases the specified address range that you provisioned for use with your
// Amazon Web Services resources through bring your own IP addresses (BYOIP) and
// deletes the corresponding address pool. Before you can release an address range,
// you must stop advertising it using WithdrawByoipCidr and you must not have any
// IP addresses allocated from its address range.
DeprovisionByoipCidr(ctx context.Context, params *DeprovisionByoipCidrInput, optFns ...func(*Options)) (*DeprovisionByoipCidrOutput, error)
// Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from
// a pool that has a source pool, the CIDR is recycled back into the source pool.
// For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User
// Guide.
DeprovisionIpamPoolCidr(ctx context.Context, params *DeprovisionIpamPoolCidrInput, optFns ...func(*Options)) (*DeprovisionIpamPoolCidrOutput, error)
// Deprovision a CIDR from a public IPv4 pool.
DeprovisionPublicIpv4PoolCidr(ctx context.Context, params *DeprovisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*DeprovisionPublicIpv4PoolCidrOutput, error)
// Deregisters the specified AMI. After you deregister an AMI, it can't be used to
// launch new instances. If you deregister an AMI that matches a Recycle Bin
// retention rule, the AMI is retained in the Recycle Bin for the specified
// retention period. For more information, see Recycle Bin
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
// Amazon Elastic Compute Cloud User Guide. When you deregister an AMI, it doesn't
// affect any instances that you've already launched from the AMI. You'll continue
// to incur usage costs for those instances until you terminate them. When you
// deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was
// created for the root volume of the instance during the AMI creation process.
// When you deregister an instance store-backed AMI, it doesn't affect the files
// that you uploaded to Amazon S3 when you created the AMI.
DeregisterImage(ctx context.Context, params *DeregisterImageInput, optFns ...func(*Options)) (*DeregisterImageOutput, error)
// Deregisters tag keys to prevent tags that have the specified tag keys from being
// included in scheduled event notifications for resources in the Region.
DeregisterInstanceEventNotificationAttributes(ctx context.Context, params *DeregisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DeregisterInstanceEventNotificationAttributesOutput, error)
// Deregisters the specified members (network interfaces) from the transit gateway
// multicast group.
DeregisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupMembersOutput, error)
// Deregisters the specified sources (network interfaces) from the transit gateway
// multicast group.
DeregisterTransitGatewayMulticastGroupSources(ctx context.Context, params *DeregisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*DeregisterTransitGatewayMulticastGroupSourcesOutput, error)
// Describes attributes of your Amazon Web Services account. The following are the
// supported account attributes:
//
// * supported-platforms: Indicates whether your
// account can launch instances into EC2-Classic and EC2-VPC, or only into
// EC2-VPC.
//
// * default-vpc: The ID of the default VPC for your account, or none.
//
// *
// max-instances: This attribute is no longer supported. The returned value does
// not reflect your actual vCPU limit for running On-Demand Instances. For more
// information, see On-Demand Instance Limits
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits)
// in the Amazon Elastic Compute Cloud User Guide.
//
// *
// vpc-max-security-groups-per-interface: The maximum number of security groups
// that you can assign to a network interface.
//
// * max-elastic-ips: The maximum
// number of Elastic IP addresses that you can allocate for use with
// EC2-Classic.
//
// * vpc-max-elastic-ips: The maximum number of Elastic IP addresses
// that you can allocate for use with EC2-VPC.
DescribeAccountAttributes(ctx context.Context, params *DescribeAccountAttributesInput, optFns ...func(*Options)) (*DescribeAccountAttributesOutput, error)
// Describes the specified Elastic IP addresses or all of your Elastic IP
// addresses. An Elastic IP address is for use in either the EC2-Classic platform
// or in a VPC. For more information, see Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide.
DescribeAddresses(ctx context.Context, params *DescribeAddressesInput, optFns ...func(*Options)) (*DescribeAddressesOutput, error)
// Describes the attributes of the specified Elastic IP addresses. For
// requirements, see Using reverse DNS for email applications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
DescribeAddressesAttribute(ctx context.Context, params *DescribeAddressesAttributeInput, optFns ...func(*Options)) (*DescribeAddressesAttributeOutput, error)
// Describes the longer ID format settings for all resource types in a specific
// Region. This request is useful for performing a quick audit to determine whether
// a specific Region is fully opted in for longer IDs (17-character IDs). This
// request only returns information about resource types that support longer IDs.
// The following resource types support longer IDs: bundle | conversion-task |
// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
// | export-task | flow-log | image | import-task | instance | internet-gateway |
// network-acl | network-acl-association | network-interface |
// network-interface-attachment | prefix-list | reservation | route-table |
// route-table-association | security-group | snapshot | subnet |
// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.
DescribeAggregateIdFormat(ctx context.Context, params *DescribeAggregateIdFormatInput, optFns ...func(*Options)) (*DescribeAggregateIdFormatOutput, error)
// Describes the Availability Zones, Local Zones, and Wavelength Zones that are
// available to you. If there is an event impacting a zone, you can use this
// request to view the state and any provided messages for that zone. For more
// information about Availability Zones, Local Zones, and Wavelength Zones, see
// Regions and zones
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html)
// in the Amazon Elastic Compute Cloud User Guide.
DescribeAvailabilityZones(ctx context.Context, params *DescribeAvailabilityZonesInput, optFns ...func(*Options)) (*DescribeAvailabilityZonesOutput, error)
// Describes the specified bundle tasks or all of your bundle tasks. Completed
// bundle tasks are listed for only a limited time. If your bundle task is no
// longer in the list, you can still register an AMI from it. Just use
// RegisterImage with the Amazon S3 bucket name and image manifest name you
// provided to the bundle task.
DescribeBundleTasks(ctx context.Context, params *DescribeBundleTasksInput, optFns ...func(*Options)) (*DescribeBundleTasksOutput, error)
// Describes the IP address ranges that were specified in calls to
// ProvisionByoipCidr. To describe the address pools that were created when you
// provisioned the address ranges, use DescribePublicIpv4Pools or
// DescribeIpv6Pools.
DescribeByoipCidrs(ctx context.Context, params *DescribeByoipCidrsInput, optFns ...func(*Options)) (*DescribeByoipCidrsOutput, error)
// Describes one or more Capacity Reservation Fleets.
DescribeCapacityReservationFleets(ctx context.Context, params *DescribeCapacityReservationFleetsInput, optFns ...func(*Options)) (*DescribeCapacityReservationFleetsOutput, error)
// Describes one or more of your Capacity Reservations. The results describe only
// the Capacity Reservations in the Amazon Web Services Region that you're
// currently using.
DescribeCapacityReservations(ctx context.Context, params *DescribeCapacityReservationsInput, optFns ...func(*Options)) (*DescribeCapacityReservationsOutput, error)
// Describes one or more of your carrier gateways.
DescribeCarrierGateways(ctx context.Context, params *DescribeCarrierGatewaysInput, optFns ...func(*Options)) (*DescribeCarrierGatewaysOutput, error)
// Describes one or more of your linked EC2-Classic instances. This request only
// returns information about EC2-Classic instances linked to a VPC through
// ClassicLink. You cannot use this request to return information about other
// instances.
DescribeClassicLinkInstances(ctx context.Context, params *DescribeClassicLinkInstancesInput, optFns ...func(*Options)) (*DescribeClassicLinkInstancesOutput, error)
// Describes the authorization rules for a specified Client VPN endpoint.
DescribeClientVpnAuthorizationRules(ctx context.Context, params *DescribeClientVpnAuthorizationRulesInput, optFns ...func(*Options)) (*DescribeClientVpnAuthorizationRulesOutput, error)
// Describes active client connections and connections that have been terminated
// within the last 60 minutes for the specified Client VPN endpoint.
DescribeClientVpnConnections(ctx context.Context, params *DescribeClientVpnConnectionsInput, optFns ...func(*Options)) (*DescribeClientVpnConnectionsOutput, error)
// Describes one or more Client VPN endpoints in the account.
DescribeClientVpnEndpoints(ctx context.Context, params *DescribeClientVpnEndpointsInput, optFns ...func(*Options)) (*DescribeClientVpnEndpointsOutput, error)
// Describes the routes for the specified Client VPN endpoint.
DescribeClientVpnRoutes(ctx context.Context, params *DescribeClientVpnRoutesInput, optFns ...func(*Options)) (*DescribeClientVpnRoutesOutput, error)
// Describes the target networks associated with the specified Client VPN endpoint.
DescribeClientVpnTargetNetworks(ctx context.Context, params *DescribeClientVpnTargetNetworksInput, optFns ...func(*Options)) (*DescribeClientVpnTargetNetworksOutput, error)
// Describes the specified customer-owned address pools or all of your
// customer-owned address pools.
DescribeCoipPools(ctx context.Context, params *DescribeCoipPoolsInput, optFns ...func(*Options)) (*DescribeCoipPoolsOutput, error)
// Describes the specified conversion tasks or all your conversion tasks. For more
// information, see the VM Import/Export User Guide
// (https://docs.aws.amazon.com/vm-import/latest/userguide/). For information about
// the import manifest referenced by this API action, see VM Import Manifest
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
DescribeConversionTasks(ctx context.Context, params *DescribeConversionTasksInput, optFns ...func(*Options)) (*DescribeConversionTasksOutput, error)
// Describes one or more of your VPN customer gateways. For more information, see
// Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
DescribeCustomerGateways(ctx context.Context, params *DescribeCustomerGatewaysInput, optFns ...func(*Options)) (*DescribeCustomerGatewaysOutput, error)
// Describes one or more of your DHCP options sets. For more information, see DHCP
// options sets
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the
// Amazon Virtual Private Cloud User Guide.
DescribeDhcpOptions(ctx context.Context, params *DescribeDhcpOptionsInput, optFns ...func(*Options)) (*DescribeDhcpOptionsOutput, error)
// Describes one or more of your egress-only internet gateways.
DescribeEgressOnlyInternetGateways(ctx context.Context, params *DescribeEgressOnlyInternetGatewaysInput, optFns ...func(*Options)) (*DescribeEgressOnlyInternetGatewaysOutput, error)
// Describes the Elastic Graphics accelerator associated with your instances. For
// more information about Elastic Graphics, see Amazon Elastic Graphics
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html).
DescribeElasticGpus(ctx context.Context, params *DescribeElasticGpusInput, optFns ...func(*Options)) (*DescribeElasticGpusOutput, error)
// Describes the specified export image tasks or all of your export image tasks.
DescribeExportImageTasks(ctx context.Context, params *DescribeExportImageTasksInput, optFns ...func(*Options)) (*DescribeExportImageTasksOutput, error)
// Describes the specified export instance tasks or all of your export instance
// tasks.
DescribeExportTasks(ctx context.Context, params *DescribeExportTasksInput, optFns ...func(*Options)) (*DescribeExportTasksOutput, error)
// Describe details for Windows AMIs that are configured for faster launching.
DescribeFastLaunchImages(ctx context.Context, params *DescribeFastLaunchImagesInput, optFns ...func(*Options)) (*DescribeFastLaunchImagesOutput, error)
// Describes the state of fast snapshot restores for your snapshots.
DescribeFastSnapshotRestores(ctx context.Context, params *DescribeFastSnapshotRestoresInput, optFns ...func(*Options)) (*DescribeFastSnapshotRestoresOutput, error)
// Describes the events for the specified EC2 Fleet during the specified time. EC2
// Fleet events are delayed by up to 30 seconds before they can be described. This
// ensures that you can query by the last evaluated time and not miss a recorded
// event. EC2 Fleet events are available for 48 hours. For more information, see
// Monitor fleet events using Amazon EventBridge
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the
// Amazon EC2 User Guide.
DescribeFleetHistory(ctx context.Context, params *DescribeFleetHistoryInput, optFns ...func(*Options)) (*DescribeFleetHistoryOutput, error)
// Describes the running instances for the specified EC2 Fleet. For more
// information, see Monitor your EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet)
// in the Amazon EC2 User Guide.
DescribeFleetInstances(ctx context.Context, params *DescribeFleetInstancesInput, optFns ...func(*Options)) (*DescribeFleetInstancesOutput, error)
// Describes the specified EC2 Fleets or all of your EC2 Fleets. For more
// information, see Monitor your EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet)
// in the Amazon EC2 User Guide.
DescribeFleets(ctx context.Context, params *DescribeFleetsInput, optFns ...func(*Options)) (*DescribeFleetsOutput, error)
// Describes one or more flow logs. To view the information in your flow logs (the
// log streams for the network interfaces), you must use the CloudWatch Logs
// console or the CloudWatch Logs API.
DescribeFlowLogs(ctx context.Context, params *DescribeFlowLogsInput, optFns ...func(*Options)) (*DescribeFlowLogsOutput, error)
// Describes the specified attribute of the specified Amazon FPGA Image (AFI).
DescribeFpgaImageAttribute(ctx context.Context, params *DescribeFpgaImageAttributeInput, optFns ...func(*Options)) (*DescribeFpgaImageAttributeOutput, error)
// Describes the Amazon FPGA Images (AFIs) available to you. These include public
// AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services
// accounts for which you have load permissions.
DescribeFpgaImages(ctx context.Context, params *DescribeFpgaImagesInput, optFns ...func(*Options)) (*DescribeFpgaImagesOutput, error)
// Describes the Dedicated Host reservations that are available to purchase. The
// results describe all of the Dedicated Host reservation offerings, including
// offerings that might not match the instance family and Region of your Dedicated
// Hosts. When purchasing an offering, ensure that the instance family and Region
// of the offering matches that of the Dedicated Hosts with which it is to be
// associated. For more information about supported instance types, see Dedicated
// Hosts
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html)
// in the Amazon EC2 User Guide.
DescribeHostReservationOfferings(ctx context.Context, params *DescribeHostReservationOfferingsInput, optFns ...func(*Options)) (*DescribeHostReservationOfferingsOutput, error)
// Describes reservations that are associated with Dedicated Hosts in your account.
DescribeHostReservations(ctx context.Context, params *DescribeHostReservationsInput, optFns ...func(*Options)) (*DescribeHostReservationsOutput, error)
// Describes the specified Dedicated Hosts or all your Dedicated Hosts. The results
// describe only the Dedicated Hosts in the Region you're currently using. All
// listed instances consume capacity on your Dedicated Host. Dedicated Hosts that
// have recently been released are listed with the state released.
DescribeHosts(ctx context.Context, params *DescribeHostsInput, optFns ...func(*Options)) (*DescribeHostsOutput, error)
// Describes your IAM instance profile associations.
DescribeIamInstanceProfileAssociations(ctx context.Context, params *DescribeIamInstanceProfileAssociationsInput, optFns ...func(*Options)) (*DescribeIamInstanceProfileAssociationsOutput, error)
// Describes the ID format settings for your resources on a per-Region basis, for
// example, to view which resource types are enabled for longer IDs. This request
// only returns information about resource types whose ID formats can be modified;
// it does not return information about other resource types. The following
// resource types support longer IDs: bundle | conversion-task | customer-gateway |
// dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task |
// flow-log | image | import-task | instance | internet-gateway | network-acl |
// network-acl-association | network-interface | network-interface-attachment |
// prefix-list | reservation | route-table | route-table-association |
// security-group | snapshot | subnet | subnet-cidr-block-association | volume |
// vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
// vpn-connection | vpn-gateway. These settings apply to the IAM user who makes the
// request; they do not apply to the entire Amazon Web Services account. By
// default, an IAM user defaults to the same settings as the root user, unless they
// explicitly override the settings by running the ModifyIdFormat command.
// Resources created with longer IDs are visible to all IAM users, regardless of
// these settings and provided that they have permission to use the relevant
// Describe command for the resource type.
DescribeIdFormat(ctx context.Context, params *DescribeIdFormatInput, optFns ...func(*Options)) (*DescribeIdFormatOutput, error)
// Describes the ID format settings for resources for the specified IAM user, IAM
// role, or root user. For example, you can view the resource types that are
// enabled for longer IDs. This request only returns information about resource
// types whose ID formats can be modified; it does not return information about
// other resource types. For more information, see Resource IDs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
// Amazon Elastic Compute Cloud User Guide. The following resource types support
// longer IDs: bundle | conversion-task | customer-gateway | dhcp-options |
// elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image
// | import-task | instance | internet-gateway | network-acl |
// network-acl-association | network-interface | network-interface-attachment |
// prefix-list | reservation | route-table | route-table-association |
// security-group | snapshot | subnet | subnet-cidr-block-association | volume |
// vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
// vpn-connection | vpn-gateway. These settings apply to the principal specified in
// the request. They do not apply to the principal that makes the request.
DescribeIdentityIdFormat(ctx context.Context, params *DescribeIdentityIdFormatInput, optFns ...func(*Options)) (*DescribeIdentityIdFormatOutput, error)
// Describes the specified attribute of the specified AMI. You can specify only one
// attribute at a time.
DescribeImageAttribute(ctx context.Context, params *DescribeImageAttributeInput, optFns ...func(*Options)) (*DescribeImageAttributeOutput, error)
// Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of
// the images available to you. The images available to you include public images,
// private images that you own, and private images owned by other Amazon Web
// Services accounts for which you have explicit launch permissions. Recently
// deregistered images appear in the returned results for a short interval and then
// return empty results. After all instances that reference a deregistered AMI are
// terminated, specifying the ID of the image will eventually return an error
// indicating that the AMI ID cannot be found.
DescribeImages(ctx context.Context, params *DescribeImagesInput, optFns ...func(*Options)) (*DescribeImagesOutput, error)
// Displays details about an import virtual machine or import snapshot tasks that
// are already created.
DescribeImportImageTasks(ctx context.Context, params *DescribeImportImageTasksInput, optFns ...func(*Options)) (*DescribeImportImageTasksOutput, error)
// Describes your import snapshot tasks.
DescribeImportSnapshotTasks(ctx context.Context, params *DescribeImportSnapshotTasksInput, optFns ...func(*Options)) (*DescribeImportSnapshotTasksOutput, error)
// Describes the specified attribute of the specified instance. You can specify
// only one attribute at a time. Valid attribute values are: instanceType | kernel
// | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior
// | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck |
// groupSet | ebsOptimized | sriovNetSupport
DescribeInstanceAttribute(ctx context.Context, params *DescribeInstanceAttributeInput, optFns ...func(*Options)) (*DescribeInstanceAttributeOutput, error)
// Describes the credit option for CPU usage of the specified burstable performance
// instances. The credit options are standard and unlimited. If you do not specify
// an instance ID, Amazon EC2 returns burstable performance instances with the
// unlimited credit option, as well as instances that were previously configured as
// T2, T3, and T3a with the unlimited credit option. For example, if you resize a
// T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2
// returns the M4 instance. If you specify one or more instance IDs, Amazon EC2
// returns the credit option (standard or unlimited) of those instances. If you
// specify an instance ID that is not valid, such as an instance that is not a
// burstable performance instance, an error is returned. Recently terminated
// instances might appear in the returned results. This interval is usually less
// than one hour. If an Availability Zone is experiencing a service disruption and
// you specify instance IDs in the affected zone, or do not specify any instance
// IDs at all, the call fails. If you specify only instance IDs in an unaffected
// zone, the call works normally. For more information, see Burstable performance
// instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
// in the Amazon EC2 User Guide.
DescribeInstanceCreditSpecifications(ctx context.Context, params *DescribeInstanceCreditSpecificationsInput, optFns ...func(*Options)) (*DescribeInstanceCreditSpecificationsOutput, error)
// Describes the tag keys that are registered to appear in scheduled event
// notifications for resources in the current Region.
DescribeInstanceEventNotificationAttributes(ctx context.Context, params *DescribeInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*DescribeInstanceEventNotificationAttributesOutput, error)
// Describes the specified event windows or all event windows. If you specify event
// window IDs, the output includes information for only the specified event
// windows. If you specify filters, the output includes information for only those
// event windows that meet the filter criteria. If you do not specify event windows
// IDs or filters, the output includes information for all event windows, which can
// affect performance. We recommend that you use pagination to ensure that the
// operation returns quickly and successfully. For more information, see Define
// event windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
DescribeInstanceEventWindows(ctx context.Context, params *DescribeInstanceEventWindowsInput, optFns ...func(*Options)) (*DescribeInstanceEventWindowsOutput, error)
// Describes the status of the specified instances or all of your instances. By
// default, only running instances are described, unless you specifically indicate
// to return the status of all instances. Instance status includes the following
// components:
//
// * Status checks - Amazon EC2 performs status checks on running EC2
// instances to identify hardware and software issues. For more information, see
// Status checks for your instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html)
// and Troubleshoot instances with failed status checks
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html)
// in the Amazon EC2 User Guide.
//
// * Scheduled events - Amazon EC2 can schedule
// events (such as reboot, stop, or terminate) for your instances related to
// hardware issues, software updates, or system maintenance. For more information,
// see Scheduled events for your instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html)
// in the Amazon EC2 User Guide.
//
// * Instance state - You can manage your instances
// from the moment you launch them through their termination. For more information,
// see Instance lifecycle
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
// in the Amazon EC2 User Guide.
DescribeInstanceStatus(ctx context.Context, params *DescribeInstanceStatusInput, optFns ...func(*Options)) (*DescribeInstanceStatusOutput, error)
// Returns a list of all instance types offered. The results can be filtered by
// location (Region or Availability Zone). If no location is specified, the
// instance types offered in the current Region are returned.
DescribeInstanceTypeOfferings(ctx context.Context, params *DescribeInstanceTypeOfferingsInput, optFns ...func(*Options)) (*DescribeInstanceTypeOfferingsOutput, error)
// Describes the details of the instance types that are offered in a location. The
// results can be filtered by the attributes of the instance types.
DescribeInstanceTypes(ctx context.Context, params *DescribeInstanceTypesInput, optFns ...func(*Options)) (*DescribeInstanceTypesOutput, error)
// Describes the specified instances or all instances. If you specify instance IDs,
// the output includes information for only the specified instances. If you specify
// filters, the output includes information for only those instances that meet the
// filter criteria. If you do not specify instance IDs or filters, the output
// includes information for all instances, which can affect performance. We
// recommend that you use pagination to ensure that the operation returns quickly
// and successfully. If you specify an instance ID that is not valid, an error is
// returned. If you specify an instance that you do not own, it is not included in
// the output. Recently terminated instances might appear in the returned results.
// This interval is usually less than one hour. If you describe instances in the
// rare case where an Availability Zone is experiencing a service disruption and
// you specify instance IDs that are in the affected zone, or do not specify any
// instance IDs at all, the call fails. If you describe instances and specify only
// instance IDs that are in an unaffected zone, the call works normally.
DescribeInstances(ctx context.Context, params *DescribeInstancesInput, optFns ...func(*Options)) (*DescribeInstancesOutput, error)
// Describes one or more of your internet gateways.
DescribeInternetGateways(ctx context.Context, params *DescribeInternetGatewaysInput, optFns ...func(*Options)) (*DescribeInternetGatewaysOutput, error)
// Get information about your IPAM pools.
DescribeIpamPools(ctx context.Context, params *DescribeIpamPoolsInput, optFns ...func(*Options)) (*DescribeIpamPoolsOutput, error)
// Get information about your IPAM scopes.
DescribeIpamScopes(ctx context.Context, params *DescribeIpamScopesInput, optFns ...func(*Options)) (*DescribeIpamScopesOutput, error)
// Get information about your IPAM pools. For more information, see What is IPAM?
// in the Amazon VPC IPAM User Guide.
DescribeIpams(ctx context.Context, params *DescribeIpamsInput, optFns ...func(*Options)) (*DescribeIpamsOutput, error)
// Describes your IPv6 address pools.
DescribeIpv6Pools(ctx context.Context, params *DescribeIpv6PoolsInput, optFns ...func(*Options)) (*DescribeIpv6PoolsOutput, error)
// Describes the specified key pairs or all of your key pairs. For more information
// about key pairs, see Amazon EC2 key pairs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
// Amazon Elastic Compute Cloud User Guide.
DescribeKeyPairs(ctx context.Context, params *DescribeKeyPairsInput, optFns ...func(*Options)) (*DescribeKeyPairsOutput, error)
// Describes one or more versions of a specified launch template. You can describe
// all versions, individual versions, or a range of versions. You can also describe
// all the latest versions or all the default versions of all the launch templates
// in your account.
DescribeLaunchTemplateVersions(ctx context.Context, params *DescribeLaunchTemplateVersionsInput, optFns ...func(*Options)) (*DescribeLaunchTemplateVersionsOutput, error)
// Describes one or more launch templates.
DescribeLaunchTemplates(ctx context.Context, params *DescribeLaunchTemplatesInput, optFns ...func(*Options)) (*DescribeLaunchTemplatesOutput, error)
// Describes the associations between virtual interface groups and local gateway
// route tables.
DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error)
// Describes the specified associations between VPCs and local gateway route
// tables.
DescribeLocalGatewayRouteTableVpcAssociations(ctx context.Context, params *DescribeLocalGatewayRouteTableVpcAssociationsInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTableVpcAssociationsOutput, error)
// Describes one or more local gateway route tables. By default, all local gateway
// route tables are described. Alternatively, you can filter the results.
DescribeLocalGatewayRouteTables(ctx context.Context, params *DescribeLocalGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeLocalGatewayRouteTablesOutput, error)
// Describes the specified local gateway virtual interface groups.
DescribeLocalGatewayVirtualInterfaceGroups(ctx context.Context, params *DescribeLocalGatewayVirtualInterfaceGroupsInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfaceGroupsOutput, error)
// Describes the specified local gateway virtual interfaces.
DescribeLocalGatewayVirtualInterfaces(ctx context.Context, params *DescribeLocalGatewayVirtualInterfacesInput, optFns ...func(*Options)) (*DescribeLocalGatewayVirtualInterfacesOutput, error)
// Describes one or more local gateways. By default, all local gateways are
// described. Alternatively, you can filter the results.
DescribeLocalGateways(ctx context.Context, params *DescribeLocalGatewaysInput, optFns ...func(*Options)) (*DescribeLocalGatewaysOutput, error)
// Describes your managed prefix lists and any Amazon Web Services-managed prefix
// lists. To view the entries for your prefix list, use
// GetManagedPrefixListEntries.
DescribeManagedPrefixLists(ctx context.Context, params *DescribeManagedPrefixListsInput, optFns ...func(*Options)) (*DescribeManagedPrefixListsOutput, error)
// Describes your Elastic IP addresses that are being moved to the EC2-VPC
// platform, or that are being restored to the EC2-Classic platform. This request
// does not return information about any other Elastic IP addresses in your
// account.
DescribeMovingAddresses(ctx context.Context, params *DescribeMovingAddressesInput, optFns ...func(*Options)) (*DescribeMovingAddressesOutput, error)
// Describes one or more of your NAT gateways.
DescribeNatGateways(ctx context.Context, params *DescribeNatGatewaysInput, optFns ...func(*Options)) (*DescribeNatGatewaysOutput, error)
// Describes one or more of your network ACLs. For more information, see Network
// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the
// Amazon Virtual Private Cloud User Guide.
DescribeNetworkAcls(ctx context.Context, params *DescribeNetworkAclsInput, optFns ...func(*Options)) (*DescribeNetworkAclsOutput, error)
// Describes the specified Network Access Scope analyses.
DescribeNetworkInsightsAccessScopeAnalyses(ctx context.Context, params *DescribeNetworkInsightsAccessScopeAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopeAnalysesOutput, error)
// Describes the specified Network Access Scopes.
DescribeNetworkInsightsAccessScopes(ctx context.Context, params *DescribeNetworkInsightsAccessScopesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAccessScopesOutput, error)
// Describes one or more of your network insights analyses.
DescribeNetworkInsightsAnalyses(ctx context.Context, params *DescribeNetworkInsightsAnalysesInput, optFns ...func(*Options)) (*DescribeNetworkInsightsAnalysesOutput, error)
// Describes one or more of your paths.
DescribeNetworkInsightsPaths(ctx context.Context, params *DescribeNetworkInsightsPathsInput, optFns ...func(*Options)) (*DescribeNetworkInsightsPathsOutput, error)
// Describes a network interface attribute. You can specify only one attribute at a
// time.
DescribeNetworkInterfaceAttribute(ctx context.Context, params *DescribeNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*DescribeNetworkInterfaceAttributeOutput, error)
// Describes the permissions for your network interfaces.
DescribeNetworkInterfacePermissions(ctx context.Context, params *DescribeNetworkInterfacePermissionsInput, optFns ...func(*Options)) (*DescribeNetworkInterfacePermissionsOutput, error)
// Describes one or more of your network interfaces.
DescribeNetworkInterfaces(ctx context.Context, params *DescribeNetworkInterfacesInput, optFns ...func(*Options)) (*DescribeNetworkInterfacesOutput, error)
// Describes the specified placement groups or all of your placement groups. For
// more information, see Placement groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in
// the Amazon EC2 User Guide.
DescribePlacementGroups(ctx context.Context, params *DescribePlacementGroupsInput, optFns ...func(*Options)) (*DescribePlacementGroupsOutput, error)
// Describes available Amazon Web Services services in a prefix list format, which
// includes the prefix list name and prefix list ID of the service and the IP
// address range for the service. We recommend that you use
// DescribeManagedPrefixLists instead.
DescribePrefixLists(ctx context.Context, params *DescribePrefixListsInput, optFns ...func(*Options)) (*DescribePrefixListsOutput, error)
// Describes the ID format settings for the root user and all IAM roles and IAM
// users that have explicitly specified a longer ID (17-character ID) preference.
// By default, all IAM roles and IAM users default to the same ID settings as the
// root user, unless they explicitly override the settings. This request is useful
// for identifying those IAM users and IAM roles that have overridden the default
// ID settings. The following resource types support longer IDs: bundle |
// conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation |
// elastic-ip-association | export-task | flow-log | image | import-task | instance
// | internet-gateway | network-acl | network-acl-association | network-interface |
// network-interface-attachment | prefix-list | reservation | route-table |
// route-table-association | security-group | snapshot | subnet |
// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.
DescribePrincipalIdFormat(ctx context.Context, params *DescribePrincipalIdFormatInput, optFns ...func(*Options)) (*DescribePrincipalIdFormatOutput, error)
// Describes the specified IPv4 address pools.
DescribePublicIpv4Pools(ctx context.Context, params *DescribePublicIpv4PoolsInput, optFns ...func(*Options)) (*DescribePublicIpv4PoolsOutput, error)
// Describes the Regions that are enabled for your account, or all Regions. For a
// list of the Regions supported by Amazon EC2, see Amazon Elastic Compute Cloud
// endpoints and quotas
// (https://docs.aws.amazon.com/general/latest/gr/ec2-service.html). For
// information about enabling and disabling Regions for your account, see Managing
// Amazon Web Services Regions
// (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html) in the Amazon
// Web Services General Reference.
DescribeRegions(ctx context.Context, params *DescribeRegionsInput, optFns ...func(*Options)) (*DescribeRegionsOutput, error)
// Describes a root volume replacement task. For more information, see Replace a
// root volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root)
// in the Amazon Elastic Compute Cloud User Guide.
DescribeReplaceRootVolumeTasks(ctx context.Context, params *DescribeReplaceRootVolumeTasksInput, optFns ...func(*Options)) (*DescribeReplaceRootVolumeTasksOutput, error)
// Describes one or more of the Reserved Instances that you purchased. For more
// information about Reserved Instances, see Reserved Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html)
// in the Amazon EC2 User Guide.
DescribeReservedInstances(ctx context.Context, params *DescribeReservedInstancesInput, optFns ...func(*Options)) (*DescribeReservedInstancesOutput, error)
// Describes your account's Reserved Instance listings in the Reserved Instance
// Marketplace. The Reserved Instance Marketplace matches sellers who want to
// resell Reserved Instance capacity that they no longer need with buyers who want
// to purchase additional capacity. Reserved Instances bought and sold through the
// Reserved Instance Marketplace work like any other Reserved Instances. As a
// seller, you choose to list some or all of your Reserved Instances, and you
// specify the upfront price to receive for them. Your Reserved Instances are then
// listed in the Reserved Instance Marketplace and are available for purchase. As a
// buyer, you specify the configuration of the Reserved Instance to purchase, and
// the Marketplace matches what you're searching for with what's available. The
// Marketplace first sells the lowest priced Reserved Instances to you, and
// continues to sell available Reserved Instance listings to you until your demand
// is met. You are charged based on the total price of all of the listings that you
// purchase. For more information, see Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
DescribeReservedInstancesListings(ctx context.Context, params *DescribeReservedInstancesListingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesListingsOutput, error)
// Describes the modifications made to your Reserved Instances. If no parameter is
// specified, information about all your Reserved Instances modification requests
// is returned. If a modification ID is specified, only information about the
// specific modification is returned. For more information, see Modifying Reserved
// Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the
// Amazon EC2 User Guide.
DescribeReservedInstancesModifications(ctx context.Context, params *DescribeReservedInstancesModificationsInput, optFns ...func(*Options)) (*DescribeReservedInstancesModificationsOutput, error)
// Describes Reserved Instance offerings that are available for purchase. With
// Reserved Instances, you purchase the right to launch instances for a period of
// time. During that time period, you do not receive insufficient capacity errors,
// and you pay a lower usage rate than the rate charged for On-Demand instances for
// the actual time used. If you have listed your own Reserved Instances for sale in
// the Reserved Instance Marketplace, they will be excluded from these results.
// This is to ensure that you do not purchase your own Reserved Instances. For more
// information, see Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
DescribeReservedInstancesOfferings(ctx context.Context, params *DescribeReservedInstancesOfferingsInput, optFns ...func(*Options)) (*DescribeReservedInstancesOfferingsOutput, error)
// Describes one or more of your route tables. Each subnet in your VPC must be
// associated with a route table. If a subnet is not explicitly associated with any
// route table, it is implicitly associated with the main route table. This command
// does not return the subnet ID for implicit associations. For more information,
// see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
DescribeRouteTables(ctx context.Context, params *DescribeRouteTablesInput, optFns ...func(*Options)) (*DescribeRouteTablesOutput, error)
// Finds available schedules that meet the specified criteria. You can search for
// an available schedule no more than 3 months in advance. You must meet the
// minimum required duration of 1,200 hours per year. For example, the minimum
// daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the
// minimum monthly schedule is 100 hours. After you find a schedule that meets your
// needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that
// schedule.
DescribeScheduledInstanceAvailability(ctx context.Context, params *DescribeScheduledInstanceAvailabilityInput, optFns ...func(*Options)) (*DescribeScheduledInstanceAvailabilityOutput, error)
// Describes the specified Scheduled Instances or all your Scheduled Instances.
DescribeScheduledInstances(ctx context.Context, params *DescribeScheduledInstancesInput, optFns ...func(*Options)) (*DescribeScheduledInstancesOutput, error)
// [VPC only] Describes the VPCs on the other side of a VPC peering connection that
// are referencing the security groups you've specified in this request.
DescribeSecurityGroupReferences(ctx context.Context, params *DescribeSecurityGroupReferencesInput, optFns ...func(*Options)) (*DescribeSecurityGroupReferencesOutput, error)
// Describes one or more of your security group rules.
DescribeSecurityGroupRules(ctx context.Context, params *DescribeSecurityGroupRulesInput, optFns ...func(*Options)) (*DescribeSecurityGroupRulesOutput, error)
// Describes the specified security groups or all of your security groups. A
// security group is for use with instances either in the EC2-Classic platform or
// in a specific VPC. For more information, see Amazon EC2 security groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html)
// in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC
// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html)
// in the Amazon Virtual Private Cloud User Guide.
DescribeSecurityGroups(ctx context.Context, params *DescribeSecurityGroupsInput, optFns ...func(*Options)) (*DescribeSecurityGroupsOutput, error)
// Describes the specified attribute of the specified snapshot. You can specify
// only one attribute at a time. For more information about EBS snapshots, see
// Amazon EBS snapshots
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the
// Amazon Elastic Compute Cloud User Guide.
DescribeSnapshotAttribute(ctx context.Context, params *DescribeSnapshotAttributeInput, optFns ...func(*Options)) (*DescribeSnapshotAttributeOutput, error)
// Describes the storage tier status of one or more Amazon EBS snapshots.
DescribeSnapshotTierStatus(ctx context.Context, params *DescribeSnapshotTierStatusInput, optFns ...func(*Options)) (*DescribeSnapshotTierStatusOutput, error)
// Describes the specified EBS snapshots available to you or all of the EBS
// snapshots available to you. The snapshots available to you include public
// snapshots, private snapshots that you own, and private snapshots owned by other
// Amazon Web Services accounts for which you have explicit create volume
// permissions. The create volume permissions fall into the following
// categories:
//
// * public: The owner of the snapshot granted create volume
// permissions for the snapshot to the all group. All Amazon Web Services accounts
// have create volume permissions for these snapshots.
//
// * explicit: The owner of
// the snapshot granted create volume permissions to a specific Amazon Web Services
// account.
//
// * implicit: An Amazon Web Services account has implicit create volume
// permissions for all snapshots it owns.
//
// The list of snapshots returned can be
// filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services
// accounts with create volume permissions. If no options are specified, Amazon EC2
// returns all snapshots for which you have create volume permissions. If you
// specify one or more snapshot IDs, only snapshots that have the specified IDs are
// returned. If you specify an invalid snapshot ID, an error is returned. If you
// specify a snapshot ID for which you do not have access, it is not included in
// the returned results. If you specify one or more snapshot owners using the
// OwnerIds option, only snapshots from the specified owners and for which you have
// access are returned. The results can include the Amazon Web Services account IDs
// of the specified owners, amazon for snapshots owned by Amazon, or self for
// snapshots that you own. If you specify a list of restorable users, only
// snapshots with create snapshot permissions for those users are returned. You can
// specify Amazon Web Services account IDs (if you own the snapshots), self for
// snapshots for which you own or have explicit permissions, or all for public
// snapshots. If you are describing a long list of snapshots, we recommend that you
// paginate the output to make the list more manageable. The MaxResults parameter
// sets the maximum number of results returned in a single page. If the list of
// results exceeds your MaxResults value, then that number of results is returned
// along with a NextToken value that can be passed to a subsequent
// DescribeSnapshots request to retrieve the remaining results. To get the state of
// fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores. For
// more information about EBS snapshots, see Amazon EBS snapshots
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) in the
// Amazon Elastic Compute Cloud User Guide.
DescribeSnapshots(ctx context.Context, params *DescribeSnapshotsInput, optFns ...func(*Options)) (*DescribeSnapshotsOutput, error)
// Describes the data feed for Spot Instances. For more information, see Spot
// Instance data feed
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) in
// the Amazon EC2 User Guide for Linux Instances.
DescribeSpotDatafeedSubscription(ctx context.Context, params *DescribeSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*DescribeSpotDatafeedSubscriptionOutput, error)
// Describes the running instances for the specified Spot Fleet.
DescribeSpotFleetInstances(ctx context.Context, params *DescribeSpotFleetInstancesInput, optFns ...func(*Options)) (*DescribeSpotFleetInstancesOutput, error)
// Describes the events for the specified Spot Fleet request during the specified
// time. Spot Fleet events are delayed by up to 30 seconds before they can be
// described. This ensures that you can query by the last evaluated time and not
// miss a recorded event. Spot Fleet events are available for 48 hours. For more
// information, see Monitor fleet events using Amazon EventBridge
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html) in the
// Amazon EC2 User Guide for Linux Instances.
DescribeSpotFleetRequestHistory(ctx context.Context, params *DescribeSpotFleetRequestHistoryInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestHistoryOutput, error)
// Describes your Spot Fleet requests. Spot Fleet requests are deleted 48 hours
// after they are canceled and their instances are terminated.
DescribeSpotFleetRequests(ctx context.Context, params *DescribeSpotFleetRequestsInput, optFns ...func(*Options)) (*DescribeSpotFleetRequestsOutput, error)
// Describes the specified Spot Instance requests. You can use
// DescribeSpotInstanceRequests to find a running Spot Instance by examining the
// response. If the status of the Spot Instance is fulfilled, the instance ID
// appears in the response and contains the identifier of the instance.
// Alternatively, you can use DescribeInstances
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances)
// with a filter to look for instances where the instance lifecycle is spot. We
// recommend that you set MaxResults to a value between 5 and 1000 to limit the
// number of results returned. This paginates the output, which makes the list more
// manageable and returns the results faster. If the list of results exceeds your
// MaxResults value, then that number of results is returned along with a NextToken
// value that can be passed to a subsequent DescribeSpotInstanceRequests request to
// retrieve the remaining results. Spot Instance requests are deleted four hours
// after they are canceled and their instances are terminated.
DescribeSpotInstanceRequests(ctx context.Context, params *DescribeSpotInstanceRequestsInput, optFns ...func(*Options)) (*DescribeSpotInstanceRequestsOutput, error)
// Describes the Spot price history. For more information, see Spot Instance
// pricing history
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances-history.html)
// in the Amazon EC2 User Guide for Linux Instances. When you specify a start and
// end time, the operation returns the prices of the instance types within that
// time range. It also returns the last price change before the start time, which
// is the effective price as of the start time.
DescribeSpotPriceHistory(ctx context.Context, params *DescribeSpotPriceHistoryInput, optFns ...func(*Options)) (*DescribeSpotPriceHistoryOutput, error)
// [VPC only] Describes the stale security group rules for security groups in a
// specified VPC. Rules are stale when they reference a deleted security group in
// the same VPC or in a peer VPC, or if they reference a security group in a peer
// VPC for which the VPC peering connection has been deleted.
DescribeStaleSecurityGroups(ctx context.Context, params *DescribeStaleSecurityGroupsInput, optFns ...func(*Options)) (*DescribeStaleSecurityGroupsOutput, error)
// Describes the progress of the AMI store tasks. You can describe the store tasks
// for specified AMIs. If you don't specify the AMIs, you get a paginated list of
// store tasks from the last 31 days. For each AMI task, the response indicates if
// the task is InProgress, Completed, or Failed. For tasks InProgress, the response
// shows the estimated progress as a percentage. Tasks are listed in reverse
// chronological order. Currently, only tasks from the past 31 days can be viewed.
// To use this API, you must have the required permissions. For more information,
// see Permissions for storing and restoring AMIs using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions)
// in the Amazon Elastic Compute Cloud User Guide. For more information, see Store
// and restore an AMI using Amazon S3
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) in
// the Amazon Elastic Compute Cloud User Guide.
DescribeStoreImageTasks(ctx context.Context, params *DescribeStoreImageTasksInput, optFns ...func(*Options)) (*DescribeStoreImageTasksOutput, error)
// Describes one or more of your subnets. For more information, see Your VPC and
// subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in
// the Amazon Virtual Private Cloud User Guide.
DescribeSubnets(ctx context.Context, params *DescribeSubnetsInput, optFns ...func(*Options)) (*DescribeSubnetsOutput, error)
// Describes the specified tags for your EC2 resources. For more information about
// tags, see Tagging Your Resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon Elastic Compute Cloud User Guide.
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Describes one or more Traffic Mirror filters.
DescribeTrafficMirrorFilters(ctx context.Context, params *DescribeTrafficMirrorFiltersInput, optFns ...func(*Options)) (*DescribeTrafficMirrorFiltersOutput, error)
// Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror
// sessions are described. Alternatively, you can filter the results.
DescribeTrafficMirrorSessions(ctx context.Context, params *DescribeTrafficMirrorSessionsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorSessionsOutput, error)
// Information about one or more Traffic Mirror targets.
DescribeTrafficMirrorTargets(ctx context.Context, params *DescribeTrafficMirrorTargetsInput, optFns ...func(*Options)) (*DescribeTrafficMirrorTargetsOutput, error)
// Describes one or more attachments between resources and transit gateways. By
// default, all attachments are described. Alternatively, you can filter the
// results by attachment ID, attachment state, resource ID, or resource owner.
DescribeTransitGatewayAttachments(ctx context.Context, params *DescribeTransitGatewayAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayAttachmentsOutput, error)
// Describes one or more Connect peers.
DescribeTransitGatewayConnectPeers(ctx context.Context, params *DescribeTransitGatewayConnectPeersInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectPeersOutput, error)
// Describes one or more Connect attachments.
DescribeTransitGatewayConnects(ctx context.Context, params *DescribeTransitGatewayConnectsInput, optFns ...func(*Options)) (*DescribeTransitGatewayConnectsOutput, error)
// Describes one or more transit gateway multicast domains.
DescribeTransitGatewayMulticastDomains(ctx context.Context, params *DescribeTransitGatewayMulticastDomainsInput, optFns ...func(*Options)) (*DescribeTransitGatewayMulticastDomainsOutput, error)
// Describes your transit gateway peering attachments.
DescribeTransitGatewayPeeringAttachments(ctx context.Context, params *DescribeTransitGatewayPeeringAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayPeeringAttachmentsOutput, error)
// Describes one or more transit gateway route tables. By default, all transit
// gateway route tables are described. Alternatively, you can filter the results.
DescribeTransitGatewayRouteTables(ctx context.Context, params *DescribeTransitGatewayRouteTablesInput, optFns ...func(*Options)) (*DescribeTransitGatewayRouteTablesOutput, error)
// Describes one or more VPC attachments. By default, all VPC attachments are
// described. Alternatively, you can filter the results.
DescribeTransitGatewayVpcAttachments(ctx context.Context, params *DescribeTransitGatewayVpcAttachmentsInput, optFns ...func(*Options)) (*DescribeTransitGatewayVpcAttachmentsOutput, error)
// Describes one or more transit gateways. By default, all transit gateways are
// described. Alternatively, you can filter the results.
DescribeTransitGateways(ctx context.Context, params *DescribeTransitGatewaysInput, optFns ...func(*Options)) (*DescribeTransitGatewaysOutput, error)
// This API action is currently in limited preview only. If you are interested in
// using this feature, contact your account manager. Describes one or more network
// interface trunk associations.
DescribeTrunkInterfaceAssociations(ctx context.Context, params *DescribeTrunkInterfaceAssociationsInput, optFns ...func(*Options)) (*DescribeTrunkInterfaceAssociationsOutput, error)
// Describes the specified attribute of the specified volume. You can specify only
// one attribute at a time. For more information about EBS volumes, see Amazon EBS
// volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in
// the Amazon Elastic Compute Cloud User Guide.
DescribeVolumeAttribute(ctx context.Context, params *DescribeVolumeAttributeInput, optFns ...func(*Options)) (*DescribeVolumeAttributeOutput, error)
// Describes the status of the specified volumes. Volume status provides the result
// of the checks performed on your volumes to determine events that can impair the
// performance of your volumes. The performance of a volume can be affected if an
// issue occurs on the volume's underlying host. If the volume's underlying host
// experiences a power outage or system issue, after the system is restored, there
// could be data inconsistencies on the volume. Volume events notify you if this
// occurs. Volume actions notify you if any action needs to be taken in response to
// the event. The DescribeVolumeStatus operation provides the following information
// about the specified volumes: Status: Reflects the current status of the volume.
// The possible values are ok, impaired , warning, or insufficient-data. If all
// checks pass, the overall status of the volume is ok. If the check fails, the
// overall status is impaired. If the status is insufficient-data, then the checks
// might still be taking place on your volume at the time. We recommend that you
// retry the request. For more information about volume status, see Monitor the
// status of your volumes
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html)
// in the Amazon Elastic Compute Cloud User Guide. Events: Reflect the cause of a
// volume status and might require you to take action. For example, if your volume
// returns an impaired status, then the volume event might be
// potential-data-inconsistency. This means that your volume has been affected by
// an issue with the underlying host, has all I/O operations disabled, and might
// have inconsistent data. Actions: Reflect the actions you might have to take in
// response to an event. For example, if the status of the volume is impaired and
// the volume event shows potential-data-inconsistency, then the action shows
// enable-volume-io. This means that you may want to enable the I/O operations for
// the volume by calling the EnableVolumeIO action and then check the volume for
// data consistency. Volume status is based on the volume status checks, and does
// not reflect the volume state. Therefore, volume status does not indicate volumes
// in the error state (for example, when a volume is incapable of accepting I/O.)
DescribeVolumeStatus(ctx context.Context, params *DescribeVolumeStatusInput, optFns ...func(*Options)) (*DescribeVolumeStatusOutput, error)
// Describes the specified EBS volumes or all of your EBS volumes. If you are
// describing a long list of volumes, we recommend that you paginate the output to
// make the list more manageable. The MaxResults parameter sets the maximum number
// of results returned in a single page. If the list of results exceeds your
// MaxResults value, then that number of results is returned along with a NextToken
// value that can be passed to a subsequent DescribeVolumes request to retrieve the
// remaining results. For more information about EBS volumes, see Amazon EBS
// volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) in
// the Amazon Elastic Compute Cloud User Guide.
DescribeVolumes(ctx context.Context, params *DescribeVolumesInput, optFns ...func(*Options)) (*DescribeVolumesOutput, error)
// Describes the most recent volume modification request for the specified EBS
// volumes. If a volume has never been modified, some information in the output
// will be null. If a volume has been modified more than once, the output includes
// only the most recent modification request. You can also use CloudWatch Events to
// check the status of a modification to an EBS volume. For information about
// CloudWatch Events, see the Amazon CloudWatch Events User Guide
// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). For more
// information, see Monitor the progress of volume modifications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html)
// in the Amazon Elastic Compute Cloud User Guide.
DescribeVolumesModifications(ctx context.Context, params *DescribeVolumesModificationsInput, optFns ...func(*Options)) (*DescribeVolumesModificationsOutput, error)
// Describes the specified attribute of the specified VPC. You can specify only one
// attribute at a time.
DescribeVpcAttribute(ctx context.Context, params *DescribeVpcAttributeInput, optFns ...func(*Options)) (*DescribeVpcAttributeOutput, error)
// Describes the ClassicLink status of one or more VPCs.
DescribeVpcClassicLink(ctx context.Context, params *DescribeVpcClassicLinkInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkOutput, error)
// Describes the ClassicLink DNS support status of one or more VPCs. If enabled,
// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
// address when addressed from an instance in the VPC to which it's linked.
// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
// address when addressed from a linked EC2-Classic instance. For more information,
// see ClassicLink
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
// the Amazon Elastic Compute Cloud User Guide.
DescribeVpcClassicLinkDnsSupport(ctx context.Context, params *DescribeVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DescribeVpcClassicLinkDnsSupportOutput, error)
// Describes the connection notifications for VPC endpoints and VPC endpoint
// services.
DescribeVpcEndpointConnectionNotifications(ctx context.Context, params *DescribeVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionNotificationsOutput, error)
// Describes the VPC endpoint connections to your VPC endpoint services, including
// any endpoints that are pending your acceptance.
DescribeVpcEndpointConnections(ctx context.Context, params *DescribeVpcEndpointConnectionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointConnectionsOutput, error)
// Describes the VPC endpoint service configurations in your account (your
// services).
DescribeVpcEndpointServiceConfigurations(ctx context.Context, params *DescribeVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServiceConfigurationsOutput, error)
// Describes the principals (service consumers) that are permitted to discover your
// VPC endpoint service.
DescribeVpcEndpointServicePermissions(ctx context.Context, params *DescribeVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicePermissionsOutput, error)
// Describes available services to which you can create a VPC endpoint. When the
// service provider and the consumer have different accounts in multiple
// Availability Zones, and the consumer views the VPC endpoint service information,
// the response only includes the common Availability Zones. For example, when the
// service provider account uses us-east-1a and us-east-1c and the consumer uses
// us-east-1a and us-east-1b, the response includes the VPC endpoint services in
// the common Availability Zone, us-east-1a.
DescribeVpcEndpointServices(ctx context.Context, params *DescribeVpcEndpointServicesInput, optFns ...func(*Options)) (*DescribeVpcEndpointServicesOutput, error)
// Describes one or more of your VPC endpoints.
DescribeVpcEndpoints(ctx context.Context, params *DescribeVpcEndpointsInput, optFns ...func(*Options)) (*DescribeVpcEndpointsOutput, error)
// Describes one or more of your VPC peering connections.
DescribeVpcPeeringConnections(ctx context.Context, params *DescribeVpcPeeringConnectionsInput, optFns ...func(*Options)) (*DescribeVpcPeeringConnectionsOutput, error)
// Describes one or more of your VPCs.
DescribeVpcs(ctx context.Context, params *DescribeVpcsInput, optFns ...func(*Options)) (*DescribeVpcsOutput, error)
// Describes one or more of your VPN connections. For more information, see Amazon
// Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
DescribeVpnConnections(ctx context.Context, params *DescribeVpnConnectionsInput, optFns ...func(*Options)) (*DescribeVpnConnectionsOutput, error)
// Describes one or more of your virtual private gateways. For more information,
// see Amazon Web Services Site-to-Site VPN
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
DescribeVpnGateways(ctx context.Context, params *DescribeVpnGatewaysInput, optFns ...func(*Options)) (*DescribeVpnGatewaysOutput, error)
// Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance
// has been unlinked, the VPC security groups are no longer associated with it. An
// instance is automatically unlinked from a VPC when it's stopped.
DetachClassicLinkVpc(ctx context.Context, params *DetachClassicLinkVpcInput, optFns ...func(*Options)) (*DetachClassicLinkVpcOutput, error)
// Detaches an internet gateway from a VPC, disabling connectivity between the
// internet and the VPC. The VPC must not contain any running instances with
// Elastic IP addresses or public IPv4 addresses.
DetachInternetGateway(ctx context.Context, params *DetachInternetGatewayInput, optFns ...func(*Options)) (*DetachInternetGatewayOutput, error)
// Detaches a network interface from an instance.
DetachNetworkInterface(ctx context.Context, params *DetachNetworkInterfaceInput, optFns ...func(*Options)) (*DetachNetworkInterfaceOutput, error)
// Detaches an EBS volume from an instance. Make sure to unmount any file systems
// on the device within your operating system before detaching the volume. Failure
// to do so can result in the volume becoming stuck in the busy state while
// detaching. If this happens, detachment can be delayed indefinitely until you
// unmount the volume, force detachment, reboot the instance, or all three. If an
// EBS volume is the root device of an instance, it can't be detached while the
// instance is running. To detach the root volume, stop the instance first. When a
// volume with an Amazon Web Services Marketplace product code is detached from an
// instance, the product code is no longer associated with the instance. For more
// information, see Detach an Amazon EBS volume
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html)
// in the Amazon Elastic Compute Cloud User Guide.
DetachVolume(ctx context.Context, params *DetachVolumeInput, optFns ...func(*Options)) (*DetachVolumeOutput, error)
// Detaches a virtual private gateway from a VPC. You do this if you're planning to
// turn off the VPC and not use it anymore. You can confirm a virtual private
// gateway has been completely detached from a VPC by describing the virtual
// private gateway (any attachments to the virtual private gateway are also
// described). You must wait for the attachment's state to switch to detached
// before you can delete the VPC or attach a different VPC to the virtual private
// gateway.
DetachVpnGateway(ctx context.Context, params *DetachVpnGatewayInput, optFns ...func(*Options)) (*DetachVpnGatewayOutput, error)
// Disables EBS encryption by default for your account in the current Region. After
// you disable encryption by default, you can still create encrypted volumes by
// enabling encryption when you create each volume. Disabling encryption by default
// does not change the encryption status of your existing volumes. For more
// information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
DisableEbsEncryptionByDefault(ctx context.Context, params *DisableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*DisableEbsEncryptionByDefaultOutput, error)
// Discontinue faster launching for a Windows AMI, and clean up existing
// pre-provisioned snapshots. When you disable faster launching, the AMI uses the
// standard launch process for each instance. All pre-provisioned snapshots must be
// removed before you can enable faster launching again. To change these settings,
// you must own the AMI.
DisableFastLaunch(ctx context.Context, params *DisableFastLaunchInput, optFns ...func(*Options)) (*DisableFastLaunchOutput, error)
// Disables fast snapshot restores for the specified snapshots in the specified
// Availability Zones.
DisableFastSnapshotRestores(ctx context.Context, params *DisableFastSnapshotRestoresInput, optFns ...func(*Options)) (*DisableFastSnapshotRestoresOutput, error)
// Cancels the deprecation of the specified AMI. For more information, see
// Deprecate an AMI
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the
// Amazon Elastic Compute Cloud User Guide.
DisableImageDeprecation(ctx context.Context, params *DisableImageDeprecationInput, optFns ...func(*Options)) (*DisableImageDeprecationOutput, error)
// Disable the IPAM account. For more information, see Enable integration with
// Organizations in the Amazon VPC IPAM User Guide.
DisableIpamOrganizationAdminAccount(ctx context.Context, params *DisableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*DisableIpamOrganizationAdminAccountOutput, error)
// Disables access to the EC2 serial console of all instances for your account. By
// default, access to the EC2 serial console is disabled for your account. For more
// information, see Manage account access to the EC2 serial console
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
// in the Amazon EC2 User Guide.
DisableSerialConsoleAccess(ctx context.Context, params *DisableSerialConsoleAccessInput, optFns ...func(*Options)) (*DisableSerialConsoleAccessOutput, error)
// Disables the specified resource attachment from propagating routes to the
// specified propagation route table.
DisableTransitGatewayRouteTablePropagation(ctx context.Context, params *DisableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*DisableTransitGatewayRouteTablePropagationOutput, error)
// Disables a virtual private gateway (VGW) from propagating routes to a specified
// route table of a VPC.
DisableVgwRoutePropagation(ctx context.Context, params *DisableVgwRoutePropagationInput, optFns ...func(*Options)) (*DisableVgwRoutePropagationOutput, error)
// Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that
// has EC2-Classic instances linked to it.
DisableVpcClassicLink(ctx context.Context, params *DisableVpcClassicLinkInput, optFns ...func(*Options)) (*DisableVpcClassicLinkOutput, error)
// Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve
// to public IP addresses when addressed between a linked EC2-Classic instance and
// instances in the VPC to which it's linked. For more information, see ClassicLink
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
// the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the
// request.
DisableVpcClassicLinkDnsSupport(ctx context.Context, params *DisableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*DisableVpcClassicLinkDnsSupportOutput, error)
// Disassociates an Elastic IP address from the instance or network interface it's
// associated with. An Elastic IP address is for use in either the EC2-Classic
// platform or in a VPC. For more information, see Elastic IP Addresses
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)
// in the Amazon Elastic Compute Cloud User Guide. This is an idempotent operation.
// If you perform the operation more than once, Amazon EC2 doesn't return an error.
DisassociateAddress(ctx context.Context, params *DisassociateAddressInput, optFns ...func(*Options)) (*DisassociateAddressOutput, error)
// Disassociates a target network from the specified Client VPN endpoint. When you
// disassociate the last target network from a Client VPN, the following
// happens:
//
// * The route that was automatically added for the VPC is deleted
//
// * All
// active client connections are terminated
//
// * New client connections are
// disallowed
//
// * The Client VPN endpoint's status changes to pending-associate
DisassociateClientVpnTargetNetwork(ctx context.Context, params *DisassociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*DisassociateClientVpnTargetNetworkOutput, error)
// Disassociates an IAM role from an Certificate Manager (ACM) certificate.
// Disassociating an IAM role from an ACM certificate removes the Amazon S3 object
// that contains the certificate, certificate chain, and encrypted private key from
// the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS
// key used to encrypt the private key. This effectively revokes the role's
// permission to use the certificate.
DisassociateEnclaveCertificateIamRole(ctx context.Context, params *DisassociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*DisassociateEnclaveCertificateIamRoleOutput, error)
// Disassociates an IAM instance profile from a running or stopped instance. Use
// DescribeIamInstanceProfileAssociations to get the association ID.
DisassociateIamInstanceProfile(ctx context.Context, params *DisassociateIamInstanceProfileInput, optFns ...func(*Options)) (*DisassociateIamInstanceProfileOutput, error)
// Disassociates one or more targets from an event window. For more information,
// see Define event windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
DisassociateInstanceEventWindow(ctx context.Context, params *DisassociateInstanceEventWindowInput, optFns ...func(*Options)) (*DisassociateInstanceEventWindowOutput, error)
// Disassociates a subnet or gateway from a route table. After you perform this
// action, the subnet no longer uses the routes in the route table. Instead, it
// uses the routes in the VPC's main route table. For more information about route
// tables, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
DisassociateRouteTable(ctx context.Context, params *DisassociateRouteTableInput, optFns ...func(*Options)) (*DisassociateRouteTableOutput, error)
// Disassociates a CIDR block from a subnet. Currently, you can disassociate an
// IPv6 CIDR block only. You must detach or delete all gateways and resources that
// are associated with the CIDR block before you can disassociate it.
DisassociateSubnetCidrBlock(ctx context.Context, params *DisassociateSubnetCidrBlockInput, optFns ...func(*Options)) (*DisassociateSubnetCidrBlockOutput, error)
// Disassociates the specified subnets from the transit gateway multicast domain.
DisassociateTransitGatewayMulticastDomain(ctx context.Context, params *DisassociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*DisassociateTransitGatewayMulticastDomainOutput, error)
// Disassociates a resource attachment from a transit gateway route table.
DisassociateTransitGatewayRouteTable(ctx context.Context, params *DisassociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*DisassociateTransitGatewayRouteTableOutput, error)
// This API action is currently in limited preview only. If you are interested in
// using this feature, contact your account manager. Removes an association between
// a branch network interface with a trunk network interface.
DisassociateTrunkInterface(ctx context.Context, params *DisassociateTrunkInterfaceInput, optFns ...func(*Options)) (*DisassociateTrunkInterfaceOutput, error)
// Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must
// specify its association ID. You can get the association ID by using
// DescribeVpcs. You must detach or delete all gateways and resources that are
// associated with the CIDR block before you can disassociate it. You cannot
// disassociate the CIDR block with which you originally created the VPC (the
// primary CIDR block).
DisassociateVpcCidrBlock(ctx context.Context, params *DisassociateVpcCidrBlockInput, optFns ...func(*Options)) (*DisassociateVpcCidrBlockOutput, error)
// Enables EBS encryption by default for your account in the current Region. After
// you enable encryption by default, the EBS volumes that you create are always
// encrypted, either using the default KMS key or the KMS key that you specified
// when you created each volume. For more information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide. You can specify the default KMS key for
// encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.
// Enabling encryption by default has no effect on the encryption status of your
// existing volumes. After you enable encryption by default, you can no longer
// launch instances using instance types that do not support encryption. For more
// information, see Supported instance types
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances).
EnableEbsEncryptionByDefault(ctx context.Context, params *EnableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*EnableEbsEncryptionByDefaultOutput, error)
// When you enable faster launching for a Windows AMI, images are pre-provisioned,
// using snapshots to launch instances up to 65% faster. To create the optimized
// Windows image, Amazon EC2 launches an instance and runs through Sysprep steps,
// rebooting as required. Then it creates a set of reserved snapshots that are used
// for subsequent launches. The reserved snapshots are automatically replenished as
// they are used, depending on your settings for launch frequency. To change these
// settings, you must own the AMI.
EnableFastLaunch(ctx context.Context, params *EnableFastLaunchInput, optFns ...func(*Options)) (*EnableFastLaunchOutput, error)
// Enables fast snapshot restores for the specified snapshots in the specified
// Availability Zones. You get the full benefit of fast snapshot restores after
// they enter the enabled state. To get the current state of fast snapshot
// restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores,
// use DisableFastSnapshotRestores. For more information, see Amazon EBS fast
// snapshot restore
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-fast-snapshot-restore.html)
// in the Amazon Elastic Compute Cloud User Guide.
EnableFastSnapshotRestores(ctx context.Context, params *EnableFastSnapshotRestoresInput, optFns ...func(*Options)) (*EnableFastSnapshotRestoresOutput, error)
// Enables deprecation of the specified AMI at the specified date and time. For
// more information, see Deprecate an AMI
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) in the
// Amazon Elastic Compute Cloud User Guide.
EnableImageDeprecation(ctx context.Context, params *EnableImageDeprecationInput, optFns ...func(*Options)) (*EnableImageDeprecationOutput, error)
// Enable an Organizations member account as the IPAM admin account. You cannot
// select the Organizations management account as the IPAM admin account. For more
// information, see Enable integration with Organizations in the Amazon VPC IPAM
// User Guide.
EnableIpamOrganizationAdminAccount(ctx context.Context, params *EnableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*EnableIpamOrganizationAdminAccountOutput, error)
// Enables access to the EC2 serial console of all instances for your account. By
// default, access to the EC2 serial console is disabled for your account. For more
// information, see Manage account access to the EC2 serial console
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
// in the Amazon EC2 User Guide.
EnableSerialConsoleAccess(ctx context.Context, params *EnableSerialConsoleAccessInput, optFns ...func(*Options)) (*EnableSerialConsoleAccessOutput, error)
// Enables the specified attachment to propagate routes to the specified
// propagation route table.
EnableTransitGatewayRouteTablePropagation(ctx context.Context, params *EnableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*EnableTransitGatewayRouteTablePropagationOutput, error)
// Enables a virtual private gateway (VGW) to propagate routes to the specified
// route table of a VPC.
EnableVgwRoutePropagation(ctx context.Context, params *EnableVgwRoutePropagationInput, optFns ...func(*Options)) (*EnableVgwRoutePropagationOutput, error)
// Enables I/O operations for a volume that had I/O operations disabled because the
// data on the volume was potentially inconsistent.
EnableVolumeIO(ctx context.Context, params *EnableVolumeIOInput, optFns ...func(*Options)) (*EnableVolumeIOOutput, error)
// Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your
// ClassicLink-enabled VPC to allow communication over private IP addresses. You
// cannot enable your VPC for ClassicLink if any of your VPC route tables have
// existing routes for address ranges within the 10.0.0.0/8 IP address range,
// excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address
// ranges. For more information, see ClassicLink
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
// the Amazon Elastic Compute Cloud User Guide.
EnableVpcClassicLink(ctx context.Context, params *EnableVpcClassicLinkInput, optFns ...func(*Options)) (*EnableVpcClassicLinkOutput, error)
// Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled,
// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
// address when addressed from an instance in the VPC to which it's linked.
// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
// address when addressed from a linked EC2-Classic instance. For more information,
// see ClassicLink
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) in
// the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the
// request.
EnableVpcClassicLinkDnsSupport(ctx context.Context, params *EnableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*EnableVpcClassicLinkDnsSupportOutput, error)
// Downloads the client certificate revocation list for the specified Client VPN
// endpoint.
ExportClientVpnClientCertificateRevocationList(ctx context.Context, params *ExportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ExportClientVpnClientCertificateRevocationListOutput, error)
// Downloads the contents of the Client VPN endpoint configuration file for the
// specified Client VPN endpoint. The Client VPN endpoint configuration file
// includes the Client VPN endpoint and certificate information clients need to
// establish a connection with the Client VPN endpoint.
ExportClientVpnClientConfiguration(ctx context.Context, params *ExportClientVpnClientConfigurationInput, optFns ...func(*Options)) (*ExportClientVpnClientConfigurationOutput, error)
// Exports an Amazon Machine Image (AMI) to a VM file. For more information, see
// Exporting a VM directly from an Amazon Machine Image (AMI)
// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport_image.html) in
// the VM Import/Export User Guide.
ExportImage(ctx context.Context, params *ExportImageInput, optFns ...func(*Options)) (*ExportImageOutput, error)
// Exports routes from the specified transit gateway route table to the specified
// S3 bucket. By default, all routes are exported. Alternatively, you can filter by
// CIDR range. The routes are saved to the specified bucket in a JSON file. For
// more information, see Export Route Tables to Amazon S3
// (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html#tgw-export-route-tables)
// in Transit Gateways.
ExportTransitGatewayRoutes(ctx context.Context, params *ExportTransitGatewayRoutesInput, optFns ...func(*Options)) (*ExportTransitGatewayRoutesOutput, error)
// Returns the IAM roles that are associated with the specified ACM (ACM)
// certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3
// object key where the certificate, certificate chain, and encrypted private key
// bundle are stored, and the ARN of the KMS key that's used to encrypt the private
// key.
GetAssociatedEnclaveCertificateIamRoles(ctx context.Context, params *GetAssociatedEnclaveCertificateIamRolesInput, optFns ...func(*Options)) (*GetAssociatedEnclaveCertificateIamRolesOutput, error)
// Gets information about the IPv6 CIDR block associations for a specified IPv6
// address pool.
GetAssociatedIpv6PoolCidrs(ctx context.Context, params *GetAssociatedIpv6PoolCidrsInput, optFns ...func(*Options)) (*GetAssociatedIpv6PoolCidrsOutput, error)
// Gets usage information about a Capacity Reservation. If the Capacity Reservation
// is shared, it shows usage information for the Capacity Reservation owner and
// each Amazon Web Services account that is currently using the shared capacity. If
// the Capacity Reservation is not shared, it shows only the Capacity Reservation
// owner's usage.
GetCapacityReservationUsage(ctx context.Context, params *GetCapacityReservationUsageInput, optFns ...func(*Options)) (*GetCapacityReservationUsageOutput, error)
// Describes the allocations from the specified customer-owned address pool.
GetCoipPoolUsage(ctx context.Context, params *GetCoipPoolUsageInput, optFns ...func(*Options)) (*GetCoipPoolUsageOutput, error)
// Gets the console output for the specified instance. For Linux instances, the
// instance console output displays the exact console output that would normally be
// displayed on a physical monitor attached to a computer. For Windows instances,
// the instance console output includes the last three system event log errors. By
// default, the console output returns buffered information that was posted shortly
// after an instance transition state (start, stop, reboot, or terminate). This
// information is available for at least one hour after the most recent post. Only
// the most recent 64 KB of console output is available. You can optionally
// retrieve the latest serial console output at any time during the instance
// lifecycle. This option is supported on instance types that use the Nitro
// hypervisor. For more information, see Instance console output
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html#instance-console-console-output)
// in the Amazon EC2 User Guide.
GetConsoleOutput(ctx context.Context, params *GetConsoleOutputInput, optFns ...func(*Options)) (*GetConsoleOutputOutput, error)
// Retrieve a JPG-format screenshot of a running instance to help with
// troubleshooting. The returned content is Base64-encoded.
GetConsoleScreenshot(ctx context.Context, params *GetConsoleScreenshotInput, optFns ...func(*Options)) (*GetConsoleScreenshotOutput, error)
// Describes the default credit option for CPU usage of a burstable performance
// instance family. For more information, see Burstable performance instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
// in the Amazon EC2 User Guide.
GetDefaultCreditSpecification(ctx context.Context, params *GetDefaultCreditSpecificationInput, optFns ...func(*Options)) (*GetDefaultCreditSpecificationOutput, error)
// Describes the default KMS key for EBS encryption by default for your account in
// this Region. You can change the default KMS key for encryption by default using
// ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. For more information, see
// Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
GetEbsDefaultKmsKeyId(ctx context.Context, params *GetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*GetEbsDefaultKmsKeyIdOutput, error)
// Describes whether EBS encryption by default is enabled for your account in the
// current Region. For more information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
GetEbsEncryptionByDefault(ctx context.Context, params *GetEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*GetEbsEncryptionByDefaultOutput, error)
// Generates a CloudFormation template that streamlines and automates the
// integration of VPC flow logs with Amazon Athena. This make it easier for you to
// query and gain insights from VPC flow logs data. Based on the information that
// you provide, we configure resources in the template to do the following:
//
// *
// Create a table in Athena that maps fields to a custom log format
//
// * Create a
// Lambda function that updates the table with new partitions on a daily, weekly,
// or monthly basis
//
// * Create a table partitioned between two timestamps in the
// past
//
// * Create a set of named queries in Athena that you can use to get started
// quickly
GetFlowLogsIntegrationTemplate(ctx context.Context, params *GetFlowLogsIntegrationTemplateInput, optFns ...func(*Options)) (*GetFlowLogsIntegrationTemplateOutput, error)
// Lists the resource groups to which a Capacity Reservation has been added.
GetGroupsForCapacityReservation(ctx context.Context, params *GetGroupsForCapacityReservationInput, optFns ...func(*Options)) (*GetGroupsForCapacityReservationOutput, error)
// Preview a reservation purchase with configurations that match those of your
// Dedicated Host. You must have active Dedicated Hosts in your account before you
// purchase a reservation. This is a preview of the PurchaseHostReservation action
// and does not result in the offering being purchased.
GetHostReservationPurchasePreview(ctx context.Context, params *GetHostReservationPurchasePreviewInput, optFns ...func(*Options)) (*GetHostReservationPurchasePreviewOutput, error)
// Returns a list of instance types with the specified instance attributes. You can
// use the response to preview the instance types without launching instances. Note
// that the response does not consider capacity. When you specify multiple
// parameters, you get instance types that satisfy all of the specified parameters.
// If you specify multiple values for a parameter, you get instance types that
// satisfy any of the specified values. For more information, see Preview instance
// types with specified attributes
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html#spotfleet-get-instance-types-from-instance-requirements),
// Attribute-based instance type selection for EC2 Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html),
// Attribute-based instance type selection for Spot Fleet
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html),
// and Spot placement score
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html)
// in the Amazon EC2 User Guide, and Creating an Auto Scaling group using
// attribute-based instance type selection
// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-instance-type-requirements.html)
// in the Amazon EC2 Auto Scaling User Guide.
GetInstanceTypesFromInstanceRequirements(ctx context.Context, params *GetInstanceTypesFromInstanceRequirementsInput, optFns ...func(*Options)) (*GetInstanceTypesFromInstanceRequirementsOutput, error)
// Retrieve historical information about a CIDR within an IPAM scope. For more
// information, see View the history of IP addresses in the Amazon VPC IPAM User
// Guide.
GetIpamAddressHistory(ctx context.Context, params *GetIpamAddressHistoryInput, optFns ...func(*Options)) (*GetIpamAddressHistoryOutput, error)
// Get a list of all the CIDR allocations in an IPAM pool.
GetIpamPoolAllocations(ctx context.Context, params *GetIpamPoolAllocationsInput, optFns ...func(*Options)) (*GetIpamPoolAllocationsOutput, error)
// Get the CIDRs provisioned to an IPAM pool.
GetIpamPoolCidrs(ctx context.Context, params *GetIpamPoolCidrsInput, optFns ...func(*Options)) (*GetIpamPoolCidrsOutput, error)
// Get information about the resources in a scope.
GetIpamResourceCidrs(ctx context.Context, params *GetIpamResourceCidrsInput, optFns ...func(*Options)) (*GetIpamResourceCidrsOutput, error)
// Retrieves the configuration data of the specified instance. You can use this
// data to create a launch template. This action calls on other describe actions to
// get instance information. Depending on your instance configuration, you may need
// to allow the following actions in your IAM policy: DescribeSpotInstanceRequests,
// DescribeInstanceCreditSpecifications, DescribeVolumes,
// DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe*
// depending on your instance requirements.
GetLaunchTemplateData(ctx context.Context, params *GetLaunchTemplateDataInput, optFns ...func(*Options)) (*GetLaunchTemplateDataOutput, error)
// Gets information about the resources that are associated with the specified
// managed prefix list.
GetManagedPrefixListAssociations(ctx context.Context, params *GetManagedPrefixListAssociationsInput, optFns ...func(*Options)) (*GetManagedPrefixListAssociationsOutput, error)
// Gets information about the entries for a specified managed prefix list.
GetManagedPrefixListEntries(ctx context.Context, params *GetManagedPrefixListEntriesInput, optFns ...func(*Options)) (*GetManagedPrefixListEntriesOutput, error)
// Gets the findings for the specified Network Access Scope analysis.
GetNetworkInsightsAccessScopeAnalysisFindings(ctx context.Context, params *GetNetworkInsightsAccessScopeAnalysisFindingsInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, error)
// Gets the content for the specified Network Access Scope.
GetNetworkInsightsAccessScopeContent(ctx context.Context, params *GetNetworkInsightsAccessScopeContentInput, optFns ...func(*Options)) (*GetNetworkInsightsAccessScopeContentOutput, error)
// Retrieves the encrypted administrator password for a running Windows instance.
// The Windows password is generated at boot by the EC2Config service or EC2Launch
// scripts (Windows Server 2016 and later). This usually only happens the first
// time an instance is launched. For more information, see EC2Config
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_WinAMI.html)
// and EC2Launch
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html) in the
// Amazon EC2 User Guide. For the EC2Config service, the password is not generated
// for rebundled AMIs unless Ec2SetPassword is enabled before bundling. The
// password is encrypted using the key pair that you specified when you launched
// the instance. You must provide the corresponding key pair file. When you launch
// an instance, password generation and encryption may take a few minutes. If you
// try to retrieve the password before it's available, the output returns an empty
// string. We recommend that you wait up to 15 minutes after launching an instance
// before trying to retrieve the generated password.
GetPasswordData(ctx context.Context, params *GetPasswordDataInput, optFns ...func(*Options)) (*GetPasswordDataOutput, error)
// Returns a quote and exchange information for exchanging one or more specified
// Convertible Reserved Instances for a new Convertible Reserved Instance. If the
// exchange cannot be performed, the reason is returned in the response. Use
// AcceptReservedInstancesExchangeQuote to perform the exchange.
GetReservedInstancesExchangeQuote(ctx context.Context, params *GetReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*GetReservedInstancesExchangeQuoteOutput, error)
// Retrieves the access status of your account to the EC2 serial console of all
// instances. By default, access to the EC2 serial console is disabled for your
// account. For more information, see Manage account access to the EC2 serial
// console
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access)
// in the Amazon EC2 User Guide.
GetSerialConsoleAccessStatus(ctx context.Context, params *GetSerialConsoleAccessStatusInput, optFns ...func(*Options)) (*GetSerialConsoleAccessStatusOutput, error)
// Calculates the Spot placement score for a Region or Availability Zone based on
// the specified target capacity and compute requirements. You can specify your
// compute requirements either by using InstanceRequirementsWithMetadata and
// letting Amazon EC2 choose the optimal instance types to fulfill your Spot
// request, or you can specify the instance types by using InstanceTypes. For more
// information, see Spot placement score
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html)
// in the Amazon EC2 User Guide.
GetSpotPlacementScores(ctx context.Context, params *GetSpotPlacementScoresInput, optFns ...func(*Options)) (*GetSpotPlacementScoresOutput, error)
// Gets information about the subnet CIDR reservations.
GetSubnetCidrReservations(ctx context.Context, params *GetSubnetCidrReservationsInput, optFns ...func(*Options)) (*GetSubnetCidrReservationsOutput, error)
// Lists the route tables to which the specified resource attachment propagates
// routes.
GetTransitGatewayAttachmentPropagations(ctx context.Context, params *GetTransitGatewayAttachmentPropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayAttachmentPropagationsOutput, error)
// Gets information about the associations for the transit gateway multicast
// domain.
GetTransitGatewayMulticastDomainAssociations(ctx context.Context, params *GetTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayMulticastDomainAssociationsOutput, error)
// Gets information about the prefix list references in a specified transit gateway
// route table.
GetTransitGatewayPrefixListReferences(ctx context.Context, params *GetTransitGatewayPrefixListReferencesInput, optFns ...func(*Options)) (*GetTransitGatewayPrefixListReferencesOutput, error)
// Gets information about the associations for the specified transit gateway route
// table.
GetTransitGatewayRouteTableAssociations(ctx context.Context, params *GetTransitGatewayRouteTableAssociationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTableAssociationsOutput, error)
// Gets information about the route table propagations for the specified transit
// gateway route table.
GetTransitGatewayRouteTablePropagations(ctx context.Context, params *GetTransitGatewayRouteTablePropagationsInput, optFns ...func(*Options)) (*GetTransitGatewayRouteTablePropagationsOutput, error)
// Download an Amazon Web Services-provided sample configuration file to be used
// with the customer gateway device specified for your Site-to-Site VPN connection.
GetVpnConnectionDeviceSampleConfiguration(ctx context.Context, params *GetVpnConnectionDeviceSampleConfigurationInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceSampleConfigurationOutput, error)
// Obtain a list of customer gateway devices for which sample configuration files
// can be provided. The request has no additional parameters. You can also see the
// list of device types with sample configuration files available under Your
// customer gateway device
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html) in the Amazon Web
// Services Site-to-Site VPN User Guide.
GetVpnConnectionDeviceTypes(ctx context.Context, params *GetVpnConnectionDeviceTypesInput, optFns ...func(*Options)) (*GetVpnConnectionDeviceTypesOutput, error)
// Uploads a client certificate revocation list to the specified Client VPN
// endpoint. Uploading a client certificate revocation list overwrites the existing
// client certificate revocation list. Uploading a client certificate revocation
// list resets existing client connections.
ImportClientVpnClientCertificateRevocationList(ctx context.Context, params *ImportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ImportClientVpnClientCertificateRevocationListOutput, error)
// Import single or multi-volume disk images or EBS snapshots into an Amazon
// Machine Image (AMI). For more information, see Importing a VM as an image using
// VM Import/Export
// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html)
// in the VM Import/Export User Guide.
ImportImage(ctx context.Context, params *ImportImageInput, optFns ...func(*Options)) (*ImportImageOutput, error)
// Creates an import instance task using metadata from the specified disk image.
// This API action supports only single-volume VMs. To import multi-volume VMs, use
// ImportImage instead. This API action is not supported by the Command Line
// Interface (CLI). For information about using the Amazon EC2 CLI, which is
// deprecated, see Importing a VM to Amazon EC2
// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2)
// in the Amazon EC2 CLI Reference PDF file. For information about the import
// manifest referenced by this API action, see VM Import Manifest
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
ImportInstance(ctx context.Context, params *ImportInstanceInput, optFns ...func(*Options)) (*ImportInstanceOutput, error)
// Imports the public key from an RSA or ED25519 key pair that you created with a
// third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services
// creates the key pair and gives the keys to you (Amazon Web Services keeps a copy
// of the public key). With ImportKeyPair, you create the key pair and give Amazon
// Web Services just the public key. The private key is never transferred between
// you and Amazon Web Services. For more information about key pairs, see Amazon
// EC2 key pairs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the
// Amazon Elastic Compute Cloud User Guide.
ImportKeyPair(ctx context.Context, params *ImportKeyPairInput, optFns ...func(*Options)) (*ImportKeyPairOutput, error)
// Imports a disk into an EBS snapshot. For more information, see Importing a disk
// as a snapshot using VM Import/Export
// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-import-snapshot.html)
// in the VM Import/Export User Guide.
ImportSnapshot(ctx context.Context, params *ImportSnapshotInput, optFns ...func(*Options)) (*ImportSnapshotOutput, error)
// Creates an import volume task using metadata from the specified disk image. This
// API action supports only single-volume VMs. To import multi-volume VMs, use
// ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.
// This API action is not supported by the Command Line Interface (CLI). For
// information about using the Amazon EC2 CLI, which is deprecated, see Importing
// Disks to Amazon EBS
// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#importing-your-volumes-into-amazon-ebs)
// in the Amazon EC2 CLI Reference PDF file. For information about the import
// manifest referenced by this API action, see VM Import Manifest
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html).
ImportVolume(ctx context.Context, params *ImportVolumeInput, optFns ...func(*Options)) (*ImportVolumeOutput, error)
// Lists one or more AMIs that are currently in the Recycle Bin. For more
// information, see Recycle Bin
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
// Amazon Elastic Compute Cloud User Guide.
ListImagesInRecycleBin(ctx context.Context, params *ListImagesInRecycleBinInput, optFns ...func(*Options)) (*ListImagesInRecycleBinOutput, error)
// Lists one or more snapshots that are currently in the Recycle Bin.
ListSnapshotsInRecycleBin(ctx context.Context, params *ListSnapshotsInRecycleBinInput, optFns ...func(*Options)) (*ListSnapshotsInRecycleBinOutput, error)
// Modifies an attribute of the specified Elastic IP address. For requirements, see
// Using reverse DNS for email applications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
ModifyAddressAttribute(ctx context.Context, params *ModifyAddressAttributeInput, optFns ...func(*Options)) (*ModifyAddressAttributeOutput, error)
// Changes the opt-in status of the Local Zone and Wavelength Zone group for your
// account. Use DescribeAvailabilityZones
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html)
// to view the value for GroupName.
ModifyAvailabilityZoneGroup(ctx context.Context, params *ModifyAvailabilityZoneGroupInput, optFns ...func(*Options)) (*ModifyAvailabilityZoneGroupOutput, error)
// Modifies a Capacity Reservation's capacity and the conditions under which it is
// to be released. You cannot change a Capacity Reservation's instance type, EBS
// optimization, instance store settings, platform, Availability Zone, or instance
// eligibility. If you need to modify any of these attributes, we recommend that
// you cancel the Capacity Reservation, and then create a new one with the required
// attributes.
ModifyCapacityReservation(ctx context.Context, params *ModifyCapacityReservationInput, optFns ...func(*Options)) (*ModifyCapacityReservationOutput, error)
// Modifies a Capacity Reservation Fleet. When you modify the total target capacity
// of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity
// Reservations, or modifies or cancels existing Capacity Reservations in the Fleet
// to meet the new total target capacity. When you modify the end date for the
// Fleet, the end dates for all of the individual Capacity Reservations in the
// Fleet are updated accordingly.
ModifyCapacityReservationFleet(ctx context.Context, params *ModifyCapacityReservationFleetInput, optFns ...func(*Options)) (*ModifyCapacityReservationFleetOutput, error)
// Modifies the specified Client VPN endpoint. Modifying the DNS server resets
// existing client connections.
ModifyClientVpnEndpoint(ctx context.Context, params *ModifyClientVpnEndpointInput, optFns ...func(*Options)) (*ModifyClientVpnEndpointOutput, error)
// Modifies the default credit option for CPU usage of burstable performance
// instances. The default credit option is set at the account level per Amazon Web
// Services Region, and is specified per instance family. All new burstable
// performance instances in the account launch using the default credit option.
// ModifyDefaultCreditSpecification is an asynchronous operation, which works at an
// Amazon Web Services Region level and modifies the credit option for each
// Availability Zone. All zones in a Region are updated within five minutes. But if
// instances are launched during this operation, they might not get the new credit
// option until the zone is updated. To verify whether the update has occurred, you
// can call GetDefaultCreditSpecification and check DefaultCreditSpecification for
// updates. For more information, see Burstable performance instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
// in the Amazon EC2 User Guide.
ModifyDefaultCreditSpecification(ctx context.Context, params *ModifyDefaultCreditSpecificationInput, optFns ...func(*Options)) (*ModifyDefaultCreditSpecificationOutput, error)
// Changes the default KMS key for EBS encryption by default for your account in
// this Region. Amazon Web Services creates a unique Amazon Web Services managed
// KMS key in each Region for use with encryption by default. If you change the
// default KMS key to a symmetric customer managed KMS key, it is used instead of
// the Amazon Web Services managed KMS key. To reset the default KMS key to the
// Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon
// EBS does not support asymmetric KMS keys. If you delete or disable the customer
// managed KMS key that you specified for use with encryption by default, your
// instances will fail to launch. For more information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
ModifyEbsDefaultKmsKeyId(ctx context.Context, params *ModifyEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ModifyEbsDefaultKmsKeyIdOutput, error)
// Modifies the specified EC2 Fleet. You can only modify an EC2 Fleet request of
// type maintain. While the EC2 Fleet is being modified, it is in the modifying
// state. To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet
// launches the additional Spot Instances according to the allocation strategy for
// the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet
// launches instances using the Spot Instance pool with the lowest price. If the
// allocation strategy is diversified, the EC2 Fleet distributes the instances
// across the Spot Instance pools. If the allocation strategy is
// capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with
// optimal capacity for the number of instances that are launching. To scale down
// your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any
// open requests that exceed the new target capacity. You can request that the EC2
// Fleet terminate Spot Instances until the size of the fleet no longer exceeds the
// new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet
// terminates the instances with the highest price per unit. If the allocation
// strategy is capacity-optimized, the EC2 Fleet terminates the instances in the
// Spot Instance pools that have the least available Spot Instance capacity. If the
// allocation strategy is diversified, the EC2 Fleet terminates instances across
// the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep
// the fleet at its current size, but not replace any Spot Instances that are
// interrupted or that you terminate manually. If you are finished with your EC2
// Fleet for now, but will use it again later, you can set the target capacity to
// 0.
ModifyFleet(ctx context.Context, params *ModifyFleetInput, optFns ...func(*Options)) (*ModifyFleetOutput, error)
// Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
ModifyFpgaImageAttribute(ctx context.Context, params *ModifyFpgaImageAttributeInput, optFns ...func(*Options)) (*ModifyFpgaImageAttributeOutput, error)
// Modify the auto-placement setting of a Dedicated Host. When auto-placement is
// enabled, any instances that you launch with a tenancy of host but without a
// specific host ID are placed onto any available Dedicated Host in your account
// that has auto-placement enabled. When auto-placement is disabled, you need to
// provide a host ID to have the instance launch onto a specific host. If no host
// ID is provided, the instance is launched onto a suitable host with
// auto-placement enabled. You can also use this API action to modify a Dedicated
// Host to support either multiple instance types in an instance family, or to
// support a specific instance type only.
ModifyHosts(ctx context.Context, params *ModifyHostsInput, optFns ...func(*Options)) (*ModifyHostsOutput, error)
// Modifies the ID format for the specified resource on a per-Region basis. You can
// specify that resources should receive longer IDs (17-character IDs) when they
// are created. This request can only be used to modify longer ID settings for
// resource types that are within the opt-in period. Resources currently in their
// opt-in period include: bundle | conversion-task | customer-gateway |
// dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task |
// flow-log | image | import-task | internet-gateway | network-acl |
// network-acl-association | network-interface | network-interface-attachment |
// prefix-list | route-table | route-table-association | security-group | subnet |
// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
// | vpc-peering-connection | vpn-connection | vpn-gateway. This setting applies to
// the IAM user who makes the request; it does not apply to the entire Amazon Web
// Services account. By default, an IAM user defaults to the same settings as the
// root user. If you're using this action as the root user, then these settings
// apply to the entire account, unless an IAM user explicitly overrides these
// settings for themselves. For more information, see Resource IDs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
// Amazon Elastic Compute Cloud User Guide. Resources created with longer IDs are
// visible to all IAM roles and users, regardless of these settings and provided
// that they have permission to use the relevant Describe command for the resource
// type.
ModifyIdFormat(ctx context.Context, params *ModifyIdFormatInput, optFns ...func(*Options)) (*ModifyIdFormatOutput, error)
// Modifies the ID format of a resource for a specified IAM user, IAM role, or the
// root user for an account; or all IAM users, IAM roles, and the root user for an
// account. You can specify that resources should receive longer IDs (17-character
// IDs) when they are created. This request can only be used to modify longer ID
// settings for resource types that are within the opt-in period. Resources
// currently in their opt-in period include: bundle | conversion-task |
// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
// | export-task | flow-log | image | import-task | internet-gateway | network-acl
// | network-acl-association | network-interface | network-interface-attachment |
// prefix-list | route-table | route-table-association | security-group | subnet |
// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
// | vpc-peering-connection | vpn-connection | vpn-gateway. For more information,
// see Resource IDs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) in the
// Amazon Elastic Compute Cloud User Guide. This setting applies to the principal
// specified in the request; it does not apply to the principal that makes the
// request. Resources created with longer IDs are visible to all IAM roles and
// users, regardless of these settings and provided that they have permission to
// use the relevant Describe command for the resource type.
ModifyIdentityIdFormat(ctx context.Context, params *ModifyIdentityIdFormatInput, optFns ...func(*Options)) (*ModifyIdentityIdFormatOutput, error)
// Modifies the specified attribute of the specified AMI. You can specify only one
// attribute at a time. You can use the Attribute parameter to specify the
// attribute or one of the following parameters: Description or LaunchPermission.
// Images with an Amazon Web Services Marketplace product code cannot be made
// public. To enable the SriovNetSupport enhanced networking attribute of an image,
// enable SriovNetSupport on an instance and create an AMI from the instance.
ModifyImageAttribute(ctx context.Context, params *ModifyImageAttributeInput, optFns ...func(*Options)) (*ModifyImageAttributeOutput, error)
// Modifies the specified attribute of the specified instance. You can specify only
// one attribute at a time. Note: Using this action to change the security groups
// associated with an elastic network interface (ENI) attached to an instance in a
// VPC can result in an error if the instance has more than one ENI. To change the
// security groups associated with an ENI attached to an instance that has multiple
// ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action. To
// modify some attributes, the instance must be stopped. For more information, see
// Modify a stopped instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html)
// in the Amazon EC2 User Guide.
ModifyInstanceAttribute(ctx context.Context, params *ModifyInstanceAttributeInput, optFns ...func(*Options)) (*ModifyInstanceAttributeOutput, error)
// Modifies the Capacity Reservation settings for a stopped instance. Use this
// action to configure an instance to target a specific Capacity Reservation, run
// in any open Capacity Reservation with matching attributes, or run On-Demand
// Instance capacity.
ModifyInstanceCapacityReservationAttributes(ctx context.Context, params *ModifyInstanceCapacityReservationAttributesInput, optFns ...func(*Options)) (*ModifyInstanceCapacityReservationAttributesOutput, error)
// Modifies the credit option for CPU usage on a running or stopped burstable
// performance instance. The credit options are standard and unlimited. For more
// information, see Burstable performance instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html)
// in the Amazon EC2 User Guide.
ModifyInstanceCreditSpecification(ctx context.Context, params *ModifyInstanceCreditSpecificationInput, optFns ...func(*Options)) (*ModifyInstanceCreditSpecificationOutput, error)
// Modifies the start time for a scheduled Amazon EC2 instance event.
ModifyInstanceEventStartTime(ctx context.Context, params *ModifyInstanceEventStartTimeInput, optFns ...func(*Options)) (*ModifyInstanceEventStartTimeOutput, error)
// Modifies the specified event window. You can define either a set of time ranges
// or a cron expression when modifying the event window, but not both. To modify
// the targets associated with the event window, use the
// AssociateInstanceEventWindow and DisassociateInstanceEventWindow API. If Amazon
// Web Services has already scheduled an event, modifying an event window won't
// change the time of the scheduled event. For more information, see Define event
// windows for scheduled events
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) in the
// Amazon EC2 User Guide.
ModifyInstanceEventWindow(ctx context.Context, params *ModifyInstanceEventWindowInput, optFns ...func(*Options)) (*ModifyInstanceEventWindowOutput, error)
// Modifies the recovery behavior of your instance to disable simplified automatic
// recovery or set the recovery behavior to default. The default configuration will
// not enable simplified automatic recovery for an unsupported instance type. For
// more information, see Simplified automatic recovery
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery).
ModifyInstanceMaintenanceOptions(ctx context.Context, params *ModifyInstanceMaintenanceOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMaintenanceOptionsOutput, error)
// Modify the instance metadata parameters on a running or stopped instance. When
// you modify the parameters on a stopped instance, they are applied when the
// instance is started. When you modify the parameters on a running instance, the
// API responds with a state of “pending”. After the parameter modifications are
// successfully applied to the instance, the state of the modifications changes
// from “pending” to “applied” in subsequent describe-instances API calls. For more
// information, see Instance metadata and user data
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
// in the Amazon EC2 User Guide.
ModifyInstanceMetadataOptions(ctx context.Context, params *ModifyInstanceMetadataOptionsInput, optFns ...func(*Options)) (*ModifyInstanceMetadataOptionsOutput, error)
// Modifies the placement attributes for a specified instance. You can do the
// following:
//
// * Modify the affinity between an instance and a Dedicated Host
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html).
// When affinity is set to host and the instance is not associated with a specific
// Dedicated Host, the next time the instance is launched, it is automatically
// associated with the host on which it lands. If the instance is restarted or
// rebooted, this relationship persists.
//
// * Change the Dedicated Host with which an
// instance is associated.
//
// * Change the instance tenancy of an instance.
//
// * Move
// an instance to or from a placement group
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html).
//
// At
// least one attribute for affinity, host ID, tenancy, or placement group name must
// be specified in the request. Affinity and tenancy can be modified in the same
// request. To modify the host ID, tenancy, placement group, or partition for an
// instance, the instance must be in the stopped state.
ModifyInstancePlacement(ctx context.Context, params *ModifyInstancePlacementInput, optFns ...func(*Options)) (*ModifyInstancePlacementOutput, error)
// Modify the configurations of an IPAM.
ModifyIpam(ctx context.Context, params *ModifyIpamInput, optFns ...func(*Options)) (*ModifyIpamOutput, error)
// Modify the configurations of an IPAM pool. For more information, see Modify a
// pool in the Amazon VPC IPAM User Guide.
ModifyIpamPool(ctx context.Context, params *ModifyIpamPoolInput, optFns ...func(*Options)) (*ModifyIpamPoolOutput, error)
// Modify a resource CIDR. You can use this action to transfer resource CIDRs
// between scopes and ignore resource CIDRs that you do not want to manage. If set
// to false, the resource will not be tracked for overlap, it cannot be
// auto-imported into a pool, and it will be removed from any pool it has an
// allocation in. For more information, see Move resource CIDRs between scopes and
// Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.
ModifyIpamResourceCidr(ctx context.Context, params *ModifyIpamResourceCidrInput, optFns ...func(*Options)) (*ModifyIpamResourceCidrOutput, error)
// Modify an IPAM scope.
ModifyIpamScope(ctx context.Context, params *ModifyIpamScopeInput, optFns ...func(*Options)) (*ModifyIpamScopeOutput, error)
// Modifies a launch template. You can specify which version of the launch template
// to set as the default version. When launching an instance, the default version
// applies when a launch template version is not specified.
ModifyLaunchTemplate(ctx context.Context, params *ModifyLaunchTemplateInput, optFns ...func(*Options)) (*ModifyLaunchTemplateOutput, error)
// Modifies the specified managed prefix list. Adding or removing entries in a
// prefix list creates a new version of the prefix list. Changing the name of the
// prefix list does not affect the version. If you specify a current version number
// that does not match the true current version number, the request fails.
ModifyManagedPrefixList(ctx context.Context, params *ModifyManagedPrefixListInput, optFns ...func(*Options)) (*ModifyManagedPrefixListOutput, error)
// Modifies the specified network interface attribute. You can specify only one
// attribute at a time. You can use this action to attach and detach security
// groups from an existing EC2 instance.
ModifyNetworkInterfaceAttribute(ctx context.Context, params *ModifyNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ModifyNetworkInterfaceAttributeOutput, error)
// Modifies the options for instance hostnames for the specified instance.
ModifyPrivateDnsNameOptions(ctx context.Context, params *ModifyPrivateDnsNameOptionsInput, optFns ...func(*Options)) (*ModifyPrivateDnsNameOptionsOutput, error)
// Modifies the Availability Zone, instance count, instance type, or network
// platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved
// Instances to be modified must be identical, except for Availability Zone,
// network platform, and instance type. For more information, see Modifying
// Reserved Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) in the
// Amazon EC2 User Guide.
ModifyReservedInstances(ctx context.Context, params *ModifyReservedInstancesInput, optFns ...func(*Options)) (*ModifyReservedInstancesOutput, error)
// Modifies the rules of a security group.
ModifySecurityGroupRules(ctx context.Context, params *ModifySecurityGroupRulesInput, optFns ...func(*Options)) (*ModifySecurityGroupRulesOutput, error)
// Adds or removes permission settings for the specified snapshot. You may add or
// remove specified Amazon Web Services account IDs from a snapshot's list of
// create volume permissions, but you cannot do both in a single operation. If you
// need to both add and remove account IDs for a snapshot, you must use multiple
// operations. You can make up to 500 modifications to a snapshot in a single
// operation. Encrypted snapshots and snapshots with Amazon Web Services
// Marketplace product codes cannot be made public. Snapshots encrypted with your
// default KMS key cannot be shared with other accounts. For more information about
// modifying snapshot permissions, see Share a snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html)
// in the Amazon Elastic Compute Cloud User Guide.
ModifySnapshotAttribute(ctx context.Context, params *ModifySnapshotAttributeInput, optFns ...func(*Options)) (*ModifySnapshotAttributeOutput, error)
// Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to
// a full snapshot that includes all of the blocks of data that were written to the
// volume at the time the snapshot was created, and moved from the standard tier to
// the archive tier. For more information, see Archive Amazon EBS snapshots
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-archive.html) in
// the Amazon Elastic Compute Cloud User Guide.
ModifySnapshotTier(ctx context.Context, params *ModifySnapshotTierInput, optFns ...func(*Options)) (*ModifySnapshotTierOutput, error)
// Modifies the specified Spot Fleet request. You can only modify a Spot Fleet
// request of type maintain. While the Spot Fleet request is being modified, it is
// in the modifying state. To scale up your Spot Fleet, increase its target
// capacity. The Spot Fleet launches the additional Spot Instances according to the
// allocation strategy for the Spot Fleet request. If the allocation strategy is
// lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with
// the lowest price. If the allocation strategy is diversified, the Spot Fleet
// distributes the instances across the Spot Instance pools. If the allocation
// strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance
// pools with optimal capacity for the number of instances that are launching. To
// scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet
// cancels any open requests that exceed the new target capacity. You can request
// that the Spot Fleet terminate Spot Instances until the size of the fleet no
// longer exceeds the new target capacity. If the allocation strategy is
// lowestPrice, the Spot Fleet terminates the instances with the highest price per
// unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates
// the instances in the Spot Instance pools that have the least available Spot
// Instance capacity. If the allocation strategy is diversified, the Spot Fleet
// terminates instances across the Spot Instance pools. Alternatively, you can
// request that the Spot Fleet keep the fleet at its current size, but not replace
// any Spot Instances that are interrupted or that you terminate manually. If you
// are finished with your Spot Fleet for now, but will use it again later, you can
// set the target capacity to 0.
ModifySpotFleetRequest(ctx context.Context, params *ModifySpotFleetRequestInput, optFns ...func(*Options)) (*ModifySpotFleetRequestOutput, error)
// Modifies a subnet attribute. You can only modify one attribute at a time. Use
// this action to modify subnets on Amazon Web Services Outposts.
//
// * To modify a
// subnet on an Outpost rack, set both MapCustomerOwnedIpOnLaunch and
// CustomerOwnedIpv4Pool. These two parameters act as a single attribute.
//
// * To
// modify a subnet on an Outpost server, set either EnableLniAtDeviceIndex or
// DisableLniAtDeviceIndex.
//
// For more information about Amazon Web Services
// Outposts, see the following:
//
// * Outpost servers
// (https://docs.aws.amazon.com/outposts/latest/userguide/how-servers-work.html)
//
// *
// Outpost racks
// (https://docs.aws.amazon.com/outposts/latest/userguide/how-racks-work.html)
ModifySubnetAttribute(ctx context.Context, params *ModifySubnetAttributeInput, optFns ...func(*Options)) (*ModifySubnetAttributeOutput, error)
// Allows or restricts mirroring network services. By default, Amazon DNS network
// services are not eligible for Traffic Mirror. Use AddNetworkServices to add
// network services to a Traffic Mirror filter. When a network service is added to
// the Traffic Mirror filter, all traffic related to that network service will be
// mirrored. When you no longer want to mirror network services, use
// RemoveNetworkServices to remove the network services from the Traffic Mirror
// filter.
ModifyTrafficMirrorFilterNetworkServices(ctx context.Context, params *ModifyTrafficMirrorFilterNetworkServicesInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterNetworkServicesOutput, error)
// Modifies the specified Traffic Mirror rule. DestinationCidrBlock and
// SourceCidrBlock must both be an IPv4 range or an IPv6 range.
ModifyTrafficMirrorFilterRule(ctx context.Context, params *ModifyTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*ModifyTrafficMirrorFilterRuleOutput, error)
// Modifies a Traffic Mirror session.
ModifyTrafficMirrorSession(ctx context.Context, params *ModifyTrafficMirrorSessionInput, optFns ...func(*Options)) (*ModifyTrafficMirrorSessionOutput, error)
// Modifies the specified transit gateway. When you modify a transit gateway, the
// modified options are applied to new transit gateway attachments only. Your
// existing transit gateway attachments are not modified.
ModifyTransitGateway(ctx context.Context, params *ModifyTransitGatewayInput, optFns ...func(*Options)) (*ModifyTransitGatewayOutput, error)
// Modifies a reference (route) to a prefix list in a specified transit gateway
// route table.
ModifyTransitGatewayPrefixListReference(ctx context.Context, params *ModifyTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*ModifyTransitGatewayPrefixListReferenceOutput, error)
// Modifies the specified VPC attachment.
ModifyTransitGatewayVpcAttachment(ctx context.Context, params *ModifyTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ModifyTransitGatewayVpcAttachmentOutput, error)
// You can modify several parameters of an existing EBS volume, including volume
// size, volume type, and IOPS capacity. If your EBS volume is attached to a
// current-generation EC2 instance type, you might be able to apply these changes
// without stopping the instance or detaching the volume from it. For more
// information about modifying EBS volumes, see Amazon EBS Elastic Volumes
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modify-volume.html)
// (Linux instances) or Amazon EBS Elastic Volumes
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-modify-volume.html)
// (Windows instances). When you complete a resize operation on your volume, you
// need to extend the volume's file-system size to take advantage of the new
// storage capacity. For more information, see Extend a Linux file system
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#recognize-expanded-volume-linux)
// or Extend a Windows file system
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-expand-volume.html#recognize-expanded-volume-windows).
// You can use CloudWatch Events to check the status of a modification to an EBS
// volume. For information about CloudWatch Events, see the Amazon CloudWatch
// Events User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/).
// You can also track the status of a modification using
// DescribeVolumesModifications. For information about tracking status changes
// using either method, see Monitor the progress of volume modifications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html).
// With previous-generation instance types, resizing an EBS volume might require
// detaching and reattaching the volume or stopping and restarting the instance. If
// you reach the maximum volume modification rate per volume limit, you must wait
// at least six hours before applying further modifications to the affected EBS
// volume.
ModifyVolume(ctx context.Context, params *ModifyVolumeInput, optFns ...func(*Options)) (*ModifyVolumeOutput, error)
// Modifies a volume attribute. By default, all I/O operations for the volume are
// suspended when the data on the volume is determined to be potentially
// inconsistent, to prevent undetectable, latent data corruption. The I/O access to
// the volume can be resumed by first enabling I/O access and then checking the
// data consistency on your volume. You can change the default behavior to resume
// I/O operations. We recommend that you change this only for boot volumes or for
// volumes that are stateless or disposable.
ModifyVolumeAttribute(ctx context.Context, params *ModifyVolumeAttributeInput, optFns ...func(*Options)) (*ModifyVolumeAttributeOutput, error)
// Modifies the specified attribute of the specified VPC.
ModifyVpcAttribute(ctx context.Context, params *ModifyVpcAttributeInput, optFns ...func(*Options)) (*ModifyVpcAttributeOutput, error)
// Modifies attributes of a specified VPC endpoint. The attributes that you can
// modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load
// Balancer). For more information, see VPC Endpoints
// (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) in the
// Amazon Virtual Private Cloud User Guide.
ModifyVpcEndpoint(ctx context.Context, params *ModifyVpcEndpointInput, optFns ...func(*Options)) (*ModifyVpcEndpointOutput, error)
// Modifies a connection notification for VPC endpoint or VPC endpoint service. You
// can change the SNS topic for the notification, or the events for which to be
// notified.
ModifyVpcEndpointConnectionNotification(ctx context.Context, params *ModifyVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*ModifyVpcEndpointConnectionNotificationOutput, error)
// Modifies the attributes of your VPC endpoint service configuration. You can
// change the Network Load Balancers or Gateway Load Balancers for your service,
// and you can specify whether acceptance is required for requests to connect to
// your endpoint service through an interface VPC endpoint. If you set or modify
// the private DNS name, you must prove that you own the private DNS domain name.
// For more information, see VPC Endpoint Service Private DNS Name Verification
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html)
// in the Amazon Virtual Private Cloud User Guide.
ModifyVpcEndpointServiceConfiguration(ctx context.Context, params *ModifyVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*ModifyVpcEndpointServiceConfigurationOutput, error)
// Modifies the payer responsibility for your VPC endpoint service.
ModifyVpcEndpointServicePayerResponsibility(ctx context.Context, params *ModifyVpcEndpointServicePayerResponsibilityInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePayerResponsibilityOutput, error)
// Modifies the permissions for your VPC endpoint service
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html). You
// can add or remove permissions for service consumers (IAM users, IAM roles, and
// Amazon Web Services accounts) to connect to your endpoint service. If you grant
// permissions to all principals, the service is public. Any users who know the
// name of a public service can send a request to attach an endpoint. If the
// service does not require manual approval, attachments are automatically
// approved.
ModifyVpcEndpointServicePermissions(ctx context.Context, params *ModifyVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*ModifyVpcEndpointServicePermissionsOutput, error)
// Modifies the VPC peering connection options on one side of a VPC peering
// connection. You can do the following:
//
// * Enable/disable communication over the
// peering connection between an EC2-Classic instance that's linked to your VPC
// (using ClassicLink) and instances in the peer VPC.
//
// * Enable/disable
// communication over the peering connection between instances in your VPC and an
// EC2-Classic instance that's linked to the peer VPC.
//
// * Enable/disable the
// ability to resolve public DNS hostnames to private IP addresses when queried
// from instances in the peer VPC.
//
// If the peered VPCs are in the same Amazon Web
// Services account, you can enable DNS resolution for queries from the local VPC.
// This ensures that queries from the local VPC resolve to private IP addresses in
// the peer VPC. This option is not available if the peered VPCs are in different
// different Amazon Web Services accounts or different Regions. For peered VPCs in
// different Amazon Web Services accounts, each Amazon Web Services account owner
// must initiate a separate request to modify the peering connection options. For
// inter-region peering connections, you must use the Region for the requester VPC
// to modify the requester VPC peering options and the Region for the accepter VPC
// to modify the accepter VPC peering options. To verify which VPCs are the
// accepter and the requester for a VPC peering connection, use the
// DescribeVpcPeeringConnections command.
ModifyVpcPeeringConnectionOptions(ctx context.Context, params *ModifyVpcPeeringConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpcPeeringConnectionOptionsOutput, error)
// Modifies the instance tenancy attribute of the specified VPC. You can change the
// instance tenancy attribute of a VPC to default only. You cannot change the
// instance tenancy attribute to dedicated. After you modify the tenancy of the
// VPC, any new instances that you launch into the VPC have a tenancy of default,
// unless you specify otherwise during launch. The tenancy of any existing
// instances in the VPC is not affected. For more information, see Dedicated
// Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) in
// the Amazon Elastic Compute Cloud User Guide.
ModifyVpcTenancy(ctx context.Context, params *ModifyVpcTenancyInput, optFns ...func(*Options)) (*ModifyVpcTenancyOutput, error)
// Modifies the customer gateway or the target gateway of an Amazon Web Services
// Site-to-Site VPN connection. To modify the target gateway, the following
// migration options are available:
//
// * An existing virtual private gateway to a new
// virtual private gateway
//
// * An existing virtual private gateway to a transit
// gateway
//
// * An existing transit gateway to a new transit gateway
//
// * An existing
// transit gateway to a virtual private gateway
//
// Before you perform the migration
// to the new gateway, you must configure the new gateway. Use CreateVpnGateway to
// create a virtual private gateway, or CreateTransitGateway to create a transit
// gateway. This step is required when you migrate from a virtual private gateway
// with static routes to a transit gateway. You must delete the static routes
// before you migrate to the new gateway. Keep a copy of the static route before
// you delete it. You will need to add back these routes to the transit gateway
// after the VPN connection migration is complete. After you migrate to the new
// gateway, you might need to modify your VPC route table. Use CreateRoute and
// DeleteRoute to make the changes described in Update VPC route tables
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing)
// in the Amazon Web Services Site-to-Site VPN User Guide. When the new gateway is
// a transit gateway, modify the transit gateway route table to allow traffic
// between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use
// CreateTransitGatewayRoute to add the routes. If you deleted VPN static routes,
// you must add the static routes to the transit gateway route table. After you
// perform this operation, the VPN endpoint's IP addresses on the Amazon Web
// Services side and the tunnel options remain intact. Your Amazon Web Services
// Site-to-Site VPN connection will be temporarily unavailable for a brief period
// while we provision the new endpoints.
ModifyVpnConnection(ctx context.Context, params *ModifyVpnConnectionInput, optFns ...func(*Options)) (*ModifyVpnConnectionOutput, error)
// Modifies the connection options for your Site-to-Site VPN connection. When you
// modify the VPN connection options, the VPN endpoint IP addresses on the Amazon
// Web Services side do not change, and the tunnel options do not change. Your VPN
// connection will be temporarily unavailable for a brief period while the VPN
// connection is updated.
ModifyVpnConnectionOptions(ctx context.Context, params *ModifyVpnConnectionOptionsInput, optFns ...func(*Options)) (*ModifyVpnConnectionOptionsOutput, error)
// Modifies the VPN tunnel endpoint certificate.
ModifyVpnTunnelCertificate(ctx context.Context, params *ModifyVpnTunnelCertificateInput, optFns ...func(*Options)) (*ModifyVpnTunnelCertificateOutput, error)
// Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN
// connection. You can modify multiple options for a tunnel in a single request,
// but you can only modify one tunnel at a time. For more information, see
// Site-to-Site VPN tunnel options for your Site-to-Site VPN connection
// (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html) in the Amazon
// Web Services Site-to-Site VPN User Guide.
ModifyVpnTunnelOptions(ctx context.Context, params *ModifyVpnTunnelOptionsInput, optFns ...func(*Options)) (*ModifyVpnTunnelOptionsOutput, error)
// Enables detailed monitoring for a running instance. Otherwise, basic monitoring
// is enabled. For more information, see Monitor your instances using CloudWatch
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in
// the Amazon EC2 User Guide. To disable detailed monitoring, see
// UnmonitorInstances
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_UnmonitorInstances.html).
MonitorInstances(ctx context.Context, params *MonitorInstancesInput, optFns ...func(*Options)) (*MonitorInstancesOutput, error)
// Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC
// platform. The Elastic IP address must be allocated to your account for more than
// 24 hours, and it must not be associated with an instance. After the Elastic IP
// address is moved, it is no longer available for use in the EC2-Classic platform,
// unless you move it back using the RestoreAddressToClassic request. You cannot
// move an Elastic IP address that was originally allocated for use in the EC2-VPC
// platform to the EC2-Classic platform.
MoveAddressToVpc(ctx context.Context, params *MoveAddressToVpcInput, optFns ...func(*Options)) (*MoveAddressToVpcOutput, error)
// Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool. If you already have an
// IPv4 BYOIP CIDR with Amazon Web Services, you can move the CIDR to IPAM from a
// public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a
// new IP address to Amazon Web Services for the first time, complete the steps in
// Tutorial: BYOIP address CIDRs to IPAM.
MoveByoipCidrToIpam(ctx context.Context, params *MoveByoipCidrToIpamInput, optFns ...func(*Options)) (*MoveByoipCidrToIpamOutput, error)
// Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services
// resources through bring your own IP addresses (BYOIP) and creates a
// corresponding address pool. After the address range is provisioned, it is ready
// to be advertised using AdvertiseByoipCidr. Amazon Web Services verifies that you
// own the address range and are authorized to advertise it. You must ensure that
// the address range is registered to you and that you created an RPKI ROA to
// authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more
// information, see Bring your own IP addresses (BYOIP)
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the
// Amazon Elastic Compute Cloud User Guide. Provisioning an address range is an
// asynchronous operation, so the call returns immediately, but the address range
// is not ready to use until its status changes from pending-provision to
// provisioned. To monitor the status of an address range, use DescribeByoipCidrs.
// To allocate an Elastic IP address from your IPv4 address pool, use
// AllocateAddress with either the specific address from the address pool or the ID
// of the address pool.
ProvisionByoipCidr(ctx context.Context, params *ProvisionByoipCidrInput, optFns ...func(*Options)) (*ProvisionByoipCidrOutput, error)
// Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs
// to a top-level pool or to transfer a CIDR from a top-level pool to a pool within
// it. For more information, see Provision CIDRs to pools in the Amazon VPC IPAM
// User Guide.
ProvisionIpamPoolCidr(ctx context.Context, params *ProvisionIpamPoolCidrInput, optFns ...func(*Options)) (*ProvisionIpamPoolCidrOutput, error)
// Provision a CIDR to a public IPv4 pool. For more information about IPAM, see
// What is IPAM? in the Amazon VPC IPAM User Guide.
ProvisionPublicIpv4PoolCidr(ctx context.Context, params *ProvisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*ProvisionPublicIpv4PoolCidrOutput, error)
// Purchase a reservation with configurations that match those of your Dedicated
// Host. You must have active Dedicated Hosts in your account before you purchase a
// reservation. This action results in the specified reservation being purchased
// and charged to your account.
PurchaseHostReservation(ctx context.Context, params *PurchaseHostReservationInput, optFns ...func(*Options)) (*PurchaseHostReservationOutput, error)
// Purchases a Reserved Instance for use with your account. With Reserved
// Instances, you pay a lower hourly rate compared to On-Demand instance pricing.
// Use DescribeReservedInstancesOfferings to get a list of Reserved Instance
// offerings that match your specifications. After you've purchased a Reserved
// Instance, you can check for your new Reserved Instance with
// DescribeReservedInstances. To queue a purchase for a future date and time,
// specify a purchase time. If you do not specify a purchase time, the default is
// the current time. For more information, see Reserved Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html)
// and Reserved Instance Marketplace
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) in
// the Amazon EC2 User Guide.
PurchaseReservedInstancesOffering(ctx context.Context, params *PurchaseReservedInstancesOfferingInput, optFns ...func(*Options)) (*PurchaseReservedInstancesOfferingOutput, error)
// Purchases the Scheduled Instances with the specified schedule. Scheduled
// Instances enable you to purchase Amazon EC2 compute capacity by the hour for a
// one-year term. Before you can purchase a Scheduled Instance, you must call
// DescribeScheduledInstanceAvailability to check for available schedules and
// obtain a purchase token. After you purchase a Scheduled Instance, you must call
// RunScheduledInstances during each scheduled time period. After you purchase a
// Scheduled Instance, you can't cancel, modify, or resell your purchase.
PurchaseScheduledInstances(ctx context.Context, params *PurchaseScheduledInstancesInput, optFns ...func(*Options)) (*PurchaseScheduledInstancesOutput, error)
// Requests a reboot of the specified instances. This operation is asynchronous; it
// only queues a request to reboot the specified instances. The operation succeeds
// if the instances are valid and belong to you. Requests to reboot terminated
// instances are ignored. If an instance does not cleanly shut down within a few
// minutes, Amazon EC2 performs a hard reboot. For more information about
// troubleshooting, see Troubleshoot an unreachable instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html) in
// the Amazon EC2 User Guide.
RebootInstances(ctx context.Context, params *RebootInstancesInput, optFns ...func(*Options)) (*RebootInstancesOutput, error)
// Registers an AMI. When you're creating an AMI, this is the final step you must
// complete before you can launch an instance from the AMI. For more information
// about creating AMIs, see Creating your own AMIs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami.html) in
// the Amazon Elastic Compute Cloud User Guide. For Amazon EBS-backed instances,
// CreateImage creates and registers the AMI in a single request, so you don't have
// to register the AMI yourself. If needed, you can deregister an AMI at any time.
// Any modifications you make to an AMI backed by an instance store volume
// invalidates its registration. If you make changes to an image, deregister the
// previous image and register the new image. Register a snapshot of a root device
// volume You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a
// snapshot of a root device volume. You specify the snapshot using a block device
// mapping. You can't set the encryption state of the volume using the block device
// mapping. If the snapshot is encrypted, or encryption by default is enabled, the
// root volume of an instance launched from the AMI is encrypted. For more
// information, see Create a Linux AMI from a snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html#creating-launching-ami-from-snapshot)
// and Use encryption with Amazon EBS-backed AMIs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide. Amazon Web Services Marketplace product
// codes If any snapshots have Amazon Web Services Marketplace product codes, they
// are copied to the new AMI. Windows and some Linux distributions, such as Red Hat
// Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon
// EC2 billing product code associated with an AMI to verify the subscription
// status for package updates. To create a new AMI for operating systems that
// require a billing product code, instead of registering the AMI, do the following
// to preserve the billing product code association:
//
// * Launch an instance from an
// existing AMI with that billing product code.
//
// * Customize the instance.
//
// *
// Create an AMI from the instance using CreateImage.
//
// If you purchase a Reserved
// Instance to apply to an On-Demand Instance that was launched from an AMI with a
// billing product code, make sure that the Reserved Instance has the matching
// billing product code. If you purchase a Reserved Instance without the matching
// billing product code, the Reserved Instance will not be applied to the On-Demand
// Instance. For information about how to obtain the platform details and billing
// information of an AMI, see Understanding AMI billing
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html) in
// the Amazon Elastic Compute Cloud User Guide.
RegisterImage(ctx context.Context, params *RegisterImageInput, optFns ...func(*Options)) (*RegisterImageOutput, error)
// Registers a set of tag keys to include in scheduled event notifications for your
// resources. To remove tags, use DeregisterInstanceEventNotificationAttributes
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeregisterInstanceEventNotificationAttributes.html).
RegisterInstanceEventNotificationAttributes(ctx context.Context, params *RegisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*RegisterInstanceEventNotificationAttributesOutput, error)
// Registers members (network interfaces) with the transit gateway multicast group.
// A member is a network interface associated with a supported EC2 instance that
// receives multicast traffic. For information about supported instances, see
// Multicast Consideration
// (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits)
// in Amazon VPC Transit Gateways. After you add the members, use
// SearchTransitGatewayMulticastGroups
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html)
// to verify that the members were added to the transit gateway multicast group.
RegisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *RegisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupMembersOutput, error)
// Registers sources (network interfaces) with the specified transit gateway
// multicast group. A multicast source is a network interface attached to a
// supported instance that sends multicast traffic. For information about supported
// instances, see Multicast Considerations
// (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits)
// in Amazon VPC Transit Gateways. After you add the source, use
// SearchTransitGatewayMulticastGroups
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html)
// to verify that the source was added to the multicast group.
RegisterTransitGatewayMulticastGroupSources(ctx context.Context, params *RegisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*RegisterTransitGatewayMulticastGroupSourcesOutput, error)
// Rejects a request to associate cross-account subnets with a transit gateway
// multicast domain.
RejectTransitGatewayMulticastDomainAssociations(ctx context.Context, params *RejectTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*RejectTransitGatewayMulticastDomainAssociationsOutput, error)
// Rejects a transit gateway peering attachment request.
RejectTransitGatewayPeeringAttachment(ctx context.Context, params *RejectTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayPeeringAttachmentOutput, error)
// Rejects a request to attach a VPC to a transit gateway. The VPC attachment must
// be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to
// view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment
// to accept a VPC attachment request.
RejectTransitGatewayVpcAttachment(ctx context.Context, params *RejectTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*RejectTransitGatewayVpcAttachmentOutput, error)
// Rejects one or more VPC endpoint connection requests to your VPC endpoint
// service.
RejectVpcEndpointConnections(ctx context.Context, params *RejectVpcEndpointConnectionsInput, optFns ...func(*Options)) (*RejectVpcEndpointConnectionsOutput, error)
// Rejects a VPC peering connection request. The VPC peering connection must be in
// the pending-acceptance state. Use the DescribeVpcPeeringConnections request to
// view your outstanding VPC peering connection requests. To delete an active VPC
// peering connection, or to delete a VPC peering connection request that you
// initiated, use DeleteVpcPeeringConnection.
RejectVpcPeeringConnection(ctx context.Context, params *RejectVpcPeeringConnectionInput, optFns ...func(*Options)) (*RejectVpcPeeringConnectionOutput, error)
// Releases the specified Elastic IP address. [EC2-Classic, default VPC] Releasing
// an Elastic IP address automatically disassociates it from any instance that it's
// associated with. To disassociate an Elastic IP address without releasing it, use
// DisassociateAddress. [Nondefault VPC] You must use DisassociateAddress to
// disassociate the Elastic IP address before you can release it. Otherwise, Amazon
// EC2 returns an error (InvalidIPAddress.InUse). After releasing an Elastic IP
// address, it is released to the IP address pool. Be sure to update your DNS
// records and any servers or devices that communicate with the address. If you
// attempt to release an Elastic IP address that you already released, you'll get
// an AuthFailure error if the address is already allocated to another Amazon Web
// Services account. [EC2-VPC] After you release an Elastic IP address for use in a
// VPC, you might be able to recover it. For more information, see AllocateAddress.
ReleaseAddress(ctx context.Context, params *ReleaseAddressInput, optFns ...func(*Options)) (*ReleaseAddressOutput, error)
// When you no longer want to use an On-Demand Dedicated Host it can be released.
// On-Demand billing is stopped and the host goes into released state. The host ID
// of Dedicated Hosts that have been released can no longer be specified in another
// request, for example, to modify the host. You must stop or terminate all
// instances on a host before it can be released. When Dedicated Hosts are
// released, it may take some time for them to stop counting toward your limit and
// you may receive capacity errors when trying to allocate new Dedicated Hosts.
// Wait a few minutes and then try again. Released hosts still appear in a
// DescribeHosts response.
ReleaseHosts(ctx context.Context, params *ReleaseHostsInput, optFns ...func(*Options)) (*ReleaseHostsOutput, error)
// Release an allocation within an IPAM pool. You can only use this action to
// release manual allocations. To remove an allocation for a resource without
// deleting the resource, set its monitored state to false using
// ModifyIpamResourceCidr
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html).
// For more information, see Release an allocation in the Amazon VPC IPAM User
// Guide.
ReleaseIpamPoolAllocation(ctx context.Context, params *ReleaseIpamPoolAllocationInput, optFns ...func(*Options)) (*ReleaseIpamPoolAllocationOutput, error)
// Replaces an IAM instance profile for the specified running instance. You can use
// this action to change the IAM instance profile that's associated with an
// instance without having to disassociate the existing IAM instance profile first.
// Use DescribeIamInstanceProfileAssociations to get the association ID.
ReplaceIamInstanceProfileAssociation(ctx context.Context, params *ReplaceIamInstanceProfileAssociationInput, optFns ...func(*Options)) (*ReplaceIamInstanceProfileAssociationOutput, error)
// Changes which network ACL a subnet is associated with. By default when you
// create a subnet, it's automatically associated with the default network ACL. For
// more information, see Network ACLs
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon
// Virtual Private Cloud User Guide. This is an idempotent operation.
ReplaceNetworkAclAssociation(ctx context.Context, params *ReplaceNetworkAclAssociationInput, optFns ...func(*Options)) (*ReplaceNetworkAclAssociationOutput, error)
// Replaces an entry (rule) in a network ACL. For more information, see Network
// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the
// Amazon Virtual Private Cloud User Guide.
ReplaceNetworkAclEntry(ctx context.Context, params *ReplaceNetworkAclEntryInput, optFns ...func(*Options)) (*ReplaceNetworkAclEntryOutput, error)
// Replaces an existing route within a route table in a VPC. You must provide only
// one of the following: internet gateway, virtual private gateway, NAT instance,
// NAT gateway, VPC peering connection, network interface, egress-only internet
// gateway, or transit gateway. For more information, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide.
ReplaceRoute(ctx context.Context, params *ReplaceRouteInput, optFns ...func(*Options)) (*ReplaceRouteOutput, error)
// Changes the route table associated with a given subnet, internet gateway, or
// virtual private gateway in a VPC. After the operation completes, the subnet or
// gateway uses the routes in the new route table. For more information about route
// tables, see Route tables
// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the
// Amazon Virtual Private Cloud User Guide. You can also use this operation to
// change which table is the main route table in the VPC. Specify the main route
// table's association ID and the route table ID of the new main route table.
ReplaceRouteTableAssociation(ctx context.Context, params *ReplaceRouteTableAssociationInput, optFns ...func(*Options)) (*ReplaceRouteTableAssociationOutput, error)
// Replaces the specified route in the specified transit gateway route table.
ReplaceTransitGatewayRoute(ctx context.Context, params *ReplaceTransitGatewayRouteInput, optFns ...func(*Options)) (*ReplaceTransitGatewayRouteOutput, error)
// Submits feedback about the status of an instance. The instance must be in the
// running state. If your experience with the instance differs from the instance
// status returned by DescribeInstanceStatus, use ReportInstanceStatus to report
// your experience with the instance. Amazon EC2 collects this information to
// improve the accuracy of status checks. Use of this action does not change the
// value returned by DescribeInstanceStatus.
ReportInstanceStatus(ctx context.Context, params *ReportInstanceStatusInput, optFns ...func(*Options)) (*ReportInstanceStatusOutput, error)
// Creates a Spot Fleet request. The Spot Fleet request specifies the total target
// capacity and the On-Demand target capacity. Amazon EC2 calculates the difference
// between the total capacity and On-Demand capacity, and launches the difference
// as Spot capacity. You can submit a single request that includes multiple launch
// specifications that vary by instance type, AMI, Availability Zone, or subnet. By
// default, the Spot Fleet requests Spot Instances in the Spot Instance pool where
// the price per unit is the lowest. Each launch specification can include its own
// instance weighting that reflects the value of the instance type to your
// application workload. Alternatively, you can specify that the Spot Fleet
// distribute the target capacity across the Spot pools included in its launch
// specifications. By ensuring that the Spot Instances in your Spot Fleet are in
// different Spot pools, you can improve the availability of your fleet. You can
// specify tags for the Spot Fleet request and instances launched by the fleet. You
// cannot tag other resource types in a Spot Fleet request because only the
// spot-fleet-request and instance resource types are supported. For more
// information, see Spot Fleet requests
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html)
// in the Amazon EC2 User Guide for Linux Instances.
RequestSpotFleet(ctx context.Context, params *RequestSpotFleetInput, optFns ...func(*Options)) (*RequestSpotFleetOutput, error)
// Creates a Spot Instance request. For more information, see Spot Instance
// requests
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html) in the
// Amazon EC2 User Guide for Linux Instances.
RequestSpotInstances(ctx context.Context, params *RequestSpotInstancesInput, optFns ...func(*Options)) (*RequestSpotInstancesOutput, error)
// Resets the attribute of the specified IP address. For requirements, see Using
// reverse DNS for email applications
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS).
ResetAddressAttribute(ctx context.Context, params *ResetAddressAttributeInput, optFns ...func(*Options)) (*ResetAddressAttributeOutput, error)
// Resets the default KMS key for EBS encryption for your account in this Region to
// the Amazon Web Services managed KMS key for EBS. After resetting the default KMS
// key to the Amazon Web Services managed KMS key, you can continue to encrypt by a
// customer managed KMS key by specifying it when you create the volume. For more
// information, see Amazon EBS encryption
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in the
// Amazon Elastic Compute Cloud User Guide.
ResetEbsDefaultKmsKeyId(ctx context.Context, params *ResetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ResetEbsDefaultKmsKeyIdOutput, error)
// Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its
// default value. You can only reset the load permission attribute.
ResetFpgaImageAttribute(ctx context.Context, params *ResetFpgaImageAttributeInput, optFns ...func(*Options)) (*ResetFpgaImageAttributeOutput, error)
// Resets an attribute of an AMI to its default value.
ResetImageAttribute(ctx context.Context, params *ResetImageAttributeInput, optFns ...func(*Options)) (*ResetImageAttributeOutput, error)
// Resets an attribute of an instance to its default value. To reset the kernel or
// ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck,
// the instance can be either running or stopped. The sourceDestCheck attribute
// controls whether source/destination checking is enabled. The default value is
// true, which means checking is enabled. This value must be false for a NAT
// instance to perform NAT. For more information, see NAT Instances
// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html)
// in the Amazon VPC User Guide.
ResetInstanceAttribute(ctx context.Context, params *ResetInstanceAttributeInput, optFns ...func(*Options)) (*ResetInstanceAttributeOutput, error)
// Resets a network interface attribute. You can specify only one attribute at a
// time.
ResetNetworkInterfaceAttribute(ctx context.Context, params *ResetNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ResetNetworkInterfaceAttributeOutput, error)
// Resets permission settings for the specified snapshot. For more information
// about modifying snapshot permissions, see Share a snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html)
// in the Amazon Elastic Compute Cloud User Guide.
ResetSnapshotAttribute(ctx context.Context, params *ResetSnapshotAttributeInput, optFns ...func(*Options)) (*ResetSnapshotAttributeOutput, error)
// Restores an Elastic IP address that was previously moved to the EC2-VPC platform
// back to the EC2-Classic platform. You cannot move an Elastic IP address that was
// originally allocated for use in EC2-VPC. The Elastic IP address must not be
// associated with an instance or network interface.
RestoreAddressToClassic(ctx context.Context, params *RestoreAddressToClassicInput, optFns ...func(*Options)) (*RestoreAddressToClassicOutput, error)
// Restores an AMI from the Recycle Bin. For more information, see Recycle Bin
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in the
// Amazon Elastic Compute Cloud User Guide.
RestoreImageFromRecycleBin(ctx context.Context, params *RestoreImageFromRecycleBinInput, optFns ...func(*Options)) (*RestoreImageFromRecycleBinOutput, error)
// Restores the entries from a previous version of a managed prefix list to a new
// version of the prefix list.
RestoreManagedPrefixListVersion(ctx context.Context, params *RestoreManagedPrefixListVersionInput, optFns ...func(*Options)) (*RestoreManagedPrefixListVersionOutput, error)
// Restores a snapshot from the Recycle Bin. For more information, see Restore
// snapshots from the Recycle Bin
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin-working-with-snaps.html#recycle-bin-restore-snaps)
// in the Amazon Elastic Compute Cloud User Guide.
RestoreSnapshotFromRecycleBin(ctx context.Context, params *RestoreSnapshotFromRecycleBinInput, optFns ...func(*Options)) (*RestoreSnapshotFromRecycleBinOutput, error)
// Restores an archived Amazon EBS snapshot for use temporarily or permanently, or
// modifies the restore period or restore type for a snapshot that was previously
// temporarily restored. For more information see Restore an archived snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#restore-archived-snapshot)
// and modify the restore period or restore type for a temporarily restored
// snapshot
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#modify-temp-restore-period)
// in the Amazon Elastic Compute Cloud User Guide.
RestoreSnapshotTier(ctx context.Context, params *RestoreSnapshotTierInput, optFns ...func(*Options)) (*RestoreSnapshotTierOutput, error)
// Removes an ingress authorization rule from a Client VPN endpoint.
RevokeClientVpnIngress(ctx context.Context, params *RevokeClientVpnIngressInput, optFns ...func(*Options)) (*RevokeClientVpnIngressOutput, error)
// [VPC only] Removes the specified outbound (egress) rules from a security group
// for EC2-VPC. This action does not apply to security groups for use in
// EC2-Classic. You can specify rules using either rule IDs or security group rule
// properties. If you use rule properties, the values that you specify (for
// example, ports) must match the existing rule's values exactly. Each rule has a
// protocol, from and to ports, and destination (CIDR range, security group, or
// prefix list). For the TCP and UDP protocols, you must also specify the
// destination port or range of ports. For the ICMP protocol, you must also specify
// the ICMP type and code. If the security group rule has a description, you do not
// need to specify the description to revoke the rule. [Default VPC] If the values
// you specify do not match the existing rule's values, no error is returned, and
// the output describes the security group rules that were not revoked. Amazon Web
// Services recommends that you describe the security group to verify that the
// rules were removed. Rule changes are propagated to instances within the security
// group as quickly as possible. However, a small delay might occur.
RevokeSecurityGroupEgress(ctx context.Context, params *RevokeSecurityGroupEgressInput, optFns ...func(*Options)) (*RevokeSecurityGroupEgressOutput, error)
// Removes the specified inbound (ingress) rules from a security group. You can
// specify rules using either rule IDs or security group rule properties. If you
// use rule properties, the values that you specify (for example, ports) must match
// the existing rule's values exactly. Each rule has a protocol, from and to ports,
// and source (CIDR range, security group, or prefix list). For the TCP and UDP
// protocols, you must also specify the destination port or range of ports. For the
// ICMP protocol, you must also specify the ICMP type and code. If the security
// group rule has a description, you do not need to specify the description to
// revoke the rule. [EC2-Classic, default VPC] If the values you specify do not
// match the existing rule's values, no error is returned, and the output describes
// the security group rules that were not revoked. Amazon Web Services recommends
// that you describe the security group to verify that the rules were removed. Rule
// changes are propagated to instances within the security group as quickly as
// possible. However, a small delay might occur.
RevokeSecurityGroupIngress(ctx context.Context, params *RevokeSecurityGroupIngressInput, optFns ...func(*Options)) (*RevokeSecurityGroupIngressOutput, error)
// Launches the specified number of instances using an AMI for which you have
// permissions. You can specify a number of options, or leave the default options.
// The following rules apply:
//
// * [EC2-VPC] If you don't specify a subnet ID, we
// choose a default subnet from your default VPC for you. If you don't have a
// default VPC, you must specify a subnet ID in the request.
//
// * [EC2-Classic] If
// don't specify an Availability Zone, we choose one for you.
//
// * Some instance
// types must be launched into a VPC. If you do not have a default VPC, or if you
// do not specify a subnet ID, the request fails. For more information, see
// Instance types available only in a VPC
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html#vpc-only-instance-types).
//
// *
// [EC2-VPC] All instances have a network interface with a primary private IPv4
// address. If you don't specify this address, we choose one from the IPv4 range of
// your subnet.
//
// * Not all instance types support IPv6 addresses. For more
// information, see Instance types
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html).
//
// * If
// you don't specify a security group ID, we use the default security group. For
// more information, see Security groups
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html).
//
// *
// If any of the AMIs have a product code attached for which the user has not
// subscribed, the request fails.
//
// You can create a launch template
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html),
// which is a resource that contains the parameters to launch an instance. When you
// launch an instance using RunInstances, you can specify the launch template
// instead of specifying the launch parameters. To ensure faster instance launches,
// break up large requests into smaller batches. For example, create five separate
// launch requests for 100 instances each instead of one launch request for 500
// instances. An instance is ready for you to use when it's in the running state.
// You can check the state of your instance using DescribeInstances. You can tag
// instances and EBS volumes during launch, after launch, or both. For more
// information, see CreateTags and Tagging your Amazon EC2 resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html). Linux
// instances have access to the public key of the key pair at boot. You can use
// this key to provide secure access to the instance. Amazon EC2 public images use
// this feature to provide secure access without passwords. For more information,
// see Key pairs
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). For
// troubleshooting, see What to do if an instance immediately terminates
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html),
// and Troubleshooting connecting to your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html).
RunInstances(ctx context.Context, params *RunInstancesInput, optFns ...func(*Options)) (*RunInstancesOutput, error)
// Launches the specified Scheduled Instances. Before you can launch a Scheduled
// Instance, you must purchase it and obtain an identifier using
// PurchaseScheduledInstances. You must launch a Scheduled Instance during its
// scheduled time period. You can't stop or reboot a Scheduled Instance, but you
// can terminate it as needed. If you terminate a Scheduled Instance before the
// current scheduled time period ends, you can launch it again after a few minutes.
// For more information, see Scheduled Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html)
// in the Amazon EC2 User Guide.
RunScheduledInstances(ctx context.Context, params *RunScheduledInstancesInput, optFns ...func(*Options)) (*RunScheduledInstancesOutput, error)
// Searches for routes in the specified local gateway route table.
SearchLocalGatewayRoutes(ctx context.Context, params *SearchLocalGatewayRoutesInput, optFns ...func(*Options)) (*SearchLocalGatewayRoutesOutput, error)
// Searches one or more transit gateway multicast groups and returns the group
// membership information.
SearchTransitGatewayMulticastGroups(ctx context.Context, params *SearchTransitGatewayMulticastGroupsInput, optFns ...func(*Options)) (*SearchTransitGatewayMulticastGroupsOutput, error)
// Searches for routes in the specified transit gateway route table.
SearchTransitGatewayRoutes(ctx context.Context, params *SearchTransitGatewayRoutesInput, optFns ...func(*Options)) (*SearchTransitGatewayRoutesOutput, error)
// Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a
// kernel panic (on Linux instances), or a blue screen/stop error (on Windows
// instances). For instances based on Intel and AMD processors, the interrupt is
// received as a non-maskable interrupt (NMI). In general, the operating system
// crashes and reboots when a kernel panic or stop error is triggered. The
// operating system can also be configured to perform diagnostic tasks, such as
// generating a memory dump file, loading a secondary kernel, or obtaining a call
// trace. Before sending a diagnostic interrupt to your instance, ensure that its
// operating system is configured to perform the required diagnostic tasks. For
// more information about configuring your operating system to generate a crash
// dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt
// (for advanced users)
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/diagnostic-interrupt.html)
// (Linux instances) or Send a diagnostic interrupt (for advanced users)
// (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/diagnostic-interrupt.html)
// (Windows instances).
SendDiagnosticInterrupt(ctx context.Context, params *SendDiagnosticInterruptInput, optFns ...func(*Options)) (*SendDiagnosticInterruptOutput, error)
// Starts an Amazon EBS-backed instance that you've previously stopped. Instances
// that use Amazon EBS volumes as their root devices can be quickly stopped and
// started. When an instance is stopped, the compute resources are released and you
// are not billed for instance usage. However, your root partition Amazon EBS
// volume remains and continues to persist your data, and you are charged for
// Amazon EBS volume usage. You can restart your instance at any time. Every time
// you start your instance, Amazon EC2 charges a one-minute minimum for instance
// usage, and thereafter charges per second for instance usage. Before stopping an
// instance, make sure it is in a state from which it can be restarted. Stopping an
// instance does not preserve data stored in RAM. Performing this operation on an
// instance that uses an instance store as its root device returns an error. If you
// attempt to start a T3 instance with host tenancy and the unlimted CPU credit
// option, the request fails. The unlimited CPU credit option is not supported on
// Dedicated Hosts. Before you start the instance, either change its CPU credit
// option to standard, or change its tenancy to default or dedicated. For more
// information, see Stop and start your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html) in the
// Amazon EC2 User Guide.
StartInstances(ctx context.Context, params *StartInstancesInput, optFns ...func(*Options)) (*StartInstancesOutput, error)
// Starts analyzing the specified Network Access Scope.
StartNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *StartNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAccessScopeAnalysisOutput, error)
// Starts analyzing the specified path. If the path is reachable, the operation
// returns the shortest feasible path.
StartNetworkInsightsAnalysis(ctx context.Context, params *StartNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*StartNetworkInsightsAnalysisOutput, error)
// Initiates the verification process to prove that the service provider owns the
// private DNS name domain for the endpoint service. The service provider must
// successfully perform the verification before the consumer can use the name to
// access the service. Before the service provider runs this command, they must add
// a record to the DNS server. For more information, see Adding a TXT Record to
// Your Domain's DNS Server
// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html#add-dns-txt-record)
// in the Amazon VPC User Guide.
StartVpcEndpointServicePrivateDnsVerification(ctx context.Context, params *StartVpcEndpointServicePrivateDnsVerificationInput, optFns ...func(*Options)) (*StartVpcEndpointServicePrivateDnsVerificationOutput, error)
// Stops an Amazon EBS-backed instance. You can use the Stop action to hibernate an
// instance if the instance is enabled for hibernation
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#enabling-hibernation)
// and it meets the hibernation prerequisites
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites).
// For more information, see Hibernate your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) in the
// Amazon EC2 User Guide. We don't charge usage for a stopped instance, or data
// transfer fees; however, your root partition Amazon EBS volume remains and
// continues to persist your data, and you are charged for Amazon EBS volume usage.
// Every time you start your instance, Amazon EC2 charges a one-minute minimum for
// instance usage, and thereafter charges per second for instance usage. You can't
// stop or hibernate instance store-backed instances. You can't use the Stop action
// to hibernate Spot Instances, but you can specify that Amazon EC2 should
// hibernate Spot Instances when they are interrupted. For more information, see
// Hibernating interrupted Spot Instances
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances)
// in the Amazon EC2 User Guide. When you stop or hibernate an instance, we shut it
// down. You can restart your instance at any time. Before stopping or hibernating
// an instance, make sure it is in a state from which it can be restarted. Stopping
// an instance does not preserve data stored in RAM, but hibernating an instance
// does preserve data stored in RAM. If an instance cannot hibernate successfully,
// a normal shutdown occurs. Stopping and hibernating an instance is different to
// rebooting or terminating it. For example, when you stop or hibernate an
// instance, the root device and any other devices attached to the instance
// persist. When you terminate an instance, the root device and any other devices
// attached during the instance launch are automatically deleted. For more
// information about the differences between rebooting, stopping, hibernating, and
// terminating instances, see Instance lifecycle
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
// in the Amazon EC2 User Guide. When you stop an instance, we attempt to shut it
// down forcibly after a short while. If your instance appears stuck in the
// stopping state after a period of time, there may be an issue with the underlying
// host computer. For more information, see Troubleshoot stopping your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesStopping.html)
// in the Amazon EC2 User Guide.
StopInstances(ctx context.Context, params *StopInstancesInput, optFns ...func(*Options)) (*StopInstancesOutput, error)
// Terminates active Client VPN endpoint connections. This action can be used to
// terminate a specific client connection, or up to five connections established by
// a specific user.
TerminateClientVpnConnections(ctx context.Context, params *TerminateClientVpnConnectionsInput, optFns ...func(*Options)) (*TerminateClientVpnConnectionsOutput, error)
// Shuts down the specified instances. This operation is idempotent; if you
// terminate an instance more than once, each call succeeds. If you specify
// multiple instances and the request fails (for example, because of a single
// incorrect instance ID), none of the instances are terminated. If you terminate
// multiple instances across multiple Availability Zones, and one or more of the
// specified instances are enabled for termination protection, the request fails
// with the following results:
//
// * The specified instances that are in the same
// Availability Zone as the protected instance are not terminated.
//
// * The specified
// instances that are in different Availability Zones, where no other specified
// instances are protected, are successfully terminated.
//
// For example, say you have
// the following instances:
//
// * Instance A: us-east-1a; Not protected
//
// * Instance B:
// us-east-1a; Not protected
//
// * Instance C: us-east-1b; Protected
//
// * Instance D:
// us-east-1b; not protected
//
// If you attempt to terminate all of these instances in
// the same request, the request reports failure with the following results:
//
// *
// Instance A and Instance B are successfully terminated because none of the
// specified instances in us-east-1a are enabled for termination protection.
//
// *
// Instance C and Instance D fail to terminate because at least one of the
// specified instances in us-east-1b (Instance C) is enabled for termination
// protection.
//
// Terminated instances remain visible after termination (for
// approximately one hour). By default, Amazon EC2 deletes all EBS volumes that
// were attached when the instance launched. Volumes attached after instance launch
// continue running. You can stop, start, and terminate EBS-backed instances. You
// can only terminate instance store-backed instances. What happens to an instance
// differs if you stop it or terminate it. For example, when you stop an instance,
// the root device and any other devices attached to the instance persist. When you
// terminate an instance, any attached EBS volumes with the DeleteOnTermination
// block device mapping parameter set to true are automatically deleted. For more
// information about the differences between stopping and terminating instances,
// see Instance lifecycle
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html)
// in the Amazon EC2 User Guide. For more information about troubleshooting, see
// Troubleshooting terminating your instance
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesShuttingDown.html)
// in the Amazon EC2 User Guide.
TerminateInstances(ctx context.Context, params *TerminateInstancesInput, optFns ...func(*Options)) (*TerminateInstancesOutput, error)
// Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a
// network interface.
UnassignIpv6Addresses(ctx context.Context, params *UnassignIpv6AddressesInput, optFns ...func(*Options)) (*UnassignIpv6AddressesOutput, error)
// Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation
// prefixes from a network interface.
UnassignPrivateIpAddresses(ctx context.Context, params *UnassignPrivateIpAddressesInput, optFns ...func(*Options)) (*UnassignPrivateIpAddressesOutput, error)
// Disables detailed monitoring for a running instance. For more information, see
// Monitoring your instances and volumes
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) in
// the Amazon EC2 User Guide.
UnmonitorInstances(ctx context.Context, params *UnmonitorInstancesInput, optFns ...func(*Options)) (*UnmonitorInstancesOutput, error)
// [VPC only] Updates the description of an egress (outbound) security group rule.
// You can replace an existing description, or add a description to a rule that did
// not have one previously. You can remove a description for a security group rule
// by omitting the description parameter in the request.
UpdateSecurityGroupRuleDescriptionsEgress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsEgressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsEgressOutput, error)
// Updates the description of an ingress (inbound) security group rule. You can
// replace an existing description, or add a description to a rule that did not
// have one previously. You can remove a description for a security group rule by
// omitting the description parameter in the request.
UpdateSecurityGroupRuleDescriptionsIngress(ctx context.Context, params *UpdateSecurityGroupRuleDescriptionsIngressInput, optFns ...func(*Options)) (*UpdateSecurityGroupRuleDescriptionsIngressOutput, error)
// Stops advertising an address range that is provisioned as an address pool. You
// can perform this operation at most once every 10 seconds, even if you specify
// different address ranges each time. It can take a few minutes before traffic to
// the specified addresses stops routing to Amazon Web Services because of BGP
// propagation delays.
WithdrawByoipCidr(ctx context.Context, params *WithdrawByoipCidrInput, optFns ...func(*Options)) (*WithdrawByoipCidrOutput, error)
}
EC2 provides an interface to the AWS EC2 service.
type EKS ¶ added in v0.98.0
type EKS interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() eks.Options
// Associates an access policy and its scope to an access entry. For more
// information about associating access policies, see [Associating and disassociating access policies to and from access entries]in the Amazon EKS User Guide.
//
// [Associating and disassociating access policies to and from access entries]: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html
AssociateAccessPolicy(ctx context.Context, params *AssociateAccessPolicyInput, optFns ...func(*Options)) (*AssociateAccessPolicyOutput, error)
// Associates an encryption configuration to an existing cluster.
//
// Use this API to enable encryption on existing clusters that don't already have
// encryption enabled. This allows you to implement a defense-in-depth security
// strategy without migrating applications to new Amazon EKS clusters.
AssociateEncryptionConfig(ctx context.Context, params *AssociateEncryptionConfigInput, optFns ...func(*Options)) (*AssociateEncryptionConfigOutput, error)
// Associates an identity provider configuration to a cluster.
//
// If you want to authenticate identities using an identity provider, you can
// create an identity provider configuration and associate it to your cluster.
// After configuring authentication to your cluster you can create Kubernetes Role
// and ClusterRole objects, assign permissions to them, and then bind them to the
// identities using Kubernetes RoleBinding and ClusterRoleBinding objects. For
// more information see [Using RBAC Authorization]in the Kubernetes documentation.
//
// [Using RBAC Authorization]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
AssociateIdentityProviderConfig(ctx context.Context, params *AssociateIdentityProviderConfigInput, optFns ...func(*Options)) (*AssociateIdentityProviderConfigOutput, error)
// Creates an access entry.
//
// An access entry allows an IAM principal to access your cluster. Access entries
// can replace the need to maintain entries in the aws-auth ConfigMap for
// authentication. You have the following options for authorizing an IAM principal
// to access Kubernetes objects on your cluster: Kubernetes role-based access
// control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you
// to create and manage Kubernetes Role , ClusterRole , RoleBinding , and
// ClusterRoleBinding objects, in addition to managing access entries. If you use
// Amazon EKS authorization exclusively, you don't need to create and manage
// Kubernetes Role , ClusterRole , RoleBinding , and ClusterRoleBinding objects.
//
// For more information about access entries, see [Access entries] in the Amazon EKS User Guide.
//
// [Access entries]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
CreateAccessEntry(ctx context.Context, params *CreateAccessEntryInput, optFns ...func(*Options)) (*CreateAccessEntryOutput, error)
// Creates an Amazon EKS add-on.
//
// Amazon EKS add-ons help to automate the provisioning and lifecycle management
// of common operational software for Amazon EKS clusters. For more information,
// see [Amazon EKS add-ons]in the Amazon EKS User Guide.
//
// [Amazon EKS add-ons]: https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
CreateAddon(ctx context.Context, params *CreateAddonInput, optFns ...func(*Options)) (*CreateAddonOutput, error)
// Creates an Amazon EKS control plane.
//
// The Amazon EKS control plane consists of control plane instances that run the
// Kubernetes software, such as etcd and the API server. The control plane runs in
// an account managed by Amazon Web Services, and the Kubernetes API is exposed by
// the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is
// single tenant and unique. It runs on its own set of Amazon EC2 instances.
//
// The cluster control plane is provisioned across multiple Availability Zones and
// fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also
// provisions elastic network interfaces in your VPC subnets to provide
// connectivity from the control plane instances to the nodes (for example, to
// support kubectl exec , logs , and proxy data flows).
//
// Amazon EKS nodes run in your Amazon Web Services account and connect to your
// cluster's control plane over the Kubernetes API server endpoint and a
// certificate file that is created for your cluster.
//
// You can use the endpointPublicAccess and endpointPrivateAccess parameters to
// enable or disable public and private access to your cluster's Kubernetes API
// server endpoint. By default, public access is enabled, and private access is
// disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control]in the Amazon EKS User Guide .
//
// You can use the logging parameter to enable or disable exporting the Kubernetes
// control plane logs for your cluster to CloudWatch Logs. By default, cluster
// control plane logs aren't exported to CloudWatch Logs. For more information, see
// [Amazon EKS Cluster Control Plane Logs]in the Amazon EKS User Guide .
//
// CloudWatch Logs ingestion, archive storage, and data scanning rates apply to
// exported control plane logs. For more information, see [CloudWatch Pricing].
//
// In most cases, it takes several minutes to create a cluster. After you create
// an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate
// with the API server and launch nodes into your cluster. For more information,
// see [Allowing users to access your cluster]and [Launching Amazon EKS nodes] in the Amazon EKS User Guide.
//
// [Allowing users to access your cluster]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html
// [CloudWatch Pricing]: http://aws.amazon.com/cloudwatch/pricing/
// [Amazon EKS Cluster Control Plane Logs]: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html
// [Amazon EKS Cluster Endpoint Access Control]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
// [Launching Amazon EKS nodes]: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
CreateCluster(ctx context.Context, params *CreateClusterInput, optFns ...func(*Options)) (*CreateClusterOutput, error)
// Creates an EKS Anywhere subscription. When a subscription is created, it is a
// contract agreement for the length of the term specified in the request. Licenses
// that are used to validate support are provisioned in Amazon Web Services License
// Manager and the caller account is granted access to EKS Anywhere Curated
// Packages.
CreateEksAnywhereSubscription(ctx context.Context, params *CreateEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*CreateEksAnywhereSubscriptionOutput, error)
// Creates an Fargate profile for your Amazon EKS cluster. You must have at least
// one Fargate profile in a cluster to be able to run pods on Fargate.
//
// The Fargate profile allows an administrator to declare which pods run on
// Fargate and specify which pods run on which Fargate profile. This declaration is
// done through the profile’s selectors. Each profile can have up to five selectors
// that contain a namespace and labels. A namespace is required for every selector.
// The label field consists of multiple optional key-value pairs. Pods that match
// the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of
// the selectors in the Fargate profile, then that pod is run on Fargate.
//
// When you create a Fargate profile, you must specify a pod execution role to use
// with the pods that are scheduled with the profile. This role is added to the
// cluster's Kubernetes [Role Based Access Control](RBAC) for authorization so that the kubelet that is
// running on the Fargate infrastructure can register with your Amazon EKS cluster
// so that it can appear in your cluster as a node. The pod execution role also
// provides IAM permissions to the Fargate infrastructure to allow read access to
// Amazon ECR image repositories. For more information, see [Pod Execution Role]in the Amazon EKS User
// Guide.
//
// Fargate profiles are immutable. However, you can create a new updated profile
// to replace an existing profile and then delete the original after the updated
// profile has finished creating.
//
// If any Fargate profiles in a cluster are in the DELETING status, you must wait
// for that Fargate profile to finish deleting before you can create any other
// profiles in that cluster.
//
// For more information, see [Fargate profile] in the Amazon EKS User Guide.
//
// [Role Based Access Control]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
// [Fargate profile]: https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html
// [Pod Execution Role]: https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html
CreateFargateProfile(ctx context.Context, params *CreateFargateProfileInput, optFns ...func(*Options)) (*CreateFargateProfileOutput, error)
// Creates a managed node group for an Amazon EKS cluster.
//
// You can only create a node group for your cluster that is equal to the current
// Kubernetes version for the cluster. All node groups are created with the latest
// AMI release version for the respective minor Kubernetes version of the cluster,
// unless you deploy a custom AMI using a launch template. For more information
// about using launch templates, see [Customizing managed nodes with launch templates].
//
// An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and
// associated Amazon EC2 instances that are managed by Amazon Web Services for an
// Amazon EKS cluster. For more information, see [Managed node groups]in the Amazon EKS User Guide.
//
// Windows AMI types are only supported for commercial Amazon Web Services Regions
// that support Windows on Amazon EKS.
//
// [Customizing managed nodes with launch templates]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
// [Managed node groups]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
CreateNodegroup(ctx context.Context, params *CreateNodegroupInput, optFns ...func(*Options)) (*CreateNodegroupOutput, error)
// Creates an EKS Pod Identity association between a service account in an Amazon
// EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give
// temporary IAM credentials to pods and the credentials are rotated automatically.
//
// Amazon EKS Pod Identity associations provide the ability to manage credentials
// for your applications, similar to the way that Amazon EC2 instance profiles
// provide credentials to Amazon EC2 instances.
//
// If a pod uses a service account that has an association, Amazon EKS sets
// environment variables in the containers of the pod. The environment variables
// configure the Amazon Web Services SDKs, including the Command Line Interface, to
// use the EKS Pod Identity credentials.
//
// Pod Identity is a simpler method than IAM roles for service accounts, as this
// method doesn't use OIDC identity providers. Additionally, you can configure a
// role for Pod Identity once, and reuse it across clusters.
CreatePodIdentityAssociation(ctx context.Context, params *CreatePodIdentityAssociationInput, optFns ...func(*Options)) (*CreatePodIdentityAssociationOutput, error)
// Deletes an access entry.
//
// Deleting an access entry of a type other than Standard can cause your cluster
// to function improperly. If you delete an access entry in error, you can recreate
// it.
DeleteAccessEntry(ctx context.Context, params *DeleteAccessEntryInput, optFns ...func(*Options)) (*DeleteAccessEntryOutput, error)
// Deletes an Amazon EKS add-on.
//
// When you remove an add-on, it's deleted from the cluster. You can always
// manually start an add-on on the cluster using the Kubernetes API.
DeleteAddon(ctx context.Context, params *DeleteAddonInput, optFns ...func(*Options)) (*DeleteAddonOutput, error)
// Deletes an Amazon EKS cluster control plane.
//
// If you have active services in your cluster that are associated with a load
// balancer, you must delete those services before deleting the cluster so that the
// load balancers are deleted properly. Otherwise, you can have orphaned resources
// in your VPC that prevent you from being able to delete the VPC. For more
// information, see [Deleting a cluster]in the Amazon EKS User Guide.
//
// If you have managed node groups or Fargate profiles attached to the cluster,
// you must delete them first. For more information, see DeleteNodgroup and
// DeleteFargateProfile .
//
// [Deleting a cluster]: https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html
DeleteCluster(ctx context.Context, params *DeleteClusterInput, optFns ...func(*Options)) (*DeleteClusterOutput, error)
// Deletes an expired or inactive subscription. Deleting inactive subscriptions
// removes them from the Amazon Web Services Management Console view and from
// list/describe API responses. Subscriptions can only be cancelled within 7 days
// of creation and are cancelled by creating a ticket in the Amazon Web Services
// Support Center.
DeleteEksAnywhereSubscription(ctx context.Context, params *DeleteEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*DeleteEksAnywhereSubscriptionOutput, error)
// Deletes an Fargate profile.
//
// When you delete a Fargate profile, any Pod running on Fargate that was created
// with the profile is deleted. If the Pod matches another Fargate profile, then
// it is scheduled on Fargate with that profile. If it no longer matches any
// Fargate profiles, then it's not scheduled on Fargate and may remain in a pending
// state.
//
// Only one Fargate profile in a cluster can be in the DELETING status at a time.
// You must wait for a Fargate profile to finish deleting before you can delete any
// other profiles in that cluster.
DeleteFargateProfile(ctx context.Context, params *DeleteFargateProfileInput, optFns ...func(*Options)) (*DeleteFargateProfileOutput, error)
// Deletes a managed node group.
DeleteNodegroup(ctx context.Context, params *DeleteNodegroupInput, optFns ...func(*Options)) (*DeleteNodegroupOutput, error)
// Deletes a EKS Pod Identity association.
//
// The temporary Amazon Web Services credentials from the previous IAM role
// session might still be valid until the session expiry. If you need to
// immediately revoke the temporary session credentials, then go to the role in the
// IAM console.
DeletePodIdentityAssociation(ctx context.Context, params *DeletePodIdentityAssociationInput, optFns ...func(*Options)) (*DeletePodIdentityAssociationOutput, error)
// Deregisters a connected cluster to remove it from the Amazon EKS control plane.
//
// A connected cluster is a Kubernetes cluster that you've connected to your
// control plane using the [Amazon EKS Connector].
//
// [Amazon EKS Connector]: https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
DeregisterCluster(ctx context.Context, params *DeregisterClusterInput, optFns ...func(*Options)) (*DeregisterClusterOutput, error)
// Describes an access entry.
DescribeAccessEntry(ctx context.Context, params *DescribeAccessEntryInput, optFns ...func(*Options)) (*DescribeAccessEntryOutput, error)
// Describes an Amazon EKS add-on.
DescribeAddon(ctx context.Context, params *DescribeAddonInput, optFns ...func(*Options)) (*DescribeAddonOutput, error)
// Returns configuration options.
DescribeAddonConfiguration(ctx context.Context, params *DescribeAddonConfigurationInput, optFns ...func(*Options)) (*DescribeAddonConfigurationOutput, error)
// Describes the versions for an add-on.
//
// Information such as the Kubernetes versions that you can use the add-on with,
// the owner , publisher , and the type of the add-on are returned.
DescribeAddonVersions(ctx context.Context, params *DescribeAddonVersionsInput, optFns ...func(*Options)) (*DescribeAddonVersionsOutput, error)
// Describes an Amazon EKS cluster.
//
// The API server endpoint and certificate authority data returned by this
// operation are required for kubelet and kubectl to communicate with your
// Kubernetes API server. For more information, see [Creating or updating a kubeconfig file for an Amazon EKS cluster]kubeconfig .
//
// The API server endpoint and certificate authority data aren't available until
// the cluster reaches the ACTIVE state.
//
// [Creating or updating a kubeconfig file for an Amazon EKS cluster]: https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
DescribeCluster(ctx context.Context, params *DescribeClusterInput, optFns ...func(*Options)) (*DescribeClusterOutput, error)
// Returns descriptive information about a subscription.
DescribeEksAnywhereSubscription(ctx context.Context, params *DescribeEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*DescribeEksAnywhereSubscriptionOutput, error)
// Describes an Fargate profile.
DescribeFargateProfile(ctx context.Context, params *DescribeFargateProfileInput, optFns ...func(*Options)) (*DescribeFargateProfileOutput, error)
// Describes an identity provider configuration.
DescribeIdentityProviderConfig(ctx context.Context, params *DescribeIdentityProviderConfigInput, optFns ...func(*Options)) (*DescribeIdentityProviderConfigOutput, error)
// Returns details about an insight that you specify using its ID.
DescribeInsight(ctx context.Context, params *DescribeInsightInput, optFns ...func(*Options)) (*DescribeInsightOutput, error)
// Describes a managed node group.
DescribeNodegroup(ctx context.Context, params *DescribeNodegroupInput, optFns ...func(*Options)) (*DescribeNodegroupOutput, error)
// Returns descriptive information about an EKS Pod Identity association.
//
// This action requires the ID of the association. You can get the ID from the
// response to the CreatePodIdentityAssocation for newly created associations. Or,
// you can list the IDs for associations with ListPodIdentityAssociations and
// filter the list by namespace or service account.
DescribePodIdentityAssociation(ctx context.Context, params *DescribePodIdentityAssociationInput, optFns ...func(*Options)) (*DescribePodIdentityAssociationOutput, error)
// Describes an update to an Amazon EKS resource.
//
// When the status of the update is Succeeded , the update is complete. If an
// update fails, the status is Failed , and an error detail explains the reason for
// the failure.
DescribeUpdate(ctx context.Context, params *DescribeUpdateInput, optFns ...func(*Options)) (*DescribeUpdateOutput, error)
// Disassociates an access policy from an access entry.
DisassociateAccessPolicy(ctx context.Context, params *DisassociateAccessPolicyInput, optFns ...func(*Options)) (*DisassociateAccessPolicyOutput, error)
// Disassociates an identity provider configuration from a cluster.
//
// If you disassociate an identity provider from your cluster, users included in
// the provider can no longer access the cluster. However, you can still access the
// cluster with IAM principals.
DisassociateIdentityProviderConfig(ctx context.Context, params *DisassociateIdentityProviderConfigInput, optFns ...func(*Options)) (*DisassociateIdentityProviderConfigOutput, error)
// Lists the access entries for your cluster.
ListAccessEntries(ctx context.Context, params *ListAccessEntriesInput, optFns ...func(*Options)) (*ListAccessEntriesOutput, error)
// Lists the available access policies.
ListAccessPolicies(ctx context.Context, params *ListAccessPoliciesInput, optFns ...func(*Options)) (*ListAccessPoliciesOutput, error)
// Lists the installed add-ons.
ListAddons(ctx context.Context, params *ListAddonsInput, optFns ...func(*Options)) (*ListAddonsOutput, error)
// Lists the access policies associated with an access entry.
ListAssociatedAccessPolicies(ctx context.Context, params *ListAssociatedAccessPoliciesInput, optFns ...func(*Options)) (*ListAssociatedAccessPoliciesOutput, error)
// Lists the Amazon EKS clusters in your Amazon Web Services account in the
// specified Amazon Web Services Region.
ListClusters(ctx context.Context, params *ListClustersInput, optFns ...func(*Options)) (*ListClustersOutput, error)
// Displays the full description of the subscription.
ListEksAnywhereSubscriptions(ctx context.Context, params *ListEksAnywhereSubscriptionsInput, optFns ...func(*Options)) (*ListEksAnywhereSubscriptionsOutput, error)
// Lists the Fargate profiles associated with the specified cluster in your Amazon
// Web Services account in the specified Amazon Web Services Region.
ListFargateProfiles(ctx context.Context, params *ListFargateProfilesInput, optFns ...func(*Options)) (*ListFargateProfilesOutput, error)
// Lists the identity provider configurations for your cluster.
ListIdentityProviderConfigs(ctx context.Context, params *ListIdentityProviderConfigsInput, optFns ...func(*Options)) (*ListIdentityProviderConfigsOutput, error)
// Returns a list of all insights checked for against the specified cluster. You
// can filter which insights are returned by category, associated Kubernetes
// version, and status.
ListInsights(ctx context.Context, params *ListInsightsInput, optFns ...func(*Options)) (*ListInsightsOutput, error)
// Lists the managed node groups associated with the specified cluster in your
// Amazon Web Services account in the specified Amazon Web Services Region.
// Self-managed node groups aren't listed.
ListNodegroups(ctx context.Context, params *ListNodegroupsInput, optFns ...func(*Options)) (*ListNodegroupsOutput, error)
// List the EKS Pod Identity associations in a cluster. You can filter the list by
// the namespace that the association is in or the service account that the
// association uses.
ListPodIdentityAssociations(ctx context.Context, params *ListPodIdentityAssociationsInput, optFns ...func(*Options)) (*ListPodIdentityAssociationsOutput, error)
// List the tags for an Amazon EKS resource.
ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
// Lists the updates associated with an Amazon EKS resource in your Amazon Web
// Services account, in the specified Amazon Web Services Region.
ListUpdates(ctx context.Context, params *ListUpdatesInput, optFns ...func(*Options)) (*ListUpdatesOutput, error)
// Connects a Kubernetes cluster to the Amazon EKS control plane.
//
// Any Kubernetes cluster can be connected to the Amazon EKS control plane to view
// current information about the cluster and its nodes.
//
// Cluster connection requires two steps. First, send a RegisterClusterRequest to add it to the Amazon
// EKS control plane.
//
// Second, a [Manifest] containing the activationID and activationCode must be applied to
// the Kubernetes cluster through it's native provider to provide visibility.
//
// After the manifest is updated and applied, the connected cluster is visible to
// the Amazon EKS control plane. If the manifest isn't applied within three days,
// the connected cluster will no longer be visible and must be deregistered using
// DeregisterCluster .
//
// [Manifest]: https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml
RegisterCluster(ctx context.Context, params *RegisterClusterInput, optFns ...func(*Options)) (*RegisterClusterOutput, error)
// Associates the specified tags to an Amazon EKS resource with the specified
// resourceArn . If existing tags on a resource are not specified in the request
// parameters, they aren't changed. When a resource is deleted, the tags associated
// with that resource are also deleted. Tags that you create for Amazon EKS
// resources don't propagate to any other resources associated with the cluster.
// For example, if you tag a cluster with this operation, that tag doesn't
// automatically propagate to the subnets and nodes associated with the cluster.
TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
// Deletes specified tags from an Amazon EKS resource.
UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
// Updates an access entry.
UpdateAccessEntry(ctx context.Context, params *UpdateAccessEntryInput, optFns ...func(*Options)) (*UpdateAccessEntryOutput, error)
// Updates an Amazon EKS add-on.
UpdateAddon(ctx context.Context, params *UpdateAddonInput, optFns ...func(*Options)) (*UpdateAddonOutput, error)
// Updates an Amazon EKS cluster configuration. Your cluster continues to function
// during the update. The response output includes an update ID that you can use to
// track the status of your cluster update with DescribeUpdate "/>.
//
// You can use this API operation to enable or disable exporting the Kubernetes
// control plane logs for your cluster to CloudWatch Logs. By default, cluster
// control plane logs aren't exported to CloudWatch Logs. For more information, see
// [Amazon EKS Cluster control plane logs]in the Amazon EKS User Guide .
//
// CloudWatch Logs ingestion, archive storage, and data scanning rates apply to
// exported control plane logs. For more information, see [CloudWatch Pricing].
//
// You can also use this API operation to enable or disable public and private
// access to your cluster's Kubernetes API server endpoint. By default, public
// access is enabled, and private access is disabled. For more information, see [Amazon EKS cluster endpoint access control]in
// the Amazon EKS User Guide .
//
// You can also use this API operation to choose different subnets and security
// groups for the cluster. You must specify at least two subnets that are in
// different Availability Zones. You can't change which VPC the subnets are from,
// the subnets must be in the same VPC as the subnets that the cluster was created
// with. For more information about the VPC requirements, see [https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html]in the Amazon EKS
// User Guide .
//
// You can also use this API operation to enable or disable ARC zonal shift. If
// zonal shift is enabled, Amazon Web Services configures zonal autoshift for the
// cluster.
//
// Cluster updates are asynchronous, and they should finish within a few minutes.
// During an update, the cluster status moves to UPDATING (this status transition
// is eventually consistent). When the update is complete (either Failed or
// Successful ), the cluster status moves to Active .
//
// [Amazon EKS Cluster control plane logs]: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html
// [CloudWatch Pricing]: http://aws.amazon.com/cloudwatch/pricing/
// [https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html]: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html
// [Amazon EKS cluster endpoint access control]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
UpdateClusterConfig(ctx context.Context, params *UpdateClusterConfigInput, optFns ...func(*Options)) (*UpdateClusterConfigOutput, error)
// Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster
// continues to function during the update. The response output includes an update
// ID that you can use to track the status of your cluster update with the DescribeUpdateAPI
// operation.
//
// Cluster updates are asynchronous, and they should finish within a few minutes.
// During an update, the cluster status moves to UPDATING (this status transition
// is eventually consistent). When the update is complete (either Failed or
// Successful ), the cluster status moves to Active .
//
// If your cluster has managed node groups attached to it, all of your node
// groups’ Kubernetes versions must match the cluster’s Kubernetes version in order
// to update the cluster to a new Kubernetes version.
UpdateClusterVersion(ctx context.Context, params *UpdateClusterVersionInput, optFns ...func(*Options)) (*UpdateClusterVersionOutput, error)
// Update an EKS Anywhere Subscription. Only auto renewal and tags can be updated
// after subscription creation.
UpdateEksAnywhereSubscription(ctx context.Context, params *UpdateEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*UpdateEksAnywhereSubscriptionOutput, error)
// Updates an Amazon EKS managed node group configuration. Your node group
// continues to function during the update. The response output includes an update
// ID that you can use to track the status of your node group update with the DescribeUpdateAPI
// operation. Currently you can update the Kubernetes labels for a node group or
// the scaling configuration.
UpdateNodegroupConfig(ctx context.Context, params *UpdateNodegroupConfigInput, optFns ...func(*Options)) (*UpdateNodegroupConfigOutput, error)
// Updates the Kubernetes version or AMI version of an Amazon EKS managed node
// group.
//
// You can update a node group using a launch template only if the node group was
// originally deployed with a launch template. If you need to update a custom AMI
// in a node group that was deployed with a launch template, then update your
// custom AMI, specify the new ID in a new version of the launch template, and then
// update the node group to the new version of the launch template.
//
// If you update without a launch template, then you can update to the latest
// available AMI version of a node group's current Kubernetes version by not
// specifying a Kubernetes version in the request. You can update to the latest AMI
// version of your cluster's current Kubernetes version by specifying your
// cluster's Kubernetes version in the request. For information about Linux
// versions, see [Amazon EKS optimized Amazon Linux AMI versions]in the Amazon EKS User Guide. For information about Windows
// versions, see [Amazon EKS optimized Windows AMI versions]in the Amazon EKS User Guide.
//
// You cannot roll back a node group to an earlier Kubernetes version or AMI
// version.
//
// When a node in a managed node group is terminated due to a scaling action or
// update, every Pod on that node is drained first. Amazon EKS attempts to drain
// the nodes gracefully and will fail if it is unable to do so. You can force the
// update if Amazon EKS is unable to drain the nodes as a result of a Pod
// disruption budget issue.
//
// [Amazon EKS optimized Amazon Linux AMI versions]: https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html
// [Amazon EKS optimized Windows AMI versions]: https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html
UpdateNodegroupVersion(ctx context.Context, params *UpdateNodegroupVersionInput, optFns ...func(*Options)) (*UpdateNodegroupVersionOutput, error)
// Updates a EKS Pod Identity association. Only the IAM role can be changed; an
// association can't be moved between clusters, namespaces, or service accounts. If
// you need to edit the namespace or service account, you need to delete the
// association and then create a new association with your desired settings.
UpdatePodIdentityAssociation(ctx context.Context, params *UpdatePodIdentityAssociationInput, optFns ...func(*Options)) (*UpdatePodIdentityAssociationOutput, error)
}
EKS provides an interface to the AWS EKS service.
type ELB ¶ added in v0.91.0
type ELB interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() elasticloadbalancing.Options
// Adds the specified tags to the specified load balancer. Each load balancer can
// have a maximum of 10 tags.
//
// Each tag consists of a key and an optional value. If a tag with the same key is
// already associated with the load balancer, AddTags updates its value.
//
// For more information, see [Tag Your Classic Load Balancer] in the Classic Load Balancers Guide.
//
// [Tag Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/add-remove-tags.html
AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
// Associates one or more security groups with your load balancer in a virtual
// private cloud (VPC). The specified security groups override the previously
// associated security groups.
//
// For more information, see [Security Groups for Load Balancers in a VPC] in the Classic Load Balancers Guide.
//
// [Security Groups for Load Balancers in a VPC]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-security-groups
ApplySecurityGroupsToLoadBalancer(ctx context.Context, params *ApplySecurityGroupsToLoadBalancerInput, optFns ...func(*Options)) (*ApplySecurityGroupsToLoadBalancerOutput, error)
// Adds one or more subnets to the set of configured subnets for the specified
// load balancer.
//
// The load balancer evenly distributes requests across all registered subnets.
// For more information, see [Add or Remove Subnets for Your Load Balancer in a VPC]in the Classic Load Balancers Guide.
//
// [Add or Remove Subnets for Your Load Balancer in a VPC]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html
AttachLoadBalancerToSubnets(ctx context.Context, params *AttachLoadBalancerToSubnetsInput, optFns ...func(*Options)) (*AttachLoadBalancerToSubnetsOutput, error)
// Specifies the health check settings to use when evaluating the health state of
// your EC2 instances.
//
// For more information, see [Configure Health Checks for Your Load Balancer] in the Classic Load Balancers Guide.
//
// [Configure Health Checks for Your Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html
ConfigureHealthCheck(ctx context.Context, params *ConfigureHealthCheckInput, optFns ...func(*Options)) (*ConfigureHealthCheckOutput, error)
// Generates a stickiness policy with sticky session lifetimes that follow that of
// an application-generated cookie. This policy can be associated only with
// HTTP/HTTPS listeners.
//
// This policy is similar to the policy created by CreateLBCookieStickinessPolicy, except that the lifetime of
// the special Elastic Load Balancing cookie, AWSELB , follows the lifetime of the
// application-generated cookie specified in the policy configuration. The load
// balancer only inserts a new stickiness cookie when the application response
// includes a new application cookie.
//
// If the application cookie is explicitly removed or expires, the session stops
// being sticky until a new application cookie is issued.
//
// For more information, see [Application-Controlled Session Stickiness] in the Classic Load Balancers Guide.
//
// [Application-Controlled Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application
CreateAppCookieStickinessPolicy(ctx context.Context, params *CreateAppCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateAppCookieStickinessPolicyOutput, error)
// Generates a stickiness policy with sticky session lifetimes controlled by the
// lifetime of the browser (user-agent) or a specified expiration period. This
// policy can be associated only with HTTP/HTTPS listeners.
//
// When a load balancer implements this policy, the load balancer uses a special
// cookie to track the instance for each request. When the load balancer receives a
// request, it first checks to see if this cookie is present in the request. If so,
// the load balancer sends the request to the application server specified in the
// cookie. If not, the load balancer sends the request to a server that is chosen
// based on the existing load-balancing algorithm.
//
// A cookie is inserted into the response for binding subsequent requests from the
// same user to that server. The validity of the cookie is based on the cookie
// expiration time, which is specified in the policy configuration.
//
// For more information, see [Duration-Based Session Stickiness] in the Classic Load Balancers Guide.
//
// [Duration-Based Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration
CreateLBCookieStickinessPolicy(ctx context.Context, params *CreateLBCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateLBCookieStickinessPolicyOutput, error)
// Creates a Classic Load Balancer.
//
// You can add listeners, security groups, subnets, and tags when you create your
// load balancer, or you can add them later using CreateLoadBalancerListeners, ApplySecurityGroupsToLoadBalancer, AttachLoadBalancerToSubnets, and AddTags.
//
// To describe your current load balancers, see DescribeLoadBalancers. When you are finished with a
// load balancer, you can delete it using DeleteLoadBalancer.
//
// You can create up to 20 load balancers per region per account. You can request
// an increase for the number of load balancers for your account. For more
// information, see [Limits for Your Classic Load Balancer]in the Classic Load Balancers Guide.
//
// [Limits for Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html
CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
// Creates one or more listeners for the specified load balancer. If a listener
// with the specified port does not already exist, it is created; otherwise, the
// properties of the new listener must match the properties of the existing
// listener.
//
// For more information, see [Listeners for Your Classic Load Balancer] in the Classic Load Balancers Guide.
//
// [Listeners for Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html
CreateLoadBalancerListeners(ctx context.Context, params *CreateLoadBalancerListenersInput, optFns ...func(*Options)) (*CreateLoadBalancerListenersOutput, error)
// Creates a policy with the specified attributes for the specified load balancer.
//
// Policies are settings that are saved for your load balancer and that can be
// applied to the listener or the application server, depending on the policy type.
CreateLoadBalancerPolicy(ctx context.Context, params *CreateLoadBalancerPolicyInput, optFns ...func(*Options)) (*CreateLoadBalancerPolicyOutput, error)
// Deletes the specified load balancer.
//
// If you are attempting to recreate a load balancer, you must reconfigure all
// settings. The DNS name associated with a deleted load balancer are no longer
// usable. The name and associated DNS record of the deleted load balancer no
// longer exist and traffic sent to any of its IP addresses is no longer delivered
// to your instances.
//
// If the load balancer does not exist or has already been deleted, the call to
// DeleteLoadBalancer still succeeds.
DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
// Deletes the specified listeners from the specified load balancer.
DeleteLoadBalancerListeners(ctx context.Context, params *DeleteLoadBalancerListenersInput, optFns ...func(*Options)) (*DeleteLoadBalancerListenersOutput, error)
// Deletes the specified policy from the specified load balancer. This policy must
// not be enabled for any listeners.
DeleteLoadBalancerPolicy(ctx context.Context, params *DeleteLoadBalancerPolicyInput, optFns ...func(*Options)) (*DeleteLoadBalancerPolicyOutput, error)
// Deregisters the specified instances from the specified load balancer. After the
// instance is deregistered, it no longer receives traffic from the load balancer.
//
// You can use DescribeLoadBalancers to verify that the instance is deregistered from the load balancer.
//
// For more information, see [Register or De-Register EC2 Instances] in the Classic Load Balancers Guide.
//
// [Register or De-Register EC2 Instances]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html
DeregisterInstancesFromLoadBalancer(ctx context.Context, params *DeregisterInstancesFromLoadBalancerInput, optFns ...func(*Options)) (*DeregisterInstancesFromLoadBalancerOutput, error)
// Describes the current Elastic Load Balancing resource limits for your AWS
// account.
//
// For more information, see [Limits for Your Classic Load Balancer] in the Classic Load Balancers Guide.
//
// [Limits for Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Describes the state of the specified instances with respect to the specified
// load balancer. If no instances are specified, the call describes the state of
// all instances that are currently registered with the load balancer. If instances
// are specified, their state is returned even if they are no longer registered
// with the load balancer. The state of terminated instances is not returned.
DescribeInstanceHealth(ctx context.Context, params *DescribeInstanceHealthInput, optFns ...func(*Options)) (*DescribeInstanceHealthOutput, error)
// Describes the attributes for the specified load balancer.
DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
// Describes the specified policies.
//
// If you specify a load balancer name, the action returns the descriptions of all
// policies created for the load balancer. If you specify a policy name associated
// with your load balancer, the action returns the description of that policy. If
// you don't specify a load balancer name, the action returns descriptions of the
// specified sample policies, or descriptions of all sample policies. The names of
// the sample policies have the ELBSample- prefix.
DescribeLoadBalancerPolicies(ctx context.Context, params *DescribeLoadBalancerPoliciesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPoliciesOutput, error)
// Describes the specified load balancer policy types or all load balancer policy
// types.
//
// The description of each type indicates how it can be used. For example, some
// policies can be used only with layer 7 listeners, some policies can be used only
// with layer 4 listeners, and some policies can be used only with your EC2
// instances.
//
// You can use CreateLoadBalancerPolicy to create a policy configuration for any of these policy types.
// Then, depending on the policy type, use either SetLoadBalancerPoliciesOfListeneror SetLoadBalancerPoliciesForBackendServer to set the policy.
DescribeLoadBalancerPolicyTypes(ctx context.Context, params *DescribeLoadBalancerPolicyTypesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPolicyTypesOutput, error)
// Describes the specified the load balancers. If no load balancers are specified,
// the call describes all of your load balancers.
DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
// Describes the tags associated with the specified load balancers.
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Removes the specified subnets from the set of configured subnets for the load
// balancer.
//
// After a subnet is removed, all EC2 instances registered with the load balancer
// in the removed subnet go into the OutOfService state. Then, the load balancer
// balances the traffic among the remaining routable subnets.
DetachLoadBalancerFromSubnets(ctx context.Context, params *DetachLoadBalancerFromSubnetsInput, optFns ...func(*Options)) (*DetachLoadBalancerFromSubnetsOutput, error)
// Removes the specified Availability Zones from the set of Availability Zones for
// the specified load balancer in EC2-Classic or a default VPC.
//
// For load balancers in a non-default VPC, use DetachLoadBalancerFromSubnets.
//
// There must be at least one Availability Zone registered with a load balancer at
// all times. After an Availability Zone is removed, all instances registered with
// the load balancer that are in the removed Availability Zone go into the
// OutOfService state. Then, the load balancer attempts to equally balance the
// traffic among its remaining Availability Zones.
//
// For more information, see [Add or Remove Availability Zones] in the Classic Load Balancers Guide.
//
// [Add or Remove Availability Zones]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html
DisableAvailabilityZonesForLoadBalancer(ctx context.Context, params *DisableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*DisableAvailabilityZonesForLoadBalancerOutput, error)
// Adds the specified Availability Zones to the set of Availability Zones for the
// specified load balancer in EC2-Classic or a default VPC.
//
// For load balancers in a non-default VPC, use AttachLoadBalancerToSubnets.
//
// The load balancer evenly distributes requests across all its registered
// Availability Zones that contain instances. For more information, see [Add or Remove Availability Zones]in the
// Classic Load Balancers Guide.
//
// [Add or Remove Availability Zones]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html
EnableAvailabilityZonesForLoadBalancer(ctx context.Context, params *EnableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*EnableAvailabilityZonesForLoadBalancerOutput, error)
// Modifies the attributes of the specified load balancer.
//
// You can modify the load balancer attributes, such as AccessLogs ,
// ConnectionDraining , and CrossZoneLoadBalancing by either enabling or disabling
// them. Or, you can modify the load balancer attribute ConnectionSettings by
// specifying an idle connection timeout value for your load balancer.
//
// For more information, see the following in the Classic Load Balancers Guide:
//
// [Cross-Zone Load Balancing]
//
// [Connection Draining]
//
// [Access Logs]
//
// [Idle Connection Timeout]
//
// [Cross-Zone Load Balancing]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-crosszone-lb.html
// [Idle Connection Timeout]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html
// [Access Logs]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html
// [Connection Draining]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-conn-drain.html
ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
// Adds the specified instances to the specified load balancer.
//
// The instance must be a running instance in the same network as the load
// balancer (EC2-Classic or the same VPC). If you have EC2-Classic instances and a
// load balancer in a VPC with ClassicLink enabled, you can link the EC2-Classic
// instances to that VPC and then register the linked EC2-Classic instances with
// the load balancer in the VPC.
//
// Note that RegisterInstanceWithLoadBalancer completes when the request has been
// registered. Instance registration takes a little time to complete. To check the
// state of the registered instances, use DescribeLoadBalancersor DescribeInstanceHealth.
//
// After the instance is registered, it starts receiving traffic and requests from
// the load balancer. Any instance that is not in one of the Availability Zones
// registered for the load balancer is moved to the OutOfService state. If an
// Availability Zone is added to the load balancer later, any instances registered
// with the load balancer move to the InService state.
//
// To deregister instances from a load balancer, use DeregisterInstancesFromLoadBalancer.
//
// For more information, see [Register or De-Register EC2 Instances] in the Classic Load Balancers Guide.
//
// [Register or De-Register EC2 Instances]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html
RegisterInstancesWithLoadBalancer(ctx context.Context, params *RegisterInstancesWithLoadBalancerInput, optFns ...func(*Options)) (*RegisterInstancesWithLoadBalancerOutput, error)
// Removes one or more tags from the specified load balancer.
RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
// Sets the certificate that terminates the specified listener's SSL connections.
// The specified certificate replaces any prior certificate that was used on the
// same load balancer and port.
//
// For more information about updating your SSL certificate, see [Replace the SSL Certificate for Your Load Balancer] in the Classic
// Load Balancers Guide.
//
// [Replace the SSL Certificate for Your Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-update-ssl-cert.html
SetLoadBalancerListenerSSLCertificate(ctx context.Context, params *SetLoadBalancerListenerSSLCertificateInput, optFns ...func(*Options)) (*SetLoadBalancerListenerSSLCertificateOutput, error)
// Replaces the set of policies associated with the specified port on which the
// EC2 instance is listening with a new set of policies. At this time, only the
// back-end server authentication policy type can be applied to the instance ports;
// this policy type is composed of multiple public key policies.
//
// Each time you use SetLoadBalancerPoliciesForBackendServer to enable the
// policies, use the PolicyNames parameter to list the policies that you want to
// enable.
//
// You can use DescribeLoadBalancers or DescribeLoadBalancerPolicies to verify that the policy is associated with the EC2 instance.
//
// For more information about enabling back-end instance authentication, see [Configure Back-end Instance Authentication] in
// the Classic Load Balancers Guide. For more information about Proxy Protocol, see
// [Configure Proxy Protocol Support]in the Classic Load Balancers Guide.
//
// [Configure Back-end Instance Authentication]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html#configure_backendauth_clt
// [Configure Proxy Protocol Support]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
SetLoadBalancerPoliciesForBackendServer(ctx context.Context, params *SetLoadBalancerPoliciesForBackendServerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesForBackendServerOutput, error)
// Replaces the current set of policies for the specified load balancer port with
// the specified set of policies.
//
// To enable back-end server authentication, use SetLoadBalancerPoliciesForBackendServer.
//
// For more information about setting policies, see [Update the SSL Negotiation Configuration], [Duration-Based Session Stickiness], and [Application-Controlled Session Stickiness] in the Classic Load
// Balancers Guide.
//
// [Update the SSL Negotiation Configuration]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-config-update.html
// [Duration-Based Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration
// [Application-Controlled Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application
SetLoadBalancerPoliciesOfListener(ctx context.Context, params *SetLoadBalancerPoliciesOfListenerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesOfListenerOutput, error)
}
ELB provides an interface to the AWS ELB service.
type ELBV2 ¶ added in v0.91.0
type ELBV2 interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() elasticloadbalancingv2.Options
// Adds the specified SSL server certificate to the certificate list for the
// specified HTTPS or TLS listener.
//
// If the certificate in already in the certificate list, the call is successful
// but the certificate is not added again.
//
// For more information, see [HTTPS listeners] in the Application Load Balancers Guide or [TLS listeners] in the
// Network Load Balancers Guide.
//
// [TLS listeners]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html
// [HTTPS listeners]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
AddListenerCertificates(ctx context.Context, params *AddListenerCertificatesInput, optFns ...func(*Options)) (*AddListenerCertificatesOutput, error)
// Adds the specified tags to the specified Elastic Load Balancing resource. You
// can tag your Application Load Balancers, Network Load Balancers, Gateway Load
// Balancers, target groups, trust stores, listeners, and rules.
//
// Each tag consists of a key and an optional value. If a resource already has a
// tag with the same key, AddTags updates its value.
AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
// Adds the specified revocation file to the specified trust store.
AddTrustStoreRevocations(ctx context.Context, params *AddTrustStoreRevocationsInput, optFns ...func(*Options)) (*AddTrustStoreRevocationsOutput, error)
// Creates a listener for the specified Application Load Balancer, Network Load
// Balancer, or Gateway Load Balancer.
//
// For more information, see the following:
//
// [Listeners for your Application Load Balancers]
//
// [Listeners for your Network Load Balancers]
//
// [Listeners for your Gateway Load Balancers]
//
// This operation is idempotent, which means that it completes at most one time.
// If you attempt to create multiple listeners with the same settings, each call
// succeeds.
//
// [Listeners for your Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-listeners.html
// [Listeners for your Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
// [Listeners for your Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-listeners.html
CreateListener(ctx context.Context, params *CreateListenerInput, optFns ...func(*Options)) (*CreateListenerOutput, error)
// Creates an Application Load Balancer, Network Load Balancer, or Gateway Load
// Balancer.
//
// For more information, see the following:
//
// [Application Load Balancers]
//
// [Network Load Balancers]
//
// [Gateway Load Balancers]
//
// This operation is idempotent, which means that it completes at most one time.
// If you attempt to create multiple load balancers with the same settings, each
// call succeeds.
//
// [Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html
// [Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html
// [Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html
CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
// Creates a rule for the specified listener. The listener must be associated with
// an Application Load Balancer.
//
// Each rule consists of a priority, one or more actions, and one or more
// conditions. Rules are evaluated in priority order, from the lowest value to the
// highest value. When the conditions for a rule are met, its actions are
// performed. If the conditions for no rules are met, the actions for the default
// rule are performed. For more information, see [Listener rules]in the Application Load Balancers
// Guide.
//
// [Listener rules]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules
CreateRule(ctx context.Context, params *CreateRuleInput, optFns ...func(*Options)) (*CreateRuleOutput, error)
// Creates a target group.
//
// For more information, see the following:
//
// [Target groups for your Application Load Balancers]
//
// [Target groups for your Network Load Balancers]
//
// [Target groups for your Gateway Load Balancers]
//
// This operation is idempotent, which means that it completes at most one time.
// If you attempt to create multiple target groups with the same settings, each
// call succeeds.
//
// [Target groups for your Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html
// [Target groups for your Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html
// [Target groups for your Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html
CreateTargetGroup(ctx context.Context, params *CreateTargetGroupInput, optFns ...func(*Options)) (*CreateTargetGroupOutput, error)
// Creates a trust store.
CreateTrustStore(ctx context.Context, params *CreateTrustStoreInput, optFns ...func(*Options)) (*CreateTrustStoreOutput, error)
// Deletes the specified listener.
//
// Alternatively, your listener is deleted when you delete the load balancer to
// which it is attached.
DeleteListener(ctx context.Context, params *DeleteListenerInput, optFns ...func(*Options)) (*DeleteListenerOutput, error)
// Deletes the specified Application Load Balancer, Network Load Balancer, or
// Gateway Load Balancer. Deleting a load balancer also deletes its listeners.
//
// You can't delete a load balancer if deletion protection is enabled. If the load
// balancer does not exist or has already been deleted, the call succeeds.
//
// Deleting a load balancer does not affect its registered targets. For example,
// your EC2 instances continue to run and are still registered to their target
// groups. If you no longer need these EC2 instances, you can stop or terminate
// them.
DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
// Deletes the specified rule.
//
// You can't delete the default rule.
DeleteRule(ctx context.Context, params *DeleteRuleInput, optFns ...func(*Options)) (*DeleteRuleOutput, error)
DeleteSharedTrustStoreAssociation(ctx context.Context, params *DeleteSharedTrustStoreAssociationInput, optFns ...func(*Options)) (*DeleteSharedTrustStoreAssociationOutput, error)
// Deletes the specified target group.
//
// You can delete a target group if it is not referenced by any actions. Deleting
// a target group also deletes any associated health checks. Deleting a target
// group does not affect its registered targets. For example, any EC2 instances
// continue to run until you stop or terminate them.
DeleteTargetGroup(ctx context.Context, params *DeleteTargetGroupInput, optFns ...func(*Options)) (*DeleteTargetGroupOutput, error)
// Deletes a trust store.
DeleteTrustStore(ctx context.Context, params *DeleteTrustStoreInput, optFns ...func(*Options)) (*DeleteTrustStoreOutput, error)
// Deregisters the specified targets from the specified target group. After the
// targets are deregistered, they no longer receive traffic from the load balancer.
//
// The load balancer stops sending requests to targets that are deregistering, but
// uses connection draining to ensure that in-flight traffic completes on the
// existing connections. This deregistration delay is configured by default but can
// be updated for each target group.
//
// For more information, see the following:
//
// [Deregistration delay]
// - in the Application Load Balancers User Guide
//
// [Deregistration delay]
// - in the Network Load Balancers User Guide
//
// [Deregistration delay]
// - in the Gateway Load Balancers User Guide
//
// Note: If the specified target does not exist, the action returns successfully.
//
// [Deregistration delay]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#deregistration-delay
DeregisterTargets(ctx context.Context, params *DeregisterTargetsInput, optFns ...func(*Options)) (*DeregisterTargetsOutput, error)
// Describes the current Elastic Load Balancing resource limits for your Amazon
// Web Services account.
//
// For more information, see the following:
//
// [Quotas for your Application Load Balancers]
//
// [Quotas for your Network Load Balancers]
//
// [Quotas for your Gateway Load Balancers]
//
// [Quotas for your Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html
// [Quotas for your Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html
// [Quotas for your Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Describes the capacity reservation status for the specified load balancer.
DescribeCapacityReservation(ctx context.Context, params *DescribeCapacityReservationInput, optFns ...func(*Options)) (*DescribeCapacityReservationOutput, error)
// Describes the attributes for the specified listener.
DescribeListenerAttributes(ctx context.Context, params *DescribeListenerAttributesInput, optFns ...func(*Options)) (*DescribeListenerAttributesOutput, error)
// Describes the default certificate and the certificate list for the specified
// HTTPS or TLS listener.
//
// If the default certificate is also in the certificate list, it appears twice in
// the results (once with IsDefault set to true and once with IsDefault set to
// false).
//
// For more information, see [SSL certificates] in the Application Load Balancers Guide or [Server certificates] in the
// Network Load Balancers Guide.
//
// [Server certificates]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificate
// [SSL certificates]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#https-listener-certificates
DescribeListenerCertificates(ctx context.Context, params *DescribeListenerCertificatesInput, optFns ...func(*Options)) (*DescribeListenerCertificatesOutput, error)
// Describes the specified listeners or the listeners for the specified
// Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. You
// must specify either a load balancer or one or more listeners.
DescribeListeners(ctx context.Context, params *DescribeListenersInput, optFns ...func(*Options)) (*DescribeListenersOutput, error)
// Describes the attributes for the specified Application Load Balancer, Network
// Load Balancer, or Gateway Load Balancer.
//
// For more information, see the following:
//
// [Load balancer attributes]
// - in the Application Load Balancers Guide
//
// [Load balancer attributes]
// - in the Network Load Balancers Guide
//
// [Load balancer attributes]
// - in the Gateway Load Balancers Guide
//
// [Load balancer attributes]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html#load-balancer-attributes
DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
// Describes the specified load balancers or all of your load balancers.
DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
// Describes the specified rules or the rules for the specified listener. You must
// specify either a listener or one or more rules.
DescribeRules(ctx context.Context, params *DescribeRulesInput, optFns ...func(*Options)) (*DescribeRulesOutput, error)
// Describes the specified policies or all policies used for SSL negotiation.
//
// For more information, see [Security policies] in the Application Load Balancers Guide or [Security policies] in the
// Network Load Balancers Guide.
//
// [Security policies]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies
DescribeSSLPolicies(ctx context.Context, params *DescribeSSLPoliciesInput, optFns ...func(*Options)) (*DescribeSSLPoliciesOutput, error)
// Describes the tags for the specified Elastic Load Balancing resources. You can
// describe the tags for one or more Application Load Balancers, Network Load
// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Describes the attributes for the specified target group.
//
// For more information, see the following:
//
// [Target group attributes]
// - in the Application Load Balancers Guide
//
// [Target group attributes]
// - in the Network Load Balancers Guide
//
// [Target group attributes]
// - in the Gateway Load Balancers Guide
//
// [Target group attributes]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#target-group-attributes
DescribeTargetGroupAttributes(ctx context.Context, params *DescribeTargetGroupAttributesInput, optFns ...func(*Options)) (*DescribeTargetGroupAttributesOutput, error)
// Describes the specified target groups or all of your target groups. By default,
// all target groups are described. Alternatively, you can specify one of the
// following to filter the results: the ARN of the load balancer, the names of one
// or more target groups, or the ARNs of one or more target groups.
DescribeTargetGroups(ctx context.Context, params *DescribeTargetGroupsInput, optFns ...func(*Options)) (*DescribeTargetGroupsOutput, error)
// Describes the health of the specified targets or all of your targets.
DescribeTargetHealth(ctx context.Context, params *DescribeTargetHealthInput, optFns ...func(*Options)) (*DescribeTargetHealthOutput, error)
// Describes all resources associated with the specified trust store.
DescribeTrustStoreAssociations(ctx context.Context, params *DescribeTrustStoreAssociationsInput, optFns ...func(*Options)) (*DescribeTrustStoreAssociationsOutput, error)
// Describes the revocation files in use by the specified trust store or
// revocation files.
DescribeTrustStoreRevocations(ctx context.Context, params *DescribeTrustStoreRevocationsInput, optFns ...func(*Options)) (*DescribeTrustStoreRevocationsOutput, error)
// Describes all trust stores for the specified account.
DescribeTrustStores(ctx context.Context, params *DescribeTrustStoresInput, optFns ...func(*Options)) (*DescribeTrustStoresOutput, error)
// Retrieves the resource policy for a specified resource.
GetResourcePolicy(ctx context.Context, params *GetResourcePolicyInput, optFns ...func(*Options)) (*GetResourcePolicyOutput, error)
// Retrieves the ca certificate bundle.
//
// This action returns a pre-signed S3 URI which is active for ten minutes.
GetTrustStoreCaCertificatesBundle(ctx context.Context, params *GetTrustStoreCaCertificatesBundleInput, optFns ...func(*Options)) (*GetTrustStoreCaCertificatesBundleOutput, error)
// Retrieves the specified revocation file.
//
// This action returns a pre-signed S3 URI which is active for ten minutes.
GetTrustStoreRevocationContent(ctx context.Context, params *GetTrustStoreRevocationContentInput, optFns ...func(*Options)) (*GetTrustStoreRevocationContentOutput, error)
// Modifies the capacity reservation of the specified load balancer.
//
// When modifying capacity reservation, you must include at least one
// MinimumLoadBalancerCapacity or ResetCapacityReservation .
ModifyCapacityReservation(ctx context.Context, params *ModifyCapacityReservationInput, optFns ...func(*Options)) (*ModifyCapacityReservationOutput, error)
// Replaces the specified properties of the specified listener. Any properties
// that you do not specify remain unchanged.
//
// Changing the protocol from HTTPS to HTTP, or from TLS to TCP, removes the
// security policy and default certificate properties. If you change the protocol
// from HTTP to HTTPS, or from TCP to TLS, you must add the security policy and
// default certificate properties.
//
// To add an item to a list, remove an item from a list, or update an item in a
// list, you must provide the entire list. For example, to add an action, specify a
// list with the current actions plus the new action.
ModifyListener(ctx context.Context, params *ModifyListenerInput, optFns ...func(*Options)) (*ModifyListenerOutput, error)
// Modifies the specified attributes of the specified listener.
ModifyListenerAttributes(ctx context.Context, params *ModifyListenerAttributesInput, optFns ...func(*Options)) (*ModifyListenerAttributesOutput, error)
// Modifies the specified attributes of the specified Application Load Balancer,
// Network Load Balancer, or Gateway Load Balancer.
//
// If any of the specified attributes can't be modified as requested, the call
// fails. Any existing attributes that you do not modify retain their current
// values.
ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
// Replaces the specified properties of the specified rule. Any properties that
// you do not specify are unchanged.
//
// To add an item to a list, remove an item from a list, or update an item in a
// list, you must provide the entire list. For example, to add an action, specify a
// list with the current actions plus the new action.
ModifyRule(ctx context.Context, params *ModifyRuleInput, optFns ...func(*Options)) (*ModifyRuleOutput, error)
// Modifies the health checks used when evaluating the health state of the targets
// in the specified target group.
ModifyTargetGroup(ctx context.Context, params *ModifyTargetGroupInput, optFns ...func(*Options)) (*ModifyTargetGroupOutput, error)
// Modifies the specified attributes of the specified target group.
ModifyTargetGroupAttributes(ctx context.Context, params *ModifyTargetGroupAttributesInput, optFns ...func(*Options)) (*ModifyTargetGroupAttributesOutput, error)
// Update the ca certificate bundle for the specified trust store.
ModifyTrustStore(ctx context.Context, params *ModifyTrustStoreInput, optFns ...func(*Options)) (*ModifyTrustStoreOutput, error)
// Registers the specified targets with the specified target group.
//
// If the target is an EC2 instance, it must be in the running state when you
// register it.
//
// By default, the load balancer routes requests to registered targets using the
// protocol and port for the target group. Alternatively, you can override the port
// for a target when you register it. You can register each EC2 instance or IP
// address with the same target group multiple times using different ports.
//
// With a Network Load Balancer, you can't register instances by instance ID if
// they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1,
// G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these types by
// IP address.
RegisterTargets(ctx context.Context, params *RegisterTargetsInput, optFns ...func(*Options)) (*RegisterTargetsOutput, error)
// Removes the specified certificate from the certificate list for the specified
// HTTPS or TLS listener.
RemoveListenerCertificates(ctx context.Context, params *RemoveListenerCertificatesInput, optFns ...func(*Options)) (*RemoveListenerCertificatesOutput, error)
// Removes the specified tags from the specified Elastic Load Balancing resources.
// You can remove the tags for one or more Application Load Balancers, Network Load
// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
// Removes the specified revocation file from the specified trust store.
RemoveTrustStoreRevocations(ctx context.Context, params *RemoveTrustStoreRevocationsInput, optFns ...func(*Options)) (*RemoveTrustStoreRevocationsOutput, error)
// Sets the type of IP addresses used by the subnets of the specified load
// balancer.
SetIpAddressType(ctx context.Context, params *SetIpAddressTypeInput, optFns ...func(*Options)) (*SetIpAddressTypeOutput, error)
// Sets the priorities of the specified rules.
//
// You can reorder the rules as long as there are no priority conflicts in the new
// order. Any existing rules that you do not specify retain their current priority.
SetRulePriorities(ctx context.Context, params *SetRulePrioritiesInput, optFns ...func(*Options)) (*SetRulePrioritiesOutput, error)
// Associates the specified security groups with the specified Application Load
// Balancer or Network Load Balancer. The specified security groups override the
// previously associated security groups.
//
// You can't perform this operation on a Network Load Balancer unless you
// specified a security group for the load balancer when you created it.
//
// You can't associate a security group with a Gateway Load Balancer.
SetSecurityGroups(ctx context.Context, params *SetSecurityGroupsInput, optFns ...func(*Options)) (*SetSecurityGroupsOutput, error)
// Enables the Availability Zones for the specified public subnets for the
// specified Application Load Balancer, Network Load Balancer or Gateway Load
// Balancer. The specified subnets replace the previously enabled subnets.
//
// When you specify subnets for a Network Load Balancer, or Gateway Load Balancer
// you must include all subnets that were enabled previously, with their existing
// configurations, plus any additional subnets.
SetSubnets(ctx context.Context, params *SetSubnetsInput, optFns ...func(*Options)) (*SetSubnetsOutput, error)
}
ELBV2 provides an interface to the AWS ELBV2 service.
type IAM ¶ added in v0.94.0
type IAM interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() iam.Options
// Adds a new client ID (also known as audience) to the list of client IDs already
// registered for the specified IAM OpenID Connect (OIDC) provider resource.
//
// This operation is idempotent; it does not fail or return an error if you add an
// existing client ID to the provider.
AddClientIDToOpenIDConnectProvider(ctx context.Context, params *AddClientIDToOpenIDConnectProviderInput, optFns ...func(*Options)) (*AddClientIDToOpenIDConnectProviderOutput, error)
// Adds the specified IAM role to the specified instance profile. An instance
// profile can contain only one role, and this quota cannot be increased. You can
// remove the existing role and then add a different role to an instance profile.
// You must then wait for the change to appear across all of Amazon Web Services
// because of [eventual consistency]. To force the change, you must [disassociate the instance profile] and then [associate the instance profile], or you can stop your
// instance and then restart it.
//
// The caller of this operation must be granted the PassRole permission on the IAM
// role by a permissions policy.
//
// For more information about roles, see [IAM roles] in the IAM User Guide. For more
// information about instance profiles, see [Using instance profiles]in the IAM User Guide.
//
// [disassociate the instance profile]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
// [associate the instance profile]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
// [eventual consistency]: https://en.wikipedia.org/wiki/Eventual_consistency
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
AddRoleToInstanceProfile(ctx context.Context, params *AddRoleToInstanceProfileInput, optFns ...func(*Options)) (*AddRoleToInstanceProfileOutput, error)
// Adds the specified user to the specified group.
AddUserToGroup(ctx context.Context, params *AddUserToGroupInput, optFns ...func(*Options)) (*AddUserToGroupOutput, error)
// Attaches the specified managed policy to the specified IAM group.
//
// You use this operation to attach a managed policy to a group. To embed an
// inline policy in a group, use [PutGroupPolicy]PutGroupPolicy .
//
// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
// the IAM User Guide.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [PutGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html
// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
AttachGroupPolicy(ctx context.Context, params *AttachGroupPolicyInput, optFns ...func(*Options)) (*AttachGroupPolicyOutput, error)
// Attaches the specified managed policy to the specified IAM role. When you
// attach a managed policy to a role, the managed policy becomes part of the role's
// permission (access) policy.
//
// You cannot use a managed policy as the role's trust policy. The role's trust
// policy is created at the same time as the role, using [CreateRole]CreateRole . You can
// update a role's trust policy using [UpdateAssumerolePolicy]UpdateAssumerolePolicy .
//
// Use this operation to attach a managed policy to a role. To embed an inline
// policy in a role, use [PutRolePolicy]PutRolePolicy . For more information about policies, see [Managed policies and inline policies]
// in the IAM User Guide.
//
// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
// the IAM User Guide.
//
// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
// [UpdateAssumerolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
// [PutRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html
// [CreateRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
AttachRolePolicy(ctx context.Context, params *AttachRolePolicyInput, optFns ...func(*Options)) (*AttachRolePolicyOutput, error)
// Attaches the specified managed policy to the specified user.
//
// You use this operation to attach a managed policy to a user. To embed an inline
// policy in a user, use [PutUserPolicy]PutUserPolicy .
//
// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
// the IAM User Guide.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
// [PutUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
AttachUserPolicy(ctx context.Context, params *AttachUserPolicyInput, optFns ...func(*Options)) (*AttachUserPolicyOutput, error)
// Changes the password of the IAM user who is calling this operation. This
// operation can be performed using the CLI, the Amazon Web Services API, or the My
// Security Credentials page in the Amazon Web Services Management Console. The
// Amazon Web Services account root user password is not affected by this
// operation.
//
// Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM
// console to change the password for any IAM user. For more information about
// modifying passwords, see [Managing passwords]in the IAM User Guide.
//
// [Managing passwords]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
ChangePassword(ctx context.Context, params *ChangePasswordInput, optFns ...func(*Options)) (*ChangePasswordOutput, error)
// Creates a new Amazon Web Services secret access key and corresponding Amazon
//
// Web Services access key ID for the specified user. The default status for new
// keys is Active .
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials. This is true even if the Amazon Web Services account has
// no associated users.
//
// For information about quotas on the number of keys you can create, see [IAM and STS quotas] in the
// IAM User Guide.
//
// To ensure the security of your Amazon Web Services account, the secret access
// key is accessible only during key and user creation. You must save the key (for
// example, in a text file) if you want to be able to access it again. If a secret
// key is lost, you can delete the access keys for the associated user and then
// create new keys.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
CreateAccessKey(ctx context.Context, params *CreateAccessKeyInput, optFns ...func(*Options)) (*CreateAccessKeyOutput, error)
// Creates an alias for your Amazon Web Services account. For information about
// using an Amazon Web Services account alias, see [Creating, deleting, and listing an Amazon Web Services account alias]in the Amazon Web Services
// Sign-In User Guide.
//
// [Creating, deleting, and listing an Amazon Web Services account alias]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
CreateAccountAlias(ctx context.Context, params *CreateAccountAliasInput, optFns ...func(*Options)) (*CreateAccountAliasOutput, error)
// Creates a new group.
//
// For information about the number of groups you can create, see [IAM and STS quotas] in the IAM User
// Guide.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
CreateGroup(ctx context.Context, params *CreateGroupInput, optFns ...func(*Options)) (*CreateGroupOutput, error)
// Creates a new instance profile. For information about instance profiles, see [Using roles for applications on Amazon EC2]
//
// in the IAM User Guide, and [Instance profiles]in the Amazon EC2 User Guide.
//
// For information about the number of instance profiles you can create, see [IAM object quotas] in
// the IAM User Guide.
//
// [Instance profiles]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile
// [IAM object quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
//
// [Using roles for applications on Amazon EC2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
CreateInstanceProfile(ctx context.Context, params *CreateInstanceProfileInput, optFns ...func(*Options)) (*CreateInstanceProfileOutput, error)
// Creates a password for the specified IAM user. A password allows an IAM user to
// access Amazon Web Services services through the Amazon Web Services Management
// Console.
//
// You can use the CLI, the Amazon Web Services API, or the Users page in the IAM
// console to create a password for any IAM user. Use ChangePasswordto update your own existing
// password in the My Security Credentials page in the Amazon Web Services
// Management Console.
//
// For more information about managing passwords, see [Managing passwords] in the IAM User Guide.
//
// [Managing passwords]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
CreateLoginProfile(ctx context.Context, params *CreateLoginProfileInput, optFns ...func(*Options)) (*CreateLoginProfileOutput, error)
// Creates an IAM entity to describe an identity provider (IdP) that supports [OpenID Connect (OIDC)].
//
// The OIDC provider that you create with this operation can be used as a
// principal in a role's trust policy. Such a policy establishes a trust
// relationship between Amazon Web Services and the OIDC provider.
//
// If you are using an OIDC identity provider from Google, Facebook, or Amazon
// Cognito, you don't need to create a separate IAM identity provider. These OIDC
// identity providers are already built-in to Amazon Web Services and are available
// for your use. Instead, you can move directly to creating new roles using your
// identity provider. To learn more, see [Creating a role for web identity or OpenID connect federation]in the IAM User Guide.
//
// When you create the IAM OIDC provider, you specify the following:
//
// - The URL of the OIDC identity provider (IdP) to trust
//
// - A list of client IDs (also known as audiences) that identify the
// application or applications allowed to authenticate using the OIDC provider
//
// - A list of tags that are attached to the specified IAM OIDC provider
//
// - A list of thumbprints of one or more server certificates that the IdP uses
//
// You get all of this information from the OIDC IdP you want to use to access
// Amazon Web Services.
//
// Amazon Web Services secures communication with OIDC identity providers (IdPs)
// using our library of trusted root certificate authorities (CAs) to verify the
// JSON Web Key Set (JWKS) endpoint's TLS certificate. If your OIDC IdP relies on a
// certificate that is not signed by one of these trusted CAs, only then we secure
// communication using the thumbprints set in the IdP's configuration.
//
// The trust for the OIDC provider is derived from the IAM provider that this
// operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvideroperation to
// highly privileged users.
//
// [OpenID Connect (OIDC)]: http://openid.net/connect/
// [Creating a role for web identity or OpenID connect federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
CreateOpenIDConnectProvider(ctx context.Context, params *CreateOpenIDConnectProviderInput, optFns ...func(*Options)) (*CreateOpenIDConnectProviderOutput, error)
// Creates a new managed policy for your Amazon Web Services account.
//
// This operation creates a policy version with a version identifier of v1 and
// sets v1 as the policy's default version. For more information about policy
// versions, see [Versioning for managed policies]in the IAM User Guide.
//
// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
// the IAM User Guide.
//
// For more information about managed policies in general, see [Managed policies and inline policies] in the IAM User
// Guide.
//
// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
CreatePolicy(ctx context.Context, params *CreatePolicyInput, optFns ...func(*Options)) (*CreatePolicyOutput, error)
// Creates a new version of the specified managed policy. To update a managed
// policy, you create a new policy version. A managed policy can have up to five
// versions. If the policy has five versions, you must delete an existing version
// using DeletePolicyVersionbefore you create a new version.
//
// Optionally, you can set the new version as the policy's default version. The
// default version is the version that is in effect for the IAM users, groups, and
// roles to which the policy is attached.
//
// For more information about managed policy versions, see [Versioning for managed policies] in the IAM User Guide.
//
// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
CreatePolicyVersion(ctx context.Context, params *CreatePolicyVersionInput, optFns ...func(*Options)) (*CreatePolicyVersionOutput, error)
// Creates a new role for your Amazon Web Services account.
//
// For more information about roles, see [IAM roles] in the IAM User Guide. For information
// about quotas for role names and the number of roles you can create, see [IAM and STS quotas]in the
// IAM User Guide.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
CreateRole(ctx context.Context, params *CreateRoleInput, optFns ...func(*Options)) (*CreateRoleOutput, error)
// Creates an IAM resource that describes an identity provider (IdP) that supports
// SAML 2.0.
//
// The SAML provider resource that you create with this operation can be used as a
// principal in an IAM role's trust policy. Such a policy can enable federated
// users who sign in using the SAML IdP to assume the role. You can create an IAM
// role that supports Web-based single sign-on (SSO) to the Amazon Web Services
// Management Console or one that supports API access to Amazon Web Services.
//
// When you create the SAML provider resource, you upload a SAML metadata document
// that you get from your IdP. That document includes the issuer's name, expiration
// information, and keys that can be used to validate the SAML authentication
// response (assertions) that the IdP sends. You must generate the metadata
// document using the identity management software that is used as your
// organization's IdP.
//
// This operation requires [Signature Version 4].
//
// For more information, see [Enabling SAML 2.0 federated users to access the Amazon Web Services Management Console] and [About SAML 2.0-based federation] in the IAM User Guide.
//
// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
// [About SAML 2.0-based federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
// [Enabling SAML 2.0 federated users to access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
CreateSAMLProvider(ctx context.Context, params *CreateSAMLProviderInput, optFns ...func(*Options)) (*CreateSAMLProviderOutput, error)
// Creates an IAM role that is linked to a specific Amazon Web Services service.
// The service controls the attached policies and when the role can be deleted.
// This helps ensure that the service is not broken by an unexpectedly changed or
// deleted role, which could put your Amazon Web Services resources into an unknown
// state. Allowing the service to control the role helps improve service stability
// and proper cleanup when a service and its role are no longer needed. For more
// information, see [Using service-linked roles]in the IAM User Guide.
//
// To attach a policy to this service-linked role, you must make the request using
// the Amazon Web Services service that depends on this role.
//
// [Using service-linked roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
CreateServiceLinkedRole(ctx context.Context, params *CreateServiceLinkedRoleInput, optFns ...func(*Options)) (*CreateServiceLinkedRoleOutput, error)
// Generates a set of credentials consisting of a user name and password that can
// be used to access the service specified in the request. These credentials are
// generated by IAM, and can be used only for the specified service.
//
// You can have a maximum of two sets of service-specific credentials for each
// supported service per user.
//
// You can create service-specific credentials for CodeCommit and Amazon Keyspaces
// (for Apache Cassandra).
//
// You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.
//
// For more information about service-specific credentials, see [Using IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys] in the IAM User
// Guide.
//
// [Using IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html
CreateServiceSpecificCredential(ctx context.Context, params *CreateServiceSpecificCredentialInput, optFns ...func(*Options)) (*CreateServiceSpecificCredentialOutput, error)
// Creates a new IAM user for your Amazon Web Services account.
//
// For information about quotas for the number of IAM users you can create, see [IAM and STS quotas]
// in the IAM User Guide.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
CreateUser(ctx context.Context, params *CreateUserInput, optFns ...func(*Options)) (*CreateUserOutput, error)
// Creates a new virtual MFA device for the Amazon Web Services account. After
// creating the virtual MFA, use EnableMFADeviceto attach the MFA device to an IAM user. For more
// information about creating and working with virtual MFA devices, see [Using a virtual MFA device]in the IAM
// User Guide.
//
// For information about the maximum number of MFA devices you can create, see [IAM and STS quotas] in
// the IAM User Guide.
//
// The seed information contained in the QR code and the Base32 string should be
// treated like any other secret access information. In other words, protect the
// seed information as you would your Amazon Web Services access keys or your
// passwords. After you provision your virtual device, you should ensure that the
// information is destroyed following secure procedures.
//
// [Using a virtual MFA device]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
CreateVirtualMFADevice(ctx context.Context, params *CreateVirtualMFADeviceInput, optFns ...func(*Options)) (*CreateVirtualMFADeviceOutput, error)
// Deactivates the specified MFA device and removes it from association with the
// user name for which it was originally enabled.
//
// For more information about creating and working with virtual MFA devices, see [Enabling a virtual multi-factor authentication (MFA) device]
// in the IAM User Guide.
//
// [Enabling a virtual multi-factor authentication (MFA) device]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
DeactivateMFADevice(ctx context.Context, params *DeactivateMFADeviceInput, optFns ...func(*Options)) (*DeactivateMFADeviceOutput, error)
// Deletes the access key pair associated with the specified IAM user.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
DeleteAccessKey(ctx context.Context, params *DeleteAccessKeyInput, optFns ...func(*Options)) (*DeleteAccessKeyOutput, error)
// Deletes the specified Amazon Web Services account alias. For information about
//
// using an Amazon Web Services account alias, see [Creating, deleting, and listing an Amazon Web Services account alias]in the Amazon Web Services
// Sign-In User Guide.
//
// [Creating, deleting, and listing an Amazon Web Services account alias]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
DeleteAccountAlias(ctx context.Context, params *DeleteAccountAliasInput, optFns ...func(*Options)) (*DeleteAccountAliasOutput, error)
// Deletes the password policy for the Amazon Web Services account. There are no
// parameters.
DeleteAccountPasswordPolicy(ctx context.Context, params *DeleteAccountPasswordPolicyInput, optFns ...func(*Options)) (*DeleteAccountPasswordPolicyOutput, error)
// Deletes the specified IAM group. The group must not contain any users or have
// any attached policies.
DeleteGroup(ctx context.Context, params *DeleteGroupInput, optFns ...func(*Options)) (*DeleteGroupOutput, error)
// Deletes the specified inline policy that is embedded in the specified IAM group.
//
// A group can also have managed policies attached to it. To detach a managed
// policy from a group, use DetachGroupPolicy. For more information about policies, refer to [Managed policies and inline policies] in
// the IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DeleteGroupPolicy(ctx context.Context, params *DeleteGroupPolicyInput, optFns ...func(*Options)) (*DeleteGroupPolicyOutput, error)
// Deletes the specified instance profile. The instance profile must not have an
// associated role.
//
// Make sure that you do not have any Amazon EC2 instances running with the
// instance profile you are about to delete. Deleting a role or instance profile
// that is associated with a running instance will break any applications running
// on the instance.
//
// For more information about instance profiles, see [Using instance profiles] in the IAM User Guide.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
DeleteInstanceProfile(ctx context.Context, params *DeleteInstanceProfileInput, optFns ...func(*Options)) (*DeleteInstanceProfileOutput, error)
// Deletes the password for the specified IAM user, For more information, see [Managing passwords for IAM users].
//
// You can use the CLI, the Amazon Web Services API, or the Users page in the IAM
// console to delete a password for any IAM user. You can use ChangePasswordto update, but not
// delete, your own password in the My Security Credentials page in the Amazon Web
// Services Management Console.
//
// Deleting a user's password does not prevent a user from accessing Amazon Web
// Services through the command line interface or the API. To prevent all user
// access, you must also either make any access keys inactive or delete them. For
// more information about making keys inactive or deleting them, see UpdateAccessKeyand DeleteAccessKey.
//
// [Managing passwords for IAM users]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html
DeleteLoginProfile(ctx context.Context, params *DeleteLoginProfileInput, optFns ...func(*Options)) (*DeleteLoginProfileOutput, error)
// Deletes an OpenID Connect identity provider (IdP) resource object in IAM.
//
// Deleting an IAM OIDC provider resource does not update any roles that reference
// the provider as a principal in their trust policies. Any attempt to assume a
// role that references a deleted provider fails.
//
// This operation is idempotent; it does not fail or return an error if you call
// the operation for a provider that does not exist.
DeleteOpenIDConnectProvider(ctx context.Context, params *DeleteOpenIDConnectProviderInput, optFns ...func(*Options)) (*DeleteOpenIDConnectProviderOutput, error)
// Deletes the specified managed policy.
//
// Before you can delete a managed policy, you must first detach the policy from
// all users, groups, and roles that it is attached to. In addition, you must
// delete all the policy's versions. The following steps describe the process for
// deleting a managed policy:
//
// - Detach the policy from all users, groups, and roles that the policy is
// attached to, using DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy. To list all the users, groups, and roles that a
// policy is attached to, use ListEntitiesForPolicy.
//
// - Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions,
// use ListPolicyVersions. You cannot use DeletePolicyVersionto delete the version that is marked as the default
// version. You delete the policy's default version in the next step of the
// process.
//
// - Delete the policy (this automatically deletes the policy's default version)
// using this operation.
//
// For information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error)
// Deletes the specified version from the specified managed policy.
//
// You cannot delete the default version from a policy using this operation. To
// delete the default version from a policy, use DeletePolicy. To find out which version of a
// policy is marked as the default version, use ListPolicyVersions.
//
// For information about versions for managed policies, see [Versioning for managed policies] in the IAM User Guide.
//
// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
DeletePolicyVersion(ctx context.Context, params *DeletePolicyVersionInput, optFns ...func(*Options)) (*DeletePolicyVersionOutput, error)
// Deletes the specified role. Unlike the Amazon Web Services Management Console,
// when you delete a role programmatically, you must delete the items attached to
// the role manually, or the deletion fails. For more information, see [Deleting an IAM role]. Before
// attempting to delete a role, remove the following attached items:
//
// - Inline policies (DeleteRolePolicy )
//
// - Attached managed policies (DetachRolePolicy )
//
// - Instance profile (RemoveRoleFromInstanceProfile )
//
// - Optional – Delete instance profile after detaching from role for resource
// clean up (DeleteInstanceProfile )
//
// Make sure that you do not have any Amazon EC2 instances running with the role
// you are about to delete. Deleting a role or instance profile that is associated
// with a running instance will break any applications running on the instance.
//
// [Deleting an IAM role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli
DeleteRole(ctx context.Context, params *DeleteRoleInput, optFns ...func(*Options)) (*DeleteRoleOutput, error)
// Deletes the permissions boundary for the specified IAM role.
//
// You cannot set the boundary for a service-linked role.
//
// Deleting the permissions boundary for a role might increase its permissions.
// For example, it might allow anyone who assumes the role to perform all the
// actions granted in its permissions policies.
DeleteRolePermissionsBoundary(ctx context.Context, params *DeleteRolePermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteRolePermissionsBoundaryOutput, error)
// Deletes the specified inline policy that is embedded in the specified IAM role.
//
// A role can also have managed policies attached to it. To detach a managed
// policy from a role, use DetachRolePolicy. For more information about policies, refer to [Managed policies and inline policies] in the
// IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DeleteRolePolicy(ctx context.Context, params *DeleteRolePolicyInput, optFns ...func(*Options)) (*DeleteRolePolicyOutput, error)
// Deletes a SAML provider resource in IAM.
//
// Deleting the provider resource from IAM does not update any roles that
// reference the SAML provider resource's ARN as a principal in their trust
// policies. Any attempt to assume a role that references a non-existent provider
// resource ARN fails.
//
// This operation requires [Signature Version 4].
//
// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
DeleteSAMLProvider(ctx context.Context, params *DeleteSAMLProviderInput, optFns ...func(*Options)) (*DeleteSAMLProviderOutput, error)
// Deletes the specified SSH public key.
//
// The SSH public key deleted by this operation is used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information about
// using SSH keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the
// CodeCommit User Guide.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
DeleteSSHPublicKey(ctx context.Context, params *DeleteSSHPublicKeyInput, optFns ...func(*Options)) (*DeleteSSHPublicKeyOutput, error)
// Deletes the specified server certificate.
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic also includes a list of Amazon Web Services services that
// can use the server certificates that you manage with IAM.
//
// If you are using a server certificate with Elastic Load Balancing, deleting the
// certificate could have implications for your application. If Elastic Load
// Balancing doesn't detect the deletion of bound certificates, it may continue to
// use the certificates. This could cause Elastic Load Balancing to stop accepting
// traffic. We recommend that you remove the reference to the certificate from
// Elastic Load Balancing before using this command to delete the certificate. For
// more information, see [DeleteLoadBalancerListeners]in the Elastic Load Balancing API Reference.
//
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [DeleteLoadBalancerListeners]: https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html
DeleteServerCertificate(ctx context.Context, params *DeleteServerCertificateInput, optFns ...func(*Options)) (*DeleteServerCertificateOutput, error)
// Submits a service-linked role deletion request and returns a DeletionTaskId ,
// which you can use to check the status of the deletion. Before you call this
// operation, confirm that the role has no active sessions and that any resources
// used by the role in the linked service are deleted. If you call this operation
// more than once for the same service-linked role and an earlier deletion task is
// not complete, then the DeletionTaskId of the earlier request is returned.
//
// If you submit a deletion request for a service-linked role whose linked service
// is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus
// operation returns the reason for the failure, usually including the resources
// that must be deleted. To delete the service-linked role, you must first remove
// those resources from the linked service and then submit the deletion request
// again. Resources are specific to the service that is linked to the role. For
// more information about removing resources from a service, see the [Amazon Web Services documentation]for your
// service.
//
// For more information about service-linked roles, see [Roles terms and concepts: Amazon Web Services service-linked role] in the IAM User Guide.
//
// [Roles terms and concepts: Amazon Web Services service-linked role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role
// [Amazon Web Services documentation]: http://docs.aws.amazon.com/
DeleteServiceLinkedRole(ctx context.Context, params *DeleteServiceLinkedRoleInput, optFns ...func(*Options)) (*DeleteServiceLinkedRoleOutput, error)
// Deletes the specified service-specific credential.
DeleteServiceSpecificCredential(ctx context.Context, params *DeleteServiceSpecificCredentialInput, optFns ...func(*Options)) (*DeleteServiceSpecificCredentialOutput, error)
// Deletes a signing certificate associated with the specified IAM user.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// IAM users.
DeleteSigningCertificate(ctx context.Context, params *DeleteSigningCertificateInput, optFns ...func(*Options)) (*DeleteSigningCertificateOutput, error)
// Deletes the specified IAM user. Unlike the Amazon Web Services Management
// Console, when you delete a user programmatically, you must delete the items
// attached to the user manually, or the deletion fails. For more information, see [Deleting an IAM user]
// . Before attempting to delete a user, remove the following items:
//
// - Password (DeleteLoginProfile )
//
// - Access keys (DeleteAccessKey )
//
// - Signing certificate (DeleteSigningCertificate )
//
// - SSH public key (DeleteSSHPublicKey )
//
// - Git credentials (DeleteServiceSpecificCredential )
//
// - Multi-factor authentication (MFA) device (DeactivateMFADevice , DeleteVirtualMFADevice)
//
// - Inline policies (DeleteUserPolicy )
//
// - Attached managed policies (DetachUserPolicy )
//
// - Group memberships (RemoveUserFromGroup )
//
// [Deleting an IAM user]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli
DeleteUser(ctx context.Context, params *DeleteUserInput, optFns ...func(*Options)) (*DeleteUserOutput, error)
// Deletes the permissions boundary for the specified IAM user.
//
// Deleting the permissions boundary for a user might increase its permissions by
// allowing the user to perform all the actions granted in its permissions
// policies.
DeleteUserPermissionsBoundary(ctx context.Context, params *DeleteUserPermissionsBoundaryInput, optFns ...func(*Options)) (*DeleteUserPermissionsBoundaryOutput, error)
// Deletes the specified inline policy that is embedded in the specified IAM user.
//
// A user can also have managed policies attached to it. To detach a managed
// policy from a user, use DetachUserPolicy. For more information about policies, refer to [Managed policies and inline policies] in the
// IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DeleteUserPolicy(ctx context.Context, params *DeleteUserPolicyInput, optFns ...func(*Options)) (*DeleteUserPolicyOutput, error)
// Deletes a virtual MFA device.
//
// You must deactivate a user's virtual MFA device before you can delete it. For
// information about deactivating MFA devices, see DeactivateMFADevice.
DeleteVirtualMFADevice(ctx context.Context, params *DeleteVirtualMFADeviceInput, optFns ...func(*Options)) (*DeleteVirtualMFADeviceOutput, error)
// Removes the specified managed policy from the specified IAM group.
//
// A group can also have inline policies embedded with it. To delete an inline
// policy, use DeleteGroupPolicy. For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DetachGroupPolicy(ctx context.Context, params *DetachGroupPolicyInput, optFns ...func(*Options)) (*DetachGroupPolicyOutput, error)
// Removes the specified managed policy from the specified role.
//
// A role can also have inline policies embedded with it. To delete an inline
// policy, use DeleteRolePolicy. For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DetachRolePolicy(ctx context.Context, params *DetachRolePolicyInput, optFns ...func(*Options)) (*DetachRolePolicyOutput, error)
// Removes the specified managed policy from the specified user.
//
// A user can also have inline policies embedded with it. To delete an inline
// policy, use DeleteUserPolicy. For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DetachUserPolicy(ctx context.Context, params *DetachUserPolicyInput, optFns ...func(*Options)) (*DetachUserPolicyOutput, error)
// Disables the management of privileged root user credentials across member
// accounts in your organization. When you disable this feature, the management
// account and the delegated admininstrator for IAM can no longer manage root user
// credentials for member accounts in your organization.
DisableOrganizationsRootCredentialsManagement(ctx context.Context, params *DisableOrganizationsRootCredentialsManagementInput, optFns ...func(*Options)) (*DisableOrganizationsRootCredentialsManagementOutput, error)
// Disables root user sessions for privileged tasks across member accounts in your
// organization. When you disable this feature, the management account and the
// delegated admininstrator for IAM can no longer perform privileged tasks on
// member accounts in your organization.
DisableOrganizationsRootSessions(ctx context.Context, params *DisableOrganizationsRootSessionsInput, optFns ...func(*Options)) (*DisableOrganizationsRootSessionsOutput, error)
// Enables the specified MFA device and associates it with the specified IAM user.
// When enabled, the MFA device is required for every subsequent login by the IAM
// user associated with the device.
EnableMFADevice(ctx context.Context, params *EnableMFADeviceInput, optFns ...func(*Options)) (*EnableMFADeviceOutput, error)
// Enables the management of privileged root user credentials across member
// accounts in your organization. When you enable root credentials management for [centralized root access]
// , the management account and the delegated admininstrator for IAM can manage
// root user credentials for member accounts in your organization.
//
// Before you enable centralized root access, you must have an account configured
// with the following settings:
//
// - You must manage your Amazon Web Services accounts in [Organizations].
//
// - Enable trusted access for Identity and Access Management in Organizations.
// For details, see [IAM and Organizations]in the Organizations User Guide.
//
// [Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
// [centralized root access]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
// [IAM and Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ra.html
EnableOrganizationsRootCredentialsManagement(ctx context.Context, params *EnableOrganizationsRootCredentialsManagementInput, optFns ...func(*Options)) (*EnableOrganizationsRootCredentialsManagementOutput, error)
// Allows the management account or delegated administrator to perform privileged
// tasks on member accounts in your organization. For more information, see [Centrally manage root access for member accounts]in the
// Identity and Access Management User Guide.
//
// Before you enable this feature, you must have an account configured with the
// following settings:
//
// - You must manage your Amazon Web Services accounts in [Organizations].
//
// - Enable trusted access for Identity and Access Management in Organizations.
// For details, see [IAM and Organizations]in the Organizations User Guide.
//
// [Centrally manage root access for member accounts]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
// [Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
// [IAM and Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ra.html
EnableOrganizationsRootSessions(ctx context.Context, params *EnableOrganizationsRootSessionsInput, optFns ...func(*Options)) (*EnableOrganizationsRootSessionsOutput, error)
// Generates a credential report for the Amazon Web Services account. For more
//
// information about the credential report, see [Getting credential reports]in the IAM User Guide.
//
// [Getting credential reports]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
GenerateCredentialReport(ctx context.Context, params *GenerateCredentialReportInput, optFns ...func(*Options)) (*GenerateCredentialReportOutput, error)
// Generates a report for service last accessed data for Organizations. You can
// generate a report for any entities (organization root, organizational unit, or
// account) or policies in your organization.
//
// To call this operation, you must be signed in using your Organizations
// management account credentials. You can use your long-term IAM user or root user
// credentials, or temporary credentials from assuming an IAM role. SCPs must be
// enabled for your organization root. You must have the required IAM and
// Organizations permissions. For more information, see [Refining permissions using service last accessed data]in the IAM User Guide.
//
// You can generate a service last accessed data report for entities by specifying
// only the entity's path. This data includes a list of services that are allowed
// by any service control policies (SCPs) that apply to the entity.
//
// You can generate a service last accessed data report for a policy by specifying
// an entity's path and an optional Organizations policy ID. This data includes a
// list of services that are allowed by the specified SCP.
//
// For each service in both report types, the data includes the most recent
// account activity that the policy allows to account principals in the entity or
// the entity's children. For important information about the data, reporting
// period, permissions required, troubleshooting, and supported Regions see [Reducing permissions using service last accessed data]in the
// IAM User Guide.
//
// The data includes all attempts to access Amazon Web Services, not just the
// successful ones. This includes all attempts that were made using the Amazon Web
// Services Management Console, the Amazon Web Services API through any of the
// SDKs, or any of the command line tools. An unexpected entry in the service last
// accessed data does not mean that an account has been compromised, because the
// request might have been denied. Refer to your CloudTrail logs as the
// authoritative source for information about all API calls and whether they were
// successful or denied access. For more information, see [Logging IAM events with CloudTrail]in the IAM User Guide.
//
// This operation returns a JobId . Use this parameter in the GetOrganizationsAccessReport operation to check
// the status of the report generation. To check the status of this request, use
// the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response
// parameter. When the job is complete, you can retrieve the report.
//
// To generate a service last accessed data report for entities, specify an entity
// path without specifying the optional Organizations policy ID. The type of entity
// that you specify determines the data returned in the report.
//
// - Root – When you specify the organizations root as the entity, the resulting
// report lists all of the services allowed by SCPs that are attached to your root.
// For each service, the report includes data for all accounts in your organization
// except the management account, because the management account is not limited by
// SCPs.
//
// - OU – When you specify an organizational unit (OU) as the entity, the
// resulting report lists all of the services allowed by SCPs that are attached to
// the OU and its parents. For each service, the report includes data for all
// accounts in the OU or its children. This data excludes the management account,
// because the management account is not limited by SCPs.
//
// - management account – When you specify the management account, the resulting
// report lists all Amazon Web Services services, because the management account is
// not limited by SCPs. For each service, the report includes data for only the
// management account.
//
// - Account – When you specify another account as the entity, the resulting
// report lists all of the services allowed by SCPs that are attached to the
// account and its parents. For each service, the report includes data for only the
// specified account.
//
// To generate a service last accessed data report for policies, specify an entity
// path and the optional Organizations policy ID. The type of entity that you
// specify determines the data returned for each service.
//
// - Root – When you specify the root entity and a policy ID, the resulting
// report lists all of the services that are allowed by the specified SCP. For each
// service, the report includes data for all accounts in your organization to which
// the SCP applies. This data excludes the management account, because the
// management account is not limited by SCPs. If the SCP is not attached to any
// entities in the organization, then the report will return a list of services
// with no data.
//
// - OU – When you specify an OU entity and a policy ID, the resulting report
// lists all of the services that are allowed by the specified SCP. For each
// service, the report includes data for all accounts in the OU or its children to
// which the SCP applies. This means that other accounts outside the OU that are
// affected by the SCP might not be included in the data. This data excludes the
// management account, because the management account is not limited by SCPs. If
// the SCP is not attached to the OU or one of its children, the report will return
// a list of services with no data.
//
// - management account – When you specify the management account, the resulting
// report lists all Amazon Web Services services, because the management account is
// not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is
// ignored. For each service, the report includes data for only the management
// account.
//
// - Account – When you specify another account entity and a policy ID, the
// resulting report lists all of the services that are allowed by the specified
// SCP. For each service, the report includes data for only the specified account.
// This means that other accounts in the organization that are affected by the SCP
// might not be included in the data. If the SCP is not attached to the account,
// the report will return a list of services with no data.
//
// Service last accessed data does not use other policy types when determining
// whether a principal could access a service. These other policy types include
// identity-based policies, resource-based policies, access control lists, IAM
// permissions boundaries, and STS assume role policies. It only applies SCP logic.
// For more about the evaluation of policy types, see [Evaluating policies]in the IAM User Guide.
//
// For more information about service last accessed data, see [Reducing policy scope by viewing user activity] in the IAM User
// Guide.
//
// [Logging IAM events with CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
// [Refining permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
// [Reducing permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
// [Reducing policy scope by viewing user activity]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
GenerateOrganizationsAccessReport(ctx context.Context, params *GenerateOrganizationsAccessReportInput, optFns ...func(*Options)) (*GenerateOrganizationsAccessReportOutput, error)
// Generates a report that includes details about when an IAM resource (user,
// group, role, or policy) was last used in an attempt to access Amazon Web
// Services services. Recent activity usually appears within four hours. IAM
// reports activity for at least the last 400 days, or less if your Region began
// supporting this feature within the last year. For more information, see [Regions where data is tracked]. For
// more information about services and actions for which action last accessed
// information is displayed, see [IAM action last accessed information services and actions].
//
// The service last accessed data includes all attempts to access an Amazon Web
// Services API, not just the successful ones. This includes all attempts that were
// made using the Amazon Web Services Management Console, the Amazon Web Services
// API through any of the SDKs, or any of the command line tools. An unexpected
// entry in the service last accessed data does not mean that your account has been
// compromised, because the request might have been denied. Refer to your
// CloudTrail logs as the authoritative source for information about all API calls
// and whether they were successful or denied access. For more information, see [Logging IAM events with CloudTrail]in
// the IAM User Guide.
//
// The GenerateServiceLastAccessedDetails operation returns a JobId . Use this
// parameter in the following operations to retrieve the following details from
// your report:
//
// GetServiceLastAccessedDetails
// - – Use this operation for users, groups, roles, or policies to list every
// Amazon Web Services service that the resource could access using permissions
// policies. For each service, the response includes information about the most
// recent access attempt.
//
// The JobId returned by GenerateServiceLastAccessedDetail must be used by the same
//
// role within a session, or by the same user when used to call
// GetServiceLastAccessedDetail .
//
// GetServiceLastAccessedDetailsWithEntities
// - – Use this operation for groups and policies to list information about the
// associated entities (users or roles) that attempted to access a specific Amazon
// Web Services service.
//
// To check the status of the GenerateServiceLastAccessedDetails request, use the
// JobId parameter in the same operations and test the JobStatus response
// parameter.
//
// For additional information about the permissions policies that allow an
// identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccessoperation.
//
// Service last accessed data does not use other policy types when determining
// whether a resource could access a service. These other policy types include
// resource-based policies, access control lists, Organizations policies, IAM
// permissions boundaries, and STS assume role policies. It only applies
// permissions policy logic. For more about the evaluation of policy types, see [Evaluating policies]in
// the IAM User Guide.
//
// For more information about service and action last accessed data, see [Reducing permissions using service last accessed data] in the
// IAM User Guide.
//
// [Logging IAM events with CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
// [Reducing permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
// [Regions where data is tracked]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
// [IAM action last accessed information services and actions]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-action-last-accessed.html
GenerateServiceLastAccessedDetails(ctx context.Context, params *GenerateServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GenerateServiceLastAccessedDetailsOutput, error)
// Retrieves information about when the specified access key was last used. The
// information includes the date and time of last use, along with the Amazon Web
// Services service and Region that were specified in the last request made with
// that key.
GetAccessKeyLastUsed(ctx context.Context, params *GetAccessKeyLastUsedInput, optFns ...func(*Options)) (*GetAccessKeyLastUsedOutput, error)
// Retrieves information about all IAM users, groups, roles, and policies in your
// Amazon Web Services account, including their relationships to one another. Use
// this operation to obtain a snapshot of the configuration of IAM permissions
// (users, groups, roles, and policies) in your account.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// You can optionally filter the results using the Filter parameter. You can
// paginate the results using the MaxItems and Marker parameters.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
GetAccountAuthorizationDetails(ctx context.Context, params *GetAccountAuthorizationDetailsInput, optFns ...func(*Options)) (*GetAccountAuthorizationDetailsOutput, error)
// Retrieves the password policy for the Amazon Web Services account. This tells
// you the complexity requirements and mandatory rotation periods for the IAM user
// passwords in your account. For more information about using a password policy,
// see [Managing an IAM password policy].
//
// [Managing an IAM password policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
GetAccountPasswordPolicy(ctx context.Context, params *GetAccountPasswordPolicyInput, optFns ...func(*Options)) (*GetAccountPasswordPolicyOutput, error)
// Retrieves information about IAM entity usage and IAM quotas in the Amazon Web
// Services account.
//
// For information about IAM quotas, see [IAM and STS quotas] in the IAM User Guide.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
GetAccountSummary(ctx context.Context, params *GetAccountSummaryInput, optFns ...func(*Options)) (*GetAccountSummaryOutput, error)
// Gets a list of all of the context keys referenced in the input policies. The
// policies are supplied as a list of one or more strings. To get the context keys
// from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.
//
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. Context keys can
// be evaluated by testing against a value specified in an IAM policy. Use
// GetContextKeysForCustomPolicy to understand what key names and values you must
// supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form
// here for clarity but must be URL encoded to be included as a part of a real HTML
// request.
GetContextKeysForCustomPolicy(ctx context.Context, params *GetContextKeysForCustomPolicyInput, optFns ...func(*Options)) (*GetContextKeysForCustomPolicyOutput, error)
// Gets a list of all of the context keys referenced in all the IAM policies that
// are attached to the specified IAM entity. The entity can be an IAM user, group,
// or role. If you specify a user, then the request also includes all of the
// policies attached to groups that the user is a member of.
//
// You can optionally include a list of one or more additional policies, specified
// as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy
// instead.
//
// Note: This operation discloses information about the permissions granted to
// other users. If you do not want users to see other user's permissions, then
// consider allowing them to use GetContextKeysForCustomPolicyinstead.
//
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. Context keys can
// be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicyto understand
// what key names and values you must supply when you call SimulatePrincipalPolicy.
GetContextKeysForPrincipalPolicy(ctx context.Context, params *GetContextKeysForPrincipalPolicyInput, optFns ...func(*Options)) (*GetContextKeysForPrincipalPolicyOutput, error)
// Retrieves a credential report for the Amazon Web Services account. For more
//
// information about the credential report, see [Getting credential reports]in the IAM User Guide.
//
// [Getting credential reports]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
GetCredentialReport(ctx context.Context, params *GetCredentialReportInput, optFns ...func(*Options)) (*GetCredentialReportOutput, error)
// Returns a list of IAM users that are in the specified IAM group. You can
//
// paginate the results using the MaxItems and Marker parameters.
GetGroup(ctx context.Context, params *GetGroupInput, optFns ...func(*Options)) (*GetGroupOutput, error)
// Retrieves the specified inline policy document that is embedded in the
// specified IAM group.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// An IAM group can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a group, use GetPolicyto determine the
// policy's default version, then use GetPolicyVersionto retrieve the policy document.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetGroupPolicy(ctx context.Context, params *GetGroupPolicyInput, optFns ...func(*Options)) (*GetGroupPolicyOutput, error)
// Retrieves information about the specified instance profile, including the
//
// instance profile's path, GUID, ARN, and role. For more information about
// instance profiles, see [Using instance profiles]in the IAM User Guide.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
GetInstanceProfile(ctx context.Context, params *GetInstanceProfileInput, optFns ...func(*Options)) (*GetInstanceProfileOutput, error)
// Retrieves the user name for the specified IAM user. A login profile is created
// when you create a password for the user to access the Amazon Web Services
// Management Console. If the user does not exist or does not have a password, the
// operation returns a 404 ( NoSuchEntity ) error.
//
// If you create an IAM user with access to the console, the CreateDate reflects
// the date you created the initial password for the user.
//
// If you create an IAM user with programmatic access, and then later add a
// password for the user to access the Amazon Web Services Management Console, the
// CreateDate reflects the initial password creation date. A user with programmatic
// access does not have a login profile unless you create a password for the user
// to access the Amazon Web Services Management Console.
GetLoginProfile(ctx context.Context, params *GetLoginProfileInput, optFns ...func(*Options)) (*GetLoginProfileOutput, error)
// Retrieves information about an MFA device for a specified user.
GetMFADevice(ctx context.Context, params *GetMFADeviceInput, optFns ...func(*Options)) (*GetMFADeviceOutput, error)
// Returns information about the specified OpenID Connect (OIDC) provider resource
// object in IAM.
GetOpenIDConnectProvider(ctx context.Context, params *GetOpenIDConnectProviderInput, optFns ...func(*Options)) (*GetOpenIDConnectProviderOutput, error)
// Retrieves the service last accessed data report for Organizations that was
// previously generated using the GenerateOrganizationsAccessReportoperation. This operation retrieves the status
// of your report job and the report contents.
//
// Depending on the parameters that you passed when you generated the report, the
// data returned could include different information. For details, see GenerateOrganizationsAccessReport.
//
// To call this operation, you must be signed in to the management account in your
// organization. SCPs must be enabled for your organization root. You must have
// permissions to perform this operation. For more information, see [Refining permissions using service last accessed data]in the IAM
// User Guide.
//
// For each service that principals in an account (root user, IAM users, or IAM
// roles) could access using SCPs, the operation returns details about the most
// recent access attempt. If there was no attempt, the service is listed without
// details about the most recent attempt to access the service. If the operation
// fails, it returns the reason that it failed.
//
// By default, the list is sorted by service namespace.
//
// [Refining permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
GetOrganizationsAccessReport(ctx context.Context, params *GetOrganizationsAccessReportInput, optFns ...func(*Options)) (*GetOrganizationsAccessReportOutput, error)
// Retrieves information about the specified managed policy, including the
// policy's default version and the total number of IAM users, groups, and roles to
// which the policy is attached. To retrieve the list of the specific users,
// groups, and roles that the policy is attached to, use ListEntitiesForPolicy. This operation returns
// metadata about the policy. To retrieve the actual policy document for a specific
// version of the policy, use GetPolicyVersion.
//
// This operation retrieves information about managed policies. To retrieve
// information about an inline policy that is embedded with an IAM user, group, or
// role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetPolicy(ctx context.Context, params *GetPolicyInput, optFns ...func(*Options)) (*GetPolicyOutput, error)
// Retrieves information about the specified version of the specified managed
// policy, including the policy document.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// To list the available versions for a policy, use ListPolicyVersions.
//
// This operation retrieves information about managed policies. To retrieve
// information about an inline policy that is embedded in a user, group, or role,
// use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.
//
// For more information about the types of policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For more information about managed policy versions, see [Versioning for managed policies] in the IAM User Guide.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetPolicyVersion(ctx context.Context, params *GetPolicyVersionInput, optFns ...func(*Options)) (*GetPolicyVersionOutput, error)
// Retrieves information about the specified role, including the role's path,
// GUID, ARN, and the role's trust policy that grants permission to assume the
// role. For more information about roles, see [IAM roles]in the IAM User Guide.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
GetRole(ctx context.Context, params *GetRoleInput, optFns ...func(*Options)) (*GetRoleOutput, error)
// Retrieves the specified inline policy document that is embedded with the
// specified IAM role.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// An IAM role can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a role, use GetPolicyto determine the
// policy's default version, then use GetPolicyVersionto retrieve the policy document.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For more information about roles, see [IAM roles] in the IAM User Guide.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetRolePolicy(ctx context.Context, params *GetRolePolicyInput, optFns ...func(*Options)) (*GetRolePolicyOutput, error)
// Returns the SAML provider metadocument that was uploaded when the IAM SAML
// provider resource object was created or updated.
//
// This operation requires [Signature Version 4].
//
// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
GetSAMLProvider(ctx context.Context, params *GetSAMLProviderInput, optFns ...func(*Options)) (*GetSAMLProviderOutput, error)
// Retrieves the specified SSH public key, including metadata about the key.
//
// The SSH public key retrieved by this operation is used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information about
// using SSH keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the
// CodeCommit User Guide.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
GetSSHPublicKey(ctx context.Context, params *GetSSHPublicKeyInput, optFns ...func(*Options)) (*GetSSHPublicKeyOutput, error)
// Retrieves information about the specified server certificate stored in IAM.
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic includes a list of Amazon Web Services services that can
// use the server certificates that you manage with IAM.
//
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
GetServerCertificate(ctx context.Context, params *GetServerCertificateInput, optFns ...func(*Options)) (*GetServerCertificateOutput, error)
// Retrieves a service last accessed report that was created using the
// GenerateServiceLastAccessedDetails operation. You can use the JobId parameter
// in GetServiceLastAccessedDetails to retrieve the status of your report job.
// When the report is complete, you can retrieve the generated report. The report
// includes a list of Amazon Web Services services that the resource (user, group,
// role, or managed policy) can access.
//
// Service last accessed data does not use other policy types when determining
// whether a resource could access a service. These other policy types include
// resource-based policies, access control lists, Organizations policies, IAM
// permissions boundaries, and STS assume role policies. It only applies
// permissions policy logic. For more about the evaluation of policy types, see [Evaluating policies]in
// the IAM User Guide.
//
// For each service that the resource could access using permissions policies, the
// operation returns details about the most recent access attempt. If there was no
// attempt, the service is listed without details about the most recent attempt to
// access the service. If the operation fails, the GetServiceLastAccessedDetails
// operation returns the reason that it failed.
//
// The GetServiceLastAccessedDetails operation returns a list of services. This
// list includes the number of entities that have attempted to access the service
// and the date and time of the last attempt. It also returns the ARN of the
// following entity, depending on the resource ARN that you used to generate the
// report:
//
// - User – Returns the user ARN that you used to generate the report
//
// - Group – Returns the ARN of the group member (user) that last attempted to
// access the service
//
// - Role – Returns the role ARN that you used to generate the report
//
// - Policy – Returns the ARN of the user or role that last used the policy to
// attempt to access the service
//
// By default, the list is sorted by service namespace.
//
// If you specified ACTION_LEVEL granularity when you generated the report, this
// operation returns service and action last accessed data. This includes the most
// recent access attempt for each tracked action within a service. Otherwise, this
// operation returns only service data.
//
// For more information about service and action last accessed data, see [Reducing permissions using service last accessed data] in the
// IAM User Guide.
//
// [Reducing permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
GetServiceLastAccessedDetails(ctx context.Context, params *GetServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsOutput, error)
// After you generate a group or policy report using the
// GenerateServiceLastAccessedDetails operation, you can use the JobId parameter
// in GetServiceLastAccessedDetailsWithEntities . This operation retrieves the
// status of your report job and a list of entities that could have used group or
// policy permissions to access the specified service.
//
// - Group – For a group report, this operation returns a list of users in the
// group that could have used the group’s policies in an attempt to access the
// service.
//
// - Policy – For a policy report, this operation returns a list of entities
// (users or roles) that could have used the policy in an attempt to access the
// service.
//
// You can also use this operation for user or role reports to retrieve details
// about those entities.
//
// If the operation fails, the GetServiceLastAccessedDetailsWithEntities operation
// returns the reason that it failed.
//
// By default, the list of associated entities is sorted by date, with the most
// recent access listed first.
GetServiceLastAccessedDetailsWithEntities(ctx context.Context, params *GetServiceLastAccessedDetailsWithEntitiesInput, optFns ...func(*Options)) (*GetServiceLastAccessedDetailsWithEntitiesOutput, error)
// Retrieves the status of your service-linked role deletion. After you use DeleteServiceLinkedRole to
// submit a service-linked role for deletion, you can use the DeletionTaskId
// parameter in GetServiceLinkedRoleDeletionStatus to check the status of the
// deletion. If the deletion fails, this operation returns the reason that it
// failed, if that information is returned by the service.
GetServiceLinkedRoleDeletionStatus(ctx context.Context, params *GetServiceLinkedRoleDeletionStatusInput, optFns ...func(*Options)) (*GetServiceLinkedRoleDeletionStatusOutput, error)
// Retrieves information about the specified IAM user, including the user's
// creation date, path, unique ID, and ARN.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID used to sign the request to this
// operation.
GetUser(ctx context.Context, params *GetUserInput, optFns ...func(*Options)) (*GetUserOutput, error)
// Retrieves the specified inline policy document that is embedded in the
// specified IAM user.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// An IAM user can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a user, use GetPolicyto determine the
// policy's default version. Then use GetPolicyVersionto retrieve the policy document.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetUserPolicy(ctx context.Context, params *GetUserPolicyInput, optFns ...func(*Options)) (*GetUserPolicyOutput, error)
// Returns information about the access key IDs associated with the specified IAM
// user. If there is none, the operation returns an empty list.
//
// Although each user is limited to a small number of keys, you can still paginate
// the results using the MaxItems and Marker parameters.
//
// If the UserName is not specified, the user name is determined implicitly based
// on the Amazon Web Services access key ID used to sign the request. If a
// temporary access key is used, then UserName is required. If a long-term key is
// assigned to the user, then UserName is not required.
//
// This operation works for access keys under the Amazon Web Services account. If
// the Amazon Web Services account has no associated users, the root user returns
// it's own access key IDs by running this command.
//
// To ensure the security of your Amazon Web Services account, the secret access
// key is accessible only during key and user creation.
ListAccessKeys(ctx context.Context, params *ListAccessKeysInput, optFns ...func(*Options)) (*ListAccessKeysOutput, error)
// Lists the account alias associated with the Amazon Web Services account (Note:
// you can have only one). For information about using an Amazon Web Services
// account alias, see [Creating, deleting, and listing an Amazon Web Services account alias]in the Amazon Web Services Sign-In User Guide.
//
// [Creating, deleting, and listing an Amazon Web Services account alias]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
ListAccountAliases(ctx context.Context, params *ListAccountAliasesInput, optFns ...func(*Options)) (*ListAccountAliasesOutput, error)
// Lists all managed policies that are attached to the specified IAM group.
//
// An IAM group can also have inline policies embedded with it. To list the inline
// policies for a group, use ListGroupPolicies. For information about policies, see [Managed policies and inline policies] in the IAM
// User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You can
// use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to the
// specified group (or none that match the specified path prefix), the operation
// returns an empty list.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListAttachedGroupPolicies(ctx context.Context, params *ListAttachedGroupPoliciesInput, optFns ...func(*Options)) (*ListAttachedGroupPoliciesOutput, error)
// Lists all managed policies that are attached to the specified IAM role.
//
// An IAM role can also have inline policies embedded with it. To list the inline
// policies for a role, use ListRolePolicies. For information about policies, see [Managed policies and inline policies] in the IAM User
// Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You can
// use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to the
// specified role (or none that match the specified path prefix), the operation
// returns an empty list.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListAttachedRolePolicies(ctx context.Context, params *ListAttachedRolePoliciesInput, optFns ...func(*Options)) (*ListAttachedRolePoliciesOutput, error)
// Lists all managed policies that are attached to the specified IAM user.
//
// An IAM user can also have inline policies embedded with it. To list the inline
// policies for a user, use ListUserPolicies. For information about policies, see [Managed policies and inline policies] in the IAM User
// Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You can
// use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to the
// specified group (or none that match the specified path prefix), the operation
// returns an empty list.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListAttachedUserPolicies(ctx context.Context, params *ListAttachedUserPoliciesInput, optFns ...func(*Options)) (*ListAttachedUserPoliciesOutput, error)
// Lists all IAM users, groups, and roles that the specified managed policy is
// attached to.
//
// You can use the optional EntityFilter parameter to limit the results to a
// particular type of entity (users, groups, or roles). For example, to list only
// the roles that are attached to the specified policy, set EntityFilter to Role .
//
// You can paginate the results using the MaxItems and Marker parameters.
ListEntitiesForPolicy(ctx context.Context, params *ListEntitiesForPolicyInput, optFns ...func(*Options)) (*ListEntitiesForPolicyOutput, error)
// Lists the names of the inline policies that are embedded in the specified IAM
// group.
//
// An IAM group can also have managed policies attached to it. To list the managed
// policies that are attached to a group, use ListAttachedGroupPolicies. For more information about
// policies, see [Managed policies and inline policies]in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If there
// are no inline policies embedded with the specified group, the operation returns
// an empty list.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListGroupPolicies(ctx context.Context, params *ListGroupPoliciesInput, optFns ...func(*Options)) (*ListGroupPoliciesOutput, error)
// Lists the IAM groups that have the specified path prefix.
//
// You can paginate the results using the MaxItems and Marker parameters.
ListGroups(ctx context.Context, params *ListGroupsInput, optFns ...func(*Options)) (*ListGroupsOutput, error)
// Lists the IAM groups that the specified IAM user belongs to.
//
// You can paginate the results using the MaxItems and Marker parameters.
ListGroupsForUser(ctx context.Context, params *ListGroupsForUserInput, optFns ...func(*Options)) (*ListGroupsForUserOutput, error)
// Lists the tags that are attached to the specified IAM instance profile. The
// returned list of tags is sorted by tag key. For more information about tagging,
// see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListInstanceProfileTags(ctx context.Context, params *ListInstanceProfileTagsInput, optFns ...func(*Options)) (*ListInstanceProfileTagsOutput, error)
// Lists the instance profiles that have the specified path prefix. If there are
// none, the operation returns an empty list. For more information about instance
// profiles, see [Using instance profiles]in the IAM User Guide.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view all of the information for an
// instance profile, see GetInstanceProfile.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
ListInstanceProfiles(ctx context.Context, params *ListInstanceProfilesInput, optFns ...func(*Options)) (*ListInstanceProfilesOutput, error)
// Lists the instance profiles that have the specified associated IAM role. If
// there are none, the operation returns an empty list. For more information about
// instance profiles, go to [Using instance profiles]in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
ListInstanceProfilesForRole(ctx context.Context, params *ListInstanceProfilesForRoleInput, optFns ...func(*Options)) (*ListInstanceProfilesForRoleOutput, error)
// Lists the tags that are attached to the specified IAM virtual multi-factor
// authentication (MFA) device. The returned list of tags is sorted by tag key. For
// more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListMFADeviceTags(ctx context.Context, params *ListMFADeviceTagsInput, optFns ...func(*Options)) (*ListMFADeviceTagsOutput, error)
// Lists the MFA devices for an IAM user. If the request includes a IAM user name,
// then this operation lists all the MFA devices associated with the specified
// user. If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request for this
// operation.
//
// You can paginate the results using the MaxItems and Marker parameters.
ListMFADevices(ctx context.Context, params *ListMFADevicesInput, optFns ...func(*Options)) (*ListMFADevicesOutput, error)
// Lists the tags that are attached to the specified OpenID Connect
// (OIDC)-compatible identity provider. The returned list of tags is sorted by tag
// key. For more information, see [About web identity federation].
//
// For more information about tagging, see [Tagging IAM resources] in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
ListOpenIDConnectProviderTags(ctx context.Context, params *ListOpenIDConnectProviderTagsInput, optFns ...func(*Options)) (*ListOpenIDConnectProviderTagsOutput, error)
// Lists information about the IAM OpenID Connect (OIDC) provider resource objects
// defined in the Amazon Web Services account.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view all of the information for an
// OIDC provider, see GetOpenIDConnectProvider.
ListOpenIDConnectProviders(ctx context.Context, params *ListOpenIDConnectProvidersInput, optFns ...func(*Options)) (*ListOpenIDConnectProvidersOutput, error)
// Lists the centralized root access features enabled for your organization. For
// more information, see [Centrally manage root access for member accounts].
//
// [Centrally manage root access for member accounts]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
ListOrganizationsFeatures(ctx context.Context, params *ListOrganizationsFeaturesInput, optFns ...func(*Options)) (*ListOrganizationsFeaturesOutput, error)
// Lists all the managed policies that are available in your Amazon Web Services
// account, including your own customer-defined managed policies and all Amazon Web
// Services managed policies.
//
// You can filter the list of policies that is returned using the optional
// OnlyAttached , Scope , and PathPrefix parameters. For example, to list only the
// customer managed policies in your Amazon Web Services account, set Scope to
// Local . To list only Amazon Web Services managed policies, set Scope to AWS .
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// For more information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view all of the information for a
// customer manged policy, see GetPolicy.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListPolicies(ctx context.Context, params *ListPoliciesInput, optFns ...func(*Options)) (*ListPoliciesOutput, error)
// Retrieves a list of policies that the IAM identity (user, group, or role) can
// use to access each specified service.
//
// This operation does not use other policy types when determining whether a
// resource could access a service. These other policy types include resource-based
// policies, access control lists, Organizations policies, IAM permissions
// boundaries, and STS assume role policies. It only applies permissions policy
// logic. For more about the evaluation of policy types, see [Evaluating policies]in the IAM User Guide.
//
// The list of policies returned by the operation depends on the ARN of the
// identity that you provide.
//
// - User – The list of policies includes the managed and inline policies that
// are attached to the user directly. The list also includes any additional managed
// and inline policies that are attached to the group to which the user belongs.
//
// - Group – The list of policies includes only the managed and inline policies
// that are attached to the group directly. Policies that are attached to the
// group’s user are not included.
//
// - Role – The list of policies includes only the managed and inline policies
// that are attached to the role.
//
// For each managed policy, this operation returns the ARN and policy name. For
// each inline policy, it returns the policy name and the entity to which it is
// attached. Inline policies do not have an ARN. For more information about these
// policy types, see [Managed policies and inline policies]in the IAM User Guide.
//
// Policies that are attached to users and roles as permissions boundaries are not
// returned. To view which managed policy is currently used to set the permissions
// boundary for a user or role, use the GetUseror GetRole operations.
//
// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
ListPoliciesGrantingServiceAccess(ctx context.Context, params *ListPoliciesGrantingServiceAccessInput, optFns ...func(*Options)) (*ListPoliciesGrantingServiceAccessOutput, error)
// Lists the tags that are attached to the specified IAM customer managed policy.
// The returned list of tags is sorted by tag key. For more information about
// tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListPolicyTags(ctx context.Context, params *ListPolicyTagsInput, optFns ...func(*Options)) (*ListPolicyTagsOutput, error)
// Lists information about the versions of the specified managed policy, including
// the version that is currently set as the policy's default version.
//
// For more information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListPolicyVersions(ctx context.Context, params *ListPolicyVersionsInput, optFns ...func(*Options)) (*ListPolicyVersionsOutput, error)
// Lists the names of the inline policies that are embedded in the specified IAM
// role.
//
// An IAM role can also have managed policies attached to it. To list the managed
// policies that are attached to a role, use ListAttachedRolePolicies. For more information about
// policies, see [Managed policies and inline policies]in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If there
// are no inline policies embedded with the specified role, the operation returns
// an empty list.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListRolePolicies(ctx context.Context, params *ListRolePoliciesInput, optFns ...func(*Options)) (*ListRolePoliciesOutput, error)
// Lists the tags that are attached to the specified role. The returned list of
// tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources]in the IAM
// User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListRoleTags(ctx context.Context, params *ListRoleTagsInput, optFns ...func(*Options)) (*ListRoleTagsOutput, error)
// Lists the IAM roles that have the specified path prefix. If there are none, the
// operation returns an empty list. For more information about roles, see [IAM roles]in the
// IAM User Guide.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. This operation does not return the following attributes, even
// though they are an attribute of the returned object:
//
// - PermissionsBoundary
//
// - RoleLastUsed
//
// - Tags
//
// To view all of the information for a role, see GetRole.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
ListRoles(ctx context.Context, params *ListRolesInput, optFns ...func(*Options)) (*ListRolesOutput, error)
// Lists the tags that are attached to the specified Security Assertion Markup
// Language (SAML) identity provider. The returned list of tags is sorted by tag
// key. For more information, see [About SAML 2.0-based federation].
//
// For more information about tagging, see [Tagging IAM resources] in the IAM User Guide.
//
// [About SAML 2.0-based federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListSAMLProviderTags(ctx context.Context, params *ListSAMLProviderTagsInput, optFns ...func(*Options)) (*ListSAMLProviderTagsOutput, error)
// Lists the SAML provider resource objects defined in IAM in the account. IAM
// resource-listing operations return a subset of the available attributes for the
// resource. For example, this operation does not return tags, even though they are
// an attribute of the returned object. To view all of the information for a SAML
// provider, see GetSAMLProvider.
//
// This operation requires [Signature Version 4].
//
// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
ListSAMLProviders(ctx context.Context, params *ListSAMLProvidersInput, optFns ...func(*Options)) (*ListSAMLProvidersOutput, error)
// Returns information about the SSH public keys associated with the specified IAM
// user. If none exists, the operation returns an empty list.
//
// The SSH public keys returned by this operation are used only for authenticating
// the IAM user to an CodeCommit repository. For more information about using SSH
// keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the CodeCommit User
// Guide.
//
// Although each user is limited to a small number of keys, you can still paginate
// the results using the MaxItems and Marker parameters.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
ListSSHPublicKeys(ctx context.Context, params *ListSSHPublicKeysInput, optFns ...func(*Options)) (*ListSSHPublicKeysOutput, error)
// Lists the tags that are attached to the specified IAM server certificate. The
// returned list of tags is sorted by tag key. For more information about tagging,
// see [Tagging IAM resources]in the IAM User Guide.
//
// For certificates in a Region supported by Certificate Manager (ACM), we
// recommend that you don't use IAM server certificates. Instead, use ACM to
// provision, manage, and deploy your server certificates. For more information
// about IAM server certificates, [Working with server certificates]in the IAM User Guide.
//
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListServerCertificateTags(ctx context.Context, params *ListServerCertificateTagsInput, optFns ...func(*Options)) (*ListServerCertificateTagsOutput, error)
// Lists the server certificates stored in IAM that have the specified path
// prefix. If none exist, the operation returns an empty list.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic also includes a list of Amazon Web Services services that
// can use the server certificates that you manage with IAM.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view all of the information for a
// servercertificate, see GetServerCertificate.
//
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
ListServerCertificates(ctx context.Context, params *ListServerCertificatesInput, optFns ...func(*Options)) (*ListServerCertificatesOutput, error)
// Returns information about the service-specific credentials associated with the
// specified IAM user. If none exists, the operation returns an empty list. The
// service-specific credentials returned by this operation are used only for
// authenticating the IAM user to a specific service. For more information about
// using service-specific credentials to authenticate to an Amazon Web Services
// service, see [Set up service-specific credentials]in the CodeCommit User Guide.
//
// [Set up service-specific credentials]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html
ListServiceSpecificCredentials(ctx context.Context, params *ListServiceSpecificCredentialsInput, optFns ...func(*Options)) (*ListServiceSpecificCredentialsOutput, error)
// Returns information about the signing certificates associated with the
// specified IAM user. If none exists, the operation returns an empty list.
//
// Although each user is limited to a small number of signing certificates, you
// can still paginate the results using the MaxItems and Marker parameters.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request for this
// operation. This operation works for access keys under the Amazon Web Services
// account. Consequently, you can use this operation to manage Amazon Web Services
// account root user credentials even if the Amazon Web Services account has no
// associated users.
ListSigningCertificates(ctx context.Context, params *ListSigningCertificatesInput, optFns ...func(*Options)) (*ListSigningCertificatesOutput, error)
// Lists the names of the inline policies embedded in the specified IAM user.
//
// An IAM user can also have managed policies attached to it. To list the managed
// policies that are attached to a user, use ListAttachedUserPolicies. For more information about
// policies, see [Managed policies and inline policies]in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If there
// are no inline policies embedded with the specified user, the operation returns
// an empty list.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListUserPolicies(ctx context.Context, params *ListUserPoliciesInput, optFns ...func(*Options)) (*ListUserPoliciesOutput, error)
// Lists the tags that are attached to the specified IAM user. The returned list
// of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources]in the
// IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListUserTags(ctx context.Context, params *ListUserTagsInput, optFns ...func(*Options)) (*ListUserTagsOutput, error)
// Lists the IAM users that have the specified path prefix. If no path prefix is
// specified, the operation returns all users in the Amazon Web Services account.
// If there are none, the operation returns an empty list.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. This operation does not return the following attributes, even
// though they are an attribute of the returned object:
//
// - PermissionsBoundary
//
// - Tags
//
// To view all of the information for a user, see GetUser.
//
// You can paginate the results using the MaxItems and Marker parameters.
ListUsers(ctx context.Context, params *ListUsersInput, optFns ...func(*Options)) (*ListUsersOutput, error)
// Lists the virtual MFA devices defined in the Amazon Web Services account by
// assignment status. If you do not specify an assignment status, the operation
// returns a list of all virtual MFA devices. Assignment status can be Assigned ,
// Unassigned , or Any .
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view tag information for a virtual
// MFA device, see ListMFADeviceTags.
//
// You can paginate the results using the MaxItems and Marker parameters.
ListVirtualMFADevices(ctx context.Context, params *ListVirtualMFADevicesInput, optFns ...func(*Options)) (*ListVirtualMFADevicesOutput, error)
// Adds or updates an inline policy document that is embedded in the specified IAM
// group.
//
// A user can also have managed policies attached to it. To attach a managed
// policy to a group, use [AttachGroupPolicy]AttachGroupPolicy . To create a new managed policy, use [CreatePolicy]
// CreatePolicy . For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For information about the maximum number of inline policies that you can embed
// in a group, see [IAM and STS quotas]in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET when
// calling PutGroupPolicy . For general information about using the Query API with
// IAM, see [Making query requests]in the IAM User Guide.
//
// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
// [AttachGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
PutGroupPolicy(ctx context.Context, params *PutGroupPolicyInput, optFns ...func(*Options)) (*PutGroupPolicyOutput, error)
// Adds or updates the policy that is specified as the IAM role's permissions
// boundary. You can use an Amazon Web Services managed policy or a customer
// managed policy to set the boundary for a role. Use the boundary to control the
// maximum permissions that the role can have. Setting a permissions boundary is an
// advanced feature that can affect the permissions for the role.
//
// You cannot set the boundary for a service-linked role.
//
// Policies used as permissions boundaries do not provide permissions. You must
// also attach a permissions policy to the role. To learn how the effective
// permissions for a role are evaluated, see [IAM JSON policy evaluation logic]in the IAM User Guide.
//
// [IAM JSON policy evaluation logic]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
PutRolePermissionsBoundary(ctx context.Context, params *PutRolePermissionsBoundaryInput, optFns ...func(*Options)) (*PutRolePermissionsBoundaryOutput, error)
// Adds or updates an inline policy document that is embedded in the specified IAM
// role.
//
// When you embed an inline policy in a role, the inline policy is used as part of
// the role's access (permissions) policy. The role's trust policy is created at
// the same time as the role, using [CreateRole]CreateRole . You can update a role's trust
// policy using [UpdateAssumeRolePolicy]UpdateAssumeRolePolicy . For more information about roles, see [IAM roles] in
// the IAM User Guide.
//
// A role can also have a managed policy attached to it. To attach a managed
// policy to a role, use [AttachRolePolicy]AttachRolePolicy . To create a new managed policy, use [CreatePolicy]
// CreatePolicy . For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For information about the maximum number of inline policies that you can embed
// with a role, see [IAM and STS quotas]in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET when
// calling PutRolePolicy . For general information about using the Query API with
// IAM, see [Making query requests]in the IAM User Guide.
//
// [UpdateAssumeRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
// [AttachRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html
// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
// [CreateRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
PutRolePolicy(ctx context.Context, params *PutRolePolicyInput, optFns ...func(*Options)) (*PutRolePolicyOutput, error)
// Adds or updates the policy that is specified as the IAM user's permissions
// boundary. You can use an Amazon Web Services managed policy or a customer
// managed policy to set the boundary for a user. Use the boundary to control the
// maximum permissions that the user can have. Setting a permissions boundary is an
// advanced feature that can affect the permissions for the user.
//
// Policies that are used as permissions boundaries do not provide permissions.
// You must also attach a permissions policy to the user. To learn how the
// effective permissions for a user are evaluated, see [IAM JSON policy evaluation logic]in the IAM User Guide.
//
// [IAM JSON policy evaluation logic]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
PutUserPermissionsBoundary(ctx context.Context, params *PutUserPermissionsBoundaryInput, optFns ...func(*Options)) (*PutUserPermissionsBoundaryOutput, error)
// Adds or updates an inline policy document that is embedded in the specified IAM
// user.
//
// An IAM user can also have a managed policy attached to it. To attach a managed
// policy to a user, use [AttachUserPolicy]AttachUserPolicy . To create a new managed policy, use [CreatePolicy]
// CreatePolicy . For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For information about the maximum number of inline policies that you can embed
// in a user, see [IAM and STS quotas]in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET when
// calling PutUserPolicy . For general information about using the Query API with
// IAM, see [Making query requests]in the IAM User Guide.
//
// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
// [AttachUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
PutUserPolicy(ctx context.Context, params *PutUserPolicyInput, optFns ...func(*Options)) (*PutUserPolicyOutput, error)
// Removes the specified client ID (also known as audience) from the list of
// client IDs registered for the specified IAM OpenID Connect (OIDC) provider
// resource object.
//
// This operation is idempotent; it does not fail or return an error if you try to
// remove a client ID that does not exist.
RemoveClientIDFromOpenIDConnectProvider(ctx context.Context, params *RemoveClientIDFromOpenIDConnectProviderInput, optFns ...func(*Options)) (*RemoveClientIDFromOpenIDConnectProviderOutput, error)
// Removes the specified IAM role from the specified Amazon EC2 instance profile.
//
// Make sure that you do not have any Amazon EC2 instances running with the role
// you are about to remove from the instance profile. Removing a role from an
// instance profile that is associated with a running instance might break any
// applications running on the instance.
//
// For more information about roles, see [IAM roles] in the IAM User Guide. For more
// information about instance profiles, see [Using instance profiles]in the IAM User Guide.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
RemoveRoleFromInstanceProfile(ctx context.Context, params *RemoveRoleFromInstanceProfileInput, optFns ...func(*Options)) (*RemoveRoleFromInstanceProfileOutput, error)
// Removes the specified user from the specified group.
RemoveUserFromGroup(ctx context.Context, params *RemoveUserFromGroupInput, optFns ...func(*Options)) (*RemoveUserFromGroupOutput, error)
// Resets the password for a service-specific credential. The new password is
// Amazon Web Services generated and cryptographically strong. It cannot be
// configured by the user. Resetting the password immediately invalidates the
// previous password associated with this user.
ResetServiceSpecificCredential(ctx context.Context, params *ResetServiceSpecificCredentialInput, optFns ...func(*Options)) (*ResetServiceSpecificCredentialOutput, error)
// Synchronizes the specified MFA device with its IAM resource object on the
// Amazon Web Services servers.
//
// For more information about creating and working with virtual MFA devices, see [Using a virtual MFA device]
// in the IAM User Guide.
//
// [Using a virtual MFA device]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
ResyncMFADevice(ctx context.Context, params *ResyncMFADeviceInput, optFns ...func(*Options)) (*ResyncMFADeviceOutput, error)
// Sets the specified version of the specified policy as the policy's default
// (operative) version.
//
// This operation affects all users, groups, and roles that the policy is attached
// to. To list the users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy.
//
// For information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
SetDefaultPolicyVersion(ctx context.Context, params *SetDefaultPolicyVersionInput, optFns ...func(*Options)) (*SetDefaultPolicyVersionOutput, error)
// Sets the specified version of the global endpoint token as the token version
// used for the Amazon Web Services account.
//
// By default, Security Token Service (STS) is available as a global service, and
// all STS requests go to a single endpoint at https://sts.amazonaws.com . Amazon
// Web Services recommends using Regional STS endpoints to reduce latency, build in
// redundancy, and increase session token availability. For information about
// Regional endpoints for STS, see [Security Token Service endpoints and quotas]in the Amazon Web Services General Reference.
//
// If you make an STS call to the global endpoint, the resulting session tokens
// might be valid in some Regions but not others. It depends on the version that is
// set in this operation. Version 1 tokens are valid only in Amazon Web Services
// Regions that are available by default. These tokens do not work in manually
// enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in
// all Regions. However, version 2 tokens are longer and might affect systems where
// you temporarily store tokens. For information, see [Activating and deactivating STS in an Amazon Web Services Region]in the IAM User Guide.
//
// To view the current session token version, see the GlobalEndpointTokenVersion
// entry in the response of the GetAccountSummaryoperation.
//
// [Activating and deactivating STS in an Amazon Web Services Region]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
// [Security Token Service endpoints and quotas]: https://docs.aws.amazon.com/general/latest/gr/sts.html
SetSecurityTokenServicePreferences(ctx context.Context, params *SetSecurityTokenServicePreferencesInput, optFns ...func(*Options)) (*SetSecurityTokenServicePreferencesOutput, error)
// Simulate how a set of IAM policies and optionally a resource-based policy works
// with a list of API operations and Amazon Web Services resources to determine the
// policies' effective permissions. The policies are provided as strings.
//
// The simulation does not perform the API operations; it only checks the
// authorization to determine if the simulated policies allow or deny the
// operations. You can simulate resources that don't exist in your account.
//
// If you want to simulate existing policies that are attached to an IAM user,
// group, or role, use SimulatePrincipalPolicyinstead.
//
// Context keys are variables that are maintained by Amazon Web Services and its
// services and which provide details about the context of an API query request.
// You can use the Condition element of an IAM policy to evaluate context keys. To
// get the list of context keys that the policies require for correct simulation,
// use GetContextKeysForCustomPolicy.
//
// If the output is long, you can use MaxItems and Marker parameters to paginate
// the results.
//
// The IAM policy simulator evaluates statements in the identity-based policy and
// the inputs that you provide during simulation. The policy simulator results can
// differ from your live Amazon Web Services environment. We recommend that you
// check your policies against your live Amazon Web Services environment after
// testing using the policy simulator to confirm that you have the desired results.
// For more information about using the policy simulator, see [Testing IAM policies with the IAM policy simulator]in the IAM User
// Guide.
//
// [Testing IAM policies with the IAM policy simulator]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
SimulateCustomPolicy(ctx context.Context, params *SimulateCustomPolicyInput, optFns ...func(*Options)) (*SimulateCustomPolicyOutput, error)
// Simulate how a set of IAM policies attached to an IAM entity works with a list
// of API operations and Amazon Web Services resources to determine the policies'
// effective permissions. The entity can be an IAM user, group, or role. If you
// specify a user, then the simulation also includes all of the policies that are
// attached to groups that the user belongs to. You can simulate resources that
// don't exist in your account.
//
// You can optionally include a list of one or more additional policies specified
// as strings to include in the simulation. If you want to simulate only policies
// specified as strings, use SimulateCustomPolicyinstead.
//
// You can also optionally include one resource-based policy to be evaluated with
// each of the resources included in the simulation for IAM users only.
//
// The simulation does not perform the API operations; it only checks the
// authorization to determine if the simulated policies allow or deny the
// operations.
//
// Note: This operation discloses information about the permissions granted to
// other users. If you do not want users to see other user's permissions, then
// consider allowing them to use SimulateCustomPolicyinstead.
//
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. You can use the
// Condition element of an IAM policy to evaluate context keys. To get the list of
// context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.
//
// If the output is long, you can use the MaxItems and Marker parameters to
// paginate the results.
//
// The IAM policy simulator evaluates statements in the identity-based policy and
// the inputs that you provide during simulation. The policy simulator results can
// differ from your live Amazon Web Services environment. We recommend that you
// check your policies against your live Amazon Web Services environment after
// testing using the policy simulator to confirm that you have the desired results.
// For more information about using the policy simulator, see [Testing IAM policies with the IAM policy simulator]in the IAM User
// Guide.
//
// [Testing IAM policies with the IAM policy simulator]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
SimulatePrincipalPolicy(ctx context.Context, params *SimulatePrincipalPolicyInput, optFns ...func(*Options)) (*SimulatePrincipalPolicyOutput, error)
// Adds one or more tags to an IAM instance profile. If a tag with the same key
// name already exists, then that tag is overwritten with the new value.
//
// Each tag consists of a key name and an associated value. By assigning tags to
// your resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM instance profile
// that has a specified tag attached. For examples of policies that show how to use
// tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagInstanceProfile(ctx context.Context, params *TagInstanceProfileInput, optFns ...func(*Options)) (*TagInstanceProfileOutput, error)
// Adds one or more tags to an IAM virtual multi-factor authentication (MFA)
// device. If a tag with the same key name already exists, then that tag is
// overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM virtual MFA device
// that has a specified tag attached. For examples of policies that show how to use
// tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagMFADevice(ctx context.Context, params *TagMFADeviceInput, optFns ...func(*Options)) (*TagMFADeviceOutput, error)
// Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider.
// For more information about these providers, see [About web identity federation]. If a tag with the same key
// name already exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM identity-based and resource-based
// policies. You can use tags to restrict access to only an OIDC provider that has
// a specified tag attached. For examples of policies that show how to use tags to
// control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
TagOpenIDConnectProvider(ctx context.Context, params *TagOpenIDConnectProviderInput, optFns ...func(*Options)) (*TagOpenIDConnectProviderOutput, error)
// Adds one or more tags to an IAM customer managed policy. If a tag with the same
// key name already exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM customer managed
// policy that has a specified tag attached. For examples of policies that show how
// to use tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagPolicy(ctx context.Context, params *TagPolicyInput, optFns ...func(*Options)) (*TagPolicyOutput, error)
// Adds one or more tags to an IAM role. The role can be a regular role or a
// service-linked role. If a tag with the same key name already exists, then that
// tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM role that has a
// specified tag attached. You can also restrict access to only those resources
// that have a certain tag attached. For examples of policies that show how to use
// tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - Cost allocation - Use tags to help track which individuals and teams are
// using which Amazon Web Services resources.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// For more information about tagging, see [Tagging IAM identities] in the IAM User Guide.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [Tagging IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagRole(ctx context.Context, params *TagRoleInput, optFns ...func(*Options)) (*TagRoleOutput, error)
// Adds one or more tags to a Security Assertion Markup Language (SAML) identity
// provider. For more information about these providers, see [About SAML 2.0-based federation]. If a tag with the
// same key name already exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only a SAML identity provider
// that has a specified tag attached. For examples of policies that show how to use
// tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [About SAML 2.0-based federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagSAMLProvider(ctx context.Context, params *TagSAMLProviderInput, optFns ...func(*Options)) (*TagSAMLProviderOutput, error)
// Adds one or more tags to an IAM server certificate. If a tag with the same key
// name already exists, then that tag is overwritten with the new value.
//
// For certificates in a Region supported by Certificate Manager (ACM), we
// recommend that you don't use IAM server certificates. Instead, use ACM to
// provision, manage, and deploy your server certificates. For more information
// about IAM server certificates, [Working with server certificates]in the IAM User Guide.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only a server certificate that
// has a specified tag attached. For examples of policies that show how to use tags
// to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - Cost allocation - Use tags to help track which individuals and teams are
// using which Amazon Web Services resources.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagServerCertificate(ctx context.Context, params *TagServerCertificateInput, optFns ...func(*Options)) (*TagServerCertificateOutput, error)
// Adds one or more tags to an IAM user. If a tag with the same key name already
// exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM identity-based and resource-based
// policies. You can use tags to restrict access to only an IAM requesting user
// that has a specified tag attached. You can also restrict access to only those
// resources that have a certain tag attached. For examples of policies that show
// how to use tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - Cost allocation - Use tags to help track which individuals and teams are
// using which Amazon Web Services resources.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// For more information about tagging, see [Tagging IAM identities] in the IAM User Guide.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [Tagging IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagUser(ctx context.Context, params *TagUserInput, optFns ...func(*Options)) (*TagUserOutput, error)
// Removes the specified tags from the IAM instance profile. For more information
// about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagInstanceProfile(ctx context.Context, params *UntagInstanceProfileInput, optFns ...func(*Options)) (*UntagInstanceProfileOutput, error)
// Removes the specified tags from the IAM virtual multi-factor authentication
// (MFA) device. For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagMFADevice(ctx context.Context, params *UntagMFADeviceInput, optFns ...func(*Options)) (*UntagMFADeviceOutput, error)
// Removes the specified tags from the specified OpenID Connect (OIDC)-compatible
// identity provider in IAM. For more information about OIDC providers, see [About web identity federation]. For
// more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
UntagOpenIDConnectProvider(ctx context.Context, params *UntagOpenIDConnectProviderInput, optFns ...func(*Options)) (*UntagOpenIDConnectProviderOutput, error)
// Removes the specified tags from the customer managed policy. For more
// information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagPolicy(ctx context.Context, params *UntagPolicyInput, optFns ...func(*Options)) (*UntagPolicyOutput, error)
// Removes the specified tags from the role. For more information about tagging,
// see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagRole(ctx context.Context, params *UntagRoleInput, optFns ...func(*Options)) (*UntagRoleOutput, error)
// Removes the specified tags from the specified Security Assertion Markup
// Language (SAML) identity provider in IAM. For more information about these
// providers, see [About web identity federation]. For more information about tagging, see [Tagging IAM resources] in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
UntagSAMLProvider(ctx context.Context, params *UntagSAMLProviderInput, optFns ...func(*Options)) (*UntagSAMLProviderOutput, error)
// Removes the specified tags from the IAM server certificate. For more
// information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// For certificates in a Region supported by Certificate Manager (ACM), we
// recommend that you don't use IAM server certificates. Instead, use ACM to
// provision, manage, and deploy your server certificates. For more information
// about IAM server certificates, [Working with server certificates]in the IAM User Guide.
//
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagServerCertificate(ctx context.Context, params *UntagServerCertificateInput, optFns ...func(*Options)) (*UntagServerCertificateOutput, error)
// Removes the specified tags from the user. For more information about tagging,
// see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagUser(ctx context.Context, params *UntagUserInput, optFns ...func(*Options)) (*UntagUserOutput, error)
// Changes the status of the specified access key from Active to Inactive, or vice
// versa. This operation can be used to disable a user's key as part of a key
// rotation workflow.
//
// If the UserName is not specified, the user name is determined implicitly based
// on the Amazon Web Services access key ID used to sign the request. If a
// temporary access key is used, then UserName is required. If a long-term key is
// assigned to the user, then UserName is not required. This operation works for
// access keys under the Amazon Web Services account. Consequently, you can use
// this operation to manage Amazon Web Services account root user credentials even
// if the Amazon Web Services account has no associated users.
//
// For information about rotating keys, see [Managing keys and certificates] in the IAM User Guide.
//
// [Managing keys and certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html
UpdateAccessKey(ctx context.Context, params *UpdateAccessKeyInput, optFns ...func(*Options)) (*UpdateAccessKeyOutput, error)
// Updates the password policy settings for the Amazon Web Services account.
//
// This operation does not support partial updates. No parameters are required,
// but if you do not specify a parameter, that parameter's value reverts to its
// default value. See the Request Parameters section for each parameter's default
// value. Also note that some parameters do not allow the default parameter to be
// explicitly set. Instead, to invoke the default value, do not include that
// parameter when you invoke the operation.
//
// For more information about using a password policy, see [Managing an IAM password policy] in the IAM User Guide.
//
// [Managing an IAM password policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
UpdateAccountPasswordPolicy(ctx context.Context, params *UpdateAccountPasswordPolicyInput, optFns ...func(*Options)) (*UpdateAccountPasswordPolicyOutput, error)
// Updates the policy that grants an IAM entity permission to assume a role. This
// is typically referred to as the "role trust policy". For more information about
// roles, see [Using roles to delegate permissions and federate identities].
//
// [Using roles to delegate permissions and federate identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
UpdateAssumeRolePolicy(ctx context.Context, params *UpdateAssumeRolePolicyInput, optFns ...func(*Options)) (*UpdateAssumeRolePolicyOutput, error)
// Updates the name and/or the path of the specified IAM group.
//
// You should understand the implications of changing a group's path or name. For
// more information, see [Renaming users and groups]in the IAM User Guide.
//
// The person making the request (the principal), must have permission to change
// the role group with the old name and the new name. For example, to change the
// group named Managers to MGRs , the principal must have a policy that allows them
// to update both groups. If the principal has permission to update the Managers
// group, but not the MGRs group, then the update fails. For more information
// about permissions, see [Access management].
//
// [Access management]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
// [Renaming users and groups]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html
UpdateGroup(ctx context.Context, params *UpdateGroupInput, optFns ...func(*Options)) (*UpdateGroupOutput, error)
// Changes the password for the specified IAM user. You can use the CLI, the
// Amazon Web Services API, or the Users page in the IAM console to change the
// password for any IAM user. Use ChangePasswordto change your own password in the My Security
// Credentials page in the Amazon Web Services Management Console.
//
// For more information about modifying passwords, see [Managing passwords] in the IAM User Guide.
//
// [Managing passwords]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
UpdateLoginProfile(ctx context.Context, params *UpdateLoginProfileInput, optFns ...func(*Options)) (*UpdateLoginProfileOutput, error)
// Replaces the existing list of server certificate thumbprints associated with an
// OpenID Connect (OIDC) provider resource object with a new list of thumbprints.
//
// The list that you pass with this operation completely replaces the existing
// list of thumbprints. (The lists are not merged.)
//
// Typically, you need to update a thumbprint only when the identity provider
// certificate changes, which occurs rarely. However, if the provider's certificate
// does change, any attempt to assume an IAM role that specifies the OIDC provider
// as a principal fails until the certificate thumbprint is updated.
//
// Amazon Web Services secures communication with OIDC identity providers (IdPs)
// using our library of trusted root certificate authorities (CAs) to verify the
// JSON Web Key Set (JWKS) endpoint's TLS certificate. If your OIDC IdP relies on a
// certificate that is not signed by one of these trusted CAs, only then we secure
// communication using the thumbprints set in the IdP's configuration.
//
// Trust for the OIDC provider is derived from the provider certificate and is
// validated by the thumbprint. Therefore, it is best to limit access to the
// UpdateOpenIDConnectProviderThumbprint operation to highly privileged users.
UpdateOpenIDConnectProviderThumbprint(ctx context.Context, params *UpdateOpenIDConnectProviderThumbprintInput, optFns ...func(*Options)) (*UpdateOpenIDConnectProviderThumbprintOutput, error)
// Updates the description or maximum session duration setting of a role.
UpdateRole(ctx context.Context, params *UpdateRoleInput, optFns ...func(*Options)) (*UpdateRoleOutput, error)
// Use UpdateRole instead.
//
// Modifies only the description of a role. This operation performs the same
// function as the Description parameter in the UpdateRole operation.
UpdateRoleDescription(ctx context.Context, params *UpdateRoleDescriptionInput, optFns ...func(*Options)) (*UpdateRoleDescriptionOutput, error)
// Updates the metadata document for an existing SAML provider resource object.
//
// This operation requires [Signature Version 4].
//
// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
UpdateSAMLProvider(ctx context.Context, params *UpdateSAMLProviderInput, optFns ...func(*Options)) (*UpdateSAMLProviderOutput, error)
// Sets the status of an IAM user's SSH public key to active or inactive. SSH
// public keys that are inactive cannot be used for authentication. This operation
// can be used to disable a user's SSH public key as part of a key rotation work
// flow.
//
// The SSH public key affected by this operation is used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information about
// using SSH keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the
// CodeCommit User Guide.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
UpdateSSHPublicKey(ctx context.Context, params *UpdateSSHPublicKeyInput, optFns ...func(*Options)) (*UpdateSSHPublicKeyOutput, error)
// Updates the name and/or the path of the specified server certificate stored in
// IAM.
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic also includes a list of Amazon Web Services services that
// can use the server certificates that you manage with IAM.
//
// You should understand the implications of changing a server certificate's path
// or name. For more information, see [Renaming a server certificate]in the IAM User Guide.
//
// The person making the request (the principal), must have permission to change
// the server certificate with the old name and the new name. For example, to
// change the certificate named ProductionCert to ProdCert , the principal must
// have a policy that allows them to update both certificates. If the principal has
// permission to update the ProductionCert group, but not the ProdCert
// certificate, then the update fails. For more information about permissions, see [Access management]
// in the IAM User Guide.
//
// [Renaming a server certificate]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts
// [Access management]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
UpdateServerCertificate(ctx context.Context, params *UpdateServerCertificateInput, optFns ...func(*Options)) (*UpdateServerCertificateOutput, error)
// Sets the status of a service-specific credential to Active or Inactive .
// Service-specific credentials that are inactive cannot be used for authentication
// to the service. This operation can be used to disable a user's service-specific
// credential as part of a credential rotation work flow.
UpdateServiceSpecificCredential(ctx context.Context, params *UpdateServiceSpecificCredentialInput, optFns ...func(*Options)) (*UpdateServiceSpecificCredentialOutput, error)
// Changes the status of the specified user signing certificate from active to
// disabled, or vice versa. This operation can be used to disable an IAM user's
// signing certificate as part of a certificate rotation work flow.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
UpdateSigningCertificate(ctx context.Context, params *UpdateSigningCertificateInput, optFns ...func(*Options)) (*UpdateSigningCertificateOutput, error)
// Updates the name and/or the path of the specified IAM user.
//
// You should understand the implications of changing an IAM user's path or name.
// For more information, see [Renaming an IAM user]and [Renaming an IAM group] in the IAM User Guide.
//
// To change a user name, the requester must have appropriate permissions on both
// the source object and the target object. For example, to change Bob to Robert,
// the entity making the request must have permission on Bob and Robert, or must
// have permission on all (*). For more information about permissions, see [Permissions and policies].
//
// [Renaming an IAM user]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming
// [Renaming an IAM group]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html
// [Permissions and policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html
UpdateUser(ctx context.Context, params *UpdateUserInput, optFns ...func(*Options)) (*UpdateUserOutput, error)
// Uploads an SSH public key and associates it with the specified IAM user.
//
// The SSH public key uploaded by this operation can be used only for
// authenticating the associated IAM user to an CodeCommit repository. For more
// information about using SSH keys to authenticate to an CodeCommit repository,
// see [Set up CodeCommit for SSH connections]in the CodeCommit User Guide.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
UploadSSHPublicKey(ctx context.Context, params *UploadSSHPublicKeyInput, optFns ...func(*Options)) (*UploadSSHPublicKeyOutput, error)
// Uploads a server certificate entity for the Amazon Web Services account. The
// server certificate entity includes a public key certificate, a private key, and
// an optional certificate chain, which should all be PEM-encoded.
//
// We recommend that you use [Certificate Manager] to provision, manage, and deploy your server
// certificates. With ACM you can request a certificate, deploy it to Amazon Web
// Services resources, and let ACM handle certificate renewals for you.
// Certificates provided by ACM are free. For more information about using ACM, see
// the [Certificate Manager User Guide].
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic includes a list of Amazon Web Services services that can
// use the server certificates that you manage with IAM.
//
// For information about the number of server certificates you can upload, see [IAM and STS quotas] in
// the IAM User Guide.
//
// Because the body of the public key certificate, private key, and the
// certificate chain can be large, you should use POST rather than GET when calling
// UploadServerCertificate . For information about setting up signatures and
// authorization through the API, see [Signing Amazon Web Services API requests]in the Amazon Web Services General
// Reference. For general information about using the Query API with IAM, see [Calling the API by making HTTP query requests]in
// the IAM User Guide.
//
// [Certificate Manager]: https://docs.aws.amazon.com/acm/
// [Certificate Manager User Guide]: https://docs.aws.amazon.com/acm/latest/userguide/
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Signing Amazon Web Services API requests]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
// [Calling the API by making HTTP query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html
UploadServerCertificate(ctx context.Context, params *UploadServerCertificateInput, optFns ...func(*Options)) (*UploadServerCertificateOutput, error)
// Uploads an X.509 signing certificate and associates it with the specified IAM
// user. Some Amazon Web Services services require you to use certificates to
// validate requests that are signed with a corresponding private key. When you
// upload the certificate, its default status is Active .
//
// For information about when you would use an X.509 signing certificate, see [Managing server certificates in IAM] in
// the IAM User Guide.
//
// If the UserName is not specified, the IAM user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
//
// Because the body of an X.509 certificate can be large, you should use POST
// rather than GET when calling UploadSigningCertificate . For information about
// setting up signatures and authorization through the API, see [Signing Amazon Web Services API requests]in the Amazon Web
// Services General Reference. For general information about using the Query API
// with IAM, see [Making query requests]in the IAM User Guide.
//
// [Managing server certificates in IAM]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
// [Signing Amazon Web Services API requests]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
UploadSigningCertificate(ctx context.Context, params *UploadSigningCertificateInput, optFns ...func(*Options)) (*UploadSigningCertificateOutput, error)
}
IAM provides an interface to the AWS IAM service.
type Outposts ¶ added in v0.112.0
type Outposts interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() outposts.Options
// Cancels the capacity task.
CancelCapacityTask(ctx context.Context, params *CancelCapacityTaskInput, optFns ...func(*Options)) (*CancelCapacityTaskOutput, error)
// Cancels the specified order for an Outpost.
CancelOrder(ctx context.Context, params *CancelOrderInput, optFns ...func(*Options)) (*CancelOrderOutput, error)
// Creates an order for an Outpost.
CreateOrder(ctx context.Context, params *CreateOrderInput, optFns ...func(*Options)) (*CreateOrderOutput, error)
// Creates an Outpost.
//
// You can specify either an Availability one or an AZ ID.
CreateOutpost(ctx context.Context, params *CreateOutpostInput, optFns ...func(*Options)) (*CreateOutpostOutput, error)
// Creates a site for an Outpost.
CreateSite(ctx context.Context, params *CreateSiteInput, optFns ...func(*Options)) (*CreateSiteOutput, error)
// Deletes the specified Outpost.
DeleteOutpost(ctx context.Context, params *DeleteOutpostInput, optFns ...func(*Options)) (*DeleteOutpostOutput, error)
// Deletes the specified site.
DeleteSite(ctx context.Context, params *DeleteSiteInput, optFns ...func(*Options)) (*DeleteSiteOutput, error)
// Gets details of the specified capacity task.
GetCapacityTask(ctx context.Context, params *GetCapacityTaskInput, optFns ...func(*Options)) (*GetCapacityTaskOutput, error)
// Gets information about the specified catalog item.
GetCatalogItem(ctx context.Context, params *GetCatalogItemInput, optFns ...func(*Options)) (*GetCatalogItemOutput, error)
// Amazon Web Services uses this action to install Outpost servers.
//
// Gets information about the specified connection.
//
// Use CloudTrail to monitor this action or Amazon Web Services managed policy for
// Amazon Web Services Outposts to secure it. For more information, see [Amazon Web Services managed policies for Amazon Web Services Outposts]and [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail] in
// the Amazon Web Services Outposts User Guide.
//
// [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail]: https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html
// [Amazon Web Services managed policies for Amazon Web Services Outposts]: https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html
GetConnection(ctx context.Context, params *GetConnectionInput, optFns ...func(*Options)) (*GetConnectionOutput, error)
// Gets information about the specified order.
GetOrder(ctx context.Context, params *GetOrderInput, optFns ...func(*Options)) (*GetOrderOutput, error)
// Gets information about the specified Outpost.
GetOutpost(ctx context.Context, params *GetOutpostInput, optFns ...func(*Options)) (*GetOutpostOutput, error)
// Gets the instance types for the specified Outpost.
GetOutpostInstanceTypes(ctx context.Context, params *GetOutpostInstanceTypesInput, optFns ...func(*Options)) (*GetOutpostInstanceTypesOutput, error)
// Gets the instance types that an Outpost can support in InstanceTypeCapacity .
// This will generally include instance types that are not currently configured and
// therefore cannot be launched with the current Outpost capacity configuration.
GetOutpostSupportedInstanceTypes(ctx context.Context, params *GetOutpostSupportedInstanceTypesInput, optFns ...func(*Options)) (*GetOutpostSupportedInstanceTypesOutput, error)
// Gets information about the specified Outpost site.
GetSite(ctx context.Context, params *GetSiteInput, optFns ...func(*Options)) (*GetSiteOutput, error)
// Gets the site address of the specified site.
GetSiteAddress(ctx context.Context, params *GetSiteAddressInput, optFns ...func(*Options)) (*GetSiteAddressOutput, error)
// A list of Amazon EC2 instances, belonging to all accounts, running on the
// specified Outpost. Does not include Amazon EBS or Amazon S3 instances.
ListAssetInstances(ctx context.Context, params *ListAssetInstancesInput, optFns ...func(*Options)) (*ListAssetInstancesOutput, error)
// Lists the hardware assets for the specified Outpost.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListAssets(ctx context.Context, params *ListAssetsInput, optFns ...func(*Options)) (*ListAssetsOutput, error)
// A list of Amazon EC2 instances running on the Outpost and belonging to the
// account that initiated the capacity task. Use this list to specify the instances
// you cannot stop to free up capacity to run the capacity task.
ListBlockingInstancesForCapacityTask(ctx context.Context, params *ListBlockingInstancesForCapacityTaskInput, optFns ...func(*Options)) (*ListBlockingInstancesForCapacityTaskOutput, error)
// Lists the capacity tasks for your Amazon Web Services account.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListCapacityTasks(ctx context.Context, params *ListCapacityTasksInput, optFns ...func(*Options)) (*ListCapacityTasksOutput, error)
// Lists the items in the catalog.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListCatalogItems(ctx context.Context, params *ListCatalogItemsInput, optFns ...func(*Options)) (*ListCatalogItemsOutput, error)
// Lists the Outpost orders for your Amazon Web Services account.
ListOrders(ctx context.Context, params *ListOrdersInput, optFns ...func(*Options)) (*ListOrdersOutput, error)
// Lists the Outposts for your Amazon Web Services account.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListOutposts(ctx context.Context, params *ListOutpostsInput, optFns ...func(*Options)) (*ListOutpostsOutput, error)
// Lists the Outpost sites for your Amazon Web Services account. Use filters to
// return specific results.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListSites(ctx context.Context, params *ListSitesInput, optFns ...func(*Options)) (*ListSitesOutput, error)
// Lists the tags for the specified resource.
ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
// Starts the specified capacity task. You can have one active capacity task per
// order or Outpost.
StartCapacityTask(ctx context.Context, params *StartCapacityTaskInput, optFns ...func(*Options)) (*StartCapacityTaskOutput, error)
// Amazon Web Services uses this action to install Outpost servers.
//
// Starts the connection required for Outpost server installation.
//
// Use CloudTrail to monitor this action or Amazon Web Services managed policy for
// Amazon Web Services Outposts to secure it. For more information, see [Amazon Web Services managed policies for Amazon Web Services Outposts]and [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail] in
// the Amazon Web Services Outposts User Guide.
//
// [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail]: https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html
// [Amazon Web Services managed policies for Amazon Web Services Outposts]: https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html
StartConnection(ctx context.Context, params *StartConnectionInput, optFns ...func(*Options)) (*StartConnectionOutput, error)
// Adds tags to the specified resource.
TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)
// Removes tags from the specified resource.
UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)
// Updates an Outpost.
UpdateOutpost(ctx context.Context, params *UpdateOutpostInput, optFns ...func(*Options)) (*UpdateOutpostOutput, error)
// Updates the specified site.
UpdateSite(ctx context.Context, params *UpdateSiteInput, optFns ...func(*Options)) (*UpdateSiteOutput, error)
// Updates the address of the specified site.
//
// You can't update a site address if there is an order in progress. You must wait
// for the order to complete or cancel the order.
//
// You can update the operating address before you place an order at the site, or
// after all Outposts that belong to the site have been deactivated.
UpdateSiteAddress(ctx context.Context, params *UpdateSiteAddressInput, optFns ...func(*Options)) (*UpdateSiteAddressOutput, error)
// Update the physical and logistical details for a rack at a site. For more
// information about hardware requirements for racks, see [Network readiness checklist]in the Amazon Web
// Services Outposts User Guide.
//
// To update a rack at a site with an order of IN_PROGRESS , you must wait for the
// order to complete or cancel the order.
//
// [Network readiness checklist]: https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#checklist
UpdateSiteRackPhysicalProperties(ctx context.Context, params *UpdateSiteRackPhysicalPropertiesInput, optFns ...func(*Options)) (*UpdateSiteRackPhysicalPropertiesOutput, error)
}
Outposts provides an interface to the AWS Outposts service.
type SSM ¶ added in v0.91.0
type SSM interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() ssm.Options
// Adds or overwrites one or more tags for the specified resource. Tags are
// metadata that you can assign to your automations, documents, managed nodes,
// maintenance windows, Parameter Store parameters, and patch baselines. Tags
// enable you to categorize your resources in different ways, for example, by
// purpose, owner, or environment. Each tag consists of a key and an optional
// value, both of which you define. For example, you could define a set of tags for
// your account's managed nodes that helps you track each node's owner and stack
// level. For example:
//
// - Key=Owner,Value=DbAdmin
//
// - Key=Owner,Value=SysAdmin
//
// - Key=Owner,Value=Dev
//
// - Key=Stack,Value=Production
//
// - Key=Stack,Value=Pre-Production
//
// - Key=Stack,Value=Test
//
// Most resources can have a maximum of 50 tags. Automations can have a maximum of
// 5 tags.
//
// We recommend that you devise a set of tag keys that meets your needs for each
// resource type. Using a consistent set of tag keys makes it easier for you to
// manage your resources. You can search and filter the resources based on the tags
// you add. Tags don't have any semantic meaning to and are interpreted strictly as
// a string of characters.
//
// For more information about using tags with Amazon Elastic Compute Cloud (Amazon
// EC2) instances, see [Tag your Amazon EC2 resources]in the Amazon EC2 User Guide.
//
// [Tag your Amazon EC2 resources]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
AddTagsToResource(ctx context.Context, params *AddTagsToResourceInput, optFns ...func(*Options)) (*AddTagsToResourceOutput, error)
// Associates a related item to a Systems Manager OpsCenter OpsItem. For example,
// you can associate an Incident Manager incident or analysis with an OpsItem.
// Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems
// Manager.
AssociateOpsItemRelatedItem(ctx context.Context, params *AssociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*AssociateOpsItemRelatedItemOutput, error)
// Attempts to cancel the command specified by the Command ID. There is no
// guarantee that the command will be terminated and the underlying process
// stopped.
CancelCommand(ctx context.Context, params *CancelCommandInput, optFns ...func(*Options)) (*CancelCommandOutput, error)
// Stops a maintenance window execution that is already in progress and cancels
// any tasks in the window that haven't already starting running. Tasks already in
// progress will continue to completion.
CancelMaintenanceWindowExecution(ctx context.Context, params *CancelMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*CancelMaintenanceWindowExecutionOutput, error)
// Generates an activation code and activation ID you can use to register your
// on-premises servers, edge devices, or virtual machine (VM) with Amazon Web
// Services Systems Manager. Registering these machines with Systems Manager makes
// it possible to manage them using Systems Manager capabilities. You use the
// activation code and ID when installing SSM Agent on machines in your hybrid
// environment. For more information about requirements for managing on-premises
// machines using Systems Manager, see [Using Amazon Web Services Systems Manager in hybrid and multicloud environments]in the Amazon Web Services Systems Manager
// User Guide.
//
// Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and
// on-premises servers and VMs that are configured for Systems Manager are all
// called managed nodes.
//
// [Using Amazon Web Services Systems Manager in hybrid and multicloud environments]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-hybrid-multicloud.html
CreateActivation(ctx context.Context, params *CreateActivationInput, optFns ...func(*Options)) (*CreateActivationOutput, error)
// A State Manager association defines the state that you want to maintain on your
// managed nodes. For example, an association can specify that anti-virus software
// must be installed and running on your managed nodes, or that certain ports must
// be closed. For static targets, the association specifies a schedule for when the
// configuration is reapplied. For dynamic targets, such as an Amazon Web Services
// resource group or an Amazon Web Services autoscaling group, State Manager, a
// capability of Amazon Web Services Systems Manager applies the configuration when
// new managed nodes are added to the group. The association also specifies actions
// to take when applying the configuration. For example, an association for
// anti-virus software might run once a day. If the software isn't installed, then
// State Manager installs it. If the software is installed, but the service isn't
// running, then the association might instruct State Manager to start the service.
CreateAssociation(ctx context.Context, params *CreateAssociationInput, optFns ...func(*Options)) (*CreateAssociationOutput, error)
// Associates the specified Amazon Web Services Systems Manager document (SSM
// document) with the specified managed nodes or targets.
//
// When you associate a document with one or more managed nodes using IDs or tags,
// Amazon Web Services Systems Manager Agent (SSM Agent) running on the managed
// node processes the document and configures the node as specified.
//
// If you associate a document with a managed node that already has an associated
// document, the system returns the AssociationAlreadyExists exception.
CreateAssociationBatch(ctx context.Context, params *CreateAssociationBatchInput, optFns ...func(*Options)) (*CreateAssociationBatchOutput, error)
// Creates a Amazon Web Services Systems Manager (SSM document). An SSM document
// defines the actions that Systems Manager performs on your managed nodes. For
// more information about SSM documents, including information about supported
// schemas, features, and syntax, see [Amazon Web Services Systems Manager Documents]in the Amazon Web Services Systems Manager
// User Guide.
//
// [Amazon Web Services Systems Manager Documents]: https://docs.aws.amazon.com/systems-manager/latest/userguide/documents.html
CreateDocument(ctx context.Context, params *CreateDocumentInput, optFns ...func(*Options)) (*CreateDocumentOutput, error)
// Creates a new maintenance window.
//
// The value you specify for Duration determines the specific end time for the
// maintenance window based on the time it begins. No maintenance window tasks are
// permitted to start after the resulting endtime minus the number of hours you
// specify for Cutoff . For example, if the maintenance window starts at 3 PM, the
// duration is three hours, and the value you specify for Cutoff is one hour, no
// maintenance window tasks can start after 5 PM.
CreateMaintenanceWindow(ctx context.Context, params *CreateMaintenanceWindowInput, optFns ...func(*Options)) (*CreateMaintenanceWindowOutput, error)
// Creates a new OpsItem. You must have permission in Identity and Access
// Management (IAM) to create a new OpsItem. For more information, see [Set up OpsCenter]in the
// Amazon Web Services Systems Manager User Guide.
//
// Operations engineers and IT professionals use Amazon Web Services Systems
// Manager OpsCenter to view, investigate, and remediate operational issues
// impacting the performance and health of their Amazon Web Services resources. For
// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
CreateOpsItem(ctx context.Context, params *CreateOpsItemInput, optFns ...func(*Options)) (*CreateOpsItemOutput, error)
// If you create a new application in Application Manager, Amazon Web Services
// Systems Manager calls this API operation to specify information about the new
// application, including the application type.
CreateOpsMetadata(ctx context.Context, params *CreateOpsMetadataInput, optFns ...func(*Options)) (*CreateOpsMetadataOutput, error)
// Creates a patch baseline.
//
// For information about valid key-value pairs in PatchFilters for each supported
// operating system type, see PatchFilter.
CreatePatchBaseline(ctx context.Context, params *CreatePatchBaselineInput, optFns ...func(*Options)) (*CreatePatchBaselineOutput, error)
// A resource data sync helps you view data from multiple sources in a single
// location. Amazon Web Services Systems Manager offers two types of resource data
// sync: SyncToDestination and SyncFromSource .
//
// You can configure Systems Manager Inventory to use the SyncToDestination type
// to synchronize Inventory data from multiple Amazon Web Services Regions to a
// single Amazon Simple Storage Service (Amazon S3) bucket. For more information,
// see [Creating a resource data sync for Inventory]in the Amazon Web Services Systems Manager User Guide.
//
// You can configure Systems Manager Explorer to use the SyncFromSource type to
// synchronize operational work items (OpsItems) and operational data (OpsData)
// from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This
// type can synchronize OpsItems and OpsData from multiple Amazon Web Services
// accounts and Amazon Web Services Regions or EntireOrganization by using
// Organizations. For more information, see [Setting up Systems Manager Explorer to display data from multiple accounts and Regions]in the Amazon Web Services Systems
// Manager User Guide.
//
// A resource data sync is an asynchronous operation that returns immediately.
// After a successful initial sync is completed, the system continuously syncs
// data. To check the status of a sync, use the ListResourceDataSync.
//
// By default, data isn't encrypted in Amazon S3. We strongly recommend that you
// enable encryption in Amazon S3 to ensure secure data storage. We also recommend
// that you secure access to the Amazon S3 bucket by creating a restrictive bucket
// policy.
//
// [Setting up Systems Manager Explorer to display data from multiple accounts and Regions]: https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer-resource-data-sync.html
// [Creating a resource data sync for Inventory]: https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-create-resource-data-sync.html
CreateResourceDataSync(ctx context.Context, params *CreateResourceDataSyncInput, optFns ...func(*Options)) (*CreateResourceDataSyncOutput, error)
// Deletes an activation. You aren't required to delete an activation. If you
// delete an activation, you can no longer use it to register additional managed
// nodes. Deleting an activation doesn't de-register managed nodes. You must
// manually de-register managed nodes.
DeleteActivation(ctx context.Context, params *DeleteActivationInput, optFns ...func(*Options)) (*DeleteActivationOutput, error)
// Disassociates the specified Amazon Web Services Systems Manager document (SSM
// document) from the specified managed node. If you created the association by
// using the Targets parameter, then you must delete the association by using the
// association ID.
//
// When you disassociate a document from a managed node, it doesn't change the
// configuration of the node. To change the configuration state of a managed node
// after you disassociate a document, you must create a new document with the
// desired configuration and associate it with the node.
DeleteAssociation(ctx context.Context, params *DeleteAssociationInput, optFns ...func(*Options)) (*DeleteAssociationOutput, error)
// Deletes the Amazon Web Services Systems Manager document (SSM document) and all
// managed node associations to the document.
//
// Before you delete the document, we recommend that you use DeleteAssociation to disassociate all
// managed nodes that are associated with the document.
DeleteDocument(ctx context.Context, params *DeleteDocumentInput, optFns ...func(*Options)) (*DeleteDocumentOutput, error)
// Delete a custom inventory type or the data associated with a custom Inventory
// type. Deleting a custom inventory type is also referred to as deleting a custom
// inventory schema.
DeleteInventory(ctx context.Context, params *DeleteInventoryInput, optFns ...func(*Options)) (*DeleteInventoryOutput, error)
// Deletes a maintenance window.
DeleteMaintenanceWindow(ctx context.Context, params *DeleteMaintenanceWindowInput, optFns ...func(*Options)) (*DeleteMaintenanceWindowOutput, error)
// Delete an OpsItem. You must have permission in Identity and Access Management
// (IAM) to delete an OpsItem.
//
// Note the following important information about this operation.
//
// - Deleting an OpsItem is irreversible. You can't restore a deleted OpsItem.
//
// - This operation uses an eventual consistency model, which means the system
// can take a few minutes to complete this operation. If you delete an OpsItem and
// immediately call, for example, GetOpsItem, the deleted OpsItem might still appear in
// the response.
//
// - This operation is idempotent. The system doesn't throw an exception if you
// repeatedly call this operation for the same OpsItem. If the first call is
// successful, all additional calls return the same successful response as the
// first call.
//
// - This operation doesn't support cross-account calls. A delegated
// administrator or management account can't delete OpsItems in other accounts,
// even if OpsCenter has been set up for cross-account administration. For more
// information about cross-account administration, see [Setting up OpsCenter to centrally manage OpsItems across accounts]in the Systems Manager
// User Guide.
//
// [Setting up OpsCenter to centrally manage OpsItems across accounts]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setting-up-cross-account.html
DeleteOpsItem(ctx context.Context, params *DeleteOpsItemInput, optFns ...func(*Options)) (*DeleteOpsItemOutput, error)
// Delete OpsMetadata related to an application.
DeleteOpsMetadata(ctx context.Context, params *DeleteOpsMetadataInput, optFns ...func(*Options)) (*DeleteOpsMetadataOutput, error)
// Delete a parameter from the system. After deleting a parameter, wait for at
// least 30 seconds to create a parameter with the same name.
DeleteParameter(ctx context.Context, params *DeleteParameterInput, optFns ...func(*Options)) (*DeleteParameterOutput, error)
// Delete a list of parameters. After deleting a parameter, wait for at least 30
// seconds to create a parameter with the same name.
DeleteParameters(ctx context.Context, params *DeleteParametersInput, optFns ...func(*Options)) (*DeleteParametersOutput, error)
// Deletes a patch baseline.
DeletePatchBaseline(ctx context.Context, params *DeletePatchBaselineInput, optFns ...func(*Options)) (*DeletePatchBaselineOutput, error)
// Deletes a resource data sync configuration. After the configuration is deleted,
// changes to data on managed nodes are no longer synced to or from the target.
// Deleting a sync configuration doesn't delete data.
DeleteResourceDataSync(ctx context.Context, params *DeleteResourceDataSyncInput, optFns ...func(*Options)) (*DeleteResourceDataSyncOutput, error)
// Deletes a Systems Manager resource policy. A resource policy helps you to
// define the IAM entity (for example, an Amazon Web Services account) that can
// manage your Systems Manager resources. The following resources support Systems
// Manager resource policies.
//
// - OpsItemGroup - The resource policy for OpsItemGroup enables Amazon Web
// Services accounts to view and interact with OpsCenter operational work items
// (OpsItems).
//
// - Parameter - The resource policy is used to share a parameter with other
// accounts using Resource Access Manager (RAM). For more information about
// cross-account sharing of parameters, see [Working with shared parameters]in the Amazon Web Services Systems
// Manager User Guide.
//
// [Working with shared parameters]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html
DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)
// Removes the server or virtual machine from the list of registered servers. You
// can reregister the node again at any time. If you don't plan to use Run Command
// on the server, we suggest uninstalling SSM Agent first.
DeregisterManagedInstance(ctx context.Context, params *DeregisterManagedInstanceInput, optFns ...func(*Options)) (*DeregisterManagedInstanceOutput, error)
// Removes a patch group from a patch baseline.
DeregisterPatchBaselineForPatchGroup(ctx context.Context, params *DeregisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*DeregisterPatchBaselineForPatchGroupOutput, error)
// Removes a target from a maintenance window.
DeregisterTargetFromMaintenanceWindow(ctx context.Context, params *DeregisterTargetFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTargetFromMaintenanceWindowOutput, error)
// Removes a task from a maintenance window.
DeregisterTaskFromMaintenanceWindow(ctx context.Context, params *DeregisterTaskFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTaskFromMaintenanceWindowOutput, error)
// Describes details about the activation, such as the date and time the
// activation was created, its expiration date, the Identity and Access Management
// (IAM) role assigned to the managed nodes in the activation, and the number of
// nodes registered by using this activation.
DescribeActivations(ctx context.Context, params *DescribeActivationsInput, optFns ...func(*Options)) (*DescribeActivationsOutput, error)
// Describes the association for the specified target or managed node. If you
// created the association by using the Targets parameter, then you must retrieve
// the association by using the association ID.
DescribeAssociation(ctx context.Context, params *DescribeAssociationInput, optFns ...func(*Options)) (*DescribeAssociationOutput, error)
// Views information about a specific execution of a specific association.
DescribeAssociationExecutionTargets(ctx context.Context, params *DescribeAssociationExecutionTargetsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionTargetsOutput, error)
// Views all executions for a specific association ID.
DescribeAssociationExecutions(ctx context.Context, params *DescribeAssociationExecutionsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionsOutput, error)
// Provides details about all active and terminated Automation executions.
DescribeAutomationExecutions(ctx context.Context, params *DescribeAutomationExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationExecutionsOutput, error)
// Information about all active and terminated step executions in an Automation
// workflow.
DescribeAutomationStepExecutions(ctx context.Context, params *DescribeAutomationStepExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationStepExecutionsOutput, error)
// Lists all patches eligible to be included in a patch baseline.
//
// Currently, DescribeAvailablePatches supports only the Amazon Linux 1, Amazon
// Linux 2, and Windows Server operating systems.
DescribeAvailablePatches(ctx context.Context, params *DescribeAvailablePatchesInput, optFns ...func(*Options)) (*DescribeAvailablePatchesOutput, error)
// Describes the specified Amazon Web Services Systems Manager document (SSM
// document).
DescribeDocument(ctx context.Context, params *DescribeDocumentInput, optFns ...func(*Options)) (*DescribeDocumentOutput, error)
// Describes the permissions for a Amazon Web Services Systems Manager document
// (SSM document). If you created the document, you are the owner. If a document is
// shared, it can either be shared privately (by specifying a user's Amazon Web
// Services account ID) or publicly (All).
DescribeDocumentPermission(ctx context.Context, params *DescribeDocumentPermissionInput, optFns ...func(*Options)) (*DescribeDocumentPermissionOutput, error)
// All associations for the managed nodes.
DescribeEffectiveInstanceAssociations(ctx context.Context, params *DescribeEffectiveInstanceAssociationsInput, optFns ...func(*Options)) (*DescribeEffectiveInstanceAssociationsOutput, error)
// Retrieves the current effective patches (the patch and the approval state) for
// the specified patch baseline. Applies to patch baselines for Windows only.
DescribeEffectivePatchesForPatchBaseline(ctx context.Context, params *DescribeEffectivePatchesForPatchBaselineInput, optFns ...func(*Options)) (*DescribeEffectivePatchesForPatchBaselineOutput, error)
// The status of the associations for the managed nodes.
DescribeInstanceAssociationsStatus(ctx context.Context, params *DescribeInstanceAssociationsStatusInput, optFns ...func(*Options)) (*DescribeInstanceAssociationsStatusOutput, error)
// Provides information about one or more of your managed nodes, including the
// operating system platform, SSM Agent version, association status, and IP
// address. This operation does not return information for nodes that are either
// Stopped or Terminated.
//
// If you specify one or more node IDs, the operation returns information for
// those managed nodes. If you don't specify node IDs, it returns information for
// all your managed nodes. If you specify a node ID that isn't valid or a node that
// you don't own, you receive an error.
//
// The IamRole field returned for this API operation is the role assigned to an
// Amazon EC2 instance configured with a Systems Manager Quick Setup host
// management configuration or the role assigned to an on-premises managed node.
DescribeInstanceInformation(ctx context.Context, params *DescribeInstanceInformationInput, optFns ...func(*Options)) (*DescribeInstanceInformationOutput, error)
// Retrieves the high-level patch state of one or more managed nodes.
DescribeInstancePatchStates(ctx context.Context, params *DescribeInstancePatchStatesInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesOutput, error)
// Retrieves the high-level patch state for the managed nodes in the specified
// patch group.
DescribeInstancePatchStatesForPatchGroup(ctx context.Context, params *DescribeInstancePatchStatesForPatchGroupInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesForPatchGroupOutput, error)
// Retrieves information about the patches on the specified managed node and their
// state relative to the patch baseline being used for the node.
DescribeInstancePatches(ctx context.Context, params *DescribeInstancePatchesInput, optFns ...func(*Options)) (*DescribeInstancePatchesOutput, error)
// An API operation used by the Systems Manager console to display information
// about Systems Manager managed nodes.
DescribeInstanceProperties(ctx context.Context, params *DescribeInstancePropertiesInput, optFns ...func(*Options)) (*DescribeInstancePropertiesOutput, error)
// Describes a specific delete inventory operation.
DescribeInventoryDeletions(ctx context.Context, params *DescribeInventoryDeletionsInput, optFns ...func(*Options)) (*DescribeInventoryDeletionsOutput, error)
// Retrieves the individual task executions (one per target) for a particular task
// run as part of a maintenance window execution.
DescribeMaintenanceWindowExecutionTaskInvocations(ctx context.Context, params *DescribeMaintenanceWindowExecutionTaskInvocationsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTaskInvocationsOutput, error)
// For a given maintenance window execution, lists the tasks that were run.
DescribeMaintenanceWindowExecutionTasks(ctx context.Context, params *DescribeMaintenanceWindowExecutionTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTasksOutput, error)
// Lists the executions of a maintenance window. This includes information about
// when the maintenance window was scheduled to be active, and information about
// tasks registered and run with the maintenance window.
DescribeMaintenanceWindowExecutions(ctx context.Context, params *DescribeMaintenanceWindowExecutionsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionsOutput, error)
// Retrieves information about upcoming executions of a maintenance window.
DescribeMaintenanceWindowSchedule(ctx context.Context, params *DescribeMaintenanceWindowScheduleInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowScheduleOutput, error)
// Lists the targets registered with the maintenance window.
DescribeMaintenanceWindowTargets(ctx context.Context, params *DescribeMaintenanceWindowTargetsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTargetsOutput, error)
// Lists the tasks in a maintenance window.
//
// For maintenance window tasks without a specified target, you can't supply
// values for --max-errors and --max-concurrency . Instead, the system inserts a
// placeholder value of 1 , which may be reported in the response to this command.
// These values don't affect the running of your task and can be ignored.
DescribeMaintenanceWindowTasks(ctx context.Context, params *DescribeMaintenanceWindowTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTasksOutput, error)
// Retrieves the maintenance windows in an Amazon Web Services account.
DescribeMaintenanceWindows(ctx context.Context, params *DescribeMaintenanceWindowsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsOutput, error)
// Retrieves information about the maintenance window targets or tasks that a
// managed node is associated with.
DescribeMaintenanceWindowsForTarget(ctx context.Context, params *DescribeMaintenanceWindowsForTargetInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsForTargetOutput, error)
// Query a set of OpsItems. You must have permission in Identity and Access
// Management (IAM) to query a list of OpsItems. For more information, see [Set up OpsCenter]in the
// Amazon Web Services Systems Manager User Guide.
//
// Operations engineers and IT professionals use Amazon Web Services Systems
// Manager OpsCenter to view, investigate, and remediate operational issues
// impacting the performance and health of their Amazon Web Services resources. For
// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
DescribeOpsItems(ctx context.Context, params *DescribeOpsItemsInput, optFns ...func(*Options)) (*DescribeOpsItemsOutput, error)
// Lists the parameters in your Amazon Web Services account or the parameters
// shared with you when you enable the [Shared]option.
//
// Request results are returned on a best-effort basis. If you specify MaxResults
// in the request, the response includes information up to the limit specified. The
// number of items returned, however, can be between zero and the value of
// MaxResults . If the service reaches an internal limit while processing the
// results, it stops the operation and returns the matching values up to that point
// and a NextToken . You can specify the NextToken in a subsequent call to get the
// next set of results.
//
// If you change the KMS key alias for the KMS key used to encrypt a parameter,
// then you must also update the key alias the parameter uses to reference KMS.
// Otherwise, DescribeParameters retrieves whatever the original key alias was
// referencing.
//
// [Shared]: https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html#systemsmanager-DescribeParameters-request-Shared
DescribeParameters(ctx context.Context, params *DescribeParametersInput, optFns ...func(*Options)) (*DescribeParametersOutput, error)
// Lists the patch baselines in your Amazon Web Services account.
DescribePatchBaselines(ctx context.Context, params *DescribePatchBaselinesInput, optFns ...func(*Options)) (*DescribePatchBaselinesOutput, error)
// Returns high-level aggregated patch compliance state information for a patch
// group.
DescribePatchGroupState(ctx context.Context, params *DescribePatchGroupStateInput, optFns ...func(*Options)) (*DescribePatchGroupStateOutput, error)
// Lists all patch groups that have been registered with patch baselines.
DescribePatchGroups(ctx context.Context, params *DescribePatchGroupsInput, optFns ...func(*Options)) (*DescribePatchGroupsOutput, error)
// Lists the properties of available patches organized by product, product family,
// classification, severity, and other properties of available patches. You can use
// the reported properties in the filters you specify in requests for operations
// such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.
//
// The following section lists the properties that can be used in filters for each
// major operating system type:
//
// AMAZON_LINUX Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// AMAZON_LINUX_2 Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// AMAZON_LINUX_2023 Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// CENTOS Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// DEBIAN Valid properties: PRODUCT | PRIORITY
//
// MACOS Valid properties: PRODUCT | CLASSIFICATION
//
// ORACLE_LINUX Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// REDHAT_ENTERPRISE_LINUX Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// SUSE Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// UBUNTU Valid properties: PRODUCT | PRIORITY
//
// WINDOWS Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION |
// MSRC_SEVERITY
DescribePatchProperties(ctx context.Context, params *DescribePatchPropertiesInput, optFns ...func(*Options)) (*DescribePatchPropertiesOutput, error)
// Retrieves a list of all active sessions (both connected and disconnected) or
// terminated sessions from the past 30 days.
DescribeSessions(ctx context.Context, params *DescribeSessionsInput, optFns ...func(*Options)) (*DescribeSessionsOutput, error)
// Deletes the association between an OpsItem and a related item. For example,
// this API operation can delete an Incident Manager incident from an OpsItem.
// Incident Manager is a capability of Amazon Web Services Systems Manager.
DisassociateOpsItemRelatedItem(ctx context.Context, params *DisassociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*DisassociateOpsItemRelatedItemOutput, error)
// Get detailed information about a particular Automation execution.
GetAutomationExecution(ctx context.Context, params *GetAutomationExecutionInput, optFns ...func(*Options)) (*GetAutomationExecutionOutput, error)
// Gets the state of a Amazon Web Services Systems Manager change calendar at the
// current time or a specified time. If you specify a time, GetCalendarState
// returns the state of the calendar at that specific time, and returns the next
// time that the change calendar state will transition. If you don't specify a
// time, GetCalendarState uses the current time. Change Calendar entries have two
// possible states: OPEN or CLOSED .
//
// If you specify more than one calendar in a request, the command returns the
// status of OPEN only if all calendars in the request are open. If one or more
// calendars in the request are closed, the status returned is CLOSED .
//
// For more information about Change Calendar, a capability of Amazon Web Services
// Systems Manager, see [Amazon Web Services Systems Manager Change Calendar]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager Change Calendar]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html
GetCalendarState(ctx context.Context, params *GetCalendarStateInput, optFns ...func(*Options)) (*GetCalendarStateOutput, error)
// Returns detailed information about command execution for an invocation or
// plugin. The Run Command API follows an eventual consistency model, due to the
// distributed nature of the system supporting the API. This means that the result
// of an API command you run that affects your resources might not be immediately
// visible to all subsequent commands you run. You should keep this in mind when
// you carry out an API command that immediately follows a previous API command.
//
// GetCommandInvocation only gives the execution status of a plugin in a document.
// To get the command execution status on a specific managed node, use ListCommandInvocations. To get
// the command execution status across managed nodes, use ListCommands.
GetCommandInvocation(ctx context.Context, params *GetCommandInvocationInput, optFns ...func(*Options)) (*GetCommandInvocationOutput, error)
// Retrieves the Session Manager connection status for a managed node to determine
// whether it is running and ready to receive Session Manager connections.
GetConnectionStatus(ctx context.Context, params *GetConnectionStatusInput, optFns ...func(*Options)) (*GetConnectionStatusOutput, error)
// Retrieves the default patch baseline. Amazon Web Services Systems Manager
// supports creating multiple default patch baselines. For example, you can create
// a default patch baseline for each operating system.
//
// If you don't specify an operating system value, the default patch baseline for
// Windows is returned.
GetDefaultPatchBaseline(ctx context.Context, params *GetDefaultPatchBaselineInput, optFns ...func(*Options)) (*GetDefaultPatchBaselineOutput, error)
// Retrieves the current snapshot for the patch baseline the managed node uses.
// This API is primarily used by the AWS-RunPatchBaseline Systems Manager document
// (SSM document).
//
// If you run the command locally, such as with the Command Line Interface (CLI),
// the system attempts to use your local Amazon Web Services credentials and the
// operation fails. To avoid this, you can run the command in the Amazon Web
// Services Systems Manager console. Use Run Command, a capability of Amazon Web
// Services Systems Manager, with an SSM document that enables you to target a
// managed node with a script or command. For example, run the command using the
// AWS-RunShellScript document or the AWS-RunPowerShellScript document.
GetDeployablePatchSnapshotForInstance(ctx context.Context, params *GetDeployablePatchSnapshotForInstanceInput, optFns ...func(*Options)) (*GetDeployablePatchSnapshotForInstanceOutput, error)
// Gets the contents of the specified Amazon Web Services Systems Manager document
// (SSM document).
GetDocument(ctx context.Context, params *GetDocumentInput, optFns ...func(*Options)) (*GetDocumentOutput, error)
// Initiates the process of retrieving an existing preview that shows the effects
// that running a specified Automation runbook would have on the targeted
// resources.
GetExecutionPreview(ctx context.Context, params *GetExecutionPreviewInput, optFns ...func(*Options)) (*GetExecutionPreviewOutput, error)
// Query inventory information. This includes managed node status, such as Stopped
// or Terminated .
GetInventory(ctx context.Context, params *GetInventoryInput, optFns ...func(*Options)) (*GetInventoryOutput, error)
// Return a list of inventory type names for the account, or return a list of
// attribute names for a specific Inventory item type.
GetInventorySchema(ctx context.Context, params *GetInventorySchemaInput, optFns ...func(*Options)) (*GetInventorySchemaOutput, error)
// Retrieves a maintenance window.
GetMaintenanceWindow(ctx context.Context, params *GetMaintenanceWindowInput, optFns ...func(*Options)) (*GetMaintenanceWindowOutput, error)
// Retrieves details about a specific a maintenance window execution.
GetMaintenanceWindowExecution(ctx context.Context, params *GetMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionOutput, error)
// Retrieves the details about a specific task run as part of a maintenance window
// execution.
GetMaintenanceWindowExecutionTask(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskOutput, error)
// Retrieves information about a specific task running on a specific target.
GetMaintenanceWindowExecutionTaskInvocation(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInvocationInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskInvocationOutput, error)
// Retrieves the details of a maintenance window task.
//
// For maintenance window tasks without a specified target, you can't supply
// values for --max-errors and --max-concurrency . Instead, the system inserts a
// placeholder value of 1 , which may be reported in the response to this command.
// These values don't affect the running of your task and can be ignored.
//
// To retrieve a list of tasks in a maintenance window, instead use the DescribeMaintenanceWindowTasks command.
GetMaintenanceWindowTask(ctx context.Context, params *GetMaintenanceWindowTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowTaskOutput, error)
// Get information about an OpsItem by using the ID. You must have permission in
// Identity and Access Management (IAM) to view information about an OpsItem. For
// more information, see [Set up OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// Operations engineers and IT professionals use Amazon Web Services Systems
// Manager OpsCenter to view, investigate, and remediate operational issues
// impacting the performance and health of their Amazon Web Services resources. For
// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
GetOpsItem(ctx context.Context, params *GetOpsItemInput, optFns ...func(*Options)) (*GetOpsItemOutput, error)
// View operational metadata related to an application in Application Manager.
GetOpsMetadata(ctx context.Context, params *GetOpsMetadataInput, optFns ...func(*Options)) (*GetOpsMetadataOutput, error)
// View a summary of operations metadata (OpsData) based on specified filters and
// aggregators. OpsData can include information about Amazon Web Services Systems
// Manager OpsCenter operational workitems (OpsItems) as well as information about
// any Amazon Web Services resource or service configured to report OpsData to
// Amazon Web Services Systems Manager Explorer.
GetOpsSummary(ctx context.Context, params *GetOpsSummaryInput, optFns ...func(*Options)) (*GetOpsSummaryOutput, error)
// Get information about a single parameter by specifying the parameter name.
//
// To get information about more than one parameter at a time, use the GetParameters operation.
GetParameter(ctx context.Context, params *GetParameterInput, optFns ...func(*Options)) (*GetParameterOutput, error)
// Retrieves the history of all changes to a parameter.
//
// If you change the KMS key alias for the KMS key used to encrypt a parameter,
// then you must also update the key alias the parameter uses to reference KMS.
// Otherwise, GetParameterHistory retrieves whatever the original key alias was
// referencing.
GetParameterHistory(ctx context.Context, params *GetParameterHistoryInput, optFns ...func(*Options)) (*GetParameterHistoryOutput, error)
// Get information about one or more parameters by specifying multiple parameter
// names.
//
// To get information about a single parameter, you can use the GetParameter operation instead.
GetParameters(ctx context.Context, params *GetParametersInput, optFns ...func(*Options)) (*GetParametersOutput, error)
// Retrieve information about one or more parameters in a specific hierarchy.
//
// Request results are returned on a best-effort basis. If you specify MaxResults
// in the request, the response includes information up to the limit specified. The
// number of items returned, however, can be between zero and the value of
// MaxResults . If the service reaches an internal limit while processing the
// results, it stops the operation and returns the matching values up to that point
// and a NextToken . You can specify the NextToken in a subsequent call to get the
// next set of results.
GetParametersByPath(ctx context.Context, params *GetParametersByPathInput, optFns ...func(*Options)) (*GetParametersByPathOutput, error)
// Retrieves information about a patch baseline.
GetPatchBaseline(ctx context.Context, params *GetPatchBaselineInput, optFns ...func(*Options)) (*GetPatchBaselineOutput, error)
// Retrieves the patch baseline that should be used for the specified patch group.
GetPatchBaselineForPatchGroup(ctx context.Context, params *GetPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*GetPatchBaselineForPatchGroupOutput, error)
// Returns an array of the Policy object.
GetResourcePolicies(ctx context.Context, params *GetResourcePoliciesInput, optFns ...func(*Options)) (*GetResourcePoliciesOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of false . This means the user can't use
// this feature unless they change the setting to true and intentionally opt in
// for a paid feature.
//
// Services map a SettingId object to a setting value. Amazon Web Services
// services teams define the default value for a SettingId . You can't create a new
// SettingId , but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API operation to
// change the default setting. Or use the ResetServiceSettingto change the value back to the original
// value defined by the Amazon Web Services service team.
//
// Query the current service setting for the Amazon Web Services account.
GetServiceSetting(ctx context.Context, params *GetServiceSettingInput, optFns ...func(*Options)) (*GetServiceSettingOutput, error)
// A parameter label is a user-defined alias to help you manage different versions
// of a parameter. When you modify a parameter, Amazon Web Services Systems Manager
// automatically saves a new version and increments the version number by one. A
// label can help you remember the purpose of a parameter when there are multiple
// versions.
//
// Parameter labels have the following requirements and restrictions.
//
// - A version of a parameter can have a maximum of 10 labels.
//
// - You can't attach the same label to different versions of the same
// parameter. For example, if version 1 has the label Production, then you can't
// attach Production to version 2.
//
// - You can move a label from one version of a parameter to another.
//
// - You can't create a label when you create a new parameter. You must attach a
// label to a specific version of a parameter.
//
// - If you no longer want to use a parameter label, then you can either delete
// it or move it to a different version of a parameter.
//
// - A label can have a maximum of 100 characters.
//
// - Labels can contain letters (case sensitive), numbers, periods (.), hyphens
// (-), or underscores (_).
//
// - Labels can't begin with a number, " aws " or " ssm " (not case sensitive).
// If a label fails to meet these requirements, then the label isn't associated
// with a parameter and the system displays it in the list of InvalidLabels.
LabelParameterVersion(ctx context.Context, params *LabelParameterVersionInput, optFns ...func(*Options)) (*LabelParameterVersionOutput, error)
// Retrieves all versions of an association for a specific association ID.
ListAssociationVersions(ctx context.Context, params *ListAssociationVersionsInput, optFns ...func(*Options)) (*ListAssociationVersionsOutput, error)
// Returns all State Manager associations in the current Amazon Web Services
// account and Amazon Web Services Region. You can limit the results to a specific
// State Manager association document or managed node by specifying a filter. State
// Manager is a capability of Amazon Web Services Systems Manager.
ListAssociations(ctx context.Context, params *ListAssociationsInput, optFns ...func(*Options)) (*ListAssociationsOutput, error)
// An invocation is copy of a command sent to a specific managed node. A command
// can apply to one or more managed nodes. A command invocation applies to one
// managed node. For example, if a user runs SendCommand against three managed
// nodes, then a command invocation is created for each requested managed node ID.
// ListCommandInvocations provide status about command execution.
ListCommandInvocations(ctx context.Context, params *ListCommandInvocationsInput, optFns ...func(*Options)) (*ListCommandInvocationsOutput, error)
// Lists the commands requested by users of the Amazon Web Services account.
ListCommands(ctx context.Context, params *ListCommandsInput, optFns ...func(*Options)) (*ListCommandsOutput, error)
// For a specified resource ID, this API operation returns a list of compliance
// statuses for different resource types. Currently, you can only specify one
// resource ID per call. List results depend on the criteria specified in the
// filter.
ListComplianceItems(ctx context.Context, params *ListComplianceItemsInput, optFns ...func(*Options)) (*ListComplianceItemsOutput, error)
// Returns a summary count of compliant and non-compliant resources for a
// compliance type. For example, this call can return State Manager associations,
// patches, or custom compliance types according to the filter criteria that you
// specify.
ListComplianceSummaries(ctx context.Context, params *ListComplianceSummariesInput, optFns ...func(*Options)) (*ListComplianceSummariesOutput, error)
// Information about approval reviews for a version of a change template in Change
// Manager.
ListDocumentMetadataHistory(ctx context.Context, params *ListDocumentMetadataHistoryInput, optFns ...func(*Options)) (*ListDocumentMetadataHistoryOutput, error)
// List all versions for a document.
ListDocumentVersions(ctx context.Context, params *ListDocumentVersionsInput, optFns ...func(*Options)) (*ListDocumentVersionsOutput, error)
// Returns all Systems Manager (SSM) documents in the current Amazon Web Services
// account and Amazon Web Services Region. You can limit the results of this
// request by using a filter.
ListDocuments(ctx context.Context, params *ListDocumentsInput, optFns ...func(*Options)) (*ListDocumentsOutput, error)
// A list of inventory items returned by the request.
ListInventoryEntries(ctx context.Context, params *ListInventoryEntriesInput, optFns ...func(*Options)) (*ListInventoryEntriesOutput, error)
// Takes in filters and returns a list of managed nodes matching the filter
// criteria.
ListNodes(ctx context.Context, params *ListNodesInput, optFns ...func(*Options)) (*ListNodesOutput, error)
// Generates a summary of managed instance/node metadata based on the filters and
// aggregators you specify. Results are grouped by the input aggregator you
// specify.
ListNodesSummary(ctx context.Context, params *ListNodesSummaryInput, optFns ...func(*Options)) (*ListNodesSummaryOutput, error)
// Returns a list of all OpsItem events in the current Amazon Web Services Region
// and Amazon Web Services account. You can limit the results to events associated
// with specific OpsItems by specifying a filter.
ListOpsItemEvents(ctx context.Context, params *ListOpsItemEventsInput, optFns ...func(*Options)) (*ListOpsItemEventsOutput, error)
// Lists all related-item resources associated with a Systems Manager OpsCenter
// OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager.
ListOpsItemRelatedItems(ctx context.Context, params *ListOpsItemRelatedItemsInput, optFns ...func(*Options)) (*ListOpsItemRelatedItemsOutput, error)
// Amazon Web Services Systems Manager calls this API operation when displaying
// all Application Manager OpsMetadata objects or blobs.
ListOpsMetadata(ctx context.Context, params *ListOpsMetadataInput, optFns ...func(*Options)) (*ListOpsMetadataOutput, error)
// Returns a resource-level summary count. The summary includes information about
// compliant and non-compliant statuses and detailed compliance-item severity
// counts, according to the filter criteria you specify.
ListResourceComplianceSummaries(ctx context.Context, params *ListResourceComplianceSummariesInput, optFns ...func(*Options)) (*ListResourceComplianceSummariesOutput, error)
// Lists your resource data sync configurations. Includes information about the
// last time a sync attempted to start, the last sync status, and the last time a
// sync successfully completed.
//
// The number of sync configurations might be too large to return using a single
// call to ListResourceDataSync . You can limit the number of sync configurations
// returned by using the MaxResults parameter. To determine whether there are more
// sync configurations to list, check the value of NextToken in the output. If
// there are more sync configurations to list, you can request them by specifying
// the NextToken returned in the call to the parameter of a subsequent call.
ListResourceDataSync(ctx context.Context, params *ListResourceDataSyncInput, optFns ...func(*Options)) (*ListResourceDataSyncOutput, error)
// Returns a list of the tags assigned to the specified resource.
//
// For information about the ID format for each supported resource type, see AddTagsToResource.
ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
// Shares a Amazon Web Services Systems Manager document (SSM document)publicly or
// privately. If you share a document privately, you must specify the Amazon Web
// Services user IDs for those people who can use the document. If you share a
// document publicly, you must specify All as the account ID.
ModifyDocumentPermission(ctx context.Context, params *ModifyDocumentPermissionInput, optFns ...func(*Options)) (*ModifyDocumentPermissionOutput, error)
// Registers a compliance type and other compliance details on a designated
// resource. This operation lets you register custom compliance details with a
// resource. This call overwrites existing compliance information on the resource,
// so you must provide a full list of compliance items each time that you send the
// request.
//
// ComplianceType can be one of the following:
//
// - ExecutionId: The execution ID when the patch, association, or custom
// compliance item was applied.
//
// - ExecutionType: Specify patch, association, or Custom: string .
//
// - ExecutionTime. The time the patch, association, or custom compliance item
// was applied to the managed node.
//
// - Id: The patch, association, or custom compliance ID.
//
// - Title: A title.
//
// - Status: The status of the compliance item. For example, approved for
// patches, or Failed for associations.
//
// - Severity: A patch severity. For example, Critical .
//
// - DocumentName: An SSM document name. For example, AWS-RunPatchBaseline .
//
// - DocumentVersion: An SSM document version number. For example, 4.
//
// - Classification: A patch classification. For example, security updates .
//
// - PatchBaselineId: A patch baseline ID.
//
// - PatchSeverity: A patch severity. For example, Critical .
//
// - PatchState: A patch state. For example, InstancesWithFailedPatches .
//
// - PatchGroup: The name of a patch group.
//
// - InstalledTime: The time the association, patch, or custom compliance item
// was applied to the resource. Specify the time by using the following format:
// yyyy-MM-dd'T'HH:mm:ss'Z'
PutComplianceItems(ctx context.Context, params *PutComplianceItemsInput, optFns ...func(*Options)) (*PutComplianceItemsOutput, error)
// Bulk update custom inventory items on one or more managed nodes. The request
// adds an inventory item, if it doesn't already exist, or updates an inventory
// item, if it does exist.
PutInventory(ctx context.Context, params *PutInventoryInput, optFns ...func(*Options)) (*PutInventoryOutput, error)
// Add a parameter to the system.
PutParameter(ctx context.Context, params *PutParameterInput, optFns ...func(*Options)) (*PutParameterOutput, error)
// Creates or updates a Systems Manager resource policy. A resource policy helps
// you to define the IAM entity (for example, an Amazon Web Services account) that
// can manage your Systems Manager resources. The following resources support
// Systems Manager resource policies.
//
// - OpsItemGroup - The resource policy for OpsItemGroup enables Amazon Web
// Services accounts to view and interact with OpsCenter operational work items
// (OpsItems).
//
// - Parameter - The resource policy is used to share a parameter with other
// accounts using Resource Access Manager (RAM).
//
// To share a parameter, it must be in the advanced parameter tier. For
//
// information about parameter tiers, see [Managing parameter tiers]. For information about changing an
// existing standard parameter to an advanced parameter, see [Changing a standard parameter to an advanced parameter].
//
// To share a SecureString parameter, it must be encrypted with a customer managed
//
// key, and you must share the key separately through Key Management Service.
// Amazon Web Services managed keys cannot be shared. Parameters encrypted with the
// default Amazon Web Services managed key can be updated to use a customer managed
// key instead. For KMS key definitions, see [KMS concepts]in the Key Management Service
// Developer Guide.
//
// While you can share a parameter using the Systems Manager PutResourcePolicy
//
// operation, we recommend using Resource Access Manager (RAM) instead. This is
// because using PutResourcePolicy requires the extra step of promoting the
// parameter to a standard RAM Resource Share using the RAM [PromoteResourceShareCreatedFromPolicy]API operation.
// Otherwise, the parameter won't be returned by the Systems Manager [DescribeParameters]API
// operation using the --shared option.
//
// For more information, see [Sharing a parameter]in the Amazon Web Services Systems Manager User Guide
//
// [Sharing a parameter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html#share
//
// [Managing parameter tiers]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html
// [Changing a standard parameter to an advanced parameter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html#parameter-store-advanced-parameters-enabling
// [PromoteResourceShareCreatedFromPolicy]: https://docs.aws.amazon.com/ram/latest/APIReference/API_PromoteResourceShareCreatedFromPolicy.html
// [KMS concepts]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html
// [DescribeParameters]: https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html
PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)
// Defines the default patch baseline for the relevant operating system.
//
// To reset the Amazon Web Services-predefined patch baseline as the default,
// specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID
// value. For example, for CentOS, specify
// arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of
// pb-0574b43a65ea646ed .
RegisterDefaultPatchBaseline(ctx context.Context, params *RegisterDefaultPatchBaselineInput, optFns ...func(*Options)) (*RegisterDefaultPatchBaselineOutput, error)
// Registers a patch baseline for a patch group.
RegisterPatchBaselineForPatchGroup(ctx context.Context, params *RegisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*RegisterPatchBaselineForPatchGroupOutput, error)
// Registers a target with a maintenance window.
RegisterTargetWithMaintenanceWindow(ctx context.Context, params *RegisterTargetWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTargetWithMaintenanceWindowOutput, error)
// Adds a new task to a maintenance window.
RegisterTaskWithMaintenanceWindow(ctx context.Context, params *RegisterTaskWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTaskWithMaintenanceWindowOutput, error)
// Removes tag keys from the specified resource.
RemoveTagsFromResource(ctx context.Context, params *RemoveTagsFromResourceInput, optFns ...func(*Options)) (*RemoveTagsFromResourceOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of "false". This means the user can't use
// this feature unless they change the setting to "true" and intentionally opt in
// for a paid feature.
//
// Services map a SettingId object to a setting value. Amazon Web Services
// services teams define the default value for a SettingId . You can't create a new
// SettingId , but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to
// view the current value. Use the UpdateServiceSettingAPI operation to change the default setting.
//
// Reset the service setting for the account to the default value as provisioned
// by the Amazon Web Services service team.
ResetServiceSetting(ctx context.Context, params *ResetServiceSettingInput, optFns ...func(*Options)) (*ResetServiceSettingOutput, error)
// Reconnects a session to a managed node after it has been disconnected.
// Connections can be resumed for disconnected sessions, but not terminated
// sessions.
//
// This command is primarily for use by client machines to automatically reconnect
// during intermittent network issues. It isn't intended for any other use.
ResumeSession(ctx context.Context, params *ResumeSessionInput, optFns ...func(*Options)) (*ResumeSessionOutput, error)
// Sends a signal to an Automation execution to change the current behavior or
// status of the execution.
SendAutomationSignal(ctx context.Context, params *SendAutomationSignalInput, optFns ...func(*Options)) (*SendAutomationSignalOutput, error)
// Runs commands on one or more managed nodes.
SendCommand(ctx context.Context, params *SendCommandInput, optFns ...func(*Options)) (*SendCommandOutput, error)
// Runs an association immediately and only one time. This operation can be
// helpful when troubleshooting associations.
StartAssociationsOnce(ctx context.Context, params *StartAssociationsOnceInput, optFns ...func(*Options)) (*StartAssociationsOnceOutput, error)
// Initiates execution of an Automation runbook.
StartAutomationExecution(ctx context.Context, params *StartAutomationExecutionInput, optFns ...func(*Options)) (*StartAutomationExecutionOutput, error)
// Creates a change request for Change Manager. The Automation runbooks specified
// in the change request run only after all required approvals for the change
// request have been received.
StartChangeRequestExecution(ctx context.Context, params *StartChangeRequestExecutionInput, optFns ...func(*Options)) (*StartChangeRequestExecutionOutput, error)
// Initiates the process of creating a preview showing the effects that running a
// specified Automation runbook would have on the targeted resources.
StartExecutionPreview(ctx context.Context, params *StartExecutionPreviewInput, optFns ...func(*Options)) (*StartExecutionPreviewOutput, error)
// Initiates a connection to a target (for example, a managed node) for a Session
// Manager session. Returns a URL and token that can be used to open a WebSocket
// connection for sending input and receiving outputs.
//
// Amazon Web Services CLI usage: start-session is an interactive command that
// requires the Session Manager plugin to be installed on the client machine making
// the call. For information, see [Install the Session Manager plugin for the Amazon Web Services CLI]in the Amazon Web Services Systems Manager User
// Guide.
//
// Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't
// currently supported by Amazon Web Services Tools for PowerShell on Windows local
// machines.
//
// [Install the Session Manager plugin for the Amazon Web Services CLI]: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html
StartSession(ctx context.Context, params *StartSessionInput, optFns ...func(*Options)) (*StartSessionOutput, error)
// Stop an Automation that is currently running.
StopAutomationExecution(ctx context.Context, params *StopAutomationExecutionInput, optFns ...func(*Options)) (*StopAutomationExecutionOutput, error)
// Permanently ends a session and closes the data connection between the Session
// Manager client and SSM Agent on the managed node. A terminated session can't be
// resumed.
TerminateSession(ctx context.Context, params *TerminateSessionInput, optFns ...func(*Options)) (*TerminateSessionOutput, error)
// Remove a label or labels from a parameter.
UnlabelParameterVersion(ctx context.Context, params *UnlabelParameterVersionInput, optFns ...func(*Options)) (*UnlabelParameterVersionOutput, error)
// Updates an association. You can update the association name and version, the
// document version, schedule, parameters, and Amazon Simple Storage Service
// (Amazon S3) output. When you call UpdateAssociation , the system removes all
// optional parameters from the request and overwrites the association with null
// values for those parameters. This is by design. You must specify all optional
// parameters in the call, even if you are not changing the parameters. This
// includes the Name parameter. Before calling this API action, we recommend that
// you call the DescribeAssociationAPI operation and make a note of all optional parameters required
// for your UpdateAssociation call.
//
// In order to call this API operation, a user, group, or role must be granted
// permission to call the DescribeAssociationAPI operation. If you don't have permission to call
// DescribeAssociation , then you receive the following error: An error occurred
// (AccessDeniedException) when calling the UpdateAssociation operation: User:
// isn't authorized to perform: ssm:DescribeAssociation on resource:
//
// When you update an association, the association immediately runs against the
// specified targets. You can add the ApplyOnlyAtCronInterval parameter to run the
// association during the next schedule run.
UpdateAssociation(ctx context.Context, params *UpdateAssociationInput, optFns ...func(*Options)) (*UpdateAssociationOutput, error)
// Updates the status of the Amazon Web Services Systems Manager document (SSM
// document) associated with the specified managed node.
//
// UpdateAssociationStatus is primarily used by the Amazon Web Services Systems
// Manager Agent (SSM Agent) to report status updates about your associations and
// is only used for associations created with the InstanceId legacy parameter.
UpdateAssociationStatus(ctx context.Context, params *UpdateAssociationStatusInput, optFns ...func(*Options)) (*UpdateAssociationStatusOutput, error)
// Updates one or more values for an SSM document.
UpdateDocument(ctx context.Context, params *UpdateDocumentInput, optFns ...func(*Options)) (*UpdateDocumentOutput, error)
// Set the default version of a document.
//
// If you change a document version for a State Manager association, Systems
// Manager immediately runs the association unless you previously specifed the
// apply-only-at-cron-interval parameter.
UpdateDocumentDefaultVersion(ctx context.Context, params *UpdateDocumentDefaultVersionInput, optFns ...func(*Options)) (*UpdateDocumentDefaultVersionOutput, error)
// Updates information related to approval reviews for a specific version of a
// change template in Change Manager.
UpdateDocumentMetadata(ctx context.Context, params *UpdateDocumentMetadataInput, optFns ...func(*Options)) (*UpdateDocumentMetadataOutput, error)
// Updates an existing maintenance window. Only specified parameters are modified.
//
// The value you specify for Duration determines the specific end time for the
// maintenance window based on the time it begins. No maintenance window tasks are
// permitted to start after the resulting endtime minus the number of hours you
// specify for Cutoff . For example, if the maintenance window starts at 3 PM, the
// duration is three hours, and the value you specify for Cutoff is one hour, no
// maintenance window tasks can start after 5 PM.
UpdateMaintenanceWindow(ctx context.Context, params *UpdateMaintenanceWindowInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowOutput, error)
// Modifies the target of an existing maintenance window. You can change the
// following:
//
// - Name
//
// - Description
//
// - Owner
//
// - IDs for an ID target
//
// - Tags for a Tag target
//
// - From any supported tag type to another. The three supported tag types are
// ID target, Tag target, and resource group. For more information, see Target.
//
// If a parameter is null, then the corresponding field isn't modified.
UpdateMaintenanceWindowTarget(ctx context.Context, params *UpdateMaintenanceWindowTargetInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTargetOutput, error)
// Modifies a task assigned to a maintenance window. You can't change the task
// type, but you can change the following values:
//
// - TaskARN . For example, you can change a RUN_COMMAND task from
// AWS-RunPowerShellScript to AWS-RunShellScript .
//
// - ServiceRoleArn
//
// - TaskInvocationParameters
//
// - Priority
//
// - MaxConcurrency
//
// - MaxErrors
//
// One or more targets must be specified for maintenance window Run Command-type
// tasks. Depending on the task, targets are optional for other maintenance window
// task types (Automation, Lambda, and Step Functions). For more information about
// running tasks that don't specify targets, see [Registering maintenance window tasks without targets]in the Amazon Web Services
// Systems Manager User Guide.
//
// If the value for a parameter in UpdateMaintenanceWindowTask is null, then the
// corresponding field isn't modified. If you set Replace to true, then all fields
// required by the RegisterTaskWithMaintenanceWindowoperation are required for this request. Optional fields that
// aren't specified are set to null.
//
// When you update a maintenance window task that has options specified in
// TaskInvocationParameters , you must provide again all the
// TaskInvocationParameters values that you want to retain. The values you don't
// specify again are removed. For example, suppose that when you registered a Run
// Command task, you specified TaskInvocationParameters values for Comment ,
// NotificationConfig , and OutputS3BucketName . If you update the maintenance
// window task and specify only a different OutputS3BucketName value, the values
// for Comment and NotificationConfig are removed.
//
// [Registering maintenance window tasks without targets]: https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html
UpdateMaintenanceWindowTask(ctx context.Context, params *UpdateMaintenanceWindowTaskInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTaskOutput, error)
// Changes the Identity and Access Management (IAM) role that is assigned to the
// on-premises server, edge device, or virtual machines (VM). IAM roles are first
// assigned to these hybrid nodes during the activation process. For more
// information, see CreateActivation.
UpdateManagedInstanceRole(ctx context.Context, params *UpdateManagedInstanceRoleInput, optFns ...func(*Options)) (*UpdateManagedInstanceRoleOutput, error)
// Edit or change an OpsItem. You must have permission in Identity and Access
// Management (IAM) to update an OpsItem. For more information, see [Set up OpsCenter]in the Amazon
// Web Services Systems Manager User Guide.
//
// Operations engineers and IT professionals use Amazon Web Services Systems
// Manager OpsCenter to view, investigate, and remediate operational issues
// impacting the performance and health of their Amazon Web Services resources. For
// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
UpdateOpsItem(ctx context.Context, params *UpdateOpsItemInput, optFns ...func(*Options)) (*UpdateOpsItemOutput, error)
// Amazon Web Services Systems Manager calls this API operation when you edit
// OpsMetadata in Application Manager.
UpdateOpsMetadata(ctx context.Context, params *UpdateOpsMetadataInput, optFns ...func(*Options)) (*UpdateOpsMetadataOutput, error)
// Modifies an existing patch baseline. Fields not specified in the request are
// left unchanged.
//
// For information about valid key-value pairs in PatchFilters for each supported
// operating system type, see PatchFilter.
UpdatePatchBaseline(ctx context.Context, params *UpdatePatchBaselineInput, optFns ...func(*Options)) (*UpdatePatchBaselineOutput, error)
// Update a resource data sync. After you create a resource data sync for a
// Region, you can't change the account options for that sync. For example, if you
// create a sync in the us-east-2 (Ohio) Region and you choose the Include only
// the current account option, you can't edit that sync later and choose the
// Include all accounts from my Organizations configuration option. Instead, you
// must delete the first resource data sync, and create a new one.
//
// This API operation only supports a resource data sync that was created with a
// SyncFromSource SyncType .
UpdateResourceDataSync(ctx context.Context, params *UpdateResourceDataSyncInput, optFns ...func(*Options)) (*UpdateResourceDataSyncOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of "false". This means the user can't use
// this feature unless they change the setting to "true" and intentionally opt in
// for a paid feature.
//
// Services map a SettingId object to a setting value. Amazon Web Services
// services teams define the default value for a SettingId . You can't create a new
// SettingId , but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to
// view the current value. Or, use the ResetServiceSettingto change the value back to the original
// value defined by the Amazon Web Services service team.
//
// Update the service setting for the account.
UpdateServiceSetting(ctx context.Context, params *UpdateServiceSettingInput, optFns ...func(*Options)) (*UpdateServiceSettingOutput, error)
}
SSM provides an interface to the AWS SSM service.
type STS ¶
type STS interface {
// GetCallerIdentity returns details about the IAM user or role whose credentials are used to call
// the operation. No permissions are required to perform this operation. If an
// administrator attaches a policy to your identity that explicitly denies access
// to the sts:GetCallerIdentity action, you can still perform this operation.
// Permissions are not required because the same information is returned when
// access is denied. To view an example response, see I Am Not Authorized to
// Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
// in the IAM User Guide.
GetCallerIdentity(ctx context.Context, params *sts.GetCallerIdentityInput, optFns ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
}
STS provides an interface to the AWS STS service.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.