update to aws-sdk-go v1.16.15

Gopkg.lock

@@ -37,6 +37,7 @@
     "aws/credentials",
     "aws/credentials/ec2rolecreds",
     "aws/credentials/endpointcreds",
+    "aws/credentials/processcreds",
     "aws/credentials/stscreds",
     "aws/csm",
     "aws/defaults",
@@ -45,13 +46,18 @@
     "aws/request",
     "aws/session",
     "aws/signer/v4",
+    "internal/ini",
+    "internal/s3err",
     "internal/sdkio",
     "internal/sdkrand",
+    "internal/sdkuri",
     "internal/shareddefaults",
     "private/protocol",
     "private/protocol/ec2query",
     "private/protocol/eventstream",
     "private/protocol/eventstream/eventstreamapi",
+    "private/protocol/json/jsonutil",
+    "private/protocol/jsonrpc",
     "private/protocol/query",
     "private/protocol/query/queryutil",
     "private/protocol/rest",
@@ -60,11 +66,13 @@
     "service/cloudwatch",
     "service/ec2",
     "service/ec2/ec2iface",
+    "service/resourcegroupstaggingapi",
+    "service/resourcegroupstaggingapi/resourcegroupstaggingapiiface",
     "service/s3",
     "service/sts"
   ]
-  revision = "fde4ded7becdeae4d26bf1212916aabba79349b4"
-  version = "v1.14.12"
+  revision = "62936e15518acb527a1a9cb4a39d96d94d0fd9a2"
+  version = "v1.16.15"
 
 [[projects]]
   branch = "master"

vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go

@@ -23,28 +23,27 @@ func stringValue(v reflect.Value, indent int, buf *bytes.Buffer) {
 	case reflect.Struct:
 		buf.WriteString("{\n")
 
-		names := []string{}
 		for i := 0; i < v.Type().NumField(); i++ {
-			name := v.Type().Field(i).Name
-			f := v.Field(i)
-			if name[0:1] == strings.ToLower(name[0:1]) {
+			ft := v.Type().Field(i)
+			fv := v.Field(i)
+
+			if ft.Name[0:1] == strings.ToLower(ft.Name[0:1]) {
 				continue // ignore unexported fields
 			}
-			if (f.Kind() == reflect.Ptr || f.Kind() == reflect.Slice) && f.IsNil() {
+			if (fv.Kind() == reflect.Ptr || fv.Kind() == reflect.Slice) && fv.IsNil() {
 				continue // ignore unset fields
 			}
-			names = append(names, name)
-		}
 
-		for i, n := range names {
-			val := v.FieldByName(n)
 			buf.WriteString(strings.Repeat(" ", indent+2))
-			buf.WriteString(n + ": ")
-			stringValue(val, indent+2, buf)
+			buf.WriteString(ft.Name + ": ")
 
-			if i < len(names)-1 {
-				buf.WriteString(",\n")
+			if tag := ft.Tag.Get("sensitive"); tag == "true" {
+				buf.WriteString("<sensitive>")
+			} else {
+				stringValue(fv, indent+2, buf)
 			}
+
+			buf.WriteString(",\n")
 		}
 
 		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")

vendor/github.com/aws/aws-sdk-go/aws/client/client.go

@@ -18,7 +18,7 @@ type Config struct {
 
 	// States that the signing name did not come from a modeled source but
 	// was derived based on other data. Used by service client constructors
-	// to determine if the signin name can be overriden based on metadata the
+	// to determine if the signin name can be overridden based on metadata the
 	// service has.
 	SigningNameDerived bool
 }

vendor/github.com/aws/aws-sdk-go/aws/config.go

@@ -18,7 +18,7 @@ const UseServiceDefaultRetries = -1
 type RequestRetryer interface{}
 
 // A Config provides service configuration for service clients. By default,
-// all clients will use the defaults.DefaultConfig tructure.
+// all clients will use the defaults.DefaultConfig structure.
 //
 //     // Create Session with MaxRetry configuration to be shared by multiple
 //     // service clients.
@@ -45,8 +45,8 @@ type Config struct {
 	// that overrides the default generated endpoint for a client. Set this
 	// to `""` to use the default generated endpoint.
 	//
-	// @note You must still provide a `Region` value when specifying an
-	//   endpoint for a client.
+	// Note: You must still provide a `Region` value when specifying an
+	// endpoint for a client.
 	Endpoint *string
 
 	// The resolver to use for looking up endpoints for AWS service clients
@@ -65,8 +65,8 @@ type Config struct {
 	// noted. A full list of regions is found in the "Regions and Endpoints"
 	// document.
 	//
-	// @see http://docs.aws.amazon.com/general/latest/gr/rande.html
-	//   AWS Regions and Endpoints
+	// See http://docs.aws.amazon.com/general/latest/gr/rande.html for AWS
+	// Regions and Endpoints.
 	Region *string
 
 	// Set this to `true` to disable SSL when sending requests. Defaults
@@ -120,9 +120,10 @@ type Config struct {
 	// will use virtual hosted bucket addressing when possible
 	// (`http://BUCKET.s3.amazonaws.com/KEY`).
 	//
-	// @note This configuration option is specific to the Amazon S3 service.
-	// @see http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
-	//   Amazon S3: Virtual Hosting of Buckets
+	// Note: This configuration option is specific to the Amazon S3 service.
+	//
+	// See http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
+	// for Amazon S3: Virtual Hosting of Buckets
 	S3ForcePathStyle *bool
 
 	// Set this to `true` to disable the SDK adding the `Expect: 100-Continue`
@@ -223,6 +224,28 @@ type Config struct {
 	//    	Key: aws.String("//foo//bar//moo"),
 	//    })
 	DisableRestProtocolURICleaning *bool
+
+	// EnableEndpointDiscovery will allow for endpoint discovery on operations that
+	// have the definition in its model. By default, endpoint discovery is off.
+	//
+	// Example:
+	//    sess := session.Must(session.NewSession(&aws.Config{
+	//         EnableEndpointDiscovery: aws.Bool(true),
+	//    }))
+	//
+	//    svc := s3.New(sess)
+	//    out, err := svc.GetObject(&s3.GetObjectInput {
+	//    	Bucket: aws.String("bucketname"),
+	//    	Key: aws.String("/foo/bar/moo"),
+	//    })
+	EnableEndpointDiscovery *bool
+
+	// DisableEndpointHostPrefix will disable the SDK's behavior of prefixing
+	// request endpoint hosts with modeled information.
+	//
+	// Disabling this feature is useful when you want to use local endpoints
+	// for testing that do not support the modeled host prefix pattern.
+	DisableEndpointHostPrefix *bool
 }
 
 // NewConfig returns a new Config pointer that can be chained with builder
@@ -377,6 +400,19 @@ func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config {
 	return c
 }
 
+// WithEndpointDiscovery will set whether or not to use endpoint discovery.
+func (c *Config) WithEndpointDiscovery(t bool) *Config {
+	c.EnableEndpointDiscovery = &t
+	return c
+}
+
+// WithDisableEndpointHostPrefix will set whether or not to use modeled host prefix
+// when making requests.
+func (c *Config) WithDisableEndpointHostPrefix(t bool) *Config {
+	c.DisableEndpointHostPrefix = &t
+	return c
+}
+
 // MergeIn merges the passed in configs into the existing config object.
 func (c *Config) MergeIn(cfgs ...*Config) {
 	for _, other := range cfgs {
@@ -476,6 +512,14 @@ func mergeInConfig(dst *Config, other *Config) {
 	if other.EnforceShouldRetryCheck != nil {
 		dst.EnforceShouldRetryCheck = other.EnforceShouldRetryCheck
 	}
+
+	if other.EnableEndpointDiscovery != nil {
+		dst.EnableEndpointDiscovery = other.EnableEndpointDiscovery
+	}
+
+	if other.DisableEndpointHostPrefix != nil {
+		dst.DisableEndpointHostPrefix = other.DisableEndpointHostPrefix
+	}
 }
 
 // Copy will return a shallow copy of the Config object. If any additional

vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go

@@ -72,9 +72,9 @@ var ValidateReqSigHandler = request.NamedHandler{
 			signedTime = r.LastSignedAt
 		}
 
-		// 10 minutes to allow for some clock skew/delays in transmission.
+		// 5 minutes to allow for some clock skew/delays in transmission.
 		// Would be improved with aws/aws-sdk-go#423
-		if signedTime.Add(10 * time.Minute).After(time.Now()) {
+		if signedTime.Add(5 * time.Minute).After(time.Now()) {
 			return
 		}
 

vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go

@@ -17,7 +17,7 @@ var SDKVersionUserAgentHandler = request.NamedHandler{
 }
 
 const execEnvVar = `AWS_EXECUTION_ENV`
-const execEnvUAKey = `exec_env`
+const execEnvUAKey = `exec-env`
 
 // AddHostExecEnvUserAgentHander is a request handler appending the SDK's
 // execution environment to the user agent.

vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go

@@ -9,9 +9,7 @@ var (
 	// providers in the ChainProvider.
 	//
 	// This has been deprecated. For verbose error messaging set
-	// aws.Config.CredentialsChainVerboseErrors to true
-	//
-	// @readonly
+	// aws.Config.CredentialsChainVerboseErrors to true.
 	ErrNoValidProvidersFoundInChain = awserr.New("NoCredentialProviders",
 		`no valid providers in chain. Deprecated.
 	For verbose messaging see aws.Config.CredentialsChainVerboseErrors`,

vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go

@@ -49,6 +49,8 @@
 package credentials
 
 import (
+	"fmt"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"sync"
 	"time"
 )
@@ -64,8 +66,6 @@ import (
 //       Credentials: credentials.AnonymousCredentials,
 //     })))
 //     // Access public S3 buckets.
-//
-// @readonly
 var AnonymousCredentials = NewStaticCredentials("", "", "")
 
 // A Value is the AWS credentials value for individual credential fields.
@@ -99,6 +99,14 @@ type Provider interface {
 	IsExpired() bool
 }
 
+// An Expirer is an interface that Providers can implement to expose the expiration
+// time, if known.  If the Provider cannot accurately provide this info,
+// it should not implement this interface.
+type Expirer interface {
+	// The time at which the credentials are no longer valid
+	ExpiresAt() time.Time
+}
+
 // An ErrorProvider is a stub credentials provider that always returns an error
 // this is used by the SDK when construction a known provider is not possible
 // due to an error.
@@ -158,13 +166,19 @@ func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
 
 // IsExpired returns if the credentials are expired.
 func (e *Expiry) IsExpired() bool {
-	if e.CurrentTime == nil {
-		e.CurrentTime = time.Now
+	curTime := e.CurrentTime
+	if curTime == nil {
+		curTime = time.Now
 	}
-	return e.expiration.Before(e.CurrentTime())
+	return e.expiration.Before(curTime())
 }
 
-// A Credentials provides synchronous safe retrieval of AWS credentials Value.
+// ExpiresAt returns the expiration time of the credential
+func (e *Expiry) ExpiresAt() time.Time {
+	return e.expiration
+}
+
+// A Credentials provides concurrency safe retrieval of AWS credentials Value.
 // Credentials will cache the credentials value until they expire. Once the value
 // expires the next Get will attempt to retrieve valid credentials.
 //
@@ -256,3 +270,23 @@ func (c *Credentials) IsExpired() bool {
 func (c *Credentials) isExpired() bool {
 	return c.forceRefresh || c.provider.IsExpired()
 }
+
+// ExpiresAt provides access to the functionality of the Expirer interface of
+// the underlying Provider, if it supports that interface.  Otherwise, it returns
+// an error.
+func (c *Credentials) ExpiresAt() (time.Time, error) {
+	c.m.RLock()
+	defer c.m.RUnlock()
+
+	expirer, ok := c.provider.(Expirer)
+	if !ok {
+		return time.Time{}, awserr.New("ProviderNotExpirer",
+			fmt.Sprintf("provider %s does not support ExpiresAt()", c.creds.ProviderName),
+			nil)
+	}
+	if c.forceRefresh {
+		// set expiration time to the distant past
+		return time.Time{}, nil
+	}
+	return expirer.ExpiresAt(), nil
+}

vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go

@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"encoding/json"
 	"fmt"
-	"path"
 	"strings"
 	"time"
 
@@ -12,6 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"github.com/aws/aws-sdk-go/internal/sdkuri"
 )
 
 // ProviderName provides a name of EC2Role provider
@@ -125,7 +125,7 @@ type ec2RoleCredRespBody struct {
 	Message string
 }
 
-const iamSecurityCredsPath = "/iam/security-credentials"
+const iamSecurityCredsPath = "iam/security-credentials/"
 
 // requestCredList requests a list of credentials from the EC2 service.
 // If there are no credentials, or there is an error making or receiving the request
@@ -153,7 +153,7 @@ func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) {
 // If the credentials cannot be found, or there is an error reading the response
 // and error will be returned.
 func requestCred(client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCredRespBody, error) {
-	resp, err := client.GetMetadata(path.Join(iamSecurityCredsPath, credsName))
+	resp, err := client.GetMetadata(sdkuri.PathJoin(iamSecurityCredsPath, credsName))
 	if err != nil {
 		return ec2RoleCredRespBody{},
 			awserr.New("EC2RoleRequestError",

vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go

@@ -65,6 +65,10 @@ type Provider struct {
 	//
 	// If ExpiryWindow is 0 or less it will be ignored.
 	ExpiryWindow time.Duration
+
+	// Optional authorization token value if set will be used as the value of
+	// the Authorization header of the endpoint credential request.
+	AuthorizationToken string
 }
 
 // NewProviderClient returns a credentials Provider for retrieving AWS credentials
@@ -152,6 +156,9 @@ func (p *Provider) getCredentials() (*getCredentialsOutput, error) {
 	out := &getCredentialsOutput{}
 	req := p.Client.NewRequest(op, nil, out)
 	req.HTTPRequest.Header.Set("Accept", "application/json")
+	if authToken := p.AuthorizationToken; len(authToken) != 0 {
+		req.HTTPRequest.Header.Set("Authorization", authToken)
+	}
 
 	return out, req.Send()
 }

vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go

@@ -12,14 +12,10 @@ const EnvProviderName = "EnvProvider"
 var (
 	// ErrAccessKeyIDNotFound is returned when the AWS Access Key ID can't be
 	// found in the process's environment.
-	//
-	// @readonly
 	ErrAccessKeyIDNotFound = awserr.New("EnvAccessKeyNotFound", "AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment", nil)
 
 	// ErrSecretAccessKeyNotFound is returned when the AWS Secret Access Key
 	// can't be found in the process's environment.
-	//
-	// @readonly
 	ErrSecretAccessKeyNotFound = awserr.New("EnvSecretNotFound", "AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environment", nil)
 )
 

vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go

@@ -0,0 +1,425 @@
+/*
+Package processcreds is a credential Provider to retrieve `credential_process`
+credentials.
+
+WARNING: The following describes a method of sourcing credentials from an external
+process. This can potentially be dangerous, so proceed with caution. Other
+credential providers should be preferred if at all possible. If using this
+option, you should make sure that the config file is as locked down as possible
+using security best practices for your operating system.
+
+You can use credentials from a `credential_process` in a variety of ways.
+
+One way is to setup your shared config file, located in the default
+location, with the `credential_process` key and the command you want to be
+called. You also need to set the AWS_SDK_LOAD_CONFIG environment variable
+(e.g., `export AWS_SDK_LOAD_CONFIG=1`) to use the shared config file.
+
+    [default]
+    credential_process = /command/to/call
+
+Creating a new session will use the credential process to retrieve credentials.
+NOTE: If there are credentials in the profile you are using, the credential
+process will not be used.
+
+    // Initialize a session to load credentials.
+    sess, _ := session.NewSession(&aws.Config{
+        Region: aws.String("us-east-1")},
+    )
+
+    // Create S3 service client to use the credentials.
+    svc := s3.New(sess)
+
+Another way to use the `credential_process` method is by using
+`credentials.NewCredentials()` and providing a command to be executed to
+retrieve credentials:
+
+    // Create credentials using the ProcessProvider.
+    creds := processcreds.NewCredentials("/path/to/command")
+
+    // Create service client value configured for credentials.
+    svc := s3.New(sess, &aws.Config{Credentials: creds})
+
+You can set a non-default timeout for the `credential_process` with another
+constructor, `credentials.NewCredentialsTimeout()`, providing the timeout. To
+set a one minute timeout:
+
+    // Create credentials using the ProcessProvider.
+    creds := processcreds.NewCredentialsTimeout(
+        "/path/to/command",
+        time.Duration(500) * time.Millisecond)
+
+If you need more control, you can set any configurable options in the
+credentials using one or more option functions. For example, you can set a two
+minute timeout, a credential duration of 60 minutes, and a maximum stdout
+buffer size of 2k.
+
+    creds := processcreds.NewCredentials(
+        "/path/to/command",
+        func(opt *ProcessProvider) {
+            opt.Timeout = time.Duration(2) * time.Minute
+            opt.Duration = time.Duration(60) * time.Minute
+            opt.MaxBufSize = 2048
+        })
+
+You can also use your own `exec.Cmd`:
+
+	// Create an exec.Cmd
+	myCommand := exec.Command("/path/to/command")
+
+	// Create credentials using your exec.Cmd and custom timeout
+	creds := processcreds.NewCredentialsCommand(
+		myCommand,
+		func(opt *processcreds.ProcessProvider) {
+			opt.Timeout = time.Duration(1) * time.Second
+		})
+*/
+package processcreds
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+)
+
+const (
+	// ProviderName is the name this credentials provider will label any
+	// returned credentials Value with.
+	ProviderName = `ProcessProvider`
+
+	// ErrCodeProcessProviderParse error parsing process output
+	ErrCodeProcessProviderParse = "ProcessProviderParseError"
+
+	// ErrCodeProcessProviderVersion version error in output
+	ErrCodeProcessProviderVersion = "ProcessProviderVersionError"
+
+	// ErrCodeProcessProviderRequired required attribute missing in output
+	ErrCodeProcessProviderRequired = "ProcessProviderRequiredError"
+
+	// ErrCodeProcessProviderExecution execution of command failed
+	ErrCodeProcessProviderExecution = "ProcessProviderExecutionError"
+
+	// errMsgProcessProviderTimeout process took longer than allowed
+	errMsgProcessProviderTimeout = "credential process timed out"
+
+	// errMsgProcessProviderProcess process error
+	errMsgProcessProviderProcess = "error in credential_process"
+
+	// errMsgProcessProviderParse problem parsing output
+	errMsgProcessProviderParse = "parse failed of credential_process output"
+
+	// errMsgProcessProviderVersion version error in output
+	errMsgProcessProviderVersion = "wrong version in process output (not 1)"
+
+	// errMsgProcessProviderMissKey missing access key id in output
+	errMsgProcessProviderMissKey = "missing AccessKeyId in process output"
+
+	// errMsgProcessProviderMissSecret missing secret acess key in output
+	errMsgProcessProviderMissSecret = "missing SecretAccessKey in process output"
+
+	// errMsgProcessProviderPrepareCmd prepare of command failed
+	errMsgProcessProviderPrepareCmd = "failed to prepare command"
+
+	// errMsgProcessProviderEmptyCmd command must not be empty
+	errMsgProcessProviderEmptyCmd = "command must not be empty"
+
+	// errMsgProcessProviderPipe failed to initialize pipe
+	errMsgProcessProviderPipe = "failed to initialize pipe"
+
+	// DefaultDuration is the default amount of time in minutes that the
+	// credentials will be valid for.
+	DefaultDuration = time.Duration(15) * time.Minute
+
+	// DefaultBufSize limits buffer size from growing to an enormous
+	// amount due to a faulty process.
+	DefaultBufSize = 1024
+
+	// DefaultTimeout default limit on time a process can run.
+	DefaultTimeout = time.Duration(1) * time.Minute
+)
+
+// ProcessProvider satisfies the credentials.Provider interface, and is a
+// client to retrieve credentials from a process.
+type ProcessProvider struct {
+	staticCreds bool
+	credentials.Expiry
+	originalCommand []string
+
+	// Expiry duration of the credentials. Defaults to 15 minutes if not set.
+	Duration time.Duration
+
+	// ExpiryWindow will allow the credentials to trigger refreshing prior to
+	// the credentials actually expiring. This is beneficial so race conditions
+	// with expiring credentials do not cause request to fail unexpectedly
+	// due to ExpiredTokenException exceptions.
+	//
+	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
+	// 10 seconds before the credentials are actually expired.
+	//
+	// If ExpiryWindow is 0 or less it will be ignored.
+	ExpiryWindow time.Duration
+
+	// A string representing an os command that should return a JSON with
+	// credential information.
+	command *exec.Cmd
+
+	// MaxBufSize limits memory usage from growing to an enormous
+	// amount due to a faulty process.
+	MaxBufSize int
+
+	// Timeout limits the time a process can run.
+	Timeout time.Duration
+}
+
+// NewCredentials returns a pointer to a new Credentials object wrapping the
+// ProcessProvider. The credentials will expire every 15 minutes by default.
+func NewCredentials(command string, options ...func(*ProcessProvider)) *credentials.Credentials {
+	p := &ProcessProvider{
+		command:    exec.Command(command),
+		Duration:   DefaultDuration,
+		Timeout:    DefaultTimeout,
+		MaxBufSize: DefaultBufSize,
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+// NewCredentialsTimeout returns a pointer to a new Credentials object with
+// the specified command and timeout, and default duration and max buffer size.
+func NewCredentialsTimeout(command string, timeout time.Duration) *credentials.Credentials {
+	p := NewCredentials(command, func(opt *ProcessProvider) {
+		opt.Timeout = timeout
+	})
+
+	return p
+}
+
+// NewCredentialsCommand returns a pointer to a new Credentials object with
+// the specified command, and default timeout, duration and max buffer size.
+func NewCredentialsCommand(command *exec.Cmd, options ...func(*ProcessProvider)) *credentials.Credentials {
+	p := &ProcessProvider{
+		command:    command,
+		Duration:   DefaultDuration,
+		Timeout:    DefaultTimeout,
+		MaxBufSize: DefaultBufSize,
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+type credentialProcessResponse struct {
+	Version         int
+	AccessKeyID     string `json:"AccessKeyId"`
+	SecretAccessKey string
+	SessionToken    string
+	Expiration      *time.Time
+}
+
+// Retrieve executes the 'credential_process' and returns the credentials.
+func (p *ProcessProvider) Retrieve() (credentials.Value, error) {
+	out, err := p.executeCredentialProcess()
+	if err != nil {
+		return credentials.Value{ProviderName: ProviderName}, err
+	}
+
+	// Serialize and validate response
+	resp := &credentialProcessResponse{}
+	if err = json.Unmarshal(out, resp); err != nil {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderParse,
+			fmt.Sprintf("%s: %s", errMsgProcessProviderParse, string(out)),
+			err)
+	}
+
+	if resp.Version != 1 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderVersion,
+			errMsgProcessProviderVersion,
+			nil)
+	}
+
+	if len(resp.AccessKeyID) == 0 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderRequired,
+			errMsgProcessProviderMissKey,
+			nil)
+	}
+
+	if len(resp.SecretAccessKey) == 0 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderRequired,
+			errMsgProcessProviderMissSecret,
+			nil)
+	}
+
+	// Handle expiration
+	p.staticCreds = resp.Expiration == nil
+	if resp.Expiration != nil {
+		p.SetExpiration(*resp.Expiration, p.ExpiryWindow)
+	}
+
+	return credentials.Value{
+		ProviderName:    ProviderName,
+		AccessKeyID:     resp.AccessKeyID,
+		SecretAccessKey: resp.SecretAccessKey,
+		SessionToken:    resp.SessionToken,
+	}, nil
+}
+
+// IsExpired returns true if the credentials retrieved are expired, or not yet
+// retrieved.
+func (p *ProcessProvider) IsExpired() bool {
+	if p.staticCreds {
+		return false
+	}
+	return p.Expiry.IsExpired()
+}
+
+// prepareCommand prepares the command to be executed.
+func (p *ProcessProvider) prepareCommand() error {
+
+	var cmdArgs []string
+	if runtime.GOOS == "windows" {
+		cmdArgs = []string{"cmd.exe", "/C"}
+	} else {
+		cmdArgs = []string{"sh", "-c"}
+	}
+
+	if len(p.originalCommand) == 0 {
+		p.originalCommand = make([]string, len(p.command.Args))
+		copy(p.originalCommand, p.command.Args)
+
+		// check for empty command because it succeeds
+		if len(strings.TrimSpace(p.originalCommand[0])) < 1 {
+			return awserr.New(
+				ErrCodeProcessProviderExecution,
+				fmt.Sprintf(
+					"%s: %s",
+					errMsgProcessProviderPrepareCmd,
+					errMsgProcessProviderEmptyCmd),
+				nil)
+		}
+	}
+
+	cmdArgs = append(cmdArgs, p.originalCommand...)
+	p.command = exec.Command(cmdArgs[0], cmdArgs[1:]...)
+	p.command.Env = os.Environ()
+
+	return nil
+}
+
+// executeCredentialProcess starts the credential process on the OS and
+// returns the results or an error.
+func (p *ProcessProvider) executeCredentialProcess() ([]byte, error) {
+
+	if err := p.prepareCommand(); err != nil {
+		return nil, err
+	}
+
+	// Setup the pipes
+	outReadPipe, outWritePipe, err := os.Pipe()
+	if err != nil {
+		return nil, awserr.New(
+			ErrCodeProcessProviderExecution,
+			errMsgProcessProviderPipe,
+			err)
+	}
+
+	p.command.Stderr = os.Stderr    // display stderr on console for MFA
+	p.command.Stdout = outWritePipe // get creds json on process's stdout
+	p.command.Stdin = os.Stdin      // enable stdin for MFA
+
+	output := bytes.NewBuffer(make([]byte, 0, p.MaxBufSize))
+
+	stdoutCh := make(chan error, 1)
+	go readInput(
+		io.LimitReader(outReadPipe, int64(p.MaxBufSize)),
+		output,
+		stdoutCh)
+
+	execCh := make(chan error, 1)
+	go executeCommand(*p.command, execCh)
+
+	finished := false
+	var errors []error
+	for !finished {
+		select {
+		case readError := <-stdoutCh:
+			errors = appendError(errors, readError)
+			finished = true
+		case execError := <-execCh:
+			err := outWritePipe.Close()
+			errors = appendError(errors, err)
+			errors = appendError(errors, execError)
+			if errors != nil {
+				return output.Bytes(), awserr.NewBatchError(
+					ErrCodeProcessProviderExecution,
+					errMsgProcessProviderProcess,
+					errors)
+			}
+		case <-time.After(p.Timeout):
+			finished = true
+			return output.Bytes(), awserr.NewBatchError(
+				ErrCodeProcessProviderExecution,
+				errMsgProcessProviderTimeout,
+				errors) // errors can be nil
+		}
+	}
+
+	out := output.Bytes()
+
+	if runtime.GOOS == "windows" {
+		// windows adds slashes to quotes
+		out = []byte(strings.Replace(string(out), `\"`, `"`, -1))
+	}
+
+	return out, nil
+}
+
+// appendError conveniently checks for nil before appending slice
+func appendError(errors []error, err error) []error {
+	if err != nil {
+		return append(errors, err)
+	}
+	return errors
+}
+
+func executeCommand(cmd exec.Cmd, exec chan error) {
+	// Start the command
+	err := cmd.Start()
+	if err == nil {
+		err = cmd.Wait()
+	}
+
+	exec <- err
+}
+
+func readInput(r io.Reader, w io.Writer, read chan error) {
+	tee := io.TeeReader(r, w)
+
+	_, err := ioutil.ReadAll(tee)
+
+	if err == io.EOF {
+		err = nil
+	}
+
+	read <- err // will only arrive here when write end of pipe is closed
+}

vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go

@@ -4,9 +4,8 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/go-ini/ini"
-
 	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/internal/ini"
 	"github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 
@@ -77,36 +76,37 @@ func (p *SharedCredentialsProvider) IsExpired() bool {
 // The credentials retrieved from the profile will be returned or error. Error will be
 // returned if it fails to read from the file, or the data is invalid.
 func loadProfile(filename, profile string) (Value, error) {
-	config, err := ini.Load(filename)
+	config, err := ini.OpenFile(filename)
 	if err != nil {
 		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to load shared credentials file", err)
 	}
-	iniProfile, err := config.GetSection(profile)
-	if err != nil {
-		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to get profile", err)
+
+	iniProfile, ok := config.GetSection(profile)
+	if !ok {
+		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to get profile", nil)
 	}
 
-	id, err := iniProfile.GetKey("aws_access_key_id")
-	if err != nil {
+	id := iniProfile.String("aws_access_key_id")
+	if len(id) == 0 {
 		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsAccessKey",
 			fmt.Sprintf("shared credentials %s in %s did not contain aws_access_key_id", profile, filename),
-			err)
+			nil)
 	}
 
-	secret, err := iniProfile.GetKey("aws_secret_access_key")
-	if err != nil {
+	secret := iniProfile.String("aws_secret_access_key")
+	if len(secret) == 0 {
 		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsSecret",
 			fmt.Sprintf("shared credentials %s in %s did not contain aws_secret_access_key", profile, filename),
 			nil)
 	}
 
 	// Default to empty string if not found
-	token := iniProfile.Key("aws_session_token")
+	token := iniProfile.String("aws_session_token")
 
 	return Value{
-		AccessKeyID:     id.String(),
-		SecretAccessKey: secret.String(),
-		SessionToken:    token.String(),
+		AccessKeyID:     id,
+		SecretAccessKey: secret,
+		SessionToken:    token,
 		ProviderName:    SharedCredsProviderName,
 	}, nil
 }

vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go

@@ -9,8 +9,6 @@ const StaticProviderName = "StaticProvider"
 
 var (
 	// ErrStaticCredentialsEmpty is emitted when static credentials are empty.
-	//
-	// @readonly
 	ErrStaticCredentialsEmpty = awserr.New("EmptyStaticCreds", "static credentials are empty", nil)
 )
 

vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go

@@ -3,6 +3,8 @@ package csm
 import (
 	"strconv"
 	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
 )
 
 type metricTime time.Time
@@ -39,6 +41,12 @@ type metric struct {
 	SDKException        *string `json:"SdkException,omitempty"`
 	SDKExceptionMessage *string `json:"SdkExceptionMessage,omitempty"`
 
+	FinalHTTPStatusCode      *int    `json:"FinalHttpStatusCode,omitempty"`
+	FinalAWSException        *string `json:"FinalAwsException,omitempty"`
+	FinalAWSExceptionMessage *string `json:"FinalAwsExceptionMessage,omitempty"`
+	FinalSDKException        *string `json:"FinalSdkException,omitempty"`
+	FinalSDKExceptionMessage *string `json:"FinalSdkExceptionMessage,omitempty"`
+
 	DestinationIP    *string `json:"DestinationIp,omitempty"`
 	ConnectionReused *int    `json:"ConnectionReused,omitempty"`
 
@@ -48,4 +56,54 @@ type metric struct {
 	DNSLatency               *int `json:"DnsLatency,omitempty"`
 	TCPLatency               *int `json:"TcpLatency,omitempty"`
 	SSLLatency               *int `json:"SslLatency,omitempty"`
+
+	MaxRetriesExceeded *int `json:"MaxRetriesExceeded,omitempty"`
+}
+
+func (m *metric) TruncateFields() {
+	m.ClientID = truncateString(m.ClientID, 255)
+	m.UserAgent = truncateString(m.UserAgent, 256)
+
+	m.AWSException = truncateString(m.AWSException, 128)
+	m.AWSExceptionMessage = truncateString(m.AWSExceptionMessage, 512)
+
+	m.SDKException = truncateString(m.SDKException, 128)
+	m.SDKExceptionMessage = truncateString(m.SDKExceptionMessage, 512)
+
+	m.FinalAWSException = truncateString(m.FinalAWSException, 128)
+	m.FinalAWSExceptionMessage = truncateString(m.FinalAWSExceptionMessage, 512)
+
+	m.FinalSDKException = truncateString(m.FinalSDKException, 128)
+	m.FinalSDKExceptionMessage = truncateString(m.FinalSDKExceptionMessage, 512)
+}
+
+func truncateString(v *string, l int) *string {
+	if v != nil && len(*v) > l {
+		nv := (*v)[:l]
+		return &nv
+	}
+
+	return v
+}
+
+func (m *metric) SetException(e metricException) {
+	switch te := e.(type) {
+	case awsException:
+		m.AWSException = aws.String(te.exception)
+		m.AWSExceptionMessage = aws.String(te.message)
+	case sdkException:
+		m.SDKException = aws.String(te.exception)
+		m.SDKExceptionMessage = aws.String(te.message)
+	}
+}
+
+func (m *metric) SetFinalException(e metricException) {
+	switch te := e.(type) {
+	case awsException:
+		m.FinalAWSException = aws.String(te.exception)
+		m.FinalAWSExceptionMessage = aws.String(te.message)
+	case sdkException:
+		m.FinalSDKException = aws.String(te.exception)
+		m.FinalSDKExceptionMessage = aws.String(te.message)
+	}
 }

vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go

@@ -0,0 +1,26 @@
+package csm
+
+type metricException interface {
+	Exception() string
+	Message() string
+}
+
+type requestException struct {
+	exception string
+	message   string
+}
+
+func (e requestException) Exception() string {
+	return e.exception
+}
+func (e requestException) Message() string {
+	return e.message
+}
+
+type awsException struct {
+	requestException
+}
+
+type sdkException struct {
+	requestException
+}

vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go

@@ -82,27 +82,29 @@ func (rep *Reporter) sendAPICallAttemptMetric(r *request.Request) {
 
 	if r.Error != nil {
 		if awserr, ok := r.Error.(awserr.Error); ok {
-			setError(&m, awserr)
+			m.SetException(getMetricException(awserr))
 		}
 	}
 
+	m.TruncateFields()
 	rep.metricsCh.Push(m)
 }
 
-func setError(m *metric, err awserr.Error) {
-	msg := err.Message()
+func getMetricException(err awserr.Error) metricException {
+	msg := err.Error()
 	code := err.Code()
 
 	switch code {
 	case "RequestError",
 		"SerializationError",
 		request.CanceledErrorCode:
-
-		m.SDKException = &code
-		m.SDKExceptionMessage = &msg
+		return sdkException{
+			requestException{exception: code, message: msg},
+		}
 	default:
-		m.AWSException = &code
-		m.AWSExceptionMessage = &msg
+		return awsException{
+			requestException{exception: code, message: msg},
+		}
 	}
 }
 
@@ -113,16 +115,31 @@ func (rep *Reporter) sendAPICallMetric(r *request.Request) {
 
 	now := time.Now()
 	m := metric{
-		ClientID:      aws.String(rep.clientID),
-		API:           aws.String(r.Operation.Name),
-		Service:       aws.String(r.ClientInfo.ServiceID),
-		Timestamp:     (*metricTime)(&now),
-		Type:          aws.String("ApiCall"),
-		AttemptCount:  aws.Int(r.RetryCount + 1),
-		Latency:       aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)),
-		XAmzRequestID: aws.String(r.RequestID),
+		ClientID:           aws.String(rep.clientID),
+		API:                aws.String(r.Operation.Name),
+		Service:            aws.String(r.ClientInfo.ServiceID),
+		Timestamp:          (*metricTime)(&now),
+		UserAgent:          aws.String(r.HTTPRequest.Header.Get("User-Agent")),
+		Type:               aws.String("ApiCall"),
+		AttemptCount:       aws.Int(r.RetryCount + 1),
+		Region:             r.Config.Region,
+		Latency:            aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)),
+		XAmzRequestID:      aws.String(r.RequestID),
+		MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())),
 	}
 
+	if r.HTTPResponse != nil {
+		m.FinalHTTPStatusCode = aws.Int(r.HTTPResponse.StatusCode)
+	}
+
+	if r.Error != nil {
+		if awserr, ok := r.Error.(awserr.Error); ok {
+			m.SetFinalException(getMetricException(awserr))
+		}
+	}
+
+	m.TruncateFields()
+
 	// TODO: Probably want to figure something out for logging dropped
 	// metrics
 	rep.metricsCh.Push(m)
@@ -222,9 +239,22 @@ func (rep *Reporter) InjectHandlers(handlers *request.Handlers) {
 		return
 	}
 
-	apiCallHandler := request.NamedHandler{Name: APICallMetricHandlerName, Fn: rep.sendAPICallMetric}
-	handlers.Complete.PushFrontNamed(apiCallHandler)
+	handlers.Complete.PushFrontNamed(request.NamedHandler{
+		Name: APICallMetricHandlerName,
+		Fn:   rep.sendAPICallMetric,
+	})
+
+	handlers.CompleteAttempt.PushFrontNamed(request.NamedHandler{
+		Name: APICallAttemptMetricHandlerName,
+		Fn:   rep.sendAPICallAttemptMetric,
+	})
+}
+
+// boolIntValue return 1 for true and 0 for false.
+func boolIntValue(b bool) int {
+	if b {
+		return 1
+	}
 
-	apiCallAttemptHandler := request.NamedHandler{Name: APICallAttemptMetricHandlerName, Fn: rep.sendAPICallAttemptMetric}
-	handlers.AfterRetry.PushFrontNamed(apiCallAttemptHandler)
+	return 0
 }

vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go

@@ -24,6 +24,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 
 // A Defaults provides a collection of default values for SDK clients.
@@ -92,17 +93,28 @@ func Handlers() request.Handlers {
 func CredChain(cfg *aws.Config, handlers request.Handlers) *credentials.Credentials {
 	return credentials.NewCredentials(&credentials.ChainProvider{
 		VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
-		Providers: []credentials.Provider{
-			&credentials.EnvProvider{},
-			&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
-			RemoteCredProvider(*cfg, handlers),
-		},
+		Providers:     CredProviders(cfg, handlers),
 	})
 }
 
+// CredProviders returns the slice of providers used in
+// the default credential chain.
+//
+// For applications that need to use some other provider (for example use
+// different  environment variables for legacy reasons) but still fall back
+// on the default chain of providers. This allows that default chaint to be
+// automatically updated
+func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Provider {
+	return []credentials.Provider{
+		&credentials.EnvProvider{},
+		&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
+		RemoteCredProvider(*cfg, handlers),
+	}
+}
+
 const (
-	httpProviderEnvVar     = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
-	ecsCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+	httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
+	httpProviderEnvVar              = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
 )
 
 // RemoteCredProvider returns a credentials provider for the default remote
@@ -112,8 +124,8 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P
 		return localHTTPCredProvider(cfg, handlers, u)
 	}
 
-	if uri := os.Getenv(ecsCredsProviderEnvVar); len(uri) > 0 {
-		u := fmt.Sprintf("http://169.254.170.2%s", uri)
+	if uri := os.Getenv(shareddefaults.ECSCredsProviderEnvVar); len(uri) > 0 {
+		u := fmt.Sprintf("%s%s", shareddefaults.ECSContainerCredentialsURI, uri)
 		return httpCredProvider(cfg, handlers, u)
 	}
 
@@ -176,6 +188,7 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede
 	return endpointcreds.NewProviderClient(cfg, handlers, u,
 		func(p *endpointcreds.Provider) {
 			p.ExpiryWindow = 5 * time.Minute
+			p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
 		},
 	)
 }

vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go

@@ -4,12 +4,12 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
-	"path"
 	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkuri"
 )
 
 // GetMetadata uses the path provided to request information from the EC2
@@ -19,7 +19,7 @@ func (c *EC2Metadata) GetMetadata(p string) (string, error) {
 	op := &request.Operation{
 		Name:       "GetMetadata",
 		HTTPMethod: "GET",
-		HTTPPath:   path.Join("/", "meta-data", p),
+		HTTPPath:   sdkuri.PathJoin("/meta-data", p),
 	}
 
 	output := &metadataOutput{}
@@ -35,7 +35,7 @@ func (c *EC2Metadata) GetUserData() (string, error) {
 	op := &request.Operation{
 		Name:       "GetUserData",
 		HTTPMethod: "GET",
-		HTTPPath:   path.Join("/", "user-data"),
+		HTTPPath:   "/user-data",
 	}
 
 	output := &metadataOutput{}
@@ -56,7 +56,7 @@ func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
 	op := &request.Operation{
 		Name:       "GetDynamicData",
 		HTTPMethod: "GET",
-		HTTPPath:   path.Join("/", "dynamic", p),
+		HTTPPath:   sdkuri.PathJoin("/dynamic", p),
 	}
 
 	output := &metadataOutput{}
@@ -118,6 +118,10 @@ func (c *EC2Metadata) Region() (string, error) {
 		return "", err
 	}
 
+	if len(resp) == 0 {
+		return "", awserr.New("EC2MetadataError", "invalid Region response", nil)
+	}
+
 	// returns region without the suffix. Eg: us-west-2a becomes us-west-2
 	return resp[:len(resp)-1], nil
 }

vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go

@@ -4,7 +4,7 @@
 // This package's client can be disabled completely by setting the environment
 // variable "AWS_EC2_METADATA_DISABLED=true". This environment variable set to
 // true instructs the SDK to disable the EC2 Metadata client. The client cannot
-// be used while the environemnt variable is set to true, (case insensitive).
+// be used while the environment variable is set to true, (case insensitive).
 package ec2metadata
 
 import (
@@ -72,6 +72,7 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 			cfg,
 			metadata.ClientInfo{
 				ServiceName: ServiceName,
+				ServiceID:   ServiceName,
 				Endpoint:    endpoint,
 				APIVersion:  "latest",
 			},

vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go

@@ -84,6 +84,7 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
 		custAddEC2Metadata(p)
 		custAddS3DualStack(p)
 		custRmIotDataService(p)
+		custFixAppAutoscalingChina(p)
 	}
 
 	return ps, nil
@@ -94,7 +95,12 @@ func custAddS3DualStack(p *partition) {
 		return
 	}
 
-	s, ok := p.Services["s3"]
+	custAddDualstack(p, "s3")
+	custAddDualstack(p, "s3-control")
+}
+
+func custAddDualstack(p *partition, svcName string) {
+	s, ok := p.Services[svcName]
 	if !ok {
 		return
 	}
@@ -102,7 +108,7 @@ func custAddS3DualStack(p *partition) {
 	s.Defaults.HasDualStack = boxedTrue
 	s.Defaults.DualStackHostname = "{service}.dualstack.{region}.{dnsSuffix}"
 
-	p.Services["s3"] = s
+	p.Services[svcName] = s
 }
 
 func custAddEC2Metadata(p *partition) {
@@ -122,6 +128,27 @@ func custRmIotDataService(p *partition) {
 	delete(p.Services, "data.iot")
 }
 
+func custFixAppAutoscalingChina(p *partition) {
+	if p.ID != "aws-cn" {
+		return
+	}
+
+	const serviceName = "application-autoscaling"
+	s, ok := p.Services[serviceName]
+	if !ok {
+		return
+	}
+
+	const expectHostname = `autoscaling.{region}.amazonaws.com`
+	if e, a := s.Defaults.Hostname, expectHostname; e != a {
+		fmt.Printf("custFixAppAutoscalingChina: ignoring customization, expected %s, got %s\n", e, a)
+		return
+	}
+
+	s.Defaults.Hostname = expectHostname + ".cn"
+	p.Services[serviceName] = s
+}
+
 type decodeModelError struct {
 	awsError
 }

vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go

@@ -0,0 +1,141 @@
+package endpoints
+
+// Service identifiers
+//
+// Deprecated: Use client package's EndpointID value instead of these
+// ServiceIDs. These IDs are not maintained, and are out of date.
+const (
+	A4bServiceID                          = "a4b"                          // A4b.
+	AcmServiceID                          = "acm"                          // Acm.
+	AcmPcaServiceID                       = "acm-pca"                      // AcmPca.
+	ApiMediatailorServiceID               = "api.mediatailor"              // ApiMediatailor.
+	ApiPricingServiceID                   = "api.pricing"                  // ApiPricing.
+	ApiSagemakerServiceID                 = "api.sagemaker"                // ApiSagemaker.
+	ApigatewayServiceID                   = "apigateway"                   // Apigateway.
+	ApplicationAutoscalingServiceID       = "application-autoscaling"      // ApplicationAutoscaling.
+	Appstream2ServiceID                   = "appstream2"                   // Appstream2.
+	AppsyncServiceID                      = "appsync"                      // Appsync.
+	AthenaServiceID                       = "athena"                       // Athena.
+	AutoscalingServiceID                  = "autoscaling"                  // Autoscaling.
+	AutoscalingPlansServiceID             = "autoscaling-plans"            // AutoscalingPlans.
+	BatchServiceID                        = "batch"                        // Batch.
+	BudgetsServiceID                      = "budgets"                      // Budgets.
+	CeServiceID                           = "ce"                           // Ce.
+	ChimeServiceID                        = "chime"                        // Chime.
+	Cloud9ServiceID                       = "cloud9"                       // Cloud9.
+	ClouddirectoryServiceID               = "clouddirectory"               // Clouddirectory.
+	CloudformationServiceID               = "cloudformation"               // Cloudformation.
+	CloudfrontServiceID                   = "cloudfront"                   // Cloudfront.
+	CloudhsmServiceID                     = "cloudhsm"                     // Cloudhsm.
+	Cloudhsmv2ServiceID                   = "cloudhsmv2"                   // Cloudhsmv2.
+	CloudsearchServiceID                  = "cloudsearch"                  // Cloudsearch.
+	CloudtrailServiceID                   = "cloudtrail"                   // Cloudtrail.
+	CodebuildServiceID                    = "codebuild"                    // Codebuild.
+	CodecommitServiceID                   = "codecommit"                   // Codecommit.
+	CodedeployServiceID                   = "codedeploy"                   // Codedeploy.
+	CodepipelineServiceID                 = "codepipeline"                 // Codepipeline.
+	CodestarServiceID                     = "codestar"                     // Codestar.
+	CognitoIdentityServiceID              = "cognito-identity"             // CognitoIdentity.
+	CognitoIdpServiceID                   = "cognito-idp"                  // CognitoIdp.
+	CognitoSyncServiceID                  = "cognito-sync"                 // CognitoSync.
+	ComprehendServiceID                   = "comprehend"                   // Comprehend.
+	ConfigServiceID                       = "config"                       // Config.
+	CurServiceID                          = "cur"                          // Cur.
+	DatapipelineServiceID                 = "datapipeline"                 // Datapipeline.
+	DaxServiceID                          = "dax"                          // Dax.
+	DevicefarmServiceID                   = "devicefarm"                   // Devicefarm.
+	DirectconnectServiceID                = "directconnect"                // Directconnect.
+	DiscoveryServiceID                    = "discovery"                    // Discovery.
+	DmsServiceID                          = "dms"                          // Dms.
+	DsServiceID                           = "ds"                           // Ds.
+	DynamodbServiceID                     = "dynamodb"                     // Dynamodb.
+	Ec2ServiceID                          = "ec2"                          // Ec2.
+	Ec2metadataServiceID                  = "ec2metadata"                  // Ec2metadata.
+	EcrServiceID                          = "ecr"                          // Ecr.
+	EcsServiceID                          = "ecs"                          // Ecs.
+	ElasticacheServiceID                  = "elasticache"                  // Elasticache.
+	ElasticbeanstalkServiceID             = "elasticbeanstalk"             // Elasticbeanstalk.
+	ElasticfilesystemServiceID            = "elasticfilesystem"            // Elasticfilesystem.
+	ElasticloadbalancingServiceID         = "elasticloadbalancing"         // Elasticloadbalancing.
+	ElasticmapreduceServiceID             = "elasticmapreduce"             // Elasticmapreduce.
+	ElastictranscoderServiceID            = "elastictranscoder"            // Elastictranscoder.
+	EmailServiceID                        = "email"                        // Email.
+	EntitlementMarketplaceServiceID       = "entitlement.marketplace"      // EntitlementMarketplace.
+	EsServiceID                           = "es"                           // Es.
+	EventsServiceID                       = "events"                       // Events.
+	FirehoseServiceID                     = "firehose"                     // Firehose.
+	FmsServiceID                          = "fms"                          // Fms.
+	GameliftServiceID                     = "gamelift"                     // Gamelift.
+	GlacierServiceID                      = "glacier"                      // Glacier.
+	GlueServiceID                         = "glue"                         // Glue.
+	GreengrassServiceID                   = "greengrass"                   // Greengrass.
+	GuarddutyServiceID                    = "guardduty"                    // Guardduty.
+	HealthServiceID                       = "health"                       // Health.
+	IamServiceID                          = "iam"                          // Iam.
+	ImportexportServiceID                 = "importexport"                 // Importexport.
+	InspectorServiceID                    = "inspector"                    // Inspector.
+	IotServiceID                          = "iot"                          // Iot.
+	IotanalyticsServiceID                 = "iotanalytics"                 // Iotanalytics.
+	KinesisServiceID                      = "kinesis"                      // Kinesis.
+	KinesisanalyticsServiceID             = "kinesisanalytics"             // Kinesisanalytics.
+	KinesisvideoServiceID                 = "kinesisvideo"                 // Kinesisvideo.
+	KmsServiceID                          = "kms"                          // Kms.
+	LambdaServiceID                       = "lambda"                       // Lambda.
+	LightsailServiceID                    = "lightsail"                    // Lightsail.
+	LogsServiceID                         = "logs"                         // Logs.
+	MachinelearningServiceID              = "machinelearning"              // Machinelearning.
+	MarketplacecommerceanalyticsServiceID = "marketplacecommerceanalytics" // Marketplacecommerceanalytics.
+	MediaconvertServiceID                 = "mediaconvert"                 // Mediaconvert.
+	MedialiveServiceID                    = "medialive"                    // Medialive.
+	MediapackageServiceID                 = "mediapackage"                 // Mediapackage.
+	MediastoreServiceID                   = "mediastore"                   // Mediastore.
+	MeteringMarketplaceServiceID          = "metering.marketplace"         // MeteringMarketplace.
+	MghServiceID                          = "mgh"                          // Mgh.
+	MobileanalyticsServiceID              = "mobileanalytics"              // Mobileanalytics.
+	ModelsLexServiceID                    = "models.lex"                   // ModelsLex.
+	MonitoringServiceID                   = "monitoring"                   // Monitoring.
+	MturkRequesterServiceID               = "mturk-requester"              // MturkRequester.
+	NeptuneServiceID                      = "neptune"                      // Neptune.
+	OpsworksServiceID                     = "opsworks"                     // Opsworks.
+	OpsworksCmServiceID                   = "opsworks-cm"                  // OpsworksCm.
+	OrganizationsServiceID                = "organizations"                // Organizations.
+	PinpointServiceID                     = "pinpoint"                     // Pinpoint.
+	PollyServiceID                        = "polly"                        // Polly.
+	RdsServiceID                          = "rds"                          // Rds.
+	RedshiftServiceID                     = "redshift"                     // Redshift.
+	RekognitionServiceID                  = "rekognition"                  // Rekognition.
+	ResourceGroupsServiceID               = "resource-groups"              // ResourceGroups.
+	Route53ServiceID                      = "route53"                      // Route53.
+	Route53domainsServiceID               = "route53domains"               // Route53domains.
+	RuntimeLexServiceID                   = "runtime.lex"                  // RuntimeLex.
+	RuntimeSagemakerServiceID             = "runtime.sagemaker"            // RuntimeSagemaker.
+	S3ServiceID                           = "s3"                           // S3.
+	S3ControlServiceID                    = "s3-control"                   // S3Control.
+	SagemakerServiceID                    = "api.sagemaker"                // Sagemaker.
+	SdbServiceID                          = "sdb"                          // Sdb.
+	SecretsmanagerServiceID               = "secretsmanager"               // Secretsmanager.
+	ServerlessrepoServiceID               = "serverlessrepo"               // Serverlessrepo.
+	ServicecatalogServiceID               = "servicecatalog"               // Servicecatalog.
+	ServicediscoveryServiceID             = "servicediscovery"             // Servicediscovery.
+	ShieldServiceID                       = "shield"                       // Shield.
+	SmsServiceID                          = "sms"                          // Sms.
+	SnowballServiceID                     = "snowball"                     // Snowball.
+	SnsServiceID                          = "sns"                          // Sns.
+	SqsServiceID                          = "sqs"                          // Sqs.
+	SsmServiceID                          = "ssm"                          // Ssm.
+	StatesServiceID                       = "states"                       // States.
+	StoragegatewayServiceID               = "storagegateway"               // Storagegateway.
+	StreamsDynamodbServiceID              = "streams.dynamodb"             // StreamsDynamodb.
+	StsServiceID                          = "sts"                          // Sts.
+	SupportServiceID                      = "support"                      // Support.
+	SwfServiceID                          = "swf"                          // Swf.
+	TaggingServiceID                      = "tagging"                      // Tagging.
+	TransferServiceID                     = "transfer"                     // Transfer.
+	TranslateServiceID                    = "translate"                    // Translate.
+	WafServiceID                          = "waf"                          // Waf.
+	WafRegionalServiceID                  = "waf-regional"                 // WafRegional.
+	WorkdocsServiceID                     = "workdocs"                     // Workdocs.
+	WorkmailServiceID                     = "workmail"                     // Workmail.
+	WorkspacesServiceID                   = "workspaces"                   // Workspaces.
+	XrayServiceID                         = "xray"                         // Xray.
+)

vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go

@@ -35,7 +35,7 @@ type Options struct {
 	//
 	// If resolving an endpoint on the partition list the provided region will
 	// be used to determine which partition's domain name pattern to the service
-	// endpoint ID with. If both the service and region are unkonwn and resolving
+	// endpoint ID with. If both the service and region are unknown and resolving
 	// the endpoint on partition list an UnknownEndpointError error will be returned.
 	//
 	// If resolving and endpoint on a partition specific resolver that partition's

vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go

@@ -16,6 +16,10 @@ import (
 type CodeGenOptions struct {
 	// Options for how the model will be decoded.
 	DecodeModelOptions DecodeModelOptions
+
+	// Disables code generation of the service endpoint prefix IDs defined in
+	// the model.
+	DisableGenerateServiceIDs bool
 }
 
 // Set combines all of the option functions together
@@ -39,8 +43,16 @@ func CodeGenModel(modelFile io.Reader, outFile io.Writer, optFns ...func(*CodeGe
 		return err
 	}
 
+	v := struct {
+		Resolver
+		CodeGenOptions
+	}{
+		Resolver:       resolver,
+		CodeGenOptions: opts,
+	}
+
 	tmpl := template.Must(template.New("tmpl").Funcs(funcMap).Parse(v3Tmpl))
-	if err := tmpl.ExecuteTemplate(outFile, "defaults", resolver); err != nil {
+	if err := tmpl.ExecuteTemplate(outFile, "defaults", v); err != nil {
 		return fmt.Errorf("failed to execute template, %v", err)
 	}
 
@@ -166,15 +178,17 @@ import (
 	"regexp"
 )
 
-	{{ template "partition consts" . }}
+	{{ template "partition consts" $.Resolver }}
 
-	{{ range $_, $partition := . }}
+	{{ range $_, $partition := $.Resolver }}
 		{{ template "partition region consts" $partition }}
 	{{ end }}
 
-	{{ template "service consts" . }}
+	{{ if not $.DisableGenerateServiceIDs -}}
+	{{ template "service consts" $.Resolver }}
+	{{- end }}
 	
-	{{ template "endpoint resolvers" . }}
+	{{ template "endpoint resolvers" $.Resolver }}
 {{- end }}
 
 {{ define "partition consts" }}

vendor/github.com/aws/aws-sdk-go/aws/errors.go

@@ -5,13 +5,9 @@ import "github.com/aws/aws-sdk-go/aws/awserr"
 var (
 	// ErrMissingRegion is an error that is returned if region configuration is
 	// not found.
-	//
-	// @readonly
 	ErrMissingRegion = awserr.New("MissingRegion", "could not find region configuration", nil)
 
 	// ErrMissingEndpoint is an error that is returned if an endpoint cannot be
 	// resolved for a service.
-	//
-	// @readonly
 	ErrMissingEndpoint = awserr.New("MissingEndpoint", "'Endpoint' configuration is required for this service", nil)
 )

vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go

@@ -19,6 +19,7 @@ type Handlers struct {
 	UnmarshalError   HandlerList
 	Retry            HandlerList
 	AfterRetry       HandlerList
+	CompleteAttempt  HandlerList
 	Complete         HandlerList
 }
 
@@ -36,6 +37,7 @@ func (h *Handlers) Copy() Handlers {
 		UnmarshalMeta:    h.UnmarshalMeta.copy(),
 		Retry:            h.Retry.copy(),
 		AfterRetry:       h.AfterRetry.copy(),
+		CompleteAttempt:  h.CompleteAttempt.copy(),
 		Complete:         h.Complete.copy(),
 	}
 }
@@ -53,6 +55,7 @@ func (h *Handlers) Clear() {
 	h.ValidateResponse.Clear()
 	h.Retry.Clear()
 	h.AfterRetry.Clear()
+	h.CompleteAttempt.Clear()
 	h.Complete.Clear()
 }
 

vendor/github.com/aws/aws-sdk-go/aws/request/request.go

@@ -122,7 +122,6 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
 		Handlers:   handlers.Copy(),
 
 		Retryer:     retryer,
-		AttemptTime: time.Now(),
 		Time:        time.Now(),
 		ExpireTime:  0,
 		Operation:   operation,
@@ -266,7 +265,9 @@ func (r *Request) SetReaderBody(reader io.ReadSeeker) {
 }
 
 // Presign returns the request's signed URL. Error will be returned
-// if the signing fails.
+// if the signing fails. The expire parameter is only used for presigned Amazon
+// S3 API requests. All other AWS services will use a fixed expiration
+// time of 15 minutes.
 //
 // It is invalid to create a presigned URL with a expire duration 0 or less. An
 // error is returned if expire duration is 0 or less.
@@ -283,7 +284,9 @@ func (r *Request) Presign(expire time.Duration) (string, error) {
 }
 
 // PresignRequest behaves just like presign, with the addition of returning a
-// set of headers that were signed.
+// set of headers that were signed. The expire parameter is only used for
+// presigned Amazon S3 API requests. All other AWS services will use a fixed
+// expiration time of 15 minutes.
 //
 // It is invalid to create a presigned URL with a expire duration 0 or less. An
 // error is returned if expire duration is 0 or less.
@@ -462,80 +465,78 @@ func (r *Request) Send() error {
 		r.Handlers.Complete.Run(r)
 	}()
 
+	if err := r.Error; err != nil {
+		return err
+	}
+
 	for {
+		r.Error = nil
 		r.AttemptTime = time.Now()
-		if aws.BoolValue(r.Retryable) {
-			if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
-				r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
-					r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
-			}
-
-			// The previous http.Request will have a reference to the r.Body
-			// and the HTTP Client's Transport may still be reading from
-			// the request's body even though the Client's Do returned.
-			r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
-			r.ResetBody()
-
-			// Closing response body to ensure that no response body is leaked
-			// between retry attempts.
-			if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
-				r.HTTPResponse.Body.Close()
-			}
-		}
 
-		r.Sign()
-		if r.Error != nil {
-			return r.Error
+		if err := r.Sign(); err != nil {
+			debugLogReqError(r, "Sign Request", false, err)
+			return err
 		}
 
-		r.Retryable = nil
-
-		r.Handlers.Send.Run(r)
-		if r.Error != nil {
-			if !shouldRetryCancel(r) {
-				return r.Error
-			}
-
-			err := r.Error
+		if err := r.sendRequest(); err == nil {
+			return nil
+		} else if !shouldRetryCancel(r) {
+			return err
+		} else {
 			r.Handlers.Retry.Run(r)
 			r.Handlers.AfterRetry.Run(r)
-			if r.Error != nil {
-				debugLogReqError(r, "Send Request", false, err)
-				return r.Error
-			}
-			debugLogReqError(r, "Send Request", true, err)
-			continue
-		}
-		r.Handlers.UnmarshalMeta.Run(r)
-		r.Handlers.ValidateResponse.Run(r)
-		if r.Error != nil {
-			r.Handlers.UnmarshalError.Run(r)
-			err := r.Error
 
-			r.Handlers.Retry.Run(r)
-			r.Handlers.AfterRetry.Run(r)
-			if r.Error != nil {
-				debugLogReqError(r, "Validate Response", false, err)
+			if r.Error != nil || !aws.BoolValue(r.Retryable) {
 				return r.Error
 			}
-			debugLogReqError(r, "Validate Response", true, err)
-			continue
-		}
 
-		r.Handlers.Unmarshal.Run(r)
-		if r.Error != nil {
-			err := r.Error
-			r.Handlers.Retry.Run(r)
-			r.Handlers.AfterRetry.Run(r)
-			if r.Error != nil {
-				debugLogReqError(r, "Unmarshal Response", false, err)
-				return r.Error
-			}
-			debugLogReqError(r, "Unmarshal Response", true, err)
+			r.prepareRetry()
 			continue
 		}
+	}
+}
+
+func (r *Request) prepareRetry() {
+	if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
+		r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
+			r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
+	}
+
+	// The previous http.Request will have a reference to the r.Body
+	// and the HTTP Client's Transport may still be reading from
+	// the request's body even though the Client's Do returned.
+	r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
+	r.ResetBody()
+
+	// Closing response body to ensure that no response body is leaked
+	// between retry attempts.
+	if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
+		r.HTTPResponse.Body.Close()
+	}
+}
+
+func (r *Request) sendRequest() (sendErr error) {
+	defer r.Handlers.CompleteAttempt.Run(r)
+
+	r.Retryable = nil
+	r.Handlers.Send.Run(r)
+	if r.Error != nil {
+		debugLogReqError(r, "Send Request", r.WillRetry(), r.Error)
+		return r.Error
+	}
 
-		break
+	r.Handlers.UnmarshalMeta.Run(r)
+	r.Handlers.ValidateResponse.Run(r)
+	if r.Error != nil {
+		r.Handlers.UnmarshalError.Run(r)
+		debugLogReqError(r, "Validate Response", r.WillRetry(), r.Error)
+		return r.Error
+	}
+
+	r.Handlers.Unmarshal.Run(r)
+	if r.Error != nil {
+		debugLogReqError(r, "Unmarshal Response", r.WillRetry(), r.Error)
+		return r.Error
 	}
 
 	return nil

vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go

@@ -40,6 +40,7 @@ var throttleCodes = map[string]struct{}{
 	"RequestThrottled":                       {},
 	"TooManyRequestsException":               {}, // Lambda functions
 	"PriorRequestNotComplete":                {}, // Route53
+	"TransactionInProgressException":         {},
 }
 
 // credsExpiredCodes is a collection of error codes which signify the credentials
@@ -97,7 +98,7 @@ func isNestedErrorRetryable(parentErr awserr.Error) bool {
 	}
 
 	if t, ok := err.(temporaryError); ok {
-		return t.Temporary()
+		return t.Temporary() || isErrConnectionReset(err)
 	}
 
 	return isErrConnectionReset(err)

vendor/github.com/aws/aws-sdk-go/aws/request/validation.go

@@ -17,6 +17,12 @@ const (
 	ParamMinValueErrCode = "ParamMinValueError"
 	// ParamMinLenErrCode is the error code for fields without enough elements.
 	ParamMinLenErrCode = "ParamMinLenError"
+	// ParamMaxLenErrCode is the error code for value being too long.
+	ParamMaxLenErrCode = "ParamMaxLenError"
+
+	// ParamFormatErrCode is the error code for a field with invalid
+	// format or characters.
+	ParamFormatErrCode = "ParamFormatInvalidError"
 )
 
 // Validator provides a way for types to perform validation logic on their
@@ -232,3 +238,49 @@ func NewErrParamMinLen(field string, min int) *ErrParamMinLen {
 func (e *ErrParamMinLen) MinLen() int {
 	return e.min
 }
+
+// An ErrParamMaxLen represents a maximum length parameter error.
+type ErrParamMaxLen struct {
+	errInvalidParam
+	max int
+}
+
+// NewErrParamMaxLen creates a new maximum length parameter error.
+func NewErrParamMaxLen(field string, max int, value string) *ErrParamMaxLen {
+	return &ErrParamMaxLen{
+		errInvalidParam: errInvalidParam{
+			code:  ParamMaxLenErrCode,
+			field: field,
+			msg:   fmt.Sprintf("maximum size of %v, %v", max, value),
+		},
+		max: max,
+	}
+}
+
+// MaxLen returns the field's required minimum length.
+func (e *ErrParamMaxLen) MaxLen() int {
+	return e.max
+}
+
+// An ErrParamFormat represents a invalid format parameter error.
+type ErrParamFormat struct {
+	errInvalidParam
+	format string
+}
+
+// NewErrParamFormat creates a new invalid format parameter error.
+func NewErrParamFormat(field string, format, value string) *ErrParamFormat {
+	return &ErrParamFormat{
+		errInvalidParam: errInvalidParam{
+			code:  ParamFormatErrCode,
+			field: field,
+			msg:   fmt.Sprintf("format %v, %v", format, value),
+		},
+		format: format,
+	}
+}
+
+// Format returns the field's required format.
+func (e *ErrParamFormat) Format() string {
+	return e.format
+}

vendor/github.com/aws/aws-sdk-go/aws/session/doc.go

@@ -99,7 +99,7 @@ handler logs every request and its payload made by a service client:
 
 	sess.Handlers.Send.PushFront(func(r *request.Request) {
 		// Log every request made and its payload
-		logger.Println("Request: %s/%s, Payload: %s",
+		logger.Printf("Request: %s/%s, Payload: %s",
 			r.ClientInfo.ServiceName, r.Operation, r.Params)
 	})
 
@@ -128,7 +128,7 @@ read. The Session will be created from configuration values from the shared
 credentials file (~/.aws/credentials) over those in the shared config file (~/.aws/config).
 
 Credentials are the values the SDK should use for authenticating requests with
-AWS Services. They arfrom a configuration file will need to include both
+AWS Services. They are from a configuration file will need to include both
 aws_access_key_id and aws_secret_access_key must be provided together in the
 same file to be considered valid. The values will be ignored if not a complete
 group. aws_session_token is an optional field that can be provided if both of
@@ -183,7 +183,7 @@ be returned when creating the session.
     // from assumed role.
     svc := s3.New(sess)
 
-To setup assume role outside of a session see the stscrds.AssumeRoleProvider
+To setup assume role outside of a session see the stscreds.AssumeRoleProvider
 documentation.
 
 Environment Variables

vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go

@@ -4,6 +4,7 @@ import (
 	"os"
 	"strconv"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/defaults"
 )
@@ -79,7 +80,7 @@ type envConfig struct {
 	//	AWS_CONFIG_FILE=$HOME/my_shared_config
 	SharedConfigFile string
 
-	// Sets the path to a custom Credentials Authroity (CA) Bundle PEM file
+	// Sets the path to a custom Credentials Authority (CA) Bundle PEM file
 	// that the SDK will use instead of the system's root CA bundle.
 	// Only use this if you want to configure the SDK to use a custom set
 	// of CAs.
@@ -101,6 +102,12 @@ type envConfig struct {
 	CSMEnabled  bool
 	CSMPort     string
 	CSMClientID string
+
+	enableEndpointDiscovery string
+	// Enables endpoint discovery via environment variables.
+	//
+	//	AWS_ENABLE_ENDPOINT_DISCOVERY=true
+	EnableEndpointDiscovery *bool
 }
 
 var (
@@ -125,6 +132,10 @@ var (
 		"AWS_SESSION_TOKEN",
 	}
 
+	enableEndpointDiscoveryEnvKey = []string{
+		"AWS_ENABLE_ENDPOINT_DISCOVERY",
+	}
+
 	regionEnvKeys = []string{
 		"AWS_REGION",
 		"AWS_DEFAULT_REGION", // Only read if AWS_SDK_LOAD_CONFIG is also set
@@ -194,6 +205,12 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
 	setFromEnvVal(&cfg.Region, regionKeys)
 	setFromEnvVal(&cfg.Profile, profileKeys)
 
+	// endpoint discovery is in reference to it being enabled.
+	setFromEnvVal(&cfg.enableEndpointDiscovery, enableEndpointDiscoveryEnvKey)
+	if len(cfg.enableEndpointDiscovery) > 0 {
+		cfg.EnableEndpointDiscovery = aws.Bool(cfg.enableEndpointDiscovery != "false")
+	}
+
 	setFromEnvVal(&cfg.SharedCredentialsFile, sharedCredsFileEnvKey)
 	setFromEnvVal(&cfg.SharedConfigFile, sharedConfigFileEnvKey)
 

vendor/github.com/aws/aws-sdk-go/aws/session/session.go

@@ -14,13 +14,32 @@ import (
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/corehandlers"
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/processcreds"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/csm"
 	"github.com/aws/aws-sdk-go/aws/defaults"
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 
+const (
+	// ErrCodeSharedConfig represents an error that occurs in the shared
+	// configuration logic
+	ErrCodeSharedConfig = "SharedConfigErr"
+)
+
+// ErrSharedConfigSourceCollision will be returned if a section contains both
+// source_profile and credential_source
+var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only source profile or credential source can be specified, not both", nil)
+
+// ErrSharedConfigECSContainerEnvVarEmpty will be returned if the environment
+// variables are empty and Environment was set as the credential source
+var ErrSharedConfigECSContainerEnvVarEmpty = awserr.New(ErrCodeSharedConfig, "EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set", nil)
+
+// ErrSharedConfigInvalidCredSource will be returned if an invalid credential source was provided
+var ErrSharedConfigInvalidCredSource = awserr.New(ErrCodeSharedConfig, "credential source values must be EcsContainer, Ec2InstanceMetadata, or Environment", nil)
+
 // A Session provides a central location to create service clients from and
 // store configurations and request handlers for those services.
 //
@@ -434,8 +453,67 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
 		}
 	}
 
+	if cfg.EnableEndpointDiscovery == nil {
+		if envCfg.EnableEndpointDiscovery != nil {
+			cfg.WithEndpointDiscovery(*envCfg.EnableEndpointDiscovery)
+		} else if envCfg.EnableSharedConfig && sharedCfg.EnableEndpointDiscovery != nil {
+			cfg.WithEndpointDiscovery(*sharedCfg.EnableEndpointDiscovery)
+		}
+	}
+
 	// Configure credentials if not already set
 	if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
+
+		// inspect the profile to see if a credential source has been specified.
+		if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 {
+
+			// if both credential_source and source_profile have been set, return an error
+			// as this is undefined behavior.
+			if len(sharedCfg.AssumeRole.SourceProfile) > 0 {
+				return ErrSharedConfigSourceCollision
+			}
+
+			// valid credential source values
+			const (
+				credSourceEc2Metadata  = "Ec2InstanceMetadata"
+				credSourceEnvironment  = "Environment"
+				credSourceECSContainer = "EcsContainer"
+			)
+
+			switch sharedCfg.AssumeRole.CredentialSource {
+			case credSourceEc2Metadata:
+				cfgCp := *cfg
+				p := defaults.RemoteCredProvider(cfgCp, handlers)
+				cfgCp.Credentials = credentials.NewCredentials(p)
+
+				if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
+					// AssumeRole Token provider is required if doing Assume Role
+					// with MFA.
+					return AssumeRoleTokenProviderNotSetError{}
+				}
+
+				cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
+			case credSourceEnvironment:
+				cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
+					envCfg.Creds,
+				)
+			case credSourceECSContainer:
+				if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
+					return ErrSharedConfigECSContainerEnvVarEmpty
+				}
+
+				cfgCp := *cfg
+				p := defaults.RemoteCredProvider(cfgCp, handlers)
+				creds := credentials.NewCredentials(p)
+
+				cfg.Credentials = creds
+			default:
+				return ErrSharedConfigInvalidCredSource
+			}
+
+			return nil
+		}
+
 		if len(envCfg.Creds.AccessKeyID) > 0 {
 			cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
 				envCfg.Creds,
@@ -445,36 +523,22 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
 			cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds(
 				sharedCfg.AssumeRoleSource.Creds,
 			)
+
 			if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
 				// AssumeRole Token provider is required if doing Assume Role
 				// with MFA.
 				return AssumeRoleTokenProviderNotSetError{}
 			}
-			cfg.Credentials = stscreds.NewCredentials(
-				&Session{
-					Config:   &cfgCp,
-					Handlers: handlers.Copy(),
-				},
-				sharedCfg.AssumeRole.RoleARN,
-				func(opt *stscreds.AssumeRoleProvider) {
-					opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName
-
-					// Assume role with external ID
-					if len(sharedCfg.AssumeRole.ExternalID) > 0 {
-						opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID)
-					}
-
-					// Assume role with MFA
-					if len(sharedCfg.AssumeRole.MFASerial) > 0 {
-						opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial)
-						opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
-					}
-				},
-			)
+
+			cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
 		} else if len(sharedCfg.Creds.AccessKeyID) > 0 {
 			cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
 				sharedCfg.Creds,
 			)
+		} else if len(sharedCfg.CredentialProcess) > 0 {
+			cfg.Credentials = processcreds.NewCredentials(
+				sharedCfg.CredentialProcess,
+			)
 		} else {
 			// Fallback to default credentials provider, include mock errors
 			// for the credential chain so user can identify why credentials
@@ -493,6 +557,30 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
 	return nil
 }
 
+func assumeRoleCredentials(cfg aws.Config, handlers request.Handlers, sharedCfg sharedConfig, sessOpts Options) *credentials.Credentials {
+	return stscreds.NewCredentials(
+		&Session{
+			Config:   &cfg,
+			Handlers: handlers.Copy(),
+		},
+		sharedCfg.AssumeRole.RoleARN,
+		func(opt *stscreds.AssumeRoleProvider) {
+			opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName
+
+			// Assume role with external ID
+			if len(sharedCfg.AssumeRole.ExternalID) > 0 {
+				opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID)
+			}
+
+			// Assume role with MFA
+			if len(sharedCfg.AssumeRole.MFASerial) > 0 {
+				opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial)
+				opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
+			}
+		},
+	)
+}
+
 // AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the
 // MFAToken option is not set when shared config is configured load assume a
 // role with an MFA token.

vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go

@@ -2,11 +2,11 @@ package session
 
 import (
 	"fmt"
-	"io/ioutil"
 
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/go-ini/ini"
+
+	"github.com/aws/aws-sdk-go/internal/ini"
 )
 
 const (
@@ -16,15 +16,21 @@ const (
 	sessionTokenKey = `aws_session_token`     // optional
 
 	// Assume Role Credentials group
-	roleArnKey         = `role_arn`          // group required
-	sourceProfileKey   = `source_profile`    // group required
-	externalIDKey      = `external_id`       // optional
-	mfaSerialKey       = `mfa_serial`        // optional
-	roleSessionNameKey = `role_session_name` // optional
+	roleArnKey          = `role_arn`          // group required
+	sourceProfileKey    = `source_profile`    // group required (or credential_source)
+	credentialSourceKey = `credential_source` // group required (or source_profile)
+	externalIDKey       = `external_id`       // optional
+	mfaSerialKey        = `mfa_serial`        // optional
+	roleSessionNameKey  = `role_session_name` // optional
 
 	// Additional Config fields
 	regionKey = `region`
 
+	// endpoint discovery group
+	enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional
+	// External Credential Process
+	credentialProcessKey = `credential_process`
+
 	// DefaultSharedConfigProfile is the default profile to be used when
 	// loading configuration from the config files if another profile name
 	// is not provided.
@@ -32,11 +38,12 @@ const (
 )
 
 type assumeRoleConfig struct {
-	RoleARN         string
-	SourceProfile   string
-	ExternalID      string
-	MFASerial       string
-	RoleSessionName string
+	RoleARN          string
+	SourceProfile    string
+	CredentialSource string
+	ExternalID       string
+	MFASerial        string
+	RoleSessionName  string
 }
 
 // sharedConfig represents the configuration fields of the SDK config files.
@@ -55,16 +62,25 @@ type sharedConfig struct {
 	AssumeRole       assumeRoleConfig
 	AssumeRoleSource *sharedConfig
 
+	// An external process to request credentials
+	CredentialProcess string
+
 	// Region is the region the SDK should use for looking up AWS service endpoints
 	// and signing requests.
 	//
 	//	region
 	Region string
+
+	// EnableEndpointDiscovery can be enabled in the shared config by setting
+	// endpoint_discovery_enabled to true
+	//
+	//	endpoint_discovery_enabled = true
+	EnableEndpointDiscovery *bool
 }
 
 type sharedConfigFile struct {
 	Filename string
-	IniData  *ini.File
+	IniData  ini.Sections
 }
 
 // loadSharedConfig retrieves the configuration from the list of files
@@ -105,19 +121,16 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
 	files := make([]sharedConfigFile, 0, len(filenames))
 
 	for _, filename := range filenames {
-		b, err := ioutil.ReadFile(filename)
-		if err != nil {
+		sections, err := ini.OpenFile(filename)
+		if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ini.ErrCodeUnableToReadFile {
 			// Skip files which can't be opened and read for whatever reason
 			continue
-		}
-
-		f, err := ini.Load(b)
-		if err != nil {
+		} else if err != nil {
 			return nil, SharedConfigLoadError{Filename: filename, Err: err}
 		}
 
 		files = append(files, sharedConfigFile{
-			Filename: filename, IniData: f,
+			Filename: filename, IniData: sections,
 		})
 	}
 
@@ -127,6 +140,13 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
 func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedConfigFile) error {
 	var assumeRoleSrc sharedConfig
 
+	if len(cfg.AssumeRole.CredentialSource) > 0 {
+		// setAssumeRoleSource is only called when source_profile is found.
+		// If both source_profile and credential_source are set, then
+		// ErrSharedConfigSourceCollision will be returned
+		return ErrSharedConfigSourceCollision
+	}
+
 	// Multiple level assume role chains are not support
 	if cfg.AssumeRole.SourceProfile == origProfile {
 		assumeRoleSrc = *cfg
@@ -171,45 +191,59 @@ func (cfg *sharedConfig) setFromIniFiles(profile string, files []sharedConfigFil
 // if a config file only includes aws_access_key_id but no aws_secret_access_key
 // the aws_access_key_id will be ignored.
 func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) error {
-	section, err := file.IniData.GetSection(profile)
-	if err != nil {
+	section, ok := file.IniData.GetSection(profile)
+	if !ok {
 		// Fallback to to alternate profile name: profile <name>
-		section, err = file.IniData.GetSection(fmt.Sprintf("profile %s", profile))
-		if err != nil {
-			return SharedConfigProfileNotExistsError{Profile: profile, Err: err}
+		section, ok = file.IniData.GetSection(fmt.Sprintf("profile %s", profile))
+		if !ok {
+			return SharedConfigProfileNotExistsError{Profile: profile, Err: nil}
 		}
 	}
 
 	// Shared Credentials
-	akid := section.Key(accessKeyIDKey).String()
-	secret := section.Key(secretAccessKey).String()
+	akid := section.String(accessKeyIDKey)
+	secret := section.String(secretAccessKey)
 	if len(akid) > 0 && len(secret) > 0 {
 		cfg.Creds = credentials.Value{
 			AccessKeyID:     akid,
 			SecretAccessKey: secret,
-			SessionToken:    section.Key(sessionTokenKey).String(),
+			SessionToken:    section.String(sessionTokenKey),
 			ProviderName:    fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
 		}
 	}
 
 	// Assume Role
-	roleArn := section.Key(roleArnKey).String()
-	srcProfile := section.Key(sourceProfileKey).String()
-	if len(roleArn) > 0 && len(srcProfile) > 0 {
+	roleArn := section.String(roleArnKey)
+	srcProfile := section.String(sourceProfileKey)
+	credentialSource := section.String(credentialSourceKey)
+	hasSource := len(srcProfile) > 0 || len(credentialSource) > 0
+	if len(roleArn) > 0 && hasSource {
 		cfg.AssumeRole = assumeRoleConfig{
-			RoleARN:         roleArn,
-			SourceProfile:   srcProfile,
-			ExternalID:      section.Key(externalIDKey).String(),
-			MFASerial:       section.Key(mfaSerialKey).String(),
-			RoleSessionName: section.Key(roleSessionNameKey).String(),
+			RoleARN:          roleArn,
+			SourceProfile:    srcProfile,
+			CredentialSource: credentialSource,
+			ExternalID:       section.String(externalIDKey),
+			MFASerial:        section.String(mfaSerialKey),
+			RoleSessionName:  section.String(roleSessionNameKey),
 		}
 	}
 
+	// `credential_process`
+	if credProc := section.String(credentialProcessKey); len(credProc) > 0 {
+		cfg.CredentialProcess = credProc
+	}
+
 	// Region
-	if v := section.Key(regionKey).String(); len(v) > 0 {
+	if v := section.String(regionKey); len(v) > 0 {
 		cfg.Region = v
 	}
 
+	// Endpoint discovery
+	if section.Has(enableEndpointDiscoveryKey) {
+		v := section.Bool(enableEndpointDiscoveryKey)
+		cfg.EnableEndpointDiscovery = &v
+	}
+
 	return nil
 }
 

vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go

@@ -98,25 +98,25 @@ var ignoredHeaders = rules{
 var requiredSignedHeaders = rules{
 	whitelist{
 		mapRule{
-			"Cache-Control":                                               struct{}{},
-			"Content-Disposition":                                         struct{}{},
-			"Content-Encoding":                                            struct{}{},
-			"Content-Language":                                            struct{}{},
-			"Content-Md5":                                                 struct{}{},
-			"Content-Type":                                                struct{}{},
-			"Expires":                                                     struct{}{},
-			"If-Match":                                                    struct{}{},
-			"If-Modified-Since":                                           struct{}{},
-			"If-None-Match":                                               struct{}{},
-			"If-Unmodified-Since":                                         struct{}{},
-			"Range":                                                       struct{}{},
-			"X-Amz-Acl":                                                   struct{}{},
-			"X-Amz-Copy-Source":                                           struct{}{},
-			"X-Amz-Copy-Source-If-Match":                                  struct{}{},
-			"X-Amz-Copy-Source-If-Modified-Since":                         struct{}{},
-			"X-Amz-Copy-Source-If-None-Match":                             struct{}{},
-			"X-Amz-Copy-Source-If-Unmodified-Since":                       struct{}{},
-			"X-Amz-Copy-Source-Range":                                     struct{}{},
+			"Cache-Control":                         struct{}{},
+			"Content-Disposition":                   struct{}{},
+			"Content-Encoding":                      struct{}{},
+			"Content-Language":                      struct{}{},
+			"Content-Md5":                           struct{}{},
+			"Content-Type":                          struct{}{},
+			"Expires":                               struct{}{},
+			"If-Match":                              struct{}{},
+			"If-Modified-Since":                     struct{}{},
+			"If-None-Match":                         struct{}{},
+			"If-Unmodified-Since":                   struct{}{},
+			"Range":                                 struct{}{},
+			"X-Amz-Acl":                             struct{}{},
+			"X-Amz-Copy-Source":                     struct{}{},
+			"X-Amz-Copy-Source-If-Match":            struct{}{},
+			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
+			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
+			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
+			"X-Amz-Copy-Source-Range":               struct{}{},
 			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
 			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
 			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
@@ -134,6 +134,7 @@ var requiredSignedHeaders = rules{
 			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
 			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
 			"X-Amz-Storage-Class":                                         struct{}{},
+			"X-Amz-Tagging":                                               struct{}{},
 			"X-Amz-Website-Redirect-Location":                             struct{}{},
 			"X-Amz-Content-Sha256":                                        struct{}{},
 		},
@@ -421,7 +422,7 @@ var SignRequestHandler = request.NamedHandler{
 // If the credentials of the request's config are set to
 // credentials.AnonymousCredentials the request will not be signed.
 func SignSDKRequest(req *request.Request) {
-	signSDKRequestWithCurrTime(req, time.Now)
+	SignSDKRequestWithCurrentTime(req, time.Now)
 }
 
 // BuildNamedHandler will build a generic handler for signing.
@@ -429,12 +430,15 @@ func BuildNamedHandler(name string, opts ...func(*Signer)) request.NamedHandler
 	return request.NamedHandler{
 		Name: name,
 		Fn: func(req *request.Request) {
-			signSDKRequestWithCurrTime(req, time.Now, opts...)
+			SignSDKRequestWithCurrentTime(req, time.Now, opts...)
 		},
 	}
 }
 
-func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time, opts ...func(*Signer)) {
+// SignSDKRequestWithCurrentTime will sign the SDK's request using the time
+// function passed in. Behaves the same as SignSDKRequest with the exception
+// the request is signed with the value returned by the current time function.
+func SignSDKRequestWithCurrentTime(req *request.Request, curTimeFn func() time.Time, opts ...func(*Signer)) {
 	// If the request does not need to be signed ignore the signing of the
 	// request if the AnonymousCredentials object is used.
 	if req.Config.Credentials == credentials.AnonymousCredentials {
@@ -470,13 +474,9 @@ func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time
 		opt(v4)
 	}
 
-	signingTime := req.Time
-	if !req.LastSignedAt.IsZero() {
-		signingTime = req.LastSignedAt
-	}
-
+	curTime := curTimeFn()
 	signedHeaders, err := v4.signWithBody(req.HTTPRequest, req.GetBody(),
-		name, region, req.ExpireTime, req.ExpireTime > 0, signingTime,
+		name, region, req.ExpireTime, req.ExpireTime > 0, curTime,
 	)
 	if err != nil {
 		req.Error = err
@@ -485,7 +485,7 @@ func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time
 	}
 
 	req.SignedHeaderVals = signedHeaders
-	req.LastSignedAt = curTimeFn()
+	req.LastSignedAt = curTime
 }
 
 const logSignInfoMsg = `DEBUG: Request Signature:
@@ -739,14 +739,22 @@ func makeSha256Reader(reader io.ReadSeeker) []byte {
 	start, _ := reader.Seek(0, sdkio.SeekCurrent)
 	defer reader.Seek(start, sdkio.SeekStart)
 
-	io.Copy(hash, reader)
+	// Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies
+	// smaller than 32KB. Fall back to io.Copy if we fail to determine the size.
+	size, err := aws.SeekerLen(reader)
+	if err != nil {
+		io.Copy(hash, reader)
+	} else {
+		io.CopyN(hash, reader, size)
+	}
+
 	return hash.Sum(nil)
 }
 
 const doubleSpace = "  "
 
 // stripExcessSpaces will rewrite the passed in slice's string values to not
-// contain muliple side-by-side spaces.
+// contain multiple side-by-side spaces.
 func stripExcessSpaces(vals []string) {
 	var j, k, l, m, spaces int
 	for i, str := range vals {

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.14.12"
+const SDKVersion = "1.16.15"

vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go

@@ -0,0 +1,120 @@
+package ini
+
+// ASTKind represents different states in the parse table
+// and the type of AST that is being constructed
+type ASTKind int
+
+// ASTKind* is used in the parse table to transition between
+// the different states
+const (
+	ASTKindNone = ASTKind(iota)
+	ASTKindStart
+	ASTKindExpr
+	ASTKindEqualExpr
+	ASTKindStatement
+	ASTKindSkipStatement
+	ASTKindExprStatement
+	ASTKindSectionStatement
+	ASTKindNestedSectionStatement
+	ASTKindCompletedNestedSectionStatement
+	ASTKindCommentStatement
+	ASTKindCompletedSectionStatement
+)
+
+func (k ASTKind) String() string {
+	switch k {
+	case ASTKindNone:
+		return "none"
+	case ASTKindStart:
+		return "start"
+	case ASTKindExpr:
+		return "expr"
+	case ASTKindStatement:
+		return "stmt"
+	case ASTKindSectionStatement:
+		return "section_stmt"
+	case ASTKindExprStatement:
+		return "expr_stmt"
+	case ASTKindCommentStatement:
+		return "comment"
+	case ASTKindNestedSectionStatement:
+		return "nested_section_stmt"
+	case ASTKindCompletedSectionStatement:
+		return "completed_stmt"
+	case ASTKindSkipStatement:
+		return "skip"
+	default:
+		return ""
+	}
+}
+
+// AST interface allows us to determine what kind of node we
+// are on and casting may not need to be necessary.
+//
+// The root is always the first node in Children
+type AST struct {
+	Kind      ASTKind
+	Root      Token
+	RootToken bool
+	Children  []AST
+}
+
+func newAST(kind ASTKind, root AST, children ...AST) AST {
+	return AST{
+		Kind:     kind,
+		Children: append([]AST{root}, children...),
+	}
+}
+
+func newASTWithRootToken(kind ASTKind, root Token, children ...AST) AST {
+	return AST{
+		Kind:      kind,
+		Root:      root,
+		RootToken: true,
+		Children:  children,
+	}
+}
+
+// AppendChild will append to the list of children an AST has.
+func (a *AST) AppendChild(child AST) {
+	a.Children = append(a.Children, child)
+}
+
+// GetRoot will return the root AST which can be the first entry
+// in the children list or a token.
+func (a *AST) GetRoot() AST {
+	if a.RootToken {
+		return *a
+	}
+
+	if len(a.Children) == 0 {
+		return AST{}
+	}
+
+	return a.Children[0]
+}
+
+// GetChildren will return the current AST's list of children
+func (a *AST) GetChildren() []AST {
+	if len(a.Children) == 0 {
+		return []AST{}
+	}
+
+	if a.RootToken {
+		return a.Children
+	}
+
+	return a.Children[1:]
+}
+
+// SetChildren will set and override all children of the AST.
+func (a *AST) SetChildren(children []AST) {
+	if a.RootToken {
+		a.Children = children
+	} else {
+		a.Children = append(a.Children[:1], children...)
+	}
+}
+
+// Start is used to indicate the starting state of the parse table.
+var Start = newAST(ASTKindStart, AST{})

vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go

@@ -0,0 +1,11 @@
+package ini
+
+var commaRunes = []rune(",")
+
+func isComma(b rune) bool {
+	return b == ','
+}
+
+func newCommaToken() Token {
+	return newToken(TokenComma, commaRunes, NoneType)
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go

@@ -0,0 +1,35 @@
+package ini
+
+// isComment will return whether or not the next byte(s) is a
+// comment.
+func isComment(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	switch b[0] {
+	case ';':
+		return true
+	case '#':
+		return true
+	}
+
+	return false
+}
+
+// newCommentToken will create a comment token and
+// return how many bytes were read.
+func newCommentToken(b []rune) (Token, int, error) {
+	i := 0
+	for ; i < len(b); i++ {
+		if b[i] == '\n' {
+			break
+		}
+
+		if len(b)-i > 2 && b[i] == '\r' && b[i+1] == '\n' {
+			break
+		}
+	}
+
+	return newToken(TokenComment, b[:i], NoneType), i, nil
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go

@@ -0,0 +1,29 @@
+// Package ini is an LL(1) parser for configuration files.
+//
+//	Example:
+//	sections, err := ini.OpenFile("/path/to/file")
+//	if err != nil {
+//		panic(err)
+//	}
+//
+//	profile := "foo"
+//	section, ok := sections.GetSection(profile)
+//	if !ok {
+//		fmt.Printf("section %q could not be found", profile)
+//	}
+//
+// Below is the BNF that describes this parser
+//	Grammar:
+//	stmt -> value stmt'
+//	stmt' -> epsilon | op stmt
+//	value -> number | string | boolean | quoted_string
+//
+//	section -> [ section'
+//	section' -> value section_close
+//	section_close -> ]
+//
+//	SkipState will skip (NL WS)+
+//
+//	comment -> # comment' | ; comment'
+//	comment' -> epsilon | value
+package ini

vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go

@@ -0,0 +1,4 @@
+package ini
+
+// emptyToken is used to satisfy the Token interface
+var emptyToken = newToken(TokenNone, []rune{}, NoneType)

vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go

@@ -0,0 +1,24 @@
+package ini
+
+// newExpression will return an expression AST.
+// Expr represents an expression
+//
+//	grammar:
+//	expr -> string | number
+func newExpression(tok Token) AST {
+	return newASTWithRootToken(ASTKindExpr, tok)
+}
+
+func newEqualExpr(left AST, tok Token) AST {
+	return newASTWithRootToken(ASTKindEqualExpr, tok, left)
+}
+
+// EqualExprKey will return a LHS value in the equal expr
+func EqualExprKey(ast AST) string {
+	children := ast.GetChildren()
+	if len(children) == 0 || ast.Kind != ASTKindEqualExpr {
+		return ""
+	}
+
+	return string(children[0].Root.Raw())
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go

@@ -0,0 +1,17 @@
+// +build gofuzz
+
+package ini
+
+import (
+	"bytes"
+)
+
+func Fuzz(data []byte) int {
+	b := bytes.NewReader(data)
+
+	if _, err := Parse(b); err != nil {
+		return 0
+	}
+
+	return 1
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go

@@ -0,0 +1,51 @@
+package ini
+
+import (
+	"io"
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// OpenFile takes a path to a given file, and will open  and parse
+// that file.
+func OpenFile(path string) (Sections, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return Sections{}, awserr.New(ErrCodeUnableToReadFile, "unable to open file", err)
+	}
+	defer f.Close()
+
+	return Parse(f)
+}
+
+// Parse will parse the given file using the shared config
+// visitor.
+func Parse(f io.Reader) (Sections, error) {
+	tree, err := ParseAST(f)
+	if err != nil {
+		return Sections{}, err
+	}
+
+	v := NewDefaultVisitor()
+	if err = Walk(tree, v); err != nil {
+		return Sections{}, err
+	}
+
+	return v.Sections, nil
+}
+
+// ParseBytes will parse the given bytes and return the parsed sections.
+func ParseBytes(b []byte) (Sections, error) {
+	tree, err := ParseASTBytes(b)
+	if err != nil {
+		return Sections{}, err
+	}
+
+	v := NewDefaultVisitor()
+	if err = Walk(tree, v); err != nil {
+		return Sections{}, err
+	}
+
+	return v.Sections, nil
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go

@@ -0,0 +1,165 @@
+package ini
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+const (
+	// ErrCodeUnableToReadFile is used when a file is failed to be
+	// opened or read from.
+	ErrCodeUnableToReadFile = "FailedRead"
+)
+
+// TokenType represents the various different tokens types
+type TokenType int
+
+func (t TokenType) String() string {
+	switch t {
+	case TokenNone:
+		return "none"
+	case TokenLit:
+		return "literal"
+	case TokenSep:
+		return "sep"
+	case TokenOp:
+		return "op"
+	case TokenWS:
+		return "ws"
+	case TokenNL:
+		return "newline"
+	case TokenComment:
+		return "comment"
+	case TokenComma:
+		return "comma"
+	default:
+		return ""
+	}
+}
+
+// TokenType enums
+const (
+	TokenNone = TokenType(iota)
+	TokenLit
+	TokenSep
+	TokenComma
+	TokenOp
+	TokenWS
+	TokenNL
+	TokenComment
+)
+
+type iniLexer struct{}
+
+// Tokenize will return a list of tokens during lexical analysis of the
+// io.Reader.
+func (l *iniLexer) Tokenize(r io.Reader) ([]Token, error) {
+	b, err := ioutil.ReadAll(r)
+	if err != nil {
+		return nil, awserr.New(ErrCodeUnableToReadFile, "unable to read file", err)
+	}
+
+	return l.tokenize(b)
+}
+
+func (l *iniLexer) tokenize(b []byte) ([]Token, error) {
+	runes := bytes.Runes(b)
+	var err error
+	n := 0
+	tokenAmount := countTokens(runes)
+	tokens := make([]Token, tokenAmount)
+	count := 0
+
+	for len(runes) > 0 && count < tokenAmount {
+		switch {
+		case isWhitespace(runes[0]):
+			tokens[count], n, err = newWSToken(runes)
+		case isComma(runes[0]):
+			tokens[count], n = newCommaToken(), 1
+		case isComment(runes):
+			tokens[count], n, err = newCommentToken(runes)
+		case isNewline(runes):
+			tokens[count], n, err = newNewlineToken(runes)
+		case isSep(runes):
+			tokens[count], n, err = newSepToken(runes)
+		case isOp(runes):
+			tokens[count], n, err = newOpToken(runes)
+		default:
+			tokens[count], n, err = newLitToken(runes)
+		}
+
+		if err != nil {
+			return nil, err
+		}
+
+		count++
+
+		runes = runes[n:]
+	}
+
+	return tokens[:count], nil
+}
+
+func countTokens(runes []rune) int {
+	count, n := 0, 0
+	var err error
+
+	for len(runes) > 0 {
+		switch {
+		case isWhitespace(runes[0]):
+			_, n, err = newWSToken(runes)
+		case isComma(runes[0]):
+			_, n = newCommaToken(), 1
+		case isComment(runes):
+			_, n, err = newCommentToken(runes)
+		case isNewline(runes):
+			_, n, err = newNewlineToken(runes)
+		case isSep(runes):
+			_, n, err = newSepToken(runes)
+		case isOp(runes):
+			_, n, err = newOpToken(runes)
+		default:
+			_, n, err = newLitToken(runes)
+		}
+
+		if err != nil {
+			return 0
+		}
+
+		count++
+		runes = runes[n:]
+	}
+
+	return count + 1
+}
+
+// Token indicates a metadata about a given value.
+type Token struct {
+	t         TokenType
+	ValueType ValueType
+	base      int
+	raw       []rune
+}
+
+var emptyValue = Value{}
+
+func newToken(t TokenType, raw []rune, v ValueType) Token {
+	return Token{
+		t:         t,
+		raw:       raw,
+		ValueType: v,
+	}
+}
+
+// Raw return the raw runes that were consumed
+func (tok Token) Raw() []rune {
+	return tok.raw
+}
+
+// Type returns the token type
+func (tok Token) Type() TokenType {
+	return tok.t
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go

@@ -0,0 +1,347 @@
+package ini
+
+import (
+	"fmt"
+	"io"
+)
+
+// State enums for the parse table
+const (
+	InvalidState = iota
+	// stmt -> value stmt'
+	StatementState
+	// stmt' -> MarkComplete | op stmt
+	StatementPrimeState
+	// value -> number | string | boolean | quoted_string
+	ValueState
+	// section -> [ section'
+	OpenScopeState
+	// section' -> value section_close
+	SectionState
+	// section_close -> ]
+	CloseScopeState
+	// SkipState will skip (NL WS)+
+	SkipState
+	// SkipTokenState will skip any token and push the previous
+	// state onto the stack.
+	SkipTokenState
+	// comment -> # comment' | ; comment'
+	// comment' -> MarkComplete | value
+	CommentState
+	// MarkComplete state will complete statements and move that
+	// to the completed AST list
+	MarkCompleteState
+	// TerminalState signifies that the tokens have been fully parsed
+	TerminalState
+)
+
+// parseTable is a state machine to dictate the grammar above.
+var parseTable = map[ASTKind]map[TokenType]int{
+	ASTKindStart: map[TokenType]int{
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    TerminalState,
+	},
+	ASTKindCommentStatement: map[TokenType]int{
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindExpr: map[TokenType]int{
+		TokenOp:      StatementPrimeState,
+		TokenLit:     ValueState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      ValueState,
+		TokenNL:      SkipState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindEqualExpr: map[TokenType]int{
+		TokenLit: ValueState,
+		TokenWS:  SkipTokenState,
+		TokenNL:  SkipState,
+	},
+	ASTKindStatement: map[TokenType]int{
+		TokenLit:     SectionState,
+		TokenSep:     CloseScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindExprStatement: map[TokenType]int{
+		TokenLit:     ValueState,
+		TokenSep:     OpenScopeState,
+		TokenOp:      ValueState,
+		TokenWS:      ValueState,
+		TokenNL:      MarkCompleteState,
+		TokenComment: CommentState,
+		TokenNone:    TerminalState,
+		TokenComma:   SkipState,
+	},
+	ASTKindSectionStatement: map[TokenType]int{
+		TokenLit: SectionState,
+		TokenOp:  SectionState,
+		TokenSep: CloseScopeState,
+		TokenWS:  SectionState,
+		TokenNL:  SkipTokenState,
+	},
+	ASTKindCompletedSectionStatement: map[TokenType]int{
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindSkipStatement: map[TokenType]int{
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    TerminalState,
+	},
+}
+
+// ParseAST will parse input from an io.Reader using
+// an LL(1) parser.
+func ParseAST(r io.Reader) ([]AST, error) {
+	lexer := iniLexer{}
+	tokens, err := lexer.Tokenize(r)
+	if err != nil {
+		return []AST{}, err
+	}
+
+	return parse(tokens)
+}
+
+// ParseASTBytes will parse input from a byte slice using
+// an LL(1) parser.
+func ParseASTBytes(b []byte) ([]AST, error) {
+	lexer := iniLexer{}
+	tokens, err := lexer.tokenize(b)
+	if err != nil {
+		return []AST{}, err
+	}
+
+	return parse(tokens)
+}
+
+func parse(tokens []Token) ([]AST, error) {
+	start := Start
+	stack := newParseStack(3, len(tokens))
+
+	stack.Push(start)
+	s := newSkipper()
+
+loop:
+	for stack.Len() > 0 {
+		k := stack.Pop()
+
+		var tok Token
+		if len(tokens) == 0 {
+			// this occurs when all the tokens have been processed
+			// but reduction of what's left on the stack needs to
+			// occur.
+			tok = emptyToken
+		} else {
+			tok = tokens[0]
+		}
+
+		step := parseTable[k.Kind][tok.Type()]
+		if s.ShouldSkip(tok) {
+			// being in a skip state with no tokens will break out of
+			// the parse loop since there is nothing left to process.
+			if len(tokens) == 0 {
+				break loop
+			}
+
+			step = SkipTokenState
+		}
+
+		switch step {
+		case TerminalState:
+			// Finished parsing. Push what should be the last
+			// statement to the stack. If there is anything left
+			// on the stack, an error in parsing has occurred.
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+			break loop
+		case SkipTokenState:
+			// When skipping a token, the previous state was popped off the stack.
+			// To maintain the correct state, the previous state will be pushed
+			// onto the stack.
+			stack.Push(k)
+		case StatementState:
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+			expr := newExpression(tok)
+			stack.Push(expr)
+		case StatementPrimeState:
+			if tok.Type() != TokenOp {
+				stack.MarkComplete(k)
+				continue
+			}
+
+			if k.Kind != ASTKindExpr {
+				return nil, NewParseError(
+					fmt.Sprintf("invalid expression: expected Expr type, but found %T type", k),
+				)
+			}
+
+			k = trimSpaces(k)
+			expr := newEqualExpr(k, tok)
+			stack.Push(expr)
+		case ValueState:
+			// ValueState requires the previous state to either be an equal expression
+			// or an expression statement.
+			//
+			// This grammar occurs when the RHS is a number, word, or quoted string.
+			// equal_expr -> lit op equal_expr'
+			// equal_expr' -> number | string | quoted_string
+			// quoted_string -> " quoted_string'
+			// quoted_string' -> string quoted_string_end
+			// quoted_string_end -> "
+			//
+			// otherwise
+			// expr_stmt -> equal_expr (expr_stmt')*
+			// expr_stmt' -> ws S | op S | MarkComplete
+			// S -> equal_expr' expr_stmt'
+			switch k.Kind {
+			case ASTKindEqualExpr:
+				// assiging a value to some key
+				k.AppendChild(newExpression(tok))
+				stack.Push(newExprStatement(k))
+			case ASTKindExpr:
+				k.Root.raw = append(k.Root.raw, tok.Raw()...)
+				stack.Push(k)
+			case ASTKindExprStatement:
+				root := k.GetRoot()
+				children := root.GetChildren()
+				if len(children) == 0 {
+					return nil, NewParseError(
+						fmt.Sprintf("invalid expression: AST contains no children %s", k.Kind),
+					)
+				}
+
+				rhs := children[len(children)-1]
+
+				if rhs.Root.ValueType != QuotedStringType {
+					rhs.Root.ValueType = StringType
+					rhs.Root.raw = append(rhs.Root.raw, tok.Raw()...)
+
+				}
+
+				children[len(children)-1] = rhs
+				k.SetChildren(children)
+
+				stack.Push(k)
+			}
+		case OpenScopeState:
+			if !runeCompare(tok.Raw(), openBrace) {
+				return nil, NewParseError("expected '['")
+			}
+
+			stmt := newStatement()
+			stack.Push(stmt)
+		case CloseScopeState:
+			if !runeCompare(tok.Raw(), closeBrace) {
+				return nil, NewParseError("expected ']'")
+			}
+
+			k = trimSpaces(k)
+			stack.Push(newCompletedSectionStatement(k))
+		case SectionState:
+			var stmt AST
+
+			switch k.Kind {
+			case ASTKindStatement:
+				// If there are multiple literals inside of a scope declaration,
+				// then the current token's raw value will be appended to the Name.
+				//
+				// This handles cases like [ profile default ]
+				//
+				// k will represent a SectionStatement with the children representing
+				// the label of the section
+				stmt = newSectionStatement(tok)
+			case ASTKindSectionStatement:
+				k.Root.raw = append(k.Root.raw, tok.Raw()...)
+				stmt = k
+			default:
+				return nil, NewParseError(
+					fmt.Sprintf("invalid statement: expected statement: %v", k.Kind),
+				)
+			}
+
+			stack.Push(stmt)
+		case MarkCompleteState:
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+
+			if stack.Len() == 0 {
+				stack.Push(start)
+			}
+		case SkipState:
+			stack.Push(newSkipStatement(k))
+			s.Skip()
+		case CommentState:
+			if k.Kind == ASTKindStart {
+				stack.Push(k)
+			} else {
+				stack.MarkComplete(k)
+			}
+
+			stmt := newCommentStatement(tok)
+			stack.Push(stmt)
+		default:
+			return nil, NewParseError(fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", k, tok))
+		}
+
+		if len(tokens) > 0 {
+			tokens = tokens[1:]
+		}
+	}
+
+	// this occurs when a statement has not been completed
+	if stack.top > 1 {
+		return nil, NewParseError(fmt.Sprintf("incomplete expression: %v", stack.container))
+	}
+
+	// returns a sublist which excludes the start symbol
+	return stack.List(), nil
+}
+
+// trimSpaces will trim spaces on the left and right hand side of
+// the literal.
+func trimSpaces(k AST) AST {
+	// trim left hand side of spaces
+	for i := 0; i < len(k.Root.raw); i++ {
+		if !isWhitespace(k.Root.raw[i]) {
+			break
+		}
+
+		k.Root.raw = k.Root.raw[1:]
+		i--
+	}
+
+	// trim right hand side of spaces
+	for i := len(k.Root.raw) - 1; i >= 0; i-- {
+		if !isWhitespace(k.Root.raw[i]) {
+			break
+		}
+
+		k.Root.raw = k.Root.raw[:len(k.Root.raw)-1]
+	}
+
+	return k
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go

@@ -0,0 +1,324 @@
+package ini
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+var (
+	runesTrue  = []rune("true")
+	runesFalse = []rune("false")
+)
+
+var literalValues = [][]rune{
+	runesTrue,
+	runesFalse,
+}
+
+func isBoolValue(b []rune) bool {
+	for _, lv := range literalValues {
+		if isLitValue(lv, b) {
+			return true
+		}
+	}
+	return false
+}
+
+func isLitValue(want, have []rune) bool {
+	if len(have) < len(want) {
+		return false
+	}
+
+	for i := 0; i < len(want); i++ {
+		if want[i] != have[i] {
+			return false
+		}
+	}
+
+	return true
+}
+
+// isNumberValue will return whether not the leading characters in
+// a byte slice is a number. A number is delimited by whitespace or
+// the newline token.
+//
+// A number is defined to be in a binary, octal, decimal (int | float), hex format,
+// or in scientific notation.
+func isNumberValue(b []rune) bool {
+	negativeIndex := 0
+	helper := numberHelper{}
+	needDigit := false
+
+	for i := 0; i < len(b); i++ {
+		negativeIndex++
+
+		switch b[i] {
+		case '-':
+			if helper.IsNegative() || negativeIndex != 1 {
+				return false
+			}
+			helper.Determine(b[i])
+			needDigit = true
+			continue
+		case 'e', 'E':
+			if err := helper.Determine(b[i]); err != nil {
+				return false
+			}
+			negativeIndex = 0
+			needDigit = true
+			continue
+		case 'b':
+			if helper.numberFormat == hex {
+				break
+			}
+			fallthrough
+		case 'o', 'x':
+			needDigit = true
+			if i == 0 {
+				return false
+			}
+
+			fallthrough
+		case '.':
+			if err := helper.Determine(b[i]); err != nil {
+				return false
+			}
+			needDigit = true
+			continue
+		}
+
+		if i > 0 && (isNewline(b[i:]) || isWhitespace(b[i])) {
+			return !needDigit
+		}
+
+		if !helper.CorrectByte(b[i]) {
+			return false
+		}
+		needDigit = false
+	}
+
+	return !needDigit
+}
+
+func isValid(b []rune) (bool, int, error) {
+	if len(b) == 0 {
+		// TODO: should probably return an error
+		return false, 0, nil
+	}
+
+	return isValidRune(b[0]), 1, nil
+}
+
+func isValidRune(r rune) bool {
+	return r != ':' && r != '=' && r != '[' && r != ']' && r != ' ' && r != '\n'
+}
+
+// ValueType is an enum that will signify what type
+// the Value is
+type ValueType int
+
+func (v ValueType) String() string {
+	switch v {
+	case NoneType:
+		return "NONE"
+	case DecimalType:
+		return "FLOAT"
+	case IntegerType:
+		return "INT"
+	case StringType:
+		return "STRING"
+	case BoolType:
+		return "BOOL"
+	}
+
+	return ""
+}
+
+// ValueType enums
+const (
+	NoneType = ValueType(iota)
+	DecimalType
+	IntegerType
+	StringType
+	QuotedStringType
+	BoolType
+)
+
+// Value is a union container
+type Value struct {
+	Type ValueType
+	raw  []rune
+
+	integer int64
+	decimal float64
+	boolean bool
+	str     string
+}
+
+func newValue(t ValueType, base int, raw []rune) (Value, error) {
+	v := Value{
+		Type: t,
+		raw:  raw,
+	}
+	var err error
+
+	switch t {
+	case DecimalType:
+		v.decimal, err = strconv.ParseFloat(string(raw), 64)
+	case IntegerType:
+		if base != 10 {
+			raw = raw[2:]
+		}
+
+		v.integer, err = strconv.ParseInt(string(raw), base, 64)
+	case StringType:
+		v.str = string(raw)
+	case QuotedStringType:
+		v.str = string(raw[1 : len(raw)-1])
+	case BoolType:
+		v.boolean = runeCompare(v.raw, runesTrue)
+	}
+
+	// issue 2253
+	//
+	// if the value trying to be parsed is too large, then we will use
+	// the 'StringType' and raw value instead.
+	if nerr, ok := err.(*strconv.NumError); ok && nerr.Err == strconv.ErrRange {
+		v.Type = StringType
+		v.str = string(raw)
+		err = nil
+	}
+
+	return v, err
+}
+
+// Append will append values and change the type to a string
+// type.
+func (v *Value) Append(tok Token) {
+	r := tok.Raw()
+	if v.Type != QuotedStringType {
+		v.Type = StringType
+		r = tok.raw[1 : len(tok.raw)-1]
+	}
+	if tok.Type() != TokenLit {
+		v.raw = append(v.raw, tok.Raw()...)
+	} else {
+		v.raw = append(v.raw, r...)
+	}
+}
+
+func (v Value) String() string {
+	switch v.Type {
+	case DecimalType:
+		return fmt.Sprintf("decimal: %f", v.decimal)
+	case IntegerType:
+		return fmt.Sprintf("integer: %d", v.integer)
+	case StringType:
+		return fmt.Sprintf("string: %s", string(v.raw))
+	case QuotedStringType:
+		return fmt.Sprintf("quoted string: %s", string(v.raw))
+	case BoolType:
+		return fmt.Sprintf("bool: %t", v.boolean)
+	default:
+		return "union not set"
+	}
+}
+
+func newLitToken(b []rune) (Token, int, error) {
+	n := 0
+	var err error
+
+	token := Token{}
+	if b[0] == '"' {
+		n, err = getStringValue(b)
+		if err != nil {
+			return token, n, err
+		}
+
+		token = newToken(TokenLit, b[:n], QuotedStringType)
+	} else if isNumberValue(b) {
+		var base int
+		base, n, err = getNumericalValue(b)
+		if err != nil {
+			return token, 0, err
+		}
+
+		value := b[:n]
+		vType := IntegerType
+		if contains(value, '.') || hasExponent(value) {
+			vType = DecimalType
+		}
+		token = newToken(TokenLit, value, vType)
+		token.base = base
+	} else if isBoolValue(b) {
+		n, err = getBoolValue(b)
+
+		token = newToken(TokenLit, b[:n], BoolType)
+	} else {
+		n, err = getValue(b)
+		token = newToken(TokenLit, b[:n], StringType)
+	}
+
+	return token, n, err
+}
+
+// IntValue returns an integer value
+func (v Value) IntValue() int64 {
+	return v.integer
+}
+
+// FloatValue returns a float value
+func (v Value) FloatValue() float64 {
+	return v.decimal
+}
+
+// BoolValue returns a bool value
+func (v Value) BoolValue() bool {
+	return v.boolean
+}
+
+func isTrimmable(r rune) bool {
+	switch r {
+	case '\n', ' ':
+		return true
+	}
+	return false
+}
+
+// StringValue returns the string value
+func (v Value) StringValue() string {
+	switch v.Type {
+	case StringType:
+		return strings.TrimFunc(string(v.raw), isTrimmable)
+	case QuotedStringType:
+		// preserve all characters in the quotes
+		return string(removeEscapedCharacters(v.raw[1 : len(v.raw)-1]))
+	default:
+		return strings.TrimFunc(string(v.raw), isTrimmable)
+	}
+}
+
+func contains(runes []rune, c rune) bool {
+	for i := 0; i < len(runes); i++ {
+		if runes[i] == c {
+			return true
+		}
+	}
+
+	return false
+}
+
+func runeCompare(v1 []rune, v2 []rune) bool {
+	if len(v1) != len(v2) {
+		return false
+	}
+
+	for i := 0; i < len(v1); i++ {
+		if v1[i] != v2[i] {
+			return false
+		}
+	}
+
+	return true
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go

@@ -0,0 +1,30 @@
+package ini
+
+func isNewline(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	if b[0] == '\n' {
+		return true
+	}
+
+	if len(b) < 2 {
+		return false
+	}
+
+	return b[0] == '\r' && b[1] == '\n'
+}
+
+func newNewlineToken(b []rune) (Token, int, error) {
+	i := 1
+	if b[0] == '\r' && isNewline(b[1:]) {
+		i++
+	}
+
+	if !isNewline([]rune(b[:i])) {
+		return emptyToken, 0, NewParseError("invalid new line token")
+	}
+
+	return newToken(TokenNL, b[:i], NoneType), i, nil
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go

@@ -0,0 +1,152 @@
+package ini
+
+import (
+	"bytes"
+	"fmt"
+	"strconv"
+)
+
+const (
+	none = numberFormat(iota)
+	binary
+	octal
+	decimal
+	hex
+	exponent
+)
+
+type numberFormat int
+
+// numberHelper is used to dictate what format a number is in
+// and what to do for negative values. Since -1e-4 is a valid
+// number, we cannot just simply check for duplicate negatives.
+type numberHelper struct {
+	numberFormat numberFormat
+
+	negative         bool
+	negativeExponent bool
+}
+
+func (b numberHelper) Exists() bool {
+	return b.numberFormat != none
+}
+
+func (b numberHelper) IsNegative() bool {
+	return b.negative || b.negativeExponent
+}
+
+func (b *numberHelper) Determine(c rune) error {
+	if b.Exists() {
+		return NewParseError(fmt.Sprintf("multiple number formats: 0%v", string(c)))
+	}
+
+	switch c {
+	case 'b':
+		b.numberFormat = binary
+	case 'o':
+		b.numberFormat = octal
+	case 'x':
+		b.numberFormat = hex
+	case 'e', 'E':
+		b.numberFormat = exponent
+	case '-':
+		if b.numberFormat != exponent {
+			b.negative = true
+		} else {
+			b.negativeExponent = true
+		}
+	case '.':
+		b.numberFormat = decimal
+	default:
+		return NewParseError(fmt.Sprintf("invalid number character: %v", string(c)))
+	}
+
+	return nil
+}
+
+func (b numberHelper) CorrectByte(c rune) bool {
+	switch {
+	case b.numberFormat == binary:
+		if !isBinaryByte(c) {
+			return false
+		}
+	case b.numberFormat == octal:
+		if !isOctalByte(c) {
+			return false
+		}
+	case b.numberFormat == hex:
+		if !isHexByte(c) {
+			return false
+		}
+	case b.numberFormat == decimal:
+		if !isDigit(c) {
+			return false
+		}
+	case b.numberFormat == exponent:
+		if !isDigit(c) {
+			return false
+		}
+	case b.negativeExponent:
+		if !isDigit(c) {
+			return false
+		}
+	case b.negative:
+		if !isDigit(c) {
+			return false
+		}
+	default:
+		if !isDigit(c) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (b numberHelper) Base() int {
+	switch b.numberFormat {
+	case binary:
+		return 2
+	case octal:
+		return 8
+	case hex:
+		return 16
+	default:
+		return 10
+	}
+}
+
+func (b numberHelper) String() string {
+	buf := bytes.Buffer{}
+	i := 0
+
+	switch b.numberFormat {
+	case binary:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": binary format\n")
+	case octal:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": octal format\n")
+	case hex:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": hex format\n")
+	case exponent:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": exponent format\n")
+	default:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": integer format\n")
+	}
+
+	if b.negative {
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": negative format\n")
+	}
+
+	if b.negativeExponent {
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": negative exponent format\n")
+	}
+
+	return buf.String()
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go

@@ -0,0 +1,39 @@
+package ini
+
+import (
+	"fmt"
+)
+
+var (
+	equalOp      = []rune("=")
+	equalColonOp = []rune(":")
+)
+
+func isOp(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	switch b[0] {
+	case '=':
+		return true
+	case ':':
+		return true
+	default:
+		return false
+	}
+}
+
+func newOpToken(b []rune) (Token, int, error) {
+	tok := Token{}
+
+	switch b[0] {
+	case '=':
+		tok = newToken(TokenOp, equalOp, NoneType)
+	case ':':
+		tok = newToken(TokenOp, equalColonOp, NoneType)
+	default:
+		return tok, 0, NewParseError(fmt.Sprintf("unexpected op type, %v", b[0]))
+	}
+	return tok, 1, nil
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go

@@ -0,0 +1,43 @@
+package ini
+
+import "fmt"
+
+const (
+	// ErrCodeParseError is returned when a parsing error
+	// has occurred.
+	ErrCodeParseError = "INIParseError"
+)
+
+// ParseError is an error which is returned during any part of
+// the parsing process.
+type ParseError struct {
+	msg string
+}
+
+// NewParseError will return a new ParseError where message
+// is the description of the error.
+func NewParseError(message string) *ParseError {
+	return &ParseError{
+		msg: message,
+	}
+}
+
+// Code will return the ErrCodeParseError
+func (err *ParseError) Code() string {
+	return ErrCodeParseError
+}
+
+// Message returns the error's message
+func (err *ParseError) Message() string {
+	return err.msg
+}
+
+// OrigError return nothing since there will never be any
+// original error.
+func (err *ParseError) OrigError() error {
+	return nil
+}
+
+func (err *ParseError) Error() string {
+	return fmt.Sprintf("%s: %s", err.Code(), err.Message())
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go

@@ -0,0 +1,60 @@
+package ini
+
+import (
+	"bytes"
+	"fmt"
+)
+
+// ParseStack is a stack that contains a container, the stack portion,
+// and the list which is the list of ASTs that have been successfully
+// parsed.
+type ParseStack struct {
+	top       int
+	container []AST
+	list      []AST
+	index     int
+}
+
+func newParseStack(sizeContainer, sizeList int) ParseStack {
+	return ParseStack{
+		container: make([]AST, sizeContainer),
+		list:      make([]AST, sizeList),
+	}
+}
+
+// Pop will return and truncate the last container element.
+func (s *ParseStack) Pop() AST {
+	s.top--
+	return s.container[s.top]
+}
+
+// Push will add the new AST to the container
+func (s *ParseStack) Push(ast AST) {
+	s.container[s.top] = ast
+	s.top++
+}
+
+// MarkComplete will append the AST to the list of completed statements
+func (s *ParseStack) MarkComplete(ast AST) {
+	s.list[s.index] = ast
+	s.index++
+}
+
+// List will return the completed statements
+func (s ParseStack) List() []AST {
+	return s.list[:s.index]
+}
+
+// Len will return the length of the container
+func (s *ParseStack) Len() int {
+	return s.top
+}
+
+func (s ParseStack) String() string {
+	buf := bytes.Buffer{}
+	for i, node := range s.list {
+		buf.WriteString(fmt.Sprintf("%d: %v\n", i+1, node))
+	}
+
+	return buf.String()
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go

@@ -0,0 +1,41 @@
+package ini
+
+import (
+	"fmt"
+)
+
+var (
+	emptyRunes = []rune{}
+)
+
+func isSep(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	switch b[0] {
+	case '[', ']':
+		return true
+	default:
+		return false
+	}
+}
+
+var (
+	openBrace  = []rune("[")
+	closeBrace = []rune("]")
+)
+
+func newSepToken(b []rune) (Token, int, error) {
+	tok := Token{}
+
+	switch b[0] {
+	case '[':
+		tok = newToken(TokenSep, openBrace, NoneType)
+	case ']':
+		tok = newToken(TokenSep, closeBrace, NoneType)
+	default:
+		return tok, 0, NewParseError(fmt.Sprintf("unexpected sep type, %v", b[0]))
+	}
+	return tok, 1, nil
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go

@@ -0,0 +1,45 @@
+package ini
+
+// skipper is used to skip certain blocks of an ini file.
+// Currently skipper is used to skip nested blocks of ini
+// files. See example below
+//
+//	[ foo ]
+//	nested = ; this section will be skipped
+//		a=b
+//		c=d
+//	bar=baz ; this will be included
+type skipper struct {
+	shouldSkip bool
+	TokenSet   bool
+	prevTok    Token
+}
+
+func newSkipper() skipper {
+	return skipper{
+		prevTok: emptyToken,
+	}
+}
+
+func (s *skipper) ShouldSkip(tok Token) bool {
+	if s.shouldSkip &&
+		s.prevTok.Type() == TokenNL &&
+		tok.Type() != TokenWS {
+
+		s.Continue()
+		return false
+	}
+	s.prevTok = tok
+
+	return s.shouldSkip
+}
+
+func (s *skipper) Skip() {
+	s.shouldSkip = true
+	s.prevTok = emptyToken
+}
+
+func (s *skipper) Continue() {
+	s.shouldSkip = false
+	s.prevTok = emptyToken
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go

@@ -0,0 +1,35 @@
+package ini
+
+// Statement is an empty AST mostly used for transitioning states.
+func newStatement() AST {
+	return newAST(ASTKindStatement, AST{})
+}
+
+// SectionStatement represents a section AST
+func newSectionStatement(tok Token) AST {
+	return newASTWithRootToken(ASTKindSectionStatement, tok)
+}
+
+// ExprStatement represents a completed expression AST
+func newExprStatement(ast AST) AST {
+	return newAST(ASTKindExprStatement, ast)
+}
+
+// CommentStatement represents a comment in the ini definition.
+//
+//	grammar:
+//	comment -> #comment' | ;comment'
+//	comment' -> epsilon | value
+func newCommentStatement(tok Token) AST {
+	return newAST(ASTKindCommentStatement, newExpression(tok))
+}
+
+// CompletedSectionStatement represents a completed section
+func newCompletedSectionStatement(ast AST) AST {
+	return newAST(ASTKindCompletedSectionStatement, ast)
+}
+
+// SkipStatement is used to skip whole statements
+func newSkipStatement(ast AST) AST {
+	return newAST(ASTKindSkipStatement, ast)
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go

@@ -0,0 +1,284 @@
+package ini
+
+import (
+	"fmt"
+)
+
+// getStringValue will return a quoted string and the amount
+// of bytes read
+//
+// an error will be returned if the string is not properly formatted
+func getStringValue(b []rune) (int, error) {
+	if b[0] != '"' {
+		return 0, NewParseError("strings must start with '\"'")
+	}
+
+	endQuote := false
+	i := 1
+
+	for ; i < len(b) && !endQuote; i++ {
+		if escaped := isEscaped(b[:i], b[i]); b[i] == '"' && !escaped {
+			endQuote = true
+			break
+		} else if escaped {
+			/*c, err := getEscapedByte(b[i])
+			if err != nil {
+				return 0, err
+			}
+
+			b[i-1] = c
+			b = append(b[:i], b[i+1:]...)
+			i--*/
+
+			continue
+		}
+	}
+
+	if !endQuote {
+		return 0, NewParseError("missing '\"' in string value")
+	}
+
+	return i + 1, nil
+}
+
+// getBoolValue will return a boolean and the amount
+// of bytes read
+//
+// an error will be returned if the boolean is not of a correct
+// value
+func getBoolValue(b []rune) (int, error) {
+	if len(b) < 4 {
+		return 0, NewParseError("invalid boolean value")
+	}
+
+	n := 0
+	for _, lv := range literalValues {
+		if len(lv) > len(b) {
+			continue
+		}
+
+		if isLitValue(lv, b) {
+			n = len(lv)
+		}
+	}
+
+	if n == 0 {
+		return 0, NewParseError("invalid boolean value")
+	}
+
+	return n, nil
+}
+
+// getNumericalValue will return a numerical string, the amount
+// of bytes read, and the base of the number
+//
+// an error will be returned if the number is not of a correct
+// value
+func getNumericalValue(b []rune) (int, int, error) {
+	if !isDigit(b[0]) {
+		return 0, 0, NewParseError("invalid digit value")
+	}
+
+	i := 0
+	helper := numberHelper{}
+
+loop:
+	for negativeIndex := 0; i < len(b); i++ {
+		negativeIndex++
+
+		if !isDigit(b[i]) {
+			switch b[i] {
+			case '-':
+				if helper.IsNegative() || negativeIndex != 1 {
+					return 0, 0, NewParseError("parse error '-'")
+				}
+
+				n := getNegativeNumber(b[i:])
+				i += (n - 1)
+				helper.Determine(b[i])
+				continue
+			case '.':
+				if err := helper.Determine(b[i]); err != nil {
+					return 0, 0, err
+				}
+			case 'e', 'E':
+				if err := helper.Determine(b[i]); err != nil {
+					return 0, 0, err
+				}
+
+				negativeIndex = 0
+			case 'b':
+				if helper.numberFormat == hex {
+					break
+				}
+				fallthrough
+			case 'o', 'x':
+				if i == 0 && b[i] != '0' {
+					return 0, 0, NewParseError("incorrect base format, expected leading '0'")
+				}
+
+				if i != 1 {
+					return 0, 0, NewParseError(fmt.Sprintf("incorrect base format found %s at %d index", string(b[i]), i))
+				}
+
+				if err := helper.Determine(b[i]); err != nil {
+					return 0, 0, err
+				}
+			default:
+				if isWhitespace(b[i]) {
+					break loop
+				}
+
+				if isNewline(b[i:]) {
+					break loop
+				}
+
+				if !(helper.numberFormat == hex && isHexByte(b[i])) {
+					if i+2 < len(b) && !isNewline(b[i:i+2]) {
+						return 0, 0, NewParseError("invalid numerical character")
+					} else if !isNewline([]rune{b[i]}) {
+						return 0, 0, NewParseError("invalid numerical character")
+					}
+
+					break loop
+				}
+			}
+		}
+	}
+
+	return helper.Base(), i, nil
+}
+
+// isDigit will return whether or not something is an integer
+func isDigit(b rune) bool {
+	return b >= '0' && b <= '9'
+}
+
+func hasExponent(v []rune) bool {
+	return contains(v, 'e') || contains(v, 'E')
+}
+
+func isBinaryByte(b rune) bool {
+	switch b {
+	case '0', '1':
+		return true
+	default:
+		return false
+	}
+}
+
+func isOctalByte(b rune) bool {
+	switch b {
+	case '0', '1', '2', '3', '4', '5', '6', '7':
+		return true
+	default:
+		return false
+	}
+}
+
+func isHexByte(b rune) bool {
+	if isDigit(b) {
+		return true
+	}
+	return (b >= 'A' && b <= 'F') ||
+		(b >= 'a' && b <= 'f')
+}
+
+func getValue(b []rune) (int, error) {
+	i := 0
+
+	for i < len(b) {
+		if isNewline(b[i:]) {
+			break
+		}
+
+		if isOp(b[i:]) {
+			break
+		}
+
+		valid, n, err := isValid(b[i:])
+		if err != nil {
+			return 0, err
+		}
+
+		if !valid {
+			break
+		}
+
+		i += n
+	}
+
+	return i, nil
+}
+
+// getNegativeNumber will return a negative number from a
+// byte slice. This will iterate through all characters until
+// a non-digit has been found.
+func getNegativeNumber(b []rune) int {
+	if b[0] != '-' {
+		return 0
+	}
+
+	i := 1
+	for ; i < len(b); i++ {
+		if !isDigit(b[i]) {
+			return i
+		}
+	}
+
+	return i
+}
+
+// isEscaped will return whether or not the character is an escaped
+// character.
+func isEscaped(value []rune, b rune) bool {
+	if len(value) == 0 {
+		return false
+	}
+
+	switch b {
+	case '\'': // single quote
+	case '"': // quote
+	case 'n': // newline
+	case 't': // tab
+	case '\\': // backslash
+	default:
+		return false
+	}
+
+	return value[len(value)-1] == '\\'
+}
+
+func getEscapedByte(b rune) (rune, error) {
+	switch b {
+	case '\'': // single quote
+		return '\'', nil
+	case '"': // quote
+		return '"', nil
+	case 'n': // newline
+		return '\n', nil
+	case 't': // table
+		return '\t', nil
+	case '\\': // backslash
+		return '\\', nil
+	default:
+		return b, NewParseError(fmt.Sprintf("invalid escaped character %c", b))
+	}
+}
+
+func removeEscapedCharacters(b []rune) []rune {
+	for i := 0; i < len(b); i++ {
+		if isEscaped(b[:i], b[i]) {
+			c, err := getEscapedByte(b[i])
+			if err != nil {
+				return b
+			}
+
+			b[i-1] = c
+			b = append(b[:i], b[i+1:]...)
+			i--
+		}
+	}
+
+	return b
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go

@@ -0,0 +1,166 @@
+package ini
+
+import (
+	"fmt"
+	"sort"
+)
+
+// Visitor is an interface used by walkers that will
+// traverse an array of ASTs.
+type Visitor interface {
+	VisitExpr(AST) error
+	VisitStatement(AST) error
+}
+
+// DefaultVisitor is used to visit statements and expressions
+// and ensure that they are both of the correct format.
+// In addition, upon visiting this will build sections and populate
+// the Sections field which can be used to retrieve profile
+// configuration.
+type DefaultVisitor struct {
+	scope    string
+	Sections Sections
+}
+
+// NewDefaultVisitor return a DefaultVisitor
+func NewDefaultVisitor() *DefaultVisitor {
+	return &DefaultVisitor{
+		Sections: Sections{
+			container: map[string]Section{},
+		},
+	}
+}
+
+// VisitExpr visits expressions...
+func (v *DefaultVisitor) VisitExpr(expr AST) error {
+	t := v.Sections.container[v.scope]
+	if t.values == nil {
+		t.values = values{}
+	}
+
+	switch expr.Kind {
+	case ASTKindExprStatement:
+		opExpr := expr.GetRoot()
+		switch opExpr.Kind {
+		case ASTKindEqualExpr:
+			children := opExpr.GetChildren()
+			if len(children) <= 1 {
+				return NewParseError("unexpected token type")
+			}
+
+			rhs := children[1]
+
+			if rhs.Root.Type() != TokenLit {
+				return NewParseError("unexpected token type")
+			}
+
+			key := EqualExprKey(opExpr)
+			v, err := newValue(rhs.Root.ValueType, rhs.Root.base, rhs.Root.Raw())
+			if err != nil {
+				return err
+			}
+
+			t.values[key] = v
+		default:
+			return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
+		}
+	default:
+		return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
+	}
+
+	v.Sections.container[v.scope] = t
+	return nil
+}
+
+// VisitStatement visits statements...
+func (v *DefaultVisitor) VisitStatement(stmt AST) error {
+	switch stmt.Kind {
+	case ASTKindCompletedSectionStatement:
+		child := stmt.GetRoot()
+		if child.Kind != ASTKindSectionStatement {
+			return NewParseError(fmt.Sprintf("unsupported child statement: %T", child))
+		}
+
+		name := string(child.Root.Raw())
+		v.Sections.container[name] = Section{}
+		v.scope = name
+	default:
+		return NewParseError(fmt.Sprintf("unsupported statement: %s", stmt.Kind))
+	}
+
+	return nil
+}
+
+// Sections is a map of Section structures that represent
+// a configuration.
+type Sections struct {
+	container map[string]Section
+}
+
+// GetSection will return section p. If section p does not exist,
+// false will be returned in the second parameter.
+func (t Sections) GetSection(p string) (Section, bool) {
+	v, ok := t.container[p]
+	return v, ok
+}
+
+// values represents a map of union values.
+type values map[string]Value
+
+// List will return a list of all sections that were successfully
+// parsed.
+func (t Sections) List() []string {
+	keys := make([]string, len(t.container))
+	i := 0
+	for k := range t.container {
+		keys[i] = k
+		i++
+	}
+
+	sort.Strings(keys)
+	return keys
+}
+
+// Section contains a name and values. This represent
+// a sectioned entry in a configuration file.
+type Section struct {
+	Name   string
+	values values
+}
+
+// Has will return whether or not an entry exists in a given section
+func (t Section) Has(k string) bool {
+	_, ok := t.values[k]
+	return ok
+}
+
+// ValueType will returned what type the union is set to. If
+// k was not found, the NoneType will be returned.
+func (t Section) ValueType(k string) (ValueType, bool) {
+	v, ok := t.values[k]
+	return v.Type, ok
+}
+
+// Bool returns a bool value at k
+func (t Section) Bool(k string) bool {
+	return t.values[k].BoolValue()
+}
+
+// Int returns an integer value at k
+func (t Section) Int(k string) int64 {
+	return t.values[k].IntValue()
+}
+
+// Float64 returns a float value at k
+func (t Section) Float64(k string) float64 {
+	return t.values[k].FloatValue()
+}
+
+// String returns the string value at k
+func (t Section) String(k string) string {
+	_, ok := t.values[k]
+	if !ok {
+		return ""
+	}
+	return t.values[k].StringValue()
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go

@@ -0,0 +1,25 @@
+package ini
+
+// Walk will traverse the AST using the v, the Visitor.
+func Walk(tree []AST, v Visitor) error {
+	for _, node := range tree {
+		switch node.Kind {
+		case ASTKindExpr,
+			ASTKindExprStatement:
+
+			if err := v.VisitExpr(node); err != nil {
+				return err
+			}
+		case ASTKindStatement,
+			ASTKindCompletedSectionStatement,
+			ASTKindNestedSectionStatement,
+			ASTKindCompletedNestedSectionStatement:
+
+			if err := v.VisitStatement(node); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}

vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go

@@ -0,0 +1,24 @@
+package ini
+
+import (
+	"unicode"
+)
+
+// isWhitespace will return whether or not the character is
+// a whitespace character.
+//
+// Whitespace is defined as a space or tab.
+func isWhitespace(c rune) bool {
+	return unicode.IsSpace(c) && c != '\n' && c != '\r'
+}
+
+func newWSToken(b []rune) (Token, int, error) {
+	i := 0
+	for ; i < len(b); i++ {
+		if !isWhitespace(b[i]) {
+			break
+		}
+	}
+
+	return newToken(TokenWS, b[:i], NoneType), i, nil
+}

vendor/github.com/aws/aws-sdk-go/internal/s3err/error.go

@@ -0,0 +1,57 @@
+package s3err
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// RequestFailure provides additional S3 specific metadata for the request
+// failure.
+type RequestFailure struct {
+	awserr.RequestFailure
+
+	hostID string
+}
+
+// NewRequestFailure returns a request failure error decordated with S3
+// specific metadata.
+func NewRequestFailure(err awserr.RequestFailure, hostID string) *RequestFailure {
+	return &RequestFailure{RequestFailure: err, hostID: hostID}
+}
+
+func (r RequestFailure) Error() string {
+	extra := fmt.Sprintf("status code: %d, request id: %s, host id: %s",
+		r.StatusCode(), r.RequestID(), r.hostID)
+	return awserr.SprintError(r.Code(), r.Message(), extra, r.OrigErr())
+}
+func (r RequestFailure) String() string {
+	return r.Error()
+}
+
+// HostID returns the HostID request response value.
+func (r RequestFailure) HostID() string {
+	return r.hostID
+}
+
+// RequestFailureWrapperHandler returns a handler to rap an
+// awserr.RequestFailure with the  S3 request ID 2 from the response.
+func RequestFailureWrapperHandler() request.NamedHandler {
+	return request.NamedHandler{
+		Name: "awssdk.s3.errorHandler",
+		Fn: func(req *request.Request) {
+			reqErr, ok := req.Error.(awserr.RequestFailure)
+			if !ok || reqErr == nil {
+				return
+			}
+
+			hostID := req.HTTPResponse.Header.Get("X-Amz-Id-2")
+			if req.Error == nil {
+				return
+			}
+
+			req.Error = NewRequestFailure(reqErr, hostID)
+		},
+	}
+}

vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go

@@ -0,0 +1,23 @@
+package sdkuri
+
+import (
+	"path"
+	"strings"
+)
+
+// PathJoin will join the elements of the path delimited by the "/"
+// character. Similar to path.Join with the exception the trailing "/"
+// character is preserved if present.
+func PathJoin(elems ...string) string {
+	if len(elems) == 0 {
+		return ""
+	}
+
+	hasTrailing := strings.HasSuffix(elems[len(elems)-1], "/")
+	str := path.Join(elems...)
+	if hasTrailing && str != "/" {
+		str += "/"
+	}
+
+	return str
+}

vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go

@@ -0,0 +1,12 @@
+package shareddefaults
+
+const (
+	// ECSCredsProviderEnvVar is an environmental variable key used to
+	// determine which path needs to be hit.
+	ECSCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+)
+
+// ECSContainerCredentialsURI is the endpoint to retrieve container
+// credentials. This can be overridden to test to ensure the credential process
+// is behaving correctly.
+var ECSContainerCredentialsURI = "http://169.254.170.2"

vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go

@@ -27,7 +27,11 @@ func Unmarshal(r *request.Request) {
 		decoder := xml.NewDecoder(r.HTTPResponse.Body)
 		err := xmlutil.UnmarshalXML(r.Data, decoder, "")
 		if err != nil {
-			r.Error = awserr.New("SerializationError", "failed decoding EC2 Query response", err)
+			r.Error = awserr.NewRequestFailure(
+				awserr.New("SerializationError", "failed decoding EC2 Query response", err),
+				r.HTTPResponse.StatusCode,
+				r.RequestID,
+			)
 			return
 		}
 	}
@@ -52,7 +56,11 @@ func UnmarshalError(r *request.Request) {
 	resp := &xmlErrorResponse{}
 	err := xml.NewDecoder(r.HTTPResponse.Body).Decode(resp)
 	if err != nil && err != io.EOF {
-		r.Error = awserr.New("SerializationError", "failed decoding EC2 Query error response", err)
+		r.Error = awserr.NewRequestFailure(
+			awserr.New("SerializationError", "failed decoding EC2 Query error response", err),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
 	} else {
 		r.Error = awserr.NewRequestFailure(
 			awserr.New(resp.Code, resp.Message, nil),

vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/api.go

@@ -94,6 +94,9 @@ func (r *EventReader) ReadEvent() (event interface{}, err error) {
 	switch typ {
 	case EventMessageType:
 		return r.unmarshalEventMessage(msg)
+	case ExceptionMessageType:
+		err = r.unmarshalEventException(msg)
+		return nil, err
 	case ErrorMessageType:
 		return nil, r.unmarshalErrorMessage(msg)
 	default:
@@ -122,6 +125,39 @@ func (r *EventReader) unmarshalEventMessage(
 	return ev, nil
 }
 
+func (r *EventReader) unmarshalEventException(
+	msg eventstream.Message,
+) (err error) {
+	eventType, err := GetHeaderString(msg, ExceptionTypeHeader)
+	if err != nil {
+		return err
+	}
+
+	ev, err := r.unmarshalerForEventType(eventType)
+	if err != nil {
+		return err
+	}
+
+	err = ev.UnmarshalEvent(r.payloadUnmarshaler, msg)
+	if err != nil {
+		return err
+	}
+
+	var ok bool
+	err, ok = ev.(error)
+	if !ok {
+		err = messageError{
+			code: "SerializationError",
+			msg: fmt.Sprintf(
+				"event stream exception %s mapped to non-error %T, %v",
+				eventType, ev, ev,
+			),
+		}
+	}
+
+	return err
+}
+
 func (r *EventReader) unmarshalErrorMessage(msg eventstream.Message) (err error) {
 	var msgErr messageError
 

vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go

@@ -464,7 +464,7 @@ func (v *TimestampValue) decode(r io.Reader) error {
 func timeFromEpochMilli(t int64) time.Time {
 	secs := t / 1e3
 	msec := t % 1e3
-	return time.Unix(secs, msec*int64(time.Millisecond))
+	return time.Unix(secs, msec*int64(time.Millisecond)).UTC()
 }
 
 // An UUIDValue provides eventstream encoding, and representation of a UUID

vendor/github.com/aws/aws-sdk-go/private/protocol/host.go

@@ -0,0 +1,68 @@
+package protocol
+
+import (
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// ValidateEndpointHostHandler is a request handler that will validate the
+// request endpoint's hosts is a valid RFC 3986 host.
+var ValidateEndpointHostHandler = request.NamedHandler{
+	Name: "awssdk.protocol.ValidateEndpointHostHandler",
+	Fn: func(r *request.Request) {
+		err := ValidateEndpointHost(r.Operation.Name, r.HTTPRequest.URL.Host)
+		if err != nil {
+			r.Error = err
+		}
+	},
+}
+
+// ValidateEndpointHost validates that the host string passed in is a valid RFC
+// 3986 host. Returns error if the host is not valid.
+func ValidateEndpointHost(opName, host string) error {
+	paramErrs := request.ErrInvalidParams{Context: opName}
+	labels := strings.Split(host, ".")
+
+	for i, label := range labels {
+		if i == len(labels)-1 && len(label) == 0 {
+			// Allow trailing dot for FQDN hosts.
+			continue
+		}
+
+		if !ValidHostLabel(label) {
+			paramErrs.Add(request.NewErrParamFormat(
+				"endpoint host label", "[a-zA-Z0-9-]{1,63}", label))
+		}
+	}
+
+	if len(host) > 255 {
+		paramErrs.Add(request.NewErrParamMaxLen(
+			"endpoint host", 255, host,
+		))
+	}
+
+	if paramErrs.Len() > 0 {
+		return paramErrs
+	}
+	return nil
+}
+
+// ValidHostLabel returns if the label is a valid RFC 3986 host label.
+func ValidHostLabel(label string) bool {
+	if l := len(label); l == 0 || l > 63 {
+		return false
+	}
+	for _, r := range label {
+		switch {
+		case r >= '0' && r <= '9':
+		case r >= 'A' && r <= 'Z':
+		case r >= 'a' && r <= 'z':
+		case r == '-':
+		default:
+			return false
+		}
+	}
+
+	return true
+}

vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go

@@ -0,0 +1,54 @@
+package protocol
+
+import (
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// HostPrefixHandlerName is the handler name for the host prefix request
+// handler.
+const HostPrefixHandlerName = "awssdk.endpoint.HostPrefixHandler"
+
+// NewHostPrefixHandler constructs a build handler
+func NewHostPrefixHandler(prefix string, labelsFn func() map[string]string) request.NamedHandler {
+	builder := HostPrefixBuilder{
+		Prefix:   prefix,
+		LabelsFn: labelsFn,
+	}
+
+	return request.NamedHandler{
+		Name: HostPrefixHandlerName,
+		Fn:   builder.Build,
+	}
+}
+
+// HostPrefixBuilder provides the request handler to expand and prepend
+// the host prefix into the operation's request endpoint host.
+type HostPrefixBuilder struct {
+	Prefix   string
+	LabelsFn func() map[string]string
+}
+
+// Build updates the passed in Request with the HostPrefix template expanded.
+func (h HostPrefixBuilder) Build(r *request.Request) {
+	if aws.BoolValue(r.Config.DisableEndpointHostPrefix) {
+		return
+	}
+
+	var labels map[string]string
+	if h.LabelsFn != nil {
+		labels = h.LabelsFn()
+	}
+
+	prefix := h.Prefix
+	for name, value := range labels {
+		prefix = strings.Replace(prefix, "{"+name+"}", value, -1)
+	}
+
+	r.HTTPRequest.URL.Host = prefix + r.HTTPRequest.URL.Host
+	if len(r.HTTPRequest.Host) > 0 {
+		r.HTTPRequest.Host = prefix + r.HTTPRequest.Host
+	}
+}

vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go

@@ -0,0 +1,296 @@
+// Package jsonutil provides JSON serialization of AWS requests and responses.
+package jsonutil
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"math"
+	"reflect"
+	"sort"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+var timeType = reflect.ValueOf(time.Time{}).Type()
+var byteSliceType = reflect.ValueOf([]byte{}).Type()
+
+// BuildJSON builds a JSON string for a given object v.
+func BuildJSON(v interface{}) ([]byte, error) {
+	var buf bytes.Buffer
+
+	err := buildAny(reflect.ValueOf(v), &buf, "")
+	return buf.Bytes(), err
+}
+
+func buildAny(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	origVal := value
+	value = reflect.Indirect(value)
+	if !value.IsValid() {
+		return nil
+	}
+
+	vtype := value.Type()
+
+	t := tag.Get("type")
+	if t == "" {
+		switch vtype.Kind() {
+		case reflect.Struct:
+			// also it can't be a time object
+			if value.Type() != timeType {
+				t = "structure"
+			}
+		case reflect.Slice:
+			// also it can't be a byte slice
+			if _, ok := value.Interface().([]byte); !ok {
+				t = "list"
+			}
+		case reflect.Map:
+			// cannot be a JSONValue map
+			if _, ok := value.Interface().(aws.JSONValue); !ok {
+				t = "map"
+			}
+		}
+	}
+
+	switch t {
+	case "structure":
+		if field, ok := vtype.FieldByName("_"); ok {
+			tag = field.Tag
+		}
+		return buildStruct(value, buf, tag)
+	case "list":
+		return buildList(value, buf, tag)
+	case "map":
+		return buildMap(value, buf, tag)
+	default:
+		return buildScalar(origVal, buf, tag)
+	}
+}
+
+func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	if !value.IsValid() {
+		return nil
+	}
+
+	// unwrap payloads
+	if payload := tag.Get("payload"); payload != "" {
+		field, _ := value.Type().FieldByName(payload)
+		tag = field.Tag
+		value = elemOf(value.FieldByName(payload))
+
+		if !value.IsValid() {
+			return nil
+		}
+	}
+
+	buf.WriteByte('{')
+
+	t := value.Type()
+	first := true
+	for i := 0; i < t.NumField(); i++ {
+		member := value.Field(i)
+
+		// This allocates the most memory.
+		// Additionally, we cannot skip nil fields due to
+		// idempotency auto filling.
+		field := t.Field(i)
+
+		if field.PkgPath != "" {
+			continue // ignore unexported fields
+		}
+		if field.Tag.Get("json") == "-" {
+			continue
+		}
+		if field.Tag.Get("location") != "" {
+			continue // ignore non-body elements
+		}
+		if field.Tag.Get("ignore") != "" {
+			continue
+		}
+
+		if protocol.CanSetIdempotencyToken(member, field) {
+			token := protocol.GetIdempotencyToken()
+			member = reflect.ValueOf(&token)
+		}
+
+		if (member.Kind() == reflect.Ptr || member.Kind() == reflect.Slice || member.Kind() == reflect.Map) && member.IsNil() {
+			continue // ignore unset fields
+		}
+
+		if first {
+			first = false
+		} else {
+			buf.WriteByte(',')
+		}
+
+		// figure out what this field is called
+		name := field.Name
+		if locName := field.Tag.Get("locationName"); locName != "" {
+			name = locName
+		}
+
+		writeString(name, buf)
+		buf.WriteString(`:`)
+
+		err := buildAny(member, buf, field.Tag)
+		if err != nil {
+			return err
+		}
+
+	}
+
+	buf.WriteString("}")
+
+	return nil
+}
+
+func buildList(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	buf.WriteString("[")
+
+	for i := 0; i < value.Len(); i++ {
+		buildAny(value.Index(i), buf, "")
+
+		if i < value.Len()-1 {
+			buf.WriteString(",")
+		}
+	}
+
+	buf.WriteString("]")
+
+	return nil
+}
+
+type sortedValues []reflect.Value
+
+func (sv sortedValues) Len() int           { return len(sv) }
+func (sv sortedValues) Swap(i, j int)      { sv[i], sv[j] = sv[j], sv[i] }
+func (sv sortedValues) Less(i, j int) bool { return sv[i].String() < sv[j].String() }
+
+func buildMap(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	buf.WriteString("{")
+
+	sv := sortedValues(value.MapKeys())
+	sort.Sort(sv)
+
+	for i, k := range sv {
+		if i > 0 {
+			buf.WriteByte(',')
+		}
+
+		writeString(k.String(), buf)
+		buf.WriteString(`:`)
+
+		buildAny(value.MapIndex(k), buf, "")
+	}
+
+	buf.WriteString("}")
+
+	return nil
+}
+
+func buildScalar(v reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	// prevents allocation on the heap.
+	scratch := [64]byte{}
+	switch value := reflect.Indirect(v); value.Kind() {
+	case reflect.String:
+		writeString(value.String(), buf)
+	case reflect.Bool:
+		if value.Bool() {
+			buf.WriteString("true")
+		} else {
+			buf.WriteString("false")
+		}
+	case reflect.Int64:
+		buf.Write(strconv.AppendInt(scratch[:0], value.Int(), 10))
+	case reflect.Float64:
+		f := value.Float()
+		if math.IsInf(f, 0) || math.IsNaN(f) {
+			return &json.UnsupportedValueError{Value: v, Str: strconv.FormatFloat(f, 'f', -1, 64)}
+		}
+		buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64))
+	default:
+		switch converted := value.Interface().(type) {
+		case time.Time:
+			format := tag.Get("timestampFormat")
+			if len(format) == 0 {
+				format = protocol.UnixTimeFormatName
+			}
+
+			ts := protocol.FormatTime(format, converted)
+			if format != protocol.UnixTimeFormatName {
+				ts = `"` + ts + `"`
+			}
+
+			buf.WriteString(ts)
+		case []byte:
+			if !value.IsNil() {
+				buf.WriteByte('"')
+				if len(converted) < 1024 {
+					// for small buffers, using Encode directly is much faster.
+					dst := make([]byte, base64.StdEncoding.EncodedLen(len(converted)))
+					base64.StdEncoding.Encode(dst, converted)
+					buf.Write(dst)
+				} else {
+					// for large buffers, avoid unnecessary extra temporary
+					// buffer space.
+					enc := base64.NewEncoder(base64.StdEncoding, buf)
+					enc.Write(converted)
+					enc.Close()
+				}
+				buf.WriteByte('"')
+			}
+		case aws.JSONValue:
+			str, err := protocol.EncodeJSONValue(converted, protocol.QuotedEscape)
+			if err != nil {
+				return fmt.Errorf("unable to encode JSONValue, %v", err)
+			}
+			buf.WriteString(str)
+		default:
+			return fmt.Errorf("unsupported JSON value %v (%s)", value.Interface(), value.Type())
+		}
+	}
+	return nil
+}
+
+var hex = "0123456789abcdef"
+
+func writeString(s string, buf *bytes.Buffer) {
+	buf.WriteByte('"')
+	for i := 0; i < len(s); i++ {
+		if s[i] == '"' {
+			buf.WriteString(`\"`)
+		} else if s[i] == '\\' {
+			buf.WriteString(`\\`)
+		} else if s[i] == '\b' {
+			buf.WriteString(`\b`)
+		} else if s[i] == '\f' {
+			buf.WriteString(`\f`)
+		} else if s[i] == '\r' {
+			buf.WriteString(`\r`)
+		} else if s[i] == '\t' {
+			buf.WriteString(`\t`)
+		} else if s[i] == '\n' {
+			buf.WriteString(`\n`)
+		} else if s[i] < 32 {
+			buf.WriteString("\\u00")
+			buf.WriteByte(hex[s[i]>>4])
+			buf.WriteByte(hex[s[i]&0xF])
+		} else {
+			buf.WriteByte(s[i])
+		}
+	}
+	buf.WriteByte('"')
+}
+
+// Returns the reflection element of a value, if it is a pointer.
+func elemOf(value reflect.Value) reflect.Value {
+	for value.Kind() == reflect.Ptr {
+		value = value.Elem()
+	}
+	return value
+}

vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go

@@ -0,0 +1,228 @@
+package jsonutil
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"reflect"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+// UnmarshalJSON reads a stream and unmarshals the results in object v.
+func UnmarshalJSON(v interface{}, stream io.Reader) error {
+	var out interface{}
+
+	err := json.NewDecoder(stream).Decode(&out)
+	if err == io.EOF {
+		return nil
+	} else if err != nil {
+		return err
+	}
+
+	return unmarshalAny(reflect.ValueOf(v), out, "")
+}
+
+func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+	vtype := value.Type()
+	if vtype.Kind() == reflect.Ptr {
+		vtype = vtype.Elem() // check kind of actual element type
+	}
+
+	t := tag.Get("type")
+	if t == "" {
+		switch vtype.Kind() {
+		case reflect.Struct:
+			// also it can't be a time object
+			if _, ok := value.Interface().(*time.Time); !ok {
+				t = "structure"
+			}
+		case reflect.Slice:
+			// also it can't be a byte slice
+			if _, ok := value.Interface().([]byte); !ok {
+				t = "list"
+			}
+		case reflect.Map:
+			// cannot be a JSONValue map
+			if _, ok := value.Interface().(aws.JSONValue); !ok {
+				t = "map"
+			}
+		}
+	}
+
+	switch t {
+	case "structure":
+		if field, ok := vtype.FieldByName("_"); ok {
+			tag = field.Tag
+		}
+		return unmarshalStruct(value, data, tag)
+	case "list":
+		return unmarshalList(value, data, tag)
+	case "map":
+		return unmarshalMap(value, data, tag)
+	default:
+		return unmarshalScalar(value, data, tag)
+	}
+}
+
+func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+	if data == nil {
+		return nil
+	}
+	mapData, ok := data.(map[string]interface{})
+	if !ok {
+		return fmt.Errorf("JSON value is not a structure (%#v)", data)
+	}
+
+	t := value.Type()
+	if value.Kind() == reflect.Ptr {
+		if value.IsNil() { // create the structure if it's nil
+			s := reflect.New(value.Type().Elem())
+			value.Set(s)
+			value = s
+		}
+
+		value = value.Elem()
+		t = t.Elem()
+	}
+
+	// unwrap any payloads
+	if payload := tag.Get("payload"); payload != "" {
+		field, _ := t.FieldByName(payload)
+		return unmarshalAny(value.FieldByName(payload), data, field.Tag)
+	}
+
+	for i := 0; i < t.NumField(); i++ {
+		field := t.Field(i)
+		if field.PkgPath != "" {
+			continue // ignore unexported fields
+		}
+
+		// figure out what this field is called
+		name := field.Name
+		if locName := field.Tag.Get("locationName"); locName != "" {
+			name = locName
+		}
+
+		member := value.FieldByIndex(field.Index)
+		err := unmarshalAny(member, mapData[name], field.Tag)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+	if data == nil {
+		return nil
+	}
+	listData, ok := data.([]interface{})
+	if !ok {
+		return fmt.Errorf("JSON value is not a list (%#v)", data)
+	}
+
+	if value.IsNil() {
+		l := len(listData)
+		value.Set(reflect.MakeSlice(value.Type(), l, l))
+	}
+
+	for i, c := range listData {
+		err := unmarshalAny(value.Index(i), c, "")
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+	if data == nil {
+		return nil
+	}
+	mapData, ok := data.(map[string]interface{})
+	if !ok {
+		return fmt.Errorf("JSON value is not a map (%#v)", data)
+	}
+
+	if value.IsNil() {
+		value.Set(reflect.MakeMap(value.Type()))
+	}
+
+	for k, v := range mapData {
+		kvalue := reflect.ValueOf(k)
+		vvalue := reflect.New(value.Type().Elem()).Elem()
+
+		unmarshalAny(vvalue, v, "")
+		value.SetMapIndex(kvalue, vvalue)
+	}
+
+	return nil
+}
+
+func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+
+	switch d := data.(type) {
+	case nil:
+		return nil // nothing to do here
+	case string:
+		switch value.Interface().(type) {
+		case *string:
+			value.Set(reflect.ValueOf(&d))
+		case []byte:
+			b, err := base64.StdEncoding.DecodeString(d)
+			if err != nil {
+				return err
+			}
+			value.Set(reflect.ValueOf(b))
+		case *time.Time:
+			format := tag.Get("timestampFormat")
+			if len(format) == 0 {
+				format = protocol.ISO8601TimeFormatName
+			}
+
+			t, err := protocol.ParseTime(format, d)
+			if err != nil {
+				return err
+			}
+			value.Set(reflect.ValueOf(&t))
+		case aws.JSONValue:
+			// No need to use escaping as the value is a non-quoted string.
+			v, err := protocol.DecodeJSONValue(d, protocol.NoEscape)
+			if err != nil {
+				return err
+			}
+			value.Set(reflect.ValueOf(v))
+		default:
+			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
+		}
+	case float64:
+		switch value.Interface().(type) {
+		case *int64:
+			di := int64(d)
+			value.Set(reflect.ValueOf(&di))
+		case *float64:
+			value.Set(reflect.ValueOf(&d))
+		case *time.Time:
+			// Time unmarshaled from a float64 can only be epoch seconds
+			t := time.Unix(int64(d), 0).UTC()
+			value.Set(reflect.ValueOf(&t))
+		default:
+			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
+		}
+	case bool:
+		switch value.Interface().(type) {
+		case *bool:
+			value.Set(reflect.ValueOf(&d))
+		default:
+			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
+		}
+	default:
+		return fmt.Errorf("unsupported JSON value (%v)", data)
+	}
+	return nil
+}

vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go

@@ -0,0 +1,115 @@
+// Package jsonrpc provides JSON RPC utilities for serialization of AWS
+// requests and responses.
+package jsonrpc
+
+//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/input/json.json build_test.go
+//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/json.json unmarshal_test.go
+
+import (
+	"encoding/json"
+	"io"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
+	"github.com/aws/aws-sdk-go/private/protocol/rest"
+)
+
+var emptyJSON = []byte("{}")
+
+// BuildHandler is a named request handler for building jsonrpc protocol requests
+var BuildHandler = request.NamedHandler{Name: "awssdk.jsonrpc.Build", Fn: Build}
+
+// UnmarshalHandler is a named request handler for unmarshaling jsonrpc protocol requests
+var UnmarshalHandler = request.NamedHandler{Name: "awssdk.jsonrpc.Unmarshal", Fn: Unmarshal}
+
+// UnmarshalMetaHandler is a named request handler for unmarshaling jsonrpc protocol request metadata
+var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.jsonrpc.UnmarshalMeta", Fn: UnmarshalMeta}
+
+// UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc protocol request errors
+var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.jsonrpc.UnmarshalError", Fn: UnmarshalError}
+
+// Build builds a JSON payload for a JSON RPC request.
+func Build(req *request.Request) {
+	var buf []byte
+	var err error
+	if req.ParamsFilled() {
+		buf, err = jsonutil.BuildJSON(req.Params)
+		if err != nil {
+			req.Error = awserr.New("SerializationError", "failed encoding JSON RPC request", err)
+			return
+		}
+	} else {
+		buf = emptyJSON
+	}
+
+	if req.ClientInfo.TargetPrefix != "" || string(buf) != "{}" {
+		req.SetBufferBody(buf)
+	}
+
+	if req.ClientInfo.TargetPrefix != "" {
+		target := req.ClientInfo.TargetPrefix + "." + req.Operation.Name
+		req.HTTPRequest.Header.Add("X-Amz-Target", target)
+	}
+	if req.ClientInfo.JSONVersion != "" {
+		jsonVersion := req.ClientInfo.JSONVersion
+		req.HTTPRequest.Header.Add("Content-Type", "application/x-amz-json-"+jsonVersion)
+	}
+}
+
+// Unmarshal unmarshals a response for a JSON RPC service.
+func Unmarshal(req *request.Request) {
+	defer req.HTTPResponse.Body.Close()
+	if req.DataFilled() {
+		err := jsonutil.UnmarshalJSON(req.Data, req.HTTPResponse.Body)
+		if err != nil {
+			req.Error = awserr.NewRequestFailure(
+				awserr.New("SerializationError", "failed decoding JSON RPC response", err),
+				req.HTTPResponse.StatusCode,
+				req.RequestID,
+			)
+		}
+	}
+	return
+}
+
+// UnmarshalMeta unmarshals headers from a response for a JSON RPC service.
+func UnmarshalMeta(req *request.Request) {
+	rest.UnmarshalMeta(req)
+}
+
+// UnmarshalError unmarshals an error response for a JSON RPC service.
+func UnmarshalError(req *request.Request) {
+	defer req.HTTPResponse.Body.Close()
+
+	var jsonErr jsonErrorResponse
+	err := json.NewDecoder(req.HTTPResponse.Body).Decode(&jsonErr)
+	if err == io.EOF {
+		req.Error = awserr.NewRequestFailure(
+			awserr.New("SerializationError", req.HTTPResponse.Status, nil),
+			req.HTTPResponse.StatusCode,
+			req.RequestID,
+		)
+		return
+	} else if err != nil {
+		req.Error = awserr.NewRequestFailure(
+			awserr.New("SerializationError", "failed decoding JSON RPC error response", err),
+			req.HTTPResponse.StatusCode,
+			req.RequestID,
+		)
+		return
+	}
+
+	codes := strings.SplitN(jsonErr.Code, "#", 2)
+	req.Error = awserr.NewRequestFailure(
+		awserr.New(codes[len(codes)-1], jsonErr.Message, nil),
+		req.HTTPResponse.StatusCode,
+		req.RequestID,
+	)
+}
+
+type jsonErrorResponse struct {
+	Code    string `json:"__type"`
+	Message string `json:"message"`
+}

vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go

@@ -233,7 +233,12 @@ func (q *queryParser) parseScalar(v url.Values, r reflect.Value, name string, ta
 		v.Set(name, strconv.FormatFloat(float64(value), 'f', -1, 32))
 	case time.Time:
 		const ISO8601UTC = "2006-01-02T15:04:05Z"
-		v.Set(name, value.UTC().Format(ISO8601UTC))
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.ISO8601TimeFormatName
+		}
+
+		v.Set(name, protocol.FormatTime(format, value))
 	default:
 		return fmt.Errorf("unsupported value for param %s: %v (%s)", name, r.Interface(), r.Type().Name())
 	}

vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go

@@ -23,7 +23,11 @@ func Unmarshal(r *request.Request) {
 		decoder := xml.NewDecoder(r.HTTPResponse.Body)
 		err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result")
 		if err != nil {
-			r.Error = awserr.New("SerializationError", "failed decoding Query response", err)
+			r.Error = awserr.NewRequestFailure(
+				awserr.New("SerializationError", "failed decoding Query response", err),
+				r.HTTPResponse.StatusCode,
+				r.RequestID,
+			)
 			return
 		}
 	}

vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go

@@ -28,7 +28,11 @@ func UnmarshalError(r *request.Request) {
 
 	bodyBytes, err := ioutil.ReadAll(r.HTTPResponse.Body)
 	if err != nil {
-		r.Error = awserr.New("SerializationError", "failed to read from query HTTP response body", err)
+		r.Error = awserr.NewRequestFailure(
+			awserr.New("SerializationError", "failed to read from query HTTP response body", err),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
 		return
 	}
 
@@ -61,6 +65,10 @@ func UnmarshalError(r *request.Request) {
 	}
 
 	// Failed to retrieve any error message from the response body
-	r.Error = awserr.New("SerializationError",
-		"failed to decode query XML error response", decodeErr)
+	r.Error = awserr.NewRequestFailure(
+		awserr.New("SerializationError",
+			"failed to decode query XML error response", decodeErr),
+		r.HTTPResponse.StatusCode,
+		r.RequestID,
+	)
 }

vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go

@@ -20,11 +20,6 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
-// RFC1123GMT is a RFC1123 (RFC822) formated timestame. This format is not
-// using the standard library's time.RFC1123 due to the desire to always use
-// GMT as the timezone.
-const RFC1123GMT = "Mon, 2 Jan 2006 15:04:05 GMT"
-
 // Whether the byte value can be sent without escaping in AWS URLs
 var noEscape [256]bool
 
@@ -272,7 +267,14 @@ func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error)
 	case float64:
 		str = strconv.FormatFloat(value, 'f', -1, 64)
 	case time.Time:
-		str = value.UTC().Format(RFC1123GMT)
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.RFC822TimeFormatName
+			if tag.Get("location") == "querystring" {
+				format = protocol.ISO8601TimeFormatName
+			}
+		}
+		str = protocol.FormatTime(format, value)
 	case aws.JSONValue:
 		if len(value) == 0 {
 			return "", errValueNotSet

vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go

@@ -198,7 +198,11 @@ func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) erro
 		}
 		v.Set(reflect.ValueOf(&f))
 	case *time.Time:
-		t, err := time.Parse(time.RFC1123, header)
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.RFC822TimeFormatName
+		}
+		t, err := protocol.ParseTime(format, header)
 		if err != nil {
 			return err
 		}

vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go

@@ -36,7 +36,11 @@ func Build(r *request.Request) {
 		var buf bytes.Buffer
 		err := xmlutil.BuildXML(r.Params, xml.NewEncoder(&buf))
 		if err != nil {
-			r.Error = awserr.New("SerializationError", "failed to encode rest XML request", err)
+			r.Error = awserr.NewRequestFailure(
+				awserr.New("SerializationError", "failed to encode rest XML request", err),
+				r.HTTPResponse.StatusCode,
+				r.RequestID,
+			)
 			return
 		}
 		r.SetBufferBody(buf.Bytes())
@@ -50,7 +54,11 @@ func Unmarshal(r *request.Request) {
 		decoder := xml.NewDecoder(r.HTTPResponse.Body)
 		err := xmlutil.UnmarshalXML(r.Data, decoder, "")
 		if err != nil {
-			r.Error = awserr.New("SerializationError", "failed to decode REST XML response", err)
+			r.Error = awserr.NewRequestFailure(
+				awserr.New("SerializationError", "failed to decode REST XML response", err),
+				r.HTTPResponse.StatusCode,
+				r.RequestID,
+			)
 			return
 		}
 	} else {

vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go

@@ -0,0 +1,72 @@
+package protocol
+
+import (
+	"strconv"
+	"time"
+)
+
+// Names of time formats supported by the SDK
+const (
+	RFC822TimeFormatName  = "rfc822"
+	ISO8601TimeFormatName = "iso8601"
+	UnixTimeFormatName    = "unixTimestamp"
+)
+
+// Time formats supported by the SDK
+const (
+	// RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT
+	RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT"
+
+	// RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z
+	ISO8601TimeFormat = "2006-01-02T15:04:05Z"
+)
+
+// IsKnownTimestampFormat returns if the timestamp format name
+// is know to the SDK's protocols.
+func IsKnownTimestampFormat(name string) bool {
+	switch name {
+	case RFC822TimeFormatName:
+		fallthrough
+	case ISO8601TimeFormatName:
+		fallthrough
+	case UnixTimeFormatName:
+		return true
+	default:
+		return false
+	}
+}
+
+// FormatTime returns a string value of the time.
+func FormatTime(name string, t time.Time) string {
+	t = t.UTC()
+
+	switch name {
+	case RFC822TimeFormatName:
+		return t.Format(RFC822TimeFormat)
+	case ISO8601TimeFormatName:
+		return t.Format(ISO8601TimeFormat)
+	case UnixTimeFormatName:
+		return strconv.FormatInt(t.Unix(), 10)
+	default:
+		panic("unknown timestamp format name, " + name)
+	}
+}
+
+// ParseTime attempts to parse the time given the format. Returns
+// the time if it was able to be parsed, and fails otherwise.
+func ParseTime(formatName, value string) (time.Time, error) {
+	switch formatName {
+	case RFC822TimeFormatName:
+		return time.Parse(RFC822TimeFormat, value)
+	case ISO8601TimeFormatName:
+		return time.Parse(ISO8601TimeFormat, value)
+	case UnixTimeFormatName:
+		v, err := strconv.ParseFloat(value, 64)
+		if err != nil {
+			return time.Time{}, err
+		}
+		return time.Unix(int64(v), 0), nil
+	default:
+		panic("unknown timestamp format name, " + formatName)
+	}
+}

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go

@@ -13,9 +13,13 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
-// BuildXML will serialize params into an xml.Encoder.
-// Error will be returned if the serialization of any of the params or nested values fails.
+// BuildXML will serialize params into an xml.Encoder. Error will be returned
+// if the serialization of any of the params or nested values fails.
 func BuildXML(params interface{}, e *xml.Encoder) error {
+	return buildXML(params, e, false)
+}
+
+func buildXML(params interface{}, e *xml.Encoder, sorted bool) error {
 	b := xmlBuilder{encoder: e, namespaces: map[string]string{}}
 	root := NewXMLElement(xml.Name{})
 	if err := b.buildValue(reflect.ValueOf(params), root, ""); err != nil {
@@ -23,7 +27,7 @@ func BuildXML(params interface{}, e *xml.Encoder) error {
 	}
 	for _, c := range root.Children {
 		for _, v := range c {
-			return StructToXML(e, v, false)
+			return StructToXML(e, v, sorted)
 		}
 	}
 	return nil
@@ -83,15 +87,13 @@ func (b *xmlBuilder) buildValue(value reflect.Value, current *XMLNode, tag refle
 	}
 }
 
-// buildStruct adds a struct and its fields to the current XMLNode. All fields any any nested
+// buildStruct adds a struct and its fields to the current XMLNode. All fields and any nested
 // types are converted to XMLNodes also.
 func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
 	if !value.IsValid() {
 		return nil
 	}
 
-	fieldAdded := false
-
 	// unwrap payloads
 	if payload := tag.Get("payload"); payload != "" {
 		field, _ := value.Type().FieldByName(payload)
@@ -119,6 +121,8 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
 		child.Attr = append(child.Attr, ns)
 	}
 
+	var payloadFields, nonPayloadFields int
+
 	t := value.Type()
 	for i := 0; i < value.NumField(); i++ {
 		member := elemOf(value.Field(i))
@@ -133,8 +137,10 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
 
 		mTag := field.Tag
 		if mTag.Get("location") != "" { // skip non-body members
+			nonPayloadFields++
 			continue
 		}
+		payloadFields++
 
 		if protocol.CanSetIdempotencyToken(value.Field(i), field) {
 			token := protocol.GetIdempotencyToken()
@@ -149,11 +155,11 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
 		if err := b.buildValue(member, child, mTag); err != nil {
 			return err
 		}
-
-		fieldAdded = true
 	}
 
-	if fieldAdded { // only append this child if we have one ore more valid members
+	// Only case where the child shape is not added is if the shape only contains
+	// non-payload fields, e.g headers/query.
+	if !(payloadFields == 0 && nonPayloadFields > 0) {
 		current.AddChild(child)
 	}
 
@@ -278,8 +284,12 @@ func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag refl
 	case float32:
 		str = strconv.FormatFloat(float64(converted), 'f', -1, 32)
 	case time.Time:
-		const ISO8601UTC = "2006-01-02T15:04:05Z"
-		str = converted.UTC().Format(ISO8601UTC)
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.ISO8601TimeFormatName
+		}
+
+		str = protocol.FormatTime(format, converted)
 	default:
 		return fmt.Errorf("unsupported value for param %s: %v (%s)",
 			tag.Get("locationName"), value.Interface(), value.Type().Name())

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go

@@ -9,6 +9,8 @@ import (
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
 // UnmarshalXML deserializes an xml.Decoder into the container v. V
@@ -253,8 +255,12 @@ func parseScalar(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
 		}
 		r.Set(reflect.ValueOf(&v))
 	case *time.Time:
-		const ISO8601UTC = "2006-01-02T15:04:05Z"
-		t, err := time.Parse(ISO8601UTC, node.Text)
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.ISO8601TimeFormatName
+		}
+
+		t, err := protocol.ParseTime(format, node.Text)
 		if err != nil {
 			return err
 		}

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go

@@ -29,6 +29,7 @@ func NewXMLElement(name xml.Name) *XMLNode {
 
 // AddChild adds child to the XMLNode.
 func (n *XMLNode) AddChild(child *XMLNode) {
+	child.parent = n
 	if _, ok := n.Children[child.Name.Local]; !ok {
 		n.Children[child.Name.Local] = []*XMLNode{}
 	}

vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go

@@ -3,9 +3,22 @@
 // Package ec2 provides the client and types for making API
 // requests to Amazon Elastic Compute Cloud.
 //
-// Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity
-// in the AWS Cloud. Using Amazon EC2 eliminates the need to invest in hardware
-// up front, so you can develop and deploy applications faster.
+// Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing
+// capacity in the AWS cloud. Using Amazon EC2 eliminates the need to invest
+// in hardware up front, so you can develop and deploy applications faster.
+//
+// To learn more about Amazon EC2, Amazon EBS, and Amazon VPC, see the following
+// resources:
+//
+//    * Amazon EC2 product page (http://aws.amazon.com/ec2)
+//
+//    * Amazon EC2 documentation (http://aws.amazon.com/documentation/ec2)
+//
+//    * Amazon EBS product page (http://aws.amazon.com/ebs)
+//
+//    * Amazon VPC product page (http://aws.amazon.com/vpc)
+//
+//    * Amazon VPC documentation (http://aws.amazon.com/documentation/vpc)
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15 for more information on this service.
 //

vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go

@@ -64,6 +64,10 @@ type EC2API interface {
 	AcceptReservedInstancesExchangeQuoteWithContext(aws.Context, *ec2.AcceptReservedInstancesExchangeQuoteInput, ...request.Option) (*ec2.AcceptReservedInstancesExchangeQuoteOutput, error)
 	AcceptReservedInstancesExchangeQuoteRequest(*ec2.AcceptReservedInstancesExchangeQuoteInput) (*request.Request, *ec2.AcceptReservedInstancesExchangeQuoteOutput)
 
+	AcceptTransitGatewayVpcAttachment(*ec2.AcceptTransitGatewayVpcAttachmentInput) (*ec2.AcceptTransitGatewayVpcAttachmentOutput, error)
+	AcceptTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.AcceptTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.AcceptTransitGatewayVpcAttachmentOutput, error)
+	AcceptTransitGatewayVpcAttachmentRequest(*ec2.AcceptTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.AcceptTransitGatewayVpcAttachmentOutput)
+
 	AcceptVpcEndpointConnections(*ec2.AcceptVpcEndpointConnectionsInput) (*ec2.AcceptVpcEndpointConnectionsOutput, error)
 	AcceptVpcEndpointConnectionsWithContext(aws.Context, *ec2.AcceptVpcEndpointConnectionsInput, ...request.Option) (*ec2.AcceptVpcEndpointConnectionsOutput, error)
 	AcceptVpcEndpointConnectionsRequest(*ec2.AcceptVpcEndpointConnectionsInput) (*request.Request, *ec2.AcceptVpcEndpointConnectionsOutput)
@@ -72,6 +76,10 @@ type EC2API interface {
 	AcceptVpcPeeringConnectionWithContext(aws.Context, *ec2.AcceptVpcPeeringConnectionInput, ...request.Option) (*ec2.AcceptVpcPeeringConnectionOutput, error)
 	AcceptVpcPeeringConnectionRequest(*ec2.AcceptVpcPeeringConnectionInput) (*request.Request, *ec2.AcceptVpcPeeringConnectionOutput)
 
+	AdvertiseByoipCidr(*ec2.AdvertiseByoipCidrInput) (*ec2.AdvertiseByoipCidrOutput, error)
+	AdvertiseByoipCidrWithContext(aws.Context, *ec2.AdvertiseByoipCidrInput, ...request.Option) (*ec2.AdvertiseByoipCidrOutput, error)
+	AdvertiseByoipCidrRequest(*ec2.AdvertiseByoipCidrInput) (*request.Request, *ec2.AdvertiseByoipCidrOutput)
+
 	AllocateAddress(*ec2.AllocateAddressInput) (*ec2.AllocateAddressOutput, error)
 	AllocateAddressWithContext(aws.Context, *ec2.AllocateAddressInput, ...request.Option) (*ec2.AllocateAddressOutput, error)
 	AllocateAddressRequest(*ec2.AllocateAddressInput) (*request.Request, *ec2.AllocateAddressOutput)
@@ -80,6 +88,10 @@ type EC2API interface {
 	AllocateHostsWithContext(aws.Context, *ec2.AllocateHostsInput, ...request.Option) (*ec2.AllocateHostsOutput, error)
 	AllocateHostsRequest(*ec2.AllocateHostsInput) (*request.Request, *ec2.AllocateHostsOutput)
 
+	ApplySecurityGroupsToClientVpnTargetNetwork(*ec2.ApplySecurityGroupsToClientVpnTargetNetworkInput) (*ec2.ApplySecurityGroupsToClientVpnTargetNetworkOutput, error)
+	ApplySecurityGroupsToClientVpnTargetNetworkWithContext(aws.Context, *ec2.ApplySecurityGroupsToClientVpnTargetNetworkInput, ...request.Option) (*ec2.ApplySecurityGroupsToClientVpnTargetNetworkOutput, error)
+	ApplySecurityGroupsToClientVpnTargetNetworkRequest(*ec2.ApplySecurityGroupsToClientVpnTargetNetworkInput) (*request.Request, *ec2.ApplySecurityGroupsToClientVpnTargetNetworkOutput)
+
 	AssignIpv6Addresses(*ec2.AssignIpv6AddressesInput) (*ec2.AssignIpv6AddressesOutput, error)
 	AssignIpv6AddressesWithContext(aws.Context, *ec2.AssignIpv6AddressesInput, ...request.Option) (*ec2.AssignIpv6AddressesOutput, error)
 	AssignIpv6AddressesRequest(*ec2.AssignIpv6AddressesInput) (*request.Request, *ec2.AssignIpv6AddressesOutput)
@@ -92,6 +104,10 @@ type EC2API interface {
 	AssociateAddressWithContext(aws.Context, *ec2.AssociateAddressInput, ...request.Option) (*ec2.AssociateAddressOutput, error)
 	AssociateAddressRequest(*ec2.AssociateAddressInput) (*request.Request, *ec2.AssociateAddressOutput)
 
+	AssociateClientVpnTargetNetwork(*ec2.AssociateClientVpnTargetNetworkInput) (*ec2.AssociateClientVpnTargetNetworkOutput, error)
+	AssociateClientVpnTargetNetworkWithContext(aws.Context, *ec2.AssociateClientVpnTargetNetworkInput, ...request.Option) (*ec2.AssociateClientVpnTargetNetworkOutput, error)
+	AssociateClientVpnTargetNetworkRequest(*ec2.AssociateClientVpnTargetNetworkInput) (*request.Request, *ec2.AssociateClientVpnTargetNetworkOutput)
+
 	AssociateDhcpOptions(*ec2.AssociateDhcpOptionsInput) (*ec2.AssociateDhcpOptionsOutput, error)
 	AssociateDhcpOptionsWithContext(aws.Context, *ec2.AssociateDhcpOptionsInput, ...request.Option) (*ec2.AssociateDhcpOptionsOutput, error)
 	AssociateDhcpOptionsRequest(*ec2.AssociateDhcpOptionsInput) (*request.Request, *ec2.AssociateDhcpOptionsOutput)
@@ -108,6 +124,10 @@ type EC2API interface {
 	AssociateSubnetCidrBlockWithContext(aws.Context, *ec2.AssociateSubnetCidrBlockInput, ...request.Option) (*ec2.AssociateSubnetCidrBlockOutput, error)
 	AssociateSubnetCidrBlockRequest(*ec2.AssociateSubnetCidrBlockInput) (*request.Request, *ec2.AssociateSubnetCidrBlockOutput)
 
+	AssociateTransitGatewayRouteTable(*ec2.AssociateTransitGatewayRouteTableInput) (*ec2.AssociateTransitGatewayRouteTableOutput, error)
+	AssociateTransitGatewayRouteTableWithContext(aws.Context, *ec2.AssociateTransitGatewayRouteTableInput, ...request.Option) (*ec2.AssociateTransitGatewayRouteTableOutput, error)
+	AssociateTransitGatewayRouteTableRequest(*ec2.AssociateTransitGatewayRouteTableInput) (*request.Request, *ec2.AssociateTransitGatewayRouteTableOutput)
+
 	AssociateVpcCidrBlock(*ec2.AssociateVpcCidrBlockInput) (*ec2.AssociateVpcCidrBlockOutput, error)
 	AssociateVpcCidrBlockWithContext(aws.Context, *ec2.AssociateVpcCidrBlockInput, ...request.Option) (*ec2.AssociateVpcCidrBlockOutput, error)
 	AssociateVpcCidrBlockRequest(*ec2.AssociateVpcCidrBlockInput) (*request.Request, *ec2.AssociateVpcCidrBlockOutput)
@@ -132,6 +152,10 @@ type EC2API interface {
 	AttachVpnGatewayWithContext(aws.Context, *ec2.AttachVpnGatewayInput, ...request.Option) (*ec2.AttachVpnGatewayOutput, error)
 	AttachVpnGatewayRequest(*ec2.AttachVpnGatewayInput) (*request.Request, *ec2.AttachVpnGatewayOutput)
 
+	AuthorizeClientVpnIngress(*ec2.AuthorizeClientVpnIngressInput) (*ec2.AuthorizeClientVpnIngressOutput, error)
+	AuthorizeClientVpnIngressWithContext(aws.Context, *ec2.AuthorizeClientVpnIngressInput, ...request.Option) (*ec2.AuthorizeClientVpnIngressOutput, error)
+	AuthorizeClientVpnIngressRequest(*ec2.AuthorizeClientVpnIngressInput) (*request.Request, *ec2.AuthorizeClientVpnIngressOutput)
+
 	AuthorizeSecurityGroupEgress(*ec2.AuthorizeSecurityGroupEgressInput) (*ec2.AuthorizeSecurityGroupEgressOutput, error)
 	AuthorizeSecurityGroupEgressWithContext(aws.Context, *ec2.AuthorizeSecurityGroupEgressInput, ...request.Option) (*ec2.AuthorizeSecurityGroupEgressOutput, error)
 	AuthorizeSecurityGroupEgressRequest(*ec2.AuthorizeSecurityGroupEgressInput) (*request.Request, *ec2.AuthorizeSecurityGroupEgressOutput)
@@ -148,6 +172,10 @@ type EC2API interface {
 	CancelBundleTaskWithContext(aws.Context, *ec2.CancelBundleTaskInput, ...request.Option) (*ec2.CancelBundleTaskOutput, error)
 	CancelBundleTaskRequest(*ec2.CancelBundleTaskInput) (*request.Request, *ec2.CancelBundleTaskOutput)
 
+	CancelCapacityReservation(*ec2.CancelCapacityReservationInput) (*ec2.CancelCapacityReservationOutput, error)
+	CancelCapacityReservationWithContext(aws.Context, *ec2.CancelCapacityReservationInput, ...request.Option) (*ec2.CancelCapacityReservationOutput, error)
+	CancelCapacityReservationRequest(*ec2.CancelCapacityReservationInput) (*request.Request, *ec2.CancelCapacityReservationOutput)
+
 	CancelConversionTask(*ec2.CancelConversionTaskInput) (*ec2.CancelConversionTaskOutput, error)
 	CancelConversionTaskWithContext(aws.Context, *ec2.CancelConversionTaskInput, ...request.Option) (*ec2.CancelConversionTaskOutput, error)
 	CancelConversionTaskRequest(*ec2.CancelConversionTaskInput) (*request.Request, *ec2.CancelConversionTaskOutput)
@@ -188,6 +216,18 @@ type EC2API interface {
 	CopySnapshotWithContext(aws.Context, *ec2.CopySnapshotInput, ...request.Option) (*ec2.CopySnapshotOutput, error)
 	CopySnapshotRequest(*ec2.CopySnapshotInput) (*request.Request, *ec2.CopySnapshotOutput)
 
+	CreateCapacityReservation(*ec2.CreateCapacityReservationInput) (*ec2.CreateCapacityReservationOutput, error)
+	CreateCapacityReservationWithContext(aws.Context, *ec2.CreateCapacityReservationInput, ...request.Option) (*ec2.CreateCapacityReservationOutput, error)
+	CreateCapacityReservationRequest(*ec2.CreateCapacityReservationInput) (*request.Request, *ec2.CreateCapacityReservationOutput)
+
+	CreateClientVpnEndpoint(*ec2.CreateClientVpnEndpointInput) (*ec2.CreateClientVpnEndpointOutput, error)
+	CreateClientVpnEndpointWithContext(aws.Context, *ec2.CreateClientVpnEndpointInput, ...request.Option) (*ec2.CreateClientVpnEndpointOutput, error)
+	CreateClientVpnEndpointRequest(*ec2.CreateClientVpnEndpointInput) (*request.Request, *ec2.CreateClientVpnEndpointOutput)
+
+	CreateClientVpnRoute(*ec2.CreateClientVpnRouteInput) (*ec2.CreateClientVpnRouteOutput, error)
+	CreateClientVpnRouteWithContext(aws.Context, *ec2.CreateClientVpnRouteInput, ...request.Option) (*ec2.CreateClientVpnRouteOutput, error)
+	CreateClientVpnRouteRequest(*ec2.CreateClientVpnRouteInput) (*request.Request, *ec2.CreateClientVpnRouteOutput)
+
 	CreateCustomerGateway(*ec2.CreateCustomerGatewayInput) (*ec2.CreateCustomerGatewayOutput, error)
 	CreateCustomerGatewayWithContext(aws.Context, *ec2.CreateCustomerGatewayInput, ...request.Option) (*ec2.CreateCustomerGatewayOutput, error)
 	CreateCustomerGatewayRequest(*ec2.CreateCustomerGatewayInput) (*request.Request, *ec2.CreateCustomerGatewayOutput)
@@ -300,6 +340,22 @@ type EC2API interface {
 	CreateTagsWithContext(aws.Context, *ec2.CreateTagsInput, ...request.Option) (*ec2.CreateTagsOutput, error)
 	CreateTagsRequest(*ec2.CreateTagsInput) (*request.Request, *ec2.CreateTagsOutput)
 
+	CreateTransitGateway(*ec2.CreateTransitGatewayInput) (*ec2.CreateTransitGatewayOutput, error)
+	CreateTransitGatewayWithContext(aws.Context, *ec2.CreateTransitGatewayInput, ...request.Option) (*ec2.CreateTransitGatewayOutput, error)
+	CreateTransitGatewayRequest(*ec2.CreateTransitGatewayInput) (*request.Request, *ec2.CreateTransitGatewayOutput)
+
+	CreateTransitGatewayRoute(*ec2.CreateTransitGatewayRouteInput) (*ec2.CreateTransitGatewayRouteOutput, error)
+	CreateTransitGatewayRouteWithContext(aws.Context, *ec2.CreateTransitGatewayRouteInput, ...request.Option) (*ec2.CreateTransitGatewayRouteOutput, error)
+	CreateTransitGatewayRouteRequest(*ec2.CreateTransitGatewayRouteInput) (*request.Request, *ec2.CreateTransitGatewayRouteOutput)
+
+	CreateTransitGatewayRouteTable(*ec2.CreateTransitGatewayRouteTableInput) (*ec2.CreateTransitGatewayRouteTableOutput, error)
+	CreateTransitGatewayRouteTableWithContext(aws.Context, *ec2.CreateTransitGatewayRouteTableInput, ...request.Option) (*ec2.CreateTransitGatewayRouteTableOutput, error)
+	CreateTransitGatewayRouteTableRequest(*ec2.CreateTransitGatewayRouteTableInput) (*request.Request, *ec2.CreateTransitGatewayRouteTableOutput)
+
+	CreateTransitGatewayVpcAttachment(*ec2.CreateTransitGatewayVpcAttachmentInput) (*ec2.CreateTransitGatewayVpcAttachmentOutput, error)
+	CreateTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.CreateTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.CreateTransitGatewayVpcAttachmentOutput, error)
+	CreateTransitGatewayVpcAttachmentRequest(*ec2.CreateTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.CreateTransitGatewayVpcAttachmentOutput)
+
 	CreateVolume(*ec2.CreateVolumeInput) (*ec2.Volume, error)
 	CreateVolumeWithContext(aws.Context, *ec2.CreateVolumeInput, ...request.Option) (*ec2.Volume, error)
 	CreateVolumeRequest(*ec2.CreateVolumeInput) (*request.Request, *ec2.Volume)
@@ -336,6 +392,14 @@ type EC2API interface {
 	CreateVpnGatewayWithContext(aws.Context, *ec2.CreateVpnGatewayInput, ...request.Option) (*ec2.CreateVpnGatewayOutput, error)
 	CreateVpnGatewayRequest(*ec2.CreateVpnGatewayInput) (*request.Request, *ec2.CreateVpnGatewayOutput)
 
+	DeleteClientVpnEndpoint(*ec2.DeleteClientVpnEndpointInput) (*ec2.DeleteClientVpnEndpointOutput, error)
+	DeleteClientVpnEndpointWithContext(aws.Context, *ec2.DeleteClientVpnEndpointInput, ...request.Option) (*ec2.DeleteClientVpnEndpointOutput, error)
+	DeleteClientVpnEndpointRequest(*ec2.DeleteClientVpnEndpointInput) (*request.Request, *ec2.DeleteClientVpnEndpointOutput)
+
+	DeleteClientVpnRoute(*ec2.DeleteClientVpnRouteInput) (*ec2.DeleteClientVpnRouteOutput, error)
+	DeleteClientVpnRouteWithContext(aws.Context, *ec2.DeleteClientVpnRouteInput, ...request.Option) (*ec2.DeleteClientVpnRouteOutput, error)
+	DeleteClientVpnRouteRequest(*ec2.DeleteClientVpnRouteInput) (*request.Request, *ec2.DeleteClientVpnRouteOutput)
+
 	DeleteCustomerGateway(*ec2.DeleteCustomerGatewayInput) (*ec2.DeleteCustomerGatewayOutput, error)
 	DeleteCustomerGatewayWithContext(aws.Context, *ec2.DeleteCustomerGatewayInput, ...request.Option) (*ec2.DeleteCustomerGatewayOutput, error)
 	DeleteCustomerGatewayRequest(*ec2.DeleteCustomerGatewayInput) (*request.Request, *ec2.DeleteCustomerGatewayOutput)
@@ -428,6 +492,22 @@ type EC2API interface {
 	DeleteTagsWithContext(aws.Context, *ec2.DeleteTagsInput, ...request.Option) (*ec2.DeleteTagsOutput, error)
 	DeleteTagsRequest(*ec2.DeleteTagsInput) (*request.Request, *ec2.DeleteTagsOutput)
 
+	DeleteTransitGateway(*ec2.DeleteTransitGatewayInput) (*ec2.DeleteTransitGatewayOutput, error)
+	DeleteTransitGatewayWithContext(aws.Context, *ec2.DeleteTransitGatewayInput, ...request.Option) (*ec2.DeleteTransitGatewayOutput, error)
+	DeleteTransitGatewayRequest(*ec2.DeleteTransitGatewayInput) (*request.Request, *ec2.DeleteTransitGatewayOutput)
+
+	DeleteTransitGatewayRoute(*ec2.DeleteTransitGatewayRouteInput) (*ec2.DeleteTransitGatewayRouteOutput, error)
+	DeleteTransitGatewayRouteWithContext(aws.Context, *ec2.DeleteTransitGatewayRouteInput, ...request.Option) (*ec2.DeleteTransitGatewayRouteOutput, error)
+	DeleteTransitGatewayRouteRequest(*ec2.DeleteTransitGatewayRouteInput) (*request.Request, *ec2.DeleteTransitGatewayRouteOutput)
+
+	DeleteTransitGatewayRouteTable(*ec2.DeleteTransitGatewayRouteTableInput) (*ec2.DeleteTransitGatewayRouteTableOutput, error)
+	DeleteTransitGatewayRouteTableWithContext(aws.Context, *ec2.DeleteTransitGatewayRouteTableInput, ...request.Option) (*ec2.DeleteTransitGatewayRouteTableOutput, error)
+	DeleteTransitGatewayRouteTableRequest(*ec2.DeleteTransitGatewayRouteTableInput) (*request.Request, *ec2.DeleteTransitGatewayRouteTableOutput)
+
+	DeleteTransitGatewayVpcAttachment(*ec2.DeleteTransitGatewayVpcAttachmentInput) (*ec2.DeleteTransitGatewayVpcAttachmentOutput, error)
+	DeleteTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.DeleteTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.DeleteTransitGatewayVpcAttachmentOutput, error)
+	DeleteTransitGatewayVpcAttachmentRequest(*ec2.DeleteTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.DeleteTransitGatewayVpcAttachmentOutput)
+
 	DeleteVolume(*ec2.DeleteVolumeInput) (*ec2.DeleteVolumeOutput, error)
 	DeleteVolumeWithContext(aws.Context, *ec2.DeleteVolumeInput, ...request.Option) (*ec2.DeleteVolumeOutput, error)
 	DeleteVolumeRequest(*ec2.DeleteVolumeInput) (*request.Request, *ec2.DeleteVolumeOutput)
@@ -464,6 +544,10 @@ type EC2API interface {
 	DeleteVpnGatewayWithContext(aws.Context, *ec2.DeleteVpnGatewayInput, ...request.Option) (*ec2.DeleteVpnGatewayOutput, error)
 	DeleteVpnGatewayRequest(*ec2.DeleteVpnGatewayInput) (*request.Request, *ec2.DeleteVpnGatewayOutput)
 
+	DeprovisionByoipCidr(*ec2.DeprovisionByoipCidrInput) (*ec2.DeprovisionByoipCidrOutput, error)
+	DeprovisionByoipCidrWithContext(aws.Context, *ec2.DeprovisionByoipCidrInput, ...request.Option) (*ec2.DeprovisionByoipCidrOutput, error)
+	DeprovisionByoipCidrRequest(*ec2.DeprovisionByoipCidrInput) (*request.Request, *ec2.DeprovisionByoipCidrOutput)
+
 	DeregisterImage(*ec2.DeregisterImageInput) (*ec2.DeregisterImageOutput, error)
 	DeregisterImageWithContext(aws.Context, *ec2.DeregisterImageInput, ...request.Option) (*ec2.DeregisterImageOutput, error)
 	DeregisterImageRequest(*ec2.DeregisterImageInput) (*request.Request, *ec2.DeregisterImageOutput)
@@ -488,10 +572,38 @@ type EC2API interface {
 	DescribeBundleTasksWithContext(aws.Context, *ec2.DescribeBundleTasksInput, ...request.Option) (*ec2.DescribeBundleTasksOutput, error)
 	DescribeBundleTasksRequest(*ec2.DescribeBundleTasksInput) (*request.Request, *ec2.DescribeBundleTasksOutput)
 
+	DescribeByoipCidrs(*ec2.DescribeByoipCidrsInput) (*ec2.DescribeByoipCidrsOutput, error)
+	DescribeByoipCidrsWithContext(aws.Context, *ec2.DescribeByoipCidrsInput, ...request.Option) (*ec2.DescribeByoipCidrsOutput, error)
+	DescribeByoipCidrsRequest(*ec2.DescribeByoipCidrsInput) (*request.Request, *ec2.DescribeByoipCidrsOutput)
+
+	DescribeCapacityReservations(*ec2.DescribeCapacityReservationsInput) (*ec2.DescribeCapacityReservationsOutput, error)
+	DescribeCapacityReservationsWithContext(aws.Context, *ec2.DescribeCapacityReservationsInput, ...request.Option) (*ec2.DescribeCapacityReservationsOutput, error)
+	DescribeCapacityReservationsRequest(*ec2.DescribeCapacityReservationsInput) (*request.Request, *ec2.DescribeCapacityReservationsOutput)
+
 	DescribeClassicLinkInstances(*ec2.DescribeClassicLinkInstancesInput) (*ec2.DescribeClassicLinkInstancesOutput, error)
 	DescribeClassicLinkInstancesWithContext(aws.Context, *ec2.DescribeClassicLinkInstancesInput, ...request.Option) (*ec2.DescribeClassicLinkInstancesOutput, error)
 	DescribeClassicLinkInstancesRequest(*ec2.DescribeClassicLinkInstancesInput) (*request.Request, *ec2.DescribeClassicLinkInstancesOutput)
 
+	DescribeClientVpnAuthorizationRules(*ec2.DescribeClientVpnAuthorizationRulesInput) (*ec2.DescribeClientVpnAuthorizationRulesOutput, error)
+	DescribeClientVpnAuthorizationRulesWithContext(aws.Context, *ec2.DescribeClientVpnAuthorizationRulesInput, ...request.Option) (*ec2.DescribeClientVpnAuthorizationRulesOutput, error)
+	DescribeClientVpnAuthorizationRulesRequest(*ec2.DescribeClientVpnAuthorizationRulesInput) (*request.Request, *ec2.DescribeClientVpnAuthorizationRulesOutput)
+
+	DescribeClientVpnConnections(*ec2.DescribeClientVpnConnectionsInput) (*ec2.DescribeClientVpnConnectionsOutput, error)
+	DescribeClientVpnConnectionsWithContext(aws.Context, *ec2.DescribeClientVpnConnectionsInput, ...request.Option) (*ec2.DescribeClientVpnConnectionsOutput, error)
+	DescribeClientVpnConnectionsRequest(*ec2.DescribeClientVpnConnectionsInput) (*request.Request, *ec2.DescribeClientVpnConnectionsOutput)
+
+	DescribeClientVpnEndpoints(*ec2.DescribeClientVpnEndpointsInput) (*ec2.DescribeClientVpnEndpointsOutput, error)
+	DescribeClientVpnEndpointsWithContext(aws.Context, *ec2.DescribeClientVpnEndpointsInput, ...request.Option) (*ec2.DescribeClientVpnEndpointsOutput, error)
+	DescribeClientVpnEndpointsRequest(*ec2.DescribeClientVpnEndpointsInput) (*request.Request, *ec2.DescribeClientVpnEndpointsOutput)
+
+	DescribeClientVpnRoutes(*ec2.DescribeClientVpnRoutesInput) (*ec2.DescribeClientVpnRoutesOutput, error)
+	DescribeClientVpnRoutesWithContext(aws.Context, *ec2.DescribeClientVpnRoutesInput, ...request.Option) (*ec2.DescribeClientVpnRoutesOutput, error)
+	DescribeClientVpnRoutesRequest(*ec2.DescribeClientVpnRoutesInput) (*request.Request, *ec2.DescribeClientVpnRoutesOutput)
+
+	DescribeClientVpnTargetNetworks(*ec2.DescribeClientVpnTargetNetworksInput) (*ec2.DescribeClientVpnTargetNetworksOutput, error)
+	DescribeClientVpnTargetNetworksWithContext(aws.Context, *ec2.DescribeClientVpnTargetNetworksInput, ...request.Option) (*ec2.DescribeClientVpnTargetNetworksOutput, error)
+	DescribeClientVpnTargetNetworksRequest(*ec2.DescribeClientVpnTargetNetworksInput) (*request.Request, *ec2.DescribeClientVpnTargetNetworksOutput)
+
 	DescribeConversionTasks(*ec2.DescribeConversionTasksInput) (*ec2.DescribeConversionTasksOutput, error)
 	DescribeConversionTasksWithContext(aws.Context, *ec2.DescribeConversionTasksInput, ...request.Option) (*ec2.DescribeConversionTasksOutput, error)
 	DescribeConversionTasksRequest(*ec2.DescribeConversionTasksInput) (*request.Request, *ec2.DescribeConversionTasksOutput)
@@ -645,6 +757,9 @@ type EC2API interface {
 	DescribeNetworkInterfacesWithContext(aws.Context, *ec2.DescribeNetworkInterfacesInput, ...request.Option) (*ec2.DescribeNetworkInterfacesOutput, error)
 	DescribeNetworkInterfacesRequest(*ec2.DescribeNetworkInterfacesInput) (*request.Request, *ec2.DescribeNetworkInterfacesOutput)
 
+	DescribeNetworkInterfacesPages(*ec2.DescribeNetworkInterfacesInput, func(*ec2.DescribeNetworkInterfacesOutput, bool) bool) error
+	DescribeNetworkInterfacesPagesWithContext(aws.Context, *ec2.DescribeNetworkInterfacesInput, func(*ec2.DescribeNetworkInterfacesOutput, bool) bool, ...request.Option) error
+
 	DescribePlacementGroups(*ec2.DescribePlacementGroupsInput) (*ec2.DescribePlacementGroupsOutput, error)
 	DescribePlacementGroupsWithContext(aws.Context, *ec2.DescribePlacementGroupsInput, ...request.Option) (*ec2.DescribePlacementGroupsOutput, error)
 	DescribePlacementGroupsRequest(*ec2.DescribePlacementGroupsInput) (*request.Request, *ec2.DescribePlacementGroupsOutput)
@@ -657,6 +772,10 @@ type EC2API interface {
 	DescribePrincipalIdFormatWithContext(aws.Context, *ec2.DescribePrincipalIdFormatInput, ...request.Option) (*ec2.DescribePrincipalIdFormatOutput, error)
 	DescribePrincipalIdFormatRequest(*ec2.DescribePrincipalIdFormatInput) (*request.Request, *ec2.DescribePrincipalIdFormatOutput)
 
+	DescribePublicIpv4Pools(*ec2.DescribePublicIpv4PoolsInput) (*ec2.DescribePublicIpv4PoolsOutput, error)
+	DescribePublicIpv4PoolsWithContext(aws.Context, *ec2.DescribePublicIpv4PoolsInput, ...request.Option) (*ec2.DescribePublicIpv4PoolsOutput, error)
+	DescribePublicIpv4PoolsRequest(*ec2.DescribePublicIpv4PoolsInput) (*request.Request, *ec2.DescribePublicIpv4PoolsOutput)
+
 	DescribeRegions(*ec2.DescribeRegionsInput) (*ec2.DescribeRegionsOutput, error)
 	DescribeRegionsWithContext(aws.Context, *ec2.DescribeRegionsInput, ...request.Option) (*ec2.DescribeRegionsOutput, error)
 	DescribeRegionsRequest(*ec2.DescribeRegionsInput) (*request.Request, *ec2.DescribeRegionsOutput)
@@ -687,6 +806,9 @@ type EC2API interface {
 	DescribeRouteTablesWithContext(aws.Context, *ec2.DescribeRouteTablesInput, ...request.Option) (*ec2.DescribeRouteTablesOutput, error)
 	DescribeRouteTablesRequest(*ec2.DescribeRouteTablesInput) (*request.Request, *ec2.DescribeRouteTablesOutput)
 
+	DescribeRouteTablesPages(*ec2.DescribeRouteTablesInput, func(*ec2.DescribeRouteTablesOutput, bool) bool) error
+	DescribeRouteTablesPagesWithContext(aws.Context, *ec2.DescribeRouteTablesInput, func(*ec2.DescribeRouteTablesOutput, bool) bool, ...request.Option) error
+
 	DescribeScheduledInstanceAvailability(*ec2.DescribeScheduledInstanceAvailabilityInput) (*ec2.DescribeScheduledInstanceAvailabilityOutput, error)
 	DescribeScheduledInstanceAvailabilityWithContext(aws.Context, *ec2.DescribeScheduledInstanceAvailabilityInput, ...request.Option) (*ec2.DescribeScheduledInstanceAvailabilityOutput, error)
 	DescribeScheduledInstanceAvailabilityRequest(*ec2.DescribeScheduledInstanceAvailabilityInput) (*request.Request, *ec2.DescribeScheduledInstanceAvailabilityOutput)
@@ -703,6 +825,9 @@ type EC2API interface {
 	DescribeSecurityGroupsWithContext(aws.Context, *ec2.DescribeSecurityGroupsInput, ...request.Option) (*ec2.DescribeSecurityGroupsOutput, error)
 	DescribeSecurityGroupsRequest(*ec2.DescribeSecurityGroupsInput) (*request.Request, *ec2.DescribeSecurityGroupsOutput)
 
+	DescribeSecurityGroupsPages(*ec2.DescribeSecurityGroupsInput, func(*ec2.DescribeSecurityGroupsOutput, bool) bool) error
+	DescribeSecurityGroupsPagesWithContext(aws.Context, *ec2.DescribeSecurityGroupsInput, func(*ec2.DescribeSecurityGroupsOutput, bool) bool, ...request.Option) error
+
 	DescribeSnapshotAttribute(*ec2.DescribeSnapshotAttributeInput) (*ec2.DescribeSnapshotAttributeOutput, error)
 	DescribeSnapshotAttributeWithContext(aws.Context, *ec2.DescribeSnapshotAttributeInput, ...request.Option) (*ec2.DescribeSnapshotAttributeOutput, error)
 	DescribeSnapshotAttributeRequest(*ec2.DescribeSnapshotAttributeInput) (*request.Request, *ec2.DescribeSnapshotAttributeOutput)
@@ -759,6 +884,22 @@ type EC2API interface {
 	DescribeTagsPages(*ec2.DescribeTagsInput, func(*ec2.DescribeTagsOutput, bool) bool) error
 	DescribeTagsPagesWithContext(aws.Context, *ec2.DescribeTagsInput, func(*ec2.DescribeTagsOutput, bool) bool, ...request.Option) error
 
+	DescribeTransitGatewayAttachments(*ec2.DescribeTransitGatewayAttachmentsInput) (*ec2.DescribeTransitGatewayAttachmentsOutput, error)
+	DescribeTransitGatewayAttachmentsWithContext(aws.Context, *ec2.DescribeTransitGatewayAttachmentsInput, ...request.Option) (*ec2.DescribeTransitGatewayAttachmentsOutput, error)
+	DescribeTransitGatewayAttachmentsRequest(*ec2.DescribeTransitGatewayAttachmentsInput) (*request.Request, *ec2.DescribeTransitGatewayAttachmentsOutput)
+
+	DescribeTransitGatewayRouteTables(*ec2.DescribeTransitGatewayRouteTablesInput) (*ec2.DescribeTransitGatewayRouteTablesOutput, error)
+	DescribeTransitGatewayRouteTablesWithContext(aws.Context, *ec2.DescribeTransitGatewayRouteTablesInput, ...request.Option) (*ec2.DescribeTransitGatewayRouteTablesOutput, error)
+	DescribeTransitGatewayRouteTablesRequest(*ec2.DescribeTransitGatewayRouteTablesInput) (*request.Request, *ec2.DescribeTransitGatewayRouteTablesOutput)
+
+	DescribeTransitGatewayVpcAttachments(*ec2.DescribeTransitGatewayVpcAttachmentsInput) (*ec2.DescribeTransitGatewayVpcAttachmentsOutput, error)
+	DescribeTransitGatewayVpcAttachmentsWithContext(aws.Context, *ec2.DescribeTransitGatewayVpcAttachmentsInput, ...request.Option) (*ec2.DescribeTransitGatewayVpcAttachmentsOutput, error)
+	DescribeTransitGatewayVpcAttachmentsRequest(*ec2.DescribeTransitGatewayVpcAttachmentsInput) (*request.Request, *ec2.DescribeTransitGatewayVpcAttachmentsOutput)
+
+	DescribeTransitGateways(*ec2.DescribeTransitGatewaysInput) (*ec2.DescribeTransitGatewaysOutput, error)
+	DescribeTransitGatewaysWithContext(aws.Context, *ec2.DescribeTransitGatewaysInput, ...request.Option) (*ec2.DescribeTransitGatewaysOutput, error)
+	DescribeTransitGatewaysRequest(*ec2.DescribeTransitGatewaysInput) (*request.Request, *ec2.DescribeTransitGatewaysOutput)
+
 	DescribeVolumeAttribute(*ec2.DescribeVolumeAttributeInput) (*ec2.DescribeVolumeAttributeOutput, error)
 	DescribeVolumeAttributeWithContext(aws.Context, *ec2.DescribeVolumeAttributeInput, ...request.Option) (*ec2.DescribeVolumeAttributeOutput, error)
 	DescribeVolumeAttributeRequest(*ec2.DescribeVolumeAttributeInput) (*request.Request, *ec2.DescribeVolumeAttributeOutput)
@@ -853,6 +994,10 @@ type EC2API interface {
 	DetachVpnGatewayWithContext(aws.Context, *ec2.DetachVpnGatewayInput, ...request.Option) (*ec2.DetachVpnGatewayOutput, error)
 	DetachVpnGatewayRequest(*ec2.DetachVpnGatewayInput) (*request.Request, *ec2.DetachVpnGatewayOutput)
 
+	DisableTransitGatewayRouteTablePropagation(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error)
+	DisableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.DisableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error)
+	DisableTransitGatewayRouteTablePropagationRequest(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.DisableTransitGatewayRouteTablePropagationOutput)
+
 	DisableVgwRoutePropagation(*ec2.DisableVgwRoutePropagationInput) (*ec2.DisableVgwRoutePropagationOutput, error)
 	DisableVgwRoutePropagationWithContext(aws.Context, *ec2.DisableVgwRoutePropagationInput, ...request.Option) (*ec2.DisableVgwRoutePropagationOutput, error)
 	DisableVgwRoutePropagationRequest(*ec2.DisableVgwRoutePropagationInput) (*request.Request, *ec2.DisableVgwRoutePropagationOutput)
@@ -869,6 +1014,10 @@ type EC2API interface {
 	DisassociateAddressWithContext(aws.Context, *ec2.DisassociateAddressInput, ...request.Option) (*ec2.DisassociateAddressOutput, error)
 	DisassociateAddressRequest(*ec2.DisassociateAddressInput) (*request.Request, *ec2.DisassociateAddressOutput)
 
+	DisassociateClientVpnTargetNetwork(*ec2.DisassociateClientVpnTargetNetworkInput) (*ec2.DisassociateClientVpnTargetNetworkOutput, error)
+	DisassociateClientVpnTargetNetworkWithContext(aws.Context, *ec2.DisassociateClientVpnTargetNetworkInput, ...request.Option) (*ec2.DisassociateClientVpnTargetNetworkOutput, error)
+	DisassociateClientVpnTargetNetworkRequest(*ec2.DisassociateClientVpnTargetNetworkInput) (*request.Request, *ec2.DisassociateClientVpnTargetNetworkOutput)
+
 	DisassociateIamInstanceProfile(*ec2.DisassociateIamInstanceProfileInput) (*ec2.DisassociateIamInstanceProfileOutput, error)
 	DisassociateIamInstanceProfileWithContext(aws.Context, *ec2.DisassociateIamInstanceProfileInput, ...request.Option) (*ec2.DisassociateIamInstanceProfileOutput, error)
 	DisassociateIamInstanceProfileRequest(*ec2.DisassociateIamInstanceProfileInput) (*request.Request, *ec2.DisassociateIamInstanceProfileOutput)
@@ -881,10 +1030,18 @@ type EC2API interface {
 	DisassociateSubnetCidrBlockWithContext(aws.Context, *ec2.DisassociateSubnetCidrBlockInput, ...request.Option) (*ec2.DisassociateSubnetCidrBlockOutput, error)
 	DisassociateSubnetCidrBlockRequest(*ec2.DisassociateSubnetCidrBlockInput) (*request.Request, *ec2.DisassociateSubnetCidrBlockOutput)
 
+	DisassociateTransitGatewayRouteTable(*ec2.DisassociateTransitGatewayRouteTableInput) (*ec2.DisassociateTransitGatewayRouteTableOutput, error)
+	DisassociateTransitGatewayRouteTableWithContext(aws.Context, *ec2.DisassociateTransitGatewayRouteTableInput, ...request.Option) (*ec2.DisassociateTransitGatewayRouteTableOutput, error)
+	DisassociateTransitGatewayRouteTableRequest(*ec2.DisassociateTransitGatewayRouteTableInput) (*request.Request, *ec2.DisassociateTransitGatewayRouteTableOutput)
+
 	DisassociateVpcCidrBlock(*ec2.DisassociateVpcCidrBlockInput) (*ec2.DisassociateVpcCidrBlockOutput, error)
 	DisassociateVpcCidrBlockWithContext(aws.Context, *ec2.DisassociateVpcCidrBlockInput, ...request.Option) (*ec2.DisassociateVpcCidrBlockOutput, error)
 	DisassociateVpcCidrBlockRequest(*ec2.DisassociateVpcCidrBlockInput) (*request.Request, *ec2.DisassociateVpcCidrBlockOutput)
 
+	EnableTransitGatewayRouteTablePropagation(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error)
+	EnableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.EnableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error)
+	EnableTransitGatewayRouteTablePropagationRequest(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.EnableTransitGatewayRouteTablePropagationOutput)
+
 	EnableVgwRoutePropagation(*ec2.EnableVgwRoutePropagationInput) (*ec2.EnableVgwRoutePropagationOutput, error)
 	EnableVgwRoutePropagationWithContext(aws.Context, *ec2.EnableVgwRoutePropagationInput, ...request.Option) (*ec2.EnableVgwRoutePropagationOutput, error)
 	EnableVgwRoutePropagationRequest(*ec2.EnableVgwRoutePropagationInput) (*request.Request, *ec2.EnableVgwRoutePropagationOutput)
@@ -901,6 +1058,18 @@ type EC2API interface {
 	EnableVpcClassicLinkDnsSupportWithContext(aws.Context, *ec2.EnableVpcClassicLinkDnsSupportInput, ...request.Option) (*ec2.EnableVpcClassicLinkDnsSupportOutput, error)
 	EnableVpcClassicLinkDnsSupportRequest(*ec2.EnableVpcClassicLinkDnsSupportInput) (*request.Request, *ec2.EnableVpcClassicLinkDnsSupportOutput)
 
+	ExportClientVpnClientCertificateRevocationList(*ec2.ExportClientVpnClientCertificateRevocationListInput) (*ec2.ExportClientVpnClientCertificateRevocationListOutput, error)
+	ExportClientVpnClientCertificateRevocationListWithContext(aws.Context, *ec2.ExportClientVpnClientCertificateRevocationListInput, ...request.Option) (*ec2.ExportClientVpnClientCertificateRevocationListOutput, error)
+	ExportClientVpnClientCertificateRevocationListRequest(*ec2.ExportClientVpnClientCertificateRevocationListInput) (*request.Request, *ec2.ExportClientVpnClientCertificateRevocationListOutput)
+
+	ExportClientVpnClientConfiguration(*ec2.ExportClientVpnClientConfigurationInput) (*ec2.ExportClientVpnClientConfigurationOutput, error)
+	ExportClientVpnClientConfigurationWithContext(aws.Context, *ec2.ExportClientVpnClientConfigurationInput, ...request.Option) (*ec2.ExportClientVpnClientConfigurationOutput, error)
+	ExportClientVpnClientConfigurationRequest(*ec2.ExportClientVpnClientConfigurationInput) (*request.Request, *ec2.ExportClientVpnClientConfigurationOutput)
+
+	ExportTransitGatewayRoutes(*ec2.ExportTransitGatewayRoutesInput) (*ec2.ExportTransitGatewayRoutesOutput, error)
+	ExportTransitGatewayRoutesWithContext(aws.Context, *ec2.ExportTransitGatewayRoutesInput, ...request.Option) (*ec2.ExportTransitGatewayRoutesOutput, error)
+	ExportTransitGatewayRoutesRequest(*ec2.ExportTransitGatewayRoutesInput) (*request.Request, *ec2.ExportTransitGatewayRoutesOutput)
+
 	GetConsoleOutput(*ec2.GetConsoleOutputInput) (*ec2.GetConsoleOutputOutput, error)
 	GetConsoleOutputWithContext(aws.Context, *ec2.GetConsoleOutputInput, ...request.Option) (*ec2.GetConsoleOutputOutput, error)
 	GetConsoleOutputRequest(*ec2.GetConsoleOutputInput) (*request.Request, *ec2.GetConsoleOutputOutput)
@@ -925,6 +1094,22 @@ type EC2API interface {
 	GetReservedInstancesExchangeQuoteWithContext(aws.Context, *ec2.GetReservedInstancesExchangeQuoteInput, ...request.Option) (*ec2.GetReservedInstancesExchangeQuoteOutput, error)
 	GetReservedInstancesExchangeQuoteRequest(*ec2.GetReservedInstancesExchangeQuoteInput) (*request.Request, *ec2.GetReservedInstancesExchangeQuoteOutput)
 
+	GetTransitGatewayAttachmentPropagations(*ec2.GetTransitGatewayAttachmentPropagationsInput) (*ec2.GetTransitGatewayAttachmentPropagationsOutput, error)
+	GetTransitGatewayAttachmentPropagationsWithContext(aws.Context, *ec2.GetTransitGatewayAttachmentPropagationsInput, ...request.Option) (*ec2.GetTransitGatewayAttachmentPropagationsOutput, error)
+	GetTransitGatewayAttachmentPropagationsRequest(*ec2.GetTransitGatewayAttachmentPropagationsInput) (*request.Request, *ec2.GetTransitGatewayAttachmentPropagationsOutput)
+
+	GetTransitGatewayRouteTableAssociations(*ec2.GetTransitGatewayRouteTableAssociationsInput) (*ec2.GetTransitGatewayRouteTableAssociationsOutput, error)
+	GetTransitGatewayRouteTableAssociationsWithContext(aws.Context, *ec2.GetTransitGatewayRouteTableAssociationsInput, ...request.Option) (*ec2.GetTransitGatewayRouteTableAssociationsOutput, error)
+	GetTransitGatewayRouteTableAssociationsRequest(*ec2.GetTransitGatewayRouteTableAssociationsInput) (*request.Request, *ec2.GetTransitGatewayRouteTableAssociationsOutput)
+
+	GetTransitGatewayRouteTablePropagations(*ec2.GetTransitGatewayRouteTablePropagationsInput) (*ec2.GetTransitGatewayRouteTablePropagationsOutput, error)
+	GetTransitGatewayRouteTablePropagationsWithContext(aws.Context, *ec2.GetTransitGatewayRouteTablePropagationsInput, ...request.Option) (*ec2.GetTransitGatewayRouteTablePropagationsOutput, error)
+	GetTransitGatewayRouteTablePropagationsRequest(*ec2.GetTransitGatewayRouteTablePropagationsInput) (*request.Request, *ec2.GetTransitGatewayRouteTablePropagationsOutput)
+
+	ImportClientVpnClientCertificateRevocationList(*ec2.ImportClientVpnClientCertificateRevocationListInput) (*ec2.ImportClientVpnClientCertificateRevocationListOutput, error)
+	ImportClientVpnClientCertificateRevocationListWithContext(aws.Context, *ec2.ImportClientVpnClientCertificateRevocationListInput, ...request.Option) (*ec2.ImportClientVpnClientCertificateRevocationListOutput, error)
+	ImportClientVpnClientCertificateRevocationListRequest(*ec2.ImportClientVpnClientCertificateRevocationListInput) (*request.Request, *ec2.ImportClientVpnClientCertificateRevocationListOutput)
+
 	ImportImage(*ec2.ImportImageInput) (*ec2.ImportImageOutput, error)
 	ImportImageWithContext(aws.Context, *ec2.ImportImageInput, ...request.Option) (*ec2.ImportImageOutput, error)
 	ImportImageRequest(*ec2.ImportImageInput) (*request.Request, *ec2.ImportImageOutput)
@@ -945,6 +1130,14 @@ type EC2API interface {
 	ImportVolumeWithContext(aws.Context, *ec2.ImportVolumeInput, ...request.Option) (*ec2.ImportVolumeOutput, error)
 	ImportVolumeRequest(*ec2.ImportVolumeInput) (*request.Request, *ec2.ImportVolumeOutput)
 
+	ModifyCapacityReservation(*ec2.ModifyCapacityReservationInput) (*ec2.ModifyCapacityReservationOutput, error)
+	ModifyCapacityReservationWithContext(aws.Context, *ec2.ModifyCapacityReservationInput, ...request.Option) (*ec2.ModifyCapacityReservationOutput, error)
+	ModifyCapacityReservationRequest(*ec2.ModifyCapacityReservationInput) (*request.Request, *ec2.ModifyCapacityReservationOutput)
+
+	ModifyClientVpnEndpoint(*ec2.ModifyClientVpnEndpointInput) (*ec2.ModifyClientVpnEndpointOutput, error)
+	ModifyClientVpnEndpointWithContext(aws.Context, *ec2.ModifyClientVpnEndpointInput, ...request.Option) (*ec2.ModifyClientVpnEndpointOutput, error)
+	ModifyClientVpnEndpointRequest(*ec2.ModifyClientVpnEndpointInput) (*request.Request, *ec2.ModifyClientVpnEndpointOutput)
+
 	ModifyFleet(*ec2.ModifyFleetInput) (*ec2.ModifyFleetOutput, error)
 	ModifyFleetWithContext(aws.Context, *ec2.ModifyFleetInput, ...request.Option) (*ec2.ModifyFleetOutput, error)
 	ModifyFleetRequest(*ec2.ModifyFleetInput) (*request.Request, *ec2.ModifyFleetOutput)
@@ -973,6 +1166,10 @@ type EC2API interface {
 	ModifyInstanceAttributeWithContext(aws.Context, *ec2.ModifyInstanceAttributeInput, ...request.Option) (*ec2.ModifyInstanceAttributeOutput, error)
 	ModifyInstanceAttributeRequest(*ec2.ModifyInstanceAttributeInput) (*request.Request, *ec2.ModifyInstanceAttributeOutput)
 
+	ModifyInstanceCapacityReservationAttributes(*ec2.ModifyInstanceCapacityReservationAttributesInput) (*ec2.ModifyInstanceCapacityReservationAttributesOutput, error)
+	ModifyInstanceCapacityReservationAttributesWithContext(aws.Context, *ec2.ModifyInstanceCapacityReservationAttributesInput, ...request.Option) (*ec2.ModifyInstanceCapacityReservationAttributesOutput, error)
+	ModifyInstanceCapacityReservationAttributesRequest(*ec2.ModifyInstanceCapacityReservationAttributesInput) (*request.Request, *ec2.ModifyInstanceCapacityReservationAttributesOutput)
+
 	ModifyInstanceCreditSpecification(*ec2.ModifyInstanceCreditSpecificationInput) (*ec2.ModifyInstanceCreditSpecificationOutput, error)
 	ModifyInstanceCreditSpecificationWithContext(aws.Context, *ec2.ModifyInstanceCreditSpecificationInput, ...request.Option) (*ec2.ModifyInstanceCreditSpecificationOutput, error)
 	ModifyInstanceCreditSpecificationRequest(*ec2.ModifyInstanceCreditSpecificationInput) (*request.Request, *ec2.ModifyInstanceCreditSpecificationOutput)
@@ -1005,6 +1202,10 @@ type EC2API interface {
 	ModifySubnetAttributeWithContext(aws.Context, *ec2.ModifySubnetAttributeInput, ...request.Option) (*ec2.ModifySubnetAttributeOutput, error)
 	ModifySubnetAttributeRequest(*ec2.ModifySubnetAttributeInput) (*request.Request, *ec2.ModifySubnetAttributeOutput)
 
+	ModifyTransitGatewayVpcAttachment(*ec2.ModifyTransitGatewayVpcAttachmentInput) (*ec2.ModifyTransitGatewayVpcAttachmentOutput, error)
+	ModifyTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.ModifyTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.ModifyTransitGatewayVpcAttachmentOutput, error)
+	ModifyTransitGatewayVpcAttachmentRequest(*ec2.ModifyTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.ModifyTransitGatewayVpcAttachmentOutput)
+
 	ModifyVolume(*ec2.ModifyVolumeInput) (*ec2.ModifyVolumeOutput, error)
 	ModifyVolumeWithContext(aws.Context, *ec2.ModifyVolumeInput, ...request.Option) (*ec2.ModifyVolumeOutput, error)
 	ModifyVolumeRequest(*ec2.ModifyVolumeInput) (*request.Request, *ec2.ModifyVolumeOutput)
@@ -1049,6 +1250,10 @@ type EC2API interface {
 	MoveAddressToVpcWithContext(aws.Context, *ec2.MoveAddressToVpcInput, ...request.Option) (*ec2.MoveAddressToVpcOutput, error)
 	MoveAddressToVpcRequest(*ec2.MoveAddressToVpcInput) (*request.Request, *ec2.MoveAddressToVpcOutput)
 
+	ProvisionByoipCidr(*ec2.ProvisionByoipCidrInput) (*ec2.ProvisionByoipCidrOutput, error)
+	ProvisionByoipCidrWithContext(aws.Context, *ec2.ProvisionByoipCidrInput, ...request.Option) (*ec2.ProvisionByoipCidrOutput, error)
+	ProvisionByoipCidrRequest(*ec2.ProvisionByoipCidrInput) (*request.Request, *ec2.ProvisionByoipCidrOutput)
+
 	PurchaseHostReservation(*ec2.PurchaseHostReservationInput) (*ec2.PurchaseHostReservationOutput, error)
 	PurchaseHostReservationWithContext(aws.Context, *ec2.PurchaseHostReservationInput, ...request.Option) (*ec2.PurchaseHostReservationOutput, error)
 	PurchaseHostReservationRequest(*ec2.PurchaseHostReservationInput) (*request.Request, *ec2.PurchaseHostReservationOutput)
@@ -1069,6 +1274,10 @@ type EC2API interface {
 	RegisterImageWithContext(aws.Context, *ec2.RegisterImageInput, ...request.Option) (*ec2.RegisterImageOutput, error)
 	RegisterImageRequest(*ec2.RegisterImageInput) (*request.Request, *ec2.RegisterImageOutput)
 
+	RejectTransitGatewayVpcAttachment(*ec2.RejectTransitGatewayVpcAttachmentInput) (*ec2.RejectTransitGatewayVpcAttachmentOutput, error)
+	RejectTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.RejectTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.RejectTransitGatewayVpcAttachmentOutput, error)
+	RejectTransitGatewayVpcAttachmentRequest(*ec2.RejectTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.RejectTransitGatewayVpcAttachmentOutput)
+
 	RejectVpcEndpointConnections(*ec2.RejectVpcEndpointConnectionsInput) (*ec2.RejectVpcEndpointConnectionsOutput, error)
 	RejectVpcEndpointConnectionsWithContext(aws.Context, *ec2.RejectVpcEndpointConnectionsInput, ...request.Option) (*ec2.RejectVpcEndpointConnectionsOutput, error)
 	RejectVpcEndpointConnectionsRequest(*ec2.RejectVpcEndpointConnectionsInput) (*request.Request, *ec2.RejectVpcEndpointConnectionsOutput)
@@ -1105,6 +1314,10 @@ type EC2API interface {
 	ReplaceRouteTableAssociationWithContext(aws.Context, *ec2.ReplaceRouteTableAssociationInput, ...request.Option) (*ec2.ReplaceRouteTableAssociationOutput, error)
 	ReplaceRouteTableAssociationRequest(*ec2.ReplaceRouteTableAssociationInput) (*request.Request, *ec2.ReplaceRouteTableAssociationOutput)
 
+	ReplaceTransitGatewayRoute(*ec2.ReplaceTransitGatewayRouteInput) (*ec2.ReplaceTransitGatewayRouteOutput, error)
+	ReplaceTransitGatewayRouteWithContext(aws.Context, *ec2.ReplaceTransitGatewayRouteInput, ...request.Option) (*ec2.ReplaceTransitGatewayRouteOutput, error)
+	ReplaceTransitGatewayRouteRequest(*ec2.ReplaceTransitGatewayRouteInput) (*request.Request, *ec2.ReplaceTransitGatewayRouteOutput)
+
 	ReportInstanceStatus(*ec2.ReportInstanceStatusInput) (*ec2.ReportInstanceStatusOutput, error)
 	ReportInstanceStatusWithContext(aws.Context, *ec2.ReportInstanceStatusInput, ...request.Option) (*ec2.ReportInstanceStatusOutput, error)
 	ReportInstanceStatusRequest(*ec2.ReportInstanceStatusInput) (*request.Request, *ec2.ReportInstanceStatusOutput)
@@ -1141,6 +1354,10 @@ type EC2API interface {
 	RestoreAddressToClassicWithContext(aws.Context, *ec2.RestoreAddressToClassicInput, ...request.Option) (*ec2.RestoreAddressToClassicOutput, error)
 	RestoreAddressToClassicRequest(*ec2.RestoreAddressToClassicInput) (*request.Request, *ec2.RestoreAddressToClassicOutput)
 
+	RevokeClientVpnIngress(*ec2.RevokeClientVpnIngressInput) (*ec2.RevokeClientVpnIngressOutput, error)
+	RevokeClientVpnIngressWithContext(aws.Context, *ec2.RevokeClientVpnIngressInput, ...request.Option) (*ec2.RevokeClientVpnIngressOutput, error)
+	RevokeClientVpnIngressRequest(*ec2.RevokeClientVpnIngressInput) (*request.Request, *ec2.RevokeClientVpnIngressOutput)
+
 	RevokeSecurityGroupEgress(*ec2.RevokeSecurityGroupEgressInput) (*ec2.RevokeSecurityGroupEgressOutput, error)
 	RevokeSecurityGroupEgressWithContext(aws.Context, *ec2.RevokeSecurityGroupEgressInput, ...request.Option) (*ec2.RevokeSecurityGroupEgressOutput, error)
 	RevokeSecurityGroupEgressRequest(*ec2.RevokeSecurityGroupEgressInput) (*request.Request, *ec2.RevokeSecurityGroupEgressOutput)
@@ -1157,6 +1374,10 @@ type EC2API interface {
 	RunScheduledInstancesWithContext(aws.Context, *ec2.RunScheduledInstancesInput, ...request.Option) (*ec2.RunScheduledInstancesOutput, error)
 	RunScheduledInstancesRequest(*ec2.RunScheduledInstancesInput) (*request.Request, *ec2.RunScheduledInstancesOutput)
 
+	SearchTransitGatewayRoutes(*ec2.SearchTransitGatewayRoutesInput) (*ec2.SearchTransitGatewayRoutesOutput, error)
+	SearchTransitGatewayRoutesWithContext(aws.Context, *ec2.SearchTransitGatewayRoutesInput, ...request.Option) (*ec2.SearchTransitGatewayRoutesOutput, error)
+	SearchTransitGatewayRoutesRequest(*ec2.SearchTransitGatewayRoutesInput) (*request.Request, *ec2.SearchTransitGatewayRoutesOutput)
+
 	StartInstances(*ec2.StartInstancesInput) (*ec2.StartInstancesOutput, error)
 	StartInstancesWithContext(aws.Context, *ec2.StartInstancesInput, ...request.Option) (*ec2.StartInstancesOutput, error)
 	StartInstancesRequest(*ec2.StartInstancesInput) (*request.Request, *ec2.StartInstancesOutput)
@@ -1165,6 +1386,10 @@ type EC2API interface {
 	StopInstancesWithContext(aws.Context, *ec2.StopInstancesInput, ...request.Option) (*ec2.StopInstancesOutput, error)
 	StopInstancesRequest(*ec2.StopInstancesInput) (*request.Request, *ec2.StopInstancesOutput)
 
+	TerminateClientVpnConnections(*ec2.TerminateClientVpnConnectionsInput) (*ec2.TerminateClientVpnConnectionsOutput, error)
+	TerminateClientVpnConnectionsWithContext(aws.Context, *ec2.TerminateClientVpnConnectionsInput, ...request.Option) (*ec2.TerminateClientVpnConnectionsOutput, error)
+	TerminateClientVpnConnectionsRequest(*ec2.TerminateClientVpnConnectionsInput) (*request.Request, *ec2.TerminateClientVpnConnectionsOutput)
+
 	TerminateInstances(*ec2.TerminateInstancesInput) (*ec2.TerminateInstancesOutput, error)
 	TerminateInstancesWithContext(aws.Context, *ec2.TerminateInstancesInput, ...request.Option) (*ec2.TerminateInstancesOutput, error)
 	TerminateInstancesRequest(*ec2.TerminateInstancesInput) (*request.Request, *ec2.TerminateInstancesOutput)
@@ -1189,6 +1414,10 @@ type EC2API interface {
 	UpdateSecurityGroupRuleDescriptionsIngressWithContext(aws.Context, *ec2.UpdateSecurityGroupRuleDescriptionsIngressInput, ...request.Option) (*ec2.UpdateSecurityGroupRuleDescriptionsIngressOutput, error)
 	UpdateSecurityGroupRuleDescriptionsIngressRequest(*ec2.UpdateSecurityGroupRuleDescriptionsIngressInput) (*request.Request, *ec2.UpdateSecurityGroupRuleDescriptionsIngressOutput)
 
+	WithdrawByoipCidr(*ec2.WithdrawByoipCidrInput) (*ec2.WithdrawByoipCidrOutput, error)
+	WithdrawByoipCidrWithContext(aws.Context, *ec2.WithdrawByoipCidrInput, ...request.Option) (*ec2.WithdrawByoipCidrOutput, error)
+	WithdrawByoipCidrRequest(*ec2.WithdrawByoipCidrInput) (*request.Request, *ec2.WithdrawByoipCidrOutput)
+
 	WaitUntilBundleTaskComplete(*ec2.DescribeBundleTasksInput) error
 	WaitUntilBundleTaskCompleteWithContext(aws.Context, *ec2.DescribeBundleTasksInput, ...request.WaiterOption) error
 

vendor/github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi/api.go

@@ -0,0 +1,1311 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package resourcegroupstaggingapi
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awsutil"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+const opGetResources = "GetResources"
+
+// GetResourcesRequest generates a "aws/request.Request" representing the
+// client's request for the GetResources operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetResources for more information on using the GetResources
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetResourcesRequest method.
+//    req, resp := client.GetResourcesRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/GetResources
+func (c *ResourceGroupsTaggingAPI) GetResourcesRequest(input *GetResourcesInput) (req *request.Request, output *GetResourcesOutput) {
+	op := &request.Operation{
+		Name:       opGetResources,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"PaginationToken"},
+			OutputTokens:    []string{"PaginationToken"},
+			LimitToken:      "ResourcesPerPage",
+			TruncationToken: "",
+		},
+	}
+
+	if input == nil {
+		input = &GetResourcesInput{}
+	}
+
+	output = &GetResourcesOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetResources API operation for AWS Resource Groups Tagging API.
+//
+// Returns all the tagged resources that are associated with the specified tags
+// (keys and values) located in the specified region for the AWS account. The
+// tags and the resource types that you specify in the request are known as
+// filters. The response includes all tags that are associated with the requested
+// resources. If no filter is provided, this action returns a paginated resource
+// list with the associated tags.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Groups Tagging API's
+// API operation GetResources for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterException "InvalidParameterException"
+//   A parameter is missing or a malformed string or invalid or out-of-range value
+//   was supplied for the request parameter.
+//
+//   * ErrCodeThrottledException "ThrottledException"
+//   The request was denied to limit the frequency of submitted requests.
+//
+//   * ErrCodeInternalServiceException "InternalServiceException"
+//   The request processing failed because of an unknown error, exception, or
+//   failure. You can retry the request.
+//
+//   * ErrCodePaginationTokenExpiredException "PaginationTokenExpiredException"
+//   A PaginationToken is valid for a maximum of 15 minutes. Your request was
+//   denied because the specified PaginationToken has expired.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/GetResources
+func (c *ResourceGroupsTaggingAPI) GetResources(input *GetResourcesInput) (*GetResourcesOutput, error) {
+	req, out := c.GetResourcesRequest(input)
+	return out, req.Send()
+}
+
+// GetResourcesWithContext is the same as GetResources with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetResources for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ResourceGroupsTaggingAPI) GetResourcesWithContext(ctx aws.Context, input *GetResourcesInput, opts ...request.Option) (*GetResourcesOutput, error) {
+	req, out := c.GetResourcesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// GetResourcesPages iterates over the pages of a GetResources operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See GetResources method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//    // Example iterating over at most 3 pages of a GetResources operation.
+//    pageNum := 0
+//    err := client.GetResourcesPages(params,
+//        func(page *GetResourcesOutput, lastPage bool) bool {
+//            pageNum++
+//            fmt.Println(page)
+//            return pageNum <= 3
+//        })
+//
+func (c *ResourceGroupsTaggingAPI) GetResourcesPages(input *GetResourcesInput, fn func(*GetResourcesOutput, bool) bool) error {
+	return c.GetResourcesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// GetResourcesPagesWithContext same as GetResourcesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ResourceGroupsTaggingAPI) GetResourcesPagesWithContext(ctx aws.Context, input *GetResourcesInput, fn func(*GetResourcesOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *GetResourcesInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.GetResourcesRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	cont := true
+	for p.Next() && cont {
+		cont = fn(p.Page().(*GetResourcesOutput), !p.HasNextPage())
+	}
+	return p.Err()
+}
+
+const opGetTagKeys = "GetTagKeys"
+
+// GetTagKeysRequest generates a "aws/request.Request" representing the
+// client's request for the GetTagKeys operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetTagKeys for more information on using the GetTagKeys
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetTagKeysRequest method.
+//    req, resp := client.GetTagKeysRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/GetTagKeys
+func (c *ResourceGroupsTaggingAPI) GetTagKeysRequest(input *GetTagKeysInput) (req *request.Request, output *GetTagKeysOutput) {
+	op := &request.Operation{
+		Name:       opGetTagKeys,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"PaginationToken"},
+			OutputTokens:    []string{"PaginationToken"},
+			LimitToken:      "",
+			TruncationToken: "",
+		},
+	}
+
+	if input == nil {
+		input = &GetTagKeysInput{}
+	}
+
+	output = &GetTagKeysOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetTagKeys API operation for AWS Resource Groups Tagging API.
+//
+// Returns all tag keys in the specified region for the AWS account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Groups Tagging API's
+// API operation GetTagKeys for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterException "InvalidParameterException"
+//   A parameter is missing or a malformed string or invalid or out-of-range value
+//   was supplied for the request parameter.
+//
+//   * ErrCodeThrottledException "ThrottledException"
+//   The request was denied to limit the frequency of submitted requests.
+//
+//   * ErrCodeInternalServiceException "InternalServiceException"
+//   The request processing failed because of an unknown error, exception, or
+//   failure. You can retry the request.
+//
+//   * ErrCodePaginationTokenExpiredException "PaginationTokenExpiredException"
+//   A PaginationToken is valid for a maximum of 15 minutes. Your request was
+//   denied because the specified PaginationToken has expired.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/GetTagKeys
+func (c *ResourceGroupsTaggingAPI) GetTagKeys(input *GetTagKeysInput) (*GetTagKeysOutput, error) {
+	req, out := c.GetTagKeysRequest(input)
+	return out, req.Send()
+}
+
+// GetTagKeysWithContext is the same as GetTagKeys with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetTagKeys for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ResourceGroupsTaggingAPI) GetTagKeysWithContext(ctx aws.Context, input *GetTagKeysInput, opts ...request.Option) (*GetTagKeysOutput, error) {
+	req, out := c.GetTagKeysRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// GetTagKeysPages iterates over the pages of a GetTagKeys operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See GetTagKeys method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//    // Example iterating over at most 3 pages of a GetTagKeys operation.
+//    pageNum := 0
+//    err := client.GetTagKeysPages(params,
+//        func(page *GetTagKeysOutput, lastPage bool) bool {
+//            pageNum++
+//            fmt.Println(page)
+//            return pageNum <= 3
+//        })
+//
+func (c *ResourceGroupsTaggingAPI) GetTagKeysPages(input *GetTagKeysInput, fn func(*GetTagKeysOutput, bool) bool) error {
+	return c.GetTagKeysPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// GetTagKeysPagesWithContext same as GetTagKeysPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ResourceGroupsTaggingAPI) GetTagKeysPagesWithContext(ctx aws.Context, input *GetTagKeysInput, fn func(*GetTagKeysOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *GetTagKeysInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.GetTagKeysRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	cont := true
+	for p.Next() && cont {
+		cont = fn(p.Page().(*GetTagKeysOutput), !p.HasNextPage())
+	}
+	return p.Err()
+}
+
+const opGetTagValues = "GetTagValues"
+
+// GetTagValuesRequest generates a "aws/request.Request" representing the
+// client's request for the GetTagValues operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetTagValues for more information on using the GetTagValues
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetTagValuesRequest method.
+//    req, resp := client.GetTagValuesRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/GetTagValues
+func (c *ResourceGroupsTaggingAPI) GetTagValuesRequest(input *GetTagValuesInput) (req *request.Request, output *GetTagValuesOutput) {
+	op := &request.Operation{
+		Name:       opGetTagValues,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"PaginationToken"},
+			OutputTokens:    []string{"PaginationToken"},
+			LimitToken:      "",
+			TruncationToken: "",
+		},
+	}
+
+	if input == nil {
+		input = &GetTagValuesInput{}
+	}
+
+	output = &GetTagValuesOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetTagValues API operation for AWS Resource Groups Tagging API.
+//
+// Returns all tag values for the specified key in the specified region for
+// the AWS account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Groups Tagging API's
+// API operation GetTagValues for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterException "InvalidParameterException"
+//   A parameter is missing or a malformed string or invalid or out-of-range value
+//   was supplied for the request parameter.
+//
+//   * ErrCodeThrottledException "ThrottledException"
+//   The request was denied to limit the frequency of submitted requests.
+//
+//   * ErrCodeInternalServiceException "InternalServiceException"
+//   The request processing failed because of an unknown error, exception, or
+//   failure. You can retry the request.
+//
+//   * ErrCodePaginationTokenExpiredException "PaginationTokenExpiredException"
+//   A PaginationToken is valid for a maximum of 15 minutes. Your request was
+//   denied because the specified PaginationToken has expired.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/GetTagValues
+func (c *ResourceGroupsTaggingAPI) GetTagValues(input *GetTagValuesInput) (*GetTagValuesOutput, error) {
+	req, out := c.GetTagValuesRequest(input)
+	return out, req.Send()
+}
+
+// GetTagValuesWithContext is the same as GetTagValues with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetTagValues for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ResourceGroupsTaggingAPI) GetTagValuesWithContext(ctx aws.Context, input *GetTagValuesInput, opts ...request.Option) (*GetTagValuesOutput, error) {
+	req, out := c.GetTagValuesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// GetTagValuesPages iterates over the pages of a GetTagValues operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See GetTagValues method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//    // Example iterating over at most 3 pages of a GetTagValues operation.
+//    pageNum := 0
+//    err := client.GetTagValuesPages(params,
+//        func(page *GetTagValuesOutput, lastPage bool) bool {
+//            pageNum++
+//            fmt.Println(page)
+//            return pageNum <= 3
+//        })
+//
+func (c *ResourceGroupsTaggingAPI) GetTagValuesPages(input *GetTagValuesInput, fn func(*GetTagValuesOutput, bool) bool) error {
+	return c.GetTagValuesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// GetTagValuesPagesWithContext same as GetTagValuesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ResourceGroupsTaggingAPI) GetTagValuesPagesWithContext(ctx aws.Context, input *GetTagValuesInput, fn func(*GetTagValuesOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *GetTagValuesInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.GetTagValuesRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	cont := true
+	for p.Next() && cont {
+		cont = fn(p.Page().(*GetTagValuesOutput), !p.HasNextPage())
+	}
+	return p.Err()
+}
+
+const opTagResources = "TagResources"
+
+// TagResourcesRequest generates a "aws/request.Request" representing the
+// client's request for the TagResources operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See TagResources for more information on using the TagResources
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the TagResourcesRequest method.
+//    req, resp := client.TagResourcesRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/TagResources
+func (c *ResourceGroupsTaggingAPI) TagResourcesRequest(input *TagResourcesInput) (req *request.Request, output *TagResourcesOutput) {
+	op := &request.Operation{
+		Name:       opTagResources,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &TagResourcesInput{}
+	}
+
+	output = &TagResourcesOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// TagResources API operation for AWS Resource Groups Tagging API.
+//
+// Applies one or more tags to the specified resources. Note the following:
+//
+//    * Not all resources can have tags. For a list of resources that support
+//    tagging, see Supported Resources (http://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/supported-resources.html)
+//    in the AWS Resource Groups and Tag Editor User Guide.
+//
+//    * Each resource can have up to 50 tags. For other limits, see Tag Restrictions
+//    (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-restrictions)
+//    in the Amazon EC2 User Guide for Linux Instances.
+//
+//    * You can only tag resources that are located in the specified region
+//    for the AWS account.
+//
+//    * To add tags to a resource, you need the necessary permissions for the
+//    service that the resource belongs to as well as permissions for adding
+//    tags. For more information, see Obtaining Permissions for Tagging (http://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/obtaining-permissions-for-tagging.html)
+//    in the AWS Resource Groups and Tag Editor User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Groups Tagging API's
+// API operation TagResources for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterException "InvalidParameterException"
+//   A parameter is missing or a malformed string or invalid or out-of-range value
+//   was supplied for the request parameter.
+//
+//   * ErrCodeThrottledException "ThrottledException"
+//   The request was denied to limit the frequency of submitted requests.
+//
+//   * ErrCodeInternalServiceException "InternalServiceException"
+//   The request processing failed because of an unknown error, exception, or
+//   failure. You can retry the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/TagResources
+func (c *ResourceGroupsTaggingAPI) TagResources(input *TagResourcesInput) (*TagResourcesOutput, error) {
+	req, out := c.TagResourcesRequest(input)
+	return out, req.Send()
+}
+
+// TagResourcesWithContext is the same as TagResources with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TagResources for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ResourceGroupsTaggingAPI) TagResourcesWithContext(ctx aws.Context, input *TagResourcesInput, opts ...request.Option) (*TagResourcesOutput, error) {
+	req, out := c.TagResourcesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opUntagResources = "UntagResources"
+
+// UntagResourcesRequest generates a "aws/request.Request" representing the
+// client's request for the UntagResources operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UntagResources for more information on using the UntagResources
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the UntagResourcesRequest method.
+//    req, resp := client.UntagResourcesRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/UntagResources
+func (c *ResourceGroupsTaggingAPI) UntagResourcesRequest(input *UntagResourcesInput) (req *request.Request, output *UntagResourcesOutput) {
+	op := &request.Operation{
+		Name:       opUntagResources,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &UntagResourcesInput{}
+	}
+
+	output = &UntagResourcesOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// UntagResources API operation for AWS Resource Groups Tagging API.
+//
+// Removes the specified tags from the specified resources. When you specify
+// a tag key, the action removes both that key and its associated value. The
+// operation succeeds even if you attempt to remove tags from a resource that
+// were already removed. Note the following:
+//
+//    * To remove tags from a resource, you need the necessary permissions for
+//    the service that the resource belongs to as well as permissions for removing
+//    tags. For more information, see Obtaining Permissions for Tagging (http://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/obtaining-permissions-for-tagging.html)
+//    in the AWS Resource Groups and Tag Editor User Guide.
+//
+//    * You can only tag resources that are located in the specified region
+//    for the AWS account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Groups Tagging API's
+// API operation UntagResources for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterException "InvalidParameterException"
+//   A parameter is missing or a malformed string or invalid or out-of-range value
+//   was supplied for the request parameter.
+//
+//   * ErrCodeThrottledException "ThrottledException"
+//   The request was denied to limit the frequency of submitted requests.
+//
+//   * ErrCodeInternalServiceException "InternalServiceException"
+//   The request processing failed because of an unknown error, exception, or
+//   failure. You can retry the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26/UntagResources
+func (c *ResourceGroupsTaggingAPI) UntagResources(input *UntagResourcesInput) (*UntagResourcesOutput, error) {
+	req, out := c.UntagResourcesRequest(input)
+	return out, req.Send()
+}
+
+// UntagResourcesWithContext is the same as UntagResources with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UntagResources for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ResourceGroupsTaggingAPI) UntagResourcesWithContext(ctx aws.Context, input *UntagResourcesInput, opts ...request.Option) (*UntagResourcesOutput, error) {
+	req, out := c.UntagResourcesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// Details of the common errors that all actions return.
+type FailureInfo struct {
+	_ struct{} `type:"structure"`
+
+	// The code of the common error. Valid values include InternalServiceException,
+	// InvalidParameterException, and any valid error code returned by the AWS service
+	// that hosts the resource that you want to tag.
+	ErrorCode *string `type:"string" enum:"ErrorCode"`
+
+	// The message of the common error.
+	ErrorMessage *string `type:"string"`
+
+	// The HTTP status code of the common error.
+	StatusCode *int64 `type:"integer"`
+}
+
+// String returns the string representation
+func (s FailureInfo) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s FailureInfo) GoString() string {
+	return s.String()
+}
+
+// SetErrorCode sets the ErrorCode field's value.
+func (s *FailureInfo) SetErrorCode(v string) *FailureInfo {
+	s.ErrorCode = &v
+	return s
+}
+
+// SetErrorMessage sets the ErrorMessage field's value.
+func (s *FailureInfo) SetErrorMessage(v string) *FailureInfo {
+	s.ErrorMessage = &v
+	return s
+}
+
+// SetStatusCode sets the StatusCode field's value.
+func (s *FailureInfo) SetStatusCode(v int64) *FailureInfo {
+	s.StatusCode = &v
+	return s
+}
+
+type GetResourcesInput struct {
+	_ struct{} `type:"structure"`
+
+	// A string that indicates that additional data is available. Leave this value
+	// empty for your initial request. If the response includes a PaginationToken,
+	// use that string for this value to request an additional page of data.
+	PaginationToken *string `type:"string"`
+
+	// The constraints on the resources that you want returned. The format of each
+	// resource type is service[:resourceType]. For example, specifying a resource
+	// type of ec2 returns all tagged Amazon EC2 resources (which includes tagged
+	// EC2 instances). Specifying a resource type of ec2:instance returns only EC2
+	// instances.
+	//
+	// The string for each service name and resource type is the same as that embedded
+	// in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference
+	// for the following:
+	//
+	//    * For a list of service name strings, see AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces).
+	//
+	//    * For resource type strings, see Example ARNs (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-syntax).
+	//
+	//    * For more information about ARNs, see Amazon Resource Names (ARNs) and
+	//    AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+	ResourceTypeFilters []*string `type:"list"`
+
+	// A limit that restricts the number of resources returned by GetResources in
+	// paginated output. You can set ResourcesPerPage to a minimum of 1 item and
+	// the maximum of 50 items.
+	ResourcesPerPage *int64 `type:"integer"`
+
+	// A list of tags (keys and values). A request can include up to 50 keys, and
+	// each key can include up to 20 values.
+	//
+	// If you specify multiple filters connected by an AND operator in a single
+	// request, the response returns only those resources that are associated with
+	// every specified filter.
+	//
+	// If you specify multiple filters connected by an OR operator in a single request,
+	// the response returns all resources that are associated with at least one
+	// or possibly more of the specified filters.
+	TagFilters []*TagFilter `type:"list"`
+
+	// A limit that restricts the number of tags (key and value pairs) returned
+	// by GetResources in paginated output. A resource with no tags is counted as
+	// having one tag (one key and value pair).
+	//
+	// GetResources does not split a resource and its associated tags across pages.
+	// If the specified TagsPerPage would cause such a break, a PaginationToken
+	// is returned in place of the affected resource and its tags. Use that token
+	// in another request to get the remaining data. For example, if you specify
+	// a TagsPerPage of 100 and the account has 22 resources with 10 tags each (meaning
+	// that each resource has 10 key and value pairs), the output will consist of
+	// 3 pages, with the first page displaying the first 10 resources, each with
+	// its 10 tags, the second page displaying the next 10 resources each with its
+	// 10 tags, and the third page displaying the remaining 2 resources, each with
+	// its 10 tags.
+	//
+	// You can set TagsPerPage
+	TagsPerPage *int64 `type:"integer"`
+}
+
+// String returns the string representation
+func (s GetResourcesInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetResourcesInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetResourcesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetResourcesInput"}
+	if s.TagFilters != nil {
+		for i, v := range s.TagFilters {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "TagFilters", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetPaginationToken sets the PaginationToken field's value.
+func (s *GetResourcesInput) SetPaginationToken(v string) *GetResourcesInput {
+	s.PaginationToken = &v
+	return s
+}
+
+// SetResourceTypeFilters sets the ResourceTypeFilters field's value.
+func (s *GetResourcesInput) SetResourceTypeFilters(v []*string) *GetResourcesInput {
+	s.ResourceTypeFilters = v
+	return s
+}
+
+// SetResourcesPerPage sets the ResourcesPerPage field's value.
+func (s *GetResourcesInput) SetResourcesPerPage(v int64) *GetResourcesInput {
+	s.ResourcesPerPage = &v
+	return s
+}
+
+// SetTagFilters sets the TagFilters field's value.
+func (s *GetResourcesInput) SetTagFilters(v []*TagFilter) *GetResourcesInput {
+	s.TagFilters = v
+	return s
+}
+
+// SetTagsPerPage sets the TagsPerPage field's value.
+func (s *GetResourcesInput) SetTagsPerPage(v int64) *GetResourcesInput {
+	s.TagsPerPage = &v
+	return s
+}
+
+type GetResourcesOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A string that indicates that the response contains more data than can be
+	// returned in a single response. To receive additional data, specify this string
+	// for the PaginationToken value in a subsequent request.
+	PaginationToken *string `type:"string"`
+
+	// A list of resource ARNs and the tags (keys and values) associated with each.
+	ResourceTagMappingList []*ResourceTagMapping `type:"list"`
+}
+
+// String returns the string representation
+func (s GetResourcesOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetResourcesOutput) GoString() string {
+	return s.String()
+}
+
+// SetPaginationToken sets the PaginationToken field's value.
+func (s *GetResourcesOutput) SetPaginationToken(v string) *GetResourcesOutput {
+	s.PaginationToken = &v
+	return s
+}
+
+// SetResourceTagMappingList sets the ResourceTagMappingList field's value.
+func (s *GetResourcesOutput) SetResourceTagMappingList(v []*ResourceTagMapping) *GetResourcesOutput {
+	s.ResourceTagMappingList = v
+	return s
+}
+
+type GetTagKeysInput struct {
+	_ struct{} `type:"structure"`
+
+	// A string that indicates that additional data is available. Leave this value
+	// empty for your initial request. If the response includes a PaginationToken,
+	// use that string for this value to request an additional page of data.
+	PaginationToken *string `type:"string"`
+}
+
+// String returns the string representation
+func (s GetTagKeysInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetTagKeysInput) GoString() string {
+	return s.String()
+}
+
+// SetPaginationToken sets the PaginationToken field's value.
+func (s *GetTagKeysInput) SetPaginationToken(v string) *GetTagKeysInput {
+	s.PaginationToken = &v
+	return s
+}
+
+type GetTagKeysOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A string that indicates that the response contains more data than can be
+	// returned in a single response. To receive additional data, specify this string
+	// for the PaginationToken value in a subsequent request.
+	PaginationToken *string `type:"string"`
+
+	// A list of all tag keys in the AWS account.
+	TagKeys []*string `type:"list"`
+}
+
+// String returns the string representation
+func (s GetTagKeysOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetTagKeysOutput) GoString() string {
+	return s.String()
+}
+
+// SetPaginationToken sets the PaginationToken field's value.
+func (s *GetTagKeysOutput) SetPaginationToken(v string) *GetTagKeysOutput {
+	s.PaginationToken = &v
+	return s
+}
+
+// SetTagKeys sets the TagKeys field's value.
+func (s *GetTagKeysOutput) SetTagKeys(v []*string) *GetTagKeysOutput {
+	s.TagKeys = v
+	return s
+}
+
+type GetTagValuesInput struct {
+	_ struct{} `type:"structure"`
+
+	// The key for which you want to list all existing values in the specified region
+	// for the AWS account.
+	//
+	// Key is a required field
+	Key *string `min:"1" type:"string" required:"true"`
+
+	// A string that indicates that additional data is available. Leave this value
+	// empty for your initial request. If the response includes a PaginationToken,
+	// use that string for this value to request an additional page of data.
+	PaginationToken *string `type:"string"`
+}
+
+// String returns the string representation
+func (s GetTagValuesInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetTagValuesInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetTagValuesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetTagValuesInput"}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *GetTagValuesInput) SetKey(v string) *GetTagValuesInput {
+	s.Key = &v
+	return s
+}
+
+// SetPaginationToken sets the PaginationToken field's value.
+func (s *GetTagValuesInput) SetPaginationToken(v string) *GetTagValuesInput {
+	s.PaginationToken = &v
+	return s
+}
+
+type GetTagValuesOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A string that indicates that the response contains more data than can be
+	// returned in a single response. To receive additional data, specify this string
+	// for the PaginationToken value in a subsequent request.
+	PaginationToken *string `type:"string"`
+
+	// A list of all tag values for the specified key in the AWS account.
+	TagValues []*string `type:"list"`
+}
+
+// String returns the string representation
+func (s GetTagValuesOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetTagValuesOutput) GoString() string {
+	return s.String()
+}
+
+// SetPaginationToken sets the PaginationToken field's value.
+func (s *GetTagValuesOutput) SetPaginationToken(v string) *GetTagValuesOutput {
+	s.PaginationToken = &v
+	return s
+}
+
+// SetTagValues sets the TagValues field's value.
+func (s *GetTagValuesOutput) SetTagValues(v []*string) *GetTagValuesOutput {
+	s.TagValues = v
+	return s
+}
+
+// A list of resource ARNs and the tags (keys and values) that are associated
+// with each.
+type ResourceTagMapping struct {
+	_ struct{} `type:"structure"`
+
+	// An array of resource ARN(s).
+	ResourceARN *string `min:"1" type:"string"`
+
+	// The tags that have been applied to one or more AWS resources.
+	Tags []*Tag `type:"list"`
+}
+
+// String returns the string representation
+func (s ResourceTagMapping) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ResourceTagMapping) GoString() string {
+	return s.String()
+}
+
+// SetResourceARN sets the ResourceARN field's value.
+func (s *ResourceTagMapping) SetResourceARN(v string) *ResourceTagMapping {
+	s.ResourceARN = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *ResourceTagMapping) SetTags(v []*Tag) *ResourceTagMapping {
+	s.Tags = v
+	return s
+}
+
+// The metadata that you apply to AWS resources to help you categorize and organize
+// them. Each tag consists of a key and an optional value, both of which you
+// define. For more information, see Tag Basics (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-basics)
+// in the Amazon EC2 User Guide for Linux Instances.
+type Tag struct {
+	_ struct{} `type:"structure"`
+
+	// One part of a key-value pair that make up a tag. A key is a general label
+	// that acts like a category for more specific tag values.
+	//
+	// Key is a required field
+	Key *string `min:"1" type:"string" required:"true"`
+
+	// The optional part of a key-value pair that make up a tag. A value acts as
+	// a descriptor within a tag category (key).
+	//
+	// Value is a required field
+	Value *string `type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s Tag) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s Tag) GoString() string {
+	return s.String()
+}
+
+// SetKey sets the Key field's value.
+func (s *Tag) SetKey(v string) *Tag {
+	s.Key = &v
+	return s
+}
+
+// SetValue sets the Value field's value.
+func (s *Tag) SetValue(v string) *Tag {
+	s.Value = &v
+	return s
+}
+
+// A list of tags (keys and values) that are used to specify the associated
+// resources.
+type TagFilter struct {
+	_ struct{} `type:"structure"`
+
+	// One part of a key-value pair that make up a tag. A key is a general label
+	// that acts like a category for more specific tag values.
+	Key *string `min:"1" type:"string"`
+
+	// The optional part of a key-value pair that make up a tag. A value acts as
+	// a descriptor within a tag category (key).
+	Values []*string `type:"list"`
+}
+
+// String returns the string representation
+func (s TagFilter) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s TagFilter) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TagFilter) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "TagFilter"}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *TagFilter) SetKey(v string) *TagFilter {
+	s.Key = &v
+	return s
+}
+
+// SetValues sets the Values field's value.
+func (s *TagFilter) SetValues(v []*string) *TagFilter {
+	s.Values = v
+	return s
+}
+
+type TagResourcesInput struct {
+	_ struct{} `type:"structure"`
+
+	// A list of ARNs. An ARN (Amazon Resource Name) uniquely identifies a resource.
+	// You can specify a minimum of 1 and a maximum of 20 ARNs (resources) to tag.
+	// An ARN can be set to a maximum of 1600 characters. For more information,
+	// see Amazon Resource Names (ARNs) and AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the AWS General Reference.
+	//
+	// ResourceARNList is a required field
+	ResourceARNList []*string `min:"1" type:"list" required:"true"`
+
+	// The tags that you want to add to the specified resources. A tag consists
+	// of a key and a value that you define.
+	//
+	// Tags is a required field
+	Tags map[string]*string `min:"1" type:"map" required:"true"`
+}
+
+// String returns the string representation
+func (s TagResourcesInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s TagResourcesInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TagResourcesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "TagResourcesInput"}
+	if s.ResourceARNList == nil {
+		invalidParams.Add(request.NewErrParamRequired("ResourceARNList"))
+	}
+	if s.ResourceARNList != nil && len(s.ResourceARNList) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ResourceARNList", 1))
+	}
+	if s.Tags == nil {
+		invalidParams.Add(request.NewErrParamRequired("Tags"))
+	}
+	if s.Tags != nil && len(s.Tags) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetResourceARNList sets the ResourceARNList field's value.
+func (s *TagResourcesInput) SetResourceARNList(v []*string) *TagResourcesInput {
+	s.ResourceARNList = v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *TagResourcesInput) SetTags(v map[string]*string) *TagResourcesInput {
+	s.Tags = v
+	return s
+}
+
+type TagResourcesOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Details of resources that could not be tagged. An error code, status code,
+	// and error message are returned for each failed item.
+	FailedResourcesMap map[string]*FailureInfo `type:"map"`
+}
+
+// String returns the string representation
+func (s TagResourcesOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s TagResourcesOutput) GoString() string {
+	return s.String()
+}
+
+// SetFailedResourcesMap sets the FailedResourcesMap field's value.
+func (s *TagResourcesOutput) SetFailedResourcesMap(v map[string]*FailureInfo) *TagResourcesOutput {
+	s.FailedResourcesMap = v
+	return s
+}
+
+type UntagResourcesInput struct {
+	_ struct{} `type:"structure"`
+
+	// A list of ARNs. An ARN (Amazon Resource Name) uniquely identifies a resource.
+	// You can specify a minimum of 1 and a maximum of 20 ARNs (resources) to untag.
+	// An ARN can be set to a maximum of 1600 characters. For more information,
+	// see Amazon Resource Names (ARNs) and AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the AWS General Reference.
+	//
+	// ResourceARNList is a required field
+	ResourceARNList []*string `min:"1" type:"list" required:"true"`
+
+	// A list of the tag keys that you want to remove from the specified resources.
+	//
+	// TagKeys is a required field
+	TagKeys []*string `min:"1" type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s UntagResourcesInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UntagResourcesInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UntagResourcesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "UntagResourcesInput"}
+	if s.ResourceARNList == nil {
+		invalidParams.Add(request.NewErrParamRequired("ResourceARNList"))
+	}
+	if s.ResourceARNList != nil && len(s.ResourceARNList) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ResourceARNList", 1))
+	}
+	if s.TagKeys == nil {
+		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
+	}
+	if s.TagKeys != nil && len(s.TagKeys) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TagKeys", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetResourceARNList sets the ResourceARNList field's value.
+func (s *UntagResourcesInput) SetResourceARNList(v []*string) *UntagResourcesInput {
+	s.ResourceARNList = v
+	return s
+}
+
+// SetTagKeys sets the TagKeys field's value.
+func (s *UntagResourcesInput) SetTagKeys(v []*string) *UntagResourcesInput {
+	s.TagKeys = v
+	return s
+}
+
+type UntagResourcesOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Details of resources that could not be untagged. An error code, status code,
+	// and error message are returned for each failed item.
+	FailedResourcesMap map[string]*FailureInfo `type:"map"`
+}
+
+// String returns the string representation
+func (s UntagResourcesOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UntagResourcesOutput) GoString() string {
+	return s.String()
+}
+
+// SetFailedResourcesMap sets the FailedResourcesMap field's value.
+func (s *UntagResourcesOutput) SetFailedResourcesMap(v map[string]*FailureInfo) *UntagResourcesOutput {
+	s.FailedResourcesMap = v
+	return s
+}
+
+const (
+	// ErrorCodeInternalServiceException is a ErrorCode enum value
+	ErrorCodeInternalServiceException = "InternalServiceException"
+
+	// ErrorCodeInvalidParameterException is a ErrorCode enum value
+	ErrorCodeInvalidParameterException = "InvalidParameterException"
+)

vendor/github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi/doc.go

@@ -0,0 +1,64 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package resourcegroupstaggingapi provides the client and types for making API
+// requests to AWS Resource Groups Tagging API.
+//
+// This guide describes the API operations for the resource groups tagging.
+//
+// A tag is a label that you assign to an AWS resource. A tag consists of a
+// key and a value, both of which you define. For example, if you have two Amazon
+// EC2 instances, you might assign both a tag key of "Stack." But the value
+// of "Stack" might be "Testing" for one and "Production" for the other.
+//
+// Tagging can help you organize your resources and enables you to simplify
+// resource management, access management and cost allocation. For more information
+// about tagging, see Working with Tag Editor (http://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/tag-editor.html)
+// and Working with Resource Groups (http://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/resource-groups.html).
+// For more information about permissions you need to use the resource groups
+// tagging APIs, see Obtaining Permissions for Resource Groups  (http://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/obtaining-permissions-for-resource-groups.html)
+// and Obtaining Permissions for Tagging  (http://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/obtaining-permissions-for-tagging.html).
+//
+// You can use the resource groups tagging APIs to complete the following tasks:
+//
+//    * Tag and untag supported resources located in the specified region for
+//    the AWS account
+//
+//    * Use tag-based filters to search for resources located in the specified
+//    region for the AWS account
+//
+//    * List all existing tag keys in the specified region for the AWS account
+//
+//    * List all existing values for the specified key in the specified region
+//    for the AWS account
+//
+// Not all resources can have tags. For a lists of resources that you can tag,
+// see Supported Resources (http://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/supported-resources.html)
+// in the AWS Resource Groups and Tag Editor User Guide.
+//
+// To make full use of the resource groups tagging APIs, you might need additional
+// IAM permissions, including permission to access the resources of individual
+// services as well as permission to view and apply tags to those resources.
+// For more information, see Obtaining Permissions for Tagging (http://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/obtaining-permissions-for-tagging.html)
+// in the AWS Resource Groups and Tag Editor User Guide.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/resourcegroupstaggingapi-2017-01-26 for more information on this service.
+//
+// See resourcegroupstaggingapi package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/resourcegroupstaggingapi/
+//
+// Using the Client
+//
+// To contact AWS Resource Groups Tagging API with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS Resource Groups Tagging API client ResourceGroupsTaggingAPI for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/resourcegroupstaggingapi/#New
+package resourcegroupstaggingapi

vendor/github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi/errors.go

@@ -0,0 +1,33 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package resourcegroupstaggingapi
+
+const (
+
+	// ErrCodeInternalServiceException for service response error code
+	// "InternalServiceException".
+	//
+	// The request processing failed because of an unknown error, exception, or
+	// failure. You can retry the request.
+	ErrCodeInternalServiceException = "InternalServiceException"
+
+	// ErrCodeInvalidParameterException for service response error code
+	// "InvalidParameterException".
+	//
+	// A parameter is missing or a malformed string or invalid or out-of-range value
+	// was supplied for the request parameter.
+	ErrCodeInvalidParameterException = "InvalidParameterException"
+
+	// ErrCodePaginationTokenExpiredException for service response error code
+	// "PaginationTokenExpiredException".
+	//
+	// A PaginationToken is valid for a maximum of 15 minutes. Your request was
+	// denied because the specified PaginationToken has expired.
+	ErrCodePaginationTokenExpiredException = "PaginationTokenExpiredException"
+
+	// ErrCodeThrottledException for service response error code
+	// "ThrottledException".
+	//
+	// The request was denied to limit the frequency of submitted requests.
+	ErrCodeThrottledException = "ThrottledException"
+)

vendor/github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi/resourcegroupstaggingapiiface/interface.go

@@ -0,0 +1,93 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package resourcegroupstaggingapiiface provides an interface to enable mocking the AWS Resource Groups Tagging API service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package resourcegroupstaggingapiiface
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi"
+)
+
+// ResourceGroupsTaggingAPIAPI provides an interface to enable mocking the
+// resourcegroupstaggingapi.ResourceGroupsTaggingAPI service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+//    // myFunc uses an SDK service client to make a request to
+//    // AWS Resource Groups Tagging API.
+//    func myFunc(svc resourcegroupstaggingapiiface.ResourceGroupsTaggingAPIAPI) bool {
+//        // Make svc.GetResources request
+//    }
+//
+//    func main() {
+//        sess := session.New()
+//        svc := resourcegroupstaggingapi.New(sess)
+//
+//        myFunc(svc)
+//    }
+//
+// In your _test.go file:
+//
+//    // Define a mock struct to be used in your unit tests of myFunc.
+//    type mockResourceGroupsTaggingAPIClient struct {
+//        resourcegroupstaggingapiiface.ResourceGroupsTaggingAPIAPI
+//    }
+//    func (m *mockResourceGroupsTaggingAPIClient) GetResources(input *resourcegroupstaggingapi.GetResourcesInput) (*resourcegroupstaggingapi.GetResourcesOutput, error) {
+//        // mock response/functionality
+//    }
+//
+//    func TestMyFunc(t *testing.T) {
+//        // Setup Test
+//        mockSvc := &mockResourceGroupsTaggingAPIClient{}
+//
+//        myfunc(mockSvc)
+//
+//        // Verify myFunc's functionality
+//    }
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type ResourceGroupsTaggingAPIAPI interface {
+	GetResources(*resourcegroupstaggingapi.GetResourcesInput) (*resourcegroupstaggingapi.GetResourcesOutput, error)
+	GetResourcesWithContext(aws.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)
+	GetResourcesRequest(*resourcegroupstaggingapi.GetResourcesInput) (*request.Request, *resourcegroupstaggingapi.GetResourcesOutput)
+
+	GetResourcesPages(*resourcegroupstaggingapi.GetResourcesInput, func(*resourcegroupstaggingapi.GetResourcesOutput, bool) bool) error
+	GetResourcesPagesWithContext(aws.Context, *resourcegroupstaggingapi.GetResourcesInput, func(*resourcegroupstaggingapi.GetResourcesOutput, bool) bool, ...request.Option) error
+
+	GetTagKeys(*resourcegroupstaggingapi.GetTagKeysInput) (*resourcegroupstaggingapi.GetTagKeysOutput, error)
+	GetTagKeysWithContext(aws.Context, *resourcegroupstaggingapi.GetTagKeysInput, ...request.Option) (*resourcegroupstaggingapi.GetTagKeysOutput, error)
+	GetTagKeysRequest(*resourcegroupstaggingapi.GetTagKeysInput) (*request.Request, *resourcegroupstaggingapi.GetTagKeysOutput)
+
+	GetTagKeysPages(*resourcegroupstaggingapi.GetTagKeysInput, func(*resourcegroupstaggingapi.GetTagKeysOutput, bool) bool) error
+	GetTagKeysPagesWithContext(aws.Context, *resourcegroupstaggingapi.GetTagKeysInput, func(*resourcegroupstaggingapi.GetTagKeysOutput, bool) bool, ...request.Option) error
+
+	GetTagValues(*resourcegroupstaggingapi.GetTagValuesInput) (*resourcegroupstaggingapi.GetTagValuesOutput, error)
+	GetTagValuesWithContext(aws.Context, *resourcegroupstaggingapi.GetTagValuesInput, ...request.Option) (*resourcegroupstaggingapi.GetTagValuesOutput, error)
+	GetTagValuesRequest(*resourcegroupstaggingapi.GetTagValuesInput) (*request.Request, *resourcegroupstaggingapi.GetTagValuesOutput)
+
+	GetTagValuesPages(*resourcegroupstaggingapi.GetTagValuesInput, func(*resourcegroupstaggingapi.GetTagValuesOutput, bool) bool) error
+	GetTagValuesPagesWithContext(aws.Context, *resourcegroupstaggingapi.GetTagValuesInput, func(*resourcegroupstaggingapi.GetTagValuesOutput, bool) bool, ...request.Option) error
+
+	TagResources(*resourcegroupstaggingapi.TagResourcesInput) (*resourcegroupstaggingapi.TagResourcesOutput, error)
+	TagResourcesWithContext(aws.Context, *resourcegroupstaggingapi.TagResourcesInput, ...request.Option) (*resourcegroupstaggingapi.TagResourcesOutput, error)
+	TagResourcesRequest(*resourcegroupstaggingapi.TagResourcesInput) (*request.Request, *resourcegroupstaggingapi.TagResourcesOutput)
+
+	UntagResources(*resourcegroupstaggingapi.UntagResourcesInput) (*resourcegroupstaggingapi.UntagResourcesOutput, error)
+	UntagResourcesWithContext(aws.Context, *resourcegroupstaggingapi.UntagResourcesInput, ...request.Option) (*resourcegroupstaggingapi.UntagResourcesOutput, error)
+	UntagResourcesRequest(*resourcegroupstaggingapi.UntagResourcesInput) (*request.Request, *resourcegroupstaggingapi.UntagResourcesOutput)
+}
+
+var _ ResourceGroupsTaggingAPIAPI = (*resourcegroupstaggingapi.ResourceGroupsTaggingAPI)(nil)

vendor/github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi/service.go

@@ -0,0 +1,97 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package resourcegroupstaggingapi
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/signer/v4"
+	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
+)
+
+// ResourceGroupsTaggingAPI provides the API operation methods for making requests to
+// AWS Resource Groups Tagging API. See this package's package overview docs
+// for details on the service.
+//
+// ResourceGroupsTaggingAPI methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type ResourceGroupsTaggingAPI struct {
+	*client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+	ServiceName = "tagging"                     // Name of service.
+	EndpointsID = ServiceName                   // ID to lookup a service endpoint with.
+	ServiceID   = "Resource Groups Tagging API" // ServiceID is a unique identifer of a specific service.
+)
+
+// New creates a new instance of the ResourceGroupsTaggingAPI client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//     // Create a ResourceGroupsTaggingAPI client from just a session.
+//     svc := resourcegroupstaggingapi.New(mySession)
+//
+//     // Create a ResourceGroupsTaggingAPI client with additional configuration
+//     svc := resourcegroupstaggingapi.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *ResourceGroupsTaggingAPI {
+	c := p.ClientConfig(EndpointsID, cfgs...)
+	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *ResourceGroupsTaggingAPI {
+	svc := &ResourceGroupsTaggingAPI{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:   ServiceName,
+				ServiceID:     ServiceID,
+				SigningName:   signingName,
+				SigningRegion: signingRegion,
+				Endpoint:      endpoint,
+				APIVersion:    "2017-01-26",
+				JSONVersion:   "1.1",
+				TargetPrefix:  "ResourceGroupsTaggingAPI_20170126",
+			},
+			handlers,
+		),
+	}
+
+	// Handlers
+	svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler)
+
+	// Run custom client initialization if present
+	if initClient != nil {
+		initClient(svc.Client)
+	}
+
+	return svc
+}
+
+// newRequest creates a new request for a ResourceGroupsTaggingAPI operation and runs any
+// custom request initialization.
+func (c *ResourceGroupsTaggingAPI) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	// Run custom request initialization if present
+	if initRequest != nil {
+		initRequest(req)
+	}
+
+	return req
+}

vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go

@@ -3,6 +3,7 @@ package s3
 import (
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/s3err"
 )
 
 func init() {
@@ -21,6 +22,7 @@ func defaultInitClientFn(c *client.Client) {
 	// S3 uses custom error unmarshaling logic
 	c.Handlers.UnmarshalError.Clear()
 	c.Handlers.UnmarshalError.PushBack(unmarshalError)
+	c.Handlers.UnmarshalError.PushBackNamed(s3err.RequestFailureWrapperHandler())
 }
 
 func defaultInitRequestFn(r *request.Request) {
@@ -31,6 +33,7 @@ func defaultInitRequestFn(r *request.Request) {
 	switch r.Operation.Name {
 	case opPutBucketCors, opPutBucketLifecycle, opPutBucketPolicy,
 		opPutBucketTagging, opDeleteObjects, opPutBucketLifecycleConfiguration,
+		opPutObjectLegalHold, opPutObjectRetention, opPutObjectLockConfiguration,
 		opPutBucketReplication:
 		// These S3 operations require Content-MD5 to be set
 		r.Handlers.Build.PushBack(contentMD5)
@@ -42,6 +45,7 @@ func defaultInitRequestFn(r *request.Request) {
 		r.Handlers.Validate.PushFront(populateLocationConstraint)
 	case opCopyObject, opUploadPartCopy, opCompleteMultipartUpload:
 		r.Handlers.Unmarshal.PushFront(copyMultipartStatusOKUnmarhsalError)
+		r.Handlers.Unmarshal.PushBackNamed(s3err.RequestFailureWrapperHandler())
 	case opPutObject, opUploadPart:
 		r.Handlers.Build.PushBack(computeBodyHashes)
 		// Disabled until #1837 root issue is resolved.

vendor/github.com/aws/aws-sdk-go/service/s3/service.go

@@ -67,7 +67,9 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 	}
 
 	// Handlers
-	svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+	svc.Handlers.Sign.PushBackNamed(v4.BuildNamedHandler(v4.SignRequestHandler.Name, func(s *v4.Signer) {
+		s.DisableURIPathEscaping = true
+	}))
 	svc.Handlers.Build.PushBackNamed(restxml.BuildHandler)
 	svc.Handlers.Unmarshal.PushBackNamed(restxml.UnmarshalHandler)
 	svc.Handlers.UnmarshalMeta.PushBackNamed(restxml.UnmarshalMetaHandler)

vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go

@@ -13,7 +13,11 @@ import (
 func copyMultipartStatusOKUnmarhsalError(r *request.Request) {
 	b, err := ioutil.ReadAll(r.HTTPResponse.Body)
 	if err != nil {
-		r.Error = awserr.New("SerializationError", "unable to read response body", err)
+		r.Error = awserr.NewRequestFailure(
+			awserr.New("SerializationError", "unable to read response body", err),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
 		return
 	}
 	body := bytes.NewReader(b)

vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go

@@ -23,22 +23,17 @@ func unmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
 	defer io.Copy(ioutil.Discard, r.HTTPResponse.Body)
 
-	hostID := r.HTTPResponse.Header.Get("X-Amz-Id-2")
-
 	// Bucket exists in a different region, and request needs
 	// to be made to the correct region.
 	if r.HTTPResponse.StatusCode == http.StatusMovedPermanently {
-		r.Error = requestFailure{
-			RequestFailure: awserr.NewRequestFailure(
-				awserr.New("BucketRegionError",
-					fmt.Sprintf("incorrect region, the bucket is not in '%s' region",
-						aws.StringValue(r.Config.Region)),
-					nil),
-				r.HTTPResponse.StatusCode,
-				r.RequestID,
-			),
-			hostID: hostID,
-		}
+		r.Error = awserr.NewRequestFailure(
+			awserr.New("BucketRegionError",
+				fmt.Sprintf("incorrect region, the bucket is not in '%s' region",
+					aws.StringValue(r.Config.Region)),
+				nil),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
 		return
 	}
 
@@ -63,14 +58,11 @@ func unmarshalError(r *request.Request) {
 		errMsg = statusText
 	}
 
-	r.Error = requestFailure{
-		RequestFailure: awserr.NewRequestFailure(
-			awserr.New(errCode, errMsg, err),
-			r.HTTPResponse.StatusCode,
-			r.RequestID,
-		),
-		hostID: hostID,
-	}
+	r.Error = awserr.NewRequestFailure(
+		awserr.New(errCode, errMsg, err),
+		r.HTTPResponse.StatusCode,
+		r.RequestID,
+	)
 }
 
 // A RequestFailure provides access to the S3 Request ID and Host ID values
@@ -83,21 +75,3 @@ type RequestFailure interface {
 	// Host ID is the S3 Host ID needed for debug, and contacting support
 	HostID() string
 }
-
-type requestFailure struct {
-	awserr.RequestFailure
-
-	hostID string
-}
-
-func (r requestFailure) Error() string {
-	extra := fmt.Sprintf("status code: %d, request id: %s, host id: %s",
-		r.StatusCode(), r.RequestID(), r.hostID)
-	return awserr.SprintError(r.Code(), r.Message(), extra, r.OrigErr())
-}
-func (r requestFailure) String() string {
-	return r.Error()
-}
-func (r requestFailure) HostID() string {
-	return r.hostID
-}

vendor/github.com/aws/aws-sdk-go/service/sts/api.go

@@ -15,7 +15,7 @@ const opAssumeRole = "AssumeRole"
 // AssumeRoleRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRole operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -209,7 +209,7 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
 // AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithSAML operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -391,7 +391,7 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
 // AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithWebIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -602,7 +602,7 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
 // DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
 // client's request for the DecodeAuthorizationMessage operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -714,7 +714,7 @@ const opGetCallerIdentity = "GetCallerIdentity"
 // GetCallerIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the GetCallerIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -789,7 +789,7 @@ const opGetFederationToken = "GetFederationToken"
 // GetFederationTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetFederationToken operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -958,7 +958,7 @@ const opGetSessionToken = "GetSessionToken"
 // GetSessionTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetSessionToken operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1908,7 +1908,7 @@ type Credentials struct {
 	// The date on which the current credentials expire.
 	//
 	// Expiration is a required field
-	Expiration *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`
+	Expiration *time.Time `type:"timestamp" required:"true"`
 
 	// The secret access key that can be used to sign requests.
 	//