aws-sdk-ec2 1.86.0 → 1.87.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cee1fcb9ada1759eb0f2bda37de5b0398eb2ccb2
-  data.tar.gz: 5e259b673ef3246e27b3b6d8fad960b0783fc131
+  metadata.gz: 21dda517188475950d29fe7f6e39614b5a01590b
+  data.tar.gz: 5aa78a8b99f16769e3832e3d753fb2d17c97594d
 SHA512:
-  metadata.gz: ae60eac47791c687a71bc190b8c52826f1ccbaa062ba0caa448b2f4669004782a17f68e9fa558c0160e630a1453807f5564b15ad9d6b6ad0aa6645cdae5b5ab6
-  data.tar.gz: 5850a8b83446da5f7efcca472b1017d02d8ccbf19c2dc05842d34cca1eebc5e31f91f1f9247b1e0489d30255b7ebd4e1dc1cc212e16a116ab046ab3fc3b4d0ae
+  metadata.gz: 883e7edbf9f132e67c27eaed8acf9b0ca9956552942692c93c51cc61709803d798bf0b044d4a880550cf615388f1278c0c89e91e0e6feea78d50bcaa9b2342f5
+  data.tar.gz: 8b258f3003a9fbcb4a315d27dc33e56a8d022cb6804aca2acdedceb9147eb3bfdea4589cbf1e61f5aa6d7372428a95978118fb07f488ce6e58a74a42558dadc8

data/lib/aws-sdk-ec2.rb

@@ -65,6 +65,6 @@ require_relative 'aws-sdk-ec2/customizations'
 # @service
 module Aws::EC2
 
-  GEM_VERSION = '1.86.0'
+  GEM_VERSION = '1.87.0'
 
 end

data/lib/aws-sdk-ec2/client.rb

@@ -7144,16 +7144,18 @@ module Aws::EC2
     # [4]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-volume.html
     #
     # @option params [required, String] :availability_zone
-    #   The Availability Zone in which to create the volume. Use
-    #   DescribeAvailabilityZones to list the Availability Zones that are
-    #   currently available to you.
+    #   The Availability Zone in which to create the volume.
     #
     # @option params [Boolean] :encrypted
     #   Specifies the encryption state of the volume. The default effect of
-    #   setting this parameter depends on the volume's source and ownership.
-    #   Each default case can be overridden by specifying a customer master
-    #   key (CMK) with the `KeyKeyId` parameter. For a complete list of
-    #   possible encryption cases, see [Amazon EBS Encryption][1].
+    #   setting the `Encrypted` parameter to `true` through the console, API,
+    #   or CLI depends on the volume's origin (new or from a snapshot),
+    #   starting encryption state, ownership, and whether [account-level
+    #   encryption][1] is enabled. Each default case can be overridden by
+    #   specifying a customer master key (CMK) with the `KmsKeyId` parameter
+    #   in addition to setting `Encrypted` to `true`. For a complete list of
+    #   possible encryption cases, see [Amazon EBS
+    #   Encryption](AWSEC2/latest/UserGuide/EBSEncryption.htm).
     #
     #   Encrypted Amazon EBS volumes may only be attached to instances that
     #   support Amazon EBS encryption. For more information, see [Supported
@@ -7161,7 +7163,7 @@ module Aws::EC2
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/account-level-encryption.html
     #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances
     #
     # @option params [Integer] :iops
@@ -7181,10 +7183,10 @@ module Aws::EC2
     #
     # @option params [String] :kms_key_id
     #   An identifier for the AWS Key Management Service (AWS KMS) customer
-    #   master key (CMK) to use when creating the encrypted volume. This
-    #   parameter is only required if you want to use a non-default CMK; if
-    #   this parameter is not specified, the default CMK for EBS is used. If a
-    #   `KmsKeyId` is specified, the `Encrypted` flag must also be set.
+    #   master key (CMK) to use to encrypt the volume. This parameter is only
+    #   required if you want to use a non-default CMK; if this parameter is
+    #   not specified, the default CMK for EBS is used. If a `KmsKeyId` is
+    #   specified, the `Encrypted` flag must also be set.
     #
     #   The CMK identifier may be provided in any of the following formats:
     #
@@ -7221,7 +7223,7 @@ module Aws::EC2
     #   Default: If you're creating the volume from a snapshot and don't
     #   specify a volume size, the default is the snapshot size.
     #
-    #   <note markdown="1"> At least one of Size or SnapshotId are required.
+    #   <note markdown="1"> At least one of Size or SnapshotId is required.
     #
     #    </note>
     #
@@ -7577,7 +7579,7 @@ module Aws::EC2
     #   attributes to `true`\: `enableDnsHostnames` and `enableDnsSupport`.
     #   Use ModifyVpcAttribute to set the VPC attributes.
     #
-    #   Default: `false`
+    #   Default: `true`
     #
     # @return [Types::CreateVpcEndpointResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -7900,8 +7902,8 @@ module Aws::EC2
     end
 
     # Creates a VPN connection between an existing virtual private gateway
-    # and a VPN customer gateway. The only supported connection type is
-    # `ipsec.1`.
+    # and a VPN customer gateway. The supported connection types are
+    # `ipsec.1` and `ipsec.2`.
     #
     # The response includes information that you need to give to your
     # network administrator to configure your customer gateway.
@@ -7928,7 +7930,7 @@ module Aws::EC2
     #   The ID of the customer gateway.
     #
     # @option params [required, String] :type
-    #   The type of VPN connection (`ipsec.1`).
+    #   The type of VPN connection (`ipsec.1` \| `ipsec.2`).
     #
     # @option params [String] :vpn_gateway_id
     #   The ID of the virtual private gateway. If you specify a virtual
@@ -21247,6 +21249,47 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Disables default encryption for EBS volumes that are created in your
+    # account in the current region.
+    #
+    # Call this API if you have enabled default encryption using
+    # EnableEbsEncryptionByDefault and want to disable default EBS
+    # encryption. Once default EBS encryption is disabled, you can still
+    # create an encrypted volume by setting *encrypted* to *true* in the API
+    # call that creates the volume.
+    #
+    # Disabling default EBS encryption will not change the encryption status
+    # of any of your existing volumes.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::DisableEbsEncryptionByDefaultResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DisableEbsEncryptionByDefaultResult#ebs_encryption_by_default #ebs_encryption_by_default} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disable_ebs_encryption_by_default({
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.ebs_encryption_by_default #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableEbsEncryptionByDefault AWS API Documentation
+    #
+    # @overload disable_ebs_encryption_by_default(params = {})
+    # @param [Hash] params ({})
+    def disable_ebs_encryption_by_default(params = {}, options = {})
+      req = build_request(:disable_ebs_encryption_by_default, params)
+      req.send_request(options)
+    end
+
     # Disables the specified resource attachment from propagating routes to
     # the specified propagation route table.
     #
@@ -21746,6 +21789,68 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Enables default encryption for EBS volumes that are created in your
+    # account in the current region.
+    #
+    # Once encryption is enabled with this action, EBS volumes that are
+    # created in your account will always be encrypted even if encryption is
+    # not specified at launch. This setting overrides the *encrypted*
+    # setting to *true* in all API calls that create EBS volumes in your
+    # account. A volume will be encrypted even if you specify *encryption*
+    # to be *false* in the API call that creates the volume.
+    #
+    # If you do not specify a customer master key (CMK) in the API call that
+    # creates the EBS volume, then the volume is encrypted to your AWS
+    # account's default CMK.
+    #
+    # You can specify a default CMK of your choice using
+    # ModifyEbsDefaultKmsKeyId.
+    #
+    # Enabling default encryption for EBS volumes has no effect on existing
+    # unencrypted volumes in your account. Encrypting the data in these
+    # requires manual action. You can either create an encrypted snapshot of
+    # an unencrypted volume, or encrypt a copy of an unencrypted snapshot.
+    # Any volume restored from an encrypted snapshot is also encrypted. For
+    # more information, see [Amazon EBS Snapshots][1].
+    #
+    # Once EBS encryption by default is enabled, you can no longer launch
+    # older-generation instance types that do not support encryption. For
+    # more information, see [Supported Instance Types][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html
+    # [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::EnableEbsEncryptionByDefaultResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::EnableEbsEncryptionByDefaultResult#ebs_encryption_by_default #ebs_encryption_by_default} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.enable_ebs_encryption_by_default({
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.ebs_encryption_by_default #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableEbsEncryptionByDefault AWS API Documentation
+    #
+    # @overload enable_ebs_encryption_by_default(params = {})
+    # @param [Hash] params ({})
+    def enable_ebs_encryption_by_default(params = {}, options = {})
+      req = build_request(:enable_ebs_encryption_by_default, params)
+      req.send_request(options)
+    end
+
     # Enables the specified attachment to propagate routes to the specified
     # propagation route table.
     #
@@ -22237,6 +22342,71 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Describes the default customer master key (CMK) that your account uses
+    # to encrypt EBS volumes if you don’t specify a CMK in the API call. You
+    # can change this default using ModifyEbsDefaultKmsKeyId.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::GetEbsDefaultKmsKeyIdResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetEbsDefaultKmsKeyIdResult#kms_key_id #kms_key_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_ebs_default_kms_key_id({
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.kms_key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsDefaultKmsKeyId AWS API Documentation
+    #
+    # @overload get_ebs_default_kms_key_id(params = {})
+    # @param [Hash] params ({})
+    def get_ebs_default_kms_key_id(params = {}, options = {})
+      req = build_request(:get_ebs_default_kms_key_id, params)
+      req.send_request(options)
+    end
+
+    # Describes whether default EBS encryption is enabled for your account
+    # in the current region.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::GetEbsEncryptionByDefaultResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetEbsEncryptionByDefaultResult#ebs_encryption_by_default #ebs_encryption_by_default} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_ebs_encryption_by_default({
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.ebs_encryption_by_default #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsEncryptionByDefault AWS API Documentation
+    #
+    # @overload get_ebs_encryption_by_default(params = {})
+    # @param [Hash] params ({})
+    def get_ebs_encryption_by_default(params = {}, options = {})
+      req = build_request(:get_ebs_encryption_by_default, params)
+      req.send_request(options)
+    end
+
     # Preview a reservation purchase with configurations that match those of
     # your Dedicated Host. You must have active Dedicated Hosts in your
     # account before you purchase a reservation.
@@ -23598,6 +23768,71 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Changes the default customer master key (CMK) that your account uses
+    # to encrypt EBS volumes if you don’t specify a CMK in the API call.
+    #
+    # Your account has an AWS-managed default CMK that is used for
+    # encrypting an EBS volume when no CMK is specified in the API call that
+    # creates the volume. By calling this API, you can specify a
+    # customer-managed CMK to use in place of the AWS-managed default CMK.
+    #
+    # Note: Deleting or disabling the custom CMK that you have specified to
+    # act as your default CMK will result in instance-launch failures.
+    #
+    # @option params [required, String] :kms_key_id
+    #   An identifier for the AWS Key Management Service (AWS KMS) customer
+    #   master key (CMK) to use to encrypt the volume. This parameter is only
+    #   required if you want to use a non-default CMK; if this parameter is
+    #   not specified, the default CMK for EBS is used. If a `KmsKeyId` is
+    #   specified, the `Encrypted` flag must also be set.
+    #
+    #   The CMK identifier may be provided in any of the following formats:
+    #
+    #   * Key ID
+    #
+    #   * Key alias
+    #
+    #   * ARN using key ID. The ID ARN contains the `arn:aws:kms` namespace,
+    #     followed by the Region of the CMK, the AWS account ID of the CMK
+    #     owner, the `key` namespace, and then the CMK ID. For example,
+    #     arn:aws:kms:*us-east-1*\:*012345678910*\:key/*abcd1234-a123-456a-a12b-a123b4cd56ef*.
+    #
+    #   * ARN using key alias. The alias ARN contains the `arn:aws:kms`
+    #     namespace, followed by the Region of the CMK, the AWS account ID of
+    #     the CMK owner, the `alias` namespace, and then the CMK alias. For
+    #     example,
+    #     arn:aws:kms:*us-east-1*\:*012345678910*\:alias/*ExampleAlias*.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::ModifyEbsDefaultKmsKeyIdResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ModifyEbsDefaultKmsKeyIdResult#kms_key_id #kms_key_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.modify_ebs_default_kms_key_id({
+    #     kms_key_id: "String", # required
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.kms_key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyEbsDefaultKmsKeyId AWS API Documentation
+    #
+    # @overload modify_ebs_default_kms_key_id(params = {})
+    # @param [Hash] params ({})
+    def modify_ebs_default_kms_key_id(params = {}, options = {})
+      req = build_request(:modify_ebs_default_kms_key_id, params)
+      req.send_request(options)
+    end
+
     # Modifies the specified EC2 Fleet.
     #
     # While the EC2 Fleet is being modified, it is in the `modifying` state.
@@ -24896,6 +25131,8 @@ module Aws::EC2
 
     # Modifies the specified Spot Fleet request.
     #
+    # You can only modify a Spot Fleet request of type `maintain`.
+    #
     # While the Spot Fleet request is being modified, it is in the
     # `modifying` state.
     #
@@ -25002,11 +25239,8 @@ module Aws::EC2
     #   created using version `2016-11-15` or later of the Amazon EC2 API.
     #
     # @option params [Types::AttributeBooleanValue] :map_public_ip_on_launch
-    #   Specify `true` to indicate that network interfaces created in the
-    #   specified subnet should be assigned a public IPv4 address. This
-    #   includes a network interface that's created when launching an
-    #   instance into the subnet (the instance therefore receives a public
-    #   IPv4 address).
+    #   Specify `true` to indicate that ENIs attached to instances created in
+    #   the specified subnet should be assigned a public IPv4 address.
     #
     # @option params [required, String] :subnet_id
     #   The ID of the subnet.
@@ -27959,6 +28193,50 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Resets the account's default customer master key (CMK) to the
+    # account's AWS-managed default CMK. This default CMK is used to
+    # encrypt EBS volumes when you have enabled EBS encryption by default
+    # without specifying a CMK in the API call. If you have not enabled
+    # encryption by default, then this CMK is used when you set the
+    # `Encrypted` parameter to true without specifying a custom CMK in the
+    # API call.
+    #
+    # Call this API if you have modified the default CMK that is used for
+    # encrypting your EBS volume using ModifyEbsDefaultKmsKeyId and you want
+    # to reset it to the AWS-managed default CMK. After resetting, you can
+    # continue to provide a CMK of your choice in the API call that creates
+    # the volume. However, if no CMK is specified, your account will encrypt
+    # the volume to the AWS-managed default CMK.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::ResetEbsDefaultKmsKeyIdResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ResetEbsDefaultKmsKeyIdResult#kms_key_id #kms_key_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.reset_ebs_default_kms_key_id({
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.kms_key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetEbsDefaultKmsKeyId AWS API Documentation
+    #
+    # @overload reset_ebs_default_kms_key_id(params = {})
+    # @param [Hash] params ({})
+    def reset_ebs_default_kms_key_id(params = {}, options = {})
+      req = build_request(:reset_ebs_default_kms_key_id, params)
+      req.send_request(options)
+    end
+
     # Resets the specified attribute of the specified Amazon FPGA Image
     # (AFI) to its default value. You can only reset the load permission
     # attribute.
@@ -28636,9 +28914,8 @@ module Aws::EC2
     #   status.
     #
     # @option params [String] :image_id
-    #   The ID of the AMI, which you can get by calling DescribeImages. An AMI
-    #   ID is required to launch an instance and must be specified here or in
-    #   a launch template.
+    #   The ID of the AMI. An AMI ID is required to launch an instance and
+    #   must be specified here or in a launch template.
     #
     # @option params [String] :instance_type
     #   The instance type. For more information, see [Instance Types][1] in
@@ -28800,13 +29077,17 @@ module Aws::EC2
     # @option params [Boolean] :disable_api_termination
     #   If you set this parameter to `true`, you can't terminate the instance
     #   using the Amazon EC2 console, CLI, or API; otherwise, you can. To
-    #   change this attribute to `false` after launch, use
-    #   ModifyInstanceAttribute. Alternatively, if you set
-    #   `InstanceInitiatedShutdownBehavior` to `terminate`, you can terminate
-    #   the instance by running the shutdown command from the instance.
+    #   change this attribute after launch, use [ModifyInstanceAttribute][1].
+    #   Alternatively, if you set `InstanceInitiatedShutdownBehavior` to
+    #   `terminate`, you can terminate the instance by running the shutdown
+    #   command from the instance.
     #
     #   Default: `false`
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html
+    #
     # @option params [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -30346,7 +30627,7 @@ module Aws::EC2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ec2'
-      context[:gem_version] = '1.86.0'
+      context[:gem_version] = '1.87.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ec2/client_api.rb

@@ -595,6 +595,8 @@ module Aws::EC2
     DhcpOptionsList = Shapes::ListShape.new(name: 'DhcpOptionsList')
     DirectoryServiceAuthentication = Shapes::StructureShape.new(name: 'DirectoryServiceAuthentication')
     DirectoryServiceAuthenticationRequest = Shapes::StructureShape.new(name: 'DirectoryServiceAuthenticationRequest')
+    DisableEbsEncryptionByDefaultRequest = Shapes::StructureShape.new(name: 'DisableEbsEncryptionByDefaultRequest')
+    DisableEbsEncryptionByDefaultResult = Shapes::StructureShape.new(name: 'DisableEbsEncryptionByDefaultResult')
     DisableTransitGatewayRouteTablePropagationRequest = Shapes::StructureShape.new(name: 'DisableTransitGatewayRouteTablePropagationRequest')
     DisableTransitGatewayRouteTablePropagationResult = Shapes::StructureShape.new(name: 'DisableTransitGatewayRouteTablePropagationResult')
     DisableVgwRoutePropagationRequest = Shapes::StructureShape.new(name: 'DisableVgwRoutePropagationRequest')
@@ -650,6 +652,8 @@ module Aws::EC2
     ElasticInferenceAcceleratorAssociation = Shapes::StructureShape.new(name: 'ElasticInferenceAcceleratorAssociation')
     ElasticInferenceAcceleratorAssociationList = Shapes::ListShape.new(name: 'ElasticInferenceAcceleratorAssociationList')
     ElasticInferenceAccelerators = Shapes::ListShape.new(name: 'ElasticInferenceAccelerators')
+    EnableEbsEncryptionByDefaultRequest = Shapes::StructureShape.new(name: 'EnableEbsEncryptionByDefaultRequest')
+    EnableEbsEncryptionByDefaultResult = Shapes::StructureShape.new(name: 'EnableEbsEncryptionByDefaultResult')
     EnableTransitGatewayRouteTablePropagationRequest = Shapes::StructureShape.new(name: 'EnableTransitGatewayRouteTablePropagationRequest')
     EnableTransitGatewayRouteTablePropagationResult = Shapes::StructureShape.new(name: 'EnableTransitGatewayRouteTablePropagationResult')
     EnableVgwRoutePropagationRequest = Shapes::StructureShape.new(name: 'EnableVgwRoutePropagationRequest')
@@ -716,6 +720,10 @@ module Aws::EC2
     GetConsoleOutputResult = Shapes::StructureShape.new(name: 'GetConsoleOutputResult')
     GetConsoleScreenshotRequest = Shapes::StructureShape.new(name: 'GetConsoleScreenshotRequest')
     GetConsoleScreenshotResult = Shapes::StructureShape.new(name: 'GetConsoleScreenshotResult')
+    GetEbsDefaultKmsKeyIdRequest = Shapes::StructureShape.new(name: 'GetEbsDefaultKmsKeyIdRequest')
+    GetEbsDefaultKmsKeyIdResult = Shapes::StructureShape.new(name: 'GetEbsDefaultKmsKeyIdResult')
+    GetEbsEncryptionByDefaultRequest = Shapes::StructureShape.new(name: 'GetEbsEncryptionByDefaultRequest')
+    GetEbsEncryptionByDefaultResult = Shapes::StructureShape.new(name: 'GetEbsEncryptionByDefaultResult')
     GetHostReservationPurchasePreviewRequest = Shapes::StructureShape.new(name: 'GetHostReservationPurchasePreviewRequest')
     GetHostReservationPurchasePreviewResult = Shapes::StructureShape.new(name: 'GetHostReservationPurchasePreviewResult')
     GetLaunchTemplateDataRequest = Shapes::StructureShape.new(name: 'GetLaunchTemplateDataRequest')
@@ -946,6 +954,8 @@ module Aws::EC2
     ModifyCapacityReservationResult = Shapes::StructureShape.new(name: 'ModifyCapacityReservationResult')
     ModifyClientVpnEndpointRequest = Shapes::StructureShape.new(name: 'ModifyClientVpnEndpointRequest')
     ModifyClientVpnEndpointResult = Shapes::StructureShape.new(name: 'ModifyClientVpnEndpointResult')
+    ModifyEbsDefaultKmsKeyIdRequest = Shapes::StructureShape.new(name: 'ModifyEbsDefaultKmsKeyIdRequest')
+    ModifyEbsDefaultKmsKeyIdResult = Shapes::StructureShape.new(name: 'ModifyEbsDefaultKmsKeyIdResult')
     ModifyFleetRequest = Shapes::StructureShape.new(name: 'ModifyFleetRequest')
     ModifyFleetResult = Shapes::StructureShape.new(name: 'ModifyFleetResult')
     ModifyFpgaImageAttributeRequest = Shapes::StructureShape.new(name: 'ModifyFpgaImageAttributeRequest')
@@ -1171,6 +1181,8 @@ module Aws::EC2
     ReservedInstancesOfferingIdStringList = Shapes::ListShape.new(name: 'ReservedInstancesOfferingIdStringList')
     ReservedInstancesOfferingList = Shapes::ListShape.new(name: 'ReservedInstancesOfferingList')
     ReservedIntancesIds = Shapes::ListShape.new(name: 'ReservedIntancesIds')
+    ResetEbsDefaultKmsKeyIdRequest = Shapes::StructureShape.new(name: 'ResetEbsDefaultKmsKeyIdRequest')
+    ResetEbsDefaultKmsKeyIdResult = Shapes::StructureShape.new(name: 'ResetEbsDefaultKmsKeyIdResult')
     ResetFpgaImageAttributeName = Shapes::StringShape.new(name: 'ResetFpgaImageAttributeName')
     ResetFpgaImageAttributeRequest = Shapes::StructureShape.new(name: 'ResetFpgaImageAttributeRequest')
     ResetFpgaImageAttributeResult = Shapes::StructureShape.new(name: 'ResetFpgaImageAttributeResult')
@@ -3973,6 +3985,12 @@ module Aws::EC2
     DirectoryServiceAuthenticationRequest.add_member(:directory_id, Shapes::ShapeRef.new(shape: String, location_name: "DirectoryId"))
     DirectoryServiceAuthenticationRequest.struct_class = Types::DirectoryServiceAuthenticationRequest
 
+    DisableEbsEncryptionByDefaultRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    DisableEbsEncryptionByDefaultRequest.struct_class = Types::DisableEbsEncryptionByDefaultRequest
+
+    DisableEbsEncryptionByDefaultResult.add_member(:ebs_encryption_by_default, Shapes::ShapeRef.new(shape: Boolean, location_name: "ebsEncryptionByDefault"))
+    DisableEbsEncryptionByDefaultResult.struct_class = Types::DisableEbsEncryptionByDefaultResult
+
     DisableTransitGatewayRouteTablePropagationRequest.add_member(:transit_gateway_route_table_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TransitGatewayRouteTableId"))
     DisableTransitGatewayRouteTablePropagationRequest.add_member(:transit_gateway_attachment_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TransitGatewayAttachmentId"))
     DisableTransitGatewayRouteTablePropagationRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
@@ -4152,6 +4170,12 @@ module Aws::EC2
 
     ElasticInferenceAccelerators.member = Shapes::ShapeRef.new(shape: ElasticInferenceAccelerator, location_name: "item")
 
+    EnableEbsEncryptionByDefaultRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    EnableEbsEncryptionByDefaultRequest.struct_class = Types::EnableEbsEncryptionByDefaultRequest
+
+    EnableEbsEncryptionByDefaultResult.add_member(:ebs_encryption_by_default, Shapes::ShapeRef.new(shape: Boolean, location_name: "ebsEncryptionByDefault"))
+    EnableEbsEncryptionByDefaultResult.struct_class = Types::EnableEbsEncryptionByDefaultResult
+
     EnableTransitGatewayRouteTablePropagationRequest.add_member(:transit_gateway_route_table_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TransitGatewayRouteTableId"))
     EnableTransitGatewayRouteTablePropagationRequest.add_member(:transit_gateway_attachment_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TransitGatewayAttachmentId"))
     EnableTransitGatewayRouteTablePropagationRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
@@ -4380,6 +4404,18 @@ module Aws::EC2
     GetConsoleScreenshotResult.add_member(:instance_id, Shapes::ShapeRef.new(shape: String, location_name: "instanceId"))
     GetConsoleScreenshotResult.struct_class = Types::GetConsoleScreenshotResult
 
+    GetEbsDefaultKmsKeyIdRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    GetEbsDefaultKmsKeyIdRequest.struct_class = Types::GetEbsDefaultKmsKeyIdRequest
+
+    GetEbsDefaultKmsKeyIdResult.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: String, location_name: "kmsKeyId"))
+    GetEbsDefaultKmsKeyIdResult.struct_class = Types::GetEbsDefaultKmsKeyIdResult
+
+    GetEbsEncryptionByDefaultRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    GetEbsEncryptionByDefaultRequest.struct_class = Types::GetEbsEncryptionByDefaultRequest
+
+    GetEbsEncryptionByDefaultResult.add_member(:ebs_encryption_by_default, Shapes::ShapeRef.new(shape: Boolean, location_name: "ebsEncryptionByDefault"))
+    GetEbsEncryptionByDefaultResult.struct_class = Types::GetEbsEncryptionByDefaultResult
+
     GetHostReservationPurchasePreviewRequest.add_member(:host_id_set, Shapes::ShapeRef.new(shape: RequestHostIdSet, required: true, location_name: "HostIdSet"))
     GetHostReservationPurchasePreviewRequest.add_member(:offering_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "OfferingId"))
     GetHostReservationPurchasePreviewRequest.struct_class = Types::GetHostReservationPurchasePreviewRequest
@@ -5367,6 +5403,13 @@ module Aws::EC2
     ModifyClientVpnEndpointResult.add_member(:return, Shapes::ShapeRef.new(shape: Boolean, location_name: "return"))
     ModifyClientVpnEndpointResult.struct_class = Types::ModifyClientVpnEndpointResult
 
+    ModifyEbsDefaultKmsKeyIdRequest.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "KmsKeyId"))
+    ModifyEbsDefaultKmsKeyIdRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    ModifyEbsDefaultKmsKeyIdRequest.struct_class = Types::ModifyEbsDefaultKmsKeyIdRequest
+
+    ModifyEbsDefaultKmsKeyIdResult.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: String, location_name: "kmsKeyId"))
+    ModifyEbsDefaultKmsKeyIdResult.struct_class = Types::ModifyEbsDefaultKmsKeyIdResult
+
     ModifyFleetRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
     ModifyFleetRequest.add_member(:excess_capacity_termination_policy, Shapes::ShapeRef.new(shape: FleetExcessCapacityTerminationPolicy, location_name: "ExcessCapacityTerminationPolicy"))
     ModifyFleetRequest.add_member(:fleet_id, Shapes::ShapeRef.new(shape: FleetIdentifier, required: true, location_name: "FleetId"))
@@ -6331,6 +6374,12 @@ module Aws::EC2
 
     ReservedIntancesIds.member = Shapes::ShapeRef.new(shape: ReservedInstancesId, location_name: "item")
 
+    ResetEbsDefaultKmsKeyIdRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    ResetEbsDefaultKmsKeyIdRequest.struct_class = Types::ResetEbsDefaultKmsKeyIdRequest
+
+    ResetEbsDefaultKmsKeyIdResult.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: String, location_name: "kmsKeyId"))
+    ResetEbsDefaultKmsKeyIdResult.struct_class = Types::ResetEbsDefaultKmsKeyIdResult
+
     ResetFpgaImageAttributeRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
     ResetFpgaImageAttributeRequest.add_member(:fpga_image_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "FpgaImageId"))
     ResetFpgaImageAttributeRequest.add_member(:attribute, Shapes::ShapeRef.new(shape: ResetFpgaImageAttributeName, location_name: "Attribute"))
@@ -9752,6 +9801,14 @@ module Aws::EC2
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
       end)
 
+      api.add_operation(:disable_ebs_encryption_by_default, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DisableEbsEncryptionByDefault"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DisableEbsEncryptionByDefaultRequest)
+        o.output = Shapes::ShapeRef.new(shape: DisableEbsEncryptionByDefaultResult)
+      end)
+
       api.add_operation(:disable_transit_gateway_route_table_propagation, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DisableTransitGatewayRouteTablePropagation"
         o.http_method = "POST"
@@ -9840,6 +9897,14 @@ module Aws::EC2
         o.output = Shapes::ShapeRef.new(shape: DisassociateVpcCidrBlockResult)
       end)
 
+      api.add_operation(:enable_ebs_encryption_by_default, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "EnableEbsEncryptionByDefault"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: EnableEbsEncryptionByDefaultRequest)
+        o.output = Shapes::ShapeRef.new(shape: EnableEbsEncryptionByDefaultResult)
+      end)
+
       api.add_operation(:enable_transit_gateway_route_table_propagation, Seahorse::Model::Operation.new.tap do |o|
         o.name = "EnableTransitGatewayRouteTablePropagation"
         o.http_method = "POST"
@@ -9920,6 +9985,22 @@ module Aws::EC2
         o.output = Shapes::ShapeRef.new(shape: GetConsoleScreenshotResult)
       end)
 
+      api.add_operation(:get_ebs_default_kms_key_id, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetEbsDefaultKmsKeyId"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetEbsDefaultKmsKeyIdRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetEbsDefaultKmsKeyIdResult)
+      end)
+
+      api.add_operation(:get_ebs_encryption_by_default, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetEbsEncryptionByDefault"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetEbsEncryptionByDefaultRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetEbsEncryptionByDefaultResult)
+      end)
+
       api.add_operation(:get_host_reservation_purchase_preview, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetHostReservationPurchasePreview"
         o.http_method = "POST"
@@ -10058,6 +10139,14 @@ module Aws::EC2
         o.output = Shapes::ShapeRef.new(shape: ModifyClientVpnEndpointResult)
       end)
 
+      api.add_operation(:modify_ebs_default_kms_key_id, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ModifyEbsDefaultKmsKeyId"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ModifyEbsDefaultKmsKeyIdRequest)
+        o.output = Shapes::ShapeRef.new(shape: ModifyEbsDefaultKmsKeyIdResult)
+      end)
+
       api.add_operation(:modify_fleet, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ModifyFleet"
         o.http_method = "POST"
@@ -10458,6 +10547,14 @@ module Aws::EC2
         o.output = Shapes::ShapeRef.new(shape: RequestSpotInstancesResult)
       end)
 
+      api.add_operation(:reset_ebs_default_kms_key_id, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ResetEbsDefaultKmsKeyId"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ResetEbsDefaultKmsKeyIdRequest)
+        o.output = Shapes::ShapeRef.new(shape: ResetEbsDefaultKmsKeyIdResult)
+      end)
+
       api.add_operation(:reset_fpga_image_attribute, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ResetFpgaImageAttribute"
         o.http_method = "POST"

data/lib/aws-sdk-ec2/resource.rb

@@ -201,9 +201,8 @@ module Aws::EC2
     #   not blank and its encryption status is used for the volume encryption
     #   status.
     # @option options [String] :image_id
-    #   The ID of the AMI, which you can get by calling DescribeImages. An AMI
-    #   ID is required to launch an instance and must be specified here or in
-    #   a launch template.
+    #   The ID of the AMI. An AMI ID is required to launch an instance and
+    #   must be specified here or in a launch template.
     # @option options [String] :instance_type
     #   The instance type. For more information, see [Instance Types][1] in
     #   the *Amazon Elastic Compute Cloud User Guide*.
@@ -348,12 +347,16 @@ module Aws::EC2
     # @option options [Boolean] :disable_api_termination
     #   If you set this parameter to `true`, you can't terminate the instance
     #   using the Amazon EC2 console, CLI, or API; otherwise, you can. To
-    #   change this attribute to `false` after launch, use
-    #   ModifyInstanceAttribute. Alternatively, if you set
-    #   `InstanceInitiatedShutdownBehavior` to `terminate`, you can terminate
-    #   the instance by running the shutdown command from the instance.
+    #   change this attribute after launch, use [ModifyInstanceAttribute][1].
+    #   Alternatively, if you set `InstanceInitiatedShutdownBehavior` to
+    #   `terminate`, you can terminate the instance by running the shutdown
+    #   command from the instance.
     #
     #   Default: `false`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html
     # @option options [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.
@@ -878,15 +881,17 @@ module Aws::EC2
     #   })
     # @param [Hash] options ({})
     # @option options [required, String] :availability_zone
-    #   The Availability Zone in which to create the volume. Use
-    #   DescribeAvailabilityZones to list the Availability Zones that are
-    #   currently available to you.
+    #   The Availability Zone in which to create the volume.
     # @option options [Boolean] :encrypted
     #   Specifies the encryption state of the volume. The default effect of
-    #   setting this parameter depends on the volume's source and ownership.
-    #   Each default case can be overridden by specifying a customer master
-    #   key (CMK) with the `KeyKeyId` parameter. For a complete list of
-    #   possible encryption cases, see [Amazon EBS Encryption][1].
+    #   setting the `Encrypted` parameter to `true` through the console, API,
+    #   or CLI depends on the volume's origin (new or from a snapshot),
+    #   starting encryption state, ownership, and whether [account-level
+    #   encryption][1] is enabled. Each default case can be overridden by
+    #   specifying a customer master key (CMK) with the `KmsKeyId` parameter
+    #   in addition to setting `Encrypted` to `true`. For a complete list of
+    #   possible encryption cases, see [Amazon EBS
+    #   Encryption](AWSEC2/latest/UserGuide/EBSEncryption.htm).
     #
     #   Encrypted Amazon EBS volumes may only be attached to instances that
     #   support Amazon EBS encryption. For more information, see [Supported
@@ -894,7 +899,7 @@ module Aws::EC2
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/account-level-encryption.html
     #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances
     # @option options [Integer] :iops
     #   The number of I/O operations per second (IOPS) to provision for the
@@ -912,10 +917,10 @@ module Aws::EC2
     #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
     # @option options [String] :kms_key_id
     #   An identifier for the AWS Key Management Service (AWS KMS) customer
-    #   master key (CMK) to use when creating the encrypted volume. This
-    #   parameter is only required if you want to use a non-default CMK; if
-    #   this parameter is not specified, the default CMK for EBS is used. If a
-    #   `KmsKeyId` is specified, the `Encrypted` flag must also be set.
+    #   master key (CMK) to use to encrypt the volume. This parameter is only
+    #   required if you want to use a non-default CMK; if this parameter is
+    #   not specified, the default CMK for EBS is used. If a `KmsKeyId` is
+    #   specified, the `Encrypted` flag must also be set.
     #
     #   The CMK identifier may be provided in any of the following formats:
     #
@@ -951,7 +956,7 @@ module Aws::EC2
     #   Default: If you're creating the volume from a snapshot and don't
     #   specify a volume size, the default is the snapshot size.
     #
-    #   <note markdown="1"> At least one of Size or SnapshotId are required.
+    #   <note markdown="1"> At least one of Size or SnapshotId is required.
     #
     #    </note>
     # @option options [String] :snapshot_id

data/lib/aws-sdk-ec2/subnet.rb

@@ -396,9 +396,8 @@ module Aws::EC2
     #   not blank and its encryption status is used for the volume encryption
     #   status.
     # @option options [String] :image_id
-    #   The ID of the AMI, which you can get by calling DescribeImages. An AMI
-    #   ID is required to launch an instance and must be specified here or in
-    #   a launch template.
+    #   The ID of the AMI. An AMI ID is required to launch an instance and
+    #   must be specified here or in a launch template.
     # @option options [String] :instance_type
     #   The instance type. For more information, see [Instance Types][1] in
     #   the *Amazon Elastic Compute Cloud User Guide*.
@@ -538,12 +537,16 @@ module Aws::EC2
     # @option options [Boolean] :disable_api_termination
     #   If you set this parameter to `true`, you can't terminate the instance
     #   using the Amazon EC2 console, CLI, or API; otherwise, you can. To
-    #   change this attribute to `false` after launch, use
-    #   ModifyInstanceAttribute. Alternatively, if you set
-    #   `InstanceInitiatedShutdownBehavior` to `terminate`, you can terminate
-    #   the instance by running the shutdown command from the instance.
+    #   change this attribute after launch, use [ModifyInstanceAttribute][1].
+    #   Alternatively, if you set `InstanceInitiatedShutdownBehavior` to
+    #   `terminate`, you can terminate the instance by running the shutdown
+    #   command from the instance.
     #
     #   Default: `false`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html
     # @option options [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
     #   without actually making the request, and provides an error response.

data/lib/aws-sdk-ec2/types.rb

@@ -6964,18 +6964,19 @@ module Aws::EC2
     #       }
     #
     # @!attribute [rw] availability_zone
-    #   The Availability Zone in which to create the volume. Use
-    #   DescribeAvailabilityZones to list the Availability Zones that are
-    #   currently available to you.
+    #   The Availability Zone in which to create the volume.
     #   @return [String]
     #
     # @!attribute [rw] encrypted
     #   Specifies the encryption state of the volume. The default effect of
-    #   setting this parameter depends on the volume's source and
-    #   ownership. Each default case can be overridden by specifying a
-    #   customer master key (CMK) with the `KeyKeyId` parameter. For a
-    #   complete list of possible encryption cases, see [Amazon EBS
-    #   Encryption][1].
+    #   setting the `Encrypted` parameter to `true` through the console,
+    #   API, or CLI depends on the volume's origin (new or from a
+    #   snapshot), starting encryption state, ownership, and whether
+    #   [account-level encryption][1] is enabled. Each default case can be
+    #   overridden by specifying a customer master key (CMK) with the
+    #   `KmsKeyId` parameter in addition to setting `Encrypted` to `true`.
+    #   For a complete list of possible encryption cases, see [Amazon EBS
+    #   Encryption](AWSEC2/latest/UserGuide/EBSEncryption.htm).
     #
     #   Encrypted Amazon EBS volumes may only be attached to instances that
     #   support Amazon EBS encryption. For more information, see [Supported
@@ -6983,7 +6984,7 @@ module Aws::EC2
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/account-level-encryption.html
     #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances
     #   @return [Boolean]
     #
@@ -7006,10 +7007,10 @@ module Aws::EC2
     #
     # @!attribute [rw] kms_key_id
     #   An identifier for the AWS Key Management Service (AWS KMS) customer
-    #   master key (CMK) to use when creating the encrypted volume. This
-    #   parameter is only required if you want to use a non-default CMK; if
-    #   this parameter is not specified, the default CMK for EBS is used. If
-    #   a `KmsKeyId` is specified, the `Encrypted` flag must also be set.
+    #   master key (CMK) to use to encrypt the volume. This parameter is
+    #   only required if you want to use a non-default CMK; if this
+    #   parameter is not specified, the default CMK for EBS is used. If a
+    #   `KmsKeyId` is specified, the `Encrypted` flag must also be set.
     #
     #   The CMK identifier may be provided in any of the following formats:
     #
@@ -7047,7 +7048,7 @@ module Aws::EC2
     #   Default: If you're creating the volume from a snapshot and don't
     #   specify a volume size, the default is the snapshot size.
     #
-    #   <note markdown="1"> At least one of Size or SnapshotId are required.
+    #   <note markdown="1"> At least one of Size or SnapshotId is required.
     #
     #    </note>
     #   @return [Integer]
@@ -7259,7 +7260,7 @@ module Aws::EC2
     #   attributes to `true`\: `enableDnsHostnames` and `enableDnsSupport`.
     #   Use ModifyVpcAttribute to set the VPC attributes.
     #
-    #   Default: `false`
+    #   Default: `true`
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcEndpointRequest AWS API Documentation
@@ -7515,7 +7516,7 @@ module Aws::EC2
     #   @return [String]
     #
     # @!attribute [rw] type
-    #   The type of VPN connection (`ipsec.1`).
+    #   The type of VPN connection (`ipsec.1` \| `ipsec.2`).
     #   @return [String]
     #
     # @!attribute [rw] vpn_gateway_id
@@ -17875,6 +17876,38 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DisableEbsEncryptionByDefaultRequest
+    #   data as a hash:
+    #
+    #       {
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableEbsEncryptionByDefaultRequest AWS API Documentation
+    #
+    class DisableEbsEncryptionByDefaultRequest < Struct.new(
+      :dry_run)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] ebs_encryption_by_default
+    #   Account-level encryption status after performing the action.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableEbsEncryptionByDefaultResult AWS API Documentation
+    #
+    class DisableEbsEncryptionByDefaultResult < Struct.new(
+      :ebs_encryption_by_default)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DisableTransitGatewayRouteTablePropagationRequest
     #   data as a hash:
     #
@@ -18489,7 +18522,7 @@ module Aws::EC2
     #   Cloud User Guide*.
     #
     #   Constraints: Range is 100-16,000 IOPS for `gp2` volumes and 100 to
-    #   64,000IOPS for `io1` volumes in most Regions. Maximum `io1`IOPS of
+    #   64,000IOPS for `io1` volumes in most Regions. Maximum `io1` IOPS of
     #   64,000 is guaranteed only on [Nitro-based instances][2]. Other
     #   instance families guarantee performance up to 32,000 IOPS. For more
     #   information, see [Amazon EBS Volume Types][1] in the *Amazon Elastic
@@ -18530,25 +18563,28 @@ module Aws::EC2
     #   @return [String]
     #
     # @!attribute [rw] encrypted
-    #   Indicates whether the encryption state of an EBS volume is to be
-    #   changed while being restored from a backing snapshot. The default
-    #   effect of setting this parameter to `true` or leaving it unset
-    #   depends on the origin, starting encryption state, and ownership of
-    #   the volume. Each default case can be overridden by specifying a
-    #   customer master key (CMK) as argument to the `KmsKeyId` parameter in
-    #   addition to setting `Encrypted` = `true`. For a complete list of
-    #   possible encryption cases, see [Amazon EBS Encryption][1].
+    #   Indicates whether the encryption state of an EBS volume is changed
+    #   while being restored from a backing snapshot. The default effect of
+    #   setting the `Encrypted` parameter to `true` through the console,
+    #   API, or CLI depends on the volume's origin (new or from a
+    #   snapshot), starting encryption state, ownership, and whether
+    #   [account-level encryption][1] is enabled. Each default case can be
+    #   overridden by specifying a customer master key (CMK) with the
+    #   `KmsKeyId` parameter in addition to setting `Encrypted` to `true`.
+    #   For a complete list of possible encryption cases, see [Amazon EBS
+    #   Encryption][2] in the *Amazon Elastic Compute Cloud User Guide*.
     #
     #   In no case can you remove encryption from an encrypted volume.
     #
     #   Encrypted volumes can only be attached to instances that support
     #   Amazon EBS encryption. For more information, see [Supported Instance
-    #   Types][2].
+    #   Types][3].
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
-    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/account-level-encryption.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-parameters
+    #   [3]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances
     #   @return [Boolean]
     #
     # @!attribute [rw] kms_key_id
@@ -18822,6 +18858,38 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass EnableEbsEncryptionByDefaultRequest
+    #   data as a hash:
+    #
+    #       {
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableEbsEncryptionByDefaultRequest AWS API Documentation
+    #
+    class EnableEbsEncryptionByDefaultRequest < Struct.new(
+      :dry_run)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] ebs_encryption_by_default
+    #   Account-level encryption status after performing the action.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableEbsEncryptionByDefaultResult AWS API Documentation
+    #
+    class EnableEbsEncryptionByDefaultResult < Struct.new(
+      :ebs_encryption_by_default)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass EnableTransitGatewayRouteTablePropagationRequest
     #   data as a hash:
     #
@@ -20144,6 +20212,73 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetEbsDefaultKmsKeyIdRequest
+    #   data as a hash:
+    #
+    #       {
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsDefaultKmsKeyIdRequest AWS API Documentation
+    #
+    class GetEbsDefaultKmsKeyIdRequest < Struct.new(
+      :dry_run)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] kms_key_id
+    #   The full ARN of the default CMK that your account uses to encrypt an
+    #   EBS volume when no CMK is specified in the API call that creates the
+    #   volume.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsDefaultKmsKeyIdResult AWS API Documentation
+    #
+    class GetEbsDefaultKmsKeyIdResult < Struct.new(
+      :kms_key_id)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetEbsEncryptionByDefaultRequest
+    #   data as a hash:
+    #
+    #       {
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsEncryptionByDefaultRequest AWS API Documentation
+    #
+    class GetEbsEncryptionByDefaultRequest < Struct.new(
+      :dry_run)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] ebs_encryption_by_default
+    #   Indicates whether default encryption for EBS volumes is enabled or
+    #   disabled.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsEncryptionByDefaultResult AWS API Documentation
+    #
+    class GetEbsEncryptionByDefaultResult < Struct.new(
+      :ebs_encryption_by_default)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetHostReservationPurchasePreviewRequest
     #   data as a hash:
     #
@@ -25443,6 +25578,67 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ModifyEbsDefaultKmsKeyIdRequest
+    #   data as a hash:
+    #
+    #       {
+    #         kms_key_id: "String", # required
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] kms_key_id
+    #   An identifier for the AWS Key Management Service (AWS KMS) customer
+    #   master key (CMK) to use to encrypt the volume. This parameter is
+    #   only required if you want to use a non-default CMK; if this
+    #   parameter is not specified, the default CMK for EBS is used. If a
+    #   `KmsKeyId` is specified, the `Encrypted` flag must also be set.
+    #
+    #   The CMK identifier may be provided in any of the following formats:
+    #
+    #   * Key ID
+    #
+    #   * Key alias
+    #
+    #   * ARN using key ID. The ID ARN contains the `arn:aws:kms` namespace,
+    #     followed by the Region of the CMK, the AWS account ID of the CMK
+    #     owner, the `key` namespace, and then the CMK ID. For example,
+    #     arn:aws:kms:*us-east-1*\:*012345678910*\:key/*abcd1234-a123-456a-a12b-a123b4cd56ef*.
+    #
+    #   * ARN using key alias. The alias ARN contains the `arn:aws:kms`
+    #     namespace, followed by the Region of the CMK, the AWS account ID
+    #     of the CMK owner, the `alias` namespace, and then the CMK alias.
+    #     For example,
+    #     arn:aws:kms:*us-east-1*\:*012345678910*\:alias/*ExampleAlias*.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyEbsDefaultKmsKeyIdRequest AWS API Documentation
+    #
+    class ModifyEbsDefaultKmsKeyIdRequest < Struct.new(
+      :kms_key_id,
+      :dry_run)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] kms_key_id
+    #   The full ARN of the default CMK that your account uses to encrypt an
+    #   EBS volume when no CMK is specified in the API call that creates the
+    #   volume.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyEbsDefaultKmsKeyIdResult AWS API Documentation
+    #
+    class ModifyEbsDefaultKmsKeyIdResult < Struct.new(
+      :kms_key_id)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ModifyFleetRequest
     #   data as a hash:
     #
@@ -26585,11 +26781,8 @@ module Aws::EC2
     #   @return [Types::AttributeBooleanValue]
     #
     # @!attribute [rw] map_public_ip_on_launch
-    #   Specify `true` to indicate that network interfaces created in the
-    #   specified subnet should be assigned a public IPv4 address. This
-    #   includes a network interface that's created when launching an
-    #   instance into the subnet (the instance therefore receives a public
-    #   IPv4 address).
+    #   Specify `true` to indicate that ENIs attached to instances created
+    #   in the specified subnet should be assigned a public IPv4 address.
     #   @return [Types::AttributeBooleanValue]
     #
     # @!attribute [rw] subnet_id
@@ -30030,11 +30223,7 @@ module Aws::EC2
     #   @return [Array<Types::LaunchTemplateInstanceNetworkInterfaceSpecificationRequest>]
     #
     # @!attribute [rw] image_id
-    #   The ID of the AMI, which you can get by using [DescribeImages][1].
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html
+    #   The ID of the AMI.
     #   @return [String]
     #
     # @!attribute [rw] instance_type
@@ -30081,9 +30270,13 @@ module Aws::EC2
     #   @return [String]
     #
     # @!attribute [rw] disable_api_termination
-    #   If set to `true`, you can't terminate the instance using the Amazon
-    #   EC2 console, CLI, or API. To change this attribute to `false` after
-    #   launch, use [ ModifyInstanceAttribute][1].
+    #   If you set this parameter to `true`, you can't terminate the
+    #   instance using the Amazon EC2 console, CLI, or API; otherwise, you
+    #   can. To change this attribute after launch, use
+    #   [ModifyInstanceAttribute][1]. Alternatively, if you set
+    #   `InstanceInitiatedShutdownBehavior` to `terminate`, you can
+    #   terminate the instance by running the shutdown command from the
+    #   instance.
     #
     #
     #
@@ -31311,6 +31504,40 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ResetEbsDefaultKmsKeyIdRequest
+    #   data as a hash:
+    #
+    #       {
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetEbsDefaultKmsKeyIdRequest AWS API Documentation
+    #
+    class ResetEbsDefaultKmsKeyIdRequest < Struct.new(
+      :dry_run)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] kms_key_id
+    #   The full ARN of the default CMK that your account uses to encrypt an
+    #   EBS volume when no CMK is specified in the API call that creates the
+    #   volume.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetEbsDefaultKmsKeyIdResult AWS API Documentation
+    #
+    class ResetEbsDefaultKmsKeyIdResult < Struct.new(
+      :kms_key_id)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ResetFpgaImageAttributeRequest
     #   data as a hash:
     #
@@ -32344,9 +32571,8 @@ module Aws::EC2
     #   @return [Array<Types::BlockDeviceMapping>]
     #
     # @!attribute [rw] image_id
-    #   The ID of the AMI, which you can get by calling DescribeImages. An
-    #   AMI ID is required to launch an instance and must be specified here
-    #   or in a launch template.
+    #   The ID of the AMI. An AMI ID is required to launch an instance and
+    #   must be specified here or in a launch template.
     #   @return [String]
     #
     # @!attribute [rw] instance_type
@@ -32526,13 +32752,17 @@ module Aws::EC2
     # @!attribute [rw] disable_api_termination
     #   If you set this parameter to `true`, you can't terminate the
     #   instance using the Amazon EC2 console, CLI, or API; otherwise, you
-    #   can. To change this attribute to `false` after launch, use
-    #   ModifyInstanceAttribute. Alternatively, if you set
+    #   can. To change this attribute after launch, use
+    #   [ModifyInstanceAttribute][1]. Alternatively, if you set
     #   `InstanceInitiatedShutdownBehavior` to `terminate`, you can
     #   terminate the instance by running the shutdown command from the
     #   instance.
     #
     #   Default: `false`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html
     #   @return [Boolean]
     #
     # @!attribute [rw] dry_run

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ec2
 version: !ruby/object:Gem::Version
-  version: 1.86.0
+  version: 1.87.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-22 00:00:00.000000000 Z
+date: 2019-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sigv4