Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ASG ¶ added in v0.92.0
type ASG interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() autoscaling.Options
// Attaches one or more EC2 instances to the specified Auto Scaling group.
//
// When you attach instances, Amazon EC2 Auto Scaling increases the desired
// capacity of the group by the number of instances being attached. If the number
// of instances being attached plus the desired capacity of the group exceeds the
// maximum size of the group, the operation fails.
//
// If there is a Classic Load Balancer attached to your Auto Scaling group, the
// instances are also registered with the load balancer. If there are target groups
// attached to your Auto Scaling group, the instances are also registered with the
// target groups.
//
// For more information, see [Detach or attach instances] in the Amazon EC2 Auto Scaling User Guide.
//
// [Detach or attach instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-detach-attach-instances.html
AttachInstances(ctx context.Context, params *autoscaling.AttachInstancesInput, optFns ...func(*Options)) (*autoscaling.AttachInstancesOutput, error)
// This API operation is superseded by [AttachTrafficSources], which can attach multiple traffic sources
// types. We recommend using AttachTrafficSources to simplify how you manage
// traffic sources. However, we continue to support AttachLoadBalancerTargetGroups
// . You can use both the original AttachLoadBalancerTargetGroups API operation
// and AttachTrafficSources on the same Auto Scaling group.
//
// Attaches one or more target groups to the specified Auto Scaling group.
//
// This operation is used with the following load balancer types:
//
// - Application Load Balancer - Operates at the application layer (layer 7) and
// supports HTTP and HTTPS.
//
// - Network Load Balancer - Operates at the transport layer (layer 4) and
// supports TCP, TLS, and UDP.
//
// - Gateway Load Balancer - Operates at the network layer (layer 3).
//
// To describe the target groups for an Auto Scaling group, call the [DescribeLoadBalancerTargetGroups] API. To
// detach the target group from the Auto Scaling group, call the [DetachLoadBalancerTargetGroups]API.
//
// This operation is additive and does not detach existing target groups or
// Classic Load Balancers from the Auto Scaling group.
//
// For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [DescribeLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancerTargetGroups.html
// [DetachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachLoadBalancerTargetGroups.html
// [AttachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
AttachLoadBalancerTargetGroups(ctx context.Context, params *autoscaling.AttachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*autoscaling.AttachLoadBalancerTargetGroupsOutput, error)
// This API operation is superseded by [https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html], which can attach multiple traffic sources
// types. We recommend using AttachTrafficSources to simplify how you manage
// traffic sources. However, we continue to support AttachLoadBalancers . You can
// use both the original AttachLoadBalancers API operation and AttachTrafficSources
// on the same Auto Scaling group.
//
// Attaches one or more Classic Load Balancers to the specified Auto Scaling
// group. Amazon EC2 Auto Scaling registers the running instances with these
// Classic Load Balancers.
//
// To describe the load balancers for an Auto Scaling group, call the [DescribeLoadBalancers] API. To
// detach a load balancer from the Auto Scaling group, call the [DetachLoadBalancers]API.
//
// This operation is additive and does not detach existing Classic Load Balancers
// or target groups from the Auto Scaling group.
//
// For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [DetachLoadBalancers]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachLoadBalancers.html
// [DescribeLoadBalancers]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancers.html
// [https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
AttachLoadBalancers(ctx context.Context, params *autoscaling.AttachLoadBalancersInput, optFns ...func(*Options)) (*autoscaling.AttachLoadBalancersOutput, error)
// Attaches one or more traffic sources to the specified Auto Scaling group.
//
// You can use any of the following as traffic sources for an Auto Scaling group:
//
// - Application Load Balancer
//
// - Classic Load Balancer
//
// - Gateway Load Balancer
//
// - Network Load Balancer
//
// - VPC Lattice
//
// This operation is additive and does not detach existing traffic sources from
// the Auto Scaling group.
//
// After the operation completes, use the [DescribeTrafficSources] API to return details about the state
// of the attachments between traffic sources and your Auto Scaling group. To
// detach a traffic source from the Auto Scaling group, call the [DetachTrafficSources]API.
//
// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
// [DetachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachTrafficSources.html
AttachTrafficSources(ctx context.Context, params *autoscaling.AttachTrafficSourcesInput, optFns ...func(*Options)) (*autoscaling.AttachTrafficSourcesOutput, error)
// Deletes one or more scheduled actions for the specified Auto Scaling group.
BatchDeleteScheduledAction(ctx context.Context, params *autoscaling.BatchDeleteScheduledActionInput, optFns ...func(*Options)) (*autoscaling.BatchDeleteScheduledActionOutput, error)
// Creates or updates one or more scheduled scaling actions for an Auto Scaling
// group.
BatchPutScheduledUpdateGroupAction(ctx context.Context, params *autoscaling.BatchPutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*autoscaling.BatchPutScheduledUpdateGroupActionOutput, error)
// Cancels an instance refresh or rollback that is in progress. If an instance
// refresh or rollback is not in progress, an ActiveInstanceRefreshNotFound error
// occurs.
//
// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
// update instances in your Auto Scaling group after you make configuration
// changes.
//
// When you cancel an instance refresh, this does not roll back any changes that
// it made. Use the [RollbackInstanceRefresh]API to roll back instead.
//
// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
// [RollbackInstanceRefresh]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_RollbackInstanceRefresh.html
CancelInstanceRefresh(ctx context.Context, params *autoscaling.CancelInstanceRefreshInput, optFns ...func(*Options)) (*autoscaling.CancelInstanceRefreshOutput, error)
// Completes the lifecycle action for the specified token or instance with the
// specified result.
//
// This step is a part of the procedure for adding a lifecycle hook to an Auto
// Scaling group:
//
// - (Optional) Create a launch template or launch configuration with a user
// data script that runs while an instance is in a wait state due to a lifecycle
// hook.
//
// - (Optional) Create a Lambda function and a rule that allows Amazon
// EventBridge to invoke your Lambda function when an instance is put into a wait
// state due to a lifecycle hook.
//
// - (Optional) Create a notification target and an IAM role. The target can be
// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
// Auto Scaling to publish lifecycle notifications to the target.
//
// - Create the lifecycle hook. Specify whether the hook is used when the
// instances launch or terminate.
//
// - If you need more time, record the lifecycle action heartbeat to keep the
// instance in a wait state.
//
// - If you finish before the timeout period ends, send a callback by using the [CompleteLifecycleAction]
// API call.
//
// For more information, see [Complete a lifecycle action] in the Amazon EC2 Auto Scaling User Guide.
//
// [CompleteLifecycleAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CompleteLifecycleAction.html
// [Complete a lifecycle action]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/completing-lifecycle-hooks.html
CompleteLifecycleAction(ctx context.Context, params *autoscaling.CompleteLifecycleActionInput, optFns ...func(*Options)) (*autoscaling.CompleteLifecycleActionOutput, error)
// We strongly recommend using a launch template when calling this operation to
//
// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2.
//
// Creates an Auto Scaling group with the specified name and attributes.
//
// If you exceed your maximum limit of Auto Scaling groups, the call fails. To
// query this limit, call the [DescribeAccountLimits]API. For information about updating this limit, see [Quotas for Amazon EC2 Auto Scaling]
// in the Amazon EC2 Auto Scaling User Guide.
//
// If you're new to Amazon EC2 Auto Scaling, see the introductory tutorials in [Get started with Amazon EC2 Auto Scaling] in
// the Amazon EC2 Auto Scaling User Guide.
//
// Every Auto Scaling group has three size properties ( DesiredCapacity , MaxSize ,
// and MinSize ). Usually, you set these sizes based on a specific number of
// instances. However, if you configure a mixed instances policy that defines
// weights for the instance types, you must specify these sizes with the same units
// that you use for weighting instances.
//
// [DescribeAccountLimits]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAccountLimits.html
// [Get started with Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/get-started-with-ec2-auto-scaling.html
// [Quotas for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html
CreateAutoScalingGroup(ctx context.Context, params *autoscaling.CreateAutoScalingGroupInput, optFns ...func(*Options)) (*autoscaling.CreateAutoScalingGroupOutput, error)
// Creates a launch configuration.
//
// If you exceed your maximum limit of launch configurations, the call fails. To
// query this limit, call the [DescribeAccountLimits]API. For information about updating this limit, see [Quotas for Amazon EC2 Auto Scaling]
// in the Amazon EC2 Auto Scaling User Guide.
//
// For more information, see [Launch configurations] in the Amazon EC2 Auto Scaling User Guide.
//
// Amazon EC2 Auto Scaling configures instances launched as part of an Auto
// Scaling group using either a launch template or a launch configuration. We
// strongly recommend that you do not use launch configurations. They do not
// provide full functionality for Amazon EC2 Auto Scaling or Amazon EC2. For
// information about using launch templates, see [Launch templates]in the Amazon EC2 Auto Scaling
// User Guide.
//
// [DescribeAccountLimits]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAccountLimits.html
// [Quotas for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html
// [Launch configurations]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html
// [Launch templates]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-templates.html
CreateLaunchConfiguration(ctx context.Context, params *autoscaling.CreateLaunchConfigurationInput, optFns ...func(*Options)) (*autoscaling.CreateLaunchConfigurationOutput, error)
// Creates or updates tags for the specified Auto Scaling group.
//
// When you specify a tag with a key that already exists, the operation overwrites
// the previous tag definition, and you do not get an error message.
//
// For more information, see [Tag Auto Scaling groups and instances] in the Amazon EC2 Auto Scaling User Guide.
//
// [Tag Auto Scaling groups and instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html
CreateOrUpdateTags(ctx context.Context, params *autoscaling.CreateOrUpdateTagsInput, optFns ...func(*Options)) (*autoscaling.CreateOrUpdateTagsOutput, error)
// Deletes the specified Auto Scaling group.
//
// If the group has instances or scaling activities in progress, you must specify
// the option to force the deletion in order for it to succeed. The force delete
// operation will also terminate the EC2 instances. If the group has a warm pool,
// the force delete option also deletes the warm pool.
//
// To remove instances from the Auto Scaling group before deleting it, call the [DetachInstances]
// API with the list of instances and the option to decrement the desired capacity.
// This ensures that Amazon EC2 Auto Scaling does not launch replacement instances.
//
// To terminate all instances before deleting the Auto Scaling group, call the [UpdateAutoScalingGroup]
// API and set the minimum size and desired capacity of the Auto Scaling group to
// zero.
//
// If the group has scaling policies, deleting the group deletes the policies, the
// underlying alarm actions, and any alarm that no longer has an associated action.
//
// For more information, see [Delete your Auto Scaling infrastructure] in the Amazon EC2 Auto Scaling User Guide.
//
// [Delete your Auto Scaling infrastructure]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-process-shutdown.html
// [DetachInstances]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachInstances.html
// [UpdateAutoScalingGroup]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_UpdateAutoScalingGroup.html
DeleteAutoScalingGroup(ctx context.Context, params *autoscaling.DeleteAutoScalingGroupInput, optFns ...func(*Options)) (*autoscaling.DeleteAutoScalingGroupOutput, error)
// Deletes the specified launch configuration.
//
// The launch configuration must not be attached to an Auto Scaling group. When
// this call completes, the launch configuration is no longer available for use.
DeleteLaunchConfiguration(ctx context.Context, params *autoscaling.DeleteLaunchConfigurationInput, optFns ...func(*Options)) (*autoscaling.DeleteLaunchConfigurationOutput, error)
// Deletes the specified lifecycle hook.
//
// If there are any outstanding lifecycle actions, they are completed first (
// ABANDON for launching instances, CONTINUE for terminating instances).
DeleteLifecycleHook(ctx context.Context, params *autoscaling.DeleteLifecycleHookInput, optFns ...func(*Options)) (*autoscaling.DeleteLifecycleHookOutput, error)
// Deletes the specified notification.
DeleteNotificationConfiguration(ctx context.Context, params *autoscaling.DeleteNotificationConfigurationInput, optFns ...func(*Options)) (*autoscaling.DeleteNotificationConfigurationOutput, error)
// Deletes the specified scaling policy.
//
// Deleting either a step scaling policy or a simple scaling policy deletes the
// underlying alarm action, but does not delete the alarm, even if it no longer has
// an associated action.
//
// For more information, see [Delete a scaling policy] in the Amazon EC2 Auto Scaling User Guide.
//
// [Delete a scaling policy]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/deleting-scaling-policy.html
DeletePolicy(ctx context.Context, params *autoscaling.DeletePolicyInput, optFns ...func(*Options)) (*autoscaling.DeletePolicyOutput, error)
// Deletes the specified scheduled action.
DeleteScheduledAction(ctx context.Context, params *autoscaling.DeleteScheduledActionInput, optFns ...func(*Options)) (*autoscaling.DeleteScheduledActionOutput, error)
// Deletes the specified tags.
DeleteTags(ctx context.Context, params *autoscaling.DeleteTagsInput, optFns ...func(*Options)) (*autoscaling.DeleteTagsOutput, error)
// Deletes the warm pool for the specified Auto Scaling group.
//
// For more information, see [Warm pools for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Warm pools for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html
DeleteWarmPool(ctx context.Context, params *autoscaling.DeleteWarmPoolInput, optFns ...func(*Options)) (*autoscaling.DeleteWarmPoolOutput, error)
// Describes the current Amazon EC2 Auto Scaling resource quotas for your account.
//
// When you establish an Amazon Web Services account, the account has initial
// quotas on the maximum number of Auto Scaling groups and launch configurations
// that you can create in a given Region. For more information, see [Quotas for Amazon EC2 Auto Scaling]in the Amazon
// EC2 Auto Scaling User Guide.
//
// [Quotas for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-quotas.html
DescribeAccountLimits(ctx context.Context, params *autoscaling.DescribeAccountLimitsInput, optFns ...func(*Options)) (*autoscaling.DescribeAccountLimitsOutput, error)
// Describes the available adjustment types for step scaling and simple scaling
// policies.
//
// The following adjustment types are supported:
//
// - ChangeInCapacity
//
// - ExactCapacity
//
// - PercentChangeInCapacity
DescribeAdjustmentTypes(ctx context.Context, params *autoscaling.DescribeAdjustmentTypesInput, optFns ...func(*Options)) (*autoscaling.DescribeAdjustmentTypesOutput, error)
// Gets information about the Auto Scaling groups in the account and Region.
//
// If you specify Auto Scaling group names, the output includes information for
// only the specified Auto Scaling groups. If you specify filters, the output
// includes information for only those Auto Scaling groups that meet the filter
// criteria. If you do not specify group names or filters, the output includes
// information for all Auto Scaling groups.
//
// This operation also returns information about instances in Auto Scaling groups.
// To retrieve information about the instances in a warm pool, you must call the [DescribeWarmPool]
// API.
//
// [DescribeWarmPool]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeWarmPool.html
DescribeAutoScalingGroups(ctx context.Context, params *autoscaling.DescribeAutoScalingGroupsInput, optFns ...func(*Options)) (*autoscaling.DescribeAutoScalingGroupsOutput, error)
// Gets information about the Auto Scaling instances in the account and Region.
DescribeAutoScalingInstances(ctx context.Context, params *autoscaling.DescribeAutoScalingInstancesInput, optFns ...func(*Options)) (*autoscaling.DescribeAutoScalingInstancesOutput, error)
// Describes the notification types that are supported by Amazon EC2 Auto Scaling.
DescribeAutoScalingNotificationTypes(ctx context.Context, params *autoscaling.DescribeAutoScalingNotificationTypesInput, optFns ...func(*Options)) (*autoscaling.DescribeAutoScalingNotificationTypesOutput, error)
// Gets information about the instance refreshes for the specified Auto Scaling
// group from the previous six weeks.
//
// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
// update instances in your Auto Scaling group after you make configuration
// changes.
//
// To help you determine the status of an instance refresh, Amazon EC2 Auto
// Scaling returns information about the instance refreshes you previously
// initiated, including their status, start time, end time, the percentage of the
// instance refresh that is complete, and the number of instances remaining to
// update before the instance refresh is complete. If a rollback is initiated while
// an instance refresh is in progress, Amazon EC2 Auto Scaling also returns
// information about the rollback of the instance refresh.
//
// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
DescribeInstanceRefreshes(ctx context.Context, params *autoscaling.DescribeInstanceRefreshesInput, optFns ...func(*Options)) (*autoscaling.DescribeInstanceRefreshesOutput, error)
// Gets information about the launch configurations in the account and Region.
DescribeLaunchConfigurations(ctx context.Context, params *autoscaling.DescribeLaunchConfigurationsInput, optFns ...func(*Options)) (*autoscaling.DescribeLaunchConfigurationsOutput, error)
// Describes the available types of lifecycle hooks.
//
// The following hook types are supported:
//
// - autoscaling:EC2_INSTANCE_LAUNCHING
//
// - autoscaling:EC2_INSTANCE_TERMINATING
DescribeLifecycleHookTypes(ctx context.Context, params *autoscaling.DescribeLifecycleHookTypesInput, optFns ...func(*Options)) (*autoscaling.DescribeLifecycleHookTypesOutput, error)
// Gets information about the lifecycle hooks for the specified Auto Scaling group.
DescribeLifecycleHooks(ctx context.Context, params *autoscaling.DescribeLifecycleHooksInput, optFns ...func(*Options)) (*autoscaling.DescribeLifecycleHooksOutput, error)
// This API operation is superseded by [DescribeTrafficSources], which can describe multiple traffic
// sources types. We recommend using DetachTrafficSources to simplify how you
// manage traffic sources. However, we continue to support
// DescribeLoadBalancerTargetGroups . You can use both the original
// DescribeLoadBalancerTargetGroups API operation and DescribeTrafficSources on
// the same Auto Scaling group.
//
// Gets information about the Elastic Load Balancing target groups for the
// specified Auto Scaling group.
//
// To determine the attachment status of the target group, use the State element
// in the response. When you attach a target group to an Auto Scaling group, the
// initial State value is Adding . The state transitions to Added after all Auto
// Scaling instances are registered with the target group. If Elastic Load
// Balancing health checks are enabled for the Auto Scaling group, the state
// transitions to InService after at least one Auto Scaling instance passes the
// health check. When the target group is in the InService state, Amazon EC2 Auto
// Scaling can terminate and replace any instances that are reported as unhealthy.
// If no registered instances pass the health checks, the target group doesn't
// enter the InService state.
//
// Target groups also have an InService state if you attach them in the [CreateAutoScalingGroup] API call.
// If your target group state is InService , but it is not working properly, check
// the scaling activities by calling [DescribeScalingActivities]and take any corrective actions necessary.
//
// For help with failed health checks, see [Troubleshooting Amazon EC2 Auto Scaling: Health checks] in the Amazon EC2 Auto Scaling User
// Guide. For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]in the Amazon EC2 Auto Scaling User Guide.
//
// You can use this operation to describe target groups that were attached by
// using [AttachLoadBalancerTargetGroups], but not for target groups that were attached by using [AttachTrafficSources].
//
// [Troubleshooting Amazon EC2 Auto Scaling: Health checks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html
// [AttachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachLoadBalancerTargetGroups.html
// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
// [CreateAutoScalingGroup]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CreateAutoScalingGroup.html
// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
// [AttachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
DescribeLoadBalancerTargetGroups(ctx context.Context, params *autoscaling.DescribeLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*autoscaling.DescribeLoadBalancerTargetGroupsOutput, error)
// This API operation is superseded by [DescribeTrafficSources], which can describe multiple traffic
// sources types. We recommend using DescribeTrafficSources to simplify how you
// manage traffic sources. However, we continue to support DescribeLoadBalancers .
// You can use both the original DescribeLoadBalancers API operation and
// DescribeTrafficSources on the same Auto Scaling group.
//
// Gets information about the load balancers for the specified Auto Scaling group.
//
// This operation describes only Classic Load Balancers. If you have Application
// Load Balancers, Network Load Balancers, or Gateway Load Balancers, use the [DescribeLoadBalancerTargetGroups]API
// instead.
//
// To determine the attachment status of the load balancer, use the State element
// in the response. When you attach a load balancer to an Auto Scaling group, the
// initial State value is Adding . The state transitions to Added after all Auto
// Scaling instances are registered with the load balancer. If Elastic Load
// Balancing health checks are enabled for the Auto Scaling group, the state
// transitions to InService after at least one Auto Scaling instance passes the
// health check. When the load balancer is in the InService state, Amazon EC2 Auto
// Scaling can terminate and replace any instances that are reported as unhealthy.
// If no registered instances pass the health checks, the load balancer doesn't
// enter the InService state.
//
// Load balancers also have an InService state if you attach them in the [CreateAutoScalingGroup] API
// call. If your load balancer state is InService , but it is not working properly,
// check the scaling activities by calling [DescribeScalingActivities]and take any corrective actions
// necessary.
//
// For help with failed health checks, see [Troubleshooting Amazon EC2 Auto Scaling: Health checks] in the Amazon EC2 Auto Scaling User
// Guide. For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]in the Amazon EC2 Auto Scaling User Guide.
//
// [Troubleshooting Amazon EC2 Auto Scaling: Health checks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html
// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
// [DescribeLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancerTargetGroups.html
// [CreateAutoScalingGroup]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CreateAutoScalingGroup.html
// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
// [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html
DescribeLoadBalancers(ctx context.Context, params *autoscaling.DescribeLoadBalancersInput, optFns ...func(*Options)) (*autoscaling.DescribeLoadBalancersOutput, error)
// Describes the available CloudWatch metrics for Amazon EC2 Auto Scaling.
DescribeMetricCollectionTypes(ctx context.Context, params *autoscaling.DescribeMetricCollectionTypesInput, optFns ...func(*Options)) (*autoscaling.DescribeMetricCollectionTypesOutput, error)
// Gets information about the Amazon SNS notifications that are configured for one
// or more Auto Scaling groups.
DescribeNotificationConfigurations(ctx context.Context, params *autoscaling.DescribeNotificationConfigurationsInput, optFns ...func(*Options)) (*autoscaling.DescribeNotificationConfigurationsOutput, error)
// Gets information about the scaling policies in the account and Region.
DescribePolicies(ctx context.Context, params *autoscaling.DescribePoliciesInput, optFns ...func(*Options)) (*autoscaling.DescribePoliciesOutput, error)
// Gets information about the scaling activities in the account and Region.
//
// When scaling events occur, you see a record of the scaling activity in the
// scaling activities. For more information, see [Verify a scaling activity for an Auto Scaling group]in the Amazon EC2 Auto Scaling
// User Guide.
//
// If the scaling event succeeds, the value of the StatusCode element in the
// response is Successful . If an attempt to launch instances failed, the
// StatusCode value is Failed or Cancelled and the StatusMessage element in the
// response indicates the cause of the failure. For help interpreting the
// StatusMessage , see [Troubleshooting Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Troubleshooting Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/CHAP_Troubleshooting.html
// [Verify a scaling activity for an Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html
DescribeScalingActivities(ctx context.Context, params *autoscaling.DescribeScalingActivitiesInput, optFns ...func(*Options)) (*autoscaling.DescribeScalingActivitiesOutput, error)
// Describes the scaling process types for use with the [ResumeProcesses] and [SuspendProcesses] APIs.
//
// [ResumeProcesses]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_ResumeProcesses.html
// [SuspendProcesses]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_SuspendProcesses.html
DescribeScalingProcessTypes(ctx context.Context, params *autoscaling.DescribeScalingProcessTypesInput, optFns ...func(*Options)) (*autoscaling.DescribeScalingProcessTypesOutput, error)
// Gets information about the scheduled actions that haven't run or that have not
// reached their end time.
//
// To describe the scaling activities for scheduled actions that have already run,
// call the [DescribeScalingActivities]API.
//
// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
DescribeScheduledActions(ctx context.Context, params *autoscaling.DescribeScheduledActionsInput, optFns ...func(*Options)) (*autoscaling.DescribeScheduledActionsOutput, error)
// Describes the specified tags.
//
// You can use filters to limit the results. For example, you can query for the
// tags for a specific Auto Scaling group. You can specify multiple values for a
// filter. A tag must match at least one of the specified values for it to be
// included in the results.
//
// You can also specify multiple filters. The result includes information for a
// particular tag only if it matches all the filters. If there's no match, no
// special message is returned.
//
// For more information, see [Tag Auto Scaling groups and instances] in the Amazon EC2 Auto Scaling User Guide.
//
// [Tag Auto Scaling groups and instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html
DescribeTags(ctx context.Context, params *autoscaling.DescribeTagsInput, optFns ...func(*Options)) (*autoscaling.DescribeTagsOutput, error)
// Describes the termination policies supported by Amazon EC2 Auto Scaling.
//
// For more information, see [Configure termination policies for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Configure termination policies for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html
DescribeTerminationPolicyTypes(ctx context.Context, params *autoscaling.DescribeTerminationPolicyTypesInput, optFns ...func(*Options)) (*autoscaling.DescribeTerminationPolicyTypesOutput, error)
// Gets information about the traffic sources for the specified Auto Scaling group.
//
// You can optionally provide a traffic source type. If you provide a traffic
// source type, then the results only include that traffic source type.
//
// If you do not provide a traffic source type, then the results include all the
// traffic sources for the specified Auto Scaling group.
DescribeTrafficSources(ctx context.Context, params *autoscaling.DescribeTrafficSourcesInput, optFns ...func(*Options)) (*autoscaling.DescribeTrafficSourcesOutput, error)
// Gets information about a warm pool and its instances.
//
// For more information, see [Warm pools for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Warm pools for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html
DescribeWarmPool(ctx context.Context, params *autoscaling.DescribeWarmPoolInput, optFns ...func(*Options)) (*autoscaling.DescribeWarmPoolOutput, error)
// Removes one or more instances from the specified Auto Scaling group.
//
// After the instances are detached, you can manage them independent of the Auto
// Scaling group.
//
// If you do not specify the option to decrement the desired capacity, Amazon EC2
// Auto Scaling launches instances to replace the ones that are detached.
//
// If there is a Classic Load Balancer attached to the Auto Scaling group, the
// instances are deregistered from the load balancer. If there are target groups
// attached to the Auto Scaling group, the instances are deregistered from the
// target groups.
//
// For more information, see [Detach or attach instances] in the Amazon EC2 Auto Scaling User Guide.
//
// [Detach or attach instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-detach-attach-instances.html
DetachInstances(ctx context.Context, params *autoscaling.DetachInstancesInput, optFns ...func(*Options)) (*autoscaling.DetachInstancesOutput, error)
// This API operation is superseded by [DetachTrafficSources], which can detach multiple traffic sources
// types. We recommend using DetachTrafficSources to simplify how you manage
// traffic sources. However, we continue to support DetachLoadBalancerTargetGroups
// . You can use both the original DetachLoadBalancerTargetGroups API operation
// and DetachTrafficSources on the same Auto Scaling group.
//
// Detaches one or more target groups from the specified Auto Scaling group.
//
// When you detach a target group, it enters the Removing state while
// deregistering the instances in the group. When all instances are deregistered,
// then you can no longer describe the target group using the [DescribeLoadBalancerTargetGroups]API call. The
// instances remain running.
//
// You can use this operation to detach target groups that were attached by using [AttachLoadBalancerTargetGroups]
// , but not for target groups that were attached by using [AttachTrafficSources].
//
// [AttachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachLoadBalancerTargetGroups.html
// [DescribeLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancerTargetGroups.html
// [DetachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
// [AttachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html
DetachLoadBalancerTargetGroups(ctx context.Context, params *autoscaling.DetachLoadBalancerTargetGroupsInput, optFns ...func(*Options)) (*autoscaling.DetachLoadBalancerTargetGroupsOutput, error)
// This API operation is superseded by [DetachTrafficSources], which can detach multiple traffic sources
// types. We recommend using DetachTrafficSources to simplify how you manage
// traffic sources. However, we continue to support DetachLoadBalancers . You can
// use both the original DetachLoadBalancers API operation and DetachTrafficSources
// on the same Auto Scaling group.
//
// Detaches one or more Classic Load Balancers from the specified Auto Scaling
// group.
//
// This operation detaches only Classic Load Balancers. If you have Application
// Load Balancers, Network Load Balancers, or Gateway Load Balancers, use the [DetachLoadBalancerTargetGroups]API
// instead.
//
// When you detach a load balancer, it enters the Removing state while
// deregistering the instances in the group. When all instances are deregistered,
// then you can no longer describe the load balancer using the [DescribeLoadBalancers]API call. The
// instances remain running.
//
// [DetachLoadBalancerTargetGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachLoadBalancerTargetGroups.html
// [DescribeLoadBalancers]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLoadBalancers.html
// [DetachTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DetachTrafficSources.html
DetachLoadBalancers(ctx context.Context, params *autoscaling.DetachLoadBalancersInput, optFns ...func(*Options)) (*autoscaling.DetachLoadBalancersOutput, error)
// Detaches one or more traffic sources from the specified Auto Scaling group.
//
// When you detach a traffic source, it enters the Removing state while
// deregistering the instances in the group. When all instances are deregistered,
// then you can no longer describe the traffic source using the [DescribeTrafficSources]API call. The
// instances continue to run.
//
// [DescribeTrafficSources]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeTrafficSources.html
DetachTrafficSources(ctx context.Context, params *autoscaling.DetachTrafficSourcesInput, optFns ...func(*Options)) (*autoscaling.DetachTrafficSourcesOutput, error)
// Disables group metrics collection for the specified Auto Scaling group.
DisableMetricsCollection(ctx context.Context, params *autoscaling.DisableMetricsCollectionInput, optFns ...func(*Options)) (*autoscaling.DisableMetricsCollectionOutput, error)
// Enables group metrics collection for the specified Auto Scaling group.
//
// You can use these metrics to track changes in an Auto Scaling group and to set
// alarms on threshold values. You can view group metrics using the Amazon EC2 Auto
// Scaling console or the CloudWatch console. For more information, see [Monitor CloudWatch metrics for your Auto Scaling groups and instances]in the
// Amazon EC2 Auto Scaling User Guide.
//
// [Monitor CloudWatch metrics for your Auto Scaling groups and instances]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-cloudwatch-monitoring.html
EnableMetricsCollection(ctx context.Context, params *autoscaling.EnableMetricsCollectionInput, optFns ...func(*Options)) (*autoscaling.EnableMetricsCollectionOutput, error)
// Moves the specified instances into the standby state.
//
// If you choose to decrement the desired capacity of the Auto Scaling group, the
// instances can enter standby as long as the desired capacity of the Auto Scaling
// group after the instances are placed into standby is equal to or greater than
// the minimum capacity of the group.
//
// If you choose not to decrement the desired capacity of the Auto Scaling group,
// the Auto Scaling group launches new instances to replace the instances on
// standby.
//
// For more information, see [Temporarily removing instances from your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [Temporarily removing instances from your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html
EnterStandby(ctx context.Context, params *autoscaling.EnterStandbyInput, optFns ...func(*Options)) (*autoscaling.EnterStandbyOutput, error)
// Executes the specified policy. This can be useful for testing the design of
// your scaling policy.
ExecutePolicy(ctx context.Context, params *autoscaling.ExecutePolicyInput, optFns ...func(*Options)) (*autoscaling.ExecutePolicyOutput, error)
// Moves the specified instances out of the standby state.
//
// After you put the instances back in service, the desired capacity is
// incremented.
//
// For more information, see [Temporarily removing instances from your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [Temporarily removing instances from your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enter-exit-standby.html
ExitStandby(ctx context.Context, params *autoscaling.ExitStandbyInput, optFns ...func(*Options)) (*autoscaling.ExitStandbyOutput, error)
// Retrieves the forecast data for a predictive scaling policy.
//
// Load forecasts are predictions of the hourly load values using historical load
// data from CloudWatch and an analysis of historical trends. Capacity forecasts
// are represented as predicted values for the minimum capacity that is needed on
// an hourly basis, based on the hourly load forecast.
//
// A minimum of 24 hours of data is required to create the initial forecasts.
// However, having a full 14 days of historical data results in more accurate
// forecasts.
//
// For more information, see [Predictive scaling for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Predictive scaling for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html
GetPredictiveScalingForecast(ctx context.Context, params *autoscaling.GetPredictiveScalingForecastInput, optFns ...func(*Options)) (*autoscaling.GetPredictiveScalingForecastOutput, error)
// Creates or updates a lifecycle hook for the specified Auto Scaling group.
//
// Lifecycle hooks let you create solutions that are aware of events in the Auto
// Scaling instance lifecycle, and then perform a custom action on instances when
// the corresponding lifecycle event occurs.
//
// This step is a part of the procedure for adding a lifecycle hook to an Auto
// Scaling group:
//
// - (Optional) Create a launch template or launch configuration with a user
// data script that runs while an instance is in a wait state due to a lifecycle
// hook.
//
// - (Optional) Create a Lambda function and a rule that allows Amazon
// EventBridge to invoke your Lambda function when an instance is put into a wait
// state due to a lifecycle hook.
//
// - (Optional) Create a notification target and an IAM role. The target can be
// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
// Auto Scaling to publish lifecycle notifications to the target.
//
// - Create the lifecycle hook. Specify whether the hook is used when the
// instances launch or terminate.
//
// - If you need more time, record the lifecycle action heartbeat to keep the
// instance in a wait state using the [RecordLifecycleActionHeartbeat]API call.
//
// - If you finish before the timeout period ends, send a callback by using the [CompleteLifecycleAction]
// API call.
//
// For more information, see [Amazon EC2 Auto Scaling lifecycle hooks] in the Amazon EC2 Auto Scaling User Guide.
//
// If you exceed your maximum limit of lifecycle hooks, which by default is 50 per
// Auto Scaling group, the call fails.
//
// You can view the lifecycle hooks for an Auto Scaling group using the [DescribeLifecycleHooks] API call.
// If you are no longer using a lifecycle hook, you can delete it by calling the [DeleteLifecycleHook]
// API.
//
// [RecordLifecycleActionHeartbeat]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_RecordLifecycleActionHeartbeat.html
// [CompleteLifecycleAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CompleteLifecycleAction.html
// [Amazon EC2 Auto Scaling lifecycle hooks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
// [DescribeLifecycleHooks]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeLifecycleHooks.html
// [DeleteLifecycleHook]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeleteLifecycleHook.html
PutLifecycleHook(ctx context.Context, params *autoscaling.PutLifecycleHookInput, optFns ...func(*Options)) (*autoscaling.PutLifecycleHookOutput, error)
// Configures an Auto Scaling group to send notifications when specified events
// take place. Subscribers to the specified topic can have messages delivered to an
// endpoint such as a web server or an email address.
//
// This configuration overwrites any existing configuration.
//
// For more information, see [Amazon SNS notification options for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// If you exceed your maximum limit of SNS topics, which is 10 per Auto Scaling
// group, the call fails.
//
// [Amazon SNS notification options for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-sns-notifications.html
PutNotificationConfiguration(ctx context.Context, params *autoscaling.PutNotificationConfigurationInput, optFns ...func(*Options)) (*autoscaling.PutNotificationConfigurationOutput, error)
// Creates or updates a scaling policy for an Auto Scaling group. Scaling policies
// are used to scale an Auto Scaling group based on configurable metrics. If no
// policies are defined, the dynamic scaling and predictive scaling features are
// not used.
//
// For more information about using dynamic scaling, see [Target tracking scaling policies] and [Step and simple scaling policies] in the Amazon EC2
// Auto Scaling User Guide.
//
// For more information about using predictive scaling, see [Predictive scaling for Amazon EC2 Auto Scaling] in the Amazon EC2
// Auto Scaling User Guide.
//
// You can view the scaling policies for an Auto Scaling group using the [DescribePolicies] API
// call. If you are no longer using a scaling policy, you can delete it by calling
// the [DeletePolicy]API.
//
// [Step and simple scaling policies]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html
// [DeletePolicy]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeletePolicy.html
// [Target tracking scaling policies]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html
// [DescribePolicies]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribePolicies.html
// [Predictive scaling for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html
PutScalingPolicy(ctx context.Context, params *autoscaling.PutScalingPolicyInput, optFns ...func(*Options)) (*autoscaling.PutScalingPolicyOutput, error)
// Creates or updates a scheduled scaling action for an Auto Scaling group.
//
// For more information, see [Scheduled scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// You can view the scheduled actions for an Auto Scaling group using the [DescribeScheduledActions] API
// call. If you are no longer using a scheduled action, you can delete it by
// calling the [DeleteScheduledAction]API.
//
// If you try to schedule your action in the past, Amazon EC2 Auto Scaling returns
// an error message.
//
// [DeleteScheduledAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeleteScheduledAction.html
// [DescribeScheduledActions]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScheduledActions.html
// [Scheduled scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scheduled-scaling.html
PutScheduledUpdateGroupAction(ctx context.Context, params *autoscaling.PutScheduledUpdateGroupActionInput, optFns ...func(*Options)) (*autoscaling.PutScheduledUpdateGroupActionOutput, error)
// Creates or updates a warm pool for the specified Auto Scaling group. A warm
// pool is a pool of pre-initialized EC2 instances that sits alongside the Auto
// Scaling group. Whenever your application needs to scale out, the Auto Scaling
// group can draw on the warm pool to meet its new desired capacity.
//
// This operation must be called from the Region in which the Auto Scaling group
// was created.
//
// You can view the instances in the warm pool using the [DescribeWarmPool] API call. If you are no
// longer using a warm pool, you can delete it by calling the [DeleteWarmPool]API.
//
// For more information, see [Warm pools for Amazon EC2 Auto Scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [DeleteWarmPool]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DeleteWarmPool.html
// [DescribeWarmPool]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeWarmPool.html
// [Warm pools for Amazon EC2 Auto Scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html
PutWarmPool(ctx context.Context, params *autoscaling.PutWarmPoolInput, optFns ...func(*Options)) (*autoscaling.PutWarmPoolOutput, error)
// Records a heartbeat for the lifecycle action associated with the specified
// token or instance. This extends the timeout by the length of time defined using
// the [PutLifecycleHook]API call.
//
// This step is a part of the procedure for adding a lifecycle hook to an Auto
// Scaling group:
//
// - (Optional) Create a launch template or launch configuration with a user
// data script that runs while an instance is in a wait state due to a lifecycle
// hook.
//
// - (Optional) Create a Lambda function and a rule that allows Amazon
// EventBridge to invoke your Lambda function when an instance is put into a wait
// state due to a lifecycle hook.
//
// - (Optional) Create a notification target and an IAM role. The target can be
// either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2
// Auto Scaling to publish lifecycle notifications to the target.
//
// - Create the lifecycle hook. Specify whether the hook is used when the
// instances launch or terminate.
//
// - If you need more time, record the lifecycle action heartbeat to keep the
// instance in a wait state.
//
// - If you finish before the timeout period ends, send a callback by using the [CompleteLifecycleAction]
// API call.
//
// For more information, see [Amazon EC2 Auto Scaling lifecycle hooks] in the Amazon EC2 Auto Scaling User Guide.
//
// [CompleteLifecycleAction]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CompleteLifecycleAction.html
// [Amazon EC2 Auto Scaling lifecycle hooks]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
// [PutLifecycleHook]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutLifecycleHook.html
RecordLifecycleActionHeartbeat(ctx context.Context, params *autoscaling.RecordLifecycleActionHeartbeatInput, optFns ...func(*Options)) (*autoscaling.RecordLifecycleActionHeartbeatOutput, error)
// Resumes the specified suspended auto scaling processes, or all suspended
// process, for the specified Auto Scaling group.
//
// For more information, see [Suspend and resume Amazon EC2 Auto Scaling processes] in the Amazon EC2 Auto Scaling User Guide.
//
// [Suspend and resume Amazon EC2 Auto Scaling processes]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html
ResumeProcesses(ctx context.Context, params *autoscaling.ResumeProcessesInput, optFns ...func(*Options)) (*autoscaling.ResumeProcessesOutput, error)
// Cancels an instance refresh that is in progress and rolls back any changes that
// it made. Amazon EC2 Auto Scaling replaces any instances that were replaced
// during the instance refresh. This restores your Auto Scaling group to the
// configuration that it was using before the start of the instance refresh.
//
// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
// update instances in your Auto Scaling group after you make configuration
// changes.
//
// A rollback is not supported in the following situations:
//
// - There is no desired configuration specified for the instance refresh.
//
// - The Auto Scaling group has a launch template that uses an Amazon Web
// Services Systems Manager parameter instead of an AMI ID for the ImageId
// property.
//
// - The Auto Scaling group uses the launch template's $Latest or $Default
// version.
//
// When you receive a successful response from this operation, Amazon EC2 Auto
// Scaling immediately begins replacing instances. You can check the status of this
// operation through the [DescribeInstanceRefreshes]API operation.
//
// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
// [DescribeInstanceRefreshes]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeInstanceRefreshes.html
RollbackInstanceRefresh(ctx context.Context, params *autoscaling.RollbackInstanceRefreshInput, optFns ...func(*Options)) (*autoscaling.RollbackInstanceRefreshOutput, error)
// Sets the size of the specified Auto Scaling group.
//
// If a scale-in activity occurs as a result of a new DesiredCapacity value that
// is lower than the current size of the group, the Auto Scaling group uses its
// termination policy to determine which instances to terminate.
//
// For more information, see [Manual scaling] in the Amazon EC2 Auto Scaling User Guide.
//
// [Manual scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scaling-manually.html
SetDesiredCapacity(ctx context.Context, params *autoscaling.SetDesiredCapacityInput, optFns ...func(*Options)) (*autoscaling.SetDesiredCapacityOutput, error)
// Sets the health status of the specified instance.
//
// For more information, see [Set up a custom health check for your Auto Scaling group] in the Amazon EC2 Auto Scaling User Guide.
//
// [Set up a custom health check for your Auto Scaling group]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/set-up-a-custom-health-check.html
SetInstanceHealth(ctx context.Context, params *autoscaling.SetInstanceHealthInput, optFns ...func(*Options)) (*autoscaling.SetInstanceHealthOutput, error)
// Updates the instance protection settings of the specified instances. This
// operation cannot be called on instances in a warm pool.
//
// For more information, see [Use instance scale-in protection] in the Amazon EC2 Auto Scaling User Guide.
//
// If you exceed your maximum limit of instance IDs, which is 50 per Auto Scaling
// group, the call fails.
//
// [Use instance scale-in protection]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html
SetInstanceProtection(ctx context.Context, params *autoscaling.SetInstanceProtectionInput, optFns ...func(*Options)) (*autoscaling.SetInstanceProtectionOutput, error)
// Starts an instance refresh.
//
// This operation is part of the [instance refresh feature] in Amazon EC2 Auto Scaling, which helps you
// update instances in your Auto Scaling group. This feature is helpful, for
// example, when you have a new AMI or a new user data script. You just need to
// create a new launch template that specifies the new AMI or user data script.
// Then start an instance refresh to immediately begin the process of updating
// instances in the group.
//
// If successful, the request's response contains a unique ID that you can use to
// track the progress of the instance refresh. To query its status, call the [DescribeInstanceRefreshes]API.
// To describe the instance refreshes that have already run, call the [DescribeInstanceRefreshes]API. To
// cancel an instance refresh that is in progress, use the [CancelInstanceRefresh]API.
//
// An instance refresh might fail for several reasons, such as EC2 launch
// failures, misconfigured health checks, or not ignoring or allowing the
// termination of instances that are in Standby state or protected from scale in.
// You can monitor for failed EC2 launches using the scaling activities. To find
// the scaling activities, call the [DescribeScalingActivities]API.
//
// If you enable auto rollback, your Auto Scaling group will be rolled back
// automatically when the instance refresh fails. You can enable this feature
// before starting an instance refresh by specifying the AutoRollback property in
// the instance refresh preferences. Otherwise, to roll back an instance refresh
// before it finishes, use the [RollbackInstanceRefresh]API.
//
// [DescribeScalingActivities]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeScalingActivities.html
// [instance refresh feature]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html
// [DescribeInstanceRefreshes]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeInstanceRefreshes.html
// [CancelInstanceRefresh]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CancelInstanceRefresh.html
// [RollbackInstanceRefresh]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_RollbackInstanceRefresh.html
StartInstanceRefresh(ctx context.Context, params *autoscaling.StartInstanceRefreshInput, optFns ...func(*Options)) (*autoscaling.StartInstanceRefreshOutput, error)
// Suspends the specified auto scaling processes, or all processes, for the
// specified Auto Scaling group.
//
// If you suspend either the Launch or Terminate process types, it can prevent
// other process types from functioning properly. For more information, see [Suspend and resume Amazon EC2 Auto Scaling processes]in the
// Amazon EC2 Auto Scaling User Guide.
//
// To resume processes that have been suspended, call the [ResumeProcesses] API.
//
// [ResumeProcesses]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_ResumeProcesses.html
// [Suspend and resume Amazon EC2 Auto Scaling processes]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html
SuspendProcesses(ctx context.Context, params *autoscaling.SuspendProcessesInput, optFns ...func(*Options)) (*autoscaling.SuspendProcessesOutput, error)
// Terminates the specified instance and optionally adjusts the desired group
// size. This operation cannot be called on instances in a warm pool.
//
// This call simply makes a termination request. The instance is not terminated
// immediately. When an instance is terminated, the instance status changes to
// terminated . You can't connect to or start an instance after you've terminated
// it.
//
// If you do not specify the option to decrement the desired capacity, Amazon EC2
// Auto Scaling launches instances to replace the ones that are terminated.
//
// By default, Amazon EC2 Auto Scaling balances instances across all Availability
// Zones. If you decrement the desired capacity, your Auto Scaling group can become
// unbalanced between Availability Zones. Amazon EC2 Auto Scaling tries to
// rebalance the group, and rebalancing might terminate instances in other zones.
// For more information, see [Manual scaling]in the Amazon EC2 Auto Scaling User Guide.
//
// [Manual scaling]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scaling-manually.html
TerminateInstanceInAutoScalingGroup(ctx context.Context, params *autoscaling.TerminateInstanceInAutoScalingGroupInput, optFns ...func(*Options)) (*autoscaling.TerminateInstanceInAutoScalingGroupOutput, error)
// We strongly recommend that all Auto Scaling groups use launch templates to
//
// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2.
//
// Updates the configuration for the specified Auto Scaling group.
//
// To update an Auto Scaling group, specify the name of the group and the property
// that you want to change. Any properties that you don't specify are not changed
// by this update request. The new settings take effect on any scaling activities
// after this call returns.
//
// If you associate a new launch configuration or template with an Auto Scaling
// group, all new instances will get the updated configuration. Existing instances
// continue to run with the configuration that they were originally launched with.
// When you update a group to specify a mixed instances policy instead of a launch
// configuration or template, existing instances may be replaced to match the new
// purchasing options that you specified in the policy. For example, if the group
// currently has 100% On-Demand capacity and the policy specifies 50% Spot
// capacity, this means that half of your instances will be gradually terminated
// and relaunched as Spot Instances. When replacing instances, Amazon EC2 Auto
// Scaling launches new instances before terminating the old ones, so that updating
// your group does not compromise the performance or availability of your
// application.
//
// Note the following about changing DesiredCapacity , MaxSize , or MinSize :
//
// - If a scale-in activity occurs as a result of a new DesiredCapacity value
// that is lower than the current size of the group, the Auto Scaling group uses
// its termination policy to determine which instances to terminate.
//
// - If you specify a new value for MinSize without specifying a value for
// DesiredCapacity , and the new MinSize is larger than the current size of the
// group, this sets the group's DesiredCapacity to the new MinSize value.
//
// - If you specify a new value for MaxSize without specifying a value for
// DesiredCapacity , and the new MaxSize is smaller than the current size of the
// group, this sets the group's DesiredCapacity to the new MaxSize value.
//
// To see which properties have been set, call the [DescribeAutoScalingGroups] API. To view the scaling
// policies for an Auto Scaling group, call the [DescribePolicies]API. If the group has scaling
// policies, you can update them by calling the [PutScalingPolicy]API.
//
// [DescribeAutoScalingGroups]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAutoScalingGroups.html
// [DescribePolicies]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribePolicies.html
// [PutScalingPolicy]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutScalingPolicy.html
UpdateAutoScalingGroup(ctx context.Context, params *autoscaling.UpdateAutoScalingGroupInput, optFns ...func(*Options)) (*autoscaling.UpdateAutoScalingGroupOutput, error)
}
ASG provides an interface to the AWS ASG service.
type CloudFormation ¶
type CloudFormation interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() cloudformation.Options
// Activate trusted access with Organizations. With trusted access between
// StackSets and Organizations activated, the management account has permissions to
// create and manage StackSets for your organization.
ActivateOrganizationsAccess(ctx context.Context, params *cloudformation.ActivateOrganizationsAccessInput, optFns ...func(*Options)) (*cloudformation.ActivateOrganizationsAccessOutput, error)
// Activates a public third-party extension, such as a resource or module, to make
// it available for use in stack templates in your current account and Region. It
// can also create CloudFormation Hooks, which allow you to evaluate resource
// configurations before CloudFormation provisions them. Hooks integrate with both
// CloudFormation and Cloud Control API operations.
//
// After you activate an extension, you can use [SetTypeConfiguration] to set specific properties for
// the extension.
//
// To see which extensions have been activated, use [ListTypes]. To see configuration details
// for an extension, use [DescribeType].
//
// For more information, see [Activate a third-party public extension in your account] in the CloudFormation User Guide. For information
// about creating Hooks, see the [CloudFormation Hooks User Guide].
//
// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
// [SetTypeConfiguration]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html
// [ListTypes]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ListTypes.html
// [Activate a third-party public extension in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public-activate-extension.html
// [CloudFormation Hooks User Guide]: https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/what-is-cloudformation-hooks.html
ActivateType(ctx context.Context, params *cloudformation.ActivateTypeInput, optFns ...func(*Options)) (*cloudformation.ActivateTypeOutput, error)
// Returns configuration data for the specified CloudFormation extensions, from
// the CloudFormation registry in your current account and Region.
//
// For more information, see [Edit configuration data for extensions in your account] in the CloudFormation User Guide.
//
// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
BatchDescribeTypeConfigurations(ctx context.Context, params *cloudformation.BatchDescribeTypeConfigurationsInput, optFns ...func(*Options)) (*cloudformation.BatchDescribeTypeConfigurationsOutput, error)
// Cancels an update on the specified stack. If the call completes successfully,
// the stack rolls back the update and reverts to the previous stack configuration.
//
// You can cancel only stacks that are in the UPDATE_IN_PROGRESS state.
CancelUpdateStack(ctx context.Context, params *cloudformation.CancelUpdateStackInput, optFns ...func(*Options)) (*cloudformation.CancelUpdateStackOutput, error)
// Continues rolling back a stack from UPDATE_ROLLBACK_FAILED to
// UPDATE_ROLLBACK_COMPLETE state. Depending on the cause of the failure, you can
// manually fix the error and continue the rollback. By continuing the rollback,
// you can return your stack to a working state (the UPDATE_ROLLBACK_COMPLETE
// state) and then try to update the stack again.
//
// A stack enters the UPDATE_ROLLBACK_FAILED state when CloudFormation can't roll
// back all changes after a failed stack update. For example, this might occur when
// a stack attempts to roll back to an old database that was deleted outside of
// CloudFormation. Because CloudFormation doesn't know the instance was deleted, it
// assumes the instance still exists and attempts to roll back to it, causing the
// update rollback to fail.
//
// For more information, see [Continue rolling back an update] in the CloudFormation User Guide. For information
// for troubleshooting a failed update rollback, see [Update rollback failed].
//
// [Continue rolling back an update]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html
// [Update rollback failed]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed
ContinueUpdateRollback(ctx context.Context, params *cloudformation.ContinueUpdateRollbackInput, optFns ...func(*Options)) (*cloudformation.ContinueUpdateRollbackOutput, error)
// Creates a list of changes that will be applied to a stack so that you can
// review the changes before executing them. You can create a change set for a
// stack that doesn't exist or an existing stack. If you create a change set for a
// stack that doesn't exist, the change set shows all of the resources that
// CloudFormation will create. If you create a change set for an existing stack,
// CloudFormation compares the stack's information with the information that you
// submit in the change set and lists the differences. Use change sets to
// understand which resources CloudFormation will create or change, and how it will
// change resources in an existing stack, before you create or update a stack.
//
// To create a change set for a stack that doesn't exist, for the ChangeSetType
// parameter, specify CREATE . To create a change set for an existing stack,
// specify UPDATE for the ChangeSetType parameter. To create a change set for an
// import operation, specify IMPORT for the ChangeSetType parameter. After the
// CreateChangeSet call successfully completes, CloudFormation starts creating the
// change set. To check the status of the change set or to review it, use the DescribeChangeSet
// action.
//
// When you are satisfied with the changes the change set will make, execute the
// change set by using the ExecuteChangeSetaction. CloudFormation doesn't make changes until you
// execute the change set.
//
// To create a change set for the entire stack hierarchy, set IncludeNestedStacks
// to True .
CreateChangeSet(ctx context.Context, params *cloudformation.CreateChangeSetInput, optFns ...func(*Options)) (*cloudformation.CreateChangeSetOutput, error)
// Creates a template from existing resources that are not already managed with
// CloudFormation. You can check the status of the template generation using the
// DescribeGeneratedTemplate API action.
CreateGeneratedTemplate(ctx context.Context, params *cloudformation.CreateGeneratedTemplateInput, optFns ...func(*Options)) (*cloudformation.CreateGeneratedTemplateOutput, error)
// Creates a stack as specified in the template. After the call completes
// successfully, the stack creation starts. You can check the status of the stack
// through the DescribeStacksoperation.
//
// For more information about creating a stack and monitoring stack progress, see [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]
// in the CloudFormation User Guide.
//
// [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html
CreateStack(ctx context.Context, params *cloudformation.CreateStackInput, optFns ...func(*Options)) (*cloudformation.CreateStackOutput, error)
// Creates stack instances for the specified accounts, within the specified Amazon
// Web Services Regions. A stack instance refers to a stack in a specific account
// and Region. You must specify at least one value for either Accounts or
// DeploymentTargets , and you must specify at least one value for Regions .
//
// The maximum number of organizational unit (OUs) supported by a
// CreateStackInstances operation is 50.
//
// If you need more than 50, consider the following options:
//
// - Batch processing: If you don't want to expose your OU hierarchy, split up
// the operations into multiple calls with less than 50 OUs each.
//
// - Parent OU strategy: If you don't mind exposing the OU hierarchy, target a
// parent OU that contains all desired child OUs.
CreateStackInstances(ctx context.Context, params *cloudformation.CreateStackInstancesInput, optFns ...func(*Options)) (*cloudformation.CreateStackInstancesOutput, error)
// Creates a refactor across multiple stacks, with the list of stacks and
// resources that are affected.
CreateStackRefactor(ctx context.Context, params *cloudformation.CreateStackRefactorInput, optFns ...func(*Options)) (*cloudformation.CreateStackRefactorOutput, error)
// Creates a StackSet.
CreateStackSet(ctx context.Context, params *cloudformation.CreateStackSetInput, optFns ...func(*Options)) (*cloudformation.CreateStackSetOutput, error)
// Deactivates trusted access with Organizations. If trusted access is
// deactivated, the management account does not have permissions to create and
// manage service-managed StackSets for your organization.
DeactivateOrganizationsAccess(ctx context.Context, params *cloudformation.DeactivateOrganizationsAccessInput, optFns ...func(*Options)) (*cloudformation.DeactivateOrganizationsAccessOutput, error)
// Deactivates a public third-party extension, such as a resource or module, or a
// CloudFormation Hook when you no longer use it.
//
// Deactivating an extension deletes the configuration details that are associated
// with it. To temporarily disable a CloudFormation Hook instead, you can use [SetTypeConfiguration].
//
// Once deactivated, an extension can't be used in any CloudFormation operation.
// This includes stack update operations where the stack template includes the
// extension, even if no updates are being made to the extension. In addition,
// deactivated extensions aren't automatically updated if a new version of the
// extension is released.
//
// To see which extensions are currently activated, use [ListTypes].
//
// [SetTypeConfiguration]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html
// [ListTypes]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ListTypes.html
DeactivateType(ctx context.Context, params *cloudformation.DeactivateTypeInput, optFns ...func(*Options)) (*cloudformation.DeactivateTypeOutput, error)
// Deletes the specified change set. Deleting change sets ensures that no one
// executes the wrong change set.
//
// If the call successfully completes, CloudFormation successfully deleted the
// change set.
//
// If IncludeNestedStacks specifies True during the creation of the nested change
// set, then DeleteChangeSet will delete all change sets that belong to the stacks
// hierarchy and will also delete all change sets for nested stacks with the status
// of REVIEW_IN_PROGRESS .
DeleteChangeSet(ctx context.Context, params *cloudformation.DeleteChangeSetInput, optFns ...func(*Options)) (*cloudformation.DeleteChangeSetOutput, error)
// Deleted a generated template.
DeleteGeneratedTemplate(ctx context.Context, params *cloudformation.DeleteGeneratedTemplateInput, optFns ...func(*Options)) (*cloudformation.DeleteGeneratedTemplateOutput, error)
// Deletes a specified stack. Once the call completes successfully, stack deletion
// starts. Deleted stacks don't show up in the DescribeStacksoperation if the deletion has been
// completed successfully.
//
// For more information about deleting a stack, see [Delete a stack from the CloudFormation console] in the CloudFormation User
// Guide.
//
// [Delete a stack from the CloudFormation console]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-delete-stack.html
DeleteStack(ctx context.Context, params *cloudformation.DeleteStackInput, optFns ...func(*Options)) (*cloudformation.DeleteStackOutput, error)
// Deletes stack instances for the specified accounts, in the specified Amazon Web
// Services Regions.
//
// The maximum number of organizational unit (OUs) supported by a
// DeleteStackInstances operation is 50.
//
// If you need more than 50, consider the following options:
//
// - Batch processing: If you don't want to expose your OU hierarchy, split up
// the operations into multiple calls with less than 50 OUs each.
//
// - Parent OU strategy: If you don't mind exposing the OU hierarchy, target a
// parent OU that contains all desired child OUs.
DeleteStackInstances(ctx context.Context, params *cloudformation.DeleteStackInstancesInput, optFns ...func(*Options)) (*cloudformation.DeleteStackInstancesOutput, error)
// Deletes a StackSet. Before you can delete a StackSet, all its member stack
// instances must be deleted. For more information about how to complete this, see DeleteStackInstances
// .
DeleteStackSet(ctx context.Context, params *cloudformation.DeleteStackSetInput, optFns ...func(*Options)) (*cloudformation.DeleteStackSetOutput, error)
// Marks an extension or extension version as DEPRECATED in the CloudFormation
// registry, removing it from active use. Deprecated extensions or extension
// versions cannot be used in CloudFormation operations.
//
// To deregister an entire extension, you must individually deregister all active
// versions of that extension. If an extension has only a single active version,
// deregistering that version results in the extension itself being deregistered
// and marked as deprecated in the registry.
//
// You can't deregister the default version of an extension if there are other
// active version of that extension. If you do deregister the default version of an
// extension, the extension type itself is deregistered as well and marked as
// deprecated.
//
// To view the deprecation status of an extension or extension version, use [DescribeType].
//
// For more information, see [Remove third-party private extensions from your account] in the CloudFormation User Guide.
//
// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
// [Remove third-party private extensions from your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private-deregister-extension.html
DeregisterType(ctx context.Context, params *cloudformation.DeregisterTypeInput, optFns ...func(*Options)) (*cloudformation.DeregisterTypeOutput, error)
// Retrieves your account's CloudFormation limits, such as the maximum number of
// stacks that you can create in your account. For more information about account
// limits, see [Understand CloudFormation quotas]in the CloudFormation User Guide.
//
// [Understand CloudFormation quotas]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html
DescribeAccountLimits(ctx context.Context, params *cloudformation.DescribeAccountLimitsInput, optFns ...func(*Options)) (*cloudformation.DescribeAccountLimitsOutput, error)
// Returns the inputs for the change set and a list of changes that CloudFormation
// will make if you execute the change set. For more information, see [Update CloudFormation stacks using change sets]in the
// CloudFormation User Guide.
//
// [Update CloudFormation stacks using change sets]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html
DescribeChangeSet(ctx context.Context, params *cloudformation.DescribeChangeSetInput, optFns ...func(*Options)) (*cloudformation.DescribeChangeSetOutput, error)
// Returns hook-related information for the change set and a list of changes that
// CloudFormation makes when you run the change set.
DescribeChangeSetHooks(ctx context.Context, params *cloudformation.DescribeChangeSetHooksInput, optFns ...func(*Options)) (*cloudformation.DescribeChangeSetHooksOutput, error)
// Describes a generated template. The output includes details about the progress
// of the creation of a generated template started by a CreateGeneratedTemplate
// API action or the update of a generated template started with an
// UpdateGeneratedTemplate API action.
DescribeGeneratedTemplate(ctx context.Context, params *cloudformation.DescribeGeneratedTemplateInput, optFns ...func(*Options)) (*cloudformation.DescribeGeneratedTemplateOutput, error)
// Retrieves information about the account's OrganizationAccess status. This API
// can be called either by the management account or the delegated administrator by
// using the CallAs parameter. This API can also be called without the CallAs
// parameter by the management account.
DescribeOrganizationsAccess(ctx context.Context, params *cloudformation.DescribeOrganizationsAccessInput, optFns ...func(*Options)) (*cloudformation.DescribeOrganizationsAccessOutput, error)
// Returns information about a CloudFormation extension publisher.
//
// If you don't supply a PublisherId , and you have registered as an extension
// publisher, DescribePublisher returns information about your own publisher
// account.
//
// For more information about registering as a publisher, see:
//
// [RegisterPublisher]
//
// [Publishing extensions to make them available for public use]
// - in the CloudFormation Command Line Interface (CLI) User Guide
//
// [Publishing extensions to make them available for public use]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html
// [RegisterPublisher]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html
DescribePublisher(ctx context.Context, params *cloudformation.DescribePublisherInput, optFns ...func(*Options)) (*cloudformation.DescribePublisherOutput, error)
// Describes details of a resource scan.
DescribeResourceScan(ctx context.Context, params *cloudformation.DescribeResourceScanInput, optFns ...func(*Options)) (*cloudformation.DescribeResourceScanOutput, error)
// Returns information about a stack drift detection operation. A stack drift
// detection operation detects whether a stack's actual configuration differs, or
// has drifted, from its expected configuration, as defined in the stack template
// and any values specified as template parameters. A stack is considered to have
// drifted if one or more of its resources have drifted. For more information about
// stack and resource drift, see [Detect unmanaged configuration changes to stacks and resources with drift detection].
//
// Use DetectStackDrift to initiate a stack drift detection operation. DetectStackDrift returns a
// StackDriftDetectionId you can use to monitor the progress of the operation using
// DescribeStackDriftDetectionStatus . Once the drift detection operation has
// completed, use DescribeStackResourceDriftsto return drift information about the stack and its resources.
//
// [Detect unmanaged configuration changes to stacks and resources with drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
DescribeStackDriftDetectionStatus(ctx context.Context, params *cloudformation.DescribeStackDriftDetectionStatusInput, optFns ...func(*Options)) (*cloudformation.DescribeStackDriftDetectionStatusOutput, error)
// Returns all stack related events for a specified stack in reverse chronological
// order. For more information about a stack's event history, see [Understand CloudFormation stack creation events]in the
// CloudFormation User Guide.
//
// You can list events for stacks that have failed to create or have been deleted
// by specifying the unique stack identifier (stack ID).
//
// [Understand CloudFormation stack creation events]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stack-resource-configuration-complete.html
DescribeStackEvents(ctx context.Context, params *cloudformation.DescribeStackEventsInput, optFns ...func(*Options)) (*cloudformation.DescribeStackEventsOutput, error)
// Returns the stack instance that's associated with the specified StackSet,
// Amazon Web Services account, and Amazon Web Services Region.
//
// For a list of stack instances that are associated with a specific StackSet, use ListStackInstances
// .
DescribeStackInstance(ctx context.Context, params *cloudformation.DescribeStackInstanceInput, optFns ...func(*Options)) (*cloudformation.DescribeStackInstanceOutput, error)
// Describes the stack refactor status.
DescribeStackRefactor(ctx context.Context, params *cloudformation.DescribeStackRefactorInput, optFns ...func(*Options)) (*cloudformation.DescribeStackRefactorOutput, error)
// Returns a description of the specified resource in the specified stack.
//
// For deleted stacks, DescribeStackResource returns resource information for up
// to 90 days after the stack has been deleted.
DescribeStackResource(ctx context.Context, params *cloudformation.DescribeStackResourceInput, optFns ...func(*Options)) (*cloudformation.DescribeStackResourceOutput, error)
// Returns drift information for the resources that have been checked for drift in
// the specified stack. This includes actual and expected configuration values for
// resources where CloudFormation detects configuration drift.
//
// For a given stack, there will be one StackResourceDrift for each stack resource
// that has been checked for drift. Resources that haven't yet been checked for
// drift aren't included. Resources that don't currently support drift detection
// aren't checked, and so not included. For a list of resources that support drift
// detection, see [Resource type support for imports and drift detection].
//
// Use DetectStackResourceDrift to detect drift on individual resources, or DetectStackDrift to detect drift on all
// supported resources for a given stack.
//
// [Resource type support for imports and drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
DescribeStackResourceDrifts(ctx context.Context, params *cloudformation.DescribeStackResourceDriftsInput, optFns ...func(*Options)) (*cloudformation.DescribeStackResourceDriftsOutput, error)
// Returns Amazon Web Services resource descriptions for running and deleted
// stacks. If StackName is specified, all the associated resources that are part
// of the stack are returned. If PhysicalResourceId is specified, the associated
// resources of the stack that the resource belongs to are returned.
//
// Only the first 100 resources will be returned. If your stack has more resources
// than this, you should use ListStackResources instead.
//
// For deleted stacks, DescribeStackResources returns resource information for up
// to 90 days after the stack has been deleted.
//
// You must specify either StackName or PhysicalResourceId , but not both. In
// addition, you can specify LogicalResourceId to filter the returned result. For
// more information about resources, the LogicalResourceId and PhysicalResourceId ,
// see the [CloudFormation User Guide].
//
// A ValidationError is returned if you specify both StackName and
// PhysicalResourceId in the same request.
//
// [CloudFormation User Guide]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/
DescribeStackResources(ctx context.Context, params *cloudformation.DescribeStackResourcesInput, optFns ...func(*Options)) (*cloudformation.DescribeStackResourcesOutput, error)
// Returns the description of the specified StackSet.
//
// This API provides strongly consistent reads meaning it will always return the
// most up-to-date data.
DescribeStackSet(ctx context.Context, params *cloudformation.DescribeStackSetInput, optFns ...func(*Options)) (*cloudformation.DescribeStackSetOutput, error)
// Returns the description of the specified StackSet operation.
//
// This API provides strongly consistent reads meaning it will always return the
// most up-to-date data.
DescribeStackSetOperation(ctx context.Context, params *cloudformation.DescribeStackSetOperationInput, optFns ...func(*Options)) (*cloudformation.DescribeStackSetOperationOutput, error)
// Returns the description for the specified stack; if no stack name was
// specified, then it returns the description for all the stacks created. For more
// information about a stack's event history, see [Understand CloudFormation stack creation events]in the CloudFormation User Guide.
//
// If the stack doesn't exist, a ValidationError is returned.
//
// [Understand CloudFormation stack creation events]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stack-resource-configuration-complete.html
DescribeStacks(ctx context.Context, params *cloudformation.DescribeStacksInput, optFns ...func(*Options)) (*cloudformation.DescribeStacksOutput, error)
// Returns detailed information about an extension from the CloudFormation
// registry in your current account and Region.
//
// If you specify a VersionId , DescribeType returns information about that
// specific extension version. Otherwise, it returns information about the default
// extension version.
//
// For more information, see [Edit configuration data for extensions in your account] in the CloudFormation User Guide.
//
// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
DescribeType(ctx context.Context, params *cloudformation.DescribeTypeInput, optFns ...func(*Options)) (*cloudformation.DescribeTypeOutput, error)
// Returns information about an extension's registration, including its current
// status and type and version identifiers.
//
// When you initiate a registration request using RegisterType, you can then use DescribeTypeRegistration to monitor
// the progress of that registration request.
//
// Once the registration request has completed, use DescribeType to return detailed
// information about an extension.
DescribeTypeRegistration(ctx context.Context, params *cloudformation.DescribeTypeRegistrationInput, optFns ...func(*Options)) (*cloudformation.DescribeTypeRegistrationOutput, error)
// Detects whether a stack's actual configuration differs, or has drifted, from
// its expected configuration, as defined in the stack template and any values
// specified as template parameters. For each resource in the stack that supports
// drift detection, CloudFormation compares the actual configuration of the
// resource with its expected template configuration. Only resource properties
// explicitly defined in the stack template are checked for drift. A stack is
// considered to have drifted if one or more of its resources differ from their
// expected template configurations. For more information, see [Detect unmanaged configuration changes to stacks and resources with drift detection].
//
// Use DetectStackDrift to detect drift on all supported resources for a given
// stack, or DetectStackResourceDriftto detect drift on individual resources.
//
// For a list of stack resources that currently support drift detection, see [Resource type support for imports and drift detection].
//
// DetectStackDrift can take up to several minutes, depending on the number of
// resources contained within the stack. Use DescribeStackDriftDetectionStatusto monitor the progress of a detect
// stack drift operation. Once the drift detection operation has completed, use DescribeStackResourceDriftsto
// return drift information about the stack and its resources.
//
// When detecting drift on a stack, CloudFormation doesn't detect drift on any
// nested stacks belonging to that stack. Perform DetectStackDrift directly on the
// nested stack itself.
//
// [Resource type support for imports and drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
// [Detect unmanaged configuration changes to stacks and resources with drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
DetectStackDrift(ctx context.Context, params *cloudformation.DetectStackDriftInput, optFns ...func(*Options)) (*cloudformation.DetectStackDriftOutput, error)
// Returns information about whether a resource's actual configuration differs, or
// has drifted, from its expected configuration, as defined in the stack template
// and any values specified as template parameters. This information includes
// actual and expected property values for resources in which CloudFormation
// detects drift. Only resource properties explicitly defined in the stack template
// are checked for drift. For more information about stack and resource drift, see [Detect unmanaged configuration changes to stacks and resources with drift detection]
// .
//
// Use DetectStackResourceDrift to detect drift on individual resources, or DetectStackDrift to
// detect drift on all resources in a given stack that support drift detection.
//
// Resources that don't currently support drift detection can't be checked. For a
// list of resources that support drift detection, see [Resource type support for imports and drift detection].
//
// [Resource type support for imports and drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
// [Detect unmanaged configuration changes to stacks and resources with drift detection]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
DetectStackResourceDrift(ctx context.Context, params *cloudformation.DetectStackResourceDriftInput, optFns ...func(*Options)) (*cloudformation.DetectStackResourceDriftOutput, error)
// Detect drift on a StackSet. When CloudFormation performs drift detection on a
// StackSet, it performs drift detection on the stack associated with each stack
// instance in the StackSet. For more information, see [Performing drift detection on CloudFormation StackSets].
//
// DetectStackSetDrift returns the OperationId of the StackSet drift detection
// operation. Use this operation id with DescribeStackSetOperationto monitor the progress of the drift
// detection operation. The drift detection operation may take some time, depending
// on the number of stack instances included in the StackSet, in addition to the
// number of resources included in each stack.
//
// Once the operation has completed, use the following actions to return drift
// information:
//
// - Use DescribeStackSetto return detailed information about the stack set, including detailed
// information about the last completed drift operation performed on the StackSet.
// (Information about drift operations that are in progress isn't included.)
//
// - Use ListStackInstancesto return a list of stack instances belonging to the StackSet,
// including the drift status and last drift time checked of each instance.
//
// - Use DescribeStackInstanceto return detailed information about a specific stack instance,
// including its drift status and last drift time checked.
//
// You can only run a single drift detection operation on a given StackSet at one
// time.
//
// To stop a drift detection StackSet operation, use StopStackSetOperation.
//
// [Performing drift detection on CloudFormation StackSets]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html
DetectStackSetDrift(ctx context.Context, params *cloudformation.DetectStackSetDriftInput, optFns ...func(*Options)) (*cloudformation.DetectStackSetDriftOutput, error)
// Returns the estimated monthly cost of a template. The return value is an Amazon
// Web Services Simple Monthly Calculator URL with a query string that describes
// the resources required to run the template.
EstimateTemplateCost(ctx context.Context, params *cloudformation.EstimateTemplateCostInput, optFns ...func(*Options)) (*cloudformation.EstimateTemplateCostOutput, error)
// Updates a stack using the input information that was provided when the
// specified change set was created. After the call successfully completes,
// CloudFormation starts updating the stack. Use the DescribeStacksaction to view the status of
// the update.
//
// When you execute a change set, CloudFormation deletes all other change sets
// associated with the stack because they aren't valid for the updated stack.
//
// If a stack policy is associated with the stack, CloudFormation enforces the
// policy during the update. You can't specify a temporary stack policy that
// overrides the current policy.
//
// To create a change set for the entire stack hierarchy, IncludeNestedStacks must
// have been set to True .
ExecuteChangeSet(ctx context.Context, params *cloudformation.ExecuteChangeSetInput, optFns ...func(*Options)) (*cloudformation.ExecuteChangeSetOutput, error)
// Executes the stack refactor operation.
ExecuteStackRefactor(ctx context.Context, params *cloudformation.ExecuteStackRefactorInput, optFns ...func(*Options)) (*cloudformation.ExecuteStackRefactorOutput, error)
// Retrieves a generated template. If the template is in an InProgress or Pending
// status then the template returned will be the template when the template was
// last in a Complete status. If the template has not yet been in a Complete
// status then an empty template will be returned.
GetGeneratedTemplate(ctx context.Context, params *cloudformation.GetGeneratedTemplateInput, optFns ...func(*Options)) (*cloudformation.GetGeneratedTemplateOutput, error)
// Returns the stack policy for a specified stack. If a stack doesn't have a
// policy, a null value is returned.
GetStackPolicy(ctx context.Context, params *cloudformation.GetStackPolicyInput, optFns ...func(*Options)) (*cloudformation.GetStackPolicyOutput, error)
// Returns the template body for a specified stack. You can get the template for
// running or deleted stacks.
//
// For deleted stacks, GetTemplate returns the template for up to 90 days after
// the stack has been deleted.
//
// If the template doesn't exist, a ValidationError is returned.
GetTemplate(ctx context.Context, params *cloudformation.GetTemplateInput, optFns ...func(*Options)) (*cloudformation.GetTemplateOutput, error)
// Returns information about a new or existing template. The GetTemplateSummary
// action is useful for viewing parameter information, such as default parameter
// values and parameter types, before you create or update a stack or StackSet.
//
// You can use the GetTemplateSummary action when you submit a template, or you
// can get template information for a StackSet, or a running or deleted stack.
//
// For deleted stacks, GetTemplateSummary returns the template information for up
// to 90 days after the stack has been deleted. If the template doesn't exist, a
// ValidationError is returned.
GetTemplateSummary(ctx context.Context, params *cloudformation.GetTemplateSummaryInput, optFns ...func(*Options)) (*cloudformation.GetTemplateSummaryOutput, error)
// Import existing stacks into a new StackSets. Use the stack import operation to
// import up to 10 stacks into a new StackSet in the same account as the source
// stack or in a different administrator account and Region, by specifying the
// stack ID of the stack you intend to import.
ImportStacksToStackSet(ctx context.Context, params *cloudformation.ImportStacksToStackSetInput, optFns ...func(*Options)) (*cloudformation.ImportStacksToStackSetOutput, error)
// Returns the ID and status of each active change set for a stack. For example,
// CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or
// CREATE_PENDING state.
ListChangeSets(ctx context.Context, params *cloudformation.ListChangeSetsInput, optFns ...func(*Options)) (*cloudformation.ListChangeSetsOutput, error)
// Lists all exported output values in the account and Region in which you call
// this action. Use this action to see the exported output values that you can
// import into other stacks. To import values, use the [Fn::ImportValue]function.
//
// For more information, see [Get exported outputs from a deployed CloudFormation stack].
//
// [Get exported outputs from a deployed CloudFormation stack]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html
// [Fn::ImportValue]: https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-importvalue.html
ListExports(ctx context.Context, params *cloudformation.ListExportsInput, optFns ...func(*Options)) (*cloudformation.ListExportsOutput, error)
// Lists your generated templates in this Region.
ListGeneratedTemplates(ctx context.Context, params *cloudformation.ListGeneratedTemplatesInput, optFns ...func(*Options)) (*cloudformation.ListGeneratedTemplatesOutput, error)
// Returns summaries of invoked Hooks. For more information, see [View invocation summaries for CloudFormation Hooks] in the
// CloudFormation Hooks User Guide.
//
// This operation supports the following parameter combinations:
//
// - No parameters: Returns all Hook invocation summaries.
//
// - TypeArn only: Returns summaries for a specific Hook.
//
// - TypeArn and Status : Returns summaries for a specific Hook filtered by
// status.
//
// - TargetId and TargetType : Returns summaries for a specific Hook invocation
// target.
//
// [View invocation summaries for CloudFormation Hooks]: https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-view-invocations.html
ListHookResults(ctx context.Context, params *cloudformation.ListHookResultsInput, optFns ...func(*Options)) (*cloudformation.ListHookResultsOutput, error)
// Lists all stacks that are importing an exported output value. To modify or
// remove an exported output value, first use this action to see which stacks are
// using it. To see the exported output values in your account, see ListExports.
//
// For more information about importing an exported output value, see the [Fn::ImportValue]
// function.
//
// [Fn::ImportValue]: https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-importvalue.html
ListImports(ctx context.Context, params *cloudformation.ListImportsInput, optFns ...func(*Options)) (*cloudformation.ListImportsOutput, error)
// Lists the related resources for a list of resources from a resource scan. The
// response indicates whether each returned resource is already managed by
// CloudFormation.
ListResourceScanRelatedResources(ctx context.Context, params *cloudformation.ListResourceScanRelatedResourcesInput, optFns ...func(*Options)) (*cloudformation.ListResourceScanRelatedResourcesOutput, error)
// Lists the resources from a resource scan. The results can be filtered by
// resource identifier, resource type prefix, tag key, and tag value. Only
// resources that match all specified filters are returned. The response indicates
// whether each returned resource is already managed by CloudFormation.
ListResourceScanResources(ctx context.Context, params *cloudformation.ListResourceScanResourcesInput, optFns ...func(*Options)) (*cloudformation.ListResourceScanResourcesOutput, error)
// List the resource scans from newest to oldest. By default it will return up to
// 10 resource scans.
ListResourceScans(ctx context.Context, params *cloudformation.ListResourceScansInput, optFns ...func(*Options)) (*cloudformation.ListResourceScansOutput, error)
// Returns drift information for resources in a stack instance.
//
// ListStackInstanceResourceDrifts returns drift information for the most recent
// drift detection operation. If an operation is in progress, it may only return
// partial results.
ListStackInstanceResourceDrifts(ctx context.Context, params *cloudformation.ListStackInstanceResourceDriftsInput, optFns ...func(*Options)) (*cloudformation.ListStackInstanceResourceDriftsOutput, error)
// Returns summary information about stack instances that are associated with the
// specified StackSet. You can filter for stack instances that are associated with
// a specific Amazon Web Services account name or Region, or that have a specific
// status.
ListStackInstances(ctx context.Context, params *cloudformation.ListStackInstancesInput, optFns ...func(*Options)) (*cloudformation.ListStackInstancesOutput, error)
// Lists the stack refactor actions that will be taken after calling the ExecuteStackRefactor action.
ListStackRefactorActions(ctx context.Context, params *cloudformation.ListStackRefactorActionsInput, optFns ...func(*Options)) (*cloudformation.ListStackRefactorActionsOutput, error)
// Lists all account stack refactor operations and their statuses.
ListStackRefactors(ctx context.Context, params *cloudformation.ListStackRefactorsInput, optFns ...func(*Options)) (*cloudformation.ListStackRefactorsOutput, error)
// Returns descriptions of all resources of the specified stack.
//
// For deleted stacks, ListStackResources returns resource information for up to
// 90 days after the stack has been deleted.
ListStackResources(ctx context.Context, params *cloudformation.ListStackResourcesInput, optFns ...func(*Options)) (*cloudformation.ListStackResourcesOutput, error)
// Returns summary information about deployment targets for a StackSet.
ListStackSetAutoDeploymentTargets(ctx context.Context, params *cloudformation.ListStackSetAutoDeploymentTargetsInput, optFns ...func(*Options)) (*cloudformation.ListStackSetAutoDeploymentTargetsOutput, error)
// Returns summary information about the results of a StackSet operation.
//
// This API provides eventually consistent reads meaning it may take some time but
// will eventually return the most up-to-date data.
ListStackSetOperationResults(ctx context.Context, params *cloudformation.ListStackSetOperationResultsInput, optFns ...func(*Options)) (*cloudformation.ListStackSetOperationResultsOutput, error)
// Returns summary information about operations performed on a StackSet.
//
// This API provides eventually consistent reads meaning it may take some time but
// will eventually return the most up-to-date data.
ListStackSetOperations(ctx context.Context, params *cloudformation.ListStackSetOperationsInput, optFns ...func(*Options)) (*cloudformation.ListStackSetOperationsOutput, error)
// Returns summary information about StackSets that are associated with the user.
//
// This API provides strongly consistent reads meaning it will always return the
// most up-to-date data.
//
// - [Self-managed permissions] If you set the CallAs parameter to SELF while
// signed in to your Amazon Web Services account, ListStackSets returns all
// self-managed StackSets in your Amazon Web Services account.
//
// - [Service-managed permissions] If you set the CallAs parameter to SELF while
// signed in to the organization's management account, ListStackSets returns all
// StackSets in the management account.
//
// - [Service-managed permissions] If you set the CallAs parameter to
// DELEGATED_ADMIN while signed in to your member account, ListStackSets returns
// all StackSets with service-managed permissions in the management account.
ListStackSets(ctx context.Context, params *cloudformation.ListStackSetsInput, optFns ...func(*Options)) (*cloudformation.ListStackSetsOutput, error)
// Returns the summary information for stacks whose status matches the specified
// StackStatusFilter . Summary information for stacks that have been deleted is
// kept for 90 days after the stack is deleted. If no StackStatusFilter is
// specified, summary information for all stacks is returned (including existing
// stacks and stacks that have been deleted).
ListStacks(ctx context.Context, params *cloudformation.ListStacksInput, optFns ...func(*Options)) (*cloudformation.ListStacksOutput, error)
// Returns a list of registration tokens for the specified extension(s).
ListTypeRegistrations(ctx context.Context, params *cloudformation.ListTypeRegistrationsInput, optFns ...func(*Options)) (*cloudformation.ListTypeRegistrationsOutput, error)
// Returns summary information about the versions of an extension.
ListTypeVersions(ctx context.Context, params *cloudformation.ListTypeVersionsInput, optFns ...func(*Options)) (*cloudformation.ListTypeVersionsOutput, error)
// Returns summary information about all extensions, including your private
// resource types, modules, and Hooks as well as all public extensions from Amazon
// Web Services and third-party publishers.
ListTypes(ctx context.Context, params *cloudformation.ListTypesInput, optFns ...func(*Options)) (*cloudformation.ListTypesOutput, error)
// Publishes the specified extension to the CloudFormation registry as a public
// extension in this Region. Public extensions are available for use by all
// CloudFormation users. For more information about publishing extensions, see [Publishing extensions to make them available for public use]in
// the CloudFormation Command Line Interface (CLI) User Guide.
//
// To publish an extension, you must be registered as a publisher with
// CloudFormation. For more information, see [RegisterPublisher].
//
// [Publishing extensions to make them available for public use]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html
// [RegisterPublisher]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html
PublishType(ctx context.Context, params *cloudformation.PublishTypeInput, optFns ...func(*Options)) (*cloudformation.PublishTypeOutput, error)
// Reports progress of a resource handler to CloudFormation.
//
// Reserved for use by the [CloudFormation CLI]. Don't use this API in your code.
//
// [CloudFormation CLI]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html
RecordHandlerProgress(ctx context.Context, params *cloudformation.RecordHandlerProgressInput, optFns ...func(*Options)) (*cloudformation.RecordHandlerProgressOutput, error)
// Registers your account as a publisher of public extensions in the
// CloudFormation registry. Public extensions are available for use by all
// CloudFormation users. This publisher ID applies to your account in all Amazon
// Web Services Regions.
//
// For information about requirements for registering as a public extension
// publisher, see [Prerequisite: Registering your account to publish CloudFormation extensions]in the CloudFormation Command Line Interface (CLI) User Guide.
//
// [Prerequisite: Registering your account to publish CloudFormation extensions]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs
RegisterPublisher(ctx context.Context, params *cloudformation.RegisterPublisherInput, optFns ...func(*Options)) (*cloudformation.RegisterPublisherOutput, error)
// Registers an extension with the CloudFormation service. Registering an
// extension makes it available for use in CloudFormation templates in your Amazon
// Web Services account, and includes:
//
// - Validating the extension schema.
//
// - Determining which handlers, if any, have been specified for the extension.
//
// - Making the extension available for use in your account.
//
// For more information about how to develop extensions and ready them for
// registration, see [Creating resource types using the CloudFormation CLI]in the CloudFormation Command Line Interface (CLI) User Guide.
//
// You can have a maximum of 50 resource extension versions registered at a time.
// This maximum is per account and per Region. Use [DeregisterType]to deregister specific
// extension versions if necessary.
//
// Once you have initiated a registration request using RegisterType, you can use DescribeTypeRegistration to monitor
// the progress of the registration request.
//
// Once you have registered a private extension in your account and Region, use [SetTypeConfiguration]
// to specify configuration properties for the extension. For more information, see
// [Edit configuration data for extensions in your account]in the CloudFormation User Guide.
//
// [SetTypeConfiguration]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html
// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
// [Creating resource types using the CloudFormation CLI]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html
// [DeregisterType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeregisterType.html
RegisterType(ctx context.Context, params *cloudformation.RegisterTypeInput, optFns ...func(*Options)) (*cloudformation.RegisterTypeOutput, error)
// When specifying RollbackStack , you preserve the state of previously provisioned
// resources when an operation fails. You can check the status of the stack through
// the DescribeStacksoperation.
//
// Rolls back the specified stack to the last known stable state from CREATE_FAILED
// or UPDATE_FAILED stack statuses.
//
// This operation will delete a stack if it doesn't contain a last known stable
// state. A last known stable state includes any status in a *_COMPLETE . This
// includes the following stack statuses.
//
// - CREATE_COMPLETE
//
// - UPDATE_COMPLETE
//
// - UPDATE_ROLLBACK_COMPLETE
//
// - IMPORT_COMPLETE
//
// - IMPORT_ROLLBACK_COMPLETE
RollbackStack(ctx context.Context, params *cloudformation.RollbackStackInput, optFns ...func(*Options)) (*cloudformation.RollbackStackOutput, error)
// Sets a stack policy for a specified stack.
SetStackPolicy(ctx context.Context, params *cloudformation.SetStackPolicyInput, optFns ...func(*Options)) (*cloudformation.SetStackPolicyOutput, error)
// Specifies the configuration data for a CloudFormation extension, such as a
// resource or Hook, in the given account and Region.
//
// For more information, see [Edit configuration data for extensions in your account] in the CloudFormation User Guide.
//
// To view the current configuration data for an extension, refer to the
// ConfigurationSchema element of [DescribeType].
//
// It's strongly recommended that you use dynamic references to restrict sensitive
// configuration definitions, such as third-party credentials. For more
// information, see [Specify values stored in other services using dynamic references]in the CloudFormation User Guide.
//
// For more information about setting the configuration data for resource types,
// see [Defining the account-level configuration of an extension]in the CloudFormation Command Line Interface (CLI) User Guide. For more
// information about setting the configuration data for Hooks, see the [CloudFormation Hooks User Guide].
//
// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
// [Edit configuration data for extensions in your account]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-set-configuration.html
// [Specify values stored in other services using dynamic references]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
// [Defining the account-level configuration of an extension]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-model.html#resource-type-howto-configuration
// [CloudFormation Hooks User Guide]: https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/what-is-cloudformation-hooks.html
SetTypeConfiguration(ctx context.Context, params *cloudformation.SetTypeConfigurationInput, optFns ...func(*Options)) (*cloudformation.SetTypeConfigurationOutput, error)
// Specify the default version of an extension. The default version of an
// extension will be used in CloudFormation operations.
SetTypeDefaultVersion(ctx context.Context, params *cloudformation.SetTypeDefaultVersionInput, optFns ...func(*Options)) (*cloudformation.SetTypeDefaultVersionOutput, error)
// Sends a signal to the specified resource with a success or failure status. You
// can use the SignalResource operation in conjunction with a creation policy or
// update policy. CloudFormation doesn't proceed with a stack creation or update
// until resources receive the required number of signals or the timeout period is
// exceeded. The SignalResource operation is useful in cases where you want to
// send signals from anywhere other than an Amazon EC2 instance.
SignalResource(ctx context.Context, params *cloudformation.SignalResourceInput, optFns ...func(*Options)) (*cloudformation.SignalResourceOutput, error)
// Starts a scan of the resources in this account in this Region. You can the
// status of a scan using the ListResourceScans API action.
StartResourceScan(ctx context.Context, params *cloudformation.StartResourceScanInput, optFns ...func(*Options)) (*cloudformation.StartResourceScanOutput, error)
// Stops an in-progress operation on a StackSet and its associated stack
// instances. StackSets will cancel all the unstarted stack instance deployments
// and wait for those are in-progress to complete.
StopStackSetOperation(ctx context.Context, params *cloudformation.StopStackSetOperationInput, optFns ...func(*Options)) (*cloudformation.StopStackSetOperationOutput, error)
// Tests a registered extension to make sure it meets all necessary requirements
// for being published in the CloudFormation registry.
//
// - For resource types, this includes passing all contracts tests defined for
// the type.
//
// - For modules, this includes determining if the module's model meets all
// necessary requirements.
//
// For more information, see [Testing your public extension before publishing] in the CloudFormation Command Line Interface (CLI)
// User Guide.
//
// If you don't specify a version, CloudFormation uses the default version of the
// extension in your account and Region for testing.
//
// To perform testing, CloudFormation assumes the execution role specified when
// the type was registered. For more information, see [RegisterType].
//
// Once you've initiated testing on an extension using TestType , you can pass the
// returned TypeVersionArn into [DescribeType] to monitor the current test status and test
// status description for the extension.
//
// An extension must have a test status of PASSED before it can be published. For
// more information, see [Publishing extensions to make them available for public use]in the CloudFormation Command Line Interface (CLI) User
// Guide.
//
// [DescribeType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html
// [Testing your public extension before publishing]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing
// [RegisterType]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html
// [Publishing extensions to make them available for public use]: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html
TestType(ctx context.Context, params *cloudformation.TestTypeInput, optFns ...func(*Options)) (*cloudformation.TestTypeOutput, error)
// Updates a generated template. This can be used to change the name, add and
// remove resources, refresh resources, and change the DeletionPolicy and
// UpdateReplacePolicy settings. You can check the status of the update to the
// generated template using the DescribeGeneratedTemplate API action.
UpdateGeneratedTemplate(ctx context.Context, params *cloudformation.UpdateGeneratedTemplateInput, optFns ...func(*Options)) (*cloudformation.UpdateGeneratedTemplateOutput, error)
// Updates a stack as specified in the template. After the call completes
// successfully, the stack update starts. You can check the status of the stack
// through the DescribeStacksaction.
//
// To get a copy of the template for an existing stack, you can use the GetTemplate action.
//
// For more information about updating a stack and monitoring the progress of the
// update, see [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]in the CloudFormation User Guide.
//
// [Managing Amazon Web Services resources as a single unit with CloudFormation stacks]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html
UpdateStack(ctx context.Context, params *cloudformation.UpdateStackInput, optFns ...func(*Options)) (*cloudformation.UpdateStackOutput, error)
// Updates the parameter values for stack instances for the specified accounts,
// within the specified Amazon Web Services Regions. A stack instance refers to a
// stack in a specific account and Region.
//
// You can only update stack instances in Amazon Web Services Regions and accounts
// where they already exist; to create additional stack instances, use [CreateStackInstances].
//
// During StackSet updates, any parameters overridden for a stack instance aren't
// updated, but retain their overridden value.
//
// You can only update the parameter values that are specified in the StackSet. To
// add or delete a parameter itself, use [UpdateStackSet]to update the StackSet template. If you
// add a parameter to a template, before you can override the parameter value
// specified in the StackSet you must first use [UpdateStackSet]to update all stack instances with
// the updated template and parameter value specified in the StackSet. Once a stack
// instance has been updated with the new parameter, you can then override the
// parameter value using UpdateStackInstances .
//
// The maximum number of organizational unit (OUs) supported by a
// UpdateStackInstances operation is 50.
//
// If you need more than 50, consider the following options:
//
// - Batch processing: If you don't want to expose your OU hierarchy, split up
// the operations into multiple calls with less than 50 OUs each.
//
// - Parent OU strategy: If you don't mind exposing the OU hierarchy, target a
// parent OU that contains all desired child OUs.
//
// [CreateStackInstances]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStackInstances.html
// [UpdateStackSet]: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html
UpdateStackInstances(ctx context.Context, params *cloudformation.UpdateStackInstancesInput, optFns ...func(*Options)) (*cloudformation.UpdateStackInstancesOutput, error)
// Updates the StackSet and associated stack instances in the specified accounts
// and Amazon Web Services Regions.
//
// Even if the StackSet operation created by updating the StackSet fails
// (completely or partially, below or above a specified failure tolerance), the
// StackSet is updated with your changes. Subsequent CreateStackInstancescalls on the specified
// StackSet use the updated StackSet.
//
// The maximum number of organizational unit (OUs) supported by a UpdateStackSet
// operation is 50.
//
// If you need more than 50, consider the following options:
//
// - Batch processing: If you don't want to expose your OU hierarchy, split up
// the operations into multiple calls with less than 50 OUs each.
//
// - Parent OU strategy: If you don't mind exposing the OU hierarchy, target a
// parent OU that contains all desired child OUs.
UpdateStackSet(ctx context.Context, params *cloudformation.UpdateStackSetInput, optFns ...func(*Options)) (*cloudformation.UpdateStackSetOutput, error)
// Updates termination protection for the specified stack. If a user attempts to
// delete a stack with termination protection enabled, the operation fails and the
// stack remains unchanged. For more information, see [Protect a CloudFormation stack from being deleted]in the CloudFormation User
// Guide.
//
// For [nested stacks], termination protection is set on the root stack and can't be changed
// directly on the nested stack.
//
// [nested stacks]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html
// [Protect a CloudFormation stack from being deleted]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
UpdateTerminationProtection(ctx context.Context, params *cloudformation.UpdateTerminationProtectionInput, optFns ...func(*Options)) (*cloudformation.UpdateTerminationProtectionOutput, error)
// Validates a specified template. CloudFormation first checks if the template is
// valid JSON. If it isn't, CloudFormation checks if the template is valid YAML. If
// both these checks fail, CloudFormation returns a template validation error.
ValidateTemplate(ctx context.Context, params *cloudformation.ValidateTemplateInput, optFns ...func(*Options)) (*cloudformation.ValidateTemplateOutput, error)
}
CloudFormation provides an interface to the AWS CloudFormation service.
type CloudTrail ¶ added in v0.92.0
type CloudTrail interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() cloudtrail.Options
// Adds one or more tags to a trail, event data store, dashboard, or channel, up
// to a limit of 50. Overwrites an existing tag's value when a new value is
// specified for an existing tag key. Tag key names must be unique; you cannot have
// two keys with the same name but different values. If you specify a key without a
// value, the tag will be created with the specified key and a value of null. You
// can tag a trail or event data store that applies to all Amazon Web Services
// Regions only from the Region in which the trail or event data store was created
// (also known as its home Region).
AddTags(ctx context.Context, params *cloudtrail.AddTagsInput, optFns ...func(*Options)) (*cloudtrail.AddTagsOutput, error)
// Cancels a query if the query is not in a terminated state, such as CANCELLED ,
// FAILED , TIMED_OUT , or FINISHED . You must specify an ARN value for
// EventDataStore . The ID of the query that you want to cancel is also required.
// When you run CancelQuery , the query status might show as CANCELLED even if the
// operation is not yet finished.
CancelQuery(ctx context.Context, params *cloudtrail.CancelQueryInput, optFns ...func(*Options)) (*cloudtrail.CancelQueryOutput, error)
// Creates a channel for CloudTrail to ingest events from a partner or external
// source. After you create a channel, a CloudTrail Lake event data store can log
// events from the partner or source that you specify.
CreateChannel(ctx context.Context, params *cloudtrail.CreateChannelInput, optFns ...func(*Options)) (*cloudtrail.CreateChannelOutput, error)
// Creates a custom dashboard or the Highlights dashboard.
//
// - Custom dashboards - Custom dashboards allow you to query events in any
// event data store type. You can add up to 10 widgets to a custom dashboard. You
// can manually refresh a custom dashboard, or you can set a refresh schedule.
//
// - Highlights dashboard - You can create the Highlights dashboard to see a
// summary of key user activities and API usage across all your event data stores.
// CloudTrail Lake manages the Highlights dashboard and refreshes the dashboard
// every 6 hours. To create the Highlights dashboard, you must set and enable a
// refresh schedule.
//
// CloudTrail runs queries to populate the dashboard's widgets during a manual or
// scheduled refresh. CloudTrail must be granted permissions to run the StartQuery
// operation on your behalf. To provide permissions, run the PutResourcePolicy
// operation to attach a resource-based policy to each event data store. For more
// information, see [Example: Allow CloudTrail to run queries to populate a dashboard]in the CloudTrail User Guide.
//
// To set a refresh schedule, CloudTrail must be granted permissions to run the
// StartDashboardRefresh operation to refresh the dashboard on your behalf. To
// provide permissions, run the PutResourcePolicy operation to attach a
// resource-based policy to the dashboard. For more information, see [Resource-based policy example for a dashboard]in the
// CloudTrail User Guide.
//
// For more information about dashboards, see [CloudTrail Lake dashboards] in the CloudTrail User Guide.
//
// [CloudTrail Lake dashboards]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-dashboard.html
// [Example: Allow CloudTrail to run queries to populate a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard
// [Resource-based policy example for a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-dashboards
CreateDashboard(ctx context.Context, params *cloudtrail.CreateDashboardInput, optFns ...func(*Options)) (*cloudtrail.CreateDashboardOutput, error)
// Creates a new event data store.
CreateEventDataStore(ctx context.Context, params *cloudtrail.CreateEventDataStoreInput, optFns ...func(*Options)) (*cloudtrail.CreateEventDataStoreOutput, error)
// Creates a trail that specifies the settings for delivery of log data to an
// Amazon S3 bucket.
CreateTrail(ctx context.Context, params *cloudtrail.CreateTrailInput, optFns ...func(*Options)) (*cloudtrail.CreateTrailOutput, error)
// Deletes a channel.
DeleteChannel(ctx context.Context, params *cloudtrail.DeleteChannelInput, optFns ...func(*Options)) (*cloudtrail.DeleteChannelOutput, error)
// Deletes the specified dashboard. You cannot delete a dashboard that has
//
// termination protection enabled.
DeleteDashboard(ctx context.Context, params *cloudtrail.DeleteDashboardInput, optFns ...func(*Options)) (*cloudtrail.DeleteDashboardOutput, error)
// Disables the event data store specified by EventDataStore , which accepts an
// event data store ARN. After you run DeleteEventDataStore , the event data store
// enters a PENDING_DELETION state, and is automatically deleted after a wait
// period of seven days. TerminationProtectionEnabled must be set to False on the
// event data store and the FederationStatus must be DISABLED . You cannot delete
// an event data store if TerminationProtectionEnabled is True or the
// FederationStatus is ENABLED .
//
// After you run DeleteEventDataStore on an event data store, you cannot run
// ListQueries , DescribeQuery , or GetQueryResults on queries that are using an
// event data store in a PENDING_DELETION state. An event data store in the
// PENDING_DELETION state does not incur costs.
DeleteEventDataStore(ctx context.Context, params *cloudtrail.DeleteEventDataStoreInput, optFns ...func(*Options)) (*cloudtrail.DeleteEventDataStoreOutput, error)
// Deletes the resource-based policy attached to the CloudTrail event data store,
//
// dashboard, or channel.
DeleteResourcePolicy(ctx context.Context, params *cloudtrail.DeleteResourcePolicyInput, optFns ...func(*Options)) (*cloudtrail.DeleteResourcePolicyOutput, error)
// Deletes a trail. This operation must be called from the Region in which the
// trail was created. DeleteTrail cannot be called on the shadow trails
// (replicated trails in other Regions) of a trail that is enabled in all Regions.
DeleteTrail(ctx context.Context, params *cloudtrail.DeleteTrailInput, optFns ...func(*Options)) (*cloudtrail.DeleteTrailOutput, error)
// Removes CloudTrail delegated administrator permissions from a member account in
// an organization.
DeregisterOrganizationDelegatedAdmin(ctx context.Context, params *cloudtrail.DeregisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*cloudtrail.DeregisterOrganizationDelegatedAdminOutput, error)
// Returns metadata about a query, including query run time in milliseconds,
// number of events scanned and matched, and query status. If the query results
// were delivered to an S3 bucket, the response also provides the S3 URI and the
// delivery status.
//
// You must specify either QueryId or QueryAlias . Specifying the QueryAlias
// parameter returns information about the last query run for the alias. You can
// provide RefreshId along with QueryAlias to view the query results of a
// dashboard query for the specified RefreshId .
DescribeQuery(ctx context.Context, params *cloudtrail.DescribeQueryInput, optFns ...func(*Options)) (*cloudtrail.DescribeQueryOutput, error)
// Retrieves settings for one or more trails associated with the current Region
// for your account.
DescribeTrails(ctx context.Context, params *cloudtrail.DescribeTrailsInput, optFns ...func(*Options)) (*cloudtrail.DescribeTrailsOutput, error)
// Disables Lake query federation on the specified event data store. When you
//
// disable federation, CloudTrail disables the integration with Glue, Lake
// Formation, and Amazon Athena. After disabling Lake query federation, you can no
// longer query your event data in Amazon Athena.
//
// No CloudTrail Lake data is deleted when you disable federation and you can
// continue to run queries in CloudTrail Lake.
DisableFederation(ctx context.Context, params *cloudtrail.DisableFederationInput, optFns ...func(*Options)) (*cloudtrail.DisableFederationOutput, error)
// Enables Lake query federation on the specified event data store. Federating an
//
// event data store lets you view the metadata associated with the event data store
// in the Glue [Data Catalog]and run SQL queries against your event data using Amazon Athena.
// The table metadata stored in the Glue Data Catalog lets the Athena query engine
// know how to find, read, and process the data that you want to query.
//
// When you enable Lake query federation, CloudTrail creates a managed database
// named aws:cloudtrail (if the database doesn't already exist) and a managed
// federated table in the Glue Data Catalog. The event data store ID is used for
// the table name. CloudTrail registers the role ARN and event data store in [Lake Formation], the
// service responsible for allowing fine-grained access control of the federated
// resources in the Glue Data Catalog.
//
// For more information about Lake query federation, see [Federate an event data store].
//
// [Federate an event data store]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html
// [Lake Formation]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation-lake-formation.html
// [Data Catalog]: https://docs.aws.amazon.com/glue/latest/dg/components-overview.html#data-catalog-intro
EnableFederation(ctx context.Context, params *cloudtrail.EnableFederationInput, optFns ...func(*Options)) (*cloudtrail.EnableFederationOutput, error)
// Generates a query from a natural language prompt. This operation uses
//
// generative artificial intelligence (generative AI) to produce a ready-to-use SQL
// query from the prompt.
//
// The prompt can be a question or a statement about the event data in your event
// data store. For example, you can enter prompts like "What are my top errors in
// the past month?" and “Give me a list of users that used SNS.”
//
// The prompt must be in English. For information about limitations, permissions,
// and supported Regions, see [Create CloudTrail Lake queries from natural language prompts]in the CloudTrail user guide.
//
// Do not include any personally identifying, confidential, or sensitive
// information in your prompts.
//
// This feature uses generative AI large language models (LLMs); we recommend
// double-checking the LLM response.
//
// [Create CloudTrail Lake queries from natural language prompts]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-query-generator.html
GenerateQuery(ctx context.Context, params *cloudtrail.GenerateQueryInput, optFns ...func(*Options)) (*cloudtrail.GenerateQueryOutput, error)
// Returns information about a specific channel.
GetChannel(ctx context.Context, params *cloudtrail.GetChannelInput, optFns ...func(*Options)) (*cloudtrail.GetChannelOutput, error)
// Returns the specified dashboard.
GetDashboard(ctx context.Context, params *cloudtrail.GetDashboardInput, optFns ...func(*Options)) (*cloudtrail.GetDashboardOutput, error)
// Retrieves the current event configuration settings for the specified event data
// store, including details about maximum event size and context key selectors
// configured for the event data store.
GetEventConfiguration(ctx context.Context, params *cloudtrail.GetEventConfigurationInput, optFns ...func(*Options)) (*cloudtrail.GetEventConfigurationOutput, error)
// Returns information about an event data store specified as either an ARN or the
// ID portion of the ARN.
GetEventDataStore(ctx context.Context, params *cloudtrail.GetEventDataStoreInput, optFns ...func(*Options)) (*cloudtrail.GetEventDataStoreOutput, error)
// Describes the settings for the event selectors that you configured for your
// trail. The information returned for your event selectors includes the following:
//
// - If your event selector includes read-only events, write-only events, or all
// events. This applies to management events, data events, and network activity
// events.
//
// - If your event selector includes management events.
//
// - If your event selector includes network activity events, the event sources
// for which you are logging network activity events.
//
// - If your event selector includes data events, the resources on which you are
// logging data events.
//
// For more information about logging management, data, and network activity
// events, see the following topics in the CloudTrail User Guide:
//
// [Logging management events]
//
// [Logging data events]
//
// [Logging network activity events]
//
// [Logging network activity events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
// [Logging management events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
// [Logging data events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
GetEventSelectors(ctx context.Context, params *cloudtrail.GetEventSelectorsInput, optFns ...func(*Options)) (*cloudtrail.GetEventSelectorsOutput, error)
// Returns information about a specific import.
GetImport(ctx context.Context, params *cloudtrail.GetImportInput, optFns ...func(*Options)) (*cloudtrail.GetImportOutput, error)
// Describes the settings for the Insights event selectors that you configured for
// your trail or event data store. GetInsightSelectors shows if CloudTrail
// Insights event logging is enabled on the trail or event data store, and if it
// is, which Insights types are enabled. If you run GetInsightSelectors on a trail
// or event data store that does not have Insights events enabled, the operation
// throws the exception InsightNotEnabledException
//
// Specify either the EventDataStore parameter to get Insights event selectors for
// an event data store, or the TrailName parameter to the get Insights event
// selectors for a trail. You cannot specify these parameters together.
//
// For more information, see [Working with CloudTrail Insights] in the CloudTrail User Guide.
//
// [Working with CloudTrail Insights]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
GetInsightSelectors(ctx context.Context, params *cloudtrail.GetInsightSelectorsInput, optFns ...func(*Options)) (*cloudtrail.GetInsightSelectorsOutput, error)
// Gets event data results of a query. You must specify the QueryID value returned
// by the StartQuery operation.
GetQueryResults(ctx context.Context, params *cloudtrail.GetQueryResultsInput, optFns ...func(*Options)) (*cloudtrail.GetQueryResultsOutput, error)
// Retrieves the JSON text of the resource-based policy document attached to the
//
// CloudTrail event data store, dashboard, or channel.
GetResourcePolicy(ctx context.Context, params *cloudtrail.GetResourcePolicyInput, optFns ...func(*Options)) (*cloudtrail.GetResourcePolicyOutput, error)
// Returns settings information for a specified trail.
GetTrail(ctx context.Context, params *cloudtrail.GetTrailInput, optFns ...func(*Options)) (*cloudtrail.GetTrailOutput, error)
// Returns a JSON-formatted list of information about the specified trail. Fields
// include information on delivery errors, Amazon SNS and Amazon S3 errors, and
// start and stop logging times for each trail. This operation returns trail status
// from a single Region. To return trail status from all Regions, you must call the
// operation on each Region.
GetTrailStatus(ctx context.Context, params *cloudtrail.GetTrailStatusInput, optFns ...func(*Options)) (*cloudtrail.GetTrailStatusOutput, error)
// Lists the channels in the current account, and their source names.
ListChannels(ctx context.Context, params *cloudtrail.ListChannelsInput, optFns ...func(*Options)) (*cloudtrail.ListChannelsOutput, error)
// Returns information about all dashboards in the account, in the current
//
// Region.
ListDashboards(ctx context.Context, params *cloudtrail.ListDashboardsInput, optFns ...func(*Options)) (*cloudtrail.ListDashboardsOutput, error)
// Returns information about all event data stores in the account, in the current
// Region.
ListEventDataStores(ctx context.Context, params *cloudtrail.ListEventDataStoresInput, optFns ...func(*Options)) (*cloudtrail.ListEventDataStoresOutput, error)
// Returns a list of failures for the specified import.
ListImportFailures(ctx context.Context, params *cloudtrail.ListImportFailuresInput, optFns ...func(*Options)) (*cloudtrail.ListImportFailuresOutput, error)
// Returns information on all imports, or a select set of imports by ImportStatus
//
// or Destination .
ListImports(ctx context.Context, params *cloudtrail.ListImportsInput, optFns ...func(*Options)) (*cloudtrail.ListImportsOutput, error)
// Returns Insights metrics data for trails that have enabled Insights. The
// request must include the EventSource , EventName , and InsightType parameters.
//
// If the InsightType is set to ApiErrorRateInsight , the request must also include
// the ErrorCode parameter.
//
// The following are the available time periods for ListInsightsMetricData . Each
// cutoff is inclusive.
//
// - Data points with a period of 60 seconds (1-minute) are available for 15
// days.
//
// - Data points with a period of 300 seconds (5-minute) are available for 63
// days.
//
// - Data points with a period of 3600 seconds (1 hour) are available for 90
// days.
//
// Access to the ListInsightsMetricData API operation is linked to the
// cloudtrail:LookupEvents action. To use this operation, you must have permissions
// to perform the cloudtrail:LookupEvents action.
ListInsightsMetricData(ctx context.Context, params *cloudtrail.ListInsightsMetricDataInput, optFns ...func(*Options)) (*cloudtrail.ListInsightsMetricDataOutput, error)
// Returns all public keys whose private keys were used to sign the digest files
// within the specified time range. The public key is needed to validate digest
// files that were signed with its corresponding private key.
//
// CloudTrail uses different private and public key pairs per Region. Each digest
// file is signed with a private key unique to its Region. When you validate a
// digest file from a specific Region, you must look in the same Region for its
// corresponding public key.
ListPublicKeys(ctx context.Context, params *cloudtrail.ListPublicKeysInput, optFns ...func(*Options)) (*cloudtrail.ListPublicKeysOutput, error)
// Returns a list of queries and query statuses for the past seven days. You must
// specify an ARN value for EventDataStore . Optionally, to shorten the list of
// results, you can specify a time range, formatted as timestamps, by adding
// StartTime and EndTime parameters, and a QueryStatus value. Valid values for
// QueryStatus include QUEUED , RUNNING , FINISHED , FAILED , TIMED_OUT , or
// CANCELLED .
ListQueries(ctx context.Context, params *cloudtrail.ListQueriesInput, optFns ...func(*Options)) (*cloudtrail.ListQueriesOutput, error)
// Lists the tags for the specified trails, event data stores, dashboards, or
// channels in the current Region.
ListTags(ctx context.Context, params *cloudtrail.ListTagsInput, optFns ...func(*Options)) (*cloudtrail.ListTagsOutput, error)
// Lists trails that are in the current account.
ListTrails(ctx context.Context, params *cloudtrail.ListTrailsInput, optFns ...func(*Options)) (*cloudtrail.ListTrailsOutput, error)
// Looks up [management events] or [CloudTrail Insights events] that are captured by CloudTrail. You can look up events that
// occurred in a Region within the last 90 days.
//
// LookupEvents returns recent Insights events for trails that enable Insights. To
// view Insights events for an event data store, you can run queries on your
// Insights event data store, and you can also view the Lake dashboard for
// Insights.
//
// Lookup supports the following attributes for management events:
//
// - Amazon Web Services access key
//
// - Event ID
//
// - Event name
//
// - Event source
//
// - Read only
//
// - Resource name
//
// - Resource type
//
// - User name
//
// Lookup supports the following attributes for Insights events:
//
// - Event ID
//
// - Event name
//
// - Event source
//
// All attributes are optional. The default number of results returned is 50, with
// a maximum of 50 possible. The response includes a token that you can use to get
// the next page of results.
//
// The rate of lookup requests is limited to two per second, per account, per
// Region. If this limit is exceeded, a throttling error occurs.
//
// [CloudTrail Insights events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-insights-events
// [management events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events
LookupEvents(ctx context.Context, params *cloudtrail.LookupEventsInput, optFns ...func(*Options)) (*cloudtrail.LookupEventsOutput, error)
// Updates the event configuration settings for the specified event data store.
// You can update the maximum event size and context key selectors.
PutEventConfiguration(ctx context.Context, params *cloudtrail.PutEventConfigurationInput, optFns ...func(*Options)) (*cloudtrail.PutEventConfigurationOutput, error)
// Configures event selectors (also referred to as basic event selectors) or
// advanced event selectors for your trail. You can use either
// AdvancedEventSelectors or EventSelectors , but not both. If you apply
// AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten.
//
// You can use AdvancedEventSelectors to log management events, data events for
// all resource types, and network activity events.
//
// You can use EventSelectors to log management events and data events for the
// following resource types:
//
// - AWS::DynamoDB::Table
//
// - AWS::Lambda::Function
//
// - AWS::S3::Object
//
// You can't use EventSelectors to log network activity events.
//
// If you want your trail to log Insights events, be sure the event selector or
// advanced event selector enables logging of the Insights event types you want
// configured for your trail. For more information about logging Insights events,
// see [Working with CloudTrail Insights]in the CloudTrail User Guide. By default, trails created without specific
// event selectors are configured to log all read and write management events, and
// no data events or network activity events.
//
// When an event occurs in your account, CloudTrail evaluates the event selectors
// or advanced event selectors in all trails. For each trail, if the event matches
// any event selector, the trail processes and logs the event. If the event doesn't
// match any event selector, the trail doesn't log the event.
//
// Example
//
// - You create an event selector for a trail and specify that you want to log
// write-only events.
//
// - The EC2 GetConsoleOutput and RunInstances API operations occur in your
// account.
//
// - CloudTrail evaluates whether the events match your event selectors.
//
// - The RunInstances is a write-only event and it matches your event selector.
// The trail logs the event.
//
// - The GetConsoleOutput is a read-only event that doesn't match your event
// selector. The trail doesn't log the event.
//
// The PutEventSelectors operation must be called from the Region in which the
// trail was created; otherwise, an InvalidHomeRegionException exception is thrown.
//
// You can configure up to five event selectors for each trail.
//
// You can add advanced event selectors, and conditions for your advanced event
// selectors, up to a maximum of 500 values for all conditions and selectors on a
// trail. For more information, see [Logging management events], [Logging data events], [Logging network activity events], and [Quotas in CloudTrail] in the CloudTrail User Guide.
//
// [Logging network activity events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
// [Logging management events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
// [Working with CloudTrail Insights]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
// [Quotas in CloudTrail]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
// [Logging data events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
PutEventSelectors(ctx context.Context, params *cloudtrail.PutEventSelectorsInput, optFns ...func(*Options)) (*cloudtrail.PutEventSelectorsOutput, error)
// Lets you enable Insights event logging by specifying the Insights selectors
// that you want to enable on an existing trail or event data store. You also use
// PutInsightSelectors to turn off Insights event logging, by passing an empty list
// of Insights types. The valid Insights event types are ApiErrorRateInsight and
// ApiCallRateInsight .
//
// To enable Insights on an event data store, you must specify the ARNs (or ID
// suffix of the ARNs) for the source event data store ( EventDataStore ) and the
// destination event data store ( InsightsDestination ). The source event data
// store logs management events and enables Insights. The destination event data
// store logs Insights events based upon the management event activity of the
// source event data store. The source and destination event data stores must
// belong to the same Amazon Web Services account.
//
// To log Insights events for a trail, you must specify the name ( TrailName ) of
// the CloudTrail trail for which you want to change or add Insights selectors.
//
// To log CloudTrail Insights events on API call volume, the trail or event data
// store must log write management events. To log CloudTrail Insights events on
// API error rate, the trail or event data store must log read or write management
// events. You can call GetEventSelectors on a trail to check whether the trail
// logs management events. You can call GetEventDataStore on an event data store
// to check whether the event data store logs management events.
//
// For more information, see [Working with CloudTrail Insights] in the CloudTrail User Guide.
//
// [Working with CloudTrail Insights]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
PutInsightSelectors(ctx context.Context, params *cloudtrail.PutInsightSelectorsInput, optFns ...func(*Options)) (*cloudtrail.PutInsightSelectorsOutput, error)
// Attaches a resource-based permission policy to a CloudTrail event data store,
//
// dashboard, or channel. For more information about resource-based policies, see [CloudTrail resource-based policy examples]
// in the CloudTrail User Guide.
//
// [CloudTrail resource-based policy examples]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html
PutResourcePolicy(ctx context.Context, params *cloudtrail.PutResourcePolicyInput, optFns ...func(*Options)) (*cloudtrail.PutResourcePolicyOutput, error)
// Registers an organization’s member account as the CloudTrail [delegated administrator].
//
// [delegated administrator]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-delegated-administrator.html
RegisterOrganizationDelegatedAdmin(ctx context.Context, params *cloudtrail.RegisterOrganizationDelegatedAdminInput, optFns ...func(*Options)) (*cloudtrail.RegisterOrganizationDelegatedAdminOutput, error)
// Removes the specified tags from a trail, event data store, dashboard, or
// channel.
RemoveTags(ctx context.Context, params *cloudtrail.RemoveTagsInput, optFns ...func(*Options)) (*cloudtrail.RemoveTagsOutput, error)
// Restores a deleted event data store specified by EventDataStore , which accepts
// an event data store ARN. You can only restore a deleted event data store within
// the seven-day wait period after deletion. Restoring an event data store can take
// several minutes, depending on the size of the event data store.
RestoreEventDataStore(ctx context.Context, params *cloudtrail.RestoreEventDataStoreInput, optFns ...func(*Options)) (*cloudtrail.RestoreEventDataStoreOutput, error)
// Searches sample queries and returns a list of sample queries that are sorted
//
// by relevance. To search for sample queries, provide a natural language
// SearchPhrase in English.
SearchSampleQueries(ctx context.Context, params *cloudtrail.SearchSampleQueriesInput, optFns ...func(*Options)) (*cloudtrail.SearchSampleQueriesOutput, error)
// Starts a refresh of the specified dashboard.
//
// Each time a dashboard is refreshed, CloudTrail runs queries to populate the
// dashboard's widgets. CloudTrail must be granted permissions to run the
// StartQuery operation on your behalf. To provide permissions, run the
// PutResourcePolicy operation to attach a resource-based policy to each event data
// store. For more information, see [Example: Allow CloudTrail to run queries to populate a dashboard]in the CloudTrail User Guide.
//
// [Example: Allow CloudTrail to run queries to populate a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard
StartDashboardRefresh(ctx context.Context, params *cloudtrail.StartDashboardRefreshInput, optFns ...func(*Options)) (*cloudtrail.StartDashboardRefreshOutput, error)
// Starts the ingestion of live events on an event data store specified as either
// an ARN or the ID portion of the ARN. To start ingestion, the event data store
// Status must be STOPPED_INGESTION and the eventCategory must be Management , Data
// , NetworkActivity , or ConfigurationItem .
StartEventDataStoreIngestion(ctx context.Context, params *cloudtrail.StartEventDataStoreIngestionInput, optFns ...func(*Options)) (*cloudtrail.StartEventDataStoreIngestionOutput, error)
// Starts an import of logged trail events from a source S3 bucket to a
//
// destination event data store. By default, CloudTrail only imports events
// contained in the S3 bucket's CloudTrail prefix and the prefixes inside the
// CloudTrail prefix, and does not check prefixes for other Amazon Web Services
// services. If you want to import CloudTrail events contained in another prefix,
// you must include the prefix in the S3LocationUri . For more considerations about
// importing trail events, see [Considerations for copying trail events]in the CloudTrail User Guide.
//
// When you start a new import, the Destinations and ImportSource parameters are
// required. Before starting a new import, disable any access control lists (ACLs)
// attached to the source S3 bucket. For more information about disabling ACLs, see
// [Controlling ownership of objects and disabling ACLs for your bucket].
//
// When you retry an import, the ImportID parameter is required.
//
// If the destination event data store is for an organization, you must use the
// management account to import trail events. You cannot use the delegated
// administrator account for the organization.
//
// [Considerations for copying trail events]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-copy-trail-to-lake.html#cloudtrail-trail-copy-considerations
// [Controlling ownership of objects and disabling ACLs for your bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
StartImport(ctx context.Context, params *cloudtrail.StartImportInput, optFns ...func(*Options)) (*cloudtrail.StartImportOutput, error)
// Starts the recording of Amazon Web Services API calls and log file delivery for
// a trail. For a trail that is enabled in all Regions, this operation must be
// called from the Region in which the trail was created. This operation cannot be
// called on the shadow trails (replicated trails in other Regions) of a trail that
// is enabled in all Regions.
StartLogging(ctx context.Context, params *cloudtrail.StartLoggingInput, optFns ...func(*Options)) (*cloudtrail.StartLoggingOutput, error)
// Starts a CloudTrail Lake query. Use the QueryStatement parameter to provide
// your SQL query, enclosed in single quotation marks. Use the optional
// DeliveryS3Uri parameter to deliver the query results to an S3 bucket.
//
// StartQuery requires you specify either the QueryStatement parameter, or a
// QueryAlias and any QueryParameters . In the current release, the QueryAlias and
// QueryParameters parameters are used only for the queries that populate the
// CloudTrail Lake dashboards.
StartQuery(ctx context.Context, params *cloudtrail.StartQueryInput, optFns ...func(*Options)) (*cloudtrail.StartQueryOutput, error)
// Stops the ingestion of live events on an event data store specified as either
// an ARN or the ID portion of the ARN. To stop ingestion, the event data store
// Status must be ENABLED and the eventCategory must be Management , Data ,
// NetworkActivity , or ConfigurationItem .
StopEventDataStoreIngestion(ctx context.Context, params *cloudtrail.StopEventDataStoreIngestionInput, optFns ...func(*Options)) (*cloudtrail.StopEventDataStoreIngestionOutput, error)
// Stops a specified import.
StopImport(ctx context.Context, params *cloudtrail.StopImportInput, optFns ...func(*Options)) (*cloudtrail.StopImportOutput, error)
// Suspends the recording of Amazon Web Services API calls and log file delivery
// for the specified trail. Under most circumstances, there is no need to use this
// action. You can update a trail without stopping it first. This action is the
// only way to stop recording. For a trail enabled in all Regions, this operation
// must be called from the Region in which the trail was created, or an
// InvalidHomeRegionException will occur. This operation cannot be called on the
// shadow trails (replicated trails in other Regions) of a trail enabled in all
// Regions.
StopLogging(ctx context.Context, params *cloudtrail.StopLoggingInput, optFns ...func(*Options)) (*cloudtrail.StopLoggingOutput, error)
// Updates a channel specified by a required channel ARN or UUID.
UpdateChannel(ctx context.Context, params *cloudtrail.UpdateChannelInput, optFns ...func(*Options)) (*cloudtrail.UpdateChannelOutput, error)
// Updates the specified dashboard.
//
// To set a refresh schedule, CloudTrail must be granted permissions to run the
// StartDashboardRefresh operation to refresh the dashboard on your behalf. To
// provide permissions, run the PutResourcePolicy operation to attach a
// resource-based policy to the dashboard. For more information, see [Resource-based policy example for a dashboard]in the
// CloudTrail User Guide.
//
// CloudTrail runs queries to populate the dashboard's widgets during a manual or
// scheduled refresh. CloudTrail must be granted permissions to run the StartQuery
// operation on your behalf. To provide permissions, run the PutResourcePolicy
// operation to attach a resource-based policy to each event data store. For more
// information, see [Example: Allow CloudTrail to run queries to populate a dashboard]in the CloudTrail User Guide.
//
// [Example: Allow CloudTrail to run queries to populate a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard
// [Resource-based policy example for a dashboard]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-dashboards
UpdateDashboard(ctx context.Context, params *cloudtrail.UpdateDashboardInput, optFns ...func(*Options)) (*cloudtrail.UpdateDashboardOutput, error)
// Updates an event data store. The required EventDataStore value is an ARN or the
// ID portion of the ARN. Other parameters are optional, but at least one optional
// parameter must be specified, or CloudTrail throws an error. RetentionPeriod is
// in days, and valid values are integers between 7 and 3653 if the BillingMode is
// set to EXTENDABLE_RETENTION_PRICING , or between 7 and 2557 if BillingMode is
// set to FIXED_RETENTION_PRICING . By default, TerminationProtection is enabled.
//
// For event data stores for CloudTrail events, AdvancedEventSelectors includes or
// excludes management, data, or network activity events in your event data store.
// For more information about AdvancedEventSelectors , see [AdvancedEventSelectors].
//
// For event data stores for CloudTrail Insights events, Config configuration
// items, Audit Manager evidence, or non-Amazon Web Services events,
// AdvancedEventSelectors includes events of that type in your event data store.
//
// [AdvancedEventSelectors]: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html
UpdateEventDataStore(ctx context.Context, params *cloudtrail.UpdateEventDataStoreInput, optFns ...func(*Options)) (*cloudtrail.UpdateEventDataStoreOutput, error)
// Updates trail settings that control what events you are logging, and how to
// handle log files. Changes to a trail do not require stopping the CloudTrail
// service. Use this action to designate an existing bucket for log delivery. If
// the existing bucket has previously been a target for CloudTrail log files, an
// IAM policy exists for the bucket. UpdateTrail must be called from the Region in
// which the trail was created; otherwise, an InvalidHomeRegionException is thrown.
UpdateTrail(ctx context.Context, params *cloudtrail.UpdateTrailInput, optFns ...func(*Options)) (*cloudtrail.UpdateTrailOutput, error)
}
CloudTrail provides an interface to the AWS CloudTrail service.
type CloudWatchLogs ¶ added in v0.92.0
type CloudWatchLogs interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() cloudwatchlogs.Options
// Associates the specified KMS key with either one log group in the account, or
// with all stored CloudWatch Logs query insights results in the account.
//
// When you use AssociateKmsKey , you specify either the logGroupName parameter or
// the resourceIdentifier parameter. You can't specify both of those parameters in
// the same operation.
//
// - Specify the logGroupName parameter to cause log events ingested into that
// log group to be encrypted with that key. Only the log events ingested after the
// key is associated are encrypted with that key.
//
// Associating a KMS key with a log group overrides any existing associations
//
// between the log group and a KMS key. After a KMS key is associated with a log
// group, all newly ingested data for the log group is encrypted using the KMS key.
// This association is stored as long as the data encrypted with the KMS key is
// still within CloudWatch Logs. This enables CloudWatch Logs to decrypt this data
// whenever it is requested.
//
// Associating a key with a log group does not cause the results of queries of
//
// that log group to be encrypted with that key. To have query results encrypted
// with a KMS key, you must use an AssociateKmsKey operation with the
// resourceIdentifier parameter that specifies a query-result resource.
//
// - Specify the resourceIdentifier parameter with a query-result resource, to
// use that key to encrypt the stored results of all future [StartQuery]operations in the
// account. The response from a [GetQueryResults]operation will still return the query results in
// plain text.
//
// Even if you have not associated a key with your query results, the query
//
// results are encrypted when stored, using the default CloudWatch Logs method.
//
// If you run a query from a monitoring account that queries logs in a source
//
// account, the query results key from the monitoring account, if any, is used.
//
// If you delete the key that is used to encrypt log events or log group query
// results, then all the associated stored log events or query results that were
// encrypted with that key will be unencryptable and unusable.
//
// CloudWatch Logs supports only symmetric KMS keys. Do not associate an
// asymmetric KMS key with your log group or query results. For more information,
// see [Using Symmetric and Asymmetric Keys].
//
// It can take up to 5 minutes for this operation to take effect.
//
// If you attempt to associate a KMS key with a log group but the KMS key does not
// exist or the KMS key is disabled, you receive an InvalidParameterException
// error.
//
// [Using Symmetric and Asymmetric Keys]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
//
// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
// [GetQueryResults]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html
AssociateKmsKey(ctx context.Context, params *cloudwatchlogs.AssociateKmsKeyInput, optFns ...func(*Options)) (*cloudwatchlogs.AssociateKmsKeyOutput, error)
// Cancels the specified export task.
//
// The task must be in the PENDING or RUNNING state.
CancelExportTask(ctx context.Context, params *cloudwatchlogs.CancelExportTaskInput, optFns ...func(*Options)) (*cloudwatchlogs.CancelExportTaskOutput, error)
// Creates a delivery. A delivery is a connection between a logical delivery
// source and a logical delivery destination that you have already created.
//
// Only some Amazon Web Services services support being configured as a delivery
// source using this operation. These services are listed as Supported [V2
// Permissions] in the table at [Enabling logging from Amazon Web Services services.]
//
// A delivery destination can represent a log group in CloudWatch Logs, an Amazon
// S3 bucket, a delivery stream in Firehose, or X-Ray.
//
// To configure logs delivery between a supported Amazon Web Services service and
// a destination, you must do the following:
//
// - Create a delivery source, which is a logical object that represents the
// resource that is actually sending the logs. For more information, see [PutDeliverySource].
//
// - Create a delivery destination, which is a logical object that represents
// the actual delivery destination. For more information, see [PutDeliveryDestination].
//
// - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy]in the destination
// account to assign an IAM policy to the destination. This policy allows delivery
// to that destination.
//
// - Use CreateDelivery to create a delivery by pairing exactly one delivery
// source and one delivery destination.
//
// You can configure a single delivery source to send logs to multiple
// destinations by creating multiple deliveries. You can also create multiple
// deliveries to configure multiple delivery sources to send logs to the same
// delivery destination.
//
// To update an existing delivery configuration, use [UpdateDeliveryConfiguration].
//
// [PutDeliveryDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [PutDeliverySource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
// [UpdateDeliveryConfiguration]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateDeliveryConfiguration.html
CreateDelivery(ctx context.Context, params *cloudwatchlogs.CreateDeliveryInput, optFns ...func(*Options)) (*cloudwatchlogs.CreateDeliveryOutput, error)
// Creates an export task so that you can efficiently export data from a log group
// to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must
// use credentials that have permission to write to the S3 bucket that you specify
// as the destination.
//
// Exporting log data to S3 buckets that are encrypted by KMS is supported.
// Exporting log data to Amazon S3 buckets that have S3 Object Lock enabled with a
// retention period is also supported.
//
// Exporting to S3 buckets that are encrypted with AES-256 is supported.
//
// This is an asynchronous call. If all the required information is provided, this
// operation initiates an export task and responds with the ID of the task. After
// the task has started, you can use [DescribeExportTasks]to get the status of the export task. Each
// account can only have one active ( RUNNING or PENDING ) export task at a time.
// To cancel an export task, use [CancelExportTask].
//
// You can export logs from multiple log groups or multiple time ranges to the
// same S3 bucket. To separate log data for each export task, specify a prefix to
// be used as the Amazon S3 key prefix for all exported objects.
//
// We recommend that you don't regularly export to Amazon S3 as a way to
// continuously archive your logs. For that use case, we instead recommend that you
// use subscriptions. For more information about subscriptions, see [Real-time processing of log data with subscriptions].
//
// Time-based sorting on chunks of log data inside an exported file is not
// guaranteed. You can sort the exported log field data by using Linux utilities.
//
// [CancelExportTask]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html
// [DescribeExportTasks]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html
// [Real-time processing of log data with subscriptions]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions.html
CreateExportTask(ctx context.Context, params *cloudwatchlogs.CreateExportTaskInput, optFns ...func(*Options)) (*cloudwatchlogs.CreateExportTaskOutput, error)
// Creates an anomaly detector that regularly scans one or more log groups and
// look for patterns and anomalies in the logs.
//
// An anomaly detector can help surface issues by automatically discovering
// anomalies in your log event traffic. An anomaly detector uses machine learning
// algorithms to scan log events and find patterns. A pattern is a shared text
// structure that recurs among your log fields. Patterns provide a useful tool for
// analyzing large sets of logs because a large number of log events can often be
// compressed into a few patterns.
//
// The anomaly detector uses pattern recognition to find anomalies , which are
// unusual log events. It uses the evaluationFrequency to compare current log
// events and patterns with trained baselines.
//
// Fields within a pattern are called tokens. Fields that vary within a pattern,
// such as a request ID or timestamp, are referred to as dynamic tokens and
// represented by <*> .
//
// The following is an example of a pattern:
//
// [INFO] Request time: <*> ms
//
// This pattern represents log events like [INFO] Request time: 327 ms and other
// similar log events that differ only by the number, in this csse 327. When the
// pattern is displayed, the different numbers are replaced by <*>
//
// Any parts of log events that are masked as sensitive data are not scanned for
// anomalies. For more information about masking sensitive data, see [Help protect sensitive log data with masking].
//
// [Help protect sensitive log data with masking]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
CreateLogAnomalyDetector(ctx context.Context, params *cloudwatchlogs.CreateLogAnomalyDetectorInput, optFns ...func(*Options)) (*cloudwatchlogs.CreateLogAnomalyDetectorOutput, error)
// Creates a log group with the specified name. You can create up to 1,000,000 log
// groups per Region per account.
//
// You must use the following guidelines when naming a log group:
//
// - Log group names must be unique within a Region for an Amazon Web Services
// account.
//
// - Log group names can be between 1 and 512 characters long.
//
// - Log group names consist of the following characters: a-z, A-Z, 0-9, '_'
// (underscore), '-' (hyphen), '/' (forward slash), '.' (period), and '#' (number
// sign)
//
// - Log group names can't start with the string aws/
//
// When you create a log group, by default the log events in the log group do not
// expire. To set a retention policy so that events expire and are deleted after a
// specified time, use [PutRetentionPolicy].
//
// If you associate an KMS key with the log group, ingested data is encrypted
// using the KMS key. This association is stored as long as the data encrypted with
// the KMS key is still within CloudWatch Logs. This enables CloudWatch Logs to
// decrypt this data whenever it is requested.
//
// If you attempt to associate a KMS key with the log group but the KMS key does
// not exist or the KMS key is disabled, you receive an InvalidParameterException
// error.
//
// CloudWatch Logs supports only symmetric KMS keys. Do not associate an
// asymmetric KMS key with your log group. For more information, see [Using Symmetric and Asymmetric Keys].
//
// [Using Symmetric and Asymmetric Keys]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
// [PutRetentionPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html
CreateLogGroup(ctx context.Context, params *cloudwatchlogs.CreateLogGroupInput, optFns ...func(*Options)) (*cloudwatchlogs.CreateLogGroupOutput, error)
// Creates a log stream for the specified log group. A log stream is a sequence of
// log events that originate from a single source, such as an application instance
// or a resource that is being monitored.
//
// There is no limit on the number of log streams that you can create for a log
// group. There is a limit of 50 TPS on CreateLogStream operations, after which
// transactions are throttled.
//
// You must use the following guidelines when naming a log stream:
//
// - Log stream names must be unique within the log group.
//
// - Log stream names can be between 1 and 512 characters long.
//
// - Don't use ':' (colon) or '*' (asterisk) characters.
CreateLogStream(ctx context.Context, params *cloudwatchlogs.CreateLogStreamInput, optFns ...func(*Options)) (*cloudwatchlogs.CreateLogStreamOutput, error)
// Deletes a CloudWatch Logs account policy. This stops the account-wide policy
// from applying to log groups in the account. If you delete a data protection
// policy or subscription filter policy, any log-group level policies of those
// types remain in effect.
//
// To use this operation, you must be signed on with the correct permissions
// depending on the type of policy that you are deleting.
//
// - To delete a data protection policy, you must have the
// logs:DeleteDataProtectionPolicy and logs:DeleteAccountPolicy permissions.
//
// - To delete a subscription filter policy, you must have the
// logs:DeleteSubscriptionFilter and logs:DeleteAccountPolicy permissions.
//
// - To delete a transformer policy, you must have the logs:DeleteTransformer and
// logs:DeleteAccountPolicy permissions.
//
// - To delete a field index policy, you must have the logs:DeleteIndexPolicy and
// logs:DeleteAccountPolicy permissions.
//
// If you delete a field index policy, the indexing of the log events that
// happened before you deleted the policy will still be used for up to 30 days to
// improve CloudWatch Logs Insights queries.
DeleteAccountPolicy(ctx context.Context, params *cloudwatchlogs.DeleteAccountPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteAccountPolicyOutput, error)
// Deletes the data protection policy from the specified log group.
//
// For more information about data protection policies, see [PutDataProtectionPolicy].
//
// [PutDataProtectionPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
DeleteDataProtectionPolicy(ctx context.Context, params *cloudwatchlogs.DeleteDataProtectionPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteDataProtectionPolicyOutput, error)
// Deletes a delivery. A delivery is a connection between a logical delivery
// source and a logical delivery destination. Deleting a delivery only deletes the
// connection between the delivery source and delivery destination. It does not
// delete the delivery destination or the delivery source.
DeleteDelivery(ctx context.Context, params *cloudwatchlogs.DeleteDeliveryInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteDeliveryOutput, error)
// Deletes a delivery destination. A delivery is a connection between a logical
// delivery source and a logical delivery destination.
//
// You can't delete a delivery destination if any current deliveries are
// associated with it. To find whether any deliveries are associated with this
// delivery destination, use the [DescribeDeliveries]operation and check the deliveryDestinationArn
// field in the results.
//
// [DescribeDeliveries]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
DeleteDeliveryDestination(ctx context.Context, params *cloudwatchlogs.DeleteDeliveryDestinationInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteDeliveryDestinationOutput, error)
// Deletes a delivery destination policy. For more information about these
// policies, see [PutDeliveryDestinationPolicy].
//
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
DeleteDeliveryDestinationPolicy(ctx context.Context, params *cloudwatchlogs.DeleteDeliveryDestinationPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteDeliveryDestinationPolicyOutput, error)
// Deletes a delivery source. A delivery is a connection between a logical
// delivery source and a logical delivery destination.
//
// You can't delete a delivery source if any current deliveries are associated
// with it. To find whether any deliveries are associated with this delivery
// source, use the [DescribeDeliveries]operation and check the deliverySourceName field in the results.
//
// [DescribeDeliveries]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
DeleteDeliverySource(ctx context.Context, params *cloudwatchlogs.DeleteDeliverySourceInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteDeliverySourceOutput, error)
// Deletes the specified destination, and eventually disables all the subscription
// filters that publish to it. This operation does not delete the physical resource
// encapsulated by the destination.
DeleteDestination(ctx context.Context, params *cloudwatchlogs.DeleteDestinationInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteDestinationOutput, error)
// Deletes a log-group level field index policy that was applied to a single log
// group. The indexing of the log events that happened before you delete the policy
// will still be used for as many as 30 days to improve CloudWatch Logs Insights
// queries.
//
// You can't use this operation to delete an account-level index policy. Instead,
// use [DeletAccountPolicy].
//
// If you delete a log-group level field index policy and there is an
// account-level field index policy, in a few minutes the log group begins using
// that account-wide policy to index new incoming log events.
//
// [DeletAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteAccountPolicy.html
DeleteIndexPolicy(ctx context.Context, params *cloudwatchlogs.DeleteIndexPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteIndexPolicyOutput, error)
// Deletes the integration between CloudWatch Logs and OpenSearch Service. If your
// integration has active vended logs dashboards, you must specify true for the
// force parameter, otherwise the operation will fail. If you delete the
// integration by setting force to true , all your vended logs dashboards powered
// by OpenSearch Service will be deleted and the data that was on them will no
// longer be accessible.
DeleteIntegration(ctx context.Context, params *cloudwatchlogs.DeleteIntegrationInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteIntegrationOutput, error)
// Deletes the specified CloudWatch Logs anomaly detector.
DeleteLogAnomalyDetector(ctx context.Context, params *cloudwatchlogs.DeleteLogAnomalyDetectorInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteLogAnomalyDetectorOutput, error)
// Deletes the specified log group and permanently deletes all the archived log
// events associated with the log group.
DeleteLogGroup(ctx context.Context, params *cloudwatchlogs.DeleteLogGroupInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteLogGroupOutput, error)
// Deletes the specified log stream and permanently deletes all the archived log
// events associated with the log stream.
DeleteLogStream(ctx context.Context, params *cloudwatchlogs.DeleteLogStreamInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteLogStreamOutput, error)
// Deletes the specified metric filter.
DeleteMetricFilter(ctx context.Context, params *cloudwatchlogs.DeleteMetricFilterInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteMetricFilterOutput, error)
// Deletes a saved CloudWatch Logs Insights query definition. A query definition
// contains details about a saved CloudWatch Logs Insights query.
//
// Each DeleteQueryDefinition operation can delete one query definition.
//
// You must have the logs:DeleteQueryDefinition permission to be able to perform
// this operation.
DeleteQueryDefinition(ctx context.Context, params *cloudwatchlogs.DeleteQueryDefinitionInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteQueryDefinitionOutput, error)
// Deletes a resource policy from this account. This revokes the access of the
// identities in that policy to put log events to this account.
DeleteResourcePolicy(ctx context.Context, params *cloudwatchlogs.DeleteResourcePolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteResourcePolicyOutput, error)
// Deletes the specified retention policy.
//
// Log events do not expire if they belong to log groups without a retention
// policy.
DeleteRetentionPolicy(ctx context.Context, params *cloudwatchlogs.DeleteRetentionPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteRetentionPolicyOutput, error)
// Deletes the specified subscription filter.
DeleteSubscriptionFilter(ctx context.Context, params *cloudwatchlogs.DeleteSubscriptionFilterInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteSubscriptionFilterOutput, error)
// Deletes the log transformer for the specified log group. As soon as you do
// this, the transformation of incoming log events according to that transformer
// stops. If this account has an account-level transformer that applies to this log
// group, the log group begins using that account-level transformer when this
// log-group level transformer is deleted.
//
// After you delete a transformer, be sure to edit any metric filters or
// subscription filters that relied on the transformed versions of the log events.
DeleteTransformer(ctx context.Context, params *cloudwatchlogs.DeleteTransformerInput, optFns ...func(*Options)) (*cloudwatchlogs.DeleteTransformerOutput, error)
// Returns a list of all CloudWatch Logs account policies in the account.
//
// To use this operation, you must be signed on with the correct permissions
// depending on the type of policy that you are retrieving information for.
//
// - To see data protection policies, you must have the
// logs:GetDataProtectionPolicy and logs:DescribeAccountPolicies permissions.
//
// - To see subscription filter policies, you must have the
// logs:DescribeSubscriptionFilters and logs:DescribeAccountPolicies permissions.
//
// - To see transformer policies, you must have the logs:GetTransformer and
// logs:DescribeAccountPolicies permissions.
//
// - To see field index policies, you must have the logs:DescribeIndexPolicies
// and logs:DescribeAccountPolicies permissions.
DescribeAccountPolicies(ctx context.Context, params *cloudwatchlogs.DescribeAccountPoliciesInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeAccountPoliciesOutput, error)
// Use this operation to return the valid and default values that are used when
// creating delivery sources, delivery destinations, and deliveries. For more
// information about deliveries, see [CreateDelivery].
//
// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
DescribeConfigurationTemplates(ctx context.Context, params *cloudwatchlogs.DescribeConfigurationTemplatesInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeConfigurationTemplatesOutput, error)
// Retrieves a list of the deliveries that have been created in the account.
//
// A delivery is a connection between a [delivery source] and a [delivery destination].
//
// A delivery source represents an Amazon Web Services resource that sends logs to
// an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3,
// Firehose or X-Ray. Only some Amazon Web Services services support being
// configured as a delivery source. These services are listed in [Enable logging from Amazon Web Services services.]
//
// [delivery destination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [delivery source]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enable logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
DescribeDeliveries(ctx context.Context, params *cloudwatchlogs.DescribeDeliveriesInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeDeliveriesOutput, error)
// Retrieves a list of the delivery destinations that have been created in the
// account.
DescribeDeliveryDestinations(ctx context.Context, params *cloudwatchlogs.DescribeDeliveryDestinationsInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeDeliveryDestinationsOutput, error)
// Retrieves a list of the delivery sources that have been created in the account.
DescribeDeliverySources(ctx context.Context, params *cloudwatchlogs.DescribeDeliverySourcesInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeDeliverySourcesOutput, error)
// Lists all your destinations. The results are ASCII-sorted by destination name.
DescribeDestinations(ctx context.Context, params *cloudwatchlogs.DescribeDestinationsInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeDestinationsOutput, error)
// Lists the specified export tasks. You can list all your export tasks or filter
// the results based on task ID or task status.
DescribeExportTasks(ctx context.Context, params *cloudwatchlogs.DescribeExportTasksInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeExportTasksOutput, error)
// Returns a list of custom and default field indexes which are discovered in log
// data. For more information about field index policies, see [PutIndexPolicy].
//
// [PutIndexPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
DescribeFieldIndexes(ctx context.Context, params *cloudwatchlogs.DescribeFieldIndexesInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeFieldIndexesOutput, error)
// Returns the field index policies of the specified log group. For more
// information about field index policies, see [PutIndexPolicy].
//
// If a specified log group has a log-group level index policy, that policy is
// returned by this operation.
//
// If a specified log group doesn't have a log-group level index policy, but an
// account-wide index policy applies to it, that account-wide policy is returned by
// this operation.
//
// To find information about only account-level policies, use [DescribeAccountPolicies] instead.
//
// [PutIndexPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
// [DescribeAccountPolicies]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html
DescribeIndexPolicies(ctx context.Context, params *cloudwatchlogs.DescribeIndexPoliciesInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeIndexPoliciesOutput, error)
// Returns information about log groups. You can return all your log groups or
// filter the results by prefix. The results are ASCII-sorted by log group name.
//
// CloudWatch Logs doesn't support IAM policies that control access to the
// DescribeLogGroups action by using the aws:ResourceTag/key-name condition key.
// Other CloudWatch Logs actions do support the use of the
// aws:ResourceTag/key-name condition key to control access. For more information
// about using tags to control access, see [Controlling access to Amazon Web Services resources using tags].
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [Controlling access to Amazon Web Services resources using tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
DescribeLogGroups(ctx context.Context, params *cloudwatchlogs.DescribeLogGroupsInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeLogGroupsOutput, error)
// Lists the log streams for the specified log group. You can list all the log
// streams or filter the results by prefix. You can also control how the results
// are ordered.
//
// You can specify the log group to search by using either logGroupIdentifier or
// logGroupName . You must include one of these two parameters, but you can't
// include both.
//
// This operation has a limit of 25 transactions per second, after which
// transactions are throttled.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
DescribeLogStreams(ctx context.Context, params *cloudwatchlogs.DescribeLogStreamsInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeLogStreamsOutput, error)
// Lists the specified metric filters. You can list all of the metric filters or
// filter the results by log name, prefix, metric name, or metric namespace. The
// results are ASCII-sorted by filter name.
DescribeMetricFilters(ctx context.Context, params *cloudwatchlogs.DescribeMetricFiltersInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeMetricFiltersOutput, error)
// Returns a list of CloudWatch Logs Insights queries that are scheduled, running,
// or have been run recently in this account. You can request all queries or limit
// it to queries of a specific log group or queries with a certain status.
DescribeQueries(ctx context.Context, params *cloudwatchlogs.DescribeQueriesInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeQueriesOutput, error)
// This operation returns a paginated list of your saved CloudWatch Logs Insights
// query definitions. You can retrieve query definitions from the current account
// or from a source account that is linked to the current account.
//
// You can use the queryDefinitionNamePrefix parameter to limit the results to
// only the query definitions that have names that start with a certain string.
DescribeQueryDefinitions(ctx context.Context, params *cloudwatchlogs.DescribeQueryDefinitionsInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeQueryDefinitionsOutput, error)
// Lists the resource policies in this account.
DescribeResourcePolicies(ctx context.Context, params *cloudwatchlogs.DescribeResourcePoliciesInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeResourcePoliciesOutput, error)
// Lists the subscription filters for the specified log group. You can list all
// the subscription filters or filter the results by prefix. The results are
// ASCII-sorted by filter name.
DescribeSubscriptionFilters(ctx context.Context, params *cloudwatchlogs.DescribeSubscriptionFiltersInput, optFns ...func(*Options)) (*cloudwatchlogs.DescribeSubscriptionFiltersOutput, error)
// Disassociates the specified KMS key from the specified log group or from all
// CloudWatch Logs Insights query results in the account.
//
// When you use DisassociateKmsKey , you specify either the logGroupName parameter
// or the resourceIdentifier parameter. You can't specify both of those parameters
// in the same operation.
//
// - Specify the logGroupName parameter to stop using the KMS key to encrypt
// future log events ingested and stored in the log group. Instead, they will be
// encrypted with the default CloudWatch Logs method. The log events that were
// ingested while the key was associated with the log group are still encrypted
// with that key. Therefore, CloudWatch Logs will need permissions for the key
// whenever that data is accessed.
//
// - Specify the resourceIdentifier parameter with the query-result resource to
// stop using the KMS key to encrypt the results of all future [StartQuery]operations in the
// account. They will instead be encrypted with the default CloudWatch Logs method.
// The results from queries that ran while the key was associated with the account
// are still encrypted with that key. Therefore, CloudWatch Logs will need
// permissions for the key whenever that data is accessed.
//
// It can take up to 5 minutes for this operation to take effect.
//
// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
DisassociateKmsKey(ctx context.Context, params *cloudwatchlogs.DisassociateKmsKeyInput, optFns ...func(*Options)) (*cloudwatchlogs.DisassociateKmsKeyOutput, error)
// Lists log events from the specified log group. You can list all the log events
// or filter the results using one or more of the following:
//
// - A filter pattern
//
// - A time range
//
// - The log stream name, or a log stream name prefix that matches multiple log
// streams
//
// You must have the logs:FilterLogEvents permission to perform this operation.
//
// You can specify the log group to search by using either logGroupIdentifier or
// logGroupName . You must include one of these two parameters, but you can't
// include both.
//
// FilterLogEvents is a paginated operation. Each page returned can contain up to
// 1 MB of log events or up to 10,000 log events. A returned page might only be
// partially full, or even empty. For example, if the result of a query would
// return 15,000 log events, the first page isn't guaranteed to have 10,000 log
// events even if they all fit into 1 MB.
//
// Partially full or empty pages don't necessarily mean that pagination is
// finished. If the results include a nextToken , there might be more log events
// available. You can return these additional log events by providing the nextToken
// in a subsequent FilterLogEvents operation. If the results don't include a
// nextToken , then pagination is finished.
//
// Specifying the limit parameter only guarantees that a single page doesn't
// return more log events than the specified limit, but it might return fewer
// events than the limit. This is the expected API behavior.
//
// The returned log events are sorted by event timestamp, the timestamp when the
// event was ingested by CloudWatch Logs, and the ID of the PutLogEvents request.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// If you are using [log transformation], the FilterLogEvents operation returns only the original
// versions of log events, before they were transformed. To view the transformed
// versions, you must use a [CloudWatch Logs query.]
//
// [log transformation]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [CloudWatch Logs query.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html
FilterLogEvents(ctx context.Context, params *cloudwatchlogs.FilterLogEventsInput, optFns ...func(*Options)) (*cloudwatchlogs.FilterLogEventsOutput, error)
// Returns information about a log group data protection policy.
GetDataProtectionPolicy(ctx context.Context, params *cloudwatchlogs.GetDataProtectionPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.GetDataProtectionPolicyOutput, error)
// Returns complete information about one logical delivery. A delivery is a
// connection between a [delivery source]and a [delivery destination].
//
// A delivery source represents an Amazon Web Services resource that sends logs to
// an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3,
// or Firehose. Only some Amazon Web Services services support being configured as
// a delivery source. These services are listed in [Enable logging from Amazon Web Services services.]
//
// You need to specify the delivery id in this operation. You can find the IDs of
// the deliveries in your account with the [DescribeDeliveries]operation.
//
// [delivery destination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [delivery source]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enable logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [DescribeDeliveries]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
GetDelivery(ctx context.Context, params *cloudwatchlogs.GetDeliveryInput, optFns ...func(*Options)) (*cloudwatchlogs.GetDeliveryOutput, error)
// Retrieves complete information about one delivery destination.
GetDeliveryDestination(ctx context.Context, params *cloudwatchlogs.GetDeliveryDestinationInput, optFns ...func(*Options)) (*cloudwatchlogs.GetDeliveryDestinationOutput, error)
// Retrieves the delivery destination policy assigned to the delivery destination
// that you specify. For more information about delivery destinations and their
// policies, see [PutDeliveryDestinationPolicy].
//
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
GetDeliveryDestinationPolicy(ctx context.Context, params *cloudwatchlogs.GetDeliveryDestinationPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.GetDeliveryDestinationPolicyOutput, error)
// Retrieves complete information about one delivery source.
GetDeliverySource(ctx context.Context, params *cloudwatchlogs.GetDeliverySourceInput, optFns ...func(*Options)) (*cloudwatchlogs.GetDeliverySourceOutput, error)
// Returns information about one integration between CloudWatch Logs and
// OpenSearch Service.
GetIntegration(ctx context.Context, params *cloudwatchlogs.GetIntegrationInput, optFns ...func(*Options)) (*cloudwatchlogs.GetIntegrationOutput, error)
// Retrieves information about the log anomaly detector that you specify. The KMS
// key ARN detected is valid.
GetLogAnomalyDetector(ctx context.Context, params *cloudwatchlogs.GetLogAnomalyDetectorInput, optFns ...func(*Options)) (*cloudwatchlogs.GetLogAnomalyDetectorOutput, error)
// Lists log events from the specified log stream. You can list all of the log
// events or filter using a time range.
//
// GetLogEvents is a paginated operation. Each page returned can contain up to 1
// MB of log events or up to 10,000 log events. A returned page might only be
// partially full, or even empty. For example, if the result of a query would
// return 15,000 log events, the first page isn't guaranteed to have 10,000 log
// events even if they all fit into 1 MB.
//
// Partially full or empty pages don't necessarily mean that pagination is
// finished. As long as the nextBackwardToken or nextForwardToken returned is NOT
// equal to the nextToken that you passed into the API call, there might be more
// log events available. The token that you use depends on the direction you want
// to move in along the log stream. The returned tokens are never null.
//
// If you set startFromHead to true and you don’t include endTime in your request,
// you can end up in a situation where the pagination doesn't terminate. This can
// happen when the new log events are being added to the target log streams faster
// than they are being read. This situation is a good use case for the CloudWatch
// Logs [Live Tail]feature.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// You can specify the log group to search by using either logGroupIdentifier or
// logGroupName . You must include one of these two parameters, but you can't
// include both.
//
// If you are using [log transformation], the GetLogEvents operation returns only the original
// versions of log events, before they were transformed. To view the transformed
// versions, you must use a [CloudWatch Logs query.]
//
// [log transformation]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [CloudWatch Logs query.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html
// [Live Tail]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs_LiveTail.html
GetLogEvents(ctx context.Context, params *cloudwatchlogs.GetLogEventsInput, optFns ...func(*Options)) (*cloudwatchlogs.GetLogEventsOutput, error)
// Returns a list of the fields that are included in log events in the specified
// log group. Includes the percentage of log events that contain each field. The
// search is limited to a time period that you specify.
//
// You can specify the log group to search by using either logGroupIdentifier or
// logGroupName . You must specify one of these parameters, but you can't specify
// both.
//
// In the results, fields that start with @ are fields generated by CloudWatch
// Logs. For example, @timestamp is the timestamp of each log event. For more
// information about the fields that are generated by CloudWatch logs, see [Supported Logs and Discovered Fields].
//
// The response results are sorted by the frequency percentage, starting with the
// highest percentage.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account and view data from the linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [Supported Logs and Discovered Fields]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html
GetLogGroupFields(ctx context.Context, params *cloudwatchlogs.GetLogGroupFieldsInput, optFns ...func(*Options)) (*cloudwatchlogs.GetLogGroupFieldsOutput, error)
// Retrieves a large logging object (LLO) and streams it back. This API is used to
// fetch the content of large portions of log events that have been ingested
// through the PutOpenTelemetryLogs API. When log events contain fields that would
// cause the total event size to exceed 1MB, CloudWatch Logs automatically
// processes up to 10 fields, starting with the largest fields. Each field is
// truncated as needed to keep the total event size as close to 1MB as possible.
// The excess portions are stored as Large Log Objects (LLOs) and these fields are
// processed separately and LLO reference system fields (in the format
// @ptr.$[path.to.field] ) are added. The path in the reference field reflects the
// original JSON structure where the large field was located. For example, this
// could be @ptr.$['input']['message'] , @ptr.$['AAA']['BBB']['CCC']['DDD'] ,
// @ptr.$['AAA'] , or any other path matching your log structure.
GetLogObject(ctx context.Context, params *cloudwatchlogs.GetLogObjectInput, optFns ...func(*Options)) (*cloudwatchlogs.GetLogObjectOutput, error)
// Retrieves all of the fields and values of a single log event. All fields are
// retrieved, even if the original query that produced the logRecordPointer
// retrieved only a subset of fields. Fields are returned as field name/field value
// pairs.
//
// The full unparsed log event is returned within @message .
GetLogRecord(ctx context.Context, params *cloudwatchlogs.GetLogRecordInput, optFns ...func(*Options)) (*cloudwatchlogs.GetLogRecordOutput, error)
// Returns the results from the specified query.
//
// Only the fields requested in the query are returned, along with a @ptr field,
// which is the identifier for the log record. You can use the value of @ptr in a [GetLogRecord]
// operation to get the full log record.
//
// GetQueryResults does not start running a query. To run a query, use [StartQuery]. For more
// information about how long results of previous queries are available, see [CloudWatch Logs quotas].
//
// If the value of the Status field in the output is Running , this operation
// returns only partial results. If you see a value of Scheduled or Running for
// the status, you can retry the operation later to see the final results.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account to start queries in linked source accounts.
// For more information, see [CloudWatch cross-account observability].
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [GetLogRecord]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html
// [CloudWatch Logs quotas]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch_limits_cwl.html
// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
GetQueryResults(ctx context.Context, params *cloudwatchlogs.GetQueryResultsInput, optFns ...func(*Options)) (*cloudwatchlogs.GetQueryResultsOutput, error)
// Returns the information about the log transformer associated with this log
// group.
//
// This operation returns data only for transformers created at the log group
// level. To get information for an account-level transformer, use [DescribeAccountPolicies].
//
// [DescribeAccountPolicies]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html
GetTransformer(ctx context.Context, params *cloudwatchlogs.GetTransformerInput, optFns ...func(*Options)) (*cloudwatchlogs.GetTransformerOutput, error)
// Returns a list of anomalies that log anomaly detectors have found. For details
// about the structure format of each anomaly object that is returned, see the
// example in this section.
ListAnomalies(ctx context.Context, params *cloudwatchlogs.ListAnomaliesInput, optFns ...func(*Options)) (*cloudwatchlogs.ListAnomaliesOutput, error)
// Returns a list of integrations between CloudWatch Logs and other services in
// this account. Currently, only one integration can be created in an account, and
// this integration must be with OpenSearch Service.
ListIntegrations(ctx context.Context, params *cloudwatchlogs.ListIntegrationsInput, optFns ...func(*Options)) (*cloudwatchlogs.ListIntegrationsOutput, error)
// Retrieves a list of the log anomaly detectors in the account.
ListLogAnomalyDetectors(ctx context.Context, params *cloudwatchlogs.ListLogAnomalyDetectorsInput, optFns ...func(*Options)) (*cloudwatchlogs.ListLogAnomalyDetectorsOutput, error)
// Returns a list of log groups in the Region in your account. If you are
// performing this action in a monitoring account, you can choose to also return
// log groups from source accounts that are linked to the monitoring account. For
// more information about using cross-account observability to set up monitoring
// accounts and source accounts, see [CloudWatch cross-account observability].
//
// You can optionally filter the list by log group class and by using regular
// expressions in your request to match strings in the log group names.
//
// This operation is paginated. By default, your first use of this operation
// returns 50 results, and includes a token to use in a subsequent operation to
// return more results.
//
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
ListLogGroups(ctx context.Context, params *cloudwatchlogs.ListLogGroupsInput, optFns ...func(*Options)) (*cloudwatchlogs.ListLogGroupsOutput, error)
// Returns a list of the log groups that were analyzed during a single CloudWatch
// Logs Insights query. This can be useful for queries that use log group name
// prefixes or the filterIndex command, because the log groups are dynamically
// selected in these cases.
//
// For more information about field indexes, see [Create field indexes to improve query performance and reduce costs].
//
// [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
ListLogGroupsForQuery(ctx context.Context, params *cloudwatchlogs.ListLogGroupsForQueryInput, optFns ...func(*Options)) (*cloudwatchlogs.ListLogGroupsForQueryOutput, error)
// Displays the tags associated with a CloudWatch Logs resource. Currently, log
// groups and destinations support tagging.
ListTagsForResource(ctx context.Context, params *cloudwatchlogs.ListTagsForResourceInput, optFns ...func(*Options)) (*cloudwatchlogs.ListTagsForResourceOutput, error)
// The ListTagsLogGroup operation is on the path to deprecation. We recommend that
// you use [ListTagsForResource]instead.
//
// Lists the tags for the specified log group.
//
// Deprecated: Please use the generic tagging API ListTagsForResource
//
// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
ListTagsLogGroup(ctx context.Context, params *cloudwatchlogs.ListTagsLogGroupInput, optFns ...func(*Options)) (*cloudwatchlogs.ListTagsLogGroupOutput, error)
// Creates an account-level data protection policy, subscription filter policy,
// field index policy, transformer policy, or metric extraction policy that applies
// to all log groups or a subset of log groups in the account.
//
// To use this operation, you must be signed on with the correct permissions
// depending on the type of policy that you are creating.
//
// - To create a data protection policy, you must have the
// logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.
//
// - To create a subscription filter policy, you must have the
// logs:PutSubscriptionFilter and logs:PutAccountPolicy permissions.
//
// - To create a transformer policy, you must have the logs:PutTransformer and
// logs:PutAccountPolicy permissions.
//
// - To create a field index policy, you must have the logs:PutIndexPolicy and
// logs:PutAccountPolicy permissions.
//
// - To create a metric extraction policy, you must have the
// logs:PutMetricExtractionPolicy and logs:PutAccountPolicy permissions.
//
// # Data protection policy
//
// A data protection policy can help safeguard sensitive data that's ingested by
// your log groups by auditing and masking the sensitive log data. Each account can
// have only one account-level data protection policy.
//
// Sensitive data is detected and masked when it is ingested into a log group.
// When you set a data protection policy, log events ingested into the log groups
// before that time are not masked.
//
// If you use PutAccountPolicy to create a data protection policy for your whole
// account, it applies to both existing log groups and all log groups that are
// created later in this account. The account-level policy is applied to existing
// log groups with eventual consistency. It might take up to 5 minutes before
// sensitive data in existing log groups begins to be masked.
//
// By default, when a user views a log event that includes masked data, the
// sensitive data is replaced by asterisks. A user who has the logs:Unmask
// permission can use a [GetLogEvents]or [FilterLogEvents] operation with the unmask parameter set to true to
// view the unmasked log events. Users with the logs:Unmask can also view unmasked
// data in the CloudWatch Logs console by running a CloudWatch Logs Insights query
// with the unmask query command.
//
// For more information, including a list of types of data that can be audited and
// masked, see [Protect sensitive log data with masking].
//
// To use the PutAccountPolicy operation for a data protection policy, you must be
// signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy
// permissions.
//
// The PutAccountPolicy operation applies to all log groups in the account. You
// can use [PutDataProtectionPolicy]to create a data protection policy that applies to just one log group.
// If a log group has its own data protection policy and the account also has an
// account-level data protection policy, then the two policies are cumulative. Any
// sensitive term specified in either policy is masked.
//
// # Subscription filter policy
//
// A subscription filter policy sets up a real-time feed of log events from
// CloudWatch Logs to other Amazon Web Services services. Account-level
// subscription filter policies apply to both existing log groups and log groups
// that are created later in this account. Supported destinations are Kinesis Data
// Streams, Firehose, and Lambda. When log events are sent to the receiving
// service, they are Base64 encoded and compressed with the GZIP format.
//
// The following destinations are supported for subscription filters:
//
// - An Kinesis Data Streams data stream in the same account as the subscription
// policy, for same-account delivery.
//
// - An Firehose data stream in the same account as the subscription policy, for
// same-account delivery.
//
// - A Lambda function in the same account as the subscription policy, for
// same-account delivery.
//
// - A logical destination in a different account created with [PutDestination], for
// cross-account delivery. Kinesis Data Streams and Firehose are supported as
// logical destinations.
//
// Each account can have one account-level subscription filter policy per Region.
// If you are updating an existing filter, you must specify the correct name in
// PolicyName . To perform a PutAccountPolicy subscription filter operation for
// any destination except a Lambda function, you must also have the iam:PassRole
// permission.
//
// # Transformer policy
//
// Creates or updates a log transformer policy for your account. You use log
// transformers to transform log events into a different format, making them easier
// for you to process and analyze. You can also transform logs from different
// sources into standardized formats that contain relevant, source-specific
// information. After you have created a transformer, CloudWatch Logs performs this
// transformation at the time of log ingestion. You can then refer to the
// transformed versions of the logs during operations such as querying with
// CloudWatch Logs Insights or creating metric filters or subscription filters.
//
// You can also use a transformer to copy metadata from metadata keys into the log
// events themselves. This metadata can include log group name, log stream name,
// account ID and Region.
//
// A transformer for a log group is a series of processors, where each processor
// applies one type of transformation to the log events ingested into this log
// group. For more information about the available processors to use in a
// transformer, see [Processors that you can use].
//
// Having log events in standardized format enables visibility across your
// applications for your log analysis, reporting, and alarming needs. CloudWatch
// Logs provides transformation for common log types with out-of-the-box
// transformation templates for major Amazon Web Services log sources such as VPC
// flow logs, Lambda, and Amazon RDS. You can use pre-built transformation
// templates or create custom transformation policies.
//
// You can create transformers only for the log groups in the Standard log class.
//
// You can have one account-level transformer policy that applies to all log
// groups in the account. Or you can create as many as 20 account-level transformer
// policies that are each scoped to a subset of log groups with the
// selectionCriteria parameter. If you have multiple account-level transformer
// policies with selection criteria, no two of them can use the same or overlapping
// log group name prefixes. For example, if you have one policy filtered to log
// groups that start with my-log , you can't have another field index policy
// filtered to my-logpprod or my-logging .
//
// CloudWatch Logs provides default field indexes for all log groups in the
// Standard log class. Default field indexes are automatically available for the
// following fields:
//
// - @aws.region
//
// - @aws.account
//
// - @source.log
//
// - traceId
//
// Default field indexes are in addition to any custom field indexes you define
// within your policy. Default field indexes are not counted towards your field
// index quota.
//
// You can also set up a transformer at the log-group level. For more information,
// see [PutTransformer]. If there is both a log-group level transformer created with PutTransformer
// and an account-level transformer that could apply to the same log group, the log
// group uses only the log-group level transformer. It ignores the account-level
// transformer.
//
// # Field index policy
//
// You can use field index policies to create indexes on fields found in log
// events in the log group. Creating field indexes can help lower the scan volume
// for CloudWatch Logs Insights queries that reference those fields, because these
// queries attempt to skip the processing of log events that are known to not match
// the indexed field. Good fields to index are fields that you often need to query
// for and fields or values that match only a small fraction of the total log
// events. Common examples of indexes include request ID, session ID, user IDs, or
// instance IDs. For more information, see [Create field indexes to improve query performance and reduce costs]
//
// To find the fields that are in your log group events, use the [GetLogGroupFields] operation.
//
// For example, suppose you have created a field index for requestId . Then, any
// CloudWatch Logs Insights query on that log group that includes requestId =
// value or requestId in [value, value, ...] will attempt to process only the log
// events where the indexed field matches the specified value.
//
// Matches of log events to the names of indexed fields are case-sensitive. For
// example, an indexed field of RequestId won't match a log event containing
// requestId .
//
// You can have one account-level field index policy that applies to all log
// groups in the account. Or you can create as many as 20 account-level field index
// policies that are each scoped to a subset of log groups with the
// selectionCriteria parameter. If you have multiple account-level index policies
// with selection criteria, no two of them can use the same or overlapping log
// group name prefixes. For example, if you have one policy filtered to log groups
// that start with my-log , you can't have another field index policy filtered to
// my-logpprod or my-logging .
//
// If you create an account-level field index policy in a monitoring account in
// cross-account observability, the policy is applied only to the monitoring
// account and not to any source accounts.
//
// If you want to create a field index policy for a single log group, you can use [PutIndexPolicy]
// instead of PutAccountPolicy . If you do so, that log group will use only that
// log-group level policy, and will ignore the account-level policy that you create
// with [PutAccountPolicy].
//
// # Metric extraction policy
//
// A metric extraction policy controls whether CloudWatch Metrics can be created
// through the Embedded Metrics Format (EMF) for log groups in your account. By
// default, EMF metric creation is enabled for all log groups. You can use metric
// extraction policies to disable EMF metric creation for your entire account or
// specific log groups.
//
// When a policy disables EMF metric creation for a log group, log events in the
// EMF format are still ingested, but no CloudWatch Metrics are created from them.
//
// Creating a policy disables metrics for AWS features that use EMF to create
// metrics, such as CloudWatch Container Insights and CloudWatch Application
// Signals. To prevent turning off those features by accident, we recommend that
// you exclude the underlying log-groups through a selection-criteria such as
// LogGroupNamePrefix NOT IN ["/aws/containerinsights",
// "/aws/ecs/containerinsights", "/aws/application-signals/data"] .
//
// Each account can have either one account-level metric extraction policy that
// applies to all log groups, or up to 5 policies that are each scoped to a subset
// of log groups with the selectionCriteria parameter. The selection criteria
// supports filtering by LogGroupName and LogGroupNamePrefix using the operators IN
// and NOT IN . You can specify up to 50 values in each IN or NOT IN list.
//
// The selection criteria can be specified in these formats:
//
// LogGroupName IN ["log-group-1", "log-group-2"]
//
// LogGroupNamePrefix NOT IN ["/aws/prefix1", "/aws/prefix2"]
//
// If you have multiple account-level metric extraction policies with selection
// criteria, no two of them can have overlapping criteria. For example, if you have
// one policy with selection criteria LogGroupNamePrefix IN ["my-log"] , you can't
// have another metric extraction policy with selection criteria
// LogGroupNamePrefix IN ["/my-log-prod"] or LogGroupNamePrefix IN ["/my-logging"]
// , as the set of log groups matching these prefixes would be a subset of the log
// groups matching the first policy's prefix, creating an overlap.
//
// When using NOT IN , only one policy with this operator is allowed per account.
//
// When combining policies with IN and NOT IN operators, the overlap check ensures
// that policies don't have conflicting effects. Two policies with IN and NOT IN
// operators do not overlap if and only if every value in the IN policy is
// completely contained within some value in the NOT IN policy. For example:
//
// - If you have a NOT IN policy for prefix "/aws/lambda" , you can create an IN
// policy for the exact log group name "/aws/lambda/function1" because the set of
// log groups matching "/aws/lambda/function1" is a subset of the log groups
// matching "/aws/lambda" .
//
// - If you have a NOT IN policy for prefix "/aws/lambda" , you cannot create an
// IN policy for prefix "/aws" because the set of log groups matching "/aws" is
// not a subset of the log groups matching "/aws/lambda" .
//
// [PutDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
// [PutTransformer]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
// [PutIndexPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
// [PutDataProtectionPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
// [Protect sensitive log data with masking]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
// [FilterLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
// [GetLogGroupFields]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html
// [Processors that you can use]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
// [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
// [GetLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
PutAccountPolicy(ctx context.Context, params *cloudwatchlogs.PutAccountPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.PutAccountPolicyOutput, error)
// Creates a data protection policy for the specified log group. A data protection
// policy can help safeguard sensitive data that's ingested by the log group by
// auditing and masking the sensitive log data.
//
// Sensitive data is detected and masked when it is ingested into the log group.
// When you set a data protection policy, log events ingested into the log group
// before that time are not masked.
//
// By default, when a user views a log event that includes masked data, the
// sensitive data is replaced by asterisks. A user who has the logs:Unmask
// permission can use a [GetLogEvents]or [FilterLogEvents] operation with the unmask parameter set to true to
// view the unmasked log events. Users with the logs:Unmask can also view unmasked
// data in the CloudWatch Logs console by running a CloudWatch Logs Insights query
// with the unmask query command.
//
// For more information, including a list of types of data that can be audited and
// masked, see [Protect sensitive log data with masking].
//
// The PutDataProtectionPolicy operation applies to only the specified log group.
// You can also use [PutAccountPolicy]to create an account-level data protection policy that applies
// to all log groups in the account, including both existing log groups and log
// groups that are created level. If a log group has its own data protection policy
// and the account also has an account-level data protection policy, then the two
// policies are cumulative. Any sensitive term specified in either policy is
// masked.
//
// [Protect sensitive log data with masking]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
// [FilterLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
// [GetLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
PutDataProtectionPolicy(ctx context.Context, params *cloudwatchlogs.PutDataProtectionPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.PutDataProtectionPolicyOutput, error)
// Creates or updates a logical delivery destination. A delivery destination is an
// Amazon Web Services resource that represents an Amazon Web Services service that
// logs can be sent to. CloudWatch Logs, Amazon S3, and Firehose are supported as
// logs delivery destinations and X-Ray as the trace delivery destination.
//
// To configure logs delivery between a supported Amazon Web Services service and
// a destination, you must do the following:
//
// - Create a delivery source, which is a logical object that represents the
// resource that is actually sending the logs. For more information, see [PutDeliverySource].
//
// - Use PutDeliveryDestination to create a delivery destination in the same
// account of the actual delivery destination. The delivery destination that you
// create is a logical object that represents the actual delivery destination.
//
// - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy]in the destination
// account to assign an IAM policy to the destination. This policy allows delivery
// to that destination.
//
// - Use CreateDelivery to create a delivery by pairing exactly one delivery
// source and one delivery destination. For more information, see [CreateDelivery].
//
// You can configure a single delivery source to send logs to multiple
// destinations by creating multiple deliveries. You can also create multiple
// deliveries to configure multiple delivery sources to send logs to the same
// delivery destination.
//
// Only some Amazon Web Services services support being configured as a delivery
// source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from Amazon Web Services services.]
//
// If you use this operation to update an existing delivery destination, all the
// current delivery destination parameters are overwritten with the new parameter
// values that you specify.
//
// [PutDeliverySource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
PutDeliveryDestination(ctx context.Context, params *cloudwatchlogs.PutDeliveryDestinationInput, optFns ...func(*Options)) (*cloudwatchlogs.PutDeliveryDestinationOutput, error)
// Creates and assigns an IAM policy that grants permissions to CloudWatch Logs to
// deliver logs cross-account to a specified destination in this account. To
// configure the delivery of logs from an Amazon Web Services service in another
// account to a logs delivery destination in the current account, you must do the
// following:
//
// - Create a delivery source, which is a logical object that represents the
// resource that is actually sending the logs. For more information, see [PutDeliverySource].
//
// - Create a delivery destination, which is a logical object that represents
// the actual delivery destination. For more information, see [PutDeliveryDestination].
//
// - Use this operation in the destination account to assign an IAM policy to
// the destination. This policy allows delivery to that destination.
//
// - Create a delivery by pairing exactly one delivery source and one delivery
// destination. For more information, see [CreateDelivery].
//
// Only some Amazon Web Services services support being configured as a delivery
// source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from Amazon Web Services services.]
//
// The contents of the policy must include two statements. One statement enables
// general logs delivery, and the other allows delivery to the chosen destination.
// See the examples for the needed policies.
//
// [PutDeliveryDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [PutDeliverySource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
PutDeliveryDestinationPolicy(ctx context.Context, params *cloudwatchlogs.PutDeliveryDestinationPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.PutDeliveryDestinationPolicyOutput, error)
// Creates or updates a logical delivery source. A delivery source represents an
// Amazon Web Services resource that sends logs to an logs delivery destination.
// The destination can be CloudWatch Logs, Amazon S3, Firehose or X-Ray for sending
// traces.
//
// To configure logs delivery between a delivery destination and an Amazon Web
// Services service that is supported as a delivery source, you must do the
// following:
//
// - Use PutDeliverySource to create a delivery source, which is a logical object
// that represents the resource that is actually sending the logs.
//
// - Use PutDeliveryDestination to create a delivery destination, which is a
// logical object that represents the actual delivery destination. For more
// information, see [PutDeliveryDestination].
//
// - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy]in the destination
// account to assign an IAM policy to the destination. This policy allows delivery
// to that destination.
//
// - Use CreateDelivery to create a delivery by pairing exactly one delivery
// source and one delivery destination. For more information, see [CreateDelivery].
//
// You can configure a single delivery source to send logs to multiple
// destinations by creating multiple deliveries. You can also create multiple
// deliveries to configure multiple delivery sources to send logs to the same
// delivery destination.
//
// Only some Amazon Web Services services support being configured as a delivery
// source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from Amazon Web Services services.]
//
// If you use this operation to update an existing delivery source, all the
// current delivery source parameters are overwritten with the new parameter values
// that you specify.
//
// [PutDeliveryDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
// [Enabling logging from Amazon Web Services services.]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
// [CreateDelivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
// [PutDeliveryDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
PutDeliverySource(ctx context.Context, params *cloudwatchlogs.PutDeliverySourceInput, optFns ...func(*Options)) (*cloudwatchlogs.PutDeliverySourceOutput, error)
// Creates or updates a destination. This operation is used only to create
// destinations for cross-account subscriptions.
//
// A destination encapsulates a physical resource (such as an Amazon Kinesis
// stream). With a destination, you can subscribe to a real-time stream of log
// events for a different account, ingested using [PutLogEvents].
//
// Through an access policy, a destination controls what is written to it. By
// default, PutDestination does not set any access policy with the destination,
// which means a cross-account user cannot call [PutSubscriptionFilter]against this destination. To
// enable this, the destination owner must call [PutDestinationPolicy]after PutDestination .
//
// To perform a PutDestination operation, you must also have the iam:PassRole
// permission.
//
// [PutSubscriptionFilter]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html
// [PutLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
// [PutDestinationPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html
PutDestination(ctx context.Context, params *cloudwatchlogs.PutDestinationInput, optFns ...func(*Options)) (*cloudwatchlogs.PutDestinationOutput, error)
// Creates or updates an access policy associated with an existing destination. An
// access policy is an [IAM policy document]that is used to authorize claims to register a subscription
// filter against a given destination.
//
// [IAM policy document]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html
PutDestinationPolicy(ctx context.Context, params *cloudwatchlogs.PutDestinationPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.PutDestinationPolicyOutput, error)
// Creates or updates a field index policy for the specified log group. Only log
// groups in the Standard log class support field index policies. For more
// information about log classes, see [Log classes].
//
// You can use field index policies to create field indexes on fields found in log
// events in the log group. Creating field indexes speeds up and lowers the costs
// for CloudWatch Logs Insights queries that reference those field indexes, because
// these queries attempt to skip the processing of log events that are known to not
// match the indexed field. Good fields to index are fields that you often need to
// query for and fields or values that match only a small fraction of the total log
// events. Common examples of indexes include request ID, session ID, userID, and
// instance IDs. For more information, see [Create field indexes to improve query performance and reduce costs].
//
// To find the fields that are in your log group events, use the [GetLogGroupFields] operation.
//
// For example, suppose you have created a field index for requestId . Then, any
// CloudWatch Logs Insights query on that log group that includes requestId =
// value or requestId IN [value, value, ...] will process fewer log events to
// reduce costs, and have improved performance.
//
// CloudWatch Logs provides default field indexes for all log groups in the
// Standard log class. Default field indexes are automatically available for the
// following fields:
//
// - @aws.region
//
// - @aws.account
//
// - @source.log
//
// - traceId
//
// Default field indexes are in addition to any custom field indexes you define
// within your policy. Default field indexes are not counted towards your field
// index quota.
//
// Each index policy has the following quotas and restrictions:
//
// - As many as 20 fields can be included in the policy.
//
// - Each field name can include as many as 100 characters.
//
// Matches of log events to the names of indexed fields are case-sensitive. For
// example, a field index of RequestId won't match a log event containing requestId
// .
//
// Log group-level field index policies created with PutIndexPolicy override
// account-level field index policies created with [PutAccountPolicy]. If you use PutIndexPolicy to
// create a field index policy for a log group, that log group uses only that
// policy. The log group ignores any account-wide field index policy that you might
// have created.
//
// [Log classes]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html
// [GetLogGroupFields]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html
// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
// [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
PutIndexPolicy(ctx context.Context, params *cloudwatchlogs.PutIndexPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.PutIndexPolicyOutput, error)
// Creates an integration between CloudWatch Logs and another service in this
// account. Currently, only integrations with OpenSearch Service are supported, and
// currently you can have only one integration in your account.
//
// Integrating with OpenSearch Service makes it possible for you to create curated
// vended logs dashboards, powered by OpenSearch Service analytics. For more
// information, see [Vended log dashboards powered by Amazon OpenSearch Service].
//
// You can use this operation only to create a new integration. You can't modify
// an existing integration.
//
// [Vended log dashboards powered by Amazon OpenSearch Service]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-OpenSearch-Dashboards.html
PutIntegration(ctx context.Context, params *cloudwatchlogs.PutIntegrationInput, optFns ...func(*Options)) (*cloudwatchlogs.PutIntegrationOutput, error)
// Uploads a batch of log events to the specified log stream.
//
// The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions
// are always accepted and never return InvalidSequenceTokenException or
// DataAlreadyAcceptedException even if the sequence token is not valid. You can
// use parallel PutLogEvents actions on the same log stream.
//
// The batch of events must satisfy the following constraints:
//
// - The maximum batch size is 1,048,576 bytes. This size is calculated as the
// sum of all event messages in UTF-8, plus 26 bytes for each log event.
//
// - Events more than 2 hours in the future are rejected while processing
// remaining valid events.
//
// - Events older than 14 days or preceding the log group's retention period are
// rejected while processing remaining valid events.
//
// - The log events in the batch must be in chronological order by their
// timestamp. The timestamp is the time that the event occurred, expressed as the
// number of milliseconds after Jan 1, 1970 00:00:00 UTC . (In Amazon Web
// Services Tools for PowerShell and the Amazon Web Services SDK for .NET, the
// timestamp is specified in .NET format: yyyy-mm-ddThh:mm:ss . For example,
// 2017-09-15T13:45:30 .)
//
// - A batch of log events in a single request must be in a chronological order.
// Otherwise, the operation fails.
//
// - Each log event can be no larger than 1 MB.
//
// - The maximum number of log events in a batch is 10,000.
//
// - For valid events (within 14 days in the past to 2 hours in future), the
// time span in a single batch cannot exceed 24 hours. Otherwise, the operation
// fails.
//
// The quota of five requests per second per log stream has been removed. Instead,
// PutLogEvents actions are throttled based on a per-second per-account quota. You
// can request an increase to the per-second throttling quota by using the Service
// Quotas service.
//
// If a call to PutLogEvents returns "UnrecognizedClientException" the most likely
// cause is a non-valid Amazon Web Services access key ID or secret key.
PutLogEvents(ctx context.Context, params *cloudwatchlogs.PutLogEventsInput, optFns ...func(*Options)) (*cloudwatchlogs.PutLogEventsOutput, error)
// Creates or updates a metric filter and associates it with the specified log
// group. With metric filters, you can configure rules to extract metric data from
// log events ingested through [PutLogEvents].
//
// The maximum number of metric filters that can be associated with a log group is
// 100.
//
// Using regular expressions in filter patterns is supported. For these filters,
// there is a quota of two regular expression patterns within a single filter
// pattern. There is also a quota of five regular expression patterns per log
// group. For more information about using regular expressions in filter patterns,
// see [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail].
//
// When you create a metric filter, you can also optionally assign a unit and
// dimensions to the metric that is created.
//
// Metrics extracted from log events are charged as custom metrics. To prevent
// unexpected high charges, do not specify high-cardinality fields such as
// IPAddress or requestID as dimensions. Each different value found for a
// dimension is treated as a separate metric and accrues charges as a separate
// custom metric.
//
// CloudWatch Logs might disable a metric filter if it generates 1,000 different
// name/value pairs for your specified dimensions within one hour.
//
// You can also set up a billing alarm to alert you if your charges are higher
// than expected. For more information, see [Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges].
//
// [Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html
// [PutLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
// [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
PutMetricFilter(ctx context.Context, params *cloudwatchlogs.PutMetricFilterInput, optFns ...func(*Options)) (*cloudwatchlogs.PutMetricFilterOutput, error)
// Creates or updates a query definition for CloudWatch Logs Insights. For more
// information, see [Analyzing Log Data with CloudWatch Logs Insights].
//
// To update a query definition, specify its queryDefinitionId in your request.
// The values of name , queryString , and logGroupNames are changed to the values
// that you specify in your update operation. No current values are retained from
// the current query definition. For example, imagine updating a current query
// definition that includes log groups. If you don't specify the logGroupNames
// parameter in your update operation, the query definition changes to contain no
// log groups.
//
// You must have the logs:PutQueryDefinition permission to be able to perform this
// operation.
//
// [Analyzing Log Data with CloudWatch Logs Insights]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html
PutQueryDefinition(ctx context.Context, params *cloudwatchlogs.PutQueryDefinitionInput, optFns ...func(*Options)) (*cloudwatchlogs.PutQueryDefinitionOutput, error)
// Creates or updates a resource policy allowing other Amazon Web Services
// services to put log events to this account, such as Amazon Route 53. An account
// can have up to 10 resource policies per Amazon Web Services Region.
PutResourcePolicy(ctx context.Context, params *cloudwatchlogs.PutResourcePolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.PutResourcePolicyOutput, error)
// Sets the retention of the specified log group. With a retention policy, you can
// configure the number of days for which to retain log events in the specified log
// group.
//
// CloudWatch Logs doesn't immediately delete log events when they reach their
// retention setting. It typically takes up to 72 hours after that before log
// events are deleted, but in rare situations might take longer.
//
// To illustrate, imagine that you change a log group to have a longer retention
// setting when it contains log events that are past the expiration date, but
// haven't been deleted. Those log events will take up to 72 hours to be deleted
// after the new retention date is reached. To make sure that log data is deleted
// permanently, keep a log group at its lower retention setting until 72 hours
// after the previous retention period ends. Alternatively, wait to change the
// retention setting until you confirm that the earlier log events are deleted.
//
// When log events reach their retention setting they are marked for deletion.
// After they are marked for deletion, they do not add to your archival storage
// costs anymore, even if they are not actually deleted until later. These log
// events marked for deletion are also not included when you use an API to retrieve
// the storedBytes value to see how many bytes a log group is storing.
PutRetentionPolicy(ctx context.Context, params *cloudwatchlogs.PutRetentionPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.PutRetentionPolicyOutput, error)
// Creates or updates a subscription filter and associates it with the specified
// log group. With subscription filters, you can subscribe to a real-time stream of
// log events ingested through [PutLogEvents]and have them delivered to a specific destination.
// When log events are sent to the receiving service, they are Base64 encoded and
// compressed with the GZIP format.
//
// The following destinations are supported for subscription filters:
//
// - An Amazon Kinesis data stream belonging to the same account as the
// subscription filter, for same-account delivery.
//
// - A logical destination created with [PutDestination]that belongs to a different account, for
// cross-account delivery. We currently support Kinesis Data Streams and Firehose
// as logical destinations.
//
// - An Amazon Kinesis Data Firehose delivery stream that belongs to the same
// account as the subscription filter, for same-account delivery.
//
// - An Lambda function that belongs to the same account as the subscription
// filter, for same-account delivery.
//
// Each log group can have up to two subscription filters associated with it. If
// you are updating an existing filter, you must specify the correct name in
// filterName .
//
// Using regular expressions in filter patterns is supported. For these filters,
// there is a quotas of quota of two regular expression patterns within a single
// filter pattern. There is also a quota of five regular expression patterns per
// log group. For more information about using regular expressions in filter
// patterns, see [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail].
//
// To perform a PutSubscriptionFilter operation for any destination except a
// Lambda function, you must also have the iam:PassRole permission.
//
// [PutDestination]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
// [PutLogEvents]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
// [Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
PutSubscriptionFilter(ctx context.Context, params *cloudwatchlogs.PutSubscriptionFilterInput, optFns ...func(*Options)) (*cloudwatchlogs.PutSubscriptionFilterOutput, error)
// Creates or updates a log transformer for a single log group. You use log
// transformers to transform log events into a different format, making them easier
// for you to process and analyze. You can also transform logs from different
// sources into standardized formats that contains relevant, source-specific
// information.
//
// After you have created a transformer, CloudWatch Logs performs the
// transformations at the time of log ingestion. You can then refer to the
// transformed versions of the logs during operations such as querying with
// CloudWatch Logs Insights or creating metric filters or subscription filers.
//
// You can also use a transformer to copy metadata from metadata keys into the log
// events themselves. This metadata can include log group name, log stream name,
// account ID and Region.
//
// A transformer for a log group is a series of processors, where each processor
// applies one type of transformation to the log events ingested into this log
// group. The processors work one after another, in the order that you list them,
// like a pipeline. For more information about the available processors to use in a
// transformer, see [Processors that you can use].
//
// Having log events in standardized format enables visibility across your
// applications for your log analysis, reporting, and alarming needs. CloudWatch
// Logs provides transformation for common log types with out-of-the-box
// transformation templates for major Amazon Web Services log sources such as VPC
// flow logs, Lambda, and Amazon RDS. You can use pre-built transformation
// templates or create custom transformation policies.
//
// You can create transformers only for the log groups in the Standard log class.
//
// You can also set up a transformer at the account level. For more information,
// see [PutAccountPolicy]. If there is both a log-group level transformer created with PutTransformer
// and an account-level transformer that could apply to the same log group, the log
// group uses only the log-group level transformer. It ignores the account-level
// transformer.
//
// [Processors that you can use]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
// [PutAccountPolicy]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
PutTransformer(ctx context.Context, params *cloudwatchlogs.PutTransformerInput, optFns ...func(*Options)) (*cloudwatchlogs.PutTransformerOutput, error)
// Starts a Live Tail streaming session for one or more log groups. A Live Tail
// session returns a stream of log events that have been recently ingested in the
// log groups. For more information, see [Use Live Tail to view logs in near real time].
//
// The response to this operation is a response stream, over which the server
// sends live log events and the client receives them.
//
// The following objects are sent over the stream:
//
// - A single [LiveTailSessionStart]object is sent at the start of the session.
//
// - Every second, a [LiveTailSessionUpdate]object is sent. Each of these objects contains an array of
// the actual log events.
//
// If no new log events were ingested in the past second, the LiveTailSessionUpdate
//
// object will contain an empty array.
//
// The array of log events contained in a LiveTailSessionUpdate can include as many
//
// as 500 log events. If the number of log events matching the request exceeds 500
// per second, the log events are sampled down to 500 log events to be included in
// each LiveTailSessionUpdate object.
//
// If your client consumes the log events slower than the server produces them,
//
// CloudWatch Logs buffers up to 10 LiveTailSessionUpdate events or 5000 log
// events, after which it starts dropping the oldest events.
//
// - A [SessionStreamingException]object is returned if an unknown error occurs on the server side.
//
// - A [SessionTimeoutException]object is returned when the session times out, after it has been kept
// open for three hours.
//
// The StartLiveTail API routes requests to streaming-logs.Region.amazonaws.com
// using SDK host prefix injection. VPC endpoint support is not available for this
// API.
//
// You can end a session before it times out by closing the session stream or by
// closing the client that is receiving the stream. The session also ends if the
// established connection between the client and the server breaks.
//
// For examples of using an SDK to start a Live Tail session, see [Start a Live Tail session using an Amazon Web Services SDK].
//
// [LiveTailSessionStart]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionStart.html
// [LiveTailSessionUpdate]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionUpdate.html
// [Use Live Tail to view logs in near real time]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs_LiveTail.html
// [Start a Live Tail session using an Amazon Web Services SDK]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/example_cloudwatch-logs_StartLiveTail_section.html
//
// [SessionTimeoutException]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTailResponseStream.html#CWL-Type-StartLiveTailResponseStream-SessionTimeoutException
// [SessionStreamingException]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTailResponseStream.html#CWL-Type-StartLiveTailResponseStream-SessionStreamingException
StartLiveTail(ctx context.Context, params *cloudwatchlogs.StartLiveTailInput, optFns ...func(*Options)) (*cloudwatchlogs.StartLiveTailOutput, error)
// Starts a query of one or more log groups using CloudWatch Logs Insights. You
// specify the log groups and time range to query and the query string to use.
//
// For more information, see [CloudWatch Logs Insights Query Syntax].
//
// After you run a query using StartQuery , the query results are stored by
// CloudWatch Logs. You can use [GetQueryResults]to retrieve the results of a query, using the
// queryId that StartQuery returns.
//
// To specify the log groups to query, a StartQuery operation must include one of
// the following:
//
// - Either exactly one of the following parameters: logGroupName , logGroupNames
// , or logGroupIdentifiers
//
// - Or the queryString must include a SOURCE command to select log groups for
// the query. The SOURCE command can select log groups based on log group name
// prefix, account ID, and log class.
//
// For more information about the SOURCE command, see [SOURCE].
//
// If you have associated a KMS key with the query results in this account, then [StartQuery]
// uses that key to encrypt the results when it stores them. If no key is
// associated with query results, the query results are encrypted with the default
// CloudWatch Logs encryption method.
//
// Queries time out after 60 minutes of runtime. If your queries are timing out,
// reduce the time range being searched or partition your query into a number of
// queries.
//
// If you are using CloudWatch cross-account observability, you can use this
// operation in a monitoring account to start a query in a linked source account.
// For more information, see [CloudWatch cross-account observability]. For a cross-account StartQuery operation, the query
// definition must be defined in the monitoring account.
//
// You can have up to 30 concurrent CloudWatch Logs insights queries, including
// queries that have been added to dashboards.
//
// [CloudWatch Logs Insights Query Syntax]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html
// [CloudWatch cross-account observability]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
// [SOURCE]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax-Source.html
// [GetQueryResults]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html
// [StartQuery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
StartQuery(ctx context.Context, params *cloudwatchlogs.StartQueryInput, optFns ...func(*Options)) (*cloudwatchlogs.StartQueryOutput, error)
// Stops a CloudWatch Logs Insights query that is in progress. If the query has
// already ended, the operation returns an error indicating that the specified
// query is not running.
StopQuery(ctx context.Context, params *cloudwatchlogs.StopQueryInput, optFns ...func(*Options)) (*cloudwatchlogs.StopQueryOutput, error)
// The TagLogGroup operation is on the path to deprecation. We recommend that you
// use [TagResource]instead.
//
// Adds or updates the specified tags for the specified log group.
//
// To list the tags for a log group, use [ListTagsForResource]. To remove tags, use [UntagResource].
//
// For more information about tags, see [Tag Log Groups in Amazon CloudWatch Logs] in the Amazon CloudWatch Logs User Guide.
//
// CloudWatch Logs doesn't support IAM policies that prevent users from assigning
// specified tags to log groups using the aws:Resource/key-name or aws:TagKeys
// condition keys. For more information about using tags to control access, see [Controlling access to Amazon Web Services resources using tags].
//
// Deprecated: Please use the generic tagging API TagResource
//
// [TagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html
// [UntagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html
// [Tag Log Groups in Amazon CloudWatch Logs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#log-group-tagging
// [Controlling access to Amazon Web Services resources using tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
TagLogGroup(ctx context.Context, params *cloudwatchlogs.TagLogGroupInput, optFns ...func(*Options)) (*cloudwatchlogs.TagLogGroupOutput, error)
// Assigns one or more tags (key-value pairs) to the specified CloudWatch Logs
// resource. Currently, the only CloudWatch Logs resources that can be tagged are
// log groups and destinations.
//
// Tags can help you organize and categorize your resources. You can also use them
// to scope user permissions by granting a user permission to access or change only
// resources with certain tag values.
//
// Tags don't have any semantic meaning to Amazon Web Services and are interpreted
// strictly as strings of characters.
//
// You can use the TagResource action with a resource that already has tags. If
// you specify a new tag key for the alarm, this tag is appended to the list of
// tags associated with the alarm. If you specify a tag key that is already
// associated with the alarm, the new tag value that you specify replaces the
// previous value for that tag.
//
// You can associate as many as 50 tags with a CloudWatch Logs resource.
TagResource(ctx context.Context, params *cloudwatchlogs.TagResourceInput, optFns ...func(*Options)) (*cloudwatchlogs.TagResourceOutput, error)
// Tests the filter pattern of a metric filter against a sample of log event
// messages. You can use this operation to validate the correctness of a metric
// filter pattern.
TestMetricFilter(ctx context.Context, params *cloudwatchlogs.TestMetricFilterInput, optFns ...func(*Options)) (*cloudwatchlogs.TestMetricFilterOutput, error)
// Use this operation to test a log transformer. You enter the transformer
// configuration and a set of log events to test with. The operation responds with
// an array that includes the original log events and the transformed versions.
TestTransformer(ctx context.Context, params *cloudwatchlogs.TestTransformerInput, optFns ...func(*Options)) (*cloudwatchlogs.TestTransformerOutput, error)
// The UntagLogGroup operation is on the path to deprecation. We recommend that
// you use [UntagResource]instead.
//
// Removes the specified tags from the specified log group.
//
// To list the tags for a log group, use [ListTagsForResource]. To add tags, use [TagResource].
//
// When using IAM policies to control tag management for CloudWatch Logs log
// groups, the condition keys aws:Resource/key-name and aws:TagKeys cannot be used
// to restrict which tags users can assign.
//
// Deprecated: Please use the generic tagging API UntagResource
//
// [TagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html
// [UntagResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html
// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
UntagLogGroup(ctx context.Context, params *cloudwatchlogs.UntagLogGroupInput, optFns ...func(*Options)) (*cloudwatchlogs.UntagLogGroupOutput, error)
// Removes one or more tags from the specified resource.
UntagResource(ctx context.Context, params *cloudwatchlogs.UntagResourceInput, optFns ...func(*Options)) (*cloudwatchlogs.UntagResourceOutput, error)
// Use this operation to suppress anomaly detection for a specified anomaly or
// pattern. If you suppress an anomaly, CloudWatch Logs won't report new
// occurrences of that anomaly and won't update that anomaly with new data. If you
// suppress a pattern, CloudWatch Logs won't report any anomalies related to that
// pattern.
//
// You must specify either anomalyId or patternId , but you can't specify both
// parameters in the same operation.
//
// If you have previously used this operation to suppress detection of a pattern
// or anomaly, you can use it again to cause CloudWatch Logs to end the
// suppression. To do this, use this operation and specify the anomaly or pattern
// to stop suppressing, and omit the suppressionType and suppressionPeriod
// parameters.
UpdateAnomaly(ctx context.Context, params *cloudwatchlogs.UpdateAnomalyInput, optFns ...func(*Options)) (*cloudwatchlogs.UpdateAnomalyOutput, error)
// Use this operation to update the configuration of a [delivery] to change either the S3
// path pattern or the format of the delivered logs. You can't use this operation
// to change the source or destination of the delivery.
//
// [delivery]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_Delivery.html
UpdateDeliveryConfiguration(ctx context.Context, params *cloudwatchlogs.UpdateDeliveryConfigurationInput, optFns ...func(*Options)) (*cloudwatchlogs.UpdateDeliveryConfigurationOutput, error)
// Updates an existing log anomaly detector.
UpdateLogAnomalyDetector(ctx context.Context, params *cloudwatchlogs.UpdateLogAnomalyDetectorInput, optFns ...func(*Options)) (*cloudwatchlogs.UpdateLogAnomalyDetectorOutput, error)
}
CloudWatchLogs provides an interface to the AWS CloudWatchLogs service.
type EC2 ¶ added in v0.94.0
type EC2 interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() ec2.Options
// Accepts an Elastic IP address transfer. For more information, see [Accept a transferred Elastic IP address] in the
// Amazon VPC User Guide.
//
// [Accept a transferred Elastic IP address]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#using-instance-addressing-eips-transfer-accept
AcceptAddressTransfer(ctx context.Context, params *ec2.AcceptAddressTransferInput, optFns ...func(*Options)) (*ec2.AcceptAddressTransferOutput, error)
// Accepts a request to assign billing of the available capacity of a shared
// Capacity Reservation to your account. For more information, see [Billing assignment for shared Amazon EC2 Capacity Reservations].
//
// [Billing assignment for shared Amazon EC2 Capacity Reservations]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html
AcceptCapacityReservationBillingOwnership(ctx context.Context, params *ec2.AcceptCapacityReservationBillingOwnershipInput, optFns ...func(*Options)) (*ec2.AcceptCapacityReservationBillingOwnershipOutput, error)
// Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call.
AcceptReservedInstancesExchangeQuote(ctx context.Context, params *ec2.AcceptReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*ec2.AcceptReservedInstancesExchangeQuoteOutput, error)
// Accepts a request to associate subnets with a transit gateway multicast domain.
AcceptTransitGatewayMulticastDomainAssociations(ctx context.Context, params *ec2.AcceptTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*ec2.AcceptTransitGatewayMulticastDomainAssociationsOutput, error)
// Accepts a transit gateway peering attachment request. The peering attachment
// must be in the pendingAcceptance state.
AcceptTransitGatewayPeeringAttachment(ctx context.Context, params *ec2.AcceptTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*ec2.AcceptTransitGatewayPeeringAttachmentOutput, error)
// Accepts a request to attach a VPC to a transit gateway.
//
// The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your
// pending VPC attachment requests. Use RejectTransitGatewayVpcAttachmentto reject a VPC attachment request.
AcceptTransitGatewayVpcAttachment(ctx context.Context, params *ec2.AcceptTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ec2.AcceptTransitGatewayVpcAttachmentOutput, error)
// Accepts connection requests to your VPC endpoint service.
AcceptVpcEndpointConnections(ctx context.Context, params *ec2.AcceptVpcEndpointConnectionsInput, optFns ...func(*Options)) (*ec2.AcceptVpcEndpointConnectionsOutput, error)
// Accept a VPC peering connection request. To accept a request, the VPC peering
// connection must be in the pending-acceptance state, and you must be the owner
// of the peer VPC. Use DescribeVpcPeeringConnectionsto view your outstanding VPC peering connection requests.
//
// For an inter-Region VPC peering connection request, you must accept the VPC
// peering connection in the Region of the accepter VPC.
AcceptVpcPeeringConnection(ctx context.Context, params *ec2.AcceptVpcPeeringConnectionInput, optFns ...func(*Options)) (*ec2.AcceptVpcPeeringConnectionOutput, error)
// Advertises an IPv4 or IPv6 address range that is provisioned for use with your
// Amazon Web Services resources through bring your own IP addresses (BYOIP).
//
// You can perform this operation at most once every 10 seconds, even if you
// specify different address ranges each time.
//
// We recommend that you stop advertising the BYOIP CIDR from other locations when
// you advertise it from Amazon Web Services. To minimize down time, you can
// configure your Amazon Web Services resources to use an address from a BYOIP CIDR
// before it is advertised, and then simultaneously stop advertising it from the
// current location and start advertising it through Amazon Web Services.
//
// It can take a few minutes before traffic to the specified addresses starts
// routing to Amazon Web Services because of BGP propagation delays.
AdvertiseByoipCidr(ctx context.Context, params *ec2.AdvertiseByoipCidrInput, optFns ...func(*Options)) (*ec2.AdvertiseByoipCidrOutput, error)
// Allocates an Elastic IP address to your Amazon Web Services account. After you
// allocate the Elastic IP address you can associate it with an instance or network
// interface. After you release an Elastic IP address, it is released to the IP
// address pool and can be allocated to a different Amazon Web Services account.
//
// You can allocate an Elastic IP address from one of the following address pools:
//
// - Amazon's pool of IPv4 addresses
//
// - Public IPv4 address range that you own and bring to your Amazon Web
// Services account using [Bring Your Own IP Addresses (BYOIP)]
//
// - An IPv4 IPAM pool with an Amazon-provided or BYOIP public IPv4 address range
//
// - IPv4 addresses from your on-premises network made available for use with an
// Outpost using a [customer-owned IP address pool](CoIP pool)
//
// For more information, see [Elastic IP Addresses] in the Amazon EC2 User Guide.
//
// If you release an Elastic IP address, you might be able to recover it. You
// cannot recover an Elastic IP address that you released after it is allocated to
// another Amazon Web Services account. To attempt to recover an Elastic IP address
// that you released, specify it in this operation.
//
// You can allocate a carrier IP address which is a public IP address from a
// telecommunication carrier, to a network interface which resides in a subnet in a
// Wavelength Zone (for example an EC2 instance).
//
// [Bring Your Own IP Addresses (BYOIP)]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html
// [Elastic IP Addresses]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
// [customer-owned IP address pool]: https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing
AllocateAddress(ctx context.Context, params *ec2.AllocateAddressInput, optFns ...func(*Options)) (*ec2.AllocateAddressOutput, error)
// Allocates a Dedicated Host to your account. At a minimum, specify the supported
// instance type or instance family, the Availability Zone in which to allocate the
// host, and the number of hosts to allocate.
AllocateHosts(ctx context.Context, params *ec2.AllocateHostsInput, optFns ...func(*Options)) (*ec2.AllocateHostsOutput, error)
// Allocate a CIDR from an IPAM pool. The Region you use should be the IPAM pool
// locale. The locale is the Amazon Web Services Region where this IPAM pool is
// available for allocations.
//
// In IPAM, an allocation is a CIDR assignment from an IPAM pool to another IPAM
// pool or to a resource. For more information, see [Allocate CIDRs]in the Amazon VPC IPAM User
// Guide.
//
// This action creates an allocation with strong consistency. The returned CIDR
// will not overlap with any other allocations from the same pool.
//
// [Allocate CIDRs]: https://docs.aws.amazon.com/vpc/latest/ipam/allocate-cidrs-ipam.html
AllocateIpamPoolCidr(ctx context.Context, params *ec2.AllocateIpamPoolCidrInput, optFns ...func(*Options)) (*ec2.AllocateIpamPoolCidrOutput, error)
// Applies a security group to the association between the target network and the
// Client VPN endpoint. This action replaces the existing security groups with the
// specified security groups.
ApplySecurityGroupsToClientVpnTargetNetwork(ctx context.Context, params *ec2.ApplySecurityGroupsToClientVpnTargetNetworkInput, optFns ...func(*Options)) (*ec2.ApplySecurityGroupsToClientVpnTargetNetworkOutput, error)
// Assigns the specified IPv6 addresses to the specified network interface. You
// can specify specific IPv6 addresses, or you can specify the number of IPv6
// addresses to be automatically assigned from the subnet's IPv6 CIDR block range.
// You can assign as many IPv6 addresses to a network interface as you can assign
// private IPv4 addresses, and the limit varies by instance type.
//
// You must specify either the IPv6 addresses or the IPv6 address count in the
// request.
//
// You can optionally use Prefix Delegation on the network interface. You must
// specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix
// Delegation count. For information, see [Assigning prefixes to network interfaces]in the Amazon EC2 User Guide.
//
// [Assigning prefixes to network interfaces]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html
AssignIpv6Addresses(ctx context.Context, params *ec2.AssignIpv6AddressesInput, optFns ...func(*Options)) (*ec2.AssignIpv6AddressesOutput, error)
// Assigns the specified secondary private IP addresses to the specified network
// interface.
//
// You can specify specific secondary IP addresses, or you can specify the number
// of secondary IP addresses to be automatically assigned from the subnet's CIDR
// block range. The number of secondary IP addresses that you can assign to an
// instance varies by instance type. For more information about Elastic IP
// addresses, see [Elastic IP Addresses]in the Amazon EC2 User Guide.
//
// When you move a secondary private IP address to another network interface, any
// Elastic IP address that is associated with the IP address is also moved.
//
// Remapping an IP address is an asynchronous operation. When you move an IP
// address from one network interface to another, check
// network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that
// the remapping is complete.
//
// You must specify either the IP addresses or the IP address count in the request.
//
// You can optionally use Prefix Delegation on the network interface. You must
// specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix
// Delegation count. For information, see [Assigning prefixes to network interfaces]in the Amazon EC2 User Guide.
//
// [Elastic IP Addresses]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
// [Assigning prefixes to network interfaces]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html
AssignPrivateIpAddresses(ctx context.Context, params *ec2.AssignPrivateIpAddressesInput, optFns ...func(*Options)) (*ec2.AssignPrivateIpAddressesOutput, error)
// Assigns private IPv4 addresses to a private NAT gateway. For more information,
// see [Work with NAT gateways]in the Amazon VPC User Guide.
//
// [Work with NAT gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html
AssignPrivateNatGatewayAddress(ctx context.Context, params *ec2.AssignPrivateNatGatewayAddressInput, optFns ...func(*Options)) (*ec2.AssignPrivateNatGatewayAddressOutput, error)
// Associates an Elastic IP address, or carrier IP address (for instances that are
// in subnets in Wavelength Zones) with an instance or a network interface. Before
// you can use an Elastic IP address, you must allocate it to your account.
//
// If the Elastic IP address is already associated with a different instance, it
// is disassociated from that instance and associated with the specified instance.
// If you associate an Elastic IP address with an instance that has an existing
// Elastic IP address, the existing address is disassociated from the instance, but
// remains allocated to your account.
//
// [Subnets in Wavelength Zones] You can associate an IP address from the
// telecommunication carrier to the instance or network interface.
//
// You cannot associate an Elastic IP address with an interface in a different
// network border group.
//
// This is an idempotent operation. If you perform the operation more than once,
// Amazon EC2 doesn't return an error, and you may be charged for each time the
// Elastic IP address is remapped to the same instance. For more information, see
// the Elastic IP Addresses section of [Amazon EC2 Pricing].
//
// [Amazon EC2 Pricing]: http://aws.amazon.com/ec2/pricing/
AssociateAddress(ctx context.Context, params *ec2.AssociateAddressInput, optFns ...func(*Options)) (*ec2.AssociateAddressOutput, error)
// Initiates a request to assign billing of the unused capacity of a shared
// Capacity Reservation to a consumer account that is consolidated under the same
// Amazon Web Services organizations payer account. For more information, see [Billing assignment for shared Amazon EC2 Capacity Reservations].
//
// [Billing assignment for shared Amazon EC2 Capacity Reservations]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html
AssociateCapacityReservationBillingOwner(ctx context.Context, params *ec2.AssociateCapacityReservationBillingOwnerInput, optFns ...func(*Options)) (*ec2.AssociateCapacityReservationBillingOwnerOutput, error)
// Associates a target network with a Client VPN endpoint. A target network is a
// subnet in a VPC. You can associate multiple subnets from the same VPC with a
// Client VPN endpoint. You can associate only one subnet in each Availability
// Zone. We recommend that you associate at least two subnets to provide
// Availability Zone redundancy.
//
// If you specified a VPC when you created the Client VPN endpoint or if you have
// previous subnet associations, the specified subnet must be in the same VPC. To
// specify a subnet that's in a different VPC, you must first modify the Client VPN
// endpoint (ModifyClientVpnEndpoint ) and change the VPC that's associated with it.
AssociateClientVpnTargetNetwork(ctx context.Context, params *ec2.AssociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*ec2.AssociateClientVpnTargetNetworkOutput, error)
// Associates a set of DHCP options (that you've previously created) with the
// specified VPC, or associates no DHCP options with the VPC.
//
// After you associate the options with the VPC, any existing instances and all
// new instances that you launch in that VPC use the options. You don't need to
// restart or relaunch the instances. They automatically pick up the changes within
// a few hours, depending on how frequently the instance renews its DHCP lease. You
// can explicitly renew the lease using the operating system on the instance.
//
// For more information, see [DHCP option sets] in the Amazon VPC User Guide.
//
// [DHCP option sets]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html
AssociateDhcpOptions(ctx context.Context, params *ec2.AssociateDhcpOptionsInput, optFns ...func(*Options)) (*ec2.AssociateDhcpOptionsOutput, error)
// Associates an Identity and Access Management (IAM) role with an Certificate
// Manager (ACM) certificate. This enables the certificate to be used by the ACM
// for Nitro Enclaves application inside an enclave. For more information, see [Certificate Manager for Nitro Enclaves]in
// the Amazon Web Services Nitro Enclaves User Guide.
//
// When the IAM role is associated with the ACM certificate, the certificate,
// certificate chain, and encrypted private key are placed in an Amazon S3 location
// that only the associated IAM role can access. The private key of the certificate
// is encrypted with an Amazon Web Services managed key that has an attached
// attestation-based key policy.
//
// To enable the IAM role to access the Amazon S3 object, you must grant it
// permission to call s3:GetObject on the Amazon S3 bucket returned by the
// command. To enable the IAM role to access the KMS key, you must grant it
// permission to call kms:Decrypt on the KMS key returned by the command. For more
// information, see [Grant the role permission to access the certificate and encryption key]in the Amazon Web Services Nitro Enclaves User Guide.
//
// [Certificate Manager for Nitro Enclaves]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html
// [Grant the role permission to access the certificate and encryption key]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy
AssociateEnclaveCertificateIamRole(ctx context.Context, params *ec2.AssociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*ec2.AssociateEnclaveCertificateIamRoleOutput, error)
// Associates an IAM instance profile with a running or stopped instance. You
// cannot associate more than one IAM instance profile with an instance.
AssociateIamInstanceProfile(ctx context.Context, params *ec2.AssociateIamInstanceProfileInput, optFns ...func(*Options)) (*ec2.AssociateIamInstanceProfileOutput, error)
// Associates one or more targets with an event window. Only one type of target
// (instance IDs, Dedicated Host IDs, or tags) can be specified with an event
// window.
//
// For more information, see [Define event windows for scheduled events] in the Amazon EC2 User Guide.
//
// [Define event windows for scheduled events]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html
AssociateInstanceEventWindow(ctx context.Context, params *ec2.AssociateInstanceEventWindowInput, optFns ...func(*Options)) (*ec2.AssociateInstanceEventWindowOutput, error)
// Associates your Autonomous System Number (ASN) with a BYOIP CIDR that you own
// in the same Amazon Web Services Region. For more information, see [Tutorial: Bring your ASN to IPAM]in the Amazon
// VPC IPAM guide.
//
// After the association succeeds, the ASN is eligible for advertisement. You can
// view the association with [DescribeByoipCidrs]. You can advertise the CIDR with [AdvertiseByoipCidr].
//
// [DescribeByoipCidrs]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeByoipCidrs.html
// [AdvertiseByoipCidr]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AdvertiseByoipCidr.html
// [Tutorial: Bring your ASN to IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html
AssociateIpamByoasn(ctx context.Context, params *ec2.AssociateIpamByoasnInput, optFns ...func(*Options)) (*ec2.AssociateIpamByoasnOutput, error)
// Associates an IPAM resource discovery with an Amazon VPC IPAM. A resource
// discovery is an IPAM component that enables IPAM to manage and monitor resources
// that belong to the owning account.
AssociateIpamResourceDiscovery(ctx context.Context, params *ec2.AssociateIpamResourceDiscoveryInput, optFns ...func(*Options)) (*ec2.AssociateIpamResourceDiscoveryOutput, error)
// Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public
// NAT gateway. For more information, see [Work with NAT gateways]in the Amazon VPC User Guide.
//
// By default, you can associate up to 2 Elastic IP addresses per public NAT
// gateway. You can increase the limit by requesting a quota adjustment. For more
// information, see [Elastic IP address quotas]in the Amazon VPC User Guide.
//
// When you associate an EIP or secondary EIPs with a public NAT gateway, the
// network border group of the EIPs must match the network border group of the
// Availability Zone (AZ) that the public NAT gateway is in. If it's not the same,
// the EIP will fail to associate. You can see the network border group for the
// subnet's AZ by viewing the details of the subnet. Similarly, you can view the
// network border group of an EIP by viewing the details of the EIP address. For
// more information about network border groups and EIPs, see [Allocate an Elastic IP address]in the Amazon VPC
// User Guide.
//
// [Elastic IP address quotas]: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-eips
// [Work with NAT gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html
// [Allocate an Elastic IP address]: https://docs.aws.amazon.com/vpc/latest/userguide/WorkWithEIPs.html
AssociateNatGatewayAddress(ctx context.Context, params *ec2.AssociateNatGatewayAddressInput, optFns ...func(*Options)) (*ec2.AssociateNatGatewayAddressOutput, error)
// Associates a route server with a VPC to enable dynamic route updates.
//
// A route server association is the connection established between a route server
// and a VPC.
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
AssociateRouteServer(ctx context.Context, params *ec2.AssociateRouteServerInput, optFns ...func(*Options)) (*ec2.AssociateRouteServerOutput, error)
// Associates a subnet in your VPC or an internet gateway or virtual private
// gateway attached to your VPC with a route table in your VPC. This association
// causes traffic from the subnet or gateway to be routed according to the routes
// in the route table. The action returns an association ID, which you need in
// order to disassociate the route table later. A route table can be associated
// with multiple subnets.
//
// For more information, see [Route tables] in the Amazon VPC User Guide.
//
// [Route tables]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html
AssociateRouteTable(ctx context.Context, params *ec2.AssociateRouteTableInput, optFns ...func(*Options)) (*ec2.AssociateRouteTableOutput, error)
// Associates a security group with another VPC in the same Region. This enables
// you to use the same security group with network interfaces and instances in the
// specified VPC.
//
// - The VPC you want to associate the security group with must be in the same
// Region.
//
// - You can associate the security group with another VPC if your account owns
// the VPC or if the VPC was shared with you.
//
// - You must own the security group.
//
// - You cannot use this feature with default security groups.
//
// - You cannot use this feature with the default VPC.
AssociateSecurityGroupVpc(ctx context.Context, params *ec2.AssociateSecurityGroupVpcInput, optFns ...func(*Options)) (*ec2.AssociateSecurityGroupVpcOutput, error)
// Associates a CIDR block with your subnet. You can only associate a single IPv6
// CIDR block with your subnet.
AssociateSubnetCidrBlock(ctx context.Context, params *ec2.AssociateSubnetCidrBlockInput, optFns ...func(*Options)) (*ec2.AssociateSubnetCidrBlockOutput, error)
// Associates the specified subnets and transit gateway attachments with the
// specified transit gateway multicast domain.
//
// The transit gateway attachment must be in the available state before you can
// add a resource. Use [DescribeTransitGatewayAttachments]to see the state of the attachment.
//
// [DescribeTransitGatewayAttachments]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html
AssociateTransitGatewayMulticastDomain(ctx context.Context, params *ec2.AssociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*ec2.AssociateTransitGatewayMulticastDomainOutput, error)
// Associates the specified transit gateway attachment with a transit gateway
// policy table.
AssociateTransitGatewayPolicyTable(ctx context.Context, params *ec2.AssociateTransitGatewayPolicyTableInput, optFns ...func(*Options)) (*ec2.AssociateTransitGatewayPolicyTableOutput, error)
// Associates the specified attachment with the specified transit gateway route
// table. You can associate only one route table with an attachment.
AssociateTransitGatewayRouteTable(ctx context.Context, params *ec2.AssociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*ec2.AssociateTransitGatewayRouteTableOutput, error)
// Associates a branch network interface with a trunk network interface.
//
// Before you create the association, use [CreateNetworkInterface] command and set the interface type to
// trunk . You must also create a network interface for each branch network
// interface that you want to associate with the trunk network interface.
//
// [CreateNetworkInterface]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
AssociateTrunkInterface(ctx context.Context, params *ec2.AssociateTrunkInterfaceInput, optFns ...func(*Options)) (*ec2.AssociateTrunkInterfaceOutput, error)
// Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR
// block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6
// address pool that you provisioned through bring your own IP addresses ([BYOIP] ).
//
// You must specify one of the following in the request: an IPv4 CIDR block, an
// IPv6 pool, or an Amazon-provided IPv6 CIDR block.
//
// For more information about associating CIDR blocks with your VPC and applicable
// restrictions, see [IP addressing for your VPCs and subnets]in the Amazon VPC User Guide.
//
// [BYOIP]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html
// [IP addressing for your VPCs and subnets]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html
AssociateVpcCidrBlock(ctx context.Context, params *ec2.AssociateVpcCidrBlockInput, optFns ...func(*Options)) (*ec2.AssociateVpcCidrBlockOutput, error)
// This action is deprecated.
//
// Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more
// of the VPC security groups. You cannot link an EC2-Classic instance to more than
// one VPC at a time. You can only link an instance that's in the running state.
// An instance is automatically unlinked from a VPC when it's stopped - you can
// link it to the VPC again when you restart it.
//
// After you've linked an instance, you cannot change the VPC security groups that
// are associated with it. To change the security groups, you must first unlink the
// instance, and then link it again.
//
// Linking your instance to a VPC is sometimes referred to as attaching your
// instance.
AttachClassicLinkVpc(ctx context.Context, params *ec2.AttachClassicLinkVpcInput, optFns ...func(*Options)) (*ec2.AttachClassicLinkVpcOutput, error)
// Attaches an internet gateway or a virtual private gateway to a VPC, enabling
// connectivity between the internet and the VPC. For more information, see [Internet gateways]in the
// Amazon VPC User Guide.
//
// [Internet gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
AttachInternetGateway(ctx context.Context, params *ec2.AttachInternetGatewayInput, optFns ...func(*Options)) (*ec2.AttachInternetGatewayOutput, error)
// Attaches a network interface to an instance.
AttachNetworkInterface(ctx context.Context, params *ec2.AttachNetworkInterfaceInput, optFns ...func(*Options)) (*ec2.AttachNetworkInterfaceOutput, error)
// Attaches the specified Amazon Web Services Verified Access trust provider to
// the specified Amazon Web Services Verified Access instance.
AttachVerifiedAccessTrustProvider(ctx context.Context, params *ec2.AttachVerifiedAccessTrustProviderInput, optFns ...func(*Options)) (*ec2.AttachVerifiedAccessTrustProviderOutput, error)
// Attaches an Amazon EBS volume to a running or stopped instance, and exposes it
// to the instance with the specified device name.
//
// The maximum number of Amazon EBS volumes that you can attach to an instance
// depends on the instance type. If you exceed the volume attachment limit for an
// instance type, the attachment request fails with the AttachmentLimitExceeded
// error. For more information, see [Instance volume limits].
//
// After you attach an EBS volume, you must make it available for use. For more
// information, see [Make an EBS volume available for use].
//
// If a volume has an Amazon Web Services Marketplace product code:
//
// - The volume can be attached only to a stopped instance.
//
// - Amazon Web Services Marketplace product codes are copied from the volume to
// the instance.
//
// - You must be subscribed to the product.
//
// - The instance type and operating system of the instance must support the
// product. For example, you can't detach a volume from a Windows instance and
// attach it to a Linux instance.
//
// For more information, see [Attach an Amazon EBS volume to an instance] in the Amazon EBS User Guide.
//
// [Make an EBS volume available for use]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-using-volumes.html
// [Attach an Amazon EBS volume to an instance]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-attaching-volume.html
// [Instance volume limits]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/volume_limits.html
AttachVolume(ctx context.Context, params *ec2.AttachVolumeInput, optFns ...func(*Options)) (*ec2.AttachVolumeOutput, error)
// Attaches an available virtual private gateway to a VPC. You can attach one
// virtual private gateway to one VPC at a time.
//
// For more information, see [Amazon Web Services Site-to-Site VPN] in the Amazon Web Services Site-to-Site VPN User
// Guide.
//
// [Amazon Web Services Site-to-Site VPN]: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
AttachVpnGateway(ctx context.Context, params *ec2.AttachVpnGatewayInput, optFns ...func(*Options)) (*ec2.AttachVpnGatewayOutput, error)
// Adds an ingress authorization rule to a Client VPN endpoint. Ingress
// authorization rules act as firewall rules that grant access to networks. You
// must configure ingress authorization rules to enable clients to access resources
// in Amazon Web Services or on-premises networks.
AuthorizeClientVpnIngress(ctx context.Context, params *ec2.AuthorizeClientVpnIngressInput, optFns ...func(*Options)) (*ec2.AuthorizeClientVpnIngressOutput, error)
// Adds the specified outbound (egress) rules to a security group.
//
// An outbound rule permits instances to send traffic to the specified IPv4 or
// IPv6 address ranges, the IP address ranges specified by a prefix list, or the
// instances that are associated with a source security group. For more
// information, see [Security group rules].
//
// You must specify exactly one of the following destinations: an IPv4 or IPv6
// address range, a prefix list, or a security group. You must specify a protocol
// for each rule (for example, TCP). If the protocol is TCP or UDP, you must also
// specify a port or port range. If the protocol is ICMP or ICMPv6, you must also
// specify the ICMP type and code.
//
// Rule changes are propagated to instances associated with the security group as
// quickly as possible. However, a small delay might occur.
//
// For examples of rules that you can add to security groups for specific access
// scenarios, see [Security group rules for different use cases]in the Amazon EC2 User Guide.
//
// For information about security group quotas, see [Amazon VPC quotas] in the Amazon VPC User Guide.
//
// [Amazon VPC quotas]: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html
// [Security group rules]: https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html
// [Security group rules for different use cases]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
AuthorizeSecurityGroupEgress(ctx context.Context, params *ec2.AuthorizeSecurityGroupEgressInput, optFns ...func(*Options)) (*ec2.AuthorizeSecurityGroupEgressOutput, error)
// Adds the specified inbound (ingress) rules to a security group.
//
// An inbound rule permits instances to receive traffic from the specified IPv4 or
// IPv6 address range, the IP address ranges that are specified by a prefix list,
// or the instances that are associated with a destination security group. For more
// information, see [Security group rules].
//
// You must specify exactly one of the following sources: an IPv4 or IPv6 address
// range, a prefix list, or a security group. You must specify a protocol for each
// rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a
// port or port range. If the protocol is ICMP or ICMPv6, you must also specify the
// ICMP/ICMPv6 type and code.
//
// Rule changes are propagated to instances associated with the security group as
// quickly as possible. However, a small delay might occur.
//
// For examples of rules that you can add to security groups for specific access
// scenarios, see [Security group rules for different use cases]in the Amazon EC2 User Guide.
//
// For more information about security group quotas, see [Amazon VPC quotas] in the Amazon VPC User
// Guide.
//
// [Amazon VPC quotas]: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html
// [Security group rules]: https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html
// [Security group rules for different use cases]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
AuthorizeSecurityGroupIngress(ctx context.Context, params *ec2.AuthorizeSecurityGroupIngressInput, optFns ...func(*Options)) (*ec2.AuthorizeSecurityGroupIngressOutput, error)
// Bundles an Amazon instance store-backed Windows instance.
//
// During bundling, only the root device volume (C:\) is bundled. Data on other
// instance store volumes is not preserved.
//
// This action is not applicable for Linux/Unix instances or Windows instances
// that are backed by Amazon EBS.
BundleInstance(ctx context.Context, params *ec2.BundleInstanceInput, optFns ...func(*Options)) (*ec2.BundleInstanceOutput, error)
// Cancels a bundling operation for an instance store-backed Windows instance.
CancelBundleTask(ctx context.Context, params *ec2.CancelBundleTaskInput, optFns ...func(*Options)) (*ec2.CancelBundleTaskOutput, error)
// Cancels the specified Capacity Reservation, releases the reserved capacity, and
// changes the Capacity Reservation's state to cancelled .
//
// You can cancel a Capacity Reservation that is in the following states:
//
// - assessing
//
// - active and there is no commitment duration or the commitment duration has
// elapsed. You can't cancel a future-dated Capacity Reservation during the
// commitment duration.
//
// You can't modify or cancel a Capacity Block. For more information, see [Capacity Blocks for ML].
//
// If a future-dated Capacity Reservation enters the delayed state, the commitment
// duration is waived, and you can cancel it as soon as it enters the active state.
//
// Instances running in the reserved capacity continue running until you stop
// them. Stopped instances that target the Capacity Reservation can no longer
// launch. Modify these instances to either target a different Capacity
// Reservation, launch On-Demand Instance capacity, or run in any open Capacity
// Reservation that has matching attributes and sufficient capacity.
//
// [Capacity Blocks for ML]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-blocks.html
CancelCapacityReservation(ctx context.Context, params *ec2.CancelCapacityReservationInput, optFns ...func(*Options)) (*ec2.CancelCapacityReservationOutput, error)
// Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity
// Reservation Fleet, the following happens:
//
// - The Capacity Reservation Fleet's status changes to cancelled .
//
// - The individual Capacity Reservations in the Fleet are cancelled. Instances
// running in the Capacity Reservations at the time of cancelling the Fleet
// continue to run in shared capacity.
//
// - The Fleet stops creating new Capacity Reservations.
CancelCapacityReservationFleets(ctx context.Context, params *ec2.CancelCapacityReservationFleetsInput, optFns ...func(*Options)) (*ec2.CancelCapacityReservationFleetsOutput, error)
// Cancels an active conversion task. The task can be the import of an instance or
// volume. The action removes all artifacts of the conversion, including a
// partially uploaded volume or instance. If the conversion is complete or is in
// the process of transferring the final disk image, the command fails and returns
// an exception.
CancelConversionTask(ctx context.Context, params *ec2.CancelConversionTaskInput, optFns ...func(*Options)) (*ec2.CancelConversionTaskOutput, error)
// Cancels the generation of an account status report.
//
// You can only cancel a report while it has the running status. Reports with
// other statuses ( complete , cancelled , or error ) can't be canceled.
//
// For more information, see [Generating the account status report for declarative policies] in the Amazon Web Services Organizations User Guide.
//
// [Generating the account status report for declarative policies]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative_status-report.html
CancelDeclarativePoliciesReport(ctx context.Context, params *ec2.CancelDeclarativePoliciesReportInput, optFns ...func(*Options)) (*ec2.CancelDeclarativePoliciesReportOutput, error)
// Cancels an active export task. The request removes all artifacts of the export,
// including any partially-created Amazon S3 objects. If the export task is
// complete or is in the process of transferring the final disk image, the command
// fails and returns an error.
CancelExportTask(ctx context.Context, params *ec2.CancelExportTaskInput, optFns ...func(*Options)) (*ec2.CancelExportTaskOutput, error)
// Removes your Amazon Web Services account from the launch permissions for the
// specified AMI. For more information, see [Cancel having an AMI shared with your Amazon Web Services account]in the Amazon EC2 User Guide.
//
// [Cancel having an AMI shared with your Amazon Web Services account]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cancel-sharing-an-AMI.html
CancelImageLaunchPermission(ctx context.Context, params *ec2.CancelImageLaunchPermissionInput, optFns ...func(*Options)) (*ec2.CancelImageLaunchPermissionOutput, error)
// Cancels an in-process import virtual machine or import snapshot task.
CancelImportTask(ctx context.Context, params *ec2.CancelImportTaskInput, optFns ...func(*Options)) (*ec2.CancelImportTaskOutput, error)
// Cancels the specified Reserved Instance listing in the Reserved Instance
// Marketplace.
//
// For more information, see [Sell in the Reserved Instance Marketplace] in the Amazon EC2 User Guide.
//
// [Sell in the Reserved Instance Marketplace]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html
CancelReservedInstancesListing(ctx context.Context, params *ec2.CancelReservedInstancesListingInput, optFns ...func(*Options)) (*ec2.CancelReservedInstancesListingOutput, error)
// Cancels the specified Spot Fleet requests.
//
// After you cancel a Spot Fleet request, the Spot Fleet launches no new instances.
//
// You must also specify whether a canceled Spot Fleet request should terminate
// its instances. If you choose to terminate the instances, the Spot Fleet request
// enters the cancelled_terminating state. Otherwise, the Spot Fleet request
// enters the cancelled_running state and the instances continue to run until they
// are interrupted or you terminate them manually.
//
// Terminating an instance is permanent and irreversible.
//
// After you terminate an instance, you can no longer connect to it, and it can't
// be recovered. All attached Amazon EBS volumes that are configured to be deleted
// on termination are also permanently deleted and can't be recovered. All data
// stored on instance store volumes is permanently lost. For more information, see [How instance termination works]
// .
//
// Before you terminate an instance, ensure that you have backed up all data that
// you need to retain after the termination to persistent storage.
//
// Restrictions
//
// - You can delete up to 100 fleets in a single request. If you exceed the
// specified number, no fleets are deleted.
//
// [How instance termination works]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-ec2-instance-termination-works.html
CancelSpotFleetRequests(ctx context.Context, params *ec2.CancelSpotFleetRequestsInput, optFns ...func(*Options)) (*ec2.CancelSpotFleetRequestsOutput, error)
// Cancels one or more Spot Instance requests.
//
// Canceling a Spot Instance request does not terminate running Spot Instances
// associated with the request.
CancelSpotInstanceRequests(ctx context.Context, params *ec2.CancelSpotInstanceRequestsInput, optFns ...func(*Options)) (*ec2.CancelSpotInstanceRequestsOutput, error)
// Determines whether a product code is associated with an instance. This action
// can only be used by the owner of the product code. It is useful when a product
// code owner must verify whether another user's instance is eligible for support.
ConfirmProductInstance(ctx context.Context, params *ec2.ConfirmProductInstanceInput, optFns ...func(*Options)) (*ec2.ConfirmProductInstanceOutput, error)
// Copies the specified Amazon FPGA Image (AFI) to the current Region.
CopyFpgaImage(ctx context.Context, params *ec2.CopyFpgaImageInput, optFns ...func(*Options)) (*ec2.CopyFpgaImageOutput, error)
// Initiates an AMI copy operation. You must specify the source AMI ID and both
// the source and destination locations. The copy operation must be initiated in
// the destination Region.
//
// CopyImage supports the following source to destination copies:
//
// - Region to Region
//
// - Region to Outpost
//
// - Parent Region to Local Zone
//
// - Local Zone to parent Region
//
// - Between Local Zones with the same parent Region (only supported for certain
// Local Zones)
//
// CopyImage does not support the following source to destination copies:
//
// - Local Zone to non-parent Regions
//
// - Between Local Zones with different parent Regions
//
// - Local Zone to Outpost
//
// - Outpost to Local Zone
//
// - Outpost to Region
//
// - Between Outposts
//
// - Within same Outpost
//
// - Cross-partition copies (use [CreateStoreImageTask]instead)
//
// Destination specification
//
// - Region to Region: The destination Region is the Region in which you
// initiate the copy operation.
//
// - Region to Outpost: Specify the destination using the DestinationOutpostArn
// parameter (the ARN of the Outpost)
//
// - Region to Local Zone, and Local Zone to Local Zone copies: Specify the
// destination using the DestinationAvailabilityZone parameter (the name of the
// destination Local Zone) or DestinationAvailabilityZoneId parameter (the ID of
// the destination Local Zone).
//
// Snapshot encryption
//
// - Region to Outpost: Backing snapshots copied to an Outpost are encrypted by
// default using the default encryption key for the Region or the key that you
// specify. Outposts do not support unencrypted snapshots.
//
// - Region to Local Zone, and Local Zone to Local Zone: Not all Local Zones
// require encrypted snapshots. In Local Zones that require encrypted snapshots,
// backing snapshots are automatically encrypted during copy. In Local Zones where
// encryption is not required, snapshots retain their original encryption state
// (encrypted or unencrypted) by default.
//
// For more information, including the required permissions for copying an AMI,
// see [Copy an Amazon EC2 AMI]in the Amazon EC2 User Guide.
//
// [CreateStoreImageTask]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html
// [Copy an Amazon EC2 AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html
CopyImage(ctx context.Context, params *ec2.CopyImageInput, optFns ...func(*Options)) (*ec2.CopyImageOutput, error)
// Creates an exact copy of an Amazon EBS snapshot.
//
// The location of the source snapshot determines whether you can copy it or not,
// and the allowed destinations for the snapshot copy.
//
// - If the source snapshot is in a Region, you can copy it within that Region,
// to another Region, to an Outpost associated with that Region, or to a Local Zone
// in that Region.
//
// - If the source snapshot is in a Local Zone, you can copy it within that
// Local Zone, to another Local Zone in the same zone group, or to the parent
// Region of the Local Zone.
//
// - If the source snapshot is on an Outpost, you can't copy it.
//
// When copying snapshots to a Region, the encryption outcome for the snapshot
// copy depends on the Amazon EBS encryption by default setting for the destination
// Region, the encryption status of the source snapshot, and the encryption
// parameters you specify in the request. For more information, see [Encryption and snapshot copying].
//
// Snapshots copied to an Outpost must be encrypted. Unencrypted snapshots are not
// supported on Outposts. For more information, [Amazon EBS local snapshots on Outposts].
//
// Snapshots copies have an arbitrary source volume ID. Do not use this volume ID
// for any purpose.
//
// For more information, see [Copy an Amazon EBS snapshot] in the Amazon EBS User Guide.
//
// [Encryption and snapshot copying]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-copy-snapshot.html#creating-encrypted-snapshots
// [Copy an Amazon EBS snapshot]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-copy-snapshot.html
// [Amazon EBS local snapshots on Outposts]: https://docs.aws.amazon.com/ebs/latest/userguide/snapshots-outposts.html#considerations
CopySnapshot(ctx context.Context, params *ec2.CopySnapshotInput, optFns ...func(*Options)) (*ec2.CopySnapshotOutput, error)
// Creates a crash-consistent, point-in-time copy of an existing Amazon EBS volume
// within the same Availability Zone. The volume copy can be attached to an Amazon
// EC2 instance once it reaches the available state. For more information, see [Copy an Amazon EBS volume].
//
// [Copy an Amazon EBS volume]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-copying-volume.html
CopyVolumes(ctx context.Context, params *ec2.CopyVolumesInput, optFns ...func(*Options)) (*ec2.CopyVolumesOutput, error)
// Creates a new data export configuration for EC2 Capacity Manager. This allows
//
// you to automatically export capacity usage data to an S3 bucket on a scheduled
// basis. The exported data includes metrics for On-Demand, Spot, and Capacity
// Reservations usage across your organization.
CreateCapacityManagerDataExport(ctx context.Context, params *ec2.CreateCapacityManagerDataExportInput, optFns ...func(*Options)) (*ec2.CreateCapacityManagerDataExportOutput, error)
// Creates a new Capacity Reservation with the specified attributes. Capacity
// Reservations enable you to reserve capacity for your Amazon EC2 instances in a
// specific Availability Zone for any duration.
//
// You can create a Capacity Reservation at any time, and you can choose when it
// starts. You can create a Capacity Reservation for immediate use or you can
// request a Capacity Reservation for a future date.
//
// For more information, see [Reserve compute capacity with On-Demand Capacity Reservations] in the Amazon EC2 User Guide.
//
// Your request to create a Capacity Reservation could fail if:
//
// - Amazon EC2 does not have sufficient capacity. In this case, try again at a
// later time, try in a different Availability Zone, or request a smaller Capacity
// Reservation. If your workload is flexible across instance types and sizes, try
// with different instance attributes.
//
// - The requested quantity exceeds your On-Demand Instance quota. In this case,
// increase your On-Demand Instance quota for the requested instance type and try
// again. For more information, see [Amazon EC2 Service Quotas]in the Amazon EC2 User Guide.
//
// [Amazon EC2 Service Quotas]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html
// [Reserve compute capacity with On-Demand Capacity Reservations]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html
CreateCapacityReservation(ctx context.Context, params *ec2.CreateCapacityReservationInput, optFns ...func(*Options)) (*ec2.CreateCapacityReservationOutput, error)
// Create a new Capacity Reservation by splitting the capacity of the source
//
// Capacity Reservation. The new Capacity Reservation will have the same attributes
// as the source Capacity Reservation except for tags. The source Capacity
// Reservation must be active and owned by your Amazon Web Services account.
CreateCapacityReservationBySplitting(ctx context.Context, params *ec2.CreateCapacityReservationBySplittingInput, optFns ...func(*Options)) (*ec2.CreateCapacityReservationBySplittingOutput, error)
// Creates a Capacity Reservation Fleet. For more information, see [Create a Capacity Reservation Fleet] in the Amazon
// EC2 User Guide.
//
// [Create a Capacity Reservation Fleet]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-cr-fleets.html#create-crfleet
CreateCapacityReservationFleet(ctx context.Context, params *ec2.CreateCapacityReservationFleetInput, optFns ...func(*Options)) (*ec2.CreateCapacityReservationFleetOutput, error)
// Creates a carrier gateway. For more information about carrier gateways, see [Carrier gateways] in
// the Amazon Web Services Wavelength Developer Guide.
//
// [Carrier gateways]: https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#wavelength-carrier-gateway
CreateCarrierGateway(ctx context.Context, params *ec2.CreateCarrierGatewayInput, optFns ...func(*Options)) (*ec2.CreateCarrierGatewayOutput, error)
// Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create
// and configure to enable and manage client VPN sessions. It is the destination
// endpoint at which all client VPN sessions are terminated.
CreateClientVpnEndpoint(ctx context.Context, params *ec2.CreateClientVpnEndpointInput, optFns ...func(*Options)) (*ec2.CreateClientVpnEndpointOutput, error)
// Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint
// has a route table that describes the available destination network routes. Each
// route in the route table specifies the path for traffic to specific resources or
// networks.
CreateClientVpnRoute(ctx context.Context, params *ec2.CreateClientVpnRouteInput, optFns ...func(*Options)) (*ec2.CreateClientVpnRouteOutput, error)
// Creates a range of customer-owned IP addresses.
CreateCoipCidr(ctx context.Context, params *ec2.CreateCoipCidrInput, optFns ...func(*Options)) (*ec2.CreateCoipCidrOutput, error)
// Creates a pool of customer-owned IP (CoIP) addresses.
CreateCoipPool(ctx context.Context, params *ec2.CreateCoipPoolInput, optFns ...func(*Options)) (*ec2.CreateCoipPoolOutput, error)
// Provides information to Amazon Web Services about your customer gateway device.
// The customer gateway device is the appliance at your end of the VPN connection.
// You must provide the IP address of the customer gateway device’s external
// interface. The IP address must be static and can be behind a device performing
// network address translation (NAT).
//
// For devices that use Border Gateway Protocol (BGP), you can also provide the
// device's BGP Autonomous System Number (ASN). You can use an existing ASN
// assigned to your network. If you don't have an ASN already, you can use a
// private ASN. For more information, see [Customer gateway options for your Site-to-Site VPN connection]in the Amazon Web Services Site-to-Site
// VPN User Guide.
//
// To create more than one customer gateway with the same VPN type, IP address,
// and BGP ASN, specify a unique device name for each customer gateway. An
// identical request returns information about the existing customer gateway; it
// doesn't create a new customer gateway.
//
// [Customer gateway options for your Site-to-Site VPN connection]: https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html
CreateCustomerGateway(ctx context.Context, params *ec2.CreateCustomerGatewayInput, optFns ...func(*Options)) (*ec2.CreateCustomerGatewayOutput, error)
// Creates a default subnet with a size /20 IPv4 CIDR block in the specified
// Availability Zone in your default VPC. You can have only one default subnet per
// Availability Zone. For more information, see [Create a default subnet]in the Amazon VPC User Guide.
//
// [Create a default subnet]: https://docs.aws.amazon.com/vpc/latest/userguide/work-with-default-vpc.html#create-default-subnet
CreateDefaultSubnet(ctx context.Context, params *ec2.CreateDefaultSubnetInput, optFns ...func(*Options)) (*ec2.CreateDefaultSubnetOutput, error)
// Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in
// each Availability Zone. For more information about the components of a default
// VPC, see [Default VPCs]in the Amazon VPC User Guide. You cannot specify the components of the
// default VPC yourself.
//
// If you deleted your previous default VPC, you can create a default VPC. You
// cannot have more than one default VPC per Region.
//
// [Default VPCs]: https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html
CreateDefaultVpc(ctx context.Context, params *ec2.CreateDefaultVpcInput, optFns ...func(*Options)) (*ec2.CreateDefaultVpcOutput, error)
// Delegates ownership of the Amazon EBS root volume for an Apple silicon Mac
// instance to an administrative user.
CreateDelegateMacVolumeOwnershipTask(ctx context.Context, params *ec2.CreateDelegateMacVolumeOwnershipTaskInput, optFns ...func(*Options)) (*ec2.CreateDelegateMacVolumeOwnershipTaskOutput, error)
// Creates a custom set of DHCP options. After you create a DHCP option set, you
// associate it with a VPC. After you associate a DHCP option set with a VPC, all
// existing and newly launched instances in the VPC use this set of DHCP options.
//
// The following are the individual DHCP options you can specify. For more
// information, see [DHCP option sets]in the Amazon VPC User Guide.
//
// - domain-name - If you're using AmazonProvidedDNS in us-east-1 , specify
// ec2.internal . If you're using AmazonProvidedDNS in any other Region, specify
// region.compute.internal . Otherwise, specify a custom domain name. This value
// is used to complete unqualified DNS hostnames.
//
// Some Linux operating systems accept multiple domain names separated by spaces.
//
// However, Windows and other Linux operating systems treat the value as a single
// domain, which results in unexpected behavior. If your DHCP option set is
// associated with a VPC that has instances running operating systems that treat
// the value as a single domain, specify only one domain name.
//
// - domain-name-servers - The IP addresses of up to four DNS servers, or
// AmazonProvidedDNS. To specify multiple domain name servers in a single
// parameter, separate the IP addresses using commas. To have your instances
// receive custom DNS hostnames as specified in domain-name , you must specify a
// custom DNS server.
//
// - ntp-servers - The IP addresses of up to eight Network Time Protocol (NTP)
// servers (four IPv4 addresses and four IPv6 addresses).
//
// - netbios-name-servers - The IP addresses of up to four NetBIOS name servers.
//
// - netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that
// you specify 2. Broadcast and multicast are not supported. For more information
// about NetBIOS node types, see [RFC 2132].
//
// - ipv6-address-preferred-lease-time - A value (in seconds, minutes, hours, or
// years) for how frequently a running instance with an IPv6 assigned to it goes
// through DHCPv6 lease renewal. Acceptable values are between 140 and 2147483647
// seconds (approximately 68 years). If no value is entered, the default lease time
// is 140 seconds. If you use long-term addressing for EC2 instances, you can
// increase the lease time and avoid frequent lease renewal requests. Lease renewal
// typically occurs when half of the lease time has elapsed.
//
// [DHCP option sets]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html
//
// [RFC 2132]: https://www.ietf.org/rfc/rfc2132.txt
CreateDhcpOptions(ctx context.Context, params *ec2.CreateDhcpOptionsInput, optFns ...func(*Options)) (*ec2.CreateDhcpOptionsOutput, error)
// [IPv6 only] Creates an egress-only internet gateway for your VPC. An
// egress-only internet gateway is used to enable outbound communication over IPv6
// from instances in your VPC to the internet, and prevents hosts outside of your
// VPC from initiating an IPv6 connection with your instance.
CreateEgressOnlyInternetGateway(ctx context.Context, params *ec2.CreateEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*ec2.CreateEgressOnlyInternetGatewayOutput, error)
// Creates an EC2 Fleet that contains the configuration information for On-Demand
// Instances and Spot Instances. Instances are launched immediately if there is
// available capacity.
//
// A single EC2 Fleet can include multiple launch specifications that vary by
// instance type, AMI, Availability Zone, or subnet.
//
// For more information, see [EC2 Fleet] in the Amazon EC2 User Guide.
//
// [EC2 Fleet]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html
CreateFleet(ctx context.Context, params *ec2.CreateFleetInput, optFns ...func(*Options)) (*ec2.CreateFleetOutput, error)
// Creates one or more flow logs to capture information about IP traffic for a
// specific network interface, subnet, or VPC.
//
// Flow log data for a monitored network interface is recorded as flow log
// records, which are log events consisting of fields that describe the traffic
// flow. For more information, see [Flow log records]in the Amazon VPC User Guide.
//
// When publishing to CloudWatch Logs, flow log records are published to a log
// group, and each network interface has a unique log stream in the log group. When
// publishing to Amazon S3, flow log records for all of the monitored network
// interfaces are published to a single log file object that is stored in the
// specified bucket.
//
// For more information, see [VPC Flow Logs] in the Amazon VPC User Guide.
//
// [Flow log records]: https://docs.aws.amazon.com/vpc/latest/userguide/flow-log-records.html
// [VPC Flow Logs]: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
CreateFlowLogs(ctx context.Context, params *ec2.CreateFlowLogsInput, optFns ...func(*Options)) (*ec2.CreateFlowLogsOutput, error)
// Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).
//
// The create operation is asynchronous. To verify that the AFI was successfully
// created and is ready for use, check the output logs.
//
// An AFI contains the FPGA bitstream that is ready to download to an FPGA. You
// can securely deploy an AFI on multiple FPGA-accelerated instances. For more
// information, see the [Amazon Web Services FPGA Hardware Development Kit].
//
// [Amazon Web Services FPGA Hardware Development Kit]: https://github.com/aws/aws-fpga/
CreateFpgaImage(ctx context.Context, params *ec2.CreateFpgaImageInput, optFns ...func(*Options)) (*ec2.CreateFpgaImageOutput, error)
// Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is
// either running or stopped.
//
// If you customized your instance with instance store volumes or Amazon EBS
// volumes in addition to the root device volume, the new AMI contains block device
// mapping information for those volumes. When you launch an instance from this new
// AMI, the instance automatically launches with those additional volumes.
//
// The location of the source instance determines where you can create the
// snapshots of the AMI:
//
// - If the source instance is in a Region, you must create the snapshots in the
// same Region as the instance.
//
// - If the source instance is in a Local Zone, you can create the snapshots in
// the same Local Zone or in its parent Region.
//
// For more information, see [Create an Amazon EBS-backed AMI] in the Amazon Elastic Compute Cloud User Guide.
//
// [Create an Amazon EBS-backed AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html
CreateImage(ctx context.Context, params *ec2.CreateImageInput, optFns ...func(*Options)) (*ec2.CreateImageOutput, error)
// Creates a report that shows how your image is used across other Amazon Web
// Services accounts. The report provides visibility into which accounts are using
// the specified image, and how many resources (EC2 instances or launch templates)
// are referencing it.
//
// For more information, see [View your AMI usage] in the Amazon EC2 User Guide.
//
// [View your AMI usage]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/your-ec2-ami-usage.html
CreateImageUsageReport(ctx context.Context, params *ec2.CreateImageUsageReportInput, optFns ...func(*Options)) (*ec2.CreateImageUsageReportOutput, error)
// Creates an EC2 Instance Connect Endpoint.
//
// An EC2 Instance Connect Endpoint allows you to connect to an instance, without
// requiring the instance to have a public IPv4 or public IPv6 address. For more
// information, see [Connect to your instances using EC2 Instance Connect Endpoint]in the Amazon EC2 User Guide.
//
// [Connect to your instances using EC2 Instance Connect Endpoint]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html
CreateInstanceConnectEndpoint(ctx context.Context, params *ec2.CreateInstanceConnectEndpointInput, optFns ...func(*Options)) (*ec2.CreateInstanceConnectEndpointOutput, error)
// Creates an event window in which scheduled events for the associated Amazon EC2
// instances can run.
//
// You can define either a set of time ranges or a cron expression when creating
// the event window, but not both. All event window times are in UTC.
//
// You can create up to 200 event windows per Amazon Web Services Region.
//
// When you create the event window, targets (instance IDs, Dedicated Host IDs, or
// tags) are not yet associated with it. To ensure that the event window can be
// used, you must associate one or more targets with it by using the AssociateInstanceEventWindowAPI.
//
// Event windows are applicable only for scheduled events that stop, reboot, or
// terminate instances.
//
// Event windows are not applicable for:
//
// - Expedited scheduled events and network maintenance events.
//
// - Unscheduled maintenance such as AutoRecovery and unplanned reboots.
//
// For more information, see [Define event windows for scheduled events] in the Amazon EC2 User Guide.
//
// [Define event windows for scheduled events]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html
CreateInstanceEventWindow(ctx context.Context, params *ec2.CreateInstanceEventWindowInput, optFns ...func(*Options)) (*ec2.CreateInstanceEventWindowOutput, error)
// Exports a running or stopped instance to an Amazon S3 bucket.
//
// For information about the prerequisites for your Amazon S3 bucket, supported
// operating systems, image formats, and known limitations for the types of
// instances you can export, see [Exporting an instance as a VM Using VM Import/Export]in the VM Import/Export User Guide.
//
// [Exporting an instance as a VM Using VM Import/Export]: https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html
CreateInstanceExportTask(ctx context.Context, params *ec2.CreateInstanceExportTaskInput, optFns ...func(*Options)) (*ec2.CreateInstanceExportTaskOutput, error)
// Creates an internet gateway for use with a VPC. After creating the internet
// gateway, you attach it to a VPC using AttachInternetGateway.
//
// For more information, see [Internet gateways] in the Amazon VPC User Guide.
//
// [Internet gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
CreateInternetGateway(ctx context.Context, params *ec2.CreateInternetGatewayInput, optFns ...func(*Options)) (*ec2.CreateInternetGatewayOutput, error)
// Create an IPAM. Amazon VPC IP Address Manager (IPAM) is a VPC feature that you
// can use to automate your IP address management workflows including assigning,
// tracking, troubleshooting, and auditing IP addresses across Amazon Web Services
// Regions and accounts throughout your Amazon Web Services Organization.
//
// For more information, see [Create an IPAM] in the Amazon VPC IPAM User Guide.
//
// [Create an IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/create-ipam.html
CreateIpam(ctx context.Context, params *ec2.CreateIpamInput, optFns ...func(*Options)) (*ec2.CreateIpamOutput, error)
// Create a verification token.
//
// A verification token is an Amazon Web Services-generated random value that you
// can use to prove ownership of an external resource. For example, you can use a
// verification token to validate that you control a public IP address range when
// you bring an IP address range to Amazon Web Services (BYOIP).
CreateIpamExternalResourceVerificationToken(ctx context.Context, params *ec2.CreateIpamExternalResourceVerificationTokenInput, optFns ...func(*Options)) (*ec2.CreateIpamExternalResourceVerificationTokenOutput, error)
// Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a
// pool is a collection of contiguous IP addresses CIDRs. Pools enable you to
// organize your IP addresses according to your routing and security needs. For
// example, if you have separate routing and security needs for development and
// production applications, you can create a pool for each.
//
// For more information, see [Create a top-level pool] in the Amazon VPC IPAM User Guide.
//
// [Create a top-level pool]: https://docs.aws.amazon.com/vpc/latest/ipam/create-top-ipam.html
CreateIpamPool(ctx context.Context, params *ec2.CreateIpamPoolInput, optFns ...func(*Options)) (*ec2.CreateIpamPoolOutput, error)
// Creates an IPAM prefix list resolver.
//
// An IPAM prefix list resolver is a component that manages the synchronization
// between IPAM's CIDR selection rules and customer-managed prefix lists. It
// automates connectivity configurations by selecting CIDRs from IPAM's database
// based on your business logic and synchronizing them with prefix lists used in
// resources such as VPC route tables and security groups.
//
// For more information about IPAM prefix list resolver, see [Automate prefix list updates with IPAM] in the Amazon VPC
// IPAM User Guide.
//
// [Automate prefix list updates with IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/automate-prefix-list-updates.html
CreateIpamPrefixListResolver(ctx context.Context, params *ec2.CreateIpamPrefixListResolverInput, optFns ...func(*Options)) (*ec2.CreateIpamPrefixListResolverOutput, error)
// Creates an IPAM prefix list resolver target.
//
// An IPAM prefix list resolver target is an association between a specific
// customer-managed prefix list and an IPAM prefix list resolver. The target
// enables the resolver to synchronize CIDRs selected by its rules into the
// specified prefix list, which can then be referenced in Amazon Web Services
// resources.
//
// For more information about IPAM prefix list resolver, see [Automate prefix list updates with IPAM] in the Amazon VPC
// IPAM User Guide.
//
// [Automate prefix list updates with IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/automate-prefix-list-updates.html
CreateIpamPrefixListResolverTarget(ctx context.Context, params *ec2.CreateIpamPrefixListResolverTargetInput, optFns ...func(*Options)) (*ec2.CreateIpamPrefixListResolverTargetOutput, error)
// Creates an IPAM resource discovery. A resource discovery is an IPAM component
// that enables IPAM to manage and monitor resources that belong to the owning
// account.
CreateIpamResourceDiscovery(ctx context.Context, params *ec2.CreateIpamResourceDiscoveryInput, optFns ...func(*Options)) (*ec2.CreateIpamResourceDiscoveryOutput, error)
// Create an IPAM scope. In IPAM, a scope is the highest-level container within
// IPAM. An IPAM contains two default scopes. Each scope represents the IP space
// for a single network. The private scope is intended for all private IP address
// space. The public scope is intended for all public IP address space. Scopes
// enable you to reuse IP addresses across multiple unconnected networks without
// causing IP address overlap or conflict.
//
// For more information, see [Add a scope] in the Amazon VPC IPAM User Guide.
//
// [Add a scope]: https://docs.aws.amazon.com/vpc/latest/ipam/add-scope-ipam.html
CreateIpamScope(ctx context.Context, params *ec2.CreateIpamScopeInput, optFns ...func(*Options)) (*ec2.CreateIpamScopeOutput, error)
// Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the
// specified format. Amazon EC2 stores the public key and displays the private key
// for you to save to a file. The private key is returned as an unencrypted PEM
// encoded PKCS#1 private key or an unencrypted PPK formatted private key for use
// with PuTTY. If a key with the specified name already exists, Amazon EC2 returns
// an error.
//
// The key pair returned to you is available only in the Amazon Web Services
// Region in which you create it. If you prefer, you can create your own key pair
// using a third-party tool and upload it to any Region using ImportKeyPair.
//
// You can have up to 5,000 key pairs per Amazon Web Services Region.
//
// For more information, see [Amazon EC2 key pairs] in the Amazon EC2 User Guide.
//
// [Amazon EC2 key pairs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
CreateKeyPair(ctx context.Context, params *ec2.CreateKeyPairInput, optFns ...func(*Options)) (*ec2.CreateKeyPairOutput, error)
// Creates a launch template.
//
// A launch template contains the parameters to launch an instance. When you
// launch an instance using RunInstances, you can specify a launch template instead of
// providing the launch parameters in the request. For more information, see [Store instance launch parameters in Amazon EC2 launch templates]in
// the Amazon EC2 User Guide.
//
// To clone an existing launch template as the basis for a new launch template,
// use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a
// template. For more information, see [Create a launch template from an existing launch template]in the Amazon EC2 User Guide.
//
// [Create a launch template from an existing launch template]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#create-launch-template-from-existing-launch-template
// [Store instance launch parameters in Amazon EC2 launch templates]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html
CreateLaunchTemplate(ctx context.Context, params *ec2.CreateLaunchTemplateInput, optFns ...func(*Options)) (*ec2.CreateLaunchTemplateOutput, error)
// Creates a new version of a launch template. You must specify an existing launch
// template, either by name or ID. You can determine whether the new version
// inherits parameters from a source version, and add or overwrite parameters as
// needed.
//
// Launch template versions are numbered in the order in which they are created.
// You can't specify, change, or replace the numbering of launch template versions.
//
// Launch templates are immutable; after you create a launch template, you can't
// modify it. Instead, you can create a new version of the launch template that
// includes the changes that you require.
//
// For more information, see [Modify a launch template (manage launch template versions)] in the Amazon EC2 User Guide.
//
// [Modify a launch template (manage launch template versions)]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-launch-template-versions.html
CreateLaunchTemplateVersion(ctx context.Context, params *ec2.CreateLaunchTemplateVersionInput, optFns ...func(*Options)) (*ec2.CreateLaunchTemplateVersionOutput, error)
// Creates a static route for the specified local gateway route table. You must
// specify one of the following targets:
//
// - LocalGatewayVirtualInterfaceGroupId
//
// - NetworkInterfaceId
CreateLocalGatewayRoute(ctx context.Context, params *ec2.CreateLocalGatewayRouteInput, optFns ...func(*Options)) (*ec2.CreateLocalGatewayRouteOutput, error)
// Creates a local gateway route table.
CreateLocalGatewayRouteTable(ctx context.Context, params *ec2.CreateLocalGatewayRouteTableInput, optFns ...func(*Options)) (*ec2.CreateLocalGatewayRouteTableOutput, error)
// Creates a local gateway route table virtual interface group association.
CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation(ctx context.Context, params *ec2.CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociationInput, optFns ...func(*Options)) (*ec2.CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociationOutput, error)
// Associates the specified VPC with the specified local gateway route table.
CreateLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *ec2.CreateLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*ec2.CreateLocalGatewayRouteTableVpcAssociationOutput, error)
// Create a virtual interface for a local gateway.
CreateLocalGatewayVirtualInterface(ctx context.Context, params *ec2.CreateLocalGatewayVirtualInterfaceInput, optFns ...func(*Options)) (*ec2.CreateLocalGatewayVirtualInterfaceOutput, error)
// Create a local gateway virtual interface group.
CreateLocalGatewayVirtualInterfaceGroup(ctx context.Context, params *ec2.CreateLocalGatewayVirtualInterfaceGroupInput, optFns ...func(*Options)) (*ec2.CreateLocalGatewayVirtualInterfaceGroupOutput, error)
// Creates a System Integrity Protection (SIP) modification task to configure the
// SIP settings for an x86 Mac instance or Apple silicon Mac instance. For more
// information, see [Configure SIP for Amazon EC2 instances]in the Amazon EC2 User Guide.
//
// When you configure the SIP settings for your instance, you can either enable or
// disable all SIP settings, or you can specify a custom SIP configuration that
// selectively enables or disables specific SIP settings.
//
// If you implement a custom configuration, [connect to the instance and verify the settings] to ensure that your requirements are
// properly implemented and functioning as intended.
//
// SIP configurations might change with macOS updates. We recommend that you
// review custom SIP settings after any macOS version upgrade to ensure continued
// compatibility and proper functionality of your security configurations.
//
// To enable or disable all SIP settings, use the
// MacSystemIntegrityProtectionStatus parameter only. For example, to enable all
// SIP settings, specify the following:
//
// - MacSystemIntegrityProtectionStatus=enabled
//
// To specify a custom configuration that selectively enables or disables specific
// SIP settings, use the MacSystemIntegrityProtectionStatus parameter to enable or
// disable all SIP settings, and then use the
// MacSystemIntegrityProtectionConfiguration parameter to specify exceptions. In
// this case, the exceptions you specify for
// MacSystemIntegrityProtectionConfiguration override the value you specify for
// MacSystemIntegrityProtectionStatus. For example, to enable all SIP settings,
// except NvramProtections , specify the following:
//
// - MacSystemIntegrityProtectionStatus=enabled
//
// - MacSystemIntegrityProtectionConfigurationRequest "NvramProtections=disabled"
//
// [Configure SIP for Amazon EC2 instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/mac-sip-settings.html#mac-sip-configure
// [connect to the instance and verify the settings]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/mac-sip-settings.html#mac-sip-check-settings
CreateMacSystemIntegrityProtectionModificationTask(ctx context.Context, params *ec2.CreateMacSystemIntegrityProtectionModificationTaskInput, optFns ...func(*Options)) (*ec2.CreateMacSystemIntegrityProtectionModificationTaskOutput, error)
// Creates a managed prefix list. You can specify entries for the prefix list.
// Each entry consists of a CIDR block and an optional description.
CreateManagedPrefixList(ctx context.Context, params *ec2.CreateManagedPrefixListInput, optFns ...func(*Options)) (*ec2.CreateManagedPrefixListOutput, error)
// Creates a NAT gateway in the specified subnet. This action creates a network
// interface in the specified subnet with a private IP address from the IP address
// range of the subnet. You can create either a public NAT gateway or a private NAT
// gateway.
//
// With a public NAT gateway, internet-bound traffic from a private subnet can be
// routed to the NAT gateway, so that instances in a private subnet can connect to
// the internet.
//
// With a private NAT gateway, private communication is routed across VPCs and
// on-premises networks through a transit gateway or virtual private gateway.
// Common use cases include running large workloads behind a small pool of
// allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating
// between overlapping networks.
//
// For more information, see [NAT gateways] in the Amazon VPC User Guide.
//
// When you create a public NAT gateway and assign it an EIP or secondary EIPs,
// the network border group of the EIPs must match the network border group of the
// Availability Zone (AZ) that the public NAT gateway is in. If it's not the same,
// the NAT gateway will fail to launch. You can see the network border group for
// the subnet's AZ by viewing the details of the subnet. Similarly, you can view
// the network border group of an EIP by viewing the details of the EIP address.
// For more information about network border groups and EIPs, see [Allocate an Elastic IP address]in the Amazon
// VPC User Guide.
//
// [NAT gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
// [Allocate an Elastic IP address]: https://docs.aws.amazon.com/vpc/latest/userguide/WorkWithEIPs.html
CreateNatGateway(ctx context.Context, params *ec2.CreateNatGatewayInput, optFns ...func(*Options)) (*ec2.CreateNatGatewayOutput, error)
// Creates a network ACL in a VPC. Network ACLs provide an optional layer of
// security (in addition to security groups) for the instances in your VPC.
//
// For more information, see [Network ACLs] in the Amazon VPC User Guide.
//
// [Network ACLs]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
CreateNetworkAcl(ctx context.Context, params *ec2.CreateNetworkAclInput, optFns ...func(*Options)) (*ec2.CreateNetworkAclOutput, error)
// Creates an entry (a rule) in a network ACL with the specified rule number. Each
// network ACL has a set of numbered ingress rules and a separate set of numbered
// egress rules. When determining whether a packet should be allowed in or out of a
// subnet associated with the ACL, we process the entries in the ACL according to
// the rule numbers, in ascending order. Each network ACL has a set of ingress
// rules and a separate set of egress rules.
//
// We recommend that you leave room between the rule numbers (for example, 100,
// 110, 120, ...), and not number them one right after the other (for example, 101,
// 102, 103, ...). This makes it easier to add a rule between existing ones without
// having to renumber the rules.
//
// After you add an entry, you can't modify it; you must either replace it, or
// create an entry and delete the old one.
//
// For more information about network ACLs, see [Network ACLs] in the Amazon VPC User Guide.
//
// [Network ACLs]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
CreateNetworkAclEntry(ctx context.Context, params *ec2.CreateNetworkAclEntryInput, optFns ...func(*Options)) (*ec2.CreateNetworkAclEntryOutput, error)
// Creates a Network Access Scope.
//
// Amazon Web Services Network Access Analyzer enables cloud networking and cloud
// operations teams to verify that their networks on Amazon Web Services conform to
// their network security and governance objectives. For more information, see the [Amazon Web Services Network Access Analyzer Guide]
// .
//
// [Amazon Web Services Network Access Analyzer Guide]: https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/
CreateNetworkInsightsAccessScope(ctx context.Context, params *ec2.CreateNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*ec2.CreateNetworkInsightsAccessScopeOutput, error)
// Creates a path to analyze for reachability.
//
// Reachability Analyzer enables you to analyze and debug network reachability
// between two resources in your virtual private cloud (VPC). For more information,
// see the [Reachability Analyzer Guide].
//
// [Reachability Analyzer Guide]: https://docs.aws.amazon.com/vpc/latest/reachability/
CreateNetworkInsightsPath(ctx context.Context, params *ec2.CreateNetworkInsightsPathInput, optFns ...func(*Options)) (*ec2.CreateNetworkInsightsPathOutput, error)
// Creates a network interface in the specified subnet.
//
// The number of IP addresses you can assign to a network interface varies by
// instance type.
//
// For more information about network interfaces, see [Elastic network interfaces] in the Amazon EC2 User
// Guide.
//
// [Elastic network interfaces]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
CreateNetworkInterface(ctx context.Context, params *ec2.CreateNetworkInterfaceInput, optFns ...func(*Options)) (*ec2.CreateNetworkInterfaceOutput, error)
// Grants an Amazon Web Services-authorized account permission to attach the
// specified network interface to an instance in their account.
//
// You can grant permission to a single Amazon Web Services account only, and only
// one account at a time.
CreateNetworkInterfacePermission(ctx context.Context, params *ec2.CreateNetworkInterfacePermissionInput, optFns ...func(*Options)) (*ec2.CreateNetworkInterfacePermissionOutput, error)
// Creates a placement group in which to launch instances. The strategy of the
// placement group determines how the instances are organized within the group.
//
// A cluster placement group is a logical grouping of instances within a single
// Availability Zone that benefit from low network latency, high network
// throughput. A spread placement group places instances on distinct hardware. A
// partition placement group places groups of instances in different partitions,
// where instances in one partition do not share the same hardware with instances
// in another partition.
//
// For more information, see [Placement groups] in the Amazon EC2 User Guide.
//
// [Placement groups]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
CreatePlacementGroup(ctx context.Context, params *ec2.CreatePlacementGroupInput, optFns ...func(*Options)) (*ec2.CreatePlacementGroupOutput, error)
// Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address
// pool required for the public IPv4 CIDRs that you own and bring to Amazon Web
// Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services,
// however, use IPAM pools only. To monitor the status of pool creation, use [DescribePublicIpv4Pools].
//
// [DescribePublicIpv4Pools]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html
CreatePublicIpv4Pool(ctx context.Context, params *ec2.CreatePublicIpv4PoolInput, optFns ...func(*Options)) (*ec2.CreatePublicIpv4PoolOutput, error)
// Replaces the EBS-backed root volume for a running instance with a new volume
// that is restored to the original root volume's launch state, that is restored to
// a specific snapshot taken from the original root volume, or that is restored
// from an AMI that has the same key characteristics as that of the instance.
//
// For more information, see [Replace a root volume] in the Amazon EC2 User Guide.
//
// [Replace a root volume]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replace-root.html
CreateReplaceRootVolumeTask(ctx context.Context, params *ec2.CreateReplaceRootVolumeTaskInput, optFns ...func(*Options)) (*ec2.CreateReplaceRootVolumeTaskOutput, error)
// Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the
// Reserved Instance Marketplace. You can submit one Standard Reserved Instance
// listing at a time. To get a list of your Standard Reserved Instances, you can
// use the DescribeReservedInstancesoperation.
//
// Only Standard Reserved Instances can be sold in the Reserved Instance
// Marketplace. Convertible Reserved Instances cannot be sold.
//
// The Reserved Instance Marketplace matches sellers who want to resell Standard
// Reserved Instance capacity that they no longer need with buyers who want to
// purchase additional capacity. Reserved Instances bought and sold through the
// Reserved Instance Marketplace work like any other Reserved Instances.
//
// To sell your Standard Reserved Instances, you must first register as a seller
// in the Reserved Instance Marketplace. After completing the registration process,
// you can create a Reserved Instance Marketplace listing of some or all of your
// Standard Reserved Instances, and specify the upfront price to receive for them.
// Your Standard Reserved Instance listings then become available for purchase. To
// view the details of your Standard Reserved Instance listing, you can use the DescribeReservedInstancesListings
// operation.
//
// For more information, see [Sell in the Reserved Instance Marketplace] in the Amazon EC2 User Guide.
//
// [Sell in the Reserved Instance Marketplace]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html
CreateReservedInstancesListing(ctx context.Context, params *ec2.CreateReservedInstancesListingInput, optFns ...func(*Options)) (*ec2.CreateReservedInstancesListingOutput, error)
// Starts a task that restores an AMI from an Amazon S3 object that was previously
// created by using [CreateStoreImageTask].
//
// To use this API, you must have the required permissions. For more information,
// see [Permissions for storing and restoring AMIs using S3]in the Amazon EC2 User Guide.
//
// For more information, see [Store and restore an AMI using S3] in the Amazon EC2 User Guide.
//
// [CreateStoreImageTask]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html
// [Store and restore an AMI using S3]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html
// [Permissions for storing and restoring AMIs using S3]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-ami-store-restore.html#ami-s3-permissions
CreateRestoreImageTask(ctx context.Context, params *ec2.CreateRestoreImageTaskInput, optFns ...func(*Options)) (*ec2.CreateRestoreImageTaskOutput, error)
// Creates a route in a route table within a VPC.
//
// You must specify either a destination CIDR block or a prefix list ID. You must
// also specify exactly one of the resources from the parameter list.
//
// When determining how to route traffic, we use the route with the most specific
// match. For example, traffic is destined for the IPv4 address 192.0.2.3 , and the
// route table includes the following two IPv4 routes:
//
// - 192.0.2.0/24 (goes to some target A)
//
// - 192.0.2.0/28 (goes to some target B)
//
// Both routes apply to the traffic destined for 192.0.2.3 . However, the second
// route in the list covers a smaller number of IP addresses and is therefore more
// specific, so we use that route to determine where to target the traffic.
//
// For more information about route tables, see [Route tables] in the Amazon VPC User Guide.
//
// [Route tables]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html
CreateRoute(ctx context.Context, params *ec2.CreateRouteInput, optFns ...func(*Options)) (*ec2.CreateRouteOutput, error)
// Creates a new route server to manage dynamic routing in a VPC.
//
// Amazon VPC Route Server simplifies routing for traffic between workloads that
// are deployed within a VPC and its internet gateways. With this feature, VPC
// Route Server dynamically updates VPC and internet gateway route tables with your
// preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those
// workloads. This enables you to automatically reroute traffic within a VPC, which
// increases the manageability of VPC routing and interoperability with third-party
// workloads.
//
// Route server supports the follow route table types:
//
// - VPC route tables not associated with subnets
//
// - Subnet route tables
//
// - Internet gateway route tables
//
// Route server does not support route tables associated with virtual private
// gateways. To propagate routes into a transit gateway route table, use [Transit Gateway Connect].
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
// [Transit Gateway Connect]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html
CreateRouteServer(ctx context.Context, params *ec2.CreateRouteServerInput, optFns ...func(*Options)) (*ec2.CreateRouteServerOutput, error)
// Creates a new endpoint for a route server in a specified subnet.
//
// A route server endpoint is an Amazon Web Services-managed component inside a
// subnet that facilitates [BGP (Border Gateway Protocol)]connections between your route server and your BGP
// peers.
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
// [BGP (Border Gateway Protocol)]: https://en.wikipedia.org/wiki/Border_Gateway_Protocol
CreateRouteServerEndpoint(ctx context.Context, params *ec2.CreateRouteServerEndpointInput, optFns ...func(*Options)) (*ec2.CreateRouteServerEndpointOutput, error)
// Creates a new BGP peer for a specified route server endpoint.
//
// A route server peer is a session between a route server endpoint and the device
// deployed in Amazon Web Services (such as a firewall appliance or other network
// security function running on an EC2 instance). The device must meet these
// requirements:
//
// - Have an elastic network interface in the VPC
//
// - Support BGP (Border Gateway Protocol)
//
// - Can initiate BGP sessions
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
CreateRouteServerPeer(ctx context.Context, params *ec2.CreateRouteServerPeerInput, optFns ...func(*Options)) (*ec2.CreateRouteServerPeerOutput, error)
// Creates a route table for the specified VPC. After you create a route table,
// you can add routes and associate the table with a subnet.
//
// For more information, see [Route tables] in the Amazon VPC User Guide.
//
// [Route tables]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html
CreateRouteTable(ctx context.Context, params *ec2.CreateRouteTableInput, optFns ...func(*Options)) (*ec2.CreateRouteTableOutput, error)
// Creates a security group.
//
// A security group acts as a virtual firewall for your instance to control
// inbound and outbound traffic. For more information, see [Amazon EC2 security groups]in the Amazon EC2 User
// Guide and [Security groups for your VPC]in the Amazon VPC User Guide.
//
// When you create a security group, you specify a friendly name of your choice.
// You can't have two security groups for the same VPC with the same name.
//
// You have a default security group for use in your VPC. If you don't specify a
// security group when you launch an instance, the instance is launched into the
// appropriate default security group. A default security group includes a default
// rule that grants instances unrestricted network access to each other.
//
// You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress.
//
// For more information about VPC security group limits, see [Amazon VPC Limits].
//
// [Amazon VPC Limits]: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html
// [Amazon EC2 security groups]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
// [Security groups for your VPC]: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html
CreateSecurityGroup(ctx context.Context, params *ec2.CreateSecurityGroupInput, optFns ...func(*Options)) (*ec2.CreateSecurityGroupOutput, error)
// Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use
// snapshots for backups, to make copies of EBS volumes, and to save data before
// shutting down an instance.
//
// The location of the source EBS volume determines where you can create the
// snapshot.
//
// - If the source volume is in a Region, you must create the snapshot in the
// same Region as the volume.
//
// - If the source volume is in a Local Zone, you can create the snapshot in the
// same Local Zone or in its parent Amazon Web Services Region.
//
// - If the source volume is on an Outpost, you can create the snapshot on the
// same Outpost or in its parent Amazon Web Services Region.
//
// When a snapshot is created, any Amazon Web Services Marketplace product codes
// that are associated with the source volume are propagated to the snapshot.
//
// You can take a snapshot of an attached volume that is in use. However,
// snapshots only capture data that has been written to your Amazon EBS volume at
// the time the snapshot command is issued; this might exclude any data that has
// been cached by any applications or the operating system. If you can pause any
// file systems on the volume long enough to take a snapshot, your snapshot should
// be complete. However, if you cannot pause all file writes to the volume, you
// should unmount the volume from within the instance, issue the snapshot command,
// and then remount the volume to ensure a consistent and complete snapshot. You
// may remount and use your volume while the snapshot status is pending .
//
// When you create a snapshot for an EBS volume that serves as a root device, we
// recommend that you stop the instance before taking the snapshot.
//
// Snapshots that are taken from encrypted volumes are automatically encrypted.
// Volumes that are created from encrypted snapshots are also automatically
// encrypted. Your encrypted volumes and any associated snapshots always remain
// protected. For more information, see [Amazon EBS encryption]in the Amazon EBS User Guide.
//
// [Amazon EBS encryption]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html
CreateSnapshot(ctx context.Context, params *ec2.CreateSnapshotInput, optFns ...func(*Options)) (*ec2.CreateSnapshotOutput, error)
// Creates crash-consistent snapshots of multiple EBS volumes attached to an
// Amazon EC2 instance. Volumes are chosen by specifying an instance. Each volume
// attached to the specified instance will produce one snapshot that is
// crash-consistent across the instance. You can include all of the volumes
// currently attached to the instance, or you can exclude the root volume or
// specific data (non-root) volumes from the multi-volume snapshot set.
//
// The location of the source instance determines where you can create the
// snapshots.
//
// - If the source instance is in a Region, you must create the snapshots in the
// same Region as the instance.
//
// - If the source instance is in a Local Zone, you can create the snapshots in
// the same Local Zone or in its parent Amazon Web Services Region.
//
// - If the source instance is on an Outpost, you can create the snapshots on
// the same Outpost or in its parent Amazon Web Services Region.
CreateSnapshots(ctx context.Context, params *ec2.CreateSnapshotsInput, optFns ...func(*Options)) (*ec2.CreateSnapshotsOutput, error)
// Creates a data feed for Spot Instances, enabling you to view Spot Instance
// usage logs. You can create one data feed per Amazon Web Services account. For
// more information, see [Spot Instance data feed]in the Amazon EC2 User Guide.
//
// [Spot Instance data feed]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html
CreateSpotDatafeedSubscription(ctx context.Context, params *ec2.CreateSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*ec2.CreateSpotDatafeedSubscriptionOutput, error)
// Stores an AMI as a single object in an Amazon S3 bucket.
//
// To use this API, you must have the required permissions. For more information,
// see [Permissions for storing and restoring AMIs using S3]in the Amazon EC2 User Guide.
//
// For more information, see [Store and restore an AMI using S3] in the Amazon EC2 User Guide.
//
// [Store and restore an AMI using S3]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html
// [Permissions for storing and restoring AMIs using S3]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-ami-store-restore.html#ami-s3-permissions
CreateStoreImageTask(ctx context.Context, params *ec2.CreateStoreImageTaskInput, optFns ...func(*Options)) (*ec2.CreateStoreImageTaskOutput, error)
// Creates a subnet in the specified VPC. For an IPv4 only subnet, specify an IPv4
// CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only
// subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6
// CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6
// CIDR block.
//
// A subnet CIDR block must not overlap the CIDR block of an existing subnet in
// the VPC. After you create a subnet, you can't change its CIDR block.
//
// The allowed size for an IPv4 subnet is between a /28 netmask (16 IP addresses)
// and a /16 netmask (65,536 IP addresses). Amazon Web Services reserves both the
// first four and the last IPv4 address in each subnet's CIDR block. They're not
// available for your use.
//
// If you've associated an IPv6 CIDR block with your VPC, you can associate an
// IPv6 CIDR block with a subnet when you create it.
//
// If you add more than one subnet to a VPC, they're set up in a star topology
// with a logical router in the middle.
//
// When you stop an instance in a subnet, it retains its private IPv4 address.
// It's therefore possible to have a subnet with no running instances (they're all
// stopped), but no remaining IP addresses available.
//
// For more information, see [Subnets] in the Amazon VPC User Guide.
//
// [Subnets]: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html
CreateSubnet(ctx context.Context, params *ec2.CreateSubnetInput, optFns ...func(*Options)) (*ec2.CreateSubnetOutput, error)
// Creates a subnet CIDR reservation. For more information, see [Subnet CIDR reservations] in the Amazon VPC
// User Guide and [Manage prefixes for your network interfaces]in the Amazon EC2 User Guide.
//
// [Subnet CIDR reservations]: https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html
// [Manage prefixes for your network interfaces]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-prefixes.html
CreateSubnetCidrReservation(ctx context.Context, params *ec2.CreateSubnetCidrReservationInput, optFns ...func(*Options)) (*ec2.CreateSubnetCidrReservationOutput, error)
// Adds or overwrites only the specified tags for the specified Amazon EC2
// resource or resources. When you specify an existing tag key, the value is
// overwritten with the new value. Each resource can have a maximum of 50 tags.
// Each tag consists of a key and optional value. Tag keys must be unique per
// resource.
//
// For more information about tags, see [Tag your Amazon EC2 resources] in the Amazon Elastic Compute Cloud User
// Guide. For more information about creating IAM policies that control users'
// access to resources based on tags, see [Supported resource-level permissions for Amazon EC2 API actions]in the Amazon Elastic Compute Cloud User
// Guide.
//
// [Supported resource-level permissions for Amazon EC2 API actions]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-iam-actions-resources.html
// [Tag your Amazon EC2 resources]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
CreateTags(ctx context.Context, params *ec2.CreateTagsInput, optFns ...func(*Options)) (*ec2.CreateTagsOutput, error)
// Creates a Traffic Mirror filter.
//
// A Traffic Mirror filter is a set of rules that defines the traffic to mirror.
//
// By default, no traffic is mirrored. To mirror traffic, use [CreateTrafficMirrorFilterRule] to add Traffic
// Mirror rules to the filter. The rules you add define what traffic gets mirrored.
// You can also use [ModifyTrafficMirrorFilterNetworkServices]to mirror supported network services.
//
// [CreateTrafficMirrorFilterRule]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.htm
// [ModifyTrafficMirrorFilterNetworkServices]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyTrafficMirrorFilterNetworkServices.html
CreateTrafficMirrorFilter(ctx context.Context, params *ec2.CreateTrafficMirrorFilterInput, optFns ...func(*Options)) (*ec2.CreateTrafficMirrorFilterOutput, error)
// Creates a Traffic Mirror filter rule.
//
// A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.
//
// You need the Traffic Mirror filter ID when you create the rule.
CreateTrafficMirrorFilterRule(ctx context.Context, params *ec2.CreateTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*ec2.CreateTrafficMirrorFilterRuleOutput, error)
// Creates a Traffic Mirror session.
//
// A Traffic Mirror session actively copies packets from a Traffic Mirror source
// to a Traffic Mirror target. Create a filter, and then assign it to the session
// to define a subset of the traffic to mirror, for example all TCP traffic.
//
// The Traffic Mirror source and the Traffic Mirror target (monitoring appliances)
// can be in the same VPC, or in a different VPC connected via VPC peering or a
// transit gateway.
//
// By default, no traffic is mirrored. Use [CreateTrafficMirrorFilter] to create filter rules that specify
// the traffic to mirror.
//
// [CreateTrafficMirrorFilter]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilter.html
CreateTrafficMirrorSession(ctx context.Context, params *ec2.CreateTrafficMirrorSessionInput, optFns ...func(*Options)) (*ec2.CreateTrafficMirrorSessionOutput, error)
// Creates a target for your Traffic Mirror session.
//
// A Traffic Mirror target is the destination for mirrored traffic. The Traffic
// Mirror source and the Traffic Mirror target (monitoring appliances) can be in
// the same VPC, or in different VPCs connected via VPC peering or a transit
// gateway.
//
// A Traffic Mirror target can be a network interface, a Network Load Balancer, or
// a Gateway Load Balancer endpoint.
//
// To use the target in a Traffic Mirror session, use [CreateTrafficMirrorSession].
//
// [CreateTrafficMirrorSession]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.htm
CreateTrafficMirrorTarget(ctx context.Context, params *ec2.CreateTrafficMirrorTargetInput, optFns ...func(*Options)) (*ec2.CreateTrafficMirrorTargetOutput, error)
// Creates a transit gateway.
//
// You can use a transit gateway to interconnect your virtual private clouds (VPC)
// and on-premises networks. After the transit gateway enters the available state,
// you can attach your VPCs and VPN connections to the transit gateway.
//
// To attach your VPCs, use CreateTransitGatewayVpcAttachment.
//
// To attach a VPN connection, use CreateCustomerGateway to create a customer gateway and specify the
// ID of the customer gateway and the ID of the transit gateway in a call to CreateVpnConnection.
//
// When you create a transit gateway, we create a default transit gateway route
// table and use it as the default association route table and the default
// propagation route table. You can use CreateTransitGatewayRouteTableto create additional transit gateway route
// tables. If you disable automatic route propagation, we do not create a default
// transit gateway route table. You can use EnableTransitGatewayRouteTablePropagationto propagate routes from a resource
// attachment to a transit gateway route table. If you disable automatic
// associations, you can use AssociateTransitGatewayRouteTableto associate a resource attachment with a transit
// gateway route table.
CreateTransitGateway(ctx context.Context, params *ec2.CreateTransitGatewayInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayOutput, error)
// Creates a Connect attachment from a specified transit gateway attachment. A
// Connect attachment is a GRE-based tunnel attachment that you can use to
// establish a connection between a transit gateway and an appliance.
//
// A Connect attachment uses an existing VPC or Amazon Web Services Direct Connect
// attachment as the underlying transport mechanism.
CreateTransitGatewayConnect(ctx context.Context, params *ec2.CreateTransitGatewayConnectInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayConnectOutput, error)
// Creates a Connect peer for a specified transit gateway Connect attachment
// between a transit gateway and an appliance.
//
// The peer address and transit gateway address must be the same IP address family
// (IPv4 or IPv6).
//
// For more information, see [Connect peers] in the Amazon Web Services Transit Gateways Guide.
//
// [Connect peers]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html#tgw-connect-peer
CreateTransitGatewayConnectPeer(ctx context.Context, params *ec2.CreateTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayConnectPeerOutput, error)
// Creates a multicast domain using the specified transit gateway.
//
// The transit gateway must be in the available state before you create a domain.
// Use [DescribeTransitGateways]to see the state of transit gateway.
//
// [DescribeTransitGateways]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html
CreateTransitGatewayMulticastDomain(ctx context.Context, params *ec2.CreateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayMulticastDomainOutput, error)
// Requests a transit gateway peering attachment between the specified transit
// gateway (requester) and a peer transit gateway (accepter). The peer transit
// gateway can be in your account or a different Amazon Web Services account.
//
// After you create the peering attachment, the owner of the accepter transit
// gateway must accept the attachment request.
CreateTransitGatewayPeeringAttachment(ctx context.Context, params *ec2.CreateTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayPeeringAttachmentOutput, error)
// Creates a transit gateway policy table.
CreateTransitGatewayPolicyTable(ctx context.Context, params *ec2.CreateTransitGatewayPolicyTableInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayPolicyTableOutput, error)
// Creates a reference (route) to a prefix list in a specified transit gateway
// route table.
CreateTransitGatewayPrefixListReference(ctx context.Context, params *ec2.CreateTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayPrefixListReferenceOutput, error)
// Creates a static route for the specified transit gateway route table.
CreateTransitGatewayRoute(ctx context.Context, params *ec2.CreateTransitGatewayRouteInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayRouteOutput, error)
// Creates a route table for the specified transit gateway.
CreateTransitGatewayRouteTable(ctx context.Context, params *ec2.CreateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayRouteTableOutput, error)
// Advertises a new transit gateway route table.
CreateTransitGatewayRouteTableAnnouncement(ctx context.Context, params *ec2.CreateTransitGatewayRouteTableAnnouncementInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayRouteTableAnnouncementOutput, error)
// Attaches the specified VPC to the specified transit gateway.
//
// If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC
// that is already attached, the new VPC CIDR range is not propagated to the
// default propagation route table.
//
// To send VPC traffic to an attached transit gateway, add a route to the VPC
// route table using CreateRoute.
CreateTransitGatewayVpcAttachment(ctx context.Context, params *ec2.CreateTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ec2.CreateTransitGatewayVpcAttachmentOutput, error)
// An Amazon Web Services Verified Access endpoint is where you define your
// application along with an optional endpoint-level access policy.
CreateVerifiedAccessEndpoint(ctx context.Context, params *ec2.CreateVerifiedAccessEndpointInput, optFns ...func(*Options)) (*ec2.CreateVerifiedAccessEndpointOutput, error)
// An Amazon Web Services Verified Access group is a collection of Amazon Web
// Services Verified Access endpoints who's associated applications have similar
// security requirements. Each instance within a Verified Access group shares an
// Verified Access policy. For example, you can group all Verified Access instances
// associated with "sales" applications together and use one common Verified Access
// policy.
CreateVerifiedAccessGroup(ctx context.Context, params *ec2.CreateVerifiedAccessGroupInput, optFns ...func(*Options)) (*ec2.CreateVerifiedAccessGroupOutput, error)
// An Amazon Web Services Verified Access instance is a regional entity that
// evaluates application requests and grants access only when your security
// requirements are met.
CreateVerifiedAccessInstance(ctx context.Context, params *ec2.CreateVerifiedAccessInstanceInput, optFns ...func(*Options)) (*ec2.CreateVerifiedAccessInstanceOutput, error)
// A trust provider is a third-party entity that creates, maintains, and manages
// identity information for users and devices. When an application request is made,
// the identity information sent by the trust provider is evaluated by Verified
// Access before allowing or denying the application request.
CreateVerifiedAccessTrustProvider(ctx context.Context, params *ec2.CreateVerifiedAccessTrustProviderInput, optFns ...func(*Options)) (*ec2.CreateVerifiedAccessTrustProviderOutput, error)
// Creates an EBS volume that can be attached to an instance in the same
// Availability Zone.
//
// You can create a new empty volume or restore a volume from an EBS snapshot. Any
// Amazon Web Services Marketplace product codes from the snapshot are propagated
// to the volume.
//
// You can create encrypted volumes. Encrypted volumes must be attached to
// instances that support Amazon EBS encryption. Volumes that are created from
// encrypted snapshots are also automatically encrypted. For more information, see [Amazon EBS encryption]
// in the Amazon EBS User Guide.
//
// You can tag your volumes during creation. For more information, see [Tag your Amazon EC2 resources] in the
// Amazon EC2 User Guide.
//
// For more information, see [Create an Amazon EBS volume] in the Amazon EBS User Guide.
//
// [Amazon EBS encryption]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html
// [Create an Amazon EBS volume]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-creating-volume.html
// [Tag your Amazon EC2 resources]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
CreateVolume(ctx context.Context, params *ec2.CreateVolumeInput, optFns ...func(*Options)) (*ec2.CreateVolumeOutput, error)
// Creates a VPC with the specified CIDR blocks.
//
// A VPC must have an associated IPv4 CIDR block. You can choose an IPv4 CIDR
// block or an IPAM-allocated IPv4 CIDR block. You can optionally associate an IPv6
// CIDR block with a VPC. You can choose an IPv6 CIDR block, an Amazon-provided
// IPv6 CIDR block, an IPAM-allocated IPv6 CIDR block, or an IPv6 CIDR block that
// you brought to Amazon Web Services. For more information, see [IP addressing for your VPCs and subnets]in the Amazon VPC
// User Guide.
//
// By default, each instance that you launch in the VPC has the default DHCP
// options, which include only a default DNS server that we provide
// (AmazonProvidedDNS). For more information, see [DHCP option sets]in the Amazon VPC User Guide.
//
// You can specify DNS options and tenancy for a VPC when you create it. You can't
// change the tenancy of a VPC after you create it. For more information, see [VPC configuration options]in
// the Amazon VPC User Guide.
//
// [VPC configuration options]: https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc-options.html
// [DHCP option sets]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html
// [IP addressing for your VPCs and subnets]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html
CreateVpc(ctx context.Context, params *ec2.CreateVpcInput, optFns ...func(*Options)) (*ec2.CreateVpcOutput, error)
// Create a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode
// that can be applied to a single VPC or subnet that exempts it from the account’s
// BPA mode and will allow bidirectional or egress-only access. You can create BPA
// exclusions for VPCs and subnets even when BPA is not enabled on the account to
// ensure that there is no traffic disruption to the exclusions when VPC BPA is
// turned on. To learn more about VPC BPA, see [Block public access to VPCs and subnets]in the Amazon VPC User Guide.
//
// [Block public access to VPCs and subnets]: https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html
CreateVpcBlockPublicAccessExclusion(ctx context.Context, params *ec2.CreateVpcBlockPublicAccessExclusionInput, optFns ...func(*Options)) (*ec2.CreateVpcBlockPublicAccessExclusionOutput, error)
// Creates a VPC endpoint. A VPC endpoint provides a private connection between
// the specified VPC and the specified endpoint service. You can use an endpoint
// service provided by Amazon Web Services, an Amazon Web Services Marketplace
// Partner, or another Amazon Web Services account. For more information, see the [Amazon Web Services PrivateLink User Guide].
//
// [Amazon Web Services PrivateLink User Guide]: https://docs.aws.amazon.com/vpc/latest/privatelink/
CreateVpcEndpoint(ctx context.Context, params *ec2.CreateVpcEndpointInput, optFns ...func(*Options)) (*ec2.CreateVpcEndpointOutput, error)
// Creates a connection notification for a specified VPC endpoint or VPC endpoint
// service. A connection notification notifies you of specific endpoint events. You
// must create an SNS topic to receive notifications. For more information, see [Creating an Amazon SNS topic]in
// the Amazon SNS Developer Guide.
//
// You can create a connection notification for interface endpoints only.
//
// [Creating an Amazon SNS topic]: https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html
CreateVpcEndpointConnectionNotification(ctx context.Context, params *ec2.CreateVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*ec2.CreateVpcEndpointConnectionNotificationOutput, error)
// Creates a VPC endpoint service to which service consumers (Amazon Web Services
// accounts, users, and IAM roles) can connect.
//
// Before you create an endpoint service, you must create one of the following for
// your service:
//
// - A [Network Load Balancer]. Service consumers connect to your service using an interface endpoint.
//
// - A [Gateway Load Balancer]. Service consumers connect to your service using a Gateway Load Balancer
// endpoint.
//
// If you set the private DNS name, you must prove that you own the private DNS
// domain name.
//
// For more information, see the [Amazon Web Services PrivateLink Guide].
//
// [Gateway Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/
// [Network Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/
// [Amazon Web Services PrivateLink Guide]: https://docs.aws.amazon.com/vpc/latest/privatelink/
CreateVpcEndpointServiceConfiguration(ctx context.Context, params *ec2.CreateVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*ec2.CreateVpcEndpointServiceConfigurationOutput, error)
// Requests a VPC peering connection between two VPCs: a requester VPC that you
// own and an accepter VPC with which to create the connection. The accepter VPC
// can belong to another Amazon Web Services account and can be in a different
// Region to the requester VPC. The requester VPC and accepter VPC cannot have
// overlapping CIDR blocks.
//
// Limitations and rules apply to a VPC peering connection. For more information,
// see the [VPC peering limitations]in the VPC Peering Guide.
//
// The owner of the accepter VPC must accept the peering request to activate the
// peering connection. The VPC peering connection request expires after 7 days,
// after which it cannot be accepted or rejected.
//
// If you create a VPC peering connection request between VPCs with overlapping
// CIDR blocks, the VPC peering connection has a status of failed .
//
// [VPC peering limitations]: https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations
CreateVpcPeeringConnection(ctx context.Context, params *ec2.CreateVpcPeeringConnectionInput, optFns ...func(*Options)) (*ec2.CreateVpcPeeringConnectionOutput, error)
// Creates a VPN connection between an existing virtual private gateway or transit
// gateway and a customer gateway. The supported connection type is ipsec.1 .
//
// The response includes information that you need to give to your network
// administrator to configure your customer gateway.
//
// We strongly recommend that you use HTTPS when calling this operation because
// the response contains sensitive cryptographic information for configuring your
// customer gateway device.
//
// If you decide to shut down your VPN connection for any reason and later create
// a new VPN connection, you must reconfigure your customer gateway with the new
// information returned from this call.
//
// This is an idempotent operation. If you perform the operation more than once,
// Amazon EC2 doesn't return an error.
//
// For more information, see [Amazon Web Services Site-to-Site VPN] in the Amazon Web Services Site-to-Site VPN User
// Guide.
//
// [Amazon Web Services Site-to-Site VPN]: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
CreateVpnConnection(ctx context.Context, params *ec2.CreateVpnConnectionInput, optFns ...func(*Options)) (*ec2.CreateVpnConnectionOutput, error)
// Creates a static route associated with a VPN connection between an existing
// virtual private gateway and a VPN customer gateway. The static route allows
// traffic to be routed from the virtual private gateway to the VPN customer
// gateway.
//
// For more information, see [Amazon Web Services Site-to-Site VPN] in the Amazon Web Services Site-to-Site VPN User
// Guide.
//
// [Amazon Web Services Site-to-Site VPN]: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
CreateVpnConnectionRoute(ctx context.Context, params *ec2.CreateVpnConnectionRouteInput, optFns ...func(*Options)) (*ec2.CreateVpnConnectionRouteOutput, error)
// Creates a virtual private gateway. A virtual private gateway is the endpoint on
// the VPC side of your VPN connection. You can create a virtual private gateway
// before creating the VPC itself.
//
// For more information, see [Amazon Web Services Site-to-Site VPN] in the Amazon Web Services Site-to-Site VPN User
// Guide.
//
// [Amazon Web Services Site-to-Site VPN]: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
CreateVpnGateway(ctx context.Context, params *ec2.CreateVpnGatewayInput, optFns ...func(*Options)) (*ec2.CreateVpnGatewayOutput, error)
// Deletes an existing Capacity Manager data export configuration. This stops
//
// future scheduled exports but does not delete previously exported files from S3.
DeleteCapacityManagerDataExport(ctx context.Context, params *ec2.DeleteCapacityManagerDataExportInput, optFns ...func(*Options)) (*ec2.DeleteCapacityManagerDataExportOutput, error)
// Deletes a carrier gateway.
//
// If you do not delete the route that contains the carrier gateway as the Target,
// the route is a blackhole route. For information about how to delete a route, see
// [DeleteRoute].
//
// [DeleteRoute]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteRoute.html
DeleteCarrierGateway(ctx context.Context, params *ec2.DeleteCarrierGatewayInput, optFns ...func(*Options)) (*ec2.DeleteCarrierGatewayOutput, error)
// Deletes the specified Client VPN endpoint. You must disassociate all target
// networks before you can delete a Client VPN endpoint.
DeleteClientVpnEndpoint(ctx context.Context, params *ec2.DeleteClientVpnEndpointInput, optFns ...func(*Options)) (*ec2.DeleteClientVpnEndpointOutput, error)
// Deletes a route from a Client VPN endpoint. You can only delete routes that you
// manually added using the CreateClientVpnRoute action. You cannot delete routes
// that were automatically added when associating a subnet. To remove routes that
// have been automatically added, disassociate the target subnet from the Client
// VPN endpoint.
DeleteClientVpnRoute(ctx context.Context, params *ec2.DeleteClientVpnRouteInput, optFns ...func(*Options)) (*ec2.DeleteClientVpnRouteOutput, error)
// Deletes a range of customer-owned IP addresses.
DeleteCoipCidr(ctx context.Context, params *ec2.DeleteCoipCidrInput, optFns ...func(*Options)) (*ec2.DeleteCoipCidrOutput, error)
// Deletes a pool of customer-owned IP (CoIP) addresses.
DeleteCoipPool(ctx context.Context, params *ec2.DeleteCoipPoolInput, optFns ...func(*Options)) (*ec2.DeleteCoipPoolOutput, error)
// Deletes the specified customer gateway. You must delete the VPN connection
// before you can delete the customer gateway.
DeleteCustomerGateway(ctx context.Context, params *ec2.DeleteCustomerGatewayInput, optFns ...func(*Options)) (*ec2.DeleteCustomerGatewayOutput, error)
// Deletes the specified set of DHCP options. You must disassociate the set of
// DHCP options before you can delete it. You can disassociate the set of DHCP
// options by associating either a new set of options or the default set of options
// with the VPC.
DeleteDhcpOptions(ctx context.Context, params *ec2.DeleteDhcpOptionsInput, optFns ...func(*Options)) (*ec2.DeleteDhcpOptionsOutput, error)
// Deletes an egress-only internet gateway.
DeleteEgressOnlyInternetGateway(ctx context.Context, params *ec2.DeleteEgressOnlyInternetGatewayInput, optFns ...func(*Options)) (*ec2.DeleteEgressOnlyInternetGatewayOutput, error)
// Deletes the specified EC2 Fleet request.
//
// After you delete an EC2 Fleet request, it launches no new instances.
//
// You must also specify whether a deleted EC2 Fleet request should terminate its
// instances. If you choose to terminate the instances, the EC2 Fleet request
// enters the deleted_terminating state. Otherwise, it enters the deleted_running
// state, and the instances continue to run until they are interrupted or you
// terminate them manually.
//
// A deleted instant fleet with running instances is not supported. When you
// delete an instant fleet, Amazon EC2 automatically terminates all its instances.
// For fleets with more than 1000 instances, the deletion request might fail. If
// your fleet has more than 1000 instances, first terminate most of the instances
// manually, leaving 1000 or fewer. Then delete the fleet, and the remaining
// instances will be terminated automatically.
//
// Terminating an instance is permanent and irreversible.
//
// After you terminate an instance, you can no longer connect to it, and it can't
// be recovered. All attached Amazon EBS volumes that are configured to be deleted
// on termination are also permanently deleted and can't be recovered. All data
// stored on instance store volumes is permanently lost. For more information, see [How instance termination works]
// .
//
// Before you terminate an instance, ensure that you have backed up all data that
// you need to retain after the termination to persistent storage.
//
// Restrictions
//
// - You can delete up to 25 fleets of type instant in a single request.
//
// - You can delete up to 100 fleets of type maintain or request in a single
// request.
//
// - You can delete up to 125 fleets in a single request, provided you do not
// exceed the quota for each fleet type, as specified above.
//
// - If you exceed the specified number of fleets to delete, no fleets are
// deleted.
//
// For more information, see [Delete an EC2 Fleet request and the instances in the fleet] in the Amazon EC2 User Guide.
//
// [How instance termination works]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-ec2-instance-termination-works.html
// [Delete an EC2 Fleet request and the instances in the fleet]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/delete-fleet.html
DeleteFleets(ctx context.Context, params *ec2.DeleteFleetsInput, optFns ...func(*Options)) (*ec2.DeleteFleetsOutput, error)
// Deletes one or more flow logs.
DeleteFlowLogs(ctx context.Context, params *ec2.DeleteFlowLogsInput, optFns ...func(*Options)) (*ec2.DeleteFlowLogsOutput, error)
// Deletes the specified Amazon FPGA Image (AFI).
DeleteFpgaImage(ctx context.Context, params *ec2.DeleteFpgaImageInput, optFns ...func(*Options)) (*ec2.DeleteFpgaImageOutput, error)
// Deletes the specified image usage report.
//
// For more information, see [View your AMI usage] in the Amazon EC2 User Guide.
//
// [View your AMI usage]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/your-ec2-ami-usage.html
DeleteImageUsageReport(ctx context.Context, params *ec2.DeleteImageUsageReportInput, optFns ...func(*Options)) (*ec2.DeleteImageUsageReportOutput, error)
// Deletes the specified EC2 Instance Connect Endpoint.
DeleteInstanceConnectEndpoint(ctx context.Context, params *ec2.DeleteInstanceConnectEndpointInput, optFns ...func(*Options)) (*ec2.DeleteInstanceConnectEndpointOutput, error)
// Deletes the specified event window.
//
// For more information, see [Define event windows for scheduled events] in the Amazon EC2 User Guide.
//
// [Define event windows for scheduled events]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html
DeleteInstanceEventWindow(ctx context.Context, params *ec2.DeleteInstanceEventWindowInput, optFns ...func(*Options)) (*ec2.DeleteInstanceEventWindowOutput, error)
// Deletes the specified internet gateway. You must detach the internet gateway
// from the VPC before you can delete it.
DeleteInternetGateway(ctx context.Context, params *ec2.DeleteInternetGatewayInput, optFns ...func(*Options)) (*ec2.DeleteInternetGatewayOutput, error)
// Delete an IPAM. Deleting an IPAM removes all monitored data associated with the
// IPAM including the historical data for CIDRs.
//
// For more information, see [Delete an IPAM] in the Amazon VPC IPAM User Guide.
//
// [Delete an IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/delete-ipam.html
DeleteIpam(ctx context.Context, params *ec2.DeleteIpamInput, optFns ...func(*Options)) (*ec2.DeleteIpamOutput, error)
// Delete a verification token.
//
// A verification token is an Amazon Web Services-generated random value that you
// can use to prove ownership of an external resource. For example, you can use a
// verification token to validate that you control a public IP address range when
// you bring an IP address range to Amazon Web Services (BYOIP).
DeleteIpamExternalResourceVerificationToken(ctx context.Context, params *ec2.DeleteIpamExternalResourceVerificationTokenInput, optFns ...func(*Options)) (*ec2.DeleteIpamExternalResourceVerificationTokenOutput, error)
// Delete an IPAM pool.
//
// You cannot delete an IPAM pool if there are allocations in it or CIDRs
// provisioned to it. To release allocations, see [ReleaseIpamPoolAllocation]. To deprovision pool CIDRs, see [DeprovisionIpamPoolCidr]
// .
//
// For more information, see [Delete a pool] in the Amazon VPC IPAM User Guide.
//
// [ReleaseIpamPoolAllocation]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html
// [Delete a pool]: https://docs.aws.amazon.com/vpc/latest/ipam/delete-pool-ipam.html
// [DeprovisionIpamPoolCidr]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html
DeleteIpamPool(ctx context.Context, params *ec2.DeleteIpamPoolInput, optFns ...func(*Options)) (*ec2.DeleteIpamPoolOutput, error)
// Deletes an IPAM prefix list resolver. Before deleting a resolver, you must
// first delete all resolver targets associated with it.
DeleteIpamPrefixListResolver(ctx context.Context, params *ec2.DeleteIpamPrefixListResolverInput, optFns ...func(*Options)) (*ec2.DeleteIpamPrefixListResolverOutput, error)
// Deletes an IPAM prefix list resolver target. This removes the association
// between the resolver and the managed prefix list, stopping automatic CIDR
// synchronization.
//
// For more information about IPAM prefix list resolver, see [Automate prefix list updates with IPAM] in the Amazon VPC
// IPAM User Guide.
//
// [Automate prefix list updates with IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/automate-prefix-list-updates.html
DeleteIpamPrefixListResolverTarget(ctx context.Context, params *ec2.DeleteIpamPrefixListResolverTargetInput, optFns ...func(*Options)) (*ec2.DeleteIpamPrefixListResolverTargetOutput, error)
// Deletes an IPAM resource discovery. A resource discovery is an IPAM component
// that enables IPAM to manage and monitor resources that belong to the owning
// account.
DeleteIpamResourceDiscovery(ctx context.Context, params *ec2.DeleteIpamResourceDiscoveryInput, optFns ...func(*Options)) (*ec2.DeleteIpamResourceDiscoveryOutput, error)
// Delete the scope for an IPAM. You cannot delete the default scopes.
//
// For more information, see [Delete a scope] in the Amazon VPC IPAM User Guide.
//
// [Delete a scope]: https://docs.aws.amazon.com/vpc/latest/ipam/delete-scope-ipam.html
DeleteIpamScope(ctx context.Context, params *ec2.DeleteIpamScopeInput, optFns ...func(*Options)) (*ec2.DeleteIpamScopeOutput, error)
// Deletes the specified key pair, by removing the public key from Amazon EC2.
DeleteKeyPair(ctx context.Context, params *ec2.DeleteKeyPairInput, optFns ...func(*Options)) (*ec2.DeleteKeyPairOutput, error)
// Deletes a launch template. Deleting a launch template deletes all of its
// versions.
DeleteLaunchTemplate(ctx context.Context, params *ec2.DeleteLaunchTemplateInput, optFns ...func(*Options)) (*ec2.DeleteLaunchTemplateOutput, error)
// Deletes one or more versions of a launch template.
//
// You can't delete the default version of a launch template; you must first
// assign a different version as the default. If the default version is the only
// version for the launch template, you must delete the entire launch template
// using DeleteLaunchTemplate.
//
// You can delete up to 200 launch template versions in a single request. To
// delete more than 200 versions in a single request, use DeleteLaunchTemplate, which deletes the
// launch template and all of its versions.
//
// For more information, see [Delete a launch template version] in the Amazon EC2 User Guide.
//
// [Delete a launch template version]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/delete-launch-template.html#delete-launch-template-version
DeleteLaunchTemplateVersions(ctx context.Context, params *ec2.DeleteLaunchTemplateVersionsInput, optFns ...func(*Options)) (*ec2.DeleteLaunchTemplateVersionsOutput, error)
// Deletes the specified route from the specified local gateway route table.
DeleteLocalGatewayRoute(ctx context.Context, params *ec2.DeleteLocalGatewayRouteInput, optFns ...func(*Options)) (*ec2.DeleteLocalGatewayRouteOutput, error)
// Deletes a local gateway route table.
DeleteLocalGatewayRouteTable(ctx context.Context, params *ec2.DeleteLocalGatewayRouteTableInput, optFns ...func(*Options)) (*ec2.DeleteLocalGatewayRouteTableOutput, error)
// Deletes a local gateway route table virtual interface group association.
DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation(ctx context.Context, params *ec2.DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociationInput, optFns ...func(*Options)) (*ec2.DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociationOutput, error)
// Deletes the specified association between a VPC and local gateway route table.
DeleteLocalGatewayRouteTableVpcAssociation(ctx context.Context, params *ec2.DeleteLocalGatewayRouteTableVpcAssociationInput, optFns ...func(*Options)) (*ec2.DeleteLocalGatewayRouteTableVpcAssociationOutput, error)
// Deletes the specified local gateway virtual interface.
DeleteLocalGatewayVirtualInterface(ctx context.Context, params *ec2.DeleteLocalGatewayVirtualInterfaceInput, optFns ...func(*Options)) (*ec2.DeleteLocalGatewayVirtualInterfaceOutput, error)
// Delete the specified local gateway interface group.
DeleteLocalGatewayVirtualInterfaceGroup(ctx context.Context, params *ec2.DeleteLocalGatewayVirtualInterfaceGroupInput, optFns ...func(*Options)) (*ec2.DeleteLocalGatewayVirtualInterfaceGroupOutput, error)
// Deletes the specified managed prefix list. You must first remove all references
// to the prefix list in your resources.
DeleteManagedPrefixList(ctx context.Context, params *ec2.DeleteManagedPrefixListInput, optFns ...func(*Options)) (*ec2.DeleteManagedPrefixListOutput, error)
// Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates
// its Elastic IP address, but does not release the address from your account.
// Deleting a NAT gateway does not delete any NAT gateway routes in your route
// tables.
DeleteNatGateway(ctx context.Context, params *ec2.DeleteNatGatewayInput, optFns ...func(*Options)) (*ec2.DeleteNatGatewayOutput, error)
// Deletes the specified network ACL. You can't delete the ACL if it's associated
// with any subnets. You can't delete the default network ACL.
DeleteNetworkAcl(ctx context.Context, params *ec2.DeleteNetworkAclInput, optFns ...func(*Options)) (*ec2.DeleteNetworkAclOutput, error)
// Deletes the specified ingress or egress entry (rule) from the specified network
// ACL.
DeleteNetworkAclEntry(ctx context.Context, params *ec2.DeleteNetworkAclEntryInput, optFns ...func(*Options)) (*ec2.DeleteNetworkAclEntryOutput, error)
// Deletes the specified Network Access Scope.
DeleteNetworkInsightsAccessScope(ctx context.Context, params *ec2.DeleteNetworkInsightsAccessScopeInput, optFns ...func(*Options)) (*ec2.DeleteNetworkInsightsAccessScopeOutput, error)
// Deletes the specified Network Access Scope analysis.
DeleteNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *ec2.DeleteNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*ec2.DeleteNetworkInsightsAccessScopeAnalysisOutput, error)
// Deletes the specified network insights analysis.
DeleteNetworkInsightsAnalysis(ctx context.Context, params *ec2.DeleteNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*ec2.DeleteNetworkInsightsAnalysisOutput, error)
// Deletes the specified path.
DeleteNetworkInsightsPath(ctx context.Context, params *ec2.DeleteNetworkInsightsPathInput, optFns ...func(*Options)) (*ec2.DeleteNetworkInsightsPathOutput, error)
// Deletes the specified network interface. You must detach the network interface
// before you can delete it.
DeleteNetworkInterface(ctx context.Context, params *ec2.DeleteNetworkInterfaceInput, optFns ...func(*Options)) (*ec2.DeleteNetworkInterfaceOutput, error)
// Deletes a permission for a network interface. By default, you cannot delete the
// permission if the account for which you're removing the permission has attached
// the network interface to an instance. However, you can force delete the
// permission, regardless of any attachment.
DeleteNetworkInterfacePermission(ctx context.Context, params *ec2.DeleteNetworkInterfacePermissionInput, optFns ...func(*Options)) (*ec2.DeleteNetworkInterfacePermissionOutput, error)
// Deletes the specified placement group. You must terminate all instances in the
// placement group before you can delete the placement group. For more information,
// see [Placement groups]in the Amazon EC2 User Guide.
//
// [Placement groups]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
DeletePlacementGroup(ctx context.Context, params *ec2.DeletePlacementGroupInput, optFns ...func(*Options)) (*ec2.DeletePlacementGroupOutput, error)
// Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool
// required for the public IPv4 CIDRs that you own and bring to Amazon Web Services
// to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however,
// use IPAM pools only.
DeletePublicIpv4Pool(ctx context.Context, params *ec2.DeletePublicIpv4PoolInput, optFns ...func(*Options)) (*ec2.DeletePublicIpv4PoolOutput, error)
// Deletes the queued purchases for the specified Reserved Instances.
DeleteQueuedReservedInstances(ctx context.Context, params *ec2.DeleteQueuedReservedInstancesInput, optFns ...func(*Options)) (*ec2.DeleteQueuedReservedInstancesOutput, error)
// Deletes the specified route from the specified route table.
DeleteRoute(ctx context.Context, params *ec2.DeleteRouteInput, optFns ...func(*Options)) (*ec2.DeleteRouteOutput, error)
// Deletes the specified route server.
//
// Amazon VPC Route Server simplifies routing for traffic between workloads that
// are deployed within a VPC and its internet gateways. With this feature, VPC
// Route Server dynamically updates VPC and internet gateway route tables with your
// preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those
// workloads. This enables you to automatically reroute traffic within a VPC, which
// increases the manageability of VPC routing and interoperability with third-party
// workloads.
//
// Route server supports the follow route table types:
//
// - VPC route tables not associated with subnets
//
// - Subnet route tables
//
// - Internet gateway route tables
//
// Route server does not support route tables associated with virtual private
// gateways. To propagate routes into a transit gateway route table, use [Transit Gateway Connect].
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
// [Transit Gateway Connect]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html
DeleteRouteServer(ctx context.Context, params *ec2.DeleteRouteServerInput, optFns ...func(*Options)) (*ec2.DeleteRouteServerOutput, error)
// Deletes the specified route server endpoint.
//
// A route server endpoint is an Amazon Web Services-managed component inside a
// subnet that facilitates [BGP (Border Gateway Protocol)]connections between your route server and your BGP
// peers.
//
// [BGP (Border Gateway Protocol)]: https://en.wikipedia.org/wiki/Border_Gateway_Protocol
DeleteRouteServerEndpoint(ctx context.Context, params *ec2.DeleteRouteServerEndpointInput, optFns ...func(*Options)) (*ec2.DeleteRouteServerEndpointOutput, error)
// Deletes the specified BGP peer from a route server.
//
// A route server peer is a session between a route server endpoint and the device
// deployed in Amazon Web Services (such as a firewall appliance or other network
// security function running on an EC2 instance). The device must meet these
// requirements:
//
// - Have an elastic network interface in the VPC
//
// - Support BGP (Border Gateway Protocol)
//
// - Can initiate BGP sessions
DeleteRouteServerPeer(ctx context.Context, params *ec2.DeleteRouteServerPeerInput, optFns ...func(*Options)) (*ec2.DeleteRouteServerPeerOutput, error)
// Deletes the specified route table. You must disassociate the route table from
// any subnets before you can delete it. You can't delete the main route table.
DeleteRouteTable(ctx context.Context, params *ec2.DeleteRouteTableInput, optFns ...func(*Options)) (*ec2.DeleteRouteTableOutput, error)
// Deletes a security group.
//
// If you attempt to delete a security group that is associated with an instance
// or network interface, is referenced by another security group in the same VPC,
// or has a VPC association, the operation fails with DependencyViolation .
DeleteSecurityGroup(ctx context.Context, params *ec2.DeleteSecurityGroupInput, optFns ...func(*Options)) (*ec2.DeleteSecurityGroupOutput, error)
// Deletes the specified snapshot.
//
// When you make periodic snapshots of a volume, the snapshots are incremental,
// and only the blocks on the device that have changed since your last snapshot are
// saved in the new snapshot. When you delete a snapshot, only the data not needed
// for any other snapshot is removed. So regardless of which prior snapshots have
// been deleted, all active snapshots will have access to all the information
// needed to restore the volume.
//
// You cannot delete a snapshot of the root device of an EBS volume used by a
// registered AMI. You must first deregister the AMI before you can delete the
// snapshot.
//
// For more information, see [Delete an Amazon EBS snapshot] in the Amazon EBS User Guide.
//
// [Delete an Amazon EBS snapshot]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-deleting-snapshot.html
DeleteSnapshot(ctx context.Context, params *ec2.DeleteSnapshotInput, optFns ...func(*Options)) (*ec2.DeleteSnapshotOutput, error)
// Deletes the data feed for Spot Instances.
DeleteSpotDatafeedSubscription(ctx context.Context, params *ec2.DeleteSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*ec2.DeleteSpotDatafeedSubscriptionOutput, error)
// Deletes the specified subnet. You must terminate all running instances in the
// subnet before you can delete the subnet.
DeleteSubnet(ctx context.Context, params *ec2.DeleteSubnetInput, optFns ...func(*Options)) (*ec2.DeleteSubnetOutput, error)
// Deletes a subnet CIDR reservation.
DeleteSubnetCidrReservation(ctx context.Context, params *ec2.DeleteSubnetCidrReservationInput, optFns ...func(*Options)) (*ec2.DeleteSubnetCidrReservationOutput, error)
// Deletes the specified set of tags from the specified set of resources.
//
// To list the current tags, use DescribeTags. For more information about tags, see [Tag your Amazon EC2 resources] in the
// Amazon Elastic Compute Cloud User Guide.
//
// [Tag your Amazon EC2 resources]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
DeleteTags(ctx context.Context, params *ec2.DeleteTagsInput, optFns ...func(*Options)) (*ec2.DeleteTagsOutput, error)
// Deletes the specified Traffic Mirror filter.
//
// You cannot delete a Traffic Mirror filter that is in use by a Traffic Mirror
// session.
DeleteTrafficMirrorFilter(ctx context.Context, params *ec2.DeleteTrafficMirrorFilterInput, optFns ...func(*Options)) (*ec2.DeleteTrafficMirrorFilterOutput, error)
// Deletes the specified Traffic Mirror rule.
DeleteTrafficMirrorFilterRule(ctx context.Context, params *ec2.DeleteTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*ec2.DeleteTrafficMirrorFilterRuleOutput, error)
// Deletes the specified Traffic Mirror session.
DeleteTrafficMirrorSession(ctx context.Context, params *ec2.DeleteTrafficMirrorSessionInput, optFns ...func(*Options)) (*ec2.DeleteTrafficMirrorSessionOutput, error)
// Deletes the specified Traffic Mirror target.
//
// You cannot delete a Traffic Mirror target that is in use by a Traffic Mirror
// session.
DeleteTrafficMirrorTarget(ctx context.Context, params *ec2.DeleteTrafficMirrorTargetInput, optFns ...func(*Options)) (*ec2.DeleteTrafficMirrorTargetOutput, error)
// Deletes the specified transit gateway.
DeleteTransitGateway(ctx context.Context, params *ec2.DeleteTransitGatewayInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayOutput, error)
// Deletes the specified Connect attachment. You must first delete any Connect
// peers for the attachment.
DeleteTransitGatewayConnect(ctx context.Context, params *ec2.DeleteTransitGatewayConnectInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayConnectOutput, error)
// Deletes the specified Connect peer.
DeleteTransitGatewayConnectPeer(ctx context.Context, params *ec2.DeleteTransitGatewayConnectPeerInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayConnectPeerOutput, error)
// Deletes the specified transit gateway multicast domain.
DeleteTransitGatewayMulticastDomain(ctx context.Context, params *ec2.DeleteTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayMulticastDomainOutput, error)
// Deletes a transit gateway peering attachment.
DeleteTransitGatewayPeeringAttachment(ctx context.Context, params *ec2.DeleteTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayPeeringAttachmentOutput, error)
// Deletes the specified transit gateway policy table.
DeleteTransitGatewayPolicyTable(ctx context.Context, params *ec2.DeleteTransitGatewayPolicyTableInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayPolicyTableOutput, error)
// Deletes a reference (route) to a prefix list in a specified transit gateway
// route table.
DeleteTransitGatewayPrefixListReference(ctx context.Context, params *ec2.DeleteTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayPrefixListReferenceOutput, error)
// Deletes the specified route from the specified transit gateway route table.
DeleteTransitGatewayRoute(ctx context.Context, params *ec2.DeleteTransitGatewayRouteInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayRouteOutput, error)
// Deletes the specified transit gateway route table. If there are any route
// tables associated with the transit gateway route table, you must first run DisassociateRouteTable
// before you can delete the transit gateway route table. This removes any route
// tables associated with the transit gateway route table.
DeleteTransitGatewayRouteTable(ctx context.Context, params *ec2.DeleteTransitGatewayRouteTableInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayRouteTableOutput, error)
// Advertises to the transit gateway that a transit gateway route table is deleted.
DeleteTransitGatewayRouteTableAnnouncement(ctx context.Context, params *ec2.DeleteTransitGatewayRouteTableAnnouncementInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayRouteTableAnnouncementOutput, error)
// Deletes the specified VPC attachment.
DeleteTransitGatewayVpcAttachment(ctx context.Context, params *ec2.DeleteTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ec2.DeleteTransitGatewayVpcAttachmentOutput, error)
// Delete an Amazon Web Services Verified Access endpoint.
DeleteVerifiedAccessEndpoint(ctx context.Context, params *ec2.DeleteVerifiedAccessEndpointInput, optFns ...func(*Options)) (*ec2.DeleteVerifiedAccessEndpointOutput, error)
// Delete an Amazon Web Services Verified Access group.
DeleteVerifiedAccessGroup(ctx context.Context, params *ec2.DeleteVerifiedAccessGroupInput, optFns ...func(*Options)) (*ec2.DeleteVerifiedAccessGroupOutput, error)
// Delete an Amazon Web Services Verified Access instance.
DeleteVerifiedAccessInstance(ctx context.Context, params *ec2.DeleteVerifiedAccessInstanceInput, optFns ...func(*Options)) (*ec2.DeleteVerifiedAccessInstanceOutput, error)
// Delete an Amazon Web Services Verified Access trust provider.
DeleteVerifiedAccessTrustProvider(ctx context.Context, params *ec2.DeleteVerifiedAccessTrustProviderInput, optFns ...func(*Options)) (*ec2.DeleteVerifiedAccessTrustProviderOutput, error)
// Deletes the specified EBS volume. The volume must be in the available state
// (not attached to an instance).
//
// The volume can remain in the deleting state for several minutes.
//
// For more information, see [Delete an Amazon EBS volume] in the Amazon EBS User Guide.
//
// [Delete an Amazon EBS volume]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-deleting-volume.html
DeleteVolume(ctx context.Context, params *ec2.DeleteVolumeInput, optFns ...func(*Options)) (*ec2.DeleteVolumeOutput, error)
// Deletes the specified VPC. You must detach or delete all gateways and resources
// that are associated with the VPC before you can delete it. For example, you must
// terminate all instances running in the VPC, delete all security groups
// associated with the VPC (except the default one), delete all route tables
// associated with the VPC (except the default one), and so on. When you delete the
// VPC, it deletes the default security group, network ACL, and route table for the
// VPC.
//
// If you created a flow log for the VPC that you are deleting, note that flow
// logs for deleted VPCs are eventually automatically removed.
DeleteVpc(ctx context.Context, params *ec2.DeleteVpcInput, optFns ...func(*Options)) (*ec2.DeleteVpcOutput, error)
// Delete a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode
// that can be applied to a single VPC or subnet that exempts it from the account’s
// BPA mode and will allow bidirectional or egress-only access. You can create BPA
// exclusions for VPCs and subnets even when BPA is not enabled on the account to
// ensure that there is no traffic disruption to the exclusions when VPC BPA is
// turned on. To learn more about VPC BPA, see [Block public access to VPCs and subnets]in the Amazon VPC User Guide.
//
// [Block public access to VPCs and subnets]: https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html
DeleteVpcBlockPublicAccessExclusion(ctx context.Context, params *ec2.DeleteVpcBlockPublicAccessExclusionInput, optFns ...func(*Options)) (*ec2.DeleteVpcBlockPublicAccessExclusionOutput, error)
// Deletes the specified VPC endpoint connection notifications.
DeleteVpcEndpointConnectionNotifications(ctx context.Context, params *ec2.DeleteVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*ec2.DeleteVpcEndpointConnectionNotificationsOutput, error)
// Deletes the specified VPC endpoint service configurations. Before you can
// delete an endpoint service configuration, you must reject any Available or
// PendingAcceptance interface endpoint connections that are attached to the
// service.
DeleteVpcEndpointServiceConfigurations(ctx context.Context, params *ec2.DeleteVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*ec2.DeleteVpcEndpointServiceConfigurationsOutput, error)
// Deletes the specified VPC endpoints.
//
// When you delete a gateway endpoint, we delete the endpoint routes in the route
// tables for the endpoint.
//
// When you delete a Gateway Load Balancer endpoint, we delete its endpoint
// network interfaces. You can only delete Gateway Load Balancer endpoints when the
// routes that are associated with the endpoint are deleted.
//
// When you delete an interface endpoint, we delete its endpoint network
// interfaces.
DeleteVpcEndpoints(ctx context.Context, params *ec2.DeleteVpcEndpointsInput, optFns ...func(*Options)) (*ec2.DeleteVpcEndpointsOutput, error)
// Deletes a VPC peering connection. Either the owner of the requester VPC or the
// owner of the accepter VPC can delete the VPC peering connection if it's in the
// active state. The owner of the requester VPC can delete a VPC peering connection
// in the pending-acceptance state. You cannot delete a VPC peering connection
// that's in the failed or rejected state.
DeleteVpcPeeringConnection(ctx context.Context, params *ec2.DeleteVpcPeeringConnectionInput, optFns ...func(*Options)) (*ec2.DeleteVpcPeeringConnectionOutput, error)
// Deletes the specified VPN connection.
//
// If you're deleting the VPC and its associated components, we recommend that you
// detach the virtual private gateway from the VPC and delete the VPC before
// deleting the VPN connection. If you believe that the tunnel credentials for your
// VPN connection have been compromised, you can delete the VPN connection and
// create a new one that has new keys, without needing to delete the VPC or virtual
// private gateway. If you create a new VPN connection, you must reconfigure the
// customer gateway device using the new configuration information returned with
// the new VPN connection ID.
//
// For certificate-based authentication, delete all Certificate Manager (ACM)
// private certificates used for the Amazon Web Services-side tunnel endpoints for
// the VPN connection before deleting the VPN connection.
DeleteVpnConnection(ctx context.Context, params *ec2.DeleteVpnConnectionInput, optFns ...func(*Options)) (*ec2.DeleteVpnConnectionOutput, error)
// Deletes the specified static route associated with a VPN connection between an
// existing virtual private gateway and a VPN customer gateway. The static route
// allows traffic to be routed from the virtual private gateway to the VPN customer
// gateway.
DeleteVpnConnectionRoute(ctx context.Context, params *ec2.DeleteVpnConnectionRouteInput, optFns ...func(*Options)) (*ec2.DeleteVpnConnectionRouteOutput, error)
// Deletes the specified virtual private gateway. You must first detach the
// virtual private gateway from the VPC. Note that you don't need to delete the
// virtual private gateway if you plan to delete and recreate the VPN connection
// between your VPC and your network.
DeleteVpnGateway(ctx context.Context, params *ec2.DeleteVpnGatewayInput, optFns ...func(*Options)) (*ec2.DeleteVpnGatewayOutput, error)
// Releases the specified address range that you provisioned for use with your
// Amazon Web Services resources through bring your own IP addresses (BYOIP) and
// deletes the corresponding address pool.
//
// Before you can release an address range, you must stop advertising it and you
// must not have any IP addresses allocated from its address range.
DeprovisionByoipCidr(ctx context.Context, params *ec2.DeprovisionByoipCidrInput, optFns ...func(*Options)) (*ec2.DeprovisionByoipCidrOutput, error)
// Deprovisions your Autonomous System Number (ASN) from your Amazon Web Services
// account. This action can only be called after any BYOIP CIDR associations are
// removed from your Amazon Web Services account with [DisassociateIpamByoasn]. For more information, see [Tutorial: Bring your ASN to IPAM]
// in the Amazon VPC IPAM guide.
//
// [DisassociateIpamByoasn]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIpamByoasn.html
// [Tutorial: Bring your ASN to IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html
DeprovisionIpamByoasn(ctx context.Context, params *ec2.DeprovisionIpamByoasnInput, optFns ...func(*Options)) (*ec2.DeprovisionIpamByoasnOutput, error)
// Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR
// from a pool that has a source pool, the CIDR is recycled back into the source
// pool. For more information, see [Deprovision pool CIDRs]in the Amazon VPC IPAM User Guide.
//
// [Deprovision pool CIDRs]: https://docs.aws.amazon.com/vpc/latest/ipam/depro-pool-cidr-ipam.html
DeprovisionIpamPoolCidr(ctx context.Context, params *ec2.DeprovisionIpamPoolCidrInput, optFns ...func(*Options)) (*ec2.DeprovisionIpamPoolCidrOutput, error)
// Deprovision a CIDR from a public IPv4 pool.
DeprovisionPublicIpv4PoolCidr(ctx context.Context, params *ec2.DeprovisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*ec2.DeprovisionPublicIpv4PoolCidrOutput, error)
// Deregisters the specified AMI. A deregistered AMI can't be used to launch new
// instances.
//
// If a deregistered EBS-backed AMI matches a Recycle Bin retention rule, it moves
// to the Recycle Bin for the specified retention period. It can be restored before
// its retention period expires, after which it is permanently deleted. If the
// deregistered AMI doesn't match a retention rule, it is permanently deleted
// immediately. For more information, see [Recover deleted Amazon EBS snapshots and EBS-backed AMIs with Recycle Bin]in the Amazon EBS User Guide.
//
// When deregistering an EBS-backed AMI, you can optionally delete its associated
// snapshots at the same time. However, if a snapshot is associated with multiple
// AMIs, it won't be deleted even if specified for deletion, although the AMI will
// still be deregistered.
//
// Deregistering an AMI does not delete the following:
//
// - Instances already launched from the AMI. You'll continue to incur usage
// costs for the instances until you terminate them.
//
// - For EBS-backed AMIs: Snapshots that are associated with multiple AMIs.
// You'll continue to incur snapshot storage costs.
//
// - For instance store-backed AMIs: The files uploaded to Amazon S3 during AMI
// creation. You'll continue to incur S3 storage costs.
//
// For more information, see [Deregister an Amazon EC2 AMI] in the Amazon EC2 User Guide.
//
// [Deregister an Amazon EC2 AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html
// [Recover deleted Amazon EBS snapshots and EBS-backed AMIs with Recycle Bin]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html
DeregisterImage(ctx context.Context, params *ec2.DeregisterImageInput, optFns ...func(*Options)) (*ec2.DeregisterImageOutput, error)
// Deregisters tag keys to prevent tags that have the specified tag keys from
// being included in scheduled event notifications for resources in the Region.
DeregisterInstanceEventNotificationAttributes(ctx context.Context, params *ec2.DeregisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*ec2.DeregisterInstanceEventNotificationAttributesOutput, error)
// Deregisters the specified members (network interfaces) from the transit gateway
// multicast group.
DeregisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *ec2.DeregisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*ec2.DeregisterTransitGatewayMulticastGroupMembersOutput, error)
// Deregisters the specified sources (network interfaces) from the transit gateway
// multicast group.
DeregisterTransitGatewayMulticastGroupSources(ctx context.Context, params *ec2.DeregisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*ec2.DeregisterTransitGatewayMulticastGroupSourcesOutput, error)
// Describes attributes of your Amazon Web Services account. The following are the
// supported account attributes:
//
// - default-vpc : The ID of the default VPC for your account, or none .
//
// - max-instances : This attribute is no longer supported. The returned value
// does not reflect your actual vCPU limit for running On-Demand Instances. For
// more information, see [On-Demand Instance Limits]in the Amazon Elastic Compute Cloud User Guide.
//
// - max-elastic-ips : The maximum number of Elastic IP addresses that you can
// allocate.
//
// - supported-platforms : This attribute is deprecated.
//
// - vpc-max-elastic-ips : The maximum number of Elastic IP addresses that you
// can allocate.
//
// - vpc-max-security-groups-per-interface : The maximum number of security
// groups that you can assign to a network interface.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [On-Demand Instance Limits]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits
DescribeAccountAttributes(ctx context.Context, params *ec2.DescribeAccountAttributesInput, optFns ...func(*Options)) (*ec2.DescribeAccountAttributesOutput, error)
// Describes an Elastic IP address transfer. For more information, see [Transfer Elastic IP addresses] in the
// Amazon VPC User Guide.
//
// When you transfer an Elastic IP address, there is a two-step handshake between
// the source and transfer Amazon Web Services accounts. When the source account
// starts the transfer, the transfer account has seven days to accept the Elastic
// IP address transfer. During those seven days, the source account can view the
// pending transfer by using this action. After seven days, the transfer expires
// and ownership of the Elastic IP address returns to the source account. Accepted
// transfers are visible to the source account for 14 days after the transfers have
// been accepted.
//
// [Transfer Elastic IP addresses]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro
DescribeAddressTransfers(ctx context.Context, params *ec2.DescribeAddressTransfersInput, optFns ...func(*Options)) (*ec2.DescribeAddressTransfersOutput, error)
// Describes the specified Elastic IP addresses or all of your Elastic IP
// addresses.
DescribeAddresses(ctx context.Context, params *ec2.DescribeAddressesInput, optFns ...func(*Options)) (*ec2.DescribeAddressesOutput, error)
// Describes the attributes of the specified Elastic IP addresses. For
// requirements, see [Using reverse DNS for email applications].
//
// [Using reverse DNS for email applications]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS
DescribeAddressesAttribute(ctx context.Context, params *ec2.DescribeAddressesAttributeInput, optFns ...func(*Options)) (*ec2.DescribeAddressesAttributeOutput, error)
// Describes the longer ID format settings for all resource types in a specific
// Region. This request is useful for performing a quick audit to determine whether
// a specific Region is fully opted in for longer IDs (17-character IDs).
//
// This request only returns information about resource types that support longer
// IDs.
//
// The following resource types support longer IDs: bundle | conversion-task |
// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
// | export-task | flow-log | image | import-task | instance | internet-gateway |
// network-acl | network-acl-association | network-interface |
// network-interface-attachment | prefix-list | reservation | route-table |
// route-table-association | security-group | snapshot | subnet |
// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway .
DescribeAggregateIdFormat(ctx context.Context, params *ec2.DescribeAggregateIdFormatInput, optFns ...func(*Options)) (*ec2.DescribeAggregateIdFormatOutput, error)
// Describes the Availability Zones, Local Zones, and Wavelength Zones that are
// available to you.
//
// For more information about Availability Zones, Local Zones, and Wavelength
// Zones, see [Regions and zones]in the Amazon EC2 User Guide.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Regions and zones]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
DescribeAvailabilityZones(ctx context.Context, params *ec2.DescribeAvailabilityZonesInput, optFns ...func(*Options)) (*ec2.DescribeAvailabilityZonesOutput, error)
// Describes the current Infrastructure Performance metric subscriptions.
DescribeAwsNetworkPerformanceMetricSubscriptions(ctx context.Context, params *ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsInput, optFns ...func(*Options)) (*ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, error)
// Describes the specified bundle tasks or all of your bundle tasks.
//
// Completed bundle tasks are listed for only a limited time. If your bundle task
// is no longer in the list, you can still register an AMI from it. Just use
// RegisterImage with the Amazon S3 bucket name and image manifest name you
// provided to the bundle task.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
DescribeBundleTasks(ctx context.Context, params *ec2.DescribeBundleTasksInput, optFns ...func(*Options)) (*ec2.DescribeBundleTasksOutput, error)
// Describes the IP address ranges that were provisioned for use with Amazon Web
// Services resources through through bring your own IP addresses (BYOIP).
DescribeByoipCidrs(ctx context.Context, params *ec2.DescribeByoipCidrsInput, optFns ...func(*Options)) (*ec2.DescribeByoipCidrsOutput, error)
// Describes the events for the specified Capacity Block extension during the
// specified time.
DescribeCapacityBlockExtensionHistory(ctx context.Context, params *ec2.DescribeCapacityBlockExtensionHistoryInput, optFns ...func(*Options)) (*ec2.DescribeCapacityBlockExtensionHistoryOutput, error)
// Describes Capacity Block extension offerings available for purchase in the
// Amazon Web Services Region that you're currently using.
DescribeCapacityBlockExtensionOfferings(ctx context.Context, params *ec2.DescribeCapacityBlockExtensionOfferingsInput, optFns ...func(*Options)) (*ec2.DescribeCapacityBlockExtensionOfferingsOutput, error)
// Describes Capacity Block offerings available for purchase in the Amazon Web
// Services Region that you're currently using. With Capacity Blocks, you can
// purchase a specific GPU instance type or EC2 UltraServer for a period of time.
//
// To search for an available Capacity Block offering, you specify a reservation
// duration and instance count.
DescribeCapacityBlockOfferings(ctx context.Context, params *ec2.DescribeCapacityBlockOfferingsInput, optFns ...func(*Options)) (*ec2.DescribeCapacityBlockOfferingsOutput, error)
// Describes the availability of capacity for the specified Capacity blocks, or
// all of your Capacity Blocks.
DescribeCapacityBlockStatus(ctx context.Context, params *ec2.DescribeCapacityBlockStatusInput, optFns ...func(*Options)) (*ec2.DescribeCapacityBlockStatusOutput, error)
// Describes details about Capacity Blocks in the Amazon Web Services Region that
// you're currently using.
DescribeCapacityBlocks(ctx context.Context, params *ec2.DescribeCapacityBlocksInput, optFns ...func(*Options)) (*ec2.DescribeCapacityBlocksOutput, error)
// Describes one or more Capacity Manager data export configurations. Returns
//
// information about export settings, delivery status, and recent export activity.
DescribeCapacityManagerDataExports(ctx context.Context, params *ec2.DescribeCapacityManagerDataExportsInput, optFns ...func(*Options)) (*ec2.DescribeCapacityManagerDataExportsOutput, error)
// Describes a request to assign the billing of the unused capacity of a Capacity
// Reservation. For more information, see [Billing assignment for shared Amazon EC2 Capacity Reservations].
//
// [Billing assignment for shared Amazon EC2 Capacity Reservations]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/transfer-billing.html
DescribeCapacityReservationBillingRequests(ctx context.Context, params *ec2.DescribeCapacityReservationBillingRequestsInput, optFns ...func(*Options)) (*ec2.DescribeCapacityReservationBillingRequestsOutput, error)
// Describes one or more Capacity Reservation Fleets.
DescribeCapacityReservationFleets(ctx context.Context, params *ec2.DescribeCapacityReservationFleetsInput, optFns ...func(*Options)) (*ec2.DescribeCapacityReservationFleetsOutput, error)
// Describes a tree-based hierarchy that represents the physical host placement of
// your pending or active Capacity Reservations within an Availability Zone or
// Local Zone. You can use this information to determine the relative proximity of
// your capacity within the Amazon Web Services network before it is launched and
// use this information to allocate capacity together to support your tightly
// coupled workloads.
//
// Capacity Reservation topology is supported for specific instance types only.
// For more information, see [Prerequisites for Amazon EC2 instance topology]in the Amazon EC2 User Guide.
//
// The Amazon EC2 API follows an eventual consistency model due to the distributed
// nature of the system supporting it. As a result, when you call the
// DescribeCapacityReservationTopology API command immediately after launching
// instances, the response might return a null value for capacityBlockId because
// the data might not have fully propagated across all subsystems. For more
// information, see [Eventual consistency in the Amazon EC2 API]in the Amazon EC2 Developer Guide.
//
// For more information, see [Amazon EC2 topology] in the Amazon EC2 User Guide.
//
// [Prerequisites for Amazon EC2 instance topology]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-topology-prerequisites.html
// [Amazon EC2 topology]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-topology.html
// [Eventual consistency in the Amazon EC2 API]: https://docs.aws.amazon.com/ec2/latest/devguide/eventual-consistency.html
DescribeCapacityReservationTopology(ctx context.Context, params *ec2.DescribeCapacityReservationTopologyInput, optFns ...func(*Options)) (*ec2.DescribeCapacityReservationTopologyOutput, error)
// Describes one or more of your Capacity Reservations. The results describe only
// the Capacity Reservations in the Amazon Web Services Region that you're
// currently using.
DescribeCapacityReservations(ctx context.Context, params *ec2.DescribeCapacityReservationsInput, optFns ...func(*Options)) (*ec2.DescribeCapacityReservationsOutput, error)
// Describes one or more of your carrier gateways.
DescribeCarrierGateways(ctx context.Context, params *ec2.DescribeCarrierGatewaysInput, optFns ...func(*Options)) (*ec2.DescribeCarrierGatewaysOutput, error)
// This action is deprecated.
//
// Describes your linked EC2-Classic instances. This request only returns
// information about EC2-Classic instances linked to a VPC through ClassicLink. You
// cannot use this request to return information about other instances.
DescribeClassicLinkInstances(ctx context.Context, params *ec2.DescribeClassicLinkInstancesInput, optFns ...func(*Options)) (*ec2.DescribeClassicLinkInstancesOutput, error)
// Describes the authorization rules for a specified Client VPN endpoint.
DescribeClientVpnAuthorizationRules(ctx context.Context, params *ec2.DescribeClientVpnAuthorizationRulesInput, optFns ...func(*Options)) (*ec2.DescribeClientVpnAuthorizationRulesOutput, error)
// Describes active client connections and connections that have been terminated
// within the last 60 minutes for the specified Client VPN endpoint.
DescribeClientVpnConnections(ctx context.Context, params *ec2.DescribeClientVpnConnectionsInput, optFns ...func(*Options)) (*ec2.DescribeClientVpnConnectionsOutput, error)
// Describes one or more Client VPN endpoints in the account.
DescribeClientVpnEndpoints(ctx context.Context, params *ec2.DescribeClientVpnEndpointsInput, optFns ...func(*Options)) (*ec2.DescribeClientVpnEndpointsOutput, error)
// Describes the routes for the specified Client VPN endpoint.
DescribeClientVpnRoutes(ctx context.Context, params *ec2.DescribeClientVpnRoutesInput, optFns ...func(*Options)) (*ec2.DescribeClientVpnRoutesOutput, error)
// Describes the target networks associated with the specified Client VPN endpoint.
DescribeClientVpnTargetNetworks(ctx context.Context, params *ec2.DescribeClientVpnTargetNetworksInput, optFns ...func(*Options)) (*ec2.DescribeClientVpnTargetNetworksOutput, error)
// Describes the specified customer-owned address pools or all of your
// customer-owned address pools.
DescribeCoipPools(ctx context.Context, params *ec2.DescribeCoipPoolsInput, optFns ...func(*Options)) (*ec2.DescribeCoipPoolsOutput, error)
// Describes the specified conversion tasks or all your conversion tasks. For more
// information, see the [VM Import/Export User Guide].
//
// For information about the import manifest referenced by this API action, see [VM Import Manifest].
//
// [VM Import Manifest]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html
// [VM Import/Export User Guide]: https://docs.aws.amazon.com/vm-import/latest/userguide/
DescribeConversionTasks(ctx context.Context, params *ec2.DescribeConversionTasksInput, optFns ...func(*Options)) (*ec2.DescribeConversionTasksOutput, error)
// Describes one or more of your VPN customer gateways.
//
// For more information, see [Amazon Web Services Site-to-Site VPN] in the Amazon Web Services Site-to-Site VPN User
// Guide.
//
// [Amazon Web Services Site-to-Site VPN]: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
DescribeCustomerGateways(ctx context.Context, params *ec2.DescribeCustomerGatewaysInput, optFns ...func(*Options)) (*ec2.DescribeCustomerGatewaysOutput, error)
// Describes the metadata of an account status report, including the status of the
// report.
//
// To view the full report, download it from the Amazon S3 bucket where it was
// saved. Reports are accessible only when they have the complete status. Reports
// with other statuses ( running , cancelled , or error ) are not available in the
// S3 bucket. For more information about downloading objects from an S3 bucket, see
// [Downloading objects]in the Amazon Simple Storage Service User Guide.
//
// For more information, see [Generating the account status report for declarative policies] in the Amazon Web Services Organizations User Guide.
//
// [Downloading objects]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/download-objects.html
// [Generating the account status report for declarative policies]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative_status-report.html
DescribeDeclarativePoliciesReports(ctx context.Context, params *ec2.DescribeDeclarativePoliciesReportsInput, optFns ...func(*Options)) (*ec2.DescribeDeclarativePoliciesReportsOutput, error)
// Describes your DHCP option sets. The default is to describe all your DHCP
// option sets. Alternatively, you can specify specific DHCP option set IDs or
// filter the results to include only the DHCP option sets that match specific
// criteria.
//
// For more information, see [DHCP option sets] in the Amazon VPC User Guide.
//
// [DHCP option sets]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html
DescribeDhcpOptions(ctx context.Context, params *ec2.DescribeDhcpOptionsInput, optFns ...func(*Options)) (*ec2.DescribeDhcpOptionsOutput, error)
// Describes your egress-only internet gateways. The default is to describe all
// your egress-only internet gateways. Alternatively, you can specify specific
// egress-only internet gateway IDs or filter the results to include only the
// egress-only internet gateways that match specific criteria.
DescribeEgressOnlyInternetGateways(ctx context.Context, params *ec2.DescribeEgressOnlyInternetGatewaysInput, optFns ...func(*Options)) (*ec2.DescribeEgressOnlyInternetGatewaysOutput, error)
// Amazon Elastic Graphics reached end of life on January 8, 2024.
//
// Describes the Elastic Graphics accelerator associated with your instances.
DescribeElasticGpus(ctx context.Context, params *ec2.DescribeElasticGpusInput, optFns ...func(*Options)) (*ec2.DescribeElasticGpusOutput, error)
// Describes the specified export image tasks or all of your export image tasks.
DescribeExportImageTasks(ctx context.Context, params *ec2.DescribeExportImageTasksInput, optFns ...func(*Options)) (*ec2.DescribeExportImageTasksOutput, error)
// Describes the specified export instance tasks or all of your export instance
// tasks.
DescribeExportTasks(ctx context.Context, params *ec2.DescribeExportTasksInput, optFns ...func(*Options)) (*ec2.DescribeExportTasksOutput, error)
// Describe details for Windows AMIs that are configured for Windows fast launch.
DescribeFastLaunchImages(ctx context.Context, params *ec2.DescribeFastLaunchImagesInput, optFns ...func(*Options)) (*ec2.DescribeFastLaunchImagesOutput, error)
// Describes the state of fast snapshot restores for your snapshots.
DescribeFastSnapshotRestores(ctx context.Context, params *ec2.DescribeFastSnapshotRestoresInput, optFns ...func(*Options)) (*ec2.DescribeFastSnapshotRestoresOutput, error)
// Describes the events for the specified EC2 Fleet during the specified time.
//
// EC2 Fleet events are delayed by up to 30 seconds before they can be described.
// This ensures that you can query by the last evaluated time and not miss a
// recorded event. EC2 Fleet events are available for 48 hours.
//
// For more information, see [Monitor fleet events using Amazon EventBridge] in the Amazon EC2 User Guide.
//
// [Monitor fleet events using Amazon EventBridge]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html
DescribeFleetHistory(ctx context.Context, params *ec2.DescribeFleetHistoryInput, optFns ...func(*Options)) (*ec2.DescribeFleetHistoryOutput, error)
// Describes the running instances for the specified EC2 Fleet.
//
// Currently, DescribeFleetInstances does not support fleets of type instant .
// Instead, use DescribeFleets , specifying the instant fleet ID in the request.
//
// For more information, see [Describe your EC2 Fleet] in the Amazon EC2 User Guide.
//
// [Describe your EC2 Fleet]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet
DescribeFleetInstances(ctx context.Context, params *ec2.DescribeFleetInstancesInput, optFns ...func(*Options)) (*ec2.DescribeFleetInstancesOutput, error)
// Describes the specified EC2 Fleet or all of your EC2 Fleets.
//
// If a fleet is of type instant , you must specify the fleet ID in the request,
// otherwise the fleet does not appear in the response.
//
// For more information, see [Describe your EC2 Fleet] in the Amazon EC2 User Guide.
//
// [Describe your EC2 Fleet]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#monitor-ec2-fleet
DescribeFleets(ctx context.Context, params *ec2.DescribeFleetsInput, optFns ...func(*Options)) (*ec2.DescribeFleetsOutput, error)
// Describes one or more flow logs.
//
// To view the published flow log records, you must view the log destination. For
// example, the CloudWatch Logs log group, the Amazon S3 bucket, or the Kinesis
// Data Firehose delivery stream.
DescribeFlowLogs(ctx context.Context, params *ec2.DescribeFlowLogsInput, optFns ...func(*Options)) (*ec2.DescribeFlowLogsOutput, error)
// Describes the specified attribute of the specified Amazon FPGA Image (AFI).
DescribeFpgaImageAttribute(ctx context.Context, params *ec2.DescribeFpgaImageAttributeInput, optFns ...func(*Options)) (*ec2.DescribeFpgaImageAttributeOutput, error)
// Describes the Amazon FPGA Images (AFIs) available to you. These include public
// AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services
// accounts for which you have load permissions.
DescribeFpgaImages(ctx context.Context, params *ec2.DescribeFpgaImagesInput, optFns ...func(*Options)) (*ec2.DescribeFpgaImagesOutput, error)
// Describes the Dedicated Host reservations that are available to purchase.
//
// The results describe all of the Dedicated Host reservation offerings, including
// offerings that might not match the instance family and Region of your Dedicated
// Hosts. When purchasing an offering, ensure that the instance family and Region
// of the offering matches that of the Dedicated Hosts with which it is to be
// associated. For more information about supported instance types, see [Dedicated Hosts]in the
// Amazon EC2 User Guide.
//
// [Dedicated Hosts]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html
DescribeHostReservationOfferings(ctx context.Context, params *ec2.DescribeHostReservationOfferingsInput, optFns ...func(*Options)) (*ec2.DescribeHostReservationOfferingsOutput, error)
// Describes reservations that are associated with Dedicated Hosts in your account.
DescribeHostReservations(ctx context.Context, params *ec2.DescribeHostReservationsInput, optFns ...func(*Options)) (*ec2.DescribeHostReservationsOutput, error)
// Describes the specified Dedicated Hosts or all your Dedicated Hosts.
//
// The results describe only the Dedicated Hosts in the Region you're currently
// using. All listed instances consume capacity on your Dedicated Host. Dedicated
// Hosts that have recently been released are listed with the state released .
DescribeHosts(ctx context.Context, params *ec2.DescribeHostsInput, optFns ...func(*Options)) (*ec2.DescribeHostsOutput, error)
// Describes your IAM instance profile associations.
DescribeIamInstanceProfileAssociations(ctx context.Context, params *ec2.DescribeIamInstanceProfileAssociationsInput, optFns ...func(*Options)) (*ec2.DescribeIamInstanceProfileAssociationsOutput, error)
// Describes the ID format settings for your resources on a per-Region basis, for
// example, to view which resource types are enabled for longer IDs. This request
// only returns information about resource types whose ID formats can be modified;
// it does not return information about other resource types.
//
// The following resource types support longer IDs: bundle | conversion-task |
// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
// | export-task | flow-log | image | import-task | instance | internet-gateway |
// network-acl | network-acl-association | network-interface |
// network-interface-attachment | prefix-list | reservation | route-table |
// route-table-association | security-group | snapshot | subnet |
// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway .
//
// These settings apply to the IAM user who makes the request; they do not apply
// to the entire Amazon Web Services account. By default, an IAM user defaults to
// the same settings as the root user, unless they explicitly override the settings
// by running the ModifyIdFormatcommand. Resources created with longer IDs are visible to all
// IAM users, regardless of these settings and provided that they have permission
// to use the relevant Describe command for the resource type.
DescribeIdFormat(ctx context.Context, params *ec2.DescribeIdFormatInput, optFns ...func(*Options)) (*ec2.DescribeIdFormatOutput, error)
// Describes the ID format settings for resources for the specified IAM user, IAM
// role, or root user. For example, you can view the resource types that are
// enabled for longer IDs. This request only returns information about resource
// types whose ID formats can be modified; it does not return information about
// other resource types. For more information, see [Resource IDs]in the Amazon Elastic Compute
// Cloud User Guide.
//
// The following resource types support longer IDs: bundle | conversion-task |
// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
// | export-task | flow-log | image | import-task | instance | internet-gateway |
// network-acl | network-acl-association | network-interface |
// network-interface-attachment | prefix-list | reservation | route-table |
// route-table-association | security-group | snapshot | subnet |
// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway .
//
// These settings apply to the principal specified in the request. They do not
// apply to the principal that makes the request.
//
// [Resource IDs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html
DescribeIdentityIdFormat(ctx context.Context, params *ec2.DescribeIdentityIdFormatInput, optFns ...func(*Options)) (*ec2.DescribeIdentityIdFormatOutput, error)
// Describes the specified attribute of the specified AMI. You can specify only
// one attribute at a time.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
DescribeImageAttribute(ctx context.Context, params *ec2.DescribeImageAttributeInput, optFns ...func(*Options)) (*ec2.DescribeImageAttributeOutput, error)
// Describes your Amazon Web Services resources that are referencing the specified
// images.
//
// For more information, see [Identify your resources referencing specified AMIs] in the Amazon EC2 User Guide.
//
// [Identify your resources referencing specified AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-ami-references.html
DescribeImageReferences(ctx context.Context, params *ec2.DescribeImageReferencesInput, optFns ...func(*Options)) (*ec2.DescribeImageReferencesOutput, error)
// Describes the entries in image usage reports, showing how your images are used
// across other Amazon Web Services accounts.
//
// For more information, see [View your AMI usage] in the Amazon EC2 User Guide.
//
// [View your AMI usage]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/your-ec2-ami-usage.html
DescribeImageUsageReportEntries(ctx context.Context, params *ec2.DescribeImageUsageReportEntriesInput, optFns ...func(*Options)) (*ec2.DescribeImageUsageReportEntriesOutput, error)
// Describes the configuration and status of image usage reports, filtered by
// report IDs or image IDs.
//
// For more information, see [View your AMI usage] in the Amazon EC2 User Guide.
//
// [View your AMI usage]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/your-ec2-ami-usage.html
DescribeImageUsageReports(ctx context.Context, params *ec2.DescribeImageUsageReportsInput, optFns ...func(*Options)) (*ec2.DescribeImageUsageReportsOutput, error)
// Describes the specified images (AMIs, AKIs, and ARIs) available to you or all
// of the images available to you.
//
// The images available to you include public images, private images that you own,
// and private images owned by other Amazon Web Services accounts for which you
// have explicit launch permissions.
//
// Recently deregistered images appear in the returned results for a short
// interval and then return empty results. After all instances that reference a
// deregistered AMI are terminated, specifying the ID of the image will eventually
// return an error indicating that the AMI ID cannot be found.
//
// When Allowed AMIs is set to enabled , only allowed images are returned in the
// results, with the imageAllowed field set to true for each image. In audit-mode ,
// the imageAllowed field is set to true for images that meet the account's
// Allowed AMIs criteria, and false for images that don't meet the criteria. For
// more information, see [Allowed AMIs].
//
// The Amazon EC2 API follows an eventual consistency model. This means that the
// result of an API command you run that creates or modifies resources might not be
// immediately available to all subsequent commands you run. For guidance on how to
// manage eventual consistency, see [Eventual consistency in the Amazon EC2 API]in the Amazon EC2 Developer Guide.
//
// We strongly recommend using only paginated requests. Unpaginated requests are
// susceptible to throttling and timeouts.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Allowed AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-allowed-amis.html
// [Eventual consistency in the Amazon EC2 API]: https://docs.aws.amazon.com/ec2/latest/devguide/eventual-consistency.html
DescribeImages(ctx context.Context, params *ec2.DescribeImagesInput, optFns ...func(*Options)) (*ec2.DescribeImagesOutput, error)
// Displays details about an import virtual machine or import snapshot tasks that
// are already created.
DescribeImportImageTasks(ctx context.Context, params *ec2.DescribeImportImageTasksInput, optFns ...func(*Options)) (*ec2.DescribeImportImageTasksOutput, error)
// Describes your import snapshot tasks.
DescribeImportSnapshotTasks(ctx context.Context, params *ec2.DescribeImportSnapshotTasksInput, optFns ...func(*Options)) (*ec2.DescribeImportSnapshotTasksOutput, error)
// Describes the specified attribute of the specified instance. You can specify
// only one attribute at a time.
DescribeInstanceAttribute(ctx context.Context, params *ec2.DescribeInstanceAttributeInput, optFns ...func(*Options)) (*ec2.DescribeInstanceAttributeOutput, error)
// Describes the specified EC2 Instance Connect Endpoints or all EC2 Instance
// Connect Endpoints.
DescribeInstanceConnectEndpoints(ctx context.Context, params *ec2.DescribeInstanceConnectEndpointsInput, optFns ...func(*Options)) (*ec2.DescribeInstanceConnectEndpointsOutput, error)
// Describes the credit option for CPU usage of the specified burstable
// performance instances. The credit options are standard and unlimited .
//
// If you do not specify an instance ID, Amazon EC2 returns burstable performance
// instances with the unlimited credit option, as well as instances that were
// previously configured as T2, T3, and T3a with the unlimited credit option. For
// example, if you resize a T2 instance, while it is configured as unlimited , to
// an M4 instance, Amazon EC2 returns the M4 instance.
//
// If you specify one or more instance IDs, Amazon EC2 returns the credit option (
// standard or unlimited ) of those instances. If you specify an instance ID that
// is not valid, such as an instance that is not a burstable performance instance,
// an error is returned.
//
// Recently terminated instances might appear in the returned results. This
// interval is usually less than one hour.
//
// If an Availability Zone is experiencing a service disruption and you specify
// instance IDs in the affected zone, or do not specify any instance IDs at all,
// the call fails. If you specify only instance IDs in an unaffected zone, the call
// works normally.
//
// For more information, see [Burstable performance instances] in the Amazon EC2 User Guide.
//
// [Burstable performance instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html
DescribeInstanceCreditSpecifications(ctx context.Context, params *ec2.DescribeInstanceCreditSpecificationsInput, optFns ...func(*Options)) (*ec2.DescribeInstanceCreditSpecificationsOutput, error)
// Describes the tag keys that are registered to appear in scheduled event
// notifications for resources in the current Region.
DescribeInstanceEventNotificationAttributes(ctx context.Context, params *ec2.DescribeInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*ec2.DescribeInstanceEventNotificationAttributesOutput, error)
// Describes the specified event windows or all event windows.
//
// If you specify event window IDs, the output includes information for only the
// specified event windows. If you specify filters, the output includes information
// for only those event windows that meet the filter criteria. If you do not
// specify event windows IDs or filters, the output includes information for all
// event windows, which can affect performance. We recommend that you use
// pagination to ensure that the operation returns quickly and successfully.
//
// For more information, see [Define event windows for scheduled events] in the Amazon EC2 User Guide.
//
// [Define event windows for scheduled events]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html
DescribeInstanceEventWindows(ctx context.Context, params *ec2.DescribeInstanceEventWindowsInput, optFns ...func(*Options)) (*ec2.DescribeInstanceEventWindowsOutput, error)
// Describes the AMI that was used to launch an instance, even if the AMI is
// deprecated, deregistered, made private (no longer public or shared with your
// account), or not allowed.
//
// If you specify instance IDs, the output includes information for only the
// specified instances. If you specify filters, the output includes information for
// only those instances that meet the filter criteria. If you do not specify
// instance IDs or filters, the output includes information for all instances,
// which can affect performance.
//
// If you specify an instance ID that is not valid, an instance that doesn't
// exist, or an instance that you do not own, an error ( InvalidInstanceID.NotFound
// ) is returned.
//
// Recently terminated instances might appear in the returned results. This
// interval is usually less than one hour.
//
// In the rare case where an Availability Zone is experiencing a service
// disruption and you specify instance IDs that are in the affected Availability
// Zone, or do not specify any instance IDs at all, the call fails. If you specify
// only instance IDs that are in an unaffected Availability Zone, the call works
// normally.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
DescribeInstanceImageMetadata(ctx context.Context, params *ec2.DescribeInstanceImageMetadataInput, optFns ...func(*Options)) (*ec2.DescribeInstanceImageMetadataOutput, error)
// Describes the status of the specified instances or all of your instances. By
// default, only running instances are described, unless you specifically indicate
// to return the status of all instances.
//
// Instance status includes the following components:
//
// - Status checks - Amazon EC2 performs status checks on running EC2 instances
// to identify hardware and software issues. For more information, see [Status checks for your instances]and [Troubleshoot instances with failed status checks]in
// the Amazon EC2 User Guide.
//
// - Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, or
// terminate) for your instances related to hardware issues, software updates, or
// system maintenance. For more information, see [Scheduled events for your instances]in the Amazon EC2 User Guide.
//
// - Instance state - You can manage your instances from the moment you launch
// them through their termination. For more information, see [Instance lifecycle]in the Amazon EC2
// User Guide.
//
// The Amazon EC2 API follows an eventual consistency model. This means that the
// result of an API command you run that creates or modifies resources might not be
// immediately available to all subsequent commands you run. For guidance on how to
// manage eventual consistency, see [Eventual consistency in the Amazon EC2 API]in the Amazon EC2 Developer Guide.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Troubleshoot instances with failed status checks]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html
// [Instance lifecycle]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html
// [Status checks for your instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html
// [Eventual consistency in the Amazon EC2 API]: https://docs.aws.amazon.com/ec2/latest/devguide/eventual-consistency.html
// [Scheduled events for your instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html
DescribeInstanceStatus(ctx context.Context, params *ec2.DescribeInstanceStatusInput, optFns ...func(*Options)) (*ec2.DescribeInstanceStatusOutput, error)
// Describes a tree-based hierarchy that represents the physical host placement of
// your EC2 instances within an Availability Zone or Local Zone. You can use this
// information to determine the relative proximity of your EC2 instances within the
// Amazon Web Services network to support your tightly coupled workloads.
//
// Instance topology is supported for specific instance types only. For more
// information, see [Prerequisites for Amazon EC2 instance topology]in the Amazon EC2 User Guide.
//
// The Amazon EC2 API follows an eventual consistency model due to the distributed
// nature of the system supporting it. As a result, when you call the
// DescribeInstanceTopology API command immediately after launching instances, the
// response might return a null value for capacityBlockId because the data might
// not have fully propagated across all subsystems. For more information, see [Eventual consistency in the Amazon EC2 API]in
// the Amazon EC2 Developer Guide.
//
// For more information, see [Amazon EC2 topology] in the Amazon EC2 User Guide.
//
// [Prerequisites for Amazon EC2 instance topology]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-topology-prerequisites.html
// [Amazon EC2 topology]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-topology.html
// [Eventual consistency in the Amazon EC2 API]: https://docs.aws.amazon.com/ec2/latest/devguide/eventual-consistency.html
DescribeInstanceTopology(ctx context.Context, params *ec2.DescribeInstanceTopologyInput, optFns ...func(*Options)) (*ec2.DescribeInstanceTopologyOutput, error)
// Lists the instance types that are offered for the specified location. If no
// location is specified, the default is to list the instance types that are
// offered in the current Region.
DescribeInstanceTypeOfferings(ctx context.Context, params *ec2.DescribeInstanceTypeOfferingsInput, optFns ...func(*Options)) (*ec2.DescribeInstanceTypeOfferingsOutput, error)
// Describes the specified instance types. By default, all instance types for the
// current Region are described. Alternatively, you can filter the results.
DescribeInstanceTypes(ctx context.Context, params *ec2.DescribeInstanceTypesInput, optFns ...func(*Options)) (*ec2.DescribeInstanceTypesOutput, error)
// Describes the specified instances or all instances.
//
// If you specify instance IDs, the output includes information for only the
// specified instances. If you specify filters, the output includes information for
// only those instances that meet the filter criteria. If you do not specify
// instance IDs or filters, the output includes information for all instances,
// which can affect performance. We recommend that you use pagination to ensure
// that the operation returns quickly and successfully.
//
// If you specify an instance ID that is not valid, an error is returned. If you
// specify an instance that you do not own, it is not included in the output.
//
// Recently terminated instances might appear in the returned results. This
// interval is usually less than one hour.
//
// If you describe instances in the rare case where an Availability Zone is
// experiencing a service disruption and you specify instance IDs that are in the
// affected zone, or do not specify any instance IDs at all, the call fails. If you
// describe instances and specify only instance IDs that are in an unaffected zone,
// the call works normally.
//
// The Amazon EC2 API follows an eventual consistency model. This means that the
// result of an API command you run that creates or modifies resources might not be
// immediately available to all subsequent commands you run. For guidance on how to
// manage eventual consistency, see [Eventual consistency in the Amazon EC2 API]in the Amazon EC2 Developer Guide.
//
// We strongly recommend using only paginated requests. Unpaginated requests are
// susceptible to throttling and timeouts.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Eventual consistency in the Amazon EC2 API]: https://docs.aws.amazon.com/ec2/latest/devguide/eventual-consistency.html
DescribeInstances(ctx context.Context, params *ec2.DescribeInstancesInput, optFns ...func(*Options)) (*ec2.DescribeInstancesOutput, error)
// Describes your internet gateways. The default is to describe all your internet
// gateways. Alternatively, you can specify specific internet gateway IDs or filter
// the results to include only the internet gateways that match specific criteria.
DescribeInternetGateways(ctx context.Context, params *ec2.DescribeInternetGatewaysInput, optFns ...func(*Options)) (*ec2.DescribeInternetGatewaysOutput, error)
// Describes your Autonomous System Numbers (ASNs), their provisioning statuses,
// and the BYOIP CIDRs with which they are associated. For more information, see [Tutorial: Bring your ASN to IPAM]
// in the Amazon VPC IPAM guide.
//
// [Tutorial: Bring your ASN to IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html
DescribeIpamByoasn(ctx context.Context, params *ec2.DescribeIpamByoasnInput, optFns ...func(*Options)) (*ec2.DescribeIpamByoasnOutput, error)
// Describe verification tokens. A verification token is an Amazon Web
// Services-generated random value that you can use to prove ownership of an
// external resource. For example, you can use a verification token to validate
// that you control a public IP address range when you bring an IP address range to
// Amazon Web Services (BYOIP).
DescribeIpamExternalResourceVerificationTokens(ctx context.Context, params *ec2.DescribeIpamExternalResourceVerificationTokensInput, optFns ...func(*Options)) (*ec2.DescribeIpamExternalResourceVerificationTokensOutput, error)
// Get information about your IPAM pools.
DescribeIpamPools(ctx context.Context, params *ec2.DescribeIpamPoolsInput, optFns ...func(*Options)) (*ec2.DescribeIpamPoolsOutput, error)
// Describes one or more IPAM prefix list resolver Targets. Use this operation to
// view the configuration and status of resolver targets.
DescribeIpamPrefixListResolverTargets(ctx context.Context, params *ec2.DescribeIpamPrefixListResolverTargetsInput, optFns ...func(*Options)) (*ec2.DescribeIpamPrefixListResolverTargetsOutput, error)
// Describes one or more IPAM prefix list resolvers. Use this operation to view
// the configuration, status, and properties of your resolvers.
DescribeIpamPrefixListResolvers(ctx context.Context, params *ec2.DescribeIpamPrefixListResolversInput, optFns ...func(*Options)) (*ec2.DescribeIpamPrefixListResolversOutput, error)
// Describes IPAM resource discoveries. A resource discovery is an IPAM component
// that enables IPAM to manage and monitor resources that belong to the owning
// account.
DescribeIpamResourceDiscoveries(ctx context.Context, params *ec2.DescribeIpamResourceDiscoveriesInput, optFns ...func(*Options)) (*ec2.DescribeIpamResourceDiscoveriesOutput, error)
// Describes resource discovery association with an Amazon VPC IPAM. An associated
// resource discovery is a resource discovery that has been associated with an
// IPAM..
DescribeIpamResourceDiscoveryAssociations(ctx context.Context, params *ec2.DescribeIpamResourceDiscoveryAssociationsInput, optFns ...func(*Options)) (*ec2.DescribeIpamResourceDiscoveryAssociationsOutput, error)
// Get information about your IPAM scopes.
DescribeIpamScopes(ctx context.Context, params *ec2.DescribeIpamScopesInput, optFns ...func(*Options)) (*ec2.DescribeIpamScopesOutput, error)
// Get information about your IPAM pools.
//
// For more information, see [What is IPAM?] in the Amazon VPC IPAM User Guide.
//
// [What is IPAM?]: https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html
DescribeIpams(ctx context.Context, params *ec2.DescribeIpamsInput, optFns ...func(*Options)) (*ec2.DescribeIpamsOutput, error)
// Describes your IPv6 address pools.
DescribeIpv6Pools(ctx context.Context, params *ec2.DescribeIpv6PoolsInput, optFns ...func(*Options)) (*ec2.DescribeIpv6PoolsOutput, error)
// Describes the specified key pairs or all of your key pairs.
//
// For more information about key pairs, see [Amazon EC2 key pairs] in the Amazon EC2 User Guide.
//
// [Amazon EC2 key pairs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
DescribeKeyPairs(ctx context.Context, params *ec2.DescribeKeyPairsInput, optFns ...func(*Options)) (*ec2.DescribeKeyPairsOutput, error)
// Describes one or more versions of a specified launch template. You can describe
// all versions, individual versions, or a range of versions. You can also describe
// all the latest versions or all the default versions of all the launch templates
// in your account.
DescribeLaunchTemplateVersions(ctx context.Context, params *ec2.DescribeLaunchTemplateVersionsInput, optFns ...func(*Options)) (*ec2.DescribeLaunchTemplateVersionsOutput, error)
// Describes one or more launch templates.
DescribeLaunchTemplates(ctx context.Context, params *ec2.DescribeLaunchTemplatesInput, optFns ...func(*Options)) (*ec2.DescribeLaunchTemplatesOutput, error)
// Describes the associations between virtual interface groups and local gateway
// route tables.
DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations(ctx context.Context, params *ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, optFns ...func(*Options)) (*ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error)
// Describes the specified associations between VPCs and local gateway route
// tables.
DescribeLocalGatewayRouteTableVpcAssociations(ctx context.Context, params *ec2.DescribeLocalGatewayRouteTableVpcAssociationsInput, optFns ...func(*Options)) (*ec2.DescribeLocalGatewayRouteTableVpcAssociationsOutput, error)
// Describes one or more local gateway route tables. By default, all local gateway
// route tables are described. Alternatively, you can filter the results.
DescribeLocalGatewayRouteTables(ctx context.Context, params *ec2.DescribeLocalGatewayRouteTablesInput, optFns ...func(*Options)) (*ec2.DescribeLocalGatewayRouteTablesOutput, error)
// Describes the specified local gateway virtual interface groups.
DescribeLocalGatewayVirtualInterfaceGroups(ctx context.Context, params *ec2.DescribeLocalGatewayVirtualInterfaceGroupsInput, optFns ...func(*Options)) (*ec2.DescribeLocalGatewayVirtualInterfaceGroupsOutput, error)
// Describes the specified local gateway virtual interfaces.
DescribeLocalGatewayVirtualInterfaces(ctx context.Context, params *ec2.DescribeLocalGatewayVirtualInterfacesInput, optFns ...func(*Options)) (*ec2.DescribeLocalGatewayVirtualInterfacesOutput, error)
// Describes one or more local gateways. By default, all local gateways are
// described. Alternatively, you can filter the results.
DescribeLocalGateways(ctx context.Context, params *ec2.DescribeLocalGatewaysInput, optFns ...func(*Options)) (*ec2.DescribeLocalGatewaysOutput, error)
// Describes the lock status for a snapshot.
DescribeLockedSnapshots(ctx context.Context, params *ec2.DescribeLockedSnapshotsInput, optFns ...func(*Options)) (*ec2.DescribeLockedSnapshotsOutput, error)
// Describes the specified EC2 Mac Dedicated Host or all of your EC2 Mac Dedicated
// Hosts.
DescribeMacHosts(ctx context.Context, params *ec2.DescribeMacHostsInput, optFns ...func(*Options)) (*ec2.DescribeMacHostsOutput, error)
// Describes a System Integrity Protection (SIP) modification task or volume
// ownership delegation task for an Amazon EC2 Mac instance. For more information,
// see [Configure SIP for Amazon EC2 instances]in the Amazon EC2 User Guide.
//
// [Configure SIP for Amazon EC2 instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/mac-sip-settings.html#mac-sip-configure
DescribeMacModificationTasks(ctx context.Context, params *ec2.DescribeMacModificationTasksInput, optFns ...func(*Options)) (*ec2.DescribeMacModificationTasksOutput, error)
// Describes your managed prefix lists and any Amazon Web Services-managed prefix
// lists.
DescribeManagedPrefixLists(ctx context.Context, params *ec2.DescribeManagedPrefixListsInput, optFns ...func(*Options)) (*ec2.DescribeManagedPrefixListsOutput, error)
// This action is deprecated.
//
// Describes your Elastic IP addresses that are being moved from or being restored
// to the EC2-Classic platform. This request does not return information about any
// other Elastic IP addresses in your account.
DescribeMovingAddresses(ctx context.Context, params *ec2.DescribeMovingAddressesInput, optFns ...func(*Options)) (*ec2.DescribeMovingAddressesOutput, error)
// Describes your NAT gateways. The default is to describe all your NAT gateways.
// Alternatively, you can specify specific NAT gateway IDs or filter the results to
// include only the NAT gateways that match specific criteria.
DescribeNatGateways(ctx context.Context, params *ec2.DescribeNatGatewaysInput, optFns ...func(*Options)) (*ec2.DescribeNatGatewaysOutput, error)
// Describes your network ACLs. The default is to describe all your network ACLs.
// Alternatively, you can specify specific network ACL IDs or filter the results to
// include only the network ACLs that match specific criteria.
//
// For more information, see [Network ACLs] in the Amazon VPC User Guide.
//
// [Network ACLs]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
DescribeNetworkAcls(ctx context.Context, params *ec2.DescribeNetworkAclsInput, optFns ...func(*Options)) (*ec2.DescribeNetworkAclsOutput, error)
// Describes the specified Network Access Scope analyses.
DescribeNetworkInsightsAccessScopeAnalyses(ctx context.Context, params *ec2.DescribeNetworkInsightsAccessScopeAnalysesInput, optFns ...func(*Options)) (*ec2.DescribeNetworkInsightsAccessScopeAnalysesOutput, error)
// Describes the specified Network Access Scopes.
DescribeNetworkInsightsAccessScopes(ctx context.Context, params *ec2.DescribeNetworkInsightsAccessScopesInput, optFns ...func(*Options)) (*ec2.DescribeNetworkInsightsAccessScopesOutput, error)
// Describes one or more of your network insights analyses.
DescribeNetworkInsightsAnalyses(ctx context.Context, params *ec2.DescribeNetworkInsightsAnalysesInput, optFns ...func(*Options)) (*ec2.DescribeNetworkInsightsAnalysesOutput, error)
// Describes one or more of your paths.
DescribeNetworkInsightsPaths(ctx context.Context, params *ec2.DescribeNetworkInsightsPathsInput, optFns ...func(*Options)) (*ec2.DescribeNetworkInsightsPathsOutput, error)
// Describes a network interface attribute. You can specify only one attribute at
// a time.
DescribeNetworkInterfaceAttribute(ctx context.Context, params *ec2.DescribeNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ec2.DescribeNetworkInterfaceAttributeOutput, error)
// Describes the permissions for your network interfaces.
DescribeNetworkInterfacePermissions(ctx context.Context, params *ec2.DescribeNetworkInterfacePermissionsInput, optFns ...func(*Options)) (*ec2.DescribeNetworkInterfacePermissionsOutput, error)
// Describes the specified network interfaces or all your network interfaces.
//
// If you have a large number of network interfaces, the operation fails unless
// you use pagination or one of the following filters: group-id , mac-address ,
// private-dns-name , private-ip-address , subnet-id , or vpc-id .
//
// We strongly recommend using only paginated requests. Unpaginated requests are
// susceptible to throttling and timeouts.
DescribeNetworkInterfaces(ctx context.Context, params *ec2.DescribeNetworkInterfacesInput, optFns ...func(*Options)) (*ec2.DescribeNetworkInterfacesOutput, error)
// Describes the Outposts link aggregation groups (LAGs).
//
// LAGs are only available for second-generation Outposts racks at this time.
DescribeOutpostLags(ctx context.Context, params *ec2.DescribeOutpostLagsInput, optFns ...func(*Options)) (*ec2.DescribeOutpostLagsOutput, error)
// Describes the specified placement groups or all of your placement groups.
//
// To describe a specific placement group that is shared with your account, you
// must specify the ID of the placement group using the GroupId parameter.
// Specifying the name of a shared placement group using the GroupNames parameter
// will result in an error.
//
// For more information, see [Placement groups] in the Amazon EC2 User Guide.
//
// [Placement groups]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
DescribePlacementGroups(ctx context.Context, params *ec2.DescribePlacementGroupsInput, optFns ...func(*Options)) (*ec2.DescribePlacementGroupsOutput, error)
// Describes available Amazon Web Services services in a prefix list format, which
// includes the prefix list name and prefix list ID of the service and the IP
// address range for the service.
DescribePrefixLists(ctx context.Context, params *ec2.DescribePrefixListsInput, optFns ...func(*Options)) (*ec2.DescribePrefixListsOutput, error)
// Describes the ID format settings for the root user and all IAM roles and IAM
// users that have explicitly specified a longer ID (17-character ID) preference.
//
// By default, all IAM roles and IAM users default to the same ID settings as the
// root user, unless they explicitly override the settings. This request is useful
// for identifying those IAM users and IAM roles that have overridden the default
// ID settings.
//
// The following resource types support longer IDs: bundle | conversion-task |
// customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association
// | export-task | flow-log | image | import-task | instance | internet-gateway |
// network-acl | network-acl-association | network-interface |
// network-interface-attachment | prefix-list | reservation | route-table |
// route-table-association | security-group | snapshot | subnet |
// subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association |
// vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway .
DescribePrincipalIdFormat(ctx context.Context, params *ec2.DescribePrincipalIdFormatInput, optFns ...func(*Options)) (*ec2.DescribePrincipalIdFormatOutput, error)
// Describes the specified IPv4 address pools.
DescribePublicIpv4Pools(ctx context.Context, params *ec2.DescribePublicIpv4PoolsInput, optFns ...func(*Options)) (*ec2.DescribePublicIpv4PoolsOutput, error)
// Describes the Regions that are enabled for your account, or all Regions.
//
// For a list of the Regions supported by Amazon EC2, see [Amazon EC2 service endpoints].
//
// For information about enabling and disabling Regions for your account, see [Specify which Amazon Web Services Regions your account can use] in
// the Amazon Web Services Account Management Reference Guide.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Specify which Amazon Web Services Regions your account can use]: https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html
// [Amazon EC2 service endpoints]: https://docs.aws.amazon.com/ec2/latest/devguide/ec2-endpoints.html
DescribeRegions(ctx context.Context, params *ec2.DescribeRegionsInput, optFns ...func(*Options)) (*ec2.DescribeRegionsOutput, error)
// Describes a root volume replacement task. For more information, see [Replace a root volume] in the
// Amazon EC2 User Guide.
//
// [Replace a root volume]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replace-root.html
DescribeReplaceRootVolumeTasks(ctx context.Context, params *ec2.DescribeReplaceRootVolumeTasksInput, optFns ...func(*Options)) (*ec2.DescribeReplaceRootVolumeTasksOutput, error)
// Describes one or more of the Reserved Instances that you purchased.
//
// For more information about Reserved Instances, see [Reserved Instances] in the Amazon EC2 User
// Guide.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Reserved Instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html
DescribeReservedInstances(ctx context.Context, params *ec2.DescribeReservedInstancesInput, optFns ...func(*Options)) (*ec2.DescribeReservedInstancesOutput, error)
// Describes your account's Reserved Instance listings in the Reserved Instance
// Marketplace.
//
// The Reserved Instance Marketplace matches sellers who want to resell Reserved
// Instance capacity that they no longer need with buyers who want to purchase
// additional capacity. Reserved Instances bought and sold through the Reserved
// Instance Marketplace work like any other Reserved Instances.
//
// As a seller, you choose to list some or all of your Reserved Instances, and you
// specify the upfront price to receive for them. Your Reserved Instances are then
// listed in the Reserved Instance Marketplace and are available for purchase.
//
// As a buyer, you specify the configuration of the Reserved Instance to purchase,
// and the Marketplace matches what you're searching for with what's available. The
// Marketplace first sells the lowest priced Reserved Instances to you, and
// continues to sell available Reserved Instance listings to you until your demand
// is met. You are charged based on the total price of all of the listings that you
// purchase.
//
// For more information, see [Sell in the Reserved Instance Marketplace] in the Amazon EC2 User Guide.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Sell in the Reserved Instance Marketplace]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html
DescribeReservedInstancesListings(ctx context.Context, params *ec2.DescribeReservedInstancesListingsInput, optFns ...func(*Options)) (*ec2.DescribeReservedInstancesListingsOutput, error)
// Describes the modifications made to your Reserved Instances. If no parameter is
// specified, information about all your Reserved Instances modification requests
// is returned. If a modification ID is specified, only information about the
// specific modification is returned.
//
// For more information, see [Modify Reserved Instances] in the Amazon EC2 User Guide.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Modify Reserved Instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html
DescribeReservedInstancesModifications(ctx context.Context, params *ec2.DescribeReservedInstancesModificationsInput, optFns ...func(*Options)) (*ec2.DescribeReservedInstancesModificationsOutput, error)
// Describes Reserved Instance offerings that are available for purchase. With
// Reserved Instances, you purchase the right to launch instances for a period of
// time. During that time period, you do not receive insufficient capacity errors,
// and you pay a lower usage rate than the rate charged for On-Demand instances for
// the actual time used.
//
// If you have listed your own Reserved Instances for sale in the Reserved
// Instance Marketplace, they will be excluded from these results. This is to
// ensure that you do not purchase your own Reserved Instances.
//
// For more information, see [Sell in the Reserved Instance Marketplace] in the Amazon EC2 User Guide.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Sell in the Reserved Instance Marketplace]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html
DescribeReservedInstancesOfferings(ctx context.Context, params *ec2.DescribeReservedInstancesOfferingsInput, optFns ...func(*Options)) (*ec2.DescribeReservedInstancesOfferingsOutput, error)
// Describes one or more route server endpoints.
//
// A route server endpoint is an Amazon Web Services-managed component inside a
// subnet that facilitates [BGP (Border Gateway Protocol)]connections between your route server and your BGP
// peers.
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
// [BGP (Border Gateway Protocol)]: https://en.wikipedia.org/wiki/Border_Gateway_Protocol
DescribeRouteServerEndpoints(ctx context.Context, params *ec2.DescribeRouteServerEndpointsInput, optFns ...func(*Options)) (*ec2.DescribeRouteServerEndpointsOutput, error)
// Describes one or more route server peers.
//
// A route server peer is a session between a route server endpoint and the device
// deployed in Amazon Web Services (such as a firewall appliance or other network
// security function running on an EC2 instance). The device must meet these
// requirements:
//
// - Have an elastic network interface in the VPC
//
// - Support BGP (Border Gateway Protocol)
//
// - Can initiate BGP sessions
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
DescribeRouteServerPeers(ctx context.Context, params *ec2.DescribeRouteServerPeersInput, optFns ...func(*Options)) (*ec2.DescribeRouteServerPeersOutput, error)
// Describes one or more route servers.
//
// Amazon VPC Route Server simplifies routing for traffic between workloads that
// are deployed within a VPC and its internet gateways. With this feature, VPC
// Route Server dynamically updates VPC and internet gateway route tables with your
// preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those
// workloads. This enables you to automatically reroute traffic within a VPC, which
// increases the manageability of VPC routing and interoperability with third-party
// workloads.
//
// Route server supports the follow route table types:
//
// - VPC route tables not associated with subnets
//
// - Subnet route tables
//
// - Internet gateway route tables
//
// Route server does not support route tables associated with virtual private
// gateways. To propagate routes into a transit gateway route table, use [Transit Gateway Connect].
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
// [Transit Gateway Connect]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html
DescribeRouteServers(ctx context.Context, params *ec2.DescribeRouteServersInput, optFns ...func(*Options)) (*ec2.DescribeRouteServersOutput, error)
// Describes your route tables. The default is to describe all your route tables.
// Alternatively, you can specify specific route table IDs or filter the results to
// include only the route tables that match specific criteria.
//
// Each subnet in your VPC must be associated with a route table. If a subnet is
// not explicitly associated with any route table, it is implicitly associated with
// the main route table. This command does not return the subnet ID for implicit
// associations.
//
// For more information, see [Route tables] in the Amazon VPC User Guide.
//
// [Route tables]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html
DescribeRouteTables(ctx context.Context, params *ec2.DescribeRouteTablesInput, optFns ...func(*Options)) (*ec2.DescribeRouteTablesOutput, error)
// Finds available schedules that meet the specified criteria.
//
// You can search for an available schedule no more than 3 months in advance. You
// must meet the minimum required duration of 1,200 hours per year. For example,
// the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours,
// and the minimum monthly schedule is 100 hours.
//
// After you find a schedule that meets your needs, call PurchaseScheduledInstances to purchase Scheduled
// Instances with that schedule.
DescribeScheduledInstanceAvailability(ctx context.Context, params *ec2.DescribeScheduledInstanceAvailabilityInput, optFns ...func(*Options)) (*ec2.DescribeScheduledInstanceAvailabilityOutput, error)
// Describes the specified Scheduled Instances or all your Scheduled Instances.
DescribeScheduledInstances(ctx context.Context, params *ec2.DescribeScheduledInstancesInput, optFns ...func(*Options)) (*ec2.DescribeScheduledInstancesOutput, error)
// Describes the VPCs on the other side of a VPC peering or Transit Gateway
// connection that are referencing the security groups you've specified in this
// request.
DescribeSecurityGroupReferences(ctx context.Context, params *ec2.DescribeSecurityGroupReferencesInput, optFns ...func(*Options)) (*ec2.DescribeSecurityGroupReferencesOutput, error)
// Describes one or more of your security group rules.
DescribeSecurityGroupRules(ctx context.Context, params *ec2.DescribeSecurityGroupRulesInput, optFns ...func(*Options)) (*ec2.DescribeSecurityGroupRulesOutput, error)
// Describes security group VPC associations made with [AssociateSecurityGroupVpc].
//
// [AssociateSecurityGroupVpc]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateSecurityGroupVpc.html
DescribeSecurityGroupVpcAssociations(ctx context.Context, params *ec2.DescribeSecurityGroupVpcAssociationsInput, optFns ...func(*Options)) (*ec2.DescribeSecurityGroupVpcAssociationsOutput, error)
// Describes the specified security groups or all of your security groups.
DescribeSecurityGroups(ctx context.Context, params *ec2.DescribeSecurityGroupsInput, optFns ...func(*Options)) (*ec2.DescribeSecurityGroupsOutput, error)
// Describes the Outpost service link virtual interfaces.
DescribeServiceLinkVirtualInterfaces(ctx context.Context, params *ec2.DescribeServiceLinkVirtualInterfacesInput, optFns ...func(*Options)) (*ec2.DescribeServiceLinkVirtualInterfacesOutput, error)
// Describes the specified attribute of the specified snapshot. You can specify
// only one attribute at a time.
//
// For more information about EBS snapshots, see [Amazon EBS snapshots] in the Amazon EBS User Guide.
//
// [Amazon EBS snapshots]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-snapshots.html
DescribeSnapshotAttribute(ctx context.Context, params *ec2.DescribeSnapshotAttributeInput, optFns ...func(*Options)) (*ec2.DescribeSnapshotAttributeOutput, error)
// Describes the storage tier status of one or more Amazon EBS snapshots.
DescribeSnapshotTierStatus(ctx context.Context, params *ec2.DescribeSnapshotTierStatusInput, optFns ...func(*Options)) (*ec2.DescribeSnapshotTierStatusOutput, error)
// Describes the specified EBS snapshots available to you or all of the EBS
// snapshots available to you.
//
// The snapshots available to you include public snapshots, private snapshots that
// you own, and private snapshots owned by other Amazon Web Services accounts for
// which you have explicit create volume permissions.
//
// The create volume permissions fall into the following categories:
//
// - public: The owner of the snapshot granted create volume permissions for the
// snapshot to the all group. All Amazon Web Services accounts have create volume
// permissions for these snapshots.
//
// - explicit: The owner of the snapshot granted create volume permissions to a
// specific Amazon Web Services account.
//
// - implicit: An Amazon Web Services account has implicit create volume
// permissions for all snapshots it owns.
//
// The list of snapshots returned can be filtered by specifying snapshot IDs,
// snapshot owners, or Amazon Web Services accounts with create volume permissions.
// If no options are specified, Amazon EC2 returns all snapshots for which you have
// create volume permissions.
//
// If you specify one or more snapshot IDs, only snapshots that have the specified
// IDs are returned. If you specify an invalid snapshot ID, an error is returned.
// If you specify a snapshot ID for which you do not have access, it is not
// included in the returned results.
//
// If you specify one or more snapshot owners using the OwnerIds option, only
// snapshots from the specified owners and for which you have access are returned.
// The results can include the Amazon Web Services account IDs of the specified
// owners, amazon for snapshots owned by Amazon, or self for snapshots that you
// own.
//
// If you specify a list of restorable users, only snapshots with create snapshot
// permissions for those users are returned. You can specify Amazon Web Services
// account IDs (if you own the snapshots), self for snapshots for which you own or
// have explicit permissions, or all for public snapshots.
//
// If you are describing a long list of snapshots, we recommend that you paginate
// the output to make the list more manageable. For more information, see [Pagination].
//
// For more information about EBS snapshots, see [Amazon EBS snapshots] in the Amazon EBS User Guide.
//
// We strongly recommend using only paginated requests. Unpaginated requests are
// susceptible to throttling and timeouts.
//
// [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination
// [Amazon EBS snapshots]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-snapshots.html
DescribeSnapshots(ctx context.Context, params *ec2.DescribeSnapshotsInput, optFns ...func(*Options)) (*ec2.DescribeSnapshotsOutput, error)
// Describes the data feed for Spot Instances. For more information, see [Spot Instance data feed] in the
// Amazon EC2 User Guide.
//
// [Spot Instance data feed]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html
DescribeSpotDatafeedSubscription(ctx context.Context, params *ec2.DescribeSpotDatafeedSubscriptionInput, optFns ...func(*Options)) (*ec2.DescribeSpotDatafeedSubscriptionOutput, error)
// Describes the running instances for the specified Spot Fleet.
DescribeSpotFleetInstances(ctx context.Context, params *ec2.DescribeSpotFleetInstancesInput, optFns ...func(*Options)) (*ec2.DescribeSpotFleetInstancesOutput, error)
// Describes the events for the specified Spot Fleet request during the specified
// time.
//
// Spot Fleet events are delayed by up to 30 seconds before they can be described.
// This ensures that you can query by the last evaluated time and not miss a
// recorded event. Spot Fleet events are available for 48 hours.
//
// For more information, see [Monitor fleet events using Amazon EventBridge] in the Amazon EC2 User Guide.
//
// [Monitor fleet events using Amazon EventBridge]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/fleet-monitor.html
DescribeSpotFleetRequestHistory(ctx context.Context, params *ec2.DescribeSpotFleetRequestHistoryInput, optFns ...func(*Options)) (*ec2.DescribeSpotFleetRequestHistoryOutput, error)
// Describes your Spot Fleet requests.
//
// Spot Fleet requests are deleted 48 hours after they are canceled and their
// instances are terminated.
DescribeSpotFleetRequests(ctx context.Context, params *ec2.DescribeSpotFleetRequestsInput, optFns ...func(*Options)) (*ec2.DescribeSpotFleetRequestsOutput, error)
// Describes the specified Spot Instance requests.
//
// You can use DescribeSpotInstanceRequests to find a running Spot Instance by
// examining the response. If the status of the Spot Instance is fulfilled , the
// instance ID appears in the response and contains the identifier of the instance.
// Alternatively, you can use [DescribeInstances]with a filter to look for instances where the
// instance lifecycle is spot .
//
// We recommend that you set MaxResults to a value between 5 and 1000 to limit the
// number of items returned. This paginates the output, which makes the list more
// manageable and returns the items faster. If the list of items exceeds your
// MaxResults value, then that number of items is returned along with a NextToken
// value that can be passed to a subsequent DescribeSpotInstanceRequests request
// to retrieve the remaining items.
//
// Spot Instance requests are deleted four hours after they are canceled and their
// instances are terminated.
//
// [DescribeInstances]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances
DescribeSpotInstanceRequests(ctx context.Context, params *ec2.DescribeSpotInstanceRequestsInput, optFns ...func(*Options)) (*ec2.DescribeSpotInstanceRequestsOutput, error)
// Describes the Spot price history. For more information, see [Spot Instance pricing history] in the Amazon EC2
// User Guide.
//
// When you specify a start and end time, the operation returns the prices of the
// instance types within that time range. It also returns the last price change
// before the start time, which is the effective price as of the start time.
//
// [Spot Instance pricing history]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances-history.html
DescribeSpotPriceHistory(ctx context.Context, params *ec2.DescribeSpotPriceHistoryInput, optFns ...func(*Options)) (*ec2.DescribeSpotPriceHistoryOutput, error)
// Describes the stale security group rules for security groups referenced across
// a VPC peering connection, transit gateway connection, or with a security group
// VPC association. Rules are stale when they reference a deleted security group.
// Rules can also be stale if they reference a security group in a peer VPC for
// which the VPC peering connection has been deleted, across a transit gateway
// where the transit gateway has been deleted (or [the transit gateway security group referencing feature]has been disabled), or if a
// security group VPC association has been disassociated.
//
// [the transit gateway security group referencing feature]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#vpc-attachment-security
DescribeStaleSecurityGroups(ctx context.Context, params *ec2.DescribeStaleSecurityGroupsInput, optFns ...func(*Options)) (*ec2.DescribeStaleSecurityGroupsOutput, error)
// Describes the progress of the AMI store tasks. You can describe the store tasks
// for specified AMIs. If you don't specify the AMIs, you get a paginated list of
// store tasks from the last 31 days.
//
// For each AMI task, the response indicates if the task is InProgress , Completed
// , or Failed . For tasks InProgress , the response shows the estimated progress
// as a percentage.
//
// Tasks are listed in reverse chronological order. Currently, only tasks from the
// past 31 days can be viewed.
//
// To use this API, you must have the required permissions. For more information,
// see [Permissions for storing and restoring AMIs using S3]in the Amazon EC2 User Guide.
//
// For more information, see [Store and restore an AMI using S3] in the Amazon EC2 User Guide.
//
// [Store and restore an AMI using S3]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html
// [Permissions for storing and restoring AMIs using S3]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-ami-store-restore.html#ami-s3-permissions
DescribeStoreImageTasks(ctx context.Context, params *ec2.DescribeStoreImageTasksInput, optFns ...func(*Options)) (*ec2.DescribeStoreImageTasksOutput, error)
// Describes your subnets. The default is to describe all your subnets.
// Alternatively, you can specify specific subnet IDs or filter the results to
// include only the subnets that match specific criteria.
//
// For more information, see [Subnets] in the Amazon VPC User Guide.
//
// [Subnets]: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html
DescribeSubnets(ctx context.Context, params *ec2.DescribeSubnetsInput, optFns ...func(*Options)) (*ec2.DescribeSubnetsOutput, error)
// Describes the specified tags for your EC2 resources.
//
// For more information about tags, see [Tag your Amazon EC2 resources] in the Amazon Elastic Compute Cloud User
// Guide.
//
// We strongly recommend using only paginated requests. Unpaginated requests are
// susceptible to throttling and timeouts.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Tag your Amazon EC2 resources]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
DescribeTags(ctx context.Context, params *ec2.DescribeTagsInput, optFns ...func(*Options)) (*ec2.DescribeTagsOutput, error)
// Describe traffic mirror filters that determine the traffic that is mirrored.
DescribeTrafficMirrorFilterRules(ctx context.Context, params *ec2.DescribeTrafficMirrorFilterRulesInput, optFns ...func(*Options)) (*ec2.DescribeTrafficMirrorFilterRulesOutput, error)
// Describes one or more Traffic Mirror filters.
DescribeTrafficMirrorFilters(ctx context.Context, params *ec2.DescribeTrafficMirrorFiltersInput, optFns ...func(*Options)) (*ec2.DescribeTrafficMirrorFiltersOutput, error)
// Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror
// sessions are described. Alternatively, you can filter the results.
DescribeTrafficMirrorSessions(ctx context.Context, params *ec2.DescribeTrafficMirrorSessionsInput, optFns ...func(*Options)) (*ec2.DescribeTrafficMirrorSessionsOutput, error)
// Information about one or more Traffic Mirror targets.
DescribeTrafficMirrorTargets(ctx context.Context, params *ec2.DescribeTrafficMirrorTargetsInput, optFns ...func(*Options)) (*ec2.DescribeTrafficMirrorTargetsOutput, error)
// Describes one or more attachments between resources and transit gateways. By
// default, all attachments are described. Alternatively, you can filter the
// results by attachment ID, attachment state, resource ID, or resource owner.
DescribeTransitGatewayAttachments(ctx context.Context, params *ec2.DescribeTransitGatewayAttachmentsInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewayAttachmentsOutput, error)
// Describes one or more Connect peers.
DescribeTransitGatewayConnectPeers(ctx context.Context, params *ec2.DescribeTransitGatewayConnectPeersInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewayConnectPeersOutput, error)
// Describes one or more Connect attachments.
DescribeTransitGatewayConnects(ctx context.Context, params *ec2.DescribeTransitGatewayConnectsInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewayConnectsOutput, error)
// Describes one or more transit gateway multicast domains.
DescribeTransitGatewayMulticastDomains(ctx context.Context, params *ec2.DescribeTransitGatewayMulticastDomainsInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewayMulticastDomainsOutput, error)
// Describes your transit gateway peering attachments.
DescribeTransitGatewayPeeringAttachments(ctx context.Context, params *ec2.DescribeTransitGatewayPeeringAttachmentsInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewayPeeringAttachmentsOutput, error)
// Describes one or more transit gateway route policy tables.
DescribeTransitGatewayPolicyTables(ctx context.Context, params *ec2.DescribeTransitGatewayPolicyTablesInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewayPolicyTablesOutput, error)
// Describes one or more transit gateway route table advertisements.
DescribeTransitGatewayRouteTableAnnouncements(ctx context.Context, params *ec2.DescribeTransitGatewayRouteTableAnnouncementsInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewayRouteTableAnnouncementsOutput, error)
// Describes one or more transit gateway route tables. By default, all transit
// gateway route tables are described. Alternatively, you can filter the results.
DescribeTransitGatewayRouteTables(ctx context.Context, params *ec2.DescribeTransitGatewayRouteTablesInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewayRouteTablesOutput, error)
// Describes one or more VPC attachments. By default, all VPC attachments are
// described. Alternatively, you can filter the results.
DescribeTransitGatewayVpcAttachments(ctx context.Context, params *ec2.DescribeTransitGatewayVpcAttachmentsInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewayVpcAttachmentsOutput, error)
// Describes one or more transit gateways. By default, all transit gateways are
// described. Alternatively, you can filter the results.
DescribeTransitGateways(ctx context.Context, params *ec2.DescribeTransitGatewaysInput, optFns ...func(*Options)) (*ec2.DescribeTransitGatewaysOutput, error)
// Describes one or more network interface trunk associations.
DescribeTrunkInterfaceAssociations(ctx context.Context, params *ec2.DescribeTrunkInterfaceAssociationsInput, optFns ...func(*Options)) (*ec2.DescribeTrunkInterfaceAssociationsOutput, error)
// Describes the specified Amazon Web Services Verified Access endpoints.
DescribeVerifiedAccessEndpoints(ctx context.Context, params *ec2.DescribeVerifiedAccessEndpointsInput, optFns ...func(*Options)) (*ec2.DescribeVerifiedAccessEndpointsOutput, error)
// Describes the specified Verified Access groups.
DescribeVerifiedAccessGroups(ctx context.Context, params *ec2.DescribeVerifiedAccessGroupsInput, optFns ...func(*Options)) (*ec2.DescribeVerifiedAccessGroupsOutput, error)
// Describes the specified Amazon Web Services Verified Access instances.
DescribeVerifiedAccessInstanceLoggingConfigurations(ctx context.Context, params *ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsInput, optFns ...func(*Options)) (*ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, error)
// Describes the specified Amazon Web Services Verified Access instances.
DescribeVerifiedAccessInstances(ctx context.Context, params *ec2.DescribeVerifiedAccessInstancesInput, optFns ...func(*Options)) (*ec2.DescribeVerifiedAccessInstancesOutput, error)
// Describes the specified Amazon Web Services Verified Access trust providers.
DescribeVerifiedAccessTrustProviders(ctx context.Context, params *ec2.DescribeVerifiedAccessTrustProvidersInput, optFns ...func(*Options)) (*ec2.DescribeVerifiedAccessTrustProvidersOutput, error)
// Describes the specified attribute of the specified volume. You can specify only
// one attribute at a time.
//
// For more information about EBS volumes, see [Amazon EBS volumes] in the Amazon EBS User Guide.
//
// [Amazon EBS volumes]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volumes.html
DescribeVolumeAttribute(ctx context.Context, params *ec2.DescribeVolumeAttributeInput, optFns ...func(*Options)) (*ec2.DescribeVolumeAttributeOutput, error)
// Describes the status of the specified volumes. Volume status provides the
// result of the checks performed on your volumes to determine events that can
// impair the performance of your volumes. The performance of a volume can be
// affected if an issue occurs on the volume's underlying host. If the volume's
// underlying host experiences a power outage or system issue, after the system is
// restored, there could be data inconsistencies on the volume. Volume events
// notify you if this occurs. Volume actions notify you if any action needs to be
// taken in response to the event.
//
// The DescribeVolumeStatus operation provides the following information about the
// specified volumes:
//
// Status: Reflects the current status of the volume. The possible values are ok ,
// impaired , warning , or insufficient-data . If all checks pass, the overall
// status of the volume is ok . If the check fails, the overall status is impaired
// . If the status is insufficient-data , then the checks might still be taking
// place on your volume at the time. We recommend that you retry the request. For
// more information about volume status, see [Monitor the status of your volumes]in the Amazon EBS User Guide.
//
// Events: Reflect the cause of a volume status and might require you to take
// action. For example, if your volume returns an impaired status, then the volume
// event might be potential-data-inconsistency . This means that your volume has
// been affected by an issue with the underlying host, has all I/O operations
// disabled, and might have inconsistent data.
//
// Actions: Reflect the actions you might have to take in response to an event.
// For example, if the status of the volume is impaired and the volume event shows
// potential-data-inconsistency , then the action shows enable-volume-io . This
// means that you may want to enable the I/O operations for the volume and then
// check the volume for data consistency. For more information, see [Work with an impaired EBS volume].
//
// Volume status is based on the volume status checks, and does not reflect the
// volume state. Therefore, volume status does not indicate volumes in the error
// state (for example, when a volume is incapable of accepting I/O.)
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Monitor the status of your volumes]: https://docs.aws.amazon.com/ebs/latest/userguide/monitoring-volume-status.html
// [Work with an impaired EBS volume]: https://docs.aws.amazon.com/ebs/latest/userguide/work_volumes_impaired.html
DescribeVolumeStatus(ctx context.Context, params *ec2.DescribeVolumeStatusInput, optFns ...func(*Options)) (*ec2.DescribeVolumeStatusOutput, error)
// Describes the specified EBS volumes or all of your EBS volumes.
//
// If you are describing a long list of volumes, we recommend that you paginate
// the output to make the list more manageable. For more information, see [Pagination].
//
// For more information about EBS volumes, see [Amazon EBS volumes] in the Amazon EBS User Guide.
//
// We strongly recommend using only paginated requests. Unpaginated requests are
// susceptible to throttling and timeouts.
//
// The order of the elements in the response, including those within nested
// structures, might vary. Applications should not assume the elements appear in a
// particular order.
//
// [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination
// [Amazon EBS volumes]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volumes.html
DescribeVolumes(ctx context.Context, params *ec2.DescribeVolumesInput, optFns ...func(*Options)) (*ec2.DescribeVolumesOutput, error)
// Describes the most recent volume modification request for the specified EBS
// volumes.
//
// For more information, see [Monitor the progress of volume modifications] in the Amazon EBS User Guide.
//
// [Monitor the progress of volume modifications]: https://docs.aws.amazon.com/ebs/latest/userguide/monitoring-volume-modifications.html
DescribeVolumesModifications(ctx context.Context, params *ec2.DescribeVolumesModificationsInput, optFns ...func(*Options)) (*ec2.DescribeVolumesModificationsOutput, error)
// Describes the specified attribute of the specified VPC. You can specify only
// one attribute at a time.
DescribeVpcAttribute(ctx context.Context, params *ec2.DescribeVpcAttributeInput, optFns ...func(*Options)) (*ec2.DescribeVpcAttributeOutput, error)
// Describe VPC Block Public Access (BPA) exclusions. A VPC BPA exclusion is a
// mode that can be applied to a single VPC or subnet that exempts it from the
// account’s BPA mode and will allow bidirectional or egress-only access. You can
// create BPA exclusions for VPCs and subnets even when BPA is not enabled on the
// account to ensure that there is no traffic disruption to the exclusions when VPC
// BPA is turned on. To learn more about VPC BPA, see [Block public access to VPCs and subnets]in the Amazon VPC User Guide.
//
// [Block public access to VPCs and subnets]: https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html
DescribeVpcBlockPublicAccessExclusions(ctx context.Context, params *ec2.DescribeVpcBlockPublicAccessExclusionsInput, optFns ...func(*Options)) (*ec2.DescribeVpcBlockPublicAccessExclusionsOutput, error)
// Describe VPC Block Public Access (BPA) options. VPC Block Public Access (BPA)
// enables you to block resources in VPCs and subnets that you own in a Region from
// reaching or being reached from the internet through internet gateways and
// egress-only internet gateways. To learn more about VPC BPA, see [Block public access to VPCs and subnets]in the Amazon
// VPC User Guide.
//
// [Block public access to VPCs and subnets]: https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html
DescribeVpcBlockPublicAccessOptions(ctx context.Context, params *ec2.DescribeVpcBlockPublicAccessOptionsInput, optFns ...func(*Options)) (*ec2.DescribeVpcBlockPublicAccessOptionsOutput, error)
// This action is deprecated.
//
// Describes the ClassicLink status of the specified VPCs.
DescribeVpcClassicLink(ctx context.Context, params *ec2.DescribeVpcClassicLinkInput, optFns ...func(*Options)) (*ec2.DescribeVpcClassicLinkOutput, error)
// This action is deprecated.
//
// Describes the ClassicLink DNS support status of one or more VPCs. If enabled,
// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
// address when addressed from an instance in the VPC to which it's linked.
// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
// address when addressed from a linked EC2-Classic instance.
DescribeVpcClassicLinkDnsSupport(ctx context.Context, params *ec2.DescribeVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*ec2.DescribeVpcClassicLinkDnsSupportOutput, error)
// Describes the VPC resources, VPC endpoint services, Amazon Lattice services, or
// service networks associated with the VPC endpoint.
DescribeVpcEndpointAssociations(ctx context.Context, params *ec2.DescribeVpcEndpointAssociationsInput, optFns ...func(*Options)) (*ec2.DescribeVpcEndpointAssociationsOutput, error)
// Describes the connection notifications for VPC endpoints and VPC endpoint
// services.
DescribeVpcEndpointConnectionNotifications(ctx context.Context, params *ec2.DescribeVpcEndpointConnectionNotificationsInput, optFns ...func(*Options)) (*ec2.DescribeVpcEndpointConnectionNotificationsOutput, error)
// Describes the VPC endpoint connections to your VPC endpoint services, including
// any endpoints that are pending your acceptance.
DescribeVpcEndpointConnections(ctx context.Context, params *ec2.DescribeVpcEndpointConnectionsInput, optFns ...func(*Options)) (*ec2.DescribeVpcEndpointConnectionsOutput, error)
// Describes the VPC endpoint service configurations in your account (your
// services).
DescribeVpcEndpointServiceConfigurations(ctx context.Context, params *ec2.DescribeVpcEndpointServiceConfigurationsInput, optFns ...func(*Options)) (*ec2.DescribeVpcEndpointServiceConfigurationsOutput, error)
// Describes the principals (service consumers) that are permitted to discover
// your VPC endpoint service. Principal ARNs with path components aren't supported.
DescribeVpcEndpointServicePermissions(ctx context.Context, params *ec2.DescribeVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*ec2.DescribeVpcEndpointServicePermissionsOutput, error)
// Describes available services to which you can create a VPC endpoint.
//
// When the service provider and the consumer have different accounts in multiple
// Availability Zones, and the consumer views the VPC endpoint service information,
// the response only includes the common Availability Zones. For example, when the
// service provider account uses us-east-1a and us-east-1c and the consumer uses
// us-east-1a and us-east-1b , the response includes the VPC endpoint services in
// the common Availability Zone, us-east-1a .
DescribeVpcEndpointServices(ctx context.Context, params *ec2.DescribeVpcEndpointServicesInput, optFns ...func(*Options)) (*ec2.DescribeVpcEndpointServicesOutput, error)
// Describes your VPC endpoints. The default is to describe all your VPC
// endpoints. Alternatively, you can specify specific VPC endpoint IDs or filter
// the results to include only the VPC endpoints that match specific criteria.
DescribeVpcEndpoints(ctx context.Context, params *ec2.DescribeVpcEndpointsInput, optFns ...func(*Options)) (*ec2.DescribeVpcEndpointsOutput, error)
// Describes your VPC peering connections. The default is to describe all your VPC
// peering connections. Alternatively, you can specify specific VPC peering
// connection IDs or filter the results to include only the VPC peering connections
// that match specific criteria.
DescribeVpcPeeringConnections(ctx context.Context, params *ec2.DescribeVpcPeeringConnectionsInput, optFns ...func(*Options)) (*ec2.DescribeVpcPeeringConnectionsOutput, error)
// Describes your VPCs. The default is to describe all your VPCs. Alternatively,
// you can specify specific VPC IDs or filter the results to include only the VPCs
// that match specific criteria.
DescribeVpcs(ctx context.Context, params *ec2.DescribeVpcsInput, optFns ...func(*Options)) (*ec2.DescribeVpcsOutput, error)
// Describes one or more of your VPN connections.
//
// For more information, see [Amazon Web Services Site-to-Site VPN] in the Amazon Web Services Site-to-Site VPN User
// Guide.
//
// [Amazon Web Services Site-to-Site VPN]: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
DescribeVpnConnections(ctx context.Context, params *ec2.DescribeVpnConnectionsInput, optFns ...func(*Options)) (*ec2.DescribeVpnConnectionsOutput, error)
// Describes one or more of your virtual private gateways.
//
// For more information, see [Amazon Web Services Site-to-Site VPN] in the Amazon Web Services Site-to-Site VPN User
// Guide.
//
// [Amazon Web Services Site-to-Site VPN]: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
DescribeVpnGateways(ctx context.Context, params *ec2.DescribeVpnGatewaysInput, optFns ...func(*Options)) (*ec2.DescribeVpnGatewaysOutput, error)
// This action is deprecated.
//
// Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance
// has been unlinked, the VPC security groups are no longer associated with it. An
// instance is automatically unlinked from a VPC when it's stopped.
DetachClassicLinkVpc(ctx context.Context, params *ec2.DetachClassicLinkVpcInput, optFns ...func(*Options)) (*ec2.DetachClassicLinkVpcOutput, error)
// Detaches an internet gateway from a VPC, disabling connectivity between the
// internet and the VPC. The VPC must not contain any running instances with
// Elastic IP addresses or public IPv4 addresses.
DetachInternetGateway(ctx context.Context, params *ec2.DetachInternetGatewayInput, optFns ...func(*Options)) (*ec2.DetachInternetGatewayOutput, error)
// Detaches a network interface from an instance.
DetachNetworkInterface(ctx context.Context, params *ec2.DetachNetworkInterfaceInput, optFns ...func(*Options)) (*ec2.DetachNetworkInterfaceOutput, error)
// Detaches the specified Amazon Web Services Verified Access trust provider from
// the specified Amazon Web Services Verified Access instance.
DetachVerifiedAccessTrustProvider(ctx context.Context, params *ec2.DetachVerifiedAccessTrustProviderInput, optFns ...func(*Options)) (*ec2.DetachVerifiedAccessTrustProviderOutput, error)
// Detaches an EBS volume from an instance. Make sure to unmount any file systems
// on the device within your operating system before detaching the volume. Failure
// to do so can result in the volume becoming stuck in the busy state while
// detaching. If this happens, detachment can be delayed indefinitely until you
// unmount the volume, force detachment, reboot the instance, or all three. If an
// EBS volume is the root device of an instance, it can't be detached while the
// instance is running. To detach the root volume, stop the instance first.
//
// When a volume with an Amazon Web Services Marketplace product code is detached
// from an instance, the product code is no longer associated with the instance.
//
// You can't detach or force detach volumes that are attached to Amazon Web
// Services-managed resources. Attempting to do this results in the
// UnsupportedOperationException exception.
//
// For more information, see [Detach an Amazon EBS volume] in the Amazon EBS User Guide.
//
// [Detach an Amazon EBS volume]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-detaching-volume.html
DetachVolume(ctx context.Context, params *ec2.DetachVolumeInput, optFns ...func(*Options)) (*ec2.DetachVolumeOutput, error)
// Detaches a virtual private gateway from a VPC. You do this if you're planning
// to turn off the VPC and not use it anymore. You can confirm a virtual private
// gateway has been completely detached from a VPC by describing the virtual
// private gateway (any attachments to the virtual private gateway are also
// described).
//
// You must wait for the attachment's state to switch to detached before you can
// delete the VPC or attach a different VPC to the virtual private gateway.
DetachVpnGateway(ctx context.Context, params *ec2.DetachVpnGatewayInput, optFns ...func(*Options)) (*ec2.DetachVpnGatewayOutput, error)
// Disables Elastic IP address transfer. For more information, see [Transfer Elastic IP addresses] in the Amazon
// VPC User Guide.
//
// [Transfer Elastic IP addresses]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro
DisableAddressTransfer(ctx context.Context, params *ec2.DisableAddressTransferInput, optFns ...func(*Options)) (*ec2.DisableAddressTransferOutput, error)
// Disables Allowed AMIs for your account in the specified Amazon Web Services
// Region. When set to disabled , the image criteria in your Allowed AMIs settings
// do not apply, and no restrictions are placed on AMI discoverability or usage.
// Users in your account can launch instances using any public AMI or AMI shared
// with your account.
//
// The Allowed AMIs feature does not restrict the AMIs owned by your account.
// Regardless of the criteria you set, the AMIs created by your account will always
// be discoverable and usable by users in your account.
//
// For more information, see [Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs] in Amazon EC2 User Guide.
//
// [Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-allowed-amis.html
DisableAllowedImagesSettings(ctx context.Context, params *ec2.DisableAllowedImagesSettingsInput, optFns ...func(*Options)) (*ec2.DisableAllowedImagesSettingsOutput, error)
// Disables Infrastructure Performance metric subscriptions.
DisableAwsNetworkPerformanceMetricSubscription(ctx context.Context, params *ec2.DisableAwsNetworkPerformanceMetricSubscriptionInput, optFns ...func(*Options)) (*ec2.DisableAwsNetworkPerformanceMetricSubscriptionOutput, error)
// Disables EC2 Capacity Manager for your account. This stops data ingestion and
//
// removes access to capacity analytics and optimization recommendations.
// Previously collected data is retained but no new data will be processed.
DisableCapacityManager(ctx context.Context, params *ec2.DisableCapacityManagerInput, optFns ...func(*Options)) (*ec2.DisableCapacityManagerOutput, error)
// Disables EBS encryption by default for your account in the current Region.
//
// After you disable encryption by default, you can still create encrypted volumes
// by enabling encryption when you create each volume.
//
// Disabling encryption by default does not change the encryption status of your
// existing volumes.
//
// For more information, see [Amazon EBS encryption] in the Amazon EBS User Guide.
//
// [Amazon EBS encryption]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html
DisableEbsEncryptionByDefault(ctx context.Context, params *ec2.DisableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*ec2.DisableEbsEncryptionByDefaultOutput, error)
// Discontinue Windows fast launch for a Windows AMI, and clean up existing
// pre-provisioned snapshots. After you disable Windows fast launch, the AMI uses
// the standard launch process for each new instance. Amazon EC2 must remove all
// pre-provisioned snapshots before you can enable Windows fast launch again.
//
// You can only change these settings for Windows AMIs that you own or that have
// been shared with you.
DisableFastLaunch(ctx context.Context, params *ec2.DisableFastLaunchInput, optFns ...func(*Options)) (*ec2.DisableFastLaunchOutput, error)
// Disables fast snapshot restores for the specified snapshots in the specified
// Availability Zones.
DisableFastSnapshotRestores(ctx context.Context, params *ec2.DisableFastSnapshotRestoresInput, optFns ...func(*Options)) (*ec2.DisableFastSnapshotRestoresOutput, error)
// Sets the AMI state to disabled and removes all launch permissions from the AMI.
// A disabled AMI can't be used for instance launches.
//
// A disabled AMI can't be shared. If an AMI was public or previously shared, it
// is made private. If an AMI was shared with an Amazon Web Services account,
// organization, or Organizational Unit, they lose access to the disabled AMI.
//
// A disabled AMI does not appear in [DescribeImages] API calls by default.
//
// Only the AMI owner can disable an AMI.
//
// You can re-enable a disabled AMI using [EnableImage].
//
// For more information, see [Disable an AMI] in the Amazon EC2 User Guide.
//
// [DescribeImages]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html
// [Disable an AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html
// [EnableImage]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EnableImage.html
DisableImage(ctx context.Context, params *ec2.DisableImageInput, optFns ...func(*Options)) (*ec2.DisableImageOutput, error)
// Disables block public access for AMIs at the account level in the specified
// Amazon Web Services Region. This removes the block public access restriction
// from your account. With the restriction removed, you can publicly share your
// AMIs in the specified Amazon Web Services Region.
//
// For more information, see [Block public access to your AMIs] in the Amazon EC2 User Guide.
//
// [Block public access to your AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-to-amis.html
DisableImageBlockPublicAccess(ctx context.Context, params *ec2.DisableImageBlockPublicAccessInput, optFns ...func(*Options)) (*ec2.DisableImageBlockPublicAccessOutput, error)
// Cancels the deprecation of the specified AMI.
//
// For more information, see [Deprecate an Amazon EC2 AMI] in the Amazon EC2 User Guide.
//
// [Deprecate an Amazon EC2 AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html
DisableImageDeprecation(ctx context.Context, params *ec2.DisableImageDeprecationInput, optFns ...func(*Options)) (*ec2.DisableImageDeprecationOutput, error)
// Disables deregistration protection for an AMI. When deregistration protection
// is disabled, the AMI can be deregistered.
//
// If you chose to include a 24-hour cooldown period when you enabled
// deregistration protection for the AMI, then, when you disable deregistration
// protection, you won’t immediately be able to deregister the AMI.
//
// For more information, see [Protect an Amazon EC2 AMI from deregistration] in the Amazon EC2 User Guide.
//
// [Protect an Amazon EC2 AMI from deregistration]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deregistration-protection.html
DisableImageDeregistrationProtection(ctx context.Context, params *ec2.DisableImageDeregistrationProtectionInput, optFns ...func(*Options)) (*ec2.DisableImageDeregistrationProtectionOutput, error)
// Disable the IPAM account. For more information, see [Enable integration with Organizations] in the Amazon VPC IPAM
// User Guide.
//
// [Enable integration with Organizations]: https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam.html
DisableIpamOrganizationAdminAccount(ctx context.Context, params *ec2.DisableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*ec2.DisableIpamOrganizationAdminAccountOutput, error)
// Disables route propagation from a route server to a specified route table.
//
// When enabled, route server propagation installs the routes in the FIB on the
// route table you've specified. Route server supports IPv4 and IPv6 route
// propagation.
//
// Amazon VPC Route Server simplifies routing for traffic between workloads that
// are deployed within a VPC and its internet gateways. With this feature, VPC
// Route Server dynamically updates VPC and internet gateway route tables with your
// preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those
// workloads. This enables you to automatically reroute traffic within a VPC, which
// increases the manageability of VPC routing and interoperability with third-party
// workloads.
//
// Route server supports the follow route table types:
//
// - VPC route tables not associated with subnets
//
// - Subnet route tables
//
// - Internet gateway route tables
//
// Route server does not support route tables associated with virtual private
// gateways. To propagate routes into a transit gateway route table, use [Transit Gateway Connect].
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
// [Transit Gateway Connect]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html
DisableRouteServerPropagation(ctx context.Context, params *ec2.DisableRouteServerPropagationInput, optFns ...func(*Options)) (*ec2.DisableRouteServerPropagationOutput, error)
// Disables access to the EC2 serial console of all instances for your account. By
// default, access to the EC2 serial console is disabled for your account. For more
// information, see [Manage account access to the EC2 serial console]in the Amazon EC2 User Guide.
//
// [Manage account access to the EC2 serial console]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access
DisableSerialConsoleAccess(ctx context.Context, params *ec2.DisableSerialConsoleAccessInput, optFns ...func(*Options)) (*ec2.DisableSerialConsoleAccessOutput, error)
// Disables the block public access for snapshots setting at the account level for
// the specified Amazon Web Services Region. After you disable block public access
// for snapshots in a Region, users can publicly share snapshots in that Region.
//
// Enabling block public access for snapshots in block-all-sharing mode does not
// change the permissions for snapshots that are already publicly shared. Instead,
// it prevents these snapshots from be publicly visible and publicly accessible.
// Therefore, the attributes for these snapshots still indicate that they are
// publicly shared, even though they are not publicly available.
//
// If you disable block public access , these snapshots will become publicly
// available again.
//
// For more information, see [Block public access for snapshots] in the Amazon EBS User Guide .
//
// [Block public access for snapshots]: https://docs.aws.amazon.com/ebs/latest/userguide/block-public-access-snapshots.html
DisableSnapshotBlockPublicAccess(ctx context.Context, params *ec2.DisableSnapshotBlockPublicAccessInput, optFns ...func(*Options)) (*ec2.DisableSnapshotBlockPublicAccessOutput, error)
// Disables the specified resource attachment from propagating routes to the
// specified propagation route table.
DisableTransitGatewayRouteTablePropagation(ctx context.Context, params *ec2.DisableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error)
// Disables a virtual private gateway (VGW) from propagating routes to a specified
// route table of a VPC.
DisableVgwRoutePropagation(ctx context.Context, params *ec2.DisableVgwRoutePropagationInput, optFns ...func(*Options)) (*ec2.DisableVgwRoutePropagationOutput, error)
// This action is deprecated.
//
// Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that
// has EC2-Classic instances linked to it.
DisableVpcClassicLink(ctx context.Context, params *ec2.DisableVpcClassicLinkInput, optFns ...func(*Options)) (*ec2.DisableVpcClassicLinkOutput, error)
// This action is deprecated.
//
// Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve
// to public IP addresses when addressed between a linked EC2-Classic instance and
// instances in the VPC to which it's linked.
//
// You must specify a VPC ID in the request.
DisableVpcClassicLinkDnsSupport(ctx context.Context, params *ec2.DisableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*ec2.DisableVpcClassicLinkDnsSupportOutput, error)
// Disassociates an Elastic IP address from the instance or network interface it's
// associated with.
//
// This is an idempotent operation. If you perform the operation more than once,
// Amazon EC2 doesn't return an error.
//
// An address cannot be disassociated if the all of the following conditions are
// met:
//
// - Network interface has a publicDualStackDnsName publicDnsName
//
// - Public IPv4 address is the primary public IPv4 address
//
// - Network interface only has one remaining public IPv4 address
DisassociateAddress(ctx context.Context, params *ec2.DisassociateAddressInput, optFns ...func(*Options)) (*ec2.DisassociateAddressOutput, error)
// Cancels a pending request to assign billing of the unused capacity of a
// Capacity Reservation to a consumer account, or revokes a request that has
// already been accepted. For more information, see [Billing assignment for shared Amazon EC2 Capacity Reservations].
//
// [Billing assignment for shared Amazon EC2 Capacity Reservations]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html
DisassociateCapacityReservationBillingOwner(ctx context.Context, params *ec2.DisassociateCapacityReservationBillingOwnerInput, optFns ...func(*Options)) (*ec2.DisassociateCapacityReservationBillingOwnerOutput, error)
// Disassociates a target network from the specified Client VPN endpoint. When you
// disassociate the last target network from a Client VPN, the following happens:
//
// - The route that was automatically added for the VPC is deleted
//
// - All active client connections are terminated
//
// - New client connections are disallowed
//
// - The Client VPN endpoint's status changes to pending-associate
DisassociateClientVpnTargetNetwork(ctx context.Context, params *ec2.DisassociateClientVpnTargetNetworkInput, optFns ...func(*Options)) (*ec2.DisassociateClientVpnTargetNetworkOutput, error)
// Disassociates an IAM role from an Certificate Manager (ACM) certificate.
// Disassociating an IAM role from an ACM certificate removes the Amazon S3 object
// that contains the certificate, certificate chain, and encrypted private key from
// the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS
// key used to encrypt the private key. This effectively revokes the role's
// permission to use the certificate.
DisassociateEnclaveCertificateIamRole(ctx context.Context, params *ec2.DisassociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*ec2.DisassociateEnclaveCertificateIamRoleOutput, error)
// Disassociates an IAM instance profile from a running or stopped instance.
//
// Use DescribeIamInstanceProfileAssociations to get the association ID.
DisassociateIamInstanceProfile(ctx context.Context, params *ec2.DisassociateIamInstanceProfileInput, optFns ...func(*Options)) (*ec2.DisassociateIamInstanceProfileOutput, error)
// Disassociates one or more targets from an event window.
//
// For more information, see [Define event windows for scheduled events] in the Amazon EC2 User Guide.
//
// [Define event windows for scheduled events]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html
DisassociateInstanceEventWindow(ctx context.Context, params *ec2.DisassociateInstanceEventWindowInput, optFns ...func(*Options)) (*ec2.DisassociateInstanceEventWindowOutput, error)
// Remove the association between your Autonomous System Number (ASN) and your
// BYOIP CIDR. You may want to use this action to disassociate an ASN from a CIDR
// or if you want to swap ASNs. For more information, see [Tutorial: Bring your ASN to IPAM]in the Amazon VPC IPAM
// guide.
//
// [Tutorial: Bring your ASN to IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html
DisassociateIpamByoasn(ctx context.Context, params *ec2.DisassociateIpamByoasnInput, optFns ...func(*Options)) (*ec2.DisassociateIpamByoasnOutput, error)
// Disassociates a resource discovery from an Amazon VPC IPAM. A resource
// discovery is an IPAM component that enables IPAM to manage and monitor resources
// that belong to the owning account.
DisassociateIpamResourceDiscovery(ctx context.Context, params *ec2.DisassociateIpamResourceDiscoveryInput, optFns ...func(*Options)) (*ec2.DisassociateIpamResourceDiscoveryOutput, error)
// Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway.
// You cannot disassociate your primary EIP. For more information, see [Edit secondary IP address associations]in the
// Amazon VPC User Guide.
//
// While disassociating is in progress, you cannot associate/disassociate
// additional EIPs while the connections are being drained. You are, however,
// allowed to delete the NAT gateway.
//
// An EIP is released only at the end of MaxDrainDurationSeconds. It stays
// associated and supports the existing connections but does not support any new
// connections (new connections are distributed across the remaining associated
// EIPs). As the existing connections drain out, the EIPs (and the corresponding
// private IP addresses mapped to them) are released.
//
// [Edit secondary IP address associations]: https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html#nat-gateway-edit-secondary
DisassociateNatGatewayAddress(ctx context.Context, params *ec2.DisassociateNatGatewayAddressInput, optFns ...func(*Options)) (*ec2.DisassociateNatGatewayAddressOutput, error)
// Disassociates a route server from a VPC.
//
// A route server association is the connection established between a route server
// and a VPC.
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
DisassociateRouteServer(ctx context.Context, params *ec2.DisassociateRouteServerInput, optFns ...func(*Options)) (*ec2.DisassociateRouteServerOutput, error)
// Disassociates a subnet or gateway from a route table.
//
// After you perform this action, the subnet no longer uses the routes in the
// route table. Instead, it uses the routes in the VPC's main route table. For more
// information about route tables, see [Route tables]in the Amazon VPC User Guide.
//
// [Route tables]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html
DisassociateRouteTable(ctx context.Context, params *ec2.DisassociateRouteTableInput, optFns ...func(*Options)) (*ec2.DisassociateRouteTableOutput, error)
// Disassociates a security group from a VPC. You cannot disassociate the security
// group if any Elastic network interfaces in the associated VPC are still
// associated with the security group.
//
// Note that the disassociation is asynchronous and you can check the status of
// the request with [DescribeSecurityGroupVpcAssociations].
//
// [DescribeSecurityGroupVpcAssociations]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupVpcAssociations.html
DisassociateSecurityGroupVpc(ctx context.Context, params *ec2.DisassociateSecurityGroupVpcInput, optFns ...func(*Options)) (*ec2.DisassociateSecurityGroupVpcOutput, error)
// Disassociates a CIDR block from a subnet. Currently, you can disassociate an
// IPv6 CIDR block only. You must detach or delete all gateways and resources that
// are associated with the CIDR block before you can disassociate it.
DisassociateSubnetCidrBlock(ctx context.Context, params *ec2.DisassociateSubnetCidrBlockInput, optFns ...func(*Options)) (*ec2.DisassociateSubnetCidrBlockOutput, error)
// Disassociates the specified subnets from the transit gateway multicast domain.
DisassociateTransitGatewayMulticastDomain(ctx context.Context, params *ec2.DisassociateTransitGatewayMulticastDomainInput, optFns ...func(*Options)) (*ec2.DisassociateTransitGatewayMulticastDomainOutput, error)
// Removes the association between an an attachment and a policy table.
DisassociateTransitGatewayPolicyTable(ctx context.Context, params *ec2.DisassociateTransitGatewayPolicyTableInput, optFns ...func(*Options)) (*ec2.DisassociateTransitGatewayPolicyTableOutput, error)
// Disassociates a resource attachment from a transit gateway route table.
DisassociateTransitGatewayRouteTable(ctx context.Context, params *ec2.DisassociateTransitGatewayRouteTableInput, optFns ...func(*Options)) (*ec2.DisassociateTransitGatewayRouteTableOutput, error)
// Removes an association between a branch network interface with a trunk network
// interface.
DisassociateTrunkInterface(ctx context.Context, params *ec2.DisassociateTrunkInterfaceInput, optFns ...func(*Options)) (*ec2.DisassociateTrunkInterfaceOutput, error)
// Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must
// specify its association ID. You can get the association ID by using DescribeVpcs. You must
// detach or delete all gateways and resources that are associated with the CIDR
// block before you can disassociate it.
//
// You cannot disassociate the CIDR block with which you originally created the
// VPC (the primary CIDR block).
DisassociateVpcCidrBlock(ctx context.Context, params *ec2.DisassociateVpcCidrBlockInput, optFns ...func(*Options)) (*ec2.DisassociateVpcCidrBlockOutput, error)
// Enables Elastic IP address transfer. For more information, see [Transfer Elastic IP addresses] in the Amazon
// VPC User Guide.
//
// [Transfer Elastic IP addresses]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro
EnableAddressTransfer(ctx context.Context, params *ec2.EnableAddressTransferInput, optFns ...func(*Options)) (*ec2.EnableAddressTransferOutput, error)
// Enables Allowed AMIs for your account in the specified Amazon Web Services
// Region. Two values are accepted:
//
// - enabled : The image criteria in your Allowed AMIs settings are applied. As a
// result, only AMIs matching these criteria are discoverable and can be used by
// your account to launch instances.
//
// - audit-mode : The image criteria in your Allowed AMIs settings are not
// applied. No restrictions are placed on AMI discoverability or usage. Users in
// your account can launch instances using any public AMI or AMI shared with your
// account.
//
// The purpose of audit-mode is to indicate which AMIs will be affected when
//
// Allowed AMIs is enabled . In audit-mode , each AMI displays either
// "ImageAllowed": true or "ImageAllowed": false to indicate whether the AMI will
// be discoverable and available to users in the account when Allowed AMIs is
// enabled.
//
// The Allowed AMIs feature does not restrict the AMIs owned by your account.
// Regardless of the criteria you set, the AMIs created by your account will always
// be discoverable and usable by users in your account.
//
// For more information, see [Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs] in Amazon EC2 User Guide.
//
// [Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-allowed-amis.html
EnableAllowedImagesSettings(ctx context.Context, params *ec2.EnableAllowedImagesSettingsInput, optFns ...func(*Options)) (*ec2.EnableAllowedImagesSettingsOutput, error)
// Enables Infrastructure Performance subscriptions.
EnableAwsNetworkPerformanceMetricSubscription(ctx context.Context, params *ec2.EnableAwsNetworkPerformanceMetricSubscriptionInput, optFns ...func(*Options)) (*ec2.EnableAwsNetworkPerformanceMetricSubscriptionOutput, error)
// Enables EC2 Capacity Manager for your account. This starts data ingestion for
//
// your EC2 capacity usage across On-Demand, Spot, and Capacity Reservations.
// Initial data processing may take several hours to complete.
EnableCapacityManager(ctx context.Context, params *ec2.EnableCapacityManagerInput, optFns ...func(*Options)) (*ec2.EnableCapacityManagerOutput, error)
// Enables EBS encryption by default for your account in the current Region.
//
// After you enable encryption by default, the EBS volumes that you create are
// always encrypted, either using the default KMS key or the KMS key that you
// specified when you created each volume. For more information, see [Amazon EBS encryption]in the Amazon
// EBS User Guide.
//
// Enabling encryption by default has no effect on the encryption status of your
// existing volumes.
//
// After you enable encryption by default, you can no longer launch instances
// using instance types that do not support encryption. For more information, see [Supported instance types].
//
// [Amazon EBS encryption]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html
// [Supported instance types]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption-requirements.html#ebs-encryption_supported_instances
EnableEbsEncryptionByDefault(ctx context.Context, params *ec2.EnableEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*ec2.EnableEbsEncryptionByDefaultOutput, error)
// When you enable Windows fast launch for a Windows AMI, images are
// pre-provisioned, using snapshots to launch instances up to 65% faster. To create
// the optimized Windows image, Amazon EC2 launches an instance and runs through
// Sysprep steps, rebooting as required. Then it creates a set of reserved
// snapshots that are used for subsequent launches. The reserved snapshots are
// automatically replenished as they are used, depending on your settings for
// launch frequency.
//
// You can only change these settings for Windows AMIs that you own or that have
// been shared with you.
EnableFastLaunch(ctx context.Context, params *ec2.EnableFastLaunchInput, optFns ...func(*Options)) (*ec2.EnableFastLaunchOutput, error)
// Enables fast snapshot restores for the specified snapshots in the specified
// Availability Zones.
//
// You get the full benefit of fast snapshot restores after they enter the enabled
// state.
//
// For more information, see [Amazon EBS fast snapshot restore] in the Amazon EBS User Guide.
//
// [Amazon EBS fast snapshot restore]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-fast-snapshot-restore.html
EnableFastSnapshotRestores(ctx context.Context, params *ec2.EnableFastSnapshotRestoresInput, optFns ...func(*Options)) (*ec2.EnableFastSnapshotRestoresOutput, error)
// Re-enables a disabled AMI. The re-enabled AMI is marked as available and can be
// used for instance launches, appears in describe operations, and can be shared.
// Amazon Web Services accounts, organizations, and Organizational Units that lost
// access to the AMI when it was disabled do not regain access automatically. Once
// the AMI is available, it can be shared with them again.
//
// Only the AMI owner can re-enable a disabled AMI.
//
// For more information, see [Disable an Amazon EC2 AMI] in the Amazon EC2 User Guide.
//
// [Disable an Amazon EC2 AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html
EnableImage(ctx context.Context, params *ec2.EnableImageInput, optFns ...func(*Options)) (*ec2.EnableImageOutput, error)
// Enables block public access for AMIs at the account level in the specified
// Amazon Web Services Region. This prevents the public sharing of your AMIs.
// However, if you already have public AMIs, they will remain publicly available.
//
// The API can take up to 10 minutes to configure this setting. During this time,
// if you run [GetImageBlockPublicAccessState], the response will be unblocked . When the API has completed the
// configuration, the response will be block-new-sharing .
//
// For more information, see [Block public access to your AMIs] in the Amazon EC2 User Guide.
//
// [Block public access to your AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-to-amis.html
// [GetImageBlockPublicAccessState]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetImageBlockPublicAccessState.html
EnableImageBlockPublicAccess(ctx context.Context, params *ec2.EnableImageBlockPublicAccessInput, optFns ...func(*Options)) (*ec2.EnableImageBlockPublicAccessOutput, error)
// Enables deprecation of the specified AMI at the specified date and time.
//
// For more information, see [Deprecate an AMI] in the Amazon EC2 User Guide.
//
// [Deprecate an AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html
EnableImageDeprecation(ctx context.Context, params *ec2.EnableImageDeprecationInput, optFns ...func(*Options)) (*ec2.EnableImageDeprecationOutput, error)
// Enables deregistration protection for an AMI. When deregistration protection is
// enabled, the AMI can't be deregistered.
//
// To allow the AMI to be deregistered, you must first disable deregistration
// protection.
//
// For more information, see [Protect an Amazon EC2 AMI from deregistration] in the Amazon EC2 User Guide.
//
// [Protect an Amazon EC2 AMI from deregistration]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deregistration-protection.html
EnableImageDeregistrationProtection(ctx context.Context, params *ec2.EnableImageDeregistrationProtectionInput, optFns ...func(*Options)) (*ec2.EnableImageDeregistrationProtectionOutput, error)
// Enable an Organizations member account as the IPAM admin account. You cannot
// select the Organizations management account as the IPAM admin account. For more
// information, see [Enable integration with Organizations]in the Amazon VPC IPAM User Guide.
//
// [Enable integration with Organizations]: https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam.html
EnableIpamOrganizationAdminAccount(ctx context.Context, params *ec2.EnableIpamOrganizationAdminAccountInput, optFns ...func(*Options)) (*ec2.EnableIpamOrganizationAdminAccountOutput, error)
// Establishes a trust relationship between Reachability Analyzer and
// Organizations. This operation must be performed by the management account for
// the organization.
//
// After you establish a trust relationship, a user in the management account or a
// delegated administrator account can run a cross-account analysis using resources
// from the member accounts.
EnableReachabilityAnalyzerOrganizationSharing(ctx context.Context, params *ec2.EnableReachabilityAnalyzerOrganizationSharingInput, optFns ...func(*Options)) (*ec2.EnableReachabilityAnalyzerOrganizationSharingOutput, error)
// Defines which route tables the route server can update with routes.
//
// When enabled, route server propagation installs the routes in the FIB on the
// route table you've specified. Route server supports IPv4 and IPv6 route
// propagation.
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
EnableRouteServerPropagation(ctx context.Context, params *ec2.EnableRouteServerPropagationInput, optFns ...func(*Options)) (*ec2.EnableRouteServerPropagationOutput, error)
// Enables access to the EC2 serial console of all instances for your account. By
// default, access to the EC2 serial console is disabled for your account. For more
// information, see [Manage account access to the EC2 serial console]in the Amazon EC2 User Guide.
//
// [Manage account access to the EC2 serial console]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access
EnableSerialConsoleAccess(ctx context.Context, params *ec2.EnableSerialConsoleAccessInput, optFns ...func(*Options)) (*ec2.EnableSerialConsoleAccessOutput, error)
// Enables or modifies the block public access for snapshots setting at the
// account level for the specified Amazon Web Services Region. After you enable
// block public access for snapshots in a Region, users can no longer request
// public sharing for snapshots in that Region. Snapshots that are already publicly
// shared are either treated as private or they remain publicly shared, depending
// on the State that you specify.
//
// Enabling block public access for snapshots in block all sharing mode does not
// change the permissions for snapshots that are already publicly shared. Instead,
// it prevents these snapshots from be publicly visible and publicly accessible.
// Therefore, the attributes for these snapshots still indicate that they are
// publicly shared, even though they are not publicly available.
//
// If you later disable block public access or change the mode to block new
// sharing, these snapshots will become publicly available again.
//
// For more information, see [Block public access for snapshots] in the Amazon EBS User Guide.
//
// [Block public access for snapshots]: https://docs.aws.amazon.com/ebs/latest/userguide/block-public-access-snapshots.html
EnableSnapshotBlockPublicAccess(ctx context.Context, params *ec2.EnableSnapshotBlockPublicAccessInput, optFns ...func(*Options)) (*ec2.EnableSnapshotBlockPublicAccessOutput, error)
// Enables the specified attachment to propagate routes to the specified
// propagation route table.
EnableTransitGatewayRouteTablePropagation(ctx context.Context, params *ec2.EnableTransitGatewayRouteTablePropagationInput, optFns ...func(*Options)) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error)
// Enables a virtual private gateway (VGW) to propagate routes to the specified
// route table of a VPC.
EnableVgwRoutePropagation(ctx context.Context, params *ec2.EnableVgwRoutePropagationInput, optFns ...func(*Options)) (*ec2.EnableVgwRoutePropagationOutput, error)
// Enables I/O operations for a volume that had I/O operations disabled because
// the data on the volume was potentially inconsistent.
EnableVolumeIO(ctx context.Context, params *ec2.EnableVolumeIOInput, optFns ...func(*Options)) (*ec2.EnableVolumeIOOutput, error)
// This action is deprecated.
//
// Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your
// ClassicLink-enabled VPC to allow communication over private IP addresses. You
// cannot enable your VPC for ClassicLink if any of your VPC route tables have
// existing routes for address ranges within the 10.0.0.0/8 IP address range,
// excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address
// ranges.
EnableVpcClassicLink(ctx context.Context, params *ec2.EnableVpcClassicLinkInput, optFns ...func(*Options)) (*ec2.EnableVpcClassicLinkOutput, error)
// This action is deprecated.
//
// Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled,
// the DNS hostname of a linked EC2-Classic instance resolves to its private IP
// address when addressed from an instance in the VPC to which it's linked.
// Similarly, the DNS hostname of an instance in a VPC resolves to its private IP
// address when addressed from a linked EC2-Classic instance.
//
// You must specify a VPC ID in the request.
EnableVpcClassicLinkDnsSupport(ctx context.Context, params *ec2.EnableVpcClassicLinkDnsSupportInput, optFns ...func(*Options)) (*ec2.EnableVpcClassicLinkDnsSupportOutput, error)
// Downloads the client certificate revocation list for the specified Client VPN
// endpoint.
ExportClientVpnClientCertificateRevocationList(ctx context.Context, params *ec2.ExportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ec2.ExportClientVpnClientCertificateRevocationListOutput, error)
// Downloads the contents of the Client VPN endpoint configuration file for the
// specified Client VPN endpoint. The Client VPN endpoint configuration file
// includes the Client VPN endpoint and certificate information clients need to
// establish a connection with the Client VPN endpoint.
ExportClientVpnClientConfiguration(ctx context.Context, params *ec2.ExportClientVpnClientConfigurationInput, optFns ...func(*Options)) (*ec2.ExportClientVpnClientConfigurationOutput, error)
// Exports an Amazon Machine Image (AMI) to a VM file. For more information, see [Exporting a VM directly from an Amazon Machine Image (AMI)]
// in the VM Import/Export User Guide.
//
// [Exporting a VM directly from an Amazon Machine Image (AMI)]: https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport_image.html
ExportImage(ctx context.Context, params *ec2.ExportImageInput, optFns ...func(*Options)) (*ec2.ExportImageOutput, error)
// Exports routes from the specified transit gateway route table to the specified
// S3 bucket. By default, all routes are exported. Alternatively, you can filter by
// CIDR range.
//
// The routes are saved to the specified bucket in a JSON file. For more
// information, see [Export route tables to Amazon S3]in the Amazon Web Services Transit Gateways Guide.
//
// [Export route tables to Amazon S3]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html#tgw-export-route-tables
ExportTransitGatewayRoutes(ctx context.Context, params *ec2.ExportTransitGatewayRoutesInput, optFns ...func(*Options)) (*ec2.ExportTransitGatewayRoutesOutput, error)
// Exports the client configuration for a Verified Access instance.
ExportVerifiedAccessInstanceClientConfiguration(ctx context.Context, params *ec2.ExportVerifiedAccessInstanceClientConfigurationInput, optFns ...func(*Options)) (*ec2.ExportVerifiedAccessInstanceClientConfigurationOutput, error)
// Returns the currently negotiated security parameters for an active VPN tunnel,
// including IKE version, DH groups, encryption algorithms, and integrity
// algorithms.
GetActiveVpnTunnelStatus(ctx context.Context, params *ec2.GetActiveVpnTunnelStatusInput, optFns ...func(*Options)) (*ec2.GetActiveVpnTunnelStatusOutput, error)
// Gets the current state of the Allowed AMIs setting and the list of Allowed AMIs
// criteria at the account level in the specified Region.
//
// The Allowed AMIs feature does not restrict the AMIs owned by your account.
// Regardless of the criteria you set, the AMIs created by your account will always
// be discoverable and usable by users in your account.
//
// For more information, see [Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs] in Amazon EC2 User Guide.
//
// [Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-allowed-amis.html
GetAllowedImagesSettings(ctx context.Context, params *ec2.GetAllowedImagesSettingsInput, optFns ...func(*Options)) (*ec2.GetAllowedImagesSettingsOutput, error)
// Returns the IAM roles that are associated with the specified ACM (ACM)
// certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3
// object key where the certificate, certificate chain, and encrypted private key
// bundle are stored, and the ARN of the KMS key that's used to encrypt the private
// key.
GetAssociatedEnclaveCertificateIamRoles(ctx context.Context, params *ec2.GetAssociatedEnclaveCertificateIamRolesInput, optFns ...func(*Options)) (*ec2.GetAssociatedEnclaveCertificateIamRolesOutput, error)
// Gets information about the IPv6 CIDR block associations for a specified IPv6
// address pool.
GetAssociatedIpv6PoolCidrs(ctx context.Context, params *ec2.GetAssociatedIpv6PoolCidrsInput, optFns ...func(*Options)) (*ec2.GetAssociatedIpv6PoolCidrsOutput, error)
// Gets network performance data.
GetAwsNetworkPerformanceData(ctx context.Context, params *ec2.GetAwsNetworkPerformanceDataInput, optFns ...func(*Options)) (*ec2.GetAwsNetworkPerformanceDataOutput, error)
// Retrieves the current configuration and status of EC2 Capacity Manager for
//
// your account, including enablement status, Organizations access settings, and
// data ingestion status.
GetCapacityManagerAttributes(ctx context.Context, params *ec2.GetCapacityManagerAttributesInput, optFns ...func(*Options)) (*ec2.GetCapacityManagerAttributesOutput, error)
// Retrieves capacity usage metrics for your EC2 resources. Returns time-series
//
// data for metrics like unused capacity, utilization rates, and costs across
// On-Demand, Spot, and Capacity Reservations. Data can be grouped and filtered by
// various dimensions such as region, account, and instance family.
GetCapacityManagerMetricData(ctx context.Context, params *ec2.GetCapacityManagerMetricDataInput, optFns ...func(*Options)) (*ec2.GetCapacityManagerMetricDataOutput, error)
// Retrieves the available dimension values for capacity metrics within a
//
// specified time range. This is useful for discovering what accounts, regions,
// instance families, and other dimensions have data available for filtering and
// grouping.
GetCapacityManagerMetricDimensions(ctx context.Context, params *ec2.GetCapacityManagerMetricDimensionsInput, optFns ...func(*Options)) (*ec2.GetCapacityManagerMetricDimensionsOutput, error)
// Gets usage information about a Capacity Reservation. If the Capacity
// Reservation is shared, it shows usage information for the Capacity Reservation
// owner and each Amazon Web Services account that is currently using the shared
// capacity. If the Capacity Reservation is not shared, it shows only the Capacity
// Reservation owner's usage.
GetCapacityReservationUsage(ctx context.Context, params *ec2.GetCapacityReservationUsageInput, optFns ...func(*Options)) (*ec2.GetCapacityReservationUsageOutput, error)
// Describes the allocations from the specified customer-owned address pool.
GetCoipPoolUsage(ctx context.Context, params *ec2.GetCoipPoolUsageInput, optFns ...func(*Options)) (*ec2.GetCoipPoolUsageOutput, error)
// Gets the console output for the specified instance. For Linux instances, the
// instance console output displays the exact console output that would normally be
// displayed on a physical monitor attached to a computer. For Windows instances,
// the instance console output includes the last three system event log errors.
//
// For more information, see [Instance console output] in the Amazon EC2 User Guide.
//
// [Instance console output]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html#instance-console-console-output
GetConsoleOutput(ctx context.Context, params *ec2.GetConsoleOutputInput, optFns ...func(*Options)) (*ec2.GetConsoleOutputOutput, error)
// Retrieve a JPG-format screenshot of a running instance to help with
// troubleshooting.
//
// The returned content is Base64-encoded.
//
// For more information, see [Instance console output] in the Amazon EC2 User Guide.
//
// [Instance console output]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/troubleshoot-unreachable-instance.html#instance-console-console-output
GetConsoleScreenshot(ctx context.Context, params *ec2.GetConsoleScreenshotInput, optFns ...func(*Options)) (*ec2.GetConsoleScreenshotOutput, error)
// Retrieves a summary of the account status report.
//
// To view the full report, download it from the Amazon S3 bucket where it was
// saved. Reports are accessible only when they have the complete status. Reports
// with other statuses ( running , cancelled , or error ) are not available in the
// S3 bucket. For more information about downloading objects from an S3 bucket, see
// [Downloading objects]in the Amazon Simple Storage Service User Guide.
//
// For more information, see [Generating the account status report for declarative policies] in the Amazon Web Services Organizations User Guide.
//
// [Downloading objects]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/download-objects.html
// [Generating the account status report for declarative policies]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative_status-report.html
GetDeclarativePoliciesReportSummary(ctx context.Context, params *ec2.GetDeclarativePoliciesReportSummaryInput, optFns ...func(*Options)) (*ec2.GetDeclarativePoliciesReportSummaryOutput, error)
// Describes the default credit option for CPU usage of a burstable performance
// instance family.
//
// For more information, see [Burstable performance instances] in the Amazon EC2 User Guide.
//
// [Burstable performance instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html
GetDefaultCreditSpecification(ctx context.Context, params *ec2.GetDefaultCreditSpecificationInput, optFns ...func(*Options)) (*ec2.GetDefaultCreditSpecificationOutput, error)
// Describes the default KMS key for EBS encryption by default for your account in
// this Region.
//
// For more information, see [Amazon EBS encryption] in the Amazon EBS User Guide.
//
// [Amazon EBS encryption]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html
GetEbsDefaultKmsKeyId(ctx context.Context, params *ec2.GetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ec2.GetEbsDefaultKmsKeyIdOutput, error)
// Describes whether EBS encryption by default is enabled for your account in the
// current Region.
//
// For more information, see [Amazon EBS encryption] in the Amazon EBS User Guide.
//
// [Amazon EBS encryption]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html
GetEbsEncryptionByDefault(ctx context.Context, params *ec2.GetEbsEncryptionByDefaultInput, optFns ...func(*Options)) (*ec2.GetEbsEncryptionByDefaultOutput, error)
// Generates a CloudFormation template that streamlines and automates the
// integration of VPC flow logs with Amazon Athena. This make it easier for you to
// query and gain insights from VPC flow logs data. Based on the information that
// you provide, we configure resources in the template to do the following:
//
// - Create a table in Athena that maps fields to a custom log format
//
// - Create a Lambda function that updates the table with new partitions on a
// daily, weekly, or monthly basis
//
// - Create a table partitioned between two timestamps in the past
//
// - Create a set of named queries in Athena that you can use to get started
// quickly
//
// GetFlowLogsIntegrationTemplate does not support integration between Amazon Web
// Services Transit Gateway Flow Logs and Amazon Athena.
GetFlowLogsIntegrationTemplate(ctx context.Context, params *ec2.GetFlowLogsIntegrationTemplateInput, optFns ...func(*Options)) (*ec2.GetFlowLogsIntegrationTemplateOutput, error)
// Lists the resource groups to which a Capacity Reservation has been added.
GetGroupsForCapacityReservation(ctx context.Context, params *ec2.GetGroupsForCapacityReservationInput, optFns ...func(*Options)) (*ec2.GetGroupsForCapacityReservationOutput, error)
// Preview a reservation purchase with configurations that match those of your
// Dedicated Host. You must have active Dedicated Hosts in your account before you
// purchase a reservation.
//
// This is a preview of the PurchaseHostReservation action and does not result in the offering being
// purchased.
GetHostReservationPurchasePreview(ctx context.Context, params *ec2.GetHostReservationPurchasePreviewInput, optFns ...func(*Options)) (*ec2.GetHostReservationPurchasePreviewOutput, error)
// Retrieves the ancestry chain of the specified AMI, tracing its lineage back to
// the root AMI. For more information, see [AMI ancestry]in Amazon EC2 User Guide.
//
// [AMI ancestry]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-ancestry.html
GetImageAncestry(ctx context.Context, params *ec2.GetImageAncestryInput, optFns ...func(*Options)) (*ec2.GetImageAncestryOutput, error)
// Gets the current state of block public access for AMIs at the account level in
// the specified Amazon Web Services Region.
//
// For more information, see [Block public access to your AMIs] in the Amazon EC2 User Guide.
//
// [Block public access to your AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-to-amis.html
GetImageBlockPublicAccessState(ctx context.Context, params *ec2.GetImageBlockPublicAccessStateInput, optFns ...func(*Options)) (*ec2.GetImageBlockPublicAccessStateOutput, error)
// Gets the default instance metadata service (IMDS) settings that are set at the
// account level in the specified Amazon Web Services
Region.
//
// For more information, see [Order of precedence for instance metadata options] in the Amazon EC2 User Guide.
//
// [Order of precedence for instance metadata options]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html#instance-metadata-options-order-of-precedence
GetInstanceMetadataDefaults(ctx context.Context, params *ec2.GetInstanceMetadataDefaultsInput, optFns ...func(*Options)) (*ec2.GetInstanceMetadataDefaultsOutput, error)
// Gets the public endorsement key associated with the Nitro Trusted Platform
// Module (NitroTPM) for the specified instance.
GetInstanceTpmEkPub(ctx context.Context, params *ec2.GetInstanceTpmEkPubInput, optFns ...func(*Options)) (*ec2.GetInstanceTpmEkPubOutput, error)
// Returns a list of instance types with the specified instance attributes. You
// can use the response to preview the instance types without launching instances.
// Note that the response does not consider capacity.
//
// When you specify multiple parameters, you get instance types that satisfy all
// of the specified parameters. If you specify multiple values for a parameter, you
// get instance types that satisfy any of the specified values.
//
// For more information, see [Preview instance types with specified attributes], [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet], and [Spot placement score] in the Amazon EC2 User Guide, and [Creating mixed instance groups using attribute-based instance type selection] in the
// Amazon EC2 Auto Scaling User Guide.
//
// [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html
// [Preview instance types with specified attributes]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html#ec2fleet-get-instance-types-from-instance-requirements
// [Creating mixed instance groups using attribute-based instance type selection]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-instance-type-requirements.html
// [Spot placement score]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html
GetInstanceTypesFromInstanceRequirements(ctx context.Context, params *ec2.GetInstanceTypesFromInstanceRequirementsInput, optFns ...func(*Options)) (*ec2.GetInstanceTypesFromInstanceRequirementsOutput, error)
// A binary representation of the UEFI variable store. Only non-volatile variables
// are stored. This is a base64 encoded and zlib compressed binary value that must
// be properly encoded.
//
// When you use [register-image] to create an AMI, you can create an exact copy of your variable
// store by passing the UEFI data in the UefiData parameter. You can modify the
// UEFI data by using the [python-uefivars tool]on GitHub. You can use the tool to convert the UEFI data
// into a human-readable format (JSON), which you can inspect and modify, and then
// convert back into the binary format to use with register-image.
//
// For more information, see [UEFI Secure Boot] in the Amazon EC2 User Guide.
//
// [UEFI Secure Boot]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html
// [python-uefivars tool]: https://github.com/awslabs/python-uefivars
// [register-image]: https://docs.aws.amazon.com/cli/latest/reference/ec2/register-image.html
GetInstanceUefiData(ctx context.Context, params *ec2.GetInstanceUefiDataInput, optFns ...func(*Options)) (*ec2.GetInstanceUefiDataOutput, error)
// Retrieve historical information about a CIDR within an IPAM scope. For more
// information, see [View the history of IP addresses]in the Amazon VPC IPAM User Guide.
//
// [View the history of IP addresses]: https://docs.aws.amazon.com/vpc/latest/ipam/view-history-cidr-ipam.html
GetIpamAddressHistory(ctx context.Context, params *ec2.GetIpamAddressHistoryInput, optFns ...func(*Options)) (*ec2.GetIpamAddressHistoryOutput, error)
// Gets IPAM discovered accounts. A discovered account is an Amazon Web Services
// account that is monitored under a resource discovery. If you have integrated
// IPAM with Amazon Web Services Organizations, all accounts in the organization
// are discovered accounts. Only the IPAM account can get all discovered accounts
// in the organization.
GetIpamDiscoveredAccounts(ctx context.Context, params *ec2.GetIpamDiscoveredAccountsInput, optFns ...func(*Options)) (*ec2.GetIpamDiscoveredAccountsOutput, error)
// Gets the public IP addresses that have been discovered by IPAM.
GetIpamDiscoveredPublicAddresses(ctx context.Context, params *ec2.GetIpamDiscoveredPublicAddressesInput, optFns ...func(*Options)) (*ec2.GetIpamDiscoveredPublicAddressesOutput, error)
// Returns the resource CIDRs that are monitored as part of a resource discovery.
// A discovered resource is a resource CIDR monitored under a resource discovery.
// The following resources can be discovered: VPCs, Public IPv4 pools, VPC subnets,
// and Elastic IP addresses.
GetIpamDiscoveredResourceCidrs(ctx context.Context, params *ec2.GetIpamDiscoveredResourceCidrsInput, optFns ...func(*Options)) (*ec2.GetIpamDiscoveredResourceCidrsOutput, error)
// Get a list of all the CIDR allocations in an IPAM pool. The Region you use
// should be the IPAM pool locale. The locale is the Amazon Web Services Region
// where this IPAM pool is available for allocations.
//
// If you use this action after [AllocateIpamPoolCidr] or [ReleaseIpamPoolAllocation], note that all EC2 API actions follow an [eventual consistency]
// model.
//
// [ReleaseIpamPoolAllocation]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html
// [AllocateIpamPoolCidr]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateIpamPoolCidr.html
// [eventual consistency]: https://docs.aws.amazon.com/ec2/latest/devguide/eventual-consistency.html
GetIpamPoolAllocations(ctx context.Context, params *ec2.GetIpamPoolAllocationsInput, optFns ...func(*Options)) (*ec2.GetIpamPoolAllocationsOutput, error)
// Get the CIDRs provisioned to an IPAM pool.
GetIpamPoolCidrs(ctx context.Context, params *ec2.GetIpamPoolCidrsInput, optFns ...func(*Options)) (*ec2.GetIpamPoolCidrsOutput, error)
// Retrieves the CIDR selection rules for an IPAM prefix list resolver. Use this
// operation to view the business logic that determines which CIDRs are selected
// for synchronization with prefix lists.
GetIpamPrefixListResolverRules(ctx context.Context, params *ec2.GetIpamPrefixListResolverRulesInput, optFns ...func(*Options)) (*ec2.GetIpamPrefixListResolverRulesOutput, error)
// Retrieves the CIDR entries for a specific version of an IPAM prefix list
// resolver. This shows the actual CIDRs that were selected and synchronized at a
// particular point in time.
GetIpamPrefixListResolverVersionEntries(ctx context.Context, params *ec2.GetIpamPrefixListResolverVersionEntriesInput, optFns ...func(*Options)) (*ec2.GetIpamPrefixListResolverVersionEntriesOutput, error)
// Retrieves version information for an IPAM prefix list resolver.
//
// Each version is a snapshot of what CIDRs matched your rules at that moment in
// time. The version number increments every time the CIDR list changes due to
// infrastructure changes.
//
// Version example:
//
// Initial State (Version 1)
//
// Production environment:
//
// - vpc-prod-web (10.1.0.0/16) - tagged env=prod
//
// - vpc-prod-db (10.2.0.0/16) - tagged env=prod
//
// Resolver rule: Include all VPCs tagged env=prod
//
// Version 1 CIDRs: 10.1.0.0/16, 10.2.0.0/16
//
// Infrastructure Change (Version 2)
//
// New VPC added:
//
// - vpc-prod-api (10.3.0.0/16) - tagged env=prod
//
// IPAM automatically detects the change and creates a new version.
//
// Version 2 CIDRs: 10.1.0.0/16, 10.2.0.0/16, 10.3.0.0/16
GetIpamPrefixListResolverVersions(ctx context.Context, params *ec2.GetIpamPrefixListResolverVersionsInput, optFns ...func(*Options)) (*ec2.GetIpamPrefixListResolverVersionsOutput, error)
// Returns resource CIDRs managed by IPAM in a given scope. If an IPAM is
// associated with more than one resource discovery, the resource CIDRs across all
// of the resource discoveries is returned. A resource discovery is an IPAM
// component that enables IPAM to manage and monitor resources that belong to the
// owning account.
GetIpamResourceCidrs(ctx context.Context, params *ec2.GetIpamResourceCidrsInput, optFns ...func(*Options)) (*ec2.GetIpamResourceCidrsOutput, error)
// Retrieves the configuration data of the specified instance. You can use this
// data to create a launch template.
//
// This action calls on other describe actions to get instance information.
// Depending on your instance configuration, you may need to allow the following
// actions in your IAM policy: DescribeSpotInstanceRequests ,
// DescribeInstanceCreditSpecifications , DescribeVolumes , and
// DescribeInstanceAttribute . Or, you can allow describe* depending on your
// instance requirements.
GetLaunchTemplateData(ctx context.Context, params *ec2.GetLaunchTemplateDataInput, optFns ...func(*Options)) (*ec2.GetLaunchTemplateDataOutput, error)
// Gets information about the resources that are associated with the specified
// managed prefix list.
GetManagedPrefixListAssociations(ctx context.Context, params *ec2.GetManagedPrefixListAssociationsInput, optFns ...func(*Options)) (*ec2.GetManagedPrefixListAssociationsOutput, error)
// Gets information about the entries for a specified managed prefix list.
GetManagedPrefixListEntries(ctx context.Context, params *ec2.GetManagedPrefixListEntriesInput, optFns ...func(*Options)) (*ec2.GetManagedPrefixListEntriesOutput, error)
// Gets the findings for the specified Network Access Scope analysis.
GetNetworkInsightsAccessScopeAnalysisFindings(ctx context.Context, params *ec2.GetNetworkInsightsAccessScopeAnalysisFindingsInput, optFns ...func(*Options)) (*ec2.GetNetworkInsightsAccessScopeAnalysisFindingsOutput, error)
// Gets the content for the specified Network Access Scope.
GetNetworkInsightsAccessScopeContent(ctx context.Context, params *ec2.GetNetworkInsightsAccessScopeContentInput, optFns ...func(*Options)) (*ec2.GetNetworkInsightsAccessScopeContentOutput, error)
// Retrieves the encrypted administrator password for a running Windows instance.
//
// The Windows password is generated at boot by the EC2Config service or EC2Launch
// scripts (Windows Server 2016 and later). This usually only happens the first
// time an instance is launched. For more information, see [EC2Config]and [EC2Launch] in the Amazon EC2
// User Guide.
//
// For the EC2Config service, the password is not generated for rebundled AMIs
// unless Ec2SetPassword is enabled before bundling.
//
// The password is encrypted using the key pair that you specified when you
// launched the instance. You must provide the corresponding key pair file.
//
// When you launch an instance, password generation and encryption may take a few
// minutes. If you try to retrieve the password before it's available, the output
// returns an empty string. We recommend that you wait up to 15 minutes after
// launching an instance before trying to retrieve the generated password.
//
// [EC2Launch]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2launch.html
// [EC2Config]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UsingConfig_WinAMI.html
GetPasswordData(ctx context.Context, params *ec2.GetPasswordDataInput, optFns ...func(*Options)) (*ec2.GetPasswordDataOutput, error)
// Returns a quote and exchange information for exchanging one or more specified
// Convertible Reserved Instances for a new Convertible Reserved Instance. If the
// exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuoteto
// perform the exchange.
GetReservedInstancesExchangeQuote(ctx context.Context, params *ec2.GetReservedInstancesExchangeQuoteInput, optFns ...func(*Options)) (*ec2.GetReservedInstancesExchangeQuoteOutput, error)
// Gets information about the associations for the specified route server.
//
// A route server association is the connection established between a route server
// and a VPC.
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
GetRouteServerAssociations(ctx context.Context, params *ec2.GetRouteServerAssociationsInput, optFns ...func(*Options)) (*ec2.GetRouteServerAssociationsOutput, error)
// Gets information about the route propagations for the specified route server.
//
// When enabled, route server propagation installs the routes in the FIB on the
// route table you've specified. Route server supports IPv4 and IPv6 route
// propagation.
//
// Amazon VPC Route Server simplifies routing for traffic between workloads that
// are deployed within a VPC and its internet gateways. With this feature, VPC
// Route Server dynamically updates VPC and internet gateway route tables with your
// preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those
// workloads. This enables you to automatically reroute traffic within a VPC, which
// increases the manageability of VPC routing and interoperability with third-party
// workloads.
//
// Route server supports the follow route table types:
//
// - VPC route tables not associated with subnets
//
// - Subnet route tables
//
// - Internet gateway route tables
//
// Route server does not support route tables associated with virtual private
// gateways. To propagate routes into a transit gateway route table, use [Transit Gateway Connect].
//
// [Transit Gateway Connect]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html
GetRouteServerPropagations(ctx context.Context, params *ec2.GetRouteServerPropagationsInput, optFns ...func(*Options)) (*ec2.GetRouteServerPropagationsOutput, error)
// Gets the routing database for the specified route server. The [Routing Information Base (RIB)] serves as a
// database that stores all the routing information and network topology data
// collected by a router or routing system, such as routes learned from BGP peers.
// The RIB is constantly updated as new routing information is received or existing
// routes change. This ensures that the route server always has the most current
// view of the network topology and can make optimal routing decisions.
//
// Amazon VPC Route Server simplifies routing for traffic between workloads that
// are deployed within a VPC and its internet gateways. With this feature, VPC
// Route Server dynamically updates VPC and internet gateway route tables with your
// preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those
// workloads. This enables you to automatically reroute traffic within a VPC, which
// increases the manageability of VPC routing and interoperability with third-party
// workloads.
//
// Route server supports the follow route table types:
//
// - VPC route tables not associated with subnets
//
// - Subnet route tables
//
// - Internet gateway route tables
//
// Route server does not support route tables associated with virtual private
// gateways. To propagate routes into a transit gateway route table, use [Transit Gateway Connect].
//
// [Routing Information Base (RIB)]: https://en.wikipedia.org/wiki/Routing_table
// [Transit Gateway Connect]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html
GetRouteServerRoutingDatabase(ctx context.Context, params *ec2.GetRouteServerRoutingDatabaseInput, optFns ...func(*Options)) (*ec2.GetRouteServerRoutingDatabaseOutput, error)
// Gets security groups that can be associated by the Amazon Web Services account
// making the request with network interfaces in the specified VPC.
GetSecurityGroupsForVpc(ctx context.Context, params *ec2.GetSecurityGroupsForVpcInput, optFns ...func(*Options)) (*ec2.GetSecurityGroupsForVpcOutput, error)
// Retrieves the access status of your account to the EC2 serial console of all
// instances. By default, access to the EC2 serial console is disabled for your
// account. For more information, see [Manage account access to the EC2 serial console]in the Amazon EC2 User Guide.
//
// [Manage account access to the EC2 serial console]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-access-to-serial-console.html#serial-console-account-access
GetSerialConsoleAccessStatus(ctx context.Context, params *ec2.GetSerialConsoleAccessStatusInput, optFns ...func(*Options)) (*ec2.GetSerialConsoleAccessStatusOutput, error)
// Gets the current state of block public access for snapshots setting for the
// account and Region.
//
// For more information, see [Block public access for snapshots] in the Amazon EBS User Guide.
//
// [Block public access for snapshots]: https://docs.aws.amazon.com/ebs/latest/userguide/block-public-access-snapshots.html
GetSnapshotBlockPublicAccessState(ctx context.Context, params *ec2.GetSnapshotBlockPublicAccessStateInput, optFns ...func(*Options)) (*ec2.GetSnapshotBlockPublicAccessStateOutput, error)
// Calculates the Spot placement score for a Region or Availability Zone based on
// the specified target capacity and compute requirements.
//
// You can specify your compute requirements either by using
// InstanceRequirementsWithMetadata and letting Amazon EC2 choose the optimal
// instance types to fulfill your Spot request, or you can specify the instance
// types by using InstanceTypes .
//
// For more information, see [Spot placement score] in the Amazon EC2 User Guide.
//
// [Spot placement score]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html
GetSpotPlacementScores(ctx context.Context, params *ec2.GetSpotPlacementScoresInput, optFns ...func(*Options)) (*ec2.GetSpotPlacementScoresOutput, error)
// Gets information about the subnet CIDR reservations.
GetSubnetCidrReservations(ctx context.Context, params *ec2.GetSubnetCidrReservationsInput, optFns ...func(*Options)) (*ec2.GetSubnetCidrReservationsOutput, error)
// Lists the route tables to which the specified resource attachment propagates
// routes.
GetTransitGatewayAttachmentPropagations(ctx context.Context, params *ec2.GetTransitGatewayAttachmentPropagationsInput, optFns ...func(*Options)) (*ec2.GetTransitGatewayAttachmentPropagationsOutput, error)
// Gets information about the associations for the transit gateway multicast
// domain.
GetTransitGatewayMulticastDomainAssociations(ctx context.Context, params *ec2.GetTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*ec2.GetTransitGatewayMulticastDomainAssociationsOutput, error)
// Gets a list of the transit gateway policy table associations.
GetTransitGatewayPolicyTableAssociations(ctx context.Context, params *ec2.GetTransitGatewayPolicyTableAssociationsInput, optFns ...func(*Options)) (*ec2.GetTransitGatewayPolicyTableAssociationsOutput, error)
// Returns a list of transit gateway policy table entries.
GetTransitGatewayPolicyTableEntries(ctx context.Context, params *ec2.GetTransitGatewayPolicyTableEntriesInput, optFns ...func(*Options)) (*ec2.GetTransitGatewayPolicyTableEntriesOutput, error)
// Gets information about the prefix list references in a specified transit
// gateway route table.
GetTransitGatewayPrefixListReferences(ctx context.Context, params *ec2.GetTransitGatewayPrefixListReferencesInput, optFns ...func(*Options)) (*ec2.GetTransitGatewayPrefixListReferencesOutput, error)
// Gets information about the associations for the specified transit gateway route
// table.
GetTransitGatewayRouteTableAssociations(ctx context.Context, params *ec2.GetTransitGatewayRouteTableAssociationsInput, optFns ...func(*Options)) (*ec2.GetTransitGatewayRouteTableAssociationsOutput, error)
// Gets information about the route table propagations for the specified transit
// gateway route table.
GetTransitGatewayRouteTablePropagations(ctx context.Context, params *ec2.GetTransitGatewayRouteTablePropagationsInput, optFns ...func(*Options)) (*ec2.GetTransitGatewayRouteTablePropagationsOutput, error)
// Get the Verified Access policy associated with the endpoint.
GetVerifiedAccessEndpointPolicy(ctx context.Context, params *ec2.GetVerifiedAccessEndpointPolicyInput, optFns ...func(*Options)) (*ec2.GetVerifiedAccessEndpointPolicyOutput, error)
// Gets the targets for the specified network CIDR endpoint for Verified Access.
GetVerifiedAccessEndpointTargets(ctx context.Context, params *ec2.GetVerifiedAccessEndpointTargetsInput, optFns ...func(*Options)) (*ec2.GetVerifiedAccessEndpointTargetsOutput, error)
// Shows the contents of the Verified Access policy associated with the group.
GetVerifiedAccessGroupPolicy(ctx context.Context, params *ec2.GetVerifiedAccessGroupPolicyInput, optFns ...func(*Options)) (*ec2.GetVerifiedAccessGroupPolicyOutput, error)
// Download an Amazon Web Services-provided sample configuration file to be used
// with the customer gateway device specified for your Site-to-Site VPN connection.
GetVpnConnectionDeviceSampleConfiguration(ctx context.Context, params *ec2.GetVpnConnectionDeviceSampleConfigurationInput, optFns ...func(*Options)) (*ec2.GetVpnConnectionDeviceSampleConfigurationOutput, error)
// Obtain a list of customer gateway devices for which sample configuration files
// can be provided. The request has no additional parameters. You can also see the
// list of device types with sample configuration files available under [Your customer gateway device]in the
// Amazon Web Services Site-to-Site VPN User Guide.
//
// [Your customer gateway device]: https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html
GetVpnConnectionDeviceTypes(ctx context.Context, params *ec2.GetVpnConnectionDeviceTypesInput, optFns ...func(*Options)) (*ec2.GetVpnConnectionDeviceTypesOutput, error)
// Get details of available tunnel endpoint maintenance.
GetVpnTunnelReplacementStatus(ctx context.Context, params *ec2.GetVpnTunnelReplacementStatusInput, optFns ...func(*Options)) (*ec2.GetVpnTunnelReplacementStatusOutput, error)
// Uploads a client certificate revocation list to the specified Client VPN
// endpoint. Uploading a client certificate revocation list overwrites the existing
// client certificate revocation list.
//
// Uploading a client certificate revocation list resets existing client
// connections.
ImportClientVpnClientCertificateRevocationList(ctx context.Context, params *ec2.ImportClientVpnClientCertificateRevocationListInput, optFns ...func(*Options)) (*ec2.ImportClientVpnClientCertificateRevocationListOutput, error)
// To import your virtual machines (VMs) with a console-based experience, you can
// use the Import virtual machine images to Amazon Web Services template in the [Migration Hub Orchestrator console].
// For more information, see the [Migration Hub Orchestrator User Guide].
//
// Import single or multi-volume disk images or EBS snapshots into an Amazon
// Machine Image (AMI).
//
// Amazon Web Services VM Import/Export strongly recommends specifying a value for
// either the --license-type or --usage-operation parameter when you create a new
// VM Import task. This ensures your operating system is licensed appropriately and
// your billing is optimized.
//
// For more information, see [Importing a VM as an image using VM Import/Export] in the VM Import/Export User Guide.
//
// [Migration Hub Orchestrator console]: https://console.aws.amazon.com/migrationhub/orchestrator
// [Importing a VM as an image using VM Import/Export]: https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
// [Migration Hub Orchestrator User Guide]: https://docs.aws.amazon.com/migrationhub-orchestrator/latest/userguide/import-vm-images.html
ImportImage(ctx context.Context, params *ec2.ImportImageInput, optFns ...func(*Options)) (*ec2.ImportImageOutput, error)
// We recommend that you use the [ImportImage]ImportImage API instead. For more information,
// see [Importing a VM as an image using VM Import/Export]in the VM Import/Export User Guide.
//
// Creates an import instance task using metadata from the specified disk image.
//
// This API action supports only single-volume VMs. To import multi-volume VMs,
// use ImportImageinstead.
//
// For information about the import manifest referenced by this API action, see [VM Import Manifest].
//
// This API action is not supported by the Command Line Interface (CLI).
//
// [Importing a VM as an image using VM Import/Export]: https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
// [ImportImage]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportImage.html
// [VM Import Manifest]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html
ImportInstance(ctx context.Context, params *ec2.ImportInstanceInput, optFns ...func(*Options)) (*ec2.ImportInstanceOutput, error)
// Imports the public key from an RSA or ED25519 key pair that you created using a
// third-party tool. You give Amazon Web Services only the public key. The private
// key is never transferred between you and Amazon Web Services.
//
// For more information about the requirements for importing a key pair, see [Create a key pair and import the public key to Amazon EC2] in
// the Amazon EC2 User Guide.
//
// [Create a key pair and import the public key to Amazon EC2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html#how-to-generate-your-own-key-and-import-it-to-aws
ImportKeyPair(ctx context.Context, params *ec2.ImportKeyPairInput, optFns ...func(*Options)) (*ec2.ImportKeyPairOutput, error)
// Imports a disk into an EBS snapshot.
//
// For more information, see [Importing a disk as a snapshot using VM Import/Export] in the VM Import/Export User Guide.
//
// [Importing a disk as a snapshot using VM Import/Export]: https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-import-snapshot.html
ImportSnapshot(ctx context.Context, params *ec2.ImportSnapshotInput, optFns ...func(*Options)) (*ec2.ImportSnapshotOutput, error)
// This API action supports only single-volume VMs. To import multi-volume VMs,
// use ImportImageinstead. To import a disk to a snapshot, use ImportSnapshot instead.
//
// Creates an import volume task using metadata from the specified disk image.
//
// For information about the import manifest referenced by this API action, see [VM Import Manifest].
//
// This API action is not supported by the Command Line Interface (CLI).
//
// [VM Import Manifest]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html
ImportVolume(ctx context.Context, params *ec2.ImportVolumeInput, optFns ...func(*Options)) (*ec2.ImportVolumeOutput, error)
// Lists one or more AMIs that are currently in the Recycle Bin. For more
// information, see [Recycle Bin]in the Amazon EC2 User Guide.
//
// [Recycle Bin]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html
ListImagesInRecycleBin(ctx context.Context, params *ec2.ListImagesInRecycleBinInput, optFns ...func(*Options)) (*ec2.ListImagesInRecycleBinOutput, error)
// Lists one or more snapshots that are currently in the Recycle Bin.
ListSnapshotsInRecycleBin(ctx context.Context, params *ec2.ListSnapshotsInRecycleBinInput, optFns ...func(*Options)) (*ec2.ListSnapshotsInRecycleBinOutput, error)
// Locks an Amazon EBS snapshot in either governance or compliance mode to protect
// it against accidental or malicious deletions for a specific duration. A locked
// snapshot can't be deleted.
//
// You can also use this action to modify the lock settings for a snapshot that is
// already locked. The allowed modifications depend on the lock mode and lock
// state:
//
// - If the snapshot is locked in governance mode, you can modify the lock mode
// and the lock duration or lock expiration date.
//
// - If the snapshot is locked in compliance mode and it is in the cooling-off
// period, you can modify the lock mode and the lock duration or lock expiration
// date.
//
// - If the snapshot is locked in compliance mode and the cooling-off period has
// lapsed, you can only increase the lock duration or extend the lock expiration
// date.
LockSnapshot(ctx context.Context, params *ec2.LockSnapshotInput, optFns ...func(*Options)) (*ec2.LockSnapshotOutput, error)
// Modifies an attribute of the specified Elastic IP address. For requirements,
// see [Using reverse DNS for email applications].
//
// [Using reverse DNS for email applications]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS
ModifyAddressAttribute(ctx context.Context, params *ec2.ModifyAddressAttributeInput, optFns ...func(*Options)) (*ec2.ModifyAddressAttributeOutput, error)
// Changes the opt-in status of the specified zone group for your account.
ModifyAvailabilityZoneGroup(ctx context.Context, params *ec2.ModifyAvailabilityZoneGroupInput, optFns ...func(*Options)) (*ec2.ModifyAvailabilityZoneGroupOutput, error)
// Modifies a Capacity Reservation's capacity, instance eligibility, and the
// conditions under which it is to be released. You can't modify a Capacity
// Reservation's instance type, EBS optimization, platform, instance store
// settings, Availability Zone, or tenancy. If you need to modify any of these
// attributes, we recommend that you cancel the Capacity Reservation, and then
// create a new one with the required attributes. For more information, see [Modify an active Capacity Reservation].
//
// The allowed modifications depend on the state of the Capacity Reservation:
//
// - assessing or scheduled state - You can modify the tags only.
//
// - pending state - You can't modify the Capacity Reservation in any way.
//
// - active state but still within the commitment duration - You can't decrease
// the instance count or set an end date that is within the commitment duration.
// All other modifications are allowed.
//
// - active state with no commitment duration or elapsed commitment duration -
// All modifications are allowed.
//
// - expired , cancelled , unsupported , or failed state - You can't modify the
// Capacity Reservation in any way.
//
// [Modify an active Capacity Reservation]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/capacity-reservations-modify.html
ModifyCapacityReservation(ctx context.Context, params *ec2.ModifyCapacityReservationInput, optFns ...func(*Options)) (*ec2.ModifyCapacityReservationOutput, error)
// Modifies a Capacity Reservation Fleet.
//
// When you modify the total target capacity of a Capacity Reservation Fleet, the
// Fleet automatically creates new Capacity Reservations, or modifies or cancels
// existing Capacity Reservations in the Fleet to meet the new total target
// capacity. When you modify the end date for the Fleet, the end dates for all of
// the individual Capacity Reservations in the Fleet are updated accordingly.
ModifyCapacityReservationFleet(ctx context.Context, params *ec2.ModifyCapacityReservationFleetInput, optFns ...func(*Options)) (*ec2.ModifyCapacityReservationFleetOutput, error)
// Modifies the specified Client VPN endpoint. Modifying the DNS server resets
// existing client connections.
ModifyClientVpnEndpoint(ctx context.Context, params *ec2.ModifyClientVpnEndpointInput, optFns ...func(*Options)) (*ec2.ModifyClientVpnEndpointOutput, error)
// Modifies the default credit option for CPU usage of burstable performance
// instances. The default credit option is set at the account level per Amazon Web
// Services Region, and is specified per instance family. All new burstable
// performance instances in the account launch using the default credit option.
//
// ModifyDefaultCreditSpecification is an asynchronous operation, which works at
// an Amazon Web Services Region level and modifies the credit option for each
// Availability Zone. All zones in a Region are updated within five minutes. But if
// instances are launched during this operation, they might not get the new credit
// option until the zone is updated. To verify whether the update has occurred, you
// can call GetDefaultCreditSpecification and check DefaultCreditSpecification for
// updates.
//
// For more information, see [Burstable performance instances] in the Amazon EC2 User Guide.
//
// [Burstable performance instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html
ModifyDefaultCreditSpecification(ctx context.Context, params *ec2.ModifyDefaultCreditSpecificationInput, optFns ...func(*Options)) (*ec2.ModifyDefaultCreditSpecificationOutput, error)
// Changes the default KMS key for EBS encryption by default for your account in
// this Region.
//
// Amazon Web Services creates a unique Amazon Web Services managed KMS key in
// each Region for use with encryption by default. If you change the default KMS
// key to a symmetric customer managed KMS key, it is used instead of the Amazon
// Web Services managed KMS key. Amazon EBS does not support asymmetric KMS keys.
//
// If you delete or disable the customer managed KMS key that you specified for
// use with encryption by default, your instances will fail to launch.
//
// For more information, see [Amazon EBS encryption] in the Amazon EBS User Guide.
//
// [Amazon EBS encryption]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html
ModifyEbsDefaultKmsKeyId(ctx context.Context, params *ec2.ModifyEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ec2.ModifyEbsDefaultKmsKeyIdOutput, error)
// Modifies the specified EC2 Fleet.
//
// You can only modify an EC2 Fleet request of type maintain .
//
// While the EC2 Fleet is being modified, it is in the modifying state.
//
// To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet
// launches the additional Spot Instances according to the allocation strategy for
// the EC2 Fleet request. If the allocation strategy is lowest-price , the EC2
// Fleet launches instances using the Spot Instance pool with the lowest price. If
// the allocation strategy is diversified , the EC2 Fleet distributes the instances
// across the Spot Instance pools. If the allocation strategy is capacity-optimized
// , EC2 Fleet launches instances from Spot Instance pools with optimal capacity
// for the number of instances that are launching.
//
// To scale down your EC2 Fleet, decrease its target capacity. First, the EC2
// Fleet cancels any open requests that exceed the new target capacity. You can
// request that the EC2 Fleet terminate Spot Instances until the size of the fleet
// no longer exceeds the new target capacity. If the allocation strategy is
// lowest-price , the EC2 Fleet terminates the instances with the highest price per
// unit. If the allocation strategy is capacity-optimized , the EC2 Fleet
// terminates the instances in the Spot Instance pools that have the least
// available Spot Instance capacity. If the allocation strategy is diversified ,
// the EC2 Fleet terminates instances across the Spot Instance pools.
// Alternatively, you can request that the EC2 Fleet keep the fleet at its current
// size, but not replace any Spot Instances that are interrupted or that you
// terminate manually.
//
// If you are finished with your EC2 Fleet for now, but will use it again later,
// you can set the target capacity to 0.
ModifyFleet(ctx context.Context, params *ec2.ModifyFleetInput, optFns ...func(*Options)) (*ec2.ModifyFleetOutput, error)
// Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
ModifyFpgaImageAttribute(ctx context.Context, params *ec2.ModifyFpgaImageAttributeInput, optFns ...func(*Options)) (*ec2.ModifyFpgaImageAttributeOutput, error)
// Modify the auto-placement setting of a Dedicated Host. When auto-placement is
// enabled, any instances that you launch with a tenancy of host but without a
// specific host ID are placed onto any available Dedicated Host in your account
// that has auto-placement enabled. When auto-placement is disabled, you need to
// provide a host ID to have the instance launch onto a specific host. If no host
// ID is provided, the instance is launched onto a suitable host with
// auto-placement enabled.
//
// You can also use this API action to modify a Dedicated Host to support either
// multiple instance types in an instance family, or to support a specific instance
// type only.
ModifyHosts(ctx context.Context, params *ec2.ModifyHostsInput, optFns ...func(*Options)) (*ec2.ModifyHostsOutput, error)
// Modifies the ID format for the specified resource on a per-Region basis. You
// can specify that resources should receive longer IDs (17-character IDs) when
// they are created.
//
// This request can only be used to modify longer ID settings for resource types
// that are within the opt-in period. Resources currently in their opt-in period
// include: bundle | conversion-task | customer-gateway | dhcp-options |
// elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image
// | import-task | internet-gateway | network-acl | network-acl-association |
// network-interface | network-interface-attachment | prefix-list | route-table |
// route-table-association | security-group | subnet |
// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
// | vpc-peering-connection | vpn-connection | vpn-gateway .
//
// This setting applies to the IAM user who makes the request; it does not apply
// to the entire Amazon Web Services account. By default, an IAM user defaults to
// the same settings as the root user. If you're using this action as the root
// user, then these settings apply to the entire account, unless an IAM user
// explicitly overrides these settings for themselves. For more information, see [Resource IDs]
// in the Amazon Elastic Compute Cloud User Guide.
//
// Resources created with longer IDs are visible to all IAM roles and users,
// regardless of these settings and provided that they have permission to use the
// relevant Describe command for the resource type.
//
// [Resource IDs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html
ModifyIdFormat(ctx context.Context, params *ec2.ModifyIdFormatInput, optFns ...func(*Options)) (*ec2.ModifyIdFormatOutput, error)
// Modifies the ID format of a resource for a specified IAM user, IAM role, or the
// root user for an account; or all IAM users, IAM roles, and the root user for an
// account. You can specify that resources should receive longer IDs (17-character
// IDs) when they are created.
//
// This request can only be used to modify longer ID settings for resource types
// that are within the opt-in period. Resources currently in their opt-in period
// include: bundle | conversion-task | customer-gateway | dhcp-options |
// elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image
// | import-task | internet-gateway | network-acl | network-acl-association |
// network-interface | network-interface-attachment | prefix-list | route-table |
// route-table-association | security-group | subnet |
// subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint
// | vpc-peering-connection | vpn-connection | vpn-gateway .
//
// For more information, see [Resource IDs] in the Amazon Elastic Compute Cloud User Guide.
//
// This setting applies to the principal specified in the request; it does not
// apply to the principal that makes the request.
//
// Resources created with longer IDs are visible to all IAM roles and users,
// regardless of these settings and provided that they have permission to use the
// relevant Describe command for the resource type.
//
// [Resource IDs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html
ModifyIdentityIdFormat(ctx context.Context, params *ec2.ModifyIdentityIdFormatInput, optFns ...func(*Options)) (*ec2.ModifyIdentityIdFormatOutput, error)
// Modifies the specified attribute of the specified AMI. You can specify only one
// attribute at a time.
//
// To specify the attribute, you can use the Attribute parameter, or one of the
// following parameters: Description , ImdsSupport , or LaunchPermission .
//
// Images with an Amazon Web Services Marketplace product code cannot be made
// public.
//
// To enable the SriovNetSupport enhanced networking attribute of an image, enable
// SriovNetSupport on an instance and create an AMI from the instance.
ModifyImageAttribute(ctx context.Context, params *ec2.ModifyImageAttributeInput, optFns ...func(*Options)) (*ec2.ModifyImageAttributeOutput, error)
// Modifies the specified attribute of the specified instance. You can specify
// only one attribute at a time.
//
// Note: Using this action to change the security groups associated with an
// elastic network interface (ENI) attached to an instance can result in an error
// if the instance has more than one ENI. To change the security groups associated
// with an ENI attached to an instance that has multiple ENIs, we recommend that
// you use the ModifyNetworkInterfaceAttributeaction.
//
// To modify some attributes, the instance must be stopped. For more information,
// see [Modify a stopped instance]in the Amazon EC2 User Guide.
//
// [Modify a stopped instance]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html
ModifyInstanceAttribute(ctx context.Context, params *ec2.ModifyInstanceAttributeInput, optFns ...func(*Options)) (*ec2.ModifyInstanceAttributeOutput, error)
// Modifies the Capacity Reservation settings for a stopped instance. Use this
// action to configure an instance to target a specific Capacity Reservation, run
// in any open Capacity Reservation with matching attributes, run in On-Demand
// Instance capacity, or only run in a Capacity Reservation.
ModifyInstanceCapacityReservationAttributes(ctx context.Context, params *ec2.ModifyInstanceCapacityReservationAttributesInput, optFns ...func(*Options)) (*ec2.ModifyInstanceCapacityReservationAttributesOutput, error)
// Modifies the specified EC2 Instance Connect Endpoint.
//
// For more information, see [Modify an EC2 Instance Connect Endpoint] in the Amazon EC2 User Guide.
//
// [Modify an EC2 Instance Connect Endpoint]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/modify-ec2-instance-connect-endpoint.html
ModifyInstanceConnectEndpoint(ctx context.Context, params *ec2.ModifyInstanceConnectEndpointInput, optFns ...func(*Options)) (*ec2.ModifyInstanceConnectEndpointOutput, error)
// By default, all vCPUs for the instance type are active when you launch an
// instance. When you configure the number of active vCPUs for the instance, it can
// help you save on licensing costs and optimize performance. The base cost of the
// instance remains unchanged.
//
// The number of active vCPUs equals the number of threads per CPU core multiplied
// by the number of cores. The instance must be in a Stopped state before you make
// changes.
//
// Some instance type options do not support this capability. For more
// information, see [Supported CPU options]in the Amazon EC2 User Guide.
//
// [Supported CPU options]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html
ModifyInstanceCpuOptions(ctx context.Context, params *ec2.ModifyInstanceCpuOptionsInput, optFns ...func(*Options)) (*ec2.ModifyInstanceCpuOptionsOutput, error)
// Modifies the credit option for CPU usage on a running or stopped burstable
// performance instance. The credit options are standard and unlimited .
//
// For more information, see [Burstable performance instances] in the Amazon EC2 User Guide.
//
// [Burstable performance instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html
ModifyInstanceCreditSpecification(ctx context.Context, params *ec2.ModifyInstanceCreditSpecificationInput, optFns ...func(*Options)) (*ec2.ModifyInstanceCreditSpecificationOutput, error)
// Modifies the start time for a scheduled Amazon EC2 instance event.
ModifyInstanceEventStartTime(ctx context.Context, params *ec2.ModifyInstanceEventStartTimeInput, optFns ...func(*Options)) (*ec2.ModifyInstanceEventStartTimeOutput, error)
// Modifies the specified event window.
//
// You can define either a set of time ranges or a cron expression when modifying
// the event window, but not both.
//
// To modify the targets associated with the event window, use the AssociateInstanceEventWindow and DisassociateInstanceEventWindow API.
//
// If Amazon Web Services has already scheduled an event, modifying an event
// window won't change the time of the scheduled event.
//
// For more information, see [Define event windows for scheduled events] in the Amazon EC2 User Guide.
//
// [Define event windows for scheduled events]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html
ModifyInstanceEventWindow(ctx context.Context, params *ec2.ModifyInstanceEventWindowInput, optFns ...func(*Options)) (*ec2.ModifyInstanceEventWindowOutput, error)
// Modifies the recovery behavior of your instance to disable simplified automatic
// recovery or set the recovery behavior to default. The default configuration will
// not enable simplified automatic recovery for an unsupported instance type. For
// more information, see [Simplified automatic recovery].
//
// Modifies the reboot migration behavior during a user-initiated reboot of an
// instance that has a pending system-reboot event. For more information, see [Enable or disable reboot migration].
//
// [Simplified automatic recovery]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery
// [Enable or disable reboot migration]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/schedevents_actions_reboot.html#reboot-migration
ModifyInstanceMaintenanceOptions(ctx context.Context, params *ec2.ModifyInstanceMaintenanceOptionsInput, optFns ...func(*Options)) (*ec2.ModifyInstanceMaintenanceOptionsOutput, error)
// Modifies the default instance metadata service (IMDS) settings at the account
// level in the specified Amazon Web Services
Region.
//
// To remove a parameter's account-level default setting, specify no-preference .
// If an account-level setting is cleared with no-preference , then the instance
// launch considers the other instance metadata settings. For more information, see
// [Order of precedence for instance metadata options]in the Amazon EC2 User Guide.
//
// [Order of precedence for instance metadata options]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html#instance-metadata-options-order-of-precedence
ModifyInstanceMetadataDefaults(ctx context.Context, params *ec2.ModifyInstanceMetadataDefaultsInput, optFns ...func(*Options)) (*ec2.ModifyInstanceMetadataDefaultsOutput, error)
// Modify the instance metadata parameters on a running or stopped instance. When
// you modify the parameters on a stopped instance, they are applied when the
// instance is started. When you modify the parameters on a running instance, the
// API responds with a state of “pending”. After the parameter modifications are
// successfully applied to the instance, the state of the modifications changes
// from “pending” to “applied” in subsequent describe-instances API calls. For more
// information, see [Instance metadata and user data]in the Amazon EC2 User Guide.
//
// [Instance metadata and user data]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
ModifyInstanceMetadataOptions(ctx context.Context, params *ec2.ModifyInstanceMetadataOptionsInput, optFns ...func(*Options)) (*ec2.ModifyInstanceMetadataOptionsOutput, error)
// Change the configuration of the network performance options for an existing
// instance.
ModifyInstanceNetworkPerformanceOptions(ctx context.Context, params *ec2.ModifyInstanceNetworkPerformanceOptionsInput, optFns ...func(*Options)) (*ec2.ModifyInstanceNetworkPerformanceOptionsOutput, error)
// Modifies the placement attributes for a specified instance. You can do the
// following:
//
// - Modify the affinity between an instance and a [Dedicated Host]. When affinity is set to host
// and the instance is not associated with a specific Dedicated Host, the next time
// the instance is started, it is automatically associated with the host on which
// it lands. If the instance is restarted or rebooted, this relationship persists.
//
// - Change the Dedicated Host with which an instance is associated.
//
// - Change the instance tenancy of an instance.
//
// - Move an instance to or from a [placement group].
//
// At least one attribute for affinity, host ID, tenancy, or placement group name
// must be specified in the request. Affinity and tenancy can be modified in the
// same request.
//
// To modify the host ID, tenancy, placement group, or partition for an instance,
// the instance must be in the stopped state.
//
// [Dedicated Host]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html
// [placement group]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
ModifyInstancePlacement(ctx context.Context, params *ec2.ModifyInstancePlacementInput, optFns ...func(*Options)) (*ec2.ModifyInstancePlacementOutput, error)
// Modify the configurations of an IPAM.
ModifyIpam(ctx context.Context, params *ec2.ModifyIpamInput, optFns ...func(*Options)) (*ec2.ModifyIpamOutput, error)
// Modify the configurations of an IPAM pool.
//
// For more information, see [Modify a pool] in the Amazon VPC IPAM User Guide.
//
// [Modify a pool]: https://docs.aws.amazon.com/vpc/latest/ipam/mod-pool-ipam.html
ModifyIpamPool(ctx context.Context, params *ec2.ModifyIpamPoolInput, optFns ...func(*Options)) (*ec2.ModifyIpamPoolOutput, error)
// Modifies an IPAM prefix list resolver. You can update the description and CIDR
// selection rules. Changes to rules will trigger re-evaluation and potential
// updates to associated prefix lists.
ModifyIpamPrefixListResolver(ctx context.Context, params *ec2.ModifyIpamPrefixListResolverInput, optFns ...func(*Options)) (*ec2.ModifyIpamPrefixListResolverOutput, error)
// Modifies an IPAM prefix list resolver target. You can update version tracking
// settings and the desired version of the target prefix list.
ModifyIpamPrefixListResolverTarget(ctx context.Context, params *ec2.ModifyIpamPrefixListResolverTargetInput, optFns ...func(*Options)) (*ec2.ModifyIpamPrefixListResolverTargetOutput, error)
// Modify a resource CIDR. You can use this action to transfer resource CIDRs
// between scopes and ignore resource CIDRs that you do not want to manage. If set
// to false, the resource will not be tracked for overlap, it cannot be
// auto-imported into a pool, and it will be removed from any pool it has an
// allocation in.
//
// For more information, see [Move resource CIDRs between scopes] and [Change the monitoring state of resource CIDRs] in the Amazon VPC IPAM User Guide.
//
// [Change the monitoring state of resource CIDRs]: https://docs.aws.amazon.com/vpc/latest/ipam/change-monitoring-state-ipam.html
// [Move resource CIDRs between scopes]: https://docs.aws.amazon.com/vpc/latest/ipam/move-resource-ipam.html
ModifyIpamResourceCidr(ctx context.Context, params *ec2.ModifyIpamResourceCidrInput, optFns ...func(*Options)) (*ec2.ModifyIpamResourceCidrOutput, error)
// Modifies a resource discovery. A resource discovery is an IPAM component that
// enables IPAM to manage and monitor resources that belong to the owning account.
ModifyIpamResourceDiscovery(ctx context.Context, params *ec2.ModifyIpamResourceDiscoveryInput, optFns ...func(*Options)) (*ec2.ModifyIpamResourceDiscoveryOutput, error)
// Modify an IPAM scope.
ModifyIpamScope(ctx context.Context, params *ec2.ModifyIpamScopeInput, optFns ...func(*Options)) (*ec2.ModifyIpamScopeOutput, error)
// Modifies a launch template. You can specify which version of the launch
// template to set as the default version. When launching an instance, the default
// version applies when a launch template version is not specified.
ModifyLaunchTemplate(ctx context.Context, params *ec2.ModifyLaunchTemplateInput, optFns ...func(*Options)) (*ec2.ModifyLaunchTemplateOutput, error)
// Modifies the specified local gateway route.
ModifyLocalGatewayRoute(ctx context.Context, params *ec2.ModifyLocalGatewayRouteInput, optFns ...func(*Options)) (*ec2.ModifyLocalGatewayRouteOutput, error)
// Modifies the specified managed prefix list.
//
// Adding or removing entries in a prefix list creates a new version of the prefix
// list. Changing the name of the prefix list does not affect the version.
//
// If you specify a current version number that does not match the true current
// version number, the request fails.
ModifyManagedPrefixList(ctx context.Context, params *ec2.ModifyManagedPrefixListInput, optFns ...func(*Options)) (*ec2.ModifyManagedPrefixListOutput, error)
// Modifies the specified network interface attribute. You can specify only one
// attribute at a time. You can use this action to attach and detach security
// groups from an existing EC2 instance.
ModifyNetworkInterfaceAttribute(ctx context.Context, params *ec2.ModifyNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ec2.ModifyNetworkInterfaceAttributeOutput, error)
// Modifies the options for instance hostnames for the specified instance.
ModifyPrivateDnsNameOptions(ctx context.Context, params *ec2.ModifyPrivateDnsNameOptionsInput, optFns ...func(*Options)) (*ec2.ModifyPrivateDnsNameOptionsOutput, error)
// Modify public hostname options for a network interface. For more information,
// see [EC2 instance hostnames, DNS names, and domains]in the Amazon EC2 User Guide.
//
// [EC2 instance hostnames, DNS names, and domains]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html
ModifyPublicIpDnsNameOptions(ctx context.Context, params *ec2.ModifyPublicIpDnsNameOptionsInput, optFns ...func(*Options)) (*ec2.ModifyPublicIpDnsNameOptionsOutput, error)
// Modifies the configuration of your Reserved Instances, such as the Availability
// Zone, instance count, or instance type. The Reserved Instances to be modified
// must be identical, except for Availability Zone, network platform, and instance
// type.
//
// For more information, see [Modify Reserved Instances] in the Amazon EC2 User Guide.
//
// [Modify Reserved Instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html
ModifyReservedInstances(ctx context.Context, params *ec2.ModifyReservedInstancesInput, optFns ...func(*Options)) (*ec2.ModifyReservedInstancesOutput, error)
// Modifies the configuration of an existing route server.
//
// Amazon VPC Route Server simplifies routing for traffic between workloads that
// are deployed within a VPC and its internet gateways. With this feature, VPC
// Route Server dynamically updates VPC and internet gateway route tables with your
// preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those
// workloads. This enables you to automatically reroute traffic within a VPC, which
// increases the manageability of VPC routing and interoperability with third-party
// workloads.
//
// Route server supports the follow route table types:
//
// - VPC route tables not associated with subnets
//
// - Subnet route tables
//
// - Internet gateway route tables
//
// Route server does not support route tables associated with virtual private
// gateways. To propagate routes into a transit gateway route table, use [Transit Gateway Connect].
//
// For more information see [Dynamic routing in your VPC with VPC Route Server] in the Amazon VPC User Guide.
//
// [Dynamic routing in your VPC with VPC Route Server]: https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html
// [Transit Gateway Connect]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html
ModifyRouteServer(ctx context.Context, params *ec2.ModifyRouteServerInput, optFns ...func(*Options)) (*ec2.ModifyRouteServerOutput, error)
// Modifies the rules of a security group.
ModifySecurityGroupRules(ctx context.Context, params *ec2.ModifySecurityGroupRulesInput, optFns ...func(*Options)) (*ec2.ModifySecurityGroupRulesOutput, error)
// Adds or removes permission settings for the specified snapshot. You may add or
// remove specified Amazon Web Services account IDs from a snapshot's list of
// create volume permissions, but you cannot do both in a single operation. If you
// need to both add and remove account IDs for a snapshot, you must use multiple
// operations. You can make up to 500 modifications to a snapshot in a single
// operation.
//
// Encrypted snapshots and snapshots with Amazon Web Services Marketplace product
// codes cannot be made public. Snapshots encrypted with your default KMS key
// cannot be shared with other accounts.
//
// For more information about modifying snapshot permissions, see [Share a snapshot] in the Amazon
// EBS User Guide.
//
// [Share a snapshot]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-modifying-snapshot-permissions.html
ModifySnapshotAttribute(ctx context.Context, params *ec2.ModifySnapshotAttributeInput, optFns ...func(*Options)) (*ec2.ModifySnapshotAttributeOutput, error)
// Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted
// to a full snapshot that includes all of the blocks of data that were written to
// the volume at the time the snapshot was created, and moved from the standard
// tier to the archive tier. For more information, see [Archive Amazon EBS snapshots]in the Amazon EBS User
// Guide.
//
// [Archive Amazon EBS snapshots]: https://docs.aws.amazon.com/ebs/latest/userguide/snapshot-archive.html
ModifySnapshotTier(ctx context.Context, params *ec2.ModifySnapshotTierInput, optFns ...func(*Options)) (*ec2.ModifySnapshotTierOutput, error)
// Modifies the specified Spot Fleet request.
//
// You can only modify a Spot Fleet request of type maintain .
//
// While the Spot Fleet request is being modified, it is in the modifying state.
//
// To scale up your Spot Fleet, increase its target capacity. The Spot Fleet
// launches the additional Spot Instances according to the allocation strategy for
// the Spot Fleet request. If the allocation strategy is lowestPrice , the Spot
// Fleet launches instances using the Spot Instance pool with the lowest price. If
// the allocation strategy is diversified , the Spot Fleet distributes the
// instances across the Spot Instance pools. If the allocation strategy is
// capacityOptimized , Spot Fleet launches instances from Spot Instance pools with
// optimal capacity for the number of instances that are launching.
//
// To scale down your Spot Fleet, decrease its target capacity. First, the Spot
// Fleet cancels any open requests that exceed the new target capacity. You can
// request that the Spot Fleet terminate Spot Instances until the size of the fleet
// no longer exceeds the new target capacity. If the allocation strategy is
// lowestPrice , the Spot Fleet terminates the instances with the highest price per
// unit. If the allocation strategy is capacityOptimized , the Spot Fleet
// terminates the instances in the Spot Instance pools that have the least
// available Spot Instance capacity. If the allocation strategy is diversified ,
// the Spot Fleet terminates instances across the Spot Instance pools.
// Alternatively, you can request that the Spot Fleet keep the fleet at its current
// size, but not replace any Spot Instances that are interrupted or that you
// terminate manually.
//
// If you are finished with your Spot Fleet for now, but will use it again later,
// you can set the target capacity to 0.
ModifySpotFleetRequest(ctx context.Context, params *ec2.ModifySpotFleetRequestInput, optFns ...func(*Options)) (*ec2.ModifySpotFleetRequestOutput, error)
// Modifies a subnet attribute. You can only modify one attribute at a time.
//
// Use this action to modify subnets on Amazon Web Services Outposts.
//
// - To modify a subnet on an Outpost rack, set both MapCustomerOwnedIpOnLaunch
// and CustomerOwnedIpv4Pool . These two parameters act as a single attribute.
//
// - To modify a subnet on an Outpost server, set either EnableLniAtDeviceIndex
// or DisableLniAtDeviceIndex .
//
// For more information about Amazon Web Services Outposts, see the following:
//
// [Outpost servers]
//
// [Outpost racks]
//
// [Outpost servers]: https://docs.aws.amazon.com/outposts/latest/userguide/how-servers-work.html
// [Outpost racks]: https://docs.aws.amazon.com/outposts/latest/userguide/how-racks-work.html
ModifySubnetAttribute(ctx context.Context, params *ec2.ModifySubnetAttributeInput, optFns ...func(*Options)) (*ec2.ModifySubnetAttributeOutput, error)
// Allows or restricts mirroring network services.
//
// By default, Amazon DNS network services are not eligible for Traffic Mirror.
// Use AddNetworkServices to add network services to a Traffic Mirror filter. When
// a network service is added to the Traffic Mirror filter, all traffic related to
// that network service will be mirrored. When you no longer want to mirror network
// services, use RemoveNetworkServices to remove the network services from the
// Traffic Mirror filter.
ModifyTrafficMirrorFilterNetworkServices(ctx context.Context, params *ec2.ModifyTrafficMirrorFilterNetworkServicesInput, optFns ...func(*Options)) (*ec2.ModifyTrafficMirrorFilterNetworkServicesOutput, error)
// Modifies the specified Traffic Mirror rule.
//
// DestinationCidrBlock and SourceCidrBlock must both be an IPv4 range or an IPv6
// range.
ModifyTrafficMirrorFilterRule(ctx context.Context, params *ec2.ModifyTrafficMirrorFilterRuleInput, optFns ...func(*Options)) (*ec2.ModifyTrafficMirrorFilterRuleOutput, error)
// Modifies a Traffic Mirror session.
ModifyTrafficMirrorSession(ctx context.Context, params *ec2.ModifyTrafficMirrorSessionInput, optFns ...func(*Options)) (*ec2.ModifyTrafficMirrorSessionOutput, error)
// Modifies the specified transit gateway. When you modify a transit gateway, the
// modified options are applied to new transit gateway attachments only. Your
// existing transit gateway attachments are not modified.
ModifyTransitGateway(ctx context.Context, params *ec2.ModifyTransitGatewayInput, optFns ...func(*Options)) (*ec2.ModifyTransitGatewayOutput, error)
// Modifies a reference (route) to a prefix list in a specified transit gateway
// route table.
ModifyTransitGatewayPrefixListReference(ctx context.Context, params *ec2.ModifyTransitGatewayPrefixListReferenceInput, optFns ...func(*Options)) (*ec2.ModifyTransitGatewayPrefixListReferenceOutput, error)
// Modifies the specified VPC attachment.
ModifyTransitGatewayVpcAttachment(ctx context.Context, params *ec2.ModifyTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ec2.ModifyTransitGatewayVpcAttachmentOutput, error)
// Modifies the configuration of the specified Amazon Web Services Verified Access
// endpoint.
ModifyVerifiedAccessEndpoint(ctx context.Context, params *ec2.ModifyVerifiedAccessEndpointInput, optFns ...func(*Options)) (*ec2.ModifyVerifiedAccessEndpointOutput, error)
// Modifies the specified Amazon Web Services Verified Access endpoint policy.
ModifyVerifiedAccessEndpointPolicy(ctx context.Context, params *ec2.ModifyVerifiedAccessEndpointPolicyInput, optFns ...func(*Options)) (*ec2.ModifyVerifiedAccessEndpointPolicyOutput, error)
// Modifies the specified Amazon Web Services Verified Access group configuration.
ModifyVerifiedAccessGroup(ctx context.Context, params *ec2.ModifyVerifiedAccessGroupInput, optFns ...func(*Options)) (*ec2.ModifyVerifiedAccessGroupOutput, error)
// Modifies the specified Amazon Web Services Verified Access group policy.
ModifyVerifiedAccessGroupPolicy(ctx context.Context, params *ec2.ModifyVerifiedAccessGroupPolicyInput, optFns ...func(*Options)) (*ec2.ModifyVerifiedAccessGroupPolicyOutput, error)
// Modifies the configuration of the specified Amazon Web Services Verified Access
// instance.
ModifyVerifiedAccessInstance(ctx context.Context, params *ec2.ModifyVerifiedAccessInstanceInput, optFns ...func(*Options)) (*ec2.ModifyVerifiedAccessInstanceOutput, error)
// Modifies the logging configuration for the specified Amazon Web Services
// Verified Access instance.
ModifyVerifiedAccessInstanceLoggingConfiguration(ctx context.Context, params *ec2.ModifyVerifiedAccessInstanceLoggingConfigurationInput, optFns ...func(*Options)) (*ec2.ModifyVerifiedAccessInstanceLoggingConfigurationOutput, error)
// Modifies the configuration of the specified Amazon Web Services Verified Access
// trust provider.
ModifyVerifiedAccessTrustProvider(ctx context.Context, params *ec2.ModifyVerifiedAccessTrustProviderInput, optFns ...func(*Options)) (*ec2.ModifyVerifiedAccessTrustProviderOutput, error)
// You can modify several parameters of an existing EBS volume, including volume
// size, volume type, and IOPS capacity. If your EBS volume is attached to a
// current-generation EC2 instance type, you might be able to apply these changes
// without stopping the instance or detaching the volume from it. For more
// information about modifying EBS volumes, see [Amazon EBS Elastic Volumes]in the Amazon EBS User Guide.
//
// When you complete a resize operation on your volume, you need to extend the
// volume's file-system size to take advantage of the new storage capacity. For
// more information, see [Extend the file system].
//
// For more information, see [Monitor the progress of volume modifications] in the Amazon EBS User Guide.
//
// With previous-generation instance types, resizing an EBS volume might require
// detaching and reattaching the volume or stopping and restarting the instance.
//
// After modifying a volume, you must wait at least six hours and ensure that the
// volume is in the in-use or available state before you can modify the same
// volume. This is sometimes referred to as a cooldown period.
//
// [Monitor the progress of volume modifications]: https://docs.aws.amazon.com/ebs/latest/userguide/monitoring-volume-modifications.html
// [Amazon EBS Elastic Volumes]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-modify-volume.html
// [Extend the file system]: https://docs.aws.amazon.com/ebs/latest/userguide/recognize-expanded-volume-linux.html
ModifyVolume(ctx context.Context, params *ec2.ModifyVolumeInput, optFns ...func(*Options)) (*ec2.ModifyVolumeOutput, error)
// Modifies a volume attribute.
//
// By default, all I/O operations for the volume are suspended when the data on
// the volume is determined to be potentially inconsistent, to prevent
// undetectable, latent data corruption. The I/O access to the volume can be
// resumed by first enabling I/O access and then checking the data consistency on
// your volume.
//
// You can change the default behavior to resume I/O operations. We recommend that
// you change this only for boot volumes or for volumes that are stateless or
// disposable.
ModifyVolumeAttribute(ctx context.Context, params *ec2.ModifyVolumeAttributeInput, optFns ...func(*Options)) (*ec2.ModifyVolumeAttributeOutput, error)
// Modifies the specified attribute of the specified VPC.
ModifyVpcAttribute(ctx context.Context, params *ec2.ModifyVpcAttributeInput, optFns ...func(*Options)) (*ec2.ModifyVpcAttributeOutput, error)
// Modify VPC Block Public Access (BPA) exclusions. A VPC BPA exclusion is a mode
// that can be applied to a single VPC or subnet that exempts it from the account’s
// BPA mode and will allow bidirectional or egress-only access. You can create BPA
// exclusions for VPCs and subnets even when BPA is not enabled on the account to
// ensure that there is no traffic disruption to the exclusions when VPC BPA is
// turned on.
ModifyVpcBlockPublicAccessExclusion(ctx context.Context, params *ec2.ModifyVpcBlockPublicAccessExclusionInput, optFns ...func(*Options)) (*ec2.ModifyVpcBlockPublicAccessExclusionOutput, error)
// Modify VPC Block Public Access (BPA) options. VPC Block Public Access (BPA)
// enables you to block resources in VPCs and subnets that you own in a Region from
// reaching or being reached from the internet through internet gateways and
// egress-only internet gateways. To learn more about VPC BPA, see [Block public access to VPCs and subnets]in the Amazon
// VPC User Guide.
//
// [Block public access to VPCs and subnets]: https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html
ModifyVpcBlockPublicAccessOptions(ctx context.Context, params *ec2.ModifyVpcBlockPublicAccessOptionsInput, optFns ...func(*Options)) (*ec2.ModifyVpcBlockPublicAccessOptionsOutput, error)
// Modifies attributes of a specified VPC endpoint. The attributes that you can
// modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load
// Balancer). For more information, see the [Amazon Web Services PrivateLink Guide].
//
// [Amazon Web Services PrivateLink Guide]: https://docs.aws.amazon.com/vpc/latest/privatelink/
ModifyVpcEndpoint(ctx context.Context, params *ec2.ModifyVpcEndpointInput, optFns ...func(*Options)) (*ec2.ModifyVpcEndpointOutput, error)
// Modifies a connection notification for VPC endpoint or VPC endpoint service.
// You can change the SNS topic for the notification, or the events for which to be
// notified.
ModifyVpcEndpointConnectionNotification(ctx context.Context, params *ec2.ModifyVpcEndpointConnectionNotificationInput, optFns ...func(*Options)) (*ec2.ModifyVpcEndpointConnectionNotificationOutput, error)
// Modifies the attributes of the specified VPC endpoint service configuration.
//
// If you set or modify the private DNS name, you must prove that you own the
// private DNS domain name.
ModifyVpcEndpointServiceConfiguration(ctx context.Context, params *ec2.ModifyVpcEndpointServiceConfigurationInput, optFns ...func(*Options)) (*ec2.ModifyVpcEndpointServiceConfigurationOutput, error)
// Modifies the payer responsibility for your VPC endpoint service.
ModifyVpcEndpointServicePayerResponsibility(ctx context.Context, params *ec2.ModifyVpcEndpointServicePayerResponsibilityInput, optFns ...func(*Options)) (*ec2.ModifyVpcEndpointServicePayerResponsibilityOutput, error)
// Modifies the permissions for your VPC endpoint service. You can add or remove
// permissions for service consumers (Amazon Web Services accounts, users, and IAM
// roles) to connect to your endpoint service. Principal ARNs with path components
// aren't supported.
//
// If you grant permissions to all principals, the service is public. Any users
// who know the name of a public service can send a request to attach an endpoint.
// If the service does not require manual approval, attachments are automatically
// approved.
ModifyVpcEndpointServicePermissions(ctx context.Context, params *ec2.ModifyVpcEndpointServicePermissionsInput, optFns ...func(*Options)) (*ec2.ModifyVpcEndpointServicePermissionsOutput, error)
// Modifies the VPC peering connection options on one side of a VPC peering
// connection.
//
// If the peered VPCs are in the same Amazon Web Services account, you can enable
// DNS resolution for queries from the local VPC. This ensures that queries from
// the local VPC resolve to private IP addresses in the peer VPC. This option is
// not available if the peered VPCs are in different Amazon Web Services accounts
// or different Regions. For peered VPCs in different Amazon Web Services accounts,
// each Amazon Web Services account owner must initiate a separate request to
// modify the peering connection options. For inter-region peering connections, you
// must use the Region for the requester VPC to modify the requester VPC peering
// options and the Region for the accepter VPC to modify the accepter VPC peering
// options. To verify which VPCs are the accepter and the requester for a VPC
// peering connection, use the DescribeVpcPeeringConnectionscommand.
ModifyVpcPeeringConnectionOptions(ctx context.Context, params *ec2.ModifyVpcPeeringConnectionOptionsInput, optFns ...func(*Options)) (*ec2.ModifyVpcPeeringConnectionOptionsOutput, error)
// Modifies the instance tenancy attribute of the specified VPC. You can change
// the instance tenancy attribute of a VPC to default only. You cannot change the
// instance tenancy attribute to dedicated .
//
// After you modify the tenancy of the VPC, any new instances that you launch into
// the VPC have a tenancy of default , unless you specify otherwise during launch.
// The tenancy of any existing instances in the VPC is not affected.
//
// For more information, see [Dedicated Instances] in the Amazon EC2 User Guide.
//
// [Dedicated Instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html
ModifyVpcTenancy(ctx context.Context, params *ec2.ModifyVpcTenancyInput, optFns ...func(*Options)) (*ec2.ModifyVpcTenancyOutput, error)
// Modifies the customer gateway or the target gateway of an Amazon Web Services
// Site-to-Site VPN connection. To modify the target gateway, the following
// migration options are available:
//
// - An existing virtual private gateway to a new virtual private gateway
//
// - An existing virtual private gateway to a transit gateway
//
// - An existing transit gateway to a new transit gateway
//
// - An existing transit gateway to a virtual private gateway
//
// Before you perform the migration to the new gateway, you must configure the new
// gateway. Use CreateVpnGatewayto create a virtual private gateway, or CreateTransitGateway to create a transit
// gateway.
//
// This step is required when you migrate from a virtual private gateway with
// static routes to a transit gateway.
//
// You must delete the static routes before you migrate to the new gateway.
//
// Keep a copy of the static route before you delete it. You will need to add back
// these routes to the transit gateway after the VPN connection migration is
// complete.
//
// After you migrate to the new gateway, you might need to modify your VPC route
// table. Use CreateRouteand DeleteRoute to make the changes described in [Update VPC route tables] in the Amazon Web Services
// Site-to-Site VPN User Guide.
//
// When the new gateway is a transit gateway, modify the transit gateway route
// table to allow traffic between the VPC and the Amazon Web Services Site-to-Site
// VPN connection. Use CreateTransitGatewayRouteto add the routes.
//
// If you deleted VPN static routes, you must add the static routes to the transit
// gateway route table.
//
// After you perform this operation, the VPN endpoint's IP addresses on the Amazon
// Web Services side and the tunnel options remain intact. Your Amazon Web Services
// Site-to-Site VPN connection will be temporarily unavailable for a brief period
// while we provision the new endpoints.
//
// [Update VPC route tables]: https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing
ModifyVpnConnection(ctx context.Context, params *ec2.ModifyVpnConnectionInput, optFns ...func(*Options)) (*ec2.ModifyVpnConnectionOutput, error)
// Modifies the connection options for your Site-to-Site VPN connection.
//
// When you modify the VPN connection options, the VPN endpoint IP addresses on
// the Amazon Web Services side do not change, and the tunnel options do not
// change. Your VPN connection will be temporarily unavailable for a brief period
// while the VPN connection is updated.
ModifyVpnConnectionOptions(ctx context.Context, params *ec2.ModifyVpnConnectionOptionsInput, optFns ...func(*Options)) (*ec2.ModifyVpnConnectionOptionsOutput, error)
// Modifies the VPN tunnel endpoint certificate.
ModifyVpnTunnelCertificate(ctx context.Context, params *ec2.ModifyVpnTunnelCertificateInput, optFns ...func(*Options)) (*ec2.ModifyVpnTunnelCertificateOutput, error)
// Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site
// VPN connection. You can modify multiple options for a tunnel in a single
// request, but you can only modify one tunnel at a time. For more information, see
// [Site-to-Site VPN tunnel options for your Site-to-Site VPN connection]in the Amazon Web Services Site-to-Site VPN User Guide.
//
// [Site-to-Site VPN tunnel options for your Site-to-Site VPN connection]: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html
ModifyVpnTunnelOptions(ctx context.Context, params *ec2.ModifyVpnTunnelOptionsInput, optFns ...func(*Options)) (*ec2.ModifyVpnTunnelOptionsOutput, error)
// Enables detailed monitoring for a running instance. Otherwise, basic monitoring
// is enabled. For more information, see [Monitor your instances using CloudWatch]in the Amazon EC2 User Guide.
//
// To disable detailed monitoring, see [UnmonitorInstances].
//
// [Monitor your instances using CloudWatch]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html
// [UnmonitorInstances]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_UnmonitorInstances.html
MonitorInstances(ctx context.Context, params *ec2.MonitorInstancesInput, optFns ...func(*Options)) (*ec2.MonitorInstancesOutput, error)
// This action is deprecated.
//
// Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC
// platform. The Elastic IP address must be allocated to your account for more than
// 24 hours, and it must not be associated with an instance. After the Elastic IP
// address is moved, it is no longer available for use in the EC2-Classic platform.
// You cannot move an Elastic IP address that was originally allocated for use in
// the EC2-VPC platform to the EC2-Classic platform.
MoveAddressToVpc(ctx context.Context, params *ec2.MoveAddressToVpcInput, optFns ...func(*Options)) (*ec2.MoveAddressToVpcOutput, error)
// Move a BYOIPv4 CIDR to IPAM from a public IPv4 pool.
//
// If you already have a BYOIPv4 CIDR with Amazon Web Services, you can move the
// CIDR to IPAM from a public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If
// you are bringing a new IP address to Amazon Web Services for the first time,
// complete the steps in [Tutorial: BYOIP address CIDRs to IPAM].
//
// [Tutorial: BYOIP address CIDRs to IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoip-ipam.html
MoveByoipCidrToIpam(ctx context.Context, params *ec2.MoveByoipCidrToIpamInput, optFns ...func(*Options)) (*ec2.MoveByoipCidrToIpamOutput, error)
// Move available capacity from a source Capacity Reservation to a destination
// Capacity Reservation. The source Capacity Reservation and the destination
// Capacity Reservation must be active , owned by your Amazon Web Services account,
// and share the following:
//
// - Instance type
//
// - Platform
//
// - Availability Zone
//
// - Tenancy
//
// - Placement group
//
// - Capacity Reservation end time - At specific time or Manually .
MoveCapacityReservationInstances(ctx context.Context, params *ec2.MoveCapacityReservationInstancesInput, optFns ...func(*Options)) (*ec2.MoveCapacityReservationInstancesOutput, error)
// Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services
// resources through bring your own IP addresses (BYOIP) and creates a
// corresponding address pool. After the address range is provisioned, it is ready
// to be advertised.
//
// Amazon Web Services verifies that you own the address range and are authorized
// to advertise it. You must ensure that the address range is registered to you and
// that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to
// advertise the address range. For more information, see [Bring your own IP addresses (BYOIP)]in the Amazon EC2 User
// Guide.
//
// Provisioning an address range is an asynchronous operation, so the call returns
// immediately, but the address range is not ready to use until its status changes
// from pending-provision to provisioned . For more information, see [Onboard your address range].
//
// [Bring your own IP addresses (BYOIP)]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html
// [Onboard your address range]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/byoip-onboard.html
ProvisionByoipCidr(ctx context.Context, params *ec2.ProvisionByoipCidrInput, optFns ...func(*Options)) (*ec2.ProvisionByoipCidrOutput, error)
// Provisions your Autonomous System Number (ASN) for use in your Amazon Web
// Services account. This action requires authorization context for Amazon to bring
// the ASN to an Amazon Web Services account. For more information, see [Tutorial: Bring your ASN to IPAM]in the
// Amazon VPC IPAM guide.
//
// [Tutorial: Bring your ASN to IPAM]: https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html
ProvisionIpamByoasn(ctx context.Context, params *ec2.ProvisionIpamByoasnInput, optFns ...func(*Options)) (*ec2.ProvisionIpamByoasnOutput, error)
// Provision a CIDR to an IPAM pool. You can use this action to provision new
// CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool
// within it.
//
// For more information, see [Provision CIDRs to pools] in the Amazon VPC IPAM User Guide.
//
// [Provision CIDRs to pools]: https://docs.aws.amazon.com/vpc/latest/ipam/prov-cidr-ipam.html
ProvisionIpamPoolCidr(ctx context.Context, params *ec2.ProvisionIpamPoolCidrInput, optFns ...func(*Options)) (*ec2.ProvisionIpamPoolCidrOutput, error)
// Provision a CIDR to a public IPv4 pool.
//
// For more information about IPAM, see [What is IPAM?] in the Amazon VPC IPAM User Guide.
//
// [What is IPAM?]: https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html
ProvisionPublicIpv4PoolCidr(ctx context.Context, params *ec2.ProvisionPublicIpv4PoolCidrInput, optFns ...func(*Options)) (*ec2.ProvisionPublicIpv4PoolCidrOutput, error)
// Purchase the Capacity Block for use with your account. With Capacity Blocks you
// ensure GPU capacity is available for machine learning (ML) workloads. You must
// specify the ID of the Capacity Block offering you are purchasing.
PurchaseCapacityBlock(ctx context.Context, params *ec2.PurchaseCapacityBlockInput, optFns ...func(*Options)) (*ec2.PurchaseCapacityBlockOutput, error)
// Purchase the Capacity Block extension for use with your account. You must
// specify the ID of the Capacity Block extension offering you are purchasing.
PurchaseCapacityBlockExtension(ctx context.Context, params *ec2.PurchaseCapacityBlockExtensionInput, optFns ...func(*Options)) (*ec2.PurchaseCapacityBlockExtensionOutput, error)
// Purchase a reservation with configurations that match those of your Dedicated
// Host. You must have active Dedicated Hosts in your account before you purchase a
// reservation. This action results in the specified reservation being purchased
// and charged to your account.
PurchaseHostReservation(ctx context.Context, params *ec2.PurchaseHostReservationInput, optFns ...func(*Options)) (*ec2.PurchaseHostReservationOutput, error)
// Purchases a Reserved Instance for use with your account. With Reserved
// Instances, you pay a lower hourly rate compared to On-Demand instance pricing.
//
// Use DescribeReservedInstancesOfferings to get a list of Reserved Instance offerings that match your
// specifications. After you've purchased a Reserved Instance, you can check for
// your new Reserved Instance with DescribeReservedInstances.
//
// To queue a purchase for a future date and time, specify a purchase time. If you
// do not specify a purchase time, the default is the current time.
//
// For more information, see [Reserved Instances] and [Sell in the Reserved Instance Marketplace] in the Amazon EC2 User Guide.
//
// [Reserved Instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html
// [Sell in the Reserved Instance Marketplace]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html
PurchaseReservedInstancesOffering(ctx context.Context, params *ec2.PurchaseReservedInstancesOfferingInput, optFns ...func(*Options)) (*ec2.PurchaseReservedInstancesOfferingOutput, error)
// You can no longer purchase Scheduled Instances.
//
// Purchases the Scheduled Instances with the specified schedule.
//
// Scheduled Instances enable you to purchase Amazon EC2 compute capacity by the
// hour for a one-year term. Before you can purchase a Scheduled Instance, you must
// call DescribeScheduledInstanceAvailabilityto check for available schedules and obtain a purchase token. After you
// purchase a Scheduled Instance, you must call RunScheduledInstancesduring each scheduled time period.
//
// After you purchase a Scheduled Instance, you can't cancel, modify, or resell
// your purchase.
PurchaseScheduledInstances(ctx context.Context, params *ec2.PurchaseScheduledInstancesInput, optFns ...func(*Options)) (*ec2.PurchaseScheduledInstancesOutput, error)
// Requests a reboot of the specified instances. This operation is asynchronous;
// it only queues a request to reboot the specified instances. The operation
// succeeds if the instances are valid and belong to you. Requests to reboot
// terminated instances are ignored.
//
// If an instance does not cleanly shut down within a few minutes, Amazon EC2
// performs a hard reboot.
//
// For more information about troubleshooting, see [Troubleshoot an unreachable instance] in the Amazon EC2 User Guide.
//
// [Troubleshoot an unreachable instance]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html
RebootInstances(ctx context.Context, params *ec2.RebootInstancesInput, optFns ...func(*Options)) (*ec2.RebootInstancesOutput, error)
// Registers an AMI. When you're creating an instance-store backed AMI,
// registering the AMI is the final step in the creation process. For more
// information about creating AMIs, see [Create an AMI from a snapshot]and [Create an instance-store backed AMI] in the Amazon EC2 User Guide.
//
// If needed, you can deregister an AMI at any time. Any modifications you make to
// an AMI backed by an instance store volume invalidates its registration. If you
// make changes to an image, deregister the previous image and register the new
// image.
//
// # Register a snapshot of a root device volume
//
// You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a
// snapshot of a root device volume. You specify the snapshot using a block device
// mapping. You can't set the encryption state of the volume using the block device
// mapping. If the snapshot is encrypted, or encryption by default is enabled, the
// root volume of an instance launched from the AMI is encrypted.
//
// For more information, see [Create an AMI from a snapshot] and [Use encryption with EBS-backed AMIs] in the Amazon EC2 User Guide.
//
// # Amazon Web Services Marketplace product codes
//
// If any snapshots have Amazon Web Services Marketplace product codes, they are
// copied to the new AMI.
//
// In most cases, AMIs for Windows, RedHat, SUSE, and SQL Server require correct
// licensing information to be present on the AMI. For more information, see [Understand AMI billing information]in
// the Amazon EC2 User Guide. When creating an AMI from a snapshot, the
// RegisterImage operation derives the correct billing information from the
// snapshot's metadata, but this requires the appropriate metadata to be present.
// To verify if the correct billing information was applied, check the
// PlatformDetails field on the new AMI. If the field is empty or doesn't match the
// expected operating system code (for example, Windows, RedHat, SUSE, or SQL), the
// AMI creation was unsuccessful, and you should discard the AMI and instead create
// the AMI from an instance. For more information, see [Create an AMI from an instance]in the Amazon EC2 User
// Guide.
//
// If you purchase a Reserved Instance to apply to an On-Demand Instance that was
// launched from an AMI with a billing product code, make sure that the Reserved
// Instance has the matching billing product code. If you purchase a Reserved
// Instance without the matching billing product code, the Reserved Instance is not
// applied to the On-Demand Instance. For information about how to obtain the
// platform details and billing information of an AMI, see [Understand AMI billing information]in the Amazon EC2 User
// Guide.
//
// [Use encryption with EBS-backed AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html
// [Understand AMI billing information]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html
// [Create an instance-store backed AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-instance-store.html
// [Create an AMI from an instance]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html#how-to-create-ebs-ami
// [Create an AMI from a snapshot]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html#creating-launching-ami-from-snapshot
RegisterImage(ctx context.Context, params *ec2.RegisterImageInput, optFns ...func(*Options)) (*ec2.RegisterImageOutput, error)
// Registers a set of tag keys to include in scheduled event notifications for
// your resources.
//
// To remove tags, use [DeregisterInstanceEventNotificationAttributes].
//
// [DeregisterInstanceEventNotificationAttributes]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeregisterInstanceEventNotificationAttributes.html
RegisterInstanceEventNotificationAttributes(ctx context.Context, params *ec2.RegisterInstanceEventNotificationAttributesInput, optFns ...func(*Options)) (*ec2.RegisterInstanceEventNotificationAttributesOutput, error)
// Registers members (network interfaces) with the transit gateway multicast
// group. A member is a network interface associated with a supported EC2 instance
// that receives multicast traffic. For more information, see [Multicast on transit gateways]in the Amazon Web
// Services Transit Gateways Guide.
//
// After you add the members, use [SearchTransitGatewayMulticastGroups] to verify that the members were added to the
// transit gateway multicast group.
//
// [SearchTransitGatewayMulticastGroups]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html
// [Multicast on transit gateways]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-multicast-overview.html
RegisterTransitGatewayMulticastGroupMembers(ctx context.Context, params *ec2.RegisterTransitGatewayMulticastGroupMembersInput, optFns ...func(*Options)) (*ec2.RegisterTransitGatewayMulticastGroupMembersOutput, error)
// Registers sources (network interfaces) with the specified transit gateway
// multicast group.
//
// A multicast source is a network interface attached to a supported instance that
// sends multicast traffic. For more information about supported instances, see [Multicast on transit gateways]in
// the Amazon Web Services Transit Gateways Guide.
//
// After you add the source, use [SearchTransitGatewayMulticastGroups] to verify that the source was added to the
// multicast group.
//
// [SearchTransitGatewayMulticastGroups]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html
// [Multicast on transit gateways]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-multicast-overview.html
RegisterTransitGatewayMulticastGroupSources(ctx context.Context, params *ec2.RegisterTransitGatewayMulticastGroupSourcesInput, optFns ...func(*Options)) (*ec2.RegisterTransitGatewayMulticastGroupSourcesOutput, error)
// Rejects a request to assign billing of the available capacity of a shared
// Capacity Reservation to your account. For more information, see [Billing assignment for shared Amazon EC2 Capacity Reservations].
//
// [Billing assignment for shared Amazon EC2 Capacity Reservations]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html
RejectCapacityReservationBillingOwnership(ctx context.Context, params *ec2.RejectCapacityReservationBillingOwnershipInput, optFns ...func(*Options)) (*ec2.RejectCapacityReservationBillingOwnershipOutput, error)
// Rejects a request to associate cross-account subnets with a transit gateway
// multicast domain.
RejectTransitGatewayMulticastDomainAssociations(ctx context.Context, params *ec2.RejectTransitGatewayMulticastDomainAssociationsInput, optFns ...func(*Options)) (*ec2.RejectTransitGatewayMulticastDomainAssociationsOutput, error)
// Rejects a transit gateway peering attachment request.
RejectTransitGatewayPeeringAttachment(ctx context.Context, params *ec2.RejectTransitGatewayPeeringAttachmentInput, optFns ...func(*Options)) (*ec2.RejectTransitGatewayPeeringAttachmentOutput, error)
// Rejects a request to attach a VPC to a transit gateway.
//
// The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your
// pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachmentto accept a VPC attachment request.
RejectTransitGatewayVpcAttachment(ctx context.Context, params *ec2.RejectTransitGatewayVpcAttachmentInput, optFns ...func(*Options)) (*ec2.RejectTransitGatewayVpcAttachmentOutput, error)
// Rejects VPC endpoint connection requests to your VPC endpoint service.
RejectVpcEndpointConnections(ctx context.Context, params *ec2.RejectVpcEndpointConnectionsInput, optFns ...func(*Options)) (*ec2.RejectVpcEndpointConnectionsOutput, error)
// Rejects a VPC peering connection request. The VPC peering connection must be in
// the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC
// peering connection requests. To delete an active VPC peering connection, or to
// delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection.
RejectVpcPeeringConnection(ctx context.Context, params *ec2.RejectVpcPeeringConnectionInput, optFns ...func(*Options)) (*ec2.RejectVpcPeeringConnectionOutput, error)
// Releases the specified Elastic IP address.
//
// [Default VPC] Releasing an Elastic IP address automatically disassociates it
// from any instance that it's associated with. Alternatively, you can disassociate
// an Elastic IP address without releasing it.
//
// [Nondefault VPC] You must disassociate the Elastic IP address before you can
// release it. Otherwise, Amazon EC2 returns an error ( InvalidIPAddress.InUse ).
//
// After releasing an Elastic IP address, it is released to the IP address pool.
// Be sure to update your DNS records and any servers or devices that communicate
// with the address. If you attempt to release an Elastic IP address that you
// already released, you'll get an AuthFailure error if the address is already
// allocated to another Amazon Web Services account.
//
// After you release an Elastic IP address, you might be able to recover it. For
// more information, see [Release an Elastic IP address].
//
// [Release an Elastic IP address]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing-eips-releasing.html
ReleaseAddress(ctx context.Context, params *ec2.ReleaseAddressInput, optFns ...func(*Options)) (*ec2.ReleaseAddressOutput, error)
// When you no longer want to use an On-Demand Dedicated Host it can be released.
// On-Demand billing is stopped and the host goes into released state. The host ID
// of Dedicated Hosts that have been released can no longer be specified in another
// request, for example, to modify the host. You must stop or terminate all
// instances on a host before it can be released.
//
// When Dedicated Hosts are released, it may take some time for them to stop
// counting toward your limit and you may receive capacity errors when trying to
// allocate new Dedicated Hosts. Wait a few minutes and then try again.
//
// Released hosts still appear in a DescribeHosts response.
ReleaseHosts(ctx context.Context, params *ec2.ReleaseHostsInput, optFns ...func(*Options)) (*ec2.ReleaseHostsOutput, error)
// Release an allocation within an IPAM pool. The Region you use should be the
// IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM
// pool is available for allocations. You can only use this action to release
// manual allocations. To remove an allocation for a resource without deleting the
// resource, set its monitored state to false using [ModifyIpamResourceCidr]. For more information, see [Release an allocation]
// in the Amazon VPC IPAM User Guide.
//
// All EC2 API actions follow an [eventual consistency] model.
//
// [Release an allocation]: https://docs.aws.amazon.com/vpc/latest/ipam/release-alloc-ipam.html
// [eventual consistency]: https://docs.aws.amazon.com/ec2/latest/devguide/eventual-consistency.html
// [ModifyIpamResourceCidr]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html
ReleaseIpamPoolAllocation(ctx context.Context, params *ec2.ReleaseIpamPoolAllocationInput, optFns ...func(*Options)) (*ec2.ReleaseIpamPoolAllocationOutput, error)
// Replaces an IAM instance profile for the specified running instance. You can
// use this action to change the IAM instance profile that's associated with an
// instance without having to disassociate the existing IAM instance profile first.
//
// Use DescribeIamInstanceProfileAssociations to get the association ID.
ReplaceIamInstanceProfileAssociation(ctx context.Context, params *ec2.ReplaceIamInstanceProfileAssociationInput, optFns ...func(*Options)) (*ec2.ReplaceIamInstanceProfileAssociationOutput, error)
// Sets or replaces the criteria for Allowed AMIs.
//
// The Allowed AMIs feature does not restrict the AMIs owned by your account.
// Regardless of the criteria you set, the AMIs created by your account will always
// be discoverable and usable by users in your account.
//
// For more information, see [Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs] in Amazon EC2 User Guide.
//
// [Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-allowed-amis.html
ReplaceImageCriteriaInAllowedImagesSettings(ctx context.Context, params *ec2.ReplaceImageCriteriaInAllowedImagesSettingsInput, optFns ...func(*Options)) (*ec2.ReplaceImageCriteriaInAllowedImagesSettingsOutput, error)
// Changes which network ACL a subnet is associated with. By default when you
// create a subnet, it's automatically associated with the default network ACL. For
// more information, see [Network ACLs]in the Amazon VPC User Guide.
//
// This is an idempotent operation.
//
// [Network ACLs]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
ReplaceNetworkAclAssociation(ctx context.Context, params *ec2.ReplaceNetworkAclAssociationInput, optFns ...func(*Options)) (*ec2.ReplaceNetworkAclAssociationOutput, error)
// Replaces an entry (rule) in a network ACL. For more information, see [Network ACLs] in the
// Amazon VPC User Guide.
//
// [Network ACLs]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
ReplaceNetworkAclEntry(ctx context.Context, params *ec2.ReplaceNetworkAclEntryInput, optFns ...func(*Options)) (*ec2.ReplaceNetworkAclEntryOutput, error)
// Replaces an existing route within a route table in a VPC.
//
// You must specify either a destination CIDR block or a prefix list ID. You must
// also specify exactly one of the resources from the parameter list, or reset the
// local route to its default target.
//
// For more information, see [Route tables] in the Amazon VPC User Guide.
//
// [Route tables]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html
ReplaceRoute(ctx context.Context, params *ec2.ReplaceRouteInput, optFns ...func(*Options)) (*ec2.ReplaceRouteOutput, error)
// Changes the route table associated with a given subnet, internet gateway, or
// virtual private gateway in a VPC. After the operation completes, the subnet or
// gateway uses the routes in the new route table. For more information about route
// tables, see [Route tables]in the Amazon VPC User Guide.
//
// You can also use this operation to change which table is the main route table
// in the VPC. Specify the main route table's association ID and the route table ID
// of the new main route table.
//
// [Route tables]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html
ReplaceRouteTableAssociation(ctx context.Context, params *ec2.ReplaceRouteTableAssociationInput, optFns ...func(*Options)) (*ec2.ReplaceRouteTableAssociationOutput, error)
// Replaces the specified route in the specified transit gateway route table.
ReplaceTransitGatewayRoute(ctx context.Context, params *ec2.ReplaceTransitGatewayRouteInput, optFns ...func(*Options)) (*ec2.ReplaceTransitGatewayRouteOutput, error)
// Trigger replacement of specified VPN tunnel.
ReplaceVpnTunnel(ctx context.Context, params *ec2.ReplaceVpnTunnelInput, optFns ...func(*Options)) (*ec2.ReplaceVpnTunnelOutput, error)
// Submits feedback about the status of an instance. The instance must be in the
// running state. If your experience with the instance differs from the instance
// status returned by DescribeInstanceStatus, use ReportInstanceStatus to report your experience with the instance. Amazon
// EC2 collects this information to improve the accuracy of status checks.
//
// Use of this action does not change the value returned by DescribeInstanceStatus.
ReportInstanceStatus(ctx context.Context, params *ec2.ReportInstanceStatusInput, optFns ...func(*Options)) (*ec2.ReportInstanceStatusOutput, error)
// Creates a Spot Fleet request.
//
// The Spot Fleet request specifies the total target capacity and the On-Demand
// target capacity. Amazon EC2 calculates the difference between the total capacity
// and On-Demand capacity, and launches the difference as Spot capacity.
//
// You can submit a single request that includes multiple launch specifications
// that vary by instance type, AMI, Availability Zone, or subnet.
//
// By default, the Spot Fleet requests Spot Instances in the Spot Instance pool
// where the price per unit is the lowest. Each launch specification can include
// its own instance weighting that reflects the value of the instance type to your
// application workload.
//
// Alternatively, you can specify that the Spot Fleet distribute the target
// capacity across the Spot pools included in its launch specifications. By
// ensuring that the Spot Instances in your Spot Fleet are in different Spot pools,
// you can improve the availability of your fleet.
//
// You can specify tags for the Spot Fleet request and instances launched by the
// fleet. You cannot tag other resource types in a Spot Fleet request because only
// the spot-fleet-request and instance resource types are supported.
//
// For more information, see [Spot Fleet requests] in the Amazon EC2 User Guide.
//
// We strongly discourage using the RequestSpotFleet API because it is a legacy
// API with no planned investment. For options for requesting Spot Instances, see [Which is the best Spot request method to use?]
// in the Amazon EC2 User Guide.
//
// [Spot Fleet requests]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html
// [Which is the best Spot request method to use?]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use
RequestSpotFleet(ctx context.Context, params *ec2.RequestSpotFleetInput, optFns ...func(*Options)) (*ec2.RequestSpotFleetOutput, error)
// Creates a Spot Instance request.
//
// For more information, see [Work with Spot Instance] in the Amazon EC2 User Guide.
//
// We strongly discourage using the RequestSpotInstances API because it is a
// legacy API with no planned investment. For options for requesting Spot
// Instances, see [Which is the best Spot request method to use?]in the Amazon EC2 User Guide.
//
// [Work with Spot Instance]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html
// [Which is the best Spot request method to use?]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use
RequestSpotInstances(ctx context.Context, params *ec2.RequestSpotInstancesInput, optFns ...func(*Options)) (*ec2.RequestSpotInstancesOutput, error)
// Resets the attribute of the specified IP address. For requirements, see [Using reverse DNS for email applications].
//
// [Using reverse DNS for email applications]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS
ResetAddressAttribute(ctx context.Context, params *ec2.ResetAddressAttributeInput, optFns ...func(*Options)) (*ec2.ResetAddressAttributeOutput, error)
// Resets the default KMS key for EBS encryption for your account in this Region
// to the Amazon Web Services managed KMS key for EBS.
//
// After resetting the default KMS key to the Amazon Web Services managed KMS key,
// you can continue to encrypt by a customer managed KMS key by specifying it when
// you create the volume. For more information, see [Amazon EBS encryption]in the Amazon EBS User Guide.
//
// [Amazon EBS encryption]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html
ResetEbsDefaultKmsKeyId(ctx context.Context, params *ec2.ResetEbsDefaultKmsKeyIdInput, optFns ...func(*Options)) (*ec2.ResetEbsDefaultKmsKeyIdOutput, error)
// Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its
// default value. You can only reset the load permission attribute.
ResetFpgaImageAttribute(ctx context.Context, params *ec2.ResetFpgaImageAttributeInput, optFns ...func(*Options)) (*ec2.ResetFpgaImageAttributeOutput, error)
// Resets an attribute of an AMI to its default value.
ResetImageAttribute(ctx context.Context, params *ec2.ResetImageAttributeInput, optFns ...func(*Options)) (*ec2.ResetImageAttributeOutput, error)
// Resets an attribute of an instance to its default value. To reset the kernel or
// ramdisk , the instance must be in a stopped state. To reset the sourceDestCheck
// , the instance can be either running or stopped.
//
// The sourceDestCheck attribute controls whether source/destination checking is
// enabled. The default value is true , which means checking is enabled. This value
// must be false for a NAT instance to perform NAT. For more information, see [NAT instances] in
// the Amazon VPC User Guide.
//
// [NAT instances]: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html
ResetInstanceAttribute(ctx context.Context, params *ec2.ResetInstanceAttributeInput, optFns ...func(*Options)) (*ec2.ResetInstanceAttributeOutput, error)
// Resets a network interface attribute. You can specify only one attribute at a
// time.
ResetNetworkInterfaceAttribute(ctx context.Context, params *ec2.ResetNetworkInterfaceAttributeInput, optFns ...func(*Options)) (*ec2.ResetNetworkInterfaceAttributeOutput, error)
// Resets permission settings for the specified snapshot.
//
// For more information about modifying snapshot permissions, see [Share a snapshot] in the Amazon
// EBS User Guide.
//
// [Share a snapshot]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-modifying-snapshot-permissions.html
ResetSnapshotAttribute(ctx context.Context, params *ec2.ResetSnapshotAttributeInput, optFns ...func(*Options)) (*ec2.ResetSnapshotAttributeOutput, error)
// This action is deprecated.
//
// Restores an Elastic IP address that was previously moved to the EC2-VPC
// platform back to the EC2-Classic platform. You cannot move an Elastic IP address
// that was originally allocated for use in EC2-VPC. The Elastic IP address must
// not be associated with an instance or network interface.
RestoreAddressToClassic(ctx context.Context, params *ec2.RestoreAddressToClassicInput, optFns ...func(*Options)) (*ec2.RestoreAddressToClassicOutput, error)
// Restores an AMI from the Recycle Bin. For more information, see [Recover deleted Amazon EBS snapshots and EBS-back AMIs with Recycle Bin] in the Amazon
// EC2 User Guide.
//
// [Recover deleted Amazon EBS snapshots and EBS-back AMIs with Recycle Bin]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html
RestoreImageFromRecycleBin(ctx context.Context, params *ec2.RestoreImageFromRecycleBinInput, optFns ...func(*Options)) (*ec2.RestoreImageFromRecycleBinOutput, error)
// Restores the entries from a previous version of a managed prefix list to a new
// version of the prefix list.
RestoreManagedPrefixListVersion(ctx context.Context, params *ec2.RestoreManagedPrefixListVersionInput, optFns ...func(*Options)) (*ec2.RestoreManagedPrefixListVersionOutput, error)
// Restores a snapshot from the Recycle Bin. For more information, see [Restore snapshots from the Recycle Bin] in the
// Amazon EBS User Guide.
//
// [Restore snapshots from the Recycle Bin]: https://docs.aws.amazon.com/ebs/latest/userguide/recycle-bin-working-with-snaps.html#recycle-bin-restore-snaps
RestoreSnapshotFromRecycleBin(ctx context.Context, params *ec2.RestoreSnapshotFromRecycleBinInput, optFns ...func(*Options)) (*ec2.RestoreSnapshotFromRecycleBinOutput, error)
// Restores an archived Amazon EBS snapshot for use temporarily or permanently, or
// modifies the restore period or restore type for a snapshot that was previously
// temporarily restored.
//
// For more information see [Restore an archived snapshot] and [modify the restore period or restore type for a temporarily restored snapshot] in the Amazon EBS User Guide.
//
// [Restore an archived snapshot]: https://docs.aws.amazon.com/ebs/latest/userguide/working-with-snapshot-archiving.html#restore-archived-snapshot
// [modify the restore period or restore type for a temporarily restored snapshot]: https://docs.aws.amazon.com/ebs/latest/userguide/working-with-snapshot-archiving.html#modify-temp-restore-period
RestoreSnapshotTier(ctx context.Context, params *ec2.RestoreSnapshotTierInput, optFns ...func(*Options)) (*ec2.RestoreSnapshotTierOutput, error)
// Removes an ingress authorization rule from a Client VPN endpoint.
RevokeClientVpnIngress(ctx context.Context, params *ec2.RevokeClientVpnIngressInput, optFns ...func(*Options)) (*ec2.RevokeClientVpnIngressOutput, error)
// Removes the specified outbound (egress) rules from the specified security group.
//
// You can specify rules using either rule IDs or security group rule properties.
// If you use rule properties, the values that you specify (for example, ports)
// must match the existing rule's values exactly. Each rule has a protocol, from
// and to ports, and destination (CIDR range, security group, or prefix list). For
// the TCP and UDP protocols, you must also specify the destination port or range
// of ports. For the ICMP protocol, you must also specify the ICMP type and code.
// If the security group rule has a description, you do not need to specify the
// description to revoke the rule.
//
// For a default VPC, if the values you specify do not match the existing rule's
// values, no error is returned, and the output describes the security group rules
// that were not revoked.
//
// Amazon Web Services recommends that you describe the security group to verify
// that the rules were removed.
//
// Rule changes are propagated to instances within the security group as quickly
// as possible. However, a small delay might occur.
RevokeSecurityGroupEgress(ctx context.Context, params *ec2.RevokeSecurityGroupEgressInput, optFns ...func(*Options)) (*ec2.RevokeSecurityGroupEgressOutput, error)
// Removes the specified inbound (ingress) rules from a security group.
//
// You can specify rules using either rule IDs or security group rule properties.
// If you use rule properties, the values that you specify (for example, ports)
// must match the existing rule's values exactly. Each rule has a protocol, from
// and to ports, and source (CIDR range, security group, or prefix list). For the
// TCP and UDP protocols, you must also specify the destination port or range of
// ports. For the ICMP protocol, you must also specify the ICMP type and code. If
// the security group rule has a description, you do not need to specify the
// description to revoke the rule.
//
// For a default VPC, if the values you specify do not match the existing rule's
// values, no error is returned, and the output describes the security group rules
// that were not revoked.
//
// For a non-default VPC, if the values you specify do not match the existing
// rule's values, an InvalidPermission.NotFound client error is returned, and no
// rules are revoked.
//
// Amazon Web Services recommends that you describe the security group to verify
// that the rules were removed.
//
// Rule changes are propagated to instances within the security group as quickly
// as possible. However, a small delay might occur.
RevokeSecurityGroupIngress(ctx context.Context, params *ec2.RevokeSecurityGroupIngressInput, optFns ...func(*Options)) (*ec2.RevokeSecurityGroupIngressOutput, error)
// Launches the specified number of instances using an AMI for which you have
// permissions.
//
// You can specify a number of options, or leave the default options. The
// following rules apply:
//
// - If you don't specify a subnet ID, we choose a default subnet from your
// default VPC for you. If you don't have a default VPC, you must specify a subnet
// ID in the request.
//
// - All instances have a network interface with a primary private IPv4 address.
// If you don't specify this address, we choose one from the IPv4 range of your
// subnet.
//
// - Not all instance types support IPv6 addresses. For more information, see [Instance types].
//
// - If you don't specify a security group ID, we use the default security group
// for the VPC. For more information, see [Security groups].
//
// - If any of the AMIs have a product code attached for which the user has not
// subscribed, the request fails.
//
// You can create a [launch template], which is a resource that contains the parameters to launch
// an instance. When you launch an instance using RunInstances, you can specify the launch
// template instead of specifying the launch parameters.
//
// To ensure faster instance launches, break up large requests into smaller
// batches. For example, create five separate launch requests for 100 instances
// each instead of one launch request for 500 instances.
//
// RunInstances is subject to both request rate limiting and resource rate
// limiting. For more information, see [Request throttling].
//
// An instance is ready for you to use when it's in the running state. You can
// check the state of your instance using DescribeInstances. You can tag instances and EBS volumes
// during launch, after launch, or both. For more information, see CreateTagsand [Tagging your Amazon EC2 resources].
//
// Linux instances have access to the public key of the key pair at boot. You can
// use this key to provide secure access to the instance. Amazon EC2 public images
// use this feature to provide secure access without passwords. For more
// information, see [Key pairs].
//
// For troubleshooting, see [What to do if an instance immediately terminates], and [Troubleshooting connecting to your instance].
//
// [Key pairs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
// [What to do if an instance immediately terminates]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html
// [Tagging your Amazon EC2 resources]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
// [launch template]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html
// [Security groups]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
// [Request throttling]: https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-throttling.html
// [Instance types]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html
// [Troubleshooting connecting to your instance]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html
RunInstances(ctx context.Context, params *ec2.RunInstancesInput, optFns ...func(*Options)) (*ec2.RunInstancesOutput, error)
// Launches the specified Scheduled Instances.
//
// Before you can launch a Scheduled Instance, you must purchase it and obtain an
// identifier using PurchaseScheduledInstances.
//
// You must launch a Scheduled Instance during its scheduled time period. You
// can't stop or reboot a Scheduled Instance, but you can terminate it as needed.
// If you terminate a Scheduled Instance before the current scheduled time period
// ends, you can launch it again after a few minutes.
RunScheduledInstances(ctx context.Context, params *ec2.RunScheduledInstancesInput, optFns ...func(*Options)) (*ec2.RunScheduledInstancesOutput, error)
// Searches for routes in the specified local gateway route table.
SearchLocalGatewayRoutes(ctx context.Context, params *ec2.SearchLocalGatewayRoutesInput, optFns ...func(*Options)) (*ec2.SearchLocalGatewayRoutesOutput, error)
// Searches one or more transit gateway multicast groups and returns the group
// membership information.
SearchTransitGatewayMulticastGroups(ctx context.Context, params *ec2.SearchTransitGatewayMulticastGroupsInput, optFns ...func(*Options)) (*ec2.SearchTransitGatewayMulticastGroupsOutput, error)
// Searches for routes in the specified transit gateway route table.
SearchTransitGatewayRoutes(ctx context.Context, params *ec2.SearchTransitGatewayRoutesInput, optFns ...func(*Options)) (*ec2.SearchTransitGatewayRoutesOutput, error)
// Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a
// kernel panic (on Linux instances), or a blue screen/stop error (on Windows
// instances). For instances based on Intel and AMD processors, the interrupt is
// received as a non-maskable interrupt (NMI).
//
// In general, the operating system crashes and reboots when a kernel panic or
// stop error is triggered. The operating system can also be configured to perform
// diagnostic tasks, such as generating a memory dump file, loading a secondary
// kernel, or obtaining a call trace.
//
// Before sending a diagnostic interrupt to your instance, ensure that its
// operating system is configured to perform the required diagnostic tasks.
//
// For more information about configuring your operating system to generate a
// crash dump when a kernel panic or stop error occurs, see [Send a diagnostic interrupt (for advanced users)]in the Amazon EC2 User
// Guide.
//
// [Send a diagnostic interrupt (for advanced users)]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/diagnostic-interrupt.html
SendDiagnosticInterrupt(ctx context.Context, params *ec2.SendDiagnosticInterruptInput, optFns ...func(*Options)) (*ec2.SendDiagnosticInterruptOutput, error)
// Generates an account status report. The report is generated asynchronously, and
// can take several hours to complete.
//
// The report provides the current status of all attributes supported by
// declarative policies for the accounts within the specified scope. The scope is
// determined by the specified TargetId , which can represent an individual
// account, or all the accounts that fall under the specified organizational unit
// (OU) or root (the entire Amazon Web Services Organization).
//
// The report is saved to your specified S3 bucket, using the following path
// structure (with the capitalized placeholders representing your specific values):
//
// s3://AMZN-S3-DEMO-BUCKET/YOUR-OPTIONAL-S3-PREFIX/ec2_TARGETID_REPORTID_YYYYMMDDTHHMMZ.csv
//
// Prerequisites for generating a report
//
// - The StartDeclarativePoliciesReport API can only be called by the management
// account or delegated administrators for the organization.
//
// - An S3 bucket must be available before generating the report (you can create
// a new one or use an existing one), it must be in the same Region where the
// report generation request is made, and it must have an appropriate bucket
// policy. For a sample S3 policy, see Sample Amazon S3 policy under [Examples].
//
// - Trusted access must be enabled for the service for which the declarative
// policy will enforce a baseline configuration. If you use the Amazon Web Services
// Organizations console, this is done automatically when you enable declarative
// policies. The API uses the following service principal to identify the EC2
// service: ec2.amazonaws.com . For more information on how to enable trusted
// access with the Amazon Web Services CLI and Amazon Web Services SDKs, see [Using Organizations with other Amazon Web Services services]in
// the Amazon Web Services Organizations User Guide.
//
// - Only one report per organization can be generated at a time. Attempting to
// generate a report while another is in progress will result in an error.
//
// For more information, including the required IAM permissions to run this API,
// see [Generating the account status report for declarative policies]in the Amazon Web Services Organizations User Guide.
//
// [Generating the account status report for declarative policies]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative_status-report.html
// [Using Organizations with other Amazon Web Services services]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
// [Examples]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_StartDeclarativePoliciesReport.html#API_StartDeclarativePoliciesReport_Examples
StartDeclarativePoliciesReport(ctx context.Context, params *ec2.StartDeclarativePoliciesReportInput, optFns ...func(*Options)) (*ec2.StartDeclarativePoliciesReportOutput, error)
// Starts an Amazon EBS-backed instance that you've previously stopped.
//
// Instances that use Amazon EBS volumes as their root devices can be quickly
// stopped and started. When an instance is stopped, the compute resources are
// released and you are not billed for instance usage. However, your root partition
// Amazon EBS volume remains and continues to persist your data, and you are
// charged for Amazon EBS volume usage. You can restart your instance at any time.
// Every time you start your instance, Amazon EC2 charges a one-minute minimum for
// instance usage, and thereafter charges per second for instance usage.
//
// Before stopping an instance, make sure it is in a state from which it can be
// restarted. Stopping an instance does not preserve data stored in RAM.
//
// Performing this operation on an instance that uses an instance store as its
// root device returns an error.
//
// If you attempt to start a T3 instance with host tenancy and the unlimited CPU
// credit option, the request fails. The unlimited CPU credit option is not
// supported on Dedicated Hosts. Before you start the instance, either change its
// CPU credit option to standard , or change its tenancy to default or dedicated .
//
// For more information, see [Stop and start Amazon EC2 instances] in the Amazon EC2 User Guide.
//
// [Stop and start Amazon EC2 instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html
StartInstances(ctx context.Context, params *ec2.StartInstancesInput, optFns ...func(*Options)) (*ec2.StartInstancesOutput, error)
// Starts analyzing the specified Network Access Scope.
StartNetworkInsightsAccessScopeAnalysis(ctx context.Context, params *ec2.StartNetworkInsightsAccessScopeAnalysisInput, optFns ...func(*Options)) (*ec2.StartNetworkInsightsAccessScopeAnalysisOutput, error)
// Starts analyzing the specified path. If the path is reachable, the operation
// returns the shortest feasible path.
StartNetworkInsightsAnalysis(ctx context.Context, params *ec2.StartNetworkInsightsAnalysisInput, optFns ...func(*Options)) (*ec2.StartNetworkInsightsAnalysisOutput, error)
// Initiates the verification process to prove that the service provider owns the
// private DNS name domain for the endpoint service.
//
// The service provider must successfully perform the verification before the
// consumer can use the name to access the service.
//
// Before the service provider runs this command, they must add a record to the
// DNS server.
StartVpcEndpointServicePrivateDnsVerification(ctx context.Context, params *ec2.StartVpcEndpointServicePrivateDnsVerificationInput, optFns ...func(*Options)) (*ec2.StartVpcEndpointServicePrivateDnsVerificationOutput, error)
// Stops an Amazon EBS-backed instance. You can restart your instance at any time
// using the [StartInstances]API. For more information, see [Stop and start Amazon EC2 instances] in the Amazon EC2 User Guide.
//
// When you stop or hibernate an instance, we shut it down. By default, this
// includes a graceful operating system (OS) shutdown. To bypass the graceful
// shutdown, use the skipOsShutdown parameter; however, this might risk data
// integrity.
//
// You can use the StopInstances operation together with the Hibernate parameter
// to hibernate an instance if the instance is [enabled for hibernation]and meets the [hibernation prerequisites]. Stopping an
// instance doesn't preserve data stored in RAM, while hibernation does. If
// hibernation fails, a normal shutdown occurs. For more information, see [Hibernate your Amazon EC2 instance]in the
// Amazon EC2 User Guide.
//
// If your instance appears stuck in the stopping state, there might be an issue
// with the underlying host computer. You can use the StopInstances operation
// together with the Force parameter to force stop your instance. For more
// information, see [Troubleshoot Amazon EC2 instance stop issues]in the Amazon EC2 User Guide.
//
// Stopping and hibernating an instance differs from rebooting or terminating it.
// For example, a stopped or hibernated instance retains its root volume and any
// data volumes, unlike terminated instances where these volumes are automatically
// deleted. For more information about the differences between stopping,
// hibernating, rebooting, and terminating instances, see [Amazon EC2 instance state changes]in the Amazon EC2 User
// Guide.
//
// We don't charge for instance usage or data transfer fees when an instance is
// stopped. However, the root volume and any data volumes remain and continue to
// persist your data, and you're charged for volume usage. Every time you start
// your instance, Amazon EC2 charges a one-minute minimum for instance usage,
// followed by per-second billing.
//
// You can't stop or hibernate instance store-backed instances.
//
// [Troubleshoot Amazon EC2 instance stop issues]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesStopping.html
// [Stop and start Amazon EC2 instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html
// [Hibernate your Amazon EC2 instance]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html
// [Amazon EC2 instance state changes]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html
// [enabled for hibernation]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enabling-hibernation.html
// [StartInstances]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_StartInstances.html
// [hibernation prerequisites]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html
StopInstances(ctx context.Context, params *ec2.StopInstancesInput, optFns ...func(*Options)) (*ec2.StopInstancesOutput, error)
// Terminates active Client VPN endpoint connections. This action can be used to
// terminate a specific client connection, or up to five connections established by
// a specific user.
TerminateClientVpnConnections(ctx context.Context, params *ec2.TerminateClientVpnConnectionsInput, optFns ...func(*Options)) (*ec2.TerminateClientVpnConnectionsOutput, error)
// Terminates (deletes) the specified instances. This operation is [idempotent]; if you
// terminate an instance more than once, each call succeeds.
//
// Terminating an instance is permanent and irreversible.
//
// After you terminate an instance, you can no longer connect to it, and it can't
// be recovered. All attached Amazon EBS volumes that are configured to be deleted
// on termination are also permanently deleted and can't be recovered. All data
// stored on instance store volumes is permanently lost. For more information, see [How instance termination works]
// .
//
// Before you terminate an instance, ensure that you have backed up all data that
// you need to retain after the termination to persistent storage.
//
// If you specify multiple instances and the request fails (for example, because
// of a single incorrect instance ID), none of the instances are terminated.
//
// If you terminate multiple instances across multiple Availability Zones, and one
// or more of the specified instances are enabled for termination protection, the
// request fails with the following results:
//
// - The specified instances that are in the same Availability Zone as the
// protected instance are not terminated.
//
// - The specified instances that are in different Availability Zones, where no
// other specified instances are protected, are successfully terminated.
//
// For example, say you have the following instances:
//
// - Instance A: us-east-1a ; Not protected
//
// - Instance B: us-east-1a ; Not protected
//
// - Instance C: us-east-1b ; Protected
//
// - Instance D: us-east-1b ; not protected
//
// If you attempt to terminate all of these instances in the same request, the
// request reports failure with the following results:
//
// - Instance A and Instance B are successfully terminated because none of the
// specified instances in us-east-1a are enabled for termination protection.
//
// - Instance C and Instance D fail to terminate because at least one of the
// specified instances in us-east-1b (Instance C) is enabled for termination
// protection.
//
// Terminated instances remain visible after termination (for approximately one
// hour).
//
// By default, Amazon EC2 deletes all EBS volumes that were attached when the
// instance launched. Volumes attached after instance launch continue running.
//
// By default, the TerminateInstances operation includes a graceful operating
// system (OS) shutdown. To bypass the graceful shutdown, use the skipOsShutdown
// parameter; however, this might risk data integrity.
//
// You can stop, start, and terminate EBS-backed instances. You can only terminate
// instance store-backed instances. What happens to an instance differs if you stop
// or terminate it. For example, when you stop an instance, the root device and any
// other devices attached to the instance persist. When you terminate an instance,
// any attached EBS volumes with the DeleteOnTermination block device mapping
// parameter set to true are automatically deleted. For more information about the
// differences between stopping and terminating instances, see [Amazon EC2 instance state changes]in the Amazon EC2
// User Guide.
//
// When you terminate an instance, we attempt to terminate it forcibly after a
// short while. If your instance appears stuck in the shutting-down state after a
// period of time, there might be an issue with the underlying host computer. For
// more information about terminating and troubleshooting terminating your
// instances, see [Terminate Amazon EC2 instances]and [Troubleshooting terminating your instance] in the Amazon EC2 User Guide.
//
// [idempotent]: https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html
// [How instance termination works]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-ec2-instance-termination-works.html
// [Troubleshooting terminating your instance]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesShuttingDown.html
// [Amazon EC2 instance state changes]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html
// [Terminate Amazon EC2 instances]: https://docs.aws.amazon.com/
TerminateInstances(ctx context.Context, params *ec2.TerminateInstancesInput, optFns ...func(*Options)) (*ec2.TerminateInstancesOutput, error)
// Unassigns the specified IPv6 addresses or Prefix Delegation prefixes from a
// network interface.
UnassignIpv6Addresses(ctx context.Context, params *ec2.UnassignIpv6AddressesInput, optFns ...func(*Options)) (*ec2.UnassignIpv6AddressesOutput, error)
// Unassigns the specified secondary private IP addresses or IPv4 Prefix
// Delegation prefixes from a network interface.
UnassignPrivateIpAddresses(ctx context.Context, params *ec2.UnassignPrivateIpAddressesInput, optFns ...func(*Options)) (*ec2.UnassignPrivateIpAddressesOutput, error)
// Unassigns secondary private IPv4 addresses from a private NAT gateway. You
// cannot unassign your primary private IP. For more information, see [Edit secondary IP address associations]in the
// Amazon VPC User Guide.
//
// While unassigning is in progress, you cannot assign/unassign additional IP
// addresses while the connections are being drained. You are, however, allowed to
// delete the NAT gateway.
//
// A private IP address will only be released at the end of
// MaxDrainDurationSeconds. The private IP addresses stay associated and support
// the existing connections, but do not support any new connections (new
// connections are distributed across the remaining assigned private IP address).
// After the existing connections drain out, the private IP addresses are released.
//
// [Edit secondary IP address associations]: https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html#nat-gateway-edit-secondary
UnassignPrivateNatGatewayAddress(ctx context.Context, params *ec2.UnassignPrivateNatGatewayAddressInput, optFns ...func(*Options)) (*ec2.UnassignPrivateNatGatewayAddressOutput, error)
// Unlocks a snapshot that is locked in governance mode or that is locked in
// compliance mode but still in the cooling-off period. You can't unlock a snapshot
// that is locked in compliance mode after the cooling-off period has expired.
UnlockSnapshot(ctx context.Context, params *ec2.UnlockSnapshotInput, optFns ...func(*Options)) (*ec2.UnlockSnapshotOutput, error)
// Disables detailed monitoring for a running instance. For more information, see [Monitoring your instances and volumes]
// in the Amazon EC2 User Guide.
//
// [Monitoring your instances and volumes]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html
UnmonitorInstances(ctx context.Context, params *ec2.UnmonitorInstancesInput, optFns ...func(*Options)) (*ec2.UnmonitorInstancesOutput, error)
// Updates the Organizations access setting for EC2 Capacity Manager. This
//
// controls whether Capacity Manager can aggregate data from all accounts in your
// Amazon Web Services Organization or only from the current account.
UpdateCapacityManagerOrganizationsAccess(ctx context.Context, params *ec2.UpdateCapacityManagerOrganizationsAccessInput, optFns ...func(*Options)) (*ec2.UpdateCapacityManagerOrganizationsAccessOutput, error)
// Updates the description of an egress (outbound) security group rule. You can
// replace an existing description, or add a description to a rule that did not
// have one previously. You can remove a description for a security group rule by
// omitting the description parameter in the request.
UpdateSecurityGroupRuleDescriptionsEgress(ctx context.Context, params *ec2.UpdateSecurityGroupRuleDescriptionsEgressInput, optFns ...func(*Options)) (*ec2.UpdateSecurityGroupRuleDescriptionsEgressOutput, error)
// Updates the description of an ingress (inbound) security group rule. You can
// replace an existing description, or add a description to a rule that did not
// have one previously. You can remove a description for a security group rule by
// omitting the description parameter in the request.
UpdateSecurityGroupRuleDescriptionsIngress(ctx context.Context, params *ec2.UpdateSecurityGroupRuleDescriptionsIngressInput, optFns ...func(*Options)) (*ec2.UpdateSecurityGroupRuleDescriptionsIngressOutput, error)
// Stops advertising an address range that is provisioned as an address pool.
//
// You can perform this operation at most once every 10 seconds, even if you
// specify different address ranges each time.
//
// It can take a few minutes before traffic to the specified addresses stops
// routing to Amazon Web Services because of BGP propagation delays.
WithdrawByoipCidr(ctx context.Context, params *ec2.WithdrawByoipCidrInput, optFns ...func(*Options)) (*ec2.WithdrawByoipCidrOutput, error)
}
EC2 provides an interface to the AWS EC2 service.
type EKS ¶ added in v0.98.0
type EKS interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() eks.Options
// Associates an access policy and its scope to an access entry. For more
// information about associating access policies, see [Associating and disassociating access policies to and from access entries]in the Amazon EKS User Guide.
//
// [Associating and disassociating access policies to and from access entries]: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html
AssociateAccessPolicy(ctx context.Context, params *eks.AssociateAccessPolicyInput, optFns ...func(*Options)) (*eks.AssociateAccessPolicyOutput, error)
// Associates an encryption configuration to an existing cluster.
//
// Use this API to enable encryption on existing clusters that don't already have
// encryption enabled. This allows you to implement a defense-in-depth security
// strategy without migrating applications to new Amazon EKS clusters.
AssociateEncryptionConfig(ctx context.Context, params *eks.AssociateEncryptionConfigInput, optFns ...func(*Options)) (*eks.AssociateEncryptionConfigOutput, error)
// Associates an identity provider configuration to a cluster.
//
// If you want to authenticate identities using an identity provider, you can
// create an identity provider configuration and associate it to your cluster.
// After configuring authentication to your cluster you can create Kubernetes Role
// and ClusterRole objects, assign permissions to them, and then bind them to the
// identities using Kubernetes RoleBinding and ClusterRoleBinding objects. For
// more information see [Using RBAC Authorization]in the Kubernetes documentation.
//
// [Using RBAC Authorization]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
AssociateIdentityProviderConfig(ctx context.Context, params *eks.AssociateIdentityProviderConfigInput, optFns ...func(*Options)) (*eks.AssociateIdentityProviderConfigOutput, error)
// Creates an access entry.
//
// An access entry allows an IAM principal to access your cluster. Access entries
// can replace the need to maintain entries in the aws-auth ConfigMap for
// authentication. You have the following options for authorizing an IAM principal
// to access Kubernetes objects on your cluster: Kubernetes role-based access
// control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you
// to create and manage Kubernetes Role , ClusterRole , RoleBinding , and
// ClusterRoleBinding objects, in addition to managing access entries. If you use
// Amazon EKS authorization exclusively, you don't need to create and manage
// Kubernetes Role , ClusterRole , RoleBinding , and ClusterRoleBinding objects.
//
// For more information about access entries, see [Access entries] in the Amazon EKS User Guide.
//
// [Access entries]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
CreateAccessEntry(ctx context.Context, params *eks.CreateAccessEntryInput, optFns ...func(*Options)) (*eks.CreateAccessEntryOutput, error)
// Creates an Amazon EKS add-on.
//
// Amazon EKS add-ons help to automate the provisioning and lifecycle management
// of common operational software for Amazon EKS clusters. For more information,
// see [Amazon EKS add-ons]in the Amazon EKS User Guide.
//
// [Amazon EKS add-ons]: https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
CreateAddon(ctx context.Context, params *eks.CreateAddonInput, optFns ...func(*Options)) (*eks.CreateAddonOutput, error)
// Creates an Amazon EKS control plane.
//
// The Amazon EKS control plane consists of control plane instances that run the
// Kubernetes software, such as etcd and the API server. The control plane runs in
// an account managed by Amazon Web Services, and the Kubernetes API is exposed by
// the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is
// single tenant and unique. It runs on its own set of Amazon EC2 instances.
//
// The cluster control plane is provisioned across multiple Availability Zones and
// fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also
// provisions elastic network interfaces in your VPC subnets to provide
// connectivity from the control plane instances to the nodes (for example, to
// support kubectl exec , logs , and proxy data flows).
//
// Amazon EKS nodes run in your Amazon Web Services account and connect to your
// cluster's control plane over the Kubernetes API server endpoint and a
// certificate file that is created for your cluster.
//
// You can use the endpointPublicAccess and endpointPrivateAccess parameters to
// enable or disable public and private access to your cluster's Kubernetes API
// server endpoint. By default, public access is enabled, and private access is
// disabled. The endpoint domain name and IP address family depends on the value of
// the ipFamily for the cluster. For more information, see [Amazon EKS Cluster Endpoint Access Control] in the Amazon EKS User
// Guide .
//
// You can use the logging parameter to enable or disable exporting the Kubernetes
// control plane logs for your cluster to CloudWatch Logs. By default, cluster
// control plane logs aren't exported to CloudWatch Logs. For more information, see
// [Amazon EKS Cluster Control Plane Logs]in the Amazon EKS User Guide .
//
// CloudWatch Logs ingestion, archive storage, and data scanning rates apply to
// exported control plane logs. For more information, see [CloudWatch Pricing].
//
// In most cases, it takes several minutes to create a cluster. After you create
// an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate
// with the API server and launch nodes into your cluster. For more information,
// see [Allowing users to access your cluster]and [Launching Amazon EKS nodes] in the Amazon EKS User Guide.
//
// [Allowing users to access your cluster]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html
// [CloudWatch Pricing]: http://aws.amazon.com/cloudwatch/pricing/
// [Amazon EKS Cluster Control Plane Logs]: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html
// [Amazon EKS Cluster Endpoint Access Control]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
// [Launching Amazon EKS nodes]: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
CreateCluster(ctx context.Context, params *eks.CreateClusterInput, optFns ...func(*Options)) (*eks.CreateClusterOutput, error)
// Creates an EKS Anywhere subscription. When a subscription is created, it is a
// contract agreement for the length of the term specified in the request. Licenses
// that are used to validate support are provisioned in Amazon Web Services License
// Manager and the caller account is granted access to EKS Anywhere Curated
// Packages.
CreateEksAnywhereSubscription(ctx context.Context, params *eks.CreateEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*eks.CreateEksAnywhereSubscriptionOutput, error)
// Creates an Fargate profile for your Amazon EKS cluster. You must have at least
// one Fargate profile in a cluster to be able to run pods on Fargate.
//
// The Fargate profile allows an administrator to declare which pods run on
// Fargate and specify which pods run on which Fargate profile. This declaration is
// done through the profile's selectors. Each profile can have up to five selectors
// that contain a namespace and labels. A namespace is required for every selector.
// The label field consists of multiple optional key-value pairs. Pods that match
// the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of
// the selectors in the Fargate profile, then that pod is run on Fargate.
//
// When you create a Fargate profile, you must specify a pod execution role to use
// with the pods that are scheduled with the profile. This role is added to the
// cluster's Kubernetes [Role Based Access Control](RBAC) for authorization so that the kubelet that is
// running on the Fargate infrastructure can register with your Amazon EKS cluster
// so that it can appear in your cluster as a node. The pod execution role also
// provides IAM permissions to the Fargate infrastructure to allow read access to
// Amazon ECR image repositories. For more information, see [Pod Execution Role]in the Amazon EKS User
// Guide.
//
// Fargate profiles are immutable. However, you can create a new updated profile
// to replace an existing profile and then delete the original after the updated
// profile has finished creating.
//
// If any Fargate profiles in a cluster are in the DELETING status, you must wait
// for that Fargate profile to finish deleting before you can create any other
// profiles in that cluster.
//
// For more information, see [Fargate profile] in the Amazon EKS User Guide.
//
// [Role Based Access Control]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
// [Fargate profile]: https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html
// [Pod Execution Role]: https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html
CreateFargateProfile(ctx context.Context, params *eks.CreateFargateProfileInput, optFns ...func(*Options)) (*eks.CreateFargateProfileOutput, error)
// Creates a managed node group for an Amazon EKS cluster.
//
// You can only create a node group for your cluster that is equal to the current
// Kubernetes version for the cluster. All node groups are created with the latest
// AMI release version for the respective minor Kubernetes version of the cluster,
// unless you deploy a custom AMI using a launch template.
//
// For later updates, you will only be able to update a node group using a launch
// template only if it was originally deployed with a launch template.
// Additionally, the launch template ID or name must match what was used when the
// node group was created. You can update the launch template version with
// necessary changes. For more information about using launch templates, see [Customizing managed nodes with launch templates].
//
// An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and
// associated Amazon EC2 instances that are managed by Amazon Web Services for an
// Amazon EKS cluster. For more information, see [Managed node groups]in the Amazon EKS User Guide.
//
// Windows AMI types are only supported for commercial Amazon Web Services Regions
// that support Windows on Amazon EKS.
//
// [Customizing managed nodes with launch templates]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
// [Managed node groups]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
CreateNodegroup(ctx context.Context, params *eks.CreateNodegroupInput, optFns ...func(*Options)) (*eks.CreateNodegroupOutput, error)
// Creates an EKS Pod Identity association between a service account in an Amazon
// EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give
// temporary IAM credentials to Pods and the credentials are rotated automatically.
//
// Amazon EKS Pod Identity associations provide the ability to manage credentials
// for your applications, similar to the way that Amazon EC2 instance profiles
// provide credentials to Amazon EC2 instances.
//
// If a Pod uses a service account that has an association, Amazon EKS sets
// environment variables in the containers of the Pod. The environment variables
// configure the Amazon Web Services SDKs, including the Command Line Interface, to
// use the EKS Pod Identity credentials.
//
// EKS Pod Identity is a simpler method than IAM roles for service accounts, as
// this method doesn't use OIDC identity providers. Additionally, you can configure
// a role for EKS Pod Identity once, and reuse it across clusters.
//
// Similar to Amazon Web Services IAM behavior, EKS Pod Identity associations are
// eventually consistent, and may take several seconds to be effective after the
// initial API call returns successfully. You must design your applications to
// account for these potential delays. We recommend that you don’t include
// association create/updates in the critical, high-availability code paths of your
// application. Instead, make changes in a separate initialization or setup routine
// that you run less frequently.
//
// You can set a target IAM role in the same or a different account for advanced
// scenarios. With a target role, EKS Pod Identity automatically performs two role
// assumptions in sequence: first assuming the role in the association that is in
// this account, then using those credentials to assume the target IAM role. This
// process provides your Pod with temporary credentials that have the permissions
// defined in the target role, allowing secure access to resources in another
// Amazon Web Services account.
CreatePodIdentityAssociation(ctx context.Context, params *eks.CreatePodIdentityAssociationInput, optFns ...func(*Options)) (*eks.CreatePodIdentityAssociationOutput, error)
// Deletes an access entry.
//
// Deleting an access entry of a type other than Standard can cause your cluster
// to function improperly. If you delete an access entry in error, you can recreate
// it.
DeleteAccessEntry(ctx context.Context, params *eks.DeleteAccessEntryInput, optFns ...func(*Options)) (*eks.DeleteAccessEntryOutput, error)
// Deletes an Amazon EKS add-on.
//
// When you remove an add-on, it's deleted from the cluster. You can always
// manually start an add-on on the cluster using the Kubernetes API.
DeleteAddon(ctx context.Context, params *eks.DeleteAddonInput, optFns ...func(*Options)) (*eks.DeleteAddonOutput, error)
// Deletes an Amazon EKS cluster control plane.
//
// If you have active services in your cluster that are associated with a load
// balancer, you must delete those services before deleting the cluster so that the
// load balancers are deleted properly. Otherwise, you can have orphaned resources
// in your VPC that prevent you from being able to delete the VPC. For more
// information, see [Deleting a cluster]in the Amazon EKS User Guide.
//
// If you have managed node groups or Fargate profiles attached to the cluster,
// you must delete them first. For more information, see DeleteNodgroup and
// DeleteFargateProfile .
//
// [Deleting a cluster]: https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html
DeleteCluster(ctx context.Context, params *eks.DeleteClusterInput, optFns ...func(*Options)) (*eks.DeleteClusterOutput, error)
// Deletes an expired or inactive subscription. Deleting inactive subscriptions
// removes them from the Amazon Web Services Management Console view and from
// list/describe API responses. Subscriptions can only be cancelled within 7 days
// of creation and are cancelled by creating a ticket in the Amazon Web Services
// Support Center.
DeleteEksAnywhereSubscription(ctx context.Context, params *eks.DeleteEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*eks.DeleteEksAnywhereSubscriptionOutput, error)
// Deletes an Fargate profile.
//
// When you delete a Fargate profile, any Pod running on Fargate that was created
// with the profile is deleted. If the Pod matches another Fargate profile, then
// it is scheduled on Fargate with that profile. If it no longer matches any
// Fargate profiles, then it's not scheduled on Fargate and may remain in a pending
// state.
//
// Only one Fargate profile in a cluster can be in the DELETING status at a time.
// You must wait for a Fargate profile to finish deleting before you can delete any
// other profiles in that cluster.
DeleteFargateProfile(ctx context.Context, params *eks.DeleteFargateProfileInput, optFns ...func(*Options)) (*eks.DeleteFargateProfileOutput, error)
// Deletes a managed node group.
DeleteNodegroup(ctx context.Context, params *eks.DeleteNodegroupInput, optFns ...func(*Options)) (*eks.DeleteNodegroupOutput, error)
// Deletes a EKS Pod Identity association.
//
// The temporary Amazon Web Services credentials from the previous IAM role
// session might still be valid until the session expiry. If you need to
// immediately revoke the temporary session credentials, then go to the role in the
// IAM console.
DeletePodIdentityAssociation(ctx context.Context, params *eks.DeletePodIdentityAssociationInput, optFns ...func(*Options)) (*eks.DeletePodIdentityAssociationOutput, error)
// Deregisters a connected cluster to remove it from the Amazon EKS control plane.
//
// A connected cluster is a Kubernetes cluster that you've connected to your
// control plane using the [Amazon EKS Connector].
//
// [Amazon EKS Connector]: https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
DeregisterCluster(ctx context.Context, params *eks.DeregisterClusterInput, optFns ...func(*Options)) (*eks.DeregisterClusterOutput, error)
// Describes an access entry.
DescribeAccessEntry(ctx context.Context, params *eks.DescribeAccessEntryInput, optFns ...func(*Options)) (*eks.DescribeAccessEntryOutput, error)
// Describes an Amazon EKS add-on.
DescribeAddon(ctx context.Context, params *eks.DescribeAddonInput, optFns ...func(*Options)) (*eks.DescribeAddonOutput, error)
// Returns configuration options.
DescribeAddonConfiguration(ctx context.Context, params *eks.DescribeAddonConfigurationInput, optFns ...func(*Options)) (*eks.DescribeAddonConfigurationOutput, error)
// Describes the versions for an add-on.
//
// Information such as the Kubernetes versions that you can use the add-on with,
// the owner , publisher , and the type of the add-on are returned.
DescribeAddonVersions(ctx context.Context, params *eks.DescribeAddonVersionsInput, optFns ...func(*Options)) (*eks.DescribeAddonVersionsOutput, error)
// Describes an Amazon EKS cluster.
//
// The API server endpoint and certificate authority data returned by this
// operation are required for kubelet and kubectl to communicate with your
// Kubernetes API server. For more information, see [Creating or updating a kubeconfig file for an Amazon EKS cluster]kubeconfig .
//
// The API server endpoint and certificate authority data aren't available until
// the cluster reaches the ACTIVE state.
//
// [Creating or updating a kubeconfig file for an Amazon EKS cluster]: https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
DescribeCluster(ctx context.Context, params *eks.DescribeClusterInput, optFns ...func(*Options)) (*eks.DescribeClusterOutput, error)
// Lists available Kubernetes versions for Amazon EKS clusters.
DescribeClusterVersions(ctx context.Context, params *eks.DescribeClusterVersionsInput, optFns ...func(*Options)) (*eks.DescribeClusterVersionsOutput, error)
// Returns descriptive information about a subscription.
DescribeEksAnywhereSubscription(ctx context.Context, params *eks.DescribeEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*eks.DescribeEksAnywhereSubscriptionOutput, error)
// Describes an Fargate profile.
DescribeFargateProfile(ctx context.Context, params *eks.DescribeFargateProfileInput, optFns ...func(*Options)) (*eks.DescribeFargateProfileOutput, error)
// Describes an identity provider configuration.
DescribeIdentityProviderConfig(ctx context.Context, params *eks.DescribeIdentityProviderConfigInput, optFns ...func(*Options)) (*eks.DescribeIdentityProviderConfigOutput, error)
// Returns details about an insight that you specify using its ID.
DescribeInsight(ctx context.Context, params *eks.DescribeInsightInput, optFns ...func(*Options)) (*eks.DescribeInsightOutput, error)
// Returns the status of the latest on-demand cluster insights refresh operation.
DescribeInsightsRefresh(ctx context.Context, params *eks.DescribeInsightsRefreshInput, optFns ...func(*Options)) (*eks.DescribeInsightsRefreshOutput, error)
// Describes a managed node group.
DescribeNodegroup(ctx context.Context, params *eks.DescribeNodegroupInput, optFns ...func(*Options)) (*eks.DescribeNodegroupOutput, error)
// Returns descriptive information about an EKS Pod Identity association.
//
// This action requires the ID of the association. You can get the ID from the
// response to the CreatePodIdentityAssocation for newly created associations. Or,
// you can list the IDs for associations with ListPodIdentityAssociations and
// filter the list by namespace or service account.
DescribePodIdentityAssociation(ctx context.Context, params *eks.DescribePodIdentityAssociationInput, optFns ...func(*Options)) (*eks.DescribePodIdentityAssociationOutput, error)
// Describes an update to an Amazon EKS resource.
//
// When the status of the update is Successful , the update is complete. If an
// update fails, the status is Failed , and an error detail explains the reason for
// the failure.
DescribeUpdate(ctx context.Context, params *eks.DescribeUpdateInput, optFns ...func(*Options)) (*eks.DescribeUpdateOutput, error)
// Disassociates an access policy from an access entry.
DisassociateAccessPolicy(ctx context.Context, params *eks.DisassociateAccessPolicyInput, optFns ...func(*Options)) (*eks.DisassociateAccessPolicyOutput, error)
// Disassociates an identity provider configuration from a cluster.
//
// If you disassociate an identity provider from your cluster, users included in
// the provider can no longer access the cluster. However, you can still access the
// cluster with IAM principals.
DisassociateIdentityProviderConfig(ctx context.Context, params *eks.DisassociateIdentityProviderConfigInput, optFns ...func(*Options)) (*eks.DisassociateIdentityProviderConfigOutput, error)
// Lists the access entries for your cluster.
ListAccessEntries(ctx context.Context, params *eks.ListAccessEntriesInput, optFns ...func(*Options)) (*eks.ListAccessEntriesOutput, error)
// Lists the available access policies.
ListAccessPolicies(ctx context.Context, params *eks.ListAccessPoliciesInput, optFns ...func(*Options)) (*eks.ListAccessPoliciesOutput, error)
// Lists the installed add-ons.
ListAddons(ctx context.Context, params *eks.ListAddonsInput, optFns ...func(*Options)) (*eks.ListAddonsOutput, error)
// Lists the access policies associated with an access entry.
ListAssociatedAccessPolicies(ctx context.Context, params *eks.ListAssociatedAccessPoliciesInput, optFns ...func(*Options)) (*eks.ListAssociatedAccessPoliciesOutput, error)
// Lists the Amazon EKS clusters in your Amazon Web Services account in the
// specified Amazon Web Services Region.
ListClusters(ctx context.Context, params *eks.ListClustersInput, optFns ...func(*Options)) (*eks.ListClustersOutput, error)
// Displays the full description of the subscription.
ListEksAnywhereSubscriptions(ctx context.Context, params *eks.ListEksAnywhereSubscriptionsInput, optFns ...func(*Options)) (*eks.ListEksAnywhereSubscriptionsOutput, error)
// Lists the Fargate profiles associated with the specified cluster in your Amazon
// Web Services account in the specified Amazon Web Services Region.
ListFargateProfiles(ctx context.Context, params *eks.ListFargateProfilesInput, optFns ...func(*Options)) (*eks.ListFargateProfilesOutput, error)
// Lists the identity provider configurations for your cluster.
ListIdentityProviderConfigs(ctx context.Context, params *eks.ListIdentityProviderConfigsInput, optFns ...func(*Options)) (*eks.ListIdentityProviderConfigsOutput, error)
// Returns a list of all insights checked for against the specified cluster. You
// can filter which insights are returned by category, associated Kubernetes
// version, and status. The default filter lists all categories and every status.
//
// The following lists the available categories:
//
// - UPGRADE_READINESS : Amazon EKS identifies issues that could impact your
// ability to upgrade to new versions of Kubernetes. These are called upgrade
// insights.
//
// - MISCONFIGURATION : Amazon EKS identifies misconfiguration in your EKS Hybrid
// Nodes setup that could impair functionality of your cluster or workloads. These
// are called configuration insights.
ListInsights(ctx context.Context, params *eks.ListInsightsInput, optFns ...func(*Options)) (*eks.ListInsightsOutput, error)
// Lists the managed node groups associated with the specified cluster in your
// Amazon Web Services account in the specified Amazon Web Services Region.
// Self-managed node groups aren't listed.
ListNodegroups(ctx context.Context, params *eks.ListNodegroupsInput, optFns ...func(*Options)) (*eks.ListNodegroupsOutput, error)
// List the EKS Pod Identity associations in a cluster. You can filter the list by
// the namespace that the association is in or the service account that the
// association uses.
ListPodIdentityAssociations(ctx context.Context, params *eks.ListPodIdentityAssociationsInput, optFns ...func(*Options)) (*eks.ListPodIdentityAssociationsOutput, error)
// List the tags for an Amazon EKS resource.
ListTagsForResource(ctx context.Context, params *eks.ListTagsForResourceInput, optFns ...func(*Options)) (*eks.ListTagsForResourceOutput, error)
// Lists the updates associated with an Amazon EKS resource in your Amazon Web
// Services account, in the specified Amazon Web Services Region.
ListUpdates(ctx context.Context, params *eks.ListUpdatesInput, optFns ...func(*Options)) (*eks.ListUpdatesOutput, error)
// Connects a Kubernetes cluster to the Amazon EKS control plane.
//
// Any Kubernetes cluster can be connected to the Amazon EKS control plane to view
// current information about the cluster and its nodes.
//
// Cluster connection requires two steps. First, send a [RegisterClusterRequest]RegisterClusterRequest to
// add it to the Amazon EKS control plane.
//
// Second, a [Manifest] containing the activationID and activationCode must be applied to
// the Kubernetes cluster through it's native provider to provide visibility.
//
// After the manifest is updated and applied, the connected cluster is visible to
// the Amazon EKS control plane. If the manifest isn't applied within three days,
// the connected cluster will no longer be visible and must be deregistered using
// DeregisterCluster .
//
// [RegisterClusterRequest]: https://docs.aws.amazon.com/eks/latest/APIReference/API_RegisterClusterRequest.html
// [Manifest]: https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml
RegisterCluster(ctx context.Context, params *eks.RegisterClusterInput, optFns ...func(*Options)) (*eks.RegisterClusterOutput, error)
// Initiates an on-demand refresh operation for cluster insights, getting the
// latest analysis outside of the standard refresh schedule.
StartInsightsRefresh(ctx context.Context, params *eks.StartInsightsRefreshInput, optFns ...func(*Options)) (*eks.StartInsightsRefreshOutput, error)
// Associates the specified tags to an Amazon EKS resource with the specified
// resourceArn . If existing tags on a resource are not specified in the request
// parameters, they aren't changed. When a resource is deleted, the tags associated
// with that resource are also deleted. Tags that you create for Amazon EKS
// resources don't propagate to any other resources associated with the cluster.
// For example, if you tag a cluster with this operation, that tag doesn't
// automatically propagate to the subnets and nodes associated with the cluster.
TagResource(ctx context.Context, params *eks.TagResourceInput, optFns ...func(*Options)) (*eks.TagResourceOutput, error)
// Deletes specified tags from an Amazon EKS resource.
UntagResource(ctx context.Context, params *eks.UntagResourceInput, optFns ...func(*Options)) (*eks.UntagResourceOutput, error)
// Updates an access entry.
UpdateAccessEntry(ctx context.Context, params *eks.UpdateAccessEntryInput, optFns ...func(*Options)) (*eks.UpdateAccessEntryOutput, error)
// Updates an Amazon EKS add-on.
UpdateAddon(ctx context.Context, params *eks.UpdateAddonInput, optFns ...func(*Options)) (*eks.UpdateAddonOutput, error)
// Updates an Amazon EKS cluster configuration. Your cluster continues to function
// during the update. The response output includes an update ID that you can use to
// track the status of your cluster update with DescribeUpdate .
//
// You can use this operation to do the following actions:
//
// - You can use this API operation to enable or disable exporting the
// Kubernetes control plane logs for your cluster to CloudWatch Logs. By default,
// cluster control plane logs aren't exported to CloudWatch Logs. For more
// information, see [Amazon EKS Cluster control plane logs]in the Amazon EKS User Guide .
//
// CloudWatch Logs ingestion, archive storage, and data scanning rates apply to
//
// exported control plane logs. For more information, see [CloudWatch Pricing].
//
// - You can also use this API operation to enable or disable public and private
// access to your cluster's Kubernetes API server endpoint. By default, public
// access is enabled, and private access is disabled. For more information, see [Cluster API server endpoint]
// in the Amazon EKS User Guide .
//
// - You can also use this API operation to choose different subnets and
// security groups for the cluster. You must specify at least two subnets that are
// in different Availability Zones. You can't change which VPC the subnets are
// from, the subnets must be in the same VPC as the subnets that the cluster was
// created with. For more information about the VPC requirements, see [https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html]in the
// Amazon EKS User Guide .
//
// - You can also use this API operation to enable or disable ARC zonal shift.
// If zonal shift is enabled, Amazon Web Services configures zonal autoshift for
// the cluster.
//
// - You can also use this API operation to add, change, or remove the
// configuration in the cluster for EKS Hybrid Nodes. To remove the configuration,
// use the remoteNetworkConfig key with an object containing both subkeys with
// empty arrays for each. Here is an inline example: "remoteNetworkConfig": {
// "remoteNodeNetworks": [], "remotePodNetworks": [] } .
//
// Cluster updates are asynchronous, and they should finish within a few minutes.
// During an update, the cluster status moves to UPDATING (this status transition
// is eventually consistent). When the update is complete (either Failed or
// Successful ), the cluster status moves to Active .
//
// [Amazon EKS Cluster control plane logs]: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html
//
// [Cluster API server endpoint]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
// [CloudWatch Pricing]: http://aws.amazon.com/cloudwatch/pricing/
// [https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html]: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html
UpdateClusterConfig(ctx context.Context, params *eks.UpdateClusterConfigInput, optFns ...func(*Options)) (*eks.UpdateClusterConfigOutput, error)
// Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster
// continues to function during the update. The response output includes an update
// ID that you can use to track the status of your cluster update with the [DescribeUpdate]
// DescribeUpdate API operation.
//
// Cluster updates are asynchronous, and they should finish within a few minutes.
// During an update, the cluster status moves to UPDATING (this status transition
// is eventually consistent). When the update is complete (either Failed or
// Successful ), the cluster status moves to Active .
//
// If your cluster has managed node groups attached to it, all of your node
// groups' Kubernetes versions must match the cluster's Kubernetes version in order
// to update the cluster to a new Kubernetes version.
//
// [DescribeUpdate]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeUpdate.html
UpdateClusterVersion(ctx context.Context, params *eks.UpdateClusterVersionInput, optFns ...func(*Options)) (*eks.UpdateClusterVersionOutput, error)
// Update an EKS Anywhere Subscription. Only auto renewal and tags can be updated
// after subscription creation.
UpdateEksAnywhereSubscription(ctx context.Context, params *eks.UpdateEksAnywhereSubscriptionInput, optFns ...func(*Options)) (*eks.UpdateEksAnywhereSubscriptionOutput, error)
// Updates an Amazon EKS managed node group configuration. Your node group
// continues to function during the update. The response output includes an update
// ID that you can use to track the status of your node group update with the [DescribeUpdate]
// DescribeUpdate API operation. You can update the Kubernetes labels and taints
// for a node group and the scaling and version update configuration.
//
// [DescribeUpdate]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeUpdate.html
UpdateNodegroupConfig(ctx context.Context, params *eks.UpdateNodegroupConfigInput, optFns ...func(*Options)) (*eks.UpdateNodegroupConfigOutput, error)
// Updates the Kubernetes version or AMI version of an Amazon EKS managed node
// group.
//
// You can update a node group using a launch template only if the node group was
// originally deployed with a launch template. Additionally, the launch template ID
// or name must match what was used when the node group was created. You can update
// the launch template version with necessary changes.
//
// If you need to update a custom AMI in a node group that was deployed with a
// launch template, then update your custom AMI, specify the new ID in a new
// version of the launch template, and then update the node group to the new
// version of the launch template.
//
// If you update without a launch template, then you can update to the latest
// available AMI version of a node group's current Kubernetes version by not
// specifying a Kubernetes version in the request. You can update to the latest AMI
// version of your cluster's current Kubernetes version by specifying your
// cluster's Kubernetes version in the request. For information about Linux
// versions, see [Amazon EKS optimized Amazon Linux AMI versions]in the Amazon EKS User Guide. For information about Windows
// versions, see [Amazon EKS optimized Windows AMI versions]in the Amazon EKS User Guide.
//
// You cannot roll back a node group to an earlier Kubernetes version or AMI
// version.
//
// When a node in a managed node group is terminated due to a scaling action or
// update, every Pod on that node is drained first. Amazon EKS attempts to drain
// the nodes gracefully and will fail if it is unable to do so. You can force the
// update if Amazon EKS is unable to drain the nodes as a result of a Pod
// disruption budget issue.
//
// [Amazon EKS optimized Amazon Linux AMI versions]: https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html
// [Amazon EKS optimized Windows AMI versions]: https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html
UpdateNodegroupVersion(ctx context.Context, params *eks.UpdateNodegroupVersionInput, optFns ...func(*Options)) (*eks.UpdateNodegroupVersionOutput, error)
// Updates a EKS Pod Identity association. In an update, you can change the IAM
// role, the target IAM role, or disableSessionTags . You must change at least one
// of these in an update. An association can't be moved between clusters,
// namespaces, or service accounts. If you need to edit the namespace or service
// account, you need to delete the association and then create a new association
// with your desired settings.
//
// Similar to Amazon Web Services IAM behavior, EKS Pod Identity associations are
// eventually consistent, and may take several seconds to be effective after the
// initial API call returns successfully. You must design your applications to
// account for these potential delays. We recommend that you don’t include
// association create/updates in the critical, high-availability code paths of your
// application. Instead, make changes in a separate initialization or setup routine
// that you run less frequently.
//
// You can set a target IAM role in the same or a different account for advanced
// scenarios. With a target role, EKS Pod Identity automatically performs two role
// assumptions in sequence: first assuming the role in the association that is in
// this account, then using those credentials to assume the target IAM role. This
// process provides your Pod with temporary credentials that have the permissions
// defined in the target role, allowing secure access to resources in another
// Amazon Web Services account.
UpdatePodIdentityAssociation(ctx context.Context, params *eks.UpdatePodIdentityAssociationInput, optFns ...func(*Options)) (*eks.UpdatePodIdentityAssociationOutput, error)
}
EKS provides an interface to the AWS EKS service.
type ELB ¶ added in v0.91.0
type ELB interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() elasticloadbalancing.Options
// Adds the specified tags to the specified load balancer. Each load balancer can
// have a maximum of 10 tags.
//
// Each tag consists of a key and an optional value. If a tag with the same key is
// already associated with the load balancer, AddTags updates its value.
//
// For more information, see [Tag Your Classic Load Balancer] in the Classic Load Balancers Guide.
//
// [Tag Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/add-remove-tags.html
AddTags(ctx context.Context, params *elasticloadbalancing.AddTagsInput, optFns ...func(*Options)) (*elasticloadbalancing.AddTagsOutput, error)
// Associates one or more security groups with your load balancer in a virtual
// private cloud (VPC). The specified security groups override the previously
// associated security groups.
//
// For more information, see [Security Groups for Load Balancers in a VPC] in the Classic Load Balancers Guide.
//
// [Security Groups for Load Balancers in a VPC]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-security-groups
ApplySecurityGroupsToLoadBalancer(ctx context.Context, params *elasticloadbalancing.ApplySecurityGroupsToLoadBalancerInput, optFns ...func(*Options)) (*elasticloadbalancing.ApplySecurityGroupsToLoadBalancerOutput, error)
// Adds one or more subnets to the set of configured subnets for the specified
// load balancer.
//
// The load balancer evenly distributes requests across all registered subnets.
// For more information, see [Add or Remove Subnets for Your Load Balancer in a VPC]in the Classic Load Balancers Guide.
//
// [Add or Remove Subnets for Your Load Balancer in a VPC]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html
AttachLoadBalancerToSubnets(ctx context.Context, params *elasticloadbalancing.AttachLoadBalancerToSubnetsInput, optFns ...func(*Options)) (*elasticloadbalancing.AttachLoadBalancerToSubnetsOutput, error)
// Specifies the health check settings to use when evaluating the health state of
// your EC2 instances.
//
// For more information, see [Configure Health Checks for Your Load Balancer] in the Classic Load Balancers Guide.
//
// [Configure Health Checks for Your Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html
ConfigureHealthCheck(ctx context.Context, params *elasticloadbalancing.ConfigureHealthCheckInput, optFns ...func(*Options)) (*elasticloadbalancing.ConfigureHealthCheckOutput, error)
// Generates a stickiness policy with sticky session lifetimes that follow that of
// an application-generated cookie. This policy can be associated only with
// HTTP/HTTPS listeners.
//
// This policy is similar to the policy created by CreateLBCookieStickinessPolicy, except that the lifetime of
// the special Elastic Load Balancing cookie, AWSELB , follows the lifetime of the
// application-generated cookie specified in the policy configuration. The load
// balancer only inserts a new stickiness cookie when the application response
// includes a new application cookie.
//
// If the application cookie is explicitly removed or expires, the session stops
// being sticky until a new application cookie is issued.
//
// For more information, see [Application-Controlled Session Stickiness] in the Classic Load Balancers Guide.
//
// [Application-Controlled Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application
CreateAppCookieStickinessPolicy(ctx context.Context, params *elasticloadbalancing.CreateAppCookieStickinessPolicyInput, optFns ...func(*Options)) (*elasticloadbalancing.CreateAppCookieStickinessPolicyOutput, error)
// Generates a stickiness policy with sticky session lifetimes controlled by the
// lifetime of the browser (user-agent) or a specified expiration period. This
// policy can be associated only with HTTP/HTTPS listeners.
//
// When a load balancer implements this policy, the load balancer uses a special
// cookie to track the instance for each request. When the load balancer receives a
// request, it first checks to see if this cookie is present in the request. If so,
// the load balancer sends the request to the application server specified in the
// cookie. If not, the load balancer sends the request to a server that is chosen
// based on the existing load-balancing algorithm.
//
// A cookie is inserted into the response for binding subsequent requests from the
// same user to that server. The validity of the cookie is based on the cookie
// expiration time, which is specified in the policy configuration.
//
// For more information, see [Duration-Based Session Stickiness] in the Classic Load Balancers Guide.
//
// [Duration-Based Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration
CreateLBCookieStickinessPolicy(ctx context.Context, params *elasticloadbalancing.CreateLBCookieStickinessPolicyInput, optFns ...func(*Options)) (*elasticloadbalancing.CreateLBCookieStickinessPolicyOutput, error)
// Creates a Classic Load Balancer.
//
// You can add listeners, security groups, subnets, and tags when you create your
// load balancer, or you can add them later using CreateLoadBalancerListeners, ApplySecurityGroupsToLoadBalancer, AttachLoadBalancerToSubnets, and AddTags.
//
// To describe your current load balancers, see DescribeLoadBalancers. When you are finished with a
// load balancer, you can delete it using DeleteLoadBalancer.
//
// You can create up to 20 load balancers per region per account. You can request
// an increase for the number of load balancers for your account. For more
// information, see [Limits for Your Classic Load Balancer]in the Classic Load Balancers Guide.
//
// [Limits for Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html
CreateLoadBalancer(ctx context.Context, params *elasticloadbalancing.CreateLoadBalancerInput, optFns ...func(*Options)) (*elasticloadbalancing.CreateLoadBalancerOutput, error)
// Creates one or more listeners for the specified load balancer. If a listener
// with the specified port does not already exist, it is created; otherwise, the
// properties of the new listener must match the properties of the existing
// listener.
//
// For more information, see [Listeners for Your Classic Load Balancer] in the Classic Load Balancers Guide.
//
// [Listeners for Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html
CreateLoadBalancerListeners(ctx context.Context, params *elasticloadbalancing.CreateLoadBalancerListenersInput, optFns ...func(*Options)) (*elasticloadbalancing.CreateLoadBalancerListenersOutput, error)
// Creates a policy with the specified attributes for the specified load balancer.
//
// Policies are settings that are saved for your load balancer and that can be
// applied to the listener or the application server, depending on the policy type.
CreateLoadBalancerPolicy(ctx context.Context, params *elasticloadbalancing.CreateLoadBalancerPolicyInput, optFns ...func(*Options)) (*elasticloadbalancing.CreateLoadBalancerPolicyOutput, error)
// Deletes the specified load balancer.
//
// If you are attempting to recreate a load balancer, you must reconfigure all
// settings. The DNS name associated with a deleted load balancer are no longer
// usable. The name and associated DNS record of the deleted load balancer no
// longer exist and traffic sent to any of its IP addresses is no longer delivered
// to your instances.
//
// If the load balancer does not exist or has already been deleted, the call to
// DeleteLoadBalancer still succeeds.
DeleteLoadBalancer(ctx context.Context, params *elasticloadbalancing.DeleteLoadBalancerInput, optFns ...func(*Options)) (*elasticloadbalancing.DeleteLoadBalancerOutput, error)
// Deletes the specified listeners from the specified load balancer.
DeleteLoadBalancerListeners(ctx context.Context, params *elasticloadbalancing.DeleteLoadBalancerListenersInput, optFns ...func(*Options)) (*elasticloadbalancing.DeleteLoadBalancerListenersOutput, error)
// Deletes the specified policy from the specified load balancer. This policy must
// not be enabled for any listeners.
DeleteLoadBalancerPolicy(ctx context.Context, params *elasticloadbalancing.DeleteLoadBalancerPolicyInput, optFns ...func(*Options)) (*elasticloadbalancing.DeleteLoadBalancerPolicyOutput, error)
// Deregisters the specified instances from the specified load balancer. After the
// instance is deregistered, it no longer receives traffic from the load balancer.
//
// You can use DescribeLoadBalancers to verify that the instance is deregistered from the load balancer.
//
// For more information, see [Register or De-Register EC2 Instances] in the Classic Load Balancers Guide.
//
// [Register or De-Register EC2 Instances]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html
DeregisterInstancesFromLoadBalancer(ctx context.Context, params *elasticloadbalancing.DeregisterInstancesFromLoadBalancerInput, optFns ...func(*Options)) (*elasticloadbalancing.DeregisterInstancesFromLoadBalancerOutput, error)
// Describes the current Elastic Load Balancing resource limits for your AWS
// account.
//
// For more information, see [Limits for Your Classic Load Balancer] in the Classic Load Balancers Guide.
//
// [Limits for Your Classic Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html
DescribeAccountLimits(ctx context.Context, params *elasticloadbalancing.DescribeAccountLimitsInput, optFns ...func(*Options)) (*elasticloadbalancing.DescribeAccountLimitsOutput, error)
// Describes the state of the specified instances with respect to the specified
// load balancer. If no instances are specified, the call describes the state of
// all instances that are currently registered with the load balancer. If instances
// are specified, their state is returned even if they are no longer registered
// with the load balancer. The state of terminated instances is not returned.
DescribeInstanceHealth(ctx context.Context, params *elasticloadbalancing.DescribeInstanceHealthInput, optFns ...func(*Options)) (*elasticloadbalancing.DescribeInstanceHealthOutput, error)
// Describes the attributes for the specified load balancer.
DescribeLoadBalancerAttributes(ctx context.Context, params *elasticloadbalancing.DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*elasticloadbalancing.DescribeLoadBalancerAttributesOutput, error)
// Describes the specified policies.
//
// If you specify a load balancer name, the action returns the descriptions of all
// policies created for the load balancer. If you specify a policy name associated
// with your load balancer, the action returns the description of that policy. If
// you don't specify a load balancer name, the action returns descriptions of the
// specified sample policies, or descriptions of all sample policies. The names of
// the sample policies have the ELBSample- prefix.
DescribeLoadBalancerPolicies(ctx context.Context, params *elasticloadbalancing.DescribeLoadBalancerPoliciesInput, optFns ...func(*Options)) (*elasticloadbalancing.DescribeLoadBalancerPoliciesOutput, error)
// Describes the specified load balancer policy types or all load balancer policy
// types.
//
// The description of each type indicates how it can be used. For example, some
// policies can be used only with layer 7 listeners, some policies can be used only
// with layer 4 listeners, and some policies can be used only with your EC2
// instances.
//
// You can use CreateLoadBalancerPolicy to create a policy configuration for any of these policy types.
// Then, depending on the policy type, use either SetLoadBalancerPoliciesOfListeneror SetLoadBalancerPoliciesForBackendServer to set the policy.
DescribeLoadBalancerPolicyTypes(ctx context.Context, params *elasticloadbalancing.DescribeLoadBalancerPolicyTypesInput, optFns ...func(*Options)) (*elasticloadbalancing.DescribeLoadBalancerPolicyTypesOutput, error)
// Describes the specified the load balancers. If no load balancers are specified,
// the call describes all of your load balancers.
DescribeLoadBalancers(ctx context.Context, params *elasticloadbalancing.DescribeLoadBalancersInput, optFns ...func(*Options)) (*elasticloadbalancing.DescribeLoadBalancersOutput, error)
// Describes the tags associated with the specified load balancers.
DescribeTags(ctx context.Context, params *elasticloadbalancing.DescribeTagsInput, optFns ...func(*Options)) (*elasticloadbalancing.DescribeTagsOutput, error)
// Removes the specified subnets from the set of configured subnets for the load
// balancer.
//
// After a subnet is removed, all EC2 instances registered with the load balancer
// in the removed subnet go into the OutOfService state. Then, the load balancer
// balances the traffic among the remaining routable subnets.
DetachLoadBalancerFromSubnets(ctx context.Context, params *elasticloadbalancing.DetachLoadBalancerFromSubnetsInput, optFns ...func(*Options)) (*elasticloadbalancing.DetachLoadBalancerFromSubnetsOutput, error)
// Removes the specified Availability Zones from the set of Availability Zones for
// the specified load balancer in EC2-Classic or a default VPC.
//
// For load balancers in a non-default VPC, use DetachLoadBalancerFromSubnets.
//
// There must be at least one Availability Zone registered with a load balancer at
// all times. After an Availability Zone is removed, all instances registered with
// the load balancer that are in the removed Availability Zone go into the
// OutOfService state. Then, the load balancer attempts to equally balance the
// traffic among its remaining Availability Zones.
//
// For more information, see [Add or Remove Availability Zones] in the Classic Load Balancers Guide.
//
// [Add or Remove Availability Zones]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html
DisableAvailabilityZonesForLoadBalancer(ctx context.Context, params *elasticloadbalancing.DisableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*elasticloadbalancing.DisableAvailabilityZonesForLoadBalancerOutput, error)
// Adds the specified Availability Zones to the set of Availability Zones for the
// specified load balancer in EC2-Classic or a default VPC.
//
// For load balancers in a non-default VPC, use AttachLoadBalancerToSubnets.
//
// The load balancer evenly distributes requests across all its registered
// Availability Zones that contain instances. For more information, see [Add or Remove Availability Zones]in the
// Classic Load Balancers Guide.
//
// [Add or Remove Availability Zones]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html
EnableAvailabilityZonesForLoadBalancer(ctx context.Context, params *elasticloadbalancing.EnableAvailabilityZonesForLoadBalancerInput, optFns ...func(*Options)) (*elasticloadbalancing.EnableAvailabilityZonesForLoadBalancerOutput, error)
// Modifies the attributes of the specified load balancer.
//
// You can modify the load balancer attributes, such as AccessLogs ,
// ConnectionDraining , and CrossZoneLoadBalancing by either enabling or disabling
// them. Or, you can modify the load balancer attribute ConnectionSettings by
// specifying an idle connection timeout value for your load balancer.
//
// For more information, see the following in the Classic Load Balancers Guide:
//
// [Cross-Zone Load Balancing]
//
// [Connection Draining]
//
// [Access Logs]
//
// [Idle Connection Timeout]
//
// [Cross-Zone Load Balancing]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-crosszone-lb.html
// [Idle Connection Timeout]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html
// [Access Logs]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html
// [Connection Draining]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-conn-drain.html
ModifyLoadBalancerAttributes(ctx context.Context, params *elasticloadbalancing.ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*elasticloadbalancing.ModifyLoadBalancerAttributesOutput, error)
// Adds the specified instances to the specified load balancer.
//
// The instance must be a running instance in the same network as the load
// balancer (EC2-Classic or the same VPC). If you have EC2-Classic instances and a
// load balancer in a VPC with ClassicLink enabled, you can link the EC2-Classic
// instances to that VPC and then register the linked EC2-Classic instances with
// the load balancer in the VPC.
//
// Note that RegisterInstanceWithLoadBalancer completes when the request has been
// registered. Instance registration takes a little time to complete. To check the
// state of the registered instances, use DescribeLoadBalancersor DescribeInstanceHealth.
//
// After the instance is registered, it starts receiving traffic and requests from
// the load balancer. Any instance that is not in one of the Availability Zones
// registered for the load balancer is moved to the OutOfService state. If an
// Availability Zone is added to the load balancer later, any instances registered
// with the load balancer move to the InService state.
//
// To deregister instances from a load balancer, use DeregisterInstancesFromLoadBalancer.
//
// For more information, see [Register or De-Register EC2 Instances] in the Classic Load Balancers Guide.
//
// [Register or De-Register EC2 Instances]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-deregister-register-instances.html
RegisterInstancesWithLoadBalancer(ctx context.Context, params *elasticloadbalancing.RegisterInstancesWithLoadBalancerInput, optFns ...func(*Options)) (*elasticloadbalancing.RegisterInstancesWithLoadBalancerOutput, error)
// Removes one or more tags from the specified load balancer.
RemoveTags(ctx context.Context, params *elasticloadbalancing.RemoveTagsInput, optFns ...func(*Options)) (*elasticloadbalancing.RemoveTagsOutput, error)
// Sets the certificate that terminates the specified listener's SSL connections.
// The specified certificate replaces any prior certificate that was used on the
// same load balancer and port.
//
// For more information about updating your SSL certificate, see [Replace the SSL Certificate for Your Load Balancer] in the Classic
// Load Balancers Guide.
//
// [Replace the SSL Certificate for Your Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-update-ssl-cert.html
SetLoadBalancerListenerSSLCertificate(ctx context.Context, params *elasticloadbalancing.SetLoadBalancerListenerSSLCertificateInput, optFns ...func(*Options)) (*elasticloadbalancing.SetLoadBalancerListenerSSLCertificateOutput, error)
// Replaces the set of policies associated with the specified port on which the
// EC2 instance is listening with a new set of policies. At this time, only the
// back-end server authentication policy type can be applied to the instance ports;
// this policy type is composed of multiple public key policies.
//
// Each time you use SetLoadBalancerPoliciesForBackendServer to enable the
// policies, use the PolicyNames parameter to list the policies that you want to
// enable.
//
// You can use DescribeLoadBalancers or DescribeLoadBalancerPolicies to verify that the policy is associated with the EC2 instance.
//
// For more information about enabling back-end instance authentication, see [Configure Back-end Instance Authentication] in
// the Classic Load Balancers Guide. For more information about Proxy Protocol, see
// [Configure Proxy Protocol Support]in the Classic Load Balancers Guide.
//
// [Configure Back-end Instance Authentication]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html#configure_backendauth_clt
// [Configure Proxy Protocol Support]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
SetLoadBalancerPoliciesForBackendServer(ctx context.Context, params *elasticloadbalancing.SetLoadBalancerPoliciesForBackendServerInput, optFns ...func(*Options)) (*elasticloadbalancing.SetLoadBalancerPoliciesForBackendServerOutput, error)
// Replaces the current set of policies for the specified load balancer port with
// the specified set of policies.
//
// To enable back-end server authentication, use SetLoadBalancerPoliciesForBackendServer.
//
// For more information about setting policies, see [Update the SSL Negotiation Configuration], [Duration-Based Session Stickiness], and [Application-Controlled Session Stickiness] in the Classic Load
// Balancers Guide.
//
// [Update the SSL Negotiation Configuration]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-config-update.html
// [Duration-Based Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-duration
// [Application-Controlled Session Stickiness]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html#enable-sticky-sessions-application
SetLoadBalancerPoliciesOfListener(ctx context.Context, params *elasticloadbalancing.SetLoadBalancerPoliciesOfListenerInput, optFns ...func(*Options)) (*elasticloadbalancing.SetLoadBalancerPoliciesOfListenerOutput, error)
}
ELB provides an interface to the AWS ELB service.
type ELBV2 ¶ added in v0.91.0
type ELBV2 interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() elasticloadbalancingv2.Options
// Adds the specified SSL server certificate to the certificate list for the
// specified HTTPS or TLS listener.
//
// If the certificate in already in the certificate list, the call is successful
// but the certificate is not added again.
//
// For more information, see [SSL certificates] in the Application Load Balancers Guide or [Server certificates] in the
// Network Load Balancers Guide.
//
// [Server certificates]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/tls-listener-certificates.html
// [SSL certificates]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/https-listener-certificates.html
AddListenerCertificates(ctx context.Context, params *elasticloadbalancingv2.AddListenerCertificatesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.AddListenerCertificatesOutput, error)
// Adds the specified tags to the specified Elastic Load Balancing resource. You
// can tag your Application Load Balancers, Network Load Balancers, Gateway Load
// Balancers, target groups, trust stores, listeners, and rules.
//
// Each tag consists of a key and an optional value. If a resource already has a
// tag with the same key, AddTags updates its value.
AddTags(ctx context.Context, params *elasticloadbalancingv2.AddTagsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.AddTagsOutput, error)
// Adds the specified revocation file to the specified trust store.
AddTrustStoreRevocations(ctx context.Context, params *elasticloadbalancingv2.AddTrustStoreRevocationsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.AddTrustStoreRevocationsOutput, error)
// Creates a listener for the specified Application Load Balancer, Network Load
// Balancer, or Gateway Load Balancer.
//
// For more information, see the following:
//
// [Listeners for your Application Load Balancers]
//
// [Listeners for your Network Load Balancers]
//
// [Listeners for your Gateway Load Balancers]
//
// This operation is idempotent, which means that it completes at most one time.
// If you attempt to create multiple listeners with the same settings, each call
// succeeds.
//
// [Listeners for your Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-listeners.html
// [Listeners for your Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
// [Listeners for your Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-listeners.html
CreateListener(ctx context.Context, params *elasticloadbalancingv2.CreateListenerInput, optFns ...func(*Options)) (*elasticloadbalancingv2.CreateListenerOutput, error)
// Creates an Application Load Balancer, Network Load Balancer, or Gateway Load
// Balancer.
//
// For more information, see the following:
//
// [Application Load Balancers]
//
// [Network Load Balancers]
//
// [Gateway Load Balancers]
//
// This operation is idempotent, which means that it completes at most one time.
// If you attempt to create multiple load balancers with the same settings, each
// call succeeds.
//
// [Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html
// [Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html
// [Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html
CreateLoadBalancer(ctx context.Context, params *elasticloadbalancingv2.CreateLoadBalancerInput, optFns ...func(*Options)) (*elasticloadbalancingv2.CreateLoadBalancerOutput, error)
// Creates a rule for the specified listener. The listener must be associated with
// an Application Load Balancer.
//
// Each rule consists of a priority, one or more actions, one or more conditions,
// and up to two optional transforms. Rules are evaluated in priority order, from
// the lowest value to the highest value. When the conditions for a rule are met,
// its actions are performed. If the conditions for no rules are met, the actions
// for the default rule are performed. For more information, see [Listener rules]in the
// Application Load Balancers Guide.
//
// [Listener rules]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules
CreateRule(ctx context.Context, params *elasticloadbalancingv2.CreateRuleInput, optFns ...func(*Options)) (*elasticloadbalancingv2.CreateRuleOutput, error)
// Creates a target group.
//
// For more information, see the following:
//
// [Target groups for your Application Load Balancers]
//
// [Target groups for your Network Load Balancers]
//
// [Target groups for your Gateway Load Balancers]
//
// This operation is idempotent, which means that it completes at most one time.
// If you attempt to create multiple target groups with the same settings, each
// call succeeds.
//
// [Target groups for your Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html
// [Target groups for your Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html
// [Target groups for your Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html
CreateTargetGroup(ctx context.Context, params *elasticloadbalancingv2.CreateTargetGroupInput, optFns ...func(*Options)) (*elasticloadbalancingv2.CreateTargetGroupOutput, error)
// Creates a trust store.
//
// For more information, see [Mutual TLS for Application Load Balancers].
//
// [Mutual TLS for Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html
CreateTrustStore(ctx context.Context, params *elasticloadbalancingv2.CreateTrustStoreInput, optFns ...func(*Options)) (*elasticloadbalancingv2.CreateTrustStoreOutput, error)
// Deletes the specified listener.
//
// Alternatively, your listener is deleted when you delete the load balancer to
// which it is attached.
DeleteListener(ctx context.Context, params *elasticloadbalancingv2.DeleteListenerInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DeleteListenerOutput, error)
// Deletes the specified Application Load Balancer, Network Load Balancer, or
// Gateway Load Balancer. Deleting a load balancer also deletes its listeners.
//
// You can't delete a load balancer if deletion protection is enabled. If the load
// balancer does not exist or has already been deleted, the call succeeds.
//
// Deleting a load balancer does not affect its registered targets. For example,
// your EC2 instances continue to run and are still registered to their target
// groups. If you no longer need these EC2 instances, you can stop or terminate
// them.
DeleteLoadBalancer(ctx context.Context, params *elasticloadbalancingv2.DeleteLoadBalancerInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DeleteLoadBalancerOutput, error)
// Deletes the specified rule.
//
// You can't delete the default rule.
DeleteRule(ctx context.Context, params *elasticloadbalancingv2.DeleteRuleInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DeleteRuleOutput, error)
DeleteSharedTrustStoreAssociation(ctx context.Context, params *elasticloadbalancingv2.DeleteSharedTrustStoreAssociationInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DeleteSharedTrustStoreAssociationOutput, error)
// Deletes the specified target group.
//
// You can delete a target group if it is not referenced by any actions. Deleting
// a target group also deletes any associated health checks. Deleting a target
// group does not affect its registered targets. For example, any EC2 instances
// continue to run until you stop or terminate them.
DeleteTargetGroup(ctx context.Context, params *elasticloadbalancingv2.DeleteTargetGroupInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DeleteTargetGroupOutput, error)
// Deletes a trust store.
DeleteTrustStore(ctx context.Context, params *elasticloadbalancingv2.DeleteTrustStoreInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DeleteTrustStoreOutput, error)
// Deregisters the specified targets from the specified target group. After the
// targets are deregistered, they no longer receive traffic from the load balancer.
//
// The load balancer stops sending requests to targets that are deregistering, but
// uses connection draining to ensure that in-flight traffic completes on the
// existing connections. This deregistration delay is configured by default but can
// be updated for each target group.
//
// For more information, see the following:
//
// [Deregistration delay]
// - in the Application Load Balancers User Guide
//
// [Deregistration delay]
// - in the Network Load Balancers User Guide
//
// [Deregistration delay]
// - in the Gateway Load Balancers User Guide
//
// Note: If the specified target does not exist, the action returns successfully.
//
// [Deregistration delay]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/edit-target-group-attributes.html#deregistration-delay
DeregisterTargets(ctx context.Context, params *elasticloadbalancingv2.DeregisterTargetsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DeregisterTargetsOutput, error)
// Describes the current Elastic Load Balancing resource limits for your Amazon
// Web Services account.
//
// For more information, see the following:
//
// [Quotas for your Application Load Balancers]
//
// [Quotas for your Network Load Balancers]
//
// [Quotas for your Gateway Load Balancers]
//
// [Quotas for your Gateway Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html
// [Quotas for your Application Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html
// [Quotas for your Network Load Balancers]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html
DescribeAccountLimits(ctx context.Context, params *elasticloadbalancingv2.DescribeAccountLimitsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeAccountLimitsOutput, error)
// Describes the capacity reservation status for the specified load balancer.
DescribeCapacityReservation(ctx context.Context, params *elasticloadbalancingv2.DescribeCapacityReservationInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeCapacityReservationOutput, error)
// Describes the attributes for the specified listener.
DescribeListenerAttributes(ctx context.Context, params *elasticloadbalancingv2.DescribeListenerAttributesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeListenerAttributesOutput, error)
// Describes the default certificate and the certificate list for the specified
// HTTPS or TLS listener.
//
// If the default certificate is also in the certificate list, it appears twice in
// the results (once with IsDefault set to true and once with IsDefault set to
// false).
//
// For more information, see [SSL certificates] in the Application Load Balancers Guide or [Server certificates] in the
// Network Load Balancers Guide.
//
// [Server certificates]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/tls-listener-certificates.html
// [SSL certificates]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/https-listener-certificates.html
DescribeListenerCertificates(ctx context.Context, params *elasticloadbalancingv2.DescribeListenerCertificatesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeListenerCertificatesOutput, error)
// Describes the specified listeners or the listeners for the specified
// Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. You
// must specify either a load balancer or one or more listeners.
DescribeListeners(ctx context.Context, params *elasticloadbalancingv2.DescribeListenersInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeListenersOutput, error)
// Describes the attributes for the specified Application Load Balancer, Network
// Load Balancer, or Gateway Load Balancer.
//
// For more information, see the following:
//
// [Load balancer attributes]
// - in the Application Load Balancers Guide
//
// [Load balancer attributes]
// - in the Network Load Balancers Guide
//
// [Load balancer attributes]
// - in the Gateway Load Balancers Guide
//
// [Load balancer attributes]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html#load-balancer-attributes
DescribeLoadBalancerAttributes(ctx context.Context, params *elasticloadbalancingv2.DescribeLoadBalancerAttributesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeLoadBalancerAttributesOutput, error)
// Describes the specified load balancers or all of your load balancers.
DescribeLoadBalancers(ctx context.Context, params *elasticloadbalancingv2.DescribeLoadBalancersInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeLoadBalancersOutput, error)
// Describes the specified rules or the rules for the specified listener. You must
// specify either a listener or one or more rules.
DescribeRules(ctx context.Context, params *elasticloadbalancingv2.DescribeRulesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeRulesOutput, error)
// Describes the specified policies or all policies used for SSL negotiation.
//
// For more information, see [Security policies] in the Application Load Balancers Guide and [Security policies] in the
// Network Load Balancers Guide.
//
// [Security policies]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/describe-ssl-policies.html
DescribeSSLPolicies(ctx context.Context, params *elasticloadbalancingv2.DescribeSSLPoliciesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeSSLPoliciesOutput, error)
// Describes the tags for the specified Elastic Load Balancing resources. You can
// describe the tags for one or more Application Load Balancers, Network Load
// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
DescribeTags(ctx context.Context, params *elasticloadbalancingv2.DescribeTagsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeTagsOutput, error)
// Describes the attributes for the specified target group.
//
// For more information, see the following:
//
// [Target group attributes]
// - in the Application Load Balancers Guide
//
// [Target group attributes]
// - in the Network Load Balancers Guide
//
// [Target group attributes]
// - in the Gateway Load Balancers Guide
//
// [Target group attributes]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#target-group-attributes
DescribeTargetGroupAttributes(ctx context.Context, params *elasticloadbalancingv2.DescribeTargetGroupAttributesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeTargetGroupAttributesOutput, error)
// Describes the specified target groups or all of your target groups. By default,
// all target groups are described. Alternatively, you can specify one of the
// following to filter the results: the ARN of the load balancer, the names of one
// or more target groups, or the ARNs of one or more target groups.
DescribeTargetGroups(ctx context.Context, params *elasticloadbalancingv2.DescribeTargetGroupsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeTargetGroupsOutput, error)
// Describes the health of the specified targets or all of your targets.
DescribeTargetHealth(ctx context.Context, params *elasticloadbalancingv2.DescribeTargetHealthInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeTargetHealthOutput, error)
// Describes all resources associated with the specified trust store.
DescribeTrustStoreAssociations(ctx context.Context, params *elasticloadbalancingv2.DescribeTrustStoreAssociationsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeTrustStoreAssociationsOutput, error)
// Describes the revocation files in use by the specified trust store or
// revocation files.
DescribeTrustStoreRevocations(ctx context.Context, params *elasticloadbalancingv2.DescribeTrustStoreRevocationsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeTrustStoreRevocationsOutput, error)
// Describes all trust stores for the specified account.
DescribeTrustStores(ctx context.Context, params *elasticloadbalancingv2.DescribeTrustStoresInput, optFns ...func(*Options)) (*elasticloadbalancingv2.DescribeTrustStoresOutput, error)
// Retrieves the resource policy for a specified resource.
GetResourcePolicy(ctx context.Context, params *elasticloadbalancingv2.GetResourcePolicyInput, optFns ...func(*Options)) (*elasticloadbalancingv2.GetResourcePolicyOutput, error)
// Retrieves the ca certificate bundle.
//
// This action returns a pre-signed S3 URI which is active for ten minutes.
GetTrustStoreCaCertificatesBundle(ctx context.Context, params *elasticloadbalancingv2.GetTrustStoreCaCertificatesBundleInput, optFns ...func(*Options)) (*elasticloadbalancingv2.GetTrustStoreCaCertificatesBundleOutput, error)
// Retrieves the specified revocation file.
//
// This action returns a pre-signed S3 URI which is active for ten minutes.
GetTrustStoreRevocationContent(ctx context.Context, params *elasticloadbalancingv2.GetTrustStoreRevocationContentInput, optFns ...func(*Options)) (*elasticloadbalancingv2.GetTrustStoreRevocationContentOutput, error)
// Modifies the capacity reservation of the specified load balancer.
//
// When modifying capacity reservation, you must include at least one
// MinimumLoadBalancerCapacity or ResetCapacityReservation .
ModifyCapacityReservation(ctx context.Context, params *elasticloadbalancingv2.ModifyCapacityReservationInput, optFns ...func(*Options)) (*elasticloadbalancingv2.ModifyCapacityReservationOutput, error)
// [Application Load Balancers] Modify the IP pool associated to a load balancer.
ModifyIpPools(ctx context.Context, params *elasticloadbalancingv2.ModifyIpPoolsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.ModifyIpPoolsOutput, error)
// Replaces the specified properties of the specified listener. Any properties
// that you do not specify remain unchanged.
//
// Changing the protocol from HTTPS to HTTP, or from TLS to TCP, removes the
// security policy and default certificate properties. If you change the protocol
// from HTTP to HTTPS, or from TCP to TLS, you must add the security policy and
// default certificate properties.
//
// To add an item to a list, remove an item from a list, or update an item in a
// list, you must provide the entire list. For example, to add an action, specify a
// list with the current actions plus the new action.
ModifyListener(ctx context.Context, params *elasticloadbalancingv2.ModifyListenerInput, optFns ...func(*Options)) (*elasticloadbalancingv2.ModifyListenerOutput, error)
// Modifies the specified attributes of the specified listener.
ModifyListenerAttributes(ctx context.Context, params *elasticloadbalancingv2.ModifyListenerAttributesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.ModifyListenerAttributesOutput, error)
// Modifies the specified attributes of the specified Application Load Balancer,
// Network Load Balancer, or Gateway Load Balancer.
//
// If any of the specified attributes can't be modified as requested, the call
// fails. Any existing attributes that you do not modify retain their current
// values.
ModifyLoadBalancerAttributes(ctx context.Context, params *elasticloadbalancingv2.ModifyLoadBalancerAttributesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.ModifyLoadBalancerAttributesOutput, error)
// Replaces the specified properties of the specified rule. Any properties that
// you do not specify are unchanged.
//
// To add an item to a list, remove an item from a list, or update an item in a
// list, you must provide the entire list. For example, to add an action, specify a
// list with the current actions plus the new action.
ModifyRule(ctx context.Context, params *elasticloadbalancingv2.ModifyRuleInput, optFns ...func(*Options)) (*elasticloadbalancingv2.ModifyRuleOutput, error)
// Modifies the health checks used when evaluating the health state of the targets
// in the specified target group.
ModifyTargetGroup(ctx context.Context, params *elasticloadbalancingv2.ModifyTargetGroupInput, optFns ...func(*Options)) (*elasticloadbalancingv2.ModifyTargetGroupOutput, error)
// Modifies the specified attributes of the specified target group.
ModifyTargetGroupAttributes(ctx context.Context, params *elasticloadbalancingv2.ModifyTargetGroupAttributesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.ModifyTargetGroupAttributesOutput, error)
// Update the ca certificate bundle for the specified trust store.
ModifyTrustStore(ctx context.Context, params *elasticloadbalancingv2.ModifyTrustStoreInput, optFns ...func(*Options)) (*elasticloadbalancingv2.ModifyTrustStoreOutput, error)
// Registers the specified targets with the specified target group.
//
// If the target is an EC2 instance, it must be in the running state when you
// register it.
//
// By default, the load balancer routes requests to registered targets using the
// protocol and port for the target group. Alternatively, you can override the port
// for a target when you register it. You can register each EC2 instance or IP
// address with the same target group multiple times using different ports.
//
// For more information, see the following:
//
// [Register targets for your Application Load Balancer]
//
// [Register targets for your Network Load Balancer]
//
// [Register targets for your Gateway Load Balancer]
//
// [Register targets for your Network Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-register-targets.html
// [Register targets for your Gateway Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-group-register-targets.html
// [Register targets for your Application Load Balancer]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-register-targets.html
RegisterTargets(ctx context.Context, params *elasticloadbalancingv2.RegisterTargetsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.RegisterTargetsOutput, error)
// Removes the specified certificate from the certificate list for the specified
// HTTPS or TLS listener.
RemoveListenerCertificates(ctx context.Context, params *elasticloadbalancingv2.RemoveListenerCertificatesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.RemoveListenerCertificatesOutput, error)
// Removes the specified tags from the specified Elastic Load Balancing resources.
// You can remove the tags for one or more Application Load Balancers, Network Load
// Balancers, Gateway Load Balancers, target groups, listeners, or rules.
RemoveTags(ctx context.Context, params *elasticloadbalancingv2.RemoveTagsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.RemoveTagsOutput, error)
// Removes the specified revocation file from the specified trust store.
RemoveTrustStoreRevocations(ctx context.Context, params *elasticloadbalancingv2.RemoveTrustStoreRevocationsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.RemoveTrustStoreRevocationsOutput, error)
// Sets the type of IP addresses used by the subnets of the specified load
// balancer.
SetIpAddressType(ctx context.Context, params *elasticloadbalancingv2.SetIpAddressTypeInput, optFns ...func(*Options)) (*elasticloadbalancingv2.SetIpAddressTypeOutput, error)
// Sets the priorities of the specified rules.
//
// You can reorder the rules as long as there are no priority conflicts in the new
// order. Any existing rules that you do not specify retain their current priority.
SetRulePriorities(ctx context.Context, params *elasticloadbalancingv2.SetRulePrioritiesInput, optFns ...func(*Options)) (*elasticloadbalancingv2.SetRulePrioritiesOutput, error)
// Associates the specified security groups with the specified Application Load
// Balancer or Network Load Balancer. The specified security groups override the
// previously associated security groups.
//
// You can't perform this operation on a Network Load Balancer unless you
// specified a security group for the load balancer when you created it.
//
// You can't associate a security group with a Gateway Load Balancer.
SetSecurityGroups(ctx context.Context, params *elasticloadbalancingv2.SetSecurityGroupsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.SetSecurityGroupsOutput, error)
// Enables the Availability Zones for the specified public subnets for the
// specified Application Load Balancer, Network Load Balancer or Gateway Load
// Balancer. The specified subnets replace the previously enabled subnets.
SetSubnets(ctx context.Context, params *elasticloadbalancingv2.SetSubnetsInput, optFns ...func(*Options)) (*elasticloadbalancingv2.SetSubnetsOutput, error)
}
ELBV2 provides an interface to the AWS ELBV2 service.
type IAM ¶ added in v0.94.0
type IAM interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() iam.Options
// Adds a new client ID (also known as audience) to the list of client IDs already
// registered for the specified IAM OpenID Connect (OIDC) provider resource.
//
// This operation is idempotent; it does not fail or return an error if you add an
// existing client ID to the provider.
AddClientIDToOpenIDConnectProvider(ctx context.Context, params *iam.AddClientIDToOpenIDConnectProviderInput, optFns ...func(*Options)) (*iam.AddClientIDToOpenIDConnectProviderOutput, error)
// Adds the specified IAM role to the specified instance profile. An instance
// profile can contain only one role, and this quota cannot be increased. You can
// remove the existing role and then add a different role to an instance profile.
// You must then wait for the change to appear across all of Amazon Web Services
// because of [eventual consistency]. To force the change, you must [disassociate the instance profile] and then [associate the instance profile], or you can stop your
// instance and then restart it.
//
// The caller of this operation must be granted the PassRole permission on the IAM
// role by a permissions policy.
//
// When using the [iam:AssociatedResourceArn] condition in a policy to restrict the [PassRole] IAM action, special
// considerations apply if the policy is intended to define access for the
// AddRoleToInstanceProfile action. In this case, you cannot specify a Region or
// instance ID in the EC2 instance ARN. The ARN value must be
// arn:aws:ec2:*:CallerAccountId:instance/* . Using any other ARN value may lead to
// unexpected evaluation results.
//
// For more information about roles, see [IAM roles] in the IAM User Guide. For more
// information about instance profiles, see [Using instance profiles]in the IAM User Guide.
//
// [disassociate the instance profile]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
// [associate the instance profile]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
// [PassRole]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
// [iam:AssociatedResourceArn]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#available-keys-for-iam
// [eventual consistency]: https://en.wikipedia.org/wiki/Eventual_consistency
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
AddRoleToInstanceProfile(ctx context.Context, params *iam.AddRoleToInstanceProfileInput, optFns ...func(*Options)) (*iam.AddRoleToInstanceProfileOutput, error)
// Adds the specified user to the specified group.
AddUserToGroup(ctx context.Context, params *iam.AddUserToGroupInput, optFns ...func(*Options)) (*iam.AddUserToGroupOutput, error)
// Attaches the specified managed policy to the specified IAM group.
//
// You use this operation to attach a managed policy to a group. To embed an
// inline policy in a group, use [PutGroupPolicy]PutGroupPolicy .
//
// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
// the IAM User Guide.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [PutGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html
// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
AttachGroupPolicy(ctx context.Context, params *iam.AttachGroupPolicyInput, optFns ...func(*Options)) (*iam.AttachGroupPolicyOutput, error)
// Attaches the specified managed policy to the specified IAM role. When you
// attach a managed policy to a role, the managed policy becomes part of the role's
// permission (access) policy.
//
// You cannot use a managed policy as the role's trust policy. The role's trust
// policy is created at the same time as the role, using [CreateRole]CreateRole . You can
// update a role's trust policy using [UpdateAssumerolePolicy]UpdateAssumerolePolicy .
//
// Use this operation to attach a managed policy to a role. To embed an inline
// policy in a role, use [PutRolePolicy]PutRolePolicy . For more information about policies, see [Managed policies and inline policies]
// in the IAM User Guide.
//
// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
// the IAM User Guide.
//
// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
// [UpdateAssumerolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
// [PutRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html
// [CreateRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
AttachRolePolicy(ctx context.Context, params *iam.AttachRolePolicyInput, optFns ...func(*Options)) (*iam.AttachRolePolicyOutput, error)
// Attaches the specified managed policy to the specified user.
//
// You use this operation to attach a managed policy to a user. To embed an inline
// policy in a user, use [PutUserPolicy]PutUserPolicy .
//
// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
// the IAM User Guide.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
// [PutUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
AttachUserPolicy(ctx context.Context, params *iam.AttachUserPolicyInput, optFns ...func(*Options)) (*iam.AttachUserPolicyOutput, error)
// Changes the password of the IAM user who is calling this operation. This
// operation can be performed using the CLI, the Amazon Web Services API, or the My
// Security Credentials page in the Amazon Web Services Management Console. The
// Amazon Web Services account root user password is not affected by this
// operation.
//
// Use [UpdateLoginProfile] to use the CLI, the Amazon Web Services API, or the Users page in the IAM
// console to change the password for any IAM user. For more information about
// modifying passwords, see [Managing passwords]in the IAM User Guide.
//
// [UpdateLoginProfile]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html
// [Managing passwords]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
ChangePassword(ctx context.Context, params *iam.ChangePasswordInput, optFns ...func(*Options)) (*iam.ChangePasswordOutput, error)
// Creates a new Amazon Web Services secret access key and corresponding Amazon
//
// Web Services access key ID for the specified user. The default status for new
// keys is Active .
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials. This is true even if the Amazon Web Services account has
// no associated users.
//
// For information about quotas on the number of keys you can create, see [IAM and STS quotas] in the
// IAM User Guide.
//
// To ensure the security of your Amazon Web Services account, the secret access
// key is accessible only during key and user creation. You must save the key (for
// example, in a text file) if you want to be able to access it again. If a secret
// key is lost, you can delete the access keys for the associated user and then
// create new keys.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
CreateAccessKey(ctx context.Context, params *iam.CreateAccessKeyInput, optFns ...func(*Options)) (*iam.CreateAccessKeyOutput, error)
// Creates an alias for your Amazon Web Services account. For information about
// using an Amazon Web Services account alias, see [Creating, deleting, and listing an Amazon Web Services account alias]in the Amazon Web Services
// Sign-In User Guide.
//
// [Creating, deleting, and listing an Amazon Web Services account alias]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
CreateAccountAlias(ctx context.Context, params *iam.CreateAccountAliasInput, optFns ...func(*Options)) (*iam.CreateAccountAliasOutput, error)
// This API is currently unavailable for general use.
CreateDelegationRequest(ctx context.Context, params *iam.CreateDelegationRequestInput, optFns ...func(*Options)) (*iam.CreateDelegationRequestOutput, error)
// Creates a new group.
//
// For information about the number of groups you can create, see [IAM and STS quotas] in the IAM User
// Guide.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
CreateGroup(ctx context.Context, params *iam.CreateGroupInput, optFns ...func(*Options)) (*iam.CreateGroupOutput, error)
// Creates a new instance profile. For information about instance profiles, see [Using roles for applications on Amazon EC2]
//
// in the IAM User Guide, and [Instance profiles]in the Amazon EC2 User Guide.
//
// For information about the number of instance profiles you can create, see [IAM object quotas] in
// the IAM User Guide.
//
// [Instance profiles]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile
// [IAM object quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
//
// [Using roles for applications on Amazon EC2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
CreateInstanceProfile(ctx context.Context, params *iam.CreateInstanceProfileInput, optFns ...func(*Options)) (*iam.CreateInstanceProfileOutput, error)
// Creates a password for the specified IAM user. A password allows an IAM user to
// access Amazon Web Services services through the Amazon Web Services Management
// Console.
//
// You can use the CLI, the Amazon Web Services API, or the Users page in the IAM
// console to create a password for any IAM user. Use [ChangePassword]to update your own existing
// password in the My Security Credentials page in the Amazon Web Services
// Management Console.
//
// For more information about managing passwords, see [Managing passwords] in the IAM User Guide.
//
// [ChangePassword]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
// [Managing passwords]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
CreateLoginProfile(ctx context.Context, params *iam.CreateLoginProfileInput, optFns ...func(*Options)) (*iam.CreateLoginProfileOutput, error)
// Creates an IAM entity to describe an identity provider (IdP) that supports [OpenID Connect (OIDC)].
//
// The OIDC provider that you create with this operation can be used as a
// principal in a role's trust policy. Such a policy establishes a trust
// relationship between Amazon Web Services and the OIDC provider.
//
// If you are using an OIDC identity provider from Google, Facebook, or Amazon
// Cognito, you don't need to create a separate IAM identity provider. These OIDC
// identity providers are already built-in to Amazon Web Services and are available
// for your use. Instead, you can move directly to creating new roles using your
// identity provider. To learn more, see [Creating a role for web identity or OpenID connect federation]in the IAM User Guide.
//
// When you create the IAM OIDC provider, you specify the following:
//
// - The URL of the OIDC identity provider (IdP) to trust
//
// - A list of client IDs (also known as audiences) that identify the
// application or applications allowed to authenticate using the OIDC provider
//
// - A list of tags that are attached to the specified IAM OIDC provider
//
// - A list of thumbprints of one or more server certificates that the IdP uses
//
// You get all of this information from the OIDC IdP you want to use to access
// Amazon Web Services.
//
// Amazon Web Services secures communication with OIDC identity providers (IdPs)
// using our library of trusted root certificate authorities (CAs) to verify the
// JSON Web Key Set (JWKS) endpoint's TLS certificate. If your OIDC IdP relies on a
// certificate that is not signed by one of these trusted CAs, only then we secure
// communication using the thumbprints set in the IdP's configuration.
//
// The trust for the OIDC provider is derived from the IAM provider that this
// operation creates. Therefore, it is best to limit access to the [CreateOpenIDConnectProvider]operation to
// highly privileged users.
//
// [OpenID Connect (OIDC)]: http://openid.net/connect/
// [Creating a role for web identity or OpenID connect federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
// [CreateOpenIDConnectProvider]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
CreateOpenIDConnectProvider(ctx context.Context, params *iam.CreateOpenIDConnectProviderInput, optFns ...func(*Options)) (*iam.CreateOpenIDConnectProviderOutput, error)
// Creates a new managed policy for your Amazon Web Services account.
//
// This operation creates a policy version with a version identifier of v1 and
// sets v1 as the policy's default version. For more information about policy
// versions, see [Versioning for managed policies]in the IAM User Guide.
//
// As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies] in
// the IAM User Guide.
//
// For more information about managed policies in general, see [Managed policies and inline policies] in the IAM User
// Guide.
//
// [Validating IAM policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
CreatePolicy(ctx context.Context, params *iam.CreatePolicyInput, optFns ...func(*Options)) (*iam.CreatePolicyOutput, error)
// Creates a new version of the specified managed policy. To update a managed
// policy, you create a new policy version. A managed policy can have up to five
// versions. If the policy has five versions, you must delete an existing version
// using [DeletePolicyVersion]before you create a new version.
//
// Optionally, you can set the new version as the policy's default version. The
// default version is the version that is in effect for the IAM users, groups, and
// roles to which the policy is attached.
//
// For more information about managed policy versions, see [Versioning for managed policies] in the IAM User Guide.
//
// [DeletePolicyVersion]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
CreatePolicyVersion(ctx context.Context, params *iam.CreatePolicyVersionInput, optFns ...func(*Options)) (*iam.CreatePolicyVersionOutput, error)
// Creates a new role for your Amazon Web Services account.
//
// For more information about roles, see [IAM roles] in the IAM User Guide. For information
// about quotas for role names and the number of roles you can create, see [IAM and STS quotas]in the
// IAM User Guide.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
CreateRole(ctx context.Context, params *iam.CreateRoleInput, optFns ...func(*Options)) (*iam.CreateRoleOutput, error)
// Creates an IAM resource that describes an identity provider (IdP) that supports
// SAML 2.0.
//
// The SAML provider resource that you create with this operation can be used as a
// principal in an IAM role's trust policy. Such a policy can enable federated
// users who sign in using the SAML IdP to assume the role. You can create an IAM
// role that supports Web-based single sign-on (SSO) to the Amazon Web Services
// Management Console or one that supports API access to Amazon Web Services.
//
// When you create the SAML provider resource, you upload a SAML metadata document
// that you get from your IdP. That document includes the issuer's name, expiration
// information, and keys that can be used to validate the SAML authentication
// response (assertions) that the IdP sends. You must generate the metadata
// document using the identity management software that is used as your
// organization's IdP.
//
// This operation requires [Signature Version 4].
//
// For more information, see [Enabling SAML 2.0 federated users to access the Amazon Web Services Management Console] and [About SAML 2.0-based federation] in the IAM User Guide.
//
// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
// [About SAML 2.0-based federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
// [Enabling SAML 2.0 federated users to access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
CreateSAMLProvider(ctx context.Context, params *iam.CreateSAMLProviderInput, optFns ...func(*Options)) (*iam.CreateSAMLProviderOutput, error)
// Creates an IAM role that is linked to a specific Amazon Web Services service.
// The service controls the attached policies and when the role can be deleted.
// This helps ensure that the service is not broken by an unexpectedly changed or
// deleted role, which could put your Amazon Web Services resources into an unknown
// state. Allowing the service to control the role helps improve service stability
// and proper cleanup when a service and its role are no longer needed. For more
// information, see [Using service-linked roles]in the IAM User Guide.
//
// To attach a policy to this service-linked role, you must make the request using
// the Amazon Web Services service that depends on this role.
//
// [Using service-linked roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
CreateServiceLinkedRole(ctx context.Context, params *iam.CreateServiceLinkedRoleInput, optFns ...func(*Options)) (*iam.CreateServiceLinkedRoleOutput, error)
// Generates a set of credentials consisting of a user name and password that can
// be used to access the service specified in the request. These credentials are
// generated by IAM, and can be used only for the specified service.
//
// You can have a maximum of two sets of service-specific credentials for each
// supported service per user.
//
// You can create service-specific credentials for Amazon Bedrock, CodeCommit and
// Amazon Keyspaces (for Apache Cassandra).
//
// You can reset the password to a new service-generated value by calling [ResetServiceSpecificCredential].
//
// For more information about service-specific credentials, see [Service-specific credentials for IAM users] in the IAM User
// Guide.
//
// [ResetServiceSpecificCredential]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html
// [Service-specific credentials for IAM users]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bedrock.html
CreateServiceSpecificCredential(ctx context.Context, params *iam.CreateServiceSpecificCredentialInput, optFns ...func(*Options)) (*iam.CreateServiceSpecificCredentialOutput, error)
// Creates a new IAM user for your Amazon Web Services account.
//
// For information about quotas for the number of IAM users you can create, see [IAM and STS quotas]
// in the IAM User Guide.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
CreateUser(ctx context.Context, params *iam.CreateUserInput, optFns ...func(*Options)) (*iam.CreateUserOutput, error)
// Creates a new virtual MFA device for the Amazon Web Services account. After
// creating the virtual MFA, use [EnableMFADevice]to attach the MFA device to an IAM user. For more
// information about creating and working with virtual MFA devices, see [Using a virtual MFA device]in the IAM
// User Guide.
//
// For information about the maximum number of MFA devices you can create, see [IAM and STS quotas] in
// the IAM User Guide.
//
// The seed information contained in the QR code and the Base32 string should be
// treated like any other secret access information. In other words, protect the
// seed information as you would your Amazon Web Services access keys or your
// passwords. After you provision your virtual device, you should ensure that the
// information is destroyed following secure procedures.
//
// [Using a virtual MFA device]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
// [EnableMFADevice]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
CreateVirtualMFADevice(ctx context.Context, params *iam.CreateVirtualMFADeviceInput, optFns ...func(*Options)) (*iam.CreateVirtualMFADeviceOutput, error)
// Deactivates the specified MFA device and removes it from association with the
// user name for which it was originally enabled.
//
// For more information about creating and working with virtual MFA devices, see [Enabling a virtual multi-factor authentication (MFA) device]
// in the IAM User Guide.
//
// [Enabling a virtual multi-factor authentication (MFA) device]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
DeactivateMFADevice(ctx context.Context, params *iam.DeactivateMFADeviceInput, optFns ...func(*Options)) (*iam.DeactivateMFADeviceOutput, error)
// Deletes the access key pair associated with the specified IAM user.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
DeleteAccessKey(ctx context.Context, params *iam.DeleteAccessKeyInput, optFns ...func(*Options)) (*iam.DeleteAccessKeyOutput, error)
// Deletes the specified Amazon Web Services account alias. For information about
//
// using an Amazon Web Services account alias, see [Creating, deleting, and listing an Amazon Web Services account alias]in the Amazon Web Services
// Sign-In User Guide.
//
// [Creating, deleting, and listing an Amazon Web Services account alias]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
DeleteAccountAlias(ctx context.Context, params *iam.DeleteAccountAliasInput, optFns ...func(*Options)) (*iam.DeleteAccountAliasOutput, error)
// Deletes the password policy for the Amazon Web Services account. There are no
// parameters.
DeleteAccountPasswordPolicy(ctx context.Context, params *iam.DeleteAccountPasswordPolicyInput, optFns ...func(*Options)) (*iam.DeleteAccountPasswordPolicyOutput, error)
// Deletes the specified IAM group. The group must not contain any users or have
// any attached policies.
DeleteGroup(ctx context.Context, params *iam.DeleteGroupInput, optFns ...func(*Options)) (*iam.DeleteGroupOutput, error)
// Deletes the specified inline policy that is embedded in the specified IAM group.
//
// A group can also have managed policies attached to it. To detach a managed
// policy from a group, use [DetachGroupPolicy]. For more information about policies, refer to [Managed policies and inline policies] in
// the IAM User Guide.
//
// [DetachGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DeleteGroupPolicy(ctx context.Context, params *iam.DeleteGroupPolicyInput, optFns ...func(*Options)) (*iam.DeleteGroupPolicyOutput, error)
// Deletes the specified instance profile. The instance profile must not have an
// associated role.
//
// Make sure that you do not have any Amazon EC2 instances running with the
// instance profile you are about to delete. Deleting a role or instance profile
// that is associated with a running instance will break any applications running
// on the instance.
//
// For more information about instance profiles, see [Using instance profiles] in the IAM User Guide.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
DeleteInstanceProfile(ctx context.Context, params *iam.DeleteInstanceProfileInput, optFns ...func(*Options)) (*iam.DeleteInstanceProfileOutput, error)
// Deletes the password for the specified IAM user or root user, For more
// information, see [Managing passwords for IAM users].
//
// You can use the CLI, the Amazon Web Services API, or the Users page in the IAM
// console to delete a password for any IAM user. You can use [ChangePassword]to update, but not
// delete, your own password in the My Security Credentials page in the Amazon Web
// Services Management Console.
//
// Deleting a user's password does not prevent a user from accessing Amazon Web
// Services through the command line interface or the API. To prevent all user
// access, you must also either make any access keys inactive or delete them. For
// more information about making keys inactive or deleting them, see [UpdateAccessKey]and [DeleteAccessKey].
//
// [ChangePassword]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
// [DeleteAccessKey]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html
// [Managing passwords for IAM users]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html
// [UpdateAccessKey]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html
DeleteLoginProfile(ctx context.Context, params *iam.DeleteLoginProfileInput, optFns ...func(*Options)) (*iam.DeleteLoginProfileOutput, error)
// Deletes an OpenID Connect identity provider (IdP) resource object in IAM.
//
// Deleting an IAM OIDC provider resource does not update any roles that reference
// the provider as a principal in their trust policies. Any attempt to assume a
// role that references a deleted provider fails.
//
// This operation is idempotent; it does not fail or return an error if you call
// the operation for a provider that does not exist.
DeleteOpenIDConnectProvider(ctx context.Context, params *iam.DeleteOpenIDConnectProviderInput, optFns ...func(*Options)) (*iam.DeleteOpenIDConnectProviderOutput, error)
// Deletes the specified managed policy.
//
// Before you can delete a managed policy, you must first detach the policy from
// all users, groups, and roles that it is attached to. In addition, you must
// delete all the policy's versions. The following steps describe the process for
// deleting a managed policy:
//
// - Detach the policy from all users, groups, and roles that the policy is
// attached to, using [DetachUserPolicy], [DetachGroupPolicy], or [DetachRolePolicy]. To list all the users, groups, and roles that a
// policy is attached to, use [ListEntitiesForPolicy].
//
// - Delete all versions of the policy using [DeletePolicyVersion]. To list the policy's versions,
// use [ListPolicyVersions]. You cannot use [DeletePolicyVersion]to delete the version that is marked as the default
// version. You delete the policy's default version in the next step of the
// process.
//
// - Delete the policy (this automatically deletes the policy's default version)
// using this operation.
//
// For information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [DetachUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
// [DetachRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
// [ListEntitiesForPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
// [DeletePolicyVersion]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
// [DetachGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
// [ListPolicyVersions]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DeletePolicy(ctx context.Context, params *iam.DeletePolicyInput, optFns ...func(*Options)) (*iam.DeletePolicyOutput, error)
// Deletes the specified version from the specified managed policy.
//
// You cannot delete the default version from a policy using this operation. To
// delete the default version from a policy, use [DeletePolicy]. To find out which version of a
// policy is marked as the default version, use [ListPolicyVersions].
//
// For information about versions for managed policies, see [Versioning for managed policies] in the IAM User Guide.
//
// [DeletePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html
// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
// [ListPolicyVersions]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
DeletePolicyVersion(ctx context.Context, params *iam.DeletePolicyVersionInput, optFns ...func(*Options)) (*iam.DeletePolicyVersionOutput, error)
// Deletes the specified role. Unlike the Amazon Web Services Management Console,
// when you delete a role programmatically, you must delete the items attached to
// the role manually, or the deletion fails. For more information, see [Deleting an IAM role]. Before
// attempting to delete a role, remove the following attached items:
//
// - Inline policies ([DeleteRolePolicy] )
//
// - Attached managed policies ([DetachRolePolicy] )
//
// - Instance profile ([RemoveRoleFromInstanceProfile] )
//
// - Optional – Delete instance profile after detaching from role for resource
// clean up ([DeleteInstanceProfile] )
//
// Make sure that you do not have any Amazon EC2 instances running with the role
// you are about to delete. Deleting a role or instance profile that is associated
// with a running instance will break any applications running on the instance.
//
// [DetachRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
// [RemoveRoleFromInstanceProfile]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html
// [DeleteRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html
// [DeleteInstanceProfile]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html
// [Deleting an IAM role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli
DeleteRole(ctx context.Context, params *iam.DeleteRoleInput, optFns ...func(*Options)) (*iam.DeleteRoleOutput, error)
// Deletes the permissions boundary for the specified IAM role.
//
// You cannot set the boundary for a service-linked role.
//
// Deleting the permissions boundary for a role might increase its permissions.
// For example, it might allow anyone who assumes the role to perform all the
// actions granted in its permissions policies.
DeleteRolePermissionsBoundary(ctx context.Context, params *iam.DeleteRolePermissionsBoundaryInput, optFns ...func(*Options)) (*iam.DeleteRolePermissionsBoundaryOutput, error)
// Deletes the specified inline policy that is embedded in the specified IAM role.
//
// A role can also have managed policies attached to it. To detach a managed
// policy from a role, use [DetachRolePolicy]. For more information about policies, refer to [Managed policies and inline policies] in the
// IAM User Guide.
//
// [DetachRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DeleteRolePolicy(ctx context.Context, params *iam.DeleteRolePolicyInput, optFns ...func(*Options)) (*iam.DeleteRolePolicyOutput, error)
// Deletes a SAML provider resource in IAM.
//
// Deleting the provider resource from IAM does not update any roles that
// reference the SAML provider resource's ARN as a principal in their trust
// policies. Any attempt to assume a role that references a non-existent provider
// resource ARN fails.
//
// This operation requires [Signature Version 4].
//
// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
DeleteSAMLProvider(ctx context.Context, params *iam.DeleteSAMLProviderInput, optFns ...func(*Options)) (*iam.DeleteSAMLProviderOutput, error)
// Deletes the specified SSH public key.
//
// The SSH public key deleted by this operation is used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information about
// using SSH keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the
// CodeCommit User Guide.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
DeleteSSHPublicKey(ctx context.Context, params *iam.DeleteSSHPublicKeyInput, optFns ...func(*Options)) (*iam.DeleteSSHPublicKeyOutput, error)
// Deletes the specified server certificate.
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic also includes a list of Amazon Web Services services that
// can use the server certificates that you manage with IAM.
//
// If you are using a server certificate with Elastic Load Balancing, deleting the
// certificate could have implications for your application. If Elastic Load
// Balancing doesn't detect the deletion of bound certificates, it may continue to
// use the certificates. This could cause Elastic Load Balancing to stop accepting
// traffic. We recommend that you remove the reference to the certificate from
// Elastic Load Balancing before using this command to delete the certificate. For
// more information, see [DeleteLoadBalancerListeners]in the Elastic Load Balancing API Reference.
//
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [DeleteLoadBalancerListeners]: https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html
DeleteServerCertificate(ctx context.Context, params *iam.DeleteServerCertificateInput, optFns ...func(*Options)) (*iam.DeleteServerCertificateOutput, error)
// Submits a service-linked role deletion request and returns a DeletionTaskId ,
// which you can use to check the status of the deletion. Before you call this
// operation, confirm that the role has no active sessions and that any resources
// used by the role in the linked service are deleted. If you call this operation
// more than once for the same service-linked role and an earlier deletion task is
// not complete, then the DeletionTaskId of the earlier request is returned.
//
// If you submit a deletion request for a service-linked role whose linked service
// is still accessing a resource, then the deletion task fails. If it fails, the [GetServiceLinkedRoleDeletionStatus]
// operation returns the reason for the failure, usually including the resources
// that must be deleted. To delete the service-linked role, you must first remove
// those resources from the linked service and then submit the deletion request
// again. Resources are specific to the service that is linked to the role. For
// more information about removing resources from a service, see the [Amazon Web Services documentation]for your
// service.
//
// For more information about service-linked roles, see [Roles terms and concepts: Amazon Web Services service-linked role] in the IAM User Guide.
//
// [Roles terms and concepts: Amazon Web Services service-linked role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role
// [Amazon Web Services documentation]: http://docs.aws.amazon.com/
// [GetServiceLinkedRoleDeletionStatus]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html
DeleteServiceLinkedRole(ctx context.Context, params *iam.DeleteServiceLinkedRoleInput, optFns ...func(*Options)) (*iam.DeleteServiceLinkedRoleOutput, error)
// Deletes the specified service-specific credential.
DeleteServiceSpecificCredential(ctx context.Context, params *iam.DeleteServiceSpecificCredentialInput, optFns ...func(*Options)) (*iam.DeleteServiceSpecificCredentialOutput, error)
// Deletes a signing certificate associated with the specified IAM user.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// IAM users.
DeleteSigningCertificate(ctx context.Context, params *iam.DeleteSigningCertificateInput, optFns ...func(*Options)) (*iam.DeleteSigningCertificateOutput, error)
// Deletes the specified IAM user. Unlike the Amazon Web Services Management
// Console, when you delete a user programmatically, you must delete the items
// attached to the user manually, or the deletion fails. For more information, see [Deleting an IAM user]
// . Before attempting to delete a user, remove the following items:
//
// - Password ([DeleteLoginProfile] )
//
// - Access keys ([DeleteAccessKey] )
//
// - Signing certificate ([DeleteSigningCertificate] )
//
// - SSH public key ([DeleteSSHPublicKey] )
//
// - Git credentials ([DeleteServiceSpecificCredential] )
//
// - Multi-factor authentication (MFA) device ([DeactivateMFADevice] , [DeleteVirtualMFADevice])
//
// - Inline policies ([DeleteUserPolicy] )
//
// - Attached managed policies ([DetachUserPolicy] )
//
// - Group memberships ([RemoveUserFromGroup] )
//
// [DetachUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
// [DeleteAccessKey]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html
// [DeleteVirtualMFADevice]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html
// [Deleting an IAM user]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli
// [DeleteUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html
// [RemoveUserFromGroup]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html
// [DeleteLoginProfile]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html
// [DeleteServiceSpecificCredential]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html
// [DeleteSigningCertificate]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html
// [DeleteSSHPublicKey]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html
// [DeactivateMFADevice]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html
DeleteUser(ctx context.Context, params *iam.DeleteUserInput, optFns ...func(*Options)) (*iam.DeleteUserOutput, error)
// Deletes the permissions boundary for the specified IAM user.
//
// Deleting the permissions boundary for a user might increase its permissions by
// allowing the user to perform all the actions granted in its permissions
// policies.
DeleteUserPermissionsBoundary(ctx context.Context, params *iam.DeleteUserPermissionsBoundaryInput, optFns ...func(*Options)) (*iam.DeleteUserPermissionsBoundaryOutput, error)
// Deletes the specified inline policy that is embedded in the specified IAM user.
//
// A user can also have managed policies attached to it. To detach a managed
// policy from a user, use [DetachUserPolicy]. For more information about policies, refer to [Managed policies and inline policies] in the
// IAM User Guide.
//
// [DetachUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DeleteUserPolicy(ctx context.Context, params *iam.DeleteUserPolicyInput, optFns ...func(*Options)) (*iam.DeleteUserPolicyOutput, error)
// Deletes a virtual MFA device.
//
// You must deactivate a user's virtual MFA device before you can delete it. For
// information about deactivating MFA devices, see [DeactivateMFADevice].
//
// [DeactivateMFADevice]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html
DeleteVirtualMFADevice(ctx context.Context, params *iam.DeleteVirtualMFADeviceInput, optFns ...func(*Options)) (*iam.DeleteVirtualMFADeviceOutput, error)
// Removes the specified managed policy from the specified IAM group.
//
// A group can also have inline policies embedded with it. To delete an inline
// policy, use [DeleteGroupPolicy]. For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [DeleteGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DetachGroupPolicy(ctx context.Context, params *iam.DetachGroupPolicyInput, optFns ...func(*Options)) (*iam.DetachGroupPolicyOutput, error)
// Removes the specified managed policy from the specified role.
//
// A role can also have inline policies embedded with it. To delete an inline
// policy, use [DeleteRolePolicy]. For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [DeleteRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DetachRolePolicy(ctx context.Context, params *iam.DetachRolePolicyInput, optFns ...func(*Options)) (*iam.DetachRolePolicyOutput, error)
// Removes the specified managed policy from the specified user.
//
// A user can also have inline policies embedded with it. To delete an inline
// policy, use [DeleteUserPolicy]. For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [DeleteUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
DetachUserPolicy(ctx context.Context, params *iam.DetachUserPolicyInput, optFns ...func(*Options)) (*iam.DetachUserPolicyOutput, error)
// Disables the management of privileged root user credentials across member
// accounts in your organization. When you disable this feature, the management
// account and the delegated administrator for IAM can no longer manage root user
// credentials for member accounts in your organization.
DisableOrganizationsRootCredentialsManagement(ctx context.Context, params *iam.DisableOrganizationsRootCredentialsManagementInput, optFns ...func(*Options)) (*iam.DisableOrganizationsRootCredentialsManagementOutput, error)
// Disables root user sessions for privileged tasks across member accounts in your
// organization. When you disable this feature, the management account and the
// delegated administrator for IAM can no longer perform privileged tasks on member
// accounts in your organization.
DisableOrganizationsRootSessions(ctx context.Context, params *iam.DisableOrganizationsRootSessionsInput, optFns ...func(*Options)) (*iam.DisableOrganizationsRootSessionsOutput, error)
// Enables the specified MFA device and associates it with the specified IAM user.
// When enabled, the MFA device is required for every subsequent login by the IAM
// user associated with the device.
EnableMFADevice(ctx context.Context, params *iam.EnableMFADeviceInput, optFns ...func(*Options)) (*iam.EnableMFADeviceOutput, error)
// Enables the management of privileged root user credentials across member
// accounts in your organization. When you enable root credentials management for [centralized root access]
// , the management account and the delegated administrator for IAM can manage root
// user credentials for member accounts in your organization.
//
// Before you enable centralized root access, you must have an account configured
// with the following settings:
//
// - You must manage your Amazon Web Services accounts in [Organizations].
//
// - Enable trusted access for Identity and Access Management in Organizations.
// For details, see [IAM and Organizations]in the Organizations User Guide.
//
// [Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
// [centralized root access]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
// [IAM and Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-iam.html
EnableOrganizationsRootCredentialsManagement(ctx context.Context, params *iam.EnableOrganizationsRootCredentialsManagementInput, optFns ...func(*Options)) (*iam.EnableOrganizationsRootCredentialsManagementOutput, error)
// Allows the management account or delegated administrator to perform privileged
// tasks on member accounts in your organization. For more information, see [Centrally manage root access for member accounts]in the
// Identity and Access Management User Guide.
//
// Before you enable this feature, you must have an account configured with the
// following settings:
//
// - You must manage your Amazon Web Services accounts in [Organizations].
//
// - Enable trusted access for Identity and Access Management in Organizations.
// For details, see [IAM and Organizations]in the Organizations User Guide.
//
// [Centrally manage root access for member accounts]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
// [Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
// [IAM and Organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ra.html
EnableOrganizationsRootSessions(ctx context.Context, params *iam.EnableOrganizationsRootSessionsInput, optFns ...func(*Options)) (*iam.EnableOrganizationsRootSessionsOutput, error)
// Generates a credential report for the Amazon Web Services account. For more
//
// information about the credential report, see [Getting credential reports]in the IAM User Guide.
//
// [Getting credential reports]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
GenerateCredentialReport(ctx context.Context, params *iam.GenerateCredentialReportInput, optFns ...func(*Options)) (*iam.GenerateCredentialReportOutput, error)
// Generates a report for service last accessed data for Organizations. You can
// generate a report for any entities (organization root, organizational unit, or
// account) or policies in your organization.
//
// To call this operation, you must be signed in using your Organizations
// management account credentials. You can use your long-term IAM user or root user
// credentials, or temporary credentials from assuming an IAM role. SCPs must be
// enabled for your organization root. You must have the required IAM and
// Organizations permissions. For more information, see [Refining permissions using service last accessed data]in the IAM User Guide.
//
// You can generate a service last accessed data report for entities by specifying
// only the entity's path. This data includes a list of services that are allowed
// by any service control policies (SCPs) that apply to the entity.
//
// You can generate a service last accessed data report for a policy by specifying
// an entity's path and an optional Organizations policy ID. This data includes a
// list of services that are allowed by the specified SCP.
//
// For each service in both report types, the data includes the most recent
// account activity that the policy allows to account principals in the entity or
// the entity's children. For important information about the data, reporting
// period, permissions required, troubleshooting, and supported Regions see [Reducing permissions using service last accessed data]in the
// IAM User Guide.
//
// The data includes all attempts to access Amazon Web Services, not just the
// successful ones. This includes all attempts that were made using the Amazon Web
// Services Management Console, the Amazon Web Services API through any of the
// SDKs, or any of the command line tools. An unexpected entry in the service last
// accessed data does not mean that an account has been compromised, because the
// request might have been denied. Refer to your CloudTrail logs as the
// authoritative source for information about all API calls and whether they were
// successful or denied access. For more information, see [Logging IAM events with CloudTrail]in the IAM User Guide.
//
// This operation returns a JobId . Use this parameter in the [GetOrganizationsAccessReport] operation to check
// the status of the report generation. To check the status of this request, use
// the JobId parameter in the [GetOrganizationsAccessReport] operation and test the JobStatus response
// parameter. When the job is complete, you can retrieve the report.
//
// To generate a service last accessed data report for entities, specify an entity
// path without specifying the optional Organizations policy ID. The type of entity
// that you specify determines the data returned in the report.
//
// - Root – When you specify the organizations root as the entity, the resulting
// report lists all of the services allowed by SCPs that are attached to your root.
// For each service, the report includes data for all accounts in your organization
// except the management account, because the management account is not limited by
// SCPs.
//
// - OU – When you specify an organizational unit (OU) as the entity, the
// resulting report lists all of the services allowed by SCPs that are attached to
// the OU and its parents. For each service, the report includes data for all
// accounts in the OU or its children. This data excludes the management account,
// because the management account is not limited by SCPs.
//
// - management account – When you specify the management account, the resulting
// report lists all Amazon Web Services services, because the management account is
// not limited by SCPs. For each service, the report includes data for only the
// management account.
//
// - Account – When you specify another account as the entity, the resulting
// report lists all of the services allowed by SCPs that are attached to the
// account and its parents. For each service, the report includes data for only the
// specified account.
//
// To generate a service last accessed data report for policies, specify an entity
// path and the optional Organizations policy ID. The type of entity that you
// specify determines the data returned for each service.
//
// - Root – When you specify the root entity and a policy ID, the resulting
// report lists all of the services that are allowed by the specified SCP. For each
// service, the report includes data for all accounts in your organization to which
// the SCP applies. This data excludes the management account, because the
// management account is not limited by SCPs. If the SCP is not attached to any
// entities in the organization, then the report will return a list of services
// with no data.
//
// - OU – When you specify an OU entity and a policy ID, the resulting report
// lists all of the services that are allowed by the specified SCP. For each
// service, the report includes data for all accounts in the OU or its children to
// which the SCP applies. This means that other accounts outside the OU that are
// affected by the SCP might not be included in the data. This data excludes the
// management account, because the management account is not limited by SCPs. If
// the SCP is not attached to the OU or one of its children, the report will return
// a list of services with no data.
//
// - management account – When you specify the management account, the resulting
// report lists all Amazon Web Services services, because the management account is
// not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is
// ignored. For each service, the report includes data for only the management
// account.
//
// - Account – When you specify another account entity and a policy ID, the
// resulting report lists all of the services that are allowed by the specified
// SCP. For each service, the report includes data for only the specified account.
// This means that other accounts in the organization that are affected by the SCP
// might not be included in the data. If the SCP is not attached to the account,
// the report will return a list of services with no data.
//
// Service last accessed data does not use other policy types when determining
// whether a principal could access a service. These other policy types include
// identity-based policies, resource-based policies, access control lists, IAM
// permissions boundaries, and STS assume role policies. It only applies SCP logic.
// For more about the evaluation of policy types, see [Evaluating policies]in the IAM User Guide.
//
// For more information about service last accessed data, see [Reducing policy scope by viewing user activity] in the IAM User
// Guide.
//
// [Logging IAM events with CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
// [Refining permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
// [Reducing permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
// [GetOrganizationsAccessReport]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOrganizationsAccessReport.html
// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
// [Reducing policy scope by viewing user activity]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
GenerateOrganizationsAccessReport(ctx context.Context, params *iam.GenerateOrganizationsAccessReportInput, optFns ...func(*Options)) (*iam.GenerateOrganizationsAccessReportOutput, error)
// Generates a report that includes details about when an IAM resource (user,
// group, role, or policy) was last used in an attempt to access Amazon Web
// Services services. Recent activity usually appears within four hours. IAM
// reports activity for at least the last 400 days, or less if your Region began
// supporting this feature within the last year. For more information, see [Regions where data is tracked]. For
// more information about services and actions for which action last accessed
// information is displayed, see [IAM action last accessed information services and actions].
//
// The service last accessed data includes all attempts to access an Amazon Web
// Services API, not just the successful ones. This includes all attempts that were
// made using the Amazon Web Services Management Console, the Amazon Web Services
// API through any of the SDKs, or any of the command line tools. An unexpected
// entry in the service last accessed data does not mean that your account has been
// compromised, because the request might have been denied. Refer to your
// CloudTrail logs as the authoritative source for information about all API calls
// and whether they were successful or denied access. For more information, see [Logging IAM events with CloudTrail]in
// the IAM User Guide.
//
// The GenerateServiceLastAccessedDetails operation returns a JobId . Use this
// parameter in the following operations to retrieve the following details from
// your report:
//
// [GetServiceLastAccessedDetails]
// - – Use this operation for users, groups, roles, or policies to list every
// Amazon Web Services service that the resource could access using permissions
// policies. For each service, the response includes information about the most
// recent access attempt.
//
// The JobId returned by GenerateServiceLastAccessedDetail must be used by the same
//
// role within a session, or by the same user when used to call
// GetServiceLastAccessedDetail .
//
// [GetServiceLastAccessedDetailsWithEntities]
// - – Use this operation for groups and policies to list information about the
// associated entities (users or roles) that attempted to access a specific Amazon
// Web Services service.
//
// To check the status of the GenerateServiceLastAccessedDetails request, use the
// JobId parameter in the same operations and test the JobStatus response
// parameter.
//
// For additional information about the permissions policies that allow an
// identity (user, group, or role) to access specific services, use the [ListPoliciesGrantingServiceAccess]operation.
//
// Service last accessed data does not use other policy types when determining
// whether a resource could access a service. These other policy types include
// resource-based policies, access control lists, Organizations policies, IAM
// permissions boundaries, and STS assume role policies. It only applies
// permissions policy logic. For more about the evaluation of policy types, see [Evaluating policies]in
// the IAM User Guide.
//
// For more information about service and action last accessed data, see [Reducing permissions using service last accessed data] in the
// IAM User Guide.
//
// [Logging IAM events with CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
// [GetServiceLastAccessedDetails]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html
// [ListPoliciesGrantingServiceAccess]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html
// [Reducing permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
// [Regions where data is tracked]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
// [GetServiceLastAccessedDetailsWithEntities]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html
// [IAM action last accessed information services and actions]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-action-last-accessed.html
GenerateServiceLastAccessedDetails(ctx context.Context, params *iam.GenerateServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*iam.GenerateServiceLastAccessedDetailsOutput, error)
// Retrieves information about when the specified access key was last used. The
// information includes the date and time of last use, along with the Amazon Web
// Services service and Region that were specified in the last request made with
// that key.
GetAccessKeyLastUsed(ctx context.Context, params *iam.GetAccessKeyLastUsedInput, optFns ...func(*Options)) (*iam.GetAccessKeyLastUsedOutput, error)
// Retrieves information about all IAM users, groups, roles, and policies in your
// Amazon Web Services account, including their relationships to one another. Use
// this operation to obtain a snapshot of the configuration of IAM permissions
// (users, groups, roles, and policies) in your account.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality, and some SDKs do this decoding automatically.
//
// You can optionally filter the results using the Filter parameter. You can
// paginate the results using the MaxItems and Marker parameters.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
GetAccountAuthorizationDetails(ctx context.Context, params *iam.GetAccountAuthorizationDetailsInput, optFns ...func(*Options)) (*iam.GetAccountAuthorizationDetailsOutput, error)
// Retrieves the password policy for the Amazon Web Services account. This tells
// you the complexity requirements and mandatory rotation periods for the IAM user
// passwords in your account. For more information about using a password policy,
// see [Managing an IAM password policy].
//
// [Managing an IAM password policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
GetAccountPasswordPolicy(ctx context.Context, params *iam.GetAccountPasswordPolicyInput, optFns ...func(*Options)) (*iam.GetAccountPasswordPolicyOutput, error)
// Retrieves information about IAM entity usage and IAM quotas in the Amazon Web
// Services account.
//
// For information about IAM quotas, see [IAM and STS quotas] in the IAM User Guide.
//
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
GetAccountSummary(ctx context.Context, params *iam.GetAccountSummaryInput, optFns ...func(*Options)) (*iam.GetAccountSummaryOutput, error)
// Gets a list of all of the context keys referenced in the input policies. The
// policies are supplied as a list of one or more strings. To get the context keys
// from policies associated with an IAM user, group, or role, use [GetContextKeysForPrincipalPolicy].
//
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. Context keys can
// be evaluated by testing against a value specified in an IAM policy. Use
// GetContextKeysForCustomPolicy to understand what key names and values you must
// supply when you call [SimulateCustomPolicy]. Note that all parameters are shown in unencoded form
// here for clarity but must be URL encoded to be included as a part of a real HTML
// request.
//
// [GetContextKeysForPrincipalPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
// [SimulateCustomPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
GetContextKeysForCustomPolicy(ctx context.Context, params *iam.GetContextKeysForCustomPolicyInput, optFns ...func(*Options)) (*iam.GetContextKeysForCustomPolicyOutput, error)
// Gets a list of all of the context keys referenced in all the IAM policies that
// are attached to the specified IAM entity. The entity can be an IAM user, group,
// or role. If you specify a user, then the request also includes all of the
// policies attached to groups that the user is a member of.
//
// You can optionally include a list of one or more additional policies, specified
// as strings. If you want to include only a list of policies by string, use [GetContextKeysForCustomPolicy]
// instead.
//
// Note: This operation discloses information about the permissions granted to
// other users. If you do not want users to see other user's permissions, then
// consider allowing them to use [GetContextKeysForCustomPolicy]instead.
//
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. Context keys can
// be evaluated by testing against a value in an IAM policy. Use [GetContextKeysForPrincipalPolicy]to understand
// what key names and values you must supply when you call [SimulatePrincipalPolicy].
//
// [GetContextKeysForPrincipalPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
// [GetContextKeysForCustomPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html
// [SimulatePrincipalPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html
GetContextKeysForPrincipalPolicy(ctx context.Context, params *iam.GetContextKeysForPrincipalPolicyInput, optFns ...func(*Options)) (*iam.GetContextKeysForPrincipalPolicyOutput, error)
// Retrieves a credential report for the Amazon Web Services account. For more
//
// information about the credential report, see [Getting credential reports]in the IAM User Guide.
//
// [Getting credential reports]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
GetCredentialReport(ctx context.Context, params *iam.GetCredentialReportInput, optFns ...func(*Options)) (*iam.GetCredentialReportOutput, error)
// Returns a list of IAM users that are in the specified IAM group. You can
//
// paginate the results using the MaxItems and Marker parameters.
GetGroup(ctx context.Context, params *iam.GetGroupInput, optFns ...func(*Options)) (*iam.GetGroupOutput, error)
// Retrieves the specified inline policy document that is embedded in the
// specified IAM group.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality, and some SDKs do this decoding automatically.
//
// An IAM group can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a group, use [GetPolicy]to determine the
// policy's default version, then use [GetPolicyVersion]to retrieve the policy document.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [GetPolicyVersion]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
// [GetPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetGroupPolicy(ctx context.Context, params *iam.GetGroupPolicyInput, optFns ...func(*Options)) (*iam.GetGroupPolicyOutput, error)
// Retrieves information about the specified instance profile, including the
//
// instance profile's path, GUID, ARN, and role. For more information about
// instance profiles, see [Using instance profiles]in the IAM User Guide.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
GetInstanceProfile(ctx context.Context, params *iam.GetInstanceProfileInput, optFns ...func(*Options)) (*iam.GetInstanceProfileOutput, error)
// Retrieves the user name for the specified IAM user. A login profile is created
// when you create a password for the user to access the Amazon Web Services
// Management Console. If the user does not exist or does not have a password, the
// operation returns a 404 ( NoSuchEntity ) error.
//
// If you create an IAM user with access to the console, the CreateDate reflects
// the date you created the initial password for the user.
//
// If you create an IAM user with programmatic access, and then later add a
// password for the user to access the Amazon Web Services Management Console, the
// CreateDate reflects the initial password creation date. A user with programmatic
// access does not have a login profile unless you create a password for the user
// to access the Amazon Web Services Management Console.
GetLoginProfile(ctx context.Context, params *iam.GetLoginProfileInput, optFns ...func(*Options)) (*iam.GetLoginProfileOutput, error)
// Retrieves information about an MFA device for a specified user.
GetMFADevice(ctx context.Context, params *iam.GetMFADeviceInput, optFns ...func(*Options)) (*iam.GetMFADeviceOutput, error)
// Returns information about the specified OpenID Connect (OIDC) provider resource
// object in IAM.
GetOpenIDConnectProvider(ctx context.Context, params *iam.GetOpenIDConnectProviderInput, optFns ...func(*Options)) (*iam.GetOpenIDConnectProviderOutput, error)
// Retrieves the service last accessed data report for Organizations that was
// previously generated using the [GenerateOrganizationsAccessReport]operation. This operation retrieves the status
// of your report job and the report contents.
//
// Depending on the parameters that you passed when you generated the report, the
// data returned could include different information. For details, see [GenerateOrganizationsAccessReport].
//
// To call this operation, you must be signed in to the management account in your
// organization. SCPs must be enabled for your organization root. You must have
// permissions to perform this operation. For more information, see [Refining permissions using service last accessed data]in the IAM
// User Guide.
//
// For each service that principals in an account (root user, IAM users, or IAM
// roles) could access using SCPs, the operation returns details about the most
// recent access attempt. If there was no attempt, the service is listed without
// details about the most recent attempt to access the service. If the operation
// fails, it returns the reason that it failed.
//
// By default, the list is sorted by service namespace.
//
// [GenerateOrganizationsAccessReport]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html
// [Refining permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
GetOrganizationsAccessReport(ctx context.Context, params *iam.GetOrganizationsAccessReportInput, optFns ...func(*Options)) (*iam.GetOrganizationsAccessReportOutput, error)
// Retrieves information about the specified managed policy, including the
// policy's default version and the total number of IAM users, groups, and roles to
// which the policy is attached. To retrieve the list of the specific users,
// groups, and roles that the policy is attached to, use [ListEntitiesForPolicy]. This operation returns
// metadata about the policy. To retrieve the actual policy document for a specific
// version of the policy, use [GetPolicyVersion].
//
// This operation retrieves information about managed policies. To retrieve
// information about an inline policy that is embedded with an IAM user, group, or
// role, use [GetUserPolicy], [GetGroupPolicy], or [GetRolePolicy].
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [ListEntitiesForPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
// [GetRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html
// [GetPolicyVersion]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
// [GetGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html
// [GetUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetPolicy(ctx context.Context, params *iam.GetPolicyInput, optFns ...func(*Options)) (*iam.GetPolicyOutput, error)
// Retrieves information about the specified version of the specified managed
// policy, including the policy document.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality, and some SDKs do this decoding automatically.
//
// To list the available versions for a policy, use [ListPolicyVersions].
//
// This operation retrieves information about managed policies. To retrieve
// information about an inline policy that is embedded in a user, group, or role,
// use [GetUserPolicy], [GetGroupPolicy], or [GetRolePolicy].
//
// For more information about the types of policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For more information about managed policy versions, see [Versioning for managed policies] in the IAM User Guide.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [GetRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html
// [GetGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html
// [GetUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html
// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
// [ListPolicyVersions]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetPolicyVersion(ctx context.Context, params *iam.GetPolicyVersionInput, optFns ...func(*Options)) (*iam.GetPolicyVersionOutput, error)
// Retrieves information about the specified role, including the role's path,
// GUID, ARN, and the role's trust policy that grants permission to assume the
// role. For more information about roles, see [IAM roles]in the IAM User Guide.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality, and some SDKs do this decoding automatically.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
GetRole(ctx context.Context, params *iam.GetRoleInput, optFns ...func(*Options)) (*iam.GetRoleOutput, error)
// Retrieves the specified inline policy document that is embedded with the
// specified IAM role.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality, and some SDKs do this decoding automatically.
//
// An IAM role can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a role, use [GetPolicy]to determine the
// policy's default version, then use [GetPolicyVersion]to retrieve the policy document.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For more information about roles, see [IAM roles] in the IAM User Guide.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
// [GetPolicyVersion]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
// [GetPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetRolePolicy(ctx context.Context, params *iam.GetRolePolicyInput, optFns ...func(*Options)) (*iam.GetRolePolicyOutput, error)
// Returns the SAML provider metadocument that was uploaded when the IAM SAML
// provider resource object was created or updated.
//
// This operation requires [Signature Version 4].
//
// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
GetSAMLProvider(ctx context.Context, params *iam.GetSAMLProviderInput, optFns ...func(*Options)) (*iam.GetSAMLProviderOutput, error)
// Retrieves the specified SSH public key, including metadata about the key.
//
// The SSH public key retrieved by this operation is used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information about
// using SSH keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the
// CodeCommit User Guide.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
GetSSHPublicKey(ctx context.Context, params *iam.GetSSHPublicKeyInput, optFns ...func(*Options)) (*iam.GetSSHPublicKeyOutput, error)
// Retrieves information about the specified server certificate stored in IAM.
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic includes a list of Amazon Web Services services that can
// use the server certificates that you manage with IAM.
//
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
GetServerCertificate(ctx context.Context, params *iam.GetServerCertificateInput, optFns ...func(*Options)) (*iam.GetServerCertificateOutput, error)
// Retrieves a service last accessed report that was created using the
// GenerateServiceLastAccessedDetails operation. You can use the JobId parameter
// in GetServiceLastAccessedDetails to retrieve the status of your report job.
// When the report is complete, you can retrieve the generated report. The report
// includes a list of Amazon Web Services services that the resource (user, group,
// role, or managed policy) can access.
//
// Service last accessed data does not use other policy types when determining
// whether a resource could access a service. These other policy types include
// resource-based policies, access control lists, Organizations policies, IAM
// permissions boundaries, and STS assume role policies. It only applies
// permissions policy logic. For more about the evaluation of policy types, see [Evaluating policies]in
// the IAM User Guide.
//
// For each service that the resource could access using permissions policies, the
// operation returns details about the most recent access attempt. If there was no
// attempt, the service is listed without details about the most recent attempt to
// access the service. If the operation fails, the GetServiceLastAccessedDetails
// operation returns the reason that it failed.
//
// The GetServiceLastAccessedDetails operation returns a list of services. This
// list includes the number of entities that have attempted to access the service
// and the date and time of the last attempt. It also returns the ARN of the
// following entity, depending on the resource ARN that you used to generate the
// report:
//
// - User – Returns the user ARN that you used to generate the report
//
// - Group – Returns the ARN of the group member (user) that last attempted to
// access the service
//
// - Role – Returns the role ARN that you used to generate the report
//
// - Policy – Returns the ARN of the user or role that last used the policy to
// attempt to access the service
//
// By default, the list is sorted by service namespace.
//
// If you specified ACTION_LEVEL granularity when you generated the report, this
// operation returns service and action last accessed data. This includes the most
// recent access attempt for each tracked action within a service. Otherwise, this
// operation returns only service data.
//
// For more information about service and action last accessed data, see [Reducing permissions using service last accessed data] in the
// IAM User Guide.
//
// [Reducing permissions using service last accessed data]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
GetServiceLastAccessedDetails(ctx context.Context, params *iam.GetServiceLastAccessedDetailsInput, optFns ...func(*Options)) (*iam.GetServiceLastAccessedDetailsOutput, error)
// After you generate a group or policy report using the
// GenerateServiceLastAccessedDetails operation, you can use the JobId parameter
// in GetServiceLastAccessedDetailsWithEntities . This operation retrieves the
// status of your report job and a list of entities that could have used group or
// policy permissions to access the specified service.
//
// - Group – For a group report, this operation returns a list of users in the
// group that could have used the group’s policies in an attempt to access the
// service.
//
// - Policy – For a policy report, this operation returns a list of entities
// (users or roles) that could have used the policy in an attempt to access the
// service.
//
// You can also use this operation for user or role reports to retrieve details
// about those entities.
//
// If the operation fails, the GetServiceLastAccessedDetailsWithEntities operation
// returns the reason that it failed.
//
// By default, the list of associated entities is sorted by date, with the most
// recent access listed first.
GetServiceLastAccessedDetailsWithEntities(ctx context.Context, params *iam.GetServiceLastAccessedDetailsWithEntitiesInput, optFns ...func(*Options)) (*iam.GetServiceLastAccessedDetailsWithEntitiesOutput, error)
// Retrieves the status of your service-linked role deletion. After you use [DeleteServiceLinkedRole] to
// submit a service-linked role for deletion, you can use the DeletionTaskId
// parameter in GetServiceLinkedRoleDeletionStatus to check the status of the
// deletion. If the deletion fails, this operation returns the reason that it
// failed, if that information is returned by the service.
//
// [DeleteServiceLinkedRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html
GetServiceLinkedRoleDeletionStatus(ctx context.Context, params *iam.GetServiceLinkedRoleDeletionStatusInput, optFns ...func(*Options)) (*iam.GetServiceLinkedRoleDeletionStatusOutput, error)
// Retrieves information about the specified IAM user, including the user's
// creation date, path, unique ID, and ARN.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID used to sign the request to this
// operation.
GetUser(ctx context.Context, params *iam.GetUserInput, optFns ...func(*Options)) (*iam.GetUserOutput, error)
// Retrieves the specified inline policy document that is embedded in the
// specified IAM user.
//
// Policies returned by this operation are URL-encoded compliant with [RFC 3986]. You can
// use a URL decoding method to convert the policy back to plain JSON text. For
// example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality, and some SDKs do this decoding automatically.
//
// An IAM user can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a user, use [GetPolicy]to determine the
// policy's default version. Then use [GetPolicyVersion]to retrieve the policy document.
//
// For more information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [RFC 3986]: https://tools.ietf.org/html/rfc3986
// [GetPolicyVersion]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
// [GetPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
GetUserPolicy(ctx context.Context, params *iam.GetUserPolicyInput, optFns ...func(*Options)) (*iam.GetUserPolicyOutput, error)
// Returns information about the access key IDs associated with the specified IAM
// user. If there is none, the operation returns an empty list.
//
// Although each user is limited to a small number of keys, you can still paginate
// the results using the MaxItems and Marker parameters.
//
// If the UserName is not specified, the user name is determined implicitly based
// on the Amazon Web Services access key ID used to sign the request. If a
// temporary access key is used, then UserName is required. If a long-term key is
// assigned to the user, then UserName is not required.
//
// This operation works for access keys under the Amazon Web Services account. If
// the Amazon Web Services account has no associated users, the root user returns
// it's own access key IDs by running this command.
//
// To ensure the security of your Amazon Web Services account, the secret access
// key is accessible only during key and user creation.
ListAccessKeys(ctx context.Context, params *iam.ListAccessKeysInput, optFns ...func(*Options)) (*iam.ListAccessKeysOutput, error)
// Lists the account alias associated with the Amazon Web Services account (Note:
// you can have only one). For information about using an Amazon Web Services
// account alias, see [Creating, deleting, and listing an Amazon Web Services account alias]in the IAM User Guide.
//
// [Creating, deleting, and listing an Amazon Web Services account alias]: https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html#CreateAccountAlias
ListAccountAliases(ctx context.Context, params *iam.ListAccountAliasesInput, optFns ...func(*Options)) (*iam.ListAccountAliasesOutput, error)
// Lists all managed policies that are attached to the specified IAM group.
//
// An IAM group can also have inline policies embedded with it. To list the inline
// policies for a group, use [ListGroupPolicies]. For information about policies, see [Managed policies and inline policies] in the IAM
// User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You can
// use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to the
// specified group (or none that match the specified path prefix), the operation
// returns an empty list.
//
// [ListGroupPolicies]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListAttachedGroupPolicies(ctx context.Context, params *iam.ListAttachedGroupPoliciesInput, optFns ...func(*Options)) (*iam.ListAttachedGroupPoliciesOutput, error)
// Lists all managed policies that are attached to the specified IAM role.
//
// An IAM role can also have inline policies embedded with it. To list the inline
// policies for a role, use [ListRolePolicies]. For information about policies, see [Managed policies and inline policies] in the IAM User
// Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You can
// use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to the
// specified role (or none that match the specified path prefix), the operation
// returns an empty list.
//
// [ListRolePolicies]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListAttachedRolePolicies(ctx context.Context, params *iam.ListAttachedRolePoliciesInput, optFns ...func(*Options)) (*iam.ListAttachedRolePoliciesOutput, error)
// Lists all managed policies that are attached to the specified IAM user.
//
// An IAM user can also have inline policies embedded with it. To list the inline
// policies for a user, use [ListUserPolicies]. For information about policies, see [Managed policies and inline policies] in the IAM User
// Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You can
// use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to the
// specified group (or none that match the specified path prefix), the operation
// returns an empty list.
//
// [ListUserPolicies]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListAttachedUserPolicies(ctx context.Context, params *iam.ListAttachedUserPoliciesInput, optFns ...func(*Options)) (*iam.ListAttachedUserPoliciesOutput, error)
// Lists all IAM users, groups, and roles that the specified managed policy is
// attached to.
//
// You can use the optional EntityFilter parameter to limit the results to a
// particular type of entity (users, groups, or roles). For example, to list only
// the roles that are attached to the specified policy, set EntityFilter to Role .
//
// You can paginate the results using the MaxItems and Marker parameters.
ListEntitiesForPolicy(ctx context.Context, params *iam.ListEntitiesForPolicyInput, optFns ...func(*Options)) (*iam.ListEntitiesForPolicyOutput, error)
// Lists the names of the inline policies that are embedded in the specified IAM
// group.
//
// An IAM group can also have managed policies attached to it. To list the managed
// policies that are attached to a group, use [ListAttachedGroupPolicies]. For more information about
// policies, see [Managed policies and inline policies]in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If there
// are no inline policies embedded with the specified group, the operation returns
// an empty list.
//
// [ListAttachedGroupPolicies]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListGroupPolicies(ctx context.Context, params *iam.ListGroupPoliciesInput, optFns ...func(*Options)) (*iam.ListGroupPoliciesOutput, error)
// Lists the IAM groups that have the specified path prefix.
//
// You can paginate the results using the MaxItems and Marker parameters.
ListGroups(ctx context.Context, params *iam.ListGroupsInput, optFns ...func(*Options)) (*iam.ListGroupsOutput, error)
// Lists the IAM groups that the specified IAM user belongs to.
//
// You can paginate the results using the MaxItems and Marker parameters.
ListGroupsForUser(ctx context.Context, params *iam.ListGroupsForUserInput, optFns ...func(*Options)) (*iam.ListGroupsForUserOutput, error)
// Lists the tags that are attached to the specified IAM instance profile. The
// returned list of tags is sorted by tag key. For more information about tagging,
// see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListInstanceProfileTags(ctx context.Context, params *iam.ListInstanceProfileTagsInput, optFns ...func(*Options)) (*iam.ListInstanceProfileTagsOutput, error)
// Lists the instance profiles that have the specified path prefix. If there are
// none, the operation returns an empty list. For more information about instance
// profiles, see [Using instance profiles]in the IAM User Guide.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view all of the information for an
// instance profile, see [GetInstanceProfile].
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
// [GetInstanceProfile]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html
ListInstanceProfiles(ctx context.Context, params *iam.ListInstanceProfilesInput, optFns ...func(*Options)) (*iam.ListInstanceProfilesOutput, error)
// Lists the instance profiles that have the specified associated IAM role. If
// there are none, the operation returns an empty list. For more information about
// instance profiles, go to [Using instance profiles]in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
ListInstanceProfilesForRole(ctx context.Context, params *iam.ListInstanceProfilesForRoleInput, optFns ...func(*Options)) (*iam.ListInstanceProfilesForRoleOutput, error)
// Lists the tags that are attached to the specified IAM virtual multi-factor
// authentication (MFA) device. The returned list of tags is sorted by tag key. For
// more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListMFADeviceTags(ctx context.Context, params *iam.ListMFADeviceTagsInput, optFns ...func(*Options)) (*iam.ListMFADeviceTagsOutput, error)
// Lists the MFA devices for an IAM user. If the request includes a IAM user name,
// then this operation lists all the MFA devices associated with the specified
// user. If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request for this
// operation.
//
// You can paginate the results using the MaxItems and Marker parameters.
ListMFADevices(ctx context.Context, params *iam.ListMFADevicesInput, optFns ...func(*Options)) (*iam.ListMFADevicesOutput, error)
// Lists the tags that are attached to the specified OpenID Connect
// (OIDC)-compatible identity provider. The returned list of tags is sorted by tag
// key. For more information, see [About web identity federation].
//
// For more information about tagging, see [Tagging IAM resources] in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
ListOpenIDConnectProviderTags(ctx context.Context, params *iam.ListOpenIDConnectProviderTagsInput, optFns ...func(*Options)) (*iam.ListOpenIDConnectProviderTagsOutput, error)
// Lists information about the IAM OpenID Connect (OIDC) provider resource objects
// defined in the Amazon Web Services account.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view all of the information for an
// OIDC provider, see [GetOpenIDConnectProvider].
//
// [GetOpenIDConnectProvider]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html
ListOpenIDConnectProviders(ctx context.Context, params *iam.ListOpenIDConnectProvidersInput, optFns ...func(*Options)) (*iam.ListOpenIDConnectProvidersOutput, error)
// Lists the centralized root access features enabled for your organization. For
// more information, see [Centrally manage root access for member accounts].
//
// [Centrally manage root access for member accounts]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
ListOrganizationsFeatures(ctx context.Context, params *iam.ListOrganizationsFeaturesInput, optFns ...func(*Options)) (*iam.ListOrganizationsFeaturesOutput, error)
// Lists all the managed policies that are available in your Amazon Web Services
// account, including your own customer-defined managed policies and all Amazon Web
// Services managed policies.
//
// You can filter the list of policies that is returned using the optional
// OnlyAttached , Scope , and PathPrefix parameters. For example, to list only the
// customer managed policies in your Amazon Web Services account, set Scope to
// Local . To list only Amazon Web Services managed policies, set Scope to AWS .
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// For more information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view all of the information for a
// customer manged policy, see [GetPolicy].
//
// [GetPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListPolicies(ctx context.Context, params *iam.ListPoliciesInput, optFns ...func(*Options)) (*iam.ListPoliciesOutput, error)
// Retrieves a list of policies that the IAM identity (user, group, or role) can
// use to access each specified service.
//
// This operation does not use other policy types when determining whether a
// resource could access a service. These other policy types include resource-based
// policies, access control lists, Organizations policies, IAM permissions
// boundaries, and STS assume role policies. It only applies permissions policy
// logic. For more about the evaluation of policy types, see [Evaluating policies]in the IAM User Guide.
//
// The list of policies returned by the operation depends on the ARN of the
// identity that you provide.
//
// - User – The list of policies includes the managed and inline policies that
// are attached to the user directly. The list also includes any additional managed
// and inline policies that are attached to the group to which the user belongs.
//
// - Group – The list of policies includes only the managed and inline policies
// that are attached to the group directly. Policies that are attached to the
// group’s user are not included.
//
// - Role – The list of policies includes only the managed and inline policies
// that are attached to the role.
//
// For each managed policy, this operation returns the ARN and policy name. For
// each inline policy, it returns the policy name and the entity to which it is
// attached. Inline policies do not have an ARN. For more information about these
// policy types, see [Managed policies and inline policies]in the IAM User Guide.
//
// Policies that are attached to users and roles as permissions boundaries are not
// returned. To view which managed policy is currently used to set the permissions
// boundary for a user or role, use the [GetUser]or [GetRole] operations.
//
// [GetRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html
// [Evaluating policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
// [GetUser]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html
ListPoliciesGrantingServiceAccess(ctx context.Context, params *iam.ListPoliciesGrantingServiceAccessInput, optFns ...func(*Options)) (*iam.ListPoliciesGrantingServiceAccessOutput, error)
// Lists the tags that are attached to the specified IAM customer managed policy.
// The returned list of tags is sorted by tag key. For more information about
// tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListPolicyTags(ctx context.Context, params *iam.ListPolicyTagsInput, optFns ...func(*Options)) (*iam.ListPolicyTagsOutput, error)
// Lists information about the versions of the specified managed policy, including
// the version that is currently set as the policy's default version.
//
// For more information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListPolicyVersions(ctx context.Context, params *iam.ListPolicyVersionsInput, optFns ...func(*Options)) (*iam.ListPolicyVersionsOutput, error)
// Lists the names of the inline policies that are embedded in the specified IAM
// role.
//
// An IAM role can also have managed policies attached to it. To list the managed
// policies that are attached to a role, use [ListAttachedRolePolicies]. For more information about
// policies, see [Managed policies and inline policies]in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If there
// are no inline policies embedded with the specified role, the operation returns
// an empty list.
//
// [ListAttachedRolePolicies]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListRolePolicies(ctx context.Context, params *iam.ListRolePoliciesInput, optFns ...func(*Options)) (*iam.ListRolePoliciesOutput, error)
// Lists the tags that are attached to the specified role. The returned list of
// tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources]in the IAM
// User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListRoleTags(ctx context.Context, params *iam.ListRoleTagsInput, optFns ...func(*Options)) (*iam.ListRoleTagsOutput, error)
// Lists the IAM roles that have the specified path prefix. If there are none, the
// operation returns an empty list. For more information about roles, see [IAM roles]in the
// IAM User Guide.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. This operation does not return the following attributes, even
// though they are an attribute of the returned object:
//
// - PermissionsBoundary
//
// - RoleLastUsed
//
// - Tags
//
// To view all of the information for a role, see [GetRole].
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// [GetRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
ListRoles(ctx context.Context, params *iam.ListRolesInput, optFns ...func(*Options)) (*iam.ListRolesOutput, error)
// Lists the tags that are attached to the specified Security Assertion Markup
// Language (SAML) identity provider. The returned list of tags is sorted by tag
// key. For more information, see [About SAML 2.0-based federation].
//
// For more information about tagging, see [Tagging IAM resources] in the IAM User Guide.
//
// [About SAML 2.0-based federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListSAMLProviderTags(ctx context.Context, params *iam.ListSAMLProviderTagsInput, optFns ...func(*Options)) (*iam.ListSAMLProviderTagsOutput, error)
// Lists the SAML provider resource objects defined in IAM in the account. IAM
// resource-listing operations return a subset of the available attributes for the
// resource. For example, this operation does not return tags, even though they are
// an attribute of the returned object. To view all of the information for a SAML
// provider, see [GetSAMLProvider].
//
// This operation requires [Signature Version 4].
//
// [Signature Version 4]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
// [GetSAMLProvider]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html
ListSAMLProviders(ctx context.Context, params *iam.ListSAMLProvidersInput, optFns ...func(*Options)) (*iam.ListSAMLProvidersOutput, error)
// Returns information about the SSH public keys associated with the specified IAM
// user. If none exists, the operation returns an empty list.
//
// The SSH public keys returned by this operation are used only for authenticating
// the IAM user to an CodeCommit repository. For more information about using SSH
// keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the CodeCommit User
// Guide.
//
// Although each user is limited to a small number of keys, you can still paginate
// the results using the MaxItems and Marker parameters.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
ListSSHPublicKeys(ctx context.Context, params *iam.ListSSHPublicKeysInput, optFns ...func(*Options)) (*iam.ListSSHPublicKeysOutput, error)
// Lists the tags that are attached to the specified IAM server certificate. The
// returned list of tags is sorted by tag key. For more information about tagging,
// see [Tagging IAM resources]in the IAM User Guide.
//
// For certificates in a Region supported by Certificate Manager (ACM), we
// recommend that you don't use IAM server certificates. Instead, use ACM to
// provision, manage, and deploy your server certificates. For more information
// about IAM server certificates, [Working with server certificates]in the IAM User Guide.
//
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListServerCertificateTags(ctx context.Context, params *iam.ListServerCertificateTagsInput, optFns ...func(*Options)) (*iam.ListServerCertificateTagsOutput, error)
// Lists the server certificates stored in IAM that have the specified path
// prefix. If none exist, the operation returns an empty list.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic also includes a list of Amazon Web Services services that
// can use the server certificates that you manage with IAM.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view all of the information for a
// servercertificate, see [GetServerCertificate].
//
// [GetServerCertificate]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
ListServerCertificates(ctx context.Context, params *iam.ListServerCertificatesInput, optFns ...func(*Options)) (*iam.ListServerCertificatesOutput, error)
// Returns information about the service-specific credentials associated with the
// specified IAM user. If none exists, the operation returns an empty list. The
// service-specific credentials returned by this operation are used only for
// authenticating the IAM user to a specific service. For more information about
// using service-specific credentials to authenticate to an Amazon Web Services
// service, see [Set up service-specific credentials]in the CodeCommit User Guide.
//
// [Set up service-specific credentials]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html
ListServiceSpecificCredentials(ctx context.Context, params *iam.ListServiceSpecificCredentialsInput, optFns ...func(*Options)) (*iam.ListServiceSpecificCredentialsOutput, error)
// Returns information about the signing certificates associated with the
// specified IAM user. If none exists, the operation returns an empty list.
//
// Although each user is limited to a small number of signing certificates, you
// can still paginate the results using the MaxItems and Marker parameters.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request for this
// operation. This operation works for access keys under the Amazon Web Services
// account. Consequently, you can use this operation to manage Amazon Web Services
// account root user credentials even if the Amazon Web Services account has no
// associated users.
ListSigningCertificates(ctx context.Context, params *iam.ListSigningCertificatesInput, optFns ...func(*Options)) (*iam.ListSigningCertificatesOutput, error)
// Lists the names of the inline policies embedded in the specified IAM user.
//
// An IAM user can also have managed policies attached to it. To list the managed
// policies that are attached to a user, use [ListAttachedUserPolicies]. For more information about
// policies, see [Managed policies and inline policies]in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If there
// are no inline policies embedded with the specified user, the operation returns
// an empty list.
//
// [ListAttachedUserPolicies]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
ListUserPolicies(ctx context.Context, params *iam.ListUserPoliciesInput, optFns ...func(*Options)) (*iam.ListUserPoliciesOutput, error)
// Lists the tags that are attached to the specified IAM user. The returned list
// of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources]in the
// IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
ListUserTags(ctx context.Context, params *iam.ListUserTagsInput, optFns ...func(*Options)) (*iam.ListUserTagsOutput, error)
// Lists the IAM users that have the specified path prefix. If no path prefix is
// specified, the operation returns all users in the Amazon Web Services account.
// If there are none, the operation returns an empty list.
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. This operation does not return the following attributes, even
// though they are an attribute of the returned object:
//
// - PermissionsBoundary
//
// - Tags
//
// To view all of the information for a user, see [GetUser].
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// [GetUser]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html
ListUsers(ctx context.Context, params *iam.ListUsersInput, optFns ...func(*Options)) (*iam.ListUsersOutput, error)
// Lists the virtual MFA devices defined in the Amazon Web Services account by
// assignment status. If you do not specify an assignment status, the operation
// returns a list of all virtual MFA devices. Assignment status can be Assigned ,
// Unassigned , or Any .
//
// IAM resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though they
// are an attribute of the returned object. To view tag information for a virtual
// MFA device, see [ListMFADeviceTags].
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// [ListMFADeviceTags]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html
ListVirtualMFADevices(ctx context.Context, params *iam.ListVirtualMFADevicesInput, optFns ...func(*Options)) (*iam.ListVirtualMFADevicesOutput, error)
// Adds or updates an inline policy document that is embedded in the specified IAM
// group.
//
// A user can also have managed policies attached to it. To attach a managed
// policy to a group, use [AttachGroupPolicy]AttachGroupPolicy . To create a new managed policy, use [CreatePolicy]
// CreatePolicy . For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For information about the maximum number of inline policies that you can embed
// in a group, see [IAM and STS quotas]in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET when
// calling PutGroupPolicy . For general information about using the Query API with
// IAM, see [Making query requests]in the IAM User Guide.
//
// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
// [AttachGroupPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
PutGroupPolicy(ctx context.Context, params *iam.PutGroupPolicyInput, optFns ...func(*Options)) (*iam.PutGroupPolicyOutput, error)
// Adds or updates the policy that is specified as the IAM role's permissions
// boundary. You can use an Amazon Web Services managed policy or a customer
// managed policy to set the boundary for a role. Use the boundary to control the
// maximum permissions that the role can have. Setting a permissions boundary is an
// advanced feature that can affect the permissions for the role.
//
// You cannot set the boundary for a service-linked role.
//
// Policies used as permissions boundaries do not provide permissions. You must
// also attach a permissions policy to the role. To learn how the effective
// permissions for a role are evaluated, see [IAM JSON policy evaluation logic]in the IAM User Guide.
//
// [IAM JSON policy evaluation logic]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
PutRolePermissionsBoundary(ctx context.Context, params *iam.PutRolePermissionsBoundaryInput, optFns ...func(*Options)) (*iam.PutRolePermissionsBoundaryOutput, error)
// Adds or updates an inline policy document that is embedded in the specified IAM
// role.
//
// When you embed an inline policy in a role, the inline policy is used as part of
// the role's access (permissions) policy. The role's trust policy is created at
// the same time as the role, using [CreateRole]CreateRole . You can update a role's trust
// policy using [UpdateAssumeRolePolicy]UpdateAssumeRolePolicy . For more information about roles, see [IAM roles] in
// the IAM User Guide.
//
// A role can also have a managed policy attached to it. To attach a managed
// policy to a role, use [AttachRolePolicy]AttachRolePolicy . To create a new managed policy, use [CreatePolicy]
// CreatePolicy . For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For information about the maximum number of inline policies that you can embed
// with a role, see [IAM and STS quotas]in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET when
// calling PutRolePolicy . For general information about using the Query API with
// IAM, see [Making query requests]in the IAM User Guide.
//
// [UpdateAssumeRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
// [AttachRolePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html
// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
// [CreateRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
PutRolePolicy(ctx context.Context, params *iam.PutRolePolicyInput, optFns ...func(*Options)) (*iam.PutRolePolicyOutput, error)
// Adds or updates the policy that is specified as the IAM user's permissions
// boundary. You can use an Amazon Web Services managed policy or a customer
// managed policy to set the boundary for a user. Use the boundary to control the
// maximum permissions that the user can have. Setting a permissions boundary is an
// advanced feature that can affect the permissions for the user.
//
// Policies that are used as permissions boundaries do not provide permissions.
// You must also attach a permissions policy to the user. To learn how the
// effective permissions for a user are evaluated, see [IAM JSON policy evaluation logic]in the IAM User Guide.
//
// [IAM JSON policy evaluation logic]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
PutUserPermissionsBoundary(ctx context.Context, params *iam.PutUserPermissionsBoundaryInput, optFns ...func(*Options)) (*iam.PutUserPermissionsBoundaryOutput, error)
// Adds or updates an inline policy document that is embedded in the specified IAM
// user.
//
// An IAM user can also have a managed policy attached to it. To attach a managed
// policy to a user, use [AttachUserPolicy]AttachUserPolicy . To create a new managed policy, use [CreatePolicy]
// CreatePolicy . For information about policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// For information about the maximum number of inline policies that you can embed
// in a user, see [IAM and STS quotas]in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET when
// calling PutUserPolicy . For general information about using the Query API with
// IAM, see [Making query requests]in the IAM User Guide.
//
// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
// [AttachUserPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
PutUserPolicy(ctx context.Context, params *iam.PutUserPolicyInput, optFns ...func(*Options)) (*iam.PutUserPolicyOutput, error)
// Removes the specified client ID (also known as audience) from the list of
// client IDs registered for the specified IAM OpenID Connect (OIDC) provider
// resource object.
//
// This operation is idempotent; it does not fail or return an error if you try to
// remove a client ID that does not exist.
RemoveClientIDFromOpenIDConnectProvider(ctx context.Context, params *iam.RemoveClientIDFromOpenIDConnectProviderInput, optFns ...func(*Options)) (*iam.RemoveClientIDFromOpenIDConnectProviderOutput, error)
// Removes the specified IAM role from the specified Amazon EC2 instance profile.
//
// Make sure that you do not have any Amazon EC2 instances running with the role
// you are about to remove from the instance profile. Removing a role from an
// instance profile that is associated with a running instance might break any
// applications running on the instance.
//
// For more information about roles, see [IAM roles] in the IAM User Guide. For more
// information about instance profiles, see [Using instance profiles]in the IAM User Guide.
//
// [Using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
// [IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
RemoveRoleFromInstanceProfile(ctx context.Context, params *iam.RemoveRoleFromInstanceProfileInput, optFns ...func(*Options)) (*iam.RemoveRoleFromInstanceProfileOutput, error)
// Removes the specified user from the specified group.
RemoveUserFromGroup(ctx context.Context, params *iam.RemoveUserFromGroupInput, optFns ...func(*Options)) (*iam.RemoveUserFromGroupOutput, error)
// Resets the password for a service-specific credential. The new password is
// Amazon Web Services generated and cryptographically strong. It cannot be
// configured by the user. Resetting the password immediately invalidates the
// previous password associated with this user.
ResetServiceSpecificCredential(ctx context.Context, params *iam.ResetServiceSpecificCredentialInput, optFns ...func(*Options)) (*iam.ResetServiceSpecificCredentialOutput, error)
// Synchronizes the specified MFA device with its IAM resource object on the
// Amazon Web Services servers.
//
// For more information about creating and working with virtual MFA devices, see [Using a virtual MFA device]
// in the IAM User Guide.
//
// [Using a virtual MFA device]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
ResyncMFADevice(ctx context.Context, params *iam.ResyncMFADeviceInput, optFns ...func(*Options)) (*iam.ResyncMFADeviceOutput, error)
// Sets the specified version of the specified policy as the policy's default
// (operative) version.
//
// This operation affects all users, groups, and roles that the policy is attached
// to. To list the users, groups, and roles that the policy is attached to, use [ListEntitiesForPolicy].
//
// For information about managed policies, see [Managed policies and inline policies] in the IAM User Guide.
//
// [ListEntitiesForPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
SetDefaultPolicyVersion(ctx context.Context, params *iam.SetDefaultPolicyVersionInput, optFns ...func(*Options)) (*iam.SetDefaultPolicyVersionOutput, error)
// Sets the specified version of the global endpoint token as the token version
// used for the Amazon Web Services account.
//
// By default, Security Token Service (STS) is available as a global service, and
// all STS requests go to a single endpoint at https://sts.amazonaws.com . Amazon
// Web Services recommends using Regional STS endpoints to reduce latency, build in
// redundancy, and increase session token availability. For information about
// Regional endpoints for STS, see [Security Token Service endpoints and quotas]in the Amazon Web Services General Reference.
//
// If you make an STS call to the global endpoint, the resulting session tokens
// might be valid in some Regions but not others. It depends on the version that is
// set in this operation. Version 1 tokens are valid only in Amazon Web Services
// Regions that are available by default. These tokens do not work in manually
// enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in
// all Regions. However, version 2 tokens are longer and might affect systems where
// you temporarily store tokens. For information, see [Activating and deactivating STS in an Amazon Web Services Region]in the IAM User Guide.
//
// To view the current session token version, see the GlobalEndpointTokenVersion
// entry in the response of the [GetAccountSummary]operation.
//
// [Activating and deactivating STS in an Amazon Web Services Region]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
// [GetAccountSummary]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html
// [Security Token Service endpoints and quotas]: https://docs.aws.amazon.com/general/latest/gr/sts.html
SetSecurityTokenServicePreferences(ctx context.Context, params *iam.SetSecurityTokenServicePreferencesInput, optFns ...func(*Options)) (*iam.SetSecurityTokenServicePreferencesOutput, error)
// Simulate how a set of IAM policies and optionally a resource-based policy works
// with a list of API operations and Amazon Web Services resources to determine the
// policies' effective permissions. The policies are provided as strings.
//
// The simulation does not perform the API operations; it only checks the
// authorization to determine if the simulated policies allow or deny the
// operations. You can simulate resources that don't exist in your account.
//
// If you want to simulate existing policies that are attached to an IAM user,
// group, or role, use [SimulatePrincipalPolicy]instead.
//
// Context keys are variables that are maintained by Amazon Web Services and its
// services and which provide details about the context of an API query request.
// You can use the Condition element of an IAM policy to evaluate context keys. To
// get the list of context keys that the policies require for correct simulation,
// use [GetContextKeysForCustomPolicy].
//
// If the output is long, you can use MaxItems and Marker parameters to paginate
// the results.
//
// The IAM policy simulator evaluates statements in the identity-based policy and
// the inputs that you provide during simulation. The policy simulator results can
// differ from your live Amazon Web Services environment. We recommend that you
// check your policies against your live Amazon Web Services environment after
// testing using the policy simulator to confirm that you have the desired results.
// For more information about using the policy simulator, see [Testing IAM policies with the IAM policy simulator]in the IAM User
// Guide.
//
// [GetContextKeysForCustomPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html
// [Testing IAM policies with the IAM policy simulator]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
// [SimulatePrincipalPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html
SimulateCustomPolicy(ctx context.Context, params *iam.SimulateCustomPolicyInput, optFns ...func(*Options)) (*iam.SimulateCustomPolicyOutput, error)
// Simulate how a set of IAM policies attached to an IAM entity works with a list
// of API operations and Amazon Web Services resources to determine the policies'
// effective permissions. The entity can be an IAM user, group, or role. If you
// specify a user, then the simulation also includes all of the policies that are
// attached to groups that the user belongs to. You can simulate resources that
// don't exist in your account.
//
// You can optionally include a list of one or more additional policies specified
// as strings to include in the simulation. If you want to simulate only policies
// specified as strings, use [SimulateCustomPolicy]instead.
//
// You can also optionally include one resource-based policy to be evaluated with
// each of the resources included in the simulation for IAM users only.
//
// The simulation does not perform the API operations; it only checks the
// authorization to determine if the simulated policies allow or deny the
// operations.
//
// Note: This operation discloses information about the permissions granted to
// other users. If you do not want users to see other user's permissions, then
// consider allowing them to use [SimulateCustomPolicy]instead.
//
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. You can use the
// Condition element of an IAM policy to evaluate context keys. To get the list of
// context keys that the policies require for correct simulation, use [GetContextKeysForPrincipalPolicy].
//
// If the output is long, you can use the MaxItems and Marker parameters to
// paginate the results.
//
// The IAM policy simulator evaluates statements in the identity-based policy and
// the inputs that you provide during simulation. The policy simulator results can
// differ from your live Amazon Web Services environment. We recommend that you
// check your policies against your live Amazon Web Services environment after
// testing using the policy simulator to confirm that you have the desired results.
// For more information about using the policy simulator, see [Testing IAM policies with the IAM policy simulator]in the IAM User
// Guide.
//
// [GetContextKeysForPrincipalPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
// [Testing IAM policies with the IAM policy simulator]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
// [SimulateCustomPolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
SimulatePrincipalPolicy(ctx context.Context, params *iam.SimulatePrincipalPolicyInput, optFns ...func(*Options)) (*iam.SimulatePrincipalPolicyOutput, error)
// Adds one or more tags to an IAM instance profile. If a tag with the same key
// name already exists, then that tag is overwritten with the new value.
//
// Each tag consists of a key name and an associated value. By assigning tags to
// your resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM instance profile
// that has a specified tag attached. For examples of policies that show how to use
// tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagInstanceProfile(ctx context.Context, params *iam.TagInstanceProfileInput, optFns ...func(*Options)) (*iam.TagInstanceProfileOutput, error)
// Adds one or more tags to an IAM virtual multi-factor authentication (MFA)
// device. If a tag with the same key name already exists, then that tag is
// overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM virtual MFA device
// that has a specified tag attached. For examples of policies that show how to use
// tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagMFADevice(ctx context.Context, params *iam.TagMFADeviceInput, optFns ...func(*Options)) (*iam.TagMFADeviceOutput, error)
// Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider.
// For more information about these providers, see [About web identity federation]. If a tag with the same key
// name already exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM identity-based and resource-based
// policies. You can use tags to restrict access to only an OIDC provider that has
// a specified tag attached. For examples of policies that show how to use tags to
// control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
TagOpenIDConnectProvider(ctx context.Context, params *iam.TagOpenIDConnectProviderInput, optFns ...func(*Options)) (*iam.TagOpenIDConnectProviderOutput, error)
// Adds one or more tags to an IAM customer managed policy. If a tag with the same
// key name already exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM customer managed
// policy that has a specified tag attached. For examples of policies that show how
// to use tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagPolicy(ctx context.Context, params *iam.TagPolicyInput, optFns ...func(*Options)) (*iam.TagPolicyOutput, error)
// Adds one or more tags to an IAM role. The role can be a regular role or a
// service-linked role. If a tag with the same key name already exists, then that
// tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only an IAM role that has a
// specified tag attached. You can also restrict access to only those resources
// that have a certain tag attached. For examples of policies that show how to use
// tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - Cost allocation - Use tags to help track which individuals and teams are
// using which Amazon Web Services resources.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// For more information about tagging, see [Tagging IAM identities] in the IAM User Guide.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [Tagging IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagRole(ctx context.Context, params *iam.TagRoleInput, optFns ...func(*Options)) (*iam.TagRoleOutput, error)
// Adds one or more tags to a Security Assertion Markup Language (SAML) identity
// provider. For more information about these providers, see [About SAML 2.0-based federation]. If a tag with the
// same key name already exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only a SAML identity provider
// that has a specified tag attached. For examples of policies that show how to use
// tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [About SAML 2.0-based federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagSAMLProvider(ctx context.Context, params *iam.TagSAMLProviderInput, optFns ...func(*Options)) (*iam.TagSAMLProviderOutput, error)
// Adds one or more tags to an IAM server certificate. If a tag with the same key
// name already exists, then that tag is overwritten with the new value.
//
// For certificates in a Region supported by Certificate Manager (ACM), we
// recommend that you don't use IAM server certificates. Instead, use ACM to
// provision, manage, and deploy your server certificates. For more information
// about IAM server certificates, [Working with server certificates]in the IAM User Guide.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM user-based and resource-based
// policies. You can use tags to restrict access to only a server certificate that
// has a specified tag attached. For examples of policies that show how to use tags
// to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - Cost allocation - Use tags to help track which individuals and teams are
// using which Amazon Web Services resources.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagServerCertificate(ctx context.Context, params *iam.TagServerCertificateInput, optFns ...func(*Options)) (*iam.TagServerCertificateOutput, error)
// Adds one or more tags to an IAM user. If a tag with the same key name already
// exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to your
// resources, you can do the following:
//
// - Administrative grouping and discovery - Attach tags to resources to aid in
// organization and search. For example, you could search for all resources with
// the key name Project and the value MyImportantProject. Or search for all
// resources with the key name Cost Center and the value 41200.
//
// - Access control - Include tags in IAM identity-based and resource-based
// policies. You can use tags to restrict access to only an IAM requesting user
// that has a specified tag attached. You can also restrict access to only those
// resources that have a certain tag attached. For examples of policies that show
// how to use tags to control access, see [Control access using IAM tags]in the IAM User Guide.
//
// - Cost allocation - Use tags to help track which individuals and teams are
// using which Amazon Web Services resources.
//
// - If any one of the tags is invalid or if you exceed the allowed maximum
// number of tags, then the entire request fails and the resource is not created.
// For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// - Amazon Web Services always interprets the tag Value as a single string. If
// you need to store an array, you can store comma-separated values in the string.
// However, you must interpret the value in your code.
//
// For more information about tagging, see [Tagging IAM identities] in the IAM User Guide.
//
// [Control access using IAM tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [Tagging IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
TagUser(ctx context.Context, params *iam.TagUserInput, optFns ...func(*Options)) (*iam.TagUserOutput, error)
// Removes the specified tags from the IAM instance profile. For more information
// about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagInstanceProfile(ctx context.Context, params *iam.UntagInstanceProfileInput, optFns ...func(*Options)) (*iam.UntagInstanceProfileOutput, error)
// Removes the specified tags from the IAM virtual multi-factor authentication
// (MFA) device. For more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagMFADevice(ctx context.Context, params *iam.UntagMFADeviceInput, optFns ...func(*Options)) (*iam.UntagMFADeviceOutput, error)
// Removes the specified tags from the specified OpenID Connect (OIDC)-compatible
// identity provider in IAM. For more information about OIDC providers, see [About web identity federation]. For
// more information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
UntagOpenIDConnectProvider(ctx context.Context, params *iam.UntagOpenIDConnectProviderInput, optFns ...func(*Options)) (*iam.UntagOpenIDConnectProviderOutput, error)
// Removes the specified tags from the customer managed policy. For more
// information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagPolicy(ctx context.Context, params *iam.UntagPolicyInput, optFns ...func(*Options)) (*iam.UntagPolicyOutput, error)
// Removes the specified tags from the role. For more information about tagging,
// see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagRole(ctx context.Context, params *iam.UntagRoleInput, optFns ...func(*Options)) (*iam.UntagRoleOutput, error)
// Removes the specified tags from the specified Security Assertion Markup
// Language (SAML) identity provider in IAM. For more information about these
// providers, see [About web identity federation]. For more information about tagging, see [Tagging IAM resources] in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
// [About web identity federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
UntagSAMLProvider(ctx context.Context, params *iam.UntagSAMLProviderInput, optFns ...func(*Options)) (*iam.UntagSAMLProviderOutput, error)
// Removes the specified tags from the IAM server certificate. For more
// information about tagging, see [Tagging IAM resources]in the IAM User Guide.
//
// For certificates in a Region supported by Certificate Manager (ACM), we
// recommend that you don't use IAM server certificates. Instead, use ACM to
// provision, manage, and deploy your server certificates. For more information
// about IAM server certificates, [Working with server certificates]in the IAM User Guide.
//
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagServerCertificate(ctx context.Context, params *iam.UntagServerCertificateInput, optFns ...func(*Options)) (*iam.UntagServerCertificateOutput, error)
// Removes the specified tags from the user. For more information about tagging,
// see [Tagging IAM resources]in the IAM User Guide.
//
// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
UntagUser(ctx context.Context, params *iam.UntagUserInput, optFns ...func(*Options)) (*iam.UntagUserOutput, error)
// Changes the status of the specified access key from Active to Inactive, or vice
// versa. This operation can be used to disable a user's key as part of a key
// rotation workflow.
//
// If the UserName is not specified, the user name is determined implicitly based
// on the Amazon Web Services access key ID used to sign the request. If a
// temporary access key is used, then UserName is required. If a long-term key is
// assigned to the user, then UserName is not required. This operation works for
// access keys under the Amazon Web Services account. Consequently, you can use
// this operation to manage Amazon Web Services account root user credentials even
// if the Amazon Web Services account has no associated users.
//
// For information about rotating keys, see [Managing keys and certificates] in the IAM User Guide.
//
// [Managing keys and certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html
UpdateAccessKey(ctx context.Context, params *iam.UpdateAccessKeyInput, optFns ...func(*Options)) (*iam.UpdateAccessKeyOutput, error)
// Updates the password policy settings for the Amazon Web Services account.
//
// This operation does not support partial updates. No parameters are required,
// but if you do not specify a parameter, that parameter's value reverts to its
// default value. See the Request Parameters section for each parameter's default
// value. Also note that some parameters do not allow the default parameter to be
// explicitly set. Instead, to invoke the default value, do not include that
// parameter when you invoke the operation.
//
// For more information about using a password policy, see [Managing an IAM password policy] in the IAM User Guide.
//
// [Managing an IAM password policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
UpdateAccountPasswordPolicy(ctx context.Context, params *iam.UpdateAccountPasswordPolicyInput, optFns ...func(*Options)) (*iam.UpdateAccountPasswordPolicyOutput, error)
// Updates the policy that grants an IAM entity permission to assume a role. This
// is typically referred to as the "role trust policy". For more information about
// roles, see [Using roles to delegate permissions and federate identities].
//
// [Using roles to delegate permissions and federate identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
UpdateAssumeRolePolicy(ctx context.Context, params *iam.UpdateAssumeRolePolicyInput, optFns ...func(*Options)) (*iam.UpdateAssumeRolePolicyOutput, error)
// Updates the name and/or the path of the specified IAM group.
//
// You should understand the implications of changing a group's path or name. For
// more information, see [Renaming users and groups]in the IAM User Guide.
//
// The person making the request (the principal), must have permission to change
// the role group with the old name and the new name. For example, to change the
// group named Managers to MGRs , the principal must have a policy that allows them
// to update both groups. If the principal has permission to update the Managers
// group, but not the MGRs group, then the update fails. For more information
// about permissions, see [Access management].
//
// [Access management]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
// [Renaming users and groups]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html
UpdateGroup(ctx context.Context, params *iam.UpdateGroupInput, optFns ...func(*Options)) (*iam.UpdateGroupOutput, error)
// Changes the password for the specified IAM user. You can use the CLI, the
// Amazon Web Services API, or the Users page in the IAM console to change the
// password for any IAM user. Use [ChangePassword]to change your own password in the My Security
// Credentials page in the Amazon Web Services Management Console.
//
// For more information about modifying passwords, see [Managing passwords] in the IAM User Guide.
//
// [ChangePassword]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
// [Managing passwords]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
UpdateLoginProfile(ctx context.Context, params *iam.UpdateLoginProfileInput, optFns ...func(*Options)) (*iam.UpdateLoginProfileOutput, error)
// Replaces the existing list of server certificate thumbprints associated with an
// OpenID Connect (OIDC) provider resource object with a new list of thumbprints.
//
// The list that you pass with this operation completely replaces the existing
// list of thumbprints. (The lists are not merged.)
//
// Typically, you need to update a thumbprint only when the identity provider
// certificate changes, which occurs rarely. However, if the provider's certificate
// does change, any attempt to assume an IAM role that specifies the OIDC provider
// as a principal fails until the certificate thumbprint is updated.
//
// Amazon Web Services secures communication with OIDC identity providers (IdPs)
// using our library of trusted root certificate authorities (CAs) to verify the
// JSON Web Key Set (JWKS) endpoint's TLS certificate. If your OIDC IdP relies on a
// certificate that is not signed by one of these trusted CAs, only then we secure
// communication using the thumbprints set in the IdP's configuration.
//
// Trust for the OIDC provider is derived from the provider certificate and is
// validated by the thumbprint. Therefore, it is best to limit access to the
// UpdateOpenIDConnectProviderThumbprint operation to highly privileged users.
UpdateOpenIDConnectProviderThumbprint(ctx context.Context, params *iam.UpdateOpenIDConnectProviderThumbprintInput, optFns ...func(*Options)) (*iam.UpdateOpenIDConnectProviderThumbprintOutput, error)
// Updates the description or maximum session duration setting of a role.
UpdateRole(ctx context.Context, params *iam.UpdateRoleInput, optFns ...func(*Options)) (*iam.UpdateRoleOutput, error)
// Use [UpdateRole] instead.
//
// Modifies only the description of a role. This operation performs the same
// function as the Description parameter in the UpdateRole operation.
//
// [UpdateRole]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRole.html
UpdateRoleDescription(ctx context.Context, params *iam.UpdateRoleDescriptionInput, optFns ...func(*Options)) (*iam.UpdateRoleDescriptionOutput, error)
// Updates the metadata document, SAML encryption settings, and private keys for
// an existing SAML provider. To rotate private keys, add your new private key and
// then remove the old key in a separate request.
UpdateSAMLProvider(ctx context.Context, params *iam.UpdateSAMLProviderInput, optFns ...func(*Options)) (*iam.UpdateSAMLProviderOutput, error)
// Sets the status of an IAM user's SSH public key to active or inactive. SSH
// public keys that are inactive cannot be used for authentication. This operation
// can be used to disable a user's SSH public key as part of a key rotation work
// flow.
//
// The SSH public key affected by this operation is used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information about
// using SSH keys to authenticate to an CodeCommit repository, see [Set up CodeCommit for SSH connections]in the
// CodeCommit User Guide.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
UpdateSSHPublicKey(ctx context.Context, params *iam.UpdateSSHPublicKeyInput, optFns ...func(*Options)) (*iam.UpdateSSHPublicKeyOutput, error)
// Updates the name and/or the path of the specified server certificate stored in
// IAM.
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic also includes a list of Amazon Web Services services that
// can use the server certificates that you manage with IAM.
//
// You should understand the implications of changing a server certificate's path
// or name. For more information, see [Renaming a server certificate]in the IAM User Guide.
//
// The person making the request (the principal), must have permission to change
// the server certificate with the old name and the new name. For example, to
// change the certificate named ProductionCert to ProdCert , the principal must
// have a policy that allows them to update both certificates. If the principal has
// permission to update the ProductionCert group, but not the ProdCert
// certificate, then the update fails. For more information about permissions, see [Access management]
// in the IAM User Guide.
//
// [Renaming a server certificate]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts
// [Access management]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
UpdateServerCertificate(ctx context.Context, params *iam.UpdateServerCertificateInput, optFns ...func(*Options)) (*iam.UpdateServerCertificateOutput, error)
// Sets the status of a service-specific credential to Active or Inactive .
// Service-specific credentials that are inactive cannot be used for authentication
// to the service. This operation can be used to disable a user's service-specific
// credential as part of a credential rotation work flow.
UpdateServiceSpecificCredential(ctx context.Context, params *iam.UpdateServiceSpecificCredentialInput, optFns ...func(*Options)) (*iam.UpdateServiceSpecificCredentialOutput, error)
// Changes the status of the specified user signing certificate from active to
// disabled, or vice versa. This operation can be used to disable an IAM user's
// signing certificate as part of a certificate rotation work flow.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
UpdateSigningCertificate(ctx context.Context, params *iam.UpdateSigningCertificateInput, optFns ...func(*Options)) (*iam.UpdateSigningCertificateOutput, error)
// Updates the name and/or the path of the specified IAM user.
//
// You should understand the implications of changing an IAM user's path or name.
// For more information, see [Renaming an IAM user]and [Renaming an IAM group] in the IAM User Guide.
//
// To change a user name, the requester must have appropriate permissions on both
// the source object and the target object. For example, to change Bob to Robert,
// the entity making the request must have permission on Bob and Robert, or must
// have permission on all (*). For more information about permissions, see [Permissions and policies].
//
// [Renaming an IAM user]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming
// [Renaming an IAM group]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html
// [Permissions and policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html
UpdateUser(ctx context.Context, params *iam.UpdateUserInput, optFns ...func(*Options)) (*iam.UpdateUserOutput, error)
// Uploads an SSH public key and associates it with the specified IAM user.
//
// The SSH public key uploaded by this operation can be used only for
// authenticating the associated IAM user to an CodeCommit repository. For more
// information about using SSH keys to authenticate to an CodeCommit repository,
// see [Set up CodeCommit for SSH connections]in the CodeCommit User Guide.
//
// [Set up CodeCommit for SSH connections]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
UploadSSHPublicKey(ctx context.Context, params *iam.UploadSSHPublicKeyInput, optFns ...func(*Options)) (*iam.UploadSSHPublicKeyOutput, error)
// Uploads a server certificate entity for the Amazon Web Services account. The
// server certificate entity includes a public key certificate, a private key, and
// an optional certificate chain, which should all be PEM-encoded.
//
// We recommend that you use [Certificate Manager] to provision, manage, and deploy your server
// certificates. With ACM you can request a certificate, deploy it to Amazon Web
// Services resources, and let ACM handle certificate renewals for you.
// Certificates provided by ACM are free. For more information about using ACM, see
// the [Certificate Manager User Guide].
//
// For more information about working with server certificates, see [Working with server certificates] in the IAM
// User Guide. This topic includes a list of Amazon Web Services services that can
// use the server certificates that you manage with IAM.
//
// For information about the number of server certificates you can upload, see [IAM and STS quotas] in
// the IAM User Guide.
//
// Because the body of the public key certificate, private key, and the
// certificate chain can be large, you should use POST rather than GET when calling
// UploadServerCertificate . For information about setting up signatures and
// authorization through the API, see [Signing Amazon Web Services API requests]in the Amazon Web Services General
// Reference. For general information about using the Query API with IAM, see [Calling the API by making HTTP query requests]in
// the IAM User Guide.
//
// [Certificate Manager]: https://docs.aws.amazon.com/acm/
// [Certificate Manager User Guide]: https://docs.aws.amazon.com/acm/latest/userguide/
// [IAM and STS quotas]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
// [Working with server certificates]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Signing Amazon Web Services API requests]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
// [Calling the API by making HTTP query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html
UploadServerCertificate(ctx context.Context, params *iam.UploadServerCertificateInput, optFns ...func(*Options)) (*iam.UploadServerCertificateOutput, error)
// Uploads an X.509 signing certificate and associates it with the specified IAM
// user. Some Amazon Web Services services require you to use certificates to
// validate requests that are signed with a corresponding private key. When you
// upload the certificate, its default status is Active .
//
// For information about when you would use an X.509 signing certificate, see [Managing server certificates in IAM] in
// the IAM User Guide.
//
// If the UserName is not specified, the IAM user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request. This
// operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
//
// Because the body of an X.509 certificate can be large, you should use POST
// rather than GET when calling UploadSigningCertificate . For information about
// setting up signatures and authorization through the API, see [Signing Amazon Web Services API requests]in the Amazon Web
// Services General Reference. For general information about using the Query API
// with IAM, see [Making query requests]in the IAM User Guide.
//
// [Managing server certificates in IAM]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
// [Making query requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
// [Signing Amazon Web Services API requests]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
UploadSigningCertificate(ctx context.Context, params *iam.UploadSigningCertificateInput, optFns ...func(*Options)) (*iam.UploadSigningCertificateOutput, error)
}
IAM provides an interface to the AWS IAM service.
type Outposts ¶ added in v0.112.0
type Outposts interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() outposts.Options
// Cancels the capacity task.
CancelCapacityTask(ctx context.Context, params *outposts.CancelCapacityTaskInput, optFns ...func(*Options)) (*outposts.CancelCapacityTaskOutput, error)
// Cancels the specified order for an Outpost.
CancelOrder(ctx context.Context, params *outposts.CancelOrderInput, optFns ...func(*Options)) (*outposts.CancelOrderOutput, error)
// Creates an order for an Outpost.
CreateOrder(ctx context.Context, params *outposts.CreateOrderInput, optFns ...func(*Options)) (*outposts.CreateOrderOutput, error)
// Creates an Outpost.
//
// You can specify either an Availability one or an AZ ID.
CreateOutpost(ctx context.Context, params *outposts.CreateOutpostInput, optFns ...func(*Options)) (*outposts.CreateOutpostOutput, error)
// Creates a site for an Outpost.
CreateSite(ctx context.Context, params *outposts.CreateSiteInput, optFns ...func(*Options)) (*outposts.CreateSiteOutput, error)
// Deletes the specified Outpost.
DeleteOutpost(ctx context.Context, params *outposts.DeleteOutpostInput, optFns ...func(*Options)) (*outposts.DeleteOutpostOutput, error)
// Deletes the specified site.
DeleteSite(ctx context.Context, params *outposts.DeleteSiteInput, optFns ...func(*Options)) (*outposts.DeleteSiteOutput, error)
// Gets details of the specified capacity task.
GetCapacityTask(ctx context.Context, params *outposts.GetCapacityTaskInput, optFns ...func(*Options)) (*outposts.GetCapacityTaskOutput, error)
// Gets information about the specified catalog item.
GetCatalogItem(ctx context.Context, params *outposts.GetCatalogItemInput, optFns ...func(*Options)) (*outposts.GetCatalogItemOutput, error)
// Amazon Web Services uses this action to install Outpost servers.
//
// Gets information about the specified connection.
//
// Use CloudTrail to monitor this action or Amazon Web Services managed policy for
// Amazon Web Services Outposts to secure it. For more information, see [Amazon Web Services managed policies for Amazon Web Services Outposts]and [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail] in
// the Amazon Web Services Outposts User Guide.
//
// [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail]: https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html
// [Amazon Web Services managed policies for Amazon Web Services Outposts]: https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html
GetConnection(ctx context.Context, params *outposts.GetConnectionInput, optFns ...func(*Options)) (*outposts.GetConnectionOutput, error)
// Gets information about the specified order.
GetOrder(ctx context.Context, params *outposts.GetOrderInput, optFns ...func(*Options)) (*outposts.GetOrderOutput, error)
// Gets information about the specified Outpost.
GetOutpost(ctx context.Context, params *outposts.GetOutpostInput, optFns ...func(*Options)) (*outposts.GetOutpostOutput, error)
// Gets current and historical billing information about the specified Outpost.
GetOutpostBillingInformation(ctx context.Context, params *outposts.GetOutpostBillingInformationInput, optFns ...func(*Options)) (*outposts.GetOutpostBillingInformationOutput, error)
// Gets the instance types for the specified Outpost.
GetOutpostInstanceTypes(ctx context.Context, params *outposts.GetOutpostInstanceTypesInput, optFns ...func(*Options)) (*outposts.GetOutpostInstanceTypesOutput, error)
// Gets the instance types that an Outpost can support in InstanceTypeCapacity .
// This will generally include instance types that are not currently configured and
// therefore cannot be launched with the current Outpost capacity configuration.
GetOutpostSupportedInstanceTypes(ctx context.Context, params *outposts.GetOutpostSupportedInstanceTypesInput, optFns ...func(*Options)) (*outposts.GetOutpostSupportedInstanceTypesOutput, error)
// Gets information about the specified Outpost site.
GetSite(ctx context.Context, params *outposts.GetSiteInput, optFns ...func(*Options)) (*outposts.GetSiteOutput, error)
// Gets the site address of the specified site.
GetSiteAddress(ctx context.Context, params *outposts.GetSiteAddressInput, optFns ...func(*Options)) (*outposts.GetSiteAddressOutput, error)
// A list of Amazon EC2 instances, belonging to all accounts, running on the
// specified Outpost. Does not include Amazon EBS or Amazon S3 instances.
ListAssetInstances(ctx context.Context, params *outposts.ListAssetInstancesInput, optFns ...func(*Options)) (*outposts.ListAssetInstancesOutput, error)
// Lists the hardware assets for the specified Outpost.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListAssets(ctx context.Context, params *outposts.ListAssetsInput, optFns ...func(*Options)) (*outposts.ListAssetsOutput, error)
// A list of Amazon EC2 instances running on the Outpost and belonging to the
// account that initiated the capacity task. Use this list to specify the instances
// you cannot stop to free up capacity to run the capacity task.
ListBlockingInstancesForCapacityTask(ctx context.Context, params *outposts.ListBlockingInstancesForCapacityTaskInput, optFns ...func(*Options)) (*outposts.ListBlockingInstancesForCapacityTaskOutput, error)
// Lists the capacity tasks for your Amazon Web Services account.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListCapacityTasks(ctx context.Context, params *outposts.ListCapacityTasksInput, optFns ...func(*Options)) (*outposts.ListCapacityTasksOutput, error)
// Lists the items in the catalog.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListCatalogItems(ctx context.Context, params *outposts.ListCatalogItemsInput, optFns ...func(*Options)) (*outposts.ListCatalogItemsOutput, error)
// Lists the Outpost orders for your Amazon Web Services account.
ListOrders(ctx context.Context, params *outposts.ListOrdersInput, optFns ...func(*Options)) (*outposts.ListOrdersOutput, error)
// Lists the Outposts for your Amazon Web Services account.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListOutposts(ctx context.Context, params *outposts.ListOutpostsInput, optFns ...func(*Options)) (*outposts.ListOutpostsOutput, error)
// Lists the Outpost sites for your Amazon Web Services account. Use filters to
// return specific results.
//
// Use filters to return specific results. If you specify multiple filters, the
// results include only the resources that match all of the specified filters. For
// a filter where you can specify multiple values, the results include items that
// match any of the values that you specify for the filter.
ListSites(ctx context.Context, params *outposts.ListSitesInput, optFns ...func(*Options)) (*outposts.ListSitesOutput, error)
// Lists the tags for the specified resource.
ListTagsForResource(ctx context.Context, params *outposts.ListTagsForResourceInput, optFns ...func(*Options)) (*outposts.ListTagsForResourceOutput, error)
// Starts the specified capacity task. You can have one active capacity task for
// each order and each Outpost.
StartCapacityTask(ctx context.Context, params *outposts.StartCapacityTaskInput, optFns ...func(*Options)) (*outposts.StartCapacityTaskOutput, error)
// Amazon Web Services uses this action to install Outpost servers.
//
// Starts the connection required for Outpost server installation.
//
// Use CloudTrail to monitor this action or Amazon Web Services managed policy for
// Amazon Web Services Outposts to secure it. For more information, see [Amazon Web Services managed policies for Amazon Web Services Outposts]and [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail] in
// the Amazon Web Services Outposts User Guide.
//
// [Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail]: https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html
// [Amazon Web Services managed policies for Amazon Web Services Outposts]: https://docs.aws.amazon.com/outposts/latest/userguide/security-iam-awsmanpol.html
StartConnection(ctx context.Context, params *outposts.StartConnectionInput, optFns ...func(*Options)) (*outposts.StartConnectionOutput, error)
// Starts the decommission process to return the Outposts racks or servers.
StartOutpostDecommission(ctx context.Context, params *outposts.StartOutpostDecommissionInput, optFns ...func(*Options)) (*outposts.StartOutpostDecommissionOutput, error)
// Adds tags to the specified resource.
TagResource(ctx context.Context, params *outposts.TagResourceInput, optFns ...func(*Options)) (*outposts.TagResourceOutput, error)
// Removes tags from the specified resource.
UntagResource(ctx context.Context, params *outposts.UntagResourceInput, optFns ...func(*Options)) (*outposts.UntagResourceOutput, error)
// Updates an Outpost.
UpdateOutpost(ctx context.Context, params *outposts.UpdateOutpostInput, optFns ...func(*Options)) (*outposts.UpdateOutpostOutput, error)
// Updates the specified site.
UpdateSite(ctx context.Context, params *outposts.UpdateSiteInput, optFns ...func(*Options)) (*outposts.UpdateSiteOutput, error)
// Updates the address of the specified site.
//
// You can't update a site address if there is an order in progress. You must wait
// for the order to complete or cancel the order.
//
// You can update the operating address before you place an order at the site, or
// after all Outposts that belong to the site have been deactivated.
UpdateSiteAddress(ctx context.Context, params *outposts.UpdateSiteAddressInput, optFns ...func(*Options)) (*outposts.UpdateSiteAddressOutput, error)
// Update the physical and logistical details for a rack at a site. For more
// information about hardware requirements for racks, see [Network readiness checklist]in the Amazon Web
// Services Outposts User Guide.
//
// To update a rack at a site with an order of IN_PROGRESS , you must wait for the
// order to complete or cancel the order.
//
// [Network readiness checklist]: https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#checklist
UpdateSiteRackPhysicalProperties(ctx context.Context, params *outposts.UpdateSiteRackPhysicalPropertiesInput, optFns ...func(*Options)) (*outposts.UpdateSiteRackPhysicalPropertiesOutput, error)
}
Outposts provides an interface to the AWS Outposts service.
type SSM ¶ added in v0.91.0
type SSM interface {
// Options returns a copy of the client configuration.
//
// Callers SHOULD NOT perform mutations on any inner structures within client
// config. Config overrides should instead be made on a per-operation basis through
// functional options.
Options() ssm.Options
// Adds or overwrites one or more tags for the specified resource. Tags are
// metadata that you can assign to your automations, documents, managed nodes,
// maintenance windows, Parameter Store parameters, and patch baselines. Tags
// enable you to categorize your resources in different ways, for example, by
// purpose, owner, or environment. Each tag consists of a key and an optional
// value, both of which you define. For example, you could define a set of tags for
// your account's managed nodes that helps you track each node's owner and stack
// level. For example:
//
// - Key=Owner,Value=DbAdmin
//
// - Key=Owner,Value=SysAdmin
//
// - Key=Owner,Value=Dev
//
// - Key=Stack,Value=Production
//
// - Key=Stack,Value=Pre-Production
//
// - Key=Stack,Value=Test
//
// Most resources can have a maximum of 50 tags. Automations can have a maximum of
// 5 tags.
//
// We recommend that you devise a set of tag keys that meets your needs for each
// resource type. Using a consistent set of tag keys makes it easier for you to
// manage your resources. You can search and filter the resources based on the tags
// you add. Tags don't have any semantic meaning to and are interpreted strictly as
// a string of characters.
//
// For more information about using tags with Amazon Elastic Compute Cloud (Amazon
// EC2) instances, see [Tag your Amazon EC2 resources]in the Amazon EC2 User Guide.
//
// [Tag your Amazon EC2 resources]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
AddTagsToResource(ctx context.Context, params *ssm.AddTagsToResourceInput, optFns ...func(*Options)) (*ssm.AddTagsToResourceOutput, error)
// Associates a related item to a Systems Manager OpsCenter OpsItem. For example,
// you can associate an Incident Manager incident or analysis with an OpsItem.
// Incident Manager and OpsCenter are tools in Amazon Web Services Systems Manager.
AssociateOpsItemRelatedItem(ctx context.Context, params *ssm.AssociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*ssm.AssociateOpsItemRelatedItemOutput, error)
// Attempts to cancel the command specified by the Command ID. There is no
// guarantee that the command will be terminated and the underlying process
// stopped.
CancelCommand(ctx context.Context, params *ssm.CancelCommandInput, optFns ...func(*Options)) (*ssm.CancelCommandOutput, error)
// Stops a maintenance window execution that is already in progress and cancels
// any tasks in the window that haven't already starting running. Tasks already in
// progress will continue to completion.
CancelMaintenanceWindowExecution(ctx context.Context, params *ssm.CancelMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*ssm.CancelMaintenanceWindowExecutionOutput, error)
// Generates an activation code and activation ID you can use to register your
// on-premises servers, edge devices, or virtual machine (VM) with Amazon Web
// Services Systems Manager. Registering these machines with Systems Manager makes
// it possible to manage them using Systems Manager tools. You use the activation
// code and ID when installing SSM Agent on machines in your hybrid environment.
// For more information about requirements for managing on-premises machines using
// Systems Manager, see [Using Amazon Web Services Systems Manager in hybrid and multicloud environments]in the Amazon Web Services Systems Manager User Guide.
//
// Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and
// on-premises servers and VMs that are configured for Systems Manager are all
// called managed nodes.
//
// [Using Amazon Web Services Systems Manager in hybrid and multicloud environments]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-hybrid-multicloud.html
CreateActivation(ctx context.Context, params *ssm.CreateActivationInput, optFns ...func(*Options)) (*ssm.CreateActivationOutput, error)
// A State Manager association defines the state that you want to maintain on your
// managed nodes. For example, an association can specify that anti-virus software
// must be installed and running on your managed nodes, or that certain ports must
// be closed. For static targets, the association specifies a schedule for when the
// configuration is reapplied. For dynamic targets, such as an Amazon Web Services
// resource group or an Amazon Web Services autoscaling group, State Manager, a
// tool in Amazon Web Services Systems Manager applies the configuration when new
// managed nodes are added to the group. The association also specifies actions to
// take when applying the configuration. For example, an association for anti-virus
// software might run once a day. If the software isn't installed, then State
// Manager installs it. If the software is installed, but the service isn't
// running, then the association might instruct State Manager to start the service.
CreateAssociation(ctx context.Context, params *ssm.CreateAssociationInput, optFns ...func(*Options)) (*ssm.CreateAssociationOutput, error)
// Associates the specified Amazon Web Services Systems Manager document (SSM
// document) with the specified managed nodes or targets.
//
// When you associate a document with one or more managed nodes using IDs or tags,
// Amazon Web Services Systems Manager Agent (SSM Agent) running on the managed
// node processes the document and configures the node as specified.
//
// If you associate a document with a managed node that already has an associated
// document, the system returns the AssociationAlreadyExists exception.
CreateAssociationBatch(ctx context.Context, params *ssm.CreateAssociationBatchInput, optFns ...func(*Options)) (*ssm.CreateAssociationBatchOutput, error)
// Creates a Amazon Web Services Systems Manager (SSM document). An SSM document
// defines the actions that Systems Manager performs on your managed nodes. For
// more information about SSM documents, including information about supported
// schemas, features, and syntax, see [Amazon Web Services Systems Manager Documents]in the Amazon Web Services Systems Manager
// User Guide.
//
// [Amazon Web Services Systems Manager Documents]: https://docs.aws.amazon.com/systems-manager/latest/userguide/documents.html
CreateDocument(ctx context.Context, params *ssm.CreateDocumentInput, optFns ...func(*Options)) (*ssm.CreateDocumentOutput, error)
// Creates a new maintenance window.
//
// The value you specify for Duration determines the specific end time for the
// maintenance window based on the time it begins. No maintenance window tasks are
// permitted to start after the resulting endtime minus the number of hours you
// specify for Cutoff . For example, if the maintenance window starts at 3 PM, the
// duration is three hours, and the value you specify for Cutoff is one hour, no
// maintenance window tasks can start after 5 PM.
CreateMaintenanceWindow(ctx context.Context, params *ssm.CreateMaintenanceWindowInput, optFns ...func(*Options)) (*ssm.CreateMaintenanceWindowOutput, error)
// Creates a new OpsItem. You must have permission in Identity and Access
// Management (IAM) to create a new OpsItem. For more information, see [Set up OpsCenter]in the
// Amazon Web Services Systems Manager User Guide.
//
// Operations engineers and IT professionals use Amazon Web Services Systems
// Manager OpsCenter to view, investigate, and remediate operational issues
// impacting the performance and health of their Amazon Web Services resources. For
// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
CreateOpsItem(ctx context.Context, params *ssm.CreateOpsItemInput, optFns ...func(*Options)) (*ssm.CreateOpsItemOutput, error)
// If you create a new application in Application Manager, Amazon Web Services
// Systems Manager calls this API operation to specify information about the new
// application, including the application type.
CreateOpsMetadata(ctx context.Context, params *ssm.CreateOpsMetadataInput, optFns ...func(*Options)) (*ssm.CreateOpsMetadataOutput, error)
// Creates a patch baseline.
//
// For information about valid key-value pairs in PatchFilters for each supported
// operating system type, see PatchFilter.
CreatePatchBaseline(ctx context.Context, params *ssm.CreatePatchBaselineInput, optFns ...func(*Options)) (*ssm.CreatePatchBaselineOutput, error)
// A resource data sync helps you view data from multiple sources in a single
// location. Amazon Web Services Systems Manager offers two types of resource data
// sync: SyncToDestination and SyncFromSource .
//
// You can configure Systems Manager Inventory to use the SyncToDestination type
// to synchronize Inventory data from multiple Amazon Web Services Regions to a
// single Amazon Simple Storage Service (Amazon S3) bucket. For more information,
// see [Creating a resource data sync for Inventory]in the Amazon Web Services Systems Manager User Guide.
//
// You can configure Systems Manager Explorer to use the SyncFromSource type to
// synchronize operational work items (OpsItems) and operational data (OpsData)
// from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This
// type can synchronize OpsItems and OpsData from multiple Amazon Web Services
// accounts and Amazon Web Services Regions or EntireOrganization by using
// Organizations. For more information, see [Setting up Systems Manager Explorer to display data from multiple accounts and Regions]in the Amazon Web Services Systems
// Manager User Guide.
//
// A resource data sync is an asynchronous operation that returns immediately.
// After a successful initial sync is completed, the system continuously syncs
// data. To check the status of a sync, use the ListResourceDataSync.
//
// By default, data isn't encrypted in Amazon S3. We strongly recommend that you
// enable encryption in Amazon S3 to ensure secure data storage. We also recommend
// that you secure access to the Amazon S3 bucket by creating a restrictive bucket
// policy.
//
// [Setting up Systems Manager Explorer to display data from multiple accounts and Regions]: https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer-resource-data-sync.html
// [Creating a resource data sync for Inventory]: https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-create-resource-data-sync.html
CreateResourceDataSync(ctx context.Context, params *ssm.CreateResourceDataSyncInput, optFns ...func(*Options)) (*ssm.CreateResourceDataSyncOutput, error)
// Deletes an activation. You aren't required to delete an activation. If you
// delete an activation, you can no longer use it to register additional managed
// nodes. Deleting an activation doesn't de-register managed nodes. You must
// manually de-register managed nodes.
DeleteActivation(ctx context.Context, params *ssm.DeleteActivationInput, optFns ...func(*Options)) (*ssm.DeleteActivationOutput, error)
// Disassociates the specified Amazon Web Services Systems Manager document (SSM
// document) from the specified managed node. If you created the association by
// using the Targets parameter, then you must delete the association by using the
// association ID.
//
// When you disassociate a document from a managed node, it doesn't change the
// configuration of the node. To change the configuration state of a managed node
// after you disassociate a document, you must create a new document with the
// desired configuration and associate it with the node.
DeleteAssociation(ctx context.Context, params *ssm.DeleteAssociationInput, optFns ...func(*Options)) (*ssm.DeleteAssociationOutput, error)
// Deletes the Amazon Web Services Systems Manager document (SSM document) and all
// managed node associations to the document.
//
// Before you delete the document, we recommend that you use DeleteAssociation to disassociate all
// managed nodes that are associated with the document.
DeleteDocument(ctx context.Context, params *ssm.DeleteDocumentInput, optFns ...func(*Options)) (*ssm.DeleteDocumentOutput, error)
// Delete a custom inventory type or the data associated with a custom Inventory
// type. Deleting a custom inventory type is also referred to as deleting a custom
// inventory schema.
DeleteInventory(ctx context.Context, params *ssm.DeleteInventoryInput, optFns ...func(*Options)) (*ssm.DeleteInventoryOutput, error)
// Deletes a maintenance window.
DeleteMaintenanceWindow(ctx context.Context, params *ssm.DeleteMaintenanceWindowInput, optFns ...func(*Options)) (*ssm.DeleteMaintenanceWindowOutput, error)
// Delete an OpsItem. You must have permission in Identity and Access Management
// (IAM) to delete an OpsItem.
//
// Note the following important information about this operation.
//
// - Deleting an OpsItem is irreversible. You can't restore a deleted OpsItem.
//
// - This operation uses an eventual consistency model, which means the system
// can take a few minutes to complete this operation. If you delete an OpsItem and
// immediately call, for example, GetOpsItem, the deleted OpsItem might still appear in
// the response.
//
// - This operation is idempotent. The system doesn't throw an exception if you
// repeatedly call this operation for the same OpsItem. If the first call is
// successful, all additional calls return the same successful response as the
// first call.
//
// - This operation doesn't support cross-account calls. A delegated
// administrator or management account can't delete OpsItems in other accounts,
// even if OpsCenter has been set up for cross-account administration. For more
// information about cross-account administration, see [Setting up OpsCenter to centrally manage OpsItems across accounts]in the Systems Manager
// User Guide.
//
// [Setting up OpsCenter to centrally manage OpsItems across accounts]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setting-up-cross-account.html
DeleteOpsItem(ctx context.Context, params *ssm.DeleteOpsItemInput, optFns ...func(*Options)) (*ssm.DeleteOpsItemOutput, error)
// Delete OpsMetadata related to an application.
DeleteOpsMetadata(ctx context.Context, params *ssm.DeleteOpsMetadataInput, optFns ...func(*Options)) (*ssm.DeleteOpsMetadataOutput, error)
// Delete a parameter from the system. After deleting a parameter, wait for at
// least 30 seconds to create a parameter with the same name.
DeleteParameter(ctx context.Context, params *ssm.DeleteParameterInput, optFns ...func(*Options)) (*ssm.DeleteParameterOutput, error)
// Delete a list of parameters. After deleting a parameter, wait for at least 30
// seconds to create a parameter with the same name.
DeleteParameters(ctx context.Context, params *ssm.DeleteParametersInput, optFns ...func(*Options)) (*ssm.DeleteParametersOutput, error)
// Deletes a patch baseline.
DeletePatchBaseline(ctx context.Context, params *ssm.DeletePatchBaselineInput, optFns ...func(*Options)) (*ssm.DeletePatchBaselineOutput, error)
// Deletes a resource data sync configuration. After the configuration is deleted,
// changes to data on managed nodes are no longer synced to or from the target.
// Deleting a sync configuration doesn't delete data.
DeleteResourceDataSync(ctx context.Context, params *ssm.DeleteResourceDataSyncInput, optFns ...func(*Options)) (*ssm.DeleteResourceDataSyncOutput, error)
// Deletes a Systems Manager resource policy. A resource policy helps you to
// define the IAM entity (for example, an Amazon Web Services account) that can
// manage your Systems Manager resources. The following resources support Systems
// Manager resource policies.
//
// - OpsItemGroup - The resource policy for OpsItemGroup enables Amazon Web
// Services accounts to view and interact with OpsCenter operational work items
// (OpsItems).
//
// - Parameter - The resource policy is used to share a parameter with other
// accounts using Resource Access Manager (RAM). For more information about
// cross-account sharing of parameters, see [Working with shared parameters]in the Amazon Web Services Systems
// Manager User Guide.
//
// [Working with shared parameters]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html
DeleteResourcePolicy(ctx context.Context, params *ssm.DeleteResourcePolicyInput, optFns ...func(*Options)) (*ssm.DeleteResourcePolicyOutput, error)
// Removes the server or virtual machine from the list of registered servers.
//
// If you want to reregister an on-premises server, edge device, or VM, you must
// use a different Activation Code and Activation ID than used to register the
// machine previously. The Activation Code and Activation ID must not have already
// been used on the maximum number of activations specified when they were created.
// For more information, see [Deregistering managed nodes in a hybrid and multicloud environment]in the Amazon Web Services Systems Manager User Guide.
//
// [Deregistering managed nodes in a hybrid and multicloud environment]: https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-deregister-hybrid-nodes.html
DeregisterManagedInstance(ctx context.Context, params *ssm.DeregisterManagedInstanceInput, optFns ...func(*Options)) (*ssm.DeregisterManagedInstanceOutput, error)
// Removes a patch group from a patch baseline.
DeregisterPatchBaselineForPatchGroup(ctx context.Context, params *ssm.DeregisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*ssm.DeregisterPatchBaselineForPatchGroupOutput, error)
// Removes a target from a maintenance window.
DeregisterTargetFromMaintenanceWindow(ctx context.Context, params *ssm.DeregisterTargetFromMaintenanceWindowInput, optFns ...func(*Options)) (*ssm.DeregisterTargetFromMaintenanceWindowOutput, error)
// Removes a task from a maintenance window.
DeregisterTaskFromMaintenanceWindow(ctx context.Context, params *ssm.DeregisterTaskFromMaintenanceWindowInput, optFns ...func(*Options)) (*ssm.DeregisterTaskFromMaintenanceWindowOutput, error)
// Describes details about the activation, such as the date and time the
// activation was created, its expiration date, the Identity and Access Management
// (IAM) role assigned to the managed nodes in the activation, and the number of
// nodes registered by using this activation.
DescribeActivations(ctx context.Context, params *ssm.DescribeActivationsInput, optFns ...func(*Options)) (*ssm.DescribeActivationsOutput, error)
// Describes the association for the specified target or managed node. If you
// created the association by using the Targets parameter, then you must retrieve
// the association by using the association ID.
DescribeAssociation(ctx context.Context, params *ssm.DescribeAssociationInput, optFns ...func(*Options)) (*ssm.DescribeAssociationOutput, error)
// Views information about a specific execution of a specific association.
DescribeAssociationExecutionTargets(ctx context.Context, params *ssm.DescribeAssociationExecutionTargetsInput, optFns ...func(*Options)) (*ssm.DescribeAssociationExecutionTargetsOutput, error)
// Views all executions for a specific association ID.
DescribeAssociationExecutions(ctx context.Context, params *ssm.DescribeAssociationExecutionsInput, optFns ...func(*Options)) (*ssm.DescribeAssociationExecutionsOutput, error)
// Provides details about all active and terminated Automation executions.
DescribeAutomationExecutions(ctx context.Context, params *ssm.DescribeAutomationExecutionsInput, optFns ...func(*Options)) (*ssm.DescribeAutomationExecutionsOutput, error)
// Information about all active and terminated step executions in an Automation
// workflow.
DescribeAutomationStepExecutions(ctx context.Context, params *ssm.DescribeAutomationStepExecutionsInput, optFns ...func(*Options)) (*ssm.DescribeAutomationStepExecutionsOutput, error)
// Lists all patches eligible to be included in a patch baseline.
//
// Currently, DescribeAvailablePatches supports only the Amazon Linux 1, Amazon
// Linux 2, and Windows Server operating systems.
DescribeAvailablePatches(ctx context.Context, params *ssm.DescribeAvailablePatchesInput, optFns ...func(*Options)) (*ssm.DescribeAvailablePatchesOutput, error)
// Describes the specified Amazon Web Services Systems Manager document (SSM
// document).
DescribeDocument(ctx context.Context, params *ssm.DescribeDocumentInput, optFns ...func(*Options)) (*ssm.DescribeDocumentOutput, error)
// Describes the permissions for a Amazon Web Services Systems Manager document
// (SSM document). If you created the document, you are the owner. If a document is
// shared, it can either be shared privately (by specifying a user's Amazon Web
// Services account ID) or publicly (All).
DescribeDocumentPermission(ctx context.Context, params *ssm.DescribeDocumentPermissionInput, optFns ...func(*Options)) (*ssm.DescribeDocumentPermissionOutput, error)
// All associations for the managed nodes.
DescribeEffectiveInstanceAssociations(ctx context.Context, params *ssm.DescribeEffectiveInstanceAssociationsInput, optFns ...func(*Options)) (*ssm.DescribeEffectiveInstanceAssociationsOutput, error)
// Retrieves the current effective patches (the patch and the approval state) for
// the specified patch baseline. Applies to patch baselines for Windows only.
DescribeEffectivePatchesForPatchBaseline(ctx context.Context, params *ssm.DescribeEffectivePatchesForPatchBaselineInput, optFns ...func(*Options)) (*ssm.DescribeEffectivePatchesForPatchBaselineOutput, error)
// The status of the associations for the managed nodes.
DescribeInstanceAssociationsStatus(ctx context.Context, params *ssm.DescribeInstanceAssociationsStatusInput, optFns ...func(*Options)) (*ssm.DescribeInstanceAssociationsStatusOutput, error)
// Provides information about one or more of your managed nodes, including the
// operating system platform, SSM Agent version, association status, and IP
// address. This operation does not return information for nodes that are either
// Stopped or Terminated.
//
// If you specify one or more node IDs, the operation returns information for
// those managed nodes. If you don't specify node IDs, it returns information for
// all your managed nodes. If you specify a node ID that isn't valid or a node that
// you don't own, you receive an error.
//
// The IamRole field returned for this API operation is the role assigned to an
// Amazon EC2 instance configured with a Systems Manager Quick Setup host
// management configuration or the role assigned to an on-premises managed node.
DescribeInstanceInformation(ctx context.Context, params *ssm.DescribeInstanceInformationInput, optFns ...func(*Options)) (*ssm.DescribeInstanceInformationOutput, error)
// Retrieves the high-level patch state of one or more managed nodes.
DescribeInstancePatchStates(ctx context.Context, params *ssm.DescribeInstancePatchStatesInput, optFns ...func(*Options)) (*ssm.DescribeInstancePatchStatesOutput, error)
// Retrieves the high-level patch state for the managed nodes in the specified
// patch group.
DescribeInstancePatchStatesForPatchGroup(ctx context.Context, params *ssm.DescribeInstancePatchStatesForPatchGroupInput, optFns ...func(*Options)) (*ssm.DescribeInstancePatchStatesForPatchGroupOutput, error)
// Retrieves information about the patches on the specified managed node and their
// state relative to the patch baseline being used for the node.
DescribeInstancePatches(ctx context.Context, params *ssm.DescribeInstancePatchesInput, optFns ...func(*Options)) (*ssm.DescribeInstancePatchesOutput, error)
// An API operation used by the Systems Manager console to display information
// about Systems Manager managed nodes.
DescribeInstanceProperties(ctx context.Context, params *ssm.DescribeInstancePropertiesInput, optFns ...func(*Options)) (*ssm.DescribeInstancePropertiesOutput, error)
// Describes a specific delete inventory operation.
DescribeInventoryDeletions(ctx context.Context, params *ssm.DescribeInventoryDeletionsInput, optFns ...func(*Options)) (*ssm.DescribeInventoryDeletionsOutput, error)
// Retrieves the individual task executions (one per target) for a particular task
// run as part of a maintenance window execution.
DescribeMaintenanceWindowExecutionTaskInvocations(ctx context.Context, params *ssm.DescribeMaintenanceWindowExecutionTaskInvocationsInput, optFns ...func(*Options)) (*ssm.DescribeMaintenanceWindowExecutionTaskInvocationsOutput, error)
// For a given maintenance window execution, lists the tasks that were run.
DescribeMaintenanceWindowExecutionTasks(ctx context.Context, params *ssm.DescribeMaintenanceWindowExecutionTasksInput, optFns ...func(*Options)) (*ssm.DescribeMaintenanceWindowExecutionTasksOutput, error)
// Lists the executions of a maintenance window. This includes information about
// when the maintenance window was scheduled to be active, and information about
// tasks registered and run with the maintenance window.
DescribeMaintenanceWindowExecutions(ctx context.Context, params *ssm.DescribeMaintenanceWindowExecutionsInput, optFns ...func(*Options)) (*ssm.DescribeMaintenanceWindowExecutionsOutput, error)
// Retrieves information about upcoming executions of a maintenance window.
DescribeMaintenanceWindowSchedule(ctx context.Context, params *ssm.DescribeMaintenanceWindowScheduleInput, optFns ...func(*Options)) (*ssm.DescribeMaintenanceWindowScheduleOutput, error)
// Lists the targets registered with the maintenance window.
DescribeMaintenanceWindowTargets(ctx context.Context, params *ssm.DescribeMaintenanceWindowTargetsInput, optFns ...func(*Options)) (*ssm.DescribeMaintenanceWindowTargetsOutput, error)
// Lists the tasks in a maintenance window.
//
// For maintenance window tasks without a specified target, you can't supply
// values for --max-errors and --max-concurrency . Instead, the system inserts a
// placeholder value of 1 , which may be reported in the response to this command.
// These values don't affect the running of your task and can be ignored.
DescribeMaintenanceWindowTasks(ctx context.Context, params *ssm.DescribeMaintenanceWindowTasksInput, optFns ...func(*Options)) (*ssm.DescribeMaintenanceWindowTasksOutput, error)
// Retrieves the maintenance windows in an Amazon Web Services account.
DescribeMaintenanceWindows(ctx context.Context, params *ssm.DescribeMaintenanceWindowsInput, optFns ...func(*Options)) (*ssm.DescribeMaintenanceWindowsOutput, error)
// Retrieves information about the maintenance window targets or tasks that a
// managed node is associated with.
DescribeMaintenanceWindowsForTarget(ctx context.Context, params *ssm.DescribeMaintenanceWindowsForTargetInput, optFns ...func(*Options)) (*ssm.DescribeMaintenanceWindowsForTargetOutput, error)
// Query a set of OpsItems. You must have permission in Identity and Access
// Management (IAM) to query a list of OpsItems. For more information, see [Set up OpsCenter]in the
// Amazon Web Services Systems Manager User Guide.
//
// Operations engineers and IT professionals use Amazon Web Services Systems
// Manager OpsCenter to view, investigate, and remediate operational issues
// impacting the performance and health of their Amazon Web Services resources. For
// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
DescribeOpsItems(ctx context.Context, params *ssm.DescribeOpsItemsInput, optFns ...func(*Options)) (*ssm.DescribeOpsItemsOutput, error)
// Lists the parameters in your Amazon Web Services account or the parameters
// shared with you when you enable the [Shared]option.
//
// Request results are returned on a best-effort basis. If you specify MaxResults
// in the request, the response includes information up to the limit specified. The
// number of items returned, however, can be between zero and the value of
// MaxResults . If the service reaches an internal limit while processing the
// results, it stops the operation and returns the matching values up to that point
// and a NextToken . You can specify the NextToken in a subsequent call to get the
// next set of results.
//
// Parameter names can't contain spaces. The service removes any spaces specified
// for the beginning or end of a parameter name. If the specified name for a
// parameter contains spaces between characters, the request fails with a
// ValidationException error.
//
// If you change the KMS key alias for the KMS key used to encrypt a parameter,
// then you must also update the key alias the parameter uses to reference KMS.
// Otherwise, DescribeParameters retrieves whatever the original key alias was
// referencing.
//
// [Shared]: https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html#systemsmanager-DescribeParameters-request-Shared
DescribeParameters(ctx context.Context, params *ssm.DescribeParametersInput, optFns ...func(*Options)) (*ssm.DescribeParametersOutput, error)
// Lists the patch baselines in your Amazon Web Services account.
DescribePatchBaselines(ctx context.Context, params *ssm.DescribePatchBaselinesInput, optFns ...func(*Options)) (*ssm.DescribePatchBaselinesOutput, error)
// Returns high-level aggregated patch compliance state information for a patch
// group.
DescribePatchGroupState(ctx context.Context, params *ssm.DescribePatchGroupStateInput, optFns ...func(*Options)) (*ssm.DescribePatchGroupStateOutput, error)
// Lists all patch groups that have been registered with patch baselines.
DescribePatchGroups(ctx context.Context, params *ssm.DescribePatchGroupsInput, optFns ...func(*Options)) (*ssm.DescribePatchGroupsOutput, error)
// Lists the properties of available patches organized by product, product family,
// classification, severity, and other properties of available patches. You can use
// the reported properties in the filters you specify in requests for operations
// such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.
//
// The following section lists the properties that can be used in filters for each
// major operating system type:
//
// AMAZON_LINUX Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// AMAZON_LINUX_2 Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// AMAZON_LINUX_2023 Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// CENTOS Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// DEBIAN Valid properties: PRODUCT | PRIORITY
//
// MACOS Valid properties: PRODUCT | CLASSIFICATION
//
// ORACLE_LINUX Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// REDHAT_ENTERPRISE_LINUX Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// SUSE Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
//
// UBUNTU Valid properties: PRODUCT | PRIORITY
//
// WINDOWS Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION |
// MSRC_SEVERITY
DescribePatchProperties(ctx context.Context, params *ssm.DescribePatchPropertiesInput, optFns ...func(*Options)) (*ssm.DescribePatchPropertiesOutput, error)
// Retrieves a list of all active sessions (both connected and disconnected) or
// terminated sessions from the past 30 days.
DescribeSessions(ctx context.Context, params *ssm.DescribeSessionsInput, optFns ...func(*Options)) (*ssm.DescribeSessionsOutput, error)
// Deletes the association between an OpsItem and a related item. For example,
// this API operation can delete an Incident Manager incident from an OpsItem.
// Incident Manager is a tool in Amazon Web Services Systems Manager.
DisassociateOpsItemRelatedItem(ctx context.Context, params *ssm.DisassociateOpsItemRelatedItemInput, optFns ...func(*Options)) (*ssm.DisassociateOpsItemRelatedItemOutput, error)
// Returns a credentials set to be used with just-in-time node access.
GetAccessToken(ctx context.Context, params *ssm.GetAccessTokenInput, optFns ...func(*Options)) (*ssm.GetAccessTokenOutput, error)
// Get detailed information about a particular Automation execution.
GetAutomationExecution(ctx context.Context, params *ssm.GetAutomationExecutionInput, optFns ...func(*Options)) (*ssm.GetAutomationExecutionOutput, error)
// Gets the state of a Amazon Web Services Systems Manager change calendar at the
// current time or a specified time. If you specify a time, GetCalendarState
// returns the state of the calendar at that specific time, and returns the next
// time that the change calendar state will transition. If you don't specify a
// time, GetCalendarState uses the current time. Change Calendar entries have two
// possible states: OPEN or CLOSED .
//
// If you specify more than one calendar in a request, the command returns the
// status of OPEN only if all calendars in the request are open. If one or more
// calendars in the request are closed, the status returned is CLOSED .
//
// For more information about Change Calendar, a tool in Amazon Web Services
// Systems Manager, see [Amazon Web Services Systems Manager Change Calendar]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager Change Calendar]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html
GetCalendarState(ctx context.Context, params *ssm.GetCalendarStateInput, optFns ...func(*Options)) (*ssm.GetCalendarStateOutput, error)
// Returns detailed information about command execution for an invocation or
// plugin. The Run Command API follows an eventual consistency model, due to the
// distributed nature of the system supporting the API. This means that the result
// of an API command you run that affects your resources might not be immediately
// visible to all subsequent commands you run. You should keep this in mind when
// you carry out an API command that immediately follows a previous API command.
//
// GetCommandInvocation only gives the execution status of a plugin in a document.
// To get the command execution status on a specific managed node, use ListCommandInvocations. To get
// the command execution status across managed nodes, use ListCommands.
GetCommandInvocation(ctx context.Context, params *ssm.GetCommandInvocationInput, optFns ...func(*Options)) (*ssm.GetCommandInvocationOutput, error)
// Retrieves the Session Manager connection status for a managed node to determine
// whether it is running and ready to receive Session Manager connections.
GetConnectionStatus(ctx context.Context, params *ssm.GetConnectionStatusInput, optFns ...func(*Options)) (*ssm.GetConnectionStatusOutput, error)
// Retrieves the default patch baseline. Amazon Web Services Systems Manager
// supports creating multiple default patch baselines. For example, you can create
// a default patch baseline for each operating system.
//
// If you don't specify an operating system value, the default patch baseline for
// Windows is returned.
GetDefaultPatchBaseline(ctx context.Context, params *ssm.GetDefaultPatchBaselineInput, optFns ...func(*Options)) (*ssm.GetDefaultPatchBaselineOutput, error)
// Retrieves the current snapshot for the patch baseline the managed node uses.
// This API is primarily used by the AWS-RunPatchBaseline Systems Manager document
// (SSM document).
//
// If you run the command locally, such as with the Command Line Interface (CLI),
// the system attempts to use your local Amazon Web Services credentials and the
// operation fails. To avoid this, you can run the command in the Amazon Web
// Services Systems Manager console. Use Run Command, a tool in Amazon Web Services
// Systems Manager, with an SSM document that enables you to target a managed node
// with a script or command. For example, run the command using the
// AWS-RunShellScript document or the AWS-RunPowerShellScript document.
GetDeployablePatchSnapshotForInstance(ctx context.Context, params *ssm.GetDeployablePatchSnapshotForInstanceInput, optFns ...func(*Options)) (*ssm.GetDeployablePatchSnapshotForInstanceOutput, error)
// Gets the contents of the specified Amazon Web Services Systems Manager document
// (SSM document).
GetDocument(ctx context.Context, params *ssm.GetDocumentInput, optFns ...func(*Options)) (*ssm.GetDocumentOutput, error)
// Initiates the process of retrieving an existing preview that shows the effects
// that running a specified Automation runbook would have on the targeted
// resources.
GetExecutionPreview(ctx context.Context, params *ssm.GetExecutionPreviewInput, optFns ...func(*Options)) (*ssm.GetExecutionPreviewOutput, error)
// Query inventory information. This includes managed node status, such as Stopped
// or Terminated .
GetInventory(ctx context.Context, params *ssm.GetInventoryInput, optFns ...func(*Options)) (*ssm.GetInventoryOutput, error)
// Return a list of inventory type names for the account, or return a list of
// attribute names for a specific Inventory item type.
GetInventorySchema(ctx context.Context, params *ssm.GetInventorySchemaInput, optFns ...func(*Options)) (*ssm.GetInventorySchemaOutput, error)
// Retrieves a maintenance window.
GetMaintenanceWindow(ctx context.Context, params *ssm.GetMaintenanceWindowInput, optFns ...func(*Options)) (*ssm.GetMaintenanceWindowOutput, error)
// Retrieves details about a specific a maintenance window execution.
GetMaintenanceWindowExecution(ctx context.Context, params *ssm.GetMaintenanceWindowExecutionInput, optFns ...func(*Options)) (*ssm.GetMaintenanceWindowExecutionOutput, error)
// Retrieves the details about a specific task run as part of a maintenance window
// execution.
GetMaintenanceWindowExecutionTask(ctx context.Context, params *ssm.GetMaintenanceWindowExecutionTaskInput, optFns ...func(*Options)) (*ssm.GetMaintenanceWindowExecutionTaskOutput, error)
// Retrieves information about a specific task running on a specific target.
GetMaintenanceWindowExecutionTaskInvocation(ctx context.Context, params *ssm.GetMaintenanceWindowExecutionTaskInvocationInput, optFns ...func(*Options)) (*ssm.GetMaintenanceWindowExecutionTaskInvocationOutput, error)
// Retrieves the details of a maintenance window task.
//
// For maintenance window tasks without a specified target, you can't supply
// values for --max-errors and --max-concurrency . Instead, the system inserts a
// placeholder value of 1 , which may be reported in the response to this command.
// These values don't affect the running of your task and can be ignored.
//
// To retrieve a list of tasks in a maintenance window, instead use the DescribeMaintenanceWindowTasks command.
GetMaintenanceWindowTask(ctx context.Context, params *ssm.GetMaintenanceWindowTaskInput, optFns ...func(*Options)) (*ssm.GetMaintenanceWindowTaskOutput, error)
// Get information about an OpsItem by using the ID. You must have permission in
// Identity and Access Management (IAM) to view information about an OpsItem. For
// more information, see [Set up OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// Operations engineers and IT professionals use Amazon Web Services Systems
// Manager OpsCenter to view, investigate, and remediate operational issues
// impacting the performance and health of their Amazon Web Services resources. For
// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
GetOpsItem(ctx context.Context, params *ssm.GetOpsItemInput, optFns ...func(*Options)) (*ssm.GetOpsItemOutput, error)
// View operational metadata related to an application in Application Manager.
GetOpsMetadata(ctx context.Context, params *ssm.GetOpsMetadataInput, optFns ...func(*Options)) (*ssm.GetOpsMetadataOutput, error)
// View a summary of operations metadata (OpsData) based on specified filters and
// aggregators. OpsData can include information about Amazon Web Services Systems
// Manager OpsCenter operational workitems (OpsItems) as well as information about
// any Amazon Web Services resource or service configured to report OpsData to
// Amazon Web Services Systems Manager Explorer.
GetOpsSummary(ctx context.Context, params *ssm.GetOpsSummaryInput, optFns ...func(*Options)) (*ssm.GetOpsSummaryOutput, error)
// Get information about a single parameter by specifying the parameter name.
//
// Parameter names can't contain spaces. The service removes any spaces specified
// for the beginning or end of a parameter name. If the specified name for a
// parameter contains spaces between characters, the request fails with a
// ValidationException error.
//
// To get information about more than one parameter at a time, use the GetParameters operation.
GetParameter(ctx context.Context, params *ssm.GetParameterInput, optFns ...func(*Options)) (*ssm.GetParameterOutput, error)
// Retrieves the history of all changes to a parameter.
//
// Parameter names can't contain spaces. The service removes any spaces specified
// for the beginning or end of a parameter name. If the specified name for a
// parameter contains spaces between characters, the request fails with a
// ValidationException error.
//
// If you change the KMS key alias for the KMS key used to encrypt a parameter,
// then you must also update the key alias the parameter uses to reference KMS.
// Otherwise, GetParameterHistory retrieves whatever the original key alias was
// referencing.
GetParameterHistory(ctx context.Context, params *ssm.GetParameterHistoryInput, optFns ...func(*Options)) (*ssm.GetParameterHistoryOutput, error)
// Get information about one or more parameters by specifying multiple parameter
// names.
//
// To get information about a single parameter, you can use the GetParameter operation instead.
//
// Parameter names can't contain spaces. The service removes any spaces specified
// for the beginning or end of a parameter name. If the specified name for a
// parameter contains spaces between characters, the request fails with a
// ValidationException error.
GetParameters(ctx context.Context, params *ssm.GetParametersInput, optFns ...func(*Options)) (*ssm.GetParametersOutput, error)
// Retrieve information about one or more parameters under a specified level in a
// hierarchy.
//
// Request results are returned on a best-effort basis. If you specify MaxResults
// in the request, the response includes information up to the limit specified. The
// number of items returned, however, can be between zero and the value of
// MaxResults . If the service reaches an internal limit while processing the
// results, it stops the operation and returns the matching values up to that point
// and a NextToken . You can specify the NextToken in a subsequent call to get the
// next set of results.
//
// Parameter names can't contain spaces. The service removes any spaces specified
// for the beginning or end of a parameter name. If the specified name for a
// parameter contains spaces between characters, the request fails with a
// ValidationException error.
GetParametersByPath(ctx context.Context, params *ssm.GetParametersByPathInput, optFns ...func(*Options)) (*ssm.GetParametersByPathOutput, error)
// Retrieves information about a patch baseline.
GetPatchBaseline(ctx context.Context, params *ssm.GetPatchBaselineInput, optFns ...func(*Options)) (*ssm.GetPatchBaselineOutput, error)
// Retrieves the patch baseline that should be used for the specified patch group.
GetPatchBaselineForPatchGroup(ctx context.Context, params *ssm.GetPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*ssm.GetPatchBaselineForPatchGroupOutput, error)
// Returns an array of the Policy object.
GetResourcePolicies(ctx context.Context, params *ssm.GetResourcePoliciesInput, optFns ...func(*Options)) (*ssm.GetResourcePoliciesOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of false . This means the user can't use
// this feature unless they change the setting to true and intentionally opt in
// for a paid feature.
//
// Services map a SettingId object to a setting value. Amazon Web Services
// services teams define the default value for a SettingId . You can't create a new
// SettingId , but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API operation to
// change the default setting. Or use the ResetServiceSettingto change the value back to the original
// value defined by the Amazon Web Services service team.
//
// Query the current service setting for the Amazon Web Services account.
GetServiceSetting(ctx context.Context, params *ssm.GetServiceSettingInput, optFns ...func(*Options)) (*ssm.GetServiceSettingOutput, error)
// A parameter label is a user-defined alias to help you manage different versions
// of a parameter. When you modify a parameter, Amazon Web Services Systems Manager
// automatically saves a new version and increments the version number by one. A
// label can help you remember the purpose of a parameter when there are multiple
// versions.
//
// Parameter labels have the following requirements and restrictions.
//
// - A version of a parameter can have a maximum of 10 labels.
//
// - You can't attach the same label to different versions of the same
// parameter. For example, if version 1 has the label Production, then you can't
// attach Production to version 2.
//
// - You can move a label from one version of a parameter to another.
//
// - You can't create a label when you create a new parameter. You must attach a
// label to a specific version of a parameter.
//
// - If you no longer want to use a parameter label, then you can either delete
// it or move it to a different version of a parameter.
//
// - A label can have a maximum of 100 characters.
//
// - Labels can contain letters (case sensitive), numbers, periods (.), hyphens
// (-), or underscores (_).
//
// - Labels can't begin with a number, " aws " or " ssm " (not case sensitive).
// If a label fails to meet these requirements, then the label isn't associated
// with a parameter and the system displays it in the list of InvalidLabels.
//
// - Parameter names can't contain spaces. The service removes any spaces
// specified for the beginning or end of a parameter name. If the specified name
// for a parameter contains spaces between characters, the request fails with a
// ValidationException error.
LabelParameterVersion(ctx context.Context, params *ssm.LabelParameterVersionInput, optFns ...func(*Options)) (*ssm.LabelParameterVersionOutput, error)
// Retrieves all versions of an association for a specific association ID.
ListAssociationVersions(ctx context.Context, params *ssm.ListAssociationVersionsInput, optFns ...func(*Options)) (*ssm.ListAssociationVersionsOutput, error)
// Returns all State Manager associations in the current Amazon Web Services
// account and Amazon Web Services Region. You can limit the results to a specific
// State Manager association document or managed node by specifying a filter. State
// Manager is a tool in Amazon Web Services Systems Manager.
ListAssociations(ctx context.Context, params *ssm.ListAssociationsInput, optFns ...func(*Options)) (*ssm.ListAssociationsOutput, error)
// An invocation is copy of a command sent to a specific managed node. A command
// can apply to one or more managed nodes. A command invocation applies to one
// managed node. For example, if a user runs SendCommand against three managed
// nodes, then a command invocation is created for each requested managed node ID.
// ListCommandInvocations provide status about command execution.
ListCommandInvocations(ctx context.Context, params *ssm.ListCommandInvocationsInput, optFns ...func(*Options)) (*ssm.ListCommandInvocationsOutput, error)
// Lists the commands requested by users of the Amazon Web Services account.
ListCommands(ctx context.Context, params *ssm.ListCommandsInput, optFns ...func(*Options)) (*ssm.ListCommandsOutput, error)
// For a specified resource ID, this API operation returns a list of compliance
// statuses for different resource types. Currently, you can only specify one
// resource ID per call. List results depend on the criteria specified in the
// filter.
ListComplianceItems(ctx context.Context, params *ssm.ListComplianceItemsInput, optFns ...func(*Options)) (*ssm.ListComplianceItemsOutput, error)
// Returns a summary count of compliant and non-compliant resources for a
// compliance type. For example, this call can return State Manager associations,
// patches, or custom compliance types according to the filter criteria that you
// specify.
ListComplianceSummaries(ctx context.Context, params *ssm.ListComplianceSummariesInput, optFns ...func(*Options)) (*ssm.ListComplianceSummariesOutput, error)
// Amazon Web Services Systems Manager Change Manager will no longer be open to
// new customers starting November 7, 2025. If you would like to use Change
// Manager, sign up prior to that date. Existing customers can continue to use the
// service as normal. For more information, see [Amazon Web Services Systems Manager Change Manager availability change].
//
// Information about approval reviews for a version of a change template in Change
// Manager.
//
// [Amazon Web Services Systems Manager Change Manager availability change]: https://docs.aws.amazon.com/systems-manager/latest/userguide/change-manager-availability-change.html
ListDocumentMetadataHistory(ctx context.Context, params *ssm.ListDocumentMetadataHistoryInput, optFns ...func(*Options)) (*ssm.ListDocumentMetadataHistoryOutput, error)
// List all versions for a document.
ListDocumentVersions(ctx context.Context, params *ssm.ListDocumentVersionsInput, optFns ...func(*Options)) (*ssm.ListDocumentVersionsOutput, error)
// Returns all Systems Manager (SSM) documents in the current Amazon Web Services
// account and Amazon Web Services Region. You can limit the results of this
// request by using a filter.
ListDocuments(ctx context.Context, params *ssm.ListDocumentsInput, optFns ...func(*Options)) (*ssm.ListDocumentsOutput, error)
// A list of inventory items returned by the request.
ListInventoryEntries(ctx context.Context, params *ssm.ListInventoryEntriesInput, optFns ...func(*Options)) (*ssm.ListInventoryEntriesOutput, error)
// Takes in filters and returns a list of managed nodes matching the filter
// criteria.
ListNodes(ctx context.Context, params *ssm.ListNodesInput, optFns ...func(*Options)) (*ssm.ListNodesOutput, error)
// Generates a summary of managed instance/node metadata based on the filters and
// aggregators you specify. Results are grouped by the input aggregator you
// specify.
ListNodesSummary(ctx context.Context, params *ssm.ListNodesSummaryInput, optFns ...func(*Options)) (*ssm.ListNodesSummaryOutput, error)
// Returns a list of all OpsItem events in the current Amazon Web Services Region
// and Amazon Web Services account. You can limit the results to events associated
// with specific OpsItems by specifying a filter.
ListOpsItemEvents(ctx context.Context, params *ssm.ListOpsItemEventsInput, optFns ...func(*Options)) (*ssm.ListOpsItemEventsOutput, error)
// Lists all related-item resources associated with a Systems Manager OpsCenter
// OpsItem. OpsCenter is a tool in Amazon Web Services Systems Manager.
ListOpsItemRelatedItems(ctx context.Context, params *ssm.ListOpsItemRelatedItemsInput, optFns ...func(*Options)) (*ssm.ListOpsItemRelatedItemsOutput, error)
// Amazon Web Services Systems Manager calls this API operation when displaying
// all Application Manager OpsMetadata objects or blobs.
ListOpsMetadata(ctx context.Context, params *ssm.ListOpsMetadataInput, optFns ...func(*Options)) (*ssm.ListOpsMetadataOutput, error)
// Returns a resource-level summary count. The summary includes information about
// compliant and non-compliant statuses and detailed compliance-item severity
// counts, according to the filter criteria you specify.
ListResourceComplianceSummaries(ctx context.Context, params *ssm.ListResourceComplianceSummariesInput, optFns ...func(*Options)) (*ssm.ListResourceComplianceSummariesOutput, error)
// Lists your resource data sync configurations. Includes information about the
// last time a sync attempted to start, the last sync status, and the last time a
// sync successfully completed.
//
// The number of sync configurations might be too large to return using a single
// call to ListResourceDataSync . You can limit the number of sync configurations
// returned by using the MaxResults parameter. To determine whether there are more
// sync configurations to list, check the value of NextToken in the output. If
// there are more sync configurations to list, you can request them by specifying
// the NextToken returned in the call to the parameter of a subsequent call.
ListResourceDataSync(ctx context.Context, params *ssm.ListResourceDataSyncInput, optFns ...func(*Options)) (*ssm.ListResourceDataSyncOutput, error)
// Returns a list of the tags assigned to the specified resource.
//
// For information about the ID format for each supported resource type, see AddTagsToResource.
ListTagsForResource(ctx context.Context, params *ssm.ListTagsForResourceInput, optFns ...func(*Options)) (*ssm.ListTagsForResourceOutput, error)
// Shares a Amazon Web Services Systems Manager document (SSM document)publicly or
// privately. If you share a document privately, you must specify the Amazon Web
// Services user IDs for those people who can use the document. If you share a
// document publicly, you must specify All as the account ID.
ModifyDocumentPermission(ctx context.Context, params *ssm.ModifyDocumentPermissionInput, optFns ...func(*Options)) (*ssm.ModifyDocumentPermissionOutput, error)
// Registers a compliance type and other compliance details on a designated
// resource. This operation lets you register custom compliance details with a
// resource. This call overwrites existing compliance information on the resource,
// so you must provide a full list of compliance items each time that you send the
// request.
//
// ComplianceType can be one of the following:
//
// - ExecutionId: The execution ID when the patch, association, or custom
// compliance item was applied.
//
// - ExecutionType: Specify patch, association, or Custom: string .
//
// - ExecutionTime. The time the patch, association, or custom compliance item
// was applied to the managed node.
//
// For State Manager associations, this represents the time when compliance status
//
// was captured by the Systems Manager service during its internal compliance
// aggregation workflow, not necessarily when the association was executed on the
// managed node. State Manager updates compliance information for all associations
// on an instance whenever any association executes, which may result in multiple
// associations showing the same execution time.
//
// - Id: The patch, association, or custom compliance ID.
//
// - Title: A title.
//
// - Status: The status of the compliance item. For example, approved for
// patches, or Failed for associations.
//
// - Severity: A patch severity. For example, Critical .
//
// - DocumentName: An SSM document name. For example, AWS-RunPatchBaseline .
//
// - DocumentVersion: An SSM document version number. For example, 4.
//
// - Classification: A patch classification. For example, security updates .
//
// - PatchBaselineId: A patch baseline ID.
//
// - PatchSeverity: A patch severity. For example, Critical .
//
// - PatchState: A patch state. For example, InstancesWithFailedPatches .
//
// - PatchGroup: The name of a patch group.
//
// - InstalledTime: The time the association, patch, or custom compliance item
// was applied to the resource. Specify the time by using the following format:
// yyyy-MM-dd'T'HH:mm:ss'Z'
PutComplianceItems(ctx context.Context, params *ssm.PutComplianceItemsInput, optFns ...func(*Options)) (*ssm.PutComplianceItemsOutput, error)
// Bulk update custom inventory items on one or more managed nodes. The request
// adds an inventory item, if it doesn't already exist, or updates an inventory
// item, if it does exist.
PutInventory(ctx context.Context, params *ssm.PutInventoryInput, optFns ...func(*Options)) (*ssm.PutInventoryOutput, error)
// Create or update a parameter in Parameter Store.
PutParameter(ctx context.Context, params *ssm.PutParameterInput, optFns ...func(*Options)) (*ssm.PutParameterOutput, error)
// Creates or updates a Systems Manager resource policy. A resource policy helps
// you to define the IAM entity (for example, an Amazon Web Services account) that
// can manage your Systems Manager resources. The following resources support
// Systems Manager resource policies.
//
// - OpsItemGroup - The resource policy for OpsItemGroup enables Amazon Web
// Services accounts to view and interact with OpsCenter operational work items
// (OpsItems).
//
// - Parameter - The resource policy is used to share a parameter with other
// accounts using Resource Access Manager (RAM).
//
// To share a parameter, it must be in the advanced parameter tier. For
//
// information about parameter tiers, see [Managing parameter tiers]. For information about changing an
// existing standard parameter to an advanced parameter, see [Changing a standard parameter to an advanced parameter].
//
// To share a SecureString parameter, it must be encrypted with a customer managed
//
// key, and you must share the key separately through Key Management Service.
// Amazon Web Services managed keys cannot be shared. Parameters encrypted with the
// default Amazon Web Services managed key can be updated to use a customer managed
// key instead. For KMS key definitions, see [KMS concepts]in the Key Management Service
// Developer Guide.
//
// While you can share a parameter using the Systems Manager PutResourcePolicy
//
// operation, we recommend using Resource Access Manager (RAM) instead. This is
// because using PutResourcePolicy requires the extra step of promoting the
// parameter to a standard RAM Resource Share using the RAM [PromoteResourceShareCreatedFromPolicy]API operation.
// Otherwise, the parameter won't be returned by the Systems Manager [DescribeParameters]API
// operation using the --shared option.
//
// For more information, see [Sharing a parameter]in the Amazon Web Services Systems Manager User Guide
//
// [Sharing a parameter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html#share
//
// [Managing parameter tiers]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html
// [Changing a standard parameter to an advanced parameter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html#parameter-store-advanced-parameters-enabling
// [PromoteResourceShareCreatedFromPolicy]: https://docs.aws.amazon.com/ram/latest/APIReference/API_PromoteResourceShareCreatedFromPolicy.html
// [KMS concepts]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html
// [DescribeParameters]: https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html
PutResourcePolicy(ctx context.Context, params *ssm.PutResourcePolicyInput, optFns ...func(*Options)) (*ssm.PutResourcePolicyOutput, error)
// Defines the default patch baseline for the relevant operating system.
//
// To reset the Amazon Web Services-predefined patch baseline as the default,
// specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID
// value. For example, for CentOS, specify
// arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of
// pb-0574b43a65ea646ed .
RegisterDefaultPatchBaseline(ctx context.Context, params *ssm.RegisterDefaultPatchBaselineInput, optFns ...func(*Options)) (*ssm.RegisterDefaultPatchBaselineOutput, error)
// Registers a patch baseline for a patch group.
RegisterPatchBaselineForPatchGroup(ctx context.Context, params *ssm.RegisterPatchBaselineForPatchGroupInput, optFns ...func(*Options)) (*ssm.RegisterPatchBaselineForPatchGroupOutput, error)
// Registers a target with a maintenance window.
RegisterTargetWithMaintenanceWindow(ctx context.Context, params *ssm.RegisterTargetWithMaintenanceWindowInput, optFns ...func(*Options)) (*ssm.RegisterTargetWithMaintenanceWindowOutput, error)
// Adds a new task to a maintenance window.
RegisterTaskWithMaintenanceWindow(ctx context.Context, params *ssm.RegisterTaskWithMaintenanceWindowInput, optFns ...func(*Options)) (*ssm.RegisterTaskWithMaintenanceWindowOutput, error)
// Removes tag keys from the specified resource.
RemoveTagsFromResource(ctx context.Context, params *ssm.RemoveTagsFromResourceInput, optFns ...func(*Options)) (*ssm.RemoveTagsFromResourceOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of "false". This means the user can't use
// this feature unless they change the setting to "true" and intentionally opt in
// for a paid feature.
//
// Services map a SettingId object to a setting value. Amazon Web Services
// services teams define the default value for a SettingId . You can't create a new
// SettingId , but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to
// view the current value. Use the UpdateServiceSettingAPI operation to change the default setting.
//
// Reset the service setting for the account to the default value as provisioned
// by the Amazon Web Services service team.
ResetServiceSetting(ctx context.Context, params *ssm.ResetServiceSettingInput, optFns ...func(*Options)) (*ssm.ResetServiceSettingOutput, error)
// Reconnects a session to a managed node after it has been disconnected.
// Connections can be resumed for disconnected sessions, but not terminated
// sessions.
//
// This command is primarily for use by client machines to automatically reconnect
// during intermittent network issues. It isn't intended for any other use.
ResumeSession(ctx context.Context, params *ssm.ResumeSessionInput, optFns ...func(*Options)) (*ssm.ResumeSessionOutput, error)
// Sends a signal to an Automation execution to change the current behavior or
// status of the execution.
SendAutomationSignal(ctx context.Context, params *ssm.SendAutomationSignalInput, optFns ...func(*Options)) (*ssm.SendAutomationSignalOutput, error)
// Runs commands on one or more managed nodes.
SendCommand(ctx context.Context, params *ssm.SendCommandInput, optFns ...func(*Options)) (*ssm.SendCommandOutput, error)
// Starts the workflow for just-in-time node access sessions.
StartAccessRequest(ctx context.Context, params *ssm.StartAccessRequestInput, optFns ...func(*Options)) (*ssm.StartAccessRequestOutput, error)
// Runs an association immediately and only one time. This operation can be
// helpful when troubleshooting associations.
StartAssociationsOnce(ctx context.Context, params *ssm.StartAssociationsOnceInput, optFns ...func(*Options)) (*ssm.StartAssociationsOnceOutput, error)
// Initiates execution of an Automation runbook.
StartAutomationExecution(ctx context.Context, params *ssm.StartAutomationExecutionInput, optFns ...func(*Options)) (*ssm.StartAutomationExecutionOutput, error)
// Amazon Web Services Systems Manager Change Manager will no longer be open to
// new customers starting November 7, 2025. If you would like to use Change
// Manager, sign up prior to that date. Existing customers can continue to use the
// service as normal. For more information, see [Amazon Web Services Systems Manager Change Manager availability change].
//
// Creates a change request for Change Manager. The Automation runbooks specified
// in the change request run only after all required approvals for the change
// request have been received.
//
// [Amazon Web Services Systems Manager Change Manager availability change]: https://docs.aws.amazon.com/systems-manager/latest/userguide/change-manager-availability-change.html
StartChangeRequestExecution(ctx context.Context, params *ssm.StartChangeRequestExecutionInput, optFns ...func(*Options)) (*ssm.StartChangeRequestExecutionOutput, error)
// Initiates the process of creating a preview showing the effects that running a
// specified Automation runbook would have on the targeted resources.
StartExecutionPreview(ctx context.Context, params *ssm.StartExecutionPreviewInput, optFns ...func(*Options)) (*ssm.StartExecutionPreviewOutput, error)
// Initiates a connection to a target (for example, a managed node) for a Session
// Manager session. Returns a URL and token that can be used to open a WebSocket
// connection for sending input and receiving outputs.
//
// Amazon Web Services CLI usage: start-session is an interactive command that
// requires the Session Manager plugin to be installed on the client machine making
// the call. For information, see [Install the Session Manager plugin for the Amazon Web Services CLI]in the Amazon Web Services Systems Manager User
// Guide.
//
// Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't
// currently supported by Amazon Web Services Tools for PowerShell on Windows local
// machines.
//
// [Install the Session Manager plugin for the Amazon Web Services CLI]: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html
StartSession(ctx context.Context, params *ssm.StartSessionInput, optFns ...func(*Options)) (*ssm.StartSessionOutput, error)
// Stop an Automation that is currently running.
StopAutomationExecution(ctx context.Context, params *ssm.StopAutomationExecutionInput, optFns ...func(*Options)) (*ssm.StopAutomationExecutionOutput, error)
// Permanently ends a session and closes the data connection between the Session
// Manager client and SSM Agent on the managed node. A terminated session can't be
// resumed.
TerminateSession(ctx context.Context, params *ssm.TerminateSessionInput, optFns ...func(*Options)) (*ssm.TerminateSessionOutput, error)
// Remove a label or labels from a parameter.
//
// Parameter names can't contain spaces. The service removes any spaces specified
// for the beginning or end of a parameter name. If the specified name for a
// parameter contains spaces between characters, the request fails with a
// ValidationException error.
UnlabelParameterVersion(ctx context.Context, params *ssm.UnlabelParameterVersionInput, optFns ...func(*Options)) (*ssm.UnlabelParameterVersionOutput, error)
// Updates an association. You can update the association name and version, the
// document version, schedule, parameters, and Amazon Simple Storage Service
// (Amazon S3) output. When you call UpdateAssociation , the system removes all
// optional parameters from the request and overwrites the association with null
// values for those parameters. This is by design. You must specify all optional
// parameters in the call, even if you are not changing the parameters. This
// includes the Name parameter. Before calling this API action, we recommend that
// you call the DescribeAssociationAPI operation and make a note of all optional parameters required
// for your UpdateAssociation call.
//
// In order to call this API operation, a user, group, or role must be granted
// permission to call the DescribeAssociationAPI operation. If you don't have permission to call
// DescribeAssociation , then you receive the following error: An error occurred
// (AccessDeniedException) when calling the UpdateAssociation operation: User:
// isn't authorized to perform: ssm:DescribeAssociation on resource:
//
// When you update an association, the association immediately runs against the
// specified targets. You can add the ApplyOnlyAtCronInterval parameter to run the
// association during the next schedule run.
UpdateAssociation(ctx context.Context, params *ssm.UpdateAssociationInput, optFns ...func(*Options)) (*ssm.UpdateAssociationOutput, error)
// Updates the status of the Amazon Web Services Systems Manager document (SSM
// document) associated with the specified managed node.
//
// UpdateAssociationStatus is primarily used by the Amazon Web Services Systems
// Manager Agent (SSM Agent) to report status updates about your associations and
// is only used for associations created with the InstanceId legacy parameter.
UpdateAssociationStatus(ctx context.Context, params *ssm.UpdateAssociationStatusInput, optFns ...func(*Options)) (*ssm.UpdateAssociationStatusOutput, error)
// Updates one or more values for an SSM document.
UpdateDocument(ctx context.Context, params *ssm.UpdateDocumentInput, optFns ...func(*Options)) (*ssm.UpdateDocumentOutput, error)
// Set the default version of a document.
//
// If you change a document version for a State Manager association, Systems
// Manager immediately runs the association unless you previously specifed the
// apply-only-at-cron-interval parameter.
UpdateDocumentDefaultVersion(ctx context.Context, params *ssm.UpdateDocumentDefaultVersionInput, optFns ...func(*Options)) (*ssm.UpdateDocumentDefaultVersionOutput, error)
// Amazon Web Services Systems Manager Change Manager will no longer be open to
// new customers starting November 7, 2025. If you would like to use Change
// Manager, sign up prior to that date. Existing customers can continue to use the
// service as normal. For more information, see [Amazon Web Services Systems Manager Change Manager availability change].
//
// Updates information related to approval reviews for a specific version of a
// change template in Change Manager.
//
// [Amazon Web Services Systems Manager Change Manager availability change]: https://docs.aws.amazon.com/systems-manager/latest/userguide/change-manager-availability-change.html
UpdateDocumentMetadata(ctx context.Context, params *ssm.UpdateDocumentMetadataInput, optFns ...func(*Options)) (*ssm.UpdateDocumentMetadataOutput, error)
// Updates an existing maintenance window. Only specified parameters are modified.
//
// The value you specify for Duration determines the specific end time for the
// maintenance window based on the time it begins. No maintenance window tasks are
// permitted to start after the resulting endtime minus the number of hours you
// specify for Cutoff . For example, if the maintenance window starts at 3 PM, the
// duration is three hours, and the value you specify for Cutoff is one hour, no
// maintenance window tasks can start after 5 PM.
UpdateMaintenanceWindow(ctx context.Context, params *ssm.UpdateMaintenanceWindowInput, optFns ...func(*Options)) (*ssm.UpdateMaintenanceWindowOutput, error)
// Modifies the target of an existing maintenance window. You can change the
// following:
//
// - Name
//
// - Description
//
// - Owner
//
// - IDs for an ID target
//
// - Tags for a Tag target
//
// - From any supported tag type to another. The three supported tag types are
// ID target, Tag target, and resource group. For more information, see Target.
//
// If a parameter is null, then the corresponding field isn't modified.
UpdateMaintenanceWindowTarget(ctx context.Context, params *ssm.UpdateMaintenanceWindowTargetInput, optFns ...func(*Options)) (*ssm.UpdateMaintenanceWindowTargetOutput, error)
// Modifies a task assigned to a maintenance window. You can't change the task
// type, but you can change the following values:
//
// - TaskARN . For example, you can change a RUN_COMMAND task from
// AWS-RunPowerShellScript to AWS-RunShellScript .
//
// - ServiceRoleArn
//
// - TaskInvocationParameters
//
// - Priority
//
// - MaxConcurrency
//
// - MaxErrors
//
// One or more targets must be specified for maintenance window Run Command-type
// tasks. Depending on the task, targets are optional for other maintenance window
// task types (Automation, Lambda, and Step Functions). For more information about
// running tasks that don't specify targets, see [Registering maintenance window tasks without targets]in the Amazon Web Services
// Systems Manager User Guide.
//
// If the value for a parameter in UpdateMaintenanceWindowTask is null, then the
// corresponding field isn't modified. If you set Replace to true, then all fields
// required by the RegisterTaskWithMaintenanceWindowoperation are required for this request. Optional fields that
// aren't specified are set to null.
//
// When you update a maintenance window task that has options specified in
// TaskInvocationParameters , you must provide again all the
// TaskInvocationParameters values that you want to retain. The values you don't
// specify again are removed. For example, suppose that when you registered a Run
// Command task, you specified TaskInvocationParameters values for Comment ,
// NotificationConfig , and OutputS3BucketName . If you update the maintenance
// window task and specify only a different OutputS3BucketName value, the values
// for Comment and NotificationConfig are removed.
//
// [Registering maintenance window tasks without targets]: https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html
UpdateMaintenanceWindowTask(ctx context.Context, params *ssm.UpdateMaintenanceWindowTaskInput, optFns ...func(*Options)) (*ssm.UpdateMaintenanceWindowTaskOutput, error)
// Changes the Identity and Access Management (IAM) role that is assigned to the
// on-premises server, edge device, or virtual machines (VM). IAM roles are first
// assigned to these hybrid nodes during the activation process. For more
// information, see CreateActivation.
UpdateManagedInstanceRole(ctx context.Context, params *ssm.UpdateManagedInstanceRoleInput, optFns ...func(*Options)) (*ssm.UpdateManagedInstanceRoleOutput, error)
// Edit or change an OpsItem. You must have permission in Identity and Access
// Management (IAM) to update an OpsItem. For more information, see [Set up OpsCenter]in the Amazon
// Web Services Systems Manager User Guide.
//
// Operations engineers and IT professionals use Amazon Web Services Systems
// Manager OpsCenter to view, investigate, and remediate operational issues
// impacting the performance and health of their Amazon Web Services resources. For
// more information, see [Amazon Web Services Systems Manager OpsCenter]in the Amazon Web Services Systems Manager User Guide.
//
// [Amazon Web Services Systems Manager OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html
// [Set up OpsCenter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setup.html
UpdateOpsItem(ctx context.Context, params *ssm.UpdateOpsItemInput, optFns ...func(*Options)) (*ssm.UpdateOpsItemOutput, error)
// Amazon Web Services Systems Manager calls this API operation when you edit
// OpsMetadata in Application Manager.
UpdateOpsMetadata(ctx context.Context, params *ssm.UpdateOpsMetadataInput, optFns ...func(*Options)) (*ssm.UpdateOpsMetadataOutput, error)
// Modifies an existing patch baseline. Fields not specified in the request are
// left unchanged.
//
// For information about valid key-value pairs in PatchFilters for each supported
// operating system type, see PatchFilter.
UpdatePatchBaseline(ctx context.Context, params *ssm.UpdatePatchBaselineInput, optFns ...func(*Options)) (*ssm.UpdatePatchBaselineOutput, error)
// Update a resource data sync. After you create a resource data sync for a
// Region, you can't change the account options for that sync. For example, if you
// create a sync in the us-east-2 (Ohio) Region and you choose the Include only
// the current account option, you can't edit that sync later and choose the
// Include all accounts from my Organizations configuration option. Instead, you
// must delete the first resource data sync, and create a new one.
//
// This API operation only supports a resource data sync that was created with a
// SyncFromSource SyncType .
UpdateResourceDataSync(ctx context.Context, params *ssm.UpdateResourceDataSyncInput, optFns ...func(*Options)) (*ssm.UpdateResourceDataSyncOutput, error)
// ServiceSetting is an account-level setting for an Amazon Web Services service.
// This setting defines how a user interacts with or uses a service or a feature of
// a service. For example, if an Amazon Web Services service charges money to the
// account based on feature or service usage, then the Amazon Web Services service
// team might create a default setting of "false". This means the user can't use
// this feature unless they change the setting to "true" and intentionally opt in
// for a paid feature.
//
// Services map a SettingId object to a setting value. Amazon Web Services
// services teams define the default value for a SettingId . You can't create a new
// SettingId , but you can overwrite the default value if you have the
// ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to
// view the current value. Or, use the ResetServiceSettingto change the value back to the original
// value defined by the Amazon Web Services service team.
//
// Update the service setting for the account.
UpdateServiceSetting(ctx context.Context, params *ssm.UpdateServiceSettingInput, optFns ...func(*Options)) (*ssm.UpdateServiceSettingOutput, error)
}
SSM provides an interface to the AWS SSM service.
type STS ¶
type STS interface {
// GetCallerIdentity returns details about the IAM user or role whose credentials are used to call
// the operation. No permissions are required to perform this operation. If an
// administrator attaches a policy to your identity that explicitly denies access
// to the sts:GetCallerIdentity action, you can still perform this operation.
// Permissions are not required because the same information is returned when
// access is denied. To view an example response, see I Am Not Authorized to
// Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
// in the IAM User Guide.
GetCallerIdentity(ctx context.Context, params *sts.GetCallerIdentityInput, optFns ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
}
STS provides an interface to the AWS STS service.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.