Bump AWS libraries to latest

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

vendor/github.com/aws/aws-sdk-go/service/autoscaling/doc.go

@@ -3,23 +3,19 @@
 // Package autoscaling provides the client and types for making API
 // requests to Auto Scaling.
 //
-// Amazon EC2 Auto Scaling is designed to automatically launch or terminate
+// Amazon EC2 Auto Scaling is designed to automatically launch and terminate
 // EC2 instances based on user-defined scaling policies, scheduled actions,
 // and health checks.
 //
-// For more information about Amazon EC2 Auto Scaling, see the Amazon EC2 Auto
-// Scaling User Guide (https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html).
-// For information about granting IAM users required permissions for calls to
-// Amazon EC2 Auto Scaling, see Granting IAM users required permissions for
-// Amazon EC2 Auto Scaling resources (https://docs.aws.amazon.com/autoscaling/ec2/APIReference/ec2-auto-scaling-api-permissions.html)
-// in the Amazon EC2 Auto Scaling API Reference.
+// For more information, see the Amazon EC2 Auto Scaling User Guide (https://docs.aws.amazon.com/autoscaling/ec2/userguide/)
+// and the Amazon EC2 Auto Scaling API Reference (https://docs.aws.amazon.com/autoscaling/ec2/APIReference/Welcome.html).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/autoscaling-2011-01-01 for more information on this service.
 //
 // See autoscaling package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/autoscaling/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact Auto Scaling with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/autoscaling/service.go

@@ -39,31 +39,37 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a AutoScaling client from just a session.
-//     svc := autoscaling.New(mySession)
+//	mySession := session.Must(session.NewSession())
 //
-//     // Create a AutoScaling client with additional configuration
-//     svc := autoscaling.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	// Create a AutoScaling client from just a session.
+//	svc := autoscaling.New(mySession)
+//
+//	// Create a AutoScaling client with additional configuration
+//	svc := autoscaling.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *AutoScaling {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = EndpointsID
+		// No Fallback
+	}
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *AutoScaling {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *AutoScaling {
 	svc := &AutoScaling{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
-				ServiceName:   ServiceName,
-				ServiceID:     ServiceID,
-				SigningName:   signingName,
-				SigningRegion: signingRegion,
-				PartitionID:   partitionID,
-				Endpoint:      endpoint,
-				APIVersion:    "2011-01-01",
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2011-01-01",
+				ResolvedRegion: resolvedRegion,
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go

@@ -68,6 +68,10 @@ func fillPresignedURL(r *request.Request) {
 		func(opt *endpoints.Options) {
 			opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
 			opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
+			opt.UseDualStackEndpoint = cfg.UseDualStackEndpoint
+			opt.UseFIPSEndpoint = cfg.UseFIPSEndpoint
+			opt.Logger = r.Config.Logger
+			opt.LogDeprecated = r.Config.LogLevel.Matches(aws.LogDebugWithDeprecated)
 		},
 	)
 	if err != nil {

vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go

@@ -4,35 +4,36 @@
 // requests to Amazon Elastic Compute Cloud.
 //
 // Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing
-// capacity in the AWS Cloud. Using Amazon EC2 eliminates the need to invest
-// in hardware up front, so you can develop and deploy applications faster.
-// Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically
-// isolated section of the AWS Cloud where you can launch AWS resources in a
-// virtual network that you've defined. Amazon Elastic Block Store (Amazon EBS)
-// provides block level storage volumes for use with EC2 instances. EBS volumes
-// are highly available and reliable storage volumes that can be attached to
-// any running instance and used like a hard drive.
+// capacity in the Amazon Web Services Cloud. Using Amazon EC2 eliminates the
+// need to invest in hardware up front, so you can develop and deploy applications
+// faster. Amazon Virtual Private Cloud (Amazon VPC) enables you to provision
+// a logically isolated section of the Amazon Web Services Cloud where you can
+// launch Amazon Web Services resources in a virtual network that you've defined.
+// Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes
+// for use with EC2 instances. EBS volumes are highly available and reliable
+// storage volumes that can be attached to any running instance and used like
+// a hard drive.
 //
 // To learn more, see the following resources:
 //
-//    * Amazon EC2: AmazonEC2 product page (http://aws.amazon.com/ec2), Amazon
-//    EC2 documentation (http://aws.amazon.com/documentation/ec2)
+//   - Amazon EC2: AmazonEC2 product page (http://aws.amazon.com/ec2), Amazon
+//     EC2 documentation (http://aws.amazon.com/documentation/ec2)
 //
-//    * Amazon EBS: Amazon EBS product page (http://aws.amazon.com/ebs), Amazon
-//    EBS documentation (http://aws.amazon.com/documentation/ebs)
+//   - Amazon EBS: Amazon EBS product page (http://aws.amazon.com/ebs), Amazon
+//     EBS documentation (http://aws.amazon.com/documentation/ebs)
 //
-//    * Amazon VPC: Amazon VPC product page (http://aws.amazon.com/vpc), Amazon
-//    VPC documentation (http://aws.amazon.com/documentation/vpc)
+//   - Amazon VPC: Amazon VPC product page (http://aws.amazon.com/vpc), Amazon
+//     VPC documentation (http://aws.amazon.com/documentation/vpc)
 //
-//    * AWS VPN: AWS VPN product page (http://aws.amazon.com/vpn), AWS VPN documentation
-//    (http://aws.amazon.com/documentation/vpn)
+//   - Amazon Web Services VPN: Amazon Web Services VPN product page (http://aws.amazon.com/vpn),
+//     Amazon Web Services VPN documentation (http://aws.amazon.com/documentation/vpn)
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15 for more information on this service.
 //
 // See ec2 package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/ec2/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact Amazon Elastic Compute Cloud with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/ec2/service.go

@@ -39,31 +39,37 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a EC2 client from just a session.
-//     svc := ec2.New(mySession)
+//	mySession := session.Must(session.NewSession())
 //
-//     // Create a EC2 client with additional configuration
-//     svc := ec2.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	// Create a EC2 client from just a session.
+//	svc := ec2.New(mySession)
+//
+//	// Create a EC2 client with additional configuration
+//	svc := ec2.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2 {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = EndpointsID
+		// No Fallback
+	}
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *EC2 {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *EC2 {
 	svc := &EC2{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
-				ServiceName:   ServiceName,
-				ServiceID:     ServiceID,
-				SigningName:   signingName,
-				SigningRegion: signingRegion,
-				PartitionID:   partitionID,
-				Endpoint:      endpoint,
-				APIVersion:    "2016-11-15",
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2016-11-15",
+				ResolvedRegion: resolvedRegion,
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go

@@ -738,6 +738,57 @@ func (c *EC2) WaitUntilInstanceTerminatedWithContext(ctx aws.Context, input *Des
 	return w.WaitWithContext(ctx)
 }
 
+// WaitUntilInternetGatewayExists uses the Amazon EC2 API operation
+// DescribeInternetGateways to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *EC2) WaitUntilInternetGatewayExists(input *DescribeInternetGatewaysInput) error {
+	return c.WaitUntilInternetGatewayExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilInternetGatewayExistsWithContext is an extended version of WaitUntilInternetGatewayExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) WaitUntilInternetGatewayExistsWithContext(ctx aws.Context, input *DescribeInternetGatewaysInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilInternetGatewayExists",
+		MaxAttempts: 6,
+		Delay:       request.ConstantWaiterDelay(5 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:   request.SuccessWaiterState,
+				Matcher: request.PathWaiterMatch, Argument: "length(InternetGateways[].InternetGatewayId) > `0`",
+				Expected: true,
+			},
+			{
+				State:    request.RetryWaiterState,
+				Matcher:  request.ErrorWaiterMatch,
+				Expected: "InvalidInternetGateway.NotFound",
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *DescribeInternetGatewaysInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.DescribeInternetGatewaysRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
+
 // WaitUntilKeyPairExists uses the Amazon EC2 API operation
 // DescribeKeyPairs to wait for a condition to be met before returning.
 // If the condition is not met within the max attempt window, an error will
@@ -855,6 +906,57 @@ func (c *EC2) WaitUntilNatGatewayAvailableWithContext(ctx aws.Context, input *De
 	return w.WaitWithContext(ctx)
 }
 
+// WaitUntilNatGatewayDeleted uses the Amazon EC2 API operation
+// DescribeNatGateways to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *EC2) WaitUntilNatGatewayDeleted(input *DescribeNatGatewaysInput) error {
+	return c.WaitUntilNatGatewayDeletedWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilNatGatewayDeletedWithContext is an extended version of WaitUntilNatGatewayDeleted.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) WaitUntilNatGatewayDeletedWithContext(ctx aws.Context, input *DescribeNatGatewaysInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilNatGatewayDeleted",
+		MaxAttempts: 40,
+		Delay:       request.ConstantWaiterDelay(15 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:   request.SuccessWaiterState,
+				Matcher: request.PathAllWaiterMatch, Argument: "NatGateways[].State",
+				Expected: "deleted",
+			},
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.ErrorWaiterMatch,
+				Expected: "NatGatewayNotFound",
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *DescribeNatGatewaysInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.DescribeNatGatewaysRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
+
 // WaitUntilNetworkInterfaceAvailable uses the Amazon EC2 API operation
 // DescribeNetworkInterfaces to wait for a condition to be met before returning.
 // If the condition is not met within the max attempt window, an error will
@@ -1030,6 +1132,11 @@ func (c *EC2) WaitUntilSnapshotCompletedWithContext(ctx aws.Context, input *Desc
 				Matcher: request.PathAllWaiterMatch, Argument: "Snapshots[].State",
 				Expected: "completed",
 			},
+			{
+				State:   request.FailureWaiterState,
+				Matcher: request.PathAnyWaiterMatch, Argument: "Snapshots[].State",
+				Expected: "error",
+			},
 		},
 		Logger: c.Config.Logger,
 		NewRequest: func(opts []request.Option) (*request.Request, error) {

vendor/github.com/aws/aws-sdk-go/service/ecr/doc.go

@@ -11,12 +11,16 @@
 // using IAM so that specific users or Amazon EC2 instances can access repositories
 // and images.
 //
+// Amazon ECR has service endpoints in each supported Region. For more information,
+// see Amazon ECR endpoints (https://docs.aws.amazon.com/general/latest/gr/ecr.html)
+// in the Amazon Web Services General Reference.
+//
 // See https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21 for more information on this service.
 //
 // See ecr package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/ecr/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact Amazon EC2 Container Registry with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/ecr/errors.go

@@ -125,10 +125,24 @@ const (
 	// "LimitExceededException".
 	//
 	// The operation did not succeed because it would have exceeded a service limit
-	// for your account. For more information, see Amazon ECR Service Quotas (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html)
+	// for your account. For more information, see Amazon ECR service quotas (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html)
 	// in the Amazon Elastic Container Registry User Guide.
 	ErrCodeLimitExceededException = "LimitExceededException"
 
+	// ErrCodePullThroughCacheRuleAlreadyExistsException for service response error code
+	// "PullThroughCacheRuleAlreadyExistsException".
+	//
+	// A pull through cache rule with these settings already exists for the private
+	// registry.
+	ErrCodePullThroughCacheRuleAlreadyExistsException = "PullThroughCacheRuleAlreadyExistsException"
+
+	// ErrCodePullThroughCacheRuleNotFoundException for service response error code
+	// "PullThroughCacheRuleNotFoundException".
+	//
+	// The pull through cache rule was not found. Specify a valid pull through cache
+	// rule and try again.
+	ErrCodePullThroughCacheRuleNotFoundException = "PullThroughCacheRuleNotFoundException"
+
 	// ErrCodeReferencedImagesNotFoundException for service response error code
 	// "ReferencedImagesNotFoundException".
 	//
@@ -194,6 +208,12 @@ const (
 	// The image is of a type that cannot be scanned.
 	ErrCodeUnsupportedImageTypeException = "UnsupportedImageTypeException"
 
+	// ErrCodeUnsupportedUpstreamRegistryException for service response error code
+	// "UnsupportedUpstreamRegistryException".
+	//
+	// The specified upstream registry isn't supported.
+	ErrCodeUnsupportedUpstreamRegistryException = "UnsupportedUpstreamRegistryException"
+
 	// ErrCodeUploadNotFoundException for service response error code
 	// "UploadNotFoundException".
 	//
@@ -209,34 +229,37 @@ const (
 )
 
 var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
-	"EmptyUploadException":                      newErrorEmptyUploadException,
-	"ImageAlreadyExistsException":               newErrorImageAlreadyExistsException,
-	"ImageDigestDoesNotMatchException":          newErrorImageDigestDoesNotMatchException,
-	"ImageNotFoundException":                    newErrorImageNotFoundException,
-	"ImageTagAlreadyExistsException":            newErrorImageTagAlreadyExistsException,
-	"InvalidLayerException":                     newErrorInvalidLayerException,
-	"InvalidLayerPartException":                 newErrorInvalidLayerPartException,
-	"InvalidParameterException":                 newErrorInvalidParameterException,
-	"InvalidTagParameterException":              newErrorInvalidTagParameterException,
-	"KmsException":                              newErrorKmsException,
-	"LayerAlreadyExistsException":               newErrorLayerAlreadyExistsException,
-	"LayerInaccessibleException":                newErrorLayerInaccessibleException,
-	"LayerPartTooSmallException":                newErrorLayerPartTooSmallException,
-	"LayersNotFoundException":                   newErrorLayersNotFoundException,
-	"LifecyclePolicyNotFoundException":          newErrorLifecyclePolicyNotFoundException,
-	"LifecyclePolicyPreviewInProgressException": newErrorLifecyclePolicyPreviewInProgressException,
-	"LifecyclePolicyPreviewNotFoundException":   newErrorLifecyclePolicyPreviewNotFoundException,
-	"LimitExceededException":                    newErrorLimitExceededException,
-	"ReferencedImagesNotFoundException":         newErrorReferencedImagesNotFoundException,
-	"RegistryPolicyNotFoundException":           newErrorRegistryPolicyNotFoundException,
-	"RepositoryAlreadyExistsException":          newErrorRepositoryAlreadyExistsException,
-	"RepositoryNotEmptyException":               newErrorRepositoryNotEmptyException,
-	"RepositoryNotFoundException":               newErrorRepositoryNotFoundException,
-	"RepositoryPolicyNotFoundException":         newErrorRepositoryPolicyNotFoundException,
-	"ScanNotFoundException":                     newErrorScanNotFoundException,
-	"ServerException":                           newErrorServerException,
-	"TooManyTagsException":                      newErrorTooManyTagsException,
-	"UnsupportedImageTypeException":             newErrorUnsupportedImageTypeException,
-	"UploadNotFoundException":                   newErrorUploadNotFoundException,
-	"ValidationException":                       newErrorValidationException,
+	"EmptyUploadException":                       newErrorEmptyUploadException,
+	"ImageAlreadyExistsException":                newErrorImageAlreadyExistsException,
+	"ImageDigestDoesNotMatchException":           newErrorImageDigestDoesNotMatchException,
+	"ImageNotFoundException":                     newErrorImageNotFoundException,
+	"ImageTagAlreadyExistsException":             newErrorImageTagAlreadyExistsException,
+	"InvalidLayerException":                      newErrorInvalidLayerException,
+	"InvalidLayerPartException":                  newErrorInvalidLayerPartException,
+	"InvalidParameterException":                  newErrorInvalidParameterException,
+	"InvalidTagParameterException":               newErrorInvalidTagParameterException,
+	"KmsException":                               newErrorKmsException,
+	"LayerAlreadyExistsException":                newErrorLayerAlreadyExistsException,
+	"LayerInaccessibleException":                 newErrorLayerInaccessibleException,
+	"LayerPartTooSmallException":                 newErrorLayerPartTooSmallException,
+	"LayersNotFoundException":                    newErrorLayersNotFoundException,
+	"LifecyclePolicyNotFoundException":           newErrorLifecyclePolicyNotFoundException,
+	"LifecyclePolicyPreviewInProgressException":  newErrorLifecyclePolicyPreviewInProgressException,
+	"LifecyclePolicyPreviewNotFoundException":    newErrorLifecyclePolicyPreviewNotFoundException,
+	"LimitExceededException":                     newErrorLimitExceededException,
+	"PullThroughCacheRuleAlreadyExistsException": newErrorPullThroughCacheRuleAlreadyExistsException,
+	"PullThroughCacheRuleNotFoundException":      newErrorPullThroughCacheRuleNotFoundException,
+	"ReferencedImagesNotFoundException":          newErrorReferencedImagesNotFoundException,
+	"RegistryPolicyNotFoundException":            newErrorRegistryPolicyNotFoundException,
+	"RepositoryAlreadyExistsException":           newErrorRepositoryAlreadyExistsException,
+	"RepositoryNotEmptyException":                newErrorRepositoryNotEmptyException,
+	"RepositoryNotFoundException":                newErrorRepositoryNotFoundException,
+	"RepositoryPolicyNotFoundException":          newErrorRepositoryPolicyNotFoundException,
+	"ScanNotFoundException":                      newErrorScanNotFoundException,
+	"ServerException":                            newErrorServerException,
+	"TooManyTagsException":                       newErrorTooManyTagsException,
+	"UnsupportedImageTypeException":              newErrorUnsupportedImageTypeException,
+	"UnsupportedUpstreamRegistryException":       newErrorUnsupportedUpstreamRegistryException,
+	"UploadNotFoundException":                    newErrorUploadNotFoundException,
+	"ValidationException":                        newErrorValidationException,
 }

vendor/github.com/aws/aws-sdk-go/service/ecr/service.go

@@ -40,36 +40,38 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a ECR client from just a session.
-//     svc := ecr.New(mySession)
+//	mySession := session.Must(session.NewSession())
 //
-//     // Create a ECR client with additional configuration
-//     svc := ecr.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	// Create a ECR client from just a session.
+//	svc := ecr.New(mySession)
+//
+//	// Create a ECR client with additional configuration
+//	svc := ecr.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *ECR {
 	c := p.ClientConfig(EndpointsID, cfgs...)
 	if c.SigningNameDerived || len(c.SigningName) == 0 {
 		c.SigningName = "ecr"
 	}
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *ECR {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *ECR {
 	svc := &ECR{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
-				ServiceName:   ServiceName,
-				ServiceID:     ServiceID,
-				SigningName:   signingName,
-				SigningRegion: signingRegion,
-				PartitionID:   partitionID,
-				Endpoint:      endpoint,
-				APIVersion:    "2015-09-21",
-				JSONVersion:   "1.1",
-				TargetPrefix:  "AmazonEC2ContainerRegistry_V20150921",
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2015-09-21",
+				ResolvedRegion: resolvedRegion,
+				JSONVersion:    "1.1",
+				TargetPrefix:   "AmazonEC2ContainerRegistry_V20150921",
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/elb/doc.go

@@ -32,7 +32,7 @@
 // See elb package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/elb/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact Elastic Load Balancing with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/elb/service.go

@@ -39,31 +39,37 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a ELB client from just a session.
-//     svc := elb.New(mySession)
+//	mySession := session.Must(session.NewSession())
 //
-//     // Create a ELB client with additional configuration
-//     svc := elb.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	// Create a ELB client from just a session.
+//	svc := elb.New(mySession)
+//
+//	// Create a ELB client with additional configuration
+//	svc := elb.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *ELB {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = EndpointsID
+		// No Fallback
+	}
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *ELB {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *ELB {
 	svc := &ELB{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
-				ServiceName:   ServiceName,
-				ServiceID:     ServiceID,
-				SigningName:   signingName,
-				SigningRegion: signingRegion,
-				PartitionID:   partitionID,
-				Endpoint:      endpoint,
-				APIVersion:    "2012-06-01",
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2012-06-01",
+				ResolvedRegion: resolvedRegion,
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/elbv2/doc.go

@@ -18,13 +18,13 @@
 // Load Balancers, Network Load Balancers, Gateway Load Balancers, and Classic
 // Load Balancers. This reference covers the following load balancer types:
 //
-//    * Application Load Balancer - Operates at the application layer (layer
-//    7) and supports HTTP and HTTPS.
+//   - Application Load Balancer - Operates at the application layer (layer
+//     7) and supports HTTP and HTTPS.
 //
-//    * Network Load Balancer - Operates at the transport layer (layer 4) and
-//    supports TCP, TLS, and UDP.
+//   - Network Load Balancer - Operates at the transport layer (layer 4) and
+//     supports TCP, TLS, and UDP.
 //
-//    * Gateway Load Balancer - Operates at the network layer (layer 3).
+//   - Gateway Load Balancer - Operates at the network layer (layer 3).
 //
 // For more information, see the Elastic Load Balancing User Guide (https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/).
 //
@@ -36,7 +36,7 @@
 // See elbv2 package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/elbv2/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact Elastic Load Balancing with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go

@@ -183,7 +183,8 @@ const (
 	// ErrCodeTooManyLoadBalancersException for service response error code
 	// "TooManyLoadBalancers".
 	//
-	// You've reached the limit on the number of load balancers for your AWS account.
+	// You've reached the limit on the number of load balancers for your Amazon
+	// Web Services account.
 	ErrCodeTooManyLoadBalancersException = "TooManyLoadBalancers"
 
 	// ErrCodeTooManyRegistrationsForTargetIdException for service response error code
@@ -208,7 +209,8 @@ const (
 	// ErrCodeTooManyTargetGroupsException for service response error code
 	// "TooManyTargetGroups".
 	//
-	// You've reached the limit on the number of target groups for your AWS account.
+	// You've reached the limit on the number of target groups for your Amazon Web
+	// Services account.
 	ErrCodeTooManyTargetGroupsException = "TooManyTargetGroups"
 
 	// ErrCodeTooManyTargetsException for service response error code

vendor/github.com/aws/aws-sdk-go/service/elbv2/service.go

@@ -39,31 +39,37 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a ELBV2 client from just a session.
-//     svc := elbv2.New(mySession)
+//	mySession := session.Must(session.NewSession())
 //
-//     // Create a ELBV2 client with additional configuration
-//     svc := elbv2.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	// Create a ELBV2 client from just a session.
+//	svc := elbv2.New(mySession)
+//
+//	// Create a ELBV2 client with additional configuration
+//	svc := elbv2.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *ELBV2 {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = EndpointsID
+		// No Fallback
+	}
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *ELBV2 {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *ELBV2 {
 	svc := &ELBV2{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
-				ServiceName:   ServiceName,
-				ServiceID:     ServiceID,
-				SigningName:   signingName,
-				SigningRegion: signingRegion,
-				PartitionID:   partitionID,
-				Endpoint:      endpoint,
-				APIVersion:    "2015-12-01",
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2015-12-01",
+				ResolvedRegion: resolvedRegion,
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/kms/doc.go

@@ -3,84 +3,99 @@
 // Package kms provides the client and types for making API
 // requests to AWS Key Management Service.
 //
-// AWS Key Management Service (AWS KMS) is an encryption and key management
-// web service. This guide describes the AWS KMS operations that you can call
-// programmatically. For general information about AWS KMS, see the AWS Key
-// Management Service Developer Guide (https://docs.aws.amazon.com/kms/latest/developerguide/).
+// Key Management Service (KMS) is an encryption and key management web service.
+// This guide describes the KMS operations that you can call programmatically.
+// For general information about KMS, see the Key Management Service Developer
+// Guide (https://docs.aws.amazon.com/kms/latest/developerguide/).
 //
-// AWS provides SDKs that consist of libraries and sample code for various programming
-// languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs
-// provide a convenient way to create programmatic access to AWS KMS and other
-// AWS services. For example, the SDKs take care of tasks such as signing requests
-// (see below), managing errors, and retrying requests automatically. For more
-// information about the AWS SDKs, including how to download and install them,
-// see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
+// KMS is replacing the term customer master key (CMK) with KMS key and KMS
+// key. The concept has not changed. To prevent breaking changes, KMS is keeping
+// some variations of this term.
 //
-// We recommend that you use the AWS SDKs to make programmatic API calls to
-// AWS KMS.
+// Amazon Web Services provides SDKs that consist of libraries and sample code
+// for various programming languages and platforms (Java, Ruby, .Net, macOS,
+// Android, etc.). The SDKs provide a convenient way to create programmatic
+// access to KMS and other Amazon Web Services services. For example, the SDKs
+// take care of tasks such as signing requests (see below), managing errors,
+// and retrying requests automatically. For more information about the Amazon
+// Web Services SDKs, including how to download and install them, see Tools
+// for Amazon Web Services (http://aws.amazon.com/tools/).
 //
-// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS
-// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy
-// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
-// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support
-// these modes.
+// We recommend that you use the Amazon Web Services SDKs to make programmatic
+// API calls to KMS.
 //
-// Signing Requests
+// If you need to use FIPS 140-2 validated cryptographic modules when communicating
+// with Amazon Web Services, use the FIPS endpoint in your preferred Amazon
+// Web Services Region. For more information about the available FIPS endpoints,
+// see Service endpoints (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region)
+// in the Key Management Service topic of the Amazon Web Services General Reference.
+//
+// All KMS API calls must be signed and be transmitted using Transport Layer
+// Security (TLS). KMS recommends you always use the latest supported TLS version.
+// Clients must also support cipher suites with Perfect Forward Secrecy (PFS)
+// such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman
+// (ECDHE). Most modern systems such as Java 7 and later support these modes.
+//
+// # Signing Requests
 //
 // Requests must be signed by using an access key ID and a secret access key.
-// We strongly recommend that you do not use your AWS account (root) access
-// key ID and secret key for everyday work with AWS KMS. Instead, use the access
-// key ID and secret access key for an IAM user. You can also use the AWS Security
-// Token Service to generate temporary security credentials that you can use
-// to sign requests.
+// We strongly recommend that you do not use your Amazon Web Services account
+// (root) access key ID and secret key for everyday work with KMS. Instead,
+// use the access key ID and secret access key for an IAM user. You can also
+// use the Amazon Web Services Security Token Service to generate temporary
+// security credentials that you can use to sign requests.
 //
-// All AWS KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
+// All KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
 //
-// Logging API Requests
+// # Logging API Requests
 //
-// AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related
-// events for your AWS account and delivers them to an Amazon S3 bucket that
-// you specify. By using the information collected by CloudTrail, you can determine
-// what requests were made to AWS KMS, who made the request, when it was made,
-// and so on. To learn more about CloudTrail, including how to turn it on and
-// find your log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
+// KMS supports CloudTrail, a service that logs Amazon Web Services API calls
+// and related events for your Amazon Web Services account and delivers them
+// to an Amazon S3 bucket that you specify. By using the information collected
+// by CloudTrail, you can determine what requests were made to KMS, who made
+// the request, when it was made, and so on. To learn more about CloudTrail,
+// including how to turn it on and find your log files, see the CloudTrail User
+// Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
 //
-// Additional Resources
+// # Additional Resources
 //
 // For more information about credentials and request signing, see the following:
 //
-//    * AWS Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
-//    - This topic provides general information about the types of credentials
-//    used for accessing AWS.
+//   - Amazon Web Services Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
 //
-//    * Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
-//    - This section of the IAM User Guide describes how to create and use temporary
-//    security credentials.
+//   - This topic provides general information about the types of credentials
+//     used to access Amazon Web Services.
 //
-//    * Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
-//    - This set of topics walks you through the process of signing a request
-//    using an access key ID and a secret access key.
+//   - Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
 //
-// Commonly Used API Operations
+//   - This section of the IAM User Guide describes how to create and use temporary
+//     security credentials.
+//
+//   - Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
+//
+//   - This set of topics walks you through the process of signing a request
+//     using an access key ID and a secret access key.
+//
+// # Commonly Used API Operations
 //
 // Of the API operations discussed in this guide, the following will prove the
 // most useful for most applications. You will likely perform operations other
 // than these, such as creating keys and assigning policies, by using the console.
 //
-//    * Encrypt
+//   - Encrypt
 //
-//    * Decrypt
+//   - Decrypt
 //
-//    * GenerateDataKey
+//   - GenerateDataKey
 //
-//    * GenerateDataKeyWithoutPlaintext
+//   - GenerateDataKeyWithoutPlaintext
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01 for more information on this service.
 //
 // See kms package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/kms/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact AWS Key Management Service with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/kms/errors.go

@@ -18,10 +18,10 @@ const (
 	// ErrCodeCloudHsmClusterInUseException for service response error code
 	// "CloudHsmClusterInUseException".
 	//
-	// The request was rejected because the specified AWS CloudHSM cluster is already
+	// The request was rejected because the specified CloudHSM cluster is already
 	// associated with a custom key store or it shares a backup history with a cluster
 	// that is associated with a custom key store. Each custom key store must be
-	// associated with a different AWS CloudHSM cluster.
+	// associated with a different CloudHSM cluster.
 	//
 	// Clusters that share a backup history have the same cluster certificate. To
 	// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
@@ -31,8 +31,8 @@ const (
 	// ErrCodeCloudHsmClusterInvalidConfigurationException for service response error code
 	// "CloudHsmClusterInvalidConfigurationException".
 	//
-	// The request was rejected because the associated AWS CloudHSM cluster did
-	// not meet the configuration requirements for a custom key store.
+	// The request was rejected because the associated CloudHSM cluster did not
+	// meet the configuration requirements for a custom key store.
 	//
 	//    * The cluster must be configured with private subnets in at least two
 	//    different Availability Zones in the Region.
@@ -47,46 +47,44 @@ const (
 	//    operation.
 	//
 	//    * The cluster must contain at least as many HSMs as the operation requires.
-	//    To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+	//    To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
 	//    operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
-	//    operations, the AWS CloudHSM cluster must have at least two active HSMs,
-	//    each in a different Availability Zone. For the ConnectCustomKeyStore operation,
-	//    the AWS CloudHSM must contain at least one active HSM.
+	//    operations, the CloudHSM cluster must have at least two active HSMs, each
+	//    in a different Availability Zone. For the ConnectCustomKeyStore operation,
+	//    the CloudHSM must contain at least one active HSM.
 	//
-	// For information about the requirements for an AWS CloudHSM cluster that is
-	// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
-	// in the AWS Key Management Service Developer Guide. For information about
-	// creating a private subnet for an AWS CloudHSM cluster, see Create a Private
-	// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
-	// in the AWS CloudHSM User Guide. For information about cluster security groups,
+	// For information about the requirements for an CloudHSM cluster that is associated
+	// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+	// in the Key Management Service Developer Guide. For information about creating
+	// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
+	// in the CloudHSM User Guide. For information about cluster security groups,
 	// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
-	// in the AWS CloudHSM User Guide .
+	// in the CloudHSM User Guide .
 	ErrCodeCloudHsmClusterInvalidConfigurationException = "CloudHsmClusterInvalidConfigurationException"
 
 	// ErrCodeCloudHsmClusterNotActiveException for service response error code
 	// "CloudHsmClusterNotActiveException".
 	//
-	// The request was rejected because the AWS CloudHSM cluster that is associated
+	// The request was rejected because the CloudHSM cluster that is associated
 	// with the custom key store is not active. Initialize and activate the cluster
 	// and try the command again. For detailed instructions, see Getting Started
 	// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
-	// in the AWS CloudHSM User Guide.
+	// in the CloudHSM User Guide.
 	ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException"
 
 	// ErrCodeCloudHsmClusterNotFoundException for service response error code
 	// "CloudHsmClusterNotFoundException".
 	//
-	// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster
-	// with the specified cluster ID. Retry the request with a different cluster
-	// ID.
+	// The request was rejected because KMS cannot find the CloudHSM cluster with
+	// the specified cluster ID. Retry the request with a different cluster ID.
 	ErrCodeCloudHsmClusterNotFoundException = "CloudHsmClusterNotFoundException"
 
 	// ErrCodeCloudHsmClusterNotRelatedException for service response error code
 	// "CloudHsmClusterNotRelatedException".
 	//
-	// The request was rejected because the specified AWS CloudHSM cluster has a
-	// different cluster certificate than the original cluster. You cannot use the
-	// operation to specify an unrelated cluster.
+	// The request was rejected because the specified CloudHSM cluster has a different
+	// cluster certificate than the original cluster. You cannot use the operation
+	// to specify an unrelated cluster.
 	//
 	// Specify a cluster that shares a backup history with the original cluster.
 	// This includes clusters that were created from a backup of the current cluster,
@@ -101,10 +99,10 @@ const (
 	// ErrCodeCustomKeyStoreHasCMKsException for service response error code
 	// "CustomKeyStoreHasCMKsException".
 	//
-	// The request was rejected because the custom key store contains AWS KMS customer
-	// master keys (CMKs). After verifying that you do not need to use the CMKs,
-	// use the ScheduleKeyDeletion operation to delete the CMKs. After they are
-	// deleted, you can delete the custom key store.
+	// The request was rejected because the custom key store contains KMS keys.
+	// After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion
+	// operation to delete the KMS keys. After they are deleted, you can delete
+	// the custom key store.
 	ErrCodeCustomKeyStoreHasCMKsException = "CustomKeyStoreHasCMKsException"
 
 	// ErrCodeCustomKeyStoreInvalidStateException for service response error code
@@ -140,7 +138,7 @@ const (
 	// ErrCodeCustomKeyStoreNotFoundException for service response error code
 	// "CustomKeyStoreNotFoundException".
 	//
-	// The request was rejected because AWS KMS cannot find a custom key store with
+	// The request was rejected because KMS cannot find a custom key store with
 	// the specified key store name or ID.
 	ErrCodeCustomKeyStoreNotFoundException = "CustomKeyStoreNotFoundException"
 
@@ -154,7 +152,7 @@ const (
 	// ErrCodeDisabledException for service response error code
 	// "DisabledException".
 	//
-	// The request was rejected because the specified CMK is not enabled.
+	// The request was rejected because the specified KMS key is not enabled.
 	ErrCodeDisabledException = "DisabledException"
 
 	// ErrCodeExpiredImportTokenException for service response error code
@@ -168,9 +166,9 @@ const (
 	// ErrCodeIncorrectKeyException for service response error code
 	// "IncorrectKeyException".
 	//
-	// The request was rejected because the specified CMK cannot decrypt the data.
-	// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request
-	// must identify the same CMK that was used to encrypt the ciphertext.
+	// The request was rejected because the specified KMS key cannot decrypt the
+	// data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request
+	// must identify the same KMS key that was used to encrypt the ciphertext.
 	ErrCodeIncorrectKeyException = "IncorrectKeyException"
 
 	// ErrCodeIncorrectKeyMaterialException for service response error code
@@ -178,14 +176,14 @@ const (
 	//
 	// The request was rejected because the key material in the request is, expired,
 	// invalid, or is not the same key material that was previously imported into
-	// this customer master key (CMK).
+	// this KMS key.
 	ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException"
 
 	// ErrCodeIncorrectTrustAnchorException for service response error code
 	// "IncorrectTrustAnchorException".
 	//
 	// The request was rejected because the trust anchor certificate in the request
-	// is not the trust anchor certificate for the specified AWS CloudHSM cluster.
+	// is not the trust anchor certificate for the specified CloudHSM cluster.
 	//
 	// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
 	// you create the trust anchor certificate and save it in the customerCA.crt
@@ -220,8 +218,8 @@ const (
 	// the ciphertext, such as the encryption context, is corrupted, missing, or
 	// otherwise invalid.
 	//
-	// From the ImportKeyMaterial operation, the request was rejected because AWS
-	// KMS could not decrypt the encrypted (wrapped) key material.
+	// From the ImportKeyMaterial operation, the request was rejected because KMS
+	// could not decrypt the encrypted (wrapped) key material.
 	ErrCodeInvalidCiphertextException = "InvalidCiphertextException"
 
 	// ErrCodeInvalidGrantIdException for service response error code
@@ -240,7 +238,7 @@ const (
 	// "InvalidImportTokenException".
 	//
 	// The request was rejected because the provided import token is invalid or
-	// is associated with a different customer master key (CMK).
+	// is associated with a different KMS key.
 	ErrCodeInvalidImportTokenException = "InvalidImportTokenException"
 
 	// ErrCodeInvalidKeyUsageException for service response error code
@@ -248,17 +246,19 @@ const (
 	//
 	// The request was rejected for one of the following reasons:
 	//
-	//    * The KeyUsage value of the CMK is incompatible with the API operation.
+	//    * The KeyUsage value of the KMS key is incompatible with the API operation.
 	//
 	//    * The encryption algorithm or signing algorithm specified for the operation
-	//    is incompatible with the type of key material in the CMK (CustomerMasterKeySpec).
+	//    is incompatible with the type of key material in the KMS key (KeySpec).
 	//
 	// For encrypting, decrypting, re-encrypting, and generating data keys, the
-	// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage
-	// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation.
+	// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
+	// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
+	// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
+	// of a KMS key, use the DescribeKey operation.
 	//
-	// To find the encryption or signing algorithms supported for a particular CMK,
-	// use the DescribeKey operation.
+	// To find the encryption or signing algorithms supported for a particular KMS
+	// key, use the DescribeKey operation.
 	ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException"
 
 	// ErrCodeInvalidMarkerException for service response error code
@@ -274,24 +274,32 @@ const (
 	// The request was rejected because the state of the specified resource is not
 	// valid for this request.
 	//
-	// For more information about how key state affects the use of a CMK, see How
-	// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
-	// in the AWS Key Management Service Developer Guide .
+	// For more information about how key state affects the use of a KMS key, see
+	// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+	// in the Key Management Service Developer Guide .
 	ErrCodeInvalidStateException = "KMSInvalidStateException"
 
+	// ErrCodeKMSInvalidMacException for service response error code
+	// "KMSInvalidMacException".
+	//
+	// The request was rejected because the HMAC verification failed. HMAC verification
+	// fails when the HMAC computed by using the specified message, HMAC KMS key,
+	// and MAC algorithm does not match the HMAC specified in the request.
+	ErrCodeKMSInvalidMacException = "KMSInvalidMacException"
+
 	// ErrCodeKMSInvalidSignatureException for service response error code
 	// "KMSInvalidSignatureException".
 	//
 	// The request was rejected because the signature verification failed. Signature
 	// verification fails when it cannot confirm that signature was produced by
-	// signing the specified message with the specified CMK and signing algorithm.
+	// signing the specified message with the specified KMS key and signing algorithm.
 	ErrCodeKMSInvalidSignatureException = "KMSInvalidSignatureException"
 
 	// ErrCodeKeyUnavailableException for service response error code
 	// "KeyUnavailableException".
 	//
-	// The request was rejected because the specified CMK was not available. You
-	// can retry the request.
+	// The request was rejected because the specified KMS key was not available.
+	// You can retry the request.
 	ErrCodeKeyUnavailableException = "KeyUnavailableException"
 
 	// ErrCodeLimitExceededException for service response error code
@@ -299,7 +307,7 @@ const (
 	//
 	// The request was rejected because a quota was exceeded. For more information,
 	// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
-	// in the AWS Key Management Service Developer Guide.
+	// in the Key Management Service Developer Guide.
 	ErrCodeLimitExceededException = "LimitExceededException"
 
 	// ErrCodeMalformedPolicyDocumentException for service response error code
@@ -357,6 +365,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
 	"InvalidKeyUsageException":                     newErrorInvalidKeyUsageException,
 	"InvalidMarkerException":                       newErrorInvalidMarkerException,
 	"KMSInvalidStateException":                     newErrorInvalidStateException,
+	"KMSInvalidMacException":                       newErrorKMSInvalidMacException,
 	"KMSInvalidSignatureException":                 newErrorKMSInvalidSignatureException,
 	"KeyUnavailableException":                      newErrorKeyUnavailableException,
 	"LimitExceededException":                       newErrorLimitExceededException,

vendor/github.com/aws/aws-sdk-go/service/kms/service.go

@@ -40,33 +40,39 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a KMS client from just a session.
-//     svc := kms.New(mySession)
+//	mySession := session.Must(session.NewSession())
 //
-//     // Create a KMS client with additional configuration
-//     svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	// Create a KMS client from just a session.
+//	svc := kms.New(mySession)
+//
+//	// Create a KMS client with additional configuration
+//	svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *KMS {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = EndpointsID
+		// No Fallback
+	}
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *KMS {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *KMS {
 	svc := &KMS{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
-				ServiceName:   ServiceName,
-				ServiceID:     ServiceID,
-				SigningName:   signingName,
-				SigningRegion: signingRegion,
-				PartitionID:   partitionID,
-				Endpoint:      endpoint,
-				APIVersion:    "2014-11-01",
-				JSONVersion:   "1.1",
-				TargetPrefix:  "TrentService",
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2014-11-01",
+				ResolvedRegion: resolvedRegion,
+				JSONVersion:    "1.1",
+				TargetPrefix:   "TrentService",
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/sso/api.go

@@ -29,14 +29,13 @@ const opGetRoleCredentials = "GetRoleCredentials"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
+//	// Example sending a request using the GetRoleCredentialsRequest method.
+//	req, resp := client.GetRoleCredentialsRequest(params)
 //
-//    // Example sending a request using the GetRoleCredentialsRequest method.
-//    req, resp := client.GetRoleCredentialsRequest(params)
-//
-//    err := req.Send()
-//    if err == nil { // resp is now filled
-//        fmt.Println(resp)
-//    }
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
 func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *request.Request, output *GetRoleCredentialsOutput) {
@@ -69,20 +68,21 @@ func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *re
 // API operation GetRoleCredentials for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
-//   Indicates that a problem occurred with the input to the request. For example,
-//   a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
-//   Indicates that the request is not authorized. This can happen due to an invalid
-//   access token in the request.
+//   - InvalidRequestException
+//     Indicates that a problem occurred with the input to the request. For example,
+//     a required parameter might be missing or out of range.
 //
-//   * TooManyRequestsException
-//   Indicates that the request is being made too frequently and is more than
-//   what the server can handle.
+//   - UnauthorizedException
+//     Indicates that the request is not authorized. This can happen due to an invalid
+//     access token in the request.
 //
-//   * ResourceNotFoundException
-//   The specified resource doesn't exist.
+//   - TooManyRequestsException
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+//   - ResourceNotFoundException
+//     The specified resource doesn't exist.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
 func (c *SSO) GetRoleCredentials(input *GetRoleCredentialsInput) (*GetRoleCredentialsOutput, error) {
@@ -122,14 +122,13 @@ const opListAccountRoles = "ListAccountRoles"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
+//	// Example sending a request using the ListAccountRolesRequest method.
+//	req, resp := client.ListAccountRolesRequest(params)
 //
-//    // Example sending a request using the ListAccountRolesRequest method.
-//    req, resp := client.ListAccountRolesRequest(params)
-//
-//    err := req.Send()
-//    if err == nil { // resp is now filled
-//        fmt.Println(resp)
-//    }
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
 func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *request.Request, output *ListAccountRolesOutput) {
@@ -167,20 +166,21 @@ func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *reques
 // API operation ListAccountRoles for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
-//   Indicates that a problem occurred with the input to the request. For example,
-//   a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
-//   Indicates that the request is not authorized. This can happen due to an invalid
-//   access token in the request.
+//   - InvalidRequestException
+//     Indicates that a problem occurred with the input to the request. For example,
+//     a required parameter might be missing or out of range.
 //
-//   * TooManyRequestsException
-//   Indicates that the request is being made too frequently and is more than
-//   what the server can handle.
+//   - UnauthorizedException
+//     Indicates that the request is not authorized. This can happen due to an invalid
+//     access token in the request.
 //
-//   * ResourceNotFoundException
-//   The specified resource doesn't exist.
+//   - TooManyRequestsException
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+//   - ResourceNotFoundException
+//     The specified resource doesn't exist.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
 func (c *SSO) ListAccountRoles(input *ListAccountRolesInput) (*ListAccountRolesOutput, error) {
@@ -212,15 +212,14 @@ func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRol
 //
 // Note: This operation can generate multiple requests to a service.
 //
-//    // Example iterating over at most 3 pages of a ListAccountRoles operation.
-//    pageNum := 0
-//    err := client.ListAccountRolesPages(params,
-//        func(page *sso.ListAccountRolesOutput, lastPage bool) bool {
-//            pageNum++
-//            fmt.Println(page)
-//            return pageNum <= 3
-//        })
-//
+//	// Example iterating over at most 3 pages of a ListAccountRoles operation.
+//	pageNum := 0
+//	err := client.ListAccountRolesPages(params,
+//	    func(page *sso.ListAccountRolesOutput, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
 func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error {
 	return c.ListAccountRolesPagesWithContext(aws.BackgroundContext(), input, fn)
 }
@@ -272,14 +271,13 @@ const opListAccounts = "ListAccounts"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
+//	// Example sending a request using the ListAccountsRequest method.
+//	req, resp := client.ListAccountsRequest(params)
 //
-//    // Example sending a request using the ListAccountsRequest method.
-//    req, resp := client.ListAccountsRequest(params)
-//
-//    err := req.Send()
-//    if err == nil { // resp is now filled
-//        fmt.Println(resp)
-//    }
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
 func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
@@ -310,7 +308,8 @@ func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Reques
 // Lists all AWS accounts assigned to the user. These AWS accounts are assigned
 // by the administrator of the account. For more information, see Assign User
 // Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
-// in the AWS SSO User Guide. This operation returns a paginated response.
+// in the IAM Identity Center User Guide. This operation returns a paginated
+// response.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -320,20 +319,21 @@ func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Reques
 // API operation ListAccounts for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
-//   Indicates that a problem occurred with the input to the request. For example,
-//   a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
-//   Indicates that the request is not authorized. This can happen due to an invalid
-//   access token in the request.
+//   - InvalidRequestException
+//     Indicates that a problem occurred with the input to the request. For example,
+//     a required parameter might be missing or out of range.
 //
-//   * TooManyRequestsException
-//   Indicates that the request is being made too frequently and is more than
-//   what the server can handle.
+//   - UnauthorizedException
+//     Indicates that the request is not authorized. This can happen due to an invalid
+//     access token in the request.
 //
-//   * ResourceNotFoundException
-//   The specified resource doesn't exist.
+//   - TooManyRequestsException
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+//   - ResourceNotFoundException
+//     The specified resource doesn't exist.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
 func (c *SSO) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
@@ -365,15 +365,14 @@ func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput,
 //
 // Note: This operation can generate multiple requests to a service.
 //
-//    // Example iterating over at most 3 pages of a ListAccounts operation.
-//    pageNum := 0
-//    err := client.ListAccountsPages(params,
-//        func(page *sso.ListAccountsOutput, lastPage bool) bool {
-//            pageNum++
-//            fmt.Println(page)
-//            return pageNum <= 3
-//        })
-//
+//	// Example iterating over at most 3 pages of a ListAccounts operation.
+//	pageNum := 0
+//	err := client.ListAccountsPages(params,
+//	    func(page *sso.ListAccountsOutput, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
 func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
 	return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
 }
@@ -425,14 +424,13 @@ const opLogout = "Logout"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
+//	// Example sending a request using the LogoutRequest method.
+//	req, resp := client.LogoutRequest(params)
 //
-//    // Example sending a request using the LogoutRequest method.
-//    req, resp := client.LogoutRequest(params)
-//
-//    err := req.Send()
-//    if err == nil { // resp is now filled
-//        fmt.Println(resp)
-//    }
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
 func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *LogoutOutput) {
@@ -455,7 +453,21 @@ func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *L
 
 // Logout API operation for AWS Single Sign-On.
 //
-// Removes the client- and server-side session that is associated with the user.
+// Removes the locally stored SSO tokens from the client-side cache and sends
+// an API call to the IAM Identity Center service to invalidate the corresponding
+// server-side IAM Identity Center sign in session.
+//
+// If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM
+// Identity Center sign in session is used to obtain an IAM session, as specified
+// in the corresponding IAM Identity Center permission set. More specifically,
+// IAM Identity Center assumes an IAM role in the target account on behalf of
+// the user, and the corresponding temporary AWS credentials are returned to
+// the client.
+//
+// After user logout, any existing IAM role sessions that were created by using
+// IAM Identity Center permission sets continue based on the duration configured
+// in the permission set. For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
+// in the IAM Identity Center User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -465,17 +477,18 @@ func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *L
 // API operation Logout for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
-//   Indicates that a problem occurred with the input to the request. For example,
-//   a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
-//   Indicates that the request is not authorized. This can happen due to an invalid
-//   access token in the request.
+//   - InvalidRequestException
+//     Indicates that a problem occurred with the input to the request. For example,
+//     a required parameter might be missing or out of range.
 //
-//   * TooManyRequestsException
-//   Indicates that the request is being made too frequently and is more than
-//   what the server can handle.
+//   - UnauthorizedException
+//     Indicates that the request is not authorized. This can happen due to an invalid
+//     access token in the request.
+//
+//   - TooManyRequestsException
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
 func (c *SSO) Logout(input *LogoutInput) (*LogoutOutput, error) {
@@ -513,12 +526,20 @@ type AccountInfo struct {
 	EmailAddress *string `locationName:"emailAddress" min:"1" type:"string"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s AccountInfo) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s AccountInfo) GoString() string {
 	return s.String()
 }
@@ -542,11 +563,15 @@ func (s *AccountInfo) SetEmailAddress(v string) *AccountInfo {
 }
 
 type GetRoleCredentialsInput struct {
-	_ struct{} `type:"structure"`
+	_ struct{} `type:"structure" nopayload:"true"`
 
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// AccessToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by GetRoleCredentialsInput's
+	// String and GoString methods.
 	//
 	// AccessToken is a required field
 	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
@@ -562,12 +587,20 @@ type GetRoleCredentialsInput struct {
 	RoleName *string `location:"querystring" locationName:"role_name" type:"string" required:"true"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s GetRoleCredentialsInput) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s GetRoleCredentialsInput) GoString() string {
 	return s.String()
 }
@@ -616,12 +649,20 @@ type GetRoleCredentialsOutput struct {
 	RoleCredentials *RoleCredentials `locationName:"roleCredentials" type:"structure"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s GetRoleCredentialsOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s GetRoleCredentialsOutput) GoString() string {
 	return s.String()
 }
@@ -641,12 +682,20 @@ type InvalidRequestException struct {
 	Message_ *string `locationName:"message" type:"string"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s InvalidRequestException) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s InvalidRequestException) GoString() string {
 	return s.String()
 }
@@ -690,11 +739,15 @@ func (s *InvalidRequestException) RequestID() string {
 }
 
 type ListAccountRolesInput struct {
-	_ struct{} `type:"structure"`
+	_ struct{} `type:"structure" nopayload:"true"`
 
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// AccessToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by ListAccountRolesInput's
+	// String and GoString methods.
 	//
 	// AccessToken is a required field
 	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
@@ -712,12 +765,20 @@ type ListAccountRolesInput struct {
 	NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ListAccountRolesInput) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ListAccountRolesInput) GoString() string {
 	return s.String()
 }
@@ -776,12 +837,20 @@ type ListAccountRolesOutput struct {
 	RoleList []*RoleInfo `locationName:"roleList" type:"list"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ListAccountRolesOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ListAccountRolesOutput) GoString() string {
 	return s.String()
 }
@@ -799,11 +868,15 @@ func (s *ListAccountRolesOutput) SetRoleList(v []*RoleInfo) *ListAccountRolesOut
 }
 
 type ListAccountsInput struct {
-	_ struct{} `type:"structure"`
+	_ struct{} `type:"structure" nopayload:"true"`
 
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// AccessToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by ListAccountsInput's
+	// String and GoString methods.
 	//
 	// AccessToken is a required field
 	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
@@ -816,12 +889,20 @@ type ListAccountsInput struct {
 	NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ListAccountsInput) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ListAccountsInput) GoString() string {
 	return s.String()
 }
@@ -871,12 +952,20 @@ type ListAccountsOutput struct {
 	NextToken *string `locationName:"nextToken" type:"string"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ListAccountsOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ListAccountsOutput) GoString() string {
 	return s.String()
 }
@@ -894,22 +983,34 @@ func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput {
 }
 
 type LogoutInput struct {
-	_ struct{} `type:"structure"`
+	_ struct{} `type:"structure" nopayload:"true"`
 
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// AccessToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by LogoutInput's
+	// String and GoString methods.
 	//
 	// AccessToken is a required field
 	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s LogoutInput) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s LogoutInput) GoString() string {
 	return s.String()
 }
@@ -937,12 +1038,20 @@ type LogoutOutput struct {
 	_ struct{} `type:"structure"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s LogoutOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s LogoutOutput) GoString() string {
 	return s.String()
 }
@@ -955,12 +1064,20 @@ type ResourceNotFoundException struct {
 	Message_ *string `locationName:"message" type:"string"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ResourceNotFoundException) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s ResourceNotFoundException) GoString() string {
 	return s.String()
 }
@@ -1020,20 +1137,36 @@ type RoleCredentials struct {
 	// The key that is used to sign the request. For more information, see Using
 	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
 	// in the AWS IAM User Guide.
+	//
+	// SecretAccessKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by RoleCredentials's
+	// String and GoString methods.
 	SecretAccessKey *string `locationName:"secretAccessKey" type:"string" sensitive:"true"`
 
 	// The token used for temporary credentials. For more information, see Using
 	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
 	// in the AWS IAM User Guide.
+	//
+	// SessionToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by RoleCredentials's
+	// String and GoString methods.
 	SessionToken *string `locationName:"sessionToken" type:"string" sensitive:"true"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s RoleCredentials) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s RoleCredentials) GoString() string {
 	return s.String()
 }
@@ -1073,12 +1206,20 @@ type RoleInfo struct {
 	RoleName *string `locationName:"roleName" type:"string"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s RoleInfo) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s RoleInfo) GoString() string {
 	return s.String()
 }
@@ -1104,12 +1245,20 @@ type TooManyRequestsException struct {
 	Message_ *string `locationName:"message" type:"string"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s TooManyRequestsException) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s TooManyRequestsException) GoString() string {
 	return s.String()
 }
@@ -1161,12 +1310,20 @@ type UnauthorizedException struct {
 	Message_ *string `locationName:"message" type:"string"`
 }
 
-// String returns the string representation
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s UnauthorizedException) String() string {
 	return awsutil.Prettify(s)
 }
 
-// GoString returns the string representation
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
 func (s UnauthorizedException) GoString() string {
 	return s.String()
 }

vendor/github.com/aws/aws-sdk-go/service/sso/doc.go

@@ -3,30 +3,31 @@
 // Package sso provides the client and types for making API
 // requests to AWS Single Sign-On.
 //
-// AWS Single Sign-On Portal is a web service that makes it easy for you to
-// assign user access to AWS SSO resources such as the user portal. Users can
-// get AWS account applications and roles assigned to them and get federated
-// into the application.
+// AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web
+// service that makes it easy for you to assign user access to IAM Identity
+// Center resources such as the AWS access portal. Users can get AWS account
+// applications and roles assigned to them and get federated into the application.
 //
-// For general information about AWS SSO, see What is AWS Single Sign-On? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
-// in the AWS SSO User Guide.
+// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces
+// will continue to retain their original name for backward compatibility purposes.
+// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
 //
-// This API reference guide describes the AWS SSO Portal operations that you
-// can call programatically and includes detailed information on data types
-// and errors.
+// This reference guide describes the IAM Identity Center Portal operations
+// that you can call programatically and includes detailed information on data
+// types and errors.
 //
 // AWS provides SDKs that consist of libraries and sample code for various programming
 // languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs
-// provide a convenient way to create programmatic access to AWS SSO and other
-// AWS services. For more information about the AWS SDKs, including how to download
-// and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
+// provide a convenient way to create programmatic access to IAM Identity Center
+// and other AWS services. For more information about the AWS SDKs, including
+// how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10 for more information on this service.
 //
 // See sso package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/sso/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact AWS Single Sign-On with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/sso/service.go

@@ -40,34 +40,36 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a SSO client from just a session.
-//     svc := sso.New(mySession)
+//	mySession := session.Must(session.NewSession())
 //
-//     // Create a SSO client with additional configuration
-//     svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	// Create a SSO client from just a session.
+//	svc := sso.New(mySession)
+//
+//	// Create a SSO client with additional configuration
+//	svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO {
 	c := p.ClientConfig(EndpointsID, cfgs...)
 	if c.SigningNameDerived || len(c.SigningName) == 0 {
 		c.SigningName = "awsssoportal"
 	}
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *SSO {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SSO {
 	svc := &SSO{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
-				ServiceName:   ServiceName,
-				ServiceID:     ServiceID,
-				SigningName:   signingName,
-				SigningRegion: signingRegion,
-				PartitionID:   partitionID,
-				Endpoint:      endpoint,
-				APIVersion:    "2019-06-10",
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2019-06-10",
+				ResolvedRegion: resolvedRegion,
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go

@@ -23,37 +23,37 @@ import (
 // can be stubbed out for unit testing your code with the SDK without needing
 // to inject custom request handlers into the SDK's request pipeline.
 //
-//    // myFunc uses an SDK service client to make a request to
-//    // AWS Single Sign-On.
-//    func myFunc(svc ssoiface.SSOAPI) bool {
-//        // Make svc.GetRoleCredentials request
-//    }
+//	// myFunc uses an SDK service client to make a request to
+//	// AWS Single Sign-On.
+//	func myFunc(svc ssoiface.SSOAPI) bool {
+//	    // Make svc.GetRoleCredentials request
+//	}
 //
-//    func main() {
-//        sess := session.New()
-//        svc := sso.New(sess)
+//	func main() {
+//	    sess := session.New()
+//	    svc := sso.New(sess)
 //
-//        myFunc(svc)
-//    }
+//	    myFunc(svc)
+//	}
 //
 // In your _test.go file:
 //
-//    // Define a mock struct to be used in your unit tests of myFunc.
-//    type mockSSOClient struct {
-//        ssoiface.SSOAPI
-//    }
-//    func (m *mockSSOClient) GetRoleCredentials(input *sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) {
-//        // mock response/functionality
-//    }
+//	// Define a mock struct to be used in your unit tests of myFunc.
+//	type mockSSOClient struct {
+//	    ssoiface.SSOAPI
+//	}
+//	func (m *mockSSOClient) GetRoleCredentials(input *sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) {
+//	    // mock response/functionality
+//	}
 //
-//    func TestMyFunc(t *testing.T) {
-//        // Setup Test
-//        mockSvc := &mockSSOClient{}
+//	func TestMyFunc(t *testing.T) {
+//	    // Setup Test
+//	    mockSvc := &mockSSOClient{}
 //
-//        myfunc(mockSvc)
+//	    myfunc(mockSvc)
 //
-//        // Verify myFunc's functionality
-//    }
+//	    // Verify myFunc's functionality
+//	}
 //
 // It is important to note that this interface will have breaking changes
 // when the service model is updated and adds new API operations, paginators,

vendor/github.com/aws/aws-sdk-go/service/sts/doc.go

@@ -3,18 +3,18 @@
 // Package sts provides the client and types for making API
 // requests to AWS Security Token Service.
 //
-// AWS Security Token Service (STS) enables you to request temporary, limited-privilege
-// credentials for AWS Identity and Access Management (IAM) users or for users
-// that you authenticate (federated users). This guide provides descriptions
-// of the STS API. For more information about using this service, see Temporary
-// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
+// Security Token Service (STS) enables you to request temporary, limited-privilege
+// credentials for Identity and Access Management (IAM) users or for users that
+// you authenticate (federated users). This guide provides descriptions of the
+// STS API. For more information about using this service, see Temporary Security
+// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
 //
 // See sts package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/sts/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact AWS Security Token Service with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/sts/errors.go

@@ -42,8 +42,9 @@ const (
 	// ErrCodeInvalidIdentityTokenException for service response error code
 	// "InvalidIdentityToken".
 	//
-	// The web identity token that was passed could not be validated by AWS. Get
-	// a new identity token from the identity provider and then retry the request.
+	// The web identity token that was passed could not be validated by Amazon Web
+	// Services. Get a new identity token from the identity provider and then retry
+	// the request.
 	ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken"
 
 	// ErrCodeMalformedPolicyDocumentException for service response error code
@@ -57,16 +58,16 @@ const (
 	// "PackedPolicyTooLarge".
 	//
 	// The request was rejected because the total packed size of the session policies
-	// and session tags combined was too large. An AWS conversion compresses the
-	// session policy document, session policy ARNs, and session tags into a packed
-	// binary format that has a separate limit. The error message indicates by percentage
-	// how close the policies and tags are to the upper size limit. For more information,
-	// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+	// and session tags combined was too large. An Amazon Web Services conversion
+	// compresses the session policy document, session policy ARNs, and session
+	// tags into a packed binary format that has a separate limit. The error message
+	// indicates by percentage how close the policies and tags are to the upper
+	// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
 	// in the IAM User Guide.
 	//
 	// You could receive this error even though you meet other defined session policy
 	// and session tag limits. For more information, see IAM and STS Entity Character
-	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
 	// in the IAM User Guide.
 	ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
 
@@ -76,7 +77,8 @@ const (
 	// STS is not activated in the requested region for the account that is being
 	// asked to generate credentials. The account administrator must use the IAM
 	// console to activate STS in that region. For more information, see Activating
-	// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+	// and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 	// in the IAM User Guide.
 	ErrCodeRegionDisabledException = "RegionDisabledException"
 )

vendor/github.com/aws/aws-sdk-go/service/sts/service.go

@@ -39,31 +39,37 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a STS client from just a session.
-//     svc := sts.New(mySession)
+//	mySession := session.Must(session.NewSession())
 //
-//     // Create a STS client with additional configuration
-//     svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	// Create a STS client from just a session.
+//	svc := sts.New(mySession)
+//
+//	// Create a STS client with additional configuration
+//	svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = EndpointsID
+		// No Fallback
+	}
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *STS {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *STS {
 	svc := &STS{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
-				ServiceName:   ServiceName,
-				ServiceID:     ServiceID,
-				SigningName:   signingName,
-				SigningRegion: signingRegion,
-				PartitionID:   partitionID,
-				Endpoint:      endpoint,
-				APIVersion:    "2011-06-15",
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2011-06-15",
+				ResolvedRegion: resolvedRegion,
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go

@@ -23,37 +23,37 @@ import (
 // can be stubbed out for unit testing your code with the SDK without needing
 // to inject custom request handlers into the SDK's request pipeline.
 //
-//    // myFunc uses an SDK service client to make a request to
-//    // AWS Security Token Service.
-//    func myFunc(svc stsiface.STSAPI) bool {
-//        // Make svc.AssumeRole request
-//    }
+//	// myFunc uses an SDK service client to make a request to
+//	// AWS Security Token Service.
+//	func myFunc(svc stsiface.STSAPI) bool {
+//	    // Make svc.AssumeRole request
+//	}
 //
-//    func main() {
-//        sess := session.New()
-//        svc := sts.New(sess)
+//	func main() {
+//	    sess := session.New()
+//	    svc := sts.New(sess)
 //
-//        myFunc(svc)
-//    }
+//	    myFunc(svc)
+//	}
 //
 // In your _test.go file:
 //
-//    // Define a mock struct to be used in your unit tests of myFunc.
-//    type mockSTSClient struct {
-//        stsiface.STSAPI
-//    }
-//    func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
-//        // mock response/functionality
-//    }
+//	// Define a mock struct to be used in your unit tests of myFunc.
+//	type mockSTSClient struct {
+//	    stsiface.STSAPI
+//	}
+//	func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+//	    // mock response/functionality
+//	}
 //
-//    func TestMyFunc(t *testing.T) {
-//        // Setup Test
-//        mockSvc := &mockSTSClient{}
+//	func TestMyFunc(t *testing.T) {
+//	    // Setup Test
+//	    mockSvc := &mockSTSClient{}
 //
-//        myfunc(mockSvc)
+//	    myfunc(mockSvc)
 //
-//        // Verify myFunc's functionality
-//    }
+//	    // Verify myFunc's functionality
+//	}
 //
 // It is important to note that this interface will have breaking changes
 // when the service model is updated and adds new API operations, paginators,