aws-sdk-ec2 1.580.0 → 1.581.0

data/lib/aws-sdk-ec2/types.rb

@@ -4425,6 +4425,24 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html
     #   @return [String]
     #
+    # @!attribute [rw] advertisement_type
+    #   Specifies the advertisement method for the BYOIP CIDR. Valid values
+    #   are:
+    #
+    #   * `unicast`: IP is advertised from a single location (regional
+    #     services like EC2)
+    #
+    #   * `anycast`: IP is advertised from multiple global locations
+    #     simultaneously (global services like CloudFront)
+    #
+    #   For more information, see [Bring your own IP to CloudFront using
+    #   IPAM][1] in the *Amazon VPC IPAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoip-cloudfront.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ByoipCidr AWS API Documentation
     #
     class ByoipCidr < Struct.new(
@@ -4433,7 +4451,8 @@ module Aws::EC2
       :asn_associations,
       :status_message,
       :state,
-      :network_border_group)
+      :network_border_group,
+      :advertisement_type)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7277,12 +7296,34 @@ module Aws::EC2
     #   Valid values: `json` \| `text`
     #   @return [String]
     #
+    # @!attribute [rw] bgp_log_enabled
+    #   Indicates whether Border Gateway Protocol (BGP) logging is enabled
+    #   for the VPN connection. Default value is `False`.
+    #
+    #   Valid values: `True` \| `False`
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] bgp_log_group_arn
+    #   The Amazon Resource Name (ARN) of the CloudWatch log group for BGP
+    #   logs.
+    #   @return [String]
+    #
+    # @!attribute [rw] bgp_log_output_format
+    #   The output format for BGP logs sent to CloudWatch. Default format is
+    #   `json`.
+    #
+    #   Valid values: `json` \| `text`
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CloudWatchLogOptions AWS API Documentation
     #
     class CloudWatchLogOptions < Struct.new(
       :log_enabled,
       :log_group_arn,
-      :log_output_format)
+      :log_output_format,
+      :bgp_log_enabled,
+      :bgp_log_group_arn,
+      :bgp_log_output_format)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7307,12 +7348,34 @@ module Aws::EC2
     #   Valid values: `json` \| `text`
     #   @return [String]
     #
+    # @!attribute [rw] bgp_log_enabled
+    #   Specifies whether to enable BGP logging for the VPN connection.
+    #   Default value is `False`.
+    #
+    #   Valid values: `True` \| `False`
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] bgp_log_group_arn
+    #   The Amazon Resource Name (ARN) of the CloudWatch log group where BGP
+    #   logs will be sent.
+    #   @return [String]
+    #
+    # @!attribute [rw] bgp_log_output_format
+    #   The desired output format for BGP logs to be sent to CloudWatch.
+    #   Default format is `json`.
+    #
+    #   Valid values: `json` \| `text`
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CloudWatchLogOptionsSpecification AWS API Documentation
     #
     class CloudWatchLogOptionsSpecification < Struct.new(
       :log_enabled,
       :log_group_arn,
-      :log_output_format)
+      :log_output_format,
+      :bgp_log_enabled,
+      :bgp_log_group_arn,
+      :bgp_log_output_format)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -14519,6 +14582,147 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] transit_gateway_metering_policy_id
+    #   The ID of the transit gateway metering policy to add the entry to.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_rule_number
+    #   The rule number for the metering policy entry. Rules are processed
+    #   in order from lowest to highest number.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] source_transit_gateway_attachment_id
+    #   The ID of the source transit gateway attachment for traffic
+    #   matching.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_transit_gateway_attachment_type
+    #   The type of the source transit gateway attachment for traffic
+    #   matching. Note that the `tgw-peering` resource type has been
+    #   deprecated. To configure metering policies for Connect, use the
+    #   transport attachment type.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_cidr_block
+    #   The source CIDR block for traffic matching.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_port_range
+    #   The source port range for traffic matching.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_transit_gateway_attachment_id
+    #   The ID of the destination transit gateway attachment for traffic
+    #   matching.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_transit_gateway_attachment_type
+    #   The type of the destination transit gateway attachment for traffic
+    #   matching. Note that the `tgw-peering` resource type has been
+    #   deprecated. To configure metering policies for Connect, use the
+    #   transport attachment type.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_cidr_block
+    #   The destination CIDR block for traffic matching.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_port_range
+    #   The destination port range for traffic matching.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocol
+    #   The protocol for traffic matching (1, 6, 17, etc.).
+    #   @return [String]
+    #
+    # @!attribute [rw] metered_account
+    #   The Amazon Web Services account ID to which the metered traffic
+    #   should be attributed.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayMeteringPolicyEntryRequest AWS API Documentation
+    #
+    class CreateTransitGatewayMeteringPolicyEntryRequest < Struct.new(
+      :transit_gateway_metering_policy_id,
+      :policy_rule_number,
+      :source_transit_gateway_attachment_id,
+      :source_transit_gateway_attachment_type,
+      :source_cidr_block,
+      :source_port_range,
+      :destination_transit_gateway_attachment_id,
+      :destination_transit_gateway_attachment_type,
+      :destination_cidr_block,
+      :destination_port_range,
+      :protocol,
+      :metered_account,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transit_gateway_metering_policy_entry
+    #   Information about the created transit gateway metering policy entry.
+    #   @return [Types::TransitGatewayMeteringPolicyEntry]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayMeteringPolicyEntryResult AWS API Documentation
+    #
+    class CreateTransitGatewayMeteringPolicyEntryResult < Struct.new(
+      :transit_gateway_metering_policy_entry)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transit_gateway_id
+    #   The ID of the transit gateway for which to create the metering
+    #   policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] middlebox_attachment_ids
+    #   The IDs of the middlebox attachments to include in the metering
+    #   policy.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] tag_specifications
+    #   The tags to assign to the metering policy.
+    #   @return [Array<Types::TagSpecification>]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayMeteringPolicyRequest AWS API Documentation
+    #
+    class CreateTransitGatewayMeteringPolicyRequest < Struct.new(
+      :transit_gateway_id,
+      :middlebox_attachment_ids,
+      :tag_specifications,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transit_gateway_metering_policy
+    #   Information about the created transit gateway metering policy.
+    #   @return [Types::TransitGatewayMeteringPolicy]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayMeteringPolicyResult AWS API Documentation
+    #
+    class CreateTransitGatewayMeteringPolicyResult < Struct.new(
+      :transit_gateway_metering_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] transit_gateway_id
     #   The ID of the transit gateway.
     #   @return [String]
@@ -15992,6 +16196,44 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] vpc_id
+    #   The ID of the VPC for which to create the encryption control
+    #   configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_specifications
+    #   The tags to apply to the VPC Encryption Control resource.
+    #   @return [Array<Types::TagSpecification>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcEncryptionControlRequest AWS API Documentation
+    #
+    class CreateVpcEncryptionControlRequest < Struct.new(
+      :dry_run,
+      :vpc_id,
+      :tag_specifications)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_encryption_control
+    #   Information about the VPC Encryption Control configuration.
+    #   @return [Types::VpcEncryptionControl]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcEncryptionControlResult AWS API Documentation
+    #
+    class CreateVpcEncryptionControlResult < Struct.new(
+      :vpc_encryption_control)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -16414,6 +16656,20 @@ module Aws::EC2
     #   parameter.
     #   @return [String]
     #
+    # @!attribute [rw] vpc_encryption_control
+    #   Specifies the encryption control configuration to apply to the VPC
+    #   during creation. VPC Encryption Control enables you to enforce
+    #   encryption for all data in transit within and between VPCs to meet
+    #   compliance requirements.
+    #
+    #   For more information, see [Enforce VPC encryption in transit][1] in
+    #   the *Amazon VPC User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html
+    #   @return [Types::VpcEncryptionControlConfiguration]
+    #
     # @!attribute [rw] tag_specifications
     #   The tags to assign to the VPC.
     #   @return [Array<Types::TagSpecification>]
@@ -16456,6 +16712,7 @@ module Aws::EC2
       :ipv_6_ipam_pool_id,
       :ipv_6_netmask_length,
       :ipv_6_cidr_block_network_border_group,
+      :vpc_encryption_control,
       :tag_specifications,
       :dry_run,
       :instance_tenancy,
@@ -19234,6 +19491,76 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] transit_gateway_metering_policy_id
+    #   The ID of the transit gateway metering policy containing the entry
+    #   to delete.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_rule_number
+    #   The rule number of the metering policy entry to delete.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayMeteringPolicyEntryRequest AWS API Documentation
+    #
+    class DeleteTransitGatewayMeteringPolicyEntryRequest < Struct.new(
+      :transit_gateway_metering_policy_id,
+      :policy_rule_number,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transit_gateway_metering_policy_entry
+    #   Information about the deleted transit gateway metering policy entry.
+    #   @return [Types::TransitGatewayMeteringPolicyEntry]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayMeteringPolicyEntryResult AWS API Documentation
+    #
+    class DeleteTransitGatewayMeteringPolicyEntryResult < Struct.new(
+      :transit_gateway_metering_policy_entry)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transit_gateway_metering_policy_id
+    #   The ID of the transit gateway metering policy to delete.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayMeteringPolicyRequest AWS API Documentation
+    #
+    class DeleteTransitGatewayMeteringPolicyRequest < Struct.new(
+      :transit_gateway_metering_policy_id,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transit_gateway_metering_policy
+    #   Information about the deleted transit gateway metering policy.
+    #   @return [Types::TransitGatewayMeteringPolicy]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayMeteringPolicyResult AWS API Documentation
+    #
+    class DeleteTransitGatewayMeteringPolicyResult < Struct.new(
+      :transit_gateway_metering_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] transit_gateway_multicast_domain_id
     #   The ID of the transit gateway multicast domain.
     #   @return [String]
@@ -19769,6 +20096,38 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] vpc_encryption_control_id
+    #   The ID of the VPC Encryption Control resource to delete.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcEncryptionControlRequest AWS API Documentation
+    #
+    class DeleteVpcEncryptionControlRequest < Struct.new(
+      :dry_run,
+      :vpc_encryption_control_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_encryption_control
+    #   Information about the deleted VPC Encryption Control configuration.
+    #   @return [Types::VpcEncryptionControl]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcEncryptionControlResult AWS API Documentation
+    #
+    class DeleteVpcEncryptionControlResult < Struct.new(
+      :vpc_encryption_control)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -26029,7 +26388,7 @@ module Aws::EC2
     #
     #   * `requester-id` - The ID of the entity that launched the instance
     #     on your behalf (for example, Amazon Web Services Management
-    #     Console, Auto Scaling, and so on).
+    #     Console, Amazon EC2 Auto Scaling, and so on).
     #
     #   * `reservation-id` - The ID of the instance's reservation. A
     #     reservation ID is created any time you launch an instance. A
@@ -32122,6 +32481,62 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] transit_gateway_metering_policy_ids
+    #   The IDs of the transit gateway metering policies to describe.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] filters
+    #   One or more filters to apply when describing transit gateway
+    #   metering policies.
+    #   @return [Array<Types::Filter>]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return with a single call. To
+    #   retrieve the remaining results, make another call with the returned
+    #   `nextToken` value.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next page of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayMeteringPoliciesRequest AWS API Documentation
+    #
+    class DescribeTransitGatewayMeteringPoliciesRequest < Struct.new(
+      :transit_gateway_metering_policy_ids,
+      :filters,
+      :max_results,
+      :next_token,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transit_gateway_metering_policies
+    #   Information about the transit gateway metering policies.
+    #   @return [Array<Types::TransitGatewayMeteringPolicy>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to use to retrieve the next page of results. This value is
+    #   `null` when there are no more results to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayMeteringPoliciesResult AWS API Documentation
+    #
+    class DescribeTransitGatewayMeteringPoliciesResult < Struct.new(
+      :transit_gateway_metering_policies,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] transit_gateway_multicast_domain_ids
     #   The ID of the transit gateway multicast domain.
     #   @return [Array<String>]
@@ -33577,6 +33992,73 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] filters
+    #   The filters to apply to the request.
+    #   @return [Array<Types::Filter>]
+    #
+    # @!attribute [rw] vpc_encryption_control_ids
+    #   The IDs of the VPC Encryption Control configurations to describe.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] vpc_ids
+    #   The IDs of the VPCs to describe encryption control configurations
+    #   for.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] next_token
+    #   The token returned from a previous paginated request. Pagination
+    #   continues from the end of the items returned by the previous
+    #   request.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of items to return for this request. To get the
+    #   next page of items, make another request with the token returned in
+    #   the output. For more information, see [Pagination][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEncryptionControlsRequest AWS API Documentation
+    #
+    class DescribeVpcEncryptionControlsRequest < Struct.new(
+      :dry_run,
+      :filters,
+      :vpc_encryption_control_ids,
+      :vpc_ids,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_encryption_controls
+    #   Information about the VPC Encryption Control configurations.
+    #   @return [Array<Types::VpcEncryptionControl>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to include in another request to get the next page of
+    #   items. This value is `null` when there are no more items to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEncryptionControlsResult AWS API Documentation
+    #
+    class DescribeVpcEncryptionControlsResult < Struct.new(
+      :vpc_encryption_controls,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -38933,6 +39415,25 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Describes the encryption support status for a transit gateway.
+    #
+    # @!attribute [rw] encryption_state
+    #   The current encryption state of the resource.
+    #   @return [String]
+    #
+    # @!attribute [rw] state_message
+    #   A message describing the encryption state.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EncryptionSupport AWS API Documentation
+    #
+    class EncryptionSupport < Struct.new(
+      :encryption_state,
+      :state_message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes an EC2 Fleet or Spot Fleet event.
     #
     # @!attribute [rw] event_description
@@ -44705,6 +45206,63 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] transit_gateway_metering_policy_id
+    #   The ID of the transit gateway metering policy to retrieve entries
+    #   for.
+    #   @return [String]
+    #
+    # @!attribute [rw] filters
+    #   One or more filters to apply when retrieving metering policy
+    #   entries.
+    #   @return [Array<Types::Filter>]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return with a single call. To
+    #   retrieve the remaining results, make another call with the returned
+    #   `nextToken` value.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next page of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetTransitGatewayMeteringPolicyEntriesRequest AWS API Documentation
+    #
+    class GetTransitGatewayMeteringPolicyEntriesRequest < Struct.new(
+      :transit_gateway_metering_policy_id,
+      :filters,
+      :max_results,
+      :next_token,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transit_gateway_metering_policy_entries
+    #   Information about the transit gateway metering policy entries.
+    #   @return [Array<Types::TransitGatewayMeteringPolicyEntry>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to use to retrieve the next page of results. This value is
+    #   `null` when there are no more results to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetTransitGatewayMeteringPolicyEntriesResult AWS API Documentation
+    #
+    class GetTransitGatewayMeteringPolicyEntriesResult < Struct.new(
+      :transit_gateway_metering_policy_entries,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] transit_gateway_multicast_domain_id
     #   The ID of the transit gateway multicast domain.
     #   @return [String]
@@ -45199,6 +45757,64 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] vpc_id
+    #   The ID of the VPC to check for resources blocking encryption
+    #   enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of items to return for this request. To get the
+    #   next page of items, make another request with the token returned in
+    #   the output. For more information, see [Pagination][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token returned from a previous paginated request. Pagination
+    #   continues from the end of the items returned by the previous
+    #   request.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVpcResourcesBlockingEncryptionEnforcementRequest AWS API Documentation
+    #
+    class GetVpcResourcesBlockingEncryptionEnforcementRequest < Struct.new(
+      :vpc_id,
+      :max_results,
+      :next_token,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] non_compliant_resources
+    #   Information about resources that are blocking encryption
+    #   enforcement.
+    #   @return [Array<Types::VpcEncryptionNonCompliantResource>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to include in another request to get the next page of
+    #   items. This value is `null` when there are no more items to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVpcResourcesBlockingEncryptionEnforcementResult AWS API Documentation
+    #
+    class GetVpcResourcesBlockingEncryptionEnforcementResult < Struct.new(
+      :non_compliant_resources,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] vpn_connection_id
     #   The `VpnConnectionId` specifies the Site-to-Site VPN connection used
     #   for the sample configuration.
@@ -56795,6 +57411,65 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] volume_ids
+    #   The IDs of the volumes to list. Omit this parameter to list all of
+    #   the volumes that are in the Recycle Bin.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of items to return for this request. To get the
+    #   next page of items, make another request with the token returned in
+    #   the output. For more information, see [Pagination][1].
+    #
+    #   Valid range: 5 - 500
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token returned from a previous paginated request. Pagination
+    #   continues from the end of the items returned by the previous
+    #   request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ListVolumesInRecycleBinRequest AWS API Documentation
+    #
+    class ListVolumesInRecycleBinRequest < Struct.new(
+      :volume_ids,
+      :dry_run,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] volumes
+    #   Information about the volumes.
+    #   @return [Array<Types::VolumeRecycleBinInfo>]
+    #
+    # @!attribute [rw] next_token
+    #   The token to include in another request to get the next page of
+    #   items. This value is `null` when there are no more items to return.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ListVolumesInRecycleBinResult AWS API Documentation
+    #
+    class ListVolumesInRecycleBinResult < Struct.new(
+      :volumes,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes the Classic Load Balancers and target groups to attach to a
     # Spot Fleet request.
     #
@@ -61436,6 +62111,48 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] transit_gateway_metering_policy_id
+    #   The ID of the transit gateway metering policy to modify.
+    #   @return [String]
+    #
+    # @!attribute [rw] add_middlebox_attachment_ids
+    #   The IDs of middlebox attachments to add to the metering policy.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] remove_middlebox_attachment_ids
+    #   The IDs of middlebox attachments to remove from the metering policy.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTransitGatewayMeteringPolicyRequest AWS API Documentation
+    #
+    class ModifyTransitGatewayMeteringPolicyRequest < Struct.new(
+      :transit_gateway_metering_policy_id,
+      :add_middlebox_attachment_ids,
+      :remove_middlebox_attachment_ids,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transit_gateway_metering_policy
+    #   Information about the modified transit gateway metering policy.
+    #   @return [Types::TransitGatewayMeteringPolicy]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTransitGatewayMeteringPolicyResult AWS API Documentation
+    #
+    class ModifyTransitGatewayMeteringPolicyResult < Struct.new(
+      :transit_gateway_metering_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The transit gateway options.
     #
     # @!attribute [rw] add_transit_gateway_cidr_blocks
@@ -61516,6 +62233,10 @@ module Aws::EC2
     #   prior to modifying the ASN on the transit gateway.
     #   @return [Integer]
     #
+    # @!attribute [rw] encryption_support
+    #   Enable or disable encryption support for VPC Encryption Control.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTransitGatewayOptions AWS API Documentation
     #
     class ModifyTransitGatewayOptions < Struct.new(
@@ -61529,7 +62250,8 @@ module Aws::EC2
       :association_default_route_table_id,
       :default_route_table_propagation,
       :propagation_default_route_table_id,
-      :amazon_side_asn)
+      :amazon_side_asn,
+      :encryption_support)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -62669,6 +63391,91 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] vpc_encryption_control_id
+    #   The ID of the VPC Encryption Control resource to modify.
+    #   @return [String]
+    #
+    # @!attribute [rw] mode
+    #   The encryption mode for the VPC Encryption Control configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] internet_gateway_exclusion
+    #   Specifies whether to exclude internet gateway traffic from
+    #   encryption enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] egress_only_internet_gateway_exclusion
+    #   Specifies whether to exclude egress-only internet gateway traffic
+    #   from encryption enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] nat_gateway_exclusion
+    #   Specifies whether to exclude NAT gateway traffic from encryption
+    #   enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] virtual_private_gateway_exclusion
+    #   Specifies whether to exclude virtual private gateway traffic from
+    #   encryption enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_peering_exclusion
+    #   Specifies whether to exclude VPC peering connection traffic from
+    #   encryption enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] lambda_exclusion
+    #   Specifies whether to exclude Lambda function traffic from encryption
+    #   enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_lattice_exclusion
+    #   Specifies whether to exclude VPC Lattice traffic from encryption
+    #   enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] elastic_file_system_exclusion
+    #   Specifies whether to exclude Elastic File System traffic from
+    #   encryption enforcement.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEncryptionControlRequest AWS API Documentation
+    #
+    class ModifyVpcEncryptionControlRequest < Struct.new(
+      :dry_run,
+      :vpc_encryption_control_id,
+      :mode,
+      :internet_gateway_exclusion,
+      :egress_only_internet_gateway_exclusion,
+      :nat_gateway_exclusion,
+      :virtual_private_gateway_exclusion,
+      :vpc_peering_exclusion,
+      :lambda_exclusion,
+      :vpc_lattice_exclusion,
+      :elastic_file_system_exclusion)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] vpc_encryption_control
+    #   Information about the VPC Encryption Control configuration.
+    #   @return [Types::VpcEncryptionControl]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEncryptionControlResult AWS API Documentation
+    #
+    class ModifyVpcEncryptionControlResult < Struct.new(
+      :vpc_encryption_control)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -71488,6 +72295,39 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @!attribute [rw] volume_id
+    #   The ID of the volume to restore.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RestoreVolumeFromRecycleBinRequest AWS API Documentation
+    #
+    class RestoreVolumeFromRecycleBinRequest < Struct.new(
+      :volume_id,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] return
+    #   Returns `true` if the request succeeds; otherwise, it returns an
+    #   error.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RestoreVolumeFromRecycleBinResult AWS API Documentation
+    #
+    class RestoreVolumeFromRecycleBinResult < Struct.new(
+      :return)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] client_vpn_endpoint_id
     #   The ID of the Client VPN endpoint with which the authorization rule
     #   is associated.
@@ -78935,6 +79775,146 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Describes a transit gateway metering policy.
+    #
+    # @!attribute [rw] transit_gateway_metering_policy_id
+    #   The ID of the transit gateway metering policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] transit_gateway_id
+    #   The ID of the transit gateway associated with the metering policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] middlebox_attachment_ids
+    #   The IDs of the middlebox attachments associated with the metering
+    #   policy.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] state
+    #   The state of the transit gateway metering policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] update_effective_at
+    #   The date and time when the metering policy update becomes effective.
+    #   @return [Time]
+    #
+    # @!attribute [rw] tags
+    #   The tags assigned to the transit gateway metering policy.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TransitGatewayMeteringPolicy AWS API Documentation
+    #
+    class TransitGatewayMeteringPolicy < Struct.new(
+      :transit_gateway_metering_policy_id,
+      :transit_gateway_id,
+      :middlebox_attachment_ids,
+      :state,
+      :update_effective_at,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes an entry in a transit gateway metering policy.
+    #
+    # @!attribute [rw] policy_rule_number
+    #   The rule number of the metering policy entry.
+    #   @return [String]
+    #
+    # @!attribute [rw] metered_account
+    #   The Amazon Web Services account ID to which the metered traffic is
+    #   attributed.
+    #   @return [String]
+    #
+    # @!attribute [rw] state
+    #   The state of the metering policy entry.
+    #   @return [String]
+    #
+    # @!attribute [rw] updated_at
+    #   The date and time when the metering policy entry was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] update_effective_at
+    #   The date and time when the metering policy entry update becomes
+    #   effective.
+    #   @return [Time]
+    #
+    # @!attribute [rw] metering_policy_rule
+    #   The metering policy rule that defines traffic matching criteria.
+    #   @return [Types::TransitGatewayMeteringPolicyRule]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TransitGatewayMeteringPolicyEntry AWS API Documentation
+    #
+    class TransitGatewayMeteringPolicyEntry < Struct.new(
+      :policy_rule_number,
+      :metered_account,
+      :state,
+      :updated_at,
+      :update_effective_at,
+      :metering_policy_rule)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes the traffic matching criteria for a transit gateway metering
+    # policy rule.
+    #
+    # @!attribute [rw] source_transit_gateway_attachment_id
+    #   The ID of the source transit gateway attachment.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_transit_gateway_attachment_type
+    #   The type of the source transit gateway attachment. Note that the
+    #   `tgw-peering` resource type has been deprecated. To configure
+    #   metering policies for Connect, use the transport attachment type.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_cidr_block
+    #   The source CIDR block for the rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_port_range
+    #   The source port range for the rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_transit_gateway_attachment_id
+    #   The ID of the destination transit gateway attachment.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_transit_gateway_attachment_type
+    #   The type of the destination transit gateway attachment. Note that
+    #   the `tgw-peering` resource type has been deprecated. To configure
+    #   metering policies for Connect, use the transport attachment type.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_cidr_block
+    #   The destination CIDR block for the rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_port_range
+    #   The destination port range for the rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocol
+    #   The protocol for the rule (1, 6, 17, etc.).
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TransitGatewayMeteringPolicyRule AWS API Documentation
+    #
+    class TransitGatewayMeteringPolicyRule < Struct.new(
+      :source_transit_gateway_attachment_id,
+      :source_transit_gateway_attachment_type,
+      :source_cidr_block,
+      :source_port_range,
+      :destination_transit_gateway_attachment_id,
+      :destination_transit_gateway_attachment_type,
+      :destination_cidr_block,
+      :destination_port_range,
+      :protocol)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes the deregistered transit gateway multicast group members.
     #
     # @!attribute [rw] transit_gateway_multicast_domain_id
@@ -79312,6 +80292,10 @@ module Aws::EC2
     #   Indicates whether multicast is enabled on the transit gateway
     #   @return [String]
     #
+    # @!attribute [rw] encryption_support
+    #   Defines if the Transit Gateway supports VPC Encryption Control.
+    #   @return [Types::EncryptionSupport]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TransitGatewayOptions AWS API Documentation
     #
     class TransitGatewayOptions < Struct.new(
@@ -79325,7 +80309,8 @@ module Aws::EC2
       :vpn_ecmp_support,
       :dns_support,
       :security_group_referencing_support,
-      :multicast_support)
+      :multicast_support,
+      :encryption_support)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -82252,6 +83237,97 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Information about a volume that is currently in the Recycle Bin.
+    #
+    # @!attribute [rw] volume_id
+    #   The ID of the volume.
+    #   @return [String]
+    #
+    # @!attribute [rw] volume_type
+    #   The volume type.
+    #   @return [String]
+    #
+    # @!attribute [rw] state
+    #   The state of the volume.
+    #   @return [String]
+    #
+    # @!attribute [rw] size
+    #   The size of the volume, in GiB.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] iops
+    #   The number of I/O operations per second (IOPS) for the volume.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] throughput
+    #   The throughput that the volume supports, in MiB/s.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] outpost_arn
+    #   The ARN of the Outpost on which the volume is stored. For more
+    #   information, see [Amazon EBS volumes on Outposts][1] in the *Amazon
+    #   EBS User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volumes-outposts.html
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone for the volume.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone_id
+    #   The ID of the Availability Zone for the volume.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_volume_id
+    #   The ID of the source volume.
+    #   @return [String]
+    #
+    # @!attribute [rw] snapshot_id
+    #   The snapshot from which the volume was created, if applicable.
+    #   @return [String]
+    #
+    # @!attribute [rw] operator
+    #   The service provider that manages the volume.
+    #   @return [Types::OperatorResponse]
+    #
+    # @!attribute [rw] create_time
+    #   The time stamp when volume creation was initiated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] recycle_bin_enter_time
+    #   The date and time when the volume entered the Recycle Bin.
+    #   @return [Time]
+    #
+    # @!attribute [rw] recycle_bin_exit_time
+    #   The date and time when the volume is to be permanently deleted from
+    #   the Recycle Bin.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VolumeRecycleBinInfo AWS API Documentation
+    #
+    class VolumeRecycleBinInfo < Struct.new(
+      :volume_id,
+      :volume_type,
+      :state,
+      :size,
+      :iops,
+      :throughput,
+      :outpost_arn,
+      :availability_zone,
+      :availability_zone_id,
+      :source_volume_id,
+      :snapshot_id,
+      :operator,
+      :create_time,
+      :recycle_bin_enter_time,
+      :recycle_bin_exit_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes a volume status operation code.
     #
     # @!attribute [rw] code
@@ -82479,6 +83555,14 @@ module Aws::EC2
     #   @return [Boolean]
     #
     # @!attribute [rw] encryption_control
+    #   Describes the configuration and state of VPC encryption controls.
+    #
+    #   For more information, see [Enforce VPC encryption in transit][1] in
+    #   the *Amazon VPC User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html
     #   @return [Types::VpcEncryptionControl]
     #
     # @!attribute [rw] tags
@@ -82773,25 +83857,44 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Describes the configuration and state of VPC encryption controls.
+    #
+    # For more information, see [Enforce VPC encryption in transit][1] in
+    # the *Amazon VPC User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html
+    #
     # @!attribute [rw] vpc_id
+    #   The ID of the VPC associated with the encryption control
+    #   configuration.
     #   @return [String]
     #
     # @!attribute [rw] vpc_encryption_control_id
+    #   The ID of the VPC Encryption Control configuration.
     #   @return [String]
     #
     # @!attribute [rw] mode
+    #   The encryption mode for the VPC Encryption Control configuration.
     #   @return [String]
     #
     # @!attribute [rw] state
+    #   The current state of the VPC Encryption Control configuration.
     #   @return [String]
     #
     # @!attribute [rw] state_message
+    #   A message providing additional information about the encryption
+    #   control state.
     #   @return [String]
     #
     # @!attribute [rw] resource_exclusions
+    #   Information about resource exclusions for the VPC Encryption Control
+    #   configuration.
     #   @return [Types::VpcEncryptionControlExclusions]
     #
     # @!attribute [rw] tags
+    #   The tags assigned to the VPC Encryption Control configuration.
     #   @return [Array<Types::Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcEncryptionControl AWS API Documentation
@@ -82808,10 +83911,91 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Describes the configuration settings for VPC Encryption Control.
+    #
+    # For more information, see [Enforce VPC encryption in transit][1] in
+    # the *Amazon VPC User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html
+    #
+    # @!attribute [rw] mode
+    #   The encryption mode for the VPC Encryption Control configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] internet_gateway_exclusion
+    #   Specifies whether to exclude internet gateway traffic from
+    #   encryption enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] egress_only_internet_gateway_exclusion
+    #   Specifies whether to exclude egress-only internet gateway traffic
+    #   from encryption enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] nat_gateway_exclusion
+    #   Specifies whether to exclude NAT gateway traffic from encryption
+    #   enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] virtual_private_gateway_exclusion
+    #   Specifies whether to exclude virtual private gateway traffic from
+    #   encryption enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_peering_exclusion
+    #   Specifies whether to exclude VPC peering connection traffic from
+    #   encryption enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] lambda_exclusion
+    #   Specifies whether to exclude Lambda function traffic from encryption
+    #   enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_lattice_exclusion
+    #   Specifies whether to exclude VPC Lattice traffic from encryption
+    #   enforcement.
+    #   @return [String]
+    #
+    # @!attribute [rw] elastic_file_system_exclusion
+    #   Specifies whether to exclude Elastic File System traffic from
+    #   encryption enforcement.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcEncryptionControlConfiguration AWS API Documentation
+    #
+    class VpcEncryptionControlConfiguration < Struct.new(
+      :mode,
+      :internet_gateway_exclusion,
+      :egress_only_internet_gateway_exclusion,
+      :nat_gateway_exclusion,
+      :virtual_private_gateway_exclusion,
+      :vpc_peering_exclusion,
+      :lambda_exclusion,
+      :vpc_lattice_exclusion,
+      :elastic_file_system_exclusion)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes an exclusion configuration for VPC Encryption Control.
+    #
+    # For more information, see [Enforce VPC encryption in transit][1] in
+    # the *Amazon VPC User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html
+    #
     # @!attribute [rw] state
+    #   The current state of the exclusion configuration.
     #   @return [String]
     #
     # @!attribute [rw] state_message
+    #   A message providing additional information about the exclusion
+    #   state.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcEncryptionControlExclusion AWS API Documentation
@@ -82823,28 +84007,47 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Describes the exclusion configurations for various resource types in
+    # VPC Encryption Control.
+    #
+    # For more information, see [Enforce VPC encryption in transit][1] in
+    # the *Amazon VPC User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html
+    #
     # @!attribute [rw] internet_gateway
+    #   The exclusion configuration for internet gateway traffic.
     #   @return [Types::VpcEncryptionControlExclusion]
     #
     # @!attribute [rw] egress_only_internet_gateway
+    #   The exclusion configuration for egress-only internet gateway
+    #   traffic.
     #   @return [Types::VpcEncryptionControlExclusion]
     #
     # @!attribute [rw] nat_gateway
+    #   The exclusion configuration for NAT gateway traffic.
     #   @return [Types::VpcEncryptionControlExclusion]
     #
     # @!attribute [rw] virtual_private_gateway
+    #   The exclusion configuration for virtual private gateway traffic.
     #   @return [Types::VpcEncryptionControlExclusion]
     #
     # @!attribute [rw] vpc_peering
+    #   The exclusion configuration for VPC peering connection traffic.
     #   @return [Types::VpcEncryptionControlExclusion]
     #
     # @!attribute [rw] lambda
+    #   The exclusion configuration for Lambda function traffic.
     #   @return [Types::VpcEncryptionControlExclusion]
     #
     # @!attribute [rw] vpc_lattice
+    #   The exclusion configuration for VPC Lattice traffic.
     #   @return [Types::VpcEncryptionControlExclusion]
     #
     # @!attribute [rw] elastic_file_system
+    #   The exclusion configuration for Elastic File System traffic.
     #   @return [Types::VpcEncryptionControlExclusion]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcEncryptionControlExclusions AWS API Documentation
@@ -82862,6 +84065,44 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Describes a resource that is not compliant with VPC encryption
+    # requirements.
+    #
+    # For more information, see [Enforce VPC encryption in transit][1] in
+    # the *Amazon VPC User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html
+    #
+    # @!attribute [rw] id
+    #   The ID of the non-compliant resource.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of the non-compliant resource.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the non-compliant resource.
+    #   @return [String]
+    #
+    # @!attribute [rw] is_excludable
+    #   Indicates whether the resource can be excluded from encryption
+    #   enforcement.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcEncryptionNonCompliantResource AWS API Documentation
+    #
+    class VpcEncryptionNonCompliantResource < Struct.new(
+      :id,
+      :type,
+      :description,
+      :is_excludable)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes a VPC endpoint.
     #
     # @!attribute [rw] vpc_endpoint_id