aws-sdk-ec2 1.202.0 → 1.203.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c0c7f397b15d05f32056ebed43dc64146fa34400315dc74437410d43281dd15
-  data.tar.gz: 695eff7e91c8ca3fbcf28fdce730661d17d8a80f192d6388152059851f47aabb
+  metadata.gz: 6036add83ebf9c38c44918cebd5ebbd55c1f343b8636a942424180b75f1b82e1
+  data.tar.gz: e55f72546ec179db10ac6518a52cee4de2a758badb03068881d7868e269e88fa
 SHA512:
-  metadata.gz: 210d412e6a6dcfed7bd48a080e655558246afb657de1d925776fd3e3ca4714355bb1c95448deeb1b30e06772374746c46b7cefe65af65b639046c430a97e2811
-  data.tar.gz: e1136e00572f92a8328d621a0cb51e3b6f4921e9ee1cc6a4b4f3a2d9effbabba88a7dda8f4a04ec9fd1717e15b665428af0a5c1a9e71ebbfb95322aeaf8d0ce0
+  metadata.gz: f3f01b624f73a5455c46b8cbacd6e1e69ac362185a229a6b7fc431f845513addc1dcf6ec1f3406e11b2dee7ff4a24e052fde1bf3a9a5a066b1ae6569f29270b1
+  data.tar.gz: 3d1a613a3f06b0d17d92c3724f752daf66397b64bca53765c072e934b17f4b661172fd9be9a8463fa44837c96241bb10d1e65e8fcaaf3ca56704a15a0942b269

data/lib/aws-sdk-ec2.rb

@@ -72,6 +72,6 @@ require_relative 'aws-sdk-ec2/customizations'
 # @!group service
 module Aws::EC2
 
-  GEM_VERSION = '1.202.0'
+  GEM_VERSION = '1.203.0'
 
 end

data/lib/aws-sdk-ec2/client.rb

@@ -1401,6 +1401,74 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Associates an AWS Identity and Access Management (IAM) role with an
+    # AWS Certificate Manager (ACM) certificate. This enables the
+    # certificate to be used by the ACM for Nitro Enclaves application
+    # inside an enclave. For more information, see [AWS Certificate Manager
+    # for Nitro Enclaves][1] in the *Amazon Elastic Compute Cloud User
+    # Guide*.
+    #
+    # When the IAM role is associated with the ACM certificate, places the
+    # certificate, certificate chain, and encrypted private key in an Amazon
+    # S3 bucket that only the associated IAM role can access. The private
+    # key of the certificate is encrypted with an AWS-managed KMS key that
+    # has an attached attestation-based key policy.
+    #
+    # To enable the IAM role to access the Amazon S3 object, you must grant
+    # it permission to call `s3:GetObject` on the Amazon S3 bucket returned
+    # by the command. To enable the IAM role to access the AWS KMS key, you
+    # must grant it permission to call `kms:Decrypt` on AWS KMS key returned
+    # by the command. For more information, see [ Grant the role permission
+    # to access the certificate and encryption key][2] in the *Amazon
+    # Elastic Compute Cloud User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html
+    # [2]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy
+    #
+    # @option params [String] :certificate_arn
+    #   The ARN of the ACM certificate with which to associate the IAM role.
+    #
+    # @option params [String] :role_arn
+    #   The ARN of the IAM role to associate with the ACM certificate. You can
+    #   associate up to 16 IAM roles with an ACM certificate.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::AssociateEnclaveCertificateIamRoleResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssociateEnclaveCertificateIamRoleResult#certificate_s3_bucket_name #certificate_s3_bucket_name} => String
+    #   * {Types::AssociateEnclaveCertificateIamRoleResult#certificate_s3_object_key #certificate_s3_object_key} => String
+    #   * {Types::AssociateEnclaveCertificateIamRoleResult#encryption_kms_key_id #encryption_kms_key_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.associate_enclave_certificate_iam_role({
+    #     certificate_arn: "ResourceArn",
+    #     role_arn: "ResourceArn",
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.certificate_s3_bucket_name #=> String
+    #   resp.certificate_s3_object_key #=> String
+    #   resp.encryption_kms_key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateEnclaveCertificateIamRole AWS API Documentation
+    #
+    # @overload associate_enclave_certificate_iam_role(params = {})
+    # @param [Hash] params ({})
+    def associate_enclave_certificate_iam_role(params = {}, options = {})
+      req = build_request(:associate_enclave_certificate_iam_role, params)
+      req.send_request(options)
+    end
+
     # Associates an IAM instance profile with a running or stopped instance.
     # You cannot associate more than one IAM instance profile with an
     # instance.
@@ -5625,6 +5693,9 @@ module Aws::EC2
     #         http_put_response_hop_limit: 1,
     #         http_endpoint: "disabled", # accepts disabled, enabled
     #       },
+    #       enclave_options: {
+    #         enabled: false,
+    #       },
     #     },
     #     tag_specifications: [
     #       {
@@ -5906,6 +5977,9 @@ module Aws::EC2
     #         http_put_response_hop_limit: 1,
     #         http_endpoint: "disabled", # accepts disabled, enabled
     #       },
+    #       enclave_options: {
+    #         enabled: false,
+    #       },
     #     },
     #   })
     #
@@ -6001,6 +6075,7 @@ module Aws::EC2
     #   resp.launch_template_version.launch_template_data.metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.launch_template_version.launch_template_data.metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.launch_template_version.launch_template_data.metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.launch_template_version.launch_template_data.enclave_options.enabled #=> Boolean
     #   resp.warning.errors #=> Array
     #   resp.warning.errors[0].code #=> String
     #   resp.warning.errors[0].message #=> String
@@ -16449,6 +16524,7 @@ module Aws::EC2
     #   * {Types::InstanceAttribute#block_device_mappings #block_device_mappings} => Array<Types::InstanceBlockDeviceMapping>
     #   * {Types::InstanceAttribute#disable_api_termination #disable_api_termination} => Types::AttributeBooleanValue
     #   * {Types::InstanceAttribute#ena_support #ena_support} => Types::AttributeBooleanValue
+    #   * {Types::InstanceAttribute#enclave_options #enclave_options} => Types::EnclaveOptions
     #   * {Types::InstanceAttribute#ebs_optimized #ebs_optimized} => Types::AttributeBooleanValue
     #   * {Types::InstanceAttribute#instance_id #instance_id} => String
     #   * {Types::InstanceAttribute#instance_initiated_shutdown_behavior #instance_initiated_shutdown_behavior} => Types::AttributeValue
@@ -16533,7 +16609,7 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_instance_attribute({
-    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     dry_run: false,
     #     instance_id: "InstanceId", # required
     #   })
@@ -16551,6 +16627,7 @@ module Aws::EC2
     #   resp.block_device_mappings[0].ebs.volume_id #=> String
     #   resp.disable_api_termination.value #=> Boolean
     #   resp.ena_support.value #=> Boolean
+    #   resp.enclave_options.enabled #=> Boolean
     #   resp.ebs_optimized.value #=> Boolean
     #   resp.instance_id #=> String
     #   resp.instance_initiated_shutdown_behavior #=> <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
@@ -17779,6 +17856,7 @@ module Aws::EC2
     #   resp.reservations[0].instances[0].metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.reservations[0].instances[0].metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.reservations[0].instances[0].metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.reservations[0].instances[0].enclave_options.enabled #=> Boolean
     #   resp.reservations[0].owner_id #=> String
     #   resp.reservations[0].requester_id #=> String
     #   resp.reservations[0].reservation_id #=> String
@@ -18358,6 +18436,7 @@ module Aws::EC2
     #   resp.launch_template_versions[0].launch_template_data.metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.launch_template_versions[0].launch_template_data.metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.launch_template_versions[0].launch_template_data.metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.launch_template_versions[0].launch_template_data.enclave_options.enabled #=> Boolean
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLaunchTemplateVersions AWS API Documentation
@@ -26818,6 +26897,52 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Disassociates an IAM role from an AWS Certificate Manager (ACM)
+    # certificate. Disassociating an IAM role from an ACM certificate
+    # removes the Amazon S3 object that contains the certificate,
+    # certificate chain, and encrypted private key from the Amazon S3
+    # bucket. It also revokes the IAM role's permission to use the AWS Key
+    # Management Service (KMS) key used to encrypt the private key. This
+    # effectively revokes the role's permission to use the certificate.
+    #
+    # @option params [String] :certificate_arn
+    #   The ARN of the ACM certificate from which to disassociate the IAM
+    #   role.
+    #
+    # @option params [String] :role_arn
+    #   The ARN of the IAM role to disassociate.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::DisassociateEnclaveCertificateIamRoleResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DisassociateEnclaveCertificateIamRoleResult#return #return} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disassociate_enclave_certificate_iam_role({
+    #     certificate_arn: "ResourceArn",
+    #     role_arn: "ResourceArn",
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.return #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateEnclaveCertificateIamRole AWS API Documentation
+    #
+    # @overload disassociate_enclave_certificate_iam_role(params = {})
+    # @param [Hash] params ({})
+    def disassociate_enclave_certificate_iam_role(params = {}, options = {})
+      req = build_request(:disassociate_enclave_certificate_iam_role, params)
+      req.send_request(options)
+    end
+
     # Disassociates an IAM instance profile from a running or stopped
     # instance.
     #
@@ -27712,6 +27837,51 @@ module Aws::EC2
       req.send_request(options)
     end
 
+    # Returns the IAM roles that are associated with the specified AWS
+    # Certificate Manager (ACM) certificate. It also returns the name of the
+    # Amazon S3 bucket and the Amazon S3 object key where the certificate,
+    # certificate chain, and encrypted private key bundle are stored, and
+    # the ARN of the AWS Key Management Service (KMS) key that's used to
+    # encrypt the private key.
+    #
+    # @option params [String] :certificate_arn
+    #   The ARN of the ACM certificate for which to view the associated IAM
+    #   roles, encryption keys, and Amazon S3 object information.
+    #
+    # @option params [Boolean] :dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #
+    # @return [Types::GetAssociatedEnclaveCertificateIamRolesResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetAssociatedEnclaveCertificateIamRolesResult#associated_roles #associated_roles} => Array&lt;Types::AssociatedRole&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_associated_enclave_certificate_iam_roles({
+    #     certificate_arn: "ResourceArn",
+    #     dry_run: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.associated_roles #=> Array
+    #   resp.associated_roles[0].associated_role_arn #=> String
+    #   resp.associated_roles[0].certificate_s3_bucket_name #=> String
+    #   resp.associated_roles[0].certificate_s3_object_key #=> String
+    #   resp.associated_roles[0].encryption_kms_key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAssociatedEnclaveCertificateIamRoles AWS API Documentation
+    #
+    # @overload get_associated_enclave_certificate_iam_roles(params = {})
+    # @param [Hash] params ({})
+    def get_associated_enclave_certificate_iam_roles(params = {}, options = {})
+      req = build_request(:get_associated_enclave_certificate_iam_roles, params)
+      req.send_request(options)
+    end
+
     # Gets information about the IPv6 CIDR block associations for a
     # specified IPv6 address pool.
     #
@@ -28448,6 +28618,7 @@ module Aws::EC2
     #   resp.launch_template_data.metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.launch_template_data.metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.launch_template_data.metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.launch_template_data.enclave_options.enabled #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetLaunchTemplateData AWS API Documentation
     #
@@ -30895,7 +31066,7 @@ module Aws::EC2
     #     source_dest_check: {
     #       value: false,
     #     },
-    #     attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     block_device_mappings: [
     #       {
     #         device_name: "String",
@@ -36238,7 +36409,7 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   resp = client.reset_instance_attribute({
-    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     dry_run: false,
     #     instance_id: "InstanceId", # required
     #   })
@@ -37193,6 +37364,9 @@ module Aws::EC2
     #   information, see [Hibernate your instance][1] in the *Amazon Elastic
     #   Compute Cloud User Guide*.
     #
+    #   You can't enable hibernation and AWS Nitro Enclaves on the same
+    #   instance.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html
@@ -37208,6 +37382,21 @@ module Aws::EC2
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
     #
+    # @option params [Types::EnclaveOptionsRequest] :enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    #   more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves requirements,
+    #   see [ AWS Nitro Enclaves][2] in the *Amazon Elastic Compute Cloud User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
+    #
     # @return [Types::Reservation] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::Reservation#groups #groups} => Array&lt;Types::GroupIdentifier&gt;
@@ -37408,6 +37597,9 @@ module Aws::EC2
     #       http_put_response_hop_limit: 1,
     #       http_endpoint: "disabled", # accepts disabled, enabled
     #     },
+    #     enclave_options: {
+    #       enabled: false,
+    #     },
     #   })
     #
     # @example Response structure
@@ -37532,6 +37724,7 @@ module Aws::EC2
     #   resp.instances[0].metadata_options.http_tokens #=> String, one of "optional", "required"
     #   resp.instances[0].metadata_options.http_put_response_hop_limit #=> Integer
     #   resp.instances[0].metadata_options.http_endpoint #=> String, one of "disabled", "enabled"
+    #   resp.instances[0].enclave_options.enabled #=> Boolean
     #   resp.owner_id #=> String
     #   resp.requester_id #=> String
     #   resp.reservation_id #=> String
@@ -38901,7 +39094,7 @@ module Aws::EC2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ec2'
-      context[:gem_version] = '1.202.0'
+      context[:gem_version] = '1.203.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ec2/client_api.rb

@@ -66,6 +66,8 @@ module Aws::EC2
     AssociateClientVpnTargetNetworkRequest = Shapes::StructureShape.new(name: 'AssociateClientVpnTargetNetworkRequest')
     AssociateClientVpnTargetNetworkResult = Shapes::StructureShape.new(name: 'AssociateClientVpnTargetNetworkResult')
     AssociateDhcpOptionsRequest = Shapes::StructureShape.new(name: 'AssociateDhcpOptionsRequest')
+    AssociateEnclaveCertificateIamRoleRequest = Shapes::StructureShape.new(name: 'AssociateEnclaveCertificateIamRoleRequest')
+    AssociateEnclaveCertificateIamRoleResult = Shapes::StructureShape.new(name: 'AssociateEnclaveCertificateIamRoleResult')
     AssociateIamInstanceProfileRequest = Shapes::StructureShape.new(name: 'AssociateIamInstanceProfileRequest')
     AssociateIamInstanceProfileResult = Shapes::StructureShape.new(name: 'AssociateIamInstanceProfileResult')
     AssociateRouteTableRequest = Shapes::StructureShape.new(name: 'AssociateRouteTableRequest')
@@ -79,6 +81,8 @@ module Aws::EC2
     AssociateVpcCidrBlockRequest = Shapes::StructureShape.new(name: 'AssociateVpcCidrBlockRequest')
     AssociateVpcCidrBlockResult = Shapes::StructureShape.new(name: 'AssociateVpcCidrBlockResult')
     AssociatedNetworkType = Shapes::StringShape.new(name: 'AssociatedNetworkType')
+    AssociatedRole = Shapes::StructureShape.new(name: 'AssociatedRole')
+    AssociatedRolesList = Shapes::ListShape.new(name: 'AssociatedRolesList')
     AssociatedTargetNetwork = Shapes::StructureShape.new(name: 'AssociatedTargetNetwork')
     AssociatedTargetNetworkSet = Shapes::ListShape.new(name: 'AssociatedTargetNetworkSet')
     AssociationIdList = Shapes::ListShape.new(name: 'AssociationIdList')
@@ -796,6 +800,8 @@ module Aws::EC2
     DisassociateAddressRequest = Shapes::StructureShape.new(name: 'DisassociateAddressRequest')
     DisassociateClientVpnTargetNetworkRequest = Shapes::StructureShape.new(name: 'DisassociateClientVpnTargetNetworkRequest')
     DisassociateClientVpnTargetNetworkResult = Shapes::StructureShape.new(name: 'DisassociateClientVpnTargetNetworkResult')
+    DisassociateEnclaveCertificateIamRoleRequest = Shapes::StructureShape.new(name: 'DisassociateEnclaveCertificateIamRoleRequest')
+    DisassociateEnclaveCertificateIamRoleResult = Shapes::StructureShape.new(name: 'DisassociateEnclaveCertificateIamRoleResult')
     DisassociateIamInstanceProfileRequest = Shapes::StructureShape.new(name: 'DisassociateIamInstanceProfileRequest')
     DisassociateIamInstanceProfileResult = Shapes::StructureShape.new(name: 'DisassociateIamInstanceProfileResult')
     DisassociateRouteTableRequest = Shapes::StructureShape.new(name: 'DisassociateRouteTableRequest')
@@ -878,6 +884,8 @@ module Aws::EC2
     EnableVpcClassicLinkDnsSupportResult = Shapes::StructureShape.new(name: 'EnableVpcClassicLinkDnsSupportResult')
     EnableVpcClassicLinkRequest = Shapes::StructureShape.new(name: 'EnableVpcClassicLinkRequest')
     EnableVpcClassicLinkResult = Shapes::StructureShape.new(name: 'EnableVpcClassicLinkResult')
+    EnclaveOptions = Shapes::StructureShape.new(name: 'EnclaveOptions')
+    EnclaveOptionsRequest = Shapes::StructureShape.new(name: 'EnclaveOptionsRequest')
     EndDateType = Shapes::StringShape.new(name: 'EndDateType')
     EndpointSet = Shapes::ListShape.new(name: 'EndpointSet')
     EphemeralNvmeSupport = Shapes::StringShape.new(name: 'EphemeralNvmeSupport')
@@ -963,6 +971,8 @@ module Aws::EC2
     FpgaInfo = Shapes::StructureShape.new(name: 'FpgaInfo')
     FreeTierEligibleFlag = Shapes::BooleanShape.new(name: 'FreeTierEligibleFlag')
     GatewayType = Shapes::StringShape.new(name: 'GatewayType')
+    GetAssociatedEnclaveCertificateIamRolesRequest = Shapes::StructureShape.new(name: 'GetAssociatedEnclaveCertificateIamRolesRequest')
+    GetAssociatedEnclaveCertificateIamRolesResult = Shapes::StructureShape.new(name: 'GetAssociatedEnclaveCertificateIamRolesResult')
     GetAssociatedIpv6PoolCidrsRequest = Shapes::StructureShape.new(name: 'GetAssociatedIpv6PoolCidrsRequest')
     GetAssociatedIpv6PoolCidrsResult = Shapes::StructureShape.new(name: 'GetAssociatedIpv6PoolCidrsResult')
     GetCapacityReservationUsageRequest = Shapes::StructureShape.new(name: 'GetCapacityReservationUsageRequest')
@@ -1235,6 +1245,8 @@ module Aws::EC2
     LaunchTemplateElasticInferenceAcceleratorList = Shapes::ListShape.new(name: 'LaunchTemplateElasticInferenceAcceleratorList')
     LaunchTemplateElasticInferenceAcceleratorResponse = Shapes::StructureShape.new(name: 'LaunchTemplateElasticInferenceAcceleratorResponse')
     LaunchTemplateElasticInferenceAcceleratorResponseList = Shapes::ListShape.new(name: 'LaunchTemplateElasticInferenceAcceleratorResponseList')
+    LaunchTemplateEnclaveOptions = Shapes::StructureShape.new(name: 'LaunchTemplateEnclaveOptions')
+    LaunchTemplateEnclaveOptionsRequest = Shapes::StructureShape.new(name: 'LaunchTemplateEnclaveOptionsRequest')
     LaunchTemplateErrorCode = Shapes::StringShape.new(name: 'LaunchTemplateErrorCode')
     LaunchTemplateHibernationOptions = Shapes::StructureShape.new(name: 'LaunchTemplateHibernationOptions')
     LaunchTemplateHibernationOptionsRequest = Shapes::StructureShape.new(name: 'LaunchTemplateHibernationOptionsRequest')
@@ -2289,6 +2301,16 @@ module Aws::EC2
     AssociateDhcpOptionsRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "dryRun"))
     AssociateDhcpOptionsRequest.struct_class = Types::AssociateDhcpOptionsRequest
 
+    AssociateEnclaveCertificateIamRoleRequest.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "CertificateArn"))
+    AssociateEnclaveCertificateIamRoleRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "RoleArn"))
+    AssociateEnclaveCertificateIamRoleRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    AssociateEnclaveCertificateIamRoleRequest.struct_class = Types::AssociateEnclaveCertificateIamRoleRequest
+
+    AssociateEnclaveCertificateIamRoleResult.add_member(:certificate_s3_bucket_name, Shapes::ShapeRef.new(shape: String, location_name: "certificateS3BucketName"))
+    AssociateEnclaveCertificateIamRoleResult.add_member(:certificate_s3_object_key, Shapes::ShapeRef.new(shape: String, location_name: "certificateS3ObjectKey"))
+    AssociateEnclaveCertificateIamRoleResult.add_member(:encryption_kms_key_id, Shapes::ShapeRef.new(shape: String, location_name: "encryptionKmsKeyId"))
+    AssociateEnclaveCertificateIamRoleResult.struct_class = Types::AssociateEnclaveCertificateIamRoleResult
+
     AssociateIamInstanceProfileRequest.add_member(:iam_instance_profile, Shapes::ShapeRef.new(shape: IamInstanceProfileSpecification, required: true, location_name: "IamInstanceProfile"))
     AssociateIamInstanceProfileRequest.add_member(:instance_id, Shapes::ShapeRef.new(shape: InstanceId, required: true, location_name: "InstanceId"))
     AssociateIamInstanceProfileRequest.struct_class = Types::AssociateIamInstanceProfileRequest
@@ -2344,6 +2366,14 @@ module Aws::EC2
     AssociateVpcCidrBlockResult.add_member(:vpc_id, Shapes::ShapeRef.new(shape: String, location_name: "vpcId"))
     AssociateVpcCidrBlockResult.struct_class = Types::AssociateVpcCidrBlockResult
 
+    AssociatedRole.add_member(:associated_role_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "associatedRoleArn"))
+    AssociatedRole.add_member(:certificate_s3_bucket_name, Shapes::ShapeRef.new(shape: String, location_name: "certificateS3BucketName"))
+    AssociatedRole.add_member(:certificate_s3_object_key, Shapes::ShapeRef.new(shape: String, location_name: "certificateS3ObjectKey"))
+    AssociatedRole.add_member(:encryption_kms_key_id, Shapes::ShapeRef.new(shape: String, location_name: "encryptionKmsKeyId"))
+    AssociatedRole.struct_class = Types::AssociatedRole
+
+    AssociatedRolesList.member = Shapes::ShapeRef.new(shape: AssociatedRole, location_name: "item")
+
     AssociatedTargetNetwork.add_member(:network_id, Shapes::ShapeRef.new(shape: String, location_name: "networkId"))
     AssociatedTargetNetwork.add_member(:network_type, Shapes::ShapeRef.new(shape: AssociatedNetworkType, location_name: "networkType"))
     AssociatedTargetNetwork.struct_class = Types::AssociatedTargetNetwork
@@ -5347,6 +5377,14 @@ module Aws::EC2
     DisassociateClientVpnTargetNetworkResult.add_member(:status, Shapes::ShapeRef.new(shape: AssociationStatus, location_name: "status"))
     DisassociateClientVpnTargetNetworkResult.struct_class = Types::DisassociateClientVpnTargetNetworkResult
 
+    DisassociateEnclaveCertificateIamRoleRequest.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "CertificateArn"))
+    DisassociateEnclaveCertificateIamRoleRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "RoleArn"))
+    DisassociateEnclaveCertificateIamRoleRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    DisassociateEnclaveCertificateIamRoleRequest.struct_class = Types::DisassociateEnclaveCertificateIamRoleRequest
+
+    DisassociateEnclaveCertificateIamRoleResult.add_member(:return, Shapes::ShapeRef.new(shape: Boolean, location_name: "return"))
+    DisassociateEnclaveCertificateIamRoleResult.struct_class = Types::DisassociateEnclaveCertificateIamRoleResult
+
     DisassociateIamInstanceProfileRequest.add_member(:association_id, Shapes::ShapeRef.new(shape: IamInstanceProfileAssociationId, required: true, location_name: "AssociationId"))
     DisassociateIamInstanceProfileRequest.struct_class = Types::DisassociateIamInstanceProfileRequest
 
@@ -5596,6 +5634,12 @@ module Aws::EC2
     EnableVpcClassicLinkResult.add_member(:return, Shapes::ShapeRef.new(shape: Boolean, location_name: "return"))
     EnableVpcClassicLinkResult.struct_class = Types::EnableVpcClassicLinkResult
 
+    EnclaveOptions.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "enabled"))
+    EnclaveOptions.struct_class = Types::EnclaveOptions
+
+    EnclaveOptionsRequest.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enabled"))
+    EnclaveOptionsRequest.struct_class = Types::EnclaveOptionsRequest
+
     EndpointSet.member = Shapes::ShapeRef.new(shape: ClientVpnEndpoint, location_name: "item")
 
     ErrorSet.member = Shapes::ShapeRef.new(shape: ValidationError, location_name: "item")
@@ -5857,6 +5901,13 @@ module Aws::EC2
     FpgaInfo.add_member(:total_fpga_memory_in_mi_b, Shapes::ShapeRef.new(shape: totalFpgaMemory, location_name: "totalFpgaMemoryInMiB"))
     FpgaInfo.struct_class = Types::FpgaInfo
 
+    GetAssociatedEnclaveCertificateIamRolesRequest.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "CertificateArn"))
+    GetAssociatedEnclaveCertificateIamRolesRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    GetAssociatedEnclaveCertificateIamRolesRequest.struct_class = Types::GetAssociatedEnclaveCertificateIamRolesRequest
+
+    GetAssociatedEnclaveCertificateIamRolesResult.add_member(:associated_roles, Shapes::ShapeRef.new(shape: AssociatedRolesList, location_name: "associatedRoleSet"))
+    GetAssociatedEnclaveCertificateIamRolesResult.struct_class = Types::GetAssociatedEnclaveCertificateIamRolesResult
+
     GetAssociatedIpv6PoolCidrsRequest.add_member(:pool_id, Shapes::ShapeRef.new(shape: Ipv6PoolEc2Id, required: true, location_name: "PoolId"))
     GetAssociatedIpv6PoolCidrsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     GetAssociatedIpv6PoolCidrsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: Ipv6PoolMaxResults, location_name: "MaxResults"))
@@ -6490,12 +6541,14 @@ module Aws::EC2
     Instance.add_member(:hibernation_options, Shapes::ShapeRef.new(shape: HibernationOptions, location_name: "hibernationOptions"))
     Instance.add_member(:licenses, Shapes::ShapeRef.new(shape: LicenseList, location_name: "licenseSet"))
     Instance.add_member(:metadata_options, Shapes::ShapeRef.new(shape: InstanceMetadataOptionsResponse, location_name: "metadataOptions"))
+    Instance.add_member(:enclave_options, Shapes::ShapeRef.new(shape: EnclaveOptions, location_name: "enclaveOptions"))
     Instance.struct_class = Types::Instance
 
     InstanceAttribute.add_member(:groups, Shapes::ShapeRef.new(shape: GroupIdentifierList, location_name: "groupSet"))
     InstanceAttribute.add_member(:block_device_mappings, Shapes::ShapeRef.new(shape: InstanceBlockDeviceMappingList, location_name: "blockDeviceMapping"))
     InstanceAttribute.add_member(:disable_api_termination, Shapes::ShapeRef.new(shape: AttributeBooleanValue, location_name: "disableApiTermination"))
     InstanceAttribute.add_member(:ena_support, Shapes::ShapeRef.new(shape: AttributeBooleanValue, location_name: "enaSupport"))
+    InstanceAttribute.add_member(:enclave_options, Shapes::ShapeRef.new(shape: EnclaveOptions, location_name: "enclaveOptions"))
     InstanceAttribute.add_member(:ebs_optimized, Shapes::ShapeRef.new(shape: AttributeBooleanValue, location_name: "ebsOptimized"))
     InstanceAttribute.add_member(:instance_id, Shapes::ShapeRef.new(shape: String, location_name: "instanceId"))
     InstanceAttribute.add_member(:instance_initiated_shutdown_behavior, Shapes::ShapeRef.new(shape: AttributeValue, location_name: "instanceInitiatedShutdownBehavior"))
@@ -6949,6 +7002,12 @@ module Aws::EC2
 
     LaunchTemplateElasticInferenceAcceleratorResponseList.member = Shapes::ShapeRef.new(shape: LaunchTemplateElasticInferenceAcceleratorResponse, location_name: "item")
 
+    LaunchTemplateEnclaveOptions.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "enabled"))
+    LaunchTemplateEnclaveOptions.struct_class = Types::LaunchTemplateEnclaveOptions
+
+    LaunchTemplateEnclaveOptionsRequest.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enabled"))
+    LaunchTemplateEnclaveOptionsRequest.struct_class = Types::LaunchTemplateEnclaveOptionsRequest
+
     LaunchTemplateHibernationOptions.add_member(:configured, Shapes::ShapeRef.new(shape: Boolean, location_name: "configured"))
     LaunchTemplateHibernationOptions.struct_class = Types::LaunchTemplateHibernationOptions
 
@@ -8434,6 +8493,7 @@ module Aws::EC2
     RequestLaunchTemplateData.add_member(:license_specifications, Shapes::ShapeRef.new(shape: LaunchTemplateLicenseSpecificationListRequest, location_name: "LicenseSpecification"))
     RequestLaunchTemplateData.add_member(:hibernation_options, Shapes::ShapeRef.new(shape: LaunchTemplateHibernationOptionsRequest, location_name: "HibernationOptions"))
     RequestLaunchTemplateData.add_member(:metadata_options, Shapes::ShapeRef.new(shape: LaunchTemplateInstanceMetadataOptionsRequest, location_name: "MetadataOptions"))
+    RequestLaunchTemplateData.add_member(:enclave_options, Shapes::ShapeRef.new(shape: LaunchTemplateEnclaveOptionsRequest, location_name: "EnclaveOptions"))
     RequestLaunchTemplateData.struct_class = Types::RequestLaunchTemplateData
 
     RequestSpotFleetRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "dryRun"))
@@ -8675,6 +8735,7 @@ module Aws::EC2
     ResponseLaunchTemplateData.add_member(:license_specifications, Shapes::ShapeRef.new(shape: LaunchTemplateLicenseList, location_name: "licenseSet"))
     ResponseLaunchTemplateData.add_member(:hibernation_options, Shapes::ShapeRef.new(shape: LaunchTemplateHibernationOptions, location_name: "hibernationOptions"))
     ResponseLaunchTemplateData.add_member(:metadata_options, Shapes::ShapeRef.new(shape: LaunchTemplateInstanceMetadataOptions, location_name: "metadataOptions"))
+    ResponseLaunchTemplateData.add_member(:enclave_options, Shapes::ShapeRef.new(shape: LaunchTemplateEnclaveOptions, location_name: "enclaveOptions"))
     ResponseLaunchTemplateData.struct_class = Types::ResponseLaunchTemplateData
 
     RestorableByStringList.member = Shapes::ShapeRef.new(shape: String)
@@ -8824,6 +8885,7 @@ module Aws::EC2
     RunInstancesRequest.add_member(:hibernation_options, Shapes::ShapeRef.new(shape: HibernationOptionsRequest, location_name: "HibernationOptions"))
     RunInstancesRequest.add_member(:license_specifications, Shapes::ShapeRef.new(shape: LicenseSpecificationListRequest, location_name: "LicenseSpecification"))
     RunInstancesRequest.add_member(:metadata_options, Shapes::ShapeRef.new(shape: InstanceMetadataOptionsRequest, location_name: "MetadataOptions"))
+    RunInstancesRequest.add_member(:enclave_options, Shapes::ShapeRef.new(shape: EnclaveOptionsRequest, location_name: "EnclaveOptions"))
     RunInstancesRequest.struct_class = Types::RunInstancesRequest
 
     RunScheduledInstancesRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location_name: "ClientToken", metadata: {"idempotencyToken"=>true}))
@@ -10361,6 +10423,14 @@ module Aws::EC2
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
       end)
 
+      api.add_operation(:associate_enclave_certificate_iam_role, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "AssociateEnclaveCertificateIamRole"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: AssociateEnclaveCertificateIamRoleRequest)
+        o.output = Shapes::ShapeRef.new(shape: AssociateEnclaveCertificateIamRoleResult)
+      end)
+
       api.add_operation(:associate_iam_instance_profile, Seahorse::Model::Operation.new.tap do |o|
         o.name = "AssociateIamInstanceProfile"
         o.http_method = "POST"
@@ -12968,6 +13038,14 @@ module Aws::EC2
         o.output = Shapes::ShapeRef.new(shape: DisassociateClientVpnTargetNetworkResult)
       end)
 
+      api.add_operation(:disassociate_enclave_certificate_iam_role, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DisassociateEnclaveCertificateIamRole"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DisassociateEnclaveCertificateIamRoleRequest)
+        o.output = Shapes::ShapeRef.new(shape: DisassociateEnclaveCertificateIamRoleResult)
+      end)
+
       api.add_operation(:disassociate_iam_instance_profile, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DisassociateIamInstanceProfile"
         o.http_method = "POST"
@@ -13104,6 +13182,14 @@ module Aws::EC2
         o.output = Shapes::ShapeRef.new(shape: ExportTransitGatewayRoutesResult)
       end)
 
+      api.add_operation(:get_associated_enclave_certificate_iam_roles, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetAssociatedEnclaveCertificateIamRoles"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetAssociatedEnclaveCertificateIamRolesRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetAssociatedEnclaveCertificateIamRolesResult)
+      end)
+
       api.add_operation(:get_associated_ipv_6_pool_cidrs, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetAssociatedIpv6PoolCidrs"
         o.http_method = "POST"

data/lib/aws-sdk-ec2/instance.rb

@@ -340,6 +340,12 @@ module Aws::EC2
       data[:metadata_options]
     end
 
+    # Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    # @return [Types::EnclaveOptions]
+    def enclave_options
+      data[:enclave_options]
+    end
+
     # @!endgroup
 
     # @return [Client]
@@ -774,7 +780,7 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   instance.describe_attribute({
-    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     dry_run: false,
     #   })
     # @param [Hash] options ({})
@@ -855,7 +861,7 @@ module Aws::EC2
     #     source_dest_check: {
     #       value: false,
     #     },
-    #     attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     block_device_mappings: [
     #       {
     #         device_name: "String",
@@ -1103,7 +1109,7 @@ module Aws::EC2
     # @example Request syntax with placeholder values
     #
     #   instance.reset_attribute({
-    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #     attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #     dry_run: false,
     #   })
     # @param [Hash] options ({})

data/lib/aws-sdk-ec2/resource.rb

@@ -228,6 +228,9 @@ module Aws::EC2
     #       http_put_response_hop_limit: 1,
     #       http_endpoint: "disabled", # accepts disabled, enabled
     #     },
+    #     enclave_options: {
+    #       enabled: false,
+    #     },
     #   })
     # @param [Hash] options ({})
     # @option options [Array<Types::BlockDeviceMapping>] :block_device_mappings
@@ -500,6 +503,9 @@ module Aws::EC2
     #   information, see [Hibernate your instance][1] in the *Amazon Elastic
     #   Compute Cloud User Guide*.
     #
+    #   You can't enable hibernation and AWS Nitro Enclaves on the same
+    #   instance.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html
@@ -512,6 +518,20 @@ module Aws::EC2
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
+    # @option options [Types::EnclaveOptionsRequest] :enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    #   more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves requirements,
+    #   see [ AWS Nitro Enclaves][2] in the *Amazon Elastic Compute Cloud User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
     # @return [Instance::Collection]
     def create_instances(options = {})
       batch = []

data/lib/aws-sdk-ec2/subnet.rb

@@ -422,6 +422,9 @@ module Aws::EC2
     #       http_put_response_hop_limit: 1,
     #       http_endpoint: "disabled", # accepts disabled, enabled
     #     },
+    #     enclave_options: {
+    #       enabled: false,
+    #     },
     #   })
     # @param [Hash] options ({})
     # @option options [Array<Types::BlockDeviceMapping>] :block_device_mappings
@@ -689,6 +692,9 @@ module Aws::EC2
     #   information, see [Hibernate your instance][1] in the *Amazon Elastic
     #   Compute Cloud User Guide*.
     #
+    #   You can't enable hibernation and AWS Nitro Enclaves on the same
+    #   instance.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html
@@ -701,6 +707,20 @@ module Aws::EC2
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
+    # @option options [Types::EnclaveOptionsRequest] :enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    #   more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves requirements,
+    #   see [ AWS Nitro Enclaves][2] in the *Amazon Elastic Compute Cloud User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
     # @return [Instance::Collection]
     def create_instances(options = {})
       batch = []

data/lib/aws-sdk-ec2/types.rb

@@ -1109,6 +1109,67 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass AssociateEnclaveCertificateIamRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_arn: "ResourceArn",
+    #         role_arn: "ResourceArn",
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] certificate_arn
+    #   The ARN of the ACM certificate with which to associate the IAM role.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The ARN of the IAM role to associate with the ACM certificate. You
+    #   can associate up to 16 IAM roles with an ACM certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateEnclaveCertificateIamRoleRequest AWS API Documentation
+    #
+    class AssociateEnclaveCertificateIamRoleRequest < Struct.new(
+      :certificate_arn,
+      :role_arn,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] certificate_s3_bucket_name
+    #   The name of the Amazon S3 bucket to which the certificate was
+    #   uploaded.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_s3_object_key
+    #   The Amazon S3 object key where the certificate, certificate chain,
+    #   and encrypted private key bundle are stored. The object key is
+    #   formatted as follows: `certificate_arn`/`role_arn`.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_kms_key_id
+    #   The ID of the AWS Key Management Service (KMS) key used to encrypt
+    #   the private key of the certificate.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateEnclaveCertificateIamRoleResult AWS API Documentation
+    #
+    class AssociateEnclaveCertificateIamRoleResult < Struct.new(
+      :certificate_s3_bucket_name,
+      :certificate_s3_object_key,
+      :encryption_kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass AssociateIamInstanceProfileRequest
     #   data as a hash:
     #
@@ -1435,6 +1496,38 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Information about the associated IAM roles.
+    #
+    # @!attribute [rw] associated_role_arn
+    #   The ARN of the associated IAM role.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_s3_bucket_name
+    #   The name of the Amazon S3 bucket in which the Amazon S3 object is
+    #   stored.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_s3_object_key
+    #   The key of the Amazon S3 object ey where the certificate,
+    #   certificate chain, and encrypted private key bundle is stored. The
+    #   object key is formated as follows: `certificate_arn`/`role_arn`.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_kms_key_id
+    #   The ID of the KMS key used to encrypt the private key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociatedRole AWS API Documentation
+    #
+    class AssociatedRole < Struct.new(
+      :associated_role_arn,
+      :certificate_s3_bucket_name,
+      :certificate_s3_object_key,
+      :encryption_kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes a target network that is associated with a Client VPN
     # endpoint. A target network is a subnet in a VPC.
     #
@@ -6536,6 +6629,9 @@ module Aws::EC2
     #             http_put_response_hop_limit: 1,
     #             http_endpoint: "disabled", # accepts disabled, enabled
     #           },
+    #           enclave_options: {
+    #             enabled: false,
+    #           },
     #         },
     #         tag_specifications: [
     #           {
@@ -6758,6 +6854,9 @@ module Aws::EC2
     #             http_put_response_hop_limit: 1,
     #             http_endpoint: "disabled", # accepts disabled, enabled
     #           },
+    #           enclave_options: {
+    #             enabled: false,
+    #           },
     #         },
     #       }
     #
@@ -15812,7 +15911,7 @@ module Aws::EC2
     #   data as a hash:
     #
     #       {
-    #         attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #         attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #         dry_run: false,
     #         instance_id: "InstanceId", # required
     #       }
@@ -23961,6 +24060,54 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DisassociateEnclaveCertificateIamRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_arn: "ResourceArn",
+    #         role_arn: "ResourceArn",
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] certificate_arn
+    #   The ARN of the ACM certificate from which to disassociate the IAM
+    #   role.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The ARN of the IAM role to disassociate.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateEnclaveCertificateIamRoleRequest AWS API Documentation
+    #
+    class DisassociateEnclaveCertificateIamRoleRequest < Struct.new(
+      :certificate_arn,
+      :role_arn,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] return
+    #   Returns `true` if the request succeeds; otherwise, it returns an
+    #   error.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateEnclaveCertificateIamRoleResult AWS API Documentation
+    #
+    class DisassociateEnclaveCertificateIamRoleResult < Struct.new(
+      :return)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DisassociateIamInstanceProfileRequest
     #   data as a hash:
     #
@@ -25315,6 +25462,49 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #
+    # @!attribute [rw] enabled
+    #   If this parameter is set to `true`, the instance is enabled for AWS
+    #   Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnclaveOptions AWS API Documentation
+    #
+    class EnclaveOptions < Struct.new(
+      :enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    # more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    # Compute Cloud User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #
+    # @note When making an API call, you may pass EnclaveOptionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         enabled: false,
+    #       }
+    #
+    # @!attribute [rw] enabled
+    #   To enable the instance for AWS Nitro Enclaves, set this parameter to
+    #   `true`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnclaveOptionsRequest AWS API Documentation
+    #
+    class EnclaveOptionsRequest < Struct.new(
+      :enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes an EC2 Fleet or Spot Fleet event.
     #
     # @!attribute [rw] event_description
@@ -26802,6 +26992,47 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetAssociatedEnclaveCertificateIamRolesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_arn: "ResourceArn",
+    #         dry_run: false,
+    #       }
+    #
+    # @!attribute [rw] certificate_arn
+    #   The ARN of the ACM certificate for which to view the associated IAM
+    #   roles, encryption keys, and Amazon S3 object information.
+    #   @return [String]
+    #
+    # @!attribute [rw] dry_run
+    #   Checks whether you have the required permissions for the action,
+    #   without actually making the request, and provides an error response.
+    #   If you have the required permissions, the error response is
+    #   `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAssociatedEnclaveCertificateIamRolesRequest AWS API Documentation
+    #
+    class GetAssociatedEnclaveCertificateIamRolesRequest < Struct.new(
+      :certificate_arn,
+      :dry_run)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] associated_roles
+    #   Information about the associated IAM roles.
+    #   @return [Array<Types::AssociatedRole>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAssociatedEnclaveCertificateIamRolesResult AWS API Documentation
+    #
+    class GetAssociatedEnclaveCertificateIamRolesResult < Struct.new(
+      :associated_roles)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetAssociatedIpv6PoolCidrsRequest
     #   data as a hash:
     #
@@ -30441,6 +30672,10 @@ module Aws::EC2
     #   The metadata options for the instance.
     #   @return [Types::InstanceMetadataOptionsResponse]
     #
+    # @!attribute [rw] enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #   @return [Types::EnclaveOptions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Instance AWS API Documentation
     #
     class Instance < Struct.new(
@@ -30490,7 +30725,8 @@ module Aws::EC2
       :capacity_reservation_specification,
       :hibernation_options,
       :licenses,
-      :metadata_options)
+      :metadata_options,
+      :enclave_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -30514,6 +30750,11 @@ module Aws::EC2
     #   Indicates whether enhanced networking with ENA is enabled.
     #   @return [Types::AttributeBooleanValue]
     #
+    # @!attribute [rw] enclave_options
+    #   To enable the instance for AWS Nitro Enclaves, set this parameter to
+    #   `true`; otherwise, set it to `false`.
+    #   @return [Types::EnclaveOptions]
+    #
     # @!attribute [rw] ebs_optimized
     #   Indicates whether the instance is optimized for Amazon EBS I/O.
     #   @return [Types::AttributeBooleanValue]
@@ -30572,6 +30813,7 @@ module Aws::EC2
       :block_device_mappings,
       :disable_api_termination,
       :ena_support,
+      :enclave_options,
       :ebs_optimized,
       :instance_id,
       :instance_initiated_shutdown_behavior,
@@ -32842,6 +33084,49 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #
+    # @!attribute [rw] enabled
+    #   If this parameter is set to `true`, the instance is enabled for AWS
+    #   Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateEnclaveOptions AWS API Documentation
+    #
+    class LaunchTemplateEnclaveOptions < Struct.new(
+      :enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates whether the instance is enabled for AWS Nitro Enclaves. For
+    # more information, see [ AWS Nitro Enclaves][1] in the *Amazon Elastic
+    # Compute Cloud User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #
+    # @note When making an API call, you may pass LaunchTemplateEnclaveOptionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         enabled: false,
+    #       }
+    #
+    # @!attribute [rw] enabled
+    #   To enable the instance for AWS Nitro Enclaves, set this parameter to
+    #   `true`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateEnclaveOptionsRequest AWS API Documentation
+    #
+    class LaunchTemplateEnclaveOptionsRequest < Struct.new(
+      :enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Indicates whether an instance is configured for hibernation.
     #
     # @!attribute [rw] configured
@@ -35217,7 +35502,7 @@ module Aws::EC2
     #         source_dest_check: {
     #           value: false,
     #         },
-    #         attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #         attribute: "instanceType", # accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #         block_device_mappings: [
     #           {
     #             device_name: "String",
@@ -41553,6 +41838,9 @@ module Aws::EC2
     #           http_put_response_hop_limit: 1,
     #           http_endpoint: "disabled", # accepts disabled, enabled
     #         },
+    #         enclave_options: {
+    #           enabled: false,
+    #         },
     #       }
     #
     # @!attribute [rw] kernel_id
@@ -41759,6 +42047,22 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
     #   @return [Types::LaunchTemplateInstanceMetadataOptionsRequest]
     #
+    # @!attribute [rw] enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #   For more information, see [ AWS Nitro Enclaves][1] in the *Amazon
+    #   Elastic Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves
+    #   requirements, see [ AWS Nitro Enclaves][2] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
+    #   @return [Types::LaunchTemplateEnclaveOptionsRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestLaunchTemplateData AWS API Documentation
     #
     class RequestLaunchTemplateData < Struct.new(
@@ -41787,7 +42091,8 @@ module Aws::EC2
       :capacity_reservation_specification,
       :license_specifications,
       :hibernation_options,
-      :metadata_options)
+      :metadata_options,
+      :enclave_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -43079,7 +43384,7 @@ module Aws::EC2
     #   data as a hash:
     #
     #       {
-    #         attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport
+    #         attribute: "instanceType", # required, accepts instanceType, kernel, ramdisk, userData, disableApiTermination, instanceInitiatedShutdownBehavior, rootDeviceName, blockDeviceMapping, productCodes, sourceDestCheck, groupSet, ebsOptimized, sriovNetSupport, enaSupport, enclaveOptions
     #         dry_run: false,
     #         instance_id: "InstanceId", # required
     #       }
@@ -43332,6 +43637,10 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
     #   @return [Types::LaunchTemplateInstanceMetadataOptions]
     #
+    # @!attribute [rw] enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #   @return [Types::LaunchTemplateEnclaveOptions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResponseLaunchTemplateData AWS API Documentation
     #
     class ResponseLaunchTemplateData < Struct.new(
@@ -43360,7 +43669,8 @@ module Aws::EC2
       :capacity_reservation_specification,
       :license_specifications,
       :hibernation_options,
-      :metadata_options)
+      :metadata_options,
+      :enclave_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -44182,6 +44492,9 @@ module Aws::EC2
     #           http_put_response_hop_limit: 1,
     #           http_endpoint: "disabled", # accepts disabled, enabled
     #         },
+    #         enclave_options: {
+    #           enabled: false,
+    #         },
     #       }
     #
     # @!attribute [rw] block_device_mappings
@@ -44526,6 +44839,9 @@ module Aws::EC2
     #   information, see [Hibernate your instance][1] in the *Amazon Elastic
     #   Compute Cloud User Guide*.
     #
+    #   You can't enable hibernation and AWS Nitro Enclaves on the same
+    #   instance.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html
@@ -44544,6 +44860,22 @@ module Aws::EC2
     #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
     #   @return [Types::InstanceMetadataOptionsRequest]
     #
+    # @!attribute [rw] enclave_options
+    #   Indicates whether the instance is enabled for AWS Nitro Enclaves.
+    #   For more information, see [ AWS Nitro Enclaves][1] in the *Amazon
+    #   Elastic Compute Cloud User Guide*.
+    #
+    #   You can't enable AWS Nitro Enclaves and hibernation on the same
+    #   instance. For more information about AWS Nitro Enclaves
+    #   requirements, see [ AWS Nitro Enclaves][2] in the *Amazon Elastic
+    #   Compute Cloud User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html#nitro-enclave-reqs
+    #   @return [Types::EnclaveOptionsRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RunInstancesRequest AWS API Documentation
     #
     class RunInstancesRequest < Struct.new(
@@ -44582,7 +44914,8 @@ module Aws::EC2
       :capacity_reservation_specification,
       :hibernation_options,
       :license_specifications,
-      :metadata_options)
+      :metadata_options,
+      :enclave_options)
       SENSITIVE = []
       include Aws::Structure
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ec2
 version: !ruby/object:Gem::Version
-  version: 1.202.0
+  version: 1.203.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-21 00:00:00.000000000 Z
+date: 2020-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sigv4