aws-sdk-ec2 1.198.0 → 1.203.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f06156e4770a819318fbcae3efd8fea0333346453be525f185f7f53d8a2b4b60
-  data.tar.gz: 3c143413662867fde0f8c007ee175ad47f6db8578a97aa393b85805100b4e6c9
+  metadata.gz: 6036add83ebf9c38c44918cebd5ebbd55c1f343b8636a942424180b75f1b82e1
+  data.tar.gz: e55f72546ec179db10ac6518a52cee4de2a758badb03068881d7868e269e88fa
 SHA512:
-  metadata.gz: d2c786b06080fd079b59917f5d1cdaa11a456aacf53e97322241f803f56c97909ab85c54688ad1e2d0ad50f330328468c900a03c102cdc414434ded728665144
-  data.tar.gz: 43230be8736cdc45e24626ab4ff663c88329efbfcb55cf7ff26d2e762072026fd10ada32a6c70a413d4da886c468b4d619b19f39bc06f82edc765be4e90aeeda
+  metadata.gz: f3f01b624f73a5455c46b8cbacd6e1e69ac362185a229a6b7fc431f845513addc1dcf6ec1f3406e11b2dee7ff4a24e052fde1bf3a9a5a066b1ae6569f29270b1
+  data.tar.gz: 3d1a613a3f06b0d17d92c3724f752daf66397b64bca53765c072e934b17f4b661172fd9be9a8463fa44837c96241bb10d1e65e8fcaaf3ca56704a15a0942b269

data/lib/aws-sdk-ec2.rb

@@ -72,6 +72,6 @@ require_relative 'aws-sdk-ec2/customizations'
 # @!group service
 module Aws::EC2
 
-  GEM_VERSION = '1.198.0'
+  GEM_VERSION = '1.203.0'
 
 end

data/lib/aws-sdk-ec2/client.rb

@@ -1401,6 +1401,74 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Associates an AWS Identity and Access Management (IAM) role with an
+    # AWS Certificate Manager (ACM) certificate. This enables the
+    # certificate to be used by the ACM for Nitro Enclaves application
+    # inside an enclave. For more information, see [AWS Certificate Manager
+    # for Nitro Enclaves][1] in the *Amazon Elastic Compute Cloud User
+    # Guide*.
+    #
+    # When the IAM role is associated with the ACM certificate, places the
+    # certificate, certificate chain, and encrypted private key in an Amazon
+    # S3 bucket that only the associated IAM role can access. The private
+    # key of the certificate is encrypted with an AWS-managed KMS key that
+    # has an attached attestation-based key policy.
+    #
+    # To enable the IAM role to access the Amazon S3 object, you must grant
+    # it permission to call `s3:GetObject` on the Amazon S3 bucket returned
+    # by the command. To enable the IAM role to access the AWS KMS key, you
+    # must grant it permission to call `kms:Decrypt` on AWS KMS key returned
+    # by the command. For more information, see [ Grant the role permission
+    # to access the certificate and encryption key][2] in the *Amazon
+    # Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html
+    # [2]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy
+    #
+    # @option params [String] :certificate_arn
+    #   The ARN of the ACM certificate with which to associate the IAM role.
+    #
+    # @option params [String] :role_arn
+    #   The ARN of the IAM role to associate with the ACM certificate. You can
+    #   associate up to 16 IAM roles with an ACM certificate.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::AssociateEnclaveCertificateIamRoleResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssociateEnclaveCertificateIamRoleResult#certificate_s3_bucket_name #certificate_s3_bucket_name} => String
+    #   * {Types::AssociateEnclaveCertificateIamRoleResult#certificate_s3_object_key #certificate_s3_object_key} => String
+    #   * {Types::AssociateEnclaveCertificateIamRoleResult#encryption_kms_key_id #encryption_kms_key_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.associate_enclave_certificate_iam_role({
+    #     certificate_arn: "ResourceArn",
+    #     role_arn: "ResourceArn",
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.certificate_s3_bucket_name #=> String
+    #   resp.certificate_s3_object_key #=> String
+    #   resp.encryption_kms_key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateEnclaveCertificateIamRole AWS API Documentation
+    #
+    # @overload associate_enclave_certificate_iam_role(params = {})
+    # @param [Hash] params ({})
+    def associate_enclave_certificate_iam_role(params = {}, options = {})
+      req = build_request(:associate_enclave_certificate_iam_role, params)
+      req.send_request(options)
+    end
+
     # Associates an IAM instance profile with a running or stopped instance.
     # You cannot associate more than one IAM instance profile with an
     # instance.
@@ -5625,6 +5693,9 @@ module Aws::EC2
     #         http_put_response_hop_limit: 1,
     #         http_endpoint: "disabled", # accepts disabled, enabled
     #       },
+    #       enclave_options: {
+    #         enabled: false,
+    #       },
     #     },
     #     tag_specifications: [
     #       {
@@ -5906,6 +5977,9 @@ module Aws::EC2
     #         http_put_response_hop_limit: 1,
     #         http_endpoint: "disabled", # accepts disabled, enabled
     #       },
+    #       enclave_options: {
+    #         enabled: false,
+    #       },
     #     },
     #   })
     #
@@ -6001,6 +6075,7 @@ module Aws::EC2
     #   resp.launch_template_version.launch_template_data.metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.launch_template_version.launch_template_data.metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.launch_template_version.launch_template_data.metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.launch_template_version.launch_template_data.enclave_options.enabled #=> Boolean
     #   resp.warning.errors #=> Array
     #   resp.warning.errors[0].code #=> String
     #   resp.warning.errors[0].message #=> String
@@ -7680,7 +7755,13 @@ module Aws::EC2
     # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html
     #
     # @option params [required, String] :bucket
-    #   The Amazon S3 bucket in which to store the Spot Instance data feed.
+    #   The name of the Amazon S3 bucket in which to store the Spot Instance
+    #   data feed. For more information about bucket names, see [Rules for
+    #   bucket naming][1] in the *Amazon S3 Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules
     #
     # @option params [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
@@ -7689,7 +7770,7 @@ module Aws::EC2
     #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
     #
     # @option params [String] :prefix
-    #   A prefix for the data feed file names.
+    #   The prefix for the data feed file names.
     #
     # @return [Types::CreateSpotDatafeedSubscriptionResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -16443,6 +16524,7 @@ module Aws::EC2
     #   * {Types::InstanceAttribute#block_device_mappings #block_device_mappings} => Array<Types::InstanceBlockDeviceMapping>
     #   * {Types::InstanceAttribute#disable_api_termination #disable_api_termination} => Types::AttributeBooleanValue
     #   * {Types::InstanceAttribute#ena_support #ena_support} => Types::AttributeBooleanValue
+    #   * {Types::InstanceAttribute#enclave_options #enclave_options} => Types::EnclaveOptions
     #   * {Types::InstanceAttribute#ebs_optimized #ebs_optimized} => Types::AttributeBooleanValue
     #   * {Types::InstanceAttribute#instance_id #instance_id} => String
     #   * {Types::InstanceAttribute#instance_initiated_shutdown_behavior #instance_initiated_shutdown_behavior} => Types::AttributeValue
@@ -16527,7 +16609,7 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_instance_attribute({
-    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     dry_run: false,
     #     instance_id: "InstanceId", # required
     #   })
@@ -16545,6 +16627,7 @@ module Aws::EC2
     #   resp.block_device_mappings[0].ebs.volume_id #=> String
     #   resp.disable_api_termination.value #=> Boolean
     #   resp.ena_support.value #=> Boolean
+    #   resp.enclave_options.enabled #=> Boolean
     #   resp.ebs_optimized.value #=> Boolean
     #   resp.instance_id #=> String
     #   resp.instance_initiated_shutdown_behavior #=> <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
@@ -17023,26 +17106,26 @@ module Aws::EC2
     #     baseline bandwidth performance for an EBS-optimized instance type,
     #     in Mbps.
     #
-    #   * `ebs-info.ebs-optimized-info.baseline-throughput-in-mbps` - The
-    #     baseline throughput performance for an EBS-optimized instance type,
-    #     in MBps.
-    #
     #   * `ebs-info.ebs-optimized-info.baseline-iops` - The baseline
     #     input/output storage operations per second for an EBS-optimized
     #     instance type.
     #
+    #   * `ebs-info.ebs-optimized-info.baseline-throughput-in-mbps` - The
+    #     baseline throughput performance for an EBS-optimized instance type,
+    #     in MBps.
+    #
     #   * `ebs-info.ebs-optimized-info.maximum-bandwidth-in-mbps` - The
     #     maximum bandwidth performance for an EBS-optimized instance type, in
     #     Mbps.
     #
-    #   * `ebs-info.ebs-optimized-info.maximum-throughput-in-mbps` - The
-    #     maximum throughput performance for an EBS-optimized instance type,
-    #     in MBps.
-    #
     #   * `ebs-info.ebs-optimized-info.maximum-iops` - The maximum
     #     input/output storage operations per second for an EBS-optimized
     #     instance type.
     #
+    #   * `ebs-info.ebs-optimized-info.maximum-throughput-in-mbps` - The
+    #     maximum throughput performance for an EBS-optimized instance type,
+    #     in MBps.
+    #
     #   * `ebs-info.ebs-optimized-support` - Indicates whether the instance
     #     type is EBS-optimized. (`supported` \| `unsupported` \| `default`)
     #
@@ -17050,8 +17133,8 @@ module Aws::EC2
     #     supported. (`supported` \| `unsupported`)
     #
     #   * `ebs-info.nvme-support` - Indicates whether non-volatile memory
-    #     express (NVMe) is supported or required. (`required` \| `supported`
-    #     \| `unsupported`)
+    #     express (NVMe) is supported for EBS volumes. (`required` \|
+    #     `supported` \| `unsupported`)
     #
     #   * `free-tier-eligible` - Indicates whether the instance type is
     #     eligible to use in the free tier. (`true` \| `false`)
@@ -17059,7 +17142,7 @@ module Aws::EC2
     #   * `hibernation-supported` - Indicates whether On-Demand hibernation is
     #     supported. (`true` \| `false`)
     #
-    #   * `hypervisor` - The hypervisor used. (`nitro` \| `xen`)
+    #   * `hypervisor` - The hypervisor. (`nitro` \| `xen`)
     #
     #   * `instance-storage-info.disk.count` - The number of local disks.
     #
@@ -17069,21 +17152,28 @@ module Aws::EC2
     #   * `instance-storage-info.disk.type` - The storage technology for the
     #     local instance storage disks. (`hdd` \| `ssd`)
     #
+    #   * `instance-storage-info.nvme-support` - Indicates whether
+    #     non-volatile memory express (NVMe) is supported for instance store.
+    #     (`required` \| `supported`) \| `unsupported`)
+    #
     #   * `instance-storage-info.total-size-in-gb` - The total amount of
     #     storage available from all local instance storage, in GB.
     #
     #   * `instance-storage-supported` - Indicates whether the instance type
     #     has local instance storage. (`true` \| `false`)
     #
+    #   * `instance-type` - The instance type (for example `c5.2xlarge` or
+    #     c5*).
+    #
     #   * `memory-info.size-in-mib` - The memory size.
     #
+    #   * `network-info.efa-supported` - Indicates whether the instance type
+    #     supports Elastic Fabric Adapter (EFA). (`true` \| `false`)
+    #
     #   * `network-info.ena-support` - Indicates whether Elastic Network
     #     Adapter (ENA) is supported or required. (`required` \| `supported`
     #     \| `unsupported`)
     #
-    #   * `network-info.efa-supported` - Indicates whether the instance type
-    #     supports Elastic Fabric Adapter (EFA). (`true` \| `false`)
-    #
     #   * `network-info.ipv4-addresses-per-interface` - The maximum number of
     #     private IPv4 addresses per network interface.
     #
@@ -17096,12 +17186,23 @@ module Aws::EC2
     #   * `network-info.maximum-network-interfaces` - The maximum number of
     #     network interfaces per instance.
     #
-    #   * `network-info.network-performance` - Describes the network
-    #     performance.
+    #   * `network-info.network-performance` - The network performance (for
+    #     example, "25 Gigabit").
+    #
+    #   * `processor-info.supported-architecture` - The CPU architecture.
+    #     (`arm64` \| `i386` \| `x86_64`)
     #
     #   * `processor-info.sustained-clock-speed-in-ghz` - The CPU clock speed,
     #     in GHz.
     #
+    #   * `supported-root-device-type` - The root device type. (`ebs` \|
+    #     `instance-store`)
+    #
+    #   * `supported-usage-class` - The usage class. (`on-demand` \| `spot`)
+    #
+    #   * `supported-virtualization-type` - The virtualization type. (`hvm` \|
+    #     `paravirtual`)
+    #
     #   * `vcpu-info.default-cores` - The default number of cores for the
     #     instance type.
     #
@@ -17111,6 +17212,13 @@ module Aws::EC2
     #   * `vcpu-info.default-vcpus` - The default number of vCPUs for the
     #     instance type.
     #
+    #   * `vcpu-info.valid-cores` - The number of cores that can be configured
+    #     for the instance type.
+    #
+    #   * `vcpu-info.valid-threads-per-core` - The number of threads per core
+    #     that can be configured for the instance type. For example, "1" or
+    #     "1,2".
+    #
     # @option params [Integer] :max_results
     #   The maximum number of results to return for the request in a single
     #   page. The remaining results can be seen by sending another request
@@ -17172,6 +17280,7 @@ module Aws::EC2
     #   resp.instance_types[0].instance_storage_info.disks[0].size_in_gb #=> Integer
     #   resp.instance_types[0].instance_storage_info.disks[0].count #=> Integer
     #   resp.instance_types[0].instance_storage_info.disks[0].type #=> String, one of "hdd", "ssd"
+    #   resp.instance_types[0].instance_storage_info.nvme_support #=> String, one of "unsupported", "supported", "required"
     #   resp.instance_types[0].ebs_info.ebs_optimized_support #=> String, one of "unsupported", "supported", "default"
     #   resp.instance_types[0].ebs_info.encryption_support #=> String, one of "unsupported", "supported"
     #   resp.instance_types[0].ebs_info.ebs_optimized_info.baseline_bandwidth_in_mbps #=> Integer
@@ -17747,6 +17856,7 @@ module Aws::EC2
     #   resp.reservations[0].instances[0].metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.reservations[0].instances[0].metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.reservations[0].instances[0].metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.reservations[0].instances[0].enclave_options.enabled #=> Boolean
     #   resp.reservations[0].owner_id #=> String
     #   resp.reservations[0].requester_id #=> String
     #   resp.reservations[0].reservation_id #=> String
@@ -18326,6 +18436,7 @@ module Aws::EC2
     #   resp.launch_template_versions[0].launch_template_data.metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.launch_template_versions[0].launch_template_data.metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.launch_template_versions[0].launch_template_data.metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.launch_template_versions[0].launch_template_data.enclave_options.enabled #=> Boolean
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLaunchTemplateVersions AWS API Documentation
@@ -18747,6 +18858,7 @@ module Aws::EC2
     #   resp.local_gateway_virtual_interface_groups[0].local_gateway_virtual_interface_ids #=> Array
     #   resp.local_gateway_virtual_interface_groups[0].local_gateway_virtual_interface_ids[0] #=> String
     #   resp.local_gateway_virtual_interface_groups[0].local_gateway_id #=> String
+    #   resp.local_gateway_virtual_interface_groups[0].owner_id #=> String
     #   resp.local_gateway_virtual_interface_groups[0].tags #=> Array
     #   resp.local_gateway_virtual_interface_groups[0].tags[0].key #=> String
     #   resp.local_gateway_virtual_interface_groups[0].tags[0].value #=> String
@@ -18815,6 +18927,7 @@ module Aws::EC2
     #   resp.local_gateway_virtual_interfaces[0].peer_address #=> String
     #   resp.local_gateway_virtual_interfaces[0].local_bgp_asn #=> Integer
     #   resp.local_gateway_virtual_interfaces[0].peer_bgp_asn #=> Integer
+    #   resp.local_gateway_virtual_interfaces[0].owner_id #=> String
     #   resp.local_gateway_virtual_interfaces[0].tags #=> Array
     #   resp.local_gateway_virtual_interfaces[0].tags[0].key #=> String
     #   resp.local_gateway_virtual_interfaces[0].tags[0].value #=> String
@@ -22859,8 +22972,10 @@ module Aws::EC2
     #   * `instance-type` - The type of instance (for example, `m3.medium`).
     #
     #   * `product-description` - The product description for the Spot price
-    #     (`Linux/UNIX` \| `SUSE Linux` \| `Windows` \| `Linux/UNIX (Amazon
-    #     VPC)` \| `SUSE Linux (Amazon VPC)` \| `Windows (Amazon VPC)`).
+    #     (`Linux/UNIX` \| `Red Hat Enterprise Linux` \| `SUSE Linux` \|
+    #     `Windows` \| `Linux/UNIX (Amazon VPC)` \| `Red Hat Enterprise Linux
+    #     (Amazon VPC)` \| `SUSE Linux (Amazon VPC)` \| `Windows (Amazon
+    #     VPC)`).
     #
     #   * `spot-price` - The Spot price. The value must match exactly (or use
     #     wildcards; greater than or less than comparison is not supported).
@@ -26782,6 +26897,52 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Disassociates an IAM role from an AWS Certificate Manager (ACM)
+    # certificate. Disassociating an IAM role from an ACM certificate
+    # removes the Amazon S3 object that contains the certificate,
+    # certificate chain, and encrypted private key from the Amazon S3
+    # bucket. It also revokes the IAM role's permission to use the AWS Key
+    # Management Service (KMS) key used to encrypt the private key. This
+    # effectively revokes the role's permission to use the certificate.
+    #
+    # @option params [String] :certificate_arn
+    #   The ARN of the ACM certificate from which to disassociate the IAM
+    #   role.
+    #
+    # @option params [String] :role_arn
+    #   The ARN of the IAM role to disassociate.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::DisassociateEnclaveCertificateIamRoleResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DisassociateEnclaveCertificateIamRoleResult#return #return} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disassociate_enclave_certificate_iam_role({
+    #     certificate_arn: "ResourceArn",
+    #     role_arn: "ResourceArn",
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.return #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateEnclaveCertificateIamRole AWS API Documentation
+    #
+    # @overload disassociate_enclave_certificate_iam_role(params = {})
+    # @param [Hash] params ({})
+    def disassociate_enclave_certificate_iam_role(params = {}, options = {})
+      req = build_request(:disassociate_enclave_certificate_iam_role, params)
+      req.send_request(options)
+    end
+
     # Disassociates an IAM instance profile from a running or stopped
     # instance.
     #
@@ -27676,6 +27837,51 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Returns the IAM roles that are associated with the specified AWS
+    # Certificate Manager (ACM) certificate. It also returns the name of the
+    # Amazon S3 bucket and the Amazon S3 object key where the certificate,
+    # certificate chain, and encrypted private key bundle are stored, and
+    # the ARN of the AWS Key Management Service (KMS) key that's used to
+    # encrypt the private key.
+    #
+    # @option params [String] :certificate_arn
+    #   The ARN of the ACM certificate for which to view the associated IAM
+    #   roles, encryption keys, and Amazon S3 object information.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::GetAssociatedEnclaveCertificateIamRolesResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetAssociatedEnclaveCertificateIamRolesResult#associated_roles #associated_roles} => Array&lt;Types::AssociatedRole&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_associated_enclave_certificate_iam_roles({
+    #     certificate_arn: "ResourceArn",
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.associated_roles #=> Array
+    #   resp.associated_roles[0].associated_role_arn #=> String
+    #   resp.associated_roles[0].certificate_s3_bucket_name #=> String
+    #   resp.associated_roles[0].certificate_s3_object_key #=> String
+    #   resp.associated_roles[0].encryption_kms_key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAssociatedEnclaveCertificateIamRoles AWS API Documentation
+    #
+    # @overload get_associated_enclave_certificate_iam_roles(params = {})
+    # @param [Hash] params ({})
+    def get_associated_enclave_certificate_iam_roles(params = {}, options = {})
+      req = build_request(:get_associated_enclave_certificate_iam_roles, params)
+      req.send_request(options)
+    end
+
     # Gets information about the IPv6 CIDR block associations for a
     # specified IPv6 address pool.
     #
@@ -28412,6 +28618,7 @@ module Aws::EC2
     #   resp.launch_template_data.metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.launch_template_data.metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.launch_template_data.metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.launch_template_data.enclave_options.enabled #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetLaunchTemplateData AWS API Documentation
     #
@@ -30859,7 +31066,7 @@ module Aws::EC2
     #     source_dest_check: {
     #       value: false,
     #     },
-    #     attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     block_device_mappings: [
     #       {
     #         device_name: "String",
@@ -34047,7 +34254,7 @@ module Aws::EC2
     # instances. The operation succeeds if the instances are valid and
     # belong to you. Requests to reboot terminated instances are ignored.
     #
-    # If an instance does not cleanly shut down within four minutes, Amazon
+    # If an instance does not cleanly shut down within a few minutes, Amazon
     # EC2 performs a hard reboot.
     #
     # For more information about troubleshooting, see [Getting console
@@ -35704,6 +35911,10 @@ module Aws::EC2
     #   You can't specify an Availability Zone group or a launch group if you
     #   specify a duration.
     #
+    #   New accounts or accounts with no previous billing history with AWS are
+    #   not eligible for Spot Instances with a defined duration (also known as
+    #   Spot blocks).
+    #
     # @option params [String] :client_token
     #   Unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request. For more information, see [How to Ensure
@@ -35754,11 +35965,17 @@ module Aws::EC2
     #   current date and time.
     #
     # @option params [Time,DateTime,Date,Integer,String] :valid_until
-    #   The end date of the request. If this is a one-time request, the
-    #   request remains active until all instances launch, the request is
-    #   canceled, or this date is reached. If the request is persistent, it
-    #   remains active until it is canceled or this date is reached. The
-    #   default end date is 7 days from the current date.
+    #   The end date of the request, in UTC format
+    #   (*YYYY*-*MM*-*DD*T*HH*\:*MM*\:*SS*Z).
+    #
+    #   * For a persistent request, the request remains active until the
+    #     `ValidUntil` date and time is reached. Otherwise, the request
+    #     remains active until you cancel it.
+    #
+    #   * For a one-time request, the request remains active until all
+    #     instances launch, the request is canceled, or the `ValidUntil` date
+    #     and time is reached. By default, the request is valid for 7 days
+    #     from the date the request was created.
     #
     # @option params [Array<Types::TagSpecification>] :tag_specifications
     #   The key-value pair for tagging the Spot Instance request on creation.
@@ -36192,7 +36409,7 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   resp = client.reset_instance_attribute({
-    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     dry_run: false,
     #     instance_id: "InstanceId", # required
     #   })
@@ -36459,10 +36676,19 @@ module Aws::EC2
     end
 
     # \[VPC only\] Removes the specified egress rules from a security group
-    # for EC2-VPC. This action doesn't apply to security groups for use in
+    # for EC2-VPC. This action does not apply to security groups for use in
     # EC2-Classic. To remove a rule, the values that you specify (for
     # example, ports) must match the existing rule's values exactly.
     #
+    # <note markdown="1"> \[Default VPC\] If the values you specify do not match the existing
+    # rule's values, no error is returned, and the output describes the
+    # security group rules that were not revoked.
+    #
+    #  AWS recommends that you use DescribeSecurityGroups to verify that the
+    # rule has been removed.
+    #
+    #  </note>
+    #
     # Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or
     # source security group. For the TCP and UDP protocols, you must also
     # specify the destination port or range of ports. For the ICMP protocol,
@@ -36507,7 +36733,10 @@ module Aws::EC2
     #   Not supported. Use a set of IP permissions to specify a destination
     #   security group.
     #
-    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    # @return [Types::RevokeSecurityGroupEgressResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::RevokeSecurityGroupEgressResult#return #return} => Boolean
+    #   * {Types::RevokeSecurityGroupEgressResult#unknown_ip_permissions #unknown_ip_permissions} => Array&lt;Types::IpPermission&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -36558,6 +36787,31 @@ module Aws::EC2
     #     source_security_group_owner_id: "String",
     #   })
     #
+    # @example Response structure
+    #
+    #   resp.return #=> Boolean
+    #   resp.unknown_ip_permissions #=> Array
+    #   resp.unknown_ip_permissions[0].from_port #=> Integer
+    #   resp.unknown_ip_permissions[0].ip_protocol #=> String
+    #   resp.unknown_ip_permissions[0].ip_ranges #=> Array
+    #   resp.unknown_ip_permissions[0].ip_ranges[0].cidr_ip #=> String
+    #   resp.unknown_ip_permissions[0].ip_ranges[0].description #=> String
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges #=> Array
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges[0].cidr_ipv_6 #=> String
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges[0].description #=> String
+    #   resp.unknown_ip_permissions[0].prefix_list_ids #=> Array
+    #   resp.unknown_ip_permissions[0].prefix_list_ids[0].description #=> String
+    #   resp.unknown_ip_permissions[0].prefix_list_ids[0].prefix_list_id #=> String
+    #   resp.unknown_ip_permissions[0].to_port #=> Integer
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs #=> Array
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].description #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].group_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].group_name #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].peering_status #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].user_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].vpc_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].vpc_peering_connection_id #=> String
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupEgress AWS API Documentation
     #
     # @overload revoke_security_group_egress(params = {})
@@ -36571,9 +36825,12 @@ module Aws::EC2
     # rule, the values that you specify (for example, ports) must match the
     # existing rule's values exactly.
     #
-    # <note markdown="1"> \[EC2-Classic only\] If the values you specify do not match the
-    # existing rule's values, no error is returned. Use
-    # DescribeSecurityGroups to verify that the rule has been removed.
+    # <note markdown="1"> \[EC2-Classic , default VPC\] If the values you specify do not match
+    # the existing rule's values, no error is returned, and the output
+    # describes the security group rules that were not revoked.
+    #
+    #  AWS recommends that you use DescribeSecurityGroups to verify that the
+    # rule has been removed.
     #
     #  </note>
     #
@@ -36645,7 +36902,10 @@ module Aws::EC2
     #   If you have the required permissions, the error response is
     #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
     #
-    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    # @return [Types::RevokeSecurityGroupIngressResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::RevokeSecurityGroupIngressResult#return #return} => Boolean
+    #   * {Types::RevokeSecurityGroupIngressResult#unknown_ip_permissions #unknown_ip_permissions} => Array&lt;Types::IpPermission&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -36697,6 +36957,31 @@ module Aws::EC2
     #     dry_run: false,
     #   })
     #
+    # @example Response structure
+    #
+    #   resp.return #=> Boolean
+    #   resp.unknown_ip_permissions #=> Array
+    #   resp.unknown_ip_permissions[0].from_port #=> Integer
+    #   resp.unknown_ip_permissions[0].ip_protocol #=> String
+    #   resp.unknown_ip_permissions[0].ip_ranges #=> Array
+    #   resp.unknown_ip_permissions[0].ip_ranges[0].cidr_ip #=> String
+    #   resp.unknown_ip_permissions[0].ip_ranges[0].description #=> String
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges #=> Array
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges[0].cidr_ipv_6 #=> String
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges[0].description #=> String
+    #   resp.unknown_ip_permissions[0].prefix_list_ids #=> Array
+    #   resp.unknown_ip_permissions[0].prefix_list_ids[0].description #=> String
+    #   resp.unknown_ip_permissions[0].prefix_list_ids[0].prefix_list_id #=> String
+    #   resp.unknown_ip_permissions[0].to_port #=> Integer
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs #=> Array
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].description #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].group_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].group_name #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].peering_status #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].user_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].vpc_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].vpc_peering_connection_id #=> String
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupIngress AWS API Documentation
     #
     # @overload revoke_security_group_ingress(params = {})
@@ -37079,6 +37364,9 @@ module Aws::EC2
     #   information, see [Hibernate your instance][1] in the *Amazon Elastic
     #   Compute Cloud User Guide*.
     #
+    #   You can't enable hibernation and AWS Nitro Enclaves on the same
+    #   instance.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html
@@ -37094,6 +37382,21 @@ module Aws::EC2
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
     #
+    # @option params [Types::EnclaveOptionsRequest] :enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    #   more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves requirements,
+    #   see [ AWS Nitro Enclaves][2] in the *Amazon Elastic Compute Cloud User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
+    #
     # @return [Types::Reservation] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::Reservation#groups #groups} => Array&lt;Types::GroupIdentifier&gt;
@@ -37294,6 +37597,9 @@ module Aws::EC2
     #       http_put_response_hop_limit: 1,
     #       http_endpoint: "disabled", # accepts disabled, enabled
     #     },
+    #     enclave_options: {
+    #       enabled: false,
+    #     },
     #   })
     #
     # @example Response structure
@@ -37418,6 +37724,7 @@ module Aws::EC2
     #   resp.instances[0].metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.instances[0].metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.instances[0].metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.instances[0].enclave_options.enabled #=> Boolean
     #   resp.owner_id #=> String
     #   resp.requester_id #=> String
     #   resp.reservation_id #=> String
@@ -38787,7 +39094,7 @@ module Aws::EC2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ec2'
-      context[:gem_version] = '1.198.0'
+      context[:gem_version] = '1.203.0'
       Seahorse::Client::Request.new(handlers, context)
     end