aws-sdk-ec2 1.199.0 → 1.204.0

data/lib/aws-sdk-ec2/subnet.rb

@@ -422,6 +422,9 @@ module Aws::EC2
     #       http_put_response_hop_limit: 1,
     #       http_endpoint: "disabled", # accepts disabled, enabled
     #     },
+    #     enclave_options: {
+    #       enabled: false,
+    #     },
     #   })
     # @param [Hash] options ({})
     # @option options [Array<Types::BlockDeviceMapping>] :block_device_mappings
@@ -689,6 +692,9 @@ module Aws::EC2
     #   information, see [Hibernate your instance][1] in the *Amazon Elastic
     #   Compute Cloud User Guide*.
     #
+    #   You can't enable hibernation and AWS Nitro Enclaves on the same
+    #   instance.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html
@@ -701,6 +707,20 @@ module Aws::EC2
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
+    # @option options [Types::EnclaveOptionsRequest] :enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    #   more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves requirements,
+    #   see [ AWS Nitro Enclaves][2] in the *Amazon Elastic Compute Cloud User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
     # @return [Instance::Collection]
     def create_instances(options = {})
       batch = []

data/lib/aws-sdk-ec2/types.rb

@@ -1109,6 +1109,67 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass AssociateEnclaveCertificateIamRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_arn: "ResourceArn",
+    #         role_arn: "ResourceArn",
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] certificate_arn
+    #   The ARN of the ACM certificate with which to associate the IAM role.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The ARN of the IAM role to associate with the ACM certificate. You
+    #   can associate up to 16 IAM roles with an ACM certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateEnclaveCertificateIamRoleRequest AWS API Documentation
+    #
+    class AssociateEnclaveCertificateIamRoleRequest < Struct.new(
+      :certificate_arn,
+      :role_arn,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] certificate_s3_bucket_name
+    #   The name of the Amazon S3 bucket to which the certificate was
+    #   uploaded.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_s3_object_key
+    #   The Amazon S3 object key where the certificate, certificate chain,
+    #   and encrypted private key bundle are stored. The object key is
+    #   formatted as follows: `certificate_arn`/`role_arn`.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_kms_key_id
+    #   The ID of the AWS Key Management Service (KMS) key used to encrypt
+    #   the private key of the certificate.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateEnclaveCertificateIamRoleResult AWS API Documentation
+    #
+    class AssociateEnclaveCertificateIamRoleResult < Struct.new(
+      :certificate_s3_bucket_name,
+      :certificate_s3_object_key,
+      :encryption_kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass AssociateIamInstanceProfileRequest
     #   data as a hash:
     #
@@ -1435,6 +1496,38 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Information about the associated IAM roles.
+    #
+    # @!attribute [rw] associated_role_arn
+    #   The ARN of the associated IAM role.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_s3_bucket_name
+    #   The name of the Amazon S3 bucket in which the Amazon S3 object is
+    #   stored.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_s3_object_key
+    #   The key of the Amazon S3 object ey where the certificate,
+    #   certificate chain, and encrypted private key bundle is stored. The
+    #   object key is formated as follows: `certificate_arn`/`role_arn`.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_kms_key_id
+    #   The ID of the KMS key used to encrypt the private key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociatedRole AWS API Documentation
+    #
+    class AssociatedRole < Struct.new(
+      :associated_role_arn,
+      :certificate_s3_bucket_name,
+      :certificate_s3_object_key,
+      :encryption_kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes a target network that is associated with a Client VPN
     # endpoint. A target network is a subnet in a VPC.
     #
@@ -3613,7 +3706,7 @@ module Aws::EC2
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/authentication-authrization.html#client-authentication
+    # [1]: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html
     #
     # @!attribute [rw] type
     #   The authentication type used.
@@ -3663,6 +3756,7 @@ module Aws::EC2
     #         },
     #         federated_authentication: {
     #           saml_provider_arn: "String",
+    #           self_service_saml_provider_arn: "String",
     #         },
     #       }
     #
@@ -3907,6 +4001,10 @@ module Aws::EC2
     #   The ID of the VPC.
     #   @return [String]
     #
+    # @!attribute [rw] self_service_portal_url
+    #   The URL of the self-service portal.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ClientVpnEndpoint AWS API Documentation
     #
     class ClientVpnEndpoint < Struct.new(
@@ -3928,7 +4026,8 @@ module Aws::EC2
       :connection_log_options,
       :tags,
       :security_group_ids,
-      :vpc_id)
+      :vpc_id,
+      :self_service_portal_url)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4977,6 +5076,7 @@ module Aws::EC2
     #             },
     #             federated_authentication: {
     #               saml_provider_arn: "String",
+    #               self_service_saml_provider_arn: "String",
     #             },
     #           },
     #         ],
@@ -5005,6 +5105,7 @@ module Aws::EC2
     #         ],
     #         security_group_ids: ["SecurityGroupId"],
     #         vpc_id: "VpcId",
+    #         self_service_portal: "enabled", # accepts enabled, disabled
     #       }
     #
     # @!attribute [rw] client_cidr_block
@@ -5123,6 +5224,13 @@ module Aws::EC2
     #   security group for the VPC is applied.
     #   @return [String]
     #
+    # @!attribute [rw] self_service_portal
+    #   Specify whether to enable the self-service portal for the Client VPN
+    #   endpoint.
+    #
+    #   Default Value: `enabled`
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateClientVpnEndpointRequest AWS API Documentation
     #
     class CreateClientVpnEndpointRequest < Struct.new(
@@ -5139,7 +5247,8 @@ module Aws::EC2
       :client_token,
       :tag_specifications,
       :security_group_ids,
-      :vpc_id)
+      :vpc_id,
+      :self_service_portal)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6536,6 +6645,9 @@ module Aws::EC2
     #             http_put_response_hop_limit: 1,
     #             http_endpoint: "disabled", # accepts disabled, enabled
     #           },
+    #           enclave_options: {
+    #             enabled: false,
+    #           },
     #         },
     #         tag_specifications: [
     #           {
@@ -6758,6 +6870,9 @@ module Aws::EC2
     #             http_put_response_hop_limit: 1,
     #             http_endpoint: "disabled", # accepts disabled, enabled
     #           },
+    #           enclave_options: {
+    #             enabled: false,
+    #           },
     #         },
     #       }
     #
@@ -8054,7 +8169,13 @@ module Aws::EC2
     #       }
     #
     # @!attribute [rw] bucket
-    #   The Amazon S3 bucket in which to store the Spot Instance data feed.
+    #   The name of the Amazon S3 bucket in which to store the Spot Instance
+    #   data feed. For more information about bucket names, see [Rules for
+    #   bucket naming][1] in the *Amazon S3 Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules
     #   @return [String]
     #
     # @!attribute [rw] dry_run
@@ -8065,7 +8186,7 @@ module Aws::EC2
     #   @return [Boolean]
     #
     # @!attribute [rw] prefix
-    #   A prefix for the data feed file names.
+    #   The prefix for the data feed file names.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSpotDatafeedSubscriptionRequest AWS API Documentation
@@ -9077,6 +9198,7 @@ module Aws::EC2
     #         options: {
     #           dns_support: "enable", # accepts enable, disable
     #           ipv_6_support: "enable", # accepts enable, disable
+    #           appliance_mode_support: "enable", # accepts enable, disable
     #         },
     #         tag_specifications: [
     #           {
@@ -9143,6 +9265,7 @@ module Aws::EC2
     #       {
     #         dns_support: "enable", # accepts enable, disable
     #         ipv_6_support: "enable", # accepts enable, disable
+    #         appliance_mode_support: "enable", # accepts enable, disable
     #       }
     #
     # @!attribute [rw] dns_support
@@ -9153,11 +9276,19 @@ module Aws::EC2
     #   Enable or disable IPv6 support. The default is `enable`.
     #   @return [String]
     #
+    # @!attribute [rw] appliance_mode_support
+    #   Enable or disable support for appliance mode. If enabled, a traffic
+    #   flow between a source and destination uses the same Availability
+    #   Zone for the VPC attachment for the lifetime of that flow. The
+    #   default is `disable`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayVpcAttachmentRequestOptions AWS API Documentation
     #
     class CreateTransitGatewayVpcAttachmentRequestOptions < Struct.new(
       :dns_support,
-      :ipv_6_support)
+      :ipv_6_support,
+      :appliance_mode_support)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -15806,7 +15937,7 @@ module Aws::EC2
     #   data as a hash:
     #
     #       {
-    #         attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #         attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #         dry_run: false,
     #         instance_id: "InstanceId", # required
     #       }
@@ -16215,26 +16346,26 @@ module Aws::EC2
     #     baseline bandwidth performance for an EBS-optimized instance type,
     #     in Mbps.
     #
-    #   * `ebs-info.ebs-optimized-info.baseline-throughput-in-mbps` - The
-    #     baseline throughput performance for an EBS-optimized instance
-    #     type, in MBps.
-    #
     #   * `ebs-info.ebs-optimized-info.baseline-iops` - The baseline
     #     input/output storage operations per second for an EBS-optimized
     #     instance type.
     #
+    #   * `ebs-info.ebs-optimized-info.baseline-throughput-in-mbps` - The
+    #     baseline throughput performance for an EBS-optimized instance
+    #     type, in MBps.
+    #
     #   * `ebs-info.ebs-optimized-info.maximum-bandwidth-in-mbps` - The
     #     maximum bandwidth performance for an EBS-optimized instance type,
     #     in Mbps.
     #
-    #   * `ebs-info.ebs-optimized-info.maximum-throughput-in-mbps` - The
-    #     maximum throughput performance for an EBS-optimized instance type,
-    #     in MBps.
-    #
     #   * `ebs-info.ebs-optimized-info.maximum-iops` - The maximum
     #     input/output storage operations per second for an EBS-optimized
     #     instance type.
     #
+    #   * `ebs-info.ebs-optimized-info.maximum-throughput-in-mbps` - The
+    #     maximum throughput performance for an EBS-optimized instance type,
+    #     in MBps.
+    #
     #   * `ebs-info.ebs-optimized-support` - Indicates whether the instance
     #     type is EBS-optimized. (`supported` \| `unsupported` \| `default`)
     #
@@ -16242,7 +16373,7 @@ module Aws::EC2
     #     is supported. (`supported` \| `unsupported`)
     #
     #   * `ebs-info.nvme-support` - Indicates whether non-volatile memory
-    #     express (NVMe) is supported or required. (`required` \|
+    #     express (NVMe) is supported for EBS volumes. (`required` \|
     #     `supported` \| `unsupported`)
     #
     #   * `free-tier-eligible` - Indicates whether the instance type is
@@ -16251,7 +16382,7 @@ module Aws::EC2
     #   * `hibernation-supported` - Indicates whether On-Demand hibernation
     #     is supported. (`true` \| `false`)
     #
-    #   * `hypervisor` - The hypervisor used. (`nitro` \| `xen`)
+    #   * `hypervisor` - The hypervisor. (`nitro` \| `xen`)
     #
     #   * `instance-storage-info.disk.count` - The number of local disks.
     #
@@ -16261,21 +16392,28 @@ module Aws::EC2
     #   * `instance-storage-info.disk.type` - The storage technology for the
     #     local instance storage disks. (`hdd` \| `ssd`)
     #
+    #   * `instance-storage-info.nvme-support` - Indicates whether
+    #     non-volatile memory express (NVMe) is supported for instance
+    #     store. (`required` \| `supported`) \| `unsupported`)
+    #
     #   * `instance-storage-info.total-size-in-gb` - The total amount of
     #     storage available from all local instance storage, in GB.
     #
     #   * `instance-storage-supported` - Indicates whether the instance type
     #     has local instance storage. (`true` \| `false`)
     #
+    #   * `instance-type` - The instance type (for example `c5.2xlarge` or
+    #     c5*).
+    #
     #   * `memory-info.size-in-mib` - The memory size.
     #
+    #   * `network-info.efa-supported` - Indicates whether the instance type
+    #     supports Elastic Fabric Adapter (EFA). (`true` \| `false`)
+    #
     #   * `network-info.ena-support` - Indicates whether Elastic Network
     #     Adapter (ENA) is supported or required. (`required` \| `supported`
     #     \| `unsupported`)
     #
-    #   * `network-info.efa-supported` - Indicates whether the instance type
-    #     supports Elastic Fabric Adapter (EFA). (`true` \| `false`)
-    #
     #   * `network-info.ipv4-addresses-per-interface` - The maximum number
     #     of private IPv4 addresses per network interface.
     #
@@ -16288,12 +16426,23 @@ module Aws::EC2
     #   * `network-info.maximum-network-interfaces` - The maximum number of
     #     network interfaces per instance.
     #
-    #   * `network-info.network-performance` - Describes the network
-    #     performance.
+    #   * `network-info.network-performance` - The network performance (for
+    #     example, "25 Gigabit").
+    #
+    #   * `processor-info.supported-architecture` - The CPU architecture.
+    #     (`arm64` \| `i386` \| `x86_64`)
     #
     #   * `processor-info.sustained-clock-speed-in-ghz` - The CPU clock
     #     speed, in GHz.
     #
+    #   * `supported-root-device-type` - The root device type. (`ebs` \|
+    #     `instance-store`)
+    #
+    #   * `supported-usage-class` - The usage class. (`on-demand` \| `spot`)
+    #
+    #   * `supported-virtualization-type` - The virtualization type. (`hvm`
+    #     \| `paravirtual`)
+    #
     #   * `vcpu-info.default-cores` - The default number of cores for the
     #     instance type.
     #
@@ -16302,6 +16451,13 @@ module Aws::EC2
     #
     #   * `vcpu-info.default-vcpus` - The default number of vCPUs for the
     #     instance type.
+    #
+    #   * `vcpu-info.valid-cores` - The number of cores that can be
+    #     configured for the instance type.
+    #
+    #   * `vcpu-info.valid-threads-per-core` - The number of threads per
+    #     core that can be configured for the instance type. For example,
+    #     "1" or "1,2".
     #   @return [Array<Types::Filter>]
     #
     # @!attribute [rw] max_results
@@ -20474,8 +20630,10 @@ module Aws::EC2
     #   * `instance-type` - The type of instance (for example, `m3.medium`).
     #
     #   * `product-description` - The product description for the Spot price
-    #     (`Linux/UNIX` \| `SUSE Linux` \| `Windows` \| `Linux/UNIX (Amazon
-    #     VPC)` \| `SUSE Linux (Amazon VPC)` \| `Windows (Amazon VPC)`).
+    #     (`Linux/UNIX` \| `Red Hat Enterprise Linux` \| `SUSE Linux` \|
+    #     `Windows` \| `Linux/UNIX (Amazon VPC)` \| `Red Hat Enterprise
+    #     Linux (Amazon VPC)` \| `SUSE Linux (Amazon VPC)` \| `Windows
+    #     (Amazon VPC)`).
     #
     #   * `spot-price` - The Spot price. The value must match exactly (or
     #     use wildcards; greater than or less than comparison is not
@@ -23928,6 +24086,54 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DisassociateEnclaveCertificateIamRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_arn: "ResourceArn",
+    #         role_arn: "ResourceArn",
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] certificate_arn
+    #   The ARN of the ACM certificate from which to disassociate the IAM
+    #   role.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The ARN of the IAM role to disassociate.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateEnclaveCertificateIamRoleRequest AWS API Documentation
+    #
+    class DisassociateEnclaveCertificateIamRoleRequest < Struct.new(
+      :certificate_arn,
+      :role_arn,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] return
+    #   Returns `true` if the request succeeds; otherwise, it returns an
+    #   error.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateEnclaveCertificateIamRoleResult AWS API Documentation
+    #
+    class DisassociateEnclaveCertificateIamRoleResult < Struct.new(
+      :return)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DisassociateIamInstanceProfileRequest
     #   data as a hash:
     #
@@ -25282,6 +25488,49 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #
+    # @!attribute [rw] enabled
+    #   If this parameter is set to `true`, the instance is enabled for AWS
+    #   Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnclaveOptions AWS API Documentation
+    #
+    class EnclaveOptions < Struct.new(
+      :enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    # more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    # Compute Cloud User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #
+    # @note When making an API call, you may pass EnclaveOptionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         enabled: false,
+    #       }
+    #
+    # @!attribute [rw] enabled
+    #   To enable the instance for AWS Nitro Enclaves, set this parameter to
+    #   `true`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnclaveOptionsRequest AWS API Documentation
+    #
+    class EnclaveOptionsRequest < Struct.new(
+      :enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes an EC2 Fleet or Spot Fleet event.
     #
     # @!attribute [rw] event_description
@@ -25924,17 +26173,23 @@ module Aws::EC2
       include Aws::Structure
     end
 
-    # Describes the IAM SAML identity provider used for federated
+    # Describes the IAM SAML identity providers used for federated
     # authentication.
     #
     # @!attribute [rw] saml_provider_arn
     #   The Amazon Resource Name (ARN) of the IAM SAML identity provider.
     #   @return [String]
     #
+    # @!attribute [rw] self_service_saml_provider_arn
+    #   The Amazon Resource Name (ARN) of the IAM SAML identity provider for
+    #   the self-service portal.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/FederatedAuthentication AWS API Documentation
     #
     class FederatedAuthentication < Struct.new(
-      :saml_provider_arn)
+      :saml_provider_arn,
+      :self_service_saml_provider_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -25946,16 +26201,23 @@ module Aws::EC2
     #
     #       {
     #         saml_provider_arn: "String",
+    #         self_service_saml_provider_arn: "String",
     #       }
     #
     # @!attribute [rw] saml_provider_arn
     #   The Amazon Resource Name (ARN) of the IAM SAML identity provider.
     #   @return [String]
     #
+    # @!attribute [rw] self_service_saml_provider_arn
+    #   The Amazon Resource Name (ARN) of the IAM SAML identity provider for
+    #   the self-service portal.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/FederatedAuthenticationRequest AWS API Documentation
     #
     class FederatedAuthenticationRequest < Struct.new(
-      :saml_provider_arn)
+      :saml_provider_arn,
+      :self_service_saml_provider_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -26769,6 +27031,47 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetAssociatedEnclaveCertificateIamRolesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_arn: "ResourceArn",
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] certificate_arn
+    #   The ARN of the ACM certificate for which to view the associated IAM
+    #   roles, encryption keys, and Amazon S3 object information.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAssociatedEnclaveCertificateIamRolesRequest AWS API Documentation
+    #
+    class GetAssociatedEnclaveCertificateIamRolesRequest < Struct.new(
+      :certificate_arn,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] associated_roles
+    #   Information about the associated IAM roles.
+    #   @return [Array<Types::AssociatedRole>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAssociatedEnclaveCertificateIamRolesResult AWS API Documentation
+    #
+    class GetAssociatedEnclaveCertificateIamRolesResult < Struct.new(
+      :associated_roles)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetAssociatedIpv6PoolCidrsRequest
     #   data as a hash:
     #
@@ -30408,6 +30711,10 @@ module Aws::EC2
     #   The metadata options for the instance.
     #   @return [Types::InstanceMetadataOptionsResponse]
     #
+    # @!attribute [rw] enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #   @return [Types::EnclaveOptions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Instance AWS API Documentation
     #
     class Instance < Struct.new(
@@ -30457,7 +30764,8 @@ module Aws::EC2
       :capacity_reservation_specification,
       :hibernation_options,
       :licenses,
-      :metadata_options)
+      :metadata_options,
+      :enclave_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -30481,6 +30789,11 @@ module Aws::EC2
     #   Indicates whether enhanced networking with ENA is enabled.
     #   @return [Types::AttributeBooleanValue]
     #
+    # @!attribute [rw] enclave_options
+    #   To enable the instance for AWS Nitro Enclaves, set this parameter to
+    #   `true`; otherwise, set it to `false`.
+    #   @return [Types::EnclaveOptions]
+    #
     # @!attribute [rw] ebs_optimized
     #   Indicates whether the instance is optimized for Amazon EBS I/O.
     #   @return [Types::AttributeBooleanValue]
@@ -30539,6 +30852,7 @@ module Aws::EC2
       :block_device_mappings,
       :disable_api_termination,
       :ena_support,
+      :enclave_options,
       :ebs_optimized,
       :instance_id,
       :instance_initiated_shutdown_behavior,
@@ -31573,11 +31887,17 @@ module Aws::EC2
     #   Array describing the disks that are available for the instance type.
     #   @return [Array<Types::DiskInfo>]
     #
+    # @!attribute [rw] nvme_support
+    #   Indicates whether non-volatile memory express (NVMe) is supported
+    #   for instance store.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceStorageInfo AWS API Documentation
     #
     class InstanceStorageInfo < Struct.new(
       :total_size_in_gb,
-      :disks)
+      :disks,
+      :nvme_support)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -32803,6 +33123,49 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #
+    # @!attribute [rw] enabled
+    #   If this parameter is set to `true`, the instance is enabled for AWS
+    #   Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateEnclaveOptions AWS API Documentation
+    #
+    class LaunchTemplateEnclaveOptions < Struct.new(
+      :enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    # more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    # Compute Cloud User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #
+    # @note When making an API call, you may pass LaunchTemplateEnclaveOptionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         enabled: false,
+    #       }
+    #
+    # @!attribute [rw] enabled
+    #   To enable the instance for AWS Nitro Enclaves, set this parameter to
+    #   `true`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateEnclaveOptionsRequest AWS API Documentation
+    #
+    class LaunchTemplateEnclaveOptionsRequest < Struct.new(
+      :enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Indicates whether an instance is configured for hibernation.
     #
     # @!attribute [rw] configured
@@ -34497,6 +34860,7 @@ module Aws::EC2
     #         dry_run: false,
     #         security_group_ids: ["SecurityGroupId"],
     #         vpc_id: "VpcId",
+    #         self_service_portal: "enabled", # accepts enabled, disabled
     #       }
     #
     # @!attribute [rw] client_vpn_endpoint_id
@@ -34570,6 +34934,11 @@ module Aws::EC2
     #   The ID of the VPC to associate with the Client VPN endpoint.
     #   @return [String]
     #
+    # @!attribute [rw] self_service_portal
+    #   Specify whether to enable the self-service portal for the Client VPN
+    #   endpoint.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyClientVpnEndpointRequest AWS API Documentation
     #
     class ModifyClientVpnEndpointRequest < Struct.new(
@@ -34582,7 +34951,8 @@ module Aws::EC2
       :split_tunnel,
       :dry_run,
       :security_group_ids,
-      :vpc_id)
+      :vpc_id,
+      :self_service_portal)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -35178,7 +35548,7 @@ module Aws::EC2
     #         source_dest_check: {
     #           value: false,
     #         },
-    #         attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #         attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #         block_device_mappings: [
     #           {
     #             device_name: "String",
@@ -36642,6 +37012,7 @@ module Aws::EC2
     #         options: {
     #           dns_support: "enable", # accepts enable, disable
     #           ipv_6_support: "enable", # accepts enable, disable
+    #           appliance_mode_support: "enable", # accepts enable, disable
     #         },
     #         dry_run: false,
     #       }
@@ -36694,6 +37065,7 @@ module Aws::EC2
     #       {
     #         dns_support: "enable", # accepts enable, disable
     #         ipv_6_support: "enable", # accepts enable, disable
+    #         appliance_mode_support: "enable", # accepts enable, disable
     #       }
     #
     # @!attribute [rw] dns_support
@@ -36704,11 +37076,19 @@ module Aws::EC2
     #   Enable or disable IPv6 support. The default is `enable`.
     #   @return [String]
     #
+    # @!attribute [rw] appliance_mode_support
+    #   Enable or disable support for appliance mode. If enabled, a traffic
+    #   flow between a source and destination uses the same Availability
+    #   Zone for the VPC attachment for the lifetime of that flow. The
+    #   default is `disable`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTransitGatewayVpcAttachmentRequestOptions AWS API Documentation
     #
     class ModifyTransitGatewayVpcAttachmentRequestOptions < Struct.new(
       :dns_support,
-      :ipv_6_support)
+      :ipv_6_support,
+      :appliance_mode_support)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -41514,6 +41894,9 @@ module Aws::EC2
     #           http_put_response_hop_limit: 1,
     #           http_endpoint: "disabled", # accepts disabled, enabled
     #         },
+    #         enclave_options: {
+    #           enabled: false,
+    #         },
     #       }
     #
     # @!attribute [rw] kernel_id
@@ -41720,6 +42103,22 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
     #   @return [Types::LaunchTemplateInstanceMetadataOptionsRequest]
     #
+    # @!attribute [rw] enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #   For more information, see [ AWS Nitro Enclaves][1] in the *Amazon
+    #   Elastic Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves
+    #   requirements, see [ AWS Nitro Enclaves][2] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
+    #   @return [Types::LaunchTemplateEnclaveOptionsRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestLaunchTemplateData AWS API Documentation
     #
     class RequestLaunchTemplateData < Struct.new(
@@ -41748,7 +42147,8 @@ module Aws::EC2
       :capacity_reservation_specification,
       :license_specifications,
       :hibernation_options,
-      :metadata_options)
+      :metadata_options,
+      :enclave_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -42086,6 +42486,10 @@ module Aws::EC2
     #
     #   You can't specify an Availability Zone group or a launch group if
     #   you specify a duration.
+    #
+    #   New accounts or accounts with no previous billing history with AWS
+    #   are not eligible for Spot Instances with a defined duration (also
+    #   known as Spot blocks).
     #   @return [Integer]
     #
     # @!attribute [rw] client_token
@@ -42147,11 +42551,17 @@ module Aws::EC2
     #   @return [Time]
     #
     # @!attribute [rw] valid_until
-    #   The end date of the request. If this is a one-time request, the
-    #   request remains active until all instances launch, the request is
-    #   canceled, or this date is reached. If the request is persistent, it
-    #   remains active until it is canceled or this date is reached. The
-    #   default end date is 7 days from the current date.
+    #   The end date of the request, in UTC format
+    #   (*YYYY*-*MM*-*DD*T*HH*\:*MM*\:*SS*Z).
+    #
+    #   * For a persistent request, the request remains active until the
+    #     `ValidUntil` date and time is reached. Otherwise, the request
+    #     remains active until you cancel it.
+    #
+    #   * For a one-time request, the request remains active until all
+    #     instances launch, the request is canceled, or the `ValidUntil`
+    #     date and time is reached. By default, the request is valid for 7
+    #     days from the date the request was created.
     #   @return [Time]
     #
     # @!attribute [rw] tag_specifications
@@ -42388,7 +42798,9 @@ module Aws::EC2
       include Aws::Structure
     end
 
-    # Describes a reservation.
+    # Describes a launch request for one or more instances, and includes
+    # owner, requester, and security group information that applies to all
+    # instances in the launch request.
     #
     # @!attribute [rw] groups
     #   \[EC2-Classic only\] The security groups.
@@ -43028,7 +43440,7 @@ module Aws::EC2
     #   data as a hash:
     #
     #       {
-    #         attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #         attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #         dry_run: false,
     #         instance_id: "InstanceId", # required
     #       }
@@ -43281,6 +43693,10 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
     #   @return [Types::LaunchTemplateInstanceMetadataOptions]
     #
+    # @!attribute [rw] enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #   @return [Types::LaunchTemplateEnclaveOptions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResponseLaunchTemplateData AWS API Documentation
     #
     class ResponseLaunchTemplateData < Struct.new(
@@ -43309,7 +43725,8 @@ module Aws::EC2
       :capacity_reservation_specification,
       :license_specifications,
       :hibernation_options,
-      :metadata_options)
+      :metadata_options,
+      :enclave_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -43581,6 +43998,25 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] return
+    #   Returns `true` if the request succeeds; otherwise, returns an error.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] unknown_ip_permissions
+    #   The outbound rules that were unknown to the service. In some cases,
+    #   `unknownIpPermissionSet` might be in a different format from the
+    #   request parameter.
+    #   @return [Array<Types::IpPermission>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupEgressResult AWS API Documentation
+    #
+    class RevokeSecurityGroupEgressResult < Struct.new(
+      :return,
+      :unknown_ip_permissions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass RevokeSecurityGroupIngressRequest
     #   data as a hash:
     #
@@ -43718,6 +44154,25 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] return
+    #   Returns `true` if the request succeeds; otherwise, returns an error.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] unknown_ip_permissions
+    #   The inbound rules that were unknown to the service. In some cases,
+    #   `unknownIpPermissionSet` might be in a different format from the
+    #   request parameter.
+    #   @return [Array<Types::IpPermission>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupIngressResult AWS API Documentation
+    #
+    class RevokeSecurityGroupIngressResult < Struct.new(
+      :return,
+      :unknown_ip_permissions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes a route in a route table.
     #
     # @!attribute [rw] destination_cidr_block
@@ -44093,6 +44548,9 @@ module Aws::EC2
     #           http_put_response_hop_limit: 1,
     #           http_endpoint: "disabled", # accepts disabled, enabled
     #         },
+    #         enclave_options: {
+    #           enabled: false,
+    #         },
     #       }
     #
     # @!attribute [rw] block_device_mappings
@@ -44437,6 +44895,9 @@ module Aws::EC2
     #   information, see [Hibernate your instance][1] in the *Amazon Elastic
     #   Compute Cloud User Guide*.
     #
+    #   You can't enable hibernation and AWS Nitro Enclaves on the same
+    #   instance.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html
@@ -44455,6 +44916,22 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
     #   @return [Types::InstanceMetadataOptionsRequest]
     #
+    # @!attribute [rw] enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #   For more information, see [ AWS Nitro Enclaves][1] in the *Amazon
+    #   Elastic Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves
+    #   requirements, see [ AWS Nitro Enclaves][2] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
+    #   @return [Types::EnclaveOptionsRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RunInstancesRequest AWS API Documentation
     #
     class RunInstancesRequest < Struct.new(
@@ -44493,7 +44970,8 @@ module Aws::EC2
       :capacity_reservation_specification,
       :hibernation_options,
       :license_specifications,
-      :metadata_options)
+      :metadata_options,
+      :enclave_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -46397,7 +46875,8 @@ module Aws::EC2
     # Describes the data feed for a Spot Instance.
     #
     # @!attribute [rw] bucket
-    #   The Amazon S3 bucket where the Spot Instance data feed is located.
+    #   The name of the Amazon S3 bucket where the Spot Instance data feed
+    #   is located.
     #   @return [String]
     #
     # @!attribute [rw] fault
@@ -46409,7 +46888,7 @@ module Aws::EC2
     #   @return [String]
     #
     # @!attribute [rw] prefix
-    #   The prefix that is prepended to data feed files.
+    #   The prefix for the data feed files.
     #   @return [String]
     #
     # @!attribute [rw] state
@@ -46429,7 +46908,8 @@ module Aws::EC2
     end
 
     # Describes the launch specification for one or more Spot Instances. If
-    # you include On-Demand capacity in your fleet request, you can't use
+    # you include On-Demand capacity in your fleet request or want to
+    # specify an EFA network device, you can't use
     # `SpotFleetLaunchSpecification`; you must use
     # [LaunchTemplateConfig][1].
     #
@@ -46584,6 +47064,16 @@ module Aws::EC2
     #   One or more network interfaces. If you specify a network interface,
     #   you must specify subnet IDs and security group IDs using the network
     #   interface.
+    #
+    #   <note markdown="1"> `SpotFleetLaunchSpecification` currently does not support Elastic
+    #   Fabric Adapter (EFA). To specify an EFA, you must use
+    #   [LaunchTemplateConfig][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_LaunchTemplateConfig.html
     #   @return [Array<Types::InstanceNetworkInterfaceSpecification>]
     #
     # @!attribute [rw] placement
@@ -47241,12 +47731,17 @@ module Aws::EC2
     #   @return [Time]
     #
     # @!attribute [rw] valid_until
-    #   The end date of the request, in UTC format (for example,
-    #   *YYYY*-*MM*-*DD*T*HH*\:*MM*\:*SS*Z). If this is a one-time request,
-    #   it remains active until all instances launch, the request is
-    #   canceled, or this date is reached. If the request is persistent, it
-    #   remains active until it is canceled or this date is reached. The
-    #   default end date is 7 days from the current date.
+    #   The end date of the request, in UTC format
+    #   (*YYYY*-*MM*-*DD*T*HH*\:*MM*\:*SS*Z).
+    #
+    #   * For a persistent request, the request remains active until the
+    #     `validUntil` date and time is reached. Otherwise, the request
+    #     remains active until you cancel it.
+    #
+    #   * For a one-time request, the request remains active until all
+    #     instances launch, the request is canceled, or the `validUntil`
+    #     date and time is reached. By default, the request is valid for 7
+    #     days from the date the request was created.
     #   @return [Time]
     #
     # @!attribute [rw] instance_interruption_behavior
@@ -47361,14 +47856,33 @@ module Aws::EC2
     #   The required duration for the Spot Instances (also known as Spot
     #   blocks), in minutes. This value must be a multiple of 60 (60, 120,
     #   180, 240, 300, or 360).
+    #
+    #   The duration period starts as soon as your Spot Instance receives
+    #   its instance ID. At the end of the duration period, Amazon EC2 marks
+    #   the Spot Instance for termination and provides a Spot Instance
+    #   termination notice, which gives the instance a two-minute warning
+    #   before it terminates.
+    #
+    #   You can't specify an Availability Zone group or a launch group if
+    #   you specify a duration.
+    #
+    #   New accounts or accounts with no previous billing history with AWS
+    #   are not eligible for Spot Instances with a defined duration (also
+    #   known as Spot blocks).
     #   @return [Integer]
     #
     # @!attribute [rw] valid_until
-    #   The end date of the request. For a one-time request, the request
-    #   remains active until all instances launch, the request is canceled,
-    #   or this date is reached. If the request is persistent, it remains
-    #   active until it is canceled or this date and time is reached. The
-    #   default end date is 7 days from the current date.
+    #   The end date of the request, in UTC format
+    #   (*YYYY*-*MM*-*DD*T*HH*\:*MM*\:*SS*Z). Supported only for persistent
+    #   requests.
+    #
+    #   * For a persistent request, the request remains active until the
+    #     `ValidUntil` date and time is reached. Otherwise, the request
+    #     remains active until you cancel it.
+    #
+    #   * For a one-time request, `ValidUntil` is not supported. The request
+    #     remains active until all instances launch or you cancel the
+    #     request.
     #   @return [Time]
     #
     # @!attribute [rw] instance_interruption_behavior
@@ -49886,11 +50400,16 @@ module Aws::EC2
     #   Indicates whether IPv6 support is disabled.
     #   @return [String]
     #
+    # @!attribute [rw] appliance_mode_support
+    #   Indicates whether appliance mode support is enabled.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TransitGatewayVpcAttachmentOptions AWS API Documentation
     #
     class TransitGatewayVpcAttachmentOptions < Struct.new(
       :dns_support,
-      :ipv_6_support)
+      :ipv_6_support,
+      :appliance_mode_support)
       SENSITIVE = []
       include Aws::Structure
     end