aws-sdk-ec2 1.431.0 → 1.522.0

data/lib/aws-sdk-ec2/security_group.rb

@@ -35,22 +35,28 @@ module Aws::EC2
     end
     alias :group_id :id
 
-    # A description of the security group.
-    # @return [String]
-    def description
-      data[:description]
+    # The outbound rules associated with the security group.
+    # @return [Array<Types::IpPermission>]
+    def ip_permissions_egress
+      data[:ip_permissions_egress]
     end
 
-    # The name of the security group.
+    # Any tags assigned to the security group.
+    # @return [Array<Types::Tag>]
+    def tags
+      data[:tags]
+    end
+
+    # The ID of the VPC for the security group.
     # @return [String]
-    def group_name
-      data[:group_name]
+    def vpc_id
+      data[:vpc_id]
     end
 
-    # The inbound rules associated with the security group.
-    # @return [Array<Types::IpPermission>]
-    def ip_permissions
-      data[:ip_permissions]
+    # The ARN of the security group.
+    # @return [String]
+    def security_group_arn
+      data[:security_group_arn]
     end
 
     # The Amazon Web Services account ID of the owner of the security group.
@@ -59,22 +65,22 @@ module Aws::EC2
       data[:owner_id]
     end
 
-    # The outbound rules associated with the security group.
-    # @return [Array<Types::IpPermission>]
-    def ip_permissions_egress
-      data[:ip_permissions_egress]
+    # The name of the security group.
+    # @return [String]
+    def group_name
+      data[:group_name]
     end
 
-    # Any tags assigned to the security group.
-    # @return [Array<Types::Tag>]
-    def tags
-      data[:tags]
+    # A description of the security group.
+    # @return [String]
+    def description
+      data[:description]
     end
 
-    # The ID of the VPC for the security group.
-    # @return [String]
-    def vpc_id
-      data[:vpc_id]
+    # The inbound rules associated with the security group.
+    # @return [Array<Types::IpPermission>]
+    def ip_permissions
+      data[:ip_permissions]
     end
 
     # @!endgroup
@@ -91,7 +97,7 @@ module Aws::EC2
     #
     # @return [self]
     def load
-      resp = Aws::Plugins::UserAgent.feature('resource') do
+      resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.describe_security_groups(group_ids: [@id])
       end
       @data = resp.security_groups[0]
@@ -208,7 +214,7 @@ module Aws::EC2
           :retry
         end
       end
-      Aws::Plugins::UserAgent.feature('resource') do
+      Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         Aws::Waiters::Waiter.new(options).wait({})
       end
     end
@@ -218,91 +224,87 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   security_group.authorize_egress({
+    #     tag_specifications: [
+    #       {
+    #         resource_type: "capacity-reservation", # accepts capacity-reservation, client-vpn-endpoint, customer-gateway, carrier-gateway, coip-pool, declarative-policies-report, dedicated-host, dhcp-options, egress-only-internet-gateway, elastic-ip, elastic-gpu, export-image-task, export-instance-task, fleet, fpga-image, host-reservation, image, import-image-task, import-snapshot-task, instance, instance-event-window, internet-gateway, ipam, ipam-pool, ipam-scope, ipv4pool-ec2, ipv6pool-ec2, key-pair, launch-template, local-gateway, local-gateway-route-table, local-gateway-virtual-interface, local-gateway-virtual-interface-group, local-gateway-route-table-vpc-association, local-gateway-route-table-virtual-interface-group-association, natgateway, network-acl, network-interface, network-insights-analysis, network-insights-path, network-insights-access-scope, network-insights-access-scope-analysis, outpost-lag, placement-group, prefix-list, replace-root-volume-task, reserved-instances, route-table, security-group, security-group-rule, service-link-virtual-interface, snapshot, spot-fleet-request, spot-instances-request, subnet, subnet-cidr-reservation, traffic-mirror-filter, traffic-mirror-session, traffic-mirror-target, transit-gateway, transit-gateway-attachment, transit-gateway-connect-peer, transit-gateway-multicast-domain, transit-gateway-policy-table, transit-gateway-route-table, transit-gateway-route-table-announcement, volume, vpc, vpc-endpoint, vpc-endpoint-connection, vpc-endpoint-service, vpc-endpoint-service-permission, vpc-peering-connection, vpn-connection, vpn-gateway, vpc-flow-log, capacity-reservation-fleet, traffic-mirror-filter-rule, vpc-endpoint-connection-device-type, verified-access-instance, verified-access-group, verified-access-endpoint, verified-access-policy, verified-access-trust-provider, vpn-connection-device-type, vpc-block-public-access-exclusion, route-server, route-server-endpoint, route-server-peer, ipam-resource-discovery, ipam-resource-discovery-association, instance-connect-endpoint, verified-access-endpoint-target, ipam-external-resource-verification-token
+    #         tags: [
+    #           {
+    #             key: "String",
+    #             value: "String",
+    #           },
+    #         ],
+    #       },
+    #     ],
     #     dry_run: false,
+    #     source_security_group_name: "String",
+    #     source_security_group_owner_id: "String",
+    #     ip_protocol: "String",
+    #     from_port: 1,
+    #     to_port: 1,
+    #     cidr_ip: "String",
     #     ip_permissions: [
     #       {
-    #         from_port: 1,
     #         ip_protocol: "String",
-    #         ip_ranges: [
+    #         from_port: 1,
+    #         to_port: 1,
+    #         user_id_group_pairs: [
     #           {
-    #             cidr_ip: "String",
     #             description: "String",
+    #             user_id: "String",
+    #             group_name: "String",
+    #             group_id: "String",
+    #             vpc_id: "String",
+    #             vpc_peering_connection_id: "String",
+    #             peering_status: "String",
     #           },
     #         ],
-    #         ipv_6_ranges: [
+    #         ip_ranges: [
     #           {
-    #             cidr_ipv_6: "String",
     #             description: "String",
+    #             cidr_ip: "String",
     #           },
     #         ],
-    #         prefix_list_ids: [
+    #         ipv_6_ranges: [
     #           {
     #             description: "String",
-    #             prefix_list_id: "String",
+    #             cidr_ipv_6: "String",
     #           },
     #         ],
-    #         to_port: 1,
-    #         user_id_group_pairs: [
+    #         prefix_list_ids: [
     #           {
     #             description: "String",
-    #             group_id: "String",
-    #             group_name: "String",
-    #             peering_status: "String",
-    #             user_id: "String",
-    #             vpc_id: "String",
-    #             vpc_peering_connection_id: "String",
-    #           },
-    #         ],
-    #       },
-    #     ],
-    #     tag_specifications: [
-    #       {
-    #         resource_type: "capacity-reservation", # accepts capacity-reservation, client-vpn-endpoint, customer-gateway, carrier-gateway, coip-pool, dedicated-host, dhcp-options, egress-only-internet-gateway, elastic-ip, elastic-gpu, export-image-task, export-instance-task, fleet, fpga-image, host-reservation, image, import-image-task, import-snapshot-task, instance, instance-event-window, internet-gateway, ipam, ipam-pool, ipam-scope, ipv4pool-ec2, ipv6pool-ec2, key-pair, launch-template, local-gateway, local-gateway-route-table, local-gateway-virtual-interface, local-gateway-virtual-interface-group, local-gateway-route-table-vpc-association, local-gateway-route-table-virtual-interface-group-association, natgateway, network-acl, network-interface, network-insights-analysis, network-insights-path, network-insights-access-scope, network-insights-access-scope-analysis, placement-group, prefix-list, replace-root-volume-task, reserved-instances, route-table, security-group, security-group-rule, snapshot, spot-fleet-request, spot-instances-request, subnet, subnet-cidr-reservation, traffic-mirror-filter, traffic-mirror-session, traffic-mirror-target, transit-gateway, transit-gateway-attachment, transit-gateway-connect-peer, transit-gateway-multicast-domain, transit-gateway-policy-table, transit-gateway-route-table, transit-gateway-route-table-announcement, volume, vpc, vpc-endpoint, vpc-endpoint-connection, vpc-endpoint-service, vpc-endpoint-service-permission, vpc-peering-connection, vpn-connection, vpn-gateway, vpc-flow-log, capacity-reservation-fleet, traffic-mirror-filter-rule, vpc-endpoint-connection-device-type, verified-access-instance, verified-access-group, verified-access-endpoint, verified-access-policy, verified-access-trust-provider, vpn-connection-device-type, vpc-block-public-access-exclusion, ipam-resource-discovery, ipam-resource-discovery-association, instance-connect-endpoint
-    #         tags: [
-    #           {
-    #             key: "String",
-    #             value: "String",
+    #             prefix_list_id: "String",
     #           },
     #         ],
     #       },
     #     ],
-    #     cidr_ip: "String",
-    #     from_port: 1,
-    #     ip_protocol: "String",
-    #     to_port: 1,
-    #     source_security_group_name: "String",
-    #     source_security_group_owner_id: "String",
     #   })
     # @param [Hash] options ({})
+    # @option options [Array<Types::TagSpecification>] :tag_specifications
+    #   The tags applied to the security group rule.
     # @option options [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
     #   If you have the required permissions, the error response is
     #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
-    # @option options [Array<Types::IpPermission>] :ip_permissions
-    #   The sets of IP permissions. You can't specify a destination security
-    #   group and a CIDR IP address range in the same set of permissions.
-    # @option options [Array<Types::TagSpecification>] :tag_specifications
-    #   The tags applied to the security group rule.
-    # @option options [String] :cidr_ip
-    #   Not supported. Use a set of IP permissions to specify the CIDR.
-    # @option options [Integer] :from_port
-    #   Not supported. Use a set of IP permissions to specify the port.
-    # @option options [String] :ip_protocol
-    #   Not supported. Use a set of IP permissions to specify the protocol
-    #   name or number.
-    # @option options [Integer] :to_port
-    #   Not supported. Use a set of IP permissions to specify the port.
     # @option options [String] :source_security_group_name
-    #   Not supported. Use a set of IP permissions to specify a destination
-    #   security group.
+    #   Not supported. Use IP permissions instead.
     # @option options [String] :source_security_group_owner_id
-    #   Not supported. Use a set of IP permissions to specify a destination
-    #   security group.
+    #   Not supported. Use IP permissions instead.
+    # @option options [String] :ip_protocol
+    #   Not supported. Use IP permissions instead.
+    # @option options [Integer] :from_port
+    #   Not supported. Use IP permissions instead.
+    # @option options [Integer] :to_port
+    #   Not supported. Use IP permissions instead.
+    # @option options [String] :cidr_ip
+    #   Not supported. Use IP permissions instead.
+    # @option options [Array<Types::IpPermission>] :ip_permissions
+    #   The permissions for the security group rules.
     # @return [Types::AuthorizeSecurityGroupEgressResult]
     def authorize_egress(options = {})
       options = options.merge(group_id: @id)
-      resp = Aws::Plugins::UserAgent.feature('resource') do
+      resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.authorize_security_group_egress(options)
       end
       resp.data
@@ -316,36 +318,36 @@ module Aws::EC2
     #     group_name: "SecurityGroupName",
     #     ip_permissions: [
     #       {
-    #         from_port: 1,
     #         ip_protocol: "String",
-    #         ip_ranges: [
+    #         from_port: 1,
+    #         to_port: 1,
+    #         user_id_group_pairs: [
     #           {
-    #             cidr_ip: "String",
     #             description: "String",
+    #             user_id: "String",
+    #             group_name: "String",
+    #             group_id: "String",
+    #             vpc_id: "String",
+    #             vpc_peering_connection_id: "String",
+    #             peering_status: "String",
     #           },
     #         ],
-    #         ipv_6_ranges: [
+    #         ip_ranges: [
     #           {
-    #             cidr_ipv_6: "String",
     #             description: "String",
+    #             cidr_ip: "String",
     #           },
     #         ],
-    #         prefix_list_ids: [
+    #         ipv_6_ranges: [
     #           {
     #             description: "String",
-    #             prefix_list_id: "String",
+    #             cidr_ipv_6: "String",
     #           },
     #         ],
-    #         to_port: 1,
-    #         user_id_group_pairs: [
+    #         prefix_list_ids: [
     #           {
     #             description: "String",
-    #             group_id: "String",
-    #             group_name: "String",
-    #             peering_status: "String",
-    #             user_id: "String",
-    #             vpc_id: "String",
-    #             vpc_peering_connection_id: "String",
+    #             prefix_list_id: "String",
     #           },
     #         ],
     #       },
@@ -354,10 +356,9 @@ module Aws::EC2
     #     source_security_group_name: "String",
     #     source_security_group_owner_id: "String",
     #     to_port: 1,
-    #     dry_run: false,
     #     tag_specifications: [
     #       {
-    #         resource_type: "capacity-reservation", # accepts capacity-reservation, client-vpn-endpoint, customer-gateway, carrier-gateway, coip-pool, dedicated-host, dhcp-options, egress-only-internet-gateway, elastic-ip, elastic-gpu, export-image-task, export-instance-task, fleet, fpga-image, host-reservation, image, import-image-task, import-snapshot-task, instance, instance-event-window, internet-gateway, ipam, ipam-pool, ipam-scope, ipv4pool-ec2, ipv6pool-ec2, key-pair, launch-template, local-gateway, local-gateway-route-table, local-gateway-virtual-interface, local-gateway-virtual-interface-group, local-gateway-route-table-vpc-association, local-gateway-route-table-virtual-interface-group-association, natgateway, network-acl, network-interface, network-insights-analysis, network-insights-path, network-insights-access-scope, network-insights-access-scope-analysis, placement-group, prefix-list, replace-root-volume-task, reserved-instances, route-table, security-group, security-group-rule, snapshot, spot-fleet-request, spot-instances-request, subnet, subnet-cidr-reservation, traffic-mirror-filter, traffic-mirror-session, traffic-mirror-target, transit-gateway, transit-gateway-attachment, transit-gateway-connect-peer, transit-gateway-multicast-domain, transit-gateway-policy-table, transit-gateway-route-table, transit-gateway-route-table-announcement, volume, vpc, vpc-endpoint, vpc-endpoint-connection, vpc-endpoint-service, vpc-endpoint-service-permission, vpc-peering-connection, vpn-connection, vpn-gateway, vpc-flow-log, capacity-reservation-fleet, traffic-mirror-filter-rule, vpc-endpoint-connection-device-type, verified-access-instance, verified-access-group, verified-access-endpoint, verified-access-policy, verified-access-trust-provider, vpn-connection-device-type, vpc-block-public-access-exclusion, ipam-resource-discovery, ipam-resource-discovery-association, instance-connect-endpoint
+    #         resource_type: "capacity-reservation", # accepts capacity-reservation, client-vpn-endpoint, customer-gateway, carrier-gateway, coip-pool, declarative-policies-report, dedicated-host, dhcp-options, egress-only-internet-gateway, elastic-ip, elastic-gpu, export-image-task, export-instance-task, fleet, fpga-image, host-reservation, image, import-image-task, import-snapshot-task, instance, instance-event-window, internet-gateway, ipam, ipam-pool, ipam-scope, ipv4pool-ec2, ipv6pool-ec2, key-pair, launch-template, local-gateway, local-gateway-route-table, local-gateway-virtual-interface, local-gateway-virtual-interface-group, local-gateway-route-table-vpc-association, local-gateway-route-table-virtual-interface-group-association, natgateway, network-acl, network-interface, network-insights-analysis, network-insights-path, network-insights-access-scope, network-insights-access-scope-analysis, outpost-lag, placement-group, prefix-list, replace-root-volume-task, reserved-instances, route-table, security-group, security-group-rule, service-link-virtual-interface, snapshot, spot-fleet-request, spot-instances-request, subnet, subnet-cidr-reservation, traffic-mirror-filter, traffic-mirror-session, traffic-mirror-target, transit-gateway, transit-gateway-attachment, transit-gateway-connect-peer, transit-gateway-multicast-domain, transit-gateway-policy-table, transit-gateway-route-table, transit-gateway-route-table-announcement, volume, vpc, vpc-endpoint, vpc-endpoint-connection, vpc-endpoint-service, vpc-endpoint-service-permission, vpc-peering-connection, vpn-connection, vpn-gateway, vpc-flow-log, capacity-reservation-fleet, traffic-mirror-filter-rule, vpc-endpoint-connection-device-type, verified-access-instance, verified-access-group, verified-access-endpoint, verified-access-policy, verified-access-trust-provider, vpn-connection-device-type, vpc-block-public-access-exclusion, route-server, route-server-endpoint, route-server-peer, ipam-resource-discovery, ipam-resource-discovery-association, instance-connect-endpoint, verified-access-endpoint-target, ipam-external-resource-verification-token
     #         tags: [
     #           {
     #             key: "String",
@@ -366,80 +367,92 @@ module Aws::EC2
     #         ],
     #       },
     #     ],
+    #     dry_run: false,
     #   })
     # @param [Hash] options ({})
     # @option options [String] :cidr_ip
-    #   The IPv4 address range, in CIDR format. You can't specify this
-    #   parameter when specifying a source security group. To specify an IPv6
-    #   address range, use a set of IP permissions.
+    #   The IPv4 address range, in CIDR format.
     #
-    #   Alternatively, use a set of IP permissions to specify multiple rules
-    #   and a description for the rule.
+    #   <note markdown="1"> Amazon Web Services [canonicalizes][1] IPv4 and IPv6 CIDRs. For
+    #   example, if you specify 100.68.0.18/18 for the CIDR block, Amazon Web
+    #   Services canonicalizes the CIDR block to 100.68.0.0/18. Any subsequent
+    #   DescribeSecurityGroups and DescribeSecurityGroupRules calls will
+    #   return the canonicalized form of the CIDR block. Additionally, if you
+    #   attempt to add another rule with the non-canonical form of the CIDR
+    #   (such as 100.68.0.18/18) and there is already a rule for the
+    #   canonicalized form of the CIDR block (such as 100.68.0.0/18), the API
+    #   throws an duplicate rule error.
+    #
+    #    </note>
+    #
+    #   To specify an IPv6 address range, use IP permissions instead.
+    #
+    #   To specify multiple rules and descriptions for the rules, use IP
+    #   permissions instead.
+    #
+    #
+    #
+    #   [1]: https://en.wikipedia.org/wiki/Canonicalization
     # @option options [Integer] :from_port
     #   If the protocol is TCP or UDP, this is the start of the port range. If
-    #   the protocol is ICMP, this is the type number. A value of -1 indicates
-    #   all ICMP types. If you specify all ICMP types, you must specify all
-    #   ICMP codes.
+    #   the protocol is ICMP, this is the ICMP type or -1 (all ICMP types).
     #
-    #   Alternatively, use a set of IP permissions to specify multiple rules
-    #   and a description for the rule.
+    #   To specify multiple rules and descriptions for the rules, use IP
+    #   permissions instead.
     # @option options [String] :group_name
-    #   \[Default VPC\] The name of the security group. You must specify
-    #   either the security group ID or the security group name in the
-    #   request. For security groups in a nondefault VPC, you must specify the
-    #   security group ID.
+    #   \[Default VPC\] The name of the security group. For security groups
+    #   for a default VPC you can specify either the ID or the name of the
+    #   security group. For security groups for a nondefault VPC, you must
+    #   specify the ID of the security group.
     # @option options [Array<Types::IpPermission>] :ip_permissions
-    #   The sets of IP permissions.
+    #   The permissions for the security group rules.
     # @option options [String] :ip_protocol
     #   The IP protocol name (`tcp`, `udp`, `icmp`) or number (see [Protocol
-    #   Numbers][1]). To specify `icmpv6`, use a set of IP permissions.
+    #   Numbers][1]). To specify all protocols, use `-1`.
+    #
+    #   To specify `icmpv6`, use IP permissions instead.
     #
-    #   Use `-1` to specify all protocols. If you specify `-1` or a protocol
-    #   other than `tcp`, `udp`, or `icmp`, traffic on all ports is allowed,
-    #   regardless of any ports you specify.
+    #   If you specify a protocol other than one of the supported values,
+    #   traffic is allowed on all ports, regardless of any ports that you
+    #   specify.
     #
-    #   Alternatively, use a set of IP permissions to specify multiple rules
-    #   and a description for the rule.
+    #   To specify multiple rules and descriptions for the rules, use IP
+    #   permissions instead.
     #
     #
     #
     #   [1]: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
     # @option options [String] :source_security_group_name
-    #   \[Default VPC\] The name of the source security group. You can't
-    #   specify this parameter in combination with the following parameters:
-    #   the CIDR IP address range, the start of the port range, the IP
-    #   protocol, and the end of the port range. Creates rules that grant full
-    #   ICMP, UDP, and TCP access. To create a rule with a specific IP
-    #   protocol and port range, use a set of IP permissions instead. The
-    #   source security group must be in the same VPC.
-    # @option options [String] :source_security_group_owner_id
-    #   \[Nondefault VPC\] The Amazon Web Services account ID for the source
-    #   security group, if the source security group is in a different
-    #   account. You can't specify this parameter in combination with the
-    #   following parameters: the CIDR IP address range, the IP protocol, the
-    #   start of the port range, and the end of the port range. Creates rules
-    #   that grant full ICMP, UDP, and TCP access. To create a rule with a
-    #   specific IP protocol and port range, use a set of IP permissions
+    #   \[Default VPC\] The name of the source security group.
+    #
+    #   The rule grants full ICMP, UDP, and TCP access. To create a rule with
+    #   a specific protocol and port range, specify a set of IP permissions
     #   instead.
+    # @option options [String] :source_security_group_owner_id
+    #   The Amazon Web Services account ID for the source security group, if
+    #   the source security group is in a different account.
+    #
+    #   The rule grants full ICMP, UDP, and TCP access. To create a rule with
+    #   a specific protocol and port range, use IP permissions instead.
     # @option options [Integer] :to_port
     #   If the protocol is TCP or UDP, this is the end of the port range. If
-    #   the protocol is ICMP, this is the code. A value of -1 indicates all
-    #   ICMP codes. If you specify all ICMP types, you must specify all ICMP
-    #   codes.
+    #   the protocol is ICMP, this is the ICMP code or -1 (all ICMP codes). If
+    #   the start port is -1 (all ICMP types), then the end port must be -1
+    #   (all ICMP codes).
     #
-    #   Alternatively, use a set of IP permissions to specify multiple rules
-    #   and a description for the rule.
+    #   To specify multiple rules and descriptions for the rules, use IP
+    #   permissions instead.
+    # @option options [Array<Types::TagSpecification>] :tag_specifications
+    #   The tags applied to the security group rule.
     # @option options [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
     #   If you have the required permissions, the error response is
     #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
-    # @option options [Array<Types::TagSpecification>] :tag_specifications
-    #   \[VPC Only\] The tags applied to the security group rule.
     # @return [Types::AuthorizeSecurityGroupIngressResult]
     def authorize_ingress(options = {})
       options = options.merge(group_id: @id)
-      resp = Aws::Plugins::UserAgent.feature('resource') do
+      resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.authorize_security_group_ingress(options)
       end
       resp.data
@@ -470,7 +483,7 @@ module Aws::EC2
     def create_tags(options = {})
       batch = []
       options = Aws::Util.deep_merge(options, resources: [@id])
-      resp = Aws::Plugins::UserAgent.feature('resource') do
+      resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.create_tags(options)
       end
       options[:tags].each do |t|
@@ -517,7 +530,7 @@ module Aws::EC2
     def delete_tags(options = {})
       batch = []
       options = Aws::Util.deep_merge(options, resources: [@id])
-      resp = Aws::Plugins::UserAgent.feature('resource') do
+      resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.delete_tags(options)
       end
       options[:tags].each do |t|
@@ -547,10 +560,10 @@ module Aws::EC2
     #   without actually making the request, and provides an error response.
     #   If you have the required permissions, the error response is
     #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
-    # @return [EmptyStructure]
+    # @return [Types::DeleteSecurityGroupResult]
     def delete(options = {})
       options = options.merge(group_id: @id)
-      resp = Aws::Plugins::UserAgent.feature('resource') do
+      resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.delete_security_group(options)
       end
       resp.data
@@ -559,81 +572,81 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   security_group.revoke_egress({
+    #     security_group_rule_ids: ["String"],
     #     dry_run: false,
+    #     source_security_group_name: "String",
+    #     source_security_group_owner_id: "String",
+    #     ip_protocol: "String",
+    #     from_port: 1,
+    #     to_port: 1,
+    #     cidr_ip: "String",
     #     ip_permissions: [
     #       {
-    #         from_port: 1,
     #         ip_protocol: "String",
-    #         ip_ranges: [
+    #         from_port: 1,
+    #         to_port: 1,
+    #         user_id_group_pairs: [
     #           {
-    #             cidr_ip: "String",
     #             description: "String",
+    #             user_id: "String",
+    #             group_name: "String",
+    #             group_id: "String",
+    #             vpc_id: "String",
+    #             vpc_peering_connection_id: "String",
+    #             peering_status: "String",
     #           },
     #         ],
-    #         ipv_6_ranges: [
+    #         ip_ranges: [
     #           {
-    #             cidr_ipv_6: "String",
     #             description: "String",
+    #             cidr_ip: "String",
     #           },
     #         ],
-    #         prefix_list_ids: [
+    #         ipv_6_ranges: [
     #           {
     #             description: "String",
-    #             prefix_list_id: "String",
+    #             cidr_ipv_6: "String",
     #           },
     #         ],
-    #         to_port: 1,
-    #         user_id_group_pairs: [
+    #         prefix_list_ids: [
     #           {
     #             description: "String",
-    #             group_id: "String",
-    #             group_name: "String",
-    #             peering_status: "String",
-    #             user_id: "String",
-    #             vpc_id: "String",
-    #             vpc_peering_connection_id: "String",
+    #             prefix_list_id: "String",
     #           },
     #         ],
     #       },
     #     ],
-    #     security_group_rule_ids: ["String"],
-    #     cidr_ip: "String",
-    #     from_port: 1,
-    #     ip_protocol: "String",
-    #     to_port: 1,
-    #     source_security_group_name: "String",
-    #     source_security_group_owner_id: "String",
     #   })
     # @param [Hash] options ({})
+    # @option options [Array<String>] :security_group_rule_ids
+    #   The IDs of the security group rules.
     # @option options [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
     #   If you have the required permissions, the error response is
     #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
-    # @option options [Array<Types::IpPermission>] :ip_permissions
-    #   The sets of IP permissions. You can't specify a destination security
-    #   group and a CIDR IP address range in the same set of permissions.
-    # @option options [Array<String>] :security_group_rule_ids
-    #   The IDs of the security group rules.
-    # @option options [String] :cidr_ip
-    #   Not supported. Use a set of IP permissions to specify the CIDR.
-    # @option options [Integer] :from_port
-    #   Not supported. Use a set of IP permissions to specify the port.
-    # @option options [String] :ip_protocol
-    #   Not supported. Use a set of IP permissions to specify the protocol
-    #   name or number.
-    # @option options [Integer] :to_port
-    #   Not supported. Use a set of IP permissions to specify the port.
     # @option options [String] :source_security_group_name
     #   Not supported. Use a set of IP permissions to specify a destination
     #   security group.
     # @option options [String] :source_security_group_owner_id
     #   Not supported. Use a set of IP permissions to specify a destination
     #   security group.
+    # @option options [String] :ip_protocol
+    #   Not supported. Use a set of IP permissions to specify the protocol
+    #   name or number.
+    # @option options [Integer] :from_port
+    #   Not supported. Use a set of IP permissions to specify the port.
+    # @option options [Integer] :to_port
+    #   Not supported. Use a set of IP permissions to specify the port.
+    # @option options [String] :cidr_ip
+    #   Not supported. Use a set of IP permissions to specify the CIDR.
+    # @option options [Array<Types::IpPermission>] :ip_permissions
+    #   The sets of IP permissions. You can't specify a destination security
+    #   group and a CIDR IP address range in the same set of permissions.
     # @return [Types::RevokeSecurityGroupEgressResult]
     def revoke_egress(options = {})
       options = options.merge(group_id: @id)
-      resp = Aws::Plugins::UserAgent.feature('resource') do
+      resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.revoke_security_group_egress(options)
       end
       resp.data
@@ -647,36 +660,36 @@ module Aws::EC2
     #     group_name: "SecurityGroupName",
     #     ip_permissions: [
     #       {
-    #         from_port: 1,
     #         ip_protocol: "String",
-    #         ip_ranges: [
+    #         from_port: 1,
+    #         to_port: 1,
+    #         user_id_group_pairs: [
     #           {
-    #             cidr_ip: "String",
     #             description: "String",
+    #             user_id: "String",
+    #             group_name: "String",
+    #             group_id: "String",
+    #             vpc_id: "String",
+    #             vpc_peering_connection_id: "String",
+    #             peering_status: "String",
     #           },
     #         ],
-    #         ipv_6_ranges: [
+    #         ip_ranges: [
     #           {
-    #             cidr_ipv_6: "String",
     #             description: "String",
+    #             cidr_ip: "String",
     #           },
     #         ],
-    #         prefix_list_ids: [
+    #         ipv_6_ranges: [
     #           {
     #             description: "String",
-    #             prefix_list_id: "String",
+    #             cidr_ipv_6: "String",
     #           },
     #         ],
-    #         to_port: 1,
-    #         user_id_group_pairs: [
+    #         prefix_list_ids: [
     #           {
     #             description: "String",
-    #             group_id: "String",
-    #             group_name: "String",
-    #             peering_status: "String",
-    #             user_id: "String",
-    #             vpc_id: "String",
-    #             vpc_peering_connection_id: "String",
+    #             prefix_list_id: "String",
     #           },
     #         ],
     #       },
@@ -685,8 +698,8 @@ module Aws::EC2
     #     source_security_group_name: "String",
     #     source_security_group_owner_id: "String",
     #     to_port: 1,
-    #     dry_run: false,
     #     security_group_rule_ids: ["String"],
+    #     dry_run: false,
     #   })
     # @param [Hash] options ({})
     # @option options [String] :cidr_ip
@@ -694,8 +707,7 @@ module Aws::EC2
     #   specifying a source security group.
     # @option options [Integer] :from_port
     #   If the protocol is TCP or UDP, this is the start of the port range. If
-    #   the protocol is ICMP, this is the type number. A value of -1 indicates
-    #   all ICMP types.
+    #   the protocol is ICMP, this is the ICMP type or -1 (all ICMP types).
     # @option options [String] :group_name
     #   \[Default VPC\] The name of the security group. You must specify
     #   either the security group ID or the security group name in the
@@ -722,19 +734,18 @@ module Aws::EC2
     #   Not supported.
     # @option options [Integer] :to_port
     #   If the protocol is TCP or UDP, this is the end of the port range. If
-    #   the protocol is ICMP, this is the code. A value of -1 indicates all
-    #   ICMP codes.
+    #   the protocol is ICMP, this is the ICMP code or -1 (all ICMP codes).
+    # @option options [Array<String>] :security_group_rule_ids
+    #   The IDs of the security group rules.
     # @option options [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
     #   If you have the required permissions, the error response is
     #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
-    # @option options [Array<String>] :security_group_rule_ids
-    #   The IDs of the security group rules.
     # @return [Types::RevokeSecurityGroupIngressResult]
     def revoke_ingress(options = {})
       options = options.merge(group_id: @id)
-      resp = Aws::Plugins::UserAgent.feature('resource') do
+      resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.revoke_security_group_ingress(options)
       end
       resp.data