aws-sdk-ec2 1.420.0 → 1.423.0

data/lib/aws-sdk-ec2/types.rb

@@ -798,6 +798,10 @@ module Aws::EC2
     #   provisioned range.
     #   @return [String]
     #
+    # @!attribute [rw] asn
+    #   The public 2-byte or 4-byte ASN that you want to advertise.
+    #   @return [String]
+    #
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -809,6 +813,7 @@ module Aws::EC2
     #
     class AdvertiseByoipCidrRequest < Struct.new(
       :cidr,
+      :asn,
       :dry_run)
       SENSITIVE = []
       include Aws::Structure
@@ -1142,6 +1147,12 @@ module Aws::EC2
     #   A preview of the next available CIDR in a pool.
     #   @return [Boolean]
     #
+    # @!attribute [rw] allowed_cidrs
+    #   Include a particular CIDR range that can be returned by the pool.
+    #   Allowed CIDRs are only allowed if using netmask length for
+    #   allocation.
+    #   @return [Array<String>]
+    #
     # @!attribute [rw] disallowed_cidrs
     #   Exclude a particular CIDR range from being returned by the pool.
     #   Disallowed CIDRs are only allowed if using netmask length for
@@ -1158,6 +1169,7 @@ module Aws::EC2
       :client_token,
       :description,
       :preview_next_cidr,
+      :allowed_cidrs,
       :disallowed_cidrs)
       SENSITIVE = []
       include Aws::Structure
@@ -1555,6 +1567,62 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # An Autonomous System Number (ASN) and BYOIP CIDR association.
+    #
+    # @!attribute [rw] asn
+    #   The association's ASN.
+    #   @return [String]
+    #
+    # @!attribute [rw] cidr
+    #   The association's CIDR.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_message
+    #   The association's status message.
+    #   @return [String]
+    #
+    # @!attribute [rw] state
+    #   The association's state.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AsnAssociation AWS API Documentation
+    #
+    class AsnAssociation < Struct.new(
+      :asn,
+      :cidr,
+      :status_message,
+      :state)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides authorization for Amazon to bring an Autonomous System Number
+    # (ASN) to a specific Amazon Web Services account using bring your own
+    # ASN (BYOASN). For details on the format of the message and signature,
+    # see [Tutorial: Bring your ASN to IPAM][1] in the *Amazon VPC IPAM
+    # guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html
+    #
+    # @!attribute [rw] message
+    #   The authorization context's message.
+    #   @return [String]
+    #
+    # @!attribute [rw] signature
+    #   The authorization context's signature.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AsnAuthorizationContext AWS API Documentation
+    #
+    class AsnAuthorizationContext < Struct.new(
+      :message,
+      :signature)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] ipv_6_address_count
     #   The number of additional IPv6 addresses to assign to the network
     #   interface. The specified number of IPv6 addresses are assigned in
@@ -2027,6 +2095,43 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] asn
+    #   A public 2-byte or 4-byte ASN.
+    #   @return [String]
+    #
+    # @!attribute [rw] cidr
+    #   The BYOIP CIDR you want to associate with an ASN.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateIpamByoasnRequest AWS API Documentation
+    #
+    class AssociateIpamByoasnRequest < Struct.new(
+      :dry_run,
+      :asn,
+      :cidr)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] asn_association
+    #   The ASN and BYOIP CIDR association.
+    #   @return [Types::AsnAssociation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateIpamByoasnResult AWS API Documentation
+    #
+    class AssociateIpamByoasnResult < Struct.new(
+      :asn_association)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   A check for whether you have the required permissions for the action
     #   without actually making the request and provides an error response.
@@ -2176,19 +2281,28 @@ module Aws::EC2
     end
 
     # @!attribute [rw] ipv_6_cidr_block
-    #   The IPv6 CIDR block for your subnet. The subnet must have a /64
-    #   prefix length.
+    #   The IPv6 CIDR block for your subnet.
     #   @return [String]
     #
     # @!attribute [rw] subnet_id
     #   The ID of your subnet.
     #   @return [String]
     #
+    # @!attribute [rw] ipv_6_ipam_pool_id
+    #   An IPv6 IPAM pool ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] ipv_6_netmask_length
+    #   An IPv6 netmask length.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateSubnetCidrBlockRequest AWS API Documentation
     #
     class AssociateSubnetCidrBlockRequest < Struct.new(
       :ipv_6_cidr_block,
-      :subnet_id)
+      :subnet_id,
+      :ipv_6_ipam_pool_id,
+      :ipv_6_netmask_length)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2406,7 +2520,7 @@ module Aws::EC2
 
     # @!attribute [rw] amazon_provided_ipv_6_cidr_block
     #   Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length
-    #   for the VPC. You cannot specify the range of IPv6 addresses, or the
+    #   for the VPC. You cannot specify the range of IPv6 addresses or the
     #   size of the CIDR block.
     #   @return [Boolean]
     #
@@ -3646,6 +3760,35 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # The Autonomous System Number (ASN) and BYOIP CIDR association.
+    #
+    # @!attribute [rw] asn
+    #   A public 2-byte or 4-byte ASN.
+    #   @return [String]
+    #
+    # @!attribute [rw] ipam_id
+    #   An IPAM ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_message
+    #   The status message.
+    #   @return [String]
+    #
+    # @!attribute [rw] state
+    #   The provisioning state of the BYOASN.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Byoasn AWS API Documentation
+    #
+    class Byoasn < Struct.new(
+      :asn,
+      :ipam_id,
+      :status_message,
+      :state)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about an address range that is provisioned for use with
     # your Amazon Web Services resources through bring your own IP addresses
     # (BYOIP).
@@ -3658,6 +3801,10 @@ module Aws::EC2
     #   The description of the address range.
     #   @return [String]
     #
+    # @!attribute [rw] asn_associations
+    #   The BYOIP CIDR associations with ASNs.
+    #   @return [Array<Types::AsnAssociation>]
+    #
     # @!attribute [rw] status_message
     #   Upon success, contains the ID of the address pool. Otherwise,
     #   contains an error message.
@@ -3672,6 +3819,7 @@ module Aws::EC2
     class ByoipCidr < Struct.new(
       :cidr,
       :description,
+      :asn_associations,
       :status_message,
       :state)
       SENSITIVE = []
@@ -5885,6 +6033,156 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # A security group connection tracking configuration that enables you to
+    # set the idle timeout for connection tracking on an Elastic network
+    # interface. For more information, see [Connection tracking timeouts][1]
+    # in the *Amazon Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
+    #
+    # @!attribute [rw] tcp_established_timeout
+    #   Timeout (in seconds) for idle TCP connections in an established
+    #   state. Min: 60 seconds. Max: 432000 seconds (5 days). Default:
+    #   432000 seconds. Recommended: Less than 432000 seconds.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] udp_stream_timeout
+    #   Timeout (in seconds) for idle UDP flows classified as streams which
+    #   have seen more than one request-response transaction. Min: 60
+    #   seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] udp_timeout
+    #   Timeout (in seconds) for idle UDP flows that have seen traffic only
+    #   in a single direction or a single request-response transaction. Min:
+    #   30 seconds. Max: 60 seconds. Default: 30 seconds.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ConnectionTrackingConfiguration AWS API Documentation
+    #
+    class ConnectionTrackingConfiguration < Struct.new(
+      :tcp_established_timeout,
+      :udp_stream_timeout,
+      :udp_timeout)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A security group connection tracking specification that enables you to
+    # set the idle timeout for connection tracking on an Elastic network
+    # interface. For more information, see [Connection tracking timeouts][1]
+    # in the *Amazon Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
+    #
+    # @!attribute [rw] tcp_established_timeout
+    #   Timeout (in seconds) for idle TCP connections in an established
+    #   state. Min: 60 seconds. Max: 432000 seconds (5 days). Default:
+    #   432000 seconds. Recommended: Less than 432000 seconds.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] udp_timeout
+    #   Timeout (in seconds) for idle UDP flows that have seen traffic only
+    #   in a single direction or a single request-response transaction. Min:
+    #   30 seconds. Max: 60 seconds. Default: 30 seconds.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] udp_stream_timeout
+    #   Timeout (in seconds) for idle UDP flows classified as streams which
+    #   have seen more than one request-response transaction. Min: 60
+    #   seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ConnectionTrackingSpecification AWS API Documentation
+    #
+    class ConnectionTrackingSpecification < Struct.new(
+      :tcp_established_timeout,
+      :udp_timeout,
+      :udp_stream_timeout)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A security group connection tracking specification request that
+    # enables you to set the idle timeout for connection tracking on an
+    # Elastic network interface. For more information, see [Connection
+    # tracking timeouts][1] in the *Amazon Elastic Compute Cloud User
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
+    #
+    # @!attribute [rw] tcp_established_timeout
+    #   Timeout (in seconds) for idle TCP connections in an established
+    #   state. Min: 60 seconds. Max: 432000 seconds (5 days). Default:
+    #   432000 seconds. Recommended: Less than 432000 seconds.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] udp_stream_timeout
+    #   Timeout (in seconds) for idle UDP flows classified as streams which
+    #   have seen more than one request-response transaction. Min: 60
+    #   seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] udp_timeout
+    #   Timeout (in seconds) for idle UDP flows that have seen traffic only
+    #   in a single direction or a single request-response transaction. Min:
+    #   30 seconds. Max: 60 seconds. Default: 30 seconds.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ConnectionTrackingSpecificationRequest AWS API Documentation
+    #
+    class ConnectionTrackingSpecificationRequest < Struct.new(
+      :tcp_established_timeout,
+      :udp_stream_timeout,
+      :udp_timeout)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A security group connection tracking specification response that
+    # enables you to set the idle timeout for connection tracking on an
+    # Elastic network interface. For more information, see [Connection
+    # tracking timeouts][1] in the *Amazon Elastic Compute Cloud User
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
+    #
+    # @!attribute [rw] tcp_established_timeout
+    #   Timeout (in seconds) for idle TCP connections in an established
+    #   state. Min: 60 seconds. Max: 432000 seconds (5 days). Default:
+    #   432000 seconds. Recommended: Less than 432000 seconds.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] udp_stream_timeout
+    #   Timeout (in seconds) for idle UDP flows classified as streams which
+    #   have seen more than one request-response transaction. Min: 60
+    #   seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] udp_timeout
+    #   Timeout (in seconds) for idle UDP flows that have seen traffic only
+    #   in a single direction or a single request-response transaction. Min:
+    #   30 seconds. Max: 60 seconds. Default: 30 seconds.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ConnectionTrackingSpecificationResponse AWS API Documentation
+    #
+    class ConnectionTrackingSpecificationResponse < Struct.new(
+      :tcp_established_timeout,
+      :udp_stream_timeout,
+      :udp_timeout)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes a conversion task.
     #
     # @!attribute [rw] conversion_task_id
@@ -8263,6 +8561,10 @@ module Aws::EC2
     #   [2]: https://docs.aws.amazon.com/vpc/latest/ipam/quotas-ipam.html
     #   @return [String]
     #
+    # @!attribute [rw] source_resource
+    #   The resource used to provision CIDRs to a resource planning pool.
+    #   @return [Types::IpamPoolSourceResourceRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateIpamPoolRequest AWS API Documentation
     #
     class CreateIpamPoolRequest < Struct.new(
@@ -8281,7 +8583,8 @@ module Aws::EC2
       :tag_specifications,
       :client_token,
       :aws_service,
-      :public_ip_source)
+      :public_ip_source,
+      :source_resource)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8344,6 +8647,17 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
     #   @return [String]
     #
+    # @!attribute [rw] tier
+    #   IPAM is offered in a Free Tier and an Advanced Tier. For more
+    #   information about the features available in each tier and the costs
+    #   associated with the tiers, see [Amazon VPC pricing &gt; IPAM
+    #   tab][1].
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/vpc/pricing/
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateIpamRequest AWS API Documentation
     #
     class CreateIpamRequest < Struct.new(
@@ -8351,7 +8665,8 @@ module Aws::EC2
       :description,
       :operating_regions,
       :tag_specifications,
-      :client_token)
+      :client_token,
+      :tier)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9535,6 +9850,10 @@ module Aws::EC2
     #   ENI becomes the primary IPv6 address.
     #   @return [Boolean]
     #
+    # @!attribute [rw] connection_tracking_specification
+    #   A connection tracking specification for the network interface.
+    #   @return [Types::ConnectionTrackingSpecificationRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkInterfaceRequest AWS API Documentation
     #
     class CreateNetworkInterfaceRequest < Struct.new(
@@ -9554,7 +9873,8 @@ module Aws::EC2
       :subnet_id,
       :tag_specifications,
       :client_token,
-      :enable_primary_ipv_6)
+      :enable_primary_ipv_6,
+      :connection_tracking_specification)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10400,10 +10720,8 @@ module Aws::EC2
     #   @return [String]
     #
     # @!attribute [rw] ipv_6_cidr_block
-    #   The IPv6 network range for the subnet, in CIDR notation. The subnet
-    #   size must use a /64 prefix length.
-    #
-    #   This parameter is required for an IPv6 only subnet.
+    #   The IPv6 network range for the subnet, in CIDR notation. This
+    #   parameter is required for an IPv6 only subnet.
     #   @return [String]
     #
     # @!attribute [rw] outpost_arn
@@ -10427,6 +10745,22 @@ module Aws::EC2
     #   Indicates whether to create an IPv6 only subnet.
     #   @return [Boolean]
     #
+    # @!attribute [rw] ipv_4_ipam_pool_id
+    #   An IPv4 IPAM pool ID for the subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] ipv_4_netmask_length
+    #   An IPv4 netmask length for the subnet.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] ipv_6_ipam_pool_id
+    #   An IPv6 IPAM pool ID for the subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] ipv_6_netmask_length
+    #   An IPv6 netmask length for the subnet.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSubnetRequest AWS API Documentation
     #
     class CreateSubnetRequest < Struct.new(
@@ -10438,7 +10772,11 @@ module Aws::EC2
       :outpost_arn,
       :vpc_id,
       :dry_run,
-      :ipv_6_native)
+      :ipv_6_native,
+      :ipv_4_ipam_pool_id,
+      :ipv_4_netmask_length,
+      :ipv_6_ipam_pool_id,
+      :ipv_6_netmask_length)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -11753,10 +12091,16 @@ module Aws::EC2
     #   The ID of the tenant application with the device-identity provider.
     #   @return [String]
     #
+    # @!attribute [rw] public_signing_key_url
+    #   The URL Amazon Web Services Verified Access will use to verify the
+    #   authenticity of the device tokens.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessTrustProviderDeviceOptions AWS API Documentation
     #
     class CreateVerifiedAccessTrustProviderDeviceOptions < Struct.new(
-      :tenant_id)
+      :tenant_id,
+      :public_signing_key_url)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -13449,11 +13793,22 @@ module Aws::EC2
     #   The ID of the pool to delete.
     #   @return [String]
     #
+    # @!attribute [rw] cascade
+    #   Enables you to quickly delete an IPAM pool and all resources within
+    #   that pool, including provisioned CIDRs, allocations, and other
+    #   pools.
+    #
+    #   You can only use this option to delete pools in the private scope or
+    #   pools in the public scope with a source resource. A source resource
+    #   is a resource used to provision CIDRs to a resource planning pool.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteIpamPoolRequest AWS API Documentation
     #
     class DeleteIpamPoolRequest < Struct.new(
       :dry_run,
-      :ipam_pool_id)
+      :ipam_pool_id,
+      :cascade)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -15500,6 +15855,43 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] ipam_id
+    #   The IPAM ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] asn
+    #   An ASN.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeprovisionIpamByoasnRequest AWS API Documentation
+    #
+    class DeprovisionIpamByoasnRequest < Struct.new(
+      :dry_run,
+      :ipam_id,
+      :asn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] byoasn
+    #   An ASN and BYOIP CIDR association.
+    #   @return [Types::Byoasn]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeprovisionIpamByoasnResult AWS API Documentation
+    #
+    class DeprovisionIpamByoasnResult < Struct.new(
+      :byoasn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   A check for whether you have the required permissions for the action
     #   without actually making the request and provides an error response.
@@ -20389,6 +20781,51 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return with a single call. To
+    #   retrieve the remaining results, make another call with the returned
+    #   `nextToken` value.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next page of results.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIpamByoasnRequest AWS API Documentation
+    #
+    class DescribeIpamByoasnRequest < Struct.new(
+      :dry_run,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] byoasns
+    #   ASN and BYOIP CIDR associations.
+    #   @return [Array<Types::Byoasn>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to use to retrieve the next page of results. This value is
+    #   `null` when there are no more results to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIpamByoasnResult AWS API Documentation
+    #
+    class DescribeIpamByoasnResult < Struct.new(
+      :byoasns,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   A check for whether you have the required permissions for the action
     #   without actually making the request and provides an error response.
@@ -21453,6 +21890,73 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] filters
+    #   The filters.
+    #
+    #   * `lock-state` - The state of the snapshot lock
+    #     (`compliance-cooloff` \| `governance` \| `compliance` \|
+    #     `expired`).
+    #
+    #   ^
+    #   @return [Array<Types::Filter>]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of items to return for this request. To get the
+    #   next page of items, make another request with the token returned in
+    #   the output. For more information, see [Pagination][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token returned from a previous paginated request. Pagination
+    #   continues from the end of the items returned by the previous
+    #   request.
+    #   @return [String]
+    #
+    # @!attribute [rw] snapshot_ids
+    #   The IDs of the snapshots for which to view the lock status.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLockedSnapshotsRequest AWS API Documentation
+    #
+    class DescribeLockedSnapshotsRequest < Struct.new(
+      :filters,
+      :max_results,
+      :next_token,
+      :snapshot_ids,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] snapshots
+    #   Information about the snapshots.
+    #   @return [Array<Types::LockedSnapshotsInfo>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to include in another request to get the next page of
+    #   items. This value is `null` when there are no more items to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLockedSnapshotsResult AWS API Documentation
+    #
+    class DescribeLockedSnapshotsResult < Struct.new(
+      :snapshots,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -27699,10 +28203,16 @@ module Aws::EC2
     #   The ID of the tenant application with the device-identity provider.
     #   @return [String]
     #
+    # @!attribute [rw] public_signing_key_url
+    #   The URL Amazon Web Services Verified Access will use to verify the
+    #   authenticity of the device tokens.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeviceOptions AWS API Documentation
     #
     class DeviceOptions < Struct.new(
-      :tenant_id)
+      :tenant_id,
+      :public_signing_key_url)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -28645,6 +29155,43 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] asn
+    #   A public 2-byte or 4-byte ASN.
+    #   @return [String]
+    #
+    # @!attribute [rw] cidr
+    #   A BYOIP CIDR.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateIpamByoasnRequest AWS API Documentation
+    #
+    class DisassociateIpamByoasnRequest < Struct.new(
+      :dry_run,
+      :asn,
+      :cidr)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] asn_association
+    #   An ASN and BYOIP CIDR association.
+    #   @return [Types::AsnAssociation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateIpamByoasnResult AWS API Documentation
+    #
+    class DisassociateIpamByoasnResult < Struct.new(
+      :asn_association)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   A check for whether you have the required permissions for the action
     #   without actually making the request and provides an error response.
@@ -33915,6 +34462,70 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   A check for whether you have the required permissions for the action
+    #   without actually making the request and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] ipam_resource_discovery_id
+    #   An IPAM resource discovery ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] address_region
+    #   The Amazon Web Services Region for the IP address.
+    #   @return [String]
+    #
+    # @!attribute [rw] filters
+    #   Filters.
+    #   @return [Array<Types::Filter>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next page of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of IPAM discovered public addresses to return in
+    #   one page of results.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetIpamDiscoveredPublicAddressesRequest AWS API Documentation
+    #
+    class GetIpamDiscoveredPublicAddressesRequest < Struct.new(
+      :dry_run,
+      :ipam_resource_discovery_id,
+      :address_region,
+      :filters,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] ipam_discovered_public_addresses
+    #   IPAM discovered public addresses.
+    #   @return [Array<Types::IpamDiscoveredPublicAddress>]
+    #
+    # @!attribute [rw] oldest_sample_time
+    #   The oldest successful resource discovery time.
+    #   @return [Time]
+    #
+    # @!attribute [rw] next_token
+    #   The token to use to retrieve the next page of results. This value is
+    #   `null` when there are no more results to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetIpamDiscoveredPublicAddressesResult AWS API Documentation
+    #
+    class GetIpamDiscoveredPublicAddressesResult < Struct.new(
+      :ipam_discovered_public_addresses,
+      :oldest_sample_time,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   A check for whether you have the required permissions for the action
     #   without actually making the request and provides an error response.
@@ -37661,7 +38272,8 @@ module Aws::EC2
     #   @return [Types::Placement]
     #
     # @!attribute [rw] platform
-    #   The value is `Windows` for Windows instances; otherwise blank.
+    #   The platform. This value is `windows` for Windows instances;
+    #   otherwise, it is empty.
     #   @return [String]
     #
     # @!attribute [rw] private_dns_name
@@ -38902,6 +39514,17 @@ module Aws::EC2
     #   interface.
     #   @return [Array<Types::InstanceIpv6Prefix>]
     #
+    # @!attribute [rw] connection_tracking_configuration
+    #   A security group connection tracking configuration that enables you
+    #   to set the timeout for connection tracking on an Elastic network
+    #   interface. For more information, see [Connection tracking
+    #   timeouts][1] in the *Amazon Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
+    #   @return [Types::ConnectionTrackingSpecificationResponse]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceNetworkInterface AWS API Documentation
     #
     class InstanceNetworkInterface < Struct.new(
@@ -38922,7 +39545,8 @@ module Aws::EC2
       :vpc_id,
       :interface_type,
       :ipv_4_prefixes,
-      :ipv_6_prefixes)
+      :ipv_6_prefixes,
+      :connection_tracking_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -39180,6 +39804,17 @@ module Aws::EC2
     #   attached to the instance.
     #   @return [Types::EnaSrdSpecificationRequest]
     #
+    # @!attribute [rw] connection_tracking_specification
+    #   A security group connection tracking specification that enables you
+    #   to set the timeout for connection tracking on an Elastic network
+    #   interface. For more information, see [Connection tracking
+    #   timeouts][1] in the *Amazon Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
+    #   @return [Types::ConnectionTrackingSpecificationRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceNetworkInterfaceSpecification AWS API Documentation
     #
     class InstanceNetworkInterfaceSpecification < Struct.new(
@@ -39203,7 +39838,8 @@ module Aws::EC2
       :ipv_6_prefixes,
       :ipv_6_prefix_count,
       :primary_ipv_6,
-      :ena_srd_specification)
+      :ena_srd_specification,
+      :connection_tracking_specification)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -40906,6 +41542,21 @@ module Aws::EC2
     #   The IPAM's resource discovery association count.
     #   @return [Integer]
     #
+    # @!attribute [rw] state_message
+    #   The state message.
+    #   @return [String]
+    #
+    # @!attribute [rw] tier
+    #   IPAM is offered in a Free Tier and an Advanced Tier. For more
+    #   information about the features available in each tier and the costs
+    #   associated with the tiers, see [Amazon VPC pricing &gt; IPAM
+    #   tab][1].
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/vpc/pricing/
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Ipam AWS API Documentation
     #
     class Ipam < Struct.new(
@@ -40922,7 +41573,9 @@ module Aws::EC2
       :tags,
       :default_resource_discovery_id,
       :default_resource_discovery_association_id,
-      :resource_discovery_association_count)
+      :resource_discovery_association_count,
+      :state_message,
+      :tier)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -41073,6 +41726,118 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # A public IP Address discovered by IPAM.
+    #
+    # @!attribute [rw] ipam_resource_discovery_id
+    #   The resource discovery ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] address_region
+    #   The Region of the resource the IP address is assigned to.
+    #   @return [String]
+    #
+    # @!attribute [rw] address
+    #   The IP address.
+    #   @return [String]
+    #
+    # @!attribute [rw] address_owner_id
+    #   The ID of the owner of the resource the IP address is assigned to.
+    #   @return [String]
+    #
+    # @!attribute [rw] address_allocation_id
+    #   The allocation ID of the resource the IP address is assigned to.
+    #   @return [String]
+    #
+    # @!attribute [rw] association_status
+    #   The association status.
+    #   @return [String]
+    #
+    # @!attribute [rw] address_type
+    #   The IP address type.
+    #   @return [String]
+    #
+    # @!attribute [rw] service
+    #   The Amazon Web Services service associated with the IP address.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_resource
+    #   The resource ARN or ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   The ID of the VPC that the resource with the assigned IP address is
+    #   in.
+    #   @return [String]
+    #
+    # @!attribute [rw] subnet_id
+    #   The ID of the subnet that the resource with the assigned IP address
+    #   is in.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_ipv_4_pool_id
+    #   The ID of the public IPv4 pool that the resource with the assigned
+    #   IP address is from.
+    #   @return [String]
+    #
+    # @!attribute [rw] network_interface_id
+    #   The network interface ID of the resource with the assigned IP
+    #   address.
+    #   @return [String]
+    #
+    # @!attribute [rw] network_interface_description
+    #   The description of the network interface that IP address is assigned
+    #   to.
+    #   @return [String]
+    #
+    # @!attribute [rw] instance_id
+    #   The instance ID of the instance the assigned IP address is assigned
+    #   to.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   Tags associated with the IP address.
+    #   @return [Types::IpamPublicAddressTags]
+    #
+    # @!attribute [rw] network_border_group
+    #   The network border group that the resource that the IP address is
+    #   assigned to is in.
+    #   @return [String]
+    #
+    # @!attribute [rw] security_groups
+    #   Security groups associated with the resource that the IP address is
+    #   assigned to.
+    #   @return [Array<Types::IpamPublicAddressSecurityGroup>]
+    #
+    # @!attribute [rw] sample_time
+    #   The last successful resource discovery time.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IpamDiscoveredPublicAddress AWS API Documentation
+    #
+    class IpamDiscoveredPublicAddress < Struct.new(
+      :ipam_resource_discovery_id,
+      :address_region,
+      :address,
+      :address_owner_id,
+      :address_allocation_id,
+      :association_status,
+      :address_type,
+      :service,
+      :service_resource,
+      :vpc_id,
+      :subnet_id,
+      :public_ipv_4_pool_id,
+      :network_interface_id,
+      :network_interface_description,
+      :instance_id,
+      :tags,
+      :network_border_group,
+      :security_groups,
+      :sample_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An IPAM discovered resource CIDR. A discovered resource is a resource
     # CIDR monitored under a resource discovery. The following resources can
     # be discovered: VPCs, Public IPv4 pools, VPC subnets, and Elastic IP
@@ -41289,7 +42054,7 @@ module Aws::EC2
     #   @return [String]
     #
     # @!attribute [rw] state_message
-    #   A message related to the failed creation of an IPAM pool.
+    #   The state message.
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -41380,6 +42145,10 @@ module Aws::EC2
     #   [2]: https://docs.aws.amazon.com/vpc/latest/ipam/quotas-ipam.html
     #   @return [String]
     #
+    # @!attribute [rw] source_resource
+    #   The resource used to provision CIDRs to a resource planning pool.
+    #   @return [Types::IpamPoolSourceResource]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IpamPool AWS API Documentation
     #
     class IpamPool < Struct.new(
@@ -41405,7 +42174,8 @@ module Aws::EC2
       :allocation_resource_tags,
       :tags,
       :aws_service,
-      :public_ip_source)
+      :public_ip_source,
+      :source_resource)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -41519,6 +42289,116 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # The resource used to provision CIDRs to a resource planning pool.
+    #
+    # @!attribute [rw] resource_id
+    #   The source resource ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The source resource type.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_region
+    #   The source resource Region.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_owner
+    #   The source resource owner.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IpamPoolSourceResource AWS API Documentation
+    #
+    class IpamPoolSourceResource < Struct.new(
+      :resource_id,
+      :resource_type,
+      :resource_region,
+      :resource_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The resource used to provision CIDRs to a resource planning pool.
+    #
+    # @!attribute [rw] resource_id
+    #   The source resource ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The source resource type.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_region
+    #   The source resource Region.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_owner
+    #   The source resource owner.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IpamPoolSourceResourceRequest AWS API Documentation
+    #
+    class IpamPoolSourceResourceRequest < Struct.new(
+      :resource_id,
+      :resource_type,
+      :resource_region,
+      :resource_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The security group that the resource with the public IP address is in.
+    #
+    # @!attribute [rw] group_name
+    #   The security group's name.
+    #   @return [String]
+    #
+    # @!attribute [rw] group_id
+    #   The security group's ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IpamPublicAddressSecurityGroup AWS API Documentation
+    #
+    class IpamPublicAddressSecurityGroup < Struct.new(
+      :group_name,
+      :group_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A tag for a public IP address discovered by IPAM.
+    #
+    # @!attribute [rw] key
+    #   The tag's key.
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The tag's value.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IpamPublicAddressTag AWS API Documentation
+    #
+    class IpamPublicAddressTag < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Tags for a public IP address discovered by IPAM.
+    #
+    # @!attribute [rw] eip_tags
+    #   Tags for an Elastic IP address.
+    #   @return [Array<Types::IpamPublicAddressTag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IpamPublicAddressTags AWS API Documentation
+    #
+    class IpamPublicAddressTags < Struct.new(
+      :eip_tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The CIDR for an IPAM resource.
     #
     # @!attribute [rw] ipam_id
@@ -43390,6 +44270,17 @@ module Aws::EC2
     #   launch template.
     #   @return [Types::LaunchTemplateEnaSrdSpecification]
     #
+    # @!attribute [rw] connection_tracking_specification
+    #   A security group connection tracking specification that enables you
+    #   to set the timeout for connection tracking on an Elastic network
+    #   interface. For more information, see [Connection tracking
+    #   timeouts][1] in the *Amazon Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
+    #   @return [Types::ConnectionTrackingSpecification]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateInstanceNetworkInterfaceSpecification AWS API Documentation
     #
     class LaunchTemplateInstanceNetworkInterfaceSpecification < Struct.new(
@@ -43413,7 +44304,8 @@ module Aws::EC2
       :ipv_6_prefixes,
       :ipv_6_prefix_count,
       :primary_ipv_6,
-      :ena_srd_specification)
+      :ena_srd_specification,
+      :connection_tracking_specification)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -43549,6 +44441,17 @@ module Aws::EC2
     #   Configure ENA Express settings for your launch template.
     #   @return [Types::EnaSrdSpecificationRequest]
     #
+    # @!attribute [rw] connection_tracking_specification
+    #   A security group connection tracking specification that enables you
+    #   to set the timeout for connection tracking on an Elastic network
+    #   interface. For more information, see [Connection tracking
+    #   timeouts][1] in the *Amazon Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
+    #   @return [Types::ConnectionTrackingSpecificationRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateInstanceNetworkInterfaceSpecificationRequest AWS API Documentation
     #
     class LaunchTemplateInstanceNetworkInterfaceSpecificationRequest < Struct.new(
@@ -43572,7 +44475,8 @@ module Aws::EC2
       :ipv_6_prefixes,
       :ipv_6_prefix_count,
       :primary_ipv_6,
-      :ena_srd_specification)
+      :ena_srd_specification,
+      :connection_tracking_specification)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -44694,6 +45598,251 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] snapshot_id
+    #   The ID of the snapshot to lock.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] lock_mode
+    #   The mode in which to lock the snapshot. Specify one of the
+    #   following:
+    #
+    #   * `governance` - Locks the snapshot in governance mode. Snapshots
+    #     locked in governance mode can't be deleted until one of the
+    #     following conditions are met:
+    #
+    #     * The lock duration expires.
+    #
+    #     * The snapshot is unlocked by a user with the appropriate
+    #       permissions.
+    #
+    #     Users with the appropriate IAM permissions can unlock the
+    #     snapshot, increase or decrease the lock duration, and change the
+    #     lock mode to `compliance` at any time.
+    #
+    #     If you lock a snapshot in `governance` mode, omit <b>
+    #     CoolOffPeriod</b>.
+    #
+    #   * `compliance` - Locks the snapshot in compliance mode. Snapshots
+    #     locked in compliance mode can't be unlocked by any user. They can
+    #     be deleted only after the lock duration expires. Users can't
+    #     decrease the lock duration or change the lock mode to
+    #     `governance`. However, users with appropriate IAM permissions can
+    #     increase the lock duration at any time.
+    #
+    #     If you lock a snapshot in `compliance` mode, you can optionally
+    #     specify **CoolOffPeriod**.
+    #   @return [String]
+    #
+    # @!attribute [rw] cool_off_period
+    #   The cooling-off period during which you can unlock the snapshot or
+    #   modify the lock settings after locking the snapshot in compliance
+    #   mode, in hours. After the cooling-off period expires, you can't
+    #   unlock or delete the snapshot, decrease the lock duration, or change
+    #   the lock mode. You can increase the lock duration after the
+    #   cooling-off period expires.
+    #
+    #   The cooling-off period is optional when locking a snapshot in
+    #   compliance mode. If you are locking the snapshot in governance mode,
+    #   omit this parameter.
+    #
+    #   To lock the snapshot in compliance mode immediately without a
+    #   cooling-off period, omit this parameter.
+    #
+    #   If you are extending the lock duration for a snapshot that is locked
+    #   in compliance mode after the cooling-off period has expired, omit
+    #   this parameter. If you specify a cooling-period in a such a request,
+    #   the request fails.
+    #
+    #   Allowed values: Min 1, max 72.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] lock_duration
+    #   The period of time for which to lock the snapshot, in days. The
+    #   snapshot lock will automatically expire after this period lapses.
+    #
+    #   You must specify either this parameter or **ExpirationDate**, but
+    #   not both.
+    #
+    #   Allowed values: Min: 1, max 36500
+    #   @return [Integer]
+    #
+    # @!attribute [rw] expiration_date
+    #   The date and time at which the snapshot lock is to automatically
+    #   expire, in the UTC time zone (`YYYY-MM-DDThh:mm:ss.sssZ`).
+    #
+    #   You must specify either this parameter or **LockDuration**, but not
+    #   both.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LockSnapshotRequest AWS API Documentation
+    #
+    class LockSnapshotRequest < Struct.new(
+      :snapshot_id,
+      :dry_run,
+      :lock_mode,
+      :cool_off_period,
+      :lock_duration,
+      :expiration_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] snapshot_id
+    #   The ID of the snapshot
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_state
+    #   The state of the snapshot lock. Valid states include:
+    #
+    #   * `compliance-cooloff` - The snapshot has been locked in compliance
+    #     mode but it is still within the cooling-off period. The snapshot
+    #     can't be deleted, but it can be unlocked and the lock settings
+    #     can be modified by users with appropriate permissions.
+    #
+    #   * `governance` - The snapshot is locked in governance mode. The
+    #     snapshot can't be deleted, but it can be unlocked and the lock
+    #     settings can be modified by users with appropriate permissions.
+    #
+    #   * `compliance` - The snapshot is locked in compliance mode and the
+    #     cooling-off period has expired. The snapshot can't be unlocked or
+    #     deleted. The lock duration can only be increased by users with
+    #     appropriate permissions.
+    #
+    #   * `expired` - The snapshot was locked in compliance or governance
+    #     mode but the lock duration has expired. The snapshot is not locked
+    #     and can be deleted.
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_duration
+    #   The period of time for which the snapshot is locked, in days.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] cool_off_period
+    #   The compliance mode cooling-off period, in hours.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] cool_off_period_expires_on
+    #   The date and time at which the compliance mode cooling-off period
+    #   expires, in the UTC time zone (`YYYY-MM-DDThh:mm:ss.sssZ`).
+    #   @return [Time]
+    #
+    # @!attribute [rw] lock_created_on
+    #   The date and time at which the snapshot was locked, in the UTC time
+    #   zone (`YYYY-MM-DDThh:mm:ss.sssZ`).
+    #   @return [Time]
+    #
+    # @!attribute [rw] lock_expires_on
+    #   The date and time at which the lock will expire, in the UTC time
+    #   zone (`YYYY-MM-DDThh:mm:ss.sssZ`).
+    #   @return [Time]
+    #
+    # @!attribute [rw] lock_duration_start_time
+    #   The date and time at which the lock duration started, in the UTC
+    #   time zone (`YYYY-MM-DDThh:mm:ss.sssZ`).
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LockSnapshotResult AWS API Documentation
+    #
+    class LockSnapshotResult < Struct.new(
+      :snapshot_id,
+      :lock_state,
+      :lock_duration,
+      :cool_off_period,
+      :cool_off_period_expires_on,
+      :lock_created_on,
+      :lock_expires_on,
+      :lock_duration_start_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about a locked snapshot.
+    #
+    # @!attribute [rw] owner_id
+    #   The account ID of the Amazon Web Services account that owns the
+    #   snapshot.
+    #   @return [String]
+    #
+    # @!attribute [rw] snapshot_id
+    #   The ID of the snapshot.
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_state
+    #   The state of the snapshot lock. Valid states include:
+    #
+    #   * `compliance-cooloff` - The snapshot has been locked in compliance
+    #     mode but it is still within the cooling-off period. The snapshot
+    #     can't be deleted, but it can be unlocked and the lock settings
+    #     can be modified by users with appropriate permissions.
+    #
+    #   * `governance` - The snapshot is locked in governance mode. The
+    #     snapshot can't be deleted, but it can be unlocked and the lock
+    #     settings can be modified by users with appropriate permissions.
+    #
+    #   * `compliance` - The snapshot is locked in compliance mode and the
+    #     cooling-off period has expired. The snapshot can't be unlocked or
+    #     deleted. The lock duration can only be increased by users with
+    #     appropriate permissions.
+    #
+    #   * `expired` - The snapshot was locked in compliance or governance
+    #     mode but the lock duration has expired. The snapshot is not locked
+    #     and can be deleted.
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_duration
+    #   The period of time for which the snapshot is locked, in days.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] cool_off_period
+    #   The compliance mode cooling-off period, in hours.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] cool_off_period_expires_on
+    #   The date and time at which the compliance mode cooling-off period
+    #   expires, in the UTC time zone (`YYYY-MM-DDThh:mm:ss.sssZ`).
+    #   @return [Time]
+    #
+    # @!attribute [rw] lock_created_on
+    #   The date and time at which the snapshot was locked, in the UTC time
+    #   zone (`YYYY-MM-DDThh:mm:ss.sssZ`).
+    #   @return [Time]
+    #
+    # @!attribute [rw] lock_duration_start_time
+    #   The date and time at which the lock duration started, in the UTC
+    #   time zone (`YYYY-MM-DDThh:mm:ss.sssZ`).
+    #
+    #   If you lock a snapshot that is in the `pending` state, the lock
+    #   duration starts only once the snapshot enters the `completed` state.
+    #   @return [Time]
+    #
+    # @!attribute [rw] lock_expires_on
+    #   The date and time at which the lock will expire, in the UTC time
+    #   zone (`YYYY-MM-DDThh:mm:ss.sssZ`).
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LockedSnapshotsInfo AWS API Documentation
+    #
+    class LockedSnapshotsInfo < Struct.new(
+      :owner_id,
+      :snapshot_id,
+      :lock_state,
+      :lock_duration,
+      :cool_off_period,
+      :cool_off_period_expires_on,
+      :lock_created_on,
+      :lock_duration_start_time,
+      :lock_expires_on)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details for Site-to-Site VPN tunnel endpoint maintenance events.
     #
     # @!attribute [rw] pending_maintenance
@@ -46480,6 +47629,17 @@ module Aws::EC2
     #   The operating Regions to remove.
     #   @return [Array<Types::RemoveIpamOperatingRegion>]
     #
+    # @!attribute [rw] tier
+    #   IPAM is offered in a Free Tier and an Advanced Tier. For more
+    #   information about the features available in each tier and the costs
+    #   associated with the tiers, see [Amazon VPC pricing &gt; IPAM
+    #   tab][1].
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/vpc/pricing/
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyIpamRequest AWS API Documentation
     #
     class ModifyIpamRequest < Struct.new(
@@ -46487,7 +47647,8 @@ module Aws::EC2
       :ipam_id,
       :description,
       :add_operating_regions,
-      :remove_operating_regions)
+      :remove_operating_regions,
+      :tier)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -46894,6 +48055,10 @@ module Aws::EC2
     #   ENI becomes the primary IPv6 address.
     #   @return [Boolean]
     #
+    # @!attribute [rw] connection_tracking_specification
+    #   A connection tracking specification.
+    #   @return [Types::ConnectionTrackingSpecificationRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyNetworkInterfaceAttributeRequest AWS API Documentation
     #
     class ModifyNetworkInterfaceAttributeRequest < Struct.new(
@@ -46904,7 +48069,8 @@ module Aws::EC2
       :network_interface_id,
       :source_dest_check,
       :ena_srd_specification,
-      :enable_primary_ipv_6)
+      :enable_primary_ipv_6,
+      :connection_tracking_specification)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -48151,6 +49317,22 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Modifies the configuration of the specified device-based Amazon Web
+    # Services Verified Access trust provider.
+    #
+    # @!attribute [rw] public_signing_key_url
+    #   The URL Amazon Web Services Verified Access will use to verify the
+    #   authenticity of the device tokens.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessTrustProviderDeviceOptions AWS API Documentation
+    #
+    class ModifyVerifiedAccessTrustProviderDeviceOptions < Struct.new(
+      :public_signing_key_url)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Options for an OpenID Connect-compatible user-identity trust provider.
     #
     # @!attribute [rw] issuer
@@ -48206,6 +49388,11 @@ module Aws::EC2
     #   provider.
     #   @return [Types::ModifyVerifiedAccessTrustProviderOidcOptions]
     #
+    # @!attribute [rw] device_options
+    #   The options for a device-based trust provider. This parameter is
+    #   required when the provider type is `device`.
+    #   @return [Types::ModifyVerifiedAccessTrustProviderDeviceOptions]
+    #
     # @!attribute [rw] description
     #   A description for the Verified Access trust provider.
     #   @return [String]
@@ -48239,6 +49426,7 @@ module Aws::EC2
     class ModifyVerifiedAccessTrustProviderRequest < Struct.new(
       :verified_access_trust_provider_id,
       :oidc_options,
+      :device_options,
       :description,
       :dry_run,
       :client_token,
@@ -50185,6 +51373,17 @@ module Aws::EC2
     #   The Availability Zone.
     #   @return [String]
     #
+    # @!attribute [rw] connection_tracking_configuration
+    #   A security group connection tracking configuration that enables you
+    #   to set the timeout for connection tracking on an Elastic network
+    #   interface. For more information, see [Connection tracking
+    #   timeouts][1] in the *Amazon Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
+    #   @return [Types::ConnectionTrackingConfiguration]
+    #
     # @!attribute [rw] description
     #   A description.
     #   @return [String]
@@ -50292,6 +51491,7 @@ module Aws::EC2
       :association,
       :attachment,
       :availability_zone,
+      :connection_tracking_configuration,
       :description,
       :groups,
       :interface_type,
@@ -52130,6 +53330,48 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] ipam_id
+    #   An IPAM ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] asn
+    #   A public 2-byte or 4-byte ASN.
+    #   @return [String]
+    #
+    # @!attribute [rw] asn_authorization_context
+    #   An ASN authorization context.
+    #   @return [Types::AsnAuthorizationContext]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ProvisionIpamByoasnRequest AWS API Documentation
+    #
+    class ProvisionIpamByoasnRequest < Struct.new(
+      :dry_run,
+      :ipam_id,
+      :asn,
+      :asn_authorization_context)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] byoasn
+    #   An ASN and BYOIP CIDR association.
+    #   @return [Types::Byoasn]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ProvisionIpamByoasnResult AWS API Documentation
+    #
+    class ProvisionIpamByoasnResult < Struct.new(
+      :byoasn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   A check for whether you have the required permissions for the action
     #   without actually making the request and provides an error response.
@@ -63641,11 +64883,6 @@ module Aws::EC2
       include Aws::Structure
     end
 
-    # <note markdown="1"> Currently available in **limited preview only**. If you are interested
-    # in using this feature, contact your account manager.
-    #
-    #  </note>
-    #
     # Information about an association between a branch network interface
     # with a trunk network interface.
     #
@@ -63938,6 +65175,38 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] snapshot_id
+    #   The ID of the snapshot to unlock.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnlockSnapshotRequest AWS API Documentation
+    #
+    class UnlockSnapshotRequest < Struct.new(
+      :snapshot_id,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] snapshot_id
+    #   The ID of the snapshot.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnlockSnapshotResult AWS API Documentation
+    #
+    class UnlockSnapshotResult < Struct.new(
+      :snapshot_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] instance_ids
     #   The IDs of the instances.
     #   @return [Array<String>]