Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CloudFormation ¶
type CloudFormation interface {
// Activates a public third-party extension, making it available for use in stack
// templates. For more information, see Using public extensions
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html)
// in the CloudFormation User Guide. Once you have activated a public third-party
// extension in your account and region, use SetTypeConfiguration to specify
// configuration properties for the extension. For more information, see
// Configuring extensions at the account level
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
// in the CloudFormation User Guide.
ActivateType(ctx context.Context, params *ActivateTypeInput, optFns ...func(*Options)) (*ActivateTypeOutput, error)
// Returns configuration data for the specified CloudFormation extensions, from the
// CloudFormation registry for the account and region. For more information, see
// Configuring extensions at the account level
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
// in the CloudFormation User Guide.
BatchDescribeTypeConfigurations(ctx context.Context, params *BatchDescribeTypeConfigurationsInput, optFns ...func(*Options)) (*BatchDescribeTypeConfigurationsOutput, error)
// Cancels an update on the specified stack. If the call completes successfully,
// the stack rolls back the update and reverts to the previous stack configuration.
// You can cancel only stacks that are in the UPDATE_IN_PROGRESS state.
CancelUpdateStack(ctx context.Context, params *CancelUpdateStackInput, optFns ...func(*Options)) (*CancelUpdateStackOutput, error)
// For a specified stack that's in the UPDATE_ROLLBACK_FAILED state, continues
// rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause of
// the failure, you can manually fix the error
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed)
// and continue the rollback. By continuing the rollback, you can return your stack
// to a working state (the UPDATE_ROLLBACK_COMPLETE state), and then try to update
// the stack again. A stack goes into the UPDATE_ROLLBACK_FAILED state when
// CloudFormation can't roll back all changes after a failed stack update. For
// example, you might have a stack that's rolling back to an old database instance
// that was deleted outside of CloudFormation. Because CloudFormation doesn't know
// the database was deleted, it assumes that the database instance still exists and
// attempts to roll back to it, causing the update rollback to fail.
ContinueUpdateRollback(ctx context.Context, params *ContinueUpdateRollbackInput, optFns ...func(*Options)) (*ContinueUpdateRollbackOutput, error)
// Creates a list of changes that will be applied to a stack so that you can review
// the changes before executing them. You can create a change set for a stack that
// doesn't exist or an existing stack. If you create a change set for a stack that
// doesn't exist, the change set shows all of the resources that CloudFormation
// will create. If you create a change set for an existing stack, CloudFormation
// compares the stack's information with the information that you submit in the
// change set and lists the differences. Use change sets to understand which
// resources CloudFormation will create or change, and how it will change resources
// in an existing stack, before you create or update a stack. To create a change
// set for a stack that doesn't exist, for the ChangeSetType parameter, specify
// CREATE. To create a change set for an existing stack, specify UPDATE for the
// ChangeSetType parameter. To create a change set for an import operation, specify
// IMPORT for the ChangeSetType parameter. After the CreateChangeSet call
// successfully completes, CloudFormation starts creating the change set. To check
// the status of the change set or to review it, use the DescribeChangeSet action.
// When you are satisfied with the changes the change set will make, execute the
// change set by using the ExecuteChangeSet action. CloudFormation doesn't make
// changes until you execute the change set. To create a change set for the entire
// stack hierarchy, set IncludeNestedStacks to True.
CreateChangeSet(ctx context.Context, params *CreateChangeSetInput, optFns ...func(*Options)) (*CreateChangeSetOutput, error)
// Creates a stack as specified in the template. After the call completes
// successfully, the stack creation starts. You can check the status of the stack
// through the DescribeStacksoperation.
CreateStack(ctx context.Context, params *CreateStackInput, optFns ...func(*Options)) (*CreateStackOutput, error)
// Creates stack instances for the specified accounts, within the specified Amazon
// Web Services Regions. A stack instance refers to a stack in a specific account
// and Region. You must specify at least one value for either Accounts or
// DeploymentTargets, and you must specify at least one value for Regions.
CreateStackInstances(ctx context.Context, params *CreateStackInstancesInput, optFns ...func(*Options)) (*CreateStackInstancesOutput, error)
// Creates a stack set.
CreateStackSet(ctx context.Context, params *CreateStackSetInput, optFns ...func(*Options)) (*CreateStackSetOutput, error)
// Deactivates a public extension that was previously activated in this account and
// region. Once deactivated, an extension can't be used in any CloudFormation
// operation. This includes stack update operations where the stack template
// includes the extension, even if no updates are being made to the extension. In
// addition, deactivated extensions aren't automatically updated if a new version
// of the extension is released.
DeactivateType(ctx context.Context, params *DeactivateTypeInput, optFns ...func(*Options)) (*DeactivateTypeOutput, error)
// Deletes the specified change set. Deleting change sets ensures that no one
// executes the wrong change set. If the call successfully completes,
// CloudFormation successfully deleted the change set. If IncludeNestedStacks
// specifies True during the creation of the nested change set, then
// DeleteChangeSet will delete all change sets that belong to the stacks hierarchy
// and will also delete all change sets for nested stacks with the status of
// REVIEW_IN_PROGRESS.
DeleteChangeSet(ctx context.Context, params *DeleteChangeSetInput, optFns ...func(*Options)) (*DeleteChangeSetOutput, error)
// Deletes a specified stack. Once the call completes successfully, stack deletion
// starts. Deleted stacks don't show up in the DescribeStacks operation if the
// deletion has been completed successfully.
DeleteStack(ctx context.Context, params *DeleteStackInput, optFns ...func(*Options)) (*DeleteStackOutput, error)
// Deletes stack instances for the specified accounts, in the specified Amazon Web
// Services Regions.
DeleteStackInstances(ctx context.Context, params *DeleteStackInstancesInput, optFns ...func(*Options)) (*DeleteStackInstancesOutput, error)
// Deletes a stack set. Before you can delete a stack set, all of its member stack
// instances must be deleted. For more information about how to do this, see
// DeleteStackInstances.
DeleteStackSet(ctx context.Context, params *DeleteStackSetInput, optFns ...func(*Options)) (*DeleteStackSetOutput, error)
// Marks an extension or extension version as DEPRECATED in the CloudFormation
// registry, removing it from active use. Deprecated extensions or extension
// versions cannot be used in CloudFormation operations. To deregister an entire
// extension, you must individually deregister all active versions of that
// extension. If an extension has only a single active version, deregistering that
// version results in the extension itself being deregistered and marked as
// deprecated in the registry. You can't deregister the default version of an
// extension if there are other active version of that extension. If you do
// deregister the default version of an extension, the extension type itself is
// deregistered as well and marked as deprecated. To view the deprecation status of
// an extension or extension version, use DescribeType
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html).
DeregisterType(ctx context.Context, params *DeregisterTypeInput, optFns ...func(*Options)) (*DeregisterTypeOutput, error)
// Retrieves your account's CloudFormation limits, such as the maximum number of
// stacks that you can create in your account. For more information about account
// limits, see CloudFormation Quotas
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html)
// in the CloudFormation User Guide.
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Returns the inputs for the change set and a list of changes that CloudFormation
// will make if you execute the change set. For more information, see Updating
// Stacks Using Change Sets
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html)
// in the CloudFormation User Guide.
DescribeChangeSet(ctx context.Context, params *DescribeChangeSetInput, optFns ...func(*Options)) (*DescribeChangeSetOutput, error)
// Returns hook-related information for the change set and a list of changes that
// CloudFormation makes when you run the change set.
DescribeChangeSetHooks(ctx context.Context, params *DescribeChangeSetHooksInput, optFns ...func(*Options)) (*DescribeChangeSetHooksOutput, error)
// Returns information about a CloudFormation extension publisher. If you don't
// supply a PublisherId, and you have registered as an extension publisher,
// DescribePublisher returns information about your own publisher account. For more
// information on registering as a publisher, see:
//
// * RegisterPublisher
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html)
//
// *
// Publishing extensions to make them available for public use
// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html)
// in the CloudFormation CLI User Guide
DescribePublisher(ctx context.Context, params *DescribePublisherInput, optFns ...func(*Options)) (*DescribePublisherOutput, error)
// Returns information about a stack drift detection operation. A stack drift
// detection operation detects whether a stack's actual configuration differs, or
// has drifted, from it's expected configuration, as defined in the stack template
// and any values specified as template parameters. A stack is considered to have
// drifted if one or more of its resources have drifted. For more information on
// stack and resource drift, see Detecting Unregulated Configuration Changes to
// Stacks and Resources
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html).
// Use DetectStackDrift to initiate a stack drift detection operation.
// DetectStackDrift returns a StackDriftDetectionId you can use to monitor the
// progress of the operation using DescribeStackDriftDetectionStatus. Once the
// drift detection operation has completed, use DescribeStackResourceDrifts to
// return drift information about the stack and its resources.
DescribeStackDriftDetectionStatus(ctx context.Context, params *DescribeStackDriftDetectionStatusInput, optFns ...func(*Options)) (*DescribeStackDriftDetectionStatusOutput, error)
// Returns all stack related events for a specified stack in reverse chronological
// order. For more information about a stack's event history, go to Stacks
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/concept-stack.html)
// in the CloudFormation User Guide. You can list events for stacks that have
// failed to create or have been deleted by specifying the unique stack identifier
// (stack ID).
DescribeStackEvents(ctx context.Context, params *DescribeStackEventsInput, optFns ...func(*Options)) (*DescribeStackEventsOutput, error)
// Returns the stack instance that's associated with the specified stack set,
// Amazon Web Services account, and Region. For a list of stack instances that are
// associated with a specific stack set, use ListStackInstances.
DescribeStackInstance(ctx context.Context, params *DescribeStackInstanceInput, optFns ...func(*Options)) (*DescribeStackInstanceOutput, error)
// Returns a description of the specified resource in the specified stack. For
// deleted stacks, DescribeStackResource returns resource information for up to 90
// days after the stack has been deleted.
DescribeStackResource(ctx context.Context, params *DescribeStackResourceInput, optFns ...func(*Options)) (*DescribeStackResourceOutput, error)
// Returns drift information for the resources that have been checked for drift in
// the specified stack. This includes actual and expected configuration values for
// resources where CloudFormation detects configuration drift. For a given stack,
// there will be one StackResourceDrift for each stack resource that has been
// checked for drift. Resources that haven't yet been checked for drift aren't
// included. Resources that don't currently support drift detection aren't checked,
// and so not included. For a list of resources that support drift detection, see
// Resources that Support Drift Detection
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html).
// Use DetectStackResourceDrift to detect drift on individual resources, or
// DetectStackDrift to detect drift on all supported resources for a given stack.
DescribeStackResourceDrifts(ctx context.Context, params *DescribeStackResourceDriftsInput, optFns ...func(*Options)) (*DescribeStackResourceDriftsOutput, error)
// Returns Amazon Web Services resource descriptions for running and deleted
// stacks. If StackName is specified, all the associated resources that are part of
// the stack are returned. If PhysicalResourceId is specified, the associated
// resources of the stack that the resource belongs to are returned. Only the first
// 100 resources will be returned. If your stack has more resources than this, you
// should use ListStackResources instead. For deleted stacks,
// DescribeStackResources returns resource information for up to 90 days after the
// stack has been deleted. You must specify either StackName or PhysicalResourceId,
// but not both. In addition, you can specify LogicalResourceId to filter the
// returned result. For more information about resources, the LogicalResourceId and
// PhysicalResourceId, go to the CloudFormation User Guide
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/). A
// ValidationError is returned if you specify both StackName and PhysicalResourceId
// in the same request.
DescribeStackResources(ctx context.Context, params *DescribeStackResourcesInput, optFns ...func(*Options)) (*DescribeStackResourcesOutput, error)
// Returns the description of the specified stack set.
DescribeStackSet(ctx context.Context, params *DescribeStackSetInput, optFns ...func(*Options)) (*DescribeStackSetOutput, error)
// Returns the description of the specified stack set operation.
DescribeStackSetOperation(ctx context.Context, params *DescribeStackSetOperationInput, optFns ...func(*Options)) (*DescribeStackSetOperationOutput, error)
// Returns the description for the specified stack; if no stack name was specified,
// then it returns the description for all the stacks created. If the stack doesn't
// exist, an ValidationError is returned.
DescribeStacks(ctx context.Context, params *DescribeStacksInput, optFns ...func(*Options)) (*DescribeStacksOutput, error)
// Returns detailed information about an extension that has been registered. If you
// specify a VersionId, DescribeType returns information about that specific
// extension version. Otherwise, it returns information about the default extension
// version.
DescribeType(ctx context.Context, params *DescribeTypeInput, optFns ...func(*Options)) (*DescribeTypeOutput, error)
// Returns information about an extension's registration, including its current
// status and type and version identifiers. When you initiate a registration
// request using RegisterType, you can then use DescribeTypeRegistration to monitor
// the progress of that registration request. Once the registration request has
// completed, use DescribeType to return detailed information about an extension.
DescribeTypeRegistration(ctx context.Context, params *DescribeTypeRegistrationInput, optFns ...func(*Options)) (*DescribeTypeRegistrationOutput, error)
// Detects whether a stack's actual configuration differs, or has drifted, from
// it's expected configuration, as defined in the stack template and any values
// specified as template parameters. For each resource in the stack that supports
// drift detection, CloudFormation compares the actual configuration of the
// resource with its expected template configuration. Only resource properties
// explicitly defined in the stack template are checked for drift. A stack is
// considered to have drifted if one or more of its resources differ from their
// expected template configurations. For more information, see Detecting
// Unregulated Configuration Changes to Stacks and Resources
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html).
// Use DetectStackDrift to detect drift on all supported resources for a given
// stack, or DetectStackResourceDrift to detect drift on individual resources. For
// a list of stack resources that currently support drift detection, see Resources
// that Support Drift Detection
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html).
// DetectStackDrift can take up to several minutes, depending on the number of
// resources contained within the stack. Use DescribeStackDriftDetectionStatus to
// monitor the progress of a detect stack drift operation. Once the drift detection
// operation has completed, use DescribeStackResourceDrifts to return drift
// information about the stack and its resources. When detecting drift on a stack,
// CloudFormation doesn't detect drift on any nested stacks belonging to that
// stack. Perform DetectStackDrift directly on the nested stack itself.
DetectStackDrift(ctx context.Context, params *DetectStackDriftInput, optFns ...func(*Options)) (*DetectStackDriftOutput, error)
// Returns information about whether a resource's actual configuration differs, or
// has drifted, from it's expected configuration, as defined in the stack template
// and any values specified as template parameters. This information includes
// actual and expected property values for resources in which CloudFormation
// detects drift. Only resource properties explicitly defined in the stack template
// are checked for drift. For more information about stack and resource drift, see
// Detecting Unregulated Configuration Changes to Stacks and Resources
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html).
// Use DetectStackResourceDrift to detect drift on individual resources, or
// DetectStackDrift to detect drift on all resources in a given stack that support
// drift detection. Resources that don't currently support drift detection can't be
// checked. For a list of resources that support drift detection, see Resources
// that Support Drift Detection
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html).
DetectStackResourceDrift(ctx context.Context, params *DetectStackResourceDriftInput, optFns ...func(*Options)) (*DetectStackResourceDriftOutput, error)
// Detect drift on a stack set. When CloudFormation performs drift detection on a
// stack set, it performs drift detection on the stack associated with each stack
// instance in the stack set. For more information, see How CloudFormation performs
// drift detection on a stack set
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html).
// DetectStackSetDrift returns the OperationId of the stack set drift detection
// operation. Use this operation id with DescribeStackSetOperation to monitor the
// progress of the drift detection operation. The drift detection operation may
// take some time, depending on the number of stack instances included in the stack
// set, in addition to the number of resources included in each stack. Once the
// operation has completed, use the following actions to return drift
// information:
//
// * Use DescribeStackSet to return detailed information about the
// stack set, including detailed information about the last completed drift
// operation performed on the stack set. (Information about drift operations that
// are in progress isn't included.)
//
// * Use ListStackInstances to return a list of
// stack instances belonging to the stack set, including the drift status and last
// drift time checked of each instance.
//
// * Use DescribeStackInstance to return
// detailed information about a specific stack instance, including its drift status
// and last drift time checked.
//
// For more information on performing a drift
// detection operation on a stack set, see Detecting unmanaged changes in stack
// sets
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html).
// You can only run a single drift detection operation on a given stack set at one
// time. To stop a drift detection stack set operation, use StopStackSetOperation.
DetectStackSetDrift(ctx context.Context, params *DetectStackSetDriftInput, optFns ...func(*Options)) (*DetectStackSetDriftOutput, error)
// Returns the estimated monthly cost of a template. The return value is an Amazon
// Web Services Simple Monthly Calculator URL with a query string that describes
// the resources required to run the template.
EstimateTemplateCost(ctx context.Context, params *EstimateTemplateCostInput, optFns ...func(*Options)) (*EstimateTemplateCostOutput, error)
// Updates a stack using the input information that was provided when the specified
// change set was created. After the call successfully completes, CloudFormation
// starts updating the stack. Use the DescribeStacks action to view the status of
// the update. When you execute a change set, CloudFormation deletes all other
// change sets associated with the stack because they aren't valid for the updated
// stack. If a stack policy is associated with the stack, CloudFormation enforces
// the policy during the update. You can't specify a temporary stack policy that
// overrides the current policy. To create a change set for the entire stack
// hierarchy, IncludeNestedStacks must have been set to True.
ExecuteChangeSet(ctx context.Context, params *ExecuteChangeSetInput, optFns ...func(*Options)) (*ExecuteChangeSetOutput, error)
// Returns the stack policy for a specified stack. If a stack doesn't have a
// policy, a null value is returned.
GetStackPolicy(ctx context.Context, params *GetStackPolicyInput, optFns ...func(*Options)) (*GetStackPolicyOutput, error)
// Returns the template body for a specified stack. You can get the template for
// running or deleted stacks. For deleted stacks, GetTemplate returns the template
// for up to 90 days after the stack has been deleted. If the template doesn't
// exist, a ValidationError is returned.
GetTemplate(ctx context.Context, params *GetTemplateInput, optFns ...func(*Options)) (*GetTemplateOutput, error)
// Returns information about a new or existing template. The GetTemplateSummary
// action is useful for viewing parameter information, such as default parameter
// values and parameter types, before you create or update a stack or stack set.
// You can use the GetTemplateSummary action when you submit a template, or you can
// get template information for a stack set, or a running or deleted stack. For
// deleted stacks, GetTemplateSummary returns the template information for up to 90
// days after the stack has been deleted. If the template doesn't exist, a
// ValidationError is returned.
GetTemplateSummary(ctx context.Context, params *GetTemplateSummaryInput, optFns ...func(*Options)) (*GetTemplateSummaryOutput, error)
// Import existing stacks into a new stack sets. Use the stack import operation to
// import up to 10 stacks into a new stack set in the same account as the source
// stack or in a different administrator account and Region, by specifying the
// stack ID of the stack you intend to import. ImportStacksToStackSet is only
// supported by self-managed permissions.
ImportStacksToStackSet(ctx context.Context, params *ImportStacksToStackSetInput, optFns ...func(*Options)) (*ImportStacksToStackSetOutput, error)
// Returns the ID and status of each active change set for a stack. For example,
// CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or
// CREATE_PENDING state.
ListChangeSets(ctx context.Context, params *ListChangeSetsInput, optFns ...func(*Options)) (*ListChangeSetsOutput, error)
// Lists all exported output values in the account and Region in which you call
// this action. Use this action to see the exported output values that you can
// import into other stacks. To import values, use the Fn::ImportValue
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)
// function. For more information, see CloudFormation export stack output values
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html).
ListExports(ctx context.Context, params *ListExportsInput, optFns ...func(*Options)) (*ListExportsOutput, error)
// Lists all stacks that are importing an exported output value. To modify or
// remove an exported output value, first use this action to see which stacks are
// using it. To see the exported output values in your account, see ListExports.
// For more information about importing an exported output value, see the
// Fn::ImportValue
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)
// function.
ListImports(ctx context.Context, params *ListImportsInput, optFns ...func(*Options)) (*ListImportsOutput, error)
// Returns summary information about stack instances that are associated with the
// specified stack set. You can filter for stack instances that are associated with
// a specific Amazon Web Services account name or Region, or that have a specific
// status.
ListStackInstances(ctx context.Context, params *ListStackInstancesInput, optFns ...func(*Options)) (*ListStackInstancesOutput, error)
// Returns descriptions of all resources of the specified stack. For deleted
// stacks, ListStackResources returns resource information for up to 90 days after
// the stack has been deleted.
ListStackResources(ctx context.Context, params *ListStackResourcesInput, optFns ...func(*Options)) (*ListStackResourcesOutput, error)
// Returns summary information about the results of a stack set operation.
ListStackSetOperationResults(ctx context.Context, params *ListStackSetOperationResultsInput, optFns ...func(*Options)) (*ListStackSetOperationResultsOutput, error)
// Returns summary information about operations performed on a stack set.
ListStackSetOperations(ctx context.Context, params *ListStackSetOperationsInput, optFns ...func(*Options)) (*ListStackSetOperationsOutput, error)
// Returns summary information about stack sets that are associated with the
// user.
//
// * [Self-managed permissions] If you set the CallAs parameter to SELF
// while signed in to your Amazon Web Services account, ListStackSets returns all
// self-managed stack sets in your Amazon Web Services account.
//
// * [Service-managed
// permissions] If you set the CallAs parameter to SELF while signed in to the
// organization's management account, ListStackSets returns all stack sets in the
// management account.
//
// * [Service-managed permissions] If you set the CallAs
// parameter to DELEGATED_ADMIN while signed in to your member account,
// ListStackSets returns all stack sets with service-managed permissions in the
// management account.
ListStackSets(ctx context.Context, params *ListStackSetsInput, optFns ...func(*Options)) (*ListStackSetsOutput, error)
// Returns the summary information for stacks whose status matches the specified
// StackStatusFilter. Summary information for stacks that have been deleted is kept
// for 90 days after the stack is deleted. If no StackStatusFilter is specified,
// summary information for all stacks is returned (including existing stacks and
// stacks that have been deleted).
ListStacks(ctx context.Context, params *ListStacksInput, optFns ...func(*Options)) (*ListStacksOutput, error)
// Returns a list of registration tokens for the specified extension(s).
ListTypeRegistrations(ctx context.Context, params *ListTypeRegistrationsInput, optFns ...func(*Options)) (*ListTypeRegistrationsOutput, error)
// Returns summary information about the versions of an extension.
ListTypeVersions(ctx context.Context, params *ListTypeVersionsInput, optFns ...func(*Options)) (*ListTypeVersionsOutput, error)
// Returns summary information about extension that have been registered with
// CloudFormation.
ListTypes(ctx context.Context, params *ListTypesInput, optFns ...func(*Options)) (*ListTypesOutput, error)
// Publishes the specified extension to the CloudFormation registry as a public
// extension in this region. Public extensions are available for use by all
// CloudFormation users. For more information on publishing extensions, see
// Publishing extensions to make them available for public use
// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html)
// in the CloudFormation CLI User Guide. To publish an extension, you must be
// registered as a publisher with CloudFormation. For more information, see
// RegisterPublisher
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html).
PublishType(ctx context.Context, params *PublishTypeInput, optFns ...func(*Options)) (*PublishTypeOutput, error)
// Reports progress of a resource handler to CloudFormation. Reserved for use by
// the CloudFormation CLI
// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html).
// Don't use this API in your code.
RecordHandlerProgress(ctx context.Context, params *RecordHandlerProgressInput, optFns ...func(*Options)) (*RecordHandlerProgressOutput, error)
// Registers your account as a publisher of public extensions in the CloudFormation
// registry. Public extensions are available for use by all CloudFormation users.
// This publisher ID applies to your account in all Amazon Web Services Regions.
// For information on requirements for registering as a public extension publisher,
// see Registering your account to publish CloudFormation extensions
// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs)
// in the CloudFormation CLI User Guide.
RegisterPublisher(ctx context.Context, params *RegisterPublisherInput, optFns ...func(*Options)) (*RegisterPublisherOutput, error)
// Registers an extension with the CloudFormation service. Registering an extension
// makes it available for use in CloudFormation templates in your Amazon Web
// Services account, and includes:
//
// * Validating the extension schema.
//
// *
// Determining which handlers, if any, have been specified for the extension.
//
// *
// Making the extension available for use in your account.
//
// For more information on
// how to develop extensions and ready them for registration, see Creating Resource
// Providers
// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html)
// in the CloudFormation CLI User Guide. You can have a maximum of 50 resource
// extension versions registered at a time. This maximum is per account and per
// region. Use DeregisterType to deregister specific extension versions if
// necessary. Once you have initiated a registration request using RegisterType,
// you can use DescribeTypeRegistration to monitor the progress of the registration
// request. Once you have registered a private extension in your account and
// region, use SetTypeConfiguration to specify configuration properties for the
// extension. For more information, see Configuring extensions at the account level
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
// in the CloudFormation User Guide.
RegisterType(ctx context.Context, params *RegisterTypeInput, optFns ...func(*Options)) (*RegisterTypeOutput, error)
// When specifying RollbackStack, you preserve the state of previously provisioned
// resources when an operation fails. You can check the status of the stack through
// the DescribeStacks operation. Rolls back the specified stack to the last known
// stable state from CREATE_FAILED or UPDATE_FAILED stack statuses. This operation
// will delete a stack if it doesn't contain a last known stable state. A last
// known stable state includes any status in a *_COMPLETE. This includes the
// following stack statuses.
//
// * CREATE_COMPLETE
//
// * UPDATE_COMPLETE
//
// *
// UPDATE_ROLLBACK_COMPLETE
//
// * IMPORT_COMPLETE
//
// * IMPORT_ROLLBACK_COMPLETE
RollbackStack(ctx context.Context, params *RollbackStackInput, optFns ...func(*Options)) (*RollbackStackOutput, error)
// Sets a stack policy for a specified stack.
SetStackPolicy(ctx context.Context, params *SetStackPolicyInput, optFns ...func(*Options)) (*SetStackPolicyOutput, error)
// Specifies the configuration data for a registered CloudFormation extension, in
// the given account and region. To view the current configuration data for an
// extension, refer to the ConfigurationSchema element of DescribeType. For more
// information, see Configuring extensions at the account level
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration)
// in the CloudFormation User Guide. It's strongly recommended that you use dynamic
// references to restrict sensitive configuration definitions, such as third-party
// credentials. For more details on dynamic references, see Using dynamic
// references to specify template values (https://docs.aws.amazon.com/) in the
// CloudFormation User Guide.
SetTypeConfiguration(ctx context.Context, params *SetTypeConfigurationInput, optFns ...func(*Options)) (*SetTypeConfigurationOutput, error)
// Specify the default version of an extension. The default version of an extension
// will be used in CloudFormation operations.
SetTypeDefaultVersion(ctx context.Context, params *SetTypeDefaultVersionInput, optFns ...func(*Options)) (*SetTypeDefaultVersionOutput, error)
// Sends a signal to the specified resource with a success or failure status. You
// can use the SignalResource operation in conjunction with a creation policy or
// update policy. CloudFormation doesn't proceed with a stack creation or update
// until resources receive the required number of signals or the timeout period is
// exceeded. The SignalResource operation is useful in cases where you want to send
// signals from anywhere other than an Amazon EC2 instance.
SignalResource(ctx context.Context, params *SignalResourceInput, optFns ...func(*Options)) (*SignalResourceOutput, error)
// Stops an in-progress operation on a stack set and its associated stack
// instances. StackSets will cancel all the unstarted stack instance deployments
// and wait for those are in-progress to complete.
StopStackSetOperation(ctx context.Context, params *StopStackSetOperationInput, optFns ...func(*Options)) (*StopStackSetOperationOutput, error)
// Tests a registered extension to make sure it meets all necessary requirements
// for being published in the CloudFormation registry.
//
// * For resource types, this
// includes passing all contracts tests defined for the type.
//
// * For modules, this
// includes determining if the module's model meets all necessary
// requirements.
//
// For more information, see Testing your public extension prior to
// publishing
// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing)
// in the CloudFormation CLI User Guide. If you don't specify a version,
// CloudFormation uses the default version of the extension in your account and
// region for testing. To perform testing, CloudFormation assumes the execution
// role specified when the type was registered. For more information, see
// RegisterType. Once you've initiated testing on an extension using TestType, you
// can use DescribeType
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html)
// to monitor the current test status and test status description for the
// extension. An extension must have a test status of PASSED before it can be
// published. For more information, see Publishing extensions to make them
// available for public use
// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html)
// in the CloudFormation CLI User Guide.
TestType(ctx context.Context, params *TestTypeInput, optFns ...func(*Options)) (*TestTypeOutput, error)
// Updates a stack as specified in the template. After the call completes
// successfully, the stack update starts. You can check the status of the stack
// through the DescribeStacks action. To get a copy of the template for an existing
// stack, you can use the GetTemplate action. For more information about creating
// an update template, updating a stack, and monitoring the progress of the update,
// see Updating a Stack
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html).
UpdateStack(ctx context.Context, params *UpdateStackInput, optFns ...func(*Options)) (*UpdateStackOutput, error)
// Updates the parameter values for stack instances for the specified accounts,
// within the specified Amazon Web Services Regions. A stack instance refers to a
// stack in a specific account and Region. You can only update stack instances in
// Amazon Web Services Regions and accounts where they already exist; to create
// additional stack instances, use CreateStackInstances
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStackInstances.html).
// During stack set updates, any parameters overridden for a stack instance aren't
// updated, but retain their overridden value. You can only update the parameter
// values that are specified in the stack set; to add or delete a parameter itself,
// use UpdateStackSet
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html)
// to update the stack set template. If you add a parameter to a template, before
// you can override the parameter value specified in the stack set you must first
// use UpdateStackSet
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html)
// to update all stack instances with the updated template and parameter value
// specified in the stack set. Once a stack instance has been updated with the new
// parameter, you can then override the parameter value using UpdateStackInstances.
UpdateStackInstances(ctx context.Context, params *UpdateStackInstancesInput, optFns ...func(*Options)) (*UpdateStackInstancesOutput, error)
// Updates the stack set, and associated stack instances in the specified accounts
// and Amazon Web Services Regions. Even if the stack set operation created by
// updating the stack set fails (completely or partially, below or above a
// specified failure tolerance), the stack set is updated with your changes.
// Subsequent CreateStackInstances calls on the specified stack set use the updated
// stack set.
UpdateStackSet(ctx context.Context, params *UpdateStackSetInput, optFns ...func(*Options)) (*UpdateStackSetOutput, error)
// Updates termination protection for the specified stack. If a user attempts to
// delete a stack with termination protection enabled, the operation fails and the
// stack remains unchanged. For more information, see Protecting a Stack From Being
// Deleted
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html)
// in the CloudFormation User Guide. For nested stacks
// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html),
// termination protection is set on the root stack and can't be changed directly on
// the nested stack.
UpdateTerminationProtection(ctx context.Context, params *UpdateTerminationProtectionInput, optFns ...func(*Options)) (*UpdateTerminationProtectionOutput, error)
// Validates a specified template. CloudFormation first checks if the template is
// valid JSON. If it isn't, CloudFormation checks if the template is valid YAML. If
// both these checks fail, CloudFormation returns a template validation error.
ValidateTemplate(ctx context.Context, params *ValidateTemplateInput, optFns ...func(*Options)) (*ValidateTemplateOutput, error)
}
CloudFormation provides an interface to the AWS CloudFormation service.
type ELB ¶ added in v0.91.0
type ELB interface {
// Adds the specified tags to the specified load balancer. Each load balancer can
// have a maximum of 10 tags. Each tag consists of a key and an optional value. If
// a tag with the same key is already associated with the load balancer, AddTags
// updates its value. For more information, see Tag Your Classic Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/add-remove-tags.html)
// in the Classic Load Balancers Guide.
AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
// Associates one or more security groups with your load balancer in a virtual
// private cloud (VPC). The specified security groups override the previously
// associated security groups. For more information, see Security Groups for Load
// Balancers in a VPC
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-security-groups)
// in the Classic Load Balancers Guide.
ApplySecurityGroupsToLoadBalancer(ctx context.Context, params *ApplySecurityGroupsToLoadBalancerInput, optFns ...func(*Options)) (*ApplySecurityGroupsToLoadBalancerOutput, error)
// Adds one or more subnets to the set of configured subnets for the specified load
// balancer. The load balancer evenly distributes requests across all registered
// subnets. For more information, see Add or Remove Subnets for Your Load Balancer
// in a VPC
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html)
// in the Classic Load Balancers Guide.
AttachLoadBalancerToSubnets(ctx context.Context, params *AttachLoadBalancerToSubnetsInput, optFns ...func(*Options)) (*AttachLoadBalancerToSubnetsOutput, error)
// Specifies the health check settings to use when evaluating the health state of
// your EC2 instances. For more information, see Configure Health Checks for Your
// Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html)
// in the Classic Load Balancers Guide.
ConfigureHealthCheck(ctx context.Context, params *ConfigureHealthCheckInput, optFns ...func(*Options)) (*ConfigureHealthCheckOutput, error)
// Generates a stickiness policy with sticky session lifetimes that follow that of
// an application-generated cookie. This policy can be associated only with
// HTTP/HTTPS listeners. This policy is similar to the policy created by
// CreateLBCookieStickinessPolicy, except that the lifetime of the special Elastic
// Load Balancing cookie, AWSELB, follows the lifetime of the application-generated
// cookie specified in the policy configuration. The load balancer only inserts a
// new stickiness cookie when the application response includes a new application
// cookie. If the application cookie is explicitly removed or expires, the session
// stops being sticky until a new application cookie is issued. For more
// information, see Application-Controlled Session Stickiness
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application)
// in the Classic Load Balancers Guide.
CreateAppCookieStickinessPolicy(ctx context.Context, params *CreateAppCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateAppCookieStickinessPolicyOutput, error)
// Generates a stickiness policy with sticky session lifetimes controlled by the
// lifetime of the browser (user-agent) or a specified expiration period. This
// policy can be associated only with HTTP/HTTPS listeners. When a load balancer
// implements this policy, the load balancer uses a special cookie to track the
// instance for each request. When the load balancer receives a request, it first
// checks to see if this cookie is present in the request. If so, the load balancer
// sends the request to the application server specified in the cookie. If not, the
// load balancer sends the request to a server that is chosen based on the existing
// load-balancing algorithm. A cookie is inserted into the response for binding
// subsequent requests from the same user to that server. The validity of the
// cookie is based on the cookie expiration time, which is specified in the policy
// configuration. For more information, see Duration-Based Session Stickiness
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration)
// in the Classic Load Balancers Guide.
CreateLBCookieStickinessPolicy(ctx context.Context, params *CreateLBCookieStickinessPolicyInput, optFns ...func(*Options)) (*CreateLBCookieStickinessPolicyOutput, error)
// Creates a Classic Load Balancer. You can add listeners, security groups,
// subnets, and tags when you create your load balancer, or you can add them later
// using CreateLoadBalancerListeners, ApplySecurityGroupsToLoadBalancer,
// AttachLoadBalancerToSubnets, and AddTags. To describe your current load
// balancers, see DescribeLoadBalancers. When you are finished with a load
// balancer, you can delete it using DeleteLoadBalancer. You can create up to 20
// load balancers per region per account. You can request an increase for the
// number of load balancers for your account. For more information, see Limits for
// Your Classic Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html)
// in the Classic Load Balancers Guide.
CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
// Creates one or more listeners for the specified load balancer. If a listener
// with the specified port does not already exist, it is created; otherwise, the
// properties of the new listener must match the properties of the existing
// listener. For more information, see Listeners for Your Classic Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html)
// in the Classic Load Balancers Guide.
CreateLoadBalancerListeners(ctx context.Context, params *CreateLoadBalancerListenersInput, optFns ...func(*Options)) (*CreateLoadBalancerListenersOutput, error)
// Creates a policy with the specified attributes for the specified load balancer.
// Policies are settings that are saved for your load balancer and that can be
// applied to the listener or the application server, depending on the policy type.
CreateLoadBalancerPolicy(ctx context.Context, params *CreateLoadBalancerPolicyInput, optFns ...func(*Options)) (*CreateLoadBalancerPolicyOutput, error)
// Deletes the specified load balancer. If you are attempting to recreate a load
// balancer, you must reconfigure all settings. The DNS name associated with a
// deleted load balancer are no longer usable. The name and associated DNS record
// of the deleted load balancer no longer exist and traffic sent to any of its IP
// addresses is no longer delivered to your instances. If the load balancer does
// not exist or has already been deleted, the call to DeleteLoadBalancer still
// succeeds.
DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
// Deletes the specified listeners from the specified load balancer.
DeleteLoadBalancerListeners(ctx context.Context, params *DeleteLoadBalancerListenersInput, optFns ...func(*Options)) (*DeleteLoadBalancerListenersOutput, error)
// Deletes the specified policy from the specified load balancer. This policy must
// not be enabled for any listeners.
DeleteLoadBalancerPolicy(ctx context.Context, params *DeleteLoadBalancerPolicyInput, optFns ...func(*Options)) (*DeleteLoadBalancerPolicyOutput, error)
// Deregisters the specified instances from the specified load balancer. After the
// instance is deregistered, it no longer receives traffic from the load balancer.
// You can use DescribeLoadBalancers to verify that the instance is deregistered
// from the load balancer. For more information, see Register or De-Register EC2
// Instances
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html)
// in the Classic Load Balancers Guide.
DeregisterInstancesFromLoadBalancer(ctx context.Context, params *DeregisterInstancesFromLoadBalancerInput, optFns ...func(*Options)) (*DeregisterInstancesFromLoadBalancerOutput, error)
// Describes the current Elastic Load Balancing resource limits for your AWS
// account. For more information, see Limits for Your Classic Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html)
// in the Classic Load Balancers Guide.
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Describes the state of the specified instances with respect to the specified
// load balancer. If no instances are specified, the call describes the state of
// all instances that are currently registered with the load balancer. If instances
// are specified, their state is returned even if they are no longer registered
// with the load balancer. The state of terminated instances is not returned.
DescribeInstanceHealth(ctx context.Context, params *DescribeInstanceHealthInput, optFns ...func(*Options)) (*DescribeInstanceHealthOutput, error)
// Describes the attributes for the specified load balancer.
DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
// Describes the specified policies. If you specify a load balancer name, the
// action returns the descriptions of all policies created for the load balancer.
// If you specify a policy name associated with your load balancer, the action
// returns the description of that policy. If you don't specify a load balancer
// name, the action returns descriptions of the specified sample policies, or
// descriptions of all sample policies. The names of the sample policies have the
// ELBSample- prefix.
DescribeLoadBalancerPolicies(ctx context.Context, params *DescribeLoadBalancerPoliciesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPoliciesOutput, error)
// Describes the specified load balancer policy types or all load balancer policy
// types. The description of each type indicates how it can be used. For example,
// some policies can be used only with layer 7 listeners, some policies can be used
// only with layer 4 listeners, and some policies can be used only with your EC2
// instances. You can use CreateLoadBalancerPolicy to create a policy configuration
// for any of these policy types. Then, depending on the policy type, use either
// SetLoadBalancerPoliciesOfListener or SetLoadBalancerPoliciesForBackendServer to
// set the policy.
DescribeLoadBalancerPolicyTypes(ctx context.Context, params *DescribeLoadBalancerPolicyTypesInput, optFns ...func(*Options)) (*DescribeLoadBalancerPolicyTypesOutput, error)
// Describes the specified the load balancers. If no load balancers are specified,
// the call describes all of your load balancers.
DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
// Describes the tags associated with the specified load balancers.
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Removes the specified subnets from the set of configured subnets for the load
// balancer. After a subnet is removed, all EC2 instances registered with the load
// balancer in the removed subnet go into the OutOfService state. Then, the load
// balancer balances the traffic among the remaining routable subnets.
DetachLoadBalancerFromSubnets(ctx context.Context, params *DetachLoadBalancerFromSubnetsInput, optFns ...func(*Options)) (*DetachLoadBalancerFromSubnetsOutput, error)
// Removes the specified Availability Zones from the set of Availability Zones for
// the specified load balancer in EC2-Classic or a default VPC. For load balancers
// in a non-default VPC, use DetachLoadBalancerFromSubnets. There must be at least
// one Availability Zone registered with a load balancer at all times. After an
// Availability Zone is removed, all instances registered with the load balancer
// that are in the removed Availability Zone go into the OutOfService state. Then,
// the load balancer attempts to equally balance the traffic among its remaining
// Availability Zones. For more information, see Add or Remove Availability Zones
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html)
// in the Classic Load Balancers Guide.
DisableAvailabilityZonesForLoadBalancer(ctx context.Context, params *DisableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*DisableAvailabilityZonesForLoadBalancerOutput, error)
// Adds the specified Availability Zones to the set of Availability Zones for the
// specified load balancer in EC2-Classic or a default VPC. For load balancers in a
// non-default VPC, use AttachLoadBalancerToSubnets. The load balancer evenly
// distributes requests across all its registered Availability Zones that contain
// instances. For more information, see Add or Remove Availability Zones
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html)
// in the Classic Load Balancers Guide.
EnableAvailabilityZonesForLoadBalancer(ctx context.Context, params *EnableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*EnableAvailabilityZonesForLoadBalancerOutput, error)
// Modifies the attributes of the specified load balancer. You can modify the load
// balancer attributes, such as AccessLogs, ConnectionDraining, and
// CrossZoneLoadBalancing by either enabling or disabling them. Or, you can modify
// the load balancer attribute ConnectionSettings by specifying an idle connection
// timeout value for your load balancer. For more information, see the following in
// the Classic Load Balancers Guide:
//
// * Cross-Zone Load Balancing
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-crosszone-lb.html)
//
// *
// Connection Draining
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-conn-drain.html)
//
// *
// Access Logs
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html)
//
// *
// Idle Connection Timeout
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html)
ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
// Adds the specified instances to the specified load balancer. The instance must
// be a running instance in the same network as the load balancer (EC2-Classic or
// the same VPC). If you have EC2-Classic instances and a load balancer in a VPC
// with ClassicLink enabled, you can link the EC2-Classic instances to that VPC and
// then register the linked EC2-Classic instances with the load balancer in the
// VPC. Note that RegisterInstanceWithLoadBalancer completes when the request has
// been registered. Instance registration takes a little time to complete. To check
// the state of the registered instances, use DescribeLoadBalancers or
// DescribeInstanceHealth. After the instance is registered, it starts receiving
// traffic and requests from the load balancer. Any instance that is not in one of
// the Availability Zones registered for the load balancer is moved to the
// OutOfService state. If an Availability Zone is added to the load balancer later,
// any instances registered with the load balancer move to the InService state. To
// deregister instances from a load balancer, use
// DeregisterInstancesFromLoadBalancer. For more information, see Register or
// De-Register EC2 Instances
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html)
// in the Classic Load Balancers Guide.
RegisterInstancesWithLoadBalancer(ctx context.Context, params *RegisterInstancesWithLoadBalancerInput, optFns ...func(*Options)) (*RegisterInstancesWithLoadBalancerOutput, error)
// Removes one or more tags from the specified load balancer.
RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
// Sets the certificate that terminates the specified listener's SSL connections.
// The specified certificate replaces any prior certificate that was used on the
// same load balancer and port. For more information about updating your SSL
// certificate, see Replace the SSL Certificate for Your Load Balancer
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-update-ssl-cert.html)
// in the Classic Load Balancers Guide.
SetLoadBalancerListenerSSLCertificate(ctx context.Context, params *SetLoadBalancerListenerSSLCertificateInput, optFns ...func(*Options)) (*SetLoadBalancerListenerSSLCertificateOutput, error)
// Replaces the set of policies associated with the specified port on which the EC2
// instance is listening with a new set of policies. At this time, only the
// back-end server authentication policy type can be applied to the instance ports;
// this policy type is composed of multiple public key policies. Each time you use
// SetLoadBalancerPoliciesForBackendServer to enable the policies, use the
// PolicyNames parameter to list the policies that you want to enable. You can use
// DescribeLoadBalancers or DescribeLoadBalancerPolicies to verify that the policy
// is associated with the EC2 instance. For more information about enabling
// back-end instance authentication, see Configure Back-end Instance Authentication
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html#configure_backendauth_clt)
// in the Classic Load Balancers Guide. For more information about Proxy Protocol,
// see Configure Proxy Protocol Support
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html)
// in the Classic Load Balancers Guide.
SetLoadBalancerPoliciesForBackendServer(ctx context.Context, params *SetLoadBalancerPoliciesForBackendServerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesForBackendServerOutput, error)
// Replaces the current set of policies for the specified load balancer port with
// the specified set of policies. To enable back-end server authentication, use
// SetLoadBalancerPoliciesForBackendServer. For more information about setting
// policies, see Update the SSL Negotiation Configuration
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-config-update.html),
// Duration-Based Session Stickiness
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration),
// and Application-Controlled Session Stickiness
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application)
// in the Classic Load Balancers Guide.
SetLoadBalancerPoliciesOfListener(ctx context.Context, params *SetLoadBalancerPoliciesOfListenerInput, optFns ...func(*Options)) (*SetLoadBalancerPoliciesOfListenerOutput, error)
}
ELB provides an interface to the AWS ELB service.
type ELBV2 ¶ added in v0.91.0
type ELBV2 interface {
// Adds the specified SSL server certificate to the certificate list for the
// specified HTTPS or TLS listener. If the certificate in already in the
// certificate list, the call is successful but the certificate is not added again.
// For more information, see HTTPS listeners
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html)
// in the Application Load Balancers Guide or TLS listeners
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html)
// in the Network Load Balancers Guide.
AddListenerCertificates(ctx context.Context, params *AddListenerCertificatesInput, optFns ...func(*Options)) (*AddListenerCertificatesOutput, error)
// Adds the specified tags to the specified Elastic Load Balancing resource. You
// can tag your Application Load Balancers, Network Load Balancers, Gateway Load
// Balancers, target groups, listeners, and rules. Each tag consists of a key and
// an optional value. If a resource already has a tag with the same key, AddTags
// updates its value.
AddTags(ctx context.Context, params *AddTagsInput, optFns ...func(*Options)) (*AddTagsOutput, error)
// Creates a listener for the specified Application Load Balancer, Network Load
// Balancer, or Gateway Load Balancer. For more information, see the following:
//
// *
// Listeners for your Application Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html)
//
// *
// Listeners for your Network Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-listeners.html)
//
// *
// Listeners for your Gateway Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-listeners.html)
//
// This
// operation is idempotent, which means that it completes at most one time. If you
// attempt to create multiple listeners with the same settings, each call succeeds.
CreateListener(ctx context.Context, params *CreateListenerInput, optFns ...func(*Options)) (*CreateListenerOutput, error)
// Creates an Application Load Balancer, Network Load Balancer, or Gateway Load
// Balancer. For more information, see the following:
//
// * Application Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html)
//
// *
// Network Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html)
//
// *
// Gateway Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html)
//
// This
// operation is idempotent, which means that it completes at most one time. If you
// attempt to create multiple load balancers with the same settings, each call
// succeeds.
CreateLoadBalancer(ctx context.Context, params *CreateLoadBalancerInput, optFns ...func(*Options)) (*CreateLoadBalancerOutput, error)
// Creates a rule for the specified listener. The listener must be associated with
// an Application Load Balancer. Each rule consists of a priority, one or more
// actions, and one or more conditions. Rules are evaluated in priority order, from
// the lowest value to the highest value. When the conditions for a rule are met,
// its actions are performed. If the conditions for no rules are met, the actions
// for the default rule are performed. For more information, see Listener rules
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules)
// in the Application Load Balancers Guide.
CreateRule(ctx context.Context, params *CreateRuleInput, optFns ...func(*Options)) (*CreateRuleOutput, error)
// Creates a target group. For more information, see the following:
//
// * Target
// groups for your Application Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html)
//
// *
// Target groups for your Network Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html)
//
// *
// Target groups for your Gateway Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html)
//
// This
// operation is idempotent, which means that it completes at most one time. If you
// attempt to create multiple target groups with the same settings, each call
// succeeds.
CreateTargetGroup(ctx context.Context, params *CreateTargetGroupInput, optFns ...func(*Options)) (*CreateTargetGroupOutput, error)
// Deletes the specified listener. Alternatively, your listener is deleted when you
// delete the load balancer to which it is attached.
DeleteListener(ctx context.Context, params *DeleteListenerInput, optFns ...func(*Options)) (*DeleteListenerOutput, error)
// Deletes the specified Application Load Balancer, Network Load Balancer, or
// Gateway Load Balancer. Deleting a load balancer also deletes its listeners. You
// can't delete a load balancer if deletion protection is enabled. If the load
// balancer does not exist or has already been deleted, the call succeeds. Deleting
// a load balancer does not affect its registered targets. For example, your EC2
// instances continue to run and are still registered to their target groups. If
// you no longer need these EC2 instances, you can stop or terminate them.
DeleteLoadBalancer(ctx context.Context, params *DeleteLoadBalancerInput, optFns ...func(*Options)) (*DeleteLoadBalancerOutput, error)
// Deletes the specified rule. You can't delete the default rule.
DeleteRule(ctx context.Context, params *DeleteRuleInput, optFns ...func(*Options)) (*DeleteRuleOutput, error)
// Deletes the specified target group. You can delete a target group if it is not
// referenced by any actions. Deleting a target group also deletes any associated
// health checks. Deleting a target group does not affect its registered targets.
// For example, any EC2 instances continue to run until you stop or terminate them.
DeleteTargetGroup(ctx context.Context, params *DeleteTargetGroupInput, optFns ...func(*Options)) (*DeleteTargetGroupOutput, error)
// Deregisters the specified targets from the specified target group. After the
// targets are deregistered, they no longer receive traffic from the load balancer.
DeregisterTargets(ctx context.Context, params *DeregisterTargetsInput, optFns ...func(*Options)) (*DeregisterTargetsOutput, error)
// Describes the current Elastic Load Balancing resource limits for your Amazon Web
// Services account. For more information, see the following:
//
// * Quotas for your
// Application Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html)
//
// *
// Quotas for your Network Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html)
//
// *
// Quotas for your Gateway Load Balancers
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html)
DescribeAccountLimits(ctx context.Context, params *DescribeAccountLimitsInput, optFns ...func(*Options)) (*DescribeAccountLimitsOutput, error)
// Describes the default certificate and the certificate list for the specified
// HTTPS or TLS listener. If the default certificate is also in the certificate
// list, it appears twice in the results (once with IsDefault set to true and once
// with IsDefault set to false). For more information, see SSL certificates
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#https-listener-certificates)
// in the Application Load Balancers Guide or Server certificates
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificate)
// in the Network Load Balancers Guide.
DescribeListenerCertificates(ctx context.Context, params *DescribeListenerCertificatesInput, optFns ...func(*Options)) (*DescribeListenerCertificatesOutput, error)
// Describes the specified listeners or the listeners for the specified Application
// Load Balancer, Network Load Balancer, or Gateway Load Balancer. You must specify
// either a load balancer or one or more listeners.
DescribeListeners(ctx context.Context, params *DescribeListenersInput, optFns ...func(*Options)) (*DescribeListenersOutput, error)
// Describes the attributes for the specified Application Load Balancer, Network
// Load Balancer, or Gateway Load Balancer. For more information, see the
// following:
//
// * Load balancer attributes
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes)
// in the Application Load Balancers Guide
//
// * Load balancer attributes
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#load-balancer-attributes)
// in the Network Load Balancers Guide
//
// * Load balancer attributes
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html#load-balancer-attributes)
// in the Gateway Load Balancers Guide
DescribeLoadBalancerAttributes(ctx context.Context, params *DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*DescribeLoadBalancerAttributesOutput, error)
// Describes the specified load balancers or all of your load balancers.
DescribeLoadBalancers(ctx context.Context, params *DescribeLoadBalancersInput, optFns ...func(*Options)) (*DescribeLoadBalancersOutput, error)
// Describes the specified rules or the rules for the specified listener. You must
// specify either a listener or one or more rules.
DescribeRules(ctx context.Context, params *DescribeRulesInput, optFns ...func(*Options)) (*DescribeRulesOutput, error)
// Describes the specified policies or all policies used for SSL negotiation. For
// more information, see Security policies
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies)
// in the Application Load Balancers Guide or Security policies
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies)
// in the Network Load Balancers Guide.
DescribeSSLPolicies(ctx context.Context, params *DescribeSSLPoliciesInput, optFns ...func(*Options)) (*DescribeSSLPoliciesOutput, error)
// Describes the tags for the specified Elastic Load Balancing resources. You can
// describe the tags for one or more Application Load Balancers, Network Load
// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
DescribeTags(ctx context.Context, params *DescribeTagsInput, optFns ...func(*Options)) (*DescribeTagsOutput, error)
// Describes the attributes for the specified target group. For more information,
// see the following:
//
// * Target group attributes
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-attributes)
// in the Application Load Balancers Guide
//
// * Target group attributes
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#target-group-attributes)
// in the Network Load Balancers Guide
//
// * Target group attributes
// (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#target-group-attributes)
// in the Gateway Load Balancers Guide
DescribeTargetGroupAttributes(ctx context.Context, params *DescribeTargetGroupAttributesInput, optFns ...func(*Options)) (*DescribeTargetGroupAttributesOutput, error)
// Describes the specified target groups or all of your target groups. By default,
// all target groups are described. Alternatively, you can specify one of the
// following to filter the results: the ARN of the load balancer, the names of one
// or more target groups, or the ARNs of one or more target groups.
DescribeTargetGroups(ctx context.Context, params *DescribeTargetGroupsInput, optFns ...func(*Options)) (*DescribeTargetGroupsOutput, error)
// Describes the health of the specified targets or all of your targets.
DescribeTargetHealth(ctx context.Context, params *DescribeTargetHealthInput, optFns ...func(*Options)) (*DescribeTargetHealthOutput, error)
// Replaces the specified properties of the specified listener. Any properties that
// you do not specify remain unchanged. Changing the protocol from HTTPS to HTTP,
// or from TLS to TCP, removes the security policy and default certificate
// properties. If you change the protocol from HTTP to HTTPS, or from TCP to TLS,
// you must add the security policy and default certificate properties. To add an
// item to a list, remove an item from a list, or update an item in a list, you
// must provide the entire list. For example, to add an action, specify a list with
// the current actions plus the new action.
ModifyListener(ctx context.Context, params *ModifyListenerInput, optFns ...func(*Options)) (*ModifyListenerOutput, error)
// Modifies the specified attributes of the specified Application Load Balancer,
// Network Load Balancer, or Gateway Load Balancer. If any of the specified
// attributes can't be modified as requested, the call fails. Any existing
// attributes that you do not modify retain their current values.
ModifyLoadBalancerAttributes(ctx context.Context, params *ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*ModifyLoadBalancerAttributesOutput, error)
// Replaces the specified properties of the specified rule. Any properties that you
// do not specify are unchanged. To add an item to a list, remove an item from a
// list, or update an item in a list, you must provide the entire list. For
// example, to add an action, specify a list with the current actions plus the new
// action.
ModifyRule(ctx context.Context, params *ModifyRuleInput, optFns ...func(*Options)) (*ModifyRuleOutput, error)
// Modifies the health checks used when evaluating the health state of the targets
// in the specified target group.
ModifyTargetGroup(ctx context.Context, params *ModifyTargetGroupInput, optFns ...func(*Options)) (*ModifyTargetGroupOutput, error)
// Modifies the specified attributes of the specified target group.
ModifyTargetGroupAttributes(ctx context.Context, params *ModifyTargetGroupAttributesInput, optFns ...func(*Options)) (*ModifyTargetGroupAttributesOutput, error)
// Registers the specified targets with the specified target group. If the target
// is an EC2 instance, it must be in the running state when you register it. By
// default, the load balancer routes requests to registered targets using the
// protocol and port for the target group. Alternatively, you can override the port
// for a target when you register it. You can register each EC2 instance or IP
// address with the same target group multiple times using different ports. With a
// Network Load Balancer, you cannot register instances by instance ID if they have
// the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1,
// HS1, M1, M2, M3, and T1. You can register instances of these types by IP
// address.
RegisterTargets(ctx context.Context, params *RegisterTargetsInput, optFns ...func(*Options)) (*RegisterTargetsOutput, error)
// Removes the specified certificate from the certificate list for the specified
// HTTPS or TLS listener.
RemoveListenerCertificates(ctx context.Context, params *RemoveListenerCertificatesInput, optFns ...func(*Options)) (*RemoveListenerCertificatesOutput, error)
// Removes the specified tags from the specified Elastic Load Balancing resources.
// You can remove the tags for one or more Application Load Balancers, Network Load
// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
RemoveTags(ctx context.Context, params *RemoveTagsInput, optFns ...func(*Options)) (*RemoveTagsOutput, error)
// Sets the type of IP addresses used by the subnets of the specified Application
// Load Balancer or Network Load Balancer.
SetIpAddressType(ctx context.Context, params *SetIpAddressTypeInput, optFns ...func(*Options)) (*SetIpAddressTypeOutput, error)
// Sets the priorities of the specified rules. You can reorder the rules as long as
// there are no priority conflicts in the new order. Any existing rules that you do
// not specify retain their current priority.
SetRulePriorities(ctx context.Context, params *SetRulePrioritiesInput, optFns ...func(*Options)) (*SetRulePrioritiesOutput, error)
// Associates the specified security groups with the specified Application Load
// Balancer. The specified security groups override the previously associated
// security groups. You can't specify a security group for a Network Load Balancer
// or Gateway Load Balancer.
SetSecurityGroups(ctx context.Context, params *SetSecurityGroupsInput, optFns ...func(*Options)) (*SetSecurityGroupsOutput, error)
// Enables the Availability Zones for the specified public subnets for the
// specified Application Load Balancer or Network Load Balancer. The specified
// subnets replace the previously enabled subnets. When you specify subnets for a
// Network Load Balancer, you must include all subnets that were enabled
// previously, with their existing configurations, plus any additional subnets.
SetSubnets(ctx context.Context, params *SetSubnetsInput, optFns ...func(*Options)) (*SetSubnetsOutput, error)
}
ELBV2 provides an interface to the AWS ELBV2 service.
type SSM ¶ added in v0.91.0
type SSM interface {
// Adds or overwrites one or more tags for the specified resource. Tags are
// metadata that you can assign to your documents, managed nodes, maintenance
// windows, Parameter Store parameters, and patch baselines. Tags enable you to
// categorize your resources in different ways, for example, by purpose, owner, or
// environment. Each tag consists of a key and an optional value, both of which you
// define. For example, you could define a set of tags for your account's managed
// nodes that helps you track each node's owner and stack level. For example:
//
// *
// Key=Owner,Value=DbAdmin
//
// * Key=Owner,Value=SysAdmin
//
// * Key=Owner,Value=Dev
//
// *
// Key=Stack,Value=Production
//
// * Key=Stack,Value=Pre-Production
//
// *
// Key=Stack,Value=Test
//
// Each resource can have a maximum of 50 tags. We recommend
// that you devise a set of tag keys that meets your needs for each resource type.
// Using a consistent set of tag keys makes it easier for you to manage your
// resources. You can search and filter the resources based on the tags you add.
// Tags don't have any semantic meaning to and are interpreted strictly as a string
// of characters. For more information about using tags with Amazon Elastic Compute
// Cloud (Amazon EC2) instances, see Tagging your Amazon EC2 resources
// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the
// Amazon EC2 User Guide.
AddTagsToResource(ctx context.Context, params *AddTagsToResourceInput, optFns ...func(*Options)) (*AddTagsToResourceOutput, error)
// Associates a related item to a Systems Manager OpsCenter OpsItem. For example,
// you can associate an Incident Manager incident or analysis with an OpsItem.
// Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems
// Manager.
AssociateOpsItemRelatedItem(ctx context.Context, params *AssociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*AssociateOpsItemRelatedItemOutput, error)
// Attempts to cancel the command specified by the Command ID. There is no
// guarantee that the command will be terminated and the underlying process
// stopped.
CancelCommand(ctx context.Context, params *CancelCommandInput, optFns ...func(*Options)) (*CancelCommandOutput, error)
// Stops a maintenance window execution that is already in progress and cancels any
// tasks in the window that haven't already starting running. Tasks already in
// progress will continue to completion.
CancelMaintenanceWindowExecution(ctx context.Context, params *CancelMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*CancelMaintenanceWindowExecutionOutput, error)
// Generates an activation code and activation ID you can use to register your
// on-premises servers, edge devices, or virtual machine (VM) with Amazon Web
// Services Systems Manager. Registering these machines with Systems Manager makes
// it possible to manage them using Systems Manager capabilities. You use the
// activation code and ID when installing SSM Agent on machines in your hybrid
// environment. For more information about requirements for managing on-premises
// machines using Systems Manager, see Setting up Amazon Web Services Systems
// Manager for hybrid environments
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html)
// in the Amazon Web Services Systems Manager User Guide. Amazon Elastic Compute
// Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that
// are configured for Systems Manager are all called managed nodes.
CreateActivation(ctx context.Context, params *CreateActivationInput, optFns ...func(*Options)) (*CreateActivationOutput, error)
// A State Manager association defines the state that you want to maintain on your
// managed nodes. For example, an association can specify that anti-virus software
// must be installed and running on your managed nodes, or that certain ports must
// be closed. For static targets, the association specifies a schedule for when the
// configuration is reapplied. For dynamic targets, such as an Amazon Web Services
// resource group or an Amazon Web Services autoscaling group, State Manager, a
// capability of Amazon Web Services Systems Manager applies the configuration when
// new managed nodes are added to the group. The association also specifies actions
// to take when applying the configuration. For example, an association for
// anti-virus software might run once a day. If the software isn't installed, then
// State Manager installs it. If the software is installed, but the service isn't
// running, then the association might instruct State Manager to start the service.
CreateAssociation(ctx context.Context, params *CreateAssociationInput, optFns ...func(*Options)) (*CreateAssociationOutput, error)
// Associates the specified Amazon Web Services Systems Manager document (SSM
// document) with the specified managed nodes or targets. When you associate a
// document with one or more managed nodes using IDs or tags, Amazon Web Services
// Systems Manager Agent (SSM Agent) running on the managed node processes the
// document and configures the node as specified. If you associate a document with
// a managed node that already has an associated document, the system returns the
// AssociationAlreadyExists exception.
CreateAssociationBatch(ctx context.Context, params *CreateAssociationBatchInput, optFns ...func(*Options)) (*CreateAssociationBatchOutput, error)
// Creates a Amazon Web Services Systems Manager (SSM document). An SSM document
// defines the actions that Systems Manager performs on your managed nodes. For
// more information about SSM documents, including information about supported
// schemas, features, and syntax, see Amazon Web Services Systems Manager Documents
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html)
// in the Amazon Web Services Systems Manager User Guide.
CreateDocument(ctx context.Context, params *CreateDocumentInput, optFns ...func(*Options)) (*CreateDocumentOutput, error)
// Creates a new maintenance window. The value you specify for Duration determines
// the specific end time for the maintenance window based on the time it begins. No
// maintenance window tasks are permitted to start after the resulting endtime
// minus the number of hours you specify for Cutoff. For example, if the
// maintenance window starts at 3 PM, the duration is three hours, and the value
// you specify for Cutoff is one hour, no maintenance window tasks can start after
// 5 PM.
CreateMaintenanceWindow(ctx context.Context, params *CreateMaintenanceWindowInput, optFns ...func(*Options)) (*CreateMaintenanceWindowOutput, error)
// Creates a new OpsItem. You must have permission in Identity and Access
// Management (IAM) to create a new OpsItem. For more information, see Getting
// started with OpsCenter
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
// investigate, and remediate operational issues impacting the performance and
// health of their Amazon Web Services resources. For more information, see Amazon
// Web Services Systems Manager OpsCenter
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) in
// the Amazon Web Services Systems Manager User Guide.
CreateOpsItem(ctx context.Context, params *CreateOpsItemInput, optFns ...func(*Options)) (*CreateOpsItemOutput, error)
// If you create a new application in Application Manager, Amazon Web Services
// Systems Manager calls this API operation to specify information about the new
// application, including the application type.
CreateOpsMetadata(ctx context.Context, params *CreateOpsMetadataInput, optFns ...func(*Options)) (*CreateOpsMetadataOutput, error)
// Creates a patch baseline. For information about valid key-value pairs in
// PatchFilters for each supported operating system type, see PatchFilter.
CreatePatchBaseline(ctx context.Context, params *CreatePatchBaselineInput, optFns ...func(*Options)) (*CreatePatchBaselineOutput, error)
// A resource data sync helps you view data from multiple sources in a single
// location. Amazon Web Services Systems Manager offers two types of resource data
// sync: SyncToDestination and SyncFromSource. You can configure Systems Manager
// Inventory to use the SyncToDestination type to synchronize Inventory data from
// multiple Amazon Web Services Regions to a single Amazon Simple Storage Service
// (Amazon S3) bucket. For more information, see Configuring resource data sync for
// Inventory
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-datasync.html)
// in the Amazon Web Services Systems Manager User Guide. You can configure Systems
// Manager Explorer to use the SyncFromSource type to synchronize operational work
// items (OpsItems) and operational data (OpsData) from multiple Amazon Web
// Services Regions to a single Amazon S3 bucket. This type can synchronize
// OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web
// Services Regions or EntireOrganization by using Organizations. For more
// information, see Setting up Systems Manager Explorer to display data from
// multiple accounts and Regions
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer-resource-data-sync.html)
// in the Amazon Web Services Systems Manager User Guide. A resource data sync is
// an asynchronous operation that returns immediately. After a successful initial
// sync is completed, the system continuously syncs data. To check the status of a
// sync, use the ListResourceDataSync. By default, data isn't encrypted in Amazon
// S3. We strongly recommend that you enable encryption in Amazon S3 to ensure
// secure data storage. We also recommend that you secure access to the Amazon S3
// bucket by creating a restrictive bucket policy.
CreateResourceDataSync(ctx context.Context, params *CreateResourceDataSyncInput, optFns ...func(*Options)) (*CreateResourceDataSyncOutput, error)
// Deletes an activation. You aren't required to delete an activation. If you
// delete an activation, you can no longer use it to register additional managed
// nodes. Deleting an activation doesn't de-register managed nodes. You must
// manually de-register managed nodes.
DeleteActivation(ctx context.Context, params *DeleteActivationInput, optFns ...func(*Options)) (*DeleteActivationOutput, error)
// Disassociates the specified Amazon Web Services Systems Manager document (SSM
// document) from the specified managed node. If you created the association by
// using the Targets parameter, then you must delete the association by using the
// association ID. When you disassociate a document from a managed node, it doesn't
// change the configuration of the node. To change the configuration state of a
// managed node after you disassociate a document, you must create a new document
// with the desired configuration and associate it with the node.
DeleteAssociation(ctx context.Context, params *DeleteAssociationInput, optFns ...func(*Options)) (*DeleteAssociationOutput, error)
// Deletes the Amazon Web Services Systems Manager document (SSM document) and all
// managed node associations to the document. Before you delete the document, we
// recommend that you use DeleteAssociation to disassociate all managed nodes that
// are associated with the document.
DeleteDocument(ctx context.Context, params *DeleteDocumentInput, optFns ...func(*Options)) (*DeleteDocumentOutput, error)
// Delete a custom inventory type or the data associated with a custom Inventory
// type. Deleting a custom inventory type is also referred to as deleting a custom
// inventory schema.
DeleteInventory(ctx context.Context, params *DeleteInventoryInput, optFns ...func(*Options)) (*DeleteInventoryOutput, error)
// Deletes a maintenance window.
DeleteMaintenanceWindow(ctx context.Context, params *DeleteMaintenanceWindowInput, optFns ...func(*Options)) (*DeleteMaintenanceWindowOutput, error)
// Delete OpsMetadata related to an application.
DeleteOpsMetadata(ctx context.Context, params *DeleteOpsMetadataInput, optFns ...func(*Options)) (*DeleteOpsMetadataOutput, error)
// Delete a parameter from the system. After deleting a parameter, wait for at
// least 30 seconds to create a parameter with the same name.
DeleteParameter(ctx context.Context, params *DeleteParameterInput, optFns ...func(*Options)) (*DeleteParameterOutput, error)
// Delete a list of parameters. After deleting a parameter, wait for at least 30
// seconds to create a parameter with the same name.
DeleteParameters(ctx context.Context, params *DeleteParametersInput, optFns ...func(*Options)) (*DeleteParametersOutput, error)
// Deletes a patch baseline.
DeletePatchBaseline(ctx context.Context, params *DeletePatchBaselineInput, optFns ...func(*Options)) (*DeletePatchBaselineOutput, error)
// Deletes a resource data sync configuration. After the configuration is deleted,
// changes to data on managed nodes are no longer synced to or from the target.
// Deleting a sync configuration doesn't delete data.
DeleteResourceDataSync(ctx context.Context, params *DeleteResourceDataSyncInput, optFns ...func(*Options)) (*DeleteResourceDataSyncOutput, error)
// Removes the server or virtual machine from the list of registered servers. You
// can reregister the node again at any time. If you don't plan to use Run Command
// on the server, we suggest uninstalling SSM Agent first.
DeregisterManagedInstance(ctx context.Context, params *DeregisterManagedInstanceInput, optFns ...func(*Options)) (*DeregisterManagedInstanceOutput, error)
// Removes a patch group from a patch baseline.
DeregisterPatchBaselineForPatchGroup(ctx context.Context, params *DeregisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*DeregisterPatchBaselineForPatchGroupOutput, error)
// Removes a target from a maintenance window.
DeregisterTargetFromMaintenanceWindow(ctx context.Context, params *DeregisterTargetFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTargetFromMaintenanceWindowOutput, error)
// Removes a task from a maintenance window.
DeregisterTaskFromMaintenanceWindow(ctx context.Context, params *DeregisterTaskFromMaintenanceWindowInput, optFns ...func(*Options)) (*DeregisterTaskFromMaintenanceWindowOutput, error)
// Describes details about the activation, such as the date and time the activation
// was created, its expiration date, the Identity and Access Management (IAM) role
// assigned to the managed nodes in the activation, and the number of nodes
// registered by using this activation.
DescribeActivations(ctx context.Context, params *DescribeActivationsInput, optFns ...func(*Options)) (*DescribeActivationsOutput, error)
// Describes the association for the specified target or managed node. If you
// created the association by using the Targets parameter, then you must retrieve
// the association by using the association ID.
DescribeAssociation(ctx context.Context, params *DescribeAssociationInput, optFns ...func(*Options)) (*DescribeAssociationOutput, error)
// Views information about a specific execution of a specific association.
DescribeAssociationExecutionTargets(ctx context.Context, params *DescribeAssociationExecutionTargetsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionTargetsOutput, error)
// Views all executions for a specific association ID.
DescribeAssociationExecutions(ctx context.Context, params *DescribeAssociationExecutionsInput, optFns ...func(*Options)) (*DescribeAssociationExecutionsOutput, error)
// Provides details about all active and terminated Automation executions.
DescribeAutomationExecutions(ctx context.Context, params *DescribeAutomationExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationExecutionsOutput, error)
// Information about all active and terminated step executions in an Automation
// workflow.
DescribeAutomationStepExecutions(ctx context.Context, params *DescribeAutomationStepExecutionsInput, optFns ...func(*Options)) (*DescribeAutomationStepExecutionsOutput, error)
// Lists all patches eligible to be included in a patch baseline.
DescribeAvailablePatches(ctx context.Context, params *DescribeAvailablePatchesInput, optFns ...func(*Options)) (*DescribeAvailablePatchesOutput, error)
// Describes the specified Amazon Web Services Systems Manager document (SSM
// document).
DescribeDocument(ctx context.Context, params *DescribeDocumentInput, optFns ...func(*Options)) (*DescribeDocumentOutput, error)
// Describes the permissions for a Amazon Web Services Systems Manager document
// (SSM document). If you created the document, you are the owner. If a document is
// shared, it can either be shared privately (by specifying a user's Amazon Web
// Services account ID) or publicly (All).
DescribeDocumentPermission(ctx context.Context, params *DescribeDocumentPermissionInput, optFns ...func(*Options)) (*DescribeDocumentPermissionOutput, error)
// All associations for the managed node(s).
DescribeEffectiveInstanceAssociations(ctx context.Context, params *DescribeEffectiveInstanceAssociationsInput, optFns ...func(*Options)) (*DescribeEffectiveInstanceAssociationsOutput, error)
// Retrieves the current effective patches (the patch and the approval state) for
// the specified patch baseline. Applies to patch baselines for Windows only.
DescribeEffectivePatchesForPatchBaseline(ctx context.Context, params *DescribeEffectivePatchesForPatchBaselineInput, optFns ...func(*Options)) (*DescribeEffectivePatchesForPatchBaselineOutput, error)
// The status of the associations for the managed node(s).
DescribeInstanceAssociationsStatus(ctx context.Context, params *DescribeInstanceAssociationsStatusInput, optFns ...func(*Options)) (*DescribeInstanceAssociationsStatusOutput, error)
// Describes one or more of your managed nodes, including information about the
// operating system platform, the version of SSM Agent installed on the managed
// node, node status, and so on. If you specify one or more managed node IDs, it
// returns information for those managed nodes. If you don't specify node IDs, it
// returns information for all your managed nodes. If you specify a node ID that
// isn't valid or a node that you don't own, you receive an error. The IamRole
// field for this API operation is the Identity and Access Management (IAM) role
// assigned to on-premises managed nodes. This call doesn't return the IAM role for
// EC2 instances.
DescribeInstanceInformation(ctx context.Context, params *DescribeInstanceInformationInput, optFns ...func(*Options)) (*DescribeInstanceInformationOutput, error)
// Retrieves the high-level patch state of one or more managed nodes.
DescribeInstancePatchStates(ctx context.Context, params *DescribeInstancePatchStatesInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesOutput, error)
// Retrieves the high-level patch state for the managed nodes in the specified
// patch group.
DescribeInstancePatchStatesForPatchGroup(ctx context.Context, params *DescribeInstancePatchStatesForPatchGroupInput, optFns ...func(*Options)) (*DescribeInstancePatchStatesForPatchGroupOutput, error)
// Retrieves information about the patches on the specified managed node and their
// state relative to the patch baseline being used for the node.
DescribeInstancePatches(ctx context.Context, params *DescribeInstancePatchesInput, optFns ...func(*Options)) (*DescribeInstancePatchesOutput, error)
// Describes a specific delete inventory operation.
DescribeInventoryDeletions(ctx context.Context, params *DescribeInventoryDeletionsInput, optFns ...func(*Options)) (*DescribeInventoryDeletionsOutput, error)
// Retrieves the individual task executions (one per target) for a particular task
// run as part of a maintenance window execution.
DescribeMaintenanceWindowExecutionTaskInvocations(ctx context.Context, params *DescribeMaintenanceWindowExecutionTaskInvocationsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTaskInvocationsOutput, error)
// For a given maintenance window execution, lists the tasks that were run.
DescribeMaintenanceWindowExecutionTasks(ctx context.Context, params *DescribeMaintenanceWindowExecutionTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionTasksOutput, error)
// Lists the executions of a maintenance window. This includes information about
// when the maintenance window was scheduled to be active, and information about
// tasks registered and run with the maintenance window.
DescribeMaintenanceWindowExecutions(ctx context.Context, params *DescribeMaintenanceWindowExecutionsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowExecutionsOutput, error)
// Retrieves information about upcoming executions of a maintenance window.
DescribeMaintenanceWindowSchedule(ctx context.Context, params *DescribeMaintenanceWindowScheduleInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowScheduleOutput, error)
// Lists the targets registered with the maintenance window.
DescribeMaintenanceWindowTargets(ctx context.Context, params *DescribeMaintenanceWindowTargetsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTargetsOutput, error)
// Lists the tasks in a maintenance window. For maintenance window tasks without a
// specified target, you can't supply values for --max-errors and
// --max-concurrency. Instead, the system inserts a placeholder value of 1, which
// may be reported in the response to this command. These values don't affect the
// running of your task and can be ignored.
DescribeMaintenanceWindowTasks(ctx context.Context, params *DescribeMaintenanceWindowTasksInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowTasksOutput, error)
// Retrieves the maintenance windows in an Amazon Web Services account.
DescribeMaintenanceWindows(ctx context.Context, params *DescribeMaintenanceWindowsInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsOutput, error)
// Retrieves information about the maintenance window targets or tasks that a
// managed node is associated with.
DescribeMaintenanceWindowsForTarget(ctx context.Context, params *DescribeMaintenanceWindowsForTargetInput, optFns ...func(*Options)) (*DescribeMaintenanceWindowsForTargetOutput, error)
// Query a set of OpsItems. You must have permission in Identity and Access
// Management (IAM) to query a list of OpsItems. For more information, see Getting
// started with OpsCenter
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
// investigate, and remediate operational issues impacting the performance and
// health of their Amazon Web Services resources. For more information, see
// OpsCenter
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) in
// the Amazon Web Services Systems Manager User Guide.
DescribeOpsItems(ctx context.Context, params *DescribeOpsItemsInput, optFns ...func(*Options)) (*DescribeOpsItemsOutput, error)
// Get information about a parameter. Request results are returned on a best-effort
// basis. If you specify MaxResults in the request, the response includes
// information up to the limit specified. The number of items returned, however,
// can be between zero and the value of MaxResults. If the service reaches an
// internal limit while processing the results, it stops the operation and returns
// the matching values up to that point and a NextToken. You can specify the
// NextToken in a subsequent call to get the next set of results. If you change the
// KMS key alias for the KMS key used to encrypt a parameter, then you must also
// update the key alias the parameter uses to reference KMS. Otherwise,
// DescribeParameters retrieves whatever the original key alias was referencing.
DescribeParameters(ctx context.Context, params *DescribeParametersInput, optFns ...func(*Options)) (*DescribeParametersOutput, error)
// Lists the patch baselines in your Amazon Web Services account.
DescribePatchBaselines(ctx context.Context, params *DescribePatchBaselinesInput, optFns ...func(*Options)) (*DescribePatchBaselinesOutput, error)
// Returns high-level aggregated patch compliance state information for a patch
// group.
DescribePatchGroupState(ctx context.Context, params *DescribePatchGroupStateInput, optFns ...func(*Options)) (*DescribePatchGroupStateOutput, error)
// Lists all patch groups that have been registered with patch baselines.
DescribePatchGroups(ctx context.Context, params *DescribePatchGroupsInput, optFns ...func(*Options)) (*DescribePatchGroupsOutput, error)
// Lists the properties of available patches organized by product, product family,
// classification, severity, and other properties of available patches. You can use
// the reported properties in the filters you specify in requests for operations
// such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and
// DescribePatchBaselines. The following section lists the properties that can be
// used in filters for each major operating system type: AMAZON_LINUX Valid
// properties: PRODUCT | CLASSIFICATION | SEVERITY AMAZON_LINUX_2 Valid properties:
// PRODUCT | CLASSIFICATION | SEVERITY CENTOS Valid properties: PRODUCT |
// CLASSIFICATION | SEVERITY DEBIAN Valid properties: PRODUCT | PRIORITY MACOS
// Valid properties: PRODUCT | CLASSIFICATION ORACLE_LINUX Valid properties:
// PRODUCT | CLASSIFICATION | SEVERITY REDHAT_ENTERPRISE_LINUX Valid properties:
// PRODUCT | CLASSIFICATION | SEVERITY SUSE Valid properties: PRODUCT |
// CLASSIFICATION | SEVERITY UBUNTU Valid properties: PRODUCT | PRIORITY WINDOWS
// Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | MSRC_SEVERITY
DescribePatchProperties(ctx context.Context, params *DescribePatchPropertiesInput, optFns ...func(*Options)) (*DescribePatchPropertiesOutput, error)
// Retrieves a list of all active sessions (both connected and disconnected) or
// terminated sessions from the past 30 days.
DescribeSessions(ctx context.Context, params *DescribeSessionsInput, optFns ...func(*Options)) (*DescribeSessionsOutput, error)
// Deletes the association between an OpsItem and a related item. For example, this
// API operation can delete an Incident Manager incident from an OpsItem. Incident
// Manager is a capability of Amazon Web Services Systems Manager.
DisassociateOpsItemRelatedItem(ctx context.Context, params *DisassociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*DisassociateOpsItemRelatedItemOutput, error)
// Get detailed information about a particular Automation execution.
GetAutomationExecution(ctx context.Context, params *GetAutomationExecutionInput, optFns ...func(*Options)) (*GetAutomationExecutionOutput, error)
// Gets the state of a Amazon Web Services Systems Manager change calendar at the
// current time or a specified time. If you specify a time, GetCalendarState
// returns the state of the calendar at that specific time, and returns the next
// time that the change calendar state will transition. If you don't specify a
// time, GetCalendarState uses the current time. Change Calendar entries have two
// possible states: OPEN or CLOSED. If you specify more than one calendar in a
// request, the command returns the status of OPEN only if all calendars in the
// request are open. If one or more calendars in the request are closed, the status
// returned is CLOSED. For more information about Change Calendar, a capability of
// Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager
// Change Calendar
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html)
// in the Amazon Web Services Systems Manager User Guide.
GetCalendarState(ctx context.Context, params *GetCalendarStateInput, optFns ...func(*Options)) (*GetCalendarStateOutput, error)
// Returns detailed information about command execution for an invocation or
// plugin. GetCommandInvocation only gives the execution status of a plugin in a
// document. To get the command execution status on a specific managed node, use
// ListCommandInvocations. To get the command execution status across managed
// nodes, use ListCommands.
GetCommandInvocation(ctx context.Context, params *GetCommandInvocationInput, optFns ...func(*Options)) (*GetCommandInvocationOutput, error)
// Retrieves the Session Manager connection status for a managed node to determine
// whether it is running and ready to receive Session Manager connections.
GetConnectionStatus(ctx context.Context, params *GetConnectionStatusInput, optFns ...func(*Options)) (*GetConnectionStatusOutput, error)
// Retrieves the default patch baseline. Amazon Web Services Systems Manager
// supports creating multiple default patch baselines. For example, you can create
// a default patch baseline for each operating system. If you don't specify an
// operating system value, the default patch baseline for Windows is returned.
GetDefaultPatchBaseline(ctx context.Context, params *GetDefaultPatchBaselineInput, optFns ...func(*Options)) (*GetDefaultPatchBaselineOutput, error)
// Retrieves the current snapshot for the patch baseline the managed node uses.
// This API is primarily used by the AWS-RunPatchBaseline Systems Manager document
// (SSM document). If you run the command locally, such as with the Command Line
// Interface (CLI), the system attempts to use your local Amazon Web Services
// credentials and the operation fails. To avoid this, you can run the command in
// the Amazon Web Services Systems Manager console. Use Run Command, a capability
// of Amazon Web Services Systems Manager, with an SSM document that enables you to
// target a managed node with a script or command. For example, run the command
// using the AWS-RunShellScript document or the AWS-RunPowerShellScript document.
GetDeployablePatchSnapshotForInstance(ctx context.Context, params *GetDeployablePatchSnapshotForInstanceInput, optFns ...func(*Options)) (*GetDeployablePatchSnapshotForInstanceOutput, error)
// Gets the contents of the specified Amazon Web Services Systems Manager document
// (SSM document).
GetDocument(ctx context.Context, params *GetDocumentInput, optFns ...func(*Options)) (*GetDocumentOutput, error)
// Query inventory information. This includes managed node status, such as Stopped
// or Terminated.
GetInventory(ctx context.Context, params *GetInventoryInput, optFns ...func(*Options)) (*GetInventoryOutput, error)
// Return a list of inventory type names for the account, or return a list of
// attribute names for a specific Inventory item type.
GetInventorySchema(ctx context.Context, params *GetInventorySchemaInput, optFns ...func(*Options)) (*GetInventorySchemaOutput, error)
// Retrieves a maintenance window.
GetMaintenanceWindow(ctx context.Context, params *GetMaintenanceWindowInput, optFns ...func(*Options)) (*GetMaintenanceWindowOutput, error)
// Retrieves details about a specific a maintenance window execution.
GetMaintenanceWindowExecution(ctx context.Context, params *GetMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionOutput, error)
// Retrieves the details about a specific task run as part of a maintenance window
// execution.
GetMaintenanceWindowExecutionTask(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskOutput, error)
// Retrieves information about a specific task running on a specific target.
GetMaintenanceWindowExecutionTaskInvocation(ctx context.Context, params *GetMaintenanceWindowExecutionTaskInvocationInput, optFns ...func(*Options)) (*GetMaintenanceWindowExecutionTaskInvocationOutput, error)
// Retrieves the details of a maintenance window task. For maintenance window tasks
// without a specified target, you can't supply values for --max-errors and
// --max-concurrency. Instead, the system inserts a placeholder value of 1, which
// may be reported in the response to this command. These values don't affect the
// running of your task and can be ignored. To retrieve a list of tasks in a
// maintenance window, instead use the DescribeMaintenanceWindowTasks command.
GetMaintenanceWindowTask(ctx context.Context, params *GetMaintenanceWindowTaskInput, optFns ...func(*Options)) (*GetMaintenanceWindowTaskOutput, error)
// Get information about an OpsItem by using the ID. You must have permission in
// Identity and Access Management (IAM) to view information about an OpsItem. For
// more information, see Getting started with OpsCenter
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
// investigate, and remediate operational issues impacting the performance and
// health of their Amazon Web Services resources. For more information, see
// OpsCenter
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) in
// the Amazon Web Services Systems Manager User Guide.
GetOpsItem(ctx context.Context, params *GetOpsItemInput, optFns ...func(*Options)) (*GetOpsItemOutput, error)
// View operational metadata related to an application in Application Manager.
GetOpsMetadata(ctx context.Context, params *GetOpsMetadataInput, optFns ...func(*Options)) (*GetOpsMetadataOutput, error)
// View a summary of operations metadata (OpsData) based on specified filters and
// aggregators. OpsData can include information about Amazon Web Services Systems
// Manager OpsCenter operational workitems (OpsItems) as well as information about
// any Amazon Web Services resource or service configured to report OpsData to
// Amazon Web Services Systems Manager Explorer.
GetOpsSummary(ctx context.Context, params *GetOpsSummaryInput, optFns ...func(*Options)) (*GetOpsSummaryOutput, error)
// Get information about a single parameter by specifying the parameter name. To
// get information about more than one parameter at a time, use the GetParameters
// operation.
GetParameter(ctx context.Context, params *GetParameterInput, optFns ...func(*Options)) (*GetParameterOutput, error)
// Retrieves the history of all changes to a parameter. If you change the KMS key
// alias for the KMS key used to encrypt a parameter, then you must also update the
// key alias the parameter uses to reference KMS. Otherwise, GetParameterHistory
// retrieves whatever the original key alias was referencing.
GetParameterHistory(ctx context.Context, params *GetParameterHistoryInput, optFns ...func(*Options)) (*GetParameterHistoryOutput, error)
// Get information about one or more parameters by specifying multiple parameter
// names. To get information about a single parameter, you can use the GetParameter
// operation instead.
GetParameters(ctx context.Context, params *GetParametersInput, optFns ...func(*Options)) (*GetParametersOutput, error)
// Retrieve information about one or more parameters in a specific hierarchy.
// Request results are returned on a best-effort basis. If you specify MaxResults
// in the request, the response includes information up to the limit specified. The
// number of items returned, however, can be between zero and the value of
// MaxResults. If the service reaches an internal limit while processing the
// results, it stops the operation and returns the matching values up to that point
// and a NextToken. You can specify the NextToken in a subsequent call to get the
// next set of results.
GetParametersByPath(ctx context.Context, params *GetParametersByPathInput, optFns ...func(*Options)) (*GetParametersByPathOutput, error)
// Retrieves information about a patch baseline.
GetPatchBaseline(ctx context.Context, params *GetPatchBaselineInput, optFns ...func(*Options)) (*GetPatchBaselineOutput, error)
// Retrieves the patch baseline that should be used for the specified patch group.
GetPatchBaselineForPatchGroup(ctx context.Context, params *GetPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*GetPatchBaselineForPatchGroupOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of false. This means the user can't use this
// feature unless they change the setting to true and intentionally opt in for a
// paid feature. Services map a SettingId object to a setting value. Amazon Web
// Services services teams define the default value for a SettingId. You can't
// create a new SettingId, but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the
// UpdateServiceSetting API operation to change the default setting. Or use the
// ResetServiceSetting to change the value back to the original value defined by
// the Amazon Web Services service team. Query the current service setting for the
// Amazon Web Services account.
GetServiceSetting(ctx context.Context, params *GetServiceSettingInput, optFns ...func(*Options)) (*GetServiceSettingOutput, error)
// A parameter label is a user-defined alias to help you manage different versions
// of a parameter. When you modify a parameter, Amazon Web Services Systems Manager
// automatically saves a new version and increments the version number by one. A
// label can help you remember the purpose of a parameter when there are multiple
// versions. Parameter labels have the following requirements and restrictions.
//
// *
// A version of a parameter can have a maximum of 10 labels.
//
// * You can't attach
// the same label to different versions of the same parameter. For example, if
// version 1 has the label Production, then you can't attach Production to version
// 2.
//
// * You can move a label from one version of a parameter to another.
//
// * You
// can't create a label when you create a new parameter. You must attach a label to
// a specific version of a parameter.
//
// * If you no longer want to use a parameter
// label, then you can either delete it or move it to a different version of a
// parameter.
//
// * A label can have a maximum of 100 characters.
//
// * Labels can
// contain letters (case sensitive), numbers, periods (.), hyphens (-), or
// underscores (_).
//
// * Labels can't begin with a number, "aws" or "ssm" (not case
// sensitive). If a label fails to meet these requirements, then the label isn't
// associated with a parameter and the system displays it in the list of
// InvalidLabels.
LabelParameterVersion(ctx context.Context, params *LabelParameterVersionInput, optFns ...func(*Options)) (*LabelParameterVersionOutput, error)
// Retrieves all versions of an association for a specific association ID.
ListAssociationVersions(ctx context.Context, params *ListAssociationVersionsInput, optFns ...func(*Options)) (*ListAssociationVersionsOutput, error)
// Returns all State Manager associations in the current Amazon Web Services
// account and Amazon Web Services Region. You can limit the results to a specific
// State Manager association document or managed node by specifying a filter. State
// Manager is a capability of Amazon Web Services Systems Manager.
ListAssociations(ctx context.Context, params *ListAssociationsInput, optFns ...func(*Options)) (*ListAssociationsOutput, error)
// An invocation is copy of a command sent to a specific managed node. A command
// can apply to one or more managed nodes. A command invocation applies to one
// managed node. For example, if a user runs SendCommand against three managed
// nodes, then a command invocation is created for each requested managed node ID.
// ListCommandInvocations provide status about command execution.
ListCommandInvocations(ctx context.Context, params *ListCommandInvocationsInput, optFns ...func(*Options)) (*ListCommandInvocationsOutput, error)
// Lists the commands requested by users of the Amazon Web Services account.
ListCommands(ctx context.Context, params *ListCommandsInput, optFns ...func(*Options)) (*ListCommandsOutput, error)
// For a specified resource ID, this API operation returns a list of compliance
// statuses for different resource types. Currently, you can only specify one
// resource ID per call. List results depend on the criteria specified in the
// filter.
ListComplianceItems(ctx context.Context, params *ListComplianceItemsInput, optFns ...func(*Options)) (*ListComplianceItemsOutput, error)
// Returns a summary count of compliant and non-compliant resources for a
// compliance type. For example, this call can return State Manager associations,
// patches, or custom compliance types according to the filter criteria that you
// specify.
ListComplianceSummaries(ctx context.Context, params *ListComplianceSummariesInput, optFns ...func(*Options)) (*ListComplianceSummariesOutput, error)
// Information about approval reviews for a version of a change template in Change
// Manager.
ListDocumentMetadataHistory(ctx context.Context, params *ListDocumentMetadataHistoryInput, optFns ...func(*Options)) (*ListDocumentMetadataHistoryOutput, error)
// List all versions for a document.
ListDocumentVersions(ctx context.Context, params *ListDocumentVersionsInput, optFns ...func(*Options)) (*ListDocumentVersionsOutput, error)
// Returns all Systems Manager (SSM) documents in the current Amazon Web Services
// account and Amazon Web Services Region. You can limit the results of this
// request by using a filter.
ListDocuments(ctx context.Context, params *ListDocumentsInput, optFns ...func(*Options)) (*ListDocumentsOutput, error)
// A list of inventory items returned by the request.
ListInventoryEntries(ctx context.Context, params *ListInventoryEntriesInput, optFns ...func(*Options)) (*ListInventoryEntriesOutput, error)
// Returns a list of all OpsItem events in the current Amazon Web Services Region
// and Amazon Web Services account. You can limit the results to events associated
// with specific OpsItems by specifying a filter.
ListOpsItemEvents(ctx context.Context, params *ListOpsItemEventsInput, optFns ...func(*Options)) (*ListOpsItemEventsOutput, error)
// Lists all related-item resources associated with a Systems Manager OpsCenter
// OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager.
ListOpsItemRelatedItems(ctx context.Context, params *ListOpsItemRelatedItemsInput, optFns ...func(*Options)) (*ListOpsItemRelatedItemsOutput, error)
// Amazon Web Services Systems Manager calls this API operation when displaying all
// Application Manager OpsMetadata objects or blobs.
ListOpsMetadata(ctx context.Context, params *ListOpsMetadataInput, optFns ...func(*Options)) (*ListOpsMetadataOutput, error)
// Returns a resource-level summary count. The summary includes information about
// compliant and non-compliant statuses and detailed compliance-item severity
// counts, according to the filter criteria you specify.
ListResourceComplianceSummaries(ctx context.Context, params *ListResourceComplianceSummariesInput, optFns ...func(*Options)) (*ListResourceComplianceSummariesOutput, error)
// Lists your resource data sync configurations. Includes information about the
// last time a sync attempted to start, the last sync status, and the last time a
// sync successfully completed. The number of sync configurations might be too
// large to return using a single call to ListResourceDataSync. You can limit the
// number of sync configurations returned by using the MaxResults parameter. To
// determine whether there are more sync configurations to list, check the value of
// NextToken in the output. If there are more sync configurations to list, you can
// request them by specifying the NextToken returned in the call to the parameter
// of a subsequent call.
ListResourceDataSync(ctx context.Context, params *ListResourceDataSyncInput, optFns ...func(*Options)) (*ListResourceDataSyncOutput, error)
// Returns a list of the tags assigned to the specified resource. For information
// about the ID format for each supported resource type, see AddTagsToResource.
ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)
// Shares a Amazon Web Services Systems Manager document (SSM document)publicly or
// privately. If you share a document privately, you must specify the Amazon Web
// Services user account IDs for those people who can use the document. If you
// share a document publicly, you must specify All as the account ID.
ModifyDocumentPermission(ctx context.Context, params *ModifyDocumentPermissionInput, optFns ...func(*Options)) (*ModifyDocumentPermissionOutput, error)
// Registers a compliance type and other compliance details on a designated
// resource. This operation lets you register custom compliance details with a
// resource. This call overwrites existing compliance information on the resource,
// so you must provide a full list of compliance items each time that you send the
// request. ComplianceType can be one of the following:
//
// * ExecutionId: The
// execution ID when the patch, association, or custom compliance item was
// applied.
//
// * ExecutionType: Specify patch, association, or Custom:string.
//
// *
// ExecutionTime. The time the patch, association, or custom compliance item was
// applied to the managed node.
//
// * Id: The patch, association, or custom compliance
// ID.
//
// * Title: A title.
//
// * Status: The status of the compliance item. For
// example, approved for patches, or Failed for associations.
//
// * Severity: A patch
// severity. For example, critical.
//
// * DocumentName: An SSM document name. For
// example, AWS-RunPatchBaseline.
//
// * DocumentVersion: An SSM document version
// number. For example, 4.
//
// * Classification: A patch classification. For example,
// security updates.
//
// * PatchBaselineId: A patch baseline ID.
//
// * PatchSeverity: A
// patch severity. For example, Critical.
//
// * PatchState: A patch state. For
// example, InstancesWithFailedPatches.
//
// * PatchGroup: The name of a patch
// group.
//
// * InstalledTime: The time the association, patch, or custom compliance
// item was applied to the resource. Specify the time by using the following
// format: yyyy-MM-dd'T'HH:mm:ss'Z'
PutComplianceItems(ctx context.Context, params *PutComplianceItemsInput, optFns ...func(*Options)) (*PutComplianceItemsOutput, error)
// Bulk update custom inventory items on one or more managed nodes. The request
// adds an inventory item, if it doesn't already exist, or updates an inventory
// item, if it does exist.
PutInventory(ctx context.Context, params *PutInventoryInput, optFns ...func(*Options)) (*PutInventoryOutput, error)
// Add a parameter to the system.
PutParameter(ctx context.Context, params *PutParameterInput, optFns ...func(*Options)) (*PutParameterOutput, error)
// Defines the default patch baseline for the relevant operating system. To reset
// the Amazon Web Services-predefined patch baseline as the default, specify the
// full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For
// example, for CentOS, specify
// arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of
// pb-0574b43a65ea646ed.
RegisterDefaultPatchBaseline(ctx context.Context, params *RegisterDefaultPatchBaselineInput, optFns ...func(*Options)) (*RegisterDefaultPatchBaselineOutput, error)
// Registers a patch baseline for a patch group.
RegisterPatchBaselineForPatchGroup(ctx context.Context, params *RegisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*RegisterPatchBaselineForPatchGroupOutput, error)
// Registers a target with a maintenance window.
RegisterTargetWithMaintenanceWindow(ctx context.Context, params *RegisterTargetWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTargetWithMaintenanceWindowOutput, error)
// Adds a new task to a maintenance window.
RegisterTaskWithMaintenanceWindow(ctx context.Context, params *RegisterTaskWithMaintenanceWindowInput, optFns ...func(*Options)) (*RegisterTaskWithMaintenanceWindowOutput, error)
// Removes tag keys from the specified resource.
RemoveTagsFromResource(ctx context.Context, params *RemoveTagsFromResourceInput, optFns ...func(*Options)) (*RemoveTagsFromResourceOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of "false". This means the user can't use
// this feature unless they change the setting to "true" and intentionally opt in
// for a paid feature. Services map a SettingId object to a setting value. Amazon
// Web Services services teams define the default value for a SettingId. You can't
// create a new SettingId, but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting
// API operation to view the current value. Use the UpdateServiceSetting API
// operation to change the default setting. Reset the service setting for the
// account to the default value as provisioned by the Amazon Web Services service
// team.
ResetServiceSetting(ctx context.Context, params *ResetServiceSettingInput, optFns ...func(*Options)) (*ResetServiceSettingOutput, error)
// Reconnects a session to a managed node after it has been disconnected.
// Connections can be resumed for disconnected sessions, but not terminated
// sessions. This command is primarily for use by client machines to automatically
// reconnect during intermittent network issues. It isn't intended for any other
// use.
ResumeSession(ctx context.Context, params *ResumeSessionInput, optFns ...func(*Options)) (*ResumeSessionOutput, error)
// Sends a signal to an Automation execution to change the current behavior or
// status of the execution.
SendAutomationSignal(ctx context.Context, params *SendAutomationSignalInput, optFns ...func(*Options)) (*SendAutomationSignalOutput, error)
// Runs commands on one or more managed nodes.
SendCommand(ctx context.Context, params *SendCommandInput, optFns ...func(*Options)) (*SendCommandOutput, error)
// Runs an association immediately and only one time. This operation can be helpful
// when troubleshooting associations.
StartAssociationsOnce(ctx context.Context, params *StartAssociationsOnceInput, optFns ...func(*Options)) (*StartAssociationsOnceOutput, error)
// Initiates execution of an Automation runbook.
StartAutomationExecution(ctx context.Context, params *StartAutomationExecutionInput, optFns ...func(*Options)) (*StartAutomationExecutionOutput, error)
// Creates a change request for Change Manager. The Automation runbooks specified
// in the change request run only after all required approvals for the change
// request have been received.
StartChangeRequestExecution(ctx context.Context, params *StartChangeRequestExecutionInput, optFns ...func(*Options)) (*StartChangeRequestExecutionOutput, error)
// Initiates a connection to a target (for example, a managed node) for a Session
// Manager session. Returns a URL and token that can be used to open a WebSocket
// connection for sending input and receiving outputs. Amazon Web Services CLI
// usage: start-session is an interactive command that requires the Session Manager
// plugin to be installed on the client machine making the call. For information,
// see Install the Session Manager plugin for the Amazon Web Services CLI
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html)
// in the Amazon Web Services Systems Manager User Guide. Amazon Web Services Tools
// for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web
// Services Tools for PowerShell on Windows local machines.
StartSession(ctx context.Context, params *StartSessionInput, optFns ...func(*Options)) (*StartSessionOutput, error)
// Stop an Automation that is currently running.
StopAutomationExecution(ctx context.Context, params *StopAutomationExecutionInput, optFns ...func(*Options)) (*StopAutomationExecutionOutput, error)
// Permanently ends a session and closes the data connection between the Session
// Manager client and SSM Agent on the managed node. A terminated session can't be
// resumed.
TerminateSession(ctx context.Context, params *TerminateSessionInput, optFns ...func(*Options)) (*TerminateSessionOutput, error)
// Remove a label or labels from a parameter.
UnlabelParameterVersion(ctx context.Context, params *UnlabelParameterVersionInput, optFns ...func(*Options)) (*UnlabelParameterVersionOutput, error)
// Updates an association. You can update the association name and version, the
// document version, schedule, parameters, and Amazon Simple Storage Service
// (Amazon S3) output. When you call UpdateAssociation, the system removes all
// optional parameters from the request and overwrites the association with null
// values for those parameters. This is by design. You must specify all optional
// parameters in the call, even if you are not changing the parameters. This
// includes the Name parameter. Before calling this API action, we recommend that
// you call the DescribeAssociation API operation and make a note of all optional
// parameters required for your UpdateAssociation call. In order to call this API
// operation, your Identity and Access Management (IAM) user account, group, or
// role must be configured with permission to call the DescribeAssociation API
// operation. If you don't have permission to call DescribeAssociation, then you
// receive the following error: An error occurred (AccessDeniedException) when
// calling the UpdateAssociation operation: User: <user_arn> isn't authorized to
// perform: ssm:DescribeAssociation on resource: <resource_arn> When you update an
// association, the association immediately runs against the specified targets. You
// can add the ApplyOnlyAtCronInterval parameter to run the association during the
// next schedule run.
UpdateAssociation(ctx context.Context, params *UpdateAssociationInput, optFns ...func(*Options)) (*UpdateAssociationOutput, error)
// Updates the status of the Amazon Web Services Systems Manager document (SSM
// document) associated with the specified managed node. UpdateAssociationStatus is
// primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent) to
// report status updates about your associations and is only used for associations
// created with the InstanceId legacy parameter.
UpdateAssociationStatus(ctx context.Context, params *UpdateAssociationStatusInput, optFns ...func(*Options)) (*UpdateAssociationStatusOutput, error)
// Updates one or more values for an SSM document.
UpdateDocument(ctx context.Context, params *UpdateDocumentInput, optFns ...func(*Options)) (*UpdateDocumentOutput, error)
// Set the default version of a document. If you change a document version for a
// State Manager association, Systems Manager immediately runs the association
// unless you previously specifed the apply-only-at-cron-interval parameter.
UpdateDocumentDefaultVersion(ctx context.Context, params *UpdateDocumentDefaultVersionInput, optFns ...func(*Options)) (*UpdateDocumentDefaultVersionOutput, error)
// Updates information related to approval reviews for a specific version of a
// change template in Change Manager.
UpdateDocumentMetadata(ctx context.Context, params *UpdateDocumentMetadataInput, optFns ...func(*Options)) (*UpdateDocumentMetadataOutput, error)
// Updates an existing maintenance window. Only specified parameters are modified.
// The value you specify for Duration determines the specific end time for the
// maintenance window based on the time it begins. No maintenance window tasks are
// permitted to start after the resulting endtime minus the number of hours you
// specify for Cutoff. For example, if the maintenance window starts at 3 PM, the
// duration is three hours, and the value you specify for Cutoff is one hour, no
// maintenance window tasks can start after 5 PM.
UpdateMaintenanceWindow(ctx context.Context, params *UpdateMaintenanceWindowInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowOutput, error)
// Modifies the target of an existing maintenance window. You can change the
// following:
//
// * Name
//
// * Description
//
// * Owner
//
// * IDs for an ID target
//
// * Tags for a
// Tag target
//
// * From any supported tag type to another. The three supported tag
// types are ID target, Tag target, and resource group. For more information, see
// Target.
//
// If a parameter is null, then the corresponding field isn't modified.
UpdateMaintenanceWindowTarget(ctx context.Context, params *UpdateMaintenanceWindowTargetInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTargetOutput, error)
// Modifies a task assigned to a maintenance window. You can't change the task
// type, but you can change the following values:
//
// * TaskARN. For example, you can
// change a RUN_COMMAND task from AWS-RunPowerShellScript to AWS-RunShellScript.
//
// *
// ServiceRoleArn
//
// * TaskInvocationParameters
//
// * Priority
//
// * MaxConcurrency
//
// *
// MaxErrors
//
// One or more targets must be specified for maintenance window Run
// Command-type tasks. Depending on the task, targets are optional for other
// maintenance window task types (Automation, Lambda, and Step Functions). For more
// information about running tasks that don't specify targets, see Registering
// maintenance window tasks without targets
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html)
// in the Amazon Web Services Systems Manager User Guide. If the value for a
// parameter in UpdateMaintenanceWindowTask is null, then the corresponding field
// isn't modified. If you set Replace to true, then all fields required by the
// RegisterTaskWithMaintenanceWindow operation are required for this request.
// Optional fields that aren't specified are set to null. When you update a
// maintenance window task that has options specified in TaskInvocationParameters,
// you must provide again all the TaskInvocationParameters values that you want to
// retain. The values you don't specify again are removed. For example, suppose
// that when you registered a Run Command task, you specified
// TaskInvocationParameters values for Comment, NotificationConfig, and
// OutputS3BucketName. If you update the maintenance window task and specify only a
// different OutputS3BucketName value, the values for Comment and
// NotificationConfig are removed.
UpdateMaintenanceWindowTask(ctx context.Context, params *UpdateMaintenanceWindowTaskInput, optFns ...func(*Options)) (*UpdateMaintenanceWindowTaskOutput, error)
// Changes the Identity and Access Management (IAM) role that is assigned to the
// on-premises server, edge device, or virtual machines (VM). IAM roles are first
// assigned to these hybrid nodes during the activation process. For more
// information, see CreateActivation.
UpdateManagedInstanceRole(ctx context.Context, params *UpdateManagedInstanceRoleInput, optFns ...func(*Options)) (*UpdateManagedInstanceRoleOutput, error)
// Edit or change an OpsItem. You must have permission in Identity and Access
// Management (IAM) to update an OpsItem. For more information, see Getting started
// with OpsCenter
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html)
// in the Amazon Web Services Systems Manager User Guide. Operations engineers and
// IT professionals use Amazon Web Services Systems Manager OpsCenter to view,
// investigate, and remediate operational issues impacting the performance and
// health of their Amazon Web Services resources. For more information, see
// OpsCenter
// (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) in
// the Amazon Web Services Systems Manager User Guide.
UpdateOpsItem(ctx context.Context, params *UpdateOpsItemInput, optFns ...func(*Options)) (*UpdateOpsItemOutput, error)
// Amazon Web Services Systems Manager calls this API operation when you edit
// OpsMetadata in Application Manager.
UpdateOpsMetadata(ctx context.Context, params *UpdateOpsMetadataInput, optFns ...func(*Options)) (*UpdateOpsMetadataOutput, error)
// Modifies an existing patch baseline. Fields not specified in the request are
// left unchanged. For information about valid key-value pairs in PatchFilters for
// each supported operating system type, see PatchFilter.
UpdatePatchBaseline(ctx context.Context, params *UpdatePatchBaselineInput, optFns ...func(*Options)) (*UpdatePatchBaselineOutput, error)
// Update a resource data sync. After you create a resource data sync for a Region,
// you can't change the account options for that sync. For example, if you create a
// sync in the us-east-2 (Ohio) Region and you choose the Include only the current
// account option, you can't edit that sync later and choose the Include all
// accounts from my Organizations configuration option. Instead, you must delete
// the first resource data sync, and create a new one. This API operation only
// supports a resource data sync that was created with a SyncFromSource SyncType.
UpdateResourceDataSync(ctx context.Context, params *UpdateResourceDataSyncInput, optFns ...func(*Options)) (*UpdateResourceDataSyncOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of "false". This means the user can't use
// this feature unless they change the setting to "true" and intentionally opt in
// for a paid feature. Services map a SettingId object to a setting value. Amazon
// Web Services services teams define the default value for a SettingId. You can't
// create a new SettingId, but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting
// API operation to view the current value. Or, use the ResetServiceSetting to
// change the value back to the original value defined by the Amazon Web Services
// service team. Update the service setting for the account.
UpdateServiceSetting(ctx context.Context, params *UpdateServiceSettingInput, optFns ...func(*Options)) (*UpdateServiceSettingOutput, error)
}
SSM provides an interface to the AWS SSM service.
type STS ¶
type STS interface {
// Returns a set of temporary security credentials that you can use to access
// Amazon Web Services resources that you might not normally have access to. These
// temporary credentials consist of an access key ID, a secret access key, and a
// security token. Typically, you use AssumeRole within your account or for
// cross-account access. For a comparison of AssumeRole with other API operations
// that produce temporary credentials, see Requesting Temporary Security
// Credentials
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. Permissions The temporary security credentials created by
// AssumeRole can be used to make API calls to any Amazon Web Services service with
// the following exception: You cannot call the Amazon Web Services STS
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
// inline or managed session policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. When you create a role, you create two policies: A role
// trust policy that specifies who can assume the role and a permissions policy
// that specifies what can be done with the role. You specify the trusted principal
// who is allowed to assume the role in the role trust policy. To assume a role
// from a different account, your Amazon Web Services account must be trusted by
// the role. The trust relationship is defined in the role's trust policy when the
// role is created. That trust policy states which accounts are allowed to delegate
// that access to users in the account. A user who wants to access a role in a
// different account must also have permissions that are delegated from the user
// account administrator. The administrator must attach a policy that allows the
// user to call AssumeRole for the ARN of the role in the other account. To allow a
// user to assume a role in the same account, you can do either of the
// following:
//
// * Attach a policy to the user that allows the user to call
// AssumeRole (as long as the role's trust policy trusts the account).
//
// * Add the
// user as a principal directly in the role's trust policy.
//
// You can do either
// because the role’s trust policy acts as an IAM resource-based policy. When a
// resource-based policy grants access to a principal in the same account, no
// additional identity-based policy is required. For more information about trust
// policies and resource-based policies, see IAM Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the
// IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
// session. These tags are called session tags. For more information about session
// tags, see Passing Session Tags in STS
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
// IAM User Guide. An administrator must grant you the permissions necessary to
// pass session tags. The administrator can also create granular permissions to
// allow you to pass only specific session tags. For more information, see
// Tutorial: Using Tags for Attribute-Based Access Control
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles with
// Session Tags
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include
// multi-factor authentication (MFA) information when you call AssumeRole. This is
// useful for cross-account scenarios to ensure that the user that assumes the role
// has been authenticated with an Amazon Web Services MFA device. In that scenario,
// the trust policy of the role being assumed includes a condition that tests for
// MFA authentication. If the caller does not include valid MFA information, the
// request to assume the role is denied. The condition in a trust policy that tests
// for MFA authentication might look like the following example. "Condition":
// {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see
// Configuring MFA-Protected API Access
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) in the
// IAM User Guide guide. To use MFA with AssumeRole, you pass values for the
// SerialNumber and TokenCode parameters. The SerialNumber value identifies the
// user's hardware or virtual MFA device. The TokenCode is the time-based one-time
// password (TOTP) that the MFA device produces.
AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error)
// Returns a set of temporary security credentials for users who have been
// authenticated via a SAML authentication response. This operation provides a
// mechanism for tying an enterprise identity store or directory to role-based
// Amazon Web Services access without user-specific credentials or configuration.
// For a comparison of AssumeRoleWithSAML with the other API operations that
// produce temporary credentials, see Requesting Temporary Security Credentials
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. The temporary security credentials returned by this
// operation consist of an access key ID, a secret access key, and a security
// token. Applications can use these temporary security credentials to sign calls
// to Amazon Web Services services. Session Duration By default, the temporary
// security credentials created by AssumeRoleWithSAML last for one hour. However,
// you can use the optional DurationSeconds parameter to specify the duration of
// your session. Your role session lasts for the duration that you specify, or
// until the time specified in the SAML authentication response's
// SessionNotOnOrAfter value, whichever is shorter. You can provide a
// DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
// duration setting for the role. This setting can have a value from 1 hour to 12
// hours. To learn how to view the maximum value for your role, see View the
// Maximum Session Duration Setting for a Role
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. The maximum session duration limit applies when you use
// the AssumeRole* API operations or the assume-role* CLI commands. However the
// limit does not apply when you use those operations to create a console URL. For
// more information, see Using IAM Roles
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM
// User Guide. Role chaining
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
// limits your CLI or Amazon Web Services API role session to a maximum of one
// hour. When you use the AssumeRole API operation to assume a role, you can
// specify the duration of your role session with the DurationSeconds parameter.
// You can specify a parameter value of up to 43200 seconds (12 hours), depending
// on the maximum session duration setting for your role. However, if you assume a
// role using role chaining and provide a DurationSeconds parameter value greater
// than one hour, the operation fails. Permissions The temporary security
// credentials created by AssumeRoleWithSAML can be used to make API calls to any
// Amazon Web Services service with the following exception: you cannot call the
// STS GetFederationToken or GetSessionToken API operations. (Optional) You can
// pass inline or managed session policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
// Amazon Web Services security credentials. The identity of the caller is
// validated by using keys in the metadata document that is uploaded for the SAML
// provider entity for your identity provider. Calling AssumeRoleWithSAML can
// result in an entry in your CloudTrail logs. The entry includes the value in the
// NameID element of the SAML assertion. We recommend that you use a NameIDType
// that is not associated with any personally identifiable information (PII). For
// example, you could instead use the persistent identifier
// (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). Tags (Optional) You can
// configure your IdP to pass attributes into your SAML assertion as session tags.
// Each session tag consists of a key name and an associated value. For more
// information about session tags, see Passing Session Tags in STS
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag
// keys can’t exceed 128 characters and the values can’t exceed 256 characters. For
// these and additional limits, see IAM and STS Character Limits
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// session policies and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates by
// percentage how close the policies and tags for your request are to the upper
// size limit. You can pass a session tag with the same key as a tag that is
// attached to the role. When you do, session tags override the role's tags with
// the same key. An administrator must grant you the permissions necessary to pass
// session tags. The administrator can also create granular permissions to allow
// you to pass only specific session tags. For more information, see Tutorial:
// Using Tags for Attribute-Based Access Control
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles with
// Session Tags
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. SAML Configuration Before your application can call
// AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to
// issue the claims required by Amazon Web Services. Additionally, you must use
// Identity and Access Management (IAM) to create a SAML provider entity in your
// Amazon Web Services account that represents your identity provider. You must
// also create an IAM role that specifies this SAML provider in its trust policy.
// For more information, see the following resources:
//
// * About SAML 2.0-based
// Federation
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
// in the IAM User Guide.
//
// * Creating SAML Identity Providers
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
// in the IAM User Guide.
//
// * Configuring a Relying Party and Claims
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
// in the IAM User Guide.
//
// * Creating a Role for SAML 2.0 Federation
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
// in the IAM User Guide.
AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error)
// Returns a set of temporary security credentials for users who have been
// authenticated in a mobile or web application with a web identity provider.
// Example providers include the OAuth 2.0 providers Login with Amazon and
// Facebook, or any OpenID Connect-compatible identity provider such as Google or
// Amazon Cognito federated identities
// (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html).
// For mobile applications, we recommend that you use Amazon Cognito. You can use
// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide
// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android
// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify a
// user. You can also supply the user with a consistent identity throughout the
// lifetime of an application. To learn more about Amazon Cognito, see Amazon
// Cognito Overview
// (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito
// Overview
// (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
// in the Amazon Web Services SDK for iOS Developer Guide. Calling
// AssumeRoleWithWebIdentity does not require the use of Amazon Web Services
// security credentials. Therefore, you can distribute an application (for example,
// on mobile devices) that requests temporary security credentials without
// including long-term Amazon Web Services credentials in the application. You also
// don't need to deploy server-based proxy services that use long-term Amazon Web
// Services credentials. Instead, the identity of the caller is validated by using
// a token from the web identity provider. For a comparison of
// AssumeRoleWithWebIdentity with the other API operations that produce temporary
// credentials, see Requesting Temporary Security Credentials
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. The temporary security credentials returned by this API
// consist of an access key ID, a secret access key, and a security token.
// Applications can use these temporary security credentials to sign calls to
// Amazon Web Services service API operations. Session Duration By default, the
// temporary security credentials created by AssumeRoleWithWebIdentity last for one
// hour. However, you can use the optional DurationSeconds parameter to specify the
// duration of your session. You can provide a value from 900 seconds (15 minutes)
// up to the maximum session duration setting for the role. This setting can have a
// value from 1 hour to 12 hours. To learn how to view the maximum value for your
// role, see View the Maximum Session Duration Setting for a Role
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. The maximum session duration limit applies when you use
// the AssumeRole* API operations or the assume-role* CLI commands. However the
// limit does not apply when you use those operations to create a console URL. For
// more information, see Using IAM Roles
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM
// User Guide. Permissions The temporary security credentials created by
// AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web
// Services service with the following exception: you cannot call the STS
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
// inline or managed session policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
// attributes into your web identity token as session tags. Each session tag
// consists of a key name and an associated value. For more information about
// session tags, see Passing Session Tags in STS
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag
// keys can’t exceed 128 characters and the values can’t exceed 256 characters. For
// these and additional limits, see IAM and STS Character Limits
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// session policies and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates by
// percentage how close the policies and tags for your request are to the upper
// size limit. You can pass a session tag with the same key as a tag that is
// attached to the role. When you do, the session tag overrides the role tag with
// the same key. An administrator must grant you the permissions necessary to pass
// session tags. The administrator can also create granular permissions to allow
// you to pass only specific session tags. For more information, see Tutorial:
// Using Tags for Attribute-Based Access Control
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles with
// Session Tags
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. Identities Before your application can call
// AssumeRoleWithWebIdentity, you must have an identity token from a supported
// identity provider and create a role that the application can assume. The role
// that your application assumes must trust the identity provider that is
// associated with the identity token. In other words, the identity provider must
// be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can
// result in an entry in your CloudTrail logs. The entry includes the Subject
// (http://openid.net/specs/openid-connect-core-1_0.html#Claims) of the provided
// web identity token. We recommend that you avoid using any personally
// identifiable information (PII) in this field. For example, you could instead use
// a GUID or a pairwise identifier, as suggested in the OIDC specification
// (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes). For more
// information about how to use web identity federation and the
// AssumeRoleWithWebIdentity API, see the following resources:
//
// * Using Web
// Identity Federation API Operations for Mobile Apps
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
// and Federation Through a Web-based Identity Provider
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
//
// *
// Web Identity Federation Playground
// (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
// Walk through the process of authenticating through Login with Amazon, Facebook,
// or Google, getting temporary security credentials, and then using those
// credentials to make a request to Amazon Web Services.
//
// * Amazon Web Services SDK
// for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and Amazon Web
// Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
// These toolkits contain sample apps that show how to invoke the identity
// providers. The toolkits then show how to use the information from these
// providers to get and use temporary security credentials.
//
// * Web Identity
// Federation with Mobile Applications
// (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
// This article discusses web identity federation and shows an example of how to
// use web identity federation to get access to content in Amazon S3.
AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error)
// Decodes additional information about the authorization status of a request from
// an encoded message returned in response to an Amazon Web Services request. For
// example, if a user is not authorized to perform an operation that he or she has
// requested, the request returns a Client.UnauthorizedOperation response (an HTTP
// 403 response). Some Amazon Web Services operations additionally return an
// encoded message that can provide details about this authorization failure. Only
// certain Amazon Web Services operations return an encoded authorization message.
// The documentation for an individual operation indicates whether that operation
// returns an encoded message in addition to returning an HTTP code. The message is
// encoded because the details of the authorization status can contain privileged
// information that the user who requested the operation should not see. To decode
// an authorization status message, a user must be granted permissions through an
// IAM policy
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) to
// request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.
// The decoded message includes the following type of information:
//
// * Whether the
// request was denied due to an explicit deny or due to the absence of an explicit
// allow. For more information, see Determining Whether a Request is Allowed or
// Denied
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
// in the IAM User Guide.
//
// * The principal who made the request.
//
// * The requested
// action.
//
// * The requested resource.
//
// * The values of condition keys in the
// context of the user's request.
DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error)
// Returns the account identifier for the specified access key ID. Access keys
// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a
// secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For
// more information about access keys, see Managing Access Keys for IAM Users
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
// in the IAM User Guide. When you pass an access key ID to this operation, it
// returns the ID of the Amazon Web Services account to which the keys belong.
// Access key IDs beginning with AKIA are long-term credentials for an IAM user or
// the Amazon Web Services account root user. Access key IDs beginning with ASIA
// are temporary credentials that are created using STS operations. If the account
// in the response belongs to you, you can sign in as the root user and review your
// root user access keys. Then, you can pull a credentials report
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
// to learn which IAM user owns the keys. To learn who requested the temporary
// credentials for an ASIA access key, view the STS events in your CloudTrail logs
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
// in the IAM User Guide. This operation does not indicate the state of the access
// key. The key might be active, inactive, or deleted. Active keys might not have
// permissions to perform an operation. Providing a deleted access key might return
// an error that the key doesn't exist.
GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoInput, optFns ...func(*Options)) (*GetAccessKeyInfoOutput, error)
// Returns details about the IAM user or role whose credentials are used to call
// the operation. No permissions are required to perform this operation. If an
// administrator adds a policy to your IAM user or role that explicitly denies
// access to the sts:GetCallerIdentity action, you can still perform this
// operation. Permissions are not required because the same information is returned
// when an IAM user or role is denied access. To view an example response, see I Am
// Not Authorized to Perform: iam:DeleteVirtualMFADevice
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
// in the IAM User Guide.
GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error)
// Returns a set of temporary security credentials (consisting of an access key ID,
// a secret access key, and a security token) for a federated user. A typical use
// is in a proxy application that gets temporary security credentials on behalf of
// distributed applications inside a corporate network. You must call the
// GetFederationToken operation using the long-term security credentials of an IAM
// user. As a result, this call is appropriate in contexts where those credentials
// can be safely stored, usually in a server-based application. For a comparison of
// GetFederationToken with the other API operations that produce temporary
// credentials, see Requesting Temporary Security Credentials
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. You can create a mobile-based or browser-based app that
// can authenticate users using a web identity provider like Login with Amazon,
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
// or AssumeRoleWithWebIdentity. For more information, see Federation Through a
// Web-based Identity Provider
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
// in the IAM User Guide. You can also call GetFederationToken using the security
// credentials of an Amazon Web Services account root user, but we do not recommend
// it. Instead, we recommend that you create an IAM user for the purpose of the
// proxy application. Then attach a policy to the IAM user that limits federated
// users to only the actions and resources that they need to access. For more
// information, see IAM Best Practices
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) in the
// IAM User Guide. Session duration The temporary credentials are valid for the
// specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
// seconds (36 hours). The default session duration is 43,200 seconds (12 hours).
// Temporary credentials obtained by using the Amazon Web Services account root
// user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions
// You can use the temporary credentials created by GetFederationToken in any
// Amazon Web Services service except the following:
//
// * You cannot call any IAM
// operations using the CLI or the Amazon Web Services API.
//
// * You cannot call any
// STS operations except GetCallerIdentity.
//
// You must pass an inline or managed
// session policy
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. Though the session policy
// parameters are optional, if you do not pass a policy, then the resulting
// federated user session has no permissions. When you pass session policies, the
// session permissions are the intersection of the IAM user policies and the
// session policies that you pass. This gives you a way to further restrict the
// permissions for a federated user. You cannot use session policies to grant more
// permissions than those that are defined in the permissions policy of the IAM
// user. For more information, see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. For information about using GetFederationToken to create
// temporary security credentials, see GetFederationToken—Federation Through a
// Custom Identity Broker
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
// You can use the credentials to access a resource that has a resource-based
// policy. If that policy specifically references the federated user session in the
// Principal element of the policy, the session has the permissions allowed by the
// policy. These permissions are granted in addition to the permissions granted by
// the session policies. Tags (Optional) You can pass tag key-value pairs to your
// session. These are called session tags. For more information about session tags,
// see Passing Session Tags in STS
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
// IAM User Guide. You can create a mobile-based or browser-based app that can
// authenticate users using a web identity provider like Login with Amazon,
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
// or AssumeRoleWithWebIdentity. For more information, see Federation Through a
// Web-based Identity Provider
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
// in the IAM User Guide. An administrator must grant you the permissions necessary
// to pass session tags. The administrator can also create granular permissions to
// allow you to pass only specific session tags. For more information, see
// Tutorial: Using Tags for Attribute-Based Access Control
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is
// preserved. This means that you cannot have separate Department and department
// tag keys. Assume that the user that you are federating has the
// Department=Marketing tag and you pass the department=engineering session tag.
// Department and department are not saved as separate tags, and the session tag
// passed in the request takes precedence over the user tag.
GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error)
// Returns a set of temporary credentials for an Amazon Web Services account or IAM
// user. The credentials consist of an access key ID, a secret access key, and a
// security token. Typically, you use GetSessionToken if you want to use MFA to
// protect programmatic calls to specific Amazon Web Services API operations like
// Amazon EC2 StopInstances. MFA-enabled IAM users would need to call
// GetSessionToken and submit an MFA code that is associated with their MFA device.
// Using the temporary security credentials that are returned from the call, IAM
// users can then make programmatic calls to API operations that require MFA
// authentication. If you do not supply a correct MFA code, then the API returns an
// access denied error. For a comparison of GetSessionToken with the other API
// operations that produce temporary credentials, see Requesting Temporary Security
// Credentials
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. Session Duration The GetSessionToken operation must be
// called by using the long-term Amazon Web Services security credentials of the
// Amazon Web Services account root user or an IAM user. Credentials that are
// created by IAM users are valid for the duration that you specify. This duration
// can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
// hours), with a default of 43,200 seconds (12 hours). Credentials based on
// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
// (1 hour), with a default of 1 hour. Permissions The temporary security
// credentials created by GetSessionToken can be used to make API calls to any
// Amazon Web Services service with the following exceptions:
//
// * You cannot call
// any IAM API operations unless MFA authentication information is included in the
// request.
//
// * You cannot call any STS API except AssumeRole or
// GetCallerIdentity.
//
// We recommend that you do not call GetSessionToken with
// Amazon Web Services account root user credentials. Instead, follow our best
// practices
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
// by creating one or more IAM users, giving them the necessary permissions, and
// using IAM users for everyday interaction with Amazon Web Services. The
// credentials that are returned by GetSessionToken are based on permissions
// associated with the user whose credentials were used to call the operation. If
// GetSessionToken is called using Amazon Web Services account root user
// credentials, the temporary credentials have root user permissions. Similarly, if
// GetSessionToken is called using the credentials of an IAM user, the temporary
// credentials have the same permissions as the IAM user. For more information
// about using GetSessionToken to create temporary credentials, go to Temporary
// Credentials for Users in Untrusted Environments
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
// in the IAM User Guide.
GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error)
}
STS provides an interface to the AWS STS service.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.