Merge pull request #53561 from justinsb/update_aws_sdk_go_1_12_7

Automatic merge from submit-queue (batch tested with PRs 54822, 53561, 54888). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Update AWS SDK to 1.12.7

```release-note
Update AWS SDK to 1.12.7
```

This includes support for all the latest goodies - in particular NLB and tagging as part of CreateVolume

cc @micahhausler  @gnufied 

Issue #54032

Godeps/Godeps.json

@@ -162,158 +162,158 @@
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/awserr",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/awsutil",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/client",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/client/metadata",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/corehandlers",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/credentials",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/credentials/endpointcreds",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/credentials/stscreds",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/defaults",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/ec2metadata",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/endpoints",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/request",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/session",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws/signer/v4",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/shareddefaults",
+			"Comment": "v1.12.7",
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/private/protocol",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/private/protocol/ec2query",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/private/protocol/jsonrpc",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/private/protocol/query",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/private/protocol/query/queryutil",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/private/protocol/rest",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
-		},
-		{
-			"ImportPath": "github.com/aws/aws-sdk-go/private/waiter",
-			"Comment": "v1.6.10",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/service/autoscaling",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/service/ec2",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/service/ecr",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/service/elb",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/service/kms",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/service/sts",
-			"Comment": "v1.6.10",
+			"Comment": "v1.12.7",
-			"Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d"
+			"Rev": "760741802ad40f49ae9fc4a69ef6706d2527d62e"
 		},
 		{
 			"ImportPath": "github.com/beorn7/perks/quantile",
@@ -1157,8 +1157,8 @@
 		},
 		{
 			"ImportPath": "github.com/go-ini/ini",
-			"Comment": "v0-54-g2e44421",
+			"Comment": "v1.25.4",
-			"Rev": "2e44421e256d82ebbf3d4d4fcabe8930b905eff3"
+			"Rev": "300e940a926eb277d3901b20bdfcc54928ad3642"
 		},
 		{
 			"ImportPath": "github.com/go-openapi/analysis",
@@ -1855,8 +1855,8 @@
 		},
 		{
 			"ImportPath": "github.com/jmespath/go-jmespath",
-			"Comment": "0.2.2",
+			"Comment": "0.2.2-12-g0b12d6b",
-			"Rev": "3433f3ea46d9f8019119e7dd41274e112a2359a9"
+			"Rev": "0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74"
 		},
 		{
 			"ImportPath": "github.com/jonboulle/clockwork",

Godeps/LICENSES

@@ -5172,6 +5172,216 @@ SOFTWARE.
 ================================================================================
 
 
+================================================================================
+= vendor/github.com/aws/aws-sdk-go/internal/shareddefaults licensed under: =
+
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+= vendor/github.com/aws/aws-sdk-go/LICENSE.txt 3b83ef96387f14655fc854ddc3c6bd57
+================================================================================
+
+
 ================================================================================
 = vendor/github.com/aws/aws-sdk-go/private/protocol licensed under: =
 
@@ -6852,216 +7062,6 @@ SOFTWARE.
 ================================================================================
 
 
-================================================================================
-= vendor/github.com/aws/aws-sdk-go/private/waiter licensed under: =
-
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
-= vendor/github.com/aws/aws-sdk-go/LICENSE.txt 3b83ef96387f14655fc854ddc3c6bd57
-================================================================================
-
-
 ================================================================================
 = vendor/github.com/aws/aws-sdk-go/service/autoscaling licensed under: =
 

vendor/BUILD

@@ -33,14 +33,16 @@ filegroup(
         "//vendor/github.com/armon/circbuf:all-srcs",
         "//vendor/github.com/asaskevich/govalidator:all-srcs",
         "//vendor/github.com/aws/aws-sdk-go/aws:all-srcs",
+        "//vendor/github.com/aws/aws-sdk-go/internal/shareddefaults:all-srcs",
         "//vendor/github.com/aws/aws-sdk-go/private/protocol:all-srcs",
-        "//vendor/github.com/aws/aws-sdk-go/private/waiter:all-srcs",
         "//vendor/github.com/aws/aws-sdk-go/service/autoscaling:all-srcs",
         "//vendor/github.com/aws/aws-sdk-go/service/ec2:all-srcs",
         "//vendor/github.com/aws/aws-sdk-go/service/ecr:all-srcs",
         "//vendor/github.com/aws/aws-sdk-go/service/elb:all-srcs",
         "//vendor/github.com/aws/aws-sdk-go/service/kms:all-srcs",
         "//vendor/github.com/aws/aws-sdk-go/service/sts:all-srcs",
+        "//vendor/github.com/aws/aws-sdk-go/vendor/github.com/go-ini/ini:all-srcs",
+        "//vendor/github.com/aws/aws-sdk-go/vendor/github.com/jmespath/go-jmespath:all-srcs",
         "//vendor/github.com/beorn7/perks/quantile:all-srcs",
         "//vendor/github.com/blang/semver:all-srcs",
         "//vendor/github.com/boltdb/bolt:all-srcs",

vendor/github.com/aws/aws-sdk-go/aws/BUILD

@@ -4,10 +4,17 @@ go_library(
     name = "go_default_library",
     srcs = [
         "config.go",
+        "context.go",
+        "context_1_6.go",
+        "context_1_7.go",
         "convert_types.go",
+        "doc.go",
         "errors.go",
+        "jsonvalue.go",
         "logger.go",
         "types.go",
+        "url.go",
+        "url_1_7.go",
         "version.go",
     ],
     importpath = "github.com/aws/aws-sdk-go/aws",

vendor/github.com/aws/aws-sdk-go/aws/client/BUILD

@@ -5,6 +5,7 @@ go_library(
     srcs = [
         "client.go",
         "default_retryer.go",
+        "logger.go",
     ],
     importpath = "github.com/aws/aws-sdk-go/aws/client",
     visibility = ["//visibility:public"],

vendor/github.com/aws/aws-sdk-go/aws/client/client.go

@@ -2,7 +2,6 @@ package client
 
 import (
 	"fmt"
-	"net/http/httputil"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/client/metadata"
@@ -24,6 +23,13 @@ type ConfigProvider interface {
 	ClientConfig(serviceName string, cfgs ...*aws.Config) Config
 }
 
+// ConfigNoResolveEndpointProvider same as ConfigProvider except it will not
+// resolve the endpoint automatically. The service client's endpoint must be
+// provided via the aws.Config.Endpoint field.
+type ConfigNoResolveEndpointProvider interface {
+	ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) Config
+}
+
 // A Client implements the base client request and response handling
 // used by all service clients.
 type Client struct {
@@ -39,7 +45,7 @@ func New(cfg aws.Config, info metadata.ClientInfo, handlers request.Handlers, op
 	svc := &Client{
 		Config:     cfg,
 		ClientInfo: info,
-		Handlers:   handlers,
+		Handlers:   handlers.Copy(),
 	}
 
 	switch retryer, ok := cfg.Retryer.(request.Retryer); {
@@ -79,61 +85,6 @@ func (c *Client) AddDebugHandlers() {
 		return
 	}
 
-	c.Handlers.Send.PushFront(logRequest)
+	c.Handlers.Send.PushFrontNamed(request.NamedHandler{Name: "awssdk.client.LogRequest", Fn: logRequest})
-	c.Handlers.Send.PushBack(logResponse)
+	c.Handlers.Send.PushBackNamed(request.NamedHandler{Name: "awssdk.client.LogResponse", Fn: logResponse})
-}
-
-const logReqMsg = `DEBUG: Request %s/%s Details:
----[ REQUEST POST-SIGN ]-----------------------------
-%s
------------------------------------------------------`
-
-const logReqErrMsg = `DEBUG ERROR: Request %s/%s:
----[ REQUEST DUMP ERROR ]-----------------------------
-%s
------------------------------------------------------`
-
-func logRequest(r *request.Request) {
-	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
-	dumpedBody, err := httputil.DumpRequestOut(r.HTTPRequest, logBody)
-	if err != nil {
-		r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg, r.ClientInfo.ServiceName, r.Operation.Name, err))
-		return
-	}
-
-	if logBody {
-		// Reset the request body because dumpRequest will re-wrap the r.HTTPRequest's
-		// Body as a NoOpCloser and will not be reset after read by the HTTP
-		// client reader.
-		r.ResetBody()
-	}
-
-	r.Config.Logger.Log(fmt.Sprintf(logReqMsg, r.ClientInfo.ServiceName, r.Operation.Name, string(dumpedBody)))
-}
-
-const logRespMsg = `DEBUG: Response %s/%s Details:
----[ RESPONSE ]--------------------------------------
-%s
------------------------------------------------------`
-
-const logRespErrMsg = `DEBUG ERROR: Response %s/%s:
----[ RESPONSE DUMP ERROR ]-----------------------------
-%s
------------------------------------------------------`
-
-func logResponse(r *request.Request) {
-	var msg = "no response data"
-	if r.HTTPResponse != nil {
-		logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
-		dumpedBody, err := httputil.DumpResponse(r.HTTPResponse, logBody)
-		if err != nil {
-			r.Config.Logger.Log(fmt.Sprintf(logRespErrMsg, r.ClientInfo.ServiceName, r.Operation.Name, err))
-			return
-		}
-
-		msg = string(dumpedBody)
-	} else if r.Error != nil {
-		msg = r.Error.Error()
-	}
-	r.Config.Logger.Log(fmt.Sprintf(logRespMsg, r.ClientInfo.ServiceName, r.Operation.Name, msg))
 }

vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go

@@ -15,11 +15,11 @@ import (
 // the MaxRetries method:
 //
 //		type retryer struct {
-//      service.DefaultRetryer
+//      client.DefaultRetryer
 //    }
 //
 //    // This implementation always has 100 max retries
-//    func (d retryer) MaxRetries() uint { return 100 }
+//    func (d retryer) MaxRetries() int { return 100 }
 type DefaultRetryer struct {
 	NumMaxRetries int
 }
@@ -54,6 +54,12 @@ func (d DefaultRetryer) RetryRules(r *request.Request) time.Duration {
 
 // ShouldRetry returns true if the request should be retried.
 func (d DefaultRetryer) ShouldRetry(r *request.Request) bool {
+	// If one of the other handlers already set the retry state
+	// we don't want to override it based on the service's state
+	if r.Retryable != nil {
+		return *r.Retryable
+	}
+
 	if r.HTTPResponse.StatusCode >= 500 {
 		return true
 	}

vendor/github.com/aws/aws-sdk-go/aws/client/logger.go

@@ -0,0 +1,108 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http/httputil"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+const logReqMsg = `DEBUG: Request %s/%s Details:
+---[ REQUEST POST-SIGN ]-----------------------------
+%s
+-----------------------------------------------------`
+
+const logReqErrMsg = `DEBUG ERROR: Request %s/%s:
+---[ REQUEST DUMP ERROR ]-----------------------------
+%s
+------------------------------------------------------`
+
+type logWriter struct {
+	// Logger is what we will use to log the payload of a response.
+	Logger aws.Logger
+	// buf stores the contents of what has been read
+	buf *bytes.Buffer
+}
+
+func (logger *logWriter) Write(b []byte) (int, error) {
+	return logger.buf.Write(b)
+}
+
+type teeReaderCloser struct {
+	// io.Reader will be a tee reader that is used during logging.
+	// This structure will read from a body and write the contents to a logger.
+	io.Reader
+	// Source is used just to close when we are done reading.
+	Source io.ReadCloser
+}
+
+func (reader *teeReaderCloser) Close() error {
+	return reader.Source.Close()
+}
+
+func logRequest(r *request.Request) {
+	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
+	dumpedBody, err := httputil.DumpRequestOut(r.HTTPRequest, logBody)
+	if err != nil {
+		r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg, r.ClientInfo.ServiceName, r.Operation.Name, err))
+		return
+	}
+
+	if logBody {
+		// Reset the request body because dumpRequest will re-wrap the r.HTTPRequest's
+		// Body as a NoOpCloser and will not be reset after read by the HTTP
+		// client reader.
+		r.ResetBody()
+	}
+
+	r.Config.Logger.Log(fmt.Sprintf(logReqMsg, r.ClientInfo.ServiceName, r.Operation.Name, string(dumpedBody)))
+}
+
+const logRespMsg = `DEBUG: Response %s/%s Details:
+---[ RESPONSE ]--------------------------------------
+%s
+-----------------------------------------------------`
+
+const logRespErrMsg = `DEBUG ERROR: Response %s/%s:
+---[ RESPONSE DUMP ERROR ]-----------------------------
+%s
+-----------------------------------------------------`
+
+func logResponse(r *request.Request) {
+	lw := &logWriter{r.Config.Logger, bytes.NewBuffer(nil)}
+	r.HTTPResponse.Body = &teeReaderCloser{
+		Reader: io.TeeReader(r.HTTPResponse.Body, lw),
+		Source: r.HTTPResponse.Body,
+	}
+
+	handlerFn := func(req *request.Request) {
+		body, err := httputil.DumpResponse(req.HTTPResponse, false)
+		if err != nil {
+			lw.Logger.Log(fmt.Sprintf(logRespErrMsg, req.ClientInfo.ServiceName, req.Operation.Name, err))
+			return
+		}
+
+		b, err := ioutil.ReadAll(lw.buf)
+		if err != nil {
+			lw.Logger.Log(fmt.Sprintf(logRespErrMsg, req.ClientInfo.ServiceName, req.Operation.Name, err))
+			return
+		}
+		lw.Logger.Log(fmt.Sprintf(logRespMsg, req.ClientInfo.ServiceName, req.Operation.Name, string(body)))
+		if req.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody) {
+			lw.Logger.Log(string(b))
+		}
+	}
+
+	const handlerName = "awsdk.client.LogResponse.ResponseBody"
+
+	r.Handlers.Unmarshal.SetBackNamed(request.NamedHandler{
+		Name: handlerName, Fn: handlerFn,
+	})
+	r.Handlers.UnmarshalError.SetBackNamed(request.NamedHandler{
+		Name: handlerName, Fn: handlerFn,
+	})
+}

vendor/github.com/aws/aws-sdk-go/aws/config.go

@@ -22,9 +22,9 @@ type RequestRetryer interface{}
 //
 //     // Create Session with MaxRetry configuration to be shared by multiple
 //     // service clients.
-//     sess, err := session.NewSession(&aws.Config{
+//     sess := session.Must(session.NewSession(&aws.Config{
 //         MaxRetries: aws.Int(3),
-//     })
+//     }))
 //
 //     // Create S3 service client with a specific Region.
 //     svc := s3.New(sess, &aws.Config{
@@ -53,6 +53,13 @@ type Config struct {
 	// to use based on region.
 	EndpointResolver endpoints.Resolver
 
+	// EnforceShouldRetryCheck is used in the AfterRetryHandler to always call
+	// ShouldRetry regardless of whether or not if request.Retryable is set.
+	// This will utilize ShouldRetry method of custom retryers. If EnforceShouldRetryCheck
+	// is not set, then ShouldRetry will only be called if request.Retryable is nil.
+	// Proper handling of the request.Retryable field is important when setting this field.
+	EnforceShouldRetryCheck *bool
+
 	// The region to send requests to. This parameter is required and must
 	// be configured globally or on a per-client basis unless otherwise
 	// noted. A full list of regions is found in the "Regions and Endpoints"
@@ -88,7 +95,7 @@ type Config struct {
 	// recoverable failures.
 	//
 	// When nil or the value does not implement the request.Retryer interface,
-	// the request.DefaultRetryer will be used.
+	// the client.DefaultRetryer will be used.
 	//
 	// When both Retryer and MaxRetries are non-nil, the former is used and
 	// the latter ignored.
@@ -154,7 +161,8 @@ type Config struct {
 	// the EC2Metadata overriding the timeout for default credentials chain.
 	//
 	// Example:
-	//    sess, err := session.NewSession(aws.NewConfig().WithEC2MetadataDiableTimeoutOverride(true))
+	//    sess := session.Must(session.NewSession(aws.NewConfig()
+	//       .WithEC2MetadataDiableTimeoutOverride(true)))
 	//
 	//    svc := s3.New(sess)
 	//
@@ -174,7 +182,7 @@ type Config struct {
 	//
 	// Only supported with.
 	//
-	//     sess, err := session.NewSession()
+	//     sess := session.Must(session.NewSession())
 	//
 	//     svc := s3.New(sess, &aws.Config{
 	//         UseDualStack: aws.Bool(true),
@@ -186,13 +194,19 @@ type Config struct {
 	// request delays. This value should only be used for testing. To adjust
 	// the delay of a request see the aws/client.DefaultRetryer and
 	// aws/request.Retryer.
+	//
+	// SleepDelay will prevent any Context from being used for canceling retry
+	// delay of an API operation. It is recommended to not use SleepDelay at all
+	// and specify a Retryer instead.
 	SleepDelay func(time.Duration)
 
 	// DisableRestProtocolURICleaning will not clean the URL path when making rest protocol requests.
 	// Will default to false. This would only be used for empty directory names in s3 requests.
 	//
 	// Example:
-	//    sess, err := session.NewSession(&aws.Config{DisableRestProtocolURICleaning: aws.Bool(true))
+	//    sess := session.Must(session.NewSession(&aws.Config{
+	//         DisableRestProtocolURICleaning: aws.Bool(true),
+	//    }))
 	//
 	//    svc := s3.New(sess)
 	//    out, err := svc.GetObject(&s3.GetObjectInput {
@@ -207,9 +221,9 @@ type Config struct {
 //
 //     // Create Session with MaxRetry configuration to be shared by multiple
 //     // service clients.
-//     sess, err := session.NewSession(aws.NewConfig().
+//     sess := session.Must(session.NewSession(aws.NewConfig().
 //         WithMaxRetries(3),
-//     )
+//     ))
 //
 //     // Create S3 service client with a specific Region.
 //     svc := s3.New(sess, aws.NewConfig().
@@ -436,6 +450,10 @@ func mergeInConfig(dst *Config, other *Config) {
 	if other.DisableRestProtocolURICleaning != nil {
 		dst.DisableRestProtocolURICleaning = other.DisableRestProtocolURICleaning
 	}
+
+	if other.EnforceShouldRetryCheck != nil {
+		dst.EnforceShouldRetryCheck = other.EnforceShouldRetryCheck
+	}
 }
 
 // Copy will return a shallow copy of the Config object. If any additional

vendor/github.com/aws/aws-sdk-go/aws/context.go

@@ -0,0 +1,71 @@
+package aws
+
+import (
+	"time"
+)
+
+// Context is an copy of the Go v1.7 stdlib's context.Context interface.
+// It is represented as a SDK interface to enable you to use the "WithContext"
+// API methods with Go v1.6 and a Context type such as golang.org/x/net/context.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context interface {
+	// Deadline returns the time when work done on behalf of this context
+	// should be canceled. Deadline returns ok==false when no deadline is
+	// set. Successive calls to Deadline return the same results.
+	Deadline() (deadline time.Time, ok bool)
+
+	// Done returns a channel that's closed when work done on behalf of this
+	// context should be canceled. Done may return nil if this context can
+	// never be canceled. Successive calls to Done return the same value.
+	Done() <-chan struct{}
+
+	// Err returns a non-nil error value after Done is closed. Err returns
+	// Canceled if the context was canceled or DeadlineExceeded if the
+	// context's deadline passed. No other values for Err are defined.
+	// After Done is closed, successive calls to Err return the same value.
+	Err() error
+
+	// Value returns the value associated with this context for key, or nil
+	// if no value is associated with key. Successive calls to Value with
+	// the same key returns the same result.
+	//
+	// Use context values only for request-scoped data that transits
+	// processes and API boundaries, not for passing optional parameters to
+	// functions.
+	Value(key interface{}) interface{}
+}
+
+// BackgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func BackgroundContext() Context {
+	return backgroundCtx
+}
+
+// SleepWithContext will wait for the timer duration to expire, or the context
+// is canceled. Which ever happens first. If the context is canceled the Context's
+// error will be returned.
+//
+// Expects Context to always return a non-nil error if the Done channel is closed.
+func SleepWithContext(ctx Context, dur time.Duration) error {
+	t := time.NewTimer(dur)
+	defer t.Stop()
+
+	select {
+	case <-t.C:
+		break
+	case <-ctx.Done():
+		return ctx.Err()
+	}
+
+	return nil
+}

vendor/github.com/aws/aws-sdk-go/aws/context_1_6.go

@@ -0,0 +1,41 @@
+// +build !go1.7
+
+package aws
+
+import "time"
+
+// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to
+// provide a 1.6 and 1.5 safe version of context that is compatible with Go
+// 1.7's Context.
+//
+// An emptyCtx is never canceled, has no values, and has no deadline. It is not
+// struct{}, since vars of this type must have distinct addresses.
+type emptyCtx int
+
+func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
+	return
+}
+
+func (*emptyCtx) Done() <-chan struct{} {
+	return nil
+}
+
+func (*emptyCtx) Err() error {
+	return nil
+}
+
+func (*emptyCtx) Value(key interface{}) interface{} {
+	return nil
+}
+
+func (e *emptyCtx) String() string {
+	switch e {
+	case backgroundCtx:
+		return "aws.BackgroundContext"
+	}
+	return "unknown empty Context"
+}
+
+var (
+	backgroundCtx = new(emptyCtx)
+)

vendor/github.com/aws/aws-sdk-go/aws/context_1_7.go

@@ -0,0 +1,9 @@
+// +build go1.7
+
+package aws
+
+import "context"
+
+var (
+	backgroundCtx = context.Background()
+)

vendor/github.com/aws/aws-sdk-go/aws/convert_types.go

@@ -311,6 +311,24 @@ func TimeValue(v *time.Time) time.Time {
 	return time.Time{}
 }
 
+// SecondsTimeValue converts an int64 pointer to a time.Time value
+// representing seconds since Epoch or time.Time{} if the pointer is nil.
+func SecondsTimeValue(v *int64) time.Time {
+	if v != nil {
+		return time.Unix((*v / 1000), 0)
+	}
+	return time.Time{}
+}
+
+// MillisecondsTimeValue converts an int64 pointer to a time.Time value
+// representing milliseconds sinch Epoch or time.Time{} if the pointer is nil.
+func MillisecondsTimeValue(v *int64) time.Time {
+	if v != nil {
+		return time.Unix(0, (*v * 1000000))
+	}
+	return time.Time{}
+}
+
 // TimeUnixMilli returns a Unix timestamp in milliseconds from "January 1, 1970 UTC".
 // The result is undefined if the Unix time cannot be represented by an int64.
 // Which includes calling TimeUnixMilli on a zero Time is undefined.

vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go

@@ -27,7 +27,7 @@ type lener interface {
 // or will use the HTTPRequest.Header's "Content-Length" if defined. If unable
 // to determine request body length and no "Content-Length" was specified it will panic.
 //
-// The Content-Length will only be aded to the request if the length of the body
+// The Content-Length will only be added to the request if the length of the body
 // is greater than 0. If the body is empty or the current `Content-Length`
 // header is <= 0, the header will also be stripped.
 var BuildContentLengthHandler = request.NamedHandler{Name: "core.BuildContentLengthHandler", Fn: func(r *request.Request) {
@@ -71,8 +71,8 @@ var reStatusCode = regexp.MustCompile(`^(\d{3})`)
 
 // ValidateReqSigHandler is a request handler to ensure that the request's
 // signature doesn't expire before it is sent. This can happen when a request
-// is built and signed signficantly before it is sent. Or significant delays
+// is built and signed significantly before it is sent. Or significant delays
-// occur whne retrying requests that would cause the signature to expire.
+// occur when retrying requests that would cause the signature to expire.
 var ValidateReqSigHandler = request.NamedHandler{
 	Name: "core.ValidateReqSigHandler",
 	Fn: func(r *request.Request) {
@@ -98,10 +98,52 @@ var ValidateReqSigHandler = request.NamedHandler{
 }
 
 // SendHandler is a request handler to send service request using HTTP client.
-var SendHandler = request.NamedHandler{Name: "core.SendHandler", Fn: func(r *request.Request) {
+var SendHandler = request.NamedHandler{
+	Name: "core.SendHandler",
+	Fn: func(r *request.Request) {
+		sender := sendFollowRedirects
+		if r.DisableFollowRedirects {
+			sender = sendWithoutFollowRedirects
+		}
+
+		if request.NoBody == r.HTTPRequest.Body {
+			// Strip off the request body if the NoBody reader was used as a
+			// place holder for a request body. This prevents the SDK from
+			// making requests with a request body when it would be invalid
+			// to do so.
+			//
+			// Use a shallow copy of the http.Request to ensure the race condition
+			// of transport on Body will not trigger
+			reqOrig, reqCopy := r.HTTPRequest, *r.HTTPRequest
+			reqCopy.Body = nil
+			r.HTTPRequest = &reqCopy
+			defer func() {
+				r.HTTPRequest = reqOrig
+			}()
+		}
+
 		var err error
-	r.HTTPResponse, err = r.Config.HTTPClient.Do(r.HTTPRequest)
+		r.HTTPResponse, err = sender(r)
 		if err != nil {
+			handleSendError(r, err)
+		}
+	},
+}
+
+func sendFollowRedirects(r *request.Request) (*http.Response, error) {
+	return r.Config.HTTPClient.Do(r.HTTPRequest)
+}
+
+func sendWithoutFollowRedirects(r *request.Request) (*http.Response, error) {
+	transport := r.Config.HTTPClient.Transport
+	if transport == nil {
+		transport = http.DefaultTransport
+	}
+
+	return transport.RoundTrip(r.HTTPRequest)
+}
+
+func handleSendError(r *request.Request, err error) {
 	// Prevent leaking if an HTTPResponse was returned. Clean up
 	// the body.
 	if r.HTTPResponse != nil {
@@ -109,7 +151,7 @@ var SendHandler = request.NamedHandler{Name: "core.SendHandler", Fn: func(r *req
 	}
 	// Capture the case where url.Error is returned for error processing
 	// response. e.g. 301 without location header comes back as string
-		// error and r.HTTPResponse is nil. Other url redirect errors will
+	// error and r.HTTPResponse is nil. Other URL redirect errors will
 	// comeback in a similar method.
 	if e, ok := err.(*url.Error); ok && e.Err != nil {
 		if s := reStatusCode.FindStringSubmatch(e.Err.Error()); s != nil {
@@ -134,8 +176,17 @@ var SendHandler = request.NamedHandler{Name: "core.SendHandler", Fn: func(r *req
 	// Catch all other request errors.
 	r.Error = awserr.New("RequestError", "send request failed", err)
 	r.Retryable = aws.Bool(true) // network errors are retryable
+
+	// Override the error with a context canceled error, if that was canceled.
+	ctx := r.Context()
+	select {
+	case <-ctx.Done():
+		r.Error = awserr.New(request.CanceledErrorCode,
+			"request context canceled", ctx.Err())
+		r.Retryable = aws.Bool(false)
+	default:
 	}
-}}
+}
 
 // ValidateResponseHandler is a request handler to validate service response.
 var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseHandler", Fn: func(r *request.Request) {
@@ -150,13 +201,22 @@ var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseH
 var AfterRetryHandler = request.NamedHandler{Name: "core.AfterRetryHandler", Fn: func(r *request.Request) {
 	// If one of the other handlers already set the retry state
 	// we don't want to override it based on the service's state
-	if r.Retryable == nil {
+	if r.Retryable == nil || aws.BoolValue(r.Config.EnforceShouldRetryCheck) {
 		r.Retryable = aws.Bool(r.ShouldRetry(r))
 	}
 
 	if r.WillRetry() {
 		r.RetryDelay = r.RetryRules(r)
-		r.Config.SleepDelay(r.RetryDelay)
+
+		if sleepFn := r.Config.SleepDelay; sleepFn != nil {
+			// Support SleepDelay for backwards compatibility and testing
+			sleepFn(r.RetryDelay)
+		} else if err := aws.SleepWithContext(r.Context(), r.RetryDelay); err != nil {
+			r.Error = awserr.New(request.CanceledErrorCode,
+				"request context canceled", err)
+			r.Retryable = aws.Bool(false)
+			return
+		}
 
 		// when the expired token exception occurs the credentials
 		// need to be expired locally so that the next request to

vendor/github.com/aws/aws-sdk-go/aws/credentials/BUILD

@@ -13,6 +13,7 @@ go_library(
     visibility = ["//visibility:public"],
     deps = [
         "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library",
+        "//vendor/github.com/aws/aws-sdk-go/internal/shareddefaults:go_default_library",
         "//vendor/github.com/go-ini/ini:go_default_library",
     ],
 )

vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go

@@ -39,16 +39,18 @@ var (
 // does not return any credentials ChainProvider will return the error
 // ErrNoValidProvidersFoundInChain
 //
-//     creds := NewChainCredentials(
+//     creds := credentials.NewChainCredentials(
-//         []Provider{
+//         []credentials.Provider{
-//             &EnvProvider{},
+//             &credentials.EnvProvider{},
-//             &EC2RoleProvider{
+//             &ec2rolecreds.EC2RoleProvider{
 //                 Client: ec2metadata.New(sess),
 //             },
 //         })
 //
 //     // Usage of ChainCredentials with aws.Config
-//     svc := ec2.New(&aws.Config{Credentials: creds})
+//     svc := ec2.New(session.Must(session.NewSession(&aws.Config{
+//       Credentials: creds,
+//     })))
 //
 type ChainProvider struct {
 	Providers     []Provider

vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go

@@ -14,7 +14,7 @@
 //
 // Example of using the environment variable credentials.
 //
-//     creds := NewEnvCredentials()
+//     creds := credentials.NewEnvCredentials()
 //
 //     // Retrieve the credentials value
 //     credValue, err := creds.Get()
@@ -26,7 +26,7 @@
 // This may be helpful to proactively expire credentials and refresh them sooner
 // than they would naturally expire on their own.
 //
-//     creds := NewCredentials(&EC2RoleProvider{})
+//     creds := credentials.NewCredentials(&ec2rolecreds.EC2RoleProvider{})
 //     creds.Expire()
 //     credsValue, err := creds.Get()
 //     // New credentials will be retrieved instead of from cache.
@@ -43,7 +43,7 @@
 //     func (m *MyProvider) Retrieve() (Value, error) {...}
 //     func (m *MyProvider) IsExpired() bool {...}
 //
-//     creds := NewCredentials(&MyProvider{})
+//     creds := credentials.NewCredentials(&MyProvider{})
 //     credValue, err := creds.Get()
 //
 package credentials
@@ -60,7 +60,9 @@ import (
 // when making service API calls. For example, when accessing public
 // s3 buckets.
 //
-//     svc := s3.New(&aws.Config{Credentials: AnonymousCredentials})
+//     svc := s3.New(session.Must(session.NewSession(&aws.Config{
+//       Credentials: credentials.AnonymousCredentials,
+//     })))
 //     // Access public S3 buckets.
 //
 // @readonly
@@ -88,7 +90,7 @@ type Value struct {
 // The Provider should not need to implement its own mutexes, because
 // that will be managed by Credentials.
 type Provider interface {
-	// Refresh returns nil if it successfully retrieved the value.
+	// Retrieve returns nil if it successfully retrieved the value.
 	// Error is returned if the value were not obtainable, or empty.
 	Retrieve() (Value, error)
 
@@ -97,6 +99,27 @@ type Provider interface {
 	IsExpired() bool
 }
 
+// An ErrorProvider is a stub credentials provider that always returns an error
+// this is used by the SDK when construction a known provider is not possible
+// due to an error.
+type ErrorProvider struct {
+	// The error to be returned from Retrieve
+	Err error
+
+	// The provider name to set on the Retrieved returned Value
+	ProviderName string
+}
+
+// Retrieve will always return the error that the ErrorProvider was created with.
+func (p ErrorProvider) Retrieve() (Value, error) {
+	return Value{ProviderName: p.ProviderName}, p.Err
+}
+
+// IsExpired will always return not expired.
+func (p ErrorProvider) IsExpired() bool {
+	return false
+}
+
 // A Expiry provides shared expiration logic to be used by credentials
 // providers to implement expiry functionality.
 //

vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go

@@ -29,6 +29,7 @@ var (
 // Environment variables used:
 //
 // * Access Key ID:     AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY
+//
 // * Secret Access Key: AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY
 type EnvProvider struct {
 	retrieved bool

vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go

@@ -3,11 +3,11 @@ package credentials
 import (
 	"fmt"
 	"os"
-	"path/filepath"
 
 	"github.com/go-ini/ini"
 
 	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 
 // SharedCredsProviderName provides a name of SharedCreds provider
@@ -15,8 +15,6 @@ const SharedCredsProviderName = "SharedCredentialsProvider"
 
 var (
 	// ErrSharedCredentialsHomeNotFound is emitted when the user directory cannot be found.
-	//
-	// @readonly
 	ErrSharedCredentialsHomeNotFound = awserr.New("UserHomeNotFound", "user home directory not found.", nil)
 )
 
@@ -117,21 +115,22 @@ func loadProfile(filename, profile string) (Value, error) {
 //
 // Will return an error if the user's home directory path cannot be found.
 func (p *SharedCredentialsProvider) filename() (string, error) {
-	if p.Filename == "" {
+	if len(p.Filename) != 0 {
-		if p.Filename = os.Getenv("AWS_SHARED_CREDENTIALS_FILE"); p.Filename != "" {
 		return p.Filename, nil
 	}
 
-		homeDir := os.Getenv("HOME") // *nix
+	if p.Filename = os.Getenv("AWS_SHARED_CREDENTIALS_FILE"); len(p.Filename) != 0 {
-		if homeDir == "" {           // Windows
+		return p.Filename, nil
-			homeDir = os.Getenv("USERPROFILE")
 	}
-		if homeDir == "" {
+
+	if home := shareddefaults.UserHomeDir(); len(home) == 0 {
+		// Backwards compatibility of home directly not found error being returned.
+		// This error is too verbose, failure when opening the file would of been
+		// a better error to return.
 		return "", ErrSharedCredentialsHomeNotFound
 	}
 
-		p.Filename = filepath.Join(homeDir, ".aws", "credentials")
+	p.Filename = shareddefaults.SharedCredentialsFilename()
-	}
 
 	return p.Filename, nil
 }

vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/BUILD

@@ -7,6 +7,7 @@ go_library(
     visibility = ["//visibility:public"],
     deps = [
         "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library",
+        "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/aws/client:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/aws/credentials:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/service/sts:go_default_library",

vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go

@@ -1,7 +1,81 @@
-// Package stscreds are credential Providers to retrieve STS AWS credentials.
+/*
-//
+Package stscreds are credential Providers to retrieve STS AWS credentials.
-// STS provides multiple ways to retrieve credentials which can be used when making
+
-// future AWS service API operation calls.
+STS provides multiple ways to retrieve credentials which can be used when making
+future AWS service API operation calls.
+
+The SDK will ensure that per instance of credentials.Credentials all requests
+to refresh the credentials will be synchronized. But, the SDK is unable to
+ensure synchronous usage of the AssumeRoleProvider if the value is shared
+between multiple Credentials, Sessions or service clients.
+
+Assume Role
+
+To assume an IAM role using STS with the SDK you can create a new Credentials
+with the SDKs's stscreds package.
+
+	// Initial credentials loaded from SDK's default credential chain. Such as
+	// the environment, shared credentials (~/.aws/credentials), or EC2 Instance
+	// Role. These credentials will be used to to make the STS Assume Role API.
+	sess := session.Must(session.NewSession())
+
+	// Create the credentials from AssumeRoleProvider to assume the role
+	// referenced by the "myRoleARN" ARN.
+	creds := stscreds.NewCredentials(sess, "myRoleArn")
+
+	// Create service client value configured for credentials
+	// from assumed role.
+	svc := s3.New(sess, &aws.Config{Credentials: creds})
+
+Assume Role with static MFA Token
+
+To assume an IAM role with a MFA token you can either specify a MFA token code
+directly or provide a function to prompt the user each time the credentials
+need to refresh the role's credentials. Specifying the TokenCode should be used
+for short lived operations that will not need to be refreshed, and when you do
+not want to have direct control over the user provides their MFA token.
+
+With TokenCode the AssumeRoleProvider will be not be able to refresh the role's
+credentials.
+
+	// Create the credentials from AssumeRoleProvider to assume the role
+	// referenced by the "myRoleARN" ARN using the MFA token code provided.
+	creds := stscreds.NewCredentials(sess, "myRoleArn", func(p *stscreds.AssumeRoleProvider) {
+		p.SerialNumber = aws.String("myTokenSerialNumber")
+		p.TokenCode = aws.String("00000000")
+	})
+
+	// Create service client value configured for credentials
+	// from assumed role.
+	svc := s3.New(sess, &aws.Config{Credentials: creds})
+
+Assume Role with MFA Token Provider
+
+To assume an IAM role with MFA for longer running tasks where the credentials
+may need to be refreshed setting the TokenProvider field of AssumeRoleProvider
+will allow the credential provider to prompt for new MFA token code when the
+role's credentials need to be refreshed.
+
+The StdinTokenProvider function is available to prompt on stdin to retrieve
+the MFA token code from the user. You can also implement custom prompts by
+satisfing the TokenProvider function signature.
+
+Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will
+have undesirable results as the StdinTokenProvider will not be synchronized. A
+single Credentials with an AssumeRoleProvider can be shared safely.
+
+	// Create the credentials from AssumeRoleProvider to assume the role
+	// referenced by the "myRoleARN" ARN. Prompting for MFA token from stdin.
+	creds := stscreds.NewCredentials(sess, "myRoleArn", func(p *stscreds.AssumeRoleProvider) {
+		p.SerialNumber = aws.String("myTokenSerialNumber")
+		p.TokenProvider = stscreds.StdinTokenProvider
+	})
+
+	// Create service client value configured for credentials
+	// from assumed role.
+	svc := s3.New(sess, &aws.Config{Credentials: creds})
+
+*/
 package stscreds
 
 import (
@@ -9,11 +83,31 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/service/sts"
 )
 
+// StdinTokenProvider will prompt on stdout and read from stdin for a string value.
+// An error is returned if reading from stdin fails.
+//
+// Use this function go read MFA tokens from stdin. The function makes no attempt
+// to make atomic prompts from stdin across multiple gorouties.
+//
+// Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will
+// have undesirable results as the StdinTokenProvider will not be synchronized. A
+// single Credentials with an AssumeRoleProvider can be shared safely
+//
+// Will wait forever until something is provided on the stdin.
+func StdinTokenProvider() (string, error) {
+	var v string
+	fmt.Printf("Assume Role MFA token code: ")
+	_, err := fmt.Scanln(&v)
+
+	return v, err
+}
+
 // ProviderName provides a name of AssumeRole provider
 const ProviderName = "AssumeRoleProvider"
 
@@ -27,8 +121,15 @@ type AssumeRoler interface {
 var DefaultDuration = time.Duration(15) * time.Minute
 
 // AssumeRoleProvider retrieves temporary credentials from the STS service, and
-// keeps track of their expiration time. This provider must be used explicitly,
+// keeps track of their expiration time.
-// as it is not included in the credentials chain.
+//
+// This credential provider will be used by the SDKs default credential change
+// when shared configuration is enabled, and the shared config or shared credentials
+// file configure assume role. See Session docs for how to do this.
+//
+// AssumeRoleProvider does not provide any synchronization and it is not safe
+// to share this value across multiple Credentials, Sessions, or service clients
+// without also sharing the same Credentials instance.
 type AssumeRoleProvider struct {
 	credentials.Expiry
 
@@ -65,8 +166,23 @@ type AssumeRoleProvider struct {
 	// assumed requires MFA (that is, if the policy includes a condition that tests
 	// for MFA). If the role being assumed requires MFA and if the TokenCode value
 	// is missing or expired, the AssumeRole call returns an "access denied" error.
+	//
+	// If SerialNumber is set and neither TokenCode nor TokenProvider are also
+	// set an error will be returned.
 	TokenCode *string
 
+	// Async method of providing MFA token code for assuming an IAM role with MFA.
+	// The value returned by the function will be used as the TokenCode in the Retrieve
+	// call. See StdinTokenProvider for a provider that prompts and reads from stdin.
+	//
+	// This token provider will be called when ever the assumed role's
+	// credentials need to be refreshed when SerialNumber is also set and
+	// TokenCode is not set.
+	//
+	// If both TokenCode and TokenProvider is set, TokenProvider will be used and
+	// TokenCode is ignored.
+	TokenProvider func() (string, error)
+
 	// ExpiryWindow will allow the credentials to trigger refreshing prior to
 	// the credentials actually expiring. This is beneficial so race conditions
 	// with expiring credentials do not cause request to fail unexpectedly
@@ -85,6 +201,10 @@ type AssumeRoleProvider struct {
 //
 // Takes a Config provider to create the STS client. The ConfigProvider is
 // satisfied by the session.Session type.
+//
+// It is safe to share the returned Credentials with multiple Sessions and
+// service clients. All access to the credentials and refreshing them
+// will be synchronized.
 func NewCredentials(c client.ConfigProvider, roleARN string, options ...func(*AssumeRoleProvider)) *credentials.Credentials {
 	p := &AssumeRoleProvider{
 		Client:   sts.New(c),
@@ -103,7 +223,11 @@ func NewCredentials(c client.ConfigProvider, roleARN string, options ...func(*As
 // AssumeRoleProvider. The credentials will expire every 15 minutes and the
 // role will be named after a nanosecond timestamp of this operation.
 //
-// Takes an AssumeRoler which can be satisfiede by the STS client.
+// Takes an AssumeRoler which can be satisfied by the STS client.
+//
+// It is safe to share the returned Credentials with multiple Sessions and
+// service clients. All access to the credentials and refreshing them
+// will be synchronized.
 func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(*AssumeRoleProvider)) *credentials.Credentials {
 	p := &AssumeRoleProvider{
 		Client:   svc,
@@ -139,12 +263,25 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
 	if p.Policy != nil {
 		input.Policy = p.Policy
 	}
-	if p.SerialNumber != nil && p.TokenCode != nil {
+	if p.SerialNumber != nil {
+		if p.TokenCode != nil {
 			input.SerialNumber = p.SerialNumber
 			input.TokenCode = p.TokenCode
+		} else if p.TokenProvider != nil {
+			input.SerialNumber = p.SerialNumber
+			code, err := p.TokenProvider()
+			if err != nil {
+				return credentials.Value{ProviderName: ProviderName}, err
+			}
+			input.TokenCode = aws.String(code)
+		} else {
+			return credentials.Value{ProviderName: ProviderName},
+				awserr.New("AssumeRoleTokenNotAvailable",
+					"assume role with MFA enabled, but neither TokenCode nor TokenProvider are set", nil)
+		}
 	}
-	roleOutput, err := p.Client.AssumeRole(input)
 
+	roleOutput, err := p.Client.AssumeRole(input)
 	if err != nil {
 		return credentials.Value{ProviderName: ProviderName}, err
 	}

vendor/github.com/aws/aws-sdk-go/aws/defaults/BUILD

@@ -2,11 +2,15 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
     name = "go_default_library",
-    srcs = ["defaults.go"],
+    srcs = [
+        "defaults.go",
+        "shared_config.go",
+    ],
     importpath = "github.com/aws/aws-sdk-go/aws/defaults",
     visibility = ["//visibility:public"],
     deps = [
         "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library",
+        "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/aws/corehandlers:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/aws/credentials:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds:go_default_library",
@@ -14,6 +18,7 @@ go_library(
         "//vendor/github.com/aws/aws-sdk-go/aws/ec2metadata:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/aws/endpoints:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library",
+        "//vendor/github.com/aws/aws-sdk-go/internal/shareddefaults:go_default_library",
     ],
 )
 

vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go

@@ -10,10 +10,12 @@ package defaults
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 	"os"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/corehandlers"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
@@ -56,7 +58,6 @@ func Config() *aws.Config {
 		WithMaxRetries(aws.UseServiceDefaultRetries).
 		WithLogger(aws.NewDefaultLogger()).
 		WithLogLevel(aws.LogOff).
-		WithSleepDelay(time.Sleep).
 		WithEndpointResolver(endpoints.DefaultResolver())
 }
 
@@ -97,23 +98,51 @@ func CredChain(cfg *aws.Config, handlers request.Handlers) *credentials.Credenti
 	})
 }
 
-// RemoteCredProvider returns a credenitials provider for the default remote
+const (
+	httpProviderEnvVar     = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
+	ecsCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+)
+
+// RemoteCredProvider returns a credentials provider for the default remote
 // endpoints such as EC2 or ECS Roles.
 func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
-	ecsCredURI := os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")
+	if u := os.Getenv(httpProviderEnvVar); len(u) > 0 {
+		return localHTTPCredProvider(cfg, handlers, u)
+	}
 
-	if len(ecsCredURI) > 0 {
+	if uri := os.Getenv(ecsCredsProviderEnvVar); len(uri) > 0 {
-		return ecsCredProvider(cfg, handlers, ecsCredURI)
+		u := fmt.Sprintf("http://169.254.170.2%s", uri)
+		return httpCredProvider(cfg, handlers, u)
 	}
 
 	return ec2RoleProvider(cfg, handlers)
 }
 
-func ecsCredProvider(cfg aws.Config, handlers request.Handlers, uri string) credentials.Provider {
+func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
-	const host = `169.254.170.2`
+	var errMsg string
 
-	return endpointcreds.NewProviderClient(cfg, handlers,
+	parsed, err := url.Parse(u)
-		fmt.Sprintf("http://%s%s", host, uri),
+	if err != nil {
+		errMsg = fmt.Sprintf("invalid URL, %v", err)
+	} else if host := aws.URLHostname(parsed); !(host == "localhost" || host == "127.0.0.1") {
+		errMsg = fmt.Sprintf("invalid host address, %q, only localhost and 127.0.0.1 are valid.", host)
+	}
+
+	if len(errMsg) > 0 {
+		if cfg.Logger != nil {
+			cfg.Logger.Log("Ignoring, HTTP credential provider", errMsg, err)
+		}
+		return credentials.ErrorProvider{
+			Err:          awserr.New("CredentialsEndpointError", errMsg, err),
+			ProviderName: endpointcreds.ProviderName,
+		}
+	}
+
+	return httpCredProvider(cfg, handlers, u)
+}
+
+func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
+	return endpointcreds.NewProviderClient(cfg, handlers, u,
 		func(p *endpointcreds.Provider) {
 			p.ExpiryWindow = 5 * time.Minute
 		},

vendor/github.com/aws/aws-sdk-go/aws/defaults/shared_config.go

@@ -0,0 +1,27 @@
+package defaults
+
+import (
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
+)
+
+// SharedCredentialsFilename returns the SDK's default file path
+// for the shared credentials file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/credentials
+//   - Windows: %USERPROFILE%\.aws\credentials
+func SharedCredentialsFilename() string {
+	return shareddefaults.SharedCredentialsFilename()
+}
+
+// SharedConfigFilename returns the SDK's default file path for
+// the shared config file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/config
+//   - Windows: %USERPROFILE%\.aws\config
+func SharedConfigFilename() string {
+	return shareddefaults.SharedConfigFilename()
+}

vendor/github.com/aws/aws-sdk-go/aws/doc.go

@@ -0,0 +1,56 @@
+// Package aws provides the core SDK's utilities and shared types. Use this package's
+// utilities to simplify setting and reading API operations parameters.
+//
+// Value and Pointer Conversion Utilities
+//
+// This package includes a helper conversion utility for each scalar type the SDK's
+// API use. These utilities make getting a pointer of the scalar, and dereferencing
+// a pointer easier.
+//
+// Each conversion utility comes in two forms. Value to Pointer and Pointer to Value.
+// The Pointer to value will safely dereference the pointer and return its value.
+// If the pointer was nil, the scalar's zero value will be returned.
+//
+// The value to pointer functions will be named after the scalar type. So get a
+// *string from a string value use the "String" function. This makes it easy to
+// to get pointer of a literal string value, because getting the address of a
+// literal requires assigning the value to a variable first.
+//
+//    var strPtr *string
+//
+//    // Without the SDK's conversion functions
+//    str := "my string"
+//    strPtr = &str
+//
+//    // With the SDK's conversion functions
+//    strPtr = aws.String("my string")
+//
+//    // Convert *string to string value
+//    str = aws.StringValue(strPtr)
+//
+// In addition to scalars the aws package also includes conversion utilities for
+// map and slice for commonly types used in API parameters. The map and slice
+// conversion functions use similar naming pattern as the scalar conversion
+// functions.
+//
+//    var strPtrs []*string
+//    var strs []string = []string{"Go", "Gophers", "Go"}
+//
+//    // Convert []string to []*string
+//    strPtrs = aws.StringSlice(strs)
+//
+//    // Convert []*string to []string
+//    strs = aws.StringValueSlice(strPtrs)
+//
+// SDK Default HTTP Client
+//
+// The SDK will use the http.DefaultClient if a HTTP client is not provided to
+// the SDK's Session, or service client constructor. This means that if the
+// http.DefaultClient is modified by other components of your application the
+// modifications will be picked up by the SDK as well.
+//
+// In some cases this might be intended, but it is a better practice to create
+// a custom HTTP Client to share explicitly through your application. You can
+// configure the SDK to use the custom HTTP Client by setting the HTTPClient
+// value of the SDK's Config type when creating a Session or service client.
+package aws

vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go

@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by aws/endpoints/v3model_codegen.go. DO NOT EDIT.
 
 package endpoints
 
@@ -46,23 +46,28 @@ const (
 	AcmServiceID                          = "acm"                          // Acm.
 	ApigatewayServiceID                   = "apigateway"                   // Apigateway.
 	ApplicationAutoscalingServiceID       = "application-autoscaling"      // ApplicationAutoscaling.
-	AppstreamServiceID                    = "appstream"                    // Appstream.
 	Appstream2ServiceID                   = "appstream2"                   // Appstream2.
+	AthenaServiceID                       = "athena"                       // Athena.
 	AutoscalingServiceID                  = "autoscaling"                  // Autoscaling.
+	BatchServiceID                        = "batch"                        // Batch.
 	BudgetsServiceID                      = "budgets"                      // Budgets.
+	ClouddirectoryServiceID               = "clouddirectory"               // Clouddirectory.
 	CloudformationServiceID               = "cloudformation"               // Cloudformation.
 	CloudfrontServiceID                   = "cloudfront"                   // Cloudfront.
 	CloudhsmServiceID                     = "cloudhsm"                     // Cloudhsm.
+	Cloudhsmv2ServiceID                   = "cloudhsmv2"                   // Cloudhsmv2.
 	CloudsearchServiceID                  = "cloudsearch"                  // Cloudsearch.
 	CloudtrailServiceID                   = "cloudtrail"                   // Cloudtrail.
 	CodebuildServiceID                    = "codebuild"                    // Codebuild.
 	CodecommitServiceID                   = "codecommit"                   // Codecommit.
 	CodedeployServiceID                   = "codedeploy"                   // Codedeploy.
 	CodepipelineServiceID                 = "codepipeline"                 // Codepipeline.
+	CodestarServiceID                     = "codestar"                     // Codestar.
 	CognitoIdentityServiceID              = "cognito-identity"             // CognitoIdentity.
 	CognitoIdpServiceID                   = "cognito-idp"                  // CognitoIdp.
 	CognitoSyncServiceID                  = "cognito-sync"                 // CognitoSync.
 	ConfigServiceID                       = "config"                       // Config.
+	CurServiceID                          = "cur"                          // Cur.
 	DatapipelineServiceID                 = "datapipeline"                 // Datapipeline.
 	DevicefarmServiceID                   = "devicefarm"                   // Devicefarm.
 	DirectconnectServiceID                = "directconnect"                // Directconnect.
@@ -81,11 +86,14 @@ const (
 	ElasticmapreduceServiceID             = "elasticmapreduce"             // Elasticmapreduce.
 	ElastictranscoderServiceID            = "elastictranscoder"            // Elastictranscoder.
 	EmailServiceID                        = "email"                        // Email.
+	EntitlementMarketplaceServiceID       = "entitlement.marketplace"      // EntitlementMarketplace.
 	EsServiceID                           = "es"                           // Es.
 	EventsServiceID                       = "events"                       // Events.
 	FirehoseServiceID                     = "firehose"                     // Firehose.
 	GameliftServiceID                     = "gamelift"                     // Gamelift.
 	GlacierServiceID                      = "glacier"                      // Glacier.
+	GlueServiceID                         = "glue"                         // Glue.
+	GreengrassServiceID                   = "greengrass"                   // Greengrass.
 	HealthServiceID                       = "health"                       // Health.
 	IamServiceID                          = "iam"                          // Iam.
 	ImportexportServiceID                 = "importexport"                 // Importexport.
@@ -100,10 +108,14 @@ const (
 	MachinelearningServiceID              = "machinelearning"              // Machinelearning.
 	MarketplacecommerceanalyticsServiceID = "marketplacecommerceanalytics" // Marketplacecommerceanalytics.
 	MeteringMarketplaceServiceID          = "metering.marketplace"         // MeteringMarketplace.
+	MghServiceID                          = "mgh"                          // Mgh.
 	MobileanalyticsServiceID              = "mobileanalytics"              // Mobileanalytics.
+	ModelsLexServiceID                    = "models.lex"                   // ModelsLex.
 	MonitoringServiceID                   = "monitoring"                   // Monitoring.
+	MturkRequesterServiceID               = "mturk-requester"              // MturkRequester.
 	OpsworksServiceID                     = "opsworks"                     // Opsworks.
 	OpsworksCmServiceID                   = "opsworks-cm"                  // OpsworksCm.
+	OrganizationsServiceID                = "organizations"                // Organizations.
 	PinpointServiceID                     = "pinpoint"                     // Pinpoint.
 	PollyServiceID                        = "polly"                        // Polly.
 	RdsServiceID                          = "rds"                          // Rds.
@@ -111,6 +123,7 @@ const (
 	RekognitionServiceID                  = "rekognition"                  // Rekognition.
 	Route53ServiceID                      = "route53"                      // Route53.
 	Route53domainsServiceID               = "route53domains"               // Route53domains.
+	RuntimeLexServiceID                   = "runtime.lex"                  // RuntimeLex.
 	S3ServiceID                           = "s3"                           // S3.
 	SdbServiceID                          = "sdb"                          // Sdb.
 	ServicecatalogServiceID               = "servicecatalog"               // Servicecatalog.
@@ -126,8 +139,10 @@ const (
 	StsServiceID                          = "sts"                          // Sts.
 	SupportServiceID                      = "support"                      // Support.
 	SwfServiceID                          = "swf"                          // Swf.
+	TaggingServiceID                      = "tagging"                      // Tagging.
 	WafServiceID                          = "waf"                          // Waf.
 	WafRegionalServiceID                  = "waf-regional"                 // WafRegional.
+	WorkdocsServiceID                     = "workdocs"                     // Workdocs.
 	WorkspacesServiceID                   = "workspaces"                   // Workspaces.
 	XrayServiceID                         = "xray"                         // Xray.
 )
@@ -135,17 +150,20 @@ const (
 // DefaultResolver returns an Endpoint resolver that will be able
 // to resolve endpoints for: AWS Standard, AWS China, and AWS GovCloud (US).
 //
-// Casting the return value of this func to a EnumPartitions will
+// Use DefaultPartitions() to get the list of the default partitions.
-// allow you to get a list of the partitions in the order the endpoints
+func DefaultResolver() Resolver {
-// will be resolved in.
+	return defaultPartitions
+}
+
+// DefaultPartitions returns a list of the partitions the SDK is bundled
+// with. The available partitions are: AWS Standard, AWS China, and AWS GovCloud (US).
 //
-//    resolver := endpoints.DefaultResolver()
+//    partitions := endpoints.DefaultPartitions
-//    partitions := resolver.(endpoints.EnumPartitions).Partitions()
 //    for _, p := range partitions {
 //        // ... inspect partitions
 //    }
-func DefaultResolver() Resolver {
+func DefaultPartitions() []Partition {
-	return defaultPartitions
+	return defaultPartitions.Partitions()
 }
 
 var defaultPartitions = partitions{
@@ -243,10 +261,14 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
@@ -278,13 +300,6 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
-		"appstream": service{
-
-			Endpoints: endpoints{
-				"ap-northeast-1": endpoint{},
-				"us-east-1":      endpoint{},
-			},
-		},
 		"appstream2": service{
 			Defaults: endpoint{
 				Protocols: []string{"https"},
@@ -299,6 +314,17 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
+		"athena": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
 		"autoscaling": service{
 			Defaults: endpoint{
 				Protocols: []string{"http", "https"},
@@ -320,6 +346,20 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
+		"batch": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
 		"budgets": service{
 			PartitionEndpoint: "aws-global",
 			IsRegionalized:    boxedFalse,
@@ -333,6 +373,18 @@ var awsPartition = partition{
 				},
 			},
 		},
+		"clouddirectory": service{
+
+			Endpoints: endpoints{
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
 		"cloudformation": service{
 
 			Endpoints: endpoints{
@@ -381,6 +433,15 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
+		"cloudhsmv2": service{
+
+			Endpoints: endpoints{
+				"eu-west-1": endpoint{},
+				"us-east-1": endpoint{},
+				"us-east-2": endpoint{},
+				"us-west-2": endpoint{},
+			},
+		},
 		"cloudsearch": service{
 
 			Endpoints: endpoints{
@@ -418,17 +479,35 @@ var awsPartition = partition{
 		"codebuild": service{
 
 			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
 		"codecommit": service{
 
 			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
@@ -455,13 +534,32 @@ var awsPartition = partition{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"codestar": service{
+
+			Endpoints: endpoints{
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
-				"sa-east-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
@@ -470,9 +568,12 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
@@ -483,9 +584,12 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
@@ -496,9 +600,12 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
@@ -523,6 +630,12 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
+		"cur": service{
+
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
 		"datapipeline": service{
 
 			Endpoints: endpoints{
@@ -587,11 +700,16 @@ var awsPartition = partition{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
@@ -728,6 +846,8 @@ var awsPartition = partition{
 		"elasticfilesystem": service{
 
 			Endpoints: endpoints{
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -736,7 +856,7 @@ var awsPartition = partition{
 		},
 		"elasticloadbalancing": service{
 			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
+				Protocols: []string{"https"},
 			},
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
@@ -802,6 +922,16 @@ var awsPartition = partition{
 				"us-west-2": endpoint{},
 			},
 		},
+		"entitlement.marketplace": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "aws-marketplace",
+				},
+			},
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
 		"es": service{
 
 			Endpoints: endpoints{
@@ -810,8 +940,10 @@ var awsPartition = partition{
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -827,8 +959,10 @@ var awsPartition = partition{
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -839,8 +973,11 @@ var awsPartition = partition{
 		"firehose": service{
 
 			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
@@ -851,10 +988,15 @@ var awsPartition = partition{
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
@@ -866,6 +1008,7 @@ var awsPartition = partition{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
@@ -877,6 +1020,27 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
+		"glue": service{
+
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+				"us-east-2": endpoint{},
+				"us-west-2": endpoint{},
+			},
+		},
+		"greengrass": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"us-east-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
 		"health": service{
 
 			Endpoints: endpoints{
@@ -920,6 +1084,7 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"eu-west-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
@@ -936,6 +1101,7 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
@@ -992,10 +1158,14 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
@@ -1005,7 +1175,16 @@ var awsPartition = partition{
 		"lightsail": service{
 
 			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
 			},
 		},
 		"logs": service{
@@ -1041,24 +1220,50 @@ var awsPartition = partition{
 			},
 		},
 		"metering.marketplace": service{
-
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "aws-marketplace",
+				},
+			},
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
+		"mgh": service{
+
+			Endpoints: endpoints{
+				"us-west-2": endpoint{},
+			},
+		},
 		"mobileanalytics": service{
 
 			Endpoints: endpoints{
 				"us-east-1": endpoint{},
 			},
 		},
+		"models.lex": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "lex",
+				},
+			},
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
 		"monitoring": service{
 			Defaults: endpoint{
 				Protocols: []string{"http", "https"},
@@ -1080,6 +1285,16 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
+		"mturk-requester": service{
+			IsRegionalized: boxedFalse,
+
+			Endpoints: endpoints{
+				"sandbox": endpoint{
+					Hostname: "mturk-requester-sandbox.us-east-1.amazonaws.com",
+				},
+				"us-east-1": endpoint{},
+			},
+		},
 		"opsworks": service{
 
 			Endpoints: endpoints{
@@ -1106,6 +1321,19 @@ var awsPartition = partition{
 				"us-west-2": endpoint{},
 			},
 		},
+		"organizations": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-global": endpoint{
+					Hostname: "organizations.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
 		"pinpoint": service{
 			Defaults: endpoint{
 				CredentialScope: credentialScope{
@@ -1192,6 +1420,16 @@ var awsPartition = partition{
 				"us-east-1": endpoint{},
 			},
 		},
+		"runtime.lex": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "lex",
+				},
+			},
+			Endpoints: endpoints{
+				"us-east-1": endpoint{},
+			},
+		},
 		"s3": service{
 			PartitionEndpoint: "us-east-1",
 			IsRegionalized:    boxedTrue,
@@ -1272,6 +1510,7 @@ var awsPartition = partition{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
@@ -1296,20 +1535,27 @@ var awsPartition = partition{
 		"sms": service{
 
 			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
 			},
 		},
 		"snowball": service{
 
 			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-2": endpoint{},
-				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
@@ -1366,10 +1612,13 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1381,7 +1630,10 @@ var awsPartition = partition{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-2":      endpoint{},
@@ -1392,6 +1644,7 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
@@ -1407,7 +1660,7 @@ var awsPartition = partition{
 		},
 		"streams.dynamodb": service{
 			Defaults: endpoint{
-				Protocols: []string{"http", "http", "https", "https"},
+				Protocols: []string{"http", "https"},
 				CredentialScope: credentialScope{
 					Service: "dynamodb",
 				},
@@ -1462,9 +1715,33 @@ var awsPartition = partition{
 				"eu-west-2":      endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-1-fips": endpoint{
+					Hostname: "sts-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
 				"us-east-2": endpoint{},
+				"us-east-2-fips": endpoint{
+					Hostname: "sts-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
 				"us-west-1": endpoint{},
+				"us-west-1-fips": endpoint{
+					Hostname: "sts-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
 				"us-west-2": endpoint{},
+				"us-west-2-fips": endpoint{
+					Hostname: "sts-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
 			},
 		},
 		"support": service{
@@ -1492,6 +1769,25 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
+		"tagging": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"sa-east-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
 		"waf": service{
 			PartitionEndpoint: "aws-global",
 			IsRegionalized:    boxedFalse,
@@ -1511,6 +1807,18 @@ var awsPartition = partition{
 				"ap-northeast-1": endpoint{},
 				"eu-west-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-west-1":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
+		"workdocs": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
@@ -1522,6 +1830,7 @@ var awsPartition = partition{
 				"ap-southeast-2": endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
@@ -1534,8 +1843,10 @@ var awsPartition = partition{
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -1572,6 +1883,18 @@ var awscnPartition = partition{
 		},
 	},
 	Services: services{
+		"application-autoscaling": service{
+			Defaults: endpoint{
+				Hostname:  "autoscaling.{region}.amazonaws.com",
+				Protocols: []string{"http", "https"},
+				CredentialScope: credentialScope{
+					Service: "application-autoscaling",
+				},
+			},
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
 		"autoscaling": service{
 			Defaults: endpoint{
 				Protocols: []string{"http", "https"},
@@ -1592,6 +1915,12 @@ var awscnPartition = partition{
 				"cn-north-1": endpoint{},
 			},
 		},
+		"codedeploy": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
 		"config": service{
 
 			Endpoints: endpoints{
@@ -1631,6 +1960,18 @@ var awscnPartition = partition{
 				},
 			},
 		},
+		"ecr": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
+		"ecs": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
 		"elasticache": service{
 
 			Endpoints: endpoints{
@@ -1645,7 +1986,7 @@ var awscnPartition = partition{
 		},
 		"elasticloadbalancing": service{
 			Defaults: endpoint{
-				Protocols: []string{"http", "https"},
+				Protocols: []string{"https"},
 			},
 			Endpoints: endpoints{
 				"cn-north-1": endpoint{},
@@ -1686,6 +2027,16 @@ var awscnPartition = partition{
 				},
 			},
 		},
+		"iot": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "execute-api",
+				},
+			},
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
 		"kinesis": service{
 
 			Endpoints: endpoints{
@@ -1727,6 +2078,12 @@ var awscnPartition = partition{
 				"cn-north-1": endpoint{},
 			},
 		},
+		"snowball": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
 		"sns": service{
 			Defaults: endpoint{
 				Protocols: []string{"http", "https"},
@@ -1744,6 +2101,12 @@ var awscnPartition = partition{
 				"cn-north-1": endpoint{},
 			},
 		},
+		"ssm": service{
+
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
 		"storagegateway": service{
 
 			Endpoints: endpoints{
@@ -1752,7 +2115,7 @@ var awscnPartition = partition{
 		},
 		"streams.dynamodb": service{
 			Defaults: endpoint{
-				Protocols: []string{"http", "http", "https", "https"},
+				Protocols: []string{"http", "https"},
 				CredentialScope: credentialScope{
 					Service: "dynamodb",
 				},
@@ -1769,6 +2132,12 @@ var awscnPartition = partition{
 		},
 		"swf": service{
 
+			Endpoints: endpoints{
+				"cn-north-1": endpoint{},
+			},
+		},
+		"tagging": service{
+
 			Endpoints: endpoints{
 				"cn-north-1": endpoint{},
 			},
@@ -1802,6 +2171,18 @@ var awsusgovPartition = partition{
 		},
 	},
 	Services: services{
+		"acm": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
+		"apigateway": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"autoscaling": service{
 
 			Endpoints: endpoints{
@@ -1828,6 +2209,12 @@ var awsusgovPartition = partition{
 				"us-gov-west-1": endpoint{},
 			},
 		},
+		"codedeploy": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"config": service{
 
 			Endpoints: endpoints{
@@ -1885,6 +2272,12 @@ var awsusgovPartition = partition{
 				},
 			},
 		},
+		"events": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"glacier": service{
 
 			Endpoints: endpoints{
@@ -1906,12 +2299,24 @@ var awsusgovPartition = partition{
 				},
 			},
 		},
+		"kinesis": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"kms": service{
 
 			Endpoints: endpoints{
 				"us-gov-west-1": endpoint{},
 			},
 		},
+		"lambda": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"logs": service{
 
 			Endpoints: endpoints{
@@ -1936,6 +2341,12 @@ var awsusgovPartition = partition{
 				"us-gov-west-1": endpoint{},
 			},
 		},
+		"rekognition": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"s3": service{
 			Defaults: endpoint{
 				SignatureVersions: []string{"s3", "s3v4"},
@@ -1953,6 +2364,12 @@ var awsusgovPartition = partition{
 				},
 			},
 		},
+		"sms": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"snowball": service{
 
 			Endpoints: endpoints{
@@ -1976,6 +2393,12 @@ var awsusgovPartition = partition{
 				},
 			},
 		},
+		"ssm": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"streams.dynamodb": service{
 			Defaults: endpoint{
 				CredentialScope: credentialScope{

vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go

@@ -21,12 +21,12 @@
 //     partitions := resolver.(endpoints.EnumPartitions).Partitions()
 //
 //     for _, p := range partitions {
-//         fmt.Println("Regions for", p.Name)
+//         fmt.Println("Regions for", p.ID())
 //         for id, _ := range p.Regions() {
 //             fmt.Println("*", id)
 //         }
 //
-//         fmt.Println("Services for", p.Name)
+//         fmt.Println("Services for", p.ID())
 //         for id, _ := range p.Services() {
 //             fmt.Println("*", id)
 //         }

vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go

@@ -27,6 +27,25 @@ type Options struct {
 	// error will be returned. This option will prevent returning endpoints
 	// that look valid, but may not resolve to any real endpoint.
 	StrictMatching bool
+
+	// Enables resolving a service endpoint based on the region provided if the
+	// service does not exist. The service endpoint ID will be used as the service
+	// domain name prefix. By default the endpoint resolver requires the service
+	// to be known when resolving endpoints.
+	//
+	// If resolving an endpoint on the partition list the provided region will
+	// be used to determine which partition's domain name pattern to the service
+	// endpoint ID with. If both the service and region are unkonwn and resolving
+	// the endpoint on partition list an UnknownEndpointError error will be returned.
+	//
+	// If resolving and endpoint on a partition specific resolver that partition's
+	// domain name pattern will be used with the service endpoint ID. If both
+	// region and service do not exist when resolving an endpoint on a specific
+	// partition the partition's domain pattern will be used to combine the
+	// endpoint and region together.
+	//
+	// This option is ignored if StrictMatching is enabled.
+	ResolveUnknownService bool
 }
 
 // Set combines all of the option functions together.
@@ -54,6 +73,12 @@ func StrictMatchingOption(o *Options) {
 	o.StrictMatching = true
 }
 
+// ResolveUnknownServiceOption sets the ResolveUnknownService option. Can be used
+// as a functional option when resolving endpoints.
+func ResolveUnknownServiceOption(o *Options) {
+	o.ResolveUnknownService = true
+}
+
 // A Resolver provides the interface for functionality to resolve endpoints.
 // The build in Partition and DefaultResolver return value satisfy this interface.
 type Resolver interface {
@@ -99,6 +124,49 @@ type EnumPartitions interface {
 	Partitions() []Partition
 }
 
+// RegionsForService returns a map of regions for the partition and service.
+// If either the partition or service does not exist false will be returned
+// as the second parameter.
+//
+// This example shows how  to get the regions for DynamoDB in the AWS partition.
+//    rs, exists := endpoints.RegionsForService(endpoints.DefaultPartitions(), endpoints.AwsPartitionID, endpoints.DynamodbServiceID)
+//
+// This is equivalent to using the partition directly.
+//    rs := endpoints.AwsPartition().Services()[endpoints.DynamodbServiceID].Regions()
+func RegionsForService(ps []Partition, partitionID, serviceID string) (map[string]Region, bool) {
+	for _, p := range ps {
+		if p.ID() != partitionID {
+			continue
+		}
+		if _, ok := p.p.Services[serviceID]; !ok {
+			break
+		}
+
+		s := Service{
+			id: serviceID,
+			p:  p.p,
+		}
+		return s.Regions(), true
+	}
+
+	return map[string]Region{}, false
+}
+
+// PartitionForRegion returns the first partition which includes the region
+// passed in. This includes both known regions and regions which match
+// a pattern supported by the partition which may include regions that are
+// not explicitly known by the partition. Use the Regions method of the
+// returned Partition if explicit support is needed.
+func PartitionForRegion(ps []Partition, regionID string) (Partition, bool) {
+	for _, p := range ps {
+		if _, ok := p.p.Regions[regionID]; ok || p.p.RegionRegex.MatchString(regionID) {
+			return p, true
+		}
+	}
+
+	return Partition{}, false
+}
+
 // A Partition provides the ability to enumerate the partition's regions
 // and services.
 type Partition struct {
@@ -107,33 +175,36 @@ type Partition struct {
 }
 
 // ID returns the identifier of the partition.
-func (p *Partition) ID() string { return p.id }
+func (p Partition) ID() string { return p.id }
 
 // EndpointFor attempts to resolve the endpoint based on service and region.
 // See Options for information on configuring how the endpoint is resolved.
 //
 // If the service cannot be found in the metadata the UnknownServiceError
 // error will be returned. This validation will occur regardless if
-// StrictMatching is enabled.
+// StrictMatching is enabled. To enable resolving unknown services set the
+// "ResolveUnknownService" option to true. When StrictMatching is disabled
+// this option allows the partition resolver to resolve a endpoint based on
+// the service endpoint ID provided.
 //
 // When resolving endpoints you can choose to enable StrictMatching. This will
 // require the provided service and region to be known by the partition.
 // If the endpoint cannot be strictly resolved an error will be returned. This
 // mode is useful to ensure the endpoint resolved is valid. Without
-// StrictMatching enabled the enpoint returned my look valid but may not work.
+// StrictMatching enabled the endpoint returned my look valid but may not work.
 // StrictMatching requires the SDK to be updated if you want to take advantage
-// of new regions and services expantions.
+// of new regions and services expansions.
 //
 // Errors that can be returned.
 //   * UnknownServiceError
 //   * UnknownEndpointError
-func (p *Partition) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
 	return p.p.EndpointFor(service, region, opts...)
 }
 
 // Regions returns a map of Regions indexed by their ID. This is useful for
 // enumerating over the regions in a partition.
-func (p *Partition) Regions() map[string]Region {
+func (p Partition) Regions() map[string]Region {
 	rs := map[string]Region{}
 	for id := range p.p.Regions {
 		rs[id] = Region{
@@ -147,7 +218,7 @@ func (p *Partition) Regions() map[string]Region {
 
 // Services returns a map of Service indexed by their ID. This is useful for
 // enumerating over the services in a partition.
-func (p *Partition) Services() map[string]Service {
+func (p Partition) Services() map[string]Service {
 	ss := map[string]Service{}
 	for id := range p.p.Services {
 		ss[id] = Service{
@@ -167,16 +238,16 @@ type Region struct {
 }
 
 // ID returns the region's identifier.
-func (r *Region) ID() string { return r.id }
+func (r Region) ID() string { return r.id }
 
 // ResolveEndpoint resolves an endpoint from the context of the region given
 // a service. See Partition.EndpointFor for usage and errors that can be returned.
-func (r *Region) ResolveEndpoint(service string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+func (r Region) ResolveEndpoint(service string, opts ...func(*Options)) (ResolvedEndpoint, error) {
 	return r.p.EndpointFor(service, r.id, opts...)
 }
 
 // Services returns a list of all services that are known to be in this region.
-func (r *Region) Services() map[string]Service {
+func (r Region) Services() map[string]Service {
 	ss := map[string]Service{}
 	for id, s := range r.p.Services {
 		if _, ok := s.Endpoints[r.id]; ok {
@@ -198,17 +269,38 @@ type Service struct {
 }
 
 // ID returns the identifier for the service.
-func (s *Service) ID() string { return s.id }
+func (s Service) ID() string { return s.id }
 
 // ResolveEndpoint resolves an endpoint from the context of a service given
 // a region. See Partition.EndpointFor for usage and errors that can be returned.
-func (s *Service) ResolveEndpoint(region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
 	return s.p.EndpointFor(s.id, region, opts...)
 }
 
+// Regions returns a map of Regions that the service is present in.
+//
+// A region is the AWS region the service exists in. Whereas a Endpoint is
+// an URL that can be resolved to a instance of a service.
+func (s Service) Regions() map[string]Region {
+	rs := map[string]Region{}
+	for id := range s.p.Services[s.id].Endpoints {
+		if _, ok := s.p.Regions[id]; ok {
+			rs[id] = Region{
+				id: id,
+				p:  s.p,
+			}
+		}
+	}
+
+	return rs
+}
+
 // Endpoints returns a map of Endpoints indexed by their ID for all known
 // endpoints for a service.
-func (s *Service) Endpoints() map[string]Endpoint {
+//
+// A region is the AWS region the service exists in. Whereas a Endpoint is
+// an URL that can be resolved to a instance of a service.
+func (s Service) Endpoints() map[string]Endpoint {
 	es := map[string]Endpoint{}
 	for id := range s.p.Services[s.id].Endpoints {
 		es[id] = Endpoint{
@@ -231,15 +323,15 @@ type Endpoint struct {
 }
 
 // ID returns the identifier for an endpoint.
-func (e *Endpoint) ID() string { return e.id }
+func (e Endpoint) ID() string { return e.id }
 
 // ServiceID returns the identifier the endpoint belongs to.
-func (e *Endpoint) ServiceID() string { return e.serviceID }
+func (e Endpoint) ServiceID() string { return e.serviceID }
 
 // ResolveEndpoint resolves an endpoint from the context of a service and
 // region the endpoint represents. See Partition.EndpointFor for usage and
 // errors that can be returned.
-func (e *Endpoint) ResolveEndpoint(opts ...func(*Options)) (ResolvedEndpoint, error) {
+func (e Endpoint) ResolveEndpoint(opts ...func(*Options)) (ResolvedEndpoint, error) {
 	return e.p.EndpointFor(e.serviceID, e.id, opts...)
 }
 
@@ -272,28 +364,6 @@ type EndpointNotFoundError struct {
 	Region    string
 }
 
-//// NewEndpointNotFoundError builds and returns NewEndpointNotFoundError.
-//func NewEndpointNotFoundError(p, s, r string) EndpointNotFoundError {
-//	return EndpointNotFoundError{
-//		awsError:  awserr.New("EndpointNotFoundError", "unable to find endpoint", nil),
-//		Partition: p,
-//		Service:   s,
-//		Region:    r,
-//	}
-//}
-//
-//// Error returns string representation of the error.
-//func (e EndpointNotFoundError) Error() string {
-//	extra := fmt.Sprintf("partition: %q, service: %q, region: %q",
-//		e.Partition, e.Service, e.Region)
-//	return awserr.SprintError(e.Code(), e.Message(), extra, e.OrigErr())
-//}
-//
-//// String returns the string representation of the error.
-//func (e EndpointNotFoundError) String() string {
-//	return e.Error()
-//}
-
 // A UnknownServiceError is returned when the service does not resolve to an
 // endpoint. Includes a list of all known services for the partition. Returned
 // when a partition does not support the service.

vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go

@@ -79,7 +79,9 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (
 	opt.Set(opts...)
 
 	s, hasService := p.Services[service]
-	if !hasService {
+	if !(hasService || opt.ResolveUnknownService) {
+		// Only return error if the resolver will not fallback to creating
+		// endpoint based on service endpoint ID passed in.
 		return resolved, NewUnknownServiceError(p.ID, service, serviceList(p.Services))
 	}
 

vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go

@@ -158,7 +158,7 @@ var funcMap = template.FuncMap{
 
 const v3Tmpl = `
 {{ define "defaults" -}}
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by aws/endpoints/v3model_codegen.go. DO NOT EDIT.
 
 package endpoints
 
@@ -209,17 +209,20 @@ import (
 	// DefaultResolver returns an Endpoint resolver that will be able
 	// to resolve endpoints for: {{ ListPartitionNames . }}.
 	//
-	// Casting the return value of this func to a EnumPartitions will
+	// Use DefaultPartitions() to get the list of the default partitions.
-	// allow you to get a list of the partitions in the order the endpoints
+	func DefaultResolver() Resolver {
-	// will be resolved in.
+		return defaultPartitions
+	}
+
+	// DefaultPartitions returns a list of the partitions the SDK is bundled
+	// with. The available partitions are: {{ ListPartitionNames . }}.
 	//
-	//    resolver := endpoints.DefaultResolver()
+	//    partitions := endpoints.DefaultPartitions
-	//    partitions := resolver.(endpoints.EnumPartitions).Partitions()
 	//    for _, p := range partitions {
 	//        // ... inspect partitions
 	//    }
-	func DefaultResolver() Resolver {
+	func DefaultPartitions() []Partition {
-		return defaultPartitions
+		return defaultPartitions.Partitions()
 	}
 
 	var defaultPartitions = partitions{

vendor/github.com/aws/aws-sdk-go/aws/jsonvalue.go

@@ -0,0 +1,12 @@
+package aws
+
+// JSONValue is a representation of a grab bag type that will be marshaled
+// into a json string. This type can be used just like any other map.
+//
+//	Example:
+//
+//	values := aws.JSONValue{
+//		"Foo": "Bar",
+//	}
+//	values["Baz"] = "Qux"
+type JSONValue map[string]interface{}

vendor/github.com/aws/aws-sdk-go/aws/logger.go

@@ -26,14 +26,14 @@ func (l *LogLevelType) Value() LogLevelType {
 
 // Matches returns true if the v LogLevel is enabled by this LogLevel. Should be
 // used with logging sub levels. Is safe to use on nil value LogLevelTypes. If
-// LogLevel is nill, will default to LogOff comparison.
+// LogLevel is nil, will default to LogOff comparison.
 func (l *LogLevelType) Matches(v LogLevelType) bool {
 	c := l.Value()
 	return c&v == v
 }
 
 // AtLeast returns true if this LogLevel is at least high enough to satisfies v.
-// Is safe to use on nil value LogLevelTypes. If LogLevel is nill, will default
+// Is safe to use on nil value LogLevelTypes. If LogLevel is nil, will default
 // to LogOff comparison.
 func (l *LogLevelType) AtLeast(v LogLevelType) bool {
 	c := l.Value()

vendor/github.com/aws/aws-sdk-go/aws/request/BUILD

@@ -3,15 +3,20 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library")
 go_library(
     name = "go_default_library",
     srcs = [
+        "connection_reset_error.go",
         "handlers.go",
         "http_request.go",
         "offset_reader.go",
         "request.go",
         "request_1_7.go",
         "request_1_8.go",
+        "request_context.go",
+        "request_context_1_6.go",
         "request_pagination.go",
         "retryer.go",
+        "timeout_read_closer.go",
         "validation.go",
+        "waiter.go",
     ],
     importpath = "github.com/aws/aws-sdk-go/aws/request",
     visibility = ["//visibility:public"],

vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go

@@ -0,0 +1,19 @@
+// +build !appengine,!plan9
+
+package request
+
+import (
+	"net"
+	"os"
+	"syscall"
+)
+
+func isErrConnectionReset(err error) bool {
+	if opErr, ok := err.(*net.OpError); ok {
+		if sysErr, ok := opErr.Err.(*os.SyscallError); ok {
+			return sysErr.Err == syscall.ECONNRESET
+		}
+	}
+
+	return false
+}

vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go

@@ -0,0 +1,11 @@
+// +build appengine plan9
+
+package request
+
+import (
+	"strings"
+)
+
+func isErrConnectionReset(err error) bool {
+	return strings.Contains(err.Error(), "connection reset")
+}

vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go

@@ -18,6 +18,7 @@ type Handlers struct {
 	UnmarshalError   HandlerList
 	Retry            HandlerList
 	AfterRetry       HandlerList
+	Complete         HandlerList
 }
 
 // Copy returns of this handler's lists.
@@ -33,6 +34,7 @@ func (h *Handlers) Copy() Handlers {
 		UnmarshalMeta:    h.UnmarshalMeta.copy(),
 		Retry:            h.Retry.copy(),
 		AfterRetry:       h.AfterRetry.copy(),
+		Complete:         h.Complete.copy(),
 	}
 }
 
@@ -48,6 +50,7 @@ func (h *Handlers) Clear() {
 	h.ValidateResponse.Clear()
 	h.Retry.Clear()
 	h.AfterRetry.Clear()
+	h.Complete.Clear()
 }
 
 // A HandlerListRunItem represents an entry in the HandlerList which
@@ -85,13 +88,17 @@ func (l *HandlerList) copy() HandlerList {
 	n := HandlerList{
 		AfterEachFn: l.AfterEachFn,
 	}
-	n.list = append([]NamedHandler{}, l.list...)
+	if len(l.list) == 0 {
+		return n
+	}
+
+	n.list = append(make([]NamedHandler, 0, len(l.list)), l.list...)
 	return n
 }
 
 // Clear clears the handler list.
 func (l *HandlerList) Clear() {
-	l.list = []NamedHandler{}
+	l.list = l.list[0:0]
 }
 
 // Len returns the number of handlers in the list.
@@ -101,33 +108,85 @@ func (l *HandlerList) Len() int {
 
 // PushBack pushes handler f to the back of the handler list.
 func (l *HandlerList) PushBack(f func(*Request)) {
-	l.list = append(l.list, NamedHandler{"__anonymous", f})
+	l.PushBackNamed(NamedHandler{"__anonymous", f})
-}
-
-// PushFront pushes handler f to the front of the handler list.
-func (l *HandlerList) PushFront(f func(*Request)) {
-	l.list = append([]NamedHandler{{"__anonymous", f}}, l.list...)
 }
 
 // PushBackNamed pushes named handler f to the back of the handler list.
 func (l *HandlerList) PushBackNamed(n NamedHandler) {
+	if cap(l.list) == 0 {
+		l.list = make([]NamedHandler, 0, 5)
+	}
 	l.list = append(l.list, n)
 }
 
+// PushFront pushes handler f to the front of the handler list.
+func (l *HandlerList) PushFront(f func(*Request)) {
+	l.PushFrontNamed(NamedHandler{"__anonymous", f})
+}
+
 // PushFrontNamed pushes named handler f to the front of the handler list.
 func (l *HandlerList) PushFrontNamed(n NamedHandler) {
+	if cap(l.list) == len(l.list) {
+		// Allocating new list required
 		l.list = append([]NamedHandler{n}, l.list...)
+	} else {
+		// Enough room to prepend into list.
+		l.list = append(l.list, NamedHandler{})
+		copy(l.list[1:], l.list)
+		l.list[0] = n
+	}
 }
 
 // Remove removes a NamedHandler n
 func (l *HandlerList) Remove(n NamedHandler) {
-	newlist := []NamedHandler{}
+	l.RemoveByName(n.Name)
-	for _, m := range l.list {
+}
-		if m.Name != n.Name {
+
-			newlist = append(newlist, m)
+// RemoveByName removes a NamedHandler by name.
+func (l *HandlerList) RemoveByName(name string) {
+	for i := 0; i < len(l.list); i++ {
+		m := l.list[i]
+		if m.Name == name {
+			// Shift array preventing creating new arrays
+			copy(l.list[i:], l.list[i+1:])
+			l.list[len(l.list)-1] = NamedHandler{}
+			l.list = l.list[:len(l.list)-1]
+
+			// decrement list so next check to length is correct
+			i--
 		}
 	}
-	l.list = newlist
+}
+
+// SwapNamed will swap out any existing handlers with the same name as the
+// passed in NamedHandler returning true if handlers were swapped. False is
+// returned otherwise.
+func (l *HandlerList) SwapNamed(n NamedHandler) (swapped bool) {
+	for i := 0; i < len(l.list); i++ {
+		if l.list[i].Name == n.Name {
+			l.list[i].Fn = n.Fn
+			swapped = true
+		}
+	}
+
+	return swapped
+}
+
+// SetBackNamed will replace the named handler if it exists in the handler list.
+// If the handler does not exist the handler will be added to the end of the list.
+func (l *HandlerList) SetBackNamed(n NamedHandler) {
+	if !l.SwapNamed(n) {
+		l.PushBackNamed(n)
+	}
+}
+
+// SetFrontNamed will replace the named handler if it exists in the handler list.
+// If the handler does not exist the handler will be added to the beginning of
+// the list.
+func (l *HandlerList) SetFrontNamed(n NamedHandler) {
+	if !l.SwapNamed(n) {
+		l.PushFrontNamed(n)
+	}
 }
 
 // Run executes all handlers in the list with a given request object.
@@ -163,6 +222,16 @@ func HandlerListStopOnError(item HandlerListRunItem) bool {
 	return item.Request.Error == nil
 }
 
+// WithAppendUserAgent will add a string to the user agent prefixed with a
+// single white space.
+func WithAppendUserAgent(s string) Option {
+	return func(r *Request) {
+		r.Handlers.Build.PushBack(func(r2 *Request) {
+			AddToUserAgent(r, s)
+		})
+	}
+}
+
 // MakeAddToUserAgentHandler will add the name/version pair to the User-Agent request
 // header. If the extra parameters are provided they will be added as metadata to the
 // name/version pair resulting in the following format.

vendor/github.com/aws/aws-sdk-go/aws/request/request.go

@@ -16,6 +16,24 @@ import (
 	"github.com/aws/aws-sdk-go/aws/client/metadata"
 )
 
+const (
+	// ErrCodeSerialization is the serialization error code that is received
+	// during protocol unmarshaling.
+	ErrCodeSerialization = "SerializationError"
+
+	// ErrCodeRead is an error that is returned during HTTP reads.
+	ErrCodeRead = "ReadError"
+
+	// ErrCodeResponseTimeout is the connection timeout error that is received
+	// during body reads.
+	ErrCodeResponseTimeout = "ResponseTimeout"
+
+	// CanceledErrorCode is the error code that will be returned by an
+	// API request that was canceled. Requests given a aws.Context may
+	// return this error when canceled.
+	CanceledErrorCode = "RequestCanceled"
+)
+
 // A Request is the service request to be made.
 type Request struct {
 	Config     aws.Config
@@ -40,13 +58,16 @@ type Request struct {
 	NotHoist               bool
 	SignedHeaderVals       http.Header
 	LastSignedAt           time.Time
+	DisableFollowRedirects bool
+
+	context aws.Context
 
 	built bool
 
-	// Need to persist an intermideant body betweend the input Body and HTTP
+	// Need to persist an intermediate body between the input Body and HTTP
 	// request body because the HTTP Client's transport can maintain a reference
 	// to the HTTP request's body after the client has returned. This value is
-	// safe to use concurrently and rewraps the input Body for each HTTP request.
+	// safe to use concurrently and wrap the input Body for each HTTP request.
 	safeBody *offsetReader
 }
 
@@ -60,14 +81,6 @@ type Operation struct {
 	BeforePresignFn func(r *Request) error
 }
 
-// Paginator keeps track of pagination configuration for an API operation.
-type Paginator struct {
-	InputTokens     []string
-	OutputTokens    []string
-	LimitToken      string
-	TruncationToken string
-}
-
 // New returns a new Request pointer for the service API
 // operation and parameters.
 //
@@ -111,6 +124,94 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
 	return r
 }
 
+// A Option is a functional option that can augment or modify a request when
+// using a WithContext API operation method.
+type Option func(*Request)
+
+// WithGetResponseHeader builds a request Option which will retrieve a single
+// header value from the HTTP Response. If there are multiple values for the
+// header key use WithGetResponseHeaders instead to access the http.Header
+// map directly. The passed in val pointer must be non-nil.
+//
+// This Option can be used multiple times with a single API operation.
+//
+//    var id2, versionID string
+//    svc.PutObjectWithContext(ctx, params,
+//        request.WithGetResponseHeader("x-amz-id-2", &id2),
+//        request.WithGetResponseHeader("x-amz-version-id", &versionID),
+//    )
+func WithGetResponseHeader(key string, val *string) Option {
+	return func(r *Request) {
+		r.Handlers.Complete.PushBack(func(req *Request) {
+			*val = req.HTTPResponse.Header.Get(key)
+		})
+	}
+}
+
+// WithGetResponseHeaders builds a request Option which will retrieve the
+// headers from the HTTP response and assign them to the passed in headers
+// variable. The passed in headers pointer must be non-nil.
+//
+//    var headers http.Header
+//    svc.PutObjectWithContext(ctx, params, request.WithGetResponseHeaders(&headers))
+func WithGetResponseHeaders(headers *http.Header) Option {
+	return func(r *Request) {
+		r.Handlers.Complete.PushBack(func(req *Request) {
+			*headers = req.HTTPResponse.Header
+		})
+	}
+}
+
+// WithLogLevel is a request option that will set the request to use a specific
+// log level when the request is made.
+//
+//     svc.PutObjectWithContext(ctx, params, request.WithLogLevel(aws.LogDebugWithHTTPBody)
+func WithLogLevel(l aws.LogLevelType) Option {
+	return func(r *Request) {
+		r.Config.LogLevel = aws.LogLevel(l)
+	}
+}
+
+// ApplyOptions will apply each option to the request calling them in the order
+// the were provided.
+func (r *Request) ApplyOptions(opts ...Option) {
+	for _, opt := range opts {
+		opt(r)
+	}
+}
+
+// Context will always returns a non-nil context. If Request does not have a
+// context aws.BackgroundContext will be returned.
+func (r *Request) Context() aws.Context {
+	if r.context != nil {
+		return r.context
+	}
+	return aws.BackgroundContext()
+}
+
+// SetContext adds a Context to the current request that can be used to cancel
+// a in-flight request. The Context value must not be nil, or this method will
+// panic.
+//
+// Unlike http.Request.WithContext, SetContext does not return a copy of the
+// Request. It is not safe to use use a single Request value for multiple
+// requests. A new Request should be created for each API operation request.
+//
+// Go 1.6 and below:
+// The http.Request's Cancel field will be set to the Done() value of
+// the context. This will overwrite the Cancel field's value.
+//
+// Go 1.7 and above:
+// The http.Request.WithContext will be used to set the context on the underlying
+// http.Request. This will create a shallow copy of the http.Request. The SDK
+// may create sub contexts in the future for nested requests such as retries.
+func (r *Request) SetContext(ctx aws.Context) {
+	if ctx == nil {
+		panic("context cannot be nil")
+	}
+	setRequestContext(r, ctx)
+}
+
 // WillRetry returns if the request's can be retried.
 func (r *Request) WillRetry() bool {
 	return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries()
@@ -168,11 +269,17 @@ func (r *Request) Presign(expireTime time.Duration) (string, error) {
 	return r.HTTPRequest.URL.String(), nil
 }
 
-// PresignRequest behaves just like presign, but hoists all headers and signs them.
+// PresignRequest behaves just like presign, with the addition of returning a
-// Also returns the signed hash back to the user
+// set of headers that were signed.
+//
+// Returns the URL string for the API operation with signature in the query string,
+// and the HTTP headers that were included in the signature. These headers must
+// be included in any HTTP request made with the presigned URL.
+//
+// To prevent hoisting any headers to the query string set NotHoist to true on
+// this Request value prior to calling PresignRequest.
 func (r *Request) PresignRequest(expireTime time.Duration) (string, http.Header, error) {
 	r.ExpireTime = expireTime
-	r.NotHoist = true
 	r.Sign()
 	if r.Error != nil {
 		return "", nil, r.Error
@@ -237,10 +344,7 @@ func (r *Request) Sign() error {
 	return r.Error
 }
 
-// ResetBody rewinds the request body backto its starting position, and
+func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
-// set's the HTTP Request body reference. When the body is read prior
-// to being sent in the HTTP request it will need to be rewound.
-func (r *Request) ResetBody() {
 	if r.safeBody != nil {
 		r.safeBody.Close()
 	}
@@ -262,14 +366,14 @@ func (r *Request) ResetBody() {
 	// Related golang/go#18257
 	l, err := computeBodyLength(r.Body)
 	if err != nil {
-		r.Error = awserr.New("SerializationError", "failed to compute request body size", err)
+		return nil, awserr.New(ErrCodeSerialization, "failed to compute request body size", err)
-		return
 	}
 
+	var body io.ReadCloser
 	if l == 0 {
-		r.HTTPRequest.Body = noBodyReader
+		body = NoBody
 	} else if l > 0 {
-		r.HTTPRequest.Body = r.safeBody
+		body = r.safeBody
 	} else {
 		// Hack to prevent sending bodies for methods where the body
 		// should be ignored by the server. Sending bodies on these
@@ -281,11 +385,13 @@ func (r *Request) ResetBody() {
 		// a io.Reader that was not also an io.Seeker.
 		switch r.Operation.HTTPMethod {
 		case "GET", "HEAD", "DELETE":
-			r.HTTPRequest.Body = noBodyReader
+			body = NoBody
 		default:
-			r.HTTPRequest.Body = r.safeBody
+			body = r.safeBody
 		}
 	}
+
+	return body, nil
 }
 
 // Attempts to compute the length of the body of the reader using the
@@ -344,6 +450,12 @@ func (r *Request) GetBody() io.ReadSeeker {
 //
 // Send will not close the request.Request's body.
 func (r *Request) Send() error {
+	defer func() {
+		// Regardless of success or failure of the request trigger the Complete
+		// request handlers.
+		r.Handlers.Complete.Run(r)
+	}()
+
 	for {
 		if aws.BoolValue(r.Retryable) {
 			if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
@@ -381,7 +493,7 @@ func (r *Request) Send() error {
 			r.Handlers.Retry.Run(r)
 			r.Handlers.AfterRetry.Run(r)
 			if r.Error != nil {
-				debugLogReqError(r, "Send Request", false, r.Error)
+				debugLogReqError(r, "Send Request", false, err)
 				return r.Error
 			}
 			debugLogReqError(r, "Send Request", true, err)
@@ -390,12 +502,13 @@ func (r *Request) Send() error {
 		r.Handlers.UnmarshalMeta.Run(r)
 		r.Handlers.ValidateResponse.Run(r)
 		if r.Error != nil {
-			err := r.Error
 			r.Handlers.UnmarshalError.Run(r)
+			err := r.Error
+
 			r.Handlers.Retry.Run(r)
 			r.Handlers.AfterRetry.Run(r)
 			if r.Error != nil {
-				debugLogReqError(r, "Validate Response", false, r.Error)
+				debugLogReqError(r, "Validate Response", false, err)
 				return r.Error
 			}
 			debugLogReqError(r, "Validate Response", true, err)
@@ -408,7 +521,7 @@ func (r *Request) Send() error {
 			r.Handlers.Retry.Run(r)
 			r.Handlers.AfterRetry.Run(r)
 			if r.Error != nil {
-				debugLogReqError(r, "Unmarshal Response", false, r.Error)
+				debugLogReqError(r, "Unmarshal Response", false, err)
 				return r.Error
 			}
 			debugLogReqError(r, "Unmarshal Response", true, err)
@@ -446,6 +559,9 @@ func shouldRetryCancel(r *Request) bool {
 	timeoutErr := false
 	errStr := r.Error.Error()
 	if ok {
+		if awsErr.Code() == CanceledErrorCode {
+			return false
+		}
 		err := awsErr.OrigErr()
 		netErr, netOK := err.(net.Error)
 		timeoutErr = netOK && netErr.Temporary()

vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go

@@ -16,6 +16,24 @@ func (noBody) Read([]byte) (int, error)         { return 0, io.EOF }
 func (noBody) Close() error                     { return nil }
 func (noBody) WriteTo(io.Writer) (int64, error) { return 0, nil }
 
-// Is an empty reader that will trigger the Go HTTP client to not include
+// NoBody is an empty reader that will trigger the Go HTTP client to not include
 // and body in the HTTP request.
-var noBodyReader = noBody{}
+var NoBody = noBody{}
+
+// ResetBody rewinds the request body back to its starting position, and
+// set's the HTTP Request body reference. When the body is read prior
+// to being sent in the HTTP request it will need to be rewound.
+//
+// ResetBody will automatically be called by the SDK's build handler, but if
+// the request is being used directly ResetBody must be called before the request
+// is Sent.  SetStringBody, SetBufferBody, and SetReaderBody will automatically
+// call ResetBody.
+func (r *Request) ResetBody() {
+	body, err := r.getNextRequestBody()
+	if err != nil {
+		r.Error = err
+		return
+	}
+
+	r.HTTPRequest.Body = body
+}

vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go

@@ -2,8 +2,32 @@
 
 package request
 
-import "net/http"
+import (
+	"net/http"
+)
 
-// Is a http.NoBody reader instructing Go HTTP client to not include
+// NoBody is a http.NoBody reader instructing Go HTTP client to not include
 // and body in the HTTP request.
-var noBodyReader = http.NoBody
+var NoBody = http.NoBody
+
+// ResetBody rewinds the request body back to its starting position, and
+// set's the HTTP Request body reference. When the body is read prior
+// to being sent in the HTTP request it will need to be rewound.
+//
+// ResetBody will automatically be called by the SDK's build handler, but if
+// the request is being used directly ResetBody must be called before the request
+// is Sent.  SetStringBody, SetBufferBody, and SetReaderBody will automatically
+// call ResetBody.
+//
+// Will also set the Go 1.8's http.Request.GetBody member to allow retrying
+// PUT/POST redirects.
+func (r *Request) ResetBody() {
+	body, err := r.getNextRequestBody()
+	if err != nil {
+		r.Error = err
+		return
+	}
+
+	r.HTTPRequest.Body = body
+	r.HTTPRequest.GetBody = r.getNextRequestBody
+}

vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go

@@ -0,0 +1,14 @@
+// +build go1.7
+
+package request
+
+import "github.com/aws/aws-sdk-go/aws"
+
+// setContext updates the Request to use the passed in context for cancellation.
+// Context will also be used for request retry delay.
+//
+// Creates shallow copy of the http.Request with the WithContext method.
+func setRequestContext(r *Request, ctx aws.Context) {
+	r.context = ctx
+	r.HTTPRequest = r.HTTPRequest.WithContext(ctx)
+}

vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go

@@ -0,0 +1,14 @@
+// +build !go1.7
+
+package request
+
+import "github.com/aws/aws-sdk-go/aws"
+
+// setContext updates the Request to use the passed in context for cancellation.
+// Context will also be used for request retry delay.
+//
+// Creates shallow copy of the http.Request with the WithContext method.
+func setRequestContext(r *Request, ctx aws.Context) {
+	r.context = ctx
+	r.HTTPRequest.Cancel = ctx.Done()
+}

vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go

@@ -2,29 +2,125 @@ package request
 
 import (
 	"reflect"
+	"sync/atomic"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awsutil"
 )
 
-//type Paginater interface {
+// A Pagination provides paginating of SDK API operations which are paginatable.
-//	HasNextPage() bool
+// Generally you should not use this type directly, but use the "Pages" API
-//	NextPage() *Request
+// operations method to automatically perform pagination for you. Such as,
-//	EachPage(fn func(data interface{}, isLastPage bool) (shouldContinue bool)) error
+// "S3.ListObjectsPages", and "S3.ListObjectsPagesWithContext" methods.
-//}
+//
+// Pagination differs from a Paginator type in that pagination is the type that
+// does the pagination between API operations, and Paginator defines the
+// configuration that will be used per page request.
+//
+//     cont := true
+//     for p.Next() && cont {
+//         data := p.Page().(*s3.ListObjectsOutput)
+//         // process the page's data
+//     }
+//     return p.Err()
+//
+// See service client API operation Pages methods for examples how the SDK will
+// use the Pagination type.
+type Pagination struct {
+	// Function to return a Request value for each pagination request.
+	// Any configuration or handlers that need to be applied to the request
+	// prior to getting the next page should be done here before the request
+	// returned.
+	//
+	// NewRequest should always be built from the same API operations. It is
+	// undefined if different API operations are returned on subsequent calls.
+	NewRequest func() (*Request, error)
 
-// HasNextPage returns true if this request has more pages of data available.
+	started    bool
-func (r *Request) HasNextPage() bool {
+	nextTokens []interface{}
-	return len(r.nextPageTokens()) > 0
+
+	err     error
+	curPage interface{}
 }
 
-// nextPageTokens returns the tokens to use when asking for the next page of
+// HasNextPage will return true if Pagination is able to determine that the API
-// data.
+// operation has additional pages. False will be returned if there are no more
+// pages remaining.
+//
+// Will always return true if Next has not been called yet.
+func (p *Pagination) HasNextPage() bool {
+	return !(p.started && len(p.nextTokens) == 0)
+}
+
+// Err returns the error Pagination encountered when retrieving the next page.
+func (p *Pagination) Err() error {
+	return p.err
+}
+
+// Page returns the current page. Page should only be called after a successful
+// call to Next. It is undefined what Page will return if Page is called after
+// Next returns false.
+func (p *Pagination) Page() interface{} {
+	return p.curPage
+}
+
+// Next will attempt to retrieve the next page for the API operation. When a page
+// is retrieved true will be returned. If the page cannot be retrieved, or there
+// are no more pages false will be returned.
+//
+// Use the Page method to retrieve the current page data. The data will need
+// to be cast to the API operation's output type.
+//
+// Use the Err method to determine if an error occurred if Page returns false.
+func (p *Pagination) Next() bool {
+	if !p.HasNextPage() {
+		return false
+	}
+
+	req, err := p.NewRequest()
+	if err != nil {
+		p.err = err
+		return false
+	}
+
+	if p.started {
+		for i, intok := range req.Operation.InputTokens {
+			awsutil.SetValueAtPath(req.Params, intok, p.nextTokens[i])
+		}
+	}
+	p.started = true
+
+	err = req.Send()
+	if err != nil {
+		p.err = err
+		return false
+	}
+
+	p.nextTokens = req.nextPageTokens()
+	p.curPage = req.Data
+
+	return true
+}
+
+// A Paginator is the configuration data that defines how an API operation
+// should be paginated. This type is used by the API service models to define
+// the generated pagination config for service APIs.
+//
+// The Pagination type is what provides iterating between pages of an API. It
+// is only used to store the token metadata the SDK should use for performing
+// pagination.
+type Paginator struct {
+	InputTokens     []string
+	OutputTokens    []string
+	LimitToken      string
+	TruncationToken string
+}
+
+// nextPageTokens returns the tokens to use when asking for the next page of data.
 func (r *Request) nextPageTokens() []interface{} {
 	if r.Operation.Paginator == nil {
 		return nil
 	}
-
 	if r.Operation.TruncationToken != "" {
 		tr, _ := awsutil.ValuesAtPath(r.Data, r.Operation.TruncationToken)
 		if len(tr) == 0 {
@@ -61,9 +157,40 @@ func (r *Request) nextPageTokens() []interface{} {
 	return tokens
 }
 
+// Ensure a deprecated item is only logged once instead of each time its used.
+func logDeprecatedf(logger aws.Logger, flag *int32, msg string) {
+	if logger == nil {
+		return
+	}
+	if atomic.CompareAndSwapInt32(flag, 0, 1) {
+		logger.Log(msg)
+	}
+}
+
+var (
+	logDeprecatedHasNextPage int32
+	logDeprecatedNextPage    int32
+	logDeprecatedEachPage    int32
+)
+
+// HasNextPage returns true if this request has more pages of data available.
+//
+// Deprecated Use Pagination type for configurable pagination of API operations
+func (r *Request) HasNextPage() bool {
+	logDeprecatedf(r.Config.Logger, &logDeprecatedHasNextPage,
+		"Request.HasNextPage deprecated. Use Pagination type for configurable pagination of API operations")
+
+	return len(r.nextPageTokens()) > 0
+}
+
 // NextPage returns a new Request that can be executed to return the next
 // page of result data. Call .Send() on this request to execute it.
+//
+// Deprecated Use Pagination type for configurable pagination of API operations
 func (r *Request) NextPage() *Request {
+	logDeprecatedf(r.Config.Logger, &logDeprecatedNextPage,
+		"Request.NextPage deprecated. Use Pagination type for configurable pagination of API operations")
+
 	tokens := r.nextPageTokens()
 	if len(tokens) == 0 {
 		return nil
@@ -90,7 +217,12 @@ func (r *Request) NextPage() *Request {
 // as the structure "T". The lastPage value represents whether the page is
 // the last page of data or not. The return value of this function should
 // return true to keep iterating or false to stop.
+//
+// Deprecated Use Pagination type for configurable pagination of API operations
 func (r *Request) EachPage(fn func(data interface{}, isLastPage bool) (shouldContinue bool)) error {
+	logDeprecatedf(r.Config.Logger, &logDeprecatedEachPage,
+		"Request.EachPage deprecated. Use Pagination type for configurable pagination of API operations")
+
 	for page := r; page != nil; page = page.NextPage() {
 		if err := page.Send(); err != nil {
 			return err

vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go

@@ -8,7 +8,7 @@ import (
 )
 
 // Retryer is an interface to control retry logic for a given service.
-// The default implementation used by most services is the service.DefaultRetryer
+// The default implementation used by most services is the client.DefaultRetryer
 // structure, which contains basic retry logic using exponential backoff.
 type Retryer interface {
 	RetryRules(*Request) time.Duration
@@ -28,6 +28,8 @@ func WithRetryer(cfg *aws.Config, retryer Retryer) *aws.Config {
 var retryableCodes = map[string]struct{}{
 	"RequestError":            {},
 	"RequestTimeout":          {},
+	ErrCodeResponseTimeout:    {},
+	"RequestTimeoutException": {}, // Glacier's flavor of RequestTimeout
 }
 
 var throttleCodes = map[string]struct{}{
@@ -36,7 +38,6 @@ var throttleCodes = map[string]struct{}{
 	"ThrottlingException":                    {},
 	"RequestLimitExceeded":                   {},
 	"RequestThrottled":                       {},
-	"LimitExceededException":                 {}, // Deleting 10+ DynamoDb tables at once
 	"TooManyRequestsException":               {}, // Lambda functions
 	"PriorRequestNotComplete":                {}, // Route53
 }
@@ -68,35 +69,93 @@ func isCodeExpiredCreds(code string) bool {
 	return ok
 }
 
+var validParentCodes = map[string]struct{}{
+	ErrCodeSerialization: {},
+	ErrCodeRead:          {},
+}
+
+type temporaryError interface {
+	Temporary() bool
+}
+
+func isNestedErrorRetryable(parentErr awserr.Error) bool {
+	if parentErr == nil {
+		return false
+	}
+
+	if _, ok := validParentCodes[parentErr.Code()]; !ok {
+		return false
+	}
+
+	err := parentErr.OrigErr()
+	if err == nil {
+		return false
+	}
+
+	if aerr, ok := err.(awserr.Error); ok {
+		return isCodeRetryable(aerr.Code())
+	}
+
+	if t, ok := err.(temporaryError); ok {
+		return t.Temporary()
+	}
+
+	return isErrConnectionReset(err)
+}
+
 // IsErrorRetryable returns whether the error is retryable, based on its Code.
-// Returns false if the request has no Error set.
+// Returns false if error is nil.
-func (r *Request) IsErrorRetryable() bool {
+func IsErrorRetryable(err error) bool {
-	if r.Error != nil {
+	if err != nil {
-		if err, ok := r.Error.(awserr.Error); ok {
+		if aerr, ok := err.(awserr.Error); ok {
-			return isCodeRetryable(err.Code())
+			return isCodeRetryable(aerr.Code()) || isNestedErrorRetryable(aerr)
 		}
 	}
 	return false
 }
 
 // IsErrorThrottle returns whether the error is to be throttled based on its code.
-// Returns false if the request has no Error set
+// Returns false if error is nil.
-func (r *Request) IsErrorThrottle() bool {
+func IsErrorThrottle(err error) bool {
-	if r.Error != nil {
+	if err != nil {
-		if err, ok := r.Error.(awserr.Error); ok {
+		if aerr, ok := err.(awserr.Error); ok {
-			return isCodeThrottle(err.Code())
+			return isCodeThrottle(aerr.Code())
 		}
 	}
 	return false
 }
 
-// IsErrorExpired returns whether the error code is a credential expiry error.
+// IsErrorExpiredCreds returns whether the error code is a credential expiry error.
-// Returns false if the request has no Error set.
+// Returns false if error is nil.
-func (r *Request) IsErrorExpired() bool {
+func IsErrorExpiredCreds(err error) bool {
-	if r.Error != nil {
+	if err != nil {
-		if err, ok := r.Error.(awserr.Error); ok {
+		if aerr, ok := err.(awserr.Error); ok {
-			return isCodeExpiredCreds(err.Code())
+			return isCodeExpiredCreds(aerr.Code())
 		}
 	}
 	return false
 }
+
+// IsErrorRetryable returns whether the error is retryable, based on its Code.
+// Returns false if the request has no Error set.
+//
+// Alias for the utility function IsErrorRetryable
+func (r *Request) IsErrorRetryable() bool {
+	return IsErrorRetryable(r.Error)
+}
+
+// IsErrorThrottle returns whether the error is to be throttled based on its code.
+// Returns false if the request has no Error set
+//
+// Alias for the utility function IsErrorThrottle
+func (r *Request) IsErrorThrottle() bool {
+	return IsErrorThrottle(r.Error)
+}
+
+// IsErrorExpired returns whether the error code is a credential expiry error.
+// Returns false if the request has no Error set.
+//
+// Alias for the utility function IsErrorExpiredCreds
+func (r *Request) IsErrorExpired() bool {
+	return IsErrorExpiredCreds(r.Error)
+}

vendor/github.com/aws/aws-sdk-go/aws/request/timeout_read_closer.go

@@ -0,0 +1,94 @@
+package request
+
+import (
+	"io"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+var timeoutErr = awserr.New(
+	ErrCodeResponseTimeout,
+	"read on body has reached the timeout limit",
+	nil,
+)
+
+type readResult struct {
+	n   int
+	err error
+}
+
+// timeoutReadCloser will handle body reads that take too long.
+// We will return a ErrReadTimeout error if a timeout occurs.
+type timeoutReadCloser struct {
+	reader   io.ReadCloser
+	duration time.Duration
+}
+
+// Read will spin off a goroutine to call the reader's Read method. We will
+// select on the timer's channel or the read's channel. Whoever completes first
+// will be returned.
+func (r *timeoutReadCloser) Read(b []byte) (int, error) {
+	timer := time.NewTimer(r.duration)
+	c := make(chan readResult, 1)
+
+	go func() {
+		n, err := r.reader.Read(b)
+		timer.Stop()
+		c <- readResult{n: n, err: err}
+	}()
+
+	select {
+	case data := <-c:
+		return data.n, data.err
+	case <-timer.C:
+		return 0, timeoutErr
+	}
+}
+
+func (r *timeoutReadCloser) Close() error {
+	return r.reader.Close()
+}
+
+const (
+	// HandlerResponseTimeout is what we use to signify the name of the
+	// response timeout handler.
+	HandlerResponseTimeout = "ResponseTimeoutHandler"
+)
+
+// adaptToResponseTimeoutError is a handler that will replace any top level error
+// to a ErrCodeResponseTimeout, if its child is that.
+func adaptToResponseTimeoutError(req *Request) {
+	if err, ok := req.Error.(awserr.Error); ok {
+		aerr, ok := err.OrigErr().(awserr.Error)
+		if ok && aerr.Code() == ErrCodeResponseTimeout {
+			req.Error = aerr
+		}
+	}
+}
+
+// WithResponseReadTimeout is a request option that will wrap the body in a timeout read closer.
+// This will allow for per read timeouts. If a timeout occurred, we will return the
+// ErrCodeResponseTimeout.
+//
+//     svc.PutObjectWithContext(ctx, params, request.WithTimeoutReadCloser(30 * time.Second)
+func WithResponseReadTimeout(duration time.Duration) Option {
+	return func(r *Request) {
+
+		var timeoutHandler = NamedHandler{
+			HandlerResponseTimeout,
+			func(req *Request) {
+				req.HTTPResponse.Body = &timeoutReadCloser{
+					reader:   req.HTTPResponse.Body,
+					duration: duration,
+				}
+			}}
+
+		// remove the handler so we are not stomping over any new durations.
+		r.Handlers.Send.RemoveByName(HandlerResponseTimeout)
+		r.Handlers.Send.PushBackNamed(timeoutHandler)
+
+		r.Handlers.Unmarshal.PushBack(adaptToResponseTimeoutError)
+		r.Handlers.UnmarshalError.PushBack(adaptToResponseTimeoutError)
+	}
+}

vendor/github.com/aws/aws-sdk-go/aws/request/validation.go

@@ -220,7 +220,7 @@ type ErrParamMinLen struct {
 func NewErrParamMinLen(field string, min int) *ErrParamMinLen {
 	return &ErrParamMinLen{
 		errInvalidParam: errInvalidParam{
-			code:  ParamMinValueErrCode,
+			code:  ParamMinLenErrCode,
 			field: field,
 			msg:   fmt.Sprintf("minimum field size of %v", min),
 		},

vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go

@@ -0,0 +1,295 @@
+package request
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/awsutil"
+)
+
+// WaiterResourceNotReadyErrorCode is the error code returned by a waiter when
+// the waiter's max attempts have been exhausted.
+const WaiterResourceNotReadyErrorCode = "ResourceNotReady"
+
+// A WaiterOption is a function that will update the Waiter value's fields to
+// configure the waiter.
+type WaiterOption func(*Waiter)
+
+// WithWaiterMaxAttempts returns the maximum number of times the waiter should
+// attempt to check the resource for the target state.
+func WithWaiterMaxAttempts(max int) WaiterOption {
+	return func(w *Waiter) {
+		w.MaxAttempts = max
+	}
+}
+
+// WaiterDelay will return a delay the waiter should pause between attempts to
+// check the resource state. The passed in attempt is the number of times the
+// Waiter has checked the resource state.
+//
+// Attempt is the number of attempts the Waiter has made checking the resource
+// state.
+type WaiterDelay func(attempt int) time.Duration
+
+// ConstantWaiterDelay returns a WaiterDelay that will always return a constant
+// delay the waiter should use between attempts. It ignores the number of
+// attempts made.
+func ConstantWaiterDelay(delay time.Duration) WaiterDelay {
+	return func(attempt int) time.Duration {
+		return delay
+	}
+}
+
+// WithWaiterDelay will set the Waiter to use the WaiterDelay passed in.
+func WithWaiterDelay(delayer WaiterDelay) WaiterOption {
+	return func(w *Waiter) {
+		w.Delay = delayer
+	}
+}
+
+// WithWaiterLogger returns a waiter option to set the logger a waiter
+// should use to log warnings and errors to.
+func WithWaiterLogger(logger aws.Logger) WaiterOption {
+	return func(w *Waiter) {
+		w.Logger = logger
+	}
+}
+
+// WithWaiterRequestOptions returns a waiter option setting the request
+// options for each request the waiter makes. Appends to waiter's request
+// options already set.
+func WithWaiterRequestOptions(opts ...Option) WaiterOption {
+	return func(w *Waiter) {
+		w.RequestOptions = append(w.RequestOptions, opts...)
+	}
+}
+
+// A Waiter provides the functionality to perform a blocking call which will
+// wait for a resource state to be satisfied by a service.
+//
+// This type should not be used directly. The API operations provided in the
+// service packages prefixed with "WaitUntil" should be used instead.
+type Waiter struct {
+	Name      string
+	Acceptors []WaiterAcceptor
+	Logger    aws.Logger
+
+	MaxAttempts int
+	Delay       WaiterDelay
+
+	RequestOptions   []Option
+	NewRequest       func([]Option) (*Request, error)
+	SleepWithContext func(aws.Context, time.Duration) error
+}
+
+// ApplyOptions updates the waiter with the list of waiter options provided.
+func (w *Waiter) ApplyOptions(opts ...WaiterOption) {
+	for _, fn := range opts {
+		fn(w)
+	}
+}
+
+// WaiterState are states the waiter uses based on WaiterAcceptor definitions
+// to identify if the resource state the waiter is waiting on has occurred.
+type WaiterState int
+
+// String returns the string representation of the waiter state.
+func (s WaiterState) String() string {
+	switch s {
+	case SuccessWaiterState:
+		return "success"
+	case FailureWaiterState:
+		return "failure"
+	case RetryWaiterState:
+		return "retry"
+	default:
+		return "unknown waiter state"
+	}
+}
+
+// States the waiter acceptors will use to identify target resource states.
+const (
+	SuccessWaiterState WaiterState = iota // waiter successful
+	FailureWaiterState                    // waiter failed
+	RetryWaiterState                      // waiter needs to be retried
+)
+
+// WaiterMatchMode is the mode that the waiter will use to match the WaiterAcceptor
+// definition's Expected attribute.
+type WaiterMatchMode int
+
+// Modes the waiter will use when inspecting API response to identify target
+// resource states.
+const (
+	PathAllWaiterMatch  WaiterMatchMode = iota // match on all paths
+	PathWaiterMatch                            // match on specific path
+	PathAnyWaiterMatch                         // match on any path
+	PathListWaiterMatch                        // match on list of paths
+	StatusWaiterMatch                          // match on status code
+	ErrorWaiterMatch                           // match on error
+)
+
+// String returns the string representation of the waiter match mode.
+func (m WaiterMatchMode) String() string {
+	switch m {
+	case PathAllWaiterMatch:
+		return "pathAll"
+	case PathWaiterMatch:
+		return "path"
+	case PathAnyWaiterMatch:
+		return "pathAny"
+	case PathListWaiterMatch:
+		return "pathList"
+	case StatusWaiterMatch:
+		return "status"
+	case ErrorWaiterMatch:
+		return "error"
+	default:
+		return "unknown waiter match mode"
+	}
+}
+
+// WaitWithContext will make requests for the API operation using NewRequest to
+// build API requests. The request's response will be compared against the
+// Waiter's Acceptors to determine the successful state of the resource the
+// waiter is inspecting.
+//
+// The passed in context must not be nil. If it is nil a panic will occur. The
+// Context will be used to cancel the waiter's pending requests and retry delays.
+// Use aws.BackgroundContext if no context is available.
+//
+// The waiter will continue until the target state defined by the Acceptors,
+// or the max attempts expires.
+//
+// Will return the WaiterResourceNotReadyErrorCode error code if the waiter's
+// retryer ShouldRetry returns false. This normally will happen when the max
+// wait attempts expires.
+func (w Waiter) WaitWithContext(ctx aws.Context) error {
+
+	for attempt := 1; ; attempt++ {
+		req, err := w.NewRequest(w.RequestOptions)
+		if err != nil {
+			waiterLogf(w.Logger, "unable to create request %v", err)
+			return err
+		}
+		req.Handlers.Build.PushBack(MakeAddToUserAgentFreeFormHandler("Waiter"))
+		err = req.Send()
+
+		// See if any of the acceptors match the request's response, or error
+		for _, a := range w.Acceptors {
+			if matched, matchErr := a.match(w.Name, w.Logger, req, err); matched {
+				return matchErr
+			}
+		}
+
+		// The Waiter should only check the resource state MaxAttempts times
+		// This is here instead of in the for loop above to prevent delaying
+		// unnecessary when the waiter will not retry.
+		if attempt == w.MaxAttempts {
+			break
+		}
+
+		// Delay to wait before inspecting the resource again
+		delay := w.Delay(attempt)
+		if sleepFn := req.Config.SleepDelay; sleepFn != nil {
+			// Support SleepDelay for backwards compatibility and testing
+			sleepFn(delay)
+		} else {
+			sleepCtxFn := w.SleepWithContext
+			if sleepCtxFn == nil {
+				sleepCtxFn = aws.SleepWithContext
+			}
+
+			if err := sleepCtxFn(ctx, delay); err != nil {
+				return awserr.New(CanceledErrorCode, "waiter context canceled", err)
+			}
+		}
+	}
+
+	return awserr.New(WaiterResourceNotReadyErrorCode, "exceeded wait attempts", nil)
+}
+
+// A WaiterAcceptor provides the information needed to wait for an API operation
+// to complete.
+type WaiterAcceptor struct {
+	State    WaiterState
+	Matcher  WaiterMatchMode
+	Argument string
+	Expected interface{}
+}
+
+// match returns if the acceptor found a match with the passed in request
+// or error. True is returned if the acceptor made a match, error is returned
+// if there was an error attempting to perform the match.
+func (a *WaiterAcceptor) match(name string, l aws.Logger, req *Request, err error) (bool, error) {
+	result := false
+	var vals []interface{}
+
+	switch a.Matcher {
+	case PathAllWaiterMatch, PathWaiterMatch:
+		// Require all matches to be equal for result to match
+		vals, _ = awsutil.ValuesAtPath(req.Data, a.Argument)
+		if len(vals) == 0 {
+			break
+		}
+		result = true
+		for _, val := range vals {
+			if !awsutil.DeepEqual(val, a.Expected) {
+				result = false
+				break
+			}
+		}
+	case PathAnyWaiterMatch:
+		// Only a single match needs to equal for the result to match
+		vals, _ = awsutil.ValuesAtPath(req.Data, a.Argument)
+		for _, val := range vals {
+			if awsutil.DeepEqual(val, a.Expected) {
+				result = true
+				break
+			}
+		}
+	case PathListWaiterMatch:
+		// ignored matcher
+	case StatusWaiterMatch:
+		s := a.Expected.(int)
+		result = s == req.HTTPResponse.StatusCode
+	case ErrorWaiterMatch:
+		if aerr, ok := err.(awserr.Error); ok {
+			result = aerr.Code() == a.Expected.(string)
+		}
+	default:
+		waiterLogf(l, "WARNING: Waiter %s encountered unexpected matcher: %s",
+			name, a.Matcher)
+	}
+
+	if !result {
+		// If there was no matching result found there is nothing more to do
+		// for this response, retry the request.
+		return false, nil
+	}
+
+	switch a.State {
+	case SuccessWaiterState:
+		// waiter completed
+		return true, nil
+	case FailureWaiterState:
+		// Waiter failure state triggered
+		return true, awserr.New(WaiterResourceNotReadyErrorCode,
+			"failed waiting for successful resource state", err)
+	case RetryWaiterState:
+		// clear the error and retry the operation
+		return false, nil
+	default:
+		waiterLogf(l, "WARNING: Waiter %s encountered unexpected state: %s",
+			name, a.State)
+		return false, nil
+	}
+}
+
+func waiterLogf(logger aws.Logger, msg string, args ...interface{}) {
+	if logger != nil {
+		logger.Log(fmt.Sprintf(msg, args...))
+	}
+}

vendor/github.com/aws/aws-sdk-go/aws/session/doc.go

@@ -23,7 +23,7 @@ additional config if the AWS_SDK_LOAD_CONFIG environment variable is set.
 Alternatively you can explicitly create a Session with shared config enabled.
 To do this you can use NewSessionWithOptions to configure how the Session will
 be created. Using the NewSessionWithOptions with SharedConfigState set to
-SharedConfigEnabled will create the session as if the AWS_SDK_LOAD_CONFIG
+SharedConfigEnable will create the session as if the AWS_SDK_LOAD_CONFIG
 environment variable was set.
 
 Creating Sessions
@@ -45,16 +45,16 @@ region, and profile loaded from the environment and shared config automatically.
 Requires the AWS_PROFILE to be set, or "default" is used.
 
 	// Create Session
-	sess, err := session.NewSession()
+	sess := session.Must(session.NewSession())
 
 	// Create a Session with a custom region
-	sess, err := session.NewSession(&aws.Config{Region: aws.String("us-east-1")})
+	sess := session.Must(session.NewSession(&aws.Config{
+		Region: aws.String("us-east-1"),
+	}))
 
 	// Create a S3 client instance from a session
-	sess, err := session.NewSession()
+	sess := session.Must(session.NewSession())
-	if err != nil {
+
-		// Handle Session creation error
-	}
 	svc := s3.New(sess)
 
 Create Session With Option Overrides
@@ -67,23 +67,25 @@ Use NewSessionWithOptions when you want to provide the config profile, or
 override the shared config state (AWS_SDK_LOAD_CONFIG).
 
 	// Equivalent to session.NewSession()
-	sess, err := session.NewSessionWithOptions(session.Options{})
+	sess := session.Must(session.NewSessionWithOptions(session.Options{
+		// Options
+	}))
 
 	// Specify profile to load for the session's config
-	sess, err := session.NewSessionWithOptions(session.Options{
+	sess := session.Must(session.NewSessionWithOptions(session.Options{
 		 Profile: "profile_name",
-	})
+	}))
 
 	// Specify profile for config and region for requests
-	sess, err := session.NewSessionWithOptions(session.Options{
+	sess := session.Must(session.NewSessionWithOptions(session.Options{
 		 Config: aws.Config{Region: aws.String("us-east-1")},
 		 Profile: "profile_name",
-	})
+	}))
 
 	// Force enable Shared Config support
-	sess, err := session.NewSessionWithOptions(session.Options{
+	sess := session.Must(session.NewSessionWithOptions(session.Options{
-		SharedConfigState: SharedConfigEnable,
+		SharedConfigState: session.SharedConfigEnable,
-	})
+	}))
 
 Adding Handlers
 
@@ -93,7 +95,8 @@ handler logs every request and its payload made by a service client:
 
 	// Create a session, and add additional handlers for all service
 	// clients created with the Session to inherit. Adds logging handler.
-	sess, err := session.NewSession()
+	sess := session.Must(session.NewSession())
+
 	sess.Handlers.Send.PushFront(func(r *request.Request) {
 		// Log every request made and its payload
 		logger.Println("Request: %s/%s, Payload: %s",
@@ -122,8 +125,7 @@ files have the same format.
 
 If both config files are present the configuration from both files will be
 read. The Session will be created from configuration values from the shared
-credentials file (~/.aws/credentials) over those in the shared credentials
+credentials file (~/.aws/credentials) over those in the shared config file (~/.aws/config).
-file (~/.aws/config).
 
 Credentials are the values the SDK should use for authenticating requests with
 AWS Services. They arfrom a configuration file will need to include both
@@ -138,15 +140,14 @@ the other two fields are also provided.
 
 Assume Role values allow you to configure the SDK to assume an IAM role using
 a set of credentials provided in a config file via the source_profile field.
-Both "role_arn" and "source_profile" are required. The SDK does not support
+Both "role_arn" and "source_profile" are required. The SDK supports assuming
-assuming a role with MFA token Via the Session's constructor. You can use the
+a role with MFA token if the session option AssumeRoleTokenProvider
-stscreds.AssumeRoleProvider credentials provider to specify custom
+is set.
-configuration and support for MFA.
 
 	role_arn = arn:aws:iam::<account_number>:role/<role_name>
 	source_profile = profile_with_creds
 	external_id = 1234
-	mfa_serial = not supported!
+	mfa_serial = <serial or mfa arn>
 	role_session_name = session_name
 
 Region is the region the SDK should use for looking up AWS service endpoints
@@ -154,6 +155,37 @@ and signing requests.
 
 	region = us-east-1
 
+Assume Role with MFA token
+
+To create a session with support for assuming an IAM role with MFA set the
+session option AssumeRoleTokenProvider to a function that will prompt for the
+MFA token code when the SDK assumes the role and refreshes the role's credentials.
+This allows you to configure the SDK via the shared config to assumea role
+with MFA tokens.
+
+In order for the SDK to assume a role with MFA the SharedConfigState
+session option must be set to SharedConfigEnable, or AWS_SDK_LOAD_CONFIG
+environment variable set.
+
+The shared configuration instructs the SDK to assume an IAM role with MFA
+when the mfa_serial configuration field is set in the shared config
+(~/.aws/config) or shared credentials (~/.aws/credentials) file.
+
+If mfa_serial is set in the configuration, the SDK will assume the role, and
+the AssumeRoleTokenProvider session option is not set an an error will
+be returned when creating the session.
+
+    sess := session.Must(session.NewSessionWithOptions(session.Options{
+        AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
+    }))
+
+    // Create service client value configured for credentials
+    // from assumed role.
+    svc := s3.New(sess)
+
+To setup assume role outside of a session see the stscrds.AssumeRoleProvider
+documentation.
+
 Environment Variables
 
 When a Session is created several environment variables can be set to adjust
@@ -218,6 +250,24 @@ $HOME/.aws/config on Linux/Unix based systems, and
 
 	AWS_CONFIG_FILE=$HOME/my_shared_config
 
+Path to a custom Credentials Authority (CA) bundle PEM file that the SDK
+will use instead of the default system's root CA bundle. Use this only
+if you want to replace the CA bundle the SDK uses for TLS requests.
 
+	AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
+
+Enabling this option will attempt to merge the Transport into the SDK's HTTP
+client. If the client's Transport is not a http.Transport an error will be
+returned. If the Transport's TLS config is set this option will cause the SDK
+to overwrite the Transport's TLS config's  RootCAs value. If the CA bundle file
+contains multiple certificates all of them will be loaded.
+
+The Session option CustomCABundle is also available when creating sessions
+to also enable this feature. CustomCABundle session option field has priority
+over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
+
+Setting a custom HTTPClient in the aws.Config options will override this setting.
+To use this option and custom HTTP client, the HTTP client needs to be provided
+when creating the session. Not the service client.
 */
 package session

vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go

@@ -2,12 +2,14 @@ package session
 
 import (
 	"os"
-	"path/filepath"
 	"strconv"
 
 	"github.com/aws/aws-sdk-go/aws/credentials"
 )
 
+// EnvProviderName provides a name of the provider when config is loaded from environment.
+const EnvProviderName = "EnvConfigCredentials"
+
 // envConfig is a collection of environment values the SDK will read
 // setup config from. All environment values are optional. But some values
 // such as credentials require multiple values to be complete or the values
@@ -75,6 +77,24 @@ type envConfig struct {
 	//
 	//	AWS_CONFIG_FILE=$HOME/my_shared_config
 	SharedConfigFile string
+
+	// Sets the path to a custom Credentials Authroity (CA) Bundle PEM file
+	// that the SDK will use instead of the system's root CA bundle.
+	// Only use this if you want to configure the SDK to use a custom set
+	// of CAs.
+	//
+	// Enabling this option will attempt to merge the Transport
+	// into the SDK's HTTP client. If the client's Transport is
+	// not a http.Transport an error will be returned. If the
+	// Transport's TLS config is set this option will cause the
+	// SDK to overwrite the Transport's TLS config's  RootCAs value.
+	//
+	// Setting a custom HTTPClient in the aws.Config options will override this setting.
+	// To use this option and custom HTTP client, the HTTP client needs to be provided
+	// when creating the session. Not the service client.
+	//
+	//  AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
+	CustomCABundle string
 }
 
 var (
@@ -98,6 +118,12 @@ var (
 		"AWS_PROFILE",
 		"AWS_DEFAULT_PROFILE", // Only read if AWS_SDK_LOAD_CONFIG is also set
 	}
+	sharedCredsFileEnvKey = []string{
+		"AWS_SHARED_CREDENTIALS_FILE",
+	}
+	sharedConfigFileEnvKey = []string{
+		"AWS_CONFIG_FILE",
+	}
 )
 
 // loadEnvConfig retrieves the SDK's environment configuration.
@@ -134,7 +160,7 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
 	if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 {
 		cfg.Creds = credentials.Value{}
 	} else {
-		cfg.Creds.ProviderName = "EnvConfigCredentials"
+		cfg.Creds.ProviderName = EnvProviderName
 	}
 
 	regionKeys := regionEnvKeys
@@ -147,8 +173,10 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
 	setFromEnvVal(&cfg.Region, regionKeys)
 	setFromEnvVal(&cfg.Profile, profileKeys)
 
-	cfg.SharedCredentialsFile = sharedCredentialsFilename()
+	setFromEnvVal(&cfg.SharedCredentialsFile, sharedCredsFileEnvKey)
-	cfg.SharedConfigFile = sharedConfigFilename()
+	setFromEnvVal(&cfg.SharedConfigFile, sharedConfigFileEnvKey)
+
+	cfg.CustomCABundle = os.Getenv("AWS_CA_BUNDLE")
 
 	return cfg
 }
@@ -161,28 +189,3 @@ func setFromEnvVal(dst *string, keys []string) {
 		}
 	}
 }
-
-func sharedCredentialsFilename() string {
-	if name := os.Getenv("AWS_SHARED_CREDENTIALS_FILE"); len(name) > 0 {
-		return name
-	}
-
-	return filepath.Join(userHomeDir(), ".aws", "credentials")
-}
-
-func sharedConfigFilename() string {
-	if name := os.Getenv("AWS_CONFIG_FILE"); len(name) > 0 {
-		return name
-	}
-
-	return filepath.Join(userHomeDir(), ".aws", "config")
-}
-
-func userHomeDir() string {
-	homeDir := os.Getenv("HOME") // *nix
-	if len(homeDir) == 0 {       // windows
-		homeDir = os.Getenv("USERPROFILE")
-	}
-
-	return homeDir
-}

vendor/github.com/aws/aws-sdk-go/aws/session/session.go

@@ -1,7 +1,13 @@
 package session
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"os"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@@ -40,7 +46,7 @@ type Session struct {
 //
 // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
 // the shared config file (~/.aws/config) will also be loaded, in addition to
-// the shared credentials file (~/.aws/config). Values set in both the
+// the shared credentials file (~/.aws/credentials). Values set in both the
 // shared config, and shared credentials will be taken from the shared
 // credentials file.
 //
@@ -52,7 +58,7 @@ func New(cfgs ...*aws.Config) *Session {
 	envCfg := loadEnvConfig()
 
 	if envCfg.EnableSharedConfig {
-		s, err := newSession(envCfg, cfgs...)
+		s, err := newSession(Options{}, envCfg, cfgs...)
 		if err != nil {
 			// Old session.New expected all errors to be discovered when
 			// a request is made, and would report the errors then. This
@@ -73,7 +79,7 @@ func New(cfgs ...*aws.Config) *Session {
 		return s
 	}
 
-	return oldNewSession(cfgs...)
+	return deprecatedNewSession(cfgs...)
 }
 
 // NewSession returns a new Session created from SDK defaults, config files,
@@ -83,7 +89,7 @@ func New(cfgs ...*aws.Config) *Session {
 //
 // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
 // the shared config file (~/.aws/config) will also be loaded in addition to
-// the shared credentials file (~/.aws/config). Values set in both the
+// the shared credentials file (~/.aws/credentials). Values set in both the
 // shared config, and shared credentials will be taken from the shared
 // credentials file. Enabling the Shared Config will also allow the Session
 // to be built with retrieving credentials with AssumeRole set in the config.
@@ -92,9 +98,10 @@ func New(cfgs ...*aws.Config) *Session {
 // control through code how the Session will be created. Such as specifying the
 // config profile, and controlling if shared config is enabled or not.
 func NewSession(cfgs ...*aws.Config) (*Session, error) {
-	envCfg := loadEnvConfig()
+	opts := Options{}
+	opts.Config.MergeIn(cfgs...)
 
-	return newSession(envCfg, cfgs...)
+	return NewSessionWithOptions(opts)
 }
 
 // SharedConfigState provides the ability to optionally override the state
@@ -147,6 +154,45 @@ type Options struct {
 	// will allow you to override the AWS_SDK_LOAD_CONFIG environment variable
 	// and enable or disable the shared config functionality.
 	SharedConfigState SharedConfigState
+
+	// Ordered list of files the session will load configuration from.
+	// It will override environment variable AWS_SHARED_CREDENTIALS_FILE, AWS_CONFIG_FILE.
+	SharedConfigFiles []string
+
+	// When the SDK's shared config is configured to assume a role with MFA
+	// this option is required in order to provide the mechanism that will
+	// retrieve the MFA token. There is no default value for this field. If
+	// it is not set an error will be returned when creating the session.
+	//
+	// This token provider will be called when ever the assumed role's
+	// credentials need to be refreshed. Within the context of service clients
+	// all sharing the same session the SDK will ensure calls to the token
+	// provider are atomic. When sharing a token provider across multiple
+	// sessions additional synchronization logic is needed to ensure the
+	// token providers do not introduce race conditions. It is recommend to
+	// share the session where possible.
+	//
+	// stscreds.StdinTokenProvider is a basic implementation that will prompt
+	// from stdin for the MFA token code.
+	//
+	// This field is only used if the shared configuration is enabled, and
+	// the config enables assume role wit MFA via the mfa_serial field.
+	AssumeRoleTokenProvider func() (string, error)
+
+	// Reader for a custom Credentials Authority (CA) bundle in PEM format that
+	// the SDK will use instead of the default system's root CA bundle. Use this
+	// only if you want to replace the CA bundle the SDK uses for TLS requests.
+	//
+	// Enabling this option will attempt to merge the Transport into the SDK's HTTP
+	// client. If the client's Transport is not a http.Transport an error will be
+	// returned. If the Transport's TLS config is set this option will cause the SDK
+	// to overwrite the Transport's TLS config's  RootCAs value. If the CA
+	// bundle reader contains multiple certificates all of them will be loaded.
+	//
+	// The Session option CustomCABundle is also available when creating sessions
+	// to also enable this feature. CustomCABundle session option field has priority
+	// over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
+	CustomCABundle io.Reader
 }
 
 // NewSessionWithOptions returns a new Session created from SDK defaults, config files,
@@ -155,29 +201,29 @@ type Options struct {
 //
 // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
 // the shared config file (~/.aws/config) will also be loaded in addition to
-// the shared credentials file (~/.aws/config). Values set in both the
+// the shared credentials file (~/.aws/credentials). Values set in both the
 // shared config, and shared credentials will be taken from the shared
 // credentials file. Enabling the Shared Config will also allow the Session
 // to be built with retrieving credentials with AssumeRole set in the config.
 //
 //     // Equivalent to session.New
-//     sess, err := session.NewSessionWithOptions(session.Options{})
+//     sess := session.Must(session.NewSessionWithOptions(session.Options{}))
 //
 //     // Specify profile to load for the session's config
-//     sess, err := session.NewSessionWithOptions(session.Options{
+//     sess := session.Must(session.NewSessionWithOptions(session.Options{
 //          Profile: "profile_name",
-//     })
+//     }))
 //
 //     // Specify profile for config and region for requests
-//     sess, err := session.NewSessionWithOptions(session.Options{
+//     sess := session.Must(session.NewSessionWithOptions(session.Options{
 //          Config: aws.Config{Region: aws.String("us-east-1")},
 //          Profile: "profile_name",
-//     })
+//     }))
 //
 //     // Force enable Shared Config support
-//     sess, err := session.NewSessionWithOptions(session.Options{
+//     sess := session.Must(session.NewSessionWithOptions(session.Options{
-//         SharedConfigState: SharedConfigEnable,
+//         SharedConfigState: session.SharedConfigEnable,
-//     })
+//     }))
 func NewSessionWithOptions(opts Options) (*Session, error) {
 	var envCfg envConfig
 	if opts.SharedConfigState == SharedConfigEnable {
@@ -197,7 +243,25 @@ func NewSessionWithOptions(opts Options) (*Session, error) {
 		envCfg.EnableSharedConfig = true
 	}
 
-	return newSession(envCfg, &opts.Config)
+	if len(envCfg.SharedCredentialsFile) == 0 {
+		envCfg.SharedCredentialsFile = defaults.SharedCredentialsFilename()
+	}
+	if len(envCfg.SharedConfigFile) == 0 {
+		envCfg.SharedConfigFile = defaults.SharedConfigFilename()
+	}
+
+	// Only use AWS_CA_BUNDLE if session option is not provided.
+	if len(envCfg.CustomCABundle) != 0 && opts.CustomCABundle == nil {
+		f, err := os.Open(envCfg.CustomCABundle)
+		if err != nil {
+			return nil, awserr.New("LoadCustomCABundleError",
+				"failed to open custom CA bundle PEM file", err)
+		}
+		defer f.Close()
+		opts.CustomCABundle = f
+	}
+
+	return newSession(opts, envCfg, &opts.Config)
 }
 
 // Must is a helper function to ensure the Session is valid and there was no
@@ -215,7 +279,7 @@ func Must(sess *Session, err error) *Session {
 	return sess
 }
 
-func oldNewSession(cfgs ...*aws.Config) *Session {
+func deprecatedNewSession(cfgs ...*aws.Config) *Session {
 	cfg := defaults.Config()
 	handlers := defaults.Handlers()
 
@@ -242,7 +306,7 @@ func oldNewSession(cfgs ...*aws.Config) *Session {
 	return s
 }
 
-func newSession(envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
+func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
 	cfg := defaults.Config()
 	handlers := defaults.Handlers()
 
@@ -251,14 +315,19 @@ func newSession(envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
 	userCfg := &aws.Config{}
 	userCfg.MergeIn(cfgs...)
 
-	// Order config files will be loaded in with later files overwriting
+	// Ordered config files will be loaded in with later files overwriting
 	// previous config file values.
-	cfgFiles := []string{envCfg.SharedConfigFile, envCfg.SharedCredentialsFile}
+	var cfgFiles []string
+	if opts.SharedConfigFiles != nil {
+		cfgFiles = opts.SharedConfigFiles
+	} else {
+		cfgFiles = []string{envCfg.SharedConfigFile, envCfg.SharedCredentialsFile}
 		if !envCfg.EnableSharedConfig {
 			// The shared config file (~/.aws/config) is only loaded if instructed
 			// to load via the envConfig.EnableSharedConfig (AWS_SDK_LOAD_CONFIG).
 			cfgFiles = cfgFiles[1:]
 		}
+	}
 
 	// Load additional config from file(s)
 	sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles)
@@ -266,7 +335,9 @@ func newSession(envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
 		return nil, err
 	}
 
-	mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers)
+	if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil {
+		return nil, err
+	}
 
 	s := &Session{
 		Config:   cfg,
@@ -275,10 +346,62 @@ func newSession(envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
 
 	initHandlers(s)
 
+	// Setup HTTP client with custom cert bundle if enabled
+	if opts.CustomCABundle != nil {
+		if err := loadCustomCABundle(s, opts.CustomCABundle); err != nil {
+			return nil, err
+		}
+	}
+
 	return s, nil
 }
 
-func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers) {
+func loadCustomCABundle(s *Session, bundle io.Reader) error {
+	var t *http.Transport
+	switch v := s.Config.HTTPClient.Transport.(type) {
+	case *http.Transport:
+		t = v
+	default:
+		if s.Config.HTTPClient.Transport != nil {
+			return awserr.New("LoadCustomCABundleError",
+				"unable to load custom CA bundle, HTTPClient's transport unsupported type", nil)
+		}
+	}
+	if t == nil {
+		t = &http.Transport{}
+	}
+
+	p, err := loadCertPool(bundle)
+	if err != nil {
+		return err
+	}
+	if t.TLSClientConfig == nil {
+		t.TLSClientConfig = &tls.Config{}
+	}
+	t.TLSClientConfig.RootCAs = p
+
+	s.Config.HTTPClient.Transport = t
+
+	return nil
+}
+
+func loadCertPool(r io.Reader) (*x509.CertPool, error) {
+	b, err := ioutil.ReadAll(r)
+	if err != nil {
+		return nil, awserr.New("LoadCustomCABundleError",
+			"failed to read custom CA bundle PEM file", err)
+	}
+
+	p := x509.NewCertPool()
+	if !p.AppendCertsFromPEM(b) {
+		return nil, awserr.New("LoadCustomCABundleError",
+			"failed to load custom CA bundle PEM file", err)
+	}
+
+	return p, nil
+}
+
+func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options) error {
 	// Merge in user provided configuration
 	cfg.MergeIn(userCfg)
 
@@ -302,6 +425,11 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
 			cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds(
 				sharedCfg.AssumeRoleSource.Creds,
 			)
+			if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
+				// AssumeRole Token provider is required if doing Assume Role
+				// with MFA.
+				return AssumeRoleTokenProviderNotSetError{}
+			}
 			cfg.Credentials = stscreds.NewCredentials(
 				&Session{
 					Config:   &cfgCp,
@@ -311,11 +439,16 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
 				func(opt *stscreds.AssumeRoleProvider) {
 					opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName
 
+					// Assume role with external ID
 					if len(sharedCfg.AssumeRole.ExternalID) > 0 {
 						opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID)
 					}
 
-					// MFA not supported
+					// Assume role with MFA
+					if len(sharedCfg.AssumeRole.MFASerial) > 0 {
+						opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial)
+						opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
+					}
 				},
 			)
 		} else if len(sharedCfg.Creds.AccessKeyID) > 0 {
@@ -336,6 +469,33 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
 			})
 		}
 	}
+
+	return nil
+}
+
+// AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the
+// MFAToken option is not set when shared config is configured load assume a
+// role with an MFA token.
+type AssumeRoleTokenProviderNotSetError struct{}
+
+// Code is the short id of the error.
+func (e AssumeRoleTokenProviderNotSetError) Code() string {
+	return "AssumeRoleTokenProviderNotSetError"
+}
+
+// Message is the description of the error
+func (e AssumeRoleTokenProviderNotSetError) Message() string {
+	return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
+	return nil
+}
+
+// Error satisfies the error interface.
+func (e AssumeRoleTokenProviderNotSetError) Error() string {
+	return awserr.SprintError(e.Code(), e.Message(), "", nil)
 }
 
 type credProviderError struct {
@@ -404,6 +564,10 @@ func (s *Session) clientConfigWithErr(serviceName string, cfgs ...*aws.Config) (
 			func(opt *endpoints.Options) {
 				opt.DisableSSL = aws.BoolValue(s.Config.DisableSSL)
 				opt.UseDualStack = aws.BoolValue(s.Config.UseDualStack)
+
+				// Support the condition where the service is modeled but its
+				// endpoint metadata is not available.
+				opt.ResolveUnknownService = true
 			},
 		)
 	}
@@ -416,3 +580,27 @@ func (s *Session) clientConfigWithErr(serviceName string, cfgs ...*aws.Config) (
 		SigningName:   resolved.SigningName,
 	}, err
 }
+
+// ClientConfigNoResolveEndpoint is the same as ClientConfig with the exception
+// that the EndpointResolver will not be used to resolve the endpoint. The only
+// endpoint set must come from the aws.Config.Endpoint field.
+func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Config {
+	s = s.Copy(cfgs...)
+
+	var resolved endpoints.ResolvedEndpoint
+
+	region := aws.StringValue(s.Config.Region)
+
+	if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 {
+		resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL))
+		resolved.SigningRegion = region
+	}
+
+	return client.Config{
+		Config:        s.Config,
+		Handlers:      s.Handlers,
+		Endpoint:      resolved.URL,
+		SigningRegion: resolved.SigningRegion,
+		SigningName:   resolved.SigningName,
+	}
+}

vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go

@@ -113,7 +113,7 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
 
 		f, err := ini.Load(b)
 		if err != nil {
-			return nil, SharedConfigLoadError{Filename: filename}
+			return nil, SharedConfigLoadError{Filename: filename, Err: err}
 		}
 
 		files = append(files, sharedConfigFile{

vendor/github.com/aws/aws-sdk-go/aws/signer/v4/BUILD

@@ -4,6 +4,7 @@ go_library(
     name = "go_default_library",
     srcs = [
         "header_rules.go",
+        "options.go",
         "uri_path.go",
         "v4.go",
     ],

vendor/github.com/aws/aws-sdk-go/aws/signer/v4/options.go

@@ -0,0 +1,7 @@
+package v4
+
+// WithUnsignedPayload will enable and set the UnsignedPayload field to
+// true of the signer.
+func WithUnsignedPayload(v4 *Signer) {
+	v4.UnsignedPayload = true
+}

vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go

@@ -45,7 +45,7 @@
 // If signing a request intended for HTTP2 server, and you're using Go 1.6.2
 // through 1.7.4 you should use the URL.RawPath as the pre-escaped form of the
 // request URL. https://github.com/golang/go/issues/16847 points to a bug in
-// Go pre 1.8 that failes to make HTTP2 requests using absolute URL in the HTTP
+// Go pre 1.8 that fails to make HTTP2 requests using absolute URL in the HTTP
 // message. URL.Opaque generally will force Go to make requests with absolute URL.
 // URL.RawPath does not do this, but RawPath must be a valid escaping of Path
 // or url.EscapedPath will ignore the RawPath escaping.
@@ -55,7 +55,6 @@
 package v4
 
 import (
-	"bytes"
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/hex"
@@ -194,6 +193,10 @@ type Signer struct {
 	// This value should only be used for testing. If it is nil the default
 	// time.Now will be used.
 	currentTimeFn func() time.Time
+
+	// UnsignedPayload will prevent signing of the payload. This will only
+	// work for services that have support for this.
+	UnsignedPayload bool
 }
 
 // NewSigner returns a Signer pointer configured with the credentials and optional
@@ -227,6 +230,7 @@ type signingCtx struct {
 	isPresign          bool
 	formattedTime      string
 	formattedShortTime string
+	unsignedPayload    bool
 
 	bodyDigest       string
 	signedHeaders    string
@@ -317,6 +321,7 @@ func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, regi
 		ServiceName:            service,
 		Region:                 region,
 		DisableURIPathEscaping: v4.DisableURIPathEscaping,
+		unsignedPayload:        v4.UnsignedPayload,
 	}
 
 	for key := range ctx.Query {
@@ -396,7 +401,7 @@ var SignRequestHandler = request.NamedHandler{
 }
 
 // SignSDKRequest signs an AWS request with the V4 signature. This
-// request handler is bested used only with the SDK's built in service client's
+// request handler should only be used with the SDK's built in service client's
 // API operation requests.
 //
 // This function should not be used on its on its own, but in conjunction with
@@ -409,7 +414,18 @@ var SignRequestHandler = request.NamedHandler{
 func SignSDKRequest(req *request.Request) {
 	signSDKRequestWithCurrTime(req, time.Now)
 }
-func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time) {
+
+// BuildNamedHandler will build a generic handler for signing.
+func BuildNamedHandler(name string, opts ...func(*Signer)) request.NamedHandler {
+	return request.NamedHandler{
+		Name: name,
+		Fn: func(req *request.Request) {
+			signSDKRequestWithCurrTime(req, time.Now, opts...)
+		},
+	}
+}
+
+func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time, opts ...func(*Signer)) {
 	// If the request does not need to be signed ignore the signing of the
 	// request if the AnonymousCredentials object is used.
 	if req.Config.Credentials == credentials.AnonymousCredentials {
@@ -441,6 +457,10 @@ func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time
 		v4.DisableRequestBodyOverwrite = true
 	})
 
+	for _, opt := range opts {
+		opt(v4)
+	}
+
 	signingTime := req.Time
 	if !req.LastSignedAt.IsZero() {
 		signingTime = req.LastSignedAt
@@ -482,6 +502,8 @@ func (ctx *signingCtx) build(disableHeaderHoisting bool) {
 	ctx.buildTime()             // no depends
 	ctx.buildCredentialString() // no depends
 
+	ctx.buildBodyDigest()
+
 	unsignedHeaders := ctx.Request.Header
 	if ctx.isPresign {
 		if !disableHeaderHoisting {
@@ -493,7 +515,6 @@ func (ctx *signingCtx) build(disableHeaderHoisting bool) {
 		}
 	}
 
-	ctx.buildBodyDigest()
 	ctx.buildCanonicalHeaders(ignoredHeaders, unsignedHeaders)
 	ctx.buildCanonicalString() // depends on canon headers / signed headers
 	ctx.buildStringToSign()    // depends on canon string
@@ -583,14 +604,18 @@ func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) {
 	headerValues := make([]string, len(headers))
 	for i, k := range headers {
 		if k == "host" {
+			if ctx.Request.Host != "" {
+				headerValues[i] = "host:" + ctx.Request.Host
+			} else {
 				headerValues[i] = "host:" + ctx.Request.URL.Host
+			}
 		} else {
 			headerValues[i] = k + ":" +
 				strings.Join(ctx.SignedHeaderVals[k], ",")
 		}
 	}
-
+	stripExcessSpaces(headerValues)
-	ctx.canonicalHeaders = strings.Join(stripExcessSpaces(headerValues), "\n")
+	ctx.canonicalHeaders = strings.Join(headerValues, "\n")
 }
 
 func (ctx *signingCtx) buildCanonicalString() {
@@ -634,14 +659,14 @@ func (ctx *signingCtx) buildSignature() {
 func (ctx *signingCtx) buildBodyDigest() {
 	hash := ctx.Request.Header.Get("X-Amz-Content-Sha256")
 	if hash == "" {
-		if ctx.isPresign && ctx.ServiceName == "s3" {
+		if ctx.unsignedPayload || (ctx.isPresign && ctx.ServiceName == "s3") {
 			hash = "UNSIGNED-PAYLOAD"
 		} else if ctx.Body == nil {
 			hash = emptyStringSHA256
 		} else {
 			hash = hex.EncodeToString(makeSha256Reader(ctx.Body))
 		}
-		if ctx.ServiceName == "s3" || ctx.ServiceName == "glacier" {
+		if ctx.unsignedPayload || ctx.ServiceName == "s3" || ctx.ServiceName == "glacier" {
 			ctx.Request.Header.Set("X-Amz-Content-Sha256", hash)
 		}
 	}
@@ -692,49 +717,46 @@ func makeSha256Reader(reader io.ReadSeeker) []byte {
 	return hash.Sum(nil)
 }
 
-const doubleSpaces = "  "
+const doubleSpace = "  "
 
-var doubleSpaceBytes = []byte(doubleSpaces)
+// stripExcessSpaces will rewrite the passed in slice's string values to not
-
+// contain muliple side-by-side spaces.
-func stripExcessSpaces(headerVals []string) []string {
+func stripExcessSpaces(vals []string) {
-	vals := make([]string, len(headerVals))
+	var j, k, l, m, spaces int
-	for i, str := range headerVals {
+	for i, str := range vals {
-		// Trim leading and trailing spaces
+		// Trim trailing spaces
-		trimmed := strings.TrimSpace(str)
+		for j = len(str) - 1; j >= 0 && str[j] == ' '; j-- {
-
-		idx := strings.Index(trimmed, doubleSpaces)
-		var buf []byte
-		for idx > -1 {
-			// Multiple adjacent spaces found
-			if buf == nil {
-				// first time create the buffer
-				buf = []byte(trimmed)
 		}
 
-			stripToIdx := -1
+		// Trim leading spaces
-			for j := idx + 1; j < len(buf); j++ {
+		for k = 0; k < j && str[k] == ' '; k++ {
-				if buf[j] != ' ' {
-					buf = append(buf[:idx+1], buf[j:]...)
-					stripToIdx = j
-					break
 		}
+		str = str[k : j+1]
+
+		// Strip multiple spaces.
+		j = strings.Index(str, doubleSpace)
+		if j < 0 {
+			vals[i] = str
+			continue
 		}
 
-			if stripToIdx >= 0 {
+		buf := []byte(str)
-				idx = bytes.Index(buf[stripToIdx:], doubleSpaceBytes)
+		for k, m, l = j, j, len(buf); k < l; k++ {
-				if idx >= 0 {
+			if buf[k] == ' ' {
-					idx += stripToIdx
+				if spaces == 0 {
+					// First space.
+					buf[m] = buf[k]
+					m++
 				}
+				spaces++
 			} else {
-				idx = -1
+				// End of multiple spaces.
+				spaces = 0
+				buf[m] = buf[k]
+				m++
 			}
 		}
 
-		if buf != nil {
+		vals[i] = string(buf[:m])
-			vals[i] = string(buf)
-		} else {
-			vals[i] = trimmed
 	}
-	}
-	return vals
 }

vendor/github.com/aws/aws-sdk-go/aws/types.go

@@ -114,5 +114,5 @@ func (b *WriteAtBuffer) WriteAt(p []byte, pos int64) (n int, err error) {
 func (b *WriteAtBuffer) Bytes() []byte {
 	b.m.Lock()
 	defer b.m.Unlock()
-	return b.buf[:len(b.buf):len(b.buf)]
+	return b.buf
 }

vendor/github.com/aws/aws-sdk-go/aws/url.go

@@ -0,0 +1,12 @@
+// +build go1.8
+
+package aws
+
+import "net/url"
+
+// URLHostname will extract the Hostname without port from the URL value.
+//
+// Wrapper of net/url#URL.Hostname for backwards Go version compatibility.
+func URLHostname(url *url.URL) string {
+	return url.Hostname()
+}

vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go

@@ -0,0 +1,29 @@
+// +build !go1.8
+
+package aws
+
+import (
+	"net/url"
+	"strings"
+)
+
+// URLHostname will extract the Hostname without port from the URL value.
+//
+// Copy of Go 1.8's net/url#URL.Hostname functionality.
+func URLHostname(url *url.URL) string {
+	return stripPort(url.Host)
+
+}
+
+// stripPort is copy of Go 1.8 url#URL.Hostname functionality.
+// https://golang.org/src/net/url/url.go
+func stripPort(hostport string) string {
+	colon := strings.IndexByte(hostport, ':')
+	if colon == -1 {
+		return hostport
+	}
+	if i := strings.IndexByte(hostport, ']'); i != -1 {
+		return strings.TrimPrefix(hostport[:i], "[")
+	}
+	return hostport[:colon]
+}

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.6.10"
+const SDKVersion = "1.12.7"

vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/BUILD

@@ -0,0 +1,22 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["shared_config.go"],
+    importpath = "github.com/aws/aws-sdk-go/internal/shareddefaults",
+    visibility = ["//vendor/github.com/aws/aws-sdk-go:__subpackages__"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)

vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go

@@ -0,0 +1,40 @@
+package shareddefaults
+
+import (
+	"os"
+	"path/filepath"
+	"runtime"
+)
+
+// SharedCredentialsFilename returns the SDK's default file path
+// for the shared credentials file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/credentials
+//   - Windows: %USERPROFILE%\.aws\credentials
+func SharedCredentialsFilename() string {
+	return filepath.Join(UserHomeDir(), ".aws", "credentials")
+}
+
+// SharedConfigFilename returns the SDK's default file path for
+// the shared config file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/config
+//   - Windows: %USERPROFILE%\.aws\config
+func SharedConfigFilename() string {
+	return filepath.Join(UserHomeDir(), ".aws", "config")
+}
+
+// UserHomeDir returns the home directory for the user the process is
+// running under.
+func UserHomeDir() string {
+	if runtime.GOOS == "windows" { // Windows
+		return os.Getenv("USERPROFILE")
+	}
+
+	// *nix
+	return os.Getenv("HOME")
+}

vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go

@@ -4,7 +4,9 @@ package jsonutil
 import (
 	"bytes"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
+	"math"
 	"reflect"
 	"sort"
 	"strconv"
@@ -25,6 +27,7 @@ func BuildJSON(v interface{}) ([]byte, error) {
 }
 
 func buildAny(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	origVal := value
 	value = reflect.Indirect(value)
 	if !value.IsValid() {
 		return nil
@@ -61,7 +64,7 @@ func buildAny(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) err
 	case "map":
 		return buildMap(value, buf, tag)
 	default:
-		return buildScalar(value, buf, tag)
+		return buildScalar(origVal, buf, tag)
 	}
 }
 
@@ -87,6 +90,10 @@ func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag)
 	first := true
 	for i := 0; i < t.NumField(); i++ {
 		member := value.Field(i)
+
+		// This allocates the most memory.
+		// Additionally, we cannot skip nil fields due to
+		// idempotency auto filling.
 		field := t.Field(i)
 
 		if field.PkgPath != "" {
@@ -182,21 +189,32 @@ func buildMap(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) err
 	return nil
 }
 
-func buildScalar(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+func buildScalar(v reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
-	switch value.Kind() {
+	// prevents allocation on the heap.
+	scratch := [64]byte{}
+	switch value := reflect.Indirect(v); value.Kind() {
 	case reflect.String:
 		writeString(value.String(), buf)
 	case reflect.Bool:
-		buf.WriteString(strconv.FormatBool(value.Bool()))
+		if value.Bool() {
+			buf.WriteString("true")
+		} else {
+			buf.WriteString("false")
+		}
 	case reflect.Int64:
-		buf.WriteString(strconv.FormatInt(value.Int(), 10))
+		buf.Write(strconv.AppendInt(scratch[:0], value.Int(), 10))
 	case reflect.Float64:
-		buf.WriteString(strconv.FormatFloat(value.Float(), 'f', -1, 64))
+		f := value.Float()
+		if math.IsInf(f, 0) || math.IsNaN(f) {
+			return &json.UnsupportedValueError{Value: v, Str: strconv.FormatFloat(f, 'f', -1, 64)}
+		}
+		buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64))
 	default:
 		switch value.Type() {
 		case timeType:
-			converted := value.Interface().(time.Time)
+			converted := v.Interface().(*time.Time)
-			buf.WriteString(strconv.FormatInt(converted.UTC().Unix(), 10))
+
+			buf.Write(strconv.AppendInt(scratch[:0], converted.UTC().Unix(), 10))
 		case byteSliceType:
 			if !value.IsNil() {
 				converted := value.Interface().([]byte)
@@ -222,27 +240,31 @@ func buildScalar(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag)
 	return nil
 }
 
+var hex = "0123456789abcdef"
+
 func writeString(s string, buf *bytes.Buffer) {
 	buf.WriteByte('"')
-	for _, r := range s {
+	for i := 0; i < len(s); i++ {
-		if r == '"' {
+		if s[i] == '"' {
 			buf.WriteString(`\"`)
-		} else if r == '\\' {
+		} else if s[i] == '\\' {
 			buf.WriteString(`\\`)
-		} else if r == '\b' {
+		} else if s[i] == '\b' {
 			buf.WriteString(`\b`)
-		} else if r == '\f' {
+		} else if s[i] == '\f' {
 			buf.WriteString(`\f`)
-		} else if r == '\r' {
+		} else if s[i] == '\r' {
 			buf.WriteString(`\r`)
-		} else if r == '\t' {
+		} else if s[i] == '\t' {
 			buf.WriteString(`\t`)
-		} else if r == '\n' {
+		} else if s[i] == '\n' {
 			buf.WriteString(`\n`)
-		} else if r < 32 {
+		} else if s[i] < 32 {
-			fmt.Fprintf(buf, "\\u%0.4x", r)
+			buf.WriteString("\\u00")
+			buf.WriteByte(hex[s[i]>>4])
+			buf.WriteByte(hex[s[i]&0xF])
 		} else {
-			buf.WriteRune(r)
+			buf.WriteByte(s[i])
 		}
 	}
 	buf.WriteByte('"')

vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go

@@ -80,7 +80,6 @@ func (q *queryParser) parseStruct(v url.Values, value reflect.Value, prefix stri
 			continue
 		}
 
-
 		if protocol.CanSetIdempotencyToken(value.Field(i), field) {
 			token := protocol.GetIdempotencyToken()
 			elemValue = reflect.ValueOf(token)
@@ -122,9 +121,17 @@ func (q *queryParser) parseList(v url.Values, value reflect.Value, prefix string
 		return nil
 	}
 
+	if _, ok := value.Interface().([]byte); ok {
+		return q.parseScalar(v, value, prefix, tag)
+	}
+
 	// check for unflattened list member
 	if !q.isEC2 && tag.Get("flattened") == "" {
+		if listName := tag.Get("locationNameList"); listName == "" {
 			prefix += ".member"
+		} else {
+			prefix += "." + listName
+		}
 	}
 
 	for i := 0; i < value.Len(); i++ {

vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go

@@ -4,6 +4,7 @@ package rest
 import (
 	"bytes"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -82,8 +83,12 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
 			if name == "" {
 				name = field.Name
 			}
-			if m.Kind() == reflect.Ptr {
+			if kind := m.Kind(); kind == reflect.Ptr {
 				m = m.Elem()
+			} else if kind == reflect.Interface {
+				if !m.Elem().IsValid() {
+					continue
+				}
 			}
 			if !m.IsValid() {
 				continue
@@ -95,16 +100,16 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
 			var err error
 			switch field.Tag.Get("location") {
 			case "headers": // header maps
-				err = buildHeaderMap(&r.HTTPRequest.Header, m, field.Tag.Get("locationName"))
+				err = buildHeaderMap(&r.HTTPRequest.Header, m, field.Tag)
 			case "header":
-				err = buildHeader(&r.HTTPRequest.Header, m, name)
+				err = buildHeader(&r.HTTPRequest.Header, m, name, field.Tag)
 			case "uri":
-				err = buildURI(r.HTTPRequest.URL, m, name)
+				err = buildURI(r.HTTPRequest.URL, m, name, field.Tag)
 			case "querystring":
-				err = buildQueryString(query, m, name)
+				err = buildQueryString(query, m, name, field.Tag)
 			default:
 				if buildGETQuery {
-					err = buildQueryString(query, m, name)
+					err = buildQueryString(query, m, name, field.Tag)
 				}
 			}
 			r.Error = err
@@ -145,8 +150,8 @@ func buildBody(r *request.Request, v reflect.Value) {
 	}
 }
 
-func buildHeader(header *http.Header, v reflect.Value, name string) error {
+func buildHeader(header *http.Header, v reflect.Value, name string, tag reflect.StructTag) error {
-	str, err := convertType(v)
+	str, err := convertType(v, tag)
 	if err == errValueNotSet {
 		return nil
 	} else if err != nil {
@@ -158,9 +163,10 @@ func buildHeader(header *http.Header, v reflect.Value, name string) error {
 	return nil
 }
 
-func buildHeaderMap(header *http.Header, v reflect.Value, prefix string) error {
+func buildHeaderMap(header *http.Header, v reflect.Value, tag reflect.StructTag) error {
+	prefix := tag.Get("locationName")
 	for _, key := range v.MapKeys() {
-		str, err := convertType(v.MapIndex(key))
+		str, err := convertType(v.MapIndex(key), tag)
 		if err == errValueNotSet {
 			continue
 		} else if err != nil {
@@ -173,8 +179,8 @@ func buildHeaderMap(header *http.Header, v reflect.Value, prefix string) error {
 	return nil
 }
 
-func buildURI(u *url.URL, v reflect.Value, name string) error {
+func buildURI(u *url.URL, v reflect.Value, name string, tag reflect.StructTag) error {
-	value, err := convertType(v)
+	value, err := convertType(v, tag)
 	if err == errValueNotSet {
 		return nil
 	} else if err != nil {
@@ -190,7 +196,7 @@ func buildURI(u *url.URL, v reflect.Value, name string) error {
 	return nil
 }
 
-func buildQueryString(query url.Values, v reflect.Value, name string) error {
+func buildQueryString(query url.Values, v reflect.Value, name string, tag reflect.StructTag) error {
 	switch value := v.Interface().(type) {
 	case []*string:
 		for _, item := range value {
@@ -207,7 +213,7 @@ func buildQueryString(query url.Values, v reflect.Value, name string) error {
 			}
 		}
 	default:
-		str, err := convertType(v)
+		str, err := convertType(v, tag)
 		if err == errValueNotSet {
 			return nil
 		} else if err != nil {
@@ -246,7 +252,7 @@ func EscapePath(path string, encodeSep bool) string {
 	return buf.String()
 }
 
-func convertType(v reflect.Value) (string, error) {
+func convertType(v reflect.Value, tag reflect.StructTag) (string, error) {
 	v = reflect.Indirect(v)
 	if !v.IsValid() {
 		return "", errValueNotSet
@@ -266,6 +272,16 @@ func convertType(v reflect.Value) (string, error) {
 		str = strconv.FormatFloat(value, 'f', -1, 64)
 	case time.Time:
 		str = value.UTC().Format(RFC822)
+	case aws.JSONValue:
+		b, err := json.Marshal(value)
+		if err != nil {
+			return "", err
+		}
+		if tag.Get("location") == "header" {
+			str = base64.StdEncoding.EncodeToString(b)
+		} else {
+			str = string(b)
+		}
 	default:
 		err := fmt.Errorf("Unsupported value for param %v (%s)", v.Interface(), v.Type())
 		return "", err

vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go

@@ -3,6 +3,7 @@ package rest
 import (
 	"bytes"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -12,6 +13,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
 )
@@ -111,7 +113,7 @@ func unmarshalLocationElements(r *request.Request, v reflect.Value) {
 			case "statusCode":
 				unmarshalStatusCode(m, r.HTTPResponse.StatusCode)
 			case "header":
-				err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name))
+				err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag)
 				if err != nil {
 					r.Error = awserr.New("SerializationError", "failed to decode REST response", err)
 					break
@@ -158,8 +160,13 @@ func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string) err
 	return nil
 }
 
-func unmarshalHeader(v reflect.Value, header string) error {
+func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) error {
-	if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) {
+	isJSONValue := tag.Get("type") == "jsonvalue"
+	if isJSONValue {
+		if len(header) == 0 {
+			return nil
+		}
+	} else if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) {
 		return nil
 	}
 
@@ -196,6 +203,22 @@ func unmarshalHeader(v reflect.Value, header string) error {
 			return err
 		}
 		v.Set(reflect.ValueOf(&t))
+	case aws.JSONValue:
+		b := []byte(header)
+		var err error
+		if tag.Get("location") == "header" {
+			b, err = base64.StdEncoding.DecodeString(header)
+			if err != nil {
+				return err
+			}
+		}
+
+		m := aws.JSONValue{}
+		err = json.Unmarshal(b, &m)
+		if err != nil {
+			return err
+		}
+		v.Set(reflect.ValueOf(m))
 	default:
 		err := fmt.Errorf("Unsupported value for param %v (%s)", v.Interface(), v.Type())
 		return err

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go

@@ -131,7 +131,6 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
 			continue
 		}
 
-
 		mTag := field.Tag
 		if mTag.Get("location") != "" { // skip non-body members
 			continue

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go

@@ -15,7 +15,10 @@ import (
 // needs to match the shape of the XML expected to be decoded.
 // If the shape doesn't match unmarshaling will fail.
 func UnmarshalXML(v interface{}, d *xml.Decoder, wrapper string) error {
-	n, _ := XMLToStruct(d, nil)
+	n, err := XMLToStruct(d, nil)
+	if err != nil {
+		return err
+	}
 	if n.Children != nil {
 		for _, root := range n.Children {
 			for _, c := range root {
@@ -23,7 +26,7 @@ func UnmarshalXML(v interface{}, d *xml.Decoder, wrapper string) error {
 					c = wrappedChild[0] // pull out wrapped element
 				}
 
-				err := parse(reflect.ValueOf(v), c, "")
+				err = parse(reflect.ValueOf(v), c, "")
 				if err != nil {
 					if err == io.EOF {
 						return nil

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go

@@ -40,12 +40,17 @@ func XMLToStruct(d *xml.Decoder, s *xml.StartElement) (*XMLNode, error) {
 	out := &XMLNode{}
 	for {
 		tok, err := d.Token()
-		if tok == nil || err == io.EOF {
-			break
-		}
 		if err != nil {
+			if err == io.EOF {
+				break
+			} else {
 				return out, err
 			}
+		}
+
+		if tok == nil {
+			break
+		}
 
 		switch typed := tok.(type) {
 		case xml.CharData:

vendor/github.com/aws/aws-sdk-go/private/waiter/waiter.go

@@ -1,134 +0,0 @@
-package waiter
-
-import (
-	"fmt"
-	"reflect"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/awsutil"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// A Config provides a collection of configuration values to setup a generated
-// waiter code with.
-type Config struct {
-	Name        string
-	Delay       int
-	MaxAttempts int
-	Operation   string
-	Acceptors   []WaitAcceptor
-}
-
-// A WaitAcceptor provides the information needed to wait for an API operation
-// to complete.
-type WaitAcceptor struct {
-	Expected interface{}
-	Matcher  string
-	State    string
-	Argument string
-}
-
-// A Waiter provides waiting for an operation to complete.
-type Waiter struct {
-	Config
-	Client interface{}
-	Input  interface{}
-}
-
-// Wait waits for an operation to complete, expire max attempts, or fail. Error
-// is returned if the operation fails.
-func (w *Waiter) Wait() error {
-	client := reflect.ValueOf(w.Client)
-	in := reflect.ValueOf(w.Input)
-	method := client.MethodByName(w.Config.Operation + "Request")
-
-	for i := 0; i < w.MaxAttempts; i++ {
-		res := method.Call([]reflect.Value{in})
-		req := res[0].Interface().(*request.Request)
-		req.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Waiter"))
-
-		err := req.Send()
-		for _, a := range w.Acceptors {
-			result := false
-			var vals []interface{}
-			switch a.Matcher {
-			case "pathAll", "path":
-				// Require all matches to be equal for result to match
-				vals, _ = awsutil.ValuesAtPath(req.Data, a.Argument)
-				if len(vals) == 0 {
-					break
-				}
-				result = true
-				for _, val := range vals {
-					if !awsutil.DeepEqual(val, a.Expected) {
-						result = false
-						break
-					}
-				}
-			case "pathAny":
-				// Only a single match needs to equal for the result to match
-				vals, _ = awsutil.ValuesAtPath(req.Data, a.Argument)
-				for _, val := range vals {
-					if awsutil.DeepEqual(val, a.Expected) {
-						result = true
-						break
-					}
-				}
-			case "status":
-				s := a.Expected.(int)
-				result = s == req.HTTPResponse.StatusCode
-			case "error":
-				if aerr, ok := err.(awserr.Error); ok {
-					result = aerr.Code() == a.Expected.(string)
-				}
-			case "pathList":
-				// ignored matcher
-			default:
-				logf(client, "WARNING: Waiter for %s encountered unexpected matcher: %s",
-					w.Config.Operation, a.Matcher)
-			}
-
-			if !result {
-				// If there was no matching result found there is nothing more to do
-				// for this response, retry the request.
-				continue
-			}
-
-			switch a.State {
-			case "success":
-				// waiter completed
-				return nil
-			case "failure":
-				// Waiter failure state triggered
-				return awserr.New("ResourceNotReady",
-					fmt.Sprintf("failed waiting for successful resource state"), err)
-			case "retry":
-				// clear the error and retry the operation
-				err = nil
-			default:
-				logf(client, "WARNING: Waiter for %s encountered unexpected state: %s",
-					w.Config.Operation, a.State)
-			}
-		}
-		if err != nil {
-			return err
-		}
-
-		time.Sleep(time.Second * time.Duration(w.Delay))
-	}
-
-	return awserr.New("ResourceNotReady",
-		fmt.Sprintf("exceeded %d wait attempts", w.MaxAttempts), nil)
-}
-
-func logf(client reflect.Value, msg string, args ...interface{}) {
-	cfgVal := client.FieldByName("Config")
-	if !cfgVal.IsValid() {
-		return
-	}
-	if cfg, ok := cfgVal.Interface().(*aws.Config); ok && cfg.Logger != nil {
-		cfg.Logger.Log(fmt.Sprintf(msg, args...))
-	}
-}

vendor/github.com/aws/aws-sdk-go/service/autoscaling/BUILD

@@ -4,6 +4,8 @@ go_library(
     name = "go_default_library",
     srcs = [
         "api.go",
+        "doc.go",
+        "errors.go",
         "service.go",
         "waiters.go",
     ],
@@ -18,7 +20,6 @@ go_library(
         "//vendor/github.com/aws/aws-sdk-go/aws/signer/v4:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/private/protocol:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/private/protocol/query:go_default_library",
-        "//vendor/github.com/aws/aws-sdk-go/private/waiter:go_default_library",
     ],
 )
 

vendor/github.com/aws/aws-sdk-go/service/autoscaling/doc.go

@@ -0,0 +1,30 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package autoscaling provides the client and types for making API
+// requests to Auto Scaling.
+//
+// Auto Scaling is designed to automatically launch or terminate EC2 instances
+// based on user-defined policies, schedules, and health checks. Use this service
+// in conjunction with the Amazon CloudWatch and Elastic Load Balancing services.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/autoscaling-2011-01-01 for more information on this service.
+//
+// See autoscaling package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/autoscaling/
+//
+// Using the Client
+//
+// To Auto Scaling with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the Auto Scaling client AutoScaling for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/autoscaling/#New
+package autoscaling

vendor/github.com/aws/aws-sdk-go/service/autoscaling/errors.go

@@ -0,0 +1,47 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package autoscaling
+
+const (
+
+	// ErrCodeAlreadyExistsFault for service response error code
+	// "AlreadyExists".
+	//
+	// You already have an Auto Scaling group or launch configuration with this
+	// name.
+	ErrCodeAlreadyExistsFault = "AlreadyExists"
+
+	// ErrCodeInvalidNextToken for service response error code
+	// "InvalidNextToken".
+	//
+	// The NextToken value is not valid.
+	ErrCodeInvalidNextToken = "InvalidNextToken"
+
+	// ErrCodeLimitExceededFault for service response error code
+	// "LimitExceeded".
+	//
+	// You have already reached a limit for your Auto Scaling resources (for example,
+	// groups, launch configurations, or lifecycle hooks). For more information,
+	// see DescribeAccountLimits.
+	ErrCodeLimitExceededFault = "LimitExceeded"
+
+	// ErrCodeResourceContentionFault for service response error code
+	// "ResourceContention".
+	//
+	// You already have a pending update to an Auto Scaling resource (for example,
+	// a group, instance, or load balancer).
+	ErrCodeResourceContentionFault = "ResourceContention"
+
+	// ErrCodeResourceInUseFault for service response error code
+	// "ResourceInUse".
+	//
+	// The operation can't be performed because the resource is in use.
+	ErrCodeResourceInUseFault = "ResourceInUse"
+
+	// ErrCodeScalingActivityInProgressFault for service response error code
+	// "ScalingActivityInProgress".
+	//
+	// The operation can't be performed because there are scaling activities in
+	// progress.
+	ErrCodeScalingActivityInProgressFault = "ScalingActivityInProgress"
+)

vendor/github.com/aws/aws-sdk-go/service/autoscaling/service.go

@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 
 package autoscaling
 
@@ -11,12 +11,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol/query"
 )
 
-// Auto Scaling is designed to automatically launch or terminate EC2 instances
+// AutoScaling provides the API operation methods for making requests to
-// based on user-defined policies, schedules, and health checks. Use this service
+// Auto Scaling. See this package's package overview docs
-// in conjunction with the Amazon CloudWatch and Elastic Load Balancing services.
+// for details on the service.
-// The service client's operations are safe to be used concurrently.
+//
-// It is not safe to mutate any of the client's properties though.
+// AutoScaling methods are safe to use concurrently. It is not safe to
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/autoscaling-2011-01-01
+// modify mutate any of the struct's properties though.
 type AutoScaling struct {
 	*client.Client
 }

vendor/github.com/aws/aws-sdk-go/service/autoscaling/waiters.go

@@ -1,106 +1,163 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 
 package autoscaling
 
 import (
-	"github.com/aws/aws-sdk-go/private/waiter"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
 )
 
 // WaitUntilGroupExists uses the Auto Scaling API operation
 // DescribeAutoScalingGroups to wait for a condition to be met before returning.
-// If the condition is not meet within the max attempt window an error will
+// If the condition is not met within the max attempt window, an error will
 // be returned.
 func (c *AutoScaling) WaitUntilGroupExists(input *DescribeAutoScalingGroupsInput) error {
-	waiterCfg := waiter.Config{
+	return c.WaitUntilGroupExistsWithContext(aws.BackgroundContext(), input)
-		Operation:   "DescribeAutoScalingGroups",
+}
-		Delay:       5,
+
+// WaitUntilGroupExistsWithContext is an extended version of WaitUntilGroupExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *AutoScaling) WaitUntilGroupExistsWithContext(ctx aws.Context, input *DescribeAutoScalingGroupsInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilGroupExists",
 		MaxAttempts: 10,
-		Acceptors: []waiter.WaitAcceptor{
+		Delay:       request.ConstantWaiterDelay(5 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
 			{
-				State:    "success",
+				State:   request.SuccessWaiterState,
-				Matcher:  "path",
+				Matcher: request.PathWaiterMatch, Argument: "length(AutoScalingGroups) > `0`",
-				Argument: "length(AutoScalingGroups) > `0`",
 				Expected: true,
 			},
 			{
-				State:    "retry",
+				State:   request.RetryWaiterState,
-				Matcher:  "path",
+				Matcher: request.PathWaiterMatch, Argument: "length(AutoScalingGroups) > `0`",
-				Argument: "length(AutoScalingGroups) > `0`",
 				Expected: false,
 			},
 		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *DescribeAutoScalingGroupsInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
 			}
+			req, _ := c.DescribeAutoScalingGroupsRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
 
-	w := waiter.Waiter{
+	return w.WaitWithContext(ctx)
-		Client: c,
-		Input:  input,
-		Config: waiterCfg,
-	}
-	return w.Wait()
 }
 
 // WaitUntilGroupInService uses the Auto Scaling API operation
 // DescribeAutoScalingGroups to wait for a condition to be met before returning.
-// If the condition is not meet within the max attempt window an error will
+// If the condition is not met within the max attempt window, an error will
 // be returned.
 func (c *AutoScaling) WaitUntilGroupInService(input *DescribeAutoScalingGroupsInput) error {
-	waiterCfg := waiter.Config{
+	return c.WaitUntilGroupInServiceWithContext(aws.BackgroundContext(), input)
-		Operation:   "DescribeAutoScalingGroups",
+}
-		Delay:       15,
+
+// WaitUntilGroupInServiceWithContext is an extended version of WaitUntilGroupInService.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *AutoScaling) WaitUntilGroupInServiceWithContext(ctx aws.Context, input *DescribeAutoScalingGroupsInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilGroupInService",
 		MaxAttempts: 40,
-		Acceptors: []waiter.WaitAcceptor{
+		Delay:       request.ConstantWaiterDelay(15 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
 			{
-				State:    "success",
+				State:   request.SuccessWaiterState,
-				Matcher:  "path",
+				Matcher: request.PathWaiterMatch, Argument: "contains(AutoScalingGroups[].[length(Instances[?LifecycleState=='InService']) >= MinSize][], `false`)",
-				Argument: "contains(AutoScalingGroups[].[length(Instances[?LifecycleState=='InService']) >= MinSize][], `false`)",
 				Expected: false,
 			},
 			{
-				State:    "retry",
+				State:   request.RetryWaiterState,
-				Matcher:  "path",
+				Matcher: request.PathWaiterMatch, Argument: "contains(AutoScalingGroups[].[length(Instances[?LifecycleState=='InService']) >= MinSize][], `false`)",
-				Argument: "contains(AutoScalingGroups[].[length(Instances[?LifecycleState=='InService']) >= MinSize][], `false`)",
 				Expected: true,
 			},
 		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *DescribeAutoScalingGroupsInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
 			}
+			req, _ := c.DescribeAutoScalingGroupsRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
 
-	w := waiter.Waiter{
+	return w.WaitWithContext(ctx)
-		Client: c,
-		Input:  input,
-		Config: waiterCfg,
-	}
-	return w.Wait()
 }
 
 // WaitUntilGroupNotExists uses the Auto Scaling API operation
 // DescribeAutoScalingGroups to wait for a condition to be met before returning.
-// If the condition is not meet within the max attempt window an error will
+// If the condition is not met within the max attempt window, an error will
 // be returned.
 func (c *AutoScaling) WaitUntilGroupNotExists(input *DescribeAutoScalingGroupsInput) error {
-	waiterCfg := waiter.Config{
+	return c.WaitUntilGroupNotExistsWithContext(aws.BackgroundContext(), input)
-		Operation:   "DescribeAutoScalingGroups",
+}
-		Delay:       15,
+
+// WaitUntilGroupNotExistsWithContext is an extended version of WaitUntilGroupNotExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *AutoScaling) WaitUntilGroupNotExistsWithContext(ctx aws.Context, input *DescribeAutoScalingGroupsInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilGroupNotExists",
 		MaxAttempts: 40,
-		Acceptors: []waiter.WaitAcceptor{
+		Delay:       request.ConstantWaiterDelay(15 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
 			{
-				State:    "success",
+				State:   request.SuccessWaiterState,
-				Matcher:  "path",
+				Matcher: request.PathWaiterMatch, Argument: "length(AutoScalingGroups) > `0`",
-				Argument: "length(AutoScalingGroups) > `0`",
 				Expected: false,
 			},
 			{
-				State:    "retry",
+				State:   request.RetryWaiterState,
-				Matcher:  "path",
+				Matcher: request.PathWaiterMatch, Argument: "length(AutoScalingGroups) > `0`",
-				Argument: "length(AutoScalingGroups) > `0`",
 				Expected: true,
 			},
 		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *DescribeAutoScalingGroupsInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
 			}
+			req, _ := c.DescribeAutoScalingGroupsRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
 
-	w := waiter.Waiter{
+	return w.WaitWithContext(ctx)
-		Client: c,
-		Input:  input,
-		Config: waiterCfg,
-	}
-	return w.Wait()
 }

vendor/github.com/aws/aws-sdk-go/service/ec2/BUILD

@@ -5,6 +5,8 @@ go_library(
     srcs = [
         "api.go",
         "customizations.go",
+        "doc.go",
+        "errors.go",
         "service.go",
         "waiters.go",
     ],
@@ -20,7 +22,6 @@ go_library(
         "//vendor/github.com/aws/aws-sdk-go/aws/signer/v4:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/private/protocol:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query:go_default_library",
-        "//vendor/github.com/aws/aws-sdk-go/private/waiter:go_default_library",
     ],
 )
 

vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go

@@ -0,0 +1,31 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package ec2 provides the client and types for making API
+// requests to Amazon Elastic Compute Cloud.
+//
+// Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity
+// in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your
+// need to invest in hardware up front, so you can develop and deploy applications
+// faster.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15 for more information on this service.
+//
+// See ec2 package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/ec2/
+//
+// Using the Client
+//
+// To Amazon Elastic Compute Cloud with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the Amazon Elastic Compute Cloud client EC2 for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#New
+package ec2

vendor/github.com/aws/aws-sdk-go/service/ec2/errors.go

@@ -0,0 +1,3 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package ec2

vendor/github.com/aws/aws-sdk-go/service/ec2/service.go

@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 
 package ec2
 
@@ -11,13 +11,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol/ec2query"
 )
 
-// Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity
+// EC2 provides the API operation methods for making requests to
-// in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your
+// Amazon Elastic Compute Cloud. See this package's package overview docs
-// need to invest in hardware up front, so you can develop and deploy applications
+// for details on the service.
-// faster.
+//
-// The service client's operations are safe to be used concurrently.
+// EC2 methods are safe to use concurrently. It is not safe to
-// It is not safe to mutate any of the client's properties though.
+// modify mutate any of the struct's properties though.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15
 type EC2 struct {
 	*client.Client
 }

vendor/github.com/aws/aws-sdk-go/service/ecr/BUILD

@@ -4,6 +4,8 @@ go_library(
     name = "go_default_library",
     srcs = [
         "api.go",
+        "doc.go",
+        "errors.go",
         "service.go",
     ],
     importpath = "github.com/aws/aws-sdk-go/service/ecr",

vendor/github.com/aws/aws-sdk-go/service/ecr/doc.go

@@ -0,0 +1,33 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package ecr provides the client and types for making API
+// requests to Amazon EC2 Container Registry.
+//
+// Amazon EC2 Container Registry (Amazon ECR) is a managed AWS Docker registry
+// service. Customers can use the familiar Docker CLI to push, pull, and manage
+// images. Amazon ECR provides a secure, scalable, and reliable registry. Amazon
+// ECR supports private Docker repositories with resource-based permissions
+// using AWS IAM so that specific users or Amazon EC2 instances can access repositories
+// and images. Developers can use the Docker CLI to author and manage images.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21 for more information on this service.
+//
+// See ecr package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/ecr/
+//
+// Using the Client
+//
+// To Amazon EC2 Container Registry with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the Amazon EC2 Container Registry client ECR for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/ecr/#New
+package ecr

vendor/github.com/aws/aws-sdk-go/service/ecr/errors.go

@@ -0,0 +1,121 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package ecr
+
+const (
+
+	// ErrCodeEmptyUploadException for service response error code
+	// "EmptyUploadException".
+	//
+	// The specified layer upload does not contain any layer parts.
+	ErrCodeEmptyUploadException = "EmptyUploadException"
+
+	// ErrCodeImageAlreadyExistsException for service response error code
+	// "ImageAlreadyExistsException".
+	//
+	// The specified image has already been pushed, and there are no changes to
+	// the manifest or image tag since the last push.
+	ErrCodeImageAlreadyExistsException = "ImageAlreadyExistsException"
+
+	// ErrCodeImageNotFoundException for service response error code
+	// "ImageNotFoundException".
+	//
+	// The image requested does not exist in the specified repository.
+	ErrCodeImageNotFoundException = "ImageNotFoundException"
+
+	// ErrCodeInvalidLayerException for service response error code
+	// "InvalidLayerException".
+	//
+	// The layer digest calculation performed by Amazon ECR upon receipt of the
+	// image layer does not match the digest specified.
+	ErrCodeInvalidLayerException = "InvalidLayerException"
+
+	// ErrCodeInvalidLayerPartException for service response error code
+	// "InvalidLayerPartException".
+	//
+	// The layer part size is not valid, or the first byte specified is not consecutive
+	// to the last byte of a previous layer part upload.
+	ErrCodeInvalidLayerPartException = "InvalidLayerPartException"
+
+	// ErrCodeInvalidParameterException for service response error code
+	// "InvalidParameterException".
+	//
+	// The specified parameter is invalid. Review the available parameters for the
+	// API request.
+	ErrCodeInvalidParameterException = "InvalidParameterException"
+
+	// ErrCodeLayerAlreadyExistsException for service response error code
+	// "LayerAlreadyExistsException".
+	//
+	// The image layer already exists in the associated repository.
+	ErrCodeLayerAlreadyExistsException = "LayerAlreadyExistsException"
+
+	// ErrCodeLayerInaccessibleException for service response error code
+	// "LayerInaccessibleException".
+	//
+	// The specified layer is not available because it is not associated with an
+	// image. Unassociated image layers may be cleaned up at any time.
+	ErrCodeLayerInaccessibleException = "LayerInaccessibleException"
+
+	// ErrCodeLayerPartTooSmallException for service response error code
+	// "LayerPartTooSmallException".
+	//
+	// Layer parts must be at least 5 MiB in size.
+	ErrCodeLayerPartTooSmallException = "LayerPartTooSmallException"
+
+	// ErrCodeLayersNotFoundException for service response error code
+	// "LayersNotFoundException".
+	//
+	// The specified layers could not be found, or the specified layer is not valid
+	// for this repository.
+	ErrCodeLayersNotFoundException = "LayersNotFoundException"
+
+	// ErrCodeLimitExceededException for service response error code
+	// "LimitExceededException".
+	//
+	// The operation did not succeed because it would have exceeded a service limit
+	// for your account. For more information, see Amazon ECR Default Service Limits
+	// (http://docs.aws.amazon.com/AmazonECR/latest/userguide/service_limits.html)
+	// in the Amazon EC2 Container Registry User Guide.
+	ErrCodeLimitExceededException = "LimitExceededException"
+
+	// ErrCodeRepositoryAlreadyExistsException for service response error code
+	// "RepositoryAlreadyExistsException".
+	//
+	// The specified repository already exists in the specified registry.
+	ErrCodeRepositoryAlreadyExistsException = "RepositoryAlreadyExistsException"
+
+	// ErrCodeRepositoryNotEmptyException for service response error code
+	// "RepositoryNotEmptyException".
+	//
+	// The specified repository contains images. To delete a repository that contains
+	// images, you must force the deletion with the force parameter.
+	ErrCodeRepositoryNotEmptyException = "RepositoryNotEmptyException"
+
+	// ErrCodeRepositoryNotFoundException for service response error code
+	// "RepositoryNotFoundException".
+	//
+	// The specified repository could not be found. Check the spelling of the specified
+	// repository and ensure that you are performing operations on the correct registry.
+	ErrCodeRepositoryNotFoundException = "RepositoryNotFoundException"
+
+	// ErrCodeRepositoryPolicyNotFoundException for service response error code
+	// "RepositoryPolicyNotFoundException".
+	//
+	// The specified repository and registry combination does not have an associated
+	// repository policy.
+	ErrCodeRepositoryPolicyNotFoundException = "RepositoryPolicyNotFoundException"
+
+	// ErrCodeServerException for service response error code
+	// "ServerException".
+	//
+	// These errors are usually caused by a server-side issue.
+	ErrCodeServerException = "ServerException"
+
+	// ErrCodeUploadNotFoundException for service response error code
+	// "UploadNotFoundException".
+	//
+	// The upload could not be found, or the specified upload id is not valid for
+	// this repository.
+	ErrCodeUploadNotFoundException = "UploadNotFoundException"
+)

vendor/github.com/aws/aws-sdk-go/service/ecr/service.go

@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 
 package ecr
 
@@ -11,15 +11,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
 )
 
-// Amazon EC2 Container Registry (Amazon ECR) is a managed AWS Docker registry
+// ECR provides the API operation methods for making requests to
-// service. Customers can use the familiar Docker CLI to push, pull, and manage
+// Amazon EC2 Container Registry. See this package's package overview docs
-// images. Amazon ECR provides a secure, scalable, and reliable registry. Amazon
+// for details on the service.
-// ECR supports private Docker repositories with resource-based permissions
+//
-// using AWS IAM so that specific users or Amazon EC2 instances can access repositories
+// ECR methods are safe to use concurrently. It is not safe to
-// and images. Developers can use the Docker CLI to author and manage images.
+// modify mutate any of the struct's properties though.
-// The service client's operations are safe to be used concurrently.
-// It is not safe to mutate any of the client's properties though.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21
 type ECR struct {
 	*client.Client
 }

vendor/github.com/aws/aws-sdk-go/service/elb/BUILD

@@ -4,6 +4,8 @@ go_library(
     name = "go_default_library",
     srcs = [
         "api.go",
+        "doc.go",
+        "errors.go",
         "service.go",
         "waiters.go",
     ],
@@ -17,7 +19,6 @@ go_library(
         "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/aws/signer/v4:go_default_library",
         "//vendor/github.com/aws/aws-sdk-go/private/protocol/query:go_default_library",
-        "//vendor/github.com/aws/aws-sdk-go/private/waiter:go_default_library",
     ],
 )
 

vendor/github.com/aws/aws-sdk-go/service/elb/doc.go

@@ -0,0 +1,55 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package elb provides the client and types for making API
+// requests to Elastic Load Balancing.
+//
+// A load balancer distributes incoming traffic across your EC2 instances. This
+// enables you to increase the availability of your application. The load balancer
+// also monitors the health of its registered instances and ensures that it
+// routes traffic only to healthy instances. You configure your load balancer
+// to accept incoming traffic by specifying one or more listeners, which are
+// configured with a protocol and port number for connections from clients to
+// the load balancer and a protocol and port number for connections from the
+// load balancer to the instances.
+//
+// Elastic Load Balancing supports two types of load balancers: Classic Load
+// Balancers and Application Load Balancers (new). A Classic Load Balancer makes
+// routing and load balancing decisions either at the transport layer (TCP/SSL)
+// or the application layer (HTTP/HTTPS), and supports either EC2-Classic or
+// a VPC. An Application Load Balancer makes routing and load balancing decisions
+// at the application layer (HTTP/HTTPS), supports path-based routing, and can
+// route requests to one or more ports on each EC2 instance or container instance
+// in your virtual private cloud (VPC). For more information, see the Elastic
+// Load Balancing User Guide (http://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/what-is-load-balancing.html).
+//
+// This reference covers the 2012-06-01 API, which supports Classic Load Balancers.
+// The 2015-12-01 API supports Application Load Balancers.
+//
+// To get started, create a load balancer with one or more listeners using CreateLoadBalancer.
+// Register your instances with the load balancer using RegisterInstancesWithLoadBalancer.
+//
+// All Elastic Load Balancing operations are idempotent, which means that they
+// complete at most one time. If you repeat an operation, it succeeds with a
+// 200 OK response code.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancing-2012-06-01 for more information on this service.
+//
+// See elb package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/elb/
+//
+// Using the Client
+//
+// To Elastic Load Balancing with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the Elastic Load Balancing client ELB for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/elb/#New
+package elb

vendor/github.com/aws/aws-sdk-go/service/elb/errors.go

@@ -0,0 +1,136 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package elb
+
+const (
+
+	// ErrCodeAccessPointNotFoundException for service response error code
+	// "LoadBalancerNotFound".
+	//
+	// The specified load balancer does not exist.
+	ErrCodeAccessPointNotFoundException = "LoadBalancerNotFound"
+
+	// ErrCodeCertificateNotFoundException for service response error code
+	// "CertificateNotFound".
+	//
+	// The specified ARN does not refer to a valid SSL certificate in AWS Identity
+	// and Access Management (IAM) or AWS Certificate Manager (ACM). Note that if
+	// you recently uploaded the certificate to IAM, this error might indicate that
+	// the certificate is not fully available yet.
+	ErrCodeCertificateNotFoundException = "CertificateNotFound"
+
+	// ErrCodeDependencyThrottleException for service response error code
+	// "DependencyThrottle".
+	ErrCodeDependencyThrottleException = "DependencyThrottle"
+
+	// ErrCodeDuplicateAccessPointNameException for service response error code
+	// "DuplicateLoadBalancerName".
+	//
+	// The specified load balancer name already exists for this account.
+	ErrCodeDuplicateAccessPointNameException = "DuplicateLoadBalancerName"
+
+	// ErrCodeDuplicateListenerException for service response error code
+	// "DuplicateListener".
+	//
+	// A listener already exists for the specified load balancer name and port,
+	// but with a different instance port, protocol, or SSL certificate.
+	ErrCodeDuplicateListenerException = "DuplicateListener"
+
+	// ErrCodeDuplicatePolicyNameException for service response error code
+	// "DuplicatePolicyName".
+	//
+	// A policy with the specified name already exists for this load balancer.
+	ErrCodeDuplicatePolicyNameException = "DuplicatePolicyName"
+
+	// ErrCodeDuplicateTagKeysException for service response error code
+	// "DuplicateTagKeys".
+	//
+	// A tag key was specified more than once.
+	ErrCodeDuplicateTagKeysException = "DuplicateTagKeys"
+
+	// ErrCodeInvalidConfigurationRequestException for service response error code
+	// "InvalidConfigurationRequest".
+	//
+	// The requested configuration change is not valid.
+	ErrCodeInvalidConfigurationRequestException = "InvalidConfigurationRequest"
+
+	// ErrCodeInvalidEndPointException for service response error code
+	// "InvalidInstance".
+	//
+	// The specified endpoint is not valid.
+	ErrCodeInvalidEndPointException = "InvalidInstance"
+
+	// ErrCodeInvalidSchemeException for service response error code
+	// "InvalidScheme".
+	//
+	// The specified value for the schema is not valid. You can only specify a scheme
+	// for load balancers in a VPC.
+	ErrCodeInvalidSchemeException = "InvalidScheme"
+
+	// ErrCodeInvalidSecurityGroupException for service response error code
+	// "InvalidSecurityGroup".
+	//
+	// One or more of the specified security groups do not exist.
+	ErrCodeInvalidSecurityGroupException = "InvalidSecurityGroup"
+
+	// ErrCodeInvalidSubnetException for service response error code
+	// "InvalidSubnet".
+	//
+	// The specified VPC has no associated Internet gateway.
+	ErrCodeInvalidSubnetException = "InvalidSubnet"
+
+	// ErrCodeListenerNotFoundException for service response error code
+	// "ListenerNotFound".
+	//
+	// The load balancer does not have a listener configured at the specified port.
+	ErrCodeListenerNotFoundException = "ListenerNotFound"
+
+	// ErrCodeLoadBalancerAttributeNotFoundException for service response error code
+	// "LoadBalancerAttributeNotFound".
+	//
+	// The specified load balancer attribute does not exist.
+	ErrCodeLoadBalancerAttributeNotFoundException = "LoadBalancerAttributeNotFound"
+
+	// ErrCodePolicyNotFoundException for service response error code
+	// "PolicyNotFound".
+	//
+	// One or more of the specified policies do not exist.
+	ErrCodePolicyNotFoundException = "PolicyNotFound"
+
+	// ErrCodePolicyTypeNotFoundException for service response error code
+	// "PolicyTypeNotFound".
+	//
+	// One or more of the specified policy types do not exist.
+	ErrCodePolicyTypeNotFoundException = "PolicyTypeNotFound"
+
+	// ErrCodeSubnetNotFoundException for service response error code
+	// "SubnetNotFound".
+	//
+	// One or more of the specified subnets do not exist.
+	ErrCodeSubnetNotFoundException = "SubnetNotFound"
+
+	// ErrCodeTooManyAccessPointsException for service response error code
+	// "TooManyLoadBalancers".
+	//
+	// The quota for the number of load balancers has been reached.
+	ErrCodeTooManyAccessPointsException = "TooManyLoadBalancers"
+
+	// ErrCodeTooManyPoliciesException for service response error code
+	// "TooManyPolicies".
+	//
+	// The quota for the number of policies for this load balancer has been reached.
+	ErrCodeTooManyPoliciesException = "TooManyPolicies"
+
+	// ErrCodeTooManyTagsException for service response error code
+	// "TooManyTags".
+	//
+	// The quota for the number of tags that can be assigned to a load balancer
+	// has been reached.
+	ErrCodeTooManyTagsException = "TooManyTags"
+
+	// ErrCodeUnsupportedProtocolException for service response error code
+	// "UnsupportedProtocol".
+	//
+	// The specified protocol or signature version is not supported.
+	ErrCodeUnsupportedProtocolException = "UnsupportedProtocol"
+)

vendor/github.com/aws/aws-sdk-go/service/elb/service.go

@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 
 package elb
 
@@ -11,36 +11,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol/query"
 )
 
-// A load balancer distributes incoming traffic across your EC2 instances. This
+// ELB provides the API operation methods for making requests to
-// enables you to increase the availability of your application. The load balancer
+// Elastic Load Balancing. See this package's package overview docs
-// also monitors the health of its registered instances and ensures that it
+// for details on the service.
-// routes traffic only to healthy instances. You configure your load balancer
-// to accept incoming traffic by specifying one or more listeners, which are
-// configured with a protocol and port number for connections from clients to
-// the load balancer and a protocol and port number for connections from the
-// load balancer to the instances.
 //
-// Elastic Load Balancing supports two types of load balancers: Classic load
+// ELB methods are safe to use concurrently. It is not safe to
-// balancers and Application load balancers (new). A Classic load balancer makes
+// modify mutate any of the struct's properties though.
-// routing and load balancing decisions either at the transport layer (TCP/SSL)
-// or the application layer (HTTP/HTTPS), and supports either EC2-Classic or
-// a VPC. An Application load balancer makes routing and load balancing decisions
-// at the application layer (HTTP/HTTPS), supports path-based routing, and can
-// route requests to one or more ports on each EC2 instance or container instance
-// in your virtual private cloud (VPC). For more information, see the .
-//
-// This reference covers the 2012-06-01 API, which supports Classic load balancers.
-// The 2015-12-01 API supports Application load balancers.
-//
-// To get started, create a load balancer with one or more listeners using CreateLoadBalancer.
-// Register your instances with the load balancer using RegisterInstancesWithLoadBalancer.
-//
-// All Elastic Load Balancing operations are idempotent, which means that they
-// complete at most one time. If you repeat an operation, it succeeds with a
-// 200 OK response code.
-// The service client's operations are safe to be used concurrently.
-// It is not safe to mutate any of the client's properties though.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancing-2012-06-01
 type ELB struct {
 	*client.Client
 }

vendor/github.com/aws/aws-sdk-go/service/elb/waiters.go

@@ -1,94 +1,158 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 
 package elb
 
 import (
-	"github.com/aws/aws-sdk-go/private/waiter"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
 )
 
 // WaitUntilAnyInstanceInService uses the Elastic Load Balancing API operation
 // DescribeInstanceHealth to wait for a condition to be met before returning.
-// If the condition is not meet within the max attempt window an error will
+// If the condition is not met within the max attempt window, an error will
 // be returned.
 func (c *ELB) WaitUntilAnyInstanceInService(input *DescribeInstanceHealthInput) error {
-	waiterCfg := waiter.Config{
+	return c.WaitUntilAnyInstanceInServiceWithContext(aws.BackgroundContext(), input)
-		Operation:   "DescribeInstanceHealth",
+}
-		Delay:       15,
+
+// WaitUntilAnyInstanceInServiceWithContext is an extended version of WaitUntilAnyInstanceInService.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ELB) WaitUntilAnyInstanceInServiceWithContext(ctx aws.Context, input *DescribeInstanceHealthInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilAnyInstanceInService",
 		MaxAttempts: 40,
-		Acceptors: []waiter.WaitAcceptor{
+		Delay:       request.ConstantWaiterDelay(15 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
 			{
-				State:    "success",
+				State:   request.SuccessWaiterState,
-				Matcher:  "pathAny",
+				Matcher: request.PathAnyWaiterMatch, Argument: "InstanceStates[].State",
-				Argument: "InstanceStates[].State",
 				Expected: "InService",
 			},
 		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *DescribeInstanceHealthInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
 			}
+			req, _ := c.DescribeInstanceHealthRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
 
-	w := waiter.Waiter{
+	return w.WaitWithContext(ctx)
-		Client: c,
-		Input:  input,
-		Config: waiterCfg,
-	}
-	return w.Wait()
 }
 
 // WaitUntilInstanceDeregistered uses the Elastic Load Balancing API operation
 // DescribeInstanceHealth to wait for a condition to be met before returning.
-// If the condition is not meet within the max attempt window an error will
+// If the condition is not met within the max attempt window, an error will
 // be returned.
 func (c *ELB) WaitUntilInstanceDeregistered(input *DescribeInstanceHealthInput) error {
-	waiterCfg := waiter.Config{
+	return c.WaitUntilInstanceDeregisteredWithContext(aws.BackgroundContext(), input)
-		Operation:   "DescribeInstanceHealth",
+}
-		Delay:       15,
+
+// WaitUntilInstanceDeregisteredWithContext is an extended version of WaitUntilInstanceDeregistered.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ELB) WaitUntilInstanceDeregisteredWithContext(ctx aws.Context, input *DescribeInstanceHealthInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilInstanceDeregistered",
 		MaxAttempts: 40,
-		Acceptors: []waiter.WaitAcceptor{
+		Delay:       request.ConstantWaiterDelay(15 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
 			{
-				State:    "success",
+				State:   request.SuccessWaiterState,
-				Matcher:  "pathAll",
+				Matcher: request.PathAllWaiterMatch, Argument: "InstanceStates[].State",
-				Argument: "InstanceStates[].State",
 				Expected: "OutOfService",
 			},
 			{
-				State:    "success",
+				State:    request.SuccessWaiterState,
-				Matcher:  "error",
+				Matcher:  request.ErrorWaiterMatch,
-				Argument: "",
 				Expected: "InvalidInstance",
 			},
 		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *DescribeInstanceHealthInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
 			}
+			req, _ := c.DescribeInstanceHealthRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
 
-	w := waiter.Waiter{
+	return w.WaitWithContext(ctx)
-		Client: c,
-		Input:  input,
-		Config: waiterCfg,
-	}
-	return w.Wait()
 }
 
 // WaitUntilInstanceInService uses the Elastic Load Balancing API operation
 // DescribeInstanceHealth to wait for a condition to be met before returning.
-// If the condition is not meet within the max attempt window an error will
+// If the condition is not met within the max attempt window, an error will
 // be returned.
 func (c *ELB) WaitUntilInstanceInService(input *DescribeInstanceHealthInput) error {
-	waiterCfg := waiter.Config{
+	return c.WaitUntilInstanceInServiceWithContext(aws.BackgroundContext(), input)
-		Operation:   "DescribeInstanceHealth",
+}
-		Delay:       15,
+
+// WaitUntilInstanceInServiceWithContext is an extended version of WaitUntilInstanceInService.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ELB) WaitUntilInstanceInServiceWithContext(ctx aws.Context, input *DescribeInstanceHealthInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilInstanceInService",
 		MaxAttempts: 40,
-		Acceptors: []waiter.WaitAcceptor{
+		Delay:       request.ConstantWaiterDelay(15 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
 			{
-				State:    "success",
+				State:   request.SuccessWaiterState,
-				Matcher:  "pathAll",
+				Matcher: request.PathAllWaiterMatch, Argument: "InstanceStates[].State",
-				Argument: "InstanceStates[].State",
 				Expected: "InService",
 			},
+			{
+				State:    request.RetryWaiterState,
+				Matcher:  request.ErrorWaiterMatch,
+				Expected: "InvalidInstance",
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *DescribeInstanceHealthInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.DescribeInstanceHealthRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
 		},
 	}
+	w.ApplyOptions(opts...)
 
-	w := waiter.Waiter{
+	return w.WaitWithContext(ctx)
-		Client: c,
-		Input:  input,
-		Config: waiterCfg,
-	}
-	return w.Wait()
 }

vendor/github.com/aws/aws-sdk-go/service/kms/BUILD

@@ -4,6 +4,8 @@ go_library(
     name = "go_default_library",
     srcs = [
         "api.go",
+        "doc.go",
+        "errors.go",
         "service.go",
     ],
     importpath = "github.com/aws/aws-sdk-go/service/kms",

vendor/github.com/aws/aws-sdk-go/service/kms/doc.go

@@ -0,0 +1,98 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package kms provides the client and types for making API
+// requests to AWS Key Management Service.
+//
+// AWS Key Management Service (AWS KMS) is an encryption and key management
+// web service. This guide describes the AWS KMS operations that you can call
+// programmatically. For general information about AWS KMS, see the AWS Key
+// Management Service Developer Guide (http://docs.aws.amazon.com/kms/latest/developerguide/).
+//
+// AWS provides SDKs that consist of libraries and sample code for various programming
+// languages and platforms (Java, Ruby, .Net, iOS, Android, etc.). The SDKs
+// provide a convenient way to create programmatic access to AWS KMS and other
+// AWS services. For example, the SDKs take care of tasks such as signing requests
+// (see below), managing errors, and retrying requests automatically. For more
+// information about the AWS SDKs, including how to download and install them,
+// see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
+//
+// We recommend that you use the AWS SDKs to make programmatic API calls to
+// AWS KMS.
+//
+// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS
+// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy
+// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
+// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support
+// these modes.
+//
+// Signing Requests
+//
+// Requests must be signed by using an access key ID and a secret access key.
+// We strongly recommend that you do not use your AWS account (root) access
+// key ID and secret key for everyday work with AWS KMS. Instead, use the access
+// key ID and secret access key for an IAM user, or you can use the AWS Security
+// Token Service to generate temporary security credentials that you can use
+// to sign requests.
+//
+// All AWS KMS operations require Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
+//
+// Logging API Requests
+//
+// AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related
+// events for your AWS account and delivers them to an Amazon S3 bucket that
+// you specify. By using the information collected by CloudTrail, you can determine
+// what requests were made to AWS KMS, who made the request, when it was made,
+// and so on. To learn more about CloudTrail, including how to turn it on and
+// find your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
+//
+// Additional Resources
+//
+// For more information about credentials and request signing, see the following:
+//
+//    * AWS Security Credentials (http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
+//    - This topic provides general information about the types of credentials
+//    used for accessing AWS.
+//
+//    * Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
+//    - This section of the IAM User Guide describes how to create and use temporary
+//    security credentials.
+//
+//    * Signature Version 4 Signing Process (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
+//    - This set of topics walks you through the process of signing a request
+//    using an access key ID and a secret access key.
+//
+// Commonly Used APIs
+//
+// Of the APIs discussed in this guide, the following will prove the most useful
+// for most applications. You will likely perform actions other than these,
+// such as creating keys and assigning policies, by using the console.
+//
+//    * Encrypt
+//
+//    * Decrypt
+//
+//    * GenerateDataKey
+//
+//    * GenerateDataKeyWithoutPlaintext
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01 for more information on this service.
+//
+// See kms package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/kms/
+//
+// Using the Client
+//
+// To AWS Key Management Service with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS Key Management Service client KMS for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/kms/#New
+package kms

vendor/github.com/aws/aws-sdk-go/service/kms/errors.go

@@ -0,0 +1,154 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package kms
+
+const (
+
+	// ErrCodeAlreadyExistsException for service response error code
+	// "AlreadyExistsException".
+	//
+	// The request was rejected because it attempted to create a resource that already
+	// exists.
+	ErrCodeAlreadyExistsException = "AlreadyExistsException"
+
+	// ErrCodeDependencyTimeoutException for service response error code
+	// "DependencyTimeoutException".
+	//
+	// The system timed out while trying to fulfill the request. The request can
+	// be retried.
+	ErrCodeDependencyTimeoutException = "DependencyTimeoutException"
+
+	// ErrCodeDisabledException for service response error code
+	// "DisabledException".
+	//
+	// The request was rejected because the specified CMK is not enabled.
+	ErrCodeDisabledException = "DisabledException"
+
+	// ErrCodeExpiredImportTokenException for service response error code
+	// "ExpiredImportTokenException".
+	//
+	// The request was rejected because the provided import token is expired. Use
+	// GetParametersForImport to retrieve a new import token and public key, use
+	// the new public key to encrypt the key material, and then try the request
+	// again.
+	ErrCodeExpiredImportTokenException = "ExpiredImportTokenException"
+
+	// ErrCodeIncorrectKeyMaterialException for service response error code
+	// "IncorrectKeyMaterialException".
+	//
+	// The request was rejected because the provided key material is invalid or
+	// is not the same key material that was previously imported into this customer
+	// master key (CMK).
+	ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException"
+
+	// ErrCodeInternalException for service response error code
+	// "InternalException".
+	//
+	// The request was rejected because an internal exception occurred. The request
+	// can be retried.
+	ErrCodeInternalException = "InternalException"
+
+	// ErrCodeInvalidAliasNameException for service response error code
+	// "InvalidAliasNameException".
+	//
+	// The request was rejected because the specified alias name is not valid.
+	ErrCodeInvalidAliasNameException = "InvalidAliasNameException"
+
+	// ErrCodeInvalidArnException for service response error code
+	// "InvalidArnException".
+	//
+	// The request was rejected because a specified ARN was not valid.
+	ErrCodeInvalidArnException = "InvalidArnException"
+
+	// ErrCodeInvalidCiphertextException for service response error code
+	// "InvalidCiphertextException".
+	//
+	// The request was rejected because the specified ciphertext has been corrupted
+	// or is otherwise invalid.
+	ErrCodeInvalidCiphertextException = "InvalidCiphertextException"
+
+	// ErrCodeInvalidGrantIdException for service response error code
+	// "InvalidGrantIdException".
+	//
+	// The request was rejected because the specified GrantId is not valid.
+	ErrCodeInvalidGrantIdException = "InvalidGrantIdException"
+
+	// ErrCodeInvalidGrantTokenException for service response error code
+	// "InvalidGrantTokenException".
+	//
+	// The request was rejected because the specified grant token is not valid.
+	ErrCodeInvalidGrantTokenException = "InvalidGrantTokenException"
+
+	// ErrCodeInvalidImportTokenException for service response error code
+	// "InvalidImportTokenException".
+	//
+	// The request was rejected because the provided import token is invalid or
+	// is associated with a different customer master key (CMK).
+	ErrCodeInvalidImportTokenException = "InvalidImportTokenException"
+
+	// ErrCodeInvalidKeyUsageException for service response error code
+	// "InvalidKeyUsageException".
+	//
+	// The request was rejected because the specified KeySpec value is not valid.
+	ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException"
+
+	// ErrCodeInvalidMarkerException for service response error code
+	// "InvalidMarkerException".
+	//
+	// The request was rejected because the marker that specifies where pagination
+	// should next begin is not valid.
+	ErrCodeInvalidMarkerException = "InvalidMarkerException"
+
+	// ErrCodeInvalidStateException for service response error code
+	// "InvalidStateException".
+	//
+	// The request was rejected because the state of the specified resource is not
+	// valid for this request.
+	//
+	// For more information about how key state affects the use of a CMK, see How
+	// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+	// in the AWS Key Management Service Developer Guide.
+	ErrCodeInvalidStateException = "InvalidStateException"
+
+	// ErrCodeKeyUnavailableException for service response error code
+	// "KeyUnavailableException".
+	//
+	// The request was rejected because the specified CMK was not available. The
+	// request can be retried.
+	ErrCodeKeyUnavailableException = "KeyUnavailableException"
+
+	// ErrCodeLimitExceededException for service response error code
+	// "LimitExceededException".
+	//
+	// The request was rejected because a limit was exceeded. For more information,
+	// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
+	// in the AWS Key Management Service Developer Guide.
+	ErrCodeLimitExceededException = "LimitExceededException"
+
+	// ErrCodeMalformedPolicyDocumentException for service response error code
+	// "MalformedPolicyDocumentException".
+	//
+	// The request was rejected because the specified policy is not syntactically
+	// or semantically correct.
+	ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocumentException"
+
+	// ErrCodeNotFoundException for service response error code
+	// "NotFoundException".
+	//
+	// The request was rejected because the specified entity or resource could not
+	// be found.
+	ErrCodeNotFoundException = "NotFoundException"
+
+	// ErrCodeTagException for service response error code
+	// "TagException".
+	//
+	// The request was rejected because one or more tags are not valid.
+	ErrCodeTagException = "TagException"
+
+	// ErrCodeUnsupportedOperationException for service response error code
+	// "UnsupportedOperationException".
+	//
+	// The request was rejected because a specified parameter is not supported or
+	// a specified resource is not valid for this operation.
+	ErrCodeUnsupportedOperationException = "UnsupportedOperationException"
+)

vendor/github.com/aws/aws-sdk-go/service/kms/service.go

@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 
 package kms
 
@@ -11,80 +11,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
 )
 
-// AWS Key Management Service (AWS KMS) is an encryption and key management
+// KMS provides the API operation methods for making requests to
-// web service. This guide describes the AWS KMS operations that you can call
+// AWS Key Management Service. See this package's package overview docs
-// programmatically. For general information about AWS KMS, see the AWS Key
+// for details on the service.
-// Management Service Developer Guide (http://docs.aws.amazon.com/kms/latest/developerguide/).
 //
-// AWS provides SDKs that consist of libraries and sample code for various programming
+// KMS methods are safe to use concurrently. It is not safe to
-// languages and platforms (Java, Ruby, .Net, iOS, Android, etc.). The SDKs
+// modify mutate any of the struct's properties though.
-// provide a convenient way to create programmatic access to AWS KMS and other
-// AWS services. For example, the SDKs take care of tasks such as signing requests
-// (see below), managing errors, and retrying requests automatically. For more
-// information about the AWS SDKs, including how to download and install them,
-// see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
-//
-// We recommend that you use the AWS SDKs to make programmatic API calls to
-// AWS KMS.
-//
-// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS
-// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy
-// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
-// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support
-// these modes.
-//
-// Signing Requests
-//
-// Requests must be signed by using an access key ID and a secret access key.
-// We strongly recommend that you do not use your AWS account (root) access
-// key ID and secret key for everyday work with AWS KMS. Instead, use the access
-// key ID and secret access key for an IAM user, or you can use the AWS Security
-// Token Service to generate temporary security credentials that you can use
-// to sign requests.
-//
-// All AWS KMS operations require Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
-//
-// Logging API Requests
-//
-// AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related
-// events for your AWS account and delivers them to an Amazon S3 bucket that
-// you specify. By using the information collected by CloudTrail, you can determine
-// what requests were made to AWS KMS, who made the request, when it was made,
-// and so on. To learn more about CloudTrail, including how to turn it on and
-// find your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
-//
-// Additional Resources
-//
-// For more information about credentials and request signing, see the following:
-//
-//    * AWS Security Credentials (http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
-//    - This topic provides general information about the types of credentials
-//    used for accessing AWS.
-//
-//    * Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
-//    - This section of the IAM User Guide describes how to create and use temporary
-//    security credentials.
-//
-//    * Signature Version 4 Signing Process (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
-//    - This set of topics walks you through the process of signing a request
-//    using an access key ID and a secret access key.
-//
-// Commonly Used APIs
-//
-// Of the APIs discussed in this guide, the following will prove the most useful
-// for most applications. You will likely perform actions other than these,
-// such as creating keys and assigning policies, by using the console.
-//
-//    * Encrypt
-//
-//    * Decrypt
-//
-//    * GenerateDataKey
-//
-//    * GenerateDataKeyWithoutPlaintext
-// The service client's operations are safe to be used concurrently.
-// It is not safe to mutate any of the client's properties though.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01
 type KMS struct {
 	*client.Client
 }

vendor/github.com/aws/aws-sdk-go/service/sts/BUILD

@@ -5,6 +5,8 @@ go_library(
     srcs = [
         "api.go",
         "customizations.go",
+        "doc.go",
+        "errors.go",
         "service.go",
     ],
     importpath = "github.com/aws/aws-sdk-go/service/sts",

vendor/github.com/aws/aws-sdk-go/service/sts/api.go

@@ -1,11 +1,11 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 
-// Package sts provides a client for AWS Security Token Service.
 package sts
 
 import (
 	"time"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awsutil"
 	"github.com/aws/aws-sdk-go/aws/request"
 )
@@ -14,19 +14,18 @@ const opAssumeRole = "AssumeRole"
 
 // AssumeRoleRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRole operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request complets
-// is called.
+// successfuly.
 //
-// See AssumeRole for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See AssumeRole for more information on using the AssumeRole
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the AssumeRole method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the AssumeRoleRequest method.
 //    req, resp := client.AssumeRoleRequest(params)
@@ -153,16 +152,16 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // API operation AssumeRole for usage and error information.
 //
 // Returned Error Codes:
-//   * MalformedPolicyDocument
+//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //   The request was rejected because the policy document was malformed. The error
 //   message describes the specific error.
 //
-//   * PackedPolicyTooLarge
+//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //   The request was rejected because the policy document was too large. The error
 //   message describes how big the policy document is, in packed form, as a percentage
 //   of what the API allows.
 //
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
@@ -172,27 +171,41 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
 func (c *STS) AssumeRole(input *AssumeRoleInput) (*AssumeRoleOutput, error) {
 	req, out := c.AssumeRoleRequest(input)
-	err := req.Send()
+	return out, req.Send()
-	return out, err
+}
+
+// AssumeRoleWithContext is the same as AssumeRole with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssumeRole for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) AssumeRoleWithContext(ctx aws.Context, input *AssumeRoleInput, opts ...request.Option) (*AssumeRoleOutput, error) {
+	req, out := c.AssumeRoleRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
 }
 
 const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
 
 // AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithSAML operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request complets
-// is called.
+// successfuly.
 //
-// See AssumeRoleWithSAML for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See AssumeRoleWithSAML for more information on using the AssumeRoleWithSAML
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the AssumeRoleWithSAML method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the AssumeRoleWithSAMLRequest method.
 //    req, resp := client.AssumeRoleWithSAMLRequest(params)
@@ -297,31 +310,31 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // API operation AssumeRoleWithSAML for usage and error information.
 //
 // Returned Error Codes:
-//   * MalformedPolicyDocument
+//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //   The request was rejected because the policy document was malformed. The error
 //   message describes the specific error.
 //
-//   * PackedPolicyTooLarge
+//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //   The request was rejected because the policy document was too large. The error
 //   message describes how big the policy document is, in packed form, as a percentage
 //   of what the API allows.
 //
-//   * IDPRejectedClaim
+//   * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
 //   The identity provider (IdP) reported that authentication failed. This might
 //   be because the claim is invalid.
 //
 //   If this error is returned for the AssumeRoleWithWebIdentity operation, it
 //   can also mean that the claim has expired or has been explicitly revoked.
 //
-//   * InvalidIdentityToken
+//   * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
 //   The web identity token that was passed could not be validated by AWS. Get
 //   a new identity token from the identity provider and then retry the request.
 //
-//   * ExpiredTokenException
+//   * ErrCodeExpiredTokenException "ExpiredTokenException"
 //   The web identity token that was passed is expired or is not valid. Get a
 //   new identity token from the identity provider and then retry the request.
 //
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
@@ -331,27 +344,41 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
 func (c *STS) AssumeRoleWithSAML(input *AssumeRoleWithSAMLInput) (*AssumeRoleWithSAMLOutput, error) {
 	req, out := c.AssumeRoleWithSAMLRequest(input)
-	err := req.Send()
+	return out, req.Send()
-	return out, err
+}
+
+// AssumeRoleWithSAMLWithContext is the same as AssumeRoleWithSAML with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssumeRoleWithSAML for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) AssumeRoleWithSAMLWithContext(ctx aws.Context, input *AssumeRoleWithSAMLInput, opts ...request.Option) (*AssumeRoleWithSAMLOutput, error) {
+	req, out := c.AssumeRoleWithSAMLRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
 }
 
 const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
 
 // AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithWebIdentity operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request complets
-// is called.
+// successfuly.
 //
-// See AssumeRoleWithWebIdentity for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See AssumeRoleWithWebIdentity for more information on using the AssumeRoleWithWebIdentity
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the AssumeRoleWithWebIdentity method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the AssumeRoleWithWebIdentityRequest method.
 //    req, resp := client.AssumeRoleWithWebIdentityRequest(params)
@@ -478,38 +505,38 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // API operation AssumeRoleWithWebIdentity for usage and error information.
 //
 // Returned Error Codes:
-//   * MalformedPolicyDocument
+//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //   The request was rejected because the policy document was malformed. The error
 //   message describes the specific error.
 //
-//   * PackedPolicyTooLarge
+//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //   The request was rejected because the policy document was too large. The error
 //   message describes how big the policy document is, in packed form, as a percentage
 //   of what the API allows.
 //
-//   * IDPRejectedClaim
+//   * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
 //   The identity provider (IdP) reported that authentication failed. This might
 //   be because the claim is invalid.
 //
 //   If this error is returned for the AssumeRoleWithWebIdentity operation, it
 //   can also mean that the claim has expired or has been explicitly revoked.
 //
-//   * IDPCommunicationError
+//   * ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
 //   The request could not be fulfilled because the non-AWS identity provider
 //   (IDP) that was asked to verify the incoming identity token could not be reached.
 //   This is often a transient error caused by network conditions. Retry the request
 //   a limited number of times so that you don't exceed the request rate. If the
 //   error persists, the non-AWS identity provider might be down or not responding.
 //
-//   * InvalidIdentityToken
+//   * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
 //   The web identity token that was passed could not be validated by AWS. Get
 //   a new identity token from the identity provider and then retry the request.
 //
-//   * ExpiredTokenException
+//   * ErrCodeExpiredTokenException "ExpiredTokenException"
 //   The web identity token that was passed is expired or is not valid. Get a
 //   new identity token from the identity provider and then retry the request.
 //
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
@@ -519,27 +546,41 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
 func (c *STS) AssumeRoleWithWebIdentity(input *AssumeRoleWithWebIdentityInput) (*AssumeRoleWithWebIdentityOutput, error) {
 	req, out := c.AssumeRoleWithWebIdentityRequest(input)
-	err := req.Send()
+	return out, req.Send()
-	return out, err
+}
+
+// AssumeRoleWithWebIdentityWithContext is the same as AssumeRoleWithWebIdentity with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssumeRoleWithWebIdentity for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) AssumeRoleWithWebIdentityWithContext(ctx aws.Context, input *AssumeRoleWithWebIdentityInput, opts ...request.Option) (*AssumeRoleWithWebIdentityOutput, error) {
+	req, out := c.AssumeRoleWithWebIdentityRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
 }
 
 const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
 
 // DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
 // client's request for the DecodeAuthorizationMessage operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request complets
-// is called.
+// successfuly.
 //
-// See DecodeAuthorizationMessage for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See DecodeAuthorizationMessage for more information on using the DecodeAuthorizationMessage
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the DecodeAuthorizationMessage method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the DecodeAuthorizationMessageRequest method.
 //    req, resp := client.DecodeAuthorizationMessageRequest(params)
@@ -609,7 +650,7 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
 // API operation DecodeAuthorizationMessage for usage and error information.
 //
 // Returned Error Codes:
-//   * InvalidAuthorizationMessageException
+//   * ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException"
 //   The error returned if the message passed to DecodeAuthorizationMessage was
 //   invalid. This can happen if the token contains invalid characters, such as
 //   linebreaks.
@@ -617,27 +658,41 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
 // Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
 func (c *STS) DecodeAuthorizationMessage(input *DecodeAuthorizationMessageInput) (*DecodeAuthorizationMessageOutput, error) {
 	req, out := c.DecodeAuthorizationMessageRequest(input)
-	err := req.Send()
+	return out, req.Send()
-	return out, err
+}
+
+// DecodeAuthorizationMessageWithContext is the same as DecodeAuthorizationMessage with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DecodeAuthorizationMessage for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) DecodeAuthorizationMessageWithContext(ctx aws.Context, input *DecodeAuthorizationMessageInput, opts ...request.Option) (*DecodeAuthorizationMessageOutput, error) {
+	req, out := c.DecodeAuthorizationMessageRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
 }
 
 const opGetCallerIdentity = "GetCallerIdentity"
 
 // GetCallerIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the GetCallerIdentity operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request complets
-// is called.
+// successfuly.
 //
-// See GetCallerIdentity for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See GetCallerIdentity for more information on using the GetCallerIdentity
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the GetCallerIdentity method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the GetCallerIdentityRequest method.
 //    req, resp := client.GetCallerIdentityRequest(params)
@@ -678,27 +733,41 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
 // Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
 func (c *STS) GetCallerIdentity(input *GetCallerIdentityInput) (*GetCallerIdentityOutput, error) {
 	req, out := c.GetCallerIdentityRequest(input)
-	err := req.Send()
+	return out, req.Send()
-	return out, err
+}
+
+// GetCallerIdentityWithContext is the same as GetCallerIdentity with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetCallerIdentity for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetCallerIdentityWithContext(ctx aws.Context, input *GetCallerIdentityInput, opts ...request.Option) (*GetCallerIdentityOutput, error) {
+	req, out := c.GetCallerIdentityRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
 }
 
 const opGetFederationToken = "GetFederationToken"
 
 // GetFederationTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetFederationToken operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request complets
-// is called.
+// successfuly.
 //
-// See GetFederationToken for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See GetFederationToken for more information on using the GetFederationToken
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the GetFederationToken method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the GetFederationTokenRequest method.
 //    req, resp := client.GetFederationTokenRequest(params)
@@ -814,16 +883,16 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // API operation GetFederationToken for usage and error information.
 //
 // Returned Error Codes:
-//   * MalformedPolicyDocument
+//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //   The request was rejected because the policy document was malformed. The error
 //   message describes the specific error.
 //
-//   * PackedPolicyTooLarge
+//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //   The request was rejected because the policy document was too large. The error
 //   message describes how big the policy document is, in packed form, as a percentage
 //   of what the API allows.
 //
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
@@ -833,27 +902,41 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
 func (c *STS) GetFederationToken(input *GetFederationTokenInput) (*GetFederationTokenOutput, error) {
 	req, out := c.GetFederationTokenRequest(input)
-	err := req.Send()
+	return out, req.Send()
-	return out, err
+}
+
+// GetFederationTokenWithContext is the same as GetFederationToken with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetFederationToken for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetFederationTokenWithContext(ctx aws.Context, input *GetFederationTokenInput, opts ...request.Option) (*GetFederationTokenOutput, error) {
+	req, out := c.GetFederationTokenRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
 }
 
 const opGetSessionToken = "GetSessionToken"
 
 // GetSessionTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetSessionToken operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request complets
-// is called.
+// successfuly.
 //
-// See GetSessionToken for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See GetSessionToken for more information on using the GetSessionToken
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the GetSessionToken method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the GetSessionTokenRequest method.
 //    req, resp := client.GetSessionTokenRequest(params)
@@ -937,7 +1020,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // API operation GetSessionToken for usage and error information.
 //
 // Returned Error Codes:
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
@@ -947,8 +1030,23 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
 func (c *STS) GetSessionToken(input *GetSessionTokenInput) (*GetSessionTokenOutput, error) {
 	req, out := c.GetSessionTokenRequest(input)
-	err := req.Send()
+	return out, req.Send()
-	return out, err
+}
+
+// GetSessionTokenWithContext is the same as GetSessionToken with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetSessionToken for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionTokenInput, opts ...request.Option) (*GetSessionTokenOutput, error) {
+	req, out := c.GetSessionTokenRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
 }
 
 // Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest
@@ -980,7 +1078,7 @@ type AssumeRoleInput struct {
 	//
 	// The regex used to validated this parameter is a string of characters consisting
 	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@:\/-
+	// also include underscores or any of the following characters: =,.@:/-
 	ExternalId *string `min:"2" type:"string"`
 
 	// An IAM policy in JSON format.
@@ -2164,9 +2262,9 @@ type GetSessionTokenInput struct {
 	// You can find the device for an IAM user by going to the AWS Management Console
 	// and viewing the user's security credentials.
 	//
-	// The regex used to validate this parameter is a string of characters consisting
+	// The regex used to validated this parameter is a string of characters consisting
 	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-
+	// also include underscores or any of the following characters: =,.@:/-
 	SerialNumber *string `min:"9" type:"string"`
 
 	// The value provided by the MFA device, if MFA is required. If any policy requires

vendor/github.com/aws/aws-sdk-go/service/sts/doc.go

@@ -0,0 +1,72 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package sts provides the client and types for making API
+// requests to AWS Security Token Service.
+//
+// The AWS Security Token Service (STS) is a web service that enables you to
+// request temporary, limited-privilege credentials for AWS Identity and Access
+// Management (IAM) users or for users that you authenticate (federated users).
+// This guide provides descriptions of the STS API. For more detailed information
+// about using this service, go to Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
+//
+// As an alternative to using the API, you can use one of the AWS SDKs, which
+// consist of libraries and sample code for various programming languages and
+// platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient
+// way to create programmatic access to STS. For example, the SDKs take care
+// of cryptographically signing requests, managing errors, and retrying requests
+// automatically. For information about the AWS SDKs, including how to download
+// and install them, see the Tools for Amazon Web Services page (http://aws.amazon.com/tools/).
+//
+// For information about setting up signatures and authorization through the
+// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
+// in the AWS General Reference. For general information about the Query API,
+// go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
+// in Using IAM. For information about using security tokens with other AWS
+// products, go to AWS Services That Work with IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
+// in the IAM User Guide.
+//
+// If you're new to AWS and need additional technical information about a specific
+// AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/
+// (http://aws.amazon.com/documentation/).
+//
+// Endpoints
+//
+// The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com
+// that maps to the US East (N. Virginia) region. Additional regions are available
+// and are activated by default. For more information, see Activating and Deactivating
+// AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
+//
+// For information about STS endpoints, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region)
+// in the AWS General Reference.
+//
+// Recording API requests
+//
+// STS supports AWS CloudTrail, which is a service that records AWS calls for
+// your AWS account and delivers log files to an Amazon S3 bucket. By using
+// information collected by CloudTrail, you can determine what requests were
+// successfully made to STS, who made the request, when it was made, and so
+// on. To learn more about CloudTrail, including how to turn it on and find
+// your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
+//
+// See sts package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/
+//
+// Using the Client
+//
+// To AWS Security Token Service with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS Security Token Service client STS for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#New
+package sts

vendor/github.com/aws/aws-sdk-go/service/sts/errors.go

@@ -0,0 +1,73 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sts
+
+const (
+
+	// ErrCodeExpiredTokenException for service response error code
+	// "ExpiredTokenException".
+	//
+	// The web identity token that was passed is expired or is not valid. Get a
+	// new identity token from the identity provider and then retry the request.
+	ErrCodeExpiredTokenException = "ExpiredTokenException"
+
+	// ErrCodeIDPCommunicationErrorException for service response error code
+	// "IDPCommunicationError".
+	//
+	// The request could not be fulfilled because the non-AWS identity provider
+	// (IDP) that was asked to verify the incoming identity token could not be reached.
+	// This is often a transient error caused by network conditions. Retry the request
+	// a limited number of times so that you don't exceed the request rate. If the
+	// error persists, the non-AWS identity provider might be down or not responding.
+	ErrCodeIDPCommunicationErrorException = "IDPCommunicationError"
+
+	// ErrCodeIDPRejectedClaimException for service response error code
+	// "IDPRejectedClaim".
+	//
+	// The identity provider (IdP) reported that authentication failed. This might
+	// be because the claim is invalid.
+	//
+	// If this error is returned for the AssumeRoleWithWebIdentity operation, it
+	// can also mean that the claim has expired or has been explicitly revoked.
+	ErrCodeIDPRejectedClaimException = "IDPRejectedClaim"
+
+	// ErrCodeInvalidAuthorizationMessageException for service response error code
+	// "InvalidAuthorizationMessageException".
+	//
+	// The error returned if the message passed to DecodeAuthorizationMessage was
+	// invalid. This can happen if the token contains invalid characters, such as
+	// linebreaks.
+	ErrCodeInvalidAuthorizationMessageException = "InvalidAuthorizationMessageException"
+
+	// ErrCodeInvalidIdentityTokenException for service response error code
+	// "InvalidIdentityToken".
+	//
+	// The web identity token that was passed could not be validated by AWS. Get
+	// a new identity token from the identity provider and then retry the request.
+	ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken"
+
+	// ErrCodeMalformedPolicyDocumentException for service response error code
+	// "MalformedPolicyDocument".
+	//
+	// The request was rejected because the policy document was malformed. The error
+	// message describes the specific error.
+	ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocument"
+
+	// ErrCodePackedPolicyTooLargeException for service response error code
+	// "PackedPolicyTooLarge".
+	//
+	// The request was rejected because the policy document was too large. The error
+	// message describes how big the policy document is, in packed form, as a percentage
+	// of what the API allows.
+	ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
+
+	// ErrCodeRegionDisabledException for service response error code
+	// "RegionDisabledException".
+	//
+	// STS is not activated in the requested region for the account that is being
+	// asked to generate credentials. The account administrator must use the IAM
+	// console to activate STS in that region. For more information, see Activating
+	// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+	// in the IAM User Guide.
+	ErrCodeRegionDisabledException = "RegionDisabledException"
+)

vendor/github.com/aws/aws-sdk-go/service/sts/service.go

@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 
 package sts
 
@@ -11,54 +11,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol/query"
 )
 
-// The AWS Security Token Service (STS) is a web service that enables you to
+// STS provides the API operation methods for making requests to
-// request temporary, limited-privilege credentials for AWS Identity and Access
+// AWS Security Token Service. See this package's package overview docs
-// Management (IAM) users or for users that you authenticate (federated users).
+// for details on the service.
-// This guide provides descriptions of the STS API. For more detailed information
-// about using this service, go to Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
 //
-// As an alternative to using the API, you can use one of the AWS SDKs, which
+// STS methods are safe to use concurrently. It is not safe to
-// consist of libraries and sample code for various programming languages and
+// modify mutate any of the struct's properties though.
-// platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient
-// way to create programmatic access to STS. For example, the SDKs take care
-// of cryptographically signing requests, managing errors, and retrying requests
-// automatically. For information about the AWS SDKs, including how to download
-// and install them, see the Tools for Amazon Web Services page (http://aws.amazon.com/tools/).
-//
-// For information about setting up signatures and authorization through the
-// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
-// in the AWS General Reference. For general information about the Query API,
-// go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
-// in Using IAM. For information about using security tokens with other AWS
-// products, go to AWS Services That Work with IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
-// in the IAM User Guide.
-//
-// If you're new to AWS and need additional technical information about a specific
-// AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/
-// (http://aws.amazon.com/documentation/).
-//
-// Endpoints
-//
-// The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com
-// that maps to the US East (N. Virginia) region. Additional regions are available
-// and are activated by default. For more information, see Activating and Deactivating
-// AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
-// in the IAM User Guide.
-//
-// For information about STS endpoints, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region)
-// in the AWS General Reference.
-//
-// Recording API requests
-//
-// STS supports AWS CloudTrail, which is a service that records AWS calls for
-// your AWS account and delivers log files to an Amazon S3 bucket. By using
-// information collected by CloudTrail, you can determine what requests were
-// successfully made to STS, who made the request, when it was made, and so
-// on. To learn more about CloudTrail, including how to turn it on and find
-// your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
-// The service client's operations are safe to be used concurrently.
-// It is not safe to mutate any of the client's properties though.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15
 type STS struct {
 	*client.Client
 }