aws-sdk-ec2 1.199.0 → 1.204.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d294e8bfc8ed2fbf06c35a88f7e484f501257964b1ceeb44eae4a4d04426fd3b
-  data.tar.gz: 0c40b83a509acffc10af1d8a6fc233f37cd59a8f39b89deee0380b2a047ff534
+  metadata.gz: 509a6dded30d28bd581080e151a82330d7a8f0fce793778efba36443099c0ffa
+  data.tar.gz: 471eec900fb0e9b94c56fc35d2af412ee32c81f992a9c8e9f2af72708ed96115
 SHA512:
-  metadata.gz: f98e64b921201a7333235bee4ab5a5dd928e74fe65df1be4fd82536507ac8bd06889913ba77b7b0ee03c1de05f5ce593dfc36e3a5e41972cb4eaba809860496e
-  data.tar.gz: a90f19ef058dea1b4d0462be12dd981ac9cfc292482beb7eb3cfdf68941524ead67811c1157ff3c4fde8adad4d7a8daa238b1013a9a135de9c2ebd67caca4d62
+  metadata.gz: ca30f016bfb21f3310a8e0bc3c3677ea0e7665bd634703aa7209510d987ccb0b4fe049f5b27ff90146d8f1da649bf0538f5233e1d443d482baf6e9c42bff6cd3
+  data.tar.gz: 58181ecaf893fa11a5be1b145ff68aaf59f08ac9bc01017a2eb4079aa8ea6b975e7b7d9067e4284060b92f3dda1af963ad4477ea7c598872e19b75d8d5fd1a05

data/lib/aws-sdk-ec2.rb

@@ -72,6 +72,6 @@ require_relative 'aws-sdk-ec2/customizations'
 # @!group service
 module Aws::EC2
 
-  GEM_VERSION = '1.199.0'
+  GEM_VERSION = '1.204.0'
 
 end

data/lib/aws-sdk-ec2/client.rb

@@ -466,6 +466,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
     #   resp.transit_gateway_vpc_attachment.tags[0].key #=> String
     #   resp.transit_gateway_vpc_attachment.tags[0].value #=> String
@@ -1401,6 +1402,74 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Associates an AWS Identity and Access Management (IAM) role with an
+    # AWS Certificate Manager (ACM) certificate. This enables the
+    # certificate to be used by the ACM for Nitro Enclaves application
+    # inside an enclave. For more information, see [AWS Certificate Manager
+    # for Nitro Enclaves][1] in the *Amazon Elastic Compute Cloud User
+    # Guide*.
+    #
+    # When the IAM role is associated with the ACM certificate, places the
+    # certificate, certificate chain, and encrypted private key in an Amazon
+    # S3 bucket that only the associated IAM role can access. The private
+    # key of the certificate is encrypted with an AWS-managed KMS key that
+    # has an attached attestation-based key policy.
+    #
+    # To enable the IAM role to access the Amazon S3 object, you must grant
+    # it permission to call `s3:GetObject` on the Amazon S3 bucket returned
+    # by the command. To enable the IAM role to access the AWS KMS key, you
+    # must grant it permission to call `kms:Decrypt` on AWS KMS key returned
+    # by the command. For more information, see [ Grant the role permission
+    # to access the certificate and encryption key][2] in the *Amazon
+    # Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html
+    # [2]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy
+    #
+    # @option params [String] :certificate_arn
+    #   The ARN of the ACM certificate with which to associate the IAM role.
+    #
+    # @option params [String] :role_arn
+    #   The ARN of the IAM role to associate with the ACM certificate. You can
+    #   associate up to 16 IAM roles with an ACM certificate.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::AssociateEnclaveCertificateIamRoleResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssociateEnclaveCertificateIamRoleResult#certificate_s3_bucket_name #certificate_s3_bucket_name} => String
+    #   * {Types::AssociateEnclaveCertificateIamRoleResult#certificate_s3_object_key #certificate_s3_object_key} => String
+    #   * {Types::AssociateEnclaveCertificateIamRoleResult#encryption_kms_key_id #encryption_kms_key_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.associate_enclave_certificate_iam_role({
+    #     certificate_arn: "ResourceArn",
+    #     role_arn: "ResourceArn",
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.certificate_s3_bucket_name #=> String
+    #   resp.certificate_s3_object_key #=> String
+    #   resp.encryption_kms_key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateEnclaveCertificateIamRole AWS API Documentation
+    #
+    # @overload associate_enclave_certificate_iam_role(params = {})
+    # @param [Hash] params ({})
+    def associate_enclave_certificate_iam_role(params = {}, options = {})
+      req = build_request(:associate_enclave_certificate_iam_role, params)
+      req.send_request(options)
+    end
+
     # Associates an IAM instance profile with a running or stopped instance.
     # You cannot associate more than one IAM instance profile with an
     # instance.
@@ -3896,6 +3965,12 @@ module Aws::EC2
     #   security group IDs are specified in the request, the default security
     #   group for the VPC is applied.
     #
+    # @option params [String] :self_service_portal
+    #   Specify whether to enable the self-service portal for the Client VPN
+    #   endpoint.
+    #
+    #   Default Value: `enabled`
+    #
     # @return [Types::CreateClientVpnEndpointResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateClientVpnEndpointResult#client_vpn_endpoint_id #client_vpn_endpoint_id} => String
@@ -3918,6 +3993,7 @@ module Aws::EC2
     #         },
     #         federated_authentication: {
     #           saml_provider_arn: "String",
+    #           self_service_saml_provider_arn: "String",
     #         },
     #       },
     #     ],
@@ -3946,6 +4022,7 @@ module Aws::EC2
     #     ],
     #     security_group_ids: ["SecurityGroupId"],
     #     vpc_id: "VpcId",
+    #     self_service_portal: "enabled", # accepts enabled, disabled
     #   })
     #
     # @example Response structure
@@ -5625,6 +5702,9 @@ module Aws::EC2
     #         http_put_response_hop_limit: 1,
     #         http_endpoint: "disabled", # accepts disabled, enabled
     #       },
+    #       enclave_options: {
+    #         enabled: false,
+    #       },
     #     },
     #     tag_specifications: [
     #       {
@@ -5906,6 +5986,9 @@ module Aws::EC2
     #         http_put_response_hop_limit: 1,
     #         http_endpoint: "disabled", # accepts disabled, enabled
     #       },
+    #       enclave_options: {
+    #         enabled: false,
+    #       },
     #     },
     #   })
     #
@@ -6001,6 +6084,7 @@ module Aws::EC2
     #   resp.launch_template_version.launch_template_data.metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.launch_template_version.launch_template_data.metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.launch_template_version.launch_template_data.metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.launch_template_version.launch_template_data.enclave_options.enabled #=> Boolean
     #   resp.warning.errors #=> Array
     #   resp.warning.errors[0].code #=> String
     #   resp.warning.errors[0].message #=> String
@@ -7680,7 +7764,13 @@ module Aws::EC2
     # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html
     #
     # @option params [required, String] :bucket
-    #   The Amazon S3 bucket in which to store the Spot Instance data feed.
+    #   The name of the Amazon S3 bucket in which to store the Spot Instance
+    #   data feed. For more information about bucket names, see [Rules for
+    #   bucket naming][1] in the *Amazon S3 Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules
     #
     # @option params [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
@@ -7689,7 +7779,7 @@ module Aws::EC2
     #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
     #
     # @option params [String] :prefix
-    #   A prefix for the data feed file names.
+    #   The prefix for the data feed file names.
     #
     # @return [Types::CreateSpotDatafeedSubscriptionResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -8896,6 +8986,7 @@ module Aws::EC2
     #     options: {
     #       dns_support: "enable", # accepts enable, disable
     #       ipv_6_support: "enable", # accepts enable, disable
+    #       appliance_mode_support: "enable", # accepts enable, disable
     #     },
     #     tag_specifications: [
     #       {
@@ -8923,6 +9014,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
     #   resp.transit_gateway_vpc_attachment.tags[0].key #=> String
     #   resp.transit_gateway_vpc_attachment.tags[0].value #=> String
@@ -12028,6 +12120,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
     #   resp.transit_gateway_vpc_attachment.tags[0].key #=> String
     #   resp.transit_gateway_vpc_attachment.tags[0].value #=> String
@@ -13893,6 +13986,7 @@ module Aws::EC2
     #   resp.client_vpn_endpoints[0].authentication_options[0].active_directory.directory_id #=> String
     #   resp.client_vpn_endpoints[0].authentication_options[0].mutual_authentication.client_root_certificate_chain #=> String
     #   resp.client_vpn_endpoints[0].authentication_options[0].federated_authentication.saml_provider_arn #=> String
+    #   resp.client_vpn_endpoints[0].authentication_options[0].federated_authentication.self_service_saml_provider_arn #=> String
     #   resp.client_vpn_endpoints[0].connection_log_options.enabled #=> Boolean
     #   resp.client_vpn_endpoints[0].connection_log_options.cloudwatch_log_group #=> String
     #   resp.client_vpn_endpoints[0].connection_log_options.cloudwatch_log_stream #=> String
@@ -13902,6 +13996,7 @@ module Aws::EC2
     #   resp.client_vpn_endpoints[0].security_group_ids #=> Array
     #   resp.client_vpn_endpoints[0].security_group_ids[0] #=> String
     #   resp.client_vpn_endpoints[0].vpc_id #=> String
+    #   resp.client_vpn_endpoints[0].self_service_portal_url #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeClientVpnEndpoints AWS API Documentation
@@ -16443,6 +16538,7 @@ module Aws::EC2
     #   * {Types::InstanceAttribute#block_device_mappings #block_device_mappings} => Array<Types::InstanceBlockDeviceMapping>
     #   * {Types::InstanceAttribute#disable_api_termination #disable_api_termination} => Types::AttributeBooleanValue
     #   * {Types::InstanceAttribute#ena_support #ena_support} => Types::AttributeBooleanValue
+    #   * {Types::InstanceAttribute#enclave_options #enclave_options} => Types::EnclaveOptions
     #   * {Types::InstanceAttribute#ebs_optimized #ebs_optimized} => Types::AttributeBooleanValue
     #   * {Types::InstanceAttribute#instance_id #instance_id} => String
     #   * {Types::InstanceAttribute#instance_initiated_shutdown_behavior #instance_initiated_shutdown_behavior} => Types::AttributeValue
@@ -16527,7 +16623,7 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_instance_attribute({
-    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     dry_run: false,
     #     instance_id: "InstanceId", # required
     #   })
@@ -16545,6 +16641,7 @@ module Aws::EC2
     #   resp.block_device_mappings[0].ebs.volume_id #=> String
     #   resp.disable_api_termination.value #=> Boolean
     #   resp.ena_support.value #=> Boolean
+    #   resp.enclave_options.enabled #=> Boolean
     #   resp.ebs_optimized.value #=> Boolean
     #   resp.instance_id #=> String
     #   resp.instance_initiated_shutdown_behavior #=> <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
@@ -17023,26 +17120,26 @@ module Aws::EC2
     #     baseline bandwidth performance for an EBS-optimized instance type,
     #     in Mbps.
     #
-    #   * `ebs-info.ebs-optimized-info.baseline-throughput-in-mbps` - The
-    #     baseline throughput performance for an EBS-optimized instance type,
-    #     in MBps.
-    #
     #   * `ebs-info.ebs-optimized-info.baseline-iops` - The baseline
     #     input/output storage operations per second for an EBS-optimized
     #     instance type.
     #
+    #   * `ebs-info.ebs-optimized-info.baseline-throughput-in-mbps` - The
+    #     baseline throughput performance for an EBS-optimized instance type,
+    #     in MBps.
+    #
     #   * `ebs-info.ebs-optimized-info.maximum-bandwidth-in-mbps` - The
     #     maximum bandwidth performance for an EBS-optimized instance type, in
     #     Mbps.
     #
-    #   * `ebs-info.ebs-optimized-info.maximum-throughput-in-mbps` - The
-    #     maximum throughput performance for an EBS-optimized instance type,
-    #     in MBps.
-    #
     #   * `ebs-info.ebs-optimized-info.maximum-iops` - The maximum
     #     input/output storage operations per second for an EBS-optimized
     #     instance type.
     #
+    #   * `ebs-info.ebs-optimized-info.maximum-throughput-in-mbps` - The
+    #     maximum throughput performance for an EBS-optimized instance type,
+    #     in MBps.
+    #
     #   * `ebs-info.ebs-optimized-support` - Indicates whether the instance
     #     type is EBS-optimized. (`supported` \| `unsupported` \| `default`)
     #
@@ -17050,8 +17147,8 @@ module Aws::EC2
     #     supported. (`supported` \| `unsupported`)
     #
     #   * `ebs-info.nvme-support` - Indicates whether non-volatile memory
-    #     express (NVMe) is supported or required. (`required` \| `supported`
-    #     \| `unsupported`)
+    #     express (NVMe) is supported for EBS volumes. (`required` \|
+    #     `supported` \| `unsupported`)
     #
     #   * `free-tier-eligible` - Indicates whether the instance type is
     #     eligible to use in the free tier. (`true` \| `false`)
@@ -17059,7 +17156,7 @@ module Aws::EC2
     #   * `hibernation-supported` - Indicates whether On-Demand hibernation is
     #     supported. (`true` \| `false`)
     #
-    #   * `hypervisor` - The hypervisor used. (`nitro` \| `xen`)
+    #   * `hypervisor` - The hypervisor. (`nitro` \| `xen`)
     #
     #   * `instance-storage-info.disk.count` - The number of local disks.
     #
@@ -17069,21 +17166,28 @@ module Aws::EC2
     #   * `instance-storage-info.disk.type` - The storage technology for the
     #     local instance storage disks. (`hdd` \| `ssd`)
     #
+    #   * `instance-storage-info.nvme-support` - Indicates whether
+    #     non-volatile memory express (NVMe) is supported for instance store.
+    #     (`required` \| `supported`) \| `unsupported`)
+    #
     #   * `instance-storage-info.total-size-in-gb` - The total amount of
     #     storage available from all local instance storage, in GB.
     #
     #   * `instance-storage-supported` - Indicates whether the instance type
     #     has local instance storage. (`true` \| `false`)
     #
+    #   * `instance-type` - The instance type (for example `c5.2xlarge` or
+    #     c5*).
+    #
     #   * `memory-info.size-in-mib` - The memory size.
     #
+    #   * `network-info.efa-supported` - Indicates whether the instance type
+    #     supports Elastic Fabric Adapter (EFA). (`true` \| `false`)
+    #
     #   * `network-info.ena-support` - Indicates whether Elastic Network
     #     Adapter (ENA) is supported or required. (`required` \| `supported`
     #     \| `unsupported`)
     #
-    #   * `network-info.efa-supported` - Indicates whether the instance type
-    #     supports Elastic Fabric Adapter (EFA). (`true` \| `false`)
-    #
     #   * `network-info.ipv4-addresses-per-interface` - The maximum number of
     #     private IPv4 addresses per network interface.
     #
@@ -17096,12 +17200,23 @@ module Aws::EC2
     #   * `network-info.maximum-network-interfaces` - The maximum number of
     #     network interfaces per instance.
     #
-    #   * `network-info.network-performance` - Describes the network
-    #     performance.
+    #   * `network-info.network-performance` - The network performance (for
+    #     example, "25 Gigabit").
+    #
+    #   * `processor-info.supported-architecture` - The CPU architecture.
+    #     (`arm64` \| `i386` \| `x86_64`)
     #
     #   * `processor-info.sustained-clock-speed-in-ghz` - The CPU clock speed,
     #     in GHz.
     #
+    #   * `supported-root-device-type` - The root device type. (`ebs` \|
+    #     `instance-store`)
+    #
+    #   * `supported-usage-class` - The usage class. (`on-demand` \| `spot`)
+    #
+    #   * `supported-virtualization-type` - The virtualization type. (`hvm` \|
+    #     `paravirtual`)
+    #
     #   * `vcpu-info.default-cores` - The default number of cores for the
     #     instance type.
     #
@@ -17111,6 +17226,13 @@ module Aws::EC2
     #   * `vcpu-info.default-vcpus` - The default number of vCPUs for the
     #     instance type.
     #
+    #   * `vcpu-info.valid-cores` - The number of cores that can be configured
+    #     for the instance type.
+    #
+    #   * `vcpu-info.valid-threads-per-core` - The number of threads per core
+    #     that can be configured for the instance type. For example, "1" or
+    #     "1,2".
+    #
     # @option params [Integer] :max_results
     #   The maximum number of results to return for the request in a single
     #   page. The remaining results can be seen by sending another request
@@ -17172,6 +17294,7 @@ module Aws::EC2
     #   resp.instance_types[0].instance_storage_info.disks[0].size_in_gb #=> Integer
     #   resp.instance_types[0].instance_storage_info.disks[0].count #=> Integer
     #   resp.instance_types[0].instance_storage_info.disks[0].type #=> String, one of "hdd", "ssd"
+    #   resp.instance_types[0].instance_storage_info.nvme_support #=> String, one of "unsupported", "supported", "required"
     #   resp.instance_types[0].ebs_info.ebs_optimized_support #=> String, one of "unsupported", "supported", "default"
     #   resp.instance_types[0].ebs_info.encryption_support #=> String, one of "unsupported", "supported"
     #   resp.instance_types[0].ebs_info.ebs_optimized_info.baseline_bandwidth_in_mbps #=> Integer
@@ -17747,6 +17870,7 @@ module Aws::EC2
     #   resp.reservations[0].instances[0].metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.reservations[0].instances[0].metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.reservations[0].instances[0].metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.reservations[0].instances[0].enclave_options.enabled #=> Boolean
     #   resp.reservations[0].owner_id #=> String
     #   resp.reservations[0].requester_id #=> String
     #   resp.reservations[0].reservation_id #=> String
@@ -18326,6 +18450,7 @@ module Aws::EC2
     #   resp.launch_template_versions[0].launch_template_data.metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.launch_template_versions[0].launch_template_data.metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.launch_template_versions[0].launch_template_data.metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.launch_template_versions[0].launch_template_data.enclave_options.enabled #=> Boolean
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLaunchTemplateVersions AWS API Documentation
@@ -22861,8 +22986,10 @@ module Aws::EC2
     #   * `instance-type` - The type of instance (for example, `m3.medium`).
     #
     #   * `product-description` - The product description for the Spot price
-    #     (`Linux/UNIX` \| `SUSE Linux` \| `Windows` \| `Linux/UNIX (Amazon
-    #     VPC)` \| `SUSE Linux (Amazon VPC)` \| `Windows (Amazon VPC)`).
+    #     (`Linux/UNIX` \| `Red Hat Enterprise Linux` \| `SUSE Linux` \|
+    #     `Windows` \| `Linux/UNIX (Amazon VPC)` \| `Red Hat Enterprise Linux
+    #     (Amazon VPC)` \| `SUSE Linux (Amazon VPC)` \| `Windows (Amazon
+    #     VPC)`).
     #
     #   * `spot-price` - The Spot price. The value must match exactly (or use
     #     wildcards; greater than or less than comparison is not supported).
@@ -24055,6 +24182,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachments[0].creation_time #=> Time
     #   resp.transit_gateway_vpc_attachments[0].options.dns_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachments[0].options.ipv_6_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachments[0].options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachments[0].tags #=> Array
     #   resp.transit_gateway_vpc_attachments[0].tags[0].key #=> String
     #   resp.transit_gateway_vpc_attachments[0].tags[0].value #=> String
@@ -26784,6 +26912,52 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Disassociates an IAM role from an AWS Certificate Manager (ACM)
+    # certificate. Disassociating an IAM role from an ACM certificate
+    # removes the Amazon S3 object that contains the certificate,
+    # certificate chain, and encrypted private key from the Amazon S3
+    # bucket. It also revokes the IAM role's permission to use the AWS Key
+    # Management Service (KMS) key used to encrypt the private key. This
+    # effectively revokes the role's permission to use the certificate.
+    #
+    # @option params [String] :certificate_arn
+    #   The ARN of the ACM certificate from which to disassociate the IAM
+    #   role.
+    #
+    # @option params [String] :role_arn
+    #   The ARN of the IAM role to disassociate.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::DisassociateEnclaveCertificateIamRoleResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DisassociateEnclaveCertificateIamRoleResult#return #return} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disassociate_enclave_certificate_iam_role({
+    #     certificate_arn: "ResourceArn",
+    #     role_arn: "ResourceArn",
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.return #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateEnclaveCertificateIamRole AWS API Documentation
+    #
+    # @overload disassociate_enclave_certificate_iam_role(params = {})
+    # @param [Hash] params ({})
+    def disassociate_enclave_certificate_iam_role(params = {}, options = {})
+      req = build_request(:disassociate_enclave_certificate_iam_role, params)
+      req.send_request(options)
+    end
+
     # Disassociates an IAM instance profile from a running or stopped
     # instance.
     #
@@ -27678,6 +27852,51 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Returns the IAM roles that are associated with the specified AWS
+    # Certificate Manager (ACM) certificate. It also returns the name of the
+    # Amazon S3 bucket and the Amazon S3 object key where the certificate,
+    # certificate chain, and encrypted private key bundle are stored, and
+    # the ARN of the AWS Key Management Service (KMS) key that's used to
+    # encrypt the private key.
+    #
+    # @option params [String] :certificate_arn
+    #   The ARN of the ACM certificate for which to view the associated IAM
+    #   roles, encryption keys, and Amazon S3 object information.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::GetAssociatedEnclaveCertificateIamRolesResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetAssociatedEnclaveCertificateIamRolesResult#associated_roles #associated_roles} => Array&lt;Types::AssociatedRole&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_associated_enclave_certificate_iam_roles({
+    #     certificate_arn: "ResourceArn",
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.associated_roles #=> Array
+    #   resp.associated_roles[0].associated_role_arn #=> String
+    #   resp.associated_roles[0].certificate_s3_bucket_name #=> String
+    #   resp.associated_roles[0].certificate_s3_object_key #=> String
+    #   resp.associated_roles[0].encryption_kms_key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAssociatedEnclaveCertificateIamRoles AWS API Documentation
+    #
+    # @overload get_associated_enclave_certificate_iam_roles(params = {})
+    # @param [Hash] params ({})
+    def get_associated_enclave_certificate_iam_roles(params = {}, options = {})
+      req = build_request(:get_associated_enclave_certificate_iam_roles, params)
+      req.send_request(options)
+    end
+
     # Gets information about the IPv6 CIDR block associations for a
     # specified IPv6 address pool.
     #
@@ -28414,6 +28633,7 @@ module Aws::EC2
     #   resp.launch_template_data.metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.launch_template_data.metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.launch_template_data.metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.launch_template_data.enclave_options.enabled #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetLaunchTemplateData AWS API Documentation
     #
@@ -29954,6 +30174,10 @@ module Aws::EC2
     # @option params [String] :vpc_id
     #   The ID of the VPC to associate with the Client VPN endpoint.
     #
+    # @option params [String] :self_service_portal
+    #   Specify whether to enable the self-service portal for the Client VPN
+    #   endpoint.
+    #
     # @return [Types::ModifyClientVpnEndpointResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ModifyClientVpnEndpointResult#return #return} => Boolean
@@ -29978,6 +30202,7 @@ module Aws::EC2
     #     dry_run: false,
     #     security_group_ids: ["SecurityGroupId"],
     #     vpc_id: "VpcId",
+    #     self_service_portal: "enabled", # accepts enabled, disabled
     #   })
     #
     # @example Response structure
@@ -30861,7 +31086,7 @@ module Aws::EC2
     #     source_dest_check: {
     #       value: false,
     #     },
-    #     attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     block_device_mappings: [
     #       {
     #         device_name: "String",
@@ -32351,6 +32576,7 @@ module Aws::EC2
     #     options: {
     #       dns_support: "enable", # accepts enable, disable
     #       ipv_6_support: "enable", # accepts enable, disable
+    #       appliance_mode_support: "enable", # accepts enable, disable
     #     },
     #     dry_run: false,
     #   })
@@ -32367,6 +32593,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
     #   resp.transit_gateway_vpc_attachment.tags[0].key #=> String
     #   resp.transit_gateway_vpc_attachment.tags[0].value #=> String
@@ -34049,7 +34276,7 @@ module Aws::EC2
     # instances. The operation succeeds if the instances are valid and
     # belong to you. Requests to reboot terminated instances are ignored.
     #
-    # If an instance does not cleanly shut down within four minutes, Amazon
+    # If an instance does not cleanly shut down within a few minutes, Amazon
     # EC2 performs a hard reboot.
     #
     # For more information about troubleshooting, see [Getting console
@@ -34528,6 +34755,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
     #   resp.transit_gateway_vpc_attachment.tags[0].key #=> String
     #   resp.transit_gateway_vpc_attachment.tags[0].value #=> String
@@ -35706,6 +35934,10 @@ module Aws::EC2
     #   You can't specify an Availability Zone group or a launch group if you
     #   specify a duration.
     #
+    #   New accounts or accounts with no previous billing history with AWS are
+    #   not eligible for Spot Instances with a defined duration (also known as
+    #   Spot blocks).
+    #
     # @option params [String] :client_token
     #   Unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request. For more information, see [How to Ensure
@@ -35756,11 +35988,17 @@ module Aws::EC2
     #   current date and time.
     #
     # @option params [Time,DateTime,Date,Integer,String] :valid_until
-    #   The end date of the request. If this is a one-time request, the
-    #   request remains active until all instances launch, the request is
-    #   canceled, or this date is reached. If the request is persistent, it
-    #   remains active until it is canceled or this date is reached. The
-    #   default end date is 7 days from the current date.
+    #   The end date of the request, in UTC format
+    #   (*YYYY*-*MM*-*DD*T*HH*\:*MM*\:*SS*Z).
+    #
+    #   * For a persistent request, the request remains active until the
+    #     `ValidUntil` date and time is reached. Otherwise, the request
+    #     remains active until you cancel it.
+    #
+    #   * For a one-time request, the request remains active until all
+    #     instances launch, the request is canceled, or the `ValidUntil` date
+    #     and time is reached. By default, the request is valid for 7 days
+    #     from the date the request was created.
     #
     # @option params [Array<Types::TagSpecification>] :tag_specifications
     #   The key-value pair for tagging the Spot Instance request on creation.
@@ -36194,7 +36432,7 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   resp = client.reset_instance_attribute({
-    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     dry_run: false,
     #     instance_id: "InstanceId", # required
     #   })
@@ -36461,10 +36699,19 @@ module Aws::EC2
     end
 
     # \[VPC only\] Removes the specified egress rules from a security group
-    # for EC2-VPC. This action doesn't apply to security groups for use in
+    # for EC2-VPC. This action does not apply to security groups for use in
     # EC2-Classic. To remove a rule, the values that you specify (for
     # example, ports) must match the existing rule's values exactly.
     #
+    # <note markdown="1"> \[Default VPC\] If the values you specify do not match the existing
+    # rule's values, no error is returned, and the output describes the
+    # security group rules that were not revoked.
+    #
+    #  AWS recommends that you use DescribeSecurityGroups to verify that the
+    # rule has been removed.
+    #
+    #  </note>
+    #
     # Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or
     # source security group. For the TCP and UDP protocols, you must also
     # specify the destination port or range of ports. For the ICMP protocol,
@@ -36509,7 +36756,10 @@ module Aws::EC2
     #   Not supported. Use a set of IP permissions to specify a destination
     #   security group.
     #
-    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    # @return [Types::RevokeSecurityGroupEgressResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::RevokeSecurityGroupEgressResult#return #return} => Boolean
+    #   * {Types::RevokeSecurityGroupEgressResult#unknown_ip_permissions #unknown_ip_permissions} => Array&lt;Types::IpPermission&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -36560,6 +36810,31 @@ module Aws::EC2
     #     source_security_group_owner_id: "String",
     #   })
     #
+    # @example Response structure
+    #
+    #   resp.return #=> Boolean
+    #   resp.unknown_ip_permissions #=> Array
+    #   resp.unknown_ip_permissions[0].from_port #=> Integer
+    #   resp.unknown_ip_permissions[0].ip_protocol #=> String
+    #   resp.unknown_ip_permissions[0].ip_ranges #=> Array
+    #   resp.unknown_ip_permissions[0].ip_ranges[0].cidr_ip #=> String
+    #   resp.unknown_ip_permissions[0].ip_ranges[0].description #=> String
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges #=> Array
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges[0].cidr_ipv_6 #=> String
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges[0].description #=> String
+    #   resp.unknown_ip_permissions[0].prefix_list_ids #=> Array
+    #   resp.unknown_ip_permissions[0].prefix_list_ids[0].description #=> String
+    #   resp.unknown_ip_permissions[0].prefix_list_ids[0].prefix_list_id #=> String
+    #   resp.unknown_ip_permissions[0].to_port #=> Integer
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs #=> Array
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].description #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].group_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].group_name #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].peering_status #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].user_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].vpc_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].vpc_peering_connection_id #=> String
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupEgress AWS API Documentation
     #
     # @overload revoke_security_group_egress(params = {})
@@ -36573,9 +36848,12 @@ module Aws::EC2
     # rule, the values that you specify (for example, ports) must match the
     # existing rule's values exactly.
     #
-    # <note markdown="1"> \[EC2-Classic only\] If the values you specify do not match the
-    # existing rule's values, no error is returned. Use
-    # DescribeSecurityGroups to verify that the rule has been removed.
+    # <note markdown="1"> \[EC2-Classic , default VPC\] If the values you specify do not match
+    # the existing rule's values, no error is returned, and the output
+    # describes the security group rules that were not revoked.
+    #
+    #  AWS recommends that you use DescribeSecurityGroups to verify that the
+    # rule has been removed.
     #
     #  </note>
     #
@@ -36647,7 +36925,10 @@ module Aws::EC2
     #   If you have the required permissions, the error response is
     #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
     #
-    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    # @return [Types::RevokeSecurityGroupIngressResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::RevokeSecurityGroupIngressResult#return #return} => Boolean
+    #   * {Types::RevokeSecurityGroupIngressResult#unknown_ip_permissions #unknown_ip_permissions} => Array&lt;Types::IpPermission&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -36699,6 +36980,31 @@ module Aws::EC2
     #     dry_run: false,
     #   })
     #
+    # @example Response structure
+    #
+    #   resp.return #=> Boolean
+    #   resp.unknown_ip_permissions #=> Array
+    #   resp.unknown_ip_permissions[0].from_port #=> Integer
+    #   resp.unknown_ip_permissions[0].ip_protocol #=> String
+    #   resp.unknown_ip_permissions[0].ip_ranges #=> Array
+    #   resp.unknown_ip_permissions[0].ip_ranges[0].cidr_ip #=> String
+    #   resp.unknown_ip_permissions[0].ip_ranges[0].description #=> String
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges #=> Array
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges[0].cidr_ipv_6 #=> String
+    #   resp.unknown_ip_permissions[0].ipv_6_ranges[0].description #=> String
+    #   resp.unknown_ip_permissions[0].prefix_list_ids #=> Array
+    #   resp.unknown_ip_permissions[0].prefix_list_ids[0].description #=> String
+    #   resp.unknown_ip_permissions[0].prefix_list_ids[0].prefix_list_id #=> String
+    #   resp.unknown_ip_permissions[0].to_port #=> Integer
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs #=> Array
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].description #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].group_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].group_name #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].peering_status #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].user_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].vpc_id #=> String
+    #   resp.unknown_ip_permissions[0].user_id_group_pairs[0].vpc_peering_connection_id #=> String
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupIngress AWS API Documentation
     #
     # @overload revoke_security_group_ingress(params = {})
@@ -37081,6 +37387,9 @@ module Aws::EC2
     #   information, see [Hibernate your instance][1] in the *Amazon Elastic
     #   Compute Cloud User Guide*.
     #
+    #   You can't enable hibernation and AWS Nitro Enclaves on the same
+    #   instance.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html
@@ -37096,6 +37405,21 @@ module Aws::EC2
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
     #
+    # @option params [Types::EnclaveOptionsRequest] :enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    #   more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves requirements,
+    #   see [ AWS Nitro Enclaves][2] in the *Amazon Elastic Compute Cloud User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
+    #
     # @return [Types::Reservation] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::Reservation#groups #groups} => Array&lt;Types::GroupIdentifier&gt;
@@ -37296,6 +37620,9 @@ module Aws::EC2
     #       http_put_response_hop_limit: 1,
     #       http_endpoint: "disabled", # accepts disabled, enabled
     #     },
+    #     enclave_options: {
+    #       enabled: false,
+    #     },
     #   })
     #
     # @example Response structure
@@ -37420,6 +37747,7 @@ module Aws::EC2
     #   resp.instances[0].metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.instances[0].metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.instances[0].metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.instances[0].enclave_options.enabled #=> Boolean
     #   resp.owner_id #=> String
     #   resp.requester_id #=> String
     #   resp.reservation_id #=> String
@@ -38789,7 +39117,7 @@ module Aws::EC2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ec2'
-      context[:gem_version] = '1.199.0'
+      context[:gem_version] = '1.204.0'
       Seahorse::Client::Request.new(handlers, context)
     end