aws-sdk-ec2 1.489.0 → 1.491.0

data/lib/aws-sdk-ec2/types.rb

@@ -3769,6 +3769,34 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # The state of VPC Block Public Access (BPA).
+    #
+    # @!attribute [rw] internet_gateway_block_mode
+    #   The mode of VPC BPA.
+    #
+    #   * `bidirectional-access-allowed`: VPC BPA is not enabled and traffic
+    #     is allowed to and from internet gateways and egress-only internet
+    #     gateways in this Region.
+    #
+    #   * `bidirectional-access-blocked`: Block all traffic to and from
+    #     internet gateways and egress-only internet gateways in this Region
+    #     (except for excluded VPCs and subnets).
+    #
+    #   * `ingress-access-blocked`: Block all internet traffic to the VPCs
+    #     in this Region (except for VPCs or subnets which are excluded).
+    #     Only traffic to and from NAT gateways and egress-only internet
+    #     gateways is allowed because these gateways only allow outbound
+    #     connections to be established.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/BlockPublicAccessStates AWS API Documentation
+    #
+    class BlockPublicAccessStates < Struct.new(
+      :internet_gateway_block_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains the parameters for BundleInstance.
     #
     # @!attribute [rw] instance_id
@@ -9298,6 +9326,10 @@ module Aws::EC2
     #   The information for the launch template.
     #   @return [Types::RequestLaunchTemplateData]
     #
+    # @!attribute [rw] operator
+    #   Reserved for internal use.
+    #   @return [Types::OperatorRequest]
+    #
     # @!attribute [rw] tag_specifications
     #   The tags to apply to the launch template on creation. To tag the
     #   launch template, the resource type must be `launch-template`.
@@ -9319,6 +9351,7 @@ module Aws::EC2
       :launch_template_name,
       :version_description,
       :launch_template_data,
+      :operator,
       :tag_specifications)
       SENSITIVE = []
       include Aws::Structure
@@ -10243,6 +10276,10 @@ module Aws::EC2
     #   A connection tracking specification for the network interface.
     #   @return [Types::ConnectionTrackingSpecificationRequest]
     #
+    # @!attribute [rw] operator
+    #   Reserved for internal use.
+    #   @return [Types::OperatorRequest]
+    #
     # @!attribute [rw] subnet_id
     #   The ID of the subnet to associate with the network interface.
     #   @return [String]
@@ -10324,6 +10361,7 @@ module Aws::EC2
       :client_token,
       :enable_primary_ipv_6,
       :connection_tracking_specification,
+      :operator,
       :subnet_id,
       :description,
       :private_ip_address,
@@ -12977,6 +13015,10 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html
     #   @return [String]
     #
+    # @!attribute [rw] operator
+    #   Reserved for internal use.
+    #   @return [Types::OperatorRequest]
+    #
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -12999,11 +13041,71 @@ module Aws::EC2
       :multi_attach_enabled,
       :throughput,
       :client_token,
+      :operator,
       :dry_run)
       SENSITIVE = []
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] subnet_id
+    #   A subnet ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   A VPC ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] internet_gateway_exclusion_mode
+    #   The exclusion mode for internet gateway traffic.
+    #
+    #   * `bidirectional-access-allowed`: Allow all internet traffic to and
+    #     from the excluded VPCs and subnets.
+    #
+    #   * `egress-access-allowed`: Allow outbound internet traffic from the
+    #     excluded VPCs and subnets. Block inbound internet traffic to the
+    #     excluded VPCs and subnets. Only applies when VPC Block Public
+    #     Access is set to Bidirectional.
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_specifications
+    #   `tag` - The key/value combination of a tag assigned to the resource.
+    #   Use the tag key in the filter name and the tag value as the filter
+    #   value. For example, to find all resources that have a tag with the
+    #   key `Owner` and the value `TeamA`, specify `tag:Owner` for the
+    #   filter name and `TeamA` for the filter value.
+    #   @return [Array<Types::TagSpecification>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcBlockPublicAccessExclusionRequest AWS API Documentation
+    #
+    class CreateVpcBlockPublicAccessExclusionRequest < Struct.new(
+      :dry_run,
+      :subnet_id,
+      :vpc_id,
+      :internet_gateway_exclusion_mode,
+      :tag_specifications)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_block_public_access_exclusion
+    #   Details about an exclusion.
+    #   @return [Types::VpcBlockPublicAccessExclusion]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcBlockPublicAccessExclusionResult AWS API Documentation
+    #
+    class CreateVpcBlockPublicAccessExclusionResult < Struct.new(
+      :vpc_block_public_access_exclusion)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -16191,6 +16293,38 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] exclusion_id
+    #   The ID of the exclusion.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcBlockPublicAccessExclusionRequest AWS API Documentation
+    #
+    class DeleteVpcBlockPublicAccessExclusionRequest < Struct.new(
+      :dry_run,
+      :exclusion_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_block_public_access_exclusion
+    #   Details about an exclusion.
+    #   @return [Types::VpcBlockPublicAccessExclusion]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcBlockPublicAccessExclusionResult AWS API Documentation
+    #
+    class DeleteVpcBlockPublicAccessExclusionResult < Struct.new(
+      :vpc_block_public_access_exclusion)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -17489,7 +17623,6 @@ module Aws::EC2
     #     * `dedicated` - The Capacity Reservation is created on
     #       single-tenant hardware that is dedicated to a single Amazon Web
     #       Services account.
-    #
     #   * `outpost-arn` - The Amazon Resource Name (ARN) of the Outpost on
     #     which the Capacity Reservation was created.
     #
@@ -17513,7 +17646,6 @@ module Aws::EC2
     #       request might fail due to invalid request parameters, capacity
     #       constraints, or instance limit constraints. Failed requests are
     #       retained for 60 minutes.
-    #
     #   * `start-date` - The date and time at which the Capacity Reservation
     #     was started.
     #
@@ -17532,7 +17664,6 @@ module Aws::EC2
     #
     #     * `limited` - The Capacity Reservation expires automatically at a
     #       specified date and time.
-    #
     #   * `instance-match-criteria` - Indicates the type of instance
     #     launches that the Capacity Reservation accepts. The options
     #     include:
@@ -17548,7 +17679,6 @@ module Aws::EC2
     #       Availability Zone), and explicitly target the Capacity
     #       Reservation. This ensures that only permitted instances can use
     #       the reserved capacity.
-    #
     #   * `placement-group-arn` - The ARN of the cluster placement group in
     #     which the Capacity Reservation was created.
     #   @return [Array<Types::Filter>]
@@ -17685,10 +17815,10 @@ module Aws::EC2
     #
     #   * `instance-id` - The ID of the instance.
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -18259,10 +18389,10 @@ module Aws::EC2
     #   * `owner-id` - The ID of the Amazon Web Services account that owns
     #     the DHCP options set.
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -18330,10 +18460,10 @@ module Aws::EC2
     # @!attribute [rw] filters
     #   The filters.
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -21526,10 +21656,10 @@ module Aws::EC2
     #   * `owner-id` - The ID of the Amazon Web Services account that owns
     #     the internet gateway.
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -23018,10 +23148,10 @@ module Aws::EC2
     #   * `subnet-id` - The ID of the subnet in which the NAT gateway
     #     resides.
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -23154,10 +23284,10 @@ module Aws::EC2
     #   * `owner-id` - The ID of the Amazon Web Services account that owns
     #     the network ACL.
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -24671,10 +24801,10 @@ module Aws::EC2
     #   * `route.vpc-peering-connection-id` - The ID of a VPC peering
     #     connection specified in a route in the table.
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -26195,10 +26325,10 @@ module Aws::EC2
     #
     #   * `subnet-id` - The ID of the subnet.
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -28081,6 +28211,119 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] filters
+    #   Filters for the request:
+    #
+    #   * `resource-arn` - The Amazon Resource Name (ARN) of a exclusion.
+    #
+    #   * `internet-gateway-exclusion-mode` - The mode of a VPC BPA
+    #     exclusion. Possible values: `bidirectional-access-allowed |
+    #     egress-access-allowed`.
+    #
+    #   * `state` - The state of VPC BPA. Possible values:
+    #     `create-in-progress | create-complete | update-in-progress |
+    #     update-complete | delete-in-progress | deleted-complete |
+    #     disable-in-progress | disable-complete`
+    #
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
+    #     `tag:Owner` for the filter name and `TeamA` for the filter value.
+    #
+    #   * `tag-key` - The key of a tag assigned to the resource. Use this
+    #     filter to find all resources assigned a tag with a specific key,
+    #     regardless of the tag value.
+    #
+    #   * `tag-value`: The value of a tag assigned to the resource. Use this
+    #     filter to find all resources assigned a tag with a specific value,
+    #     regardless of the tag key.
+    #   @return [Array<Types::Filter>]
+    #
+    # @!attribute [rw] exclusion_ids
+    #   IDs of exclusions.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] next_token
+    #   The token returned from a previous paginated request. Pagination
+    #   continues from the end of the items returned by the previous
+    #   request.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of items to return for this request. To get the
+    #   next page of items, make another request with the token returned in
+    #   the output. For more information, see [Pagination][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcBlockPublicAccessExclusionsRequest AWS API Documentation
+    #
+    class DescribeVpcBlockPublicAccessExclusionsRequest < Struct.new(
+      :dry_run,
+      :filters,
+      :exclusion_ids,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_block_public_access_exclusions
+    #   Details related to the exclusions.
+    #   @return [Array<Types::VpcBlockPublicAccessExclusion>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to include in another request to get the next page of
+    #   items. This value is `null` when there are no more items to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcBlockPublicAccessExclusionsResult AWS API Documentation
+    #
+    class DescribeVpcBlockPublicAccessExclusionsResult < Struct.new(
+      :vpc_block_public_access_exclusions,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcBlockPublicAccessOptionsRequest AWS API Documentation
+    #
+    class DescribeVpcBlockPublicAccessOptionsRequest < Struct.new(
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_block_public_access_options
+    #   Details related to the options.
+    #   @return [Types::VpcBlockPublicAccessOptions]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcBlockPublicAccessOptionsResult AWS API Documentation
+    #
+    class DescribeVpcBlockPublicAccessOptionsResult < Struct.new(
+      :vpc_block_public_access_options)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] vpc_ids
     #   The IDs of the VPCs.
     #   @return [Array<String>]
@@ -28146,10 +28389,10 @@ module Aws::EC2
     #   * `is-classic-link-enabled` - Whether the VPC is enabled for
     #     ClassicLink (`true` \| `false`).
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -28680,10 +28923,10 @@ module Aws::EC2
     #   * `status-message` - A message that provides more information about
     #     the status of the VPC peering connection, if applicable.
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -28762,10 +29005,10 @@ module Aws::EC2
     #
     #   * `state` - The state of the VPC (`pending` \| `available`).
     #
-    #   * `tag`:&lt;key&gt; - The key/value combination of a tag assigned to
-    #     the resource. Use the tag key in the filter name and the tag value
-    #     as the filter value. For example, to find all resources that have
-    #     a tag with the key `Owner` and the value `TeamA`, specify
+    #   * `tag` - The key/value combination of a tag assigned to the
+    #     resource. Use the tag key in the filter name and the tag value as
+    #     the filter value. For example, to find all resources that have a
+    #     tag with the key `Owner` and the value `TeamA`, specify
     #     `tag:Owner` for the filter name and `TeamA` for the filter value.
     #
     #   * `tag-key` - The key of a tag assigned to the resource. Use this
@@ -31184,6 +31427,10 @@ module Aws::EC2
     #   Fargate tasks.
     #   @return [String]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the EBS volume.
+    #   @return [Types::OperatorResponse]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsInstanceBlockDevice AWS API Documentation
     #
     class EbsInstanceBlockDevice < Struct.new(
@@ -31192,7 +31439,8 @@ module Aws::EC2
       :status,
       :volume_id,
       :associated_resource,
-      :volume_owner_id)
+      :volume_owner_id,
+      :operator)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -40067,6 +40315,10 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html
     #   @return [String]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the instance.
+    #   @return [Types::OperatorResponse]
+    #
     # @!attribute [rw] instance_id
     #   The ID of the instance.
     #   @return [String]
@@ -40209,6 +40461,7 @@ module Aws::EC2
       :tpm_support,
       :maintenance_options,
       :current_instance_boot_mode,
+      :operator,
       :instance_id,
       :image_id,
       :state,
@@ -40818,6 +41071,10 @@ module Aws::EC2
     #   Information about the AMI used to launch the instance.
     #   @return [Types::ImageMetadata]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the instance.
+    #   @return [Types::OperatorResponse]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceImageMetadata AWS API Documentation
     #
     class InstanceImageMetadata < Struct.new(
@@ -40829,7 +41086,8 @@ module Aws::EC2
       :state,
       :owner_id,
       :tags,
-      :image_metadata)
+      :image_metadata,
+      :operator)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -41254,6 +41512,10 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts
     #   @return [Types::ConnectionTrackingSpecificationResponse]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the network interface.
+    #   @return [Types::OperatorResponse]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceNetworkInterface AWS API Documentation
     #
     class InstanceNetworkInterface < Struct.new(
@@ -41275,7 +41537,8 @@ module Aws::EC2
       :interface_type,
       :ipv_4_prefixes,
       :ipv_6_prefixes,
-      :connection_tracking_configuration)
+      :connection_tracking_configuration,
+      :operator)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -42691,6 +42954,10 @@ module Aws::EC2
     #   The Amazon Resource Name (ARN) of the Outpost.
     #   @return [String]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the instance.
+    #   @return [Types::OperatorResponse]
+    #
     # @!attribute [rw] events
     #   Any scheduled events associated with the instance.
     #   @return [Array<Types::InstanceStatusEvent>]
@@ -42726,6 +42993,7 @@ module Aws::EC2
     class InstanceStatus < Struct.new(
       :availability_zone,
       :outpost_arn,
+      :operator,
       :events,
       :instance_id,
       :instance_state,
@@ -43827,7 +44095,6 @@ module Aws::EC2
     #     * You have opted-out of the IPAM home Region.
     #
     #     * Account you are using as your IPAM account has been suspended.
-    #
     #   * `throttling-failure` - IPAM account is already using the allotted
     #     transactions per second and IPAM is receiving a throttling error
     #     when assuming the Amazon Web Services IAM SLR.
@@ -45291,6 +45558,10 @@ module Aws::EC2
     #   The tags for the launch template.
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the launch template.
+    #   @return [Types::OperatorResponse]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplate AWS API Documentation
     #
     class LaunchTemplate < Struct.new(
@@ -45300,7 +45571,8 @@ module Aws::EC2
       :created_by,
       :default_version_number,
       :latest_version_number,
-      :tags)
+      :tags,
+      :operator)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -47004,6 +47276,10 @@ module Aws::EC2
     #   Information about the launch template.
     #   @return [Types::ResponseLaunchTemplateData]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the launch template.
+    #   @return [Types::OperatorResponse]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateVersion AWS API Documentation
     #
     class LaunchTemplateVersion < Struct.new(
@@ -47014,7 +47290,8 @@ module Aws::EC2
       :create_time,
       :created_by,
       :default_version,
-      :launch_template_data)
+      :launch_template_data,
+      :operator)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -47643,7 +47920,6 @@ module Aws::EC2
     #
     #     * The snapshot is unlocked by a user with the appropriate
     #       permissions.
-    #
     #     Users with the appropriate IAM permissions can unlock the
     #     snapshot, increase or decrease the lock duration, and change the
     #     lock mode to `compliance` at any time.
@@ -51964,6 +52240,97 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] exclusion_id
+    #   The ID of an exclusion.
+    #   @return [String]
+    #
+    # @!attribute [rw] internet_gateway_exclusion_mode
+    #   The exclusion mode for internet gateway traffic.
+    #
+    #   * `bidirectional-access-allowed`: Allow all internet traffic to and
+    #     from the excluded VPCs and subnets.
+    #
+    #   * `egress-access-allowed`: Allow outbound internet traffic from the
+    #     excluded VPCs and subnets. Block inbound internet traffic to the
+    #     excluded VPCs and subnets. Only applies when VPC Block Public
+    #     Access is set to Bidirectional.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcBlockPublicAccessExclusionRequest AWS API Documentation
+    #
+    class ModifyVpcBlockPublicAccessExclusionRequest < Struct.new(
+      :dry_run,
+      :exclusion_id,
+      :internet_gateway_exclusion_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_block_public_access_exclusion
+    #   Details related to the exclusion.
+    #   @return [Types::VpcBlockPublicAccessExclusion]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcBlockPublicAccessExclusionResult AWS API Documentation
+    #
+    class ModifyVpcBlockPublicAccessExclusionResult < Struct.new(
+      :vpc_block_public_access_exclusion)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] internet_gateway_block_mode
+    #   The mode of VPC BPA.
+    #
+    #   * `bidirectional-access-allowed`: VPC BPA is not enabled and traffic
+    #     is allowed to and from internet gateways and egress-only internet
+    #     gateways in this Region.
+    #
+    #   * `bidirectional-access-blocked`: Block all traffic to and from
+    #     internet gateways and egress-only internet gateways in this Region
+    #     (except for excluded VPCs and subnets).
+    #
+    #   * `ingress-access-blocked`: Block all internet traffic to the VPCs
+    #     in this Region (except for VPCs or subnets which are excluded).
+    #     Only traffic to and from NAT gateways and egress-only internet
+    #     gateways is allowed because these gateways only allow outbound
+    #     connections to be established.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcBlockPublicAccessOptionsRequest AWS API Documentation
+    #
+    class ModifyVpcBlockPublicAccessOptionsRequest < Struct.new(
+      :dry_run,
+      :internet_gateway_block_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_block_public_access_options
+    #   Details related to the VPC Block Public Access (BPA) options.
+    #   @return [Types::VpcBlockPublicAccessOptions]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcBlockPublicAccessOptionsResult AWS API Documentation
+    #
+    class ModifyVpcBlockPublicAccessOptionsResult < Struct.new(
+      :vpc_block_public_access_options)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -53896,6 +54263,10 @@ module Aws::EC2
     #   interface.
     #   @return [String]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the network interface.
+    #   @return [Types::OperatorResponse]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkInterface AWS API Documentation
     #
     class NetworkInterface < Struct.new(
@@ -53925,7 +54296,8 @@ module Aws::EC2
       :vpc_id,
       :deny_all_igw_traffic,
       :ipv_6_native,
-      :ipv_6_address)
+      :ipv_6_address,
+      :operator)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -54534,6 +54906,41 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # The entity that manages the resource.
+    #
+    # @!attribute [rw] principal
+    #   The entity that manages the resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/OperatorRequest AWS API Documentation
+    #
+    class OperatorRequest < Struct.new(
+      :principal)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes whether the resource is managed by an entity and, if so,
+    # describes the entity that manages it.
+    #
+    # @!attribute [rw] managed
+    #   If `true`, the resource is managed by an entity.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] principal
+    #   If `managed` is `true`, then the principal is returned. The
+    #   principal is the entity that manages the resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/OperatorResponse AWS API Documentation
+    #
+    class OperatorResponse < Struct.new(
+      :managed,
+      :principal)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes a packet header statement.
     #
     # @!attribute [rw] source_addresses
@@ -58249,6 +58656,10 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html
     #   @return [Boolean]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the launch template.
+    #   @return [Types::OperatorRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestLaunchTemplateData AWS API Documentation
     #
     class RequestLaunchTemplateData < Struct.new(
@@ -58282,7 +58693,8 @@ module Aws::EC2
       :instance_requirements,
       :private_dns_name_options,
       :maintenance_options,
-      :disable_api_stop)
+      :disable_api_stop,
+      :operator)
       SENSITIVE = [:user_data]
       include Aws::Structure
     end
@@ -59644,6 +60056,10 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html
     #   @return [Boolean]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the launch template.
+    #   @return [Types::OperatorResponse]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResponseLaunchTemplateData AWS API Documentation
     #
     class ResponseLaunchTemplateData < Struct.new(
@@ -59677,7 +60093,8 @@ module Aws::EC2
       :instance_requirements,
       :private_dns_name_options,
       :maintenance_options,
-      :disable_api_stop)
+      :disable_api_stop,
+      :operator)
       SENSITIVE = [:user_data]
       include Aws::Structure
     end
@@ -60881,6 +61298,10 @@ module Aws::EC2
     #   ENI becomes the primary IPv6 address.
     #   @return [Boolean]
     #
+    # @!attribute [rw] operator
+    #   Reserved for internal use.
+    #   @return [Types::OperatorRequest]
+    #
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the operation,
     #   without actually making the request, and provides an error response.
@@ -61002,6 +61423,7 @@ module Aws::EC2
       :maintenance_options,
       :disable_api_stop,
       :enable_primary_ipv_6,
+      :operator,
       :dry_run,
       :disable_api_termination,
       :instance_initiated_shutdown_behavior,
@@ -65048,6 +65470,10 @@ module Aws::EC2
     #   the instance.
     #   @return [Types::PrivateDnsNameOptionsOnLaunch]
     #
+    # @!attribute [rw] block_public_access_states
+    #   The state of VPC Block Public Access (BPA).
+    #   @return [Types::BlockPublicAccessStates]
+    #
     # @!attribute [rw] subnet_id
     #   The ID of the subnet.
     #   @return [String]
@@ -65108,6 +65534,7 @@ module Aws::EC2
       :enable_dns_64,
       :ipv_6_native,
       :private_dns_name_options_on_launch,
+      :block_public_access_states,
       :subnet_id,
       :state,
       :vpc_id,
@@ -69252,6 +69679,10 @@ module Aws::EC2
     #   Reserved for future use.
     #   @return [String]
     #
+    # @!attribute [rw] operator
+    #   The entity that manages the volume.
+    #   @return [Types::OperatorResponse]
+    #
     # @!attribute [rw] volume_id
     #   The ID of the volume.
     #   @return [String]
@@ -69304,6 +69735,7 @@ module Aws::EC2
       :multi_attach_enabled,
       :throughput,
       :sse_type,
+      :operator,
       :volume_id,
       :size,
       :snapshot_id,
@@ -69675,6 +70107,10 @@ module Aws::EC2
     #   Any tags assigned to the VPC.
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] block_public_access_states
+    #   The state of VPC Block Public Access (BPA).
+    #   @return [Types::BlockPublicAccessStates]
+    #
     # @!attribute [rw] vpc_id
     #   The ID of the VPC.
     #   @return [String]
@@ -69700,6 +70136,7 @@ module Aws::EC2
       :cidr_block_association_set,
       :is_default,
       :tags,
+      :block_public_access_states,
       :vpc_id,
       :state,
       :cidr_block,
@@ -69727,6 +70164,143 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # A VPC BPA exclusion is a mode that can be applied to a single VPC or
+    # subnet that exempts it from the account’s BPA mode and will allow
+    # bidirectional or egress-only access. You can create BPA exclusions for
+    # VPCs and subnets even when BPA is not enabled on the account to ensure
+    # that there is no traffic disruption to the exclusions when VPC BPA is
+    # turned on. To learn more about VPC BPA, see [Block public access to
+    # VPCs and subnets][1] in the *Amazon VPC User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html
+    #
+    # @!attribute [rw] exclusion_id
+    #   The ID of the exclusion.
+    #   @return [String]
+    #
+    # @!attribute [rw] internet_gateway_exclusion_mode
+    #   The exclusion mode for internet gateway traffic.
+    #
+    #   * `bidirectional-access-allowed`: Allow all internet traffic to and
+    #     from the excluded VPCs and subnets.
+    #
+    #   * `egress-access-allowed`: Allow outbound internet traffic from the
+    #     excluded VPCs and subnets. Block inbound internet traffic to the
+    #     excluded VPCs and subnets. Only applies when VPC Block Public
+    #     Access is set to Bidirectional.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_arn
+    #   The ARN of the exclusion.
+    #   @return [String]
+    #
+    # @!attribute [rw] state
+    #   The state of the exclusion.
+    #   @return [String]
+    #
+    # @!attribute [rw] reason
+    #   The reason for the current exclusion state.
+    #   @return [String]
+    #
+    # @!attribute [rw] creation_timestamp
+    #   When the exclusion was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_update_timestamp
+    #   When the exclusion was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] deletion_timestamp
+    #   When the exclusion was deleted.
+    #   @return [Time]
+    #
+    # @!attribute [rw] tags
+    #   `tag` - The key/value combination of a tag assigned to the resource.
+    #   Use the tag key in the filter name and the tag value as the filter
+    #   value. For example, to find all resources that have a tag with the
+    #   key `Owner` and the value `TeamA`, specify `tag:Owner` for the
+    #   filter name and `TeamA` for the filter value.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcBlockPublicAccessExclusion AWS API Documentation
+    #
+    class VpcBlockPublicAccessExclusion < Struct.new(
+      :exclusion_id,
+      :internet_gateway_exclusion_mode,
+      :resource_arn,
+      :state,
+      :reason,
+      :creation_timestamp,
+      :last_update_timestamp,
+      :deletion_timestamp,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # VPC Block public Access (BPA) enables you to block resources in VPCs
+    # and subnets that you own in a Region from reaching or being reached
+    # from the internet through internet gateways and egress-only internet
+    # gateways. To learn more about VPC BPA, see [Block public access to
+    # VPCs and subnets][1] in the *Amazon VPC User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html
+    #
+    # @!attribute [rw] aws_account_id
+    #   An Amazon Web Services account ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] aws_region
+    #   An Amazon Web Services Region.
+    #   @return [String]
+    #
+    # @!attribute [rw] state
+    #   The current state of VPC BPA.
+    #   @return [String]
+    #
+    # @!attribute [rw] internet_gateway_block_mode
+    #   The current mode of VPC BPA.
+    #
+    #   * `bidirectional-access-allowed`: VPC BPA is not enabled and traffic
+    #     is allowed to and from internet gateways and egress-only internet
+    #     gateways in this Region.
+    #
+    #   * `bidirectional-access-blocked`: Block all traffic to and from
+    #     internet gateways and egress-only internet gateways in this Region
+    #     (except for excluded VPCs and subnets).
+    #
+    #   * `ingress-access-blocked`: Block all internet traffic to the VPCs
+    #     in this Region (except for VPCs or subnets which are excluded).
+    #     Only traffic to and from NAT gateways and egress-only internet
+    #     gateways is allowed because these gateways only allow outbound
+    #     connections to be established.
+    #   @return [String]
+    #
+    # @!attribute [rw] reason
+    #   The reason for the current state.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_update_timestamp
+    #   The last time the VPC BPA mode was updated.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcBlockPublicAccessOptions AWS API Documentation
+    #
+    class VpcBlockPublicAccessOptions < Struct.new(
+      :aws_account_id,
+      :aws_region,
+      :state,
+      :internet_gateway_block_mode,
+      :reason,
+      :last_update_timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes an IPv4 CIDR block associated with a VPC.
     #
     # @!attribute [rw] association_id