Merge pull request #7967 from bdwyertech/update-aws-sdk

Update aws-sdk-go to v1.22.2
2019-08-12 16:34:28 -07:00 · 2019-08-12 16:34:28 -07:00 · 067cb1475f
parent 2eaa2d7898 ecd118b6c2
commit 067cb1475f
76 changed files with 14982 additions and 2677 deletions
--- a/go.mod
+++ b/go.mod
@ -17,7 +17,7 @@ require (
 	github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6 // indirect
 	github.com/approvals/go-approval-tests v0.0.0-20160714161514-ad96e53bea43
 	github.com/armon/go-radix v1.0.0 // indirect
-	github.com/aws/aws-sdk-go v1.16.24
+	github.com/aws/aws-sdk-go v1.22.2
 	github.com/biogo/hts v0.0.0-20160420073057-50da7d4131a3
 	github.com/c2h5oh/datasize v0.0.0-20171227191756-4eba002a5eae
 	github.com/cheggaaa/pb v1.0.27
--- a/go.sum
+++ b/go.sum
@ -50,6 +50,8 @@ github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3A
 github.com/aws/aws-sdk-go v1.16.22/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.16.24 h1:I/A3Hwbgs3IEAP6v1bFpHKXiT7wZDoToX9cb00nxZnM=
 github.com/aws/aws-sdk-go v1.16.24/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.22.2 h1:uYP58k2Cd9y1qBy8CxTe5ADmdi4kANm8Ul8ch3kkIcQ=
 github.com/aws/aws-sdk-go v1.22.2/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
--- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
@ -138,8 +138,27 @@ type RequestFailure interface {
 	RequestID() string
 }
-// NewRequestFailure returns a new request error wrapper for the given Error
+// NewRequestFailure returns a wrapped error with additional information for
-// provided.
+// request status code, and service requestID.
 //
 // Should be used to wrap all request which involve service requests. Even if
 // the request failed without a service response, but had an HTTP status code
 // that may be meaningful.
 func NewRequestFailure(err Error, statusCode int, reqID string) RequestFailure {
 	return newRequestError(err, statusCode, reqID)
 }
 // UnmarshalError provides the interface for the SDK failing to unmarshal data.
 type UnmarshalError interface {
 	awsError
 	Bytes() []byte
 }
 // NewUnmarshalError returns an initialized UnmarshalError error wrapper adding
 // the bytes that fail to unmarshal to the error.
 func NewUnmarshalError(err error, msg string, bytes []byte) UnmarshalError {
 	return &unmarshalError{
 		awsError: New("UnmarshalError", msg, err),
 		bytes:    bytes,
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
@ -1,6 +1,9 @@
 package awserr
-import "fmt"
+import (
 	"encoding/hex"
 	"fmt"
 )
 // SprintError returns a string of the formatted error code.
 //
@ -119,6 +122,7 @@ type requestError struct {
 	awsError
 	statusCode int
 	requestID  string
 	bytes      []byte
 }
 // newRequestError returns a wrapped error with additional information for
@ -170,6 +174,29 @@ func (r requestError) OrigErrs() []error {
 	return []error{r.OrigErr()}
 }
 type unmarshalError struct {
 	awsError
 	bytes []byte
 }
 // Error returns the string representation of the error.
 // Satisfies the error interface.
 func (e unmarshalError) Error() string {
 	extra := hex.Dump(e.bytes)
 	return SprintError(e.Code(), e.Message(), extra, e.OrigErr())
 }
 // String returns the string representation of the error.
 // Alias for Error to satisfy the stringer interface.
 func (e unmarshalError) String() string {
 	return e.Error()
 }
 // Bytes returns the bytes that failed to unmarshal.
 func (e unmarshalError) Bytes() []byte {
 	return e.bytes
 }
 // An error list that satisfies the golang interface
 type errorList []error
@ -181,7 +208,7 @@ func (e errorList) Error() string {
 	// How do we want to handle the array size being zero
 	if size := len(e); size > 0 {
 		for i := 0; i < size; i++ {
-			msg += fmt.Sprintf("%s", e[i].Error())
+			msg += e[i].Error()
 			// We check the next index to see if it is within the slice.
 			// If it is, then we append a newline. We do this, because unit tests
 			// could be broken with the additional '\n'
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
@ -15,7 +15,7 @@ func DeepEqual(a, b interface{}) bool {
 	rb := reflect.Indirect(reflect.ValueOf(b))
 	if raValid, rbValid := ra.IsValid(), rb.IsValid(); !raValid && !rbValid {
-		// If the elements are both nil, and of the same type the are equal
+		// If the elements are both nil, and of the same type they are equal
 		// If they are of different types they are not equal
 		return reflect.TypeOf(a) == reflect.TypeOf(b)
 	} else if raValid != rbValid {
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
@ -185,13 +185,12 @@ func ValuesAtPath(i interface{}, path string) ([]interface{}, error) {
 // SetValueAtPath sets a value at the case insensitive lexical path inside
 // of a structure.
 func SetValueAtPath(i interface{}, path string, v interface{}) {
-	if rvals := rValuesAtPath(i, path, true, false, v == nil); rvals != nil {
+	rvals := rValuesAtPath(i, path, true, false, v == nil)
-		for _, rval := range rvals {
+	for _, rval := range rvals {
-			if rval.Kind() == reflect.Ptr && rval.IsNil() {
+		if rval.Kind() == reflect.Ptr && rval.IsNil() {
-				continue
+			continue
 			}
 			setValue(rval, v)
 		}
 		setValue(rval, v)
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
@ -67,10 +67,14 @@ func logRequest(r *request.Request) {
 		if !bodySeekable {
 			r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body))
 		}
-		// Reset the request body because dumpRequest will re-wrap the r.HTTPRequest's
+		// Reset the request body because dumpRequest will re-wrap the
-		// Body as a NoOpCloser and will not be reset after read by the HTTP
+		// r.HTTPRequest's Body as a NoOpCloser and will not be reset after
-		// client reader.
+		// read by the HTTP client reader.
-		r.ResetBody()
+		if err := r.Error; err != nil {
 			r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
 				r.ClientInfo.ServiceName, r.Operation.Name, err))
 			return
 		}
 	}
 	r.Config.Logger.Log(fmt.Sprintf(logReqMsg,
@ -118,6 +122,12 @@ var LogHTTPResponseHandler = request.NamedHandler{
 func logResponse(r *request.Request) {
 	lw := &logWriter{r.Config.Logger, bytes.NewBuffer(nil)}
 	if r.HTTPResponse == nil {
 		lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
 			r.ClientInfo.ServiceName, r.Operation.Name, "request's HTTPResponse is nil"))
 		return
 	}
 	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
 	if logBody {
 		r.HTTPResponse.Body = &teeReaderCloser{
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
@ -50,9 +50,10 @@ package credentials
 import (
 	"fmt"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"sync"
 	"time"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 )
 // AnonymousCredentials is an empty Credential object that can be used as
@ -83,6 +84,12 @@ type Value struct {
 	ProviderName string
 }
 // HasKeys returns if the credentials Value has both AccessKeyID and
 // SecretAccessKey value set.
 func (v Value) HasKeys() bool {
 	return len(v.AccessKeyID) != 0 && len(v.SecretAccessKey) != 0
 }
 // A Provider is the interface for any component which will provide credentials
 // Value. A provider is required to manage its own Expired state, and what to
 // be expired means.
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
@ -11,6 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/internal/sdkuri"
 )
@ -142,7 +143,8 @@ func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) {
 	}
 	if err := s.Err(); err != nil {
-		return nil, awserr.New("SerializationError", "failed to read EC2 instance role from metadata service", err)
+		return nil, awserr.New(request.ErrCodeSerialization,
 			"failed to read EC2 instance role from metadata service", err)
 	}
 	return credsList, nil
@ -164,7 +166,7 @@ func requestCred(client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCred
 	respCreds := ec2RoleCredRespBody{}
 	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil {
 		return ec2RoleCredRespBody{},
-			awserr.New("SerializationError",
+			awserr.New(request.ErrCodeSerialization,
 				fmt.Sprintf("failed to decode %s EC2 instance role credentials", credsName),
 				err)
 	}
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
@ -39,6 +39,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/client/metadata"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
 )
 // ProviderName is the name of the credentials provider.
@ -174,7 +175,7 @@ func unmarshalHandler(r *request.Request) {
 	out := r.Data.(*getCredentialsOutput)
 	if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&out); err != nil {
-		r.Error = awserr.New("SerializationError",
+		r.Error = awserr.New(request.ErrCodeSerialization,
 			"failed to decode endpoint credentials",
 			err,
 		)
@ -185,11 +186,15 @@ func unmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
 	var errOut errorOutput
-	if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&errOut); err != nil {
+	err := jsonutil.UnmarshalJSONError(&errOut, r.HTTPResponse.Body)
-		r.Error = awserr.New("SerializationError",
+	if err != nil {
-			"failed to decode endpoint credentials",
+		r.Error = awserr.NewRequestFailure(
-			err,
+			awserr.New(request.ErrCodeSerialization,
 				"failed to decode error message", err),
 			r.HTTPResponse.StatusCode,
 			r.RequestID,
 		)
 		return
 	}
 	// Response body format is not consistent between metadata endpoints.
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
@ -80,16 +80,18 @@ package stscreds
 import (
 	"fmt"
 	"os"
 	"time"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/internal/sdkrand"
 	"github.com/aws/aws-sdk-go/service/sts"
 )
-// StdinTokenProvider will prompt on stdout and read from stdin for a string value.
+// StdinTokenProvider will prompt on stderr and read from stdin for a string value.
 // An error is returned if reading from stdin fails.
 //
 // Use this function go read MFA tokens from stdin. The function makes no attempt
@ -102,7 +104,7 @@ import (
 // Will wait forever until something is provided on the stdin.
 func StdinTokenProvider() (string, error) {
 	var v string
-	fmt.Printf("Assume Role MFA token code: ")
+	fmt.Fprintf(os.Stderr, "Assume Role MFA token code: ")
 	_, err := fmt.Scanln(&v)
 	return v, err
@ -193,6 +195,18 @@ type AssumeRoleProvider struct {
 	//
 	// If ExpiryWindow is 0 or less it will be ignored.
 	ExpiryWindow time.Duration
 	// MaxJitterFrac reduces the effective Duration of each credential requested
 	// by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must
 	// have a value between 0 and 1. Any other value may lead to expected behavior.
 	// With a MaxJitterFrac value of 0, default) will no jitter will be used.
 	//
 	// For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the
 	// AssumeRole call will be made with an arbitrary Duration between 27m and
 	// 30m.
 	//
 	// MaxJitterFrac should not be negative.
 	MaxJitterFrac float64
 }
 // NewCredentials returns a pointer to a new Credentials object wrapping the
@ -244,7 +258,6 @@ func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(*
 // Retrieve generates a new set of temporary credentials using STS.
 func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
 	// Apply defaults where parameters are not set.
 	if p.RoleSessionName == "" {
 		// Try to work out a role name that will hopefully end up unique.
@ -254,8 +267,9 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
 		// Expire as often as AWS permits.
 		p.Duration = DefaultDuration
 	}
 	jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration))
 	input := &sts.AssumeRoleInput{
-		DurationSeconds: aws.Int64(int64(p.Duration / time.Second)),
+		DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)),
 		RoleArn:         aws.String(p.RoleARN),
 		RoleSessionName: aws.String(p.RoleSessionName),
 		ExternalId:      p.ExternalID,
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
@ -0,0 +1,97 @@
 package stscreds
 import (
 	"fmt"
 	"io/ioutil"
 	"strconv"
 	"time"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/service/sts"
 	"github.com/aws/aws-sdk-go/service/sts/stsiface"
 )
 const (
 	// ErrCodeWebIdentity will be used as an error code when constructing
 	// a new error to be returned during session creation or retrieval.
 	ErrCodeWebIdentity = "WebIdentityErr"
 	// WebIdentityProviderName is the web identity provider name
 	WebIdentityProviderName = "WebIdentityCredentials"
 )
 // now is used to return a time.Time object representing
 // the current time. This can be used to easily test and
 // compare test values.
 var now = time.Now
 // WebIdentityRoleProvider is used to retrieve credentials using
 // an OIDC token.
 type WebIdentityRoleProvider struct {
 	credentials.Expiry
 	client       stsiface.STSAPI
 	ExpiryWindow time.Duration
 	tokenFilePath   string
 	roleARN         string
 	roleSessionName string
 }
 // NewWebIdentityCredentials will return a new set of credentials with a given
 // configuration, role arn, and token file path.
 func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
 	svc := sts.New(c)
 	p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
 	return credentials.NewCredentials(p)
 }
 // NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
 // provided stsiface.STSAPI
 func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
 	return &WebIdentityRoleProvider{
 		client:          svc,
 		tokenFilePath:   path,
 		roleARN:         roleARN,
 		roleSessionName: roleSessionName,
 	}
 }
 // Retrieve will attempt to assume a role from a token which is located at
 // 'WebIdentityTokenFilePath' specified destination and if that is empty an
 // error will be returned.
 func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
 	b, err := ioutil.ReadFile(p.tokenFilePath)
 	if err != nil {
 		errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath)
 		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err)
 	}
 	sessionName := p.roleSessionName
 	if len(sessionName) == 0 {
 		// session name is used to uniquely identify a session. This simply
 		// uses unix time in nanoseconds to uniquely identify sessions.
 		sessionName = strconv.FormatInt(now().UnixNano(), 10)
 	}
 	resp, err := p.client.AssumeRoleWithWebIdentity(&sts.AssumeRoleWithWebIdentityInput{
 		RoleArn:          &p.roleARN,
 		RoleSessionName:  &sessionName,
 		WebIdentityToken: aws.String(string(b)),
 	})
 	if err != nil {
 		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err)
 	}
 	p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow)
 	value := credentials.Value{
 		AccessKeyID:     aws.StringValue(resp.Credentials.AccessKeyId),
 		SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey),
 		SessionToken:    aws.StringValue(resp.Credentials.SessionToken),
 		ProviderName:    WebIdentityProviderName,
 	}
 	return value, nil
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
@ -1,30 +1,61 @@
-// Package csm provides Client Side Monitoring (CSM) which enables sending metrics
+// Package csm provides the Client Side Monitoring (CSM) client which enables
-// via UDP connection. Using the Start function will enable the reporting of
+// sending metrics via UDP connection to the CSM agent. This package provides
-// metrics on a given port. If Start is called, with different parameters, again,
+// control options, and configuration for the CSM client. The client can be
-// a panic will occur.
+// controlled manually, or automatically via the SDK's Session configuration.
 //
-// Pause can be called to pause any metrics publishing on a given port. Sessions
+// Enabling CSM client via SDK's Session configuration
-// that have had their handlers modified via InjectHandlers may still be used.
+//
-// However, the handlers will act as a no-op meaning no metrics will be published.
+// The CSM client can be enabled automatically via SDK's Session configuration.
 // The SDK's session configuration enables the CSM client if the AWS_CSM_PORT
 // environment variable is set to a non-empty value.
 //
 // The configuration options for the CSM client via the SDK's session
 // configuration are:
 //
 //	* AWS_CSM_PORT=<port number>
 //	  The port number the CSM agent will receive metrics on.
 //
 //	* AWS_CSM_HOST=<hostname or ip>
 //	  The hostname, or IP address the CSM agent will receive metrics on.
 //	  Without port number.
 //
 // Manually enabling the CSM client
 //
 // The CSM client can be started, paused, and resumed manually. The Start
 // function will enable the CSM client to publish metrics to the CSM agent. It
 // is safe to call Start concurrently, but if Start is called additional times
 // with different ClientID or address it will panic.
 //
 //	Example:
 //		r, err := csm.Start("clientID", ":31000")
 //		if err != nil {
 //			panic(fmt.Errorf("failed starting CSM:  %v", err))
 //		}
 //
 // When controlling the CSM client manually, you must also inject its request
 // handlers into the SDK's Session configuration for the SDK's API clients to
 // publish metrics.
 //
 //		sess, err := session.NewSession(&aws.Config{})
 //		if err != nil {
 //			panic(fmt.Errorf("failed loading session: %v", err))
 //		}
 //
 //		// Add CSM client's metric publishing request handlers to the SDK's
 //		// Session Configuration.
 //		r.InjectHandlers(&sess.Handlers)
 //
-//		client := s3.New(sess)
+// Controlling CSM client
-//		resp, err := client.GetObject(&s3.GetObjectInput{
+//
-//			Bucket: aws.String("bucket"),
+// Once the CSM client has been enabled the Get function will return a Reporter
-//			Key: aws.String("key"),
+// value that you can use to pause and resume the metrics published to the CSM
-//		})
+// agent. If Get function is called before the reporter is enabled with the
 // Start function or via SDK's Session configuration nil will be returned.
 //
 // The Pause method can be called to stop the CSM client publishing metrics to
 // the CSM agent. The Continue method will resume metric publishing.
 //
 //		// Get the CSM client Reporter.
 //		r := csm.Get()
 //
 //		// Will pause monitoring
 //		r.Pause()
@ -35,12 +66,4 @@
 //
 //		// Resume monitoring
 //		r.Continue()
 //
 // Start returns a Reporter that is used to enable or disable monitoring. If
 // access to the Reporter is required later, calling Get will return the Reporter
 // singleton.
 //
 //	Example:
 //		r := csm.Get()
 //		r.Continue()
 package csm
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
@ -2,6 +2,7 @@ package csm
 import (
 	"fmt"
 	"strings"
 	"sync"
 )
@ -9,19 +10,40 @@ var (
 	lock sync.Mutex
 )
 // Client side metric handler names
 const (
-	APICallMetricHandlerName        = "awscsm.SendAPICallMetric"
+	// DefaultPort is used when no port is specified.
-	APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
+	DefaultPort = "31000"
 	// DefaultHost is the host that will be used when none is specified.
 	DefaultHost = "127.0.0.1"
 )
-// Start will start the a long running go routine to capture
+// AddressWithDefaults returns a CSM address built from the host and port
 // values. If the host or port is not set, default values will be used
 // instead. If host is "localhost" it will be replaced with "127.0.0.1".
 func AddressWithDefaults(host, port string) string {
 	if len(host) == 0 || strings.EqualFold(host, "localhost") {
 		host = DefaultHost
 	}
 	if len(port) == 0 {
 		port = DefaultPort
 	}
 	// Only IP6 host can contain a colon
 	if strings.Contains(host, ":") {
 		return "[" + host + "]:" + port
 	}
 	return host + ":" + port
 }
 // Start will start a long running go routine to capture
 // client side metrics. Calling start multiple time will only
 // start the metric listener once and will panic if a different
 // client ID or port is passed in.
 //
-//	Example:
+//		r, err := csm.Start("clientID", "127.0.0.1:31000")
 //		r, err := csm.Start("clientID", "127.0.0.1:8094")
 //		if err != nil {
 //			panic(fmt.Errorf("expected no error, but received %v", err))
 //		}
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
@ -10,11 +10,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws/request"
 )
 const (
 	// DefaultPort is used when no port is specified
 	DefaultPort = "31000"
 )
 // Reporter will gather metrics of API requests made and
 // send those metrics to the CSM endpoint.
 type Reporter struct {
@ -96,7 +91,7 @@ func getMetricException(err awserr.Error) metricException {
 	switch code {
 	case "RequestError",
-		"SerializationError",
+		request.ErrCodeSerialization,
 		request.CanceledErrorCode:
 		return sdkException{
 			requestException{exception: code, message: msg},
@ -123,7 +118,7 @@ func (rep *Reporter) sendAPICallMetric(r *request.Request) {
 		Type:               aws.String("ApiCall"),
 		AttemptCount:       aws.Int(r.RetryCount + 1),
 		Region:             r.Config.Region,
-		Latency:            aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)),
+		Latency:            aws.Int(int(time.Since(r.Time) / time.Millisecond)),
 		XAmzRequestID:      aws.String(r.RequestID),
 		MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())),
 	}
@ -190,8 +185,9 @@ func (rep *Reporter) start() {
 	}
 }
-// Pause will pause the metric channel preventing any new metrics from
+// Pause will pause the metric channel preventing any new metrics from being
-// being added.
+// added. It is safe to call concurrently with other calls to Pause, but if
 // called concurently with Continue can lead to unexpected state.
 func (rep *Reporter) Pause() {
 	lock.Lock()
 	defer lock.Unlock()
@ -203,8 +199,9 @@ func (rep *Reporter) Pause() {
 	rep.close()
 }
-// Continue will reopen the metric channel and allow for monitoring
+// Continue will reopen the metric channel and allow for monitoring to be
-// to be resumed.
+// resumed. It is safe to call concurrently with other calls to Continue, but
 // if called concurently with Pause can lead to unexpected state.
 func (rep *Reporter) Continue() {
 	lock.Lock()
 	defer lock.Unlock()
@ -219,10 +216,18 @@ func (rep *Reporter) Continue() {
 	rep.metricsCh.Continue()
 }
 // Client side metric handler names
 const (
 	APICallMetricHandlerName        = "awscsm.SendAPICallMetric"
 	APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
 )
 // InjectHandlers will will enable client side metrics and inject the proper
 // handlers to handle how metrics are sent.
 //
-//	Example:
+// InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers
 // multiple times may lead to unexpected behavior, (e.g. duplicate metrics).
 //
 //		// Start must be called in order to inject the correct handlers
 //		r, err := csm.Start("clientID", "127.0.0.1:8094")
 //		if err != nil {
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
@ -24,8 +24,9 @@ func (c *EC2Metadata) GetMetadata(p string) (string, error) {
 	output := &metadataOutput{}
 	req := c.NewRequest(op, nil, output)
 	err := req.Send()
-	return output.Content, req.Send()
+	return output.Content, err
 }
 // GetUserData returns the userdata that was configured for the service. If
@ -45,8 +46,9 @@ func (c *EC2Metadata) GetUserData() (string, error) {
 			r.Error = awserr.New("NotFoundError", "user-data not found", r.Error)
 		}
 	})
 	err := req.Send()
-	return output.Content, req.Send()
+	return output.Content, err
 }
 // GetDynamicData uses the path provided to request information from the EC2
@ -61,8 +63,9 @@ func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
 	output := &metadataOutput{}
 	req := c.NewRequest(op, nil, output)
 	err := req.Send()
-	return output.Content, req.Send()
+	return output.Content, err
 }
 // GetInstanceIdentityDocument retrieves an identity document describing an
@ -79,7 +82,7 @@ func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument
 	doc := EC2InstanceIdentityDocument{}
 	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&doc); err != nil {
 		return EC2InstanceIdentityDocument{},
-			awserr.New("SerializationError",
+			awserr.New(request.ErrCodeSerialization,
 				"failed to decode EC2 instance identity document", err)
 	}
@ -98,7 +101,7 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
 	info := EC2IAMInfo{}
 	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&info); err != nil {
 		return EC2IAMInfo{},
-			awserr.New("SerializationError",
+			awserr.New(request.ErrCodeSerialization,
 				"failed to decode EC2 IAM info", err)
 	}
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
@ -92,6 +92,9 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 		svc.Handlers.Send.SwapNamed(request.NamedHandler{
 			Name: corehandlers.SendHandler.Name,
 			Fn: func(r *request.Request) {
 				r.HTTPResponse = &http.Response{
 					Header: http.Header{},
 				}
 				r.Error = awserr.New(
 					request.CanceledErrorCode,
 					"EC2 IMDS access disabled via "+disableServiceEnvVar+" env var",
@ -120,7 +123,7 @@ func unmarshalHandler(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
 	b := &bytes.Buffer{}
 	if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
-		r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata respose", err)
+		r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata response", err)
 		return
 	}
@ -133,7 +136,7 @@ func unmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
 	b := &bytes.Buffer{}
 	if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
-		r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata error respose", err)
+		r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error response", err)
 		return
 	}
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
@ -2,7 +2,7 @@ package endpoints
 // Service identifiers
 //
-// Deprecated: Use client package's EndpointID value instead of these
+// Deprecated: Use client package's EndpointsID value instead of these
 // ServiceIDs. These IDs are not maintained, and are out of date.
 const (
 	A4bServiceID                          = "a4b"                          // A4b.
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
@ -170,10 +170,13 @@ func PartitionForRegion(ps []Partition, regionID string) (Partition, bool) {
 // A Partition provides the ability to enumerate the partition's regions
 // and services.
 type Partition struct {
-	id string
+	id, dnsSuffix string
-	p  *partition
+	p             *partition
 }
 // DNSSuffix returns the base domain name of the partition.
 func (p Partition) DNSSuffix() string { return p.dnsSuffix }
 // ID returns the identifier of the partition.
 func (p Partition) ID() string { return p.id }
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
@ -54,8 +54,9 @@ type partition struct {
 func (p partition) Partition() Partition {
 	return Partition{
-		id: p.ID,
+		dnsSuffix: p.DNSSuffix,
-		p:  &p,
+		id:        p.ID,
 		p:         &p,
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
@ -1,18 +1,17 @@
 // +build !appengine,!plan9
 package request
 import (
-	"net"
+	"strings"
 	"os"
 	"syscall"
 )
 func isErrConnectionReset(err error) bool {
-	if opErr, ok := err.(*net.OpError); ok {
+	if strings.Contains(err.Error(), "read: connection reset") {
-		if sysErr, ok := opErr.Err.(*os.SyscallError); ok {
+		return false
-			return sysErr.Err == syscall.ECONNRESET
+	}
-		}
+
 	if strings.Contains(err.Error(), "connection reset") ||
 		strings.Contains(err.Error(), "broken pipe") {
 		return true
 	}
 	return false
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go
@ -1,11 +0,0 @@
 // +build appengine plan9
 package request
 import (
 	"strings"
 )
 func isErrConnectionReset(err error) bool {
 	return strings.Contains(err.Error(), "connection reset")
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
@ -59,6 +59,51 @@ func (h *Handlers) Clear() {
 	h.Complete.Clear()
 }
 // IsEmpty returns if there are no handlers in any of the handlerlists.
 func (h *Handlers) IsEmpty() bool {
 	if h.Validate.Len() != 0 {
 		return false
 	}
 	if h.Build.Len() != 0 {
 		return false
 	}
 	if h.Send.Len() != 0 {
 		return false
 	}
 	if h.Sign.Len() != 0 {
 		return false
 	}
 	if h.Unmarshal.Len() != 0 {
 		return false
 	}
 	if h.UnmarshalStream.Len() != 0 {
 		return false
 	}
 	if h.UnmarshalMeta.Len() != 0 {
 		return false
 	}
 	if h.UnmarshalError.Len() != 0 {
 		return false
 	}
 	if h.ValidateResponse.Len() != 0 {
 		return false
 	}
 	if h.Retry.Len() != 0 {
 		return false
 	}
 	if h.AfterRetry.Len() != 0 {
 		return false
 	}
 	if h.CompleteAttempt.Len() != 0 {
 		return false
 	}
 	if h.Complete.Len() != 0 {
 		return false
 	}
 	return true
 }
 // A HandlerListRunItem represents an entry in the HandlerList which
 // is being run.
 type HandlerListRunItem struct {
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
@ -15,12 +15,15 @@ type offsetReader struct {
 	closed bool
 }
-func newOffsetReader(buf io.ReadSeeker, offset int64) *offsetReader {
+func newOffsetReader(buf io.ReadSeeker, offset int64) (*offsetReader, error) {
 	reader := &offsetReader{}
-	buf.Seek(offset, sdkio.SeekStart)
+	_, err := buf.Seek(offset, sdkio.SeekStart)
 	if err != nil {
 		return nil, err
 	}
 	reader.buf = buf
-	return reader
+	return reader, nil
 }
 // Close will close the instance of the offset reader's access to
@ -54,7 +57,9 @@ func (o *offsetReader) Seek(offset int64, whence int) (int64, error) {
 // CloseAndCopy will return a new offsetReader with a copy of the old buffer
 // and close the old buffer.
-func (o *offsetReader) CloseAndCopy(offset int64) *offsetReader {
+func (o *offsetReader) CloseAndCopy(offset int64) (*offsetReader, error) {
-	o.Close()
+	if err := o.Close(); err != nil {
 		return nil, err
 	}
 	return newOffsetReader(o.buf, offset)
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
 	"net"
 	"net/http"
 	"net/url"
 	"reflect"
@ -231,6 +232,10 @@ func (r *Request) WillRetry() bool {
 	return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries()
 }
 func fmtAttemptCount(retryCount, maxRetries int) string {
 	return fmt.Sprintf("attempt %v/%v", retryCount, maxRetries)
 }
 // ParamsFilled returns if the request's parameters have been populated
 // and the parameters are valid. False is returned if no parameters are
 // provided or invalid.
@ -259,7 +264,18 @@ func (r *Request) SetStringBody(s string) {
 // SetReaderBody will set the request's body reader.
 func (r *Request) SetReaderBody(reader io.ReadSeeker) {
 	r.Body = reader
-	r.BodyStart, _ = reader.Seek(0, sdkio.SeekCurrent) // Get the Bodies current offset.
+
 	if aws.IsReaderSeekable(reader) {
 		var err error
 		// Get the Bodies current offset so retries will start from the same
 		// initial position.
 		r.BodyStart, err = reader.Seek(0, sdkio.SeekCurrent)
 		if err != nil {
 			r.Error = awserr.New(ErrCodeSerialization,
 				"failed to determine start of request body", err)
 			return
 		}
 	}
 	r.ResetBody()
 }
@ -330,16 +346,15 @@ func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, err
 	return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil
 }
-func debugLogReqError(r *Request, stage string, retrying bool, err error) {
+const (
 	notRetrying = "not retrying"
 )
 func debugLogReqError(r *Request, stage, retryStr string, err error) {
 	if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) {
 		return
 	}
 	retryStr := "not retrying"
 	if retrying {
 		retryStr = "will retry"
 	}
 	r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v",
 		stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err))
 }
@ -358,12 +373,12 @@ func (r *Request) Build() error {
 	if !r.built {
 		r.Handlers.Validate.Run(r)
 		if r.Error != nil {
-			debugLogReqError(r, "Validate Request", false, r.Error)
+			debugLogReqError(r, "Validate Request", notRetrying, r.Error)
 			return r.Error
 		}
 		r.Handlers.Build.Run(r)
 		if r.Error != nil {
-			debugLogReqError(r, "Build Request", false, r.Error)
+			debugLogReqError(r, "Build Request", notRetrying, r.Error)
 			return r.Error
 		}
 		r.built = true
@ -379,7 +394,7 @@ func (r *Request) Build() error {
 func (r *Request) Sign() error {
 	r.Build()
 	if r.Error != nil {
-		debugLogReqError(r, "Build Request", false, r.Error)
+		debugLogReqError(r, "Build Request", notRetrying, r.Error)
 		return r.Error
 	}
@ -387,12 +402,16 @@ func (r *Request) Sign() error {
 	return r.Error
 }
-func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
+func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) {
 	if r.safeBody != nil {
 		r.safeBody.Close()
 	}
-	r.safeBody = newOffsetReader(r.Body, r.BodyStart)
+	r.safeBody, err = newOffsetReader(r.Body, r.BodyStart)
 	if err != nil {
 		return nil, awserr.New(ErrCodeSerialization,
 			"failed to get next request body reader", err)
 	}
 	// Go 1.8 tightened and clarified the rules code needs to use when building
 	// requests with the http package. Go 1.8 removed the automatic detection
@ -409,10 +428,10 @@ func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
 	// Related golang/go#18257
 	l, err := aws.SeekerLen(r.Body)
 	if err != nil {
-		return nil, awserr.New(ErrCodeSerialization, "failed to compute request body size", err)
+		return nil, awserr.New(ErrCodeSerialization,
 			"failed to compute request body size", err)
 	}
 	var body io.ReadCloser
 	if l == 0 {
 		body = NoBody
 	} else if l > 0 {
@ -473,13 +492,13 @@ func (r *Request) Send() error {
 		r.AttemptTime = time.Now()
 		if err := r.Sign(); err != nil {
-			debugLogReqError(r, "Sign Request", false, err)
+			debugLogReqError(r, "Sign Request", notRetrying, err)
 			return err
 		}
 		if err := r.sendRequest(); err == nil {
 			return nil
-		} else if !shouldRetryCancel(r.Error) {
+		} else if !shouldRetryError(r.Error) {
 			return err
 		} else {
 			r.Handlers.Retry.Run(r)
@ -489,13 +508,16 @@ func (r *Request) Send() error {
 				return r.Error
 			}
-			r.prepareRetry()
+			if err := r.prepareRetry(); err != nil {
 				r.Error = err
 				return err
 			}
 			continue
 		}
 	}
 }
-func (r *Request) prepareRetry() {
+func (r *Request) prepareRetry() error {
 	if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
 		r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
 			r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
@ -506,12 +528,19 @@ func (r *Request) prepareRetry() {
 	// the request's body even though the Client's Do returned.
 	r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
 	r.ResetBody()
 	if err := r.Error; err != nil {
 		return awserr.New(ErrCodeSerialization,
 			"failed to prepare body for retry", err)
 	}
 	// Closing response body to ensure that no response body is leaked
 	// between retry attempts.
 	if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
 		r.HTTPResponse.Body.Close()
 	}
 	return nil
 }
 func (r *Request) sendRequest() (sendErr error) {
@ -520,7 +549,9 @@ func (r *Request) sendRequest() (sendErr error) {
 	r.Retryable = nil
 	r.Handlers.Send.Run(r)
 	if r.Error != nil {
-		debugLogReqError(r, "Send Request", r.WillRetry(), r.Error)
+		debugLogReqError(r, "Send Request",
 			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
 			r.Error)
 		return r.Error
 	}
@ -528,13 +559,17 @@ func (r *Request) sendRequest() (sendErr error) {
 	r.Handlers.ValidateResponse.Run(r)
 	if r.Error != nil {
 		r.Handlers.UnmarshalError.Run(r)
-		debugLogReqError(r, "Validate Response", r.WillRetry(), r.Error)
+		debugLogReqError(r, "Validate Response",
 			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
 			r.Error)
 		return r.Error
 	}
 	r.Handlers.Unmarshal.Run(r)
 	if r.Error != nil {
-		debugLogReqError(r, "Unmarshal Response", r.WillRetry(), r.Error)
+		debugLogReqError(r, "Unmarshal Response",
 			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
 			r.Error)
 		return r.Error
 	}
@ -565,13 +600,13 @@ type temporary interface {
 	Temporary() bool
 }
-func shouldRetryCancel(err error) bool {
+func shouldRetryError(origErr error) bool {
-	switch err := err.(type) {
+	switch err := origErr.(type) {
 	case awserr.Error:
 		if err.Code() == CanceledErrorCode {
 			return false
 		}
-		return shouldRetryCancel(err.OrigErr())
+		return shouldRetryError(err.OrigErr())
 	case *url.Error:
 		if strings.Contains(err.Error(), "connection refused") {
 			// Refused connections should be retried as the service may not yet
@ -581,14 +616,17 @@ func shouldRetryCancel(err error) bool {
 		}
 		// *url.Error only implements Temporary after golang 1.6 but since
 		// url.Error only wraps the error:
-		return shouldRetryCancel(err.Err)
+		return shouldRetryError(err.Err)
 	case temporary:
 		if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" {
 			return true
 		}
 		// If the error is temporary, we want to allow continuation of the
 		// retry process
-		return err.Temporary()
+		return err.Temporary() || isErrConnectionReset(origErr)
 	case nil:
 		// `awserr.Error.OrigErr()` can be nil, meaning there was an error but
-		// because we don't know the cause, it is marked as retriable. See
+		// because we don't know the cause, it is marked as retryable. See
 		// TestRequest4xxUnretryable for an example.
 		return true
 	default:
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
@ -4,6 +4,8 @@ package request
 import (
 	"net/http"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 )
 // NoBody is a http.NoBody reader instructing Go HTTP client to not include
@ -24,7 +26,8 @@ var NoBody = http.NoBody
 func (r *Request) ResetBody() {
 	body, err := r.getNextRequestBody()
 	if err != nil {
-		r.Error = err
+		r.Error = awserr.New(ErrCodeSerialization,
 			"failed to reset request body", err)
 		return
 	}
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
@ -146,7 +146,7 @@ func (r *Request) nextPageTokens() []interface{} {
 				return nil
 			}
 		case bool:
-			if v == false {
+			if !v {
 				return nil
 			}
 		}
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
@ -38,6 +38,7 @@ var throttleCodes = map[string]struct{}{
 	"ThrottlingException":                    {},
 	"RequestLimitExceeded":                   {},
 	"RequestThrottled":                       {},
 	"RequestThrottledException":              {},
 	"TooManyRequestsException":               {}, // Lambda functions
 	"PriorRequestNotComplete":                {}, // Route53
 	"TransactionInProgressException":         {},
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go
@ -0,0 +1,26 @@
 // +build go1.7
 package session
 import (
 	"net"
 	"net/http"
 	"time"
 )
 // Transport that should be used when a custom CA bundle is specified with the
 // SDK.
 func getCABundleTransport() *http.Transport {
 	return &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		DialContext: (&net.Dialer{
 			Timeout:   30 * time.Second,
 			KeepAlive: 30 * time.Second,
 			DualStack: true,
 		}).DialContext,
 		MaxIdleConns:          100,
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go
@ -0,0 +1,22 @@
 // +build !go1.6,go1.5
 package session
 import (
 	"net"
 	"net/http"
 	"time"
 )
 // Transport that should be used when a custom CA bundle is specified with the
 // SDK.
 func getCABundleTransport() *http.Transport {
 	return &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		Dial: (&net.Dialer{
 			Timeout:   30 * time.Second,
 			KeepAlive: 30 * time.Second,
 		}).Dial,
 		TLSHandshakeTimeout: 10 * time.Second,
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go
@ -0,0 +1,23 @@
 // +build !go1.7,go1.6
 package session
 import (
 	"net"
 	"net/http"
 	"time"
 )
 // Transport that should be used when a custom CA bundle is specified with the
 // SDK.
 func getCABundleTransport() *http.Transport {
 	return &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		Dial: (&net.Dialer{
 			Timeout:   30 * time.Second,
 			KeepAlive: 30 * time.Second,
 		}).Dial,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
@ -0,0 +1,259 @@
 package session
 import (
 	"fmt"
 	"os"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/processcreds"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/defaults"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 func resolveCredentials(cfg *aws.Config,
 	envCfg envConfig, sharedCfg sharedConfig,
 	handlers request.Handlers,
 	sessOpts Options,
 ) (*credentials.Credentials, error) {
 	switch {
 	case len(sessOpts.Profile) != 0:
 		// User explicitly provided an Profile in the session's configuration
 		// so load that profile from shared config first.
 		// Github(aws/aws-sdk-go#2727)
 		return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
 	case envCfg.Creds.HasKeys():
 		// Environment credentials
 		return credentials.NewStaticCredentialsFromCreds(envCfg.Creds), nil
 	case len(envCfg.WebIdentityTokenFilePath) != 0:
 		// Web identity token from environment, RoleARN required to also be
 		// set.
 		return assumeWebIdentity(cfg, handlers,
 			envCfg.WebIdentityTokenFilePath,
 			envCfg.RoleARN,
 			envCfg.RoleSessionName,
 		)
 	default:
 		// Fallback to the "default" credential resolution chain.
 		return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
 	}
 }
 // WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but
 // 'AWS_IAM_ROLE_ARN' was not set.
 var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil)
 // WebIdentityEmptyTokenFilePathErr will occur if 'AWS_IAM_ROLE_ARN' was set but
 // 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set.
 var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil)
 func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
 	filepath string,
 	roleARN, sessionName string,
 ) (*credentials.Credentials, error) {
 	if len(filepath) == 0 {
 		return nil, WebIdentityEmptyTokenFilePathErr
 	}
 	if len(roleARN) == 0 {
 		return nil, WebIdentityEmptyRoleARNErr
 	}
 	creds := stscreds.NewWebIdentityCredentials(
 		&Session{
 			Config:   cfg,
 			Handlers: handlers.Copy(),
 		},
 		roleARN,
 		sessionName,
 		filepath,
 	)
 	return creds, nil
 }
 func resolveCredsFromProfile(cfg *aws.Config,
 	envCfg envConfig, sharedCfg sharedConfig,
 	handlers request.Handlers,
 	sessOpts Options,
 ) (creds *credentials.Credentials, err error) {
 	switch {
 	case sharedCfg.SourceProfile != nil:
 		// Assume IAM role with credentials source from a different profile.
 		creds, err = resolveCredsFromProfile(cfg, envCfg,
 			*sharedCfg.SourceProfile, handlers, sessOpts,
 		)
 	case sharedCfg.Creds.HasKeys():
 		// Static Credentials from Shared Config/Credentials file.
 		creds = credentials.NewStaticCredentialsFromCreds(
 			sharedCfg.Creds,
 		)
 	case len(sharedCfg.CredentialProcess) != 0:
 		// Get credentials from CredentialProcess
 		creds = processcreds.NewCredentials(sharedCfg.CredentialProcess)
 	case len(sharedCfg.CredentialSource) != 0:
 		creds, err = resolveCredsFromSource(cfg, envCfg,
 			sharedCfg, handlers, sessOpts,
 		)
 	case len(sharedCfg.WebIdentityTokenFile) != 0:
 		// Credentials from Assume Web Identity token require an IAM Role, and
 		// that roll will be assumed. May be wrapped with another assume role
 		// via SourceProfile.
 		return assumeWebIdentity(cfg, handlers,
 			sharedCfg.WebIdentityTokenFile,
 			sharedCfg.RoleARN,
 			sharedCfg.RoleSessionName,
 		)
 	default:
 		// Fallback to default credentials provider, include mock errors for
 		// the credential chain so user can identify why credentials failed to
 		// be retrieved.
 		creds = credentials.NewCredentials(&credentials.ChainProvider{
 			VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
 			Providers: []credentials.Provider{
 				&credProviderError{
 					Err: awserr.New("EnvAccessKeyNotFound",
 						"failed to find credentials in the environment.", nil),
 				},
 				&credProviderError{
 					Err: awserr.New("SharedCredsLoad",
 						fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil),
 				},
 				defaults.RemoteCredProvider(*cfg, handlers),
 			},
 		})
 	}
 	if err != nil {
 		return nil, err
 	}
 	if len(sharedCfg.RoleARN) > 0 {
 		cfgCp := *cfg
 		cfgCp.Credentials = creds
 		return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts)
 	}
 	return creds, nil
 }
 // valid credential source values
 const (
 	credSourceEc2Metadata  = "Ec2InstanceMetadata"
 	credSourceEnvironment  = "Environment"
 	credSourceECSContainer = "EcsContainer"
 )
 func resolveCredsFromSource(cfg *aws.Config,
 	envCfg envConfig, sharedCfg sharedConfig,
 	handlers request.Handlers,
 	sessOpts Options,
 ) (creds *credentials.Credentials, err error) {
 	switch sharedCfg.CredentialSource {
 	case credSourceEc2Metadata:
 		p := defaults.RemoteCredProvider(*cfg, handlers)
 		creds = credentials.NewCredentials(p)
 	case credSourceEnvironment:
 		creds = credentials.NewStaticCredentialsFromCreds(envCfg.Creds)
 	case credSourceECSContainer:
 		if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
 			return nil, ErrSharedConfigECSContainerEnvVarEmpty
 		}
 		p := defaults.RemoteCredProvider(*cfg, handlers)
 		creds = credentials.NewCredentials(p)
 	default:
 		return nil, ErrSharedConfigInvalidCredSource
 	}
 	return creds, nil
 }
 func credsFromAssumeRole(cfg aws.Config,
 	handlers request.Handlers,
 	sharedCfg sharedConfig,
 	sessOpts Options,
 ) (*credentials.Credentials, error) {
 	if len(sharedCfg.MFASerial) != 0 && sessOpts.AssumeRoleTokenProvider == nil {
 		// AssumeRole Token provider is required if doing Assume Role
 		// with MFA.
 		return nil, AssumeRoleTokenProviderNotSetError{}
 	}
 	return stscreds.NewCredentials(
 		&Session{
 			Config:   &cfg,
 			Handlers: handlers.Copy(),
 		},
 		sharedCfg.RoleARN,
 		func(opt *stscreds.AssumeRoleProvider) {
 			opt.RoleSessionName = sharedCfg.RoleSessionName
 			opt.Duration = sessOpts.AssumeRoleDuration
 			// Assume role with external ID
 			if len(sharedCfg.ExternalID) > 0 {
 				opt.ExternalID = aws.String(sharedCfg.ExternalID)
 			}
 			// Assume role with MFA
 			if len(sharedCfg.MFASerial) > 0 {
 				opt.SerialNumber = aws.String(sharedCfg.MFASerial)
 				opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
 			}
 		},
 	), nil
 }
 // AssumeRoleTokenProviderNotSetError is an error returned when creating a
 // session when the MFAToken option is not set when shared config is configured
 // load assume a role with an MFA token.
 type AssumeRoleTokenProviderNotSetError struct{}
 // Code is the short id of the error.
 func (e AssumeRoleTokenProviderNotSetError) Code() string {
 	return "AssumeRoleTokenProviderNotSetError"
 }
 // Message is the description of the error
 func (e AssumeRoleTokenProviderNotSetError) Message() string {
 	return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
 }
 // OrigErr is the underlying error that caused the failure.
 func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
 	return nil
 }
 // Error satisfies the error interface.
 func (e AssumeRoleTokenProviderNotSetError) Error() string {
 	return awserr.SprintError(e.Code(), e.Message(), "", nil)
 }
 type credProviderError struct {
 	Err error
 }
 func (c credProviderError) Retrieve() (credentials.Value, error) {
 	return credentials.Value{}, c.Err
 }
 func (c credProviderError) IsExpired() bool {
 	return true
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
@ -1,97 +1,93 @@
 /*
-Package session provides configuration for the SDK's service clients.
+Package session provides configuration for the SDK's service clients. Sessions
-
+can be shared across service clients that share the same base configuration.
 Sessions can be shared across all service clients that share the same base
 configuration.  The Session is built from the SDK's default configuration and
 request handlers.
 Sessions should be cached when possible, because creating a new Session will
 load all configuration values from the environment, and config files each time
 the Session is created. Sharing the Session value across all of your service
 clients will ensure the configuration is loaded the fewest number of times possible.
 Concurrency
 Sessions are safe to use concurrently as long as the Session is not being
-modified. The SDK will not modify the Session once the Session has been created.
+modified. Sessions should be cached when possible, because creating a new
-Creating service clients concurrently from a shared Session is safe.
+Session will load all configuration values from the environment, and config
 files each time the Session is created. Sharing the Session value across all of
 your service clients will ensure the configuration is loaded the fewest number
 of times possible.
-Sessions from Shared Config
+Sessions options from Shared Config
 Sessions can be created using the method above that will only load the
 additional config if the AWS_SDK_LOAD_CONFIG environment variable is set.
 Alternatively you can explicitly create a Session with shared config enabled.
 To do this you can use NewSessionWithOptions to configure how the Session will
 be created. Using the NewSessionWithOptions with SharedConfigState set to
 SharedConfigEnable will create the session as if the AWS_SDK_LOAD_CONFIG
 environment variable was set.
 Creating Sessions
 When creating Sessions optional aws.Config values can be passed in that will
 override the default, or loaded config values the Session is being created
 with. This allows you to provide additional, or case based, configuration
 as needed.
 By default NewSession will only load credentials from the shared credentials
 file (~/.aws/credentials). If the AWS_SDK_LOAD_CONFIG environment variable is
 set to a truthy value the Session will be created from the configuration
 values from the shared config (~/.aws/config) and shared credentials
-(~/.aws/credentials) files. See the section Sessions from Shared Config for
+(~/.aws/credentials) files. Using the NewSessionWithOptions with
-more information.
+SharedConfigState set to SharedConfigEnable will create the session as if the
 AWS_SDK_LOAD_CONFIG environment variable was set.
-Create a Session with the default config and request handlers. With credentials
+Credential and config loading order
-region, and profile loaded from the environment and shared config automatically.
+
-Requires the AWS_PROFILE to be set, or "default" is used.
+The Session will attempt to load configuration and credentials from the
 environment, configuration files, and other credential sources. The order
 configuration is loaded in is:
  * Environment Variables
  * Shared Credentials file
  * Shared Configuration file (if SharedConfig is enabled)
  * EC2 Instance Metadata (credentials only)
 The Environment variables for credentials will have precedence over shared
 config even if SharedConfig is enabled. To override this behavior, and use
 shared config credentials instead specify the session.Options.Profile, (e.g.
 when using credential_source=Environment to assume a role).
  sess, err := session.NewSessionWithOptions(session.Options{
 	  Profile: "myProfile",
  })
 Creating Sessions
 Creating a Session without additional options will load credentials region, and
 profile loaded from the environment and shared config automatically. See,
 "Environment Variables" section for information on environment variables used
 by Session.
 	// Create Session
-	sess := session.Must(session.NewSession())
+	sess, err := session.NewSession()
 When creating Sessions optional aws.Config values can be passed in that will
 override the default, or loaded, config values the Session is being created
 with. This allows you to provide additional, or case based, configuration
 as needed.
 	// Create a Session with a custom region
-	sess := session.Must(session.NewSession(&aws.Config{
+	sess, err := session.NewSession(&aws.Config{
-		Region: aws.String("us-east-1"),
+		Region: aws.String("us-west-2"),
-	}))
+	})
-	// Create a S3 client instance from a session
+Use NewSessionWithOptions to provide additional configuration driving how the
-	sess := session.Must(session.NewSession())
+Session's configuration will be loaded. Such as, specifying shared config
-
+profile, or override the shared config state,  (AWS_SDK_LOAD_CONFIG).
 	svc := s3.New(sess)
 Create Session With Option Overrides
 In addition to NewSession, Sessions can be created using NewSessionWithOptions.
 This func allows you to control and override how the Session will be created
 through code instead of being driven by environment variables only.
 Use NewSessionWithOptions when you want to provide the config profile, or
 override the shared config state (AWS_SDK_LOAD_CONFIG).
 	// Equivalent to session.NewSession()
-	sess := session.Must(session.NewSessionWithOptions(session.Options{
+	sess, err := session.NewSessionWithOptions(session.Options{
 		// Options
-	}))
+	})
-	// Specify profile to load for the session's config
+	sess, err := session.NewSessionWithOptions(session.Options{
-	sess := session.Must(session.NewSessionWithOptions(session.Options{
+		// Specify profile to load for the session's config
-		 Profile: "profile_name",
+		Profile: "profile_name",
 	}))
-	// Specify profile for config and region for requests
+		// Provide SDK Config options, such as Region.
-	sess := session.Must(session.NewSessionWithOptions(session.Options{
+		Config: aws.Config{
-		 Config: aws.Config{Region: aws.String("us-east-1")},
+			Region: aws.String("us-west-2"),
-		 Profile: "profile_name",
+		},
 	}))
-	// Force enable Shared Config support
+		// Force enable Shared Config support
 	sess := session.Must(session.NewSessionWithOptions(session.Options{
 		SharedConfigState: session.SharedConfigEnable,
-	}))
+	})
 Adding Handlers
-You can add handlers to a session for processing HTTP requests. All service
+You can add handlers to a session to decorate API operation, (e.g. adding HTTP
-clients that use the session inherit the handlers. For example, the following
+headers). All clients that use the Session receive a copy of the Session's
-handler logs every request and its payload made by a service client:
+handlers. For example, the following request handler added to the Session logs
 every requests made.
 	// Create a session, and add additional handlers for all service
 	// clients created with the Session to inherit. Adds logging handler.
@ -99,22 +95,15 @@ handler logs every request and its payload made by a service client:
 	sess.Handlers.Send.PushFront(func(r *request.Request) {
 		// Log every request made and its payload
-		logger.Printf("Request: %s/%s, Payload: %s",
+		logger.Printf("Request: %s/%s, Params: %s",
 			r.ClientInfo.ServiceName, r.Operation, r.Params)
 	})
 Deprecated "New" function
 The New session function has been deprecated because it does not provide good
 way to return errors that occur when loading the configuration files and values.
 Because of this, NewSession was created so errors can be retrieved when
 creating a session fails.
 Shared Config Fields
-By default the SDK will only load the shared credentials file's (~/.aws/credentials)
+By default the SDK will only load the shared credentials file's
-credentials values, and all other config is provided by the environment variables,
+(~/.aws/credentials) credentials values, and all other config is provided by
-SDK defaults, and user provided aws.Config values.
+the environment variables, SDK defaults, and user provided aws.Config values.
 If the AWS_SDK_LOAD_CONFIG environment variable is set, or SharedConfigEnable
 option is used to create the Session the full shared config values will be
@ -125,24 +114,31 @@ files have the same format.
 If both config files are present the configuration from both files will be
 read. The Session will be created from configuration values from the shared
-credentials file (~/.aws/credentials) over those in the shared config file (~/.aws/config).
+credentials file (~/.aws/credentials) over those in the shared config file
 (~/.aws/config).
-Credentials are the values the SDK should use for authenticating requests with
+Credentials are the values the SDK uses to authenticating requests with AWS
-AWS Services. They are from a configuration file will need to include both
+Services. When specified in a file, both aws_access_key_id and
-aws_access_key_id and aws_secret_access_key must be provided together in the
+aws_secret_access_key must be provided together in the same file to be
-same file to be considered valid. The values will be ignored if not a complete
+considered valid. They will be ignored if both are not present.
-group. aws_session_token is an optional field that can be provided if both of
+aws_session_token is an optional field that can be provided in addition to the
-the other two fields are also provided.
+other two fields.
 	aws_access_key_id = AKID
 	aws_secret_access_key = SECRET
 	aws_session_token = TOKEN
-Assume Role values allow you to configure the SDK to assume an IAM role using
+	; region only supported if SharedConfigEnabled.
-a set of credentials provided in a config file via the source_profile field.
+	region = us-east-1
-Both "role_arn" and "source_profile" are required. The SDK supports assuming
+
-a role with MFA token if the session option AssumeRoleTokenProvider
+Assume Role configuration
-is set.
+
 The role_arn field allows you to configure the SDK to assume an IAM role using
 a set of credentials from another source. Such as when paired with static
 credentials, "profile_source", "credential_process", or "credential_source"
 fields. If "role_arn" is provided, a source of credentials must also be
 specified, such as "source_profile", "credential_source", or
 "credential_process".
 	role_arn = arn:aws:iam::<account_number>:role/<role_name>
 	source_profile = profile_with_creds
@ -150,40 +146,16 @@ is set.
 	mfa_serial = <serial or mfa arn>
 	role_session_name = session_name
 Region is the region the SDK should use for looking up AWS service endpoints
 and signing requests.
-	region = us-east-1
+The SDK supports assuming a role with MFA token. If "mfa_serial" is set, you
-
+must also set the Session Option.AssumeRoleTokenProvider. The Session will fail
-Assume Role with MFA token
+to load if the AssumeRoleTokenProvider is not specified.
 To create a session with support for assuming an IAM role with MFA set the
 session option AssumeRoleTokenProvider to a function that will prompt for the
 MFA token code when the SDK assumes the role and refreshes the role's credentials.
 This allows you to configure the SDK via the shared config to assumea role
 with MFA tokens.
 In order for the SDK to assume a role with MFA the SharedConfigState
 session option must be set to SharedConfigEnable, or AWS_SDK_LOAD_CONFIG
 environment variable set.
 The shared configuration instructs the SDK to assume an IAM role with MFA
 when the mfa_serial configuration field is set in the shared config
 (~/.aws/config) or shared credentials (~/.aws/credentials) file.
 If mfa_serial is set in the configuration, the SDK will assume the role, and
 the AssumeRoleTokenProvider session option is not set an an error will
 be returned when creating the session.
    sess := session.Must(session.NewSessionWithOptions(session.Options{
        AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
    }))
-    // Create service client value configured for credentials
+To setup Assume Role outside of a session see the stscreds.AssumeRoleProvider
    // from assumed role.
    svc := s3.New(sess)
 To setup assume role outside of a session see the stscreds.AssumeRoleProvider
 documentation.
 Environment Variables
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
@ -102,18 +102,38 @@ type envConfig struct {
 	CSMEnabled  bool
 	CSMPort     string
 	CSMClientID string
 	CSMHost     string
 	enableEndpointDiscovery string
 	// Enables endpoint discovery via environment variables.
 	//
 	//	AWS_ENABLE_ENDPOINT_DISCOVERY=true
 	EnableEndpointDiscovery *bool
 	enableEndpointDiscovery string
 	// Specifies the WebIdentity token the SDK should use to assume a role
 	// with.
 	//
 	//  AWS_WEB_IDENTITY_TOKEN_FILE=file_path
 	WebIdentityTokenFilePath string
 	// Specifies the IAM role arn to use when assuming an role.
 	//
 	//  AWS_ROLE_ARN=role_arn
 	RoleARN string
 	// Specifies the IAM role session name to use when assuming a role.
 	//
 	//  AWS_ROLE_SESSION_NAME=session_name
 	RoleSessionName string
 }
 var (
 	csmEnabledEnvKey = []string{
 		"AWS_CSM_ENABLED",
 	}
 	csmHostEnvKey = []string{
 		"AWS_CSM_HOST",
 	}
 	csmPortEnvKey = []string{
 		"AWS_CSM_PORT",
 	}
@ -150,6 +170,15 @@ var (
 	sharedConfigFileEnvKey = []string{
 		"AWS_CONFIG_FILE",
 	}
 	webIdentityTokenFilePathEnvKey = []string{
 		"AWS_WEB_IDENTITY_TOKEN_FILE",
 	}
 	roleARNEnvKey = []string{
 		"AWS_ROLE_ARN",
 	}
 	roleSessionNameEnvKey = []string{
 		"AWS_ROLE_SESSION_NAME",
 	}
 )
 // loadEnvConfig retrieves the SDK's environment configuration.
@ -178,23 +207,31 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
 	cfg.EnableSharedConfig = enableSharedConfig
-	setFromEnvVal(&cfg.Creds.AccessKeyID, credAccessEnvKey)
+	// Static environment credentials
-	setFromEnvVal(&cfg.Creds.SecretAccessKey, credSecretEnvKey)
+	var creds credentials.Value
-	setFromEnvVal(&cfg.Creds.SessionToken, credSessionEnvKey)
+	setFromEnvVal(&creds.AccessKeyID, credAccessEnvKey)
 	setFromEnvVal(&creds.SecretAccessKey, credSecretEnvKey)
 	setFromEnvVal(&creds.SessionToken, credSessionEnvKey)
 	if creds.HasKeys() {
 		// Require logical grouping of credentials
 		creds.ProviderName = EnvProviderName
 		cfg.Creds = creds
 	}
 	// Role Metadata
 	setFromEnvVal(&cfg.RoleARN, roleARNEnvKey)
 	setFromEnvVal(&cfg.RoleSessionName, roleSessionNameEnvKey)
 	// Web identity environment variables
 	setFromEnvVal(&cfg.WebIdentityTokenFilePath, webIdentityTokenFilePathEnvKey)
 	// CSM environment variables
 	setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey)
 	setFromEnvVal(&cfg.CSMHost, csmHostEnvKey)
 	setFromEnvVal(&cfg.CSMPort, csmPortEnvKey)
 	setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey)
 	cfg.CSMEnabled = len(cfg.csmEnabled) > 0
 	// Require logical grouping of credentials
 	if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 {
 		cfg.Creds = credentials.Value{}
 	} else {
 		cfg.Creds.ProviderName = EnvProviderName
 	}
 	regionKeys := regionEnvKeys
 	profileKeys := profileEnvKeys
 	if !cfg.EnableSharedConfig {
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
@ -8,19 +8,17 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
 	"time"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/corehandlers"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/processcreds"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/csm"
 	"github.com/aws/aws-sdk-go/aws/defaults"
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 const (
@ -107,7 +105,15 @@ func New(cfgs ...*aws.Config) *Session {
 	s := deprecatedNewSession(cfgs...)
 	if envCfg.CSMEnabled {
-		enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger)
+		err := enableCSM(&s.Handlers, envCfg.CSMClientID,
 			envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger)
 		if err != nil {
 			err = fmt.Errorf("failed to enable CSM, %v", err)
 			s.Config.Logger.Log("ERROR:", err.Error())
 			s.Handlers.Validate.PushBack(func(r *request.Request) {
 				r.Error = err
 			})
 		}
 	}
 	return s
@ -210,6 +216,12 @@ type Options struct {
 	// the config enables assume role wit MFA via the mfa_serial field.
 	AssumeRoleTokenProvider func() (string, error)
 	// When the SDK's shared config is configured to assume a role this option
 	// may be provided to set the expiry duration of the STS credentials.
 	// Defaults to 15 minutes if not set as documented in the
 	// stscreds.AssumeRoleProvider.
 	AssumeRoleDuration time.Duration
 	// Reader for a custom Credentials Authority (CA) bundle in PEM format that
 	// the SDK will use instead of the default system's root CA bundle. Use this
 	// only if you want to replace the CA bundle the SDK uses for TLS requests.
@ -224,6 +236,12 @@ type Options struct {
 	// to also enable this feature. CustomCABundle session option field has priority
 	// over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
 	CustomCABundle io.Reader
 	// The handlers that the session and all API clients will be created with.
 	// This must be a complete set of handlers. Use the defaults.Handlers()
 	// function to initialize this value before changing the handlers to be
 	// used by the SDK.
 	Handlers request.Handlers
 }
 // NewSessionWithOptions returns a new Session created from SDK defaults, config files,
@ -263,7 +281,7 @@ func NewSessionWithOptions(opts Options) (*Session, error) {
 		envCfg = loadEnvConfig()
 	}
-	if len(opts.Profile) > 0 {
+	if len(opts.Profile) != 0 {
 		envCfg.Profile = opts.Profile
 	}
@ -329,27 +347,36 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session {
 	return s
 }
-func enableCSM(handlers *request.Handlers, clientID string, port string, logger aws.Logger) {
+func enableCSM(handlers *request.Handlers,
-	logger.Log("Enabling CSM")
+	clientID, host, port string,
-	if len(port) == 0 {
+	logger aws.Logger,
-		port = csm.DefaultPort
+) error {
 	if logger != nil {
 		logger.Log("Enabling CSM")
 	}
-	r, err := csm.Start(clientID, "127.0.0.1:"+port)
+	r, err := csm.Start(clientID, csm.AddressWithDefaults(host, port))
 	if err != nil {
-		return
+		return err
 	}
 	r.InjectHandlers(handlers)
 	return nil
 }
 func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
 	cfg := defaults.Config()
-	handlers := defaults.Handlers()
+
 	handlers := opts.Handlers
 	if handlers.IsEmpty() {
 		handlers = defaults.Handlers()
 	}
 	// Get a merged version of the user provided config to determine if
 	// credentials were.
 	userCfg := &aws.Config{}
 	userCfg.MergeIn(cfgs...)
 	cfg.MergeIn(userCfg)
 	// Ordered config files will be loaded in with later files overwriting
 	// previous config file values.
@ -366,9 +393,11 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
 	}
 	// Load additional config from file(s)
-	sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles)
+	sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles, envCfg.EnableSharedConfig)
 	if err != nil {
-		return nil, err
+		if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
 			return nil, err
 		}
 	}
 	if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil {
@ -382,7 +411,11 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
 	initHandlers(s)
 	if envCfg.CSMEnabled {
-		enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger)
+		err := enableCSM(&s.Handlers, envCfg.CSMClientID,
 			envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger)
 		if err != nil {
 			return nil, err
 		}
 	}
 	// Setup HTTP client with custom cert bundle if enabled
@ -407,7 +440,10 @@ func loadCustomCABundle(s *Session, bundle io.Reader) error {
 		}
 	}
 	if t == nil {
-		t = &http.Transport{}
+		// Nil transport implies `http.DefaultTransport` should be used. Since
 		// the SDK cannot modify, nor copy the `DefaultTransport` specifying
 		// the values the next closest behavior.
 		t = getCABundleTransport()
 	}
 	p, err := loadCertPool(bundle)
@ -440,9 +476,11 @@ func loadCertPool(r io.Reader) (*x509.CertPool, error) {
 	return p, nil
 }
-func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options) error {
+func mergeConfigSrcs(cfg, userCfg *aws.Config,
-	// Merge in user provided configuration
+	envCfg envConfig, sharedCfg sharedConfig,
-	cfg.MergeIn(userCfg)
+	handlers request.Handlers,
 	sessOpts Options,
 ) error {
 	// Region if not already set by user
 	if len(aws.StringValue(cfg.Region)) == 0 {
@ -461,164 +499,19 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
 		}
 	}
-	// Configure credentials if not already set
+	// Configure credentials if not already set by the user when creating the
 	// Session.
 	if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
-
+		creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts)
-		// inspect the profile to see if a credential source has been specified.
+		if err != nil {
-		if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 {
+			return err
 			// if both credential_source and source_profile have been set, return an error
 			// as this is undefined behavior.
 			if len(sharedCfg.AssumeRole.SourceProfile) > 0 {
 				return ErrSharedConfigSourceCollision
 			}
 			// valid credential source values
 			const (
 				credSourceEc2Metadata  = "Ec2InstanceMetadata"
 				credSourceEnvironment  = "Environment"
 				credSourceECSContainer = "EcsContainer"
 			)
 			switch sharedCfg.AssumeRole.CredentialSource {
 			case credSourceEc2Metadata:
 				cfgCp := *cfg
 				p := defaults.RemoteCredProvider(cfgCp, handlers)
 				cfgCp.Credentials = credentials.NewCredentials(p)
 				if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
 					// AssumeRole Token provider is required if doing Assume Role
 					// with MFA.
 					return AssumeRoleTokenProviderNotSetError{}
 				}
 				cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
 			case credSourceEnvironment:
 				cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
 					envCfg.Creds,
 				)
 			case credSourceECSContainer:
 				if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
 					return ErrSharedConfigECSContainerEnvVarEmpty
 				}
 				cfgCp := *cfg
 				p := defaults.RemoteCredProvider(cfgCp, handlers)
 				creds := credentials.NewCredentials(p)
 				cfg.Credentials = creds
 			default:
 				return ErrSharedConfigInvalidCredSource
 			}
 			return nil
 		}
 		if len(envCfg.Creds.AccessKeyID) > 0 {
 			cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
 				envCfg.Creds,
 			)
 		} else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil {
 			cfgCp := *cfg
 			cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds(
 				sharedCfg.AssumeRoleSource.Creds,
 			)
 			if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
 				// AssumeRole Token provider is required if doing Assume Role
 				// with MFA.
 				return AssumeRoleTokenProviderNotSetError{}
 			}
 			cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
 		} else if len(sharedCfg.Creds.AccessKeyID) > 0 {
 			cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
 				sharedCfg.Creds,
 			)
 		} else if len(sharedCfg.CredentialProcess) > 0 {
 			cfg.Credentials = processcreds.NewCredentials(
 				sharedCfg.CredentialProcess,
 			)
 		} else {
 			// Fallback to default credentials provider, include mock errors
 			// for the credential chain so user can identify why credentials
 			// failed to be retrieved.
 			cfg.Credentials = credentials.NewCredentials(&credentials.ChainProvider{
 				VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
 				Providers: []credentials.Provider{
 					&credProviderError{Err: awserr.New("EnvAccessKeyNotFound", "failed to find credentials in the environment.", nil)},
 					&credProviderError{Err: awserr.New("SharedCredsLoad", fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil)},
 					defaults.RemoteCredProvider(*cfg, handlers),
 				},
 			})
 		}
 		cfg.Credentials = creds
 	}
 	return nil
 }
 func assumeRoleCredentials(cfg aws.Config, handlers request.Handlers, sharedCfg sharedConfig, sessOpts Options) *credentials.Credentials {
 	return stscreds.NewCredentials(
 		&Session{
 			Config:   &cfg,
 			Handlers: handlers.Copy(),
 		},
 		sharedCfg.AssumeRole.RoleARN,
 		func(opt *stscreds.AssumeRoleProvider) {
 			opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName
 			// Assume role with external ID
 			if len(sharedCfg.AssumeRole.ExternalID) > 0 {
 				opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID)
 			}
 			// Assume role with MFA
 			if len(sharedCfg.AssumeRole.MFASerial) > 0 {
 				opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial)
 				opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
 			}
 		},
 	)
 }
 // AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the
 // MFAToken option is not set when shared config is configured load assume a
 // role with an MFA token.
 type AssumeRoleTokenProviderNotSetError struct{}
 // Code is the short id of the error.
 func (e AssumeRoleTokenProviderNotSetError) Code() string {
 	return "AssumeRoleTokenProviderNotSetError"
 }
 // Message is the description of the error
 func (e AssumeRoleTokenProviderNotSetError) Message() string {
 	return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
 }
 // OrigErr is the underlying error that caused the failure.
 func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
 	return nil
 }
 // Error satisfies the error interface.
 func (e AssumeRoleTokenProviderNotSetError) Error() string {
 	return awserr.SprintError(e.Code(), e.Message(), "", nil)
 }
 type credProviderError struct {
 	Err error
 }
 var emptyCreds = credentials.Value{}
 func (c credProviderError) Retrieve() (credentials.Value, error) {
 	return credentials.Value{}, c.Err
 }
 func (c credProviderError) IsExpired() bool {
 	return true
 }
 func initHandlers(s *Session) {
 	// Add the Validate parameter handler if it is not disabled.
 	s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler)
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
@ -5,7 +5,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/internal/ini"
 )
@ -28,8 +27,12 @@ const (
 	// endpoint discovery group
 	enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional
 	// External Credential Process
-	credentialProcessKey = `credential_process`
+	credentialProcessKey = `credential_process` // optional
 	// Web Identity Token File
 	webIdentityTokenFileKey = `web_identity_token_file` // optional
 	// DefaultSharedConfigProfile is the default profile to be used when
 	// loading configuration from the config files if another profile name
@ -37,36 +40,33 @@ const (
 	DefaultSharedConfigProfile = `default`
 )
 type assumeRoleConfig struct {
 	RoleARN          string
 	SourceProfile    string
 	CredentialSource string
 	ExternalID       string
 	MFASerial        string
 	RoleSessionName  string
 }
 // sharedConfig represents the configuration fields of the SDK config files.
 type sharedConfig struct {
-	// Credentials values from the config file. Both aws_access_key_id
+	// Credentials values from the config file. Both aws_access_key_id and
-	// and aws_secret_access_key must be provided together in the same file
+	// aws_secret_access_key must be provided together in the same file to be
-	// to be considered valid. The values will be ignored if not a complete group.
+	// considered valid. The values will be ignored if not a complete group.
-	// aws_session_token is an optional field that can be provided if both of the
+	// aws_session_token is an optional field that can be provided if both of
-	// other two fields are also provided.
+	// the other two fields are also provided.
 	//
 	//	aws_access_key_id
 	//	aws_secret_access_key
 	//	aws_session_token
 	Creds credentials.Value
-	AssumeRole       assumeRoleConfig
+	CredentialSource     string
-	AssumeRoleSource *sharedConfig
+	CredentialProcess    string
 	WebIdentityTokenFile string
-	// An external process to request credentials
+	RoleARN         string
-	CredentialProcess string
+	RoleSessionName string
 	ExternalID      string
 	MFASerial       string
-	// Region is the region the SDK should use for looking up AWS service endpoints
+	SourceProfileName string
-	// and signing requests.
+	SourceProfile     *sharedConfig
 	// Region is the region the SDK should use for looking up AWS service
 	// endpoints and signing requests.
 	//
 	//	region
 	Region string
@ -83,17 +83,18 @@ type sharedConfigFile struct {
 	IniData  ini.Sections
 }
-// loadSharedConfig retrieves the configuration from the list of files
+// loadSharedConfig retrieves the configuration from the list of files using
-// using the profile provided. The order the files are listed will determine
+// the profile provided. The order the files are listed will determine
 // precedence. Values in subsequent files will overwrite values defined in
 // earlier files.
 //
 // For example, given two files A and B. Both define credentials. If the order
-// of the files are A then B, B's credential values will be used instead of A's.
+// of the files are A then B, B's credential values will be used instead of
 // A's.
 //
 // See sharedConfig.setFromFile for information how the config files
 // will be loaded.
-func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) {
+func loadSharedConfig(profile string, filenames []string, exOpts bool) (sharedConfig, error) {
 	if len(profile) == 0 {
 		profile = DefaultSharedConfigProfile
 	}
@ -104,16 +105,11 @@ func loadSharedConfig(profile string, filenames []string) (sharedConfig, error)
 	}
 	cfg := sharedConfig{}
-	if err = cfg.setFromIniFiles(profile, files); err != nil {
+	profiles := map[string]struct{}{}
 	if err = cfg.setFromIniFiles(profiles, profile, files, exOpts); err != nil {
 		return sharedConfig{}, err
 	}
 	if len(cfg.AssumeRole.SourceProfile) > 0 {
 		if err := cfg.setAssumeRoleSource(profile, files); err != nil {
 			return sharedConfig{}, err
 		}
 	}
 	return cfg, nil
 }
@ -137,60 +133,88 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
 	return files, nil
 }
-func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedConfigFile) error {
+func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error {
 	var assumeRoleSrc sharedConfig
 	if len(cfg.AssumeRole.CredentialSource) > 0 {
 		// setAssumeRoleSource is only called when source_profile is found.
 		// If both source_profile and credential_source are set, then
 		// ErrSharedConfigSourceCollision will be returned
 		return ErrSharedConfigSourceCollision
 	}
 	// Multiple level assume role chains are not support
 	if cfg.AssumeRole.SourceProfile == origProfile {
 		assumeRoleSrc = *cfg
 		assumeRoleSrc.AssumeRole = assumeRoleConfig{}
 	} else {
 		err := assumeRoleSrc.setFromIniFiles(cfg.AssumeRole.SourceProfile, files)
 		if err != nil {
 			return err
 		}
 	}
 	if len(assumeRoleSrc.Creds.AccessKeyID) == 0 {
 		return SharedConfigAssumeRoleError{RoleARN: cfg.AssumeRole.RoleARN}
 	}
 	cfg.AssumeRoleSource = &assumeRoleSrc
 	return nil
 }
 func (cfg *sharedConfig) setFromIniFiles(profile string, files []sharedConfigFile) error {
 	// Trim files from the list that don't exist.
 	var skippedFiles int
 	var profileNotFoundErr error
 	for _, f := range files {
-		if err := cfg.setFromIniFile(profile, f); err != nil {
+		if err := cfg.setFromIniFile(profile, f, exOpts); err != nil {
 			if _, ok := err.(SharedConfigProfileNotExistsError); ok {
-				// Ignore proviles missings
+				// Ignore profiles not defined in individual files.
 				profileNotFoundErr = err
 				skippedFiles++
 				continue
 			}
 			return err
 		}
 	}
 	if skippedFiles == len(files) {
 		// If all files were skipped because the profile is not found, return
 		// the original profile not found error.
 		return profileNotFoundErr
 	}
 	if _, ok := profiles[profile]; ok {
 		// if this is the second instance of the profile the Assume Role
 		// options must be cleared because they are only valid for the
 		// first reference of a profile. The self linked instance of the
 		// profile only have credential provider options.
 		cfg.clearAssumeRoleOptions()
 	} else {
 		// First time a profile has been seen, It must either be a assume role
 		// or credentials. Assert if the credential type requires a role ARN,
 		// the ARN is also set.
 		if err := cfg.validateCredentialsRequireARN(profile); err != nil {
 			return err
 		}
 	}
 	profiles[profile] = struct{}{}
 	if err := cfg.validateCredentialType(); err != nil {
 		return err
 	}
 	// Link source profiles for assume roles
 	if len(cfg.SourceProfileName) != 0 {
 		// Linked profile via source_profile ignore credential provider
 		// options, the source profile must provide the credentials.
 		cfg.clearCredentialOptions()
 		srcCfg := &sharedConfig{}
 		err := srcCfg.setFromIniFiles(profiles, cfg.SourceProfileName, files, exOpts)
 		if err != nil {
 			// SourceProfile that doesn't exist is an error in configuration.
 			if _, ok := err.(SharedConfigProfileNotExistsError); ok {
 				err = SharedConfigAssumeRoleError{
 					RoleARN:       cfg.RoleARN,
 					SourceProfile: cfg.SourceProfileName,
 				}
 			}
 			return err
 		}
 		if !srcCfg.hasCredentials() {
 			return SharedConfigAssumeRoleError{
 				RoleARN:       cfg.RoleARN,
 				SourceProfile: cfg.SourceProfileName,
 			}
 		}
 		cfg.SourceProfile = srcCfg
 	}
 	return nil
 }
-// setFromFile loads the configuration from the file using
+// setFromFile loads the configuration from the file using the profile
-// the profile provided. A sharedConfig pointer type value is used so that
+// provided. A sharedConfig pointer type value is used so that multiple config
-// multiple config file loadings can be chained.
+// file loadings can be chained.
 //
 // Only loads complete logically grouped values, and will not set fields in cfg
-// for incomplete grouped values in the config. Such as credentials. For example
+// for incomplete grouped values in the config. Such as credentials. For
-// if a config file only includes aws_access_key_id but no aws_secret_access_key
+// example if a config file only includes aws_access_key_id but no
-// the aws_access_key_id will be ignored.
+// aws_secret_access_key the aws_access_key_id will be ignored.
-func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) error {
+func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, exOpts bool) error {
 	section, ok := file.IniData.GetSection(profile)
 	if !ok {
 		// Fallback to to alternate profile name: profile <name>
@ -200,42 +224,30 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e
 		}
 	}
 	if exOpts {
 		// Assume Role Parameters
 		updateString(&cfg.RoleARN, section, roleArnKey)
 		updateString(&cfg.ExternalID, section, externalIDKey)
 		updateString(&cfg.MFASerial, section, mfaSerialKey)
 		updateString(&cfg.RoleSessionName, section, roleSessionNameKey)
 		updateString(&cfg.SourceProfileName, section, sourceProfileKey)
 		updateString(&cfg.CredentialSource, section, credentialSourceKey)
 		updateString(&cfg.Region, section, regionKey)
 	}
 	updateString(&cfg.CredentialProcess, section, credentialProcessKey)
 	updateString(&cfg.WebIdentityTokenFile, section, webIdentityTokenFileKey)
 	// Shared Credentials
-	akid := section.String(accessKeyIDKey)
+	creds := credentials.Value{
-	secret := section.String(secretAccessKey)
+		AccessKeyID:     section.String(accessKeyIDKey),
-	if len(akid) > 0 && len(secret) > 0 {
+		SecretAccessKey: section.String(secretAccessKey),
-		cfg.Creds = credentials.Value{
+		SessionToken:    section.String(sessionTokenKey),
-			AccessKeyID:     akid,
+		ProviderName:    fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
 			SecretAccessKey: secret,
 			SessionToken:    section.String(sessionTokenKey),
 			ProviderName:    fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
 		}
 	}
-
+	if creds.HasKeys() {
-	// Assume Role
+		cfg.Creds = creds
 	roleArn := section.String(roleArnKey)
 	srcProfile := section.String(sourceProfileKey)
 	credentialSource := section.String(credentialSourceKey)
 	hasSource := len(srcProfile) > 0 || len(credentialSource) > 0
 	if len(roleArn) > 0 && hasSource {
 		cfg.AssumeRole = assumeRoleConfig{
 			RoleARN:          roleArn,
 			SourceProfile:    srcProfile,
 			CredentialSource: credentialSource,
 			ExternalID:       section.String(externalIDKey),
 			MFASerial:        section.String(mfaSerialKey),
 			RoleSessionName:  section.String(roleSessionNameKey),
 		}
 	}
 	// `credential_process`
 	if credProc := section.String(credentialProcessKey); len(credProc) > 0 {
 		cfg.CredentialProcess = credProc
 	}
 	// Region
 	if v := section.String(regionKey); len(v) > 0 {
 		cfg.Region = v
 	}
 	// Endpoint discovery
@ -247,6 +259,95 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e
 	return nil
 }
 func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error {
 	var credSource string
 	switch {
 	case len(cfg.SourceProfileName) != 0:
 		credSource = sourceProfileKey
 	case len(cfg.CredentialSource) != 0:
 		credSource = credentialSourceKey
 	case len(cfg.WebIdentityTokenFile) != 0:
 		credSource = webIdentityTokenFileKey
 	}
 	if len(credSource) != 0 && len(cfg.RoleARN) == 0 {
 		return CredentialRequiresARNError{
 			Type:    credSource,
 			Profile: profile,
 		}
 	}
 	return nil
 }
 func (cfg *sharedConfig) validateCredentialType() error {
 	// Only one or no credential type can be defined.
 	if !oneOrNone(
 		len(cfg.SourceProfileName) != 0,
 		len(cfg.CredentialSource) != 0,
 		len(cfg.CredentialProcess) != 0,
 		len(cfg.WebIdentityTokenFile) != 0,
 	) {
 		return ErrSharedConfigSourceCollision
 	}
 	return nil
 }
 func (cfg *sharedConfig) hasCredentials() bool {
 	switch {
 	case len(cfg.SourceProfileName) != 0:
 	case len(cfg.CredentialSource) != 0:
 	case len(cfg.CredentialProcess) != 0:
 	case len(cfg.WebIdentityTokenFile) != 0:
 	case cfg.Creds.HasKeys():
 	default:
 		return false
 	}
 	return true
 }
 func (cfg *sharedConfig) clearCredentialOptions() {
 	cfg.CredentialSource = ""
 	cfg.CredentialProcess = ""
 	cfg.WebIdentityTokenFile = ""
 	cfg.Creds = credentials.Value{}
 }
 func (cfg *sharedConfig) clearAssumeRoleOptions() {
 	cfg.RoleARN = ""
 	cfg.ExternalID = ""
 	cfg.MFASerial = ""
 	cfg.RoleSessionName = ""
 	cfg.SourceProfileName = ""
 }
 func oneOrNone(bs ...bool) bool {
 	var count int
 	for _, b := range bs {
 		if b {
 			count++
 			if count > 1 {
 				return false
 			}
 		}
 	}
 	return true
 }
 // updateString will only update the dst with the value in the section key, key
 // is present in the section.
 func updateString(dst *string, section ini.Section, key string) {
 	if !section.Has(key) {
 		return
 	}
 	*dst = section.String(key)
 }
 // SharedConfigLoadError is an error for the shared config file failed to load.
 type SharedConfigLoadError struct {
 	Filename string
@ -304,7 +405,8 @@ func (e SharedConfigProfileNotExistsError) Error() string {
 // profile contains assume role information, but that information is invalid
 // or not complete.
 type SharedConfigAssumeRoleError struct {
-	RoleARN string
+	RoleARN       string
 	SourceProfile string
 }
 // Code is the short id of the error.
@ -314,8 +416,10 @@ func (e SharedConfigAssumeRoleError) Code() string {
 // Message is the description of the error
 func (e SharedConfigAssumeRoleError) Message() string {
-	return fmt.Sprintf("failed to load assume role for %s, source profile has no shared credentials",
+	return fmt.Sprintf(
-		e.RoleARN)
+		"failed to load assume role for %s, source profile %s has no shared credentials",
 		e.RoleARN, e.SourceProfile,
 	)
 }
 // OrigErr is the underlying error that caused the failure.
@ -327,3 +431,36 @@ func (e SharedConfigAssumeRoleError) OrigErr() error {
 func (e SharedConfigAssumeRoleError) Error() string {
 	return awserr.SprintError(e.Code(), e.Message(), "", nil)
 }
 // CredentialRequiresARNError provides the error for shared config credentials
 // that are incorrectly configured in the shared config or credentials file.
 type CredentialRequiresARNError struct {
 	// type of credentials that were configured.
 	Type string
 	// Profile name the credentials were in.
 	Profile string
 }
 // Code is the short id of the error.
 func (e CredentialRequiresARNError) Code() string {
 	return "CredentialRequiresARNError"
 }
 // Message is the description of the error
 func (e CredentialRequiresARNError) Message() string {
 	return fmt.Sprintf(
 		"credential type %s requires role_arn, profile %s",
 		e.Type, e.Profile,
 	)
 }
 // OrigErr is the underlying error that caused the failure.
 func (e CredentialRequiresARNError) OrigErr() error {
 	return nil
 }
 // Error satisfies the error interface.
 func (e CredentialRequiresARNError) Error() string {
 	return awserr.SprintError(e.Code(), e.Message(), "", nil)
 }
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
@ -687,7 +687,11 @@ func (ctx *signingCtx) buildBodyDigest() error {
 			if !aws.IsReaderSeekable(ctx.Body) {
 				return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body)
 			}
-			hash = hex.EncodeToString(makeSha256Reader(ctx.Body))
+			hashBytes, err := makeSha256Reader(ctx.Body)
 			if err != nil {
 				return err
 			}
 			hash = hex.EncodeToString(hashBytes)
 		}
 		if includeSHA256Header {
@ -734,10 +738,16 @@ func makeSha256(data []byte) []byte {
 	return hash.Sum(nil)
 }
-func makeSha256Reader(reader io.ReadSeeker) []byte {
+func makeSha256Reader(reader io.ReadSeeker) (hashBytes []byte, err error) {
 	hash := sha256.New()
-	start, _ := reader.Seek(0, sdkio.SeekCurrent)
+	start, err := reader.Seek(0, sdkio.SeekCurrent)
-	defer reader.Seek(start, sdkio.SeekStart)
+	if err != nil {
 		return nil, err
 	}
 	defer func() {
 		// ensure error is return if unable to seek back to start of payload.
 		_, err = reader.Seek(start, sdkio.SeekStart)
 	}()
 	// Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies
 	// smaller than 32KB. Fall back to io.Copy if we fail to determine the size.
@ -748,7 +758,7 @@ func makeSha256Reader(reader io.ReadSeeker) []byte {
 		io.CopyN(hash, reader, size)
 	}
-	return hash.Sum(nil)
+	return hash.Sum(nil), nil
 }
 const doubleSpace = "  "
--- a/vendor/github.com/aws/aws-sdk-go/aws/types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go
@ -7,13 +7,18 @@ import (
 	"github.com/aws/aws-sdk-go/internal/sdkio"
 )
-// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Should
+// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Allows the
-// only be used with an io.Reader that is also an io.Seeker. Doing so may
+// SDK to accept an io.Reader that is not also an io.Seeker for unsigned
-// cause request signature errors, or request body's not sent for GET, HEAD
+// streaming payload API operations.
 // and DELETE HTTP methods.
 //
-// Deprecated: Should only be used with io.ReadSeeker. If using for
+// A ReadSeekCloser wrapping an nonseekable io.Reader used in an API
-// S3 PutObject to stream content use s3manager.Uploader instead.
+// operation's input will prevent that operation being retried in the case of
 // network errors, and cause operation requests to fail if the operation
 // requires payload signing.
 //
 // Note: If using With S3 PutObject to stream an object upload The SDK's S3
 // Upload manager (s3manager.Uploader) provides support for streaming with the
 // ability to retry network errors.
 func ReadSeekCloser(r io.Reader) ReaderSeekerCloser {
 	return ReaderSeekerCloser{r}
 }
@ -43,7 +48,8 @@ func IsReaderSeekable(r io.Reader) bool {
 // Read reads from the reader up to size of p. The number of bytes read, and
 // error if it occurred will be returned.
 //
-// If the reader is not an io.Reader zero bytes read, and nil error will be returned.
+// If the reader is not an io.Reader zero bytes read, and nil error will be
 // returned.
 //
 // Performs the same functionality as io.Reader Read
 func (r ReaderSeekerCloser) Read(p []byte) (int, error) {
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.16.24"
+const SDKVersion = "1.22.2"
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
@ -304,7 +304,9 @@ loop:
 			stmt := newCommentStatement(tok)
 			stack.Push(stmt)
 		default:
-			return nil, NewParseError(fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", k, tok))
+			return nil, NewParseError(
 				fmt.Sprintf("invalid state with ASTKind %v and TokenType %v",
 					k, tok.Type()))
 		}
 		if len(tokens) > 0 {
@ -314,7 +316,7 @@ loop:
 	// this occurs when a statement has not been completed
 	if stack.top > 1 {
-		return nil, NewParseError(fmt.Sprintf("incomplete expression: %v", stack.container))
+		return nil, NewParseError(fmt.Sprintf("incomplete ini expression"))
 	}
 	// returns a sublist which excludes the start symbol
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go
@ -21,7 +21,8 @@ func Build(r *request.Request) {
 		"Version": {r.ClientInfo.APIVersion},
 	}
 	if err := queryutil.Parse(body, r.Params, true); err != nil {
-		r.Error = awserr.New("SerializationError", "failed encoding EC2 Query request", err)
+		r.Error = awserr.New(request.ErrCodeSerialization,
 			"failed encoding EC2 Query request", err)
 	}
 	if !r.IsPresigned() {
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go
@ -4,7 +4,6 @@ package ec2query
 import (
 	"encoding/xml"
 	"io"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
@ -28,7 +27,8 @@ func Unmarshal(r *request.Request) {
 		err := xmlutil.UnmarshalXML(r.Data, decoder, "")
 		if err != nil {
 			r.Error = awserr.NewRequestFailure(
-				awserr.New("SerializationError", "failed decoding EC2 Query response", err),
+				awserr.New(request.ErrCodeSerialization,
 					"failed decoding EC2 Query response", err),
 				r.HTTPResponse.StatusCode,
 				r.RequestID,
 			)
@ -39,7 +39,11 @@ func Unmarshal(r *request.Request) {
 // UnmarshalMeta unmarshals response headers for the EC2 protocol.
 func UnmarshalMeta(r *request.Request) {
-	// TODO implement unmarshaling of request IDs
+	r.RequestID = r.HTTPResponse.Header.Get("X-Amzn-Requestid")
 	if r.RequestID == "" {
 		// Alternative version of request id in the header
 		r.RequestID = r.HTTPResponse.Header.Get("X-Amz-Request-Id")
 	}
 }
 type xmlErrorResponse struct {
@ -53,19 +57,21 @@ type xmlErrorResponse struct {
 func UnmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
-	resp := &xmlErrorResponse{}
+	var respErr xmlErrorResponse
-	err := xml.NewDecoder(r.HTTPResponse.Body).Decode(resp)
+	err := xmlutil.UnmarshalXMLError(&respErr, r.HTTPResponse.Body)
-	if err != nil && err != io.EOF {
+	if err != nil {
 		r.Error = awserr.NewRequestFailure(
-			awserr.New("SerializationError", "failed decoding EC2 Query error response", err),
+			awserr.New(request.ErrCodeSerialization,
 				"failed to unmarshal error message", err),
 			r.HTTPResponse.StatusCode,
 			r.RequestID,
 		)
-	} else {
+		return
 		r.Error = awserr.NewRequestFailure(
 			awserr.New(resp.Code, resp.Message, nil),
 			r.HTTPResponse.StatusCode,
 			resp.RequestID,
 		)
 	}
 	r.Error = awserr.NewRequestFailure(
 		awserr.New(respErr.Code, respErr.Message, nil),
 		r.HTTPResponse.StatusCode,
 		respErr.RequestID,
 	)
 }
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
@ -1,6 +1,7 @@
 package jsonutil
 import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@ -9,9 +10,30 @@ import (
 	"time"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 // UnmarshalJSONError unmarshal's the reader's JSON document into the passed in
 // type. The value to unmarshal the json document into must be a pointer to the
 // type.
 func UnmarshalJSONError(v interface{}, stream io.Reader) error {
 	var errBuf bytes.Buffer
 	body := io.TeeReader(stream, &errBuf)
 	err := json.NewDecoder(body).Decode(v)
 	if err != nil {
 		msg := "failed decoding error message"
 		if err == io.EOF {
 			msg = "error message missing"
 			err = nil
 		}
 		return awserr.NewUnmarshalError(err, msg, errBuf.Bytes())
 	}
 	return nil
 }
 // UnmarshalJSON reads a stream and unmarshals the results in object v.
 func UnmarshalJSON(v interface{}, stream io.Reader) error {
 	var out interface{}
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
@ -6,8 +6,6 @@ package jsonrpc
 //go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/json.json unmarshal_test.go
 import (
 	"encoding/json"
 	"io"
 	"strings"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@ -37,7 +35,7 @@ func Build(req *request.Request) {
 	if req.ParamsFilled() {
 		buf, err = jsonutil.BuildJSON(req.Params)
 		if err != nil {
-			req.Error = awserr.New("SerializationError", "failed encoding JSON RPC request", err)
+			req.Error = awserr.New(request.ErrCodeSerialization, "failed encoding JSON RPC request", err)
 			return
 		}
 	} else {
@ -52,9 +50,12 @@ func Build(req *request.Request) {
 		target := req.ClientInfo.TargetPrefix + "." + req.Operation.Name
 		req.HTTPRequest.Header.Add("X-Amz-Target", target)
 	}
-	if req.ClientInfo.JSONVersion != "" {
+
 	// Only set the content type if one is not already specified and an
 	// JSONVersion is specified.
 	if ct, v := req.HTTPRequest.Header.Get("Content-Type"), req.ClientInfo.JSONVersion; len(ct) == 0 && len(v) != 0 {
 		jsonVersion := req.ClientInfo.JSONVersion
-		req.HTTPRequest.Header.Add("Content-Type", "application/x-amz-json-"+jsonVersion)
+		req.HTTPRequest.Header.Set("Content-Type", "application/x-amz-json-"+jsonVersion)
 	}
 }
@ -65,7 +66,7 @@ func Unmarshal(req *request.Request) {
 		err := jsonutil.UnmarshalJSON(req.Data, req.HTTPResponse.Body)
 		if err != nil {
 			req.Error = awserr.NewRequestFailure(
-				awserr.New("SerializationError", "failed decoding JSON RPC response", err),
+				awserr.New(request.ErrCodeSerialization, "failed decoding JSON RPC response", err),
 				req.HTTPResponse.StatusCode,
 				req.RequestID,
 			)
@ -84,17 +85,11 @@ func UnmarshalError(req *request.Request) {
 	defer req.HTTPResponse.Body.Close()
 	var jsonErr jsonErrorResponse
-	err := json.NewDecoder(req.HTTPResponse.Body).Decode(&jsonErr)
+	err := jsonutil.UnmarshalJSONError(&jsonErr, req.HTTPResponse.Body)
-	if err == io.EOF {
+	if err != nil {
 		req.Error = awserr.NewRequestFailure(
-			awserr.New("SerializationError", req.HTTPResponse.Status, nil),
+			awserr.New(request.ErrCodeSerialization,
-			req.HTTPResponse.StatusCode,
+				"failed to unmarshal error message", err),
 			req.RequestID,
 		)
 		return
 	} else if err != nil {
 		req.Error = awserr.NewRequestFailure(
 			awserr.New("SerializationError", "failed decoding JSON RPC error response", err),
 			req.HTTPResponse.StatusCode,
 			req.RequestID,
 		)
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
@ -21,7 +21,7 @@ func Build(r *request.Request) {
 		"Version": {r.ClientInfo.APIVersion},
 	}
 	if err := queryutil.Parse(body, r.Params, false); err != nil {
-		r.Error = awserr.New("SerializationError", "failed encoding Query request", err)
+		r.Error = awserr.New(request.ErrCodeSerialization, "failed encoding Query request", err)
 		return
 	}
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
@ -24,7 +24,7 @@ func Unmarshal(r *request.Request) {
 		err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result")
 		if err != nil {
 			r.Error = awserr.NewRequestFailure(
-				awserr.New("SerializationError", "failed decoding Query response", err),
+				awserr.New(request.ErrCodeSerialization, "failed decoding Query response", err),
 				r.HTTPResponse.StatusCode,
 				r.RequestID,
 			)
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
@ -2,73 +2,68 @@ package query
 import (
 	"encoding/xml"
-	"io/ioutil"
+	"fmt"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
 )
 type xmlErrorResponse struct {
 	XMLName   xml.Name `xml:"ErrorResponse"`
 	Code      string   `xml:"Error>Code"`
 	Message   string   `xml:"Error>Message"`
 	RequestID string   `xml:"RequestId"`
 }
 type xmlServiceUnavailableResponse struct {
 	XMLName xml.Name `xml:"ServiceUnavailableException"`
 }
 // UnmarshalErrorHandler is a name request handler to unmarshal request errors
 var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError}
 type xmlErrorResponse struct {
 	Code      string `xml:"Error>Code"`
 	Message   string `xml:"Error>Message"`
 	RequestID string `xml:"RequestId"`
 }
 type xmlResponseError struct {
 	xmlErrorResponse
 }
 func (e *xmlResponseError) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
 	const svcUnavailableTagName = "ServiceUnavailableException"
 	const errorResponseTagName = "ErrorResponse"
 	switch start.Name.Local {
 	case svcUnavailableTagName:
 		e.Code = svcUnavailableTagName
 		e.Message = "service is unavailable"
 		return d.Skip()
 	case errorResponseTagName:
 		return d.DecodeElement(&e.xmlErrorResponse, &start)
 	default:
 		return fmt.Errorf("unknown error response tag, %v", start)
 	}
 }
 // UnmarshalError unmarshals an error response for an AWS Query service.
 func UnmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
-	bodyBytes, err := ioutil.ReadAll(r.HTTPResponse.Body)
+	var respErr xmlResponseError
 	err := xmlutil.UnmarshalXMLError(&respErr, r.HTTPResponse.Body)
 	if err != nil {
 		r.Error = awserr.NewRequestFailure(
-			awserr.New("SerializationError", "failed to read from query HTTP response body", err),
+			awserr.New(request.ErrCodeSerialization,
 				"failed to unmarshal error message", err),
 			r.HTTPResponse.StatusCode,
 			r.RequestID,
 		)
 		return
 	}
-	// First check for specific error
+	reqID := respErr.RequestID
-	resp := xmlErrorResponse{}
+	if len(reqID) == 0 {
-	decodeErr := xml.Unmarshal(bodyBytes, &resp)
+		reqID = r.RequestID
 	if decodeErr == nil {
 		reqID := resp.RequestID
 		if reqID == "" {
 			reqID = r.RequestID
 		}
 		r.Error = awserr.NewRequestFailure(
 			awserr.New(resp.Code, resp.Message, nil),
 			r.HTTPResponse.StatusCode,
 			reqID,
 		)
 		return
 	}
 	// Check for unhandled error
 	servUnavailResp := xmlServiceUnavailableResponse{}
 	unavailErr := xml.Unmarshal(bodyBytes, &servUnavailResp)
 	if unavailErr == nil {
 		r.Error = awserr.NewRequestFailure(
 			awserr.New("ServiceUnavailableException", "service is unavailable", nil),
 			r.HTTPResponse.StatusCode,
 			r.RequestID,
 		)
 		return
 	}
 	// Failed to retrieve any error message from the response body
 	r.Error = awserr.NewRequestFailure(
-		awserr.New("SerializationError",
+		awserr.New(respErr.Code, respErr.Message, nil),
 			"failed to decode query XML error response", decodeErr),
 		r.HTTPResponse.StatusCode,
-		r.RequestID,
+		reqID,
 	)
 }
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
@ -25,6 +25,8 @@ var noEscape [256]bool
 var errValueNotSet = fmt.Errorf("value not set")
 var byteSliceType = reflect.TypeOf([]byte{})
 func init() {
 	for i := 0; i < len(noEscape); i++ {
 		// AWS expects every character except these to be escaped
@ -94,6 +96,14 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
 				continue
 			}
 			// Support the ability to customize values to be marshaled as a
 			// blob even though they were modeled as a string. Required for S3
 			// API operations like SSECustomerKey is modeled as stirng but
 			// required to be base64 encoded in request.
 			if field.Tag.Get("marshal-as") == "blob" {
 				m = m.Convert(byteSliceType)
 			}
 			var err error
 			switch field.Tag.Get("location") {
 			case "headers": // header maps
@ -137,7 +147,7 @@ func buildBody(r *request.Request, v reflect.Value) {
 					case string:
 						r.SetStringBody(reader)
 					default:
-						r.Error = awserr.New("SerializationError",
+						r.Error = awserr.New(request.ErrCodeSerialization,
 							"failed to encode REST request",
 							fmt.Errorf("unknown payload type %s", payload.Type()))
 					}
@ -152,9 +162,12 @@ func buildHeader(header *http.Header, v reflect.Value, name string, tag reflect.
 	if err == errValueNotSet {
 		return nil
 	} else if err != nil {
-		return awserr.New("SerializationError", "failed to encode REST request", err)
+		return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
 	}
 	name = strings.TrimSpace(name)
 	str = strings.TrimSpace(str)
 	header.Add(name, str)
 	return nil
@ -167,11 +180,13 @@ func buildHeaderMap(header *http.Header, v reflect.Value, tag reflect.StructTag)
 		if err == errValueNotSet {
 			continue
 		} else if err != nil {
-			return awserr.New("SerializationError", "failed to encode REST request", err)
+			return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
 		}
 		keyStr := strings.TrimSpace(key.String())
 		str = strings.TrimSpace(str)
-		header.Add(prefix+key.String(), str)
+		header.Add(prefix+keyStr, str)
 	}
 	return nil
 }
@ -181,7 +196,7 @@ func buildURI(u *url.URL, v reflect.Value, name string, tag reflect.StructTag) e
 	if err == errValueNotSet {
 		return nil
 	} else if err != nil {
-		return awserr.New("SerializationError", "failed to encode REST request", err)
+		return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
 	}
 	u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1)
@ -214,7 +229,7 @@ func buildQueryString(query url.Values, v reflect.Value, name string, tag reflec
 		if err == errValueNotSet {
 			return nil
 		} else if err != nil {
-			return awserr.New("SerializationError", "failed to encode REST request", err)
+			return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
 		}
 		query.Set(name, str)
 	}
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
@ -57,7 +57,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
 						defer r.HTTPResponse.Body.Close()
 						b, err := ioutil.ReadAll(r.HTTPResponse.Body)
 						if err != nil {
-							r.Error = awserr.New("SerializationError", "failed to decode REST response", err)
+							r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
 						} else {
 							payload.Set(reflect.ValueOf(b))
 						}
@ -65,7 +65,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
 						defer r.HTTPResponse.Body.Close()
 						b, err := ioutil.ReadAll(r.HTTPResponse.Body)
 						if err != nil {
-							r.Error = awserr.New("SerializationError", "failed to decode REST response", err)
+							r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
 						} else {
 							str := string(b)
 							payload.Set(reflect.ValueOf(&str))
@ -77,7 +77,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
 						case "io.ReadSeeker":
 							b, err := ioutil.ReadAll(r.HTTPResponse.Body)
 							if err != nil {
-								r.Error = awserr.New("SerializationError",
+								r.Error = awserr.New(request.ErrCodeSerialization,
 									"failed to read response body", err)
 								return
 							}
@ -85,7 +85,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
 						default:
 							io.Copy(ioutil.Discard, r.HTTPResponse.Body)
 							defer r.HTTPResponse.Body.Close()
-							r.Error = awserr.New("SerializationError",
+							r.Error = awserr.New(request.ErrCodeSerialization,
 								"failed to decode REST response",
 								fmt.Errorf("unknown payload type %s", payload.Type()))
 						}
@ -115,14 +115,14 @@ func unmarshalLocationElements(r *request.Request, v reflect.Value) {
 			case "header":
 				err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag)
 				if err != nil {
-					r.Error = awserr.New("SerializationError", "failed to decode REST response", err)
+					r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
 					break
 				}
 			case "headers":
 				prefix := field.Tag.Get("locationName")
 				err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix)
 				if err != nil {
-					r.Error = awserr.New("SerializationError", "failed to decode REST response", err)
+					r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
 					break
 				}
 			}
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
@ -37,7 +37,8 @@ func Build(r *request.Request) {
 		err := xmlutil.BuildXML(r.Params, xml.NewEncoder(&buf))
 		if err != nil {
 			r.Error = awserr.NewRequestFailure(
-				awserr.New("SerializationError", "failed to encode rest XML request", err),
+				awserr.New(request.ErrCodeSerialization,
 					"failed to encode rest XML request", err),
 				r.HTTPResponse.StatusCode,
 				r.RequestID,
 			)
@ -55,7 +56,8 @@ func Unmarshal(r *request.Request) {
 		err := xmlutil.UnmarshalXML(r.Data, decoder, "")
 		if err != nil {
 			r.Error = awserr.NewRequestFailure(
-				awserr.New("SerializationError", "failed to decode REST XML response", err),
+				awserr.New(request.ErrCodeSerialization,
 					"failed to decode REST XML response", err),
 				r.HTTPResponse.StatusCode,
 				r.RequestID,
 			)
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
@ -1,6 +1,7 @@
 package xmlutil
 import (
 	"bytes"
 	"encoding/base64"
 	"encoding/xml"
 	"fmt"
@ -10,9 +11,27 @@ import (
 	"strings"
 	"time"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 // UnmarshalXMLError unmarshals the XML error from the stream into the value
 // type specified. The value must be a pointer. If the message fails to
 // unmarshal, the message content will be included in the returned error as a
 // awserr.UnmarshalError.
 func UnmarshalXMLError(v interface{}, stream io.Reader) error {
 	var errBuf bytes.Buffer
 	body := io.TeeReader(stream, &errBuf)
 	err := xml.NewDecoder(body).Decode(v)
 	if err != nil && err != io.EOF {
 		return awserr.NewUnmarshalError(err,
 			"failed to unmarshal error message", errBuf.Bytes())
 	}
 	return nil
 }
 // UnmarshalXML deserializes an xml.Decoder into the container v. V
 // needs to match the shape of the XML expected to be decoded.
 // If the shape doesn't match unmarshaling will fail.
--- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
--- a/vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go
@ -7,18 +7,19 @@
 // capacity in the AWS cloud. Using Amazon EC2 eliminates the need to invest
 // in hardware up front, so you can develop and deploy applications faster.
 //
-// To learn more about Amazon EC2, Amazon EBS, and Amazon VPC, see the following
+// To learn more, see the following resources:
 // resources:
 //
-//    * Amazon EC2 product page (http://aws.amazon.com/ec2)
+//    * Amazon EC2: Amazon EC2 product page (http://aws.amazon.com/ec2), Amazon
 //    EC2 documentation (http://aws.amazon.com/documentation/ec2)
 //
-//    * Amazon EC2 documentation (http://aws.amazon.com/documentation/ec2)
+//    * Amazon EBS: Amazon EBS product page (http://aws.amazon.com/ebs), Amazon
 //    EBS documentation (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html)
 //
-//    * Amazon EBS product page (http://aws.amazon.com/ebs)
+//    * Amazon VPC: Amazon VPC product page (http://aws.amazon.com/vpc), Amazon
 //    VPC documentation (http://aws.amazon.com/documentation/vpc)
 //
-//    * Amazon VPC product page (http://aws.amazon.com/vpc)
+//    * AWS VPN: AWS VPN product page (http://aws.amazon.com/vpn), AWS VPN documentation
-//
+//    (http://aws.amazon.com/documentation/vpn)
 //    * Amazon VPC documentation (http://aws.amazon.com/documentation/vpc)
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15 for more information on this service.
 //
--- a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go
@ -328,6 +328,10 @@ type EC2API interface {
 	CreateSnapshotWithContext(aws.Context, *ec2.CreateSnapshotInput, ...request.Option) (*ec2.Snapshot, error)
 	CreateSnapshotRequest(*ec2.CreateSnapshotInput) (*request.Request, *ec2.Snapshot)
 	CreateSnapshots(*ec2.CreateSnapshotsInput) (*ec2.CreateSnapshotsOutput, error)
 	CreateSnapshotsWithContext(aws.Context, *ec2.CreateSnapshotsInput, ...request.Option) (*ec2.CreateSnapshotsOutput, error)
 	CreateSnapshotsRequest(*ec2.CreateSnapshotsInput) (*request.Request, *ec2.CreateSnapshotsOutput)
 	CreateSpotDatafeedSubscription(*ec2.CreateSpotDatafeedSubscriptionInput) (*ec2.CreateSpotDatafeedSubscriptionOutput, error)
 	CreateSpotDatafeedSubscriptionWithContext(aws.Context, *ec2.CreateSpotDatafeedSubscriptionInput, ...request.Option) (*ec2.CreateSpotDatafeedSubscriptionOutput, error)
 	CreateSpotDatafeedSubscriptionRequest(*ec2.CreateSpotDatafeedSubscriptionInput) (*request.Request, *ec2.CreateSpotDatafeedSubscriptionOutput)
@ -340,6 +344,22 @@ type EC2API interface {
 	CreateTagsWithContext(aws.Context, *ec2.CreateTagsInput, ...request.Option) (*ec2.CreateTagsOutput, error)
 	CreateTagsRequest(*ec2.CreateTagsInput) (*request.Request, *ec2.CreateTagsOutput)
 	CreateTrafficMirrorFilter(*ec2.CreateTrafficMirrorFilterInput) (*ec2.CreateTrafficMirrorFilterOutput, error)
 	CreateTrafficMirrorFilterWithContext(aws.Context, *ec2.CreateTrafficMirrorFilterInput, ...request.Option) (*ec2.CreateTrafficMirrorFilterOutput, error)
 	CreateTrafficMirrorFilterRequest(*ec2.CreateTrafficMirrorFilterInput) (*request.Request, *ec2.CreateTrafficMirrorFilterOutput)
 	CreateTrafficMirrorFilterRule(*ec2.CreateTrafficMirrorFilterRuleInput) (*ec2.CreateTrafficMirrorFilterRuleOutput, error)
 	CreateTrafficMirrorFilterRuleWithContext(aws.Context, *ec2.CreateTrafficMirrorFilterRuleInput, ...request.Option) (*ec2.CreateTrafficMirrorFilterRuleOutput, error)
 	CreateTrafficMirrorFilterRuleRequest(*ec2.CreateTrafficMirrorFilterRuleInput) (*request.Request, *ec2.CreateTrafficMirrorFilterRuleOutput)
 	CreateTrafficMirrorSession(*ec2.CreateTrafficMirrorSessionInput) (*ec2.CreateTrafficMirrorSessionOutput, error)
 	CreateTrafficMirrorSessionWithContext(aws.Context, *ec2.CreateTrafficMirrorSessionInput, ...request.Option) (*ec2.CreateTrafficMirrorSessionOutput, error)
 	CreateTrafficMirrorSessionRequest(*ec2.CreateTrafficMirrorSessionInput) (*request.Request, *ec2.CreateTrafficMirrorSessionOutput)
 	CreateTrafficMirrorTarget(*ec2.CreateTrafficMirrorTargetInput) (*ec2.CreateTrafficMirrorTargetOutput, error)
 	CreateTrafficMirrorTargetWithContext(aws.Context, *ec2.CreateTrafficMirrorTargetInput, ...request.Option) (*ec2.CreateTrafficMirrorTargetOutput, error)
 	CreateTrafficMirrorTargetRequest(*ec2.CreateTrafficMirrorTargetInput) (*request.Request, *ec2.CreateTrafficMirrorTargetOutput)
 	CreateTransitGateway(*ec2.CreateTransitGatewayInput) (*ec2.CreateTransitGatewayOutput, error)
 	CreateTransitGatewayWithContext(aws.Context, *ec2.CreateTransitGatewayInput, ...request.Option) (*ec2.CreateTransitGatewayOutput, error)
 	CreateTransitGatewayRequest(*ec2.CreateTransitGatewayInput) (*request.Request, *ec2.CreateTransitGatewayOutput)
@ -492,6 +512,22 @@ type EC2API interface {
 	DeleteTagsWithContext(aws.Context, *ec2.DeleteTagsInput, ...request.Option) (*ec2.DeleteTagsOutput, error)
 	DeleteTagsRequest(*ec2.DeleteTagsInput) (*request.Request, *ec2.DeleteTagsOutput)
 	DeleteTrafficMirrorFilter(*ec2.DeleteTrafficMirrorFilterInput) (*ec2.DeleteTrafficMirrorFilterOutput, error)
 	DeleteTrafficMirrorFilterWithContext(aws.Context, *ec2.DeleteTrafficMirrorFilterInput, ...request.Option) (*ec2.DeleteTrafficMirrorFilterOutput, error)
 	DeleteTrafficMirrorFilterRequest(*ec2.DeleteTrafficMirrorFilterInput) (*request.Request, *ec2.DeleteTrafficMirrorFilterOutput)
 	DeleteTrafficMirrorFilterRule(*ec2.DeleteTrafficMirrorFilterRuleInput) (*ec2.DeleteTrafficMirrorFilterRuleOutput, error)
 	DeleteTrafficMirrorFilterRuleWithContext(aws.Context, *ec2.DeleteTrafficMirrorFilterRuleInput, ...request.Option) (*ec2.DeleteTrafficMirrorFilterRuleOutput, error)
 	DeleteTrafficMirrorFilterRuleRequest(*ec2.DeleteTrafficMirrorFilterRuleInput) (*request.Request, *ec2.DeleteTrafficMirrorFilterRuleOutput)
 	DeleteTrafficMirrorSession(*ec2.DeleteTrafficMirrorSessionInput) (*ec2.DeleteTrafficMirrorSessionOutput, error)
 	DeleteTrafficMirrorSessionWithContext(aws.Context, *ec2.DeleteTrafficMirrorSessionInput, ...request.Option) (*ec2.DeleteTrafficMirrorSessionOutput, error)
 	DeleteTrafficMirrorSessionRequest(*ec2.DeleteTrafficMirrorSessionInput) (*request.Request, *ec2.DeleteTrafficMirrorSessionOutput)
 	DeleteTrafficMirrorTarget(*ec2.DeleteTrafficMirrorTargetInput) (*ec2.DeleteTrafficMirrorTargetOutput, error)
 	DeleteTrafficMirrorTargetWithContext(aws.Context, *ec2.DeleteTrafficMirrorTargetInput, ...request.Option) (*ec2.DeleteTrafficMirrorTargetOutput, error)
 	DeleteTrafficMirrorTargetRequest(*ec2.DeleteTrafficMirrorTargetInput) (*request.Request, *ec2.DeleteTrafficMirrorTargetOutput)
 	DeleteTransitGateway(*ec2.DeleteTransitGatewayInput) (*ec2.DeleteTransitGatewayOutput, error)
 	DeleteTransitGatewayWithContext(aws.Context, *ec2.DeleteTransitGatewayInput, ...request.Option) (*ec2.DeleteTransitGatewayOutput, error)
 	DeleteTransitGatewayRequest(*ec2.DeleteTransitGatewayInput) (*request.Request, *ec2.DeleteTransitGatewayOutput)
@ -576,34 +612,58 @@ type EC2API interface {
 	DescribeByoipCidrsWithContext(aws.Context, *ec2.DescribeByoipCidrsInput, ...request.Option) (*ec2.DescribeByoipCidrsOutput, error)
 	DescribeByoipCidrsRequest(*ec2.DescribeByoipCidrsInput) (*request.Request, *ec2.DescribeByoipCidrsOutput)
 	DescribeByoipCidrsPages(*ec2.DescribeByoipCidrsInput, func(*ec2.DescribeByoipCidrsOutput, bool) bool) error
 	DescribeByoipCidrsPagesWithContext(aws.Context, *ec2.DescribeByoipCidrsInput, func(*ec2.DescribeByoipCidrsOutput, bool) bool, ...request.Option) error
 	DescribeCapacityReservations(*ec2.DescribeCapacityReservationsInput) (*ec2.DescribeCapacityReservationsOutput, error)
 	DescribeCapacityReservationsWithContext(aws.Context, *ec2.DescribeCapacityReservationsInput, ...request.Option) (*ec2.DescribeCapacityReservationsOutput, error)
 	DescribeCapacityReservationsRequest(*ec2.DescribeCapacityReservationsInput) (*request.Request, *ec2.DescribeCapacityReservationsOutput)
 	DescribeCapacityReservationsPages(*ec2.DescribeCapacityReservationsInput, func(*ec2.DescribeCapacityReservationsOutput, bool) bool) error
 	DescribeCapacityReservationsPagesWithContext(aws.Context, *ec2.DescribeCapacityReservationsInput, func(*ec2.DescribeCapacityReservationsOutput, bool) bool, ...request.Option) error
 	DescribeClassicLinkInstances(*ec2.DescribeClassicLinkInstancesInput) (*ec2.DescribeClassicLinkInstancesOutput, error)
 	DescribeClassicLinkInstancesWithContext(aws.Context, *ec2.DescribeClassicLinkInstancesInput, ...request.Option) (*ec2.DescribeClassicLinkInstancesOutput, error)
 	DescribeClassicLinkInstancesRequest(*ec2.DescribeClassicLinkInstancesInput) (*request.Request, *ec2.DescribeClassicLinkInstancesOutput)
 	DescribeClassicLinkInstancesPages(*ec2.DescribeClassicLinkInstancesInput, func(*ec2.DescribeClassicLinkInstancesOutput, bool) bool) error
 	DescribeClassicLinkInstancesPagesWithContext(aws.Context, *ec2.DescribeClassicLinkInstancesInput, func(*ec2.DescribeClassicLinkInstancesOutput, bool) bool, ...request.Option) error
 	DescribeClientVpnAuthorizationRules(*ec2.DescribeClientVpnAuthorizationRulesInput) (*ec2.DescribeClientVpnAuthorizationRulesOutput, error)
 	DescribeClientVpnAuthorizationRulesWithContext(aws.Context, *ec2.DescribeClientVpnAuthorizationRulesInput, ...request.Option) (*ec2.DescribeClientVpnAuthorizationRulesOutput, error)
 	DescribeClientVpnAuthorizationRulesRequest(*ec2.DescribeClientVpnAuthorizationRulesInput) (*request.Request, *ec2.DescribeClientVpnAuthorizationRulesOutput)
 	DescribeClientVpnAuthorizationRulesPages(*ec2.DescribeClientVpnAuthorizationRulesInput, func(*ec2.DescribeClientVpnAuthorizationRulesOutput, bool) bool) error
 	DescribeClientVpnAuthorizationRulesPagesWithContext(aws.Context, *ec2.DescribeClientVpnAuthorizationRulesInput, func(*ec2.DescribeClientVpnAuthorizationRulesOutput, bool) bool, ...request.Option) error
 	DescribeClientVpnConnections(*ec2.DescribeClientVpnConnectionsInput) (*ec2.DescribeClientVpnConnectionsOutput, error)
 	DescribeClientVpnConnectionsWithContext(aws.Context, *ec2.DescribeClientVpnConnectionsInput, ...request.Option) (*ec2.DescribeClientVpnConnectionsOutput, error)
 	DescribeClientVpnConnectionsRequest(*ec2.DescribeClientVpnConnectionsInput) (*request.Request, *ec2.DescribeClientVpnConnectionsOutput)
 	DescribeClientVpnConnectionsPages(*ec2.DescribeClientVpnConnectionsInput, func(*ec2.DescribeClientVpnConnectionsOutput, bool) bool) error
 	DescribeClientVpnConnectionsPagesWithContext(aws.Context, *ec2.DescribeClientVpnConnectionsInput, func(*ec2.DescribeClientVpnConnectionsOutput, bool) bool, ...request.Option) error
 	DescribeClientVpnEndpoints(*ec2.DescribeClientVpnEndpointsInput) (*ec2.DescribeClientVpnEndpointsOutput, error)
 	DescribeClientVpnEndpointsWithContext(aws.Context, *ec2.DescribeClientVpnEndpointsInput, ...request.Option) (*ec2.DescribeClientVpnEndpointsOutput, error)
 	DescribeClientVpnEndpointsRequest(*ec2.DescribeClientVpnEndpointsInput) (*request.Request, *ec2.DescribeClientVpnEndpointsOutput)
 	DescribeClientVpnEndpointsPages(*ec2.DescribeClientVpnEndpointsInput, func(*ec2.DescribeClientVpnEndpointsOutput, bool) bool) error
 	DescribeClientVpnEndpointsPagesWithContext(aws.Context, *ec2.DescribeClientVpnEndpointsInput, func(*ec2.DescribeClientVpnEndpointsOutput, bool) bool, ...request.Option) error
 	DescribeClientVpnRoutes(*ec2.DescribeClientVpnRoutesInput) (*ec2.DescribeClientVpnRoutesOutput, error)
 	DescribeClientVpnRoutesWithContext(aws.Context, *ec2.DescribeClientVpnRoutesInput, ...request.Option) (*ec2.DescribeClientVpnRoutesOutput, error)
 	DescribeClientVpnRoutesRequest(*ec2.DescribeClientVpnRoutesInput) (*request.Request, *ec2.DescribeClientVpnRoutesOutput)
 	DescribeClientVpnRoutesPages(*ec2.DescribeClientVpnRoutesInput, func(*ec2.DescribeClientVpnRoutesOutput, bool) bool) error
 	DescribeClientVpnRoutesPagesWithContext(aws.Context, *ec2.DescribeClientVpnRoutesInput, func(*ec2.DescribeClientVpnRoutesOutput, bool) bool, ...request.Option) error
 	DescribeClientVpnTargetNetworks(*ec2.DescribeClientVpnTargetNetworksInput) (*ec2.DescribeClientVpnTargetNetworksOutput, error)
 	DescribeClientVpnTargetNetworksWithContext(aws.Context, *ec2.DescribeClientVpnTargetNetworksInput, ...request.Option) (*ec2.DescribeClientVpnTargetNetworksOutput, error)
 	DescribeClientVpnTargetNetworksRequest(*ec2.DescribeClientVpnTargetNetworksInput) (*request.Request, *ec2.DescribeClientVpnTargetNetworksOutput)
 	DescribeClientVpnTargetNetworksPages(*ec2.DescribeClientVpnTargetNetworksInput, func(*ec2.DescribeClientVpnTargetNetworksOutput, bool) bool) error
 	DescribeClientVpnTargetNetworksPagesWithContext(aws.Context, *ec2.DescribeClientVpnTargetNetworksInput, func(*ec2.DescribeClientVpnTargetNetworksOutput, bool) bool, ...request.Option) error
 	DescribeConversionTasks(*ec2.DescribeConversionTasksInput) (*ec2.DescribeConversionTasksOutput, error)
 	DescribeConversionTasksWithContext(aws.Context, *ec2.DescribeConversionTasksInput, ...request.Option) (*ec2.DescribeConversionTasksOutput, error)
 	DescribeConversionTasksRequest(*ec2.DescribeConversionTasksInput) (*request.Request, *ec2.DescribeConversionTasksOutput)
@ -616,10 +676,16 @@ type EC2API interface {
 	DescribeDhcpOptionsWithContext(aws.Context, *ec2.DescribeDhcpOptionsInput, ...request.Option) (*ec2.DescribeDhcpOptionsOutput, error)
 	DescribeDhcpOptionsRequest(*ec2.DescribeDhcpOptionsInput) (*request.Request, *ec2.DescribeDhcpOptionsOutput)
 	DescribeDhcpOptionsPages(*ec2.DescribeDhcpOptionsInput, func(*ec2.DescribeDhcpOptionsOutput, bool) bool) error
 	DescribeDhcpOptionsPagesWithContext(aws.Context, *ec2.DescribeDhcpOptionsInput, func(*ec2.DescribeDhcpOptionsOutput, bool) bool, ...request.Option) error
 	DescribeEgressOnlyInternetGateways(*ec2.DescribeEgressOnlyInternetGatewaysInput) (*ec2.DescribeEgressOnlyInternetGatewaysOutput, error)
 	DescribeEgressOnlyInternetGatewaysWithContext(aws.Context, *ec2.DescribeEgressOnlyInternetGatewaysInput, ...request.Option) (*ec2.DescribeEgressOnlyInternetGatewaysOutput, error)
 	DescribeEgressOnlyInternetGatewaysRequest(*ec2.DescribeEgressOnlyInternetGatewaysInput) (*request.Request, *ec2.DescribeEgressOnlyInternetGatewaysOutput)
 	DescribeEgressOnlyInternetGatewaysPages(*ec2.DescribeEgressOnlyInternetGatewaysInput, func(*ec2.DescribeEgressOnlyInternetGatewaysOutput, bool) bool) error
 	DescribeEgressOnlyInternetGatewaysPagesWithContext(aws.Context, *ec2.DescribeEgressOnlyInternetGatewaysInput, func(*ec2.DescribeEgressOnlyInternetGatewaysOutput, bool) bool, ...request.Option) error
 	DescribeElasticGpus(*ec2.DescribeElasticGpusInput) (*ec2.DescribeElasticGpusOutput, error)
 	DescribeElasticGpusWithContext(aws.Context, *ec2.DescribeElasticGpusInput, ...request.Option) (*ec2.DescribeElasticGpusOutput, error)
 	DescribeElasticGpusRequest(*ec2.DescribeElasticGpusInput) (*request.Request, *ec2.DescribeElasticGpusOutput)
@ -640,10 +706,16 @@ type EC2API interface {
 	DescribeFleetsWithContext(aws.Context, *ec2.DescribeFleetsInput, ...request.Option) (*ec2.DescribeFleetsOutput, error)
 	DescribeFleetsRequest(*ec2.DescribeFleetsInput) (*request.Request, *ec2.DescribeFleetsOutput)
 	DescribeFleetsPages(*ec2.DescribeFleetsInput, func(*ec2.DescribeFleetsOutput, bool) bool) error
 	DescribeFleetsPagesWithContext(aws.Context, *ec2.DescribeFleetsInput, func(*ec2.DescribeFleetsOutput, bool) bool, ...request.Option) error
 	DescribeFlowLogs(*ec2.DescribeFlowLogsInput) (*ec2.DescribeFlowLogsOutput, error)
 	DescribeFlowLogsWithContext(aws.Context, *ec2.DescribeFlowLogsInput, ...request.Option) (*ec2.DescribeFlowLogsOutput, error)
 	DescribeFlowLogsRequest(*ec2.DescribeFlowLogsInput) (*request.Request, *ec2.DescribeFlowLogsOutput)
 	DescribeFlowLogsPages(*ec2.DescribeFlowLogsInput, func(*ec2.DescribeFlowLogsOutput, bool) bool) error
 	DescribeFlowLogsPagesWithContext(aws.Context, *ec2.DescribeFlowLogsInput, func(*ec2.DescribeFlowLogsOutput, bool) bool, ...request.Option) error
 	DescribeFpgaImageAttribute(*ec2.DescribeFpgaImageAttributeInput) (*ec2.DescribeFpgaImageAttributeOutput, error)
 	DescribeFpgaImageAttributeWithContext(aws.Context, *ec2.DescribeFpgaImageAttributeInput, ...request.Option) (*ec2.DescribeFpgaImageAttributeOutput, error)
 	DescribeFpgaImageAttributeRequest(*ec2.DescribeFpgaImageAttributeInput) (*request.Request, *ec2.DescribeFpgaImageAttributeOutput)
@ -652,22 +724,37 @@ type EC2API interface {
 	DescribeFpgaImagesWithContext(aws.Context, *ec2.DescribeFpgaImagesInput, ...request.Option) (*ec2.DescribeFpgaImagesOutput, error)
 	DescribeFpgaImagesRequest(*ec2.DescribeFpgaImagesInput) (*request.Request, *ec2.DescribeFpgaImagesOutput)
 	DescribeFpgaImagesPages(*ec2.DescribeFpgaImagesInput, func(*ec2.DescribeFpgaImagesOutput, bool) bool) error
 	DescribeFpgaImagesPagesWithContext(aws.Context, *ec2.DescribeFpgaImagesInput, func(*ec2.DescribeFpgaImagesOutput, bool) bool, ...request.Option) error
 	DescribeHostReservationOfferings(*ec2.DescribeHostReservationOfferingsInput) (*ec2.DescribeHostReservationOfferingsOutput, error)
 	DescribeHostReservationOfferingsWithContext(aws.Context, *ec2.DescribeHostReservationOfferingsInput, ...request.Option) (*ec2.DescribeHostReservationOfferingsOutput, error)
 	DescribeHostReservationOfferingsRequest(*ec2.DescribeHostReservationOfferingsInput) (*request.Request, *ec2.DescribeHostReservationOfferingsOutput)
 	DescribeHostReservationOfferingsPages(*ec2.DescribeHostReservationOfferingsInput, func(*ec2.DescribeHostReservationOfferingsOutput, bool) bool) error
 	DescribeHostReservationOfferingsPagesWithContext(aws.Context, *ec2.DescribeHostReservationOfferingsInput, func(*ec2.DescribeHostReservationOfferingsOutput, bool) bool, ...request.Option) error
 	DescribeHostReservations(*ec2.DescribeHostReservationsInput) (*ec2.DescribeHostReservationsOutput, error)
 	DescribeHostReservationsWithContext(aws.Context, *ec2.DescribeHostReservationsInput, ...request.Option) (*ec2.DescribeHostReservationsOutput, error)
 	DescribeHostReservationsRequest(*ec2.DescribeHostReservationsInput) (*request.Request, *ec2.DescribeHostReservationsOutput)
 	DescribeHostReservationsPages(*ec2.DescribeHostReservationsInput, func(*ec2.DescribeHostReservationsOutput, bool) bool) error
 	DescribeHostReservationsPagesWithContext(aws.Context, *ec2.DescribeHostReservationsInput, func(*ec2.DescribeHostReservationsOutput, bool) bool, ...request.Option) error
 	DescribeHosts(*ec2.DescribeHostsInput) (*ec2.DescribeHostsOutput, error)
 	DescribeHostsWithContext(aws.Context, *ec2.DescribeHostsInput, ...request.Option) (*ec2.DescribeHostsOutput, error)
 	DescribeHostsRequest(*ec2.DescribeHostsInput) (*request.Request, *ec2.DescribeHostsOutput)
 	DescribeHostsPages(*ec2.DescribeHostsInput, func(*ec2.DescribeHostsOutput, bool) bool) error
 	DescribeHostsPagesWithContext(aws.Context, *ec2.DescribeHostsInput, func(*ec2.DescribeHostsOutput, bool) bool, ...request.Option) error
 	DescribeIamInstanceProfileAssociations(*ec2.DescribeIamInstanceProfileAssociationsInput) (*ec2.DescribeIamInstanceProfileAssociationsOutput, error)
 	DescribeIamInstanceProfileAssociationsWithContext(aws.Context, *ec2.DescribeIamInstanceProfileAssociationsInput, ...request.Option) (*ec2.DescribeIamInstanceProfileAssociationsOutput, error)
 	DescribeIamInstanceProfileAssociationsRequest(*ec2.DescribeIamInstanceProfileAssociationsInput) (*request.Request, *ec2.DescribeIamInstanceProfileAssociationsOutput)
 	DescribeIamInstanceProfileAssociationsPages(*ec2.DescribeIamInstanceProfileAssociationsInput, func(*ec2.DescribeIamInstanceProfileAssociationsOutput, bool) bool) error
 	DescribeIamInstanceProfileAssociationsPagesWithContext(aws.Context, *ec2.DescribeIamInstanceProfileAssociationsInput, func(*ec2.DescribeIamInstanceProfileAssociationsOutput, bool) bool, ...request.Option) error
 	DescribeIdFormat(*ec2.DescribeIdFormatInput) (*ec2.DescribeIdFormatOutput, error)
 	DescribeIdFormatWithContext(aws.Context, *ec2.DescribeIdFormatInput, ...request.Option) (*ec2.DescribeIdFormatOutput, error)
 	DescribeIdFormatRequest(*ec2.DescribeIdFormatInput) (*request.Request, *ec2.DescribeIdFormatOutput)
@ -688,10 +775,16 @@ type EC2API interface {
 	DescribeImportImageTasksWithContext(aws.Context, *ec2.DescribeImportImageTasksInput, ...request.Option) (*ec2.DescribeImportImageTasksOutput, error)
 	DescribeImportImageTasksRequest(*ec2.DescribeImportImageTasksInput) (*request.Request, *ec2.DescribeImportImageTasksOutput)
 	DescribeImportImageTasksPages(*ec2.DescribeImportImageTasksInput, func(*ec2.DescribeImportImageTasksOutput, bool) bool) error
 	DescribeImportImageTasksPagesWithContext(aws.Context, *ec2.DescribeImportImageTasksInput, func(*ec2.DescribeImportImageTasksOutput, bool) bool, ...request.Option) error
 	DescribeImportSnapshotTasks(*ec2.DescribeImportSnapshotTasksInput) (*ec2.DescribeImportSnapshotTasksOutput, error)
 	DescribeImportSnapshotTasksWithContext(aws.Context, *ec2.DescribeImportSnapshotTasksInput, ...request.Option) (*ec2.DescribeImportSnapshotTasksOutput, error)
 	DescribeImportSnapshotTasksRequest(*ec2.DescribeImportSnapshotTasksInput) (*request.Request, *ec2.DescribeImportSnapshotTasksOutput)
 	DescribeImportSnapshotTasksPages(*ec2.DescribeImportSnapshotTasksInput, func(*ec2.DescribeImportSnapshotTasksOutput, bool) bool) error
 	DescribeImportSnapshotTasksPagesWithContext(aws.Context, *ec2.DescribeImportSnapshotTasksInput, func(*ec2.DescribeImportSnapshotTasksOutput, bool) bool, ...request.Option) error
 	DescribeInstanceAttribute(*ec2.DescribeInstanceAttributeInput) (*ec2.DescribeInstanceAttributeOutput, error)
 	DescribeInstanceAttributeWithContext(aws.Context, *ec2.DescribeInstanceAttributeInput, ...request.Option) (*ec2.DescribeInstanceAttributeOutput, error)
 	DescribeInstanceAttributeRequest(*ec2.DescribeInstanceAttributeInput) (*request.Request, *ec2.DescribeInstanceAttributeOutput)
@ -700,6 +793,9 @@ type EC2API interface {
 	DescribeInstanceCreditSpecificationsWithContext(aws.Context, *ec2.DescribeInstanceCreditSpecificationsInput, ...request.Option) (*ec2.DescribeInstanceCreditSpecificationsOutput, error)
 	DescribeInstanceCreditSpecificationsRequest(*ec2.DescribeInstanceCreditSpecificationsInput) (*request.Request, *ec2.DescribeInstanceCreditSpecificationsOutput)
 	DescribeInstanceCreditSpecificationsPages(*ec2.DescribeInstanceCreditSpecificationsInput, func(*ec2.DescribeInstanceCreditSpecificationsOutput, bool) bool) error
 	DescribeInstanceCreditSpecificationsPagesWithContext(aws.Context, *ec2.DescribeInstanceCreditSpecificationsInput, func(*ec2.DescribeInstanceCreditSpecificationsOutput, bool) bool, ...request.Option) error
 	DescribeInstanceStatus(*ec2.DescribeInstanceStatusInput) (*ec2.DescribeInstanceStatusOutput, error)
 	DescribeInstanceStatusWithContext(aws.Context, *ec2.DescribeInstanceStatusInput, ...request.Option) (*ec2.DescribeInstanceStatusOutput, error)
 	DescribeInstanceStatusRequest(*ec2.DescribeInstanceStatusInput) (*request.Request, *ec2.DescribeInstanceStatusOutput)
@ -718,6 +814,9 @@ type EC2API interface {
 	DescribeInternetGatewaysWithContext(aws.Context, *ec2.DescribeInternetGatewaysInput, ...request.Option) (*ec2.DescribeInternetGatewaysOutput, error)
 	DescribeInternetGatewaysRequest(*ec2.DescribeInternetGatewaysInput) (*request.Request, *ec2.DescribeInternetGatewaysOutput)
 	DescribeInternetGatewaysPages(*ec2.DescribeInternetGatewaysInput, func(*ec2.DescribeInternetGatewaysOutput, bool) bool) error
 	DescribeInternetGatewaysPagesWithContext(aws.Context, *ec2.DescribeInternetGatewaysInput, func(*ec2.DescribeInternetGatewaysOutput, bool) bool, ...request.Option) error
 	DescribeKeyPairs(*ec2.DescribeKeyPairsInput) (*ec2.DescribeKeyPairsOutput, error)
 	DescribeKeyPairsWithContext(aws.Context, *ec2.DescribeKeyPairsInput, ...request.Option) (*ec2.DescribeKeyPairsOutput, error)
 	DescribeKeyPairsRequest(*ec2.DescribeKeyPairsInput) (*request.Request, *ec2.DescribeKeyPairsOutput)
@ -726,14 +825,23 @@ type EC2API interface {
 	DescribeLaunchTemplateVersionsWithContext(aws.Context, *ec2.DescribeLaunchTemplateVersionsInput, ...request.Option) (*ec2.DescribeLaunchTemplateVersionsOutput, error)
 	DescribeLaunchTemplateVersionsRequest(*ec2.DescribeLaunchTemplateVersionsInput) (*request.Request, *ec2.DescribeLaunchTemplateVersionsOutput)
 	DescribeLaunchTemplateVersionsPages(*ec2.DescribeLaunchTemplateVersionsInput, func(*ec2.DescribeLaunchTemplateVersionsOutput, bool) bool) error
 	DescribeLaunchTemplateVersionsPagesWithContext(aws.Context, *ec2.DescribeLaunchTemplateVersionsInput, func(*ec2.DescribeLaunchTemplateVersionsOutput, bool) bool, ...request.Option) error
 	DescribeLaunchTemplates(*ec2.DescribeLaunchTemplatesInput) (*ec2.DescribeLaunchTemplatesOutput, error)
 	DescribeLaunchTemplatesWithContext(aws.Context, *ec2.DescribeLaunchTemplatesInput, ...request.Option) (*ec2.DescribeLaunchTemplatesOutput, error)
 	DescribeLaunchTemplatesRequest(*ec2.DescribeLaunchTemplatesInput) (*request.Request, *ec2.DescribeLaunchTemplatesOutput)
 	DescribeLaunchTemplatesPages(*ec2.DescribeLaunchTemplatesInput, func(*ec2.DescribeLaunchTemplatesOutput, bool) bool) error
 	DescribeLaunchTemplatesPagesWithContext(aws.Context, *ec2.DescribeLaunchTemplatesInput, func(*ec2.DescribeLaunchTemplatesOutput, bool) bool, ...request.Option) error
 	DescribeMovingAddresses(*ec2.DescribeMovingAddressesInput) (*ec2.DescribeMovingAddressesOutput, error)
 	DescribeMovingAddressesWithContext(aws.Context, *ec2.DescribeMovingAddressesInput, ...request.Option) (*ec2.DescribeMovingAddressesOutput, error)
 	DescribeMovingAddressesRequest(*ec2.DescribeMovingAddressesInput) (*request.Request, *ec2.DescribeMovingAddressesOutput)
 	DescribeMovingAddressesPages(*ec2.DescribeMovingAddressesInput, func(*ec2.DescribeMovingAddressesOutput, bool) bool) error
 	DescribeMovingAddressesPagesWithContext(aws.Context, *ec2.DescribeMovingAddressesInput, func(*ec2.DescribeMovingAddressesOutput, bool) bool, ...request.Option) error
 	DescribeNatGateways(*ec2.DescribeNatGatewaysInput) (*ec2.DescribeNatGatewaysOutput, error)
 	DescribeNatGatewaysWithContext(aws.Context, *ec2.DescribeNatGatewaysInput, ...request.Option) (*ec2.DescribeNatGatewaysOutput, error)
 	DescribeNatGatewaysRequest(*ec2.DescribeNatGatewaysInput) (*request.Request, *ec2.DescribeNatGatewaysOutput)
@ -745,6 +853,9 @@ type EC2API interface {
 	DescribeNetworkAclsWithContext(aws.Context, *ec2.DescribeNetworkAclsInput, ...request.Option) (*ec2.DescribeNetworkAclsOutput, error)
 	DescribeNetworkAclsRequest(*ec2.DescribeNetworkAclsInput) (*request.Request, *ec2.DescribeNetworkAclsOutput)
 	DescribeNetworkAclsPages(*ec2.DescribeNetworkAclsInput, func(*ec2.DescribeNetworkAclsOutput, bool) bool) error
 	DescribeNetworkAclsPagesWithContext(aws.Context, *ec2.DescribeNetworkAclsInput, func(*ec2.DescribeNetworkAclsOutput, bool) bool, ...request.Option) error
 	DescribeNetworkInterfaceAttribute(*ec2.DescribeNetworkInterfaceAttributeInput) (*ec2.DescribeNetworkInterfaceAttributeOutput, error)
 	DescribeNetworkInterfaceAttributeWithContext(aws.Context, *ec2.DescribeNetworkInterfaceAttributeInput, ...request.Option) (*ec2.DescribeNetworkInterfaceAttributeOutput, error)
 	DescribeNetworkInterfaceAttributeRequest(*ec2.DescribeNetworkInterfaceAttributeInput) (*request.Request, *ec2.DescribeNetworkInterfaceAttributeOutput)
@ -753,6 +864,9 @@ type EC2API interface {
 	DescribeNetworkInterfacePermissionsWithContext(aws.Context, *ec2.DescribeNetworkInterfacePermissionsInput, ...request.Option) (*ec2.DescribeNetworkInterfacePermissionsOutput, error)
 	DescribeNetworkInterfacePermissionsRequest(*ec2.DescribeNetworkInterfacePermissionsInput) (*request.Request, *ec2.DescribeNetworkInterfacePermissionsOutput)
 	DescribeNetworkInterfacePermissionsPages(*ec2.DescribeNetworkInterfacePermissionsInput, func(*ec2.DescribeNetworkInterfacePermissionsOutput, bool) bool) error
 	DescribeNetworkInterfacePermissionsPagesWithContext(aws.Context, *ec2.DescribeNetworkInterfacePermissionsInput, func(*ec2.DescribeNetworkInterfacePermissionsOutput, bool) bool, ...request.Option) error
 	DescribeNetworkInterfaces(*ec2.DescribeNetworkInterfacesInput) (*ec2.DescribeNetworkInterfacesOutput, error)
 	DescribeNetworkInterfacesWithContext(aws.Context, *ec2.DescribeNetworkInterfacesInput, ...request.Option) (*ec2.DescribeNetworkInterfacesOutput, error)
 	DescribeNetworkInterfacesRequest(*ec2.DescribeNetworkInterfacesInput) (*request.Request, *ec2.DescribeNetworkInterfacesOutput)
@ -768,14 +882,23 @@ type EC2API interface {
 	DescribePrefixListsWithContext(aws.Context, *ec2.DescribePrefixListsInput, ...request.Option) (*ec2.DescribePrefixListsOutput, error)
 	DescribePrefixListsRequest(*ec2.DescribePrefixListsInput) (*request.Request, *ec2.DescribePrefixListsOutput)
 	DescribePrefixListsPages(*ec2.DescribePrefixListsInput, func(*ec2.DescribePrefixListsOutput, bool) bool) error
 	DescribePrefixListsPagesWithContext(aws.Context, *ec2.DescribePrefixListsInput, func(*ec2.DescribePrefixListsOutput, bool) bool, ...request.Option) error
 	DescribePrincipalIdFormat(*ec2.DescribePrincipalIdFormatInput) (*ec2.DescribePrincipalIdFormatOutput, error)
 	DescribePrincipalIdFormatWithContext(aws.Context, *ec2.DescribePrincipalIdFormatInput, ...request.Option) (*ec2.DescribePrincipalIdFormatOutput, error)
 	DescribePrincipalIdFormatRequest(*ec2.DescribePrincipalIdFormatInput) (*request.Request, *ec2.DescribePrincipalIdFormatOutput)
 	DescribePrincipalIdFormatPages(*ec2.DescribePrincipalIdFormatInput, func(*ec2.DescribePrincipalIdFormatOutput, bool) bool) error
 	DescribePrincipalIdFormatPagesWithContext(aws.Context, *ec2.DescribePrincipalIdFormatInput, func(*ec2.DescribePrincipalIdFormatOutput, bool) bool, ...request.Option) error
 	DescribePublicIpv4Pools(*ec2.DescribePublicIpv4PoolsInput) (*ec2.DescribePublicIpv4PoolsOutput, error)
 	DescribePublicIpv4PoolsWithContext(aws.Context, *ec2.DescribePublicIpv4PoolsInput, ...request.Option) (*ec2.DescribePublicIpv4PoolsOutput, error)
 	DescribePublicIpv4PoolsRequest(*ec2.DescribePublicIpv4PoolsInput) (*request.Request, *ec2.DescribePublicIpv4PoolsOutput)
 	DescribePublicIpv4PoolsPages(*ec2.DescribePublicIpv4PoolsInput, func(*ec2.DescribePublicIpv4PoolsOutput, bool) bool) error
 	DescribePublicIpv4PoolsPagesWithContext(aws.Context, *ec2.DescribePublicIpv4PoolsInput, func(*ec2.DescribePublicIpv4PoolsOutput, bool) bool, ...request.Option) error
 	DescribeRegions(*ec2.DescribeRegionsInput) (*ec2.DescribeRegionsOutput, error)
 	DescribeRegionsWithContext(aws.Context, *ec2.DescribeRegionsInput, ...request.Option) (*ec2.DescribeRegionsOutput, error)
 	DescribeRegionsRequest(*ec2.DescribeRegionsInput) (*request.Request, *ec2.DescribeRegionsOutput)
@ -813,10 +936,16 @@ type EC2API interface {
 	DescribeScheduledInstanceAvailabilityWithContext(aws.Context, *ec2.DescribeScheduledInstanceAvailabilityInput, ...request.Option) (*ec2.DescribeScheduledInstanceAvailabilityOutput, error)
 	DescribeScheduledInstanceAvailabilityRequest(*ec2.DescribeScheduledInstanceAvailabilityInput) (*request.Request, *ec2.DescribeScheduledInstanceAvailabilityOutput)
 	DescribeScheduledInstanceAvailabilityPages(*ec2.DescribeScheduledInstanceAvailabilityInput, func(*ec2.DescribeScheduledInstanceAvailabilityOutput, bool) bool) error
 	DescribeScheduledInstanceAvailabilityPagesWithContext(aws.Context, *ec2.DescribeScheduledInstanceAvailabilityInput, func(*ec2.DescribeScheduledInstanceAvailabilityOutput, bool) bool, ...request.Option) error
 	DescribeScheduledInstances(*ec2.DescribeScheduledInstancesInput) (*ec2.DescribeScheduledInstancesOutput, error)
 	DescribeScheduledInstancesWithContext(aws.Context, *ec2.DescribeScheduledInstancesInput, ...request.Option) (*ec2.DescribeScheduledInstancesOutput, error)
 	DescribeScheduledInstancesRequest(*ec2.DescribeScheduledInstancesInput) (*request.Request, *ec2.DescribeScheduledInstancesOutput)
 	DescribeScheduledInstancesPages(*ec2.DescribeScheduledInstancesInput, func(*ec2.DescribeScheduledInstancesOutput, bool) bool) error
 	DescribeScheduledInstancesPagesWithContext(aws.Context, *ec2.DescribeScheduledInstancesInput, func(*ec2.DescribeScheduledInstancesOutput, bool) bool, ...request.Option) error
 	DescribeSecurityGroupReferences(*ec2.DescribeSecurityGroupReferencesInput) (*ec2.DescribeSecurityGroupReferencesOutput, error)
 	DescribeSecurityGroupReferencesWithContext(aws.Context, *ec2.DescribeSecurityGroupReferencesInput, ...request.Option) (*ec2.DescribeSecurityGroupReferencesOutput, error)
 	DescribeSecurityGroupReferencesRequest(*ec2.DescribeSecurityGroupReferencesInput) (*request.Request, *ec2.DescribeSecurityGroupReferencesOutput)
@ -862,6 +991,9 @@ type EC2API interface {
 	DescribeSpotInstanceRequestsWithContext(aws.Context, *ec2.DescribeSpotInstanceRequestsInput, ...request.Option) (*ec2.DescribeSpotInstanceRequestsOutput, error)
 	DescribeSpotInstanceRequestsRequest(*ec2.DescribeSpotInstanceRequestsInput) (*request.Request, *ec2.DescribeSpotInstanceRequestsOutput)
 	DescribeSpotInstanceRequestsPages(*ec2.DescribeSpotInstanceRequestsInput, func(*ec2.DescribeSpotInstanceRequestsOutput, bool) bool) error
 	DescribeSpotInstanceRequestsPagesWithContext(aws.Context, *ec2.DescribeSpotInstanceRequestsInput, func(*ec2.DescribeSpotInstanceRequestsOutput, bool) bool, ...request.Option) error
 	DescribeSpotPriceHistory(*ec2.DescribeSpotPriceHistoryInput) (*ec2.DescribeSpotPriceHistoryOutput, error)
 	DescribeSpotPriceHistoryWithContext(aws.Context, *ec2.DescribeSpotPriceHistoryInput, ...request.Option) (*ec2.DescribeSpotPriceHistoryOutput, error)
 	DescribeSpotPriceHistoryRequest(*ec2.DescribeSpotPriceHistoryInput) (*request.Request, *ec2.DescribeSpotPriceHistoryOutput)
@ -873,10 +1005,16 @@ type EC2API interface {
 	DescribeStaleSecurityGroupsWithContext(aws.Context, *ec2.DescribeStaleSecurityGroupsInput, ...request.Option) (*ec2.DescribeStaleSecurityGroupsOutput, error)
 	DescribeStaleSecurityGroupsRequest(*ec2.DescribeStaleSecurityGroupsInput) (*request.Request, *ec2.DescribeStaleSecurityGroupsOutput)
 	DescribeStaleSecurityGroupsPages(*ec2.DescribeStaleSecurityGroupsInput, func(*ec2.DescribeStaleSecurityGroupsOutput, bool) bool) error
 	DescribeStaleSecurityGroupsPagesWithContext(aws.Context, *ec2.DescribeStaleSecurityGroupsInput, func(*ec2.DescribeStaleSecurityGroupsOutput, bool) bool, ...request.Option) error
 	DescribeSubnets(*ec2.DescribeSubnetsInput) (*ec2.DescribeSubnetsOutput, error)
 	DescribeSubnetsWithContext(aws.Context, *ec2.DescribeSubnetsInput, ...request.Option) (*ec2.DescribeSubnetsOutput, error)
 	DescribeSubnetsRequest(*ec2.DescribeSubnetsInput) (*request.Request, *ec2.DescribeSubnetsOutput)
 	DescribeSubnetsPages(*ec2.DescribeSubnetsInput, func(*ec2.DescribeSubnetsOutput, bool) bool) error
 	DescribeSubnetsPagesWithContext(aws.Context, *ec2.DescribeSubnetsInput, func(*ec2.DescribeSubnetsOutput, bool) bool, ...request.Option) error
 	DescribeTags(*ec2.DescribeTagsInput) (*ec2.DescribeTagsOutput, error)
 	DescribeTagsWithContext(aws.Context, *ec2.DescribeTagsInput, ...request.Option) (*ec2.DescribeTagsOutput, error)
 	DescribeTagsRequest(*ec2.DescribeTagsInput) (*request.Request, *ec2.DescribeTagsOutput)
@ -884,22 +1022,55 @@ type EC2API interface {
 	DescribeTagsPages(*ec2.DescribeTagsInput, func(*ec2.DescribeTagsOutput, bool) bool) error
 	DescribeTagsPagesWithContext(aws.Context, *ec2.DescribeTagsInput, func(*ec2.DescribeTagsOutput, bool) bool, ...request.Option) error
 	DescribeTrafficMirrorFilters(*ec2.DescribeTrafficMirrorFiltersInput) (*ec2.DescribeTrafficMirrorFiltersOutput, error)
 	DescribeTrafficMirrorFiltersWithContext(aws.Context, *ec2.DescribeTrafficMirrorFiltersInput, ...request.Option) (*ec2.DescribeTrafficMirrorFiltersOutput, error)
 	DescribeTrafficMirrorFiltersRequest(*ec2.DescribeTrafficMirrorFiltersInput) (*request.Request, *ec2.DescribeTrafficMirrorFiltersOutput)
 	DescribeTrafficMirrorFiltersPages(*ec2.DescribeTrafficMirrorFiltersInput, func(*ec2.DescribeTrafficMirrorFiltersOutput, bool) bool) error
 	DescribeTrafficMirrorFiltersPagesWithContext(aws.Context, *ec2.DescribeTrafficMirrorFiltersInput, func(*ec2.DescribeTrafficMirrorFiltersOutput, bool) bool, ...request.Option) error
 	DescribeTrafficMirrorSessions(*ec2.DescribeTrafficMirrorSessionsInput) (*ec2.DescribeTrafficMirrorSessionsOutput, error)
 	DescribeTrafficMirrorSessionsWithContext(aws.Context, *ec2.DescribeTrafficMirrorSessionsInput, ...request.Option) (*ec2.DescribeTrafficMirrorSessionsOutput, error)
 	DescribeTrafficMirrorSessionsRequest(*ec2.DescribeTrafficMirrorSessionsInput) (*request.Request, *ec2.DescribeTrafficMirrorSessionsOutput)
 	DescribeTrafficMirrorSessionsPages(*ec2.DescribeTrafficMirrorSessionsInput, func(*ec2.DescribeTrafficMirrorSessionsOutput, bool) bool) error
 	DescribeTrafficMirrorSessionsPagesWithContext(aws.Context, *ec2.DescribeTrafficMirrorSessionsInput, func(*ec2.DescribeTrafficMirrorSessionsOutput, bool) bool, ...request.Option) error
 	DescribeTrafficMirrorTargets(*ec2.DescribeTrafficMirrorTargetsInput) (*ec2.DescribeTrafficMirrorTargetsOutput, error)
 	DescribeTrafficMirrorTargetsWithContext(aws.Context, *ec2.DescribeTrafficMirrorTargetsInput, ...request.Option) (*ec2.DescribeTrafficMirrorTargetsOutput, error)
 	DescribeTrafficMirrorTargetsRequest(*ec2.DescribeTrafficMirrorTargetsInput) (*request.Request, *ec2.DescribeTrafficMirrorTargetsOutput)
 	DescribeTrafficMirrorTargetsPages(*ec2.DescribeTrafficMirrorTargetsInput, func(*ec2.DescribeTrafficMirrorTargetsOutput, bool) bool) error
 	DescribeTrafficMirrorTargetsPagesWithContext(aws.Context, *ec2.DescribeTrafficMirrorTargetsInput, func(*ec2.DescribeTrafficMirrorTargetsOutput, bool) bool, ...request.Option) error
 	DescribeTransitGatewayAttachments(*ec2.DescribeTransitGatewayAttachmentsInput) (*ec2.DescribeTransitGatewayAttachmentsOutput, error)
 	DescribeTransitGatewayAttachmentsWithContext(aws.Context, *ec2.DescribeTransitGatewayAttachmentsInput, ...request.Option) (*ec2.DescribeTransitGatewayAttachmentsOutput, error)
 	DescribeTransitGatewayAttachmentsRequest(*ec2.DescribeTransitGatewayAttachmentsInput) (*request.Request, *ec2.DescribeTransitGatewayAttachmentsOutput)
 	DescribeTransitGatewayAttachmentsPages(*ec2.DescribeTransitGatewayAttachmentsInput, func(*ec2.DescribeTransitGatewayAttachmentsOutput, bool) bool) error
 	DescribeTransitGatewayAttachmentsPagesWithContext(aws.Context, *ec2.DescribeTransitGatewayAttachmentsInput, func(*ec2.DescribeTransitGatewayAttachmentsOutput, bool) bool, ...request.Option) error
 	DescribeTransitGatewayRouteTables(*ec2.DescribeTransitGatewayRouteTablesInput) (*ec2.DescribeTransitGatewayRouteTablesOutput, error)
 	DescribeTransitGatewayRouteTablesWithContext(aws.Context, *ec2.DescribeTransitGatewayRouteTablesInput, ...request.Option) (*ec2.DescribeTransitGatewayRouteTablesOutput, error)
 	DescribeTransitGatewayRouteTablesRequest(*ec2.DescribeTransitGatewayRouteTablesInput) (*request.Request, *ec2.DescribeTransitGatewayRouteTablesOutput)
 	DescribeTransitGatewayRouteTablesPages(*ec2.DescribeTransitGatewayRouteTablesInput, func(*ec2.DescribeTransitGatewayRouteTablesOutput, bool) bool) error
 	DescribeTransitGatewayRouteTablesPagesWithContext(aws.Context, *ec2.DescribeTransitGatewayRouteTablesInput, func(*ec2.DescribeTransitGatewayRouteTablesOutput, bool) bool, ...request.Option) error
 	DescribeTransitGatewayVpcAttachments(*ec2.DescribeTransitGatewayVpcAttachmentsInput) (*ec2.DescribeTransitGatewayVpcAttachmentsOutput, error)
 	DescribeTransitGatewayVpcAttachmentsWithContext(aws.Context, *ec2.DescribeTransitGatewayVpcAttachmentsInput, ...request.Option) (*ec2.DescribeTransitGatewayVpcAttachmentsOutput, error)
 	DescribeTransitGatewayVpcAttachmentsRequest(*ec2.DescribeTransitGatewayVpcAttachmentsInput) (*request.Request, *ec2.DescribeTransitGatewayVpcAttachmentsOutput)
 	DescribeTransitGatewayVpcAttachmentsPages(*ec2.DescribeTransitGatewayVpcAttachmentsInput, func(*ec2.DescribeTransitGatewayVpcAttachmentsOutput, bool) bool) error
 	DescribeTransitGatewayVpcAttachmentsPagesWithContext(aws.Context, *ec2.DescribeTransitGatewayVpcAttachmentsInput, func(*ec2.DescribeTransitGatewayVpcAttachmentsOutput, bool) bool, ...request.Option) error
 	DescribeTransitGateways(*ec2.DescribeTransitGatewaysInput) (*ec2.DescribeTransitGatewaysOutput, error)
 	DescribeTransitGatewaysWithContext(aws.Context, *ec2.DescribeTransitGatewaysInput, ...request.Option) (*ec2.DescribeTransitGatewaysOutput, error)
 	DescribeTransitGatewaysRequest(*ec2.DescribeTransitGatewaysInput) (*request.Request, *ec2.DescribeTransitGatewaysOutput)
 	DescribeTransitGatewaysPages(*ec2.DescribeTransitGatewaysInput, func(*ec2.DescribeTransitGatewaysOutput, bool) bool) error
 	DescribeTransitGatewaysPagesWithContext(aws.Context, *ec2.DescribeTransitGatewaysInput, func(*ec2.DescribeTransitGatewaysOutput, bool) bool, ...request.Option) error
 	DescribeVolumeAttribute(*ec2.DescribeVolumeAttributeInput) (*ec2.DescribeVolumeAttributeOutput, error)
 	DescribeVolumeAttributeWithContext(aws.Context, *ec2.DescribeVolumeAttributeInput, ...request.Option) (*ec2.DescribeVolumeAttributeOutput, error)
 	DescribeVolumeAttributeRequest(*ec2.DescribeVolumeAttributeInput) (*request.Request, *ec2.DescribeVolumeAttributeOutput)
@ -922,6 +1093,9 @@ type EC2API interface {
 	DescribeVolumesModificationsWithContext(aws.Context, *ec2.DescribeVolumesModificationsInput, ...request.Option) (*ec2.DescribeVolumesModificationsOutput, error)
 	DescribeVolumesModificationsRequest(*ec2.DescribeVolumesModificationsInput) (*request.Request, *ec2.DescribeVolumesModificationsOutput)
 	DescribeVolumesModificationsPages(*ec2.DescribeVolumesModificationsInput, func(*ec2.DescribeVolumesModificationsOutput, bool) bool) error
 	DescribeVolumesModificationsPagesWithContext(aws.Context, *ec2.DescribeVolumesModificationsInput, func(*ec2.DescribeVolumesModificationsOutput, bool) bool, ...request.Option) error
 	DescribeVpcAttribute(*ec2.DescribeVpcAttributeInput) (*ec2.DescribeVpcAttributeOutput, error)
 	DescribeVpcAttributeWithContext(aws.Context, *ec2.DescribeVpcAttributeInput, ...request.Option) (*ec2.DescribeVpcAttributeOutput, error)
 	DescribeVpcAttributeRequest(*ec2.DescribeVpcAttributeInput) (*request.Request, *ec2.DescribeVpcAttributeOutput)
@ -934,22 +1108,37 @@ type EC2API interface {
 	DescribeVpcClassicLinkDnsSupportWithContext(aws.Context, *ec2.DescribeVpcClassicLinkDnsSupportInput, ...request.Option) (*ec2.DescribeVpcClassicLinkDnsSupportOutput, error)
 	DescribeVpcClassicLinkDnsSupportRequest(*ec2.DescribeVpcClassicLinkDnsSupportInput) (*request.Request, *ec2.DescribeVpcClassicLinkDnsSupportOutput)
 	DescribeVpcClassicLinkDnsSupportPages(*ec2.DescribeVpcClassicLinkDnsSupportInput, func(*ec2.DescribeVpcClassicLinkDnsSupportOutput, bool) bool) error
 	DescribeVpcClassicLinkDnsSupportPagesWithContext(aws.Context, *ec2.DescribeVpcClassicLinkDnsSupportInput, func(*ec2.DescribeVpcClassicLinkDnsSupportOutput, bool) bool, ...request.Option) error
 	DescribeVpcEndpointConnectionNotifications(*ec2.DescribeVpcEndpointConnectionNotificationsInput) (*ec2.DescribeVpcEndpointConnectionNotificationsOutput, error)
 	DescribeVpcEndpointConnectionNotificationsWithContext(aws.Context, *ec2.DescribeVpcEndpointConnectionNotificationsInput, ...request.Option) (*ec2.DescribeVpcEndpointConnectionNotificationsOutput, error)
 	DescribeVpcEndpointConnectionNotificationsRequest(*ec2.DescribeVpcEndpointConnectionNotificationsInput) (*request.Request, *ec2.DescribeVpcEndpointConnectionNotificationsOutput)
 	DescribeVpcEndpointConnectionNotificationsPages(*ec2.DescribeVpcEndpointConnectionNotificationsInput, func(*ec2.DescribeVpcEndpointConnectionNotificationsOutput, bool) bool) error
 	DescribeVpcEndpointConnectionNotificationsPagesWithContext(aws.Context, *ec2.DescribeVpcEndpointConnectionNotificationsInput, func(*ec2.DescribeVpcEndpointConnectionNotificationsOutput, bool) bool, ...request.Option) error
 	DescribeVpcEndpointConnections(*ec2.DescribeVpcEndpointConnectionsInput) (*ec2.DescribeVpcEndpointConnectionsOutput, error)
 	DescribeVpcEndpointConnectionsWithContext(aws.Context, *ec2.DescribeVpcEndpointConnectionsInput, ...request.Option) (*ec2.DescribeVpcEndpointConnectionsOutput, error)
 	DescribeVpcEndpointConnectionsRequest(*ec2.DescribeVpcEndpointConnectionsInput) (*request.Request, *ec2.DescribeVpcEndpointConnectionsOutput)
 	DescribeVpcEndpointConnectionsPages(*ec2.DescribeVpcEndpointConnectionsInput, func(*ec2.DescribeVpcEndpointConnectionsOutput, bool) bool) error
 	DescribeVpcEndpointConnectionsPagesWithContext(aws.Context, *ec2.DescribeVpcEndpointConnectionsInput, func(*ec2.DescribeVpcEndpointConnectionsOutput, bool) bool, ...request.Option) error
 	DescribeVpcEndpointServiceConfigurations(*ec2.DescribeVpcEndpointServiceConfigurationsInput) (*ec2.DescribeVpcEndpointServiceConfigurationsOutput, error)
 	DescribeVpcEndpointServiceConfigurationsWithContext(aws.Context, *ec2.DescribeVpcEndpointServiceConfigurationsInput, ...request.Option) (*ec2.DescribeVpcEndpointServiceConfigurationsOutput, error)
 	DescribeVpcEndpointServiceConfigurationsRequest(*ec2.DescribeVpcEndpointServiceConfigurationsInput) (*request.Request, *ec2.DescribeVpcEndpointServiceConfigurationsOutput)
 	DescribeVpcEndpointServiceConfigurationsPages(*ec2.DescribeVpcEndpointServiceConfigurationsInput, func(*ec2.DescribeVpcEndpointServiceConfigurationsOutput, bool) bool) error
 	DescribeVpcEndpointServiceConfigurationsPagesWithContext(aws.Context, *ec2.DescribeVpcEndpointServiceConfigurationsInput, func(*ec2.DescribeVpcEndpointServiceConfigurationsOutput, bool) bool, ...request.Option) error
 	DescribeVpcEndpointServicePermissions(*ec2.DescribeVpcEndpointServicePermissionsInput) (*ec2.DescribeVpcEndpointServicePermissionsOutput, error)
 	DescribeVpcEndpointServicePermissionsWithContext(aws.Context, *ec2.DescribeVpcEndpointServicePermissionsInput, ...request.Option) (*ec2.DescribeVpcEndpointServicePermissionsOutput, error)
 	DescribeVpcEndpointServicePermissionsRequest(*ec2.DescribeVpcEndpointServicePermissionsInput) (*request.Request, *ec2.DescribeVpcEndpointServicePermissionsOutput)
 	DescribeVpcEndpointServicePermissionsPages(*ec2.DescribeVpcEndpointServicePermissionsInput, func(*ec2.DescribeVpcEndpointServicePermissionsOutput, bool) bool) error
 	DescribeVpcEndpointServicePermissionsPagesWithContext(aws.Context, *ec2.DescribeVpcEndpointServicePermissionsInput, func(*ec2.DescribeVpcEndpointServicePermissionsOutput, bool) bool, ...request.Option) error
 	DescribeVpcEndpointServices(*ec2.DescribeVpcEndpointServicesInput) (*ec2.DescribeVpcEndpointServicesOutput, error)
 	DescribeVpcEndpointServicesWithContext(aws.Context, *ec2.DescribeVpcEndpointServicesInput, ...request.Option) (*ec2.DescribeVpcEndpointServicesOutput, error)
 	DescribeVpcEndpointServicesRequest(*ec2.DescribeVpcEndpointServicesInput) (*request.Request, *ec2.DescribeVpcEndpointServicesOutput)
@ -958,14 +1147,23 @@ type EC2API interface {
 	DescribeVpcEndpointsWithContext(aws.Context, *ec2.DescribeVpcEndpointsInput, ...request.Option) (*ec2.DescribeVpcEndpointsOutput, error)
 	DescribeVpcEndpointsRequest(*ec2.DescribeVpcEndpointsInput) (*request.Request, *ec2.DescribeVpcEndpointsOutput)
 	DescribeVpcEndpointsPages(*ec2.DescribeVpcEndpointsInput, func(*ec2.DescribeVpcEndpointsOutput, bool) bool) error
 	DescribeVpcEndpointsPagesWithContext(aws.Context, *ec2.DescribeVpcEndpointsInput, func(*ec2.DescribeVpcEndpointsOutput, bool) bool, ...request.Option) error
 	DescribeVpcPeeringConnections(*ec2.DescribeVpcPeeringConnectionsInput) (*ec2.DescribeVpcPeeringConnectionsOutput, error)
 	DescribeVpcPeeringConnectionsWithContext(aws.Context, *ec2.DescribeVpcPeeringConnectionsInput, ...request.Option) (*ec2.DescribeVpcPeeringConnectionsOutput, error)
 	DescribeVpcPeeringConnectionsRequest(*ec2.DescribeVpcPeeringConnectionsInput) (*request.Request, *ec2.DescribeVpcPeeringConnectionsOutput)
 	DescribeVpcPeeringConnectionsPages(*ec2.DescribeVpcPeeringConnectionsInput, func(*ec2.DescribeVpcPeeringConnectionsOutput, bool) bool) error
 	DescribeVpcPeeringConnectionsPagesWithContext(aws.Context, *ec2.DescribeVpcPeeringConnectionsInput, func(*ec2.DescribeVpcPeeringConnectionsOutput, bool) bool, ...request.Option) error
 	DescribeVpcs(*ec2.DescribeVpcsInput) (*ec2.DescribeVpcsOutput, error)
 	DescribeVpcsWithContext(aws.Context, *ec2.DescribeVpcsInput, ...request.Option) (*ec2.DescribeVpcsOutput, error)
 	DescribeVpcsRequest(*ec2.DescribeVpcsInput) (*request.Request, *ec2.DescribeVpcsOutput)
 	DescribeVpcsPages(*ec2.DescribeVpcsInput, func(*ec2.DescribeVpcsOutput, bool) bool) error
 	DescribeVpcsPagesWithContext(aws.Context, *ec2.DescribeVpcsInput, func(*ec2.DescribeVpcsOutput, bool) bool, ...request.Option) error
 	DescribeVpnConnections(*ec2.DescribeVpnConnectionsInput) (*ec2.DescribeVpnConnectionsOutput, error)
 	DescribeVpnConnectionsWithContext(aws.Context, *ec2.DescribeVpnConnectionsInput, ...request.Option) (*ec2.DescribeVpnConnectionsOutput, error)
 	DescribeVpnConnectionsRequest(*ec2.DescribeVpnConnectionsInput) (*request.Request, *ec2.DescribeVpnConnectionsOutput)
@ -994,6 +1192,10 @@ type EC2API interface {
 	DetachVpnGatewayWithContext(aws.Context, *ec2.DetachVpnGatewayInput, ...request.Option) (*ec2.DetachVpnGatewayOutput, error)
 	DetachVpnGatewayRequest(*ec2.DetachVpnGatewayInput) (*request.Request, *ec2.DetachVpnGatewayOutput)
 	DisableEbsEncryptionByDefault(*ec2.DisableEbsEncryptionByDefaultInput) (*ec2.DisableEbsEncryptionByDefaultOutput, error)
 	DisableEbsEncryptionByDefaultWithContext(aws.Context, *ec2.DisableEbsEncryptionByDefaultInput, ...request.Option) (*ec2.DisableEbsEncryptionByDefaultOutput, error)
 	DisableEbsEncryptionByDefaultRequest(*ec2.DisableEbsEncryptionByDefaultInput) (*request.Request, *ec2.DisableEbsEncryptionByDefaultOutput)
 	DisableTransitGatewayRouteTablePropagation(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error)
 	DisableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.DisableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error)
 	DisableTransitGatewayRouteTablePropagationRequest(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.DisableTransitGatewayRouteTablePropagationOutput)
@ -1038,6 +1240,10 @@ type EC2API interface {
 	DisassociateVpcCidrBlockWithContext(aws.Context, *ec2.DisassociateVpcCidrBlockInput, ...request.Option) (*ec2.DisassociateVpcCidrBlockOutput, error)
 	DisassociateVpcCidrBlockRequest(*ec2.DisassociateVpcCidrBlockInput) (*request.Request, *ec2.DisassociateVpcCidrBlockOutput)
 	EnableEbsEncryptionByDefault(*ec2.EnableEbsEncryptionByDefaultInput) (*ec2.EnableEbsEncryptionByDefaultOutput, error)
 	EnableEbsEncryptionByDefaultWithContext(aws.Context, *ec2.EnableEbsEncryptionByDefaultInput, ...request.Option) (*ec2.EnableEbsEncryptionByDefaultOutput, error)
 	EnableEbsEncryptionByDefaultRequest(*ec2.EnableEbsEncryptionByDefaultInput) (*request.Request, *ec2.EnableEbsEncryptionByDefaultOutput)
 	EnableTransitGatewayRouteTablePropagation(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error)
 	EnableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.EnableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error)
 	EnableTransitGatewayRouteTablePropagationRequest(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.EnableTransitGatewayRouteTablePropagationOutput)
@ -1070,6 +1276,10 @@ type EC2API interface {
 	ExportTransitGatewayRoutesWithContext(aws.Context, *ec2.ExportTransitGatewayRoutesInput, ...request.Option) (*ec2.ExportTransitGatewayRoutesOutput, error)
 	ExportTransitGatewayRoutesRequest(*ec2.ExportTransitGatewayRoutesInput) (*request.Request, *ec2.ExportTransitGatewayRoutesOutput)
 	GetCapacityReservationUsage(*ec2.GetCapacityReservationUsageInput) (*ec2.GetCapacityReservationUsageOutput, error)
 	GetCapacityReservationUsageWithContext(aws.Context, *ec2.GetCapacityReservationUsageInput, ...request.Option) (*ec2.GetCapacityReservationUsageOutput, error)
 	GetCapacityReservationUsageRequest(*ec2.GetCapacityReservationUsageInput) (*request.Request, *ec2.GetCapacityReservationUsageOutput)
 	GetConsoleOutput(*ec2.GetConsoleOutputInput) (*ec2.GetConsoleOutputOutput, error)
 	GetConsoleOutputWithContext(aws.Context, *ec2.GetConsoleOutputInput, ...request.Option) (*ec2.GetConsoleOutputOutput, error)
 	GetConsoleOutputRequest(*ec2.GetConsoleOutputInput) (*request.Request, *ec2.GetConsoleOutputOutput)
@ -1078,6 +1288,14 @@ type EC2API interface {
 	GetConsoleScreenshotWithContext(aws.Context, *ec2.GetConsoleScreenshotInput, ...request.Option) (*ec2.GetConsoleScreenshotOutput, error)
 	GetConsoleScreenshotRequest(*ec2.GetConsoleScreenshotInput) (*request.Request, *ec2.GetConsoleScreenshotOutput)
 	GetEbsDefaultKmsKeyId(*ec2.GetEbsDefaultKmsKeyIdInput) (*ec2.GetEbsDefaultKmsKeyIdOutput, error)
 	GetEbsDefaultKmsKeyIdWithContext(aws.Context, *ec2.GetEbsDefaultKmsKeyIdInput, ...request.Option) (*ec2.GetEbsDefaultKmsKeyIdOutput, error)
 	GetEbsDefaultKmsKeyIdRequest(*ec2.GetEbsDefaultKmsKeyIdInput) (*request.Request, *ec2.GetEbsDefaultKmsKeyIdOutput)
 	GetEbsEncryptionByDefault(*ec2.GetEbsEncryptionByDefaultInput) (*ec2.GetEbsEncryptionByDefaultOutput, error)
 	GetEbsEncryptionByDefaultWithContext(aws.Context, *ec2.GetEbsEncryptionByDefaultInput, ...request.Option) (*ec2.GetEbsEncryptionByDefaultOutput, error)
 	GetEbsEncryptionByDefaultRequest(*ec2.GetEbsEncryptionByDefaultInput) (*request.Request, *ec2.GetEbsEncryptionByDefaultOutput)
 	GetHostReservationPurchasePreview(*ec2.GetHostReservationPurchasePreviewInput) (*ec2.GetHostReservationPurchasePreviewOutput, error)
 	GetHostReservationPurchasePreviewWithContext(aws.Context, *ec2.GetHostReservationPurchasePreviewInput, ...request.Option) (*ec2.GetHostReservationPurchasePreviewOutput, error)
 	GetHostReservationPurchasePreviewRequest(*ec2.GetHostReservationPurchasePreviewInput) (*request.Request, *ec2.GetHostReservationPurchasePreviewOutput)
@ -1098,14 +1316,23 @@ type EC2API interface {
 	GetTransitGatewayAttachmentPropagationsWithContext(aws.Context, *ec2.GetTransitGatewayAttachmentPropagationsInput, ...request.Option) (*ec2.GetTransitGatewayAttachmentPropagationsOutput, error)
 	GetTransitGatewayAttachmentPropagationsRequest(*ec2.GetTransitGatewayAttachmentPropagationsInput) (*request.Request, *ec2.GetTransitGatewayAttachmentPropagationsOutput)
 	GetTransitGatewayAttachmentPropagationsPages(*ec2.GetTransitGatewayAttachmentPropagationsInput, func(*ec2.GetTransitGatewayAttachmentPropagationsOutput, bool) bool) error
 	GetTransitGatewayAttachmentPropagationsPagesWithContext(aws.Context, *ec2.GetTransitGatewayAttachmentPropagationsInput, func(*ec2.GetTransitGatewayAttachmentPropagationsOutput, bool) bool, ...request.Option) error
 	GetTransitGatewayRouteTableAssociations(*ec2.GetTransitGatewayRouteTableAssociationsInput) (*ec2.GetTransitGatewayRouteTableAssociationsOutput, error)
 	GetTransitGatewayRouteTableAssociationsWithContext(aws.Context, *ec2.GetTransitGatewayRouteTableAssociationsInput, ...request.Option) (*ec2.GetTransitGatewayRouteTableAssociationsOutput, error)
 	GetTransitGatewayRouteTableAssociationsRequest(*ec2.GetTransitGatewayRouteTableAssociationsInput) (*request.Request, *ec2.GetTransitGatewayRouteTableAssociationsOutput)
 	GetTransitGatewayRouteTableAssociationsPages(*ec2.GetTransitGatewayRouteTableAssociationsInput, func(*ec2.GetTransitGatewayRouteTableAssociationsOutput, bool) bool) error
 	GetTransitGatewayRouteTableAssociationsPagesWithContext(aws.Context, *ec2.GetTransitGatewayRouteTableAssociationsInput, func(*ec2.GetTransitGatewayRouteTableAssociationsOutput, bool) bool, ...request.Option) error
 	GetTransitGatewayRouteTablePropagations(*ec2.GetTransitGatewayRouteTablePropagationsInput) (*ec2.GetTransitGatewayRouteTablePropagationsOutput, error)
 	GetTransitGatewayRouteTablePropagationsWithContext(aws.Context, *ec2.GetTransitGatewayRouteTablePropagationsInput, ...request.Option) (*ec2.GetTransitGatewayRouteTablePropagationsOutput, error)
 	GetTransitGatewayRouteTablePropagationsRequest(*ec2.GetTransitGatewayRouteTablePropagationsInput) (*request.Request, *ec2.GetTransitGatewayRouteTablePropagationsOutput)
 	GetTransitGatewayRouteTablePropagationsPages(*ec2.GetTransitGatewayRouteTablePropagationsInput, func(*ec2.GetTransitGatewayRouteTablePropagationsOutput, bool) bool) error
 	GetTransitGatewayRouteTablePropagationsPagesWithContext(aws.Context, *ec2.GetTransitGatewayRouteTablePropagationsInput, func(*ec2.GetTransitGatewayRouteTablePropagationsOutput, bool) bool, ...request.Option) error
 	ImportClientVpnClientCertificateRevocationList(*ec2.ImportClientVpnClientCertificateRevocationListInput) (*ec2.ImportClientVpnClientCertificateRevocationListOutput, error)
 	ImportClientVpnClientCertificateRevocationListWithContext(aws.Context, *ec2.ImportClientVpnClientCertificateRevocationListInput, ...request.Option) (*ec2.ImportClientVpnClientCertificateRevocationListOutput, error)
 	ImportClientVpnClientCertificateRevocationListRequest(*ec2.ImportClientVpnClientCertificateRevocationListInput) (*request.Request, *ec2.ImportClientVpnClientCertificateRevocationListOutput)
@ -1138,6 +1365,10 @@ type EC2API interface {
 	ModifyClientVpnEndpointWithContext(aws.Context, *ec2.ModifyClientVpnEndpointInput, ...request.Option) (*ec2.ModifyClientVpnEndpointOutput, error)
 	ModifyClientVpnEndpointRequest(*ec2.ModifyClientVpnEndpointInput) (*request.Request, *ec2.ModifyClientVpnEndpointOutput)
 	ModifyEbsDefaultKmsKeyId(*ec2.ModifyEbsDefaultKmsKeyIdInput) (*ec2.ModifyEbsDefaultKmsKeyIdOutput, error)
 	ModifyEbsDefaultKmsKeyIdWithContext(aws.Context, *ec2.ModifyEbsDefaultKmsKeyIdInput, ...request.Option) (*ec2.ModifyEbsDefaultKmsKeyIdOutput, error)
 	ModifyEbsDefaultKmsKeyIdRequest(*ec2.ModifyEbsDefaultKmsKeyIdInput) (*request.Request, *ec2.ModifyEbsDefaultKmsKeyIdOutput)
 	ModifyFleet(*ec2.ModifyFleetInput) (*ec2.ModifyFleetOutput, error)
 	ModifyFleetWithContext(aws.Context, *ec2.ModifyFleetInput, ...request.Option) (*ec2.ModifyFleetOutput, error)
 	ModifyFleetRequest(*ec2.ModifyFleetInput) (*request.Request, *ec2.ModifyFleetOutput)
@ -1174,6 +1405,10 @@ type EC2API interface {
 	ModifyInstanceCreditSpecificationWithContext(aws.Context, *ec2.ModifyInstanceCreditSpecificationInput, ...request.Option) (*ec2.ModifyInstanceCreditSpecificationOutput, error)
 	ModifyInstanceCreditSpecificationRequest(*ec2.ModifyInstanceCreditSpecificationInput) (*request.Request, *ec2.ModifyInstanceCreditSpecificationOutput)
 	ModifyInstanceEventStartTime(*ec2.ModifyInstanceEventStartTimeInput) (*ec2.ModifyInstanceEventStartTimeOutput, error)
 	ModifyInstanceEventStartTimeWithContext(aws.Context, *ec2.ModifyInstanceEventStartTimeInput, ...request.Option) (*ec2.ModifyInstanceEventStartTimeOutput, error)
 	ModifyInstanceEventStartTimeRequest(*ec2.ModifyInstanceEventStartTimeInput) (*request.Request, *ec2.ModifyInstanceEventStartTimeOutput)
 	ModifyInstancePlacement(*ec2.ModifyInstancePlacementInput) (*ec2.ModifyInstancePlacementOutput, error)
 	ModifyInstancePlacementWithContext(aws.Context, *ec2.ModifyInstancePlacementInput, ...request.Option) (*ec2.ModifyInstancePlacementOutput, error)
 	ModifyInstancePlacementRequest(*ec2.ModifyInstancePlacementInput) (*request.Request, *ec2.ModifyInstancePlacementOutput)
@ -1202,6 +1437,18 @@ type EC2API interface {
 	ModifySubnetAttributeWithContext(aws.Context, *ec2.ModifySubnetAttributeInput, ...request.Option) (*ec2.ModifySubnetAttributeOutput, error)
 	ModifySubnetAttributeRequest(*ec2.ModifySubnetAttributeInput) (*request.Request, *ec2.ModifySubnetAttributeOutput)
 	ModifyTrafficMirrorFilterNetworkServices(*ec2.ModifyTrafficMirrorFilterNetworkServicesInput) (*ec2.ModifyTrafficMirrorFilterNetworkServicesOutput, error)
 	ModifyTrafficMirrorFilterNetworkServicesWithContext(aws.Context, *ec2.ModifyTrafficMirrorFilterNetworkServicesInput, ...request.Option) (*ec2.ModifyTrafficMirrorFilterNetworkServicesOutput, error)
 	ModifyTrafficMirrorFilterNetworkServicesRequest(*ec2.ModifyTrafficMirrorFilterNetworkServicesInput) (*request.Request, *ec2.ModifyTrafficMirrorFilterNetworkServicesOutput)
 	ModifyTrafficMirrorFilterRule(*ec2.ModifyTrafficMirrorFilterRuleInput) (*ec2.ModifyTrafficMirrorFilterRuleOutput, error)
 	ModifyTrafficMirrorFilterRuleWithContext(aws.Context, *ec2.ModifyTrafficMirrorFilterRuleInput, ...request.Option) (*ec2.ModifyTrafficMirrorFilterRuleOutput, error)
 	ModifyTrafficMirrorFilterRuleRequest(*ec2.ModifyTrafficMirrorFilterRuleInput) (*request.Request, *ec2.ModifyTrafficMirrorFilterRuleOutput)
 	ModifyTrafficMirrorSession(*ec2.ModifyTrafficMirrorSessionInput) (*ec2.ModifyTrafficMirrorSessionOutput, error)
 	ModifyTrafficMirrorSessionWithContext(aws.Context, *ec2.ModifyTrafficMirrorSessionInput, ...request.Option) (*ec2.ModifyTrafficMirrorSessionOutput, error)
 	ModifyTrafficMirrorSessionRequest(*ec2.ModifyTrafficMirrorSessionInput) (*request.Request, *ec2.ModifyTrafficMirrorSessionOutput)
 	ModifyTransitGatewayVpcAttachment(*ec2.ModifyTransitGatewayVpcAttachmentInput) (*ec2.ModifyTransitGatewayVpcAttachmentOutput, error)
 	ModifyTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.ModifyTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.ModifyTransitGatewayVpcAttachmentOutput, error)
 	ModifyTransitGatewayVpcAttachmentRequest(*ec2.ModifyTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.ModifyTransitGatewayVpcAttachmentOutput)
@ -1242,6 +1489,10 @@ type EC2API interface {
 	ModifyVpcTenancyWithContext(aws.Context, *ec2.ModifyVpcTenancyInput, ...request.Option) (*ec2.ModifyVpcTenancyOutput, error)
 	ModifyVpcTenancyRequest(*ec2.ModifyVpcTenancyInput) (*request.Request, *ec2.ModifyVpcTenancyOutput)
 	ModifyVpnConnection(*ec2.ModifyVpnConnectionInput) (*ec2.ModifyVpnConnectionOutput, error)
 	ModifyVpnConnectionWithContext(aws.Context, *ec2.ModifyVpnConnectionInput, ...request.Option) (*ec2.ModifyVpnConnectionOutput, error)
 	ModifyVpnConnectionRequest(*ec2.ModifyVpnConnectionInput) (*request.Request, *ec2.ModifyVpnConnectionOutput)
 	MonitorInstances(*ec2.MonitorInstancesInput) (*ec2.MonitorInstancesOutput, error)
 	MonitorInstancesWithContext(aws.Context, *ec2.MonitorInstancesInput, ...request.Option) (*ec2.MonitorInstancesOutput, error)
 	MonitorInstancesRequest(*ec2.MonitorInstancesInput) (*request.Request, *ec2.MonitorInstancesOutput)
@ -1330,6 +1581,10 @@ type EC2API interface {
 	RequestSpotInstancesWithContext(aws.Context, *ec2.RequestSpotInstancesInput, ...request.Option) (*ec2.RequestSpotInstancesOutput, error)
 	RequestSpotInstancesRequest(*ec2.RequestSpotInstancesInput) (*request.Request, *ec2.RequestSpotInstancesOutput)
 	ResetEbsDefaultKmsKeyId(*ec2.ResetEbsDefaultKmsKeyIdInput) (*ec2.ResetEbsDefaultKmsKeyIdOutput, error)
 	ResetEbsDefaultKmsKeyIdWithContext(aws.Context, *ec2.ResetEbsDefaultKmsKeyIdInput, ...request.Option) (*ec2.ResetEbsDefaultKmsKeyIdOutput, error)
 	ResetEbsDefaultKmsKeyIdRequest(*ec2.ResetEbsDefaultKmsKeyIdInput) (*request.Request, *ec2.ResetEbsDefaultKmsKeyIdOutput)
 	ResetFpgaImageAttribute(*ec2.ResetFpgaImageAttributeInput) (*ec2.ResetFpgaImageAttributeOutput, error)
 	ResetFpgaImageAttributeWithContext(aws.Context, *ec2.ResetFpgaImageAttributeInput, ...request.Option) (*ec2.ResetFpgaImageAttributeOutput, error)
 	ResetFpgaImageAttributeRequest(*ec2.ResetFpgaImageAttributeInput) (*request.Request, *ec2.ResetFpgaImageAttributeOutput)
--- a/vendor/github.com/aws/aws-sdk-go/service/ecr/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ecr/api.go
@ -3,6 +3,7 @@
 package ecr
 import (
 	"fmt"
 	"time"
 	"github.com/aws/aws-sdk-go/aws"
@ -473,7 +474,7 @@ func (c *ECR) CreateRepositoryRequest(input *CreateRepositoryInput) (req *reques
 //   * ErrCodeLimitExceededException "LimitExceededException"
 //   The operation did not succeed because it would have exceeded a service limit
 //   for your account. For more information, see Amazon ECR Default Service Limits
-//   (http://docs.aws.amazon.com/AmazonECR/latest/userguide/service_limits.html)
+//   (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service_limits.html)
 //   in the Amazon Elastic Container Registry User Guide.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/CreateRepository
@ -884,7 +885,7 @@ func (c *ECR) DescribeImagesWithContext(ctx aws.Context, input *DescribeImagesIn
 //    // Example iterating over at most 3 pages of a DescribeImages operation.
 //    pageNum := 0
 //    err := client.DescribeImagesPages(params,
-//        func(page *DescribeImagesOutput, lastPage bool) bool {
+//        func(page *ecr.DescribeImagesOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@ -1027,7 +1028,7 @@ func (c *ECR) DescribeRepositoriesWithContext(ctx aws.Context, input *DescribeRe
 //    // Example iterating over at most 3 pages of a DescribeRepositories operation.
 //    pageNum := 0
 //    err := client.DescribeRepositoriesPages(params,
-//        func(page *DescribeRepositoriesOutput, lastPage bool) bool {
+//        func(page *ecr.DescribeRepositoriesOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@ -1728,7 +1729,7 @@ func (c *ECR) ListImagesWithContext(ctx aws.Context, input *ListImagesInput, opt
 //    // Example iterating over at most 3 pages of a ListImages operation.
 //    pageNum := 0
 //    err := client.ListImagesPages(params,
-//        func(page *ListImagesOutput, lastPage bool) bool {
+//        func(page *ecr.ListImagesOutput, lastPage bool) bool {
 //            pageNum++
 //            fmt.Println(page)
 //            return pageNum <= 3
@ -1934,9 +1935,13 @@ func (c *ECR) PutImageRequest(input *PutImageInput) (req *request.Request, outpu
 //   * ErrCodeLimitExceededException "LimitExceededException"
 //   The operation did not succeed because it would have exceeded a service limit
 //   for your account. For more information, see Amazon ECR Default Service Limits
-//   (http://docs.aws.amazon.com/AmazonECR/latest/userguide/service_limits.html)
+//   (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service_limits.html)
 //   in the Amazon Elastic Container Registry User Guide.
 //
 //   * ErrCodeImageTagAlreadyExistsException "ImageTagAlreadyExistsException"
 //   The specified image is tagged with a tag that already exists. The repository
 //   is configured for tag immutability.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutImage
 func (c *ECR) PutImage(input *PutImageInput) (*PutImageOutput, error) {
 	req, out := c.PutImageRequest(input)
@ -1959,6 +1964,93 @@ func (c *ECR) PutImageWithContext(ctx aws.Context, input *PutImageInput, opts ..
 	return out, req.Send()
 }
 const opPutImageTagMutability = "PutImageTagMutability"
 // PutImageTagMutabilityRequest generates a "aws/request.Request" representing the
 // client's request for the PutImageTagMutability operation. The "output" return
 // value will be populated with the request's response once the request completes
 // successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
 // See PutImageTagMutability for more information on using the PutImageTagMutability
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //    // Example sending a request using the PutImageTagMutabilityRequest method.
 //    req, resp := client.PutImageTagMutabilityRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutImageTagMutability
 func (c *ECR) PutImageTagMutabilityRequest(input *PutImageTagMutabilityInput) (req *request.Request, output *PutImageTagMutabilityOutput) {
 	op := &request.Operation{
 		Name:       opPutImageTagMutability,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 	if input == nil {
 		input = &PutImageTagMutabilityInput{}
 	}
 	output = &PutImageTagMutabilityOutput{}
 	req = c.newRequest(op, input, output)
 	return
 }
 // PutImageTagMutability API operation for Amazon EC2 Container Registry.
 //
 // Updates the image tag mutability settings for a repository.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon EC2 Container Registry's
 // API operation PutImageTagMutability for usage and error information.
 //
 // Returned Error Codes:
 //   * ErrCodeServerException "ServerException"
 //   These errors are usually caused by a server-side issue.
 //
 //   * ErrCodeInvalidParameterException "InvalidParameterException"
 //   The specified parameter is invalid. Review the available parameters for the
 //   API request.
 //
 //   * ErrCodeRepositoryNotFoundException "RepositoryNotFoundException"
 //   The specified repository could not be found. Check the spelling of the specified
 //   repository and ensure that you are performing operations on the correct registry.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutImageTagMutability
 func (c *ECR) PutImageTagMutability(input *PutImageTagMutabilityInput) (*PutImageTagMutabilityOutput, error) {
 	req, out := c.PutImageTagMutabilityRequest(input)
 	return out, req.Send()
 }
 // PutImageTagMutabilityWithContext is the same as PutImageTagMutability with the addition of
 // the ability to pass a context and additional request options.
 //
 // See PutImageTagMutability for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
 func (c *ECR) PutImageTagMutabilityWithContext(ctx aws.Context, input *PutImageTagMutabilityInput, opts ...request.Option) (*PutImageTagMutabilityOutput, error) {
 	req, out := c.PutImageTagMutabilityRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 const opPutLifecyclePolicy = "PutLifecyclePolicy"
 // PutLifecyclePolicyRequest generates a "aws/request.Request" representing the
@ -2004,7 +2096,7 @@ func (c *ECR) PutLifecyclePolicyRequest(input *PutLifecyclePolicyInput) (req *re
 // PutLifecyclePolicy API operation for Amazon EC2 Container Registry.
 //
 // Creates or updates a lifecycle policy. For information about lifecycle policy
-// syntax, see Lifecycle Policy Template (http://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html).
+// syntax, see Lifecycle Policy Template (https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html).
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@ -2092,6 +2184,8 @@ func (c *ECR) SetRepositoryPolicyRequest(input *SetRepositoryPolicyInput) (req *
 // SetRepositoryPolicy API operation for Amazon EC2 Container Registry.
 //
 // Applies a repository policy on a specified repository to control access permissions.
 // For more information, see Amazon ECR Repository Policies (https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicies.html)
 // in the Amazon Elastic Container Registry User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@ -2504,7 +2598,7 @@ func (c *ECR) UploadLayerPartRequest(input *UploadLayerPartInput) (req *request.
 //   * ErrCodeLimitExceededException "LimitExceededException"
 //   The operation did not succeed because it would have exceeded a service limit
 //   for your account. For more information, see Amazon ECR Default Service Limits
-//   (http://docs.aws.amazon.com/AmazonECR/latest/userguide/service_limits.html)
+//   (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service_limits.html)
 //   in the Amazon Elastic Container Registry User Guide.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/UploadLayerPart
@ -2723,6 +2817,16 @@ func (s *BatchDeleteImageInput) Validate() error {
 	if s.RepositoryName != nil && len(*s.RepositoryName) < 2 {
 		invalidParams.Add(request.NewErrParamMinLen("RepositoryName", 2))
 	}
 	if s.ImageIds != nil {
 		for i, v := range s.ImageIds {
 			if v == nil {
 				continue
 			}
 			if err := v.Validate(); err != nil {
 				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ImageIds", i), err.(request.ErrInvalidParams))
 			}
 		}
 	}
 	if invalidParams.Len() > 0 {
 		return invalidParams
@ -2833,6 +2937,16 @@ func (s *BatchGetImageInput) Validate() error {
 	if s.RepositoryName != nil && len(*s.RepositoryName) < 2 {
 		invalidParams.Add(request.NewErrParamMinLen("RepositoryName", 2))
 	}
 	if s.ImageIds != nil {
 		for i, v := range s.ImageIds {
 			if v == nil {
 				continue
 			}
 			if err := v.Validate(); err != nil {
 				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ImageIds", i), err.(request.ErrInvalidParams))
 			}
 		}
 	}
 	if invalidParams.Len() > 0 {
 		return invalidParams
@ -3032,6 +3146,12 @@ func (s *CompleteLayerUploadOutput) SetUploadId(v string) *CompleteLayerUploadOu
 type CreateRepositoryInput struct {
 	_ struct{} `type:"structure"`
 	// The tag mutability setting for the repository. If this parameter is omitted,
 	// the default setting of MUTABLE will be used which will allow image tags to
 	// be overwritten. If IMMUTABLE is specified, all image tags within the repository
 	// will be immutable which will prevent them from being overwritten.
 	ImageTagMutability *string `locationName:"imageTagMutability" type:"string" enum:"ImageTagMutability"`
 	// The name to use for the repository. The repository name may be specified
 	// on its own (such as nginx-web-app) or it can be prepended with a namespace
 	// to group the repository into a category (such as project-a/nginx-web-app).
@ -3039,6 +3159,10 @@ type CreateRepositoryInput struct {
 	// RepositoryName is a required field
 	RepositoryName *string `locationName:"repositoryName" min:"2" type:"string" required:"true"`
 	// The metadata that you apply to the repository to help you categorize and
 	// organize them. Each tag consists of a key and an optional value, both of
 	// which you define. Tag keys can have a maximum character length of 128 characters,
 	// and tag values can have a maximum length of 256 characters.
 	Tags []*Tag `locationName:"tags" type:"list"`
 }
@ -3068,6 +3192,12 @@ func (s *CreateRepositoryInput) Validate() error {
 	return nil
 }
 // SetImageTagMutability sets the ImageTagMutability field's value.
 func (s *CreateRepositoryInput) SetImageTagMutability(v string) *CreateRepositoryInput {
 	s.ImageTagMutability = &v
 	return s
 }
 // SetRepositoryName sets the RepositoryName field's value.
 func (s *CreateRepositoryInput) SetRepositoryName(v string) *CreateRepositoryInput {
 	s.RepositoryName = &v
@ -3437,7 +3567,7 @@ type DescribeImagesInput struct {
 	// registry is assumed.
 	RegistryId *string `locationName:"registryId" type:"string"`
-	// A list of repositories to describe.
+	// The repository that contains the images to describe.
 	//
 	// RepositoryName is a required field
 	RepositoryName *string `locationName:"repositoryName" min:"2" type:"string" required:"true"`
@ -3468,6 +3598,16 @@ func (s *DescribeImagesInput) Validate() error {
 	if s.RepositoryName != nil && len(*s.RepositoryName) < 2 {
 		invalidParams.Add(request.NewErrParamMinLen("RepositoryName", 2))
 	}
 	if s.ImageIds != nil {
 		for i, v := range s.ImageIds {
 			if v == nil {
 				continue
 			}
 			if err := v.Validate(); err != nil {
 				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ImageIds", i), err.(request.ErrInvalidParams))
 			}
 		}
 	}
 	if invalidParams.Len() > 0 {
 		return invalidParams
@ -3936,22 +4076,21 @@ type GetLifecyclePolicyPreviewInput struct {
 	ImageIds []*ImageIdentifier `locationName:"imageIds" min:"1" type:"list"`
 	// The maximum number of repository results returned by GetLifecyclePolicyPreviewRequest
-	// in  paginated output. When this parameter is used, GetLifecyclePolicyPreviewRequest
+	// in paginated output. When this parameter is used, GetLifecyclePolicyPreviewRequest
-	// only returns  maxResults results in a single page along with a nextToken
+	// only returns maxResults results in a single page along with a nextToken response
-	// response element. The remaining results of the initial request can be seen
+	// element. The remaining results of the initial request can be seen by sending
-	// by sending  another GetLifecyclePolicyPreviewRequest request with the returned
+	// another GetLifecyclePolicyPreviewRequest request with the returned nextToken
-	// nextToken  value. This value can be between 1 and 1000. If this  parameter
+	// value. This value can be between 1 and 1000. If this parameter is not used,
-	// is not used, then GetLifecyclePolicyPreviewRequest returns up to  100 results
+	// then GetLifecyclePolicyPreviewRequest returns up to 100 results and a nextToken
-	// and a nextToken value, if  applicable. This option cannot be used when you
+	// value, if applicable. This option cannot be used when you specify images
-	// specify images with imageIds.
+	// with imageIds.
 	MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
-	// The nextToken value returned from a previous paginated  GetLifecyclePolicyPreviewRequest
+	// The nextToken value returned from a previous paginated GetLifecyclePolicyPreviewRequest
-	// request where maxResults was used and the  results exceeded the value of
+	// request where maxResults was used and the results exceeded the value of that
-	// that parameter. Pagination continues from the end of the  previous results
+	// parameter. Pagination continues from the end of the previous results that
-	// that returned the nextToken value. This value is  null when there are no
+	// returned the nextToken value. This value is null when there are no more results
-	// more results to return. This option cannot be used when you specify images
+	// to return. This option cannot be used when you specify images with imageIds.
 	// with imageIds.
 	NextToken *string `locationName:"nextToken" type:"string"`
 	// The AWS account ID associated with the registry that contains the repository.
@ -3989,6 +4128,16 @@ func (s *GetLifecyclePolicyPreviewInput) Validate() error {
 	if s.RepositoryName != nil && len(*s.RepositoryName) < 2 {
 		invalidParams.Add(request.NewErrParamMinLen("RepositoryName", 2))
 	}
 	if s.ImageIds != nil {
 		for i, v := range s.ImageIds {
 			if v == nil {
 				continue
 			}
 			if err := v.Validate(); err != nil {
 				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ImageIds", i), err.(request.ErrInvalidParams))
 			}
 		}
 	}
 	if invalidParams.Len() > 0 {
 		return invalidParams
@ -4380,7 +4529,7 @@ type ImageIdentifier struct {
 	ImageDigest *string `locationName:"imageDigest" type:"string"`
 	// The tag used for the image.
-	ImageTag *string `locationName:"imageTag" type:"string"`
+	ImageTag *string `locationName:"imageTag" min:"1" type:"string"`
 }
 // String returns the string representation
@ -4393,6 +4542,19 @@ func (s ImageIdentifier) GoString() string {
 	return s.String()
 }
 // Validate inspects the fields of the type to determine if they are valid.
 func (s *ImageIdentifier) Validate() error {
 	invalidParams := request.ErrInvalidParams{Context: "ImageIdentifier"}
 	if s.ImageTag != nil && len(*s.ImageTag) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("ImageTag", 1))
 	}
 	if invalidParams.Len() > 0 {
 		return invalidParams
 	}
 	return nil
 }
 // SetImageDigest sets the ImageDigest field's value.
 func (s *ImageIdentifier) SetImageDigest(v string) *ImageIdentifier {
 	s.ImageDigest = &v
@ -4943,7 +5105,7 @@ type PutImageInput struct {
 	// The tag to associate with the image. This parameter is required for images
 	// that use the Docker Image Manifest V2 Schema 2 or OCI formats.
-	ImageTag *string `locationName:"imageTag" type:"string"`
+	ImageTag *string `locationName:"imageTag" min:"1" type:"string"`
 	// The AWS account ID associated with the registry that contains the repository
 	// in which to put the image. If you do not specify a registry, the default
@ -4972,6 +5134,9 @@ func (s *PutImageInput) Validate() error {
 	if s.ImageManifest == nil {
 		invalidParams.Add(request.NewErrParamRequired("ImageManifest"))
 	}
 	if s.ImageTag != nil && len(*s.ImageTag) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("ImageTag", 1))
 	}
 	if s.RepositoryName == nil {
 		invalidParams.Add(request.NewErrParamRequired("RepositoryName"))
 	}
@ -5032,6 +5197,115 @@ func (s *PutImageOutput) SetImage(v *Image) *PutImageOutput {
 	return s
 }
 type PutImageTagMutabilityInput struct {
 	_ struct{} `type:"structure"`
 	// The tag mutability setting for the repository. If MUTABLE is specified, image
 	// tags can be overwritten. If IMMUTABLE is specified, all image tags within
 	// the repository will be immutable which will prevent them from being overwritten.
 	//
 	// ImageTagMutability is a required field
 	ImageTagMutability *string `locationName:"imageTagMutability" type:"string" required:"true" enum:"ImageTagMutability"`
 	// The AWS account ID associated with the registry that contains the repository
 	// in which to update the image tag mutability settings. If you do not specify
 	// a registry, the default registry is assumed.
 	RegistryId *string `locationName:"registryId" type:"string"`
 	// The name of the repository in which to update the image tag mutability settings.
 	//
 	// RepositoryName is a required field
 	RepositoryName *string `locationName:"repositoryName" min:"2" type:"string" required:"true"`
 }
 // String returns the string representation
 func (s PutImageTagMutabilityInput) String() string {
 	return awsutil.Prettify(s)
 }
 // GoString returns the string representation
 func (s PutImageTagMutabilityInput) GoString() string {
 	return s.String()
 }
 // Validate inspects the fields of the type to determine if they are valid.
 func (s *PutImageTagMutabilityInput) Validate() error {
 	invalidParams := request.ErrInvalidParams{Context: "PutImageTagMutabilityInput"}
 	if s.ImageTagMutability == nil {
 		invalidParams.Add(request.NewErrParamRequired("ImageTagMutability"))
 	}
 	if s.RepositoryName == nil {
 		invalidParams.Add(request.NewErrParamRequired("RepositoryName"))
 	}
 	if s.RepositoryName != nil && len(*s.RepositoryName) < 2 {
 		invalidParams.Add(request.NewErrParamMinLen("RepositoryName", 2))
 	}
 	if invalidParams.Len() > 0 {
 		return invalidParams
 	}
 	return nil
 }
 // SetImageTagMutability sets the ImageTagMutability field's value.
 func (s *PutImageTagMutabilityInput) SetImageTagMutability(v string) *PutImageTagMutabilityInput {
 	s.ImageTagMutability = &v
 	return s
 }
 // SetRegistryId sets the RegistryId field's value.
 func (s *PutImageTagMutabilityInput) SetRegistryId(v string) *PutImageTagMutabilityInput {
 	s.RegistryId = &v
 	return s
 }
 // SetRepositoryName sets the RepositoryName field's value.
 func (s *PutImageTagMutabilityInput) SetRepositoryName(v string) *PutImageTagMutabilityInput {
 	s.RepositoryName = &v
 	return s
 }
 type PutImageTagMutabilityOutput struct {
 	_ struct{} `type:"structure"`
 	// The image tag mutability setting for the repository.
 	ImageTagMutability *string `locationName:"imageTagMutability" type:"string" enum:"ImageTagMutability"`
 	// The registry ID associated with the request.
 	RegistryId *string `locationName:"registryId" type:"string"`
 	// The repository name associated with the request.
 	RepositoryName *string `locationName:"repositoryName" min:"2" type:"string"`
 }
 // String returns the string representation
 func (s PutImageTagMutabilityOutput) String() string {
 	return awsutil.Prettify(s)
 }
 // GoString returns the string representation
 func (s PutImageTagMutabilityOutput) GoString() string {
 	return s.String()
 }
 // SetImageTagMutability sets the ImageTagMutability field's value.
 func (s *PutImageTagMutabilityOutput) SetImageTagMutability(v string) *PutImageTagMutabilityOutput {
 	s.ImageTagMutability = &v
 	return s
 }
 // SetRegistryId sets the RegistryId field's value.
 func (s *PutImageTagMutabilityOutput) SetRegistryId(v string) *PutImageTagMutabilityOutput {
 	s.RegistryId = &v
 	return s
 }
 // SetRepositoryName sets the RepositoryName field's value.
 func (s *PutImageTagMutabilityOutput) SetRepositoryName(v string) *PutImageTagMutabilityOutput {
 	s.RepositoryName = &v
 	return s
 }
 type PutLifecyclePolicyInput struct {
 	_ struct{} `type:"structure"`
@ -5041,7 +5315,7 @@ type PutLifecyclePolicyInput struct {
 	LifecyclePolicyText *string `locationName:"lifecyclePolicyText" min:"100" type:"string" required:"true"`
 	// The AWS account ID associated with the registry that contains the repository.
-	// If you do  not specify a registry, the default registry is assumed.
+	// If you do not specify a registry, the default registry is assumed.
 	RegistryId *string `locationName:"registryId" type:"string"`
 	// The name of the repository to receive the policy.
@ -5148,6 +5422,9 @@ type Repository struct {
 	// The date and time, in JavaScript date format, when the repository was created.
 	CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
 	// The tag mutability setting for the repository.
 	ImageTagMutability *string `locationName:"imageTagMutability" type:"string" enum:"ImageTagMutability"`
 	// The AWS account ID associated with the registry that contains the repository.
 	RegistryId *string `locationName:"registryId" type:"string"`
@ -5181,6 +5458,12 @@ func (s *Repository) SetCreatedAt(v time.Time) *Repository {
 	return s
 }
 // SetImageTagMutability sets the ImageTagMutability field's value.
 func (s *Repository) SetImageTagMutability(v string) *Repository {
 	s.ImageTagMutability = &v
 	return s
 }
 // SetRegistryId sets the RegistryId field's value.
 func (s *Repository) SetRegistryId(v string) *Repository {
 	s.RegistryId = &v
@ -5213,7 +5496,9 @@ type SetRepositoryPolicyInput struct {
 	// operation. This is intended to prevent accidental repository lock outs.
 	Force *bool `locationName:"force" type:"boolean"`
-	// The JSON repository policy text to apply to the repository.
+	// The JSON repository policy text to apply to the repository. For more information,
 	// see Amazon ECR Repository Policy Examples (https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html)
 	// in the Amazon Elastic Container Registry User Guide.
 	//
 	// PolicyText is a required field
 	PolicyText *string `locationName:"policyText" type:"string" required:"true"`
@ -5792,6 +6077,14 @@ const (
 	ImageFailureCodeMissingDigestAndTag = "MissingDigestAndTag"
 )
 const (
 	// ImageTagMutabilityMutable is a ImageTagMutability enum value
 	ImageTagMutabilityMutable = "MUTABLE"
 	// ImageTagMutabilityImmutable is a ImageTagMutability enum value
 	ImageTagMutabilityImmutable = "IMMUTABLE"
 )
 const (
 	// LayerAvailabilityAvailable is a LayerAvailability enum value
 	LayerAvailabilityAvailable = "AVAILABLE"
--- a/vendor/github.com/aws/aws-sdk-go/service/ecr/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ecr/errors.go
@ -23,6 +23,13 @@ const (
 	// The image requested does not exist in the specified repository.
 	ErrCodeImageNotFoundException = "ImageNotFoundException"
 	// ErrCodeImageTagAlreadyExistsException for service response error code
 	// "ImageTagAlreadyExistsException".
 	//
 	// The specified image is tagged with a tag that already exists. The repository
 	// is configured for tag immutability.
 	ErrCodeImageTagAlreadyExistsException = "ImageTagAlreadyExistsException"
 	// ErrCodeInvalidLayerException for service response error code
 	// "InvalidLayerException".
 	//
@ -102,7 +109,7 @@ const (
 	//
 	// The operation did not succeed because it would have exceeded a service limit
 	// for your account. For more information, see Amazon ECR Default Service Limits
-	// (http://docs.aws.amazon.com/AmazonECR/latest/userguide/service_limits.html)
+	// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service_limits.html)
 	// in the Amazon Elastic Container Registry User Guide.
 	ErrCodeLimitExceededException = "LimitExceededException"
--- a/vendor/github.com/aws/aws-sdk-go/service/ecr/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ecr/service.go
@ -29,9 +29,9 @@ var initRequest func(*request.Request)
 // Service information constants
 const (
-	ServiceName = "ecr"       // Name of service.
+	ServiceName = "ecr"     // Name of service.
-	EndpointsID = ServiceName // ID to lookup a service endpoint with.
+	EndpointsID = "api.ecr" // ID to lookup a service endpoint with.
-	ServiceID   = "ECR"       // ServiceID is a unique identifer of a specific service.
+	ServiceID   = "ECR"     // ServiceID is a unique identifer of a specific service.
 )
 // New creates a new instance of the ECR client with a session.
@ -46,6 +46,9 @@ const (
 //     svc := ecr.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *ECR {
 	c := p.ClientConfig(EndpointsID, cfgs...)
 	if c.SigningNameDerived || len(c.SigningName) == 0 {
 		c.SigningName = "ecr"
 	}
 	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
 }
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
@ -80,7 +80,8 @@ func buildGetBucketLocation(r *request.Request) {
 		out := r.Data.(*GetBucketLocationOutput)
 		b, err := ioutil.ReadAll(r.HTTPResponse.Body)
 		if err != nil {
-			r.Error = awserr.New("SerializationError", "failed reading response body", err)
+			r.Error = awserr.New(request.ErrCodeSerialization,
 				"failed reading response body", err)
 			return
 		}
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
@ -17,7 +17,8 @@ func defaultInitClientFn(c *client.Client) {
 	// Require SSL when using SSE keys
 	c.Handlers.Validate.PushBack(validateSSERequiresSSL)
-	c.Handlers.Build.PushBack(computeSSEKeys)
+	c.Handlers.Build.PushBack(computeSSEKeyMD5)
 	c.Handlers.Build.PushBack(computeCopySourceSSEKeyMD5)
 	// S3 uses custom error unmarshaling logic
 	c.Handlers.UnmarshalError.Clear()
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
@ -63,6 +63,20 @@
 // See the s3manager package's Downloader type documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Downloader
 //
 // Automatic URI cleaning
 //
 // Interacting with objects whose keys contain adjacent slashes (e.g. bucketname/foo//bar/objectname)
 // requires setting DisableRestProtocolURICleaning to true in the aws.Config struct
 // used by the service client.
 //
 //   svc := s3.New(sess, &aws.Config{
 //      	DisableRestProtocolURICleaning: aws.Bool(true),
 //   })
 //   out, err := svc.GetObject(&s3.GetObjectInput {
 //      	Bucket: aws.String("bucketname"),
 //       	Key: aws.String("//foo//bar//moo"),
 //   })
 //
 // Get Bucket Region
 //
 // GetBucketRegion will attempt to get the region for a bucket using a region
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/batch.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/batch.go
@ -273,7 +273,7 @@ type DeleteObjectsIterator struct {
 	inc     bool
 }
-// Next will increment the default iterator's index and and ensure that there
+// Next will increment the default iterator's index and ensure that there
 // is another object to iterator to.
 func (iter *DeleteObjectsIterator) Next() bool {
 	if iter.inc {
@ -458,7 +458,7 @@ type DownloadObjectsIterator struct {
 	inc     bool
 }
-// Next will increment the default iterator's index and and ensure that there
+// Next will increment the default iterator's index and ensure that there
 // is another object to iterator to.
 func (batcher *DownloadObjectsIterator) Next() bool {
 	if batcher.inc {
@ -497,7 +497,7 @@ type UploadObjectsIterator struct {
 	inc     bool
 }
-// Next will increment the default iterator's index and and ensure that there
+// Next will increment the default iterator's index and ensure that there
 // is another object to iterator to.
 func (batcher *UploadObjectsIterator) Next() bool {
 	if batcher.inc {
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/download.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/download.go
@ -126,7 +126,8 @@ type maxRetrier interface {
 }
 // Download downloads an object in S3 and writes the payload into w using
-// concurrent GET requests.
+// concurrent GET requests. The n int64 returned is the size of the object downloaded
 // in bytes.
 //
 // Additional functional options can be provided to configure the individual
 // download. These options are copies of the Downloader instance Download is called from.
@ -148,7 +149,8 @@ func (d Downloader) Download(w io.WriterAt, input *s3.GetObjectInput, options ..
 }
 // DownloadWithContext downloads an object in S3 and writes the payload into w
-// using concurrent GET requests.
+// using concurrent GET requests. The n int64 returned is the size of the object downloaded
 // in bytes.
 //
 // DownloadWithContext is the same as Download with the additional support for
 // Context input parameters. The Context must not be nil. A nil Context will
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload.go
@ -11,6 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/awsutil"
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/aws/aws-sdk-go/service/s3/s3iface"
@ -144,8 +145,13 @@ type Uploader struct {
 	// MaxUploadParts is the max number of parts which will be uploaded to S3.
 	// Will be used to calculate the partsize of the object to be uploaded.
 	// E.g: 5GB file, with MaxUploadParts set to 100, will upload the file
-	// as 100, 50MB parts.
+	// as 100, 50MB parts. With a limited of s3.MaxUploadParts (10,000 parts).
-	// With a limited of s3.MaxUploadParts (10,000 parts).
+	//
 	// MaxUploadParts must not be used to limit the total number of bytes uploaded.
 	// Use a type like to io.LimitReader (https://golang.org/pkg/io/#LimitedReader)
 	// instead. An io.LimitReader is helpful when uploading an unbounded reader
 	// to S3, and you know its maximum size. Otherwise the reader's io.EOF returned
 	// error must be used to signal end of stream.
 	//
 	// Defaults to package const's MaxUploadParts value.
 	MaxUploadParts int
@ -357,7 +363,9 @@ type uploader struct {
 // internal logic for deciding whether to upload a single part or use a
 // multipart upload.
 func (u *uploader) upload() (*UploadOutput, error) {
-	u.init()
+	if err := u.init(); err != nil {
 		return nil, awserr.New("ReadRequestBody", "unable to initialize upload", err)
 	}
 	if u.cfg.PartSize < MinUploadPartSize {
 		msg := fmt.Sprintf("part size must be at least %d bytes", MinUploadPartSize)
@ -377,7 +385,7 @@ func (u *uploader) upload() (*UploadOutput, error) {
 }
 // init will initialize all default options.
-func (u *uploader) init() {
+func (u *uploader) init() error {
 	if u.cfg.Concurrency == 0 {
 		u.cfg.Concurrency = DefaultUploadConcurrency
 	}
@ -393,19 +401,19 @@ func (u *uploader) init() {
 	}
 	// Try to get the total size for some optimizations
-	u.initSize()
+	return u.initSize()
 }
 // initSize tries to detect the total stream size, setting u.totalSize. If
 // the size is not known, totalSize is set to -1.
-func (u *uploader) initSize() {
+func (u *uploader) initSize() error {
 	u.totalSize = -1
 	switch r := u.in.Body.(type) {
 	case io.Seeker:
 		n, err := aws.SeekerLen(r)
 		if err != nil {
-			return
+			return err
 		}
 		u.totalSize = n
@ -417,6 +425,8 @@ func (u *uploader) initSize() {
 			u.cfg.PartSize = (u.totalSize / int64(u.cfg.MaxUploadParts)) + 1
 		}
 	}
 	return nil
 }
 // nextReader returns a seekable reader representing the next packet of data.
@ -541,21 +551,6 @@ func (u *multiuploader) upload(firstBuf io.ReadSeeker, firstPart []byte) (*Uploa
 	// Read and queue the rest of the parts
 	for u.geterr() == nil && err == nil {
 		num++
 		// This upload exceeded maximum number of supported parts, error now.
 		if num > int64(u.cfg.MaxUploadParts) || num > int64(MaxUploadParts) {
 			var msg string
 			if num > int64(u.cfg.MaxUploadParts) {
 				msg = fmt.Sprintf("exceeded total allowed configured MaxUploadParts (%d). Adjust PartSize to fit in this limit",
 					u.cfg.MaxUploadParts)
 			} else {
 				msg = fmt.Sprintf("exceeded total allowed S3 limit MaxUploadParts (%d). Adjust PartSize to fit in this limit",
 					MaxUploadParts)
 			}
 			u.seterr(awserr.New("TotalPartsExceeded", msg, nil))
 			break
 		}
 		var reader io.ReadSeeker
 		var nextChunkLen int
 		var part []byte
@ -576,6 +571,21 @@ func (u *multiuploader) upload(firstBuf io.ReadSeeker, firstPart []byte) (*Uploa
 			break
 		}
 		num++
 		// This upload exceeded maximum number of supported parts, error now.
 		if num > int64(u.cfg.MaxUploadParts) || num > int64(MaxUploadParts) {
 			var msg string
 			if num > int64(u.cfg.MaxUploadParts) {
 				msg = fmt.Sprintf("exceeded total allowed configured MaxUploadParts (%d). Adjust PartSize to fit in this limit",
 					u.cfg.MaxUploadParts)
 			} else {
 				msg = fmt.Sprintf("exceeded total allowed S3 limit MaxUploadParts (%d). Adjust PartSize to fit in this limit",
 					MaxUploadParts)
 			}
 			u.seterr(awserr.New("TotalPartsExceeded", msg, nil))
 			break
 		}
 		ch <- chunk{buf: reader, part: part, num: num}
 	}
@ -593,8 +603,18 @@ func (u *multiuploader) upload(firstBuf io.ReadSeeker, firstPart []byte) (*Uploa
 			uploadID: u.uploadID,
 		}
 	}
 	// Create a presigned URL of the S3 Get Object in order to have parity with
 	// single part upload.
 	getReq, _ := u.cfg.S3.GetObjectRequest(&s3.GetObjectInput{
 		Bucket: u.in.Bucket,
 		Key:    u.in.Key,
 	})
 	getReq.Config.Credentials = credentials.AnonymousCredentials
 	uploadLocation, _, _ := getReq.PresignRequest(1)
 	return &UploadOutput{
-		Location:  aws.StringValue(complete.Location),
+		Location:  uploadLocation,
 		VersionID: complete.VersionId,
 		UploadID:  u.uploadID,
 	}, nil
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload_input.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload_input.go
@ -39,7 +39,9 @@ type UploadInput struct {
 	// The language the content is in.
 	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
-	// The base64-encoded 128-bit MD5 digest of the part data.
+	// The base64-encoded 128-bit MD5 digest of the part data. This parameter is
 	// auto-populated when using the command from the CLI. This parameted is required
 	// if object lock parameters are specified.
 	ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
 	// A standard MIME type describing the format of the object data.
@ -71,10 +73,10 @@ type UploadInput struct {
 	// The Legal Hold status that you want to apply to the specified object.
 	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
-	// The Object Lock mode that you want to apply to this object.
+	// The object lock mode that you want to apply to this object.
 	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
-	// The date and time when you want this object's Object Lock to expire.
+	// The date and time when you want this object's object lock to expire.
 	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
 	// Confirms that the requester knows that she or he will be charged for the
@ -91,13 +93,18 @@ type UploadInput struct {
 	// does not store the encryption key. The key must be appropriate for use with
 	// the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
 	// header.
-	SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
 	// Amazon S3 uses this header for a message integrity check to ensure the encryption
 	// key was transmitted without error.
 	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
 	// Specifies the AWS KMS Encryption Context to use for object encryption. The
 	// value of this header is a base64-encoded UTF-8 string holding JSON with the
 	// encryption context key-value pairs.
 	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
 	// Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
 	// requests for an object protected by AWS KMS will fail if not made via SSL
 	// or using SigV4. Documentation on configuring any of the officially supported
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
@ -3,6 +3,7 @@ package s3
 import (
 	"crypto/md5"
 	"encoding/base64"
 	"net/http"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
@ -30,25 +31,54 @@ func validateSSERequiresSSL(r *request.Request) {
 	}
 }
-func computeSSEKeys(r *request.Request) {
+const (
-	headers := []string{
+	sseKeyHeader    = "x-amz-server-side-encryption-customer-key"
-		"x-amz-server-side-encryption-customer-key",
+	sseKeyMD5Header = sseKeyHeader + "-md5"
-		"x-amz-copy-source-server-side-encryption-customer-key",
+)
 func computeSSEKeyMD5(r *request.Request) {
 	var key string
 	if g, ok := r.Params.(sseCustomerKeyGetter); ok {
 		key = g.getSSECustomerKey()
 	}
-	for _, h := range headers {
+	computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
-		md5h := h + "-md5"
+}
 		if key := r.HTTPRequest.Header.Get(h); key != "" {
 			// Base64-encode the value
 			b64v := base64.StdEncoding.EncodeToString([]byte(key))
 			r.HTTPRequest.Header.Set(h, b64v)
-			// Add MD5 if it wasn't computed
+const (
-			if r.HTTPRequest.Header.Get(md5h) == "" {
+	copySrcSSEKeyHeader    = "x-amz-copy-source-server-side-encryption-customer-key"
-				sum := md5.Sum([]byte(key))
+	copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
-				b64sum := base64.StdEncoding.EncodeToString(sum[:])
+)
-				r.HTTPRequest.Header.Set(md5h, b64sum)
+
-			}
+func computeCopySourceSSEKeyMD5(r *request.Request) {
 	var key string
 	if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
 		key = g.getCopySourceSSECustomerKey()
 	}
 	computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
 }
 func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
 	if len(key) == 0 {
 		// Backwards compatiablity where user just set the header value instead
 		// of using the API parameter, or setting the header value for an
 		// operation without the parameters modeled.
 		key = r.Header.Get(keyHeader)
 		if len(key) == 0 {
 			return
 		}
 		// In backwards compatiable, the header's value is not base64 encoded,
 		// and needs to be encoded and updated by the SDK's customizations.
 		b64Key := base64.StdEncoding.EncodeToString([]byte(key))
 		r.Header.Set(keyHeader, b64Key)
 	}
 	// Only update Key's MD5 if not already set.
 	if len(r.Header.Get(keyMD5Header)) == 0 {
 		sum := md5.Sum([]byte(key))
 		keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
 		r.Header.Set(keyMD5Header, keyMD5)
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
@ -14,7 +14,7 @@ func copyMultipartStatusOKUnmarhsalError(r *request.Request) {
 	b, err := ioutil.ReadAll(r.HTTPResponse.Body)
 	if err != nil {
 		r.Error = awserr.NewRequestFailure(
-			awserr.New("SerializationError", "unable to read response body", err),
+			awserr.New(request.ErrCodeSerialization, "unable to read response body", err),
 			r.HTTPResponse.StatusCode,
 			r.RequestID,
 		)
@ -31,7 +31,7 @@ func copyMultipartStatusOKUnmarhsalError(r *request.Request) {
 	unmarshalError(r)
 	if err, ok := r.Error.(awserr.Error); ok && err != nil {
-		if err.Code() == "SerializationError" {
+		if err.Code() == request.ErrCodeSerialization {
 			r.Error = nil
 			return
 		}
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
@ -11,6 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
 )
 type xmlErrorResponse struct {
@ -26,40 +27,50 @@ func unmarshalError(r *request.Request) {
 	// Bucket exists in a different region, and request needs
 	// to be made to the correct region.
 	if r.HTTPResponse.StatusCode == http.StatusMovedPermanently {
 		msg := fmt.Sprintf(
 			"incorrect region, the bucket is not in '%s' region at endpoint '%s'",
 			aws.StringValue(r.Config.Region),
 			aws.StringValue(r.Config.Endpoint),
 		)
 		if v := r.HTTPResponse.Header.Get("x-amz-bucket-region"); len(v) != 0 {
 			msg += fmt.Sprintf(", bucket is in '%s' region", v)
 		}
 		r.Error = awserr.NewRequestFailure(
-			awserr.New("BucketRegionError",
+			awserr.New("BucketRegionError", msg, nil),
 				fmt.Sprintf("incorrect region, the bucket is not in '%s' region",
 					aws.StringValue(r.Config.Region)),
 				nil),
 			r.HTTPResponse.StatusCode,
 			r.RequestID,
 		)
 		return
 	}
 	var errCode, errMsg string
 	// Attempt to parse error from body if it is known
-	resp := &xmlErrorResponse{}
+	var errResp xmlErrorResponse
-	err := xml.NewDecoder(r.HTTPResponse.Body).Decode(resp)
+	err := xmlutil.UnmarshalXMLError(&errResp, r.HTTPResponse.Body)
-	if err != nil && err != io.EOF {
+	if err == io.EOF {
-		errCode = "SerializationError"
+		// Only capture the error if an unmarshal error occurs that is not EOF,
-		errMsg = "failed to decode S3 XML error response"
+		// because S3 might send an error without a error message which causes
-	} else {
+		// the XML unmarshal to fail with EOF.
 		errCode = resp.Code
 		errMsg = resp.Message
 		err = nil
 	}
 	if err != nil {
 		r.Error = awserr.NewRequestFailure(
 			awserr.New(request.ErrCodeSerialization,
 				"failed to unmarshal error message", err),
 			r.HTTPResponse.StatusCode,
 			r.RequestID,
 		)
 		return
 	}
 	// Fallback to status code converted to message if still no error code
-	if len(errCode) == 0 {
+	if len(errResp.Code) == 0 {
 		statusText := http.StatusText(r.HTTPResponse.StatusCode)
-		errCode = strings.Replace(statusText, " ", "", -1)
+		errResp.Code = strings.Replace(statusText, " ", "", -1)
-		errMsg = statusText
+		errResp.Message = statusText
 	}
 	r.Error = awserr.NewRequestFailure(
-		awserr.New(errCode, errMsg, err),
+		awserr.New(errResp.Code, errResp.Message, err),
 		r.HTTPResponse.StatusCode,
 		r.RequestID,
 	)
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
@ -1,12 +0,0 @@
 package sts
 import "github.com/aws/aws-sdk-go/aws/request"
 func init() {
 	initRequest = func(r *request.Request) {
 		switch r.Operation.Name {
 		case opAssumeRoleWithSAML, opAssumeRoleWithWebIdentity:
 			r.Handlers.Sign.Clear() // these operations are unsigned
 		}
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
@ -7,22 +7,14 @@
 // request temporary, limited-privilege credentials for AWS Identity and Access
 // Management (IAM) users or for users that you authenticate (federated users).
 // This guide provides descriptions of the STS API. For more detailed information
-// about using this service, go to Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
+// about using this service, go to Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
 //
 // As an alternative to using the API, you can use one of the AWS SDKs, which
 // consist of libraries and sample code for various programming languages and
 // platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient
 // way to create programmatic access to STS. For example, the SDKs take care
 // of cryptographically signing requests, managing errors, and retrying requests
 // automatically. For information about the AWS SDKs, including how to download
 // and install them, see the Tools for Amazon Web Services page (http://aws.amazon.com/tools/).
 //
 // For information about setting up signatures and authorization through the
-// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
+// API, go to Signing AWS API Requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
 // in the AWS General Reference. For general information about the Query API,
-// go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
+// go to Making Query Requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
 // in Using IAM. For information about using security tokens with other AWS
-// products, go to AWS Services That Work with IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
+// products, go to AWS Services That Work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
 // in the IAM User Guide.
 //
 // If you're new to AWS and need additional technical information about a specific
@ -31,14 +23,38 @@
 //
 // Endpoints
 //
-// The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com
+// By default, AWS Security Token Service (STS) is available as a global service,
-// that maps to the US East (N. Virginia) region. Additional regions are available
+// and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com.
-// and are activated by default. For more information, see Activating and Deactivating
+// Global requests map to the US East (N. Virginia) region. AWS recommends using
-// AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// Regional AWS STS endpoints instead of the global endpoint to reduce latency,
 // build in redundancy, and increase session token validity. For more information,
 // see Managing AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 // in the IAM User Guide.
 //
-// For information about STS endpoints, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region)
+// Most AWS Regions are enabled for operations in all AWS services by default.
-// in the AWS General Reference.
+// Those Regions are automatically activated for use with AWS STS. Some Regions,
 // such as Asia Pacific (Hong Kong), must be manually enabled. To learn more
 // about enabling and disabling AWS Regions, see Managing AWS Regions (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html)
 // in the AWS General Reference. When you enable these AWS Regions, they are
 // automatically activated for use with AWS STS. You cannot activate the STS
 // endpoint for a Region that is disabled. Tokens that are valid in all AWS
 // Regions are longer than tokens that are valid in Regions that are enabled
 // by default. Changing this setting might affect existing systems where you
 // temporarily store tokens. For more information, see Managing Global Endpoint
 // Session Tokens (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-manage-tokens)
 // in the IAM User Guide.
 //
 // After you activate a Region for use with AWS STS, you can direct AWS STS
 // API calls to that Region. AWS STS recommends that you provide both the Region
 // and endpoint when you make calls to a Regional endpoint. You can provide
 // the Region alone for manually enabled Regions, such as Asia Pacific (Hong
 // Kong). In this case, the calls are directed to the STS Regional endpoint.
 // However, if you provide the Region alone for Regions enabled by default,
 // the calls are directed to the global endpoint of https://sts.amazonaws.com.
 //
 // To view the list of AWS STS endpoints and whether they are active by default,
 // see Writing Code to Use AWS STS Regions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#id_credentials_temp_enable-regions_writing_code)
 // in the IAM User Guide.
 //
 // Recording API requests
 //
@ -46,8 +62,28 @@
 // your AWS account and delivers log files to an Amazon S3 bucket. By using
 // information collected by CloudTrail, you can determine what requests were
 // successfully made to STS, who made the request, when it was made, and so
-// on. To learn more about CloudTrail, including how to turn it on and find
+// on.
-// your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
+//
 // If you activate AWS STS endpoints in Regions other than the default global
 // endpoint, then you must also turn on CloudTrail logging in those Regions.
 // This is necessary to record any AWS STS API calls that are made in those
 // Regions. For more information, see Turning On CloudTrail in Additional Regions
 // (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/aggregating_logs_regions_turn_on_ct.html)
 // in the AWS CloudTrail User Guide.
 //
 // AWS Security Token Service (STS) is a global service with a single endpoint
 // at https://sts.amazonaws.com. Calls to this endpoint are logged as calls
 // to a global service. However, because this endpoint is physically located
 // in the US East (N. Virginia) Region, your logs list us-east-1 as the event
 // Region. CloudTrail does not write these logs to the US East (Ohio) Region
 // unless you choose to include global service logs in that Region. CloudTrail
 // writes calls to all Regional endpoints to their respective Regions. For example,
 // calls to sts.us-east-2.amazonaws.com are published to the US East (Ohio)
 // Region and calls to sts.eu-central-1.amazonaws.com are published to the EU
 // (Frankfurt) Region.
 //
 // To learn more about CloudTrail, including how to turn it on and find your
 // log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
 //
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
@ -67,7 +67,7 @@ const (
 	// STS is not activated in the requested region for the account that is being
 	// asked to generate credentials. The account administrator must use the IAM
 	// console to activate STS in that region. For more information, see Activating
-	// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+	// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 	// in the IAM User Guide.
 	ErrCodeRegionDisabledException = "RegionDisabledException"
 )
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
@ -0,0 +1,96 @@
 // Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
 // Package stsiface provides an interface to enable mocking the AWS Security Token Service service client
 // for testing your code.
 //
 // It is important to note that this interface will have breaking changes
 // when the service model is updated and adds new API operations, paginators,
 // and waiters.
 package stsiface
 import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/service/sts"
 )
 // STSAPI provides an interface to enable mocking the
 // sts.STS service client's API operation,
 // paginators, and waiters. This make unit testing your code that calls out
 // to the SDK's service client's calls easier.
 //
 // The best way to use this interface is so the SDK's service client's calls
 // can be stubbed out for unit testing your code with the SDK without needing
 // to inject custom request handlers into the SDK's request pipeline.
 //
 //    // myFunc uses an SDK service client to make a request to
 //    // AWS Security Token Service.
 //    func myFunc(svc stsiface.STSAPI) bool {
 //        // Make svc.AssumeRole request
 //    }
 //
 //    func main() {
 //        sess := session.New()
 //        svc := sts.New(sess)
 //
 //        myFunc(svc)
 //    }
 //
 // In your _test.go file:
 //
 //    // Define a mock struct to be used in your unit tests of myFunc.
 //    type mockSTSClient struct {
 //        stsiface.STSAPI
 //    }
 //    func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
 //        // mock response/functionality
 //    }
 //
 //    func TestMyFunc(t *testing.T) {
 //        // Setup Test
 //        mockSvc := &mockSTSClient{}
 //
 //        myfunc(mockSvc)
 //
 //        // Verify myFunc's functionality
 //    }
 //
 // It is important to note that this interface will have breaking changes
 // when the service model is updated and adds new API operations, paginators,
 // and waiters. Its suggested to use the pattern above for testing, or using
 // tooling to generate mocks to satisfy the interfaces.
 type STSAPI interface {
 	AssumeRole(*sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
 	AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
 	AssumeRoleRequest(*sts.AssumeRoleInput) (*request.Request, *sts.AssumeRoleOutput)
 	AssumeRoleWithSAML(*sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error)
 	AssumeRoleWithSAMLWithContext(aws.Context, *sts.AssumeRoleWithSAMLInput, ...request.Option) (*sts.AssumeRoleWithSAMLOutput, error)
 	AssumeRoleWithSAMLRequest(*sts.AssumeRoleWithSAMLInput) (*request.Request, *sts.AssumeRoleWithSAMLOutput)
 	AssumeRoleWithWebIdentity(*sts.AssumeRoleWithWebIdentityInput) (*sts.AssumeRoleWithWebIdentityOutput, error)
 	AssumeRoleWithWebIdentityWithContext(aws.Context, *sts.AssumeRoleWithWebIdentityInput, ...request.Option) (*sts.AssumeRoleWithWebIdentityOutput, error)
 	AssumeRoleWithWebIdentityRequest(*sts.AssumeRoleWithWebIdentityInput) (*request.Request, *sts.AssumeRoleWithWebIdentityOutput)
 	DecodeAuthorizationMessage(*sts.DecodeAuthorizationMessageInput) (*sts.DecodeAuthorizationMessageOutput, error)
 	DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error)
 	DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput)
 	GetAccessKeyInfo(*sts.GetAccessKeyInfoInput) (*sts.GetAccessKeyInfoOutput, error)
 	GetAccessKeyInfoWithContext(aws.Context, *sts.GetAccessKeyInfoInput, ...request.Option) (*sts.GetAccessKeyInfoOutput, error)
 	GetAccessKeyInfoRequest(*sts.GetAccessKeyInfoInput) (*request.Request, *sts.GetAccessKeyInfoOutput)
 	GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error)
 	GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error)
 	GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput)
 	GetFederationToken(*sts.GetFederationTokenInput) (*sts.GetFederationTokenOutput, error)
 	GetFederationTokenWithContext(aws.Context, *sts.GetFederationTokenInput, ...request.Option) (*sts.GetFederationTokenOutput, error)
 	GetFederationTokenRequest(*sts.GetFederationTokenInput) (*request.Request, *sts.GetFederationTokenOutput)
 	GetSessionToken(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error)
 	GetSessionTokenWithContext(aws.Context, *sts.GetSessionTokenInput, ...request.Option) (*sts.GetSessionTokenOutput, error)
 	GetSessionTokenRequest(*sts.GetSessionTokenInput) (*request.Request, *sts.GetSessionTokenOutput)
 }
 var _ STSAPI = (*sts.STS)(nil)
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -81,7 +81,7 @@ github.com/approvals/go-approval-tests/utils
 github.com/armon/go-metrics
 # github.com/armon/go-radix v1.0.0
 github.com/armon/go-radix
-# github.com/aws/aws-sdk-go v1.16.24
+# github.com/aws/aws-sdk-go v1.22.2
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/ec2metadata
 github.com/aws/aws-sdk-go/aws/session
@ -119,10 +119,11 @@ github.com/aws/aws-sdk-go/private/protocol/eventstream
 github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi
 github.com/aws/aws-sdk-go/private/protocol/rest
 github.com/aws/aws-sdk-go/private/protocol/restxml
 github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil
 github.com/aws/aws-sdk-go/service/s3/s3iface
 github.com/aws/aws-sdk-go/service/sts/stsiface
 github.com/aws/aws-sdk-go/aws/credentials/endpointcreds
 github.com/aws/aws-sdk-go/private/protocol/query/queryutil
 github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil
 github.com/aws/aws-sdk-go/private/protocol/json/jsonutil
 # github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d
 github.com/bgentry/go-netrc/netrc