From 3380f0094e6ffc7c089998478af75b3d18cd34d6 Mon Sep 17 00:00:00 2001
From: Altay Aliyev <altush.aliyev@gmail.com>
Date: Fri, 2 Mar 2018 17:29:44 +0100
Subject: [PATCH 01/71] rebased with upstream/master

---
 aws/resource_aws_dms_endpoint.go          | 151 ++++++++++----
 aws/resource_aws_dms_endpoint_test.go     | 228 ++++++++++++++--------
 website/docs/r/dms_endpoint.html.markdown |   6 +-
 3 files changed, 272 insertions(+), 113 deletions(-)

diff --git a/aws/resource_aws_dms_endpoint.go b/aws/resource_aws_dms_endpoint.go
index 7bce1c2310c..efb952f316d 100644
--- a/aws/resource_aws_dms_endpoint.go
+++ b/aws/resource_aws_dms_endpoint.go
@@ -1,6 +1,7 @@
 package aws
 
 import (
+	"fmt"
 	"log"
 	"strings"
 	"time"
@@ -71,6 +72,7 @@ func resourceAwsDmsEndpoint() *schema.Resource {
 					"redshift",
 					"sybase",
 					"sqlserver",
+					"s3",
 				}, false),
 			},
 			"extra_connection_attributes": {
@@ -79,11 +81,12 @@ func resourceAwsDmsEndpoint() *schema.Resource {
 				Optional: true,
 			},
 			"kms_key_arn": {
-				Type:         schema.TypeString,
-				Computed:     true,
-				Optional:     true,
-				ForceNew:     true,
-				ValidateFunc: validateArn,
+				Type:          schema.TypeString,
+				Computed:      true,
+				Optional:      true,
+				ForceNew:      true,
+				ConflictsWith: []string{"bucket_name", "bucket_folder"},
+				ValidateFunc:  validateArn,
 			},
 			"password": {
 				Type:      schema.TypeString,
@@ -117,6 +120,14 @@ func resourceAwsDmsEndpoint() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"bucket_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"bucket_folder": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -131,12 +142,42 @@ func resourceAwsDmsEndpointCreate(d *schema.ResourceData, meta interface{}) erro
 		Tags:               dmsTagsFromMap(d.Get("tags").(map[string]interface{})),
 	}
 
+	switch d.Get("engine_name").(string) {
 	// if dynamodb then add required params
-	if d.Get("engine_name").(string) == "dynamodb" {
+	case "dynamodb":
 		request.DynamoDbSettings = &dms.DynamoDbSettings{
 			ServiceAccessRoleArn: aws.String(d.Get("service_access_role").(string)),
 		}
-	} else {
+	case "s3":
+		request.S3Settings = &dms.S3Settings{
+			BucketName:           aws.String(d.Get("bucket_name").(string)),
+			BucketFolder:         aws.String(d.Get("bucket_folder").(string)),
+			ServiceAccessRoleArn: aws.String(d.Get("service_access_role").(string)),
+
+			// By default extra variables (should be set):
+			CompressionType: aws.String("GZIP"),
+			CsvDelimiter:    aws.String(","),
+			CsvRowDelimiter: aws.String("\\n"),
+		}
+
+		// if extra_connection_attributes is set. Then parse the varaiables.
+		if v, ok := d.GetOk("extra_connection_attributes"); ok {
+			elems := strings.Split(v.(string), ";")
+			if len(elems) > 0 {
+				for _, elem := range elems {
+					vals := strings.Split(elem, "=")
+					if strings.Contains(strings.ToLower(vals[0]), "compressiontype") {
+						request.S3Settings.CompressionType = aws.String(vals[1])
+					} else if strings.Contains(strings.ToLower(vals[0]), "csvdelimiter") {
+						request.S3Settings.CsvDelimiter = aws.String(vals[1])
+					} else if strings.Contains(strings.ToLower(vals[0]), "csvrowdelimiter") {
+						request.S3Settings.CsvRowDelimiter = aws.String(vals[1])
+					}
+				}
+			}
+		}
+
+	default:
 		request.Password = aws.String(d.Get("password").(string))
 		request.Port = aws.Int64(int64(d.Get("port").(int)))
 		request.ServerName = aws.String(d.Get("server_name").(string))
@@ -148,17 +189,17 @@ func resourceAwsDmsEndpointCreate(d *schema.ResourceData, meta interface{}) erro
 		if v, ok := d.GetOk("extra_connection_attributes"); ok {
 			request.ExtraConnectionAttributes = aws.String(v.(string))
 		}
+		if v, ok := d.GetOk("kms_key_arn"); ok {
+			request.KmsKeyId = aws.String(v.(string))
+		}
+		if v, ok := d.GetOk("ssl_mode"); ok {
+			request.SslMode = aws.String(v.(string))
+		}
 	}
 
 	if v, ok := d.GetOk("certificate_arn"); ok {
 		request.CertificateArn = aws.String(v.(string))
 	}
-	if v, ok := d.GetOk("kms_key_arn"); ok {
-		request.KmsKeyId = aws.String(v.(string))
-	}
-	if v, ok := d.GetOk("ssl_mode"); ok {
-		request.SslMode = aws.String(v.(string))
-	}
 
 	log.Println("[DEBUG] DMS create endpoint:", request)
 
@@ -228,6 +269,11 @@ func resourceAwsDmsEndpointUpdate(d *schema.ResourceData, meta interface{}) erro
 	}
 	hasChanges := false
 
+	if d.HasChange("endpoint_type") {
+		request.EndpointType = aws.String(d.Get("endpoint_type").(string))
+		hasChanges = true
+	}
+
 	if d.HasChange("certificate_arn") {
 		request.CertificateArn = aws.String(d.Get("certificate_arn").(string))
 		hasChanges = true
@@ -238,26 +284,50 @@ func resourceAwsDmsEndpointUpdate(d *schema.ResourceData, meta interface{}) erro
 		hasChanges = true
 	}
 
-	if d.HasChange("service_access_role") {
-		request.DynamoDbSettings = &dms.DynamoDbSettings{
-			ServiceAccessRoleArn: aws.String(d.Get("service_access_role").(string)),
-		}
-		hasChanges = true
-	}
-
-	if d.HasChange("endpoint_type") {
-		request.EndpointType = aws.String(d.Get("endpoint_type").(string))
-		hasChanges = true
-	}
-
 	if d.HasChange("engine_name") {
 		request.EngineName = aws.String(d.Get("engine_name").(string))
 		hasChanges = true
 	}
 
-	if d.HasChange("extra_connection_attributes") {
-		request.ExtraConnectionAttributes = aws.String(d.Get("extra_connection_attributes").(string))
-		hasChanges = true
+	switch d.Get("engine_name").(string) {
+	case "dynamodb":
+		if d.HasChange("service_access_role") {
+			request.DynamoDbSettings = &dms.DynamoDbSettings{
+				ServiceAccessRoleArn: aws.String(d.Get("service_access_role").(string)),
+			}
+			hasChanges = true
+		}
+	case "s3":
+		if d.HasChange("service_access_role") || d.HasChange("bucket_name") || d.HasChange("bucket_folder") || d.HasChange("extra_connection_attributes") {
+			request.S3Settings = &dms.S3Settings{
+				ServiceAccessRoleArn: aws.String(d.Get("service_access_role").(string)),
+				BucketFolder:         aws.String(d.Get("bucket_folder").(string)),
+				BucketName:           aws.String(d.Get("bucket_name").(string)),
+			}
+
+			elems := strings.Split(d.Get("extra_connection_attributes").(string), ";")
+			if len(elems) > 0 {
+				for _, elem := range elems {
+					vals := strings.Split(elem, "=")
+					if strings.Contains(strings.ToLower(vals[0]), "compressiontype") {
+						request.S3Settings.CompressionType = aws.String(vals[1])
+					} else if strings.Contains(strings.ToLower(vals[0]), "csvdelimiter") {
+						request.S3Settings.CsvDelimiter = aws.String(vals[1])
+					} else if strings.Contains(strings.ToLower(vals[0]), "csvrowdelimiter") {
+						request.S3Settings.CsvRowDelimiter = aws.String(vals[1])
+					}
+				}
+			}
+
+			hasChanges = true
+
+			goto DONE
+		}
+	default:
+		if d.HasChange("extra_connection_attributes") {
+			request.ExtraConnectionAttributes = aws.String(d.Get("extra_connection_attributes").(string))
+			hasChanges = true
+		}
 	}
 
 	if d.HasChange("password") {
@@ -292,6 +362,7 @@ func resourceAwsDmsEndpointUpdate(d *schema.ResourceData, meta interface{}) erro
 		}
 	}
 
+DONE:
 	if hasChanges {
 		log.Println("[DEBUG] DMS update endpoint:", request)
 
@@ -333,22 +404,36 @@ func resourceAwsDmsEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoi
 	d.Set("endpoint_type", strings.ToLower(*endpoint.EndpointType))
 	d.Set("engine_name", endpoint.EngineName)
 
-	if *endpoint.EngineName == "dynamodb" {
+	switch *endpoint.EngineName {
+	case "dynamodb":
 		if endpoint.DynamoDbSettings != nil {
 			d.Set("service_access_role", endpoint.DynamoDbSettings.ServiceAccessRoleArn)
 		} else {
 			d.Set("service_access_role", "")
 		}
-	} else {
+	case "s3":
+		if endpoint.S3Settings != nil {
+			d.Set("service_access_role", endpoint.S3Settings.ServiceAccessRoleArn)
+			d.Set("bucket_folder", endpoint.S3Settings.BucketFolder)
+			d.Set("bucket_name", endpoint.S3Settings.BucketName)
+			d.Set("extra_connection_attributes",
+				aws.String(fmt.Sprintf("compressionType=%s;csvDelimiter=%s;csvRowDelimiter=%s",
+					*endpoint.S3Settings.CompressionType, *endpoint.S3Settings.CsvDelimiter, *endpoint.S3Settings.CsvRowDelimiter)))
+		} else {
+			d.Set("service_access_role", "")
+			d.Set("bucket_folder", "")
+			d.Set("bucket_name", "")
+			d.Set("extra_connection_attributes", "")
+		}
+	default:
 		d.Set("database_name", endpoint.DatabaseName)
 		d.Set("extra_connection_attributes", endpoint.ExtraConnectionAttributes)
 		d.Set("port", endpoint.Port)
 		d.Set("server_name", endpoint.ServerName)
 		d.Set("username", endpoint.Username)
+		d.Set("kms_key_arn", endpoint.KmsKeyId)
+		d.Set("ssl_mode", endpoint.SslMode)
 	}
 
-	d.Set("kms_key_arn", endpoint.KmsKeyId)
-	d.Set("ssl_mode", endpoint.SslMode)
-
 	return nil
 }
diff --git a/aws/resource_aws_dms_endpoint_test.go b/aws/resource_aws_dms_endpoint_test.go
index b094e4b5eb8..6097e557268 100644
--- a/aws/resource_aws_dms_endpoint_test.go
+++ b/aws/resource_aws_dms_endpoint_test.go
@@ -50,7 +50,39 @@ func TestAccAWSDmsEndpointBasic(t *testing.T) {
 	})
 }
 
-func TestAccAWSDmsEndpointDynamoDb(t *testing.T) {
+func TestAccAwsDmsEndpointS3(t *testing.T) {
+	resourceName := "aws_dms_endpoint.dms_point"
+	randId := acctest.RandString(8) + "-s3"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: dmsEndpointDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: dmsEndpointS3Config(randId),
+				Check: resource.ComposeTestCheckFunc(
+					checkDmsEndpointExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"password"},
+			},
+			{
+				Config: dmsEndpointS3ConfigUpdate(randId),
+				Check: resource.ComposeTestCheckFunc(
+					checkDmsEndpointExists(resourceName),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAwsDmsEndpointDynamoDb(t *testing.T) {
 	resourceName := "aws_dms_endpoint.dms_endpoint"
 	randId := acctest.RandString(8) + "-dynamodb"
 
@@ -174,125 +206,165 @@ resource "aws_dms_endpoint" "dms_endpoint" {
 `, randId)
 }
 
-func dmsEndpointDynamoDbConfig(randId string) string {
+func dmsEndpointTargetConfig(randId string, engineName string, actionList string) string {
 	return fmt.Sprintf(`
 resource "aws_dms_endpoint" "dms_endpoint" {
-	endpoint_id = "tf-test-dms-endpoint-%[1]s"
-	endpoint_type = "target"
-	engine_name = "dynamodb"
-	service_access_role = "${aws_iam_role.iam_role.arn}"
-	ssl_mode = "none"
-	tags {
-		Name = "tf-test-dynamodb-endpoint-%[1]s"
-		Update = "to-update"
-		Remove = "to-remove"
-	}
+endpoint_id = "tf-test-dms-endpoint-%[1]s"
+endpoint_type = "target"
+engine_name = "%[2]s"
+service_access_role = "${aws_iam_role.iam_role.arn}"
+ssl_mode = "none"
+tags {
+	Name = "tf-test-%[2]s-endpoint-%[1]s"
+	Update = "to-update"
+	Remove = "to-remove"
+}
 
-	depends_on = ["aws_iam_role_policy.dms_dynamodb_access"]
+depends_on = ["aws_iam_role_policy.dms_%[2]s_access"]
 }
 resource "aws_iam_role" "iam_role" {
-  name = "tf-test-iam-dynamodb-role-%[1]s"
+name = "tf-test-iam-%[2]s-role-%[1]s"
 
-  assume_role_policy = <<EOF
+assume_role_policy = <<EOF
 {
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "dms.amazonaws.com"
-      },
-      "Effect": "Allow"
-    }
-  ]
+"Version": "2012-10-17",
+"Statement": [
+	{
+		"Action": "sts:AssumeRole",
+		"Principal": {
+			"Service": "dms.amazonaws.com"
+		},
+		"Effect": "Allow"
+	}
+]
 }
 EOF
 }
 
-resource "aws_iam_role_policy" "dms_dynamodb_access" {
-  name = "tf-test-iam-dynamodb-role-policy-%[1]s"
-  role = "${aws_iam_role.iam_role.name}"
+resource "aws_iam_role_policy" "dms_%[2]s_access" {
+name = "tf-test-iam-%[2]s-role-policy-%[1]s"
+role = "${aws_iam_role.iam_role.name}"
 
-  policy = <<EOF
+policy = <<EOF
 {
 "Version": "2012-10-17",
 "Statement": [
 {
-    "Effect": "Allow",
-    "Action": [
-        "dynamodb:PutItem",
-        "dynamodb:CreateTable",
-        "dynamodb:DescribeTable",
-        "dynamodb:DeleteTable",
-        "dynamodb:DeleteItem",
-        "dynamodb:ListTables"
-    ],
-    "Resource": "*"
+	"Effect": "Allow",
+	"Action": [
+			%[3]s
+	],
+	"Resource": "*"
 }
 ]
 }
 EOF
 }
 
-`, randId)
+`, randId, engineName, actionList)
 }
 
-func dmsEndpointDynamoDbConfigUpdate(randId string) string {
+func dmsEndpointTargetUpdateConfig(randId string, engineName string, actionList string) string {
 	return fmt.Sprintf(`
 resource "aws_dms_endpoint" "dms_endpoint" {
-	endpoint_id = "tf-test-dms-endpoint-%[1]s"
-	endpoint_type = "target"
-	engine_name = "dynamodb"
-	service_access_role = "${aws_iam_role.iam_role.arn}"
-	ssl_mode = "none"
-	tags {
-		Name = "tf-test-dynamodb-endpoint-%[1]s"
-		Update = "updated"
-		Add = "added"
-	}
+endpoint_id = "tf-test-dms-endpoint-%[1]s"
+endpoint_type = "target"
+engine_name = "%[2]s"
+service_access_role = "${aws_iam_role.iam_role.arn}"
+ssl_mode = "none"
+tags {
+	Name = "tf-test-%[2]s-endpoint-%[1]s"
+	Update = "updated"
+	Add = "added"
+}
 }
 resource "aws_iam_role" "iam_role" {
-  name = "tf-test-iam-dynamodb-role-%[1]s"
+name = "tf-test-iam-%[2]s-role-%[1]s"
 
-  assume_role_policy = <<EOF
+assume_role_policy = <<EOF
 {
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "dms.amazonaws.com"
-      },
-      "Effect": "Allow"
-    }
-  ]
+"Version": "2012-10-17",
+"Statement": [
+	{
+		"Action": "sts:AssumeRole",
+		"Principal": {
+			"Service": "dms.amazonaws.com"
+		},
+		"Effect": "Allow"
+	}
+]
 }
 EOF
 }
 
-resource "aws_iam_role_policy" "dms_dynamodb_access" {
-  name = "tf-test-iam-dynamodb-role-policy-%[1]s"
-  role = "${aws_iam_role.iam_role.name}"
+resource "aws_iam_role_policy" "dms_%[2]s_access" {
+name = "tf-test-iam-%[2]s-role-policy-%[1]s"
+role = "${aws_iam_role.iam_role.name}"
 
-  policy = <<EOF
+policy = <<EOF
 {
 "Version": "2012-10-17",
 "Statement": [
 {
-    "Effect": "Allow",
-    "Action": [
-        "dynamodb:PutItem",
-        "dynamodb:CreateTable",
-        "dynamodb:DescribeTable",
-        "dynamodb:DeleteTable",
-        "dynamodb:DeleteItem",
-        "dynamodb:ListTables"
-    ],
-    "Resource": "*"
+	"Effect": "Allow",
+	"Action": [
+			%[3]s
+	],
+	"Resource": "*"
 }
 ]
 }
 EOF
 }
-`, randId)
+`, randId, engineName, actionList)
+}
+
+func dmsEndpointDynamoDbConfig(randId string) string {
+	return dmsEndpointTargetConfig(randId, "dynamodb", `
+		"dynamodb:PutItem",
+		"dynamodb:CreateTable",
+		"dynamodb:DescribeTable",
+		"dynamodb:DeleteTable",
+		"dynamodb:DeleteItem",
+		"dynamodb:ListTables"`)
+}
+
+func dmsEndpointDynamoDbConfigUpdate(randId string) string {
+	return dmsEndpointTargetUpdateConfig(randId, "dynamodb", `
+		"dynamodb:PutItem",
+		"dynamodb:CreateTable",
+		"dynamodb:DescribeTable",
+		"dynamodb:DeleteTable",
+		"dynamodb:DeleteItem",
+		"dynamodb:ListTables"`)
+}
+
+func dmsEndpointS3Config(randId string) string {
+	return dmsEndpointTargetConfig(randId, "s3", `
+		"s3:CreateBucket",
+		"s3:ListBucket",
+		"s3:DeleteBucket",
+		"s3:GetBucketLocation",
+		"s3:GetObject",
+		"s3:PutObject",
+		"s3:DeleteObject",
+		"s3:GetObjectVersion",
+		"s3:GetBucketPolicy",
+		"s3:PutBucketPolicy",
+		"s3:DeleteBucketPolicy"`)
+}
+
+func dmsEndpointS3ConfigUpdate(randId string) string {
+	return dmsEndpointTargetUpdateConfig(randId, "s3", `
+		"s3:CreateBucket",
+		"s3:ListBucket",
+		"s3:DeleteBucket",
+		"s3:GetBucketLocation",
+		"s3:GetObject",
+		"s3:PutObject",
+		"s3:DeleteObject",
+		"s3:GetObjectVersion",
+		"s3:GetBucketPolicy",
+		"s3:PutBucketPolicy",
+		"s3:DeleteBucketPolicy"`)
 }
diff --git a/website/docs/r/dms_endpoint.html.markdown b/website/docs/r/dms_endpoint.html.markdown
index d43e9fcfeed..42f83f86053 100644
--- a/website/docs/r/dms_endpoint.html.markdown
+++ b/website/docs/r/dms_endpoint.html.markdown
@@ -53,7 +53,7 @@ The following arguments are supported:
     - Must not contain two consecutive hyphens
 
 * `endpoint_type` - (Required) The type of endpoint. Can be one of `source | target`.
-* `engine_name` - (Required) The type of engine for the endpoint. Can be one of `mysql | oracle | postgres | mariadb | aurora | redshift | sybase | sqlserver | dynamodb`.
+* `engine_name` - (Required) The type of engine for the endpoint. Can be one of `mysql | oracle | postgres | mariadb | aurora | redshift | sybase | sqlserver | dynamodb | s3`.
 * `extra_connection_attributes` - (Optional) Additional attributes associated with the connection. For available attributes see [Using Extra Connection Attributes with AWS Database Migration Service](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Introduction.ConnectionAttributes.html).
 * `kms_key_arn` - (Optional) The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.
 * `password` - (Optional) The password to be used to login to the endpoint database.
@@ -62,7 +62,9 @@ The following arguments are supported:
 * `ssl_mode` - (Optional, Default: none) The SSL mode to use for the connection. Can be one of `none | require | verify-ca | verify-full`
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 * `username` - (Optional) The user name to be used to login to the endpoint database.
-* `service_access_role` (Optional) The Amazon Resource Name (ARN) used by the service access IAM role for dynamodb endpoints.
+* `service_access_role` (Optional) The Amazon Resource Name (ARN) used by the service access IAM role for `dynamodb | s3` endpoints.
+* `bucket_name` - (Optional) The S3 bucket name.
+* `bucket_folder` - (Optional) If provided, tables are created in the path <bucket_folder>/<schema_name>/<table_name>/.
 
 ## Attributes Reference
 

From 24bca471b59520e19075b488cfd5342757cb5c25 Mon Sep 17 00:00:00 2001
From: Artem Iarmoliuk <koolgen@gmail.com>
Date: Wed, 25 Apr 2018 20:05:25 +0300
Subject: [PATCH 02/71] r/launch_template: Document base64 user-data

---
 website/docs/r/launch_template.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/r/launch_template.html.markdown b/website/docs/r/launch_template.html.markdown
index d5a55beea3f..a4af2a67c97 100644
--- a/website/docs/r/launch_template.html.markdown
+++ b/website/docs/r/launch_template.html.markdown
@@ -113,7 +113,7 @@ The following arguments are supported:
   `vpc_security_group_ids` instead.
 * `vpc_security_group_ids` - A list of security group IDs to associate with.
 * `tag_specifications` - The tags to apply to the resources during launch. See [Tags](#tags) below for more details.
-* `user_data` - The user data to provide when launching the instance.
+* `user_data` - The Base64-encoded user data to provide when launching the instance.
 
 ### Block devices
 

From 1e0856796b6a81239528630a1b533d82fc1ec919 Mon Sep 17 00:00:00 2001
From: Artem Iarmoliuk <koolgen@gmail.com>
Date: Wed, 25 Apr 2018 20:07:17 +0300
Subject: [PATCH 03/71] r/launch_template: Fix iops

---
 aws/resource_aws_launch_template.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/aws/resource_aws_launch_template.go b/aws/resource_aws_launch_template.go
index bed22574eab..95d61d7dd91 100644
--- a/aws/resource_aws_launch_template.go
+++ b/aws/resource_aws_launch_template.go
@@ -89,6 +89,7 @@ func resourceAwsLaunchTemplate() *schema.Resource {
 									},
 									"iops": {
 										Type:     schema.TypeInt,
+										Computed: true,
 										Optional: true,
 									},
 									"kms_key_id": {
@@ -916,8 +917,8 @@ func readEbsBlockDeviceFromConfig(ebs map[string]interface{}) *ec2.LaunchTemplat
 		ebsDevice.Encrypted = aws.Bool(v.(bool))
 	}
 
-	if v := ebs["iops"]; v != nil {
-		ebsDevice.Iops = aws.Int64(int64(v.(int)))
+	if v := ebs["iops"].(int); v > 0 {
+		ebsDevice.Iops = aws.Int64(int64(v))
 	}
 
 	if v := ebs["kms_key_id"].(string); v != "" {

From 8fe9444385d7cf4bc52c67f54bd7af1aa28546a4 Mon Sep 17 00:00:00 2001
From: Artem Iarmoliuk <koolgen@gmail.com>
Date: Wed, 25 Apr 2018 20:10:30 +0300
Subject: [PATCH 04/71] r/launch_template: Add validations and conflictswith

---
 aws/resource_aws_launch_template.go | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/aws/resource_aws_launch_template.go b/aws/resource_aws_launch_template.go
index 95d61d7dd91..2497f717ba7 100644
--- a/aws/resource_aws_launch_template.go
+++ b/aws/resource_aws_launch_template.go
@@ -93,8 +93,9 @@ func resourceAwsLaunchTemplate() *schema.Resource {
 										Optional: true,
 									},
 									"kms_key_id": {
-										Type:     schema.TypeString,
-										Optional: true,
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: validateArn,
 									},
 									"snapshot_id": {
 										Type:     schema.TypeString,
@@ -103,10 +104,12 @@ func resourceAwsLaunchTemplate() *schema.Resource {
 									"volume_size": {
 										Type:     schema.TypeInt,
 										Optional: true,
+										Computed: true,
 									},
 									"volume_type": {
 										Type:     schema.TypeString,
 										Optional: true,
+										Computed: true,
 									},
 								},
 							},
@@ -159,8 +162,10 @@ func resourceAwsLaunchTemplate() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"arn": {
-							Type:     schema.TypeString,
-							Optional: true,
+							Type:          schema.TypeString,
+							Optional:      true,
+							ConflictsWith: []string{"iam_instance_profile.0.name"},
+							ValidateFunc:  validateArn,
 						},
 						"name": {
 							Type:     schema.TypeString,
@@ -363,9 +368,10 @@ func resourceAwsLaunchTemplate() *schema.Resource {
 			},
 
 			"security_group_names": {
-				Type:     schema.TypeSet,
-				Optional: true,
-				Elem:     &schema.Schema{Type: schema.TypeString},
+				Type:          schema.TypeSet,
+				Optional:      true,
+				Elem:          &schema.Schema{Type: schema.TypeString},
+				ConflictsWith: []string{"vpc_security_group_ids"},
 			},
 
 			"vpc_security_group_ids": {

From 868c69ea9c892d5b77d6b276822b99c703a685ec Mon Sep 17 00:00:00 2001
From: Douglas <dmachado@objective.com.br>
Date: Thu, 26 Apr 2018 10:23:11 -0300
Subject: [PATCH 05/71] Support for proxy protocol 2 attribute

---
 aws/resource_aws_lb_target_group.go      | 13 ++++++++
 aws/resource_aws_lb_target_group_test.go | 40 ++++++++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/aws/resource_aws_lb_target_group.go b/aws/resource_aws_lb_target_group.go
index 7222b853300..687dea742dd 100644
--- a/aws/resource_aws_lb_target_group.go
+++ b/aws/resource_aws_lb_target_group.go
@@ -83,6 +83,12 @@ func resourceAwsLbTargetGroup() *schema.Resource {
 				ValidateFunc: validation.IntBetween(0, 3600),
 			},
 
+			"proxy_protocol_v2": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+
 			"target_type": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -333,6 +339,13 @@ func resourceAwsLbTargetGroupUpdate(d *schema.ResourceData, meta interface{}) er
 		})
 	}
 
+	if d.HasChange("proxy_protocol_v2") {
+		attrs = append(attrs, &elbv2.TargetGroupAttribute{
+			Key:   aws.String("proxy_protocol_v2.enabled"),
+			Value: aws.String(strconv.FormatBool(d.Get("proxy_protocol_v2").(bool))),
+		})
+	}
+
 	// In CustomizeDiff we allow LB stickiness to be declared for TCP target
 	// groups, so long as it's not enabled. This allows for better support for
 	// modules, but also means we need to completely skip sending the data to the
diff --git a/aws/resource_aws_lb_target_group_test.go b/aws/resource_aws_lb_target_group_test.go
index 259ba5b314a..b8580558333 100644
--- a/aws/resource_aws_lb_target_group_test.go
+++ b/aws/resource_aws_lb_target_group_test.go
@@ -106,6 +106,7 @@ func TestAccAWSLBTargetGroup_networkLB_TargetGroup(t *testing.T) {
 					resource.TestCheckResourceAttr("aws_lb_target_group.test", "protocol", "TCP"),
 					resource.TestCheckResourceAttrSet("aws_lb_target_group.test", "vpc_id"),
 					resource.TestCheckResourceAttr("aws_lb_target_group.test", "deregistration_delay", "200"),
+					resource.TestCheckResourceAttr("aws_lb_target_group.test", "proxy_protocol_v2", "false"),
 					resource.TestCheckResourceAttr("aws_lb_target_group.test", "health_check.#", "1"),
 					resource.TestCheckResourceAttr("aws_lb_target_group.test", "health_check.0.interval", "10"),
 					testAccCheckAWSLBTargetGroupHealthCheckInterval(&confBefore, 10),
@@ -156,6 +157,13 @@ func TestAccAWSLBTargetGroup_networkLB_TargetGroup(t *testing.T) {
 				ExpectNonEmptyPlan: true,
 				ExpectError:        regexp.MustCompile("Health check interval cannot be updated"),
 			},
+			{
+				Config: testAccAWSLBTargetGroupConfig_typeTCP_withProxyProtocol(targetGroupName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSLBTargetGroupExists("aws_lb_target_group.test", &confBefore),
+					resource.TestCheckResourceAttr("aws_lb_target_group.test", "proxy_protocol_v2", "true"),
+				),
+			},
 		},
 	})
 }
@@ -1235,6 +1243,38 @@ resource "aws_vpc" "test" {
 }`, targetGroupName)
 }
 
+func testAccAWSLBTargetGroupConfig_typeTCP_withProxyProtocol(targetGroupName string) string {
+	return fmt.Sprintf(`resource "aws_lb_target_group" "test" {
+  name = "%s"
+  port = 8082
+  protocol = "TCP"
+  vpc_id = "${aws_vpc.test.id}"
+	
+	proxy_protocol_v2 = "true"
+  deregistration_delay = 200
+
+  health_check {
+    interval = 10
+    port = "traffic-port"
+    protocol = "TCP"
+    healthy_threshold = 3
+    unhealthy_threshold = 3
+  }
+
+  tags {
+    Name = "TestAcc_networkLB_TargetGroup"
+  }
+}
+
+resource "aws_vpc" "test" {
+  cidr_block = "10.0.0.0/16"
+
+  tags {
+    Name = "terraform-testacc-lb-target-group-type-tcp"
+  }
+}`, targetGroupName)
+}
+
 func testAccAWSLBTargetGroupConfig_typeTCPInvalidThreshold(targetGroupName string) string {
 	return fmt.Sprintf(`resource "aws_lb_target_group" "test" {
   name = "%s"

From 8ce9d30dd8a7d3b86ecc040e6cc74fb457b040ec Mon Sep 17 00:00:00 2001
From: "Drew J. Sonne" <drew.sonne@gmail.com>
Date: Thu, 11 Jan 2018 20:27:44 +0000
Subject: [PATCH 06/71] Added stub for test of glue table

---
 aws/resource_aws_glue_catalog_table_test.go | 41 +++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 aws/resource_aws_glue_catalog_table_test.go

diff --git a/aws/resource_aws_glue_catalog_table_test.go b/aws/resource_aws_glue_catalog_table_test.go
new file mode 100644
index 00000000000..e217e1fc5ba
--- /dev/null
+++ b/aws/resource_aws_glue_catalog_table_test.go
@@ -0,0 +1,41 @@
+package aws
+
+import (
+	"testing"
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+	"fmt"
+)
+
+func TestAccAWSGlueCatalogTable_full(t *testing.T) {
+	rInt := acctest.RandInt()
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGlueTableDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config:  testAccGlueCatalogTable_basic(rInt),
+				Destroy: false,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlueCatalogTableExists("aws_glue_catalog_table.test"),
+					resource.TestCheckResourceAttr(
+						"aws_glue_catalog_table.test",
+						"name",
+						fmt.Sprintf("my_test_catalog_table_%d", rInt),
+					),
+					resource.TestCheckResourceAttr(
+						"aws_glue_catalog_table.test",
+						"description",
+						"",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_glue_catalog_table.test",
+						"owner",
+						"",
+					),
+				),
+			},
+		},
+	})
+}

From 66278627c9d9319009d9bd5c170b17112248a519 Mon Sep 17 00:00:00 2001
From: "Drew J. Sonne" <drew.sonne@gmail.com>
Date: Fri, 13 Apr 2018 08:06:58 +0100
Subject: [PATCH 07/71] Added skeleton test cases

---
 aws/import_aws_glue_catalog_table_test.go   |  34 ++++++
 aws/resource_aws_glue_catalog_table_test.go | 121 ++++++++++++++++++++
 2 files changed, 155 insertions(+)
 create mode 100644 aws/import_aws_glue_catalog_table_test.go

diff --git a/aws/import_aws_glue_catalog_table_test.go b/aws/import_aws_glue_catalog_table_test.go
new file mode 100644
index 00000000000..505f9ee80cb
--- /dev/null
+++ b/aws/import_aws_glue_catalog_table_test.go
@@ -0,0 +1,34 @@
+package aws
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/aws/aws-sdk-go/service/glue"
+	"github.com/aws/aws-sdk-go/aws"
+	"fmt"
+)
+
+func TestAccAWSGlueCatalogTable_importBasic(t *testing.T) {
+	resourceName := "aws_glue_catalog_table.test"
+	rInt := acctest.RandInt()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGlueTableDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccGlueCatalogTable_full(rInt, "A test table from terraform"),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
diff --git a/aws/resource_aws_glue_catalog_table_test.go b/aws/resource_aws_glue_catalog_table_test.go
index e217e1fc5ba..2f8e5163a37 100644
--- a/aws/resource_aws_glue_catalog_table_test.go
+++ b/aws/resource_aws_glue_catalog_table_test.go
@@ -5,6 +5,9 @@ import (
 	"github.com/hashicorp/terraform/helper/acctest"
 	"github.com/hashicorp/terraform/helper/resource"
 	"fmt"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/aws/aws-sdk-go/service/glue"
+	"github.com/aws/aws-sdk-go/aws"
 )
 
 func TestAccAWSGlueCatalogTable_full(t *testing.T) {
@@ -24,6 +27,11 @@ func TestAccAWSGlueCatalogTable_full(t *testing.T) {
 						"name",
 						fmt.Sprintf("my_test_catalog_table_%d", rInt),
 					),
+					resource.TestCheckResourceAttr(
+						"aws_glue_catalog_table.test",
+						"database",
+						fmt.Sprintf("my_test_catalog_database_%d", rInt),
+					),
 					resource.TestCheckResourceAttr(
 						"aws_glue_catalog_table.test",
 						"description",
@@ -39,3 +47,116 @@ func TestAccAWSGlueCatalogTable_full(t *testing.T) {
 		},
 	})
 }
+
+func testAccGlueCatalogTable_basic(rInt int) string {
+	return fmt.Sprintf(`
+resource "aws_glue_catalog_database" "test" {
+  name = "my_test_catalog_database_%d"
+}
+
+resource "aws_glue_catalog_table" "test" {
+  name     = "my_test_table_%d"
+  database = "${aws_glue_catalog_database.test.name}"
+}
+`, rInt, rInt)
+}
+
+func testAccGlueCatalogTable_full(rInt int, desc string) string {
+	return fmt.Sprintf(`
+resource "aws_glue_catalog_database" "test" {
+  name = "my_test_catalog_database_%d"
+}
+# @TODO Fill out parameters from https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-catalog-tables.html#aws-glue-api-catalog-tables-StorageDescriptor
+resource "aws_glue_catalog_table" "test" {
+  name = "my_test_table_%d"
+  database = "${aws_glue_catalog_database.test.name}"
+  description = "%s"
+  owner = "my_owner"
+  retetention = "%s",
+  storage {
+    location = "my_location"
+    columns = [{
+      name = "my_column_1"
+      type = "int"
+      comment = "my_column_comment"
+    },{
+      name = "my_column_1"
+      type = "string"
+      comment = "my_column_comment"
+    }]
+    ...
+  }
+  partition_keys = [{
+    name = "my_column_1"
+    type = "int"
+    comment = "my_column_comment"
+  }]
+  ...
+}
+`, rInt, rInt, rInt, desc)
+}
+
+func testAccCheckGlueTableDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).glueconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_glue_catalog_table" {
+			continue
+		}
+
+		catalogId, dbName, tableName := readAwsGlueTableID(rs.Primary.ID)
+
+		input := &glue.GetTableInput{
+			DatabaseName: aws.String(dbName),
+			CatalogId:    aws.String(catalogId),
+			Name:         aws.String(tableName),
+		}
+		if _, err := conn.GetTable(input); err != nil {
+			//Verify the error is what we want
+			if isAWSErr(err, glue.ErrCodeEntityNotFoundException, "") {
+				continue
+			}
+
+			return err
+		}
+		return fmt.Errorf("still exists")
+	}
+	return nil
+}
+
+func testAccCheckGlueCatalogTableExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		catalogId, dbName, tableName := readAwsGlueTableID(rs.Primary.ID)
+
+		glueconn := testAccProvider.Meta().(*AWSClient).glueconn
+		out, err := glueconn.GetTable(&glue.GetTableInput{
+			CatalogId:    aws.String(catalogId),
+			DatabaseName: aws.String(dbName),
+			Name:         aws.String(tableName),
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if out.Table == nil {
+			return fmt.Errorf("No Glue Database Found")
+		}
+
+		if *out.Table.Name != dbName {
+			return fmt.Errorf("Glue Database Mismatch - existing: %q, state: %q",
+				*out.Table.Name, tableName)
+		}
+
+		return nil
+	}
+}

From 8f4320ac6c0519a452f1f4799ce1ab6fb9558b65 Mon Sep 17 00:00:00 2001
From: "Drew J. Sonne" <drew.sonne@gmail.com>
Date: Fri, 13 Apr 2018 08:07:04 +0100
Subject: [PATCH 08/71] Add skeleton resource

---
 aws/resource_aws_glue_catalog_table.go | 33 ++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 aws/resource_aws_glue_catalog_table.go

diff --git a/aws/resource_aws_glue_catalog_table.go b/aws/resource_aws_glue_catalog_table.go
new file mode 100644
index 00000000000..e93acd0a0b3
--- /dev/null
+++ b/aws/resource_aws_glue_catalog_table.go
@@ -0,0 +1,33 @@
+package aws
+
+import (
+	"strings"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsGlueCatalogTable() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsGlueCatalogTableCreate,
+		Read:   resourceAwsGlueCatalogTableRead,
+		Update: resourceAwsGlueCatalogTableUpdate,
+		Delete: resourceAwsGlueCatalogTableDelete,
+		Exists: resourceAwsGlueCatalogTableExists,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				ForceNew: true,
+				Required: true,
+			},
+			...
+		},
+	}
+}
+
+func readAwsGlueTableID(id string) (catalogID string, dbName string, name string) {
+	idParts := strings.Split(id, ":")
+	return idParts[0], idParts[1], idParts[2]
+}

From b8e5104916bf67ef8757ab2d5c8ccd984c0ec5e1 Mon Sep 17 00:00:00 2001
From: Tom Hutchinson <tom.hutchinson@beamly.com>
Date: Wed, 18 Apr 2018 17:18:16 +0100
Subject: [PATCH 09/71] implement glue table resource crud with limited config
 options

---
 aws/import_aws_glue_catalog_table_test.go   |   5 -
 aws/resource_aws_glue_catalog_table.go      | 228 +++++++++++++++++++-
 aws/resource_aws_glue_catalog_table_test.go |   8 +-
 3 files changed, 231 insertions(+), 10 deletions(-)

diff --git a/aws/import_aws_glue_catalog_table_test.go b/aws/import_aws_glue_catalog_table_test.go
index 505f9ee80cb..fec02c38025 100644
--- a/aws/import_aws_glue_catalog_table_test.go
+++ b/aws/import_aws_glue_catalog_table_test.go
@@ -5,10 +5,6 @@ import (
 
 	"github.com/hashicorp/terraform/helper/acctest"
 	"github.com/hashicorp/terraform/helper/resource"
-	"github.com/hashicorp/terraform/terraform"
-	"github.com/aws/aws-sdk-go/service/glue"
-	"github.com/aws/aws-sdk-go/aws"
-	"fmt"
 )
 
 func TestAccAWSGlueCatalogTable_importBasic(t *testing.T) {
@@ -31,4 +27,3 @@ func TestAccAWSGlueCatalogTable_importBasic(t *testing.T) {
 		},
 	})
 }
-
diff --git a/aws/resource_aws_glue_catalog_table.go b/aws/resource_aws_glue_catalog_table.go
index e93acd0a0b3..9e6a9a2b117 100644
--- a/aws/resource_aws_glue_catalog_table.go
+++ b/aws/resource_aws_glue_catalog_table.go
@@ -1,7 +1,12 @@
 package aws
 
 import (
+	"fmt"
+	"log"
 	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/glue"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -11,18 +16,78 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 		Read:   resourceAwsGlueCatalogTableRead,
 		Update: resourceAwsGlueCatalogTableUpdate,
 		Delete: resourceAwsGlueCatalogTableDelete,
-		Exists: resourceAwsGlueCatalogTableExists,
 		Importer: &schema.ResourceImporter{
 			State: schema.ImportStatePassthrough,
 		},
 
 		Schema: map[string]*schema.Schema{
+			"catalog_id": {
+				Type:     schema.TypeString,
+				ForceNew: true,
+				Required: true,
+			},
 			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"database_name": {
 				Type:     schema.TypeString,
 				ForceNew: true,
 				Required: true,
 			},
-			...
+			"description": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"owner": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"retention": {
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+			"storage_descriptor": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Elem:     schema.TypeString,
+			},
+			"partition_keys": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"type": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"comment": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+			},
+			"view_original_text": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"view_expanded_text": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"table_type": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"parameters": {
+				Type:     schema.TypeMap,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -31,3 +96,162 @@ func readAwsGlueTableID(id string) (catalogID string, dbName string, name string
 	idParts := strings.Split(id, ":")
 	return idParts[0], idParts[1], idParts[2]
 }
+
+func resourceAwsGlueCatalogTableCreate(t *schema.ResourceData, meta interface{}) error {
+	glueconn := meta.(*AWSClient).glueconn
+	catalogID := createAwsGlueCatalogID(t, meta.(*AWSClient).accountid)
+	dbName := t.Get("database_name").(string)
+	name := t.Get("name").(string)
+
+	input := &glue.CreateTableInput{
+		CatalogId:    aws.String(catalogID),
+		DatabaseName: aws.String(dbName),
+		TableInput:   expandGlueTableInput(t),
+	}
+
+	_, err := glueconn.CreateTable(input)
+	if err != nil {
+		return fmt.Errorf("Error creating Catalog Table: %s", err)
+	}
+
+	t.SetId(fmt.Sprintf("%s:%s:%s", catalogID, dbName, name))
+
+	return resourceAwsGlueCatalogTableRead(t, meta)
+}
+
+func resourceAwsGlueCatalogTableUpdate(t *schema.ResourceData, meta interface{}) error {
+	glueconn := meta.(*AWSClient).glueconn
+
+	catalogID, dbName, _ := readAwsGlueTableID(t.Id())
+
+	updateTableInput := &glue.UpdateTableInput{
+		CatalogId:    aws.String(catalogID),
+		DatabaseName: aws.String(dbName),
+		TableInput:   expandGlueTableInput(t),
+	}
+
+	if t.HasChange("table_input") {
+		if _, err := glueconn.UpdateTable(updateTableInput); err != nil {
+			return fmt.Errorf("Error updating Glue Catalog Table: %s", err)
+		}
+	}
+
+	return nil
+}
+
+func resourceAwsGlueCatalogTableRead(t *schema.ResourceData, meta interface{}) error {
+	glueconn := meta.(*AWSClient).glueconn
+
+	catalogID, dbName, name := readAwsGlueTableID(t.Id())
+
+	input := &glue.GetTableInput{
+		CatalogId:    aws.String(catalogID),
+		DatabaseName: aws.String(dbName),
+		Name:         aws.String(name),
+	}
+
+	out, err := glueconn.GetTable(input)
+	if err != nil {
+
+		if isAWSErr(err, glue.ErrCodeEntityNotFoundException, "") {
+			log.Printf("[WARN] Glue Catalog Table (%s) not found, removing from state", t.Id())
+			t.SetId("")
+		}
+
+		return fmt.Errorf("Error reading Glue Catalog Table: %s", err)
+	}
+
+	t.Set("name", out.Table.Name)
+	t.Set("catalog_id", catalogID)
+	t.Set("description", out.Table.Description)
+
+	return nil
+}
+
+func resourceAwsGlueCatalogTableDelete(t *schema.ResourceData, meta interface{}) error {
+	glueconn := meta.(*AWSClient).glueconn
+	catalogID, dbName, name := readAwsGlueTableID(t.Id())
+
+	log.Printf("[DEBUG] Glue Catalog Table: %s:%s:%s", catalogID, dbName, name)
+	_, err := glueconn.DeleteTable(&glue.DeleteTableInput{
+		CatalogId:    aws.String(catalogID),
+		Name:         aws.String(name),
+		DatabaseName: aws.String(dbName),
+	})
+	if err != nil {
+		return fmt.Errorf("Error deleting Glue Catalog Table: %s", err.Error())
+	}
+	return nil
+}
+
+func expandGlueTableInput(t *schema.ResourceData) *glue.TableInput {
+	tableInput := &glue.TableInput{
+		Name: aws.String(t.Get("name").(string)),
+	}
+
+	if v, ok := t.GetOk("description"); ok {
+		tableInput.Description = aws.String(v.(string))
+	}
+
+	if v, ok := t.GetOk("owner"); ok {
+		tableInput.Owner = aws.String(v.(string))
+	}
+
+	if v, ok := t.GetOk("retention"); ok {
+		tableInput.Retention = aws.Int64(v.(int64))
+	}
+
+	if v, ok := t.GetOk("storage_descriptor"); ok {
+		tableInput.StorageDescriptor = expandGlueStorageDescriptor(v.(map[string]interface{}))
+	}
+
+	if v, ok := t.GetOk("partition_keys"); ok {
+		columns := expandGlueColumns(v.(map[string]schema.ResourceData))
+		tableInput.PartitionKeys = columns
+	}
+
+	if v, ok := t.GetOk("view_original_text"); ok {
+		tableInput.Owner = aws.String(v.(string))
+	}
+
+	if v, ok := t.GetOk("view_expanded_text"); ok {
+		tableInput.Owner = aws.String(v.(string))
+	}
+
+	if v, ok := t.GetOk("table_type"); ok {
+		tableInput.Owner = aws.String(v.(string))
+	}
+
+	if v, ok := t.GetOk("parameters"); ok {
+		tableInput.Parameters = aws.StringMap(v.(map[string]string))
+	}
+
+	return tableInput
+}
+
+func expandGlueStorageDescriptor(s map[string]interface{}) *glue.StorageDescriptor {
+	storageDescriptor := &glue.StorageDescriptor{}
+
+	return storageDescriptor
+}
+
+func expandGlueColumns(columns map[string]schema.ResourceData) []*glue.Column {
+	columnSlice := []*glue.Column{}
+	for _, element := range columns {
+		column := &glue.Column{
+			Name: aws.String(element.Get("name").(string)),
+		}
+
+		if v, ok := element.GetOk("comment"); ok {
+			column.Comment = aws.String(v.(string))
+		}
+
+		if v, ok := element.GetOk("type"); ok {
+			column.Type = aws.String(v.(string))
+		}
+
+		columnSlice = append(columnSlice, column)
+	}
+
+	return columnSlice
+}
diff --git a/aws/resource_aws_glue_catalog_table_test.go b/aws/resource_aws_glue_catalog_table_test.go
index 2f8e5163a37..7c378727ed5 100644
--- a/aws/resource_aws_glue_catalog_table_test.go
+++ b/aws/resource_aws_glue_catalog_table_test.go
@@ -1,13 +1,15 @@
 package aws
 
 import (
+	"fmt"
 	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/glue"
+
 	"github.com/hashicorp/terraform/helper/acctest"
 	"github.com/hashicorp/terraform/helper/resource"
-	"fmt"
 	"github.com/hashicorp/terraform/terraform"
-	"github.com/aws/aws-sdk-go/service/glue"
-	"github.com/aws/aws-sdk-go/aws"
 )
 
 func TestAccAWSGlueCatalogTable_full(t *testing.T) {

From 29e68a1e24ba4f7fcd094dc7055a0556137b58ca Mon Sep 17 00:00:00 2001
From: Tom Hutchinson <tom.hutchinson@beamly.com>
Date: Fri, 20 Apr 2018 16:00:24 +0100
Subject: [PATCH 10/71] glue table StorageDescriptor wip

---
 aws/provider.go                             |   1 +
 aws/resource_aws_glue_catalog_table.go      | 124 +++++++++++++++++++-
 aws/resource_aws_glue_catalog_table_test.go | 116 +++++++++++++-----
 3 files changed, 206 insertions(+), 35 deletions(-)

diff --git a/aws/provider.go b/aws/provider.go
index 37bc6f95ad2..65b91b459d1 100644
--- a/aws/provider.go
+++ b/aws/provider.go
@@ -393,6 +393,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_glue_catalog_database":                    resourceAwsGlueCatalogDatabase(),
 			"aws_glue_connection":                          resourceAwsGlueConnection(),
 			"aws_glue_job":                                 resourceAwsGlueJob(),
+			"aws_glue_catalog_table":                       resourceAwsGlueCatalogTable(),
 			"aws_guardduty_detector":                       resourceAwsGuardDutyDetector(),
 			"aws_guardduty_ipset":                          resourceAwsGuardDutyIpset(),
 			"aws_guardduty_member":                         resourceAwsGuardDutyMember(),
diff --git a/aws/resource_aws_glue_catalog_table.go b/aws/resource_aws_glue_catalog_table.go
index 9e6a9a2b117..8db6dde882e 100644
--- a/aws/resource_aws_glue_catalog_table.go
+++ b/aws/resource_aws_glue_catalog_table.go
@@ -24,7 +24,8 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 			"catalog_id": {
 				Type:     schema.TypeString,
 				ForceNew: true,
-				Required: true,
+				Optional: true,
+				Computed: true,
 			},
 			"name": {
 				Type:     schema.TypeString,
@@ -50,7 +51,62 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 			"storage_descriptor": {
 				Type:     schema.TypeMap,
 				Optional: true,
-				Elem:     schema.TypeString,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						//"columns": {
+						//	Type:     schema.TypeString,
+						//	Required: true,
+						//},
+						//"location": {
+						//	Type:     schema.TypeString,
+						//	Optional: true,
+						//},
+						//"input_format": {
+						//	Type:     schema.TypeString,
+						//	Optional: true,
+						//},
+						//"output_format": {
+						//	Type:     schema.TypeString,
+						//	Optional: true,
+						//},
+						//"compressed": {
+						//	Type:     schema.TypeBool,
+						//	Optional: true,
+						//},
+						//"number_of_buckets": {
+						//	Type:     schema.TypeInt,
+						//	Optional: true,
+						//},
+						//"ser_de_info": {
+						//	Type:     schema.TypeString,
+						//	Optional: true,
+						//},
+						"bucket_columns": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+						//"sort_columns": {
+						//	Type:     schema.TypeString,
+						//	Optional: true,
+						//},
+						//"parameters": {
+						//	Type:     schema.TypeMap,
+						//	Optional: true,
+						//	Elem:     schema.TypeString,
+						//},
+						//"skewed_info": {
+						//	Type:     schema.TypeString,
+						//	Optional: true,
+						//},
+						//"stored_as_sub_directories": {
+						//	Type:     schema.TypeBool,
+						//	Optional: true,
+						//},
+					},
+				},
 			},
 			"partition_keys": {
 				Type:     schema.TypeList,
@@ -163,7 +219,16 @@ func resourceAwsGlueCatalogTableRead(t *schema.ResourceData, meta interface{}) e
 
 	t.Set("name", out.Table.Name)
 	t.Set("catalog_id", catalogID)
+	t.Set("database_name", dbName)
 	t.Set("description", out.Table.Description)
+	t.Set("owner", out.Table.Owner)
+	t.Set("retention", out.Table.Retention)
+	t.Set("storage_descriptor", out.Table.StorageDescriptor)
+	t.Set("partition_keys", out.Table.PartitionKeys)
+	t.Set("view_original_text", out.Table.ViewOriginalText)
+	t.Set("view_expanded_text", out.Table.ViewExpandedText)
+	t.Set("table_type", out.Table.TableType)
+	t.Set("parameters", out.Table.Parameters)
 
 	return nil
 }
@@ -202,11 +267,11 @@ func expandGlueTableInput(t *schema.ResourceData) *glue.TableInput {
 	}
 
 	if v, ok := t.GetOk("storage_descriptor"); ok {
-		tableInput.StorageDescriptor = expandGlueStorageDescriptor(v.(map[string]interface{}))
+		tableInput.StorageDescriptor = expandGlueStorageDescriptor(v.(*schema.ResourceData))
 	}
 
 	if v, ok := t.GetOk("partition_keys"); ok {
-		columns := expandGlueColumns(v.(map[string]schema.ResourceData))
+		columns := expandGlueColumns(v.([]*schema.ResourceData))
 		tableInput.PartitionKeys = columns
 	}
 
@@ -229,13 +294,60 @@ func expandGlueTableInput(t *schema.ResourceData) *glue.TableInput {
 	return tableInput
 }
 
-func expandGlueStorageDescriptor(s map[string]interface{}) *glue.StorageDescriptor {
+func expandGlueStorageDescriptor(s *schema.ResourceData) *glue.StorageDescriptor {
 	storageDescriptor := &glue.StorageDescriptor{}
 
+	if v, ok := s.GetOk("columns"); ok {
+		columns := expandGlueColumns(v.([]*schema.ResourceData))
+		storageDescriptor.Columns = columns
+	}
+
+	if v, ok := s.GetOk("location"); ok {
+		storageDescriptor.Location = aws.String(v.(string))
+	}
+
+	if v, ok := s.GetOk("input_format"); ok {
+		storageDescriptor.InputFormat = aws.String(v.(string))
+	}
+
+	if v, ok := s.GetOk("output_format"); ok {
+		storageDescriptor.OutputFormat = aws.String(v.(string))
+	}
+
+	if v, ok := s.GetOk("compressed"); ok {
+		storageDescriptor.Compressed = aws.Bool(v.(bool))
+	}
+
+	if v, ok := s.GetOk("number_of_buckets"); ok {
+		storageDescriptor.NumberOfBuckets = aws.Int64(v.(int64))
+	}
+
+	if _, ok := s.GetOk("ser_de_info"); ok { // todo
+		ser_de_info := &glue.SerDeInfo{}
+		storageDescriptor.SerdeInfo = ser_de_info
+	}
+
+	if v, ok := s.GetOk("bucket_columns"); ok {
+		storageDescriptor.BucketColumns = aws.StringSlice(v.([]string))
+	}
+
+	if _, ok := s.GetOk("sort_colums"); ok { // todo
+		sort_columns := []*glue.Order{}
+		storageDescriptor.SortColumns = sort_columns
+	}
+
+	if v, ok := s.GetOk("parameters"); ok {
+		storageDescriptor.Parameters = aws.StringMap(v.(map[string]string))
+	}
+
+	if v, ok := s.GetOk("stored_as_sub_directories"); ok {
+		storageDescriptor.StoredAsSubDirectories = aws.Bool(v.(bool))
+	}
+
 	return storageDescriptor
 }
 
-func expandGlueColumns(columns map[string]schema.ResourceData) []*glue.Column {
+func expandGlueColumns(columns []*schema.ResourceData) []*glue.Column {
 	columnSlice := []*glue.Column{}
 	for _, element := range columns {
 		column := &glue.Column{
diff --git a/aws/resource_aws_glue_catalog_table_test.go b/aws/resource_aws_glue_catalog_table_test.go
index 7c378727ed5..da35b88a3a0 100644
--- a/aws/resource_aws_glue_catalog_table_test.go
+++ b/aws/resource_aws_glue_catalog_table_test.go
@@ -14,6 +14,8 @@ import (
 
 func TestAccAWSGlueCatalogTable_full(t *testing.T) {
 	rInt := acctest.RandInt()
+	description := "A test table from terraform"
+
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
@@ -31,18 +33,25 @@ func TestAccAWSGlueCatalogTable_full(t *testing.T) {
 					),
 					resource.TestCheckResourceAttr(
 						"aws_glue_catalog_table.test",
-						"database",
+						"database_name",
 						fmt.Sprintf("my_test_catalog_database_%d", rInt),
 					),
+				),
+			},
+			{
+				Config:  testAccGlueCatalogTable_full(rInt, description),
+				Destroy: false,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlueCatalogTableExists("aws_glue_catalog_table.test"),
 					resource.TestCheckResourceAttr(
 						"aws_glue_catalog_table.test",
-						"description",
-						"",
+						"name",
+						fmt.Sprintf("my_test_catalog_table_%d", rInt),
 					),
 					resource.TestCheckResourceAttr(
 						"aws_glue_catalog_table.test",
-						"owner",
-						"",
+						"database_name",
+						fmt.Sprintf("my_test_catalog_database_%d", rInt),
 					),
 				),
 			},
@@ -57,8 +66,8 @@ resource "aws_glue_catalog_database" "test" {
 }
 
 resource "aws_glue_catalog_table" "test" {
-  name     = "my_test_table_%d"
-  database = "${aws_glue_catalog_database.test.name}"
+  name     = "my_test_catalog_table_%d"
+  database_name = "${aws_glue_catalog_database.test.name}"
 }
 `, rInt, rInt)
 }
@@ -68,34 +77,83 @@ func testAccGlueCatalogTable_full(rInt int, desc string) string {
 resource "aws_glue_catalog_database" "test" {
   name = "my_test_catalog_database_%d"
 }
-# @TODO Fill out parameters from https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-catalog-tables.html#aws-glue-api-catalog-tables-StorageDescriptor
+
 resource "aws_glue_catalog_table" "test" {
   name = "my_test_table_%d"
-  database = "${aws_glue_catalog_database.test.name}"
+  database_name = "${aws_glue_catalog_database.test.name}"
   description = "%s"
   owner = "my_owner"
-  retetention = "%s",
-  storage {
-    location = "my_location"
-    columns = [{
+  retention = 1
+  storage_descriptor {
+    /* columns = [
+      {
+        name = "my_column_1"
+        type = "int"
+        comment = "my_column1_comment"
+      },
+      {
+        name = "my_column_2"
+        type = "string"
+        comment = "my_column2_comment"
+      }
+    ] */
+	location = "my_location"
+	input_format = "SequenceFileInputFormat"
+	output_format = "SequenceFileInputFormat"
+	compressed = false
+	number_of_buckets = 1
+	/* ser_de_info {
+      name = "ser_de_name"
+      parameters {
+        param1 = "param_val_1"
+      }
+      serialization_library = "org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe"
+	} */
+	bucket_columns = [
+      "bucket_column_1",
+	]
+	/* sort_columns = [
+      {
+        column = "my_column_1"
+        sort_order = 1
+      }
+	] */
+	parameters {
+      param1 = "param1_val"
+	}
+	/* skewed_info {
+      skewed_column_names = [
+        "my_column_1"
+      ]
+      skewed_column_value_location_maps {
+        my_column_1 = "my_column_1_val_loc_map"
+      }
+      skewed_column_values = [
+        "skewed_val_1"
+      ]
+	} */
+	stored_as_sub_directories = false
+  }
+  partition_keys = [
+    {
       name = "my_column_1"
       type = "int"
-      comment = "my_column_comment"
-    },{
-      name = "my_column_1"
+      comment = "my_column1_comment"
+    },
+    {
+      name = "my_column_2"
       type = "string"
-      comment = "my_column_comment"
-    }]
-    ...
+      comment = "my_column2_comment"
+    }
+  ]
+  view_original_text = "view_original_text_1"
+  view_expanded_text = "view_expanded_text_1"
+  table_type = "VIRTUAL_VIEW"
+  parameters {
+  	param1 = "param1_val"
   }
-  partition_keys = [{
-    name = "my_column_1"
-    type = "int"
-    comment = "my_column_comment"
-  }]
-  ...
 }
-`, rInt, rInt, rInt, desc)
+`, rInt, rInt, desc)
 }
 
 func testAccCheckGlueTableDestroy(s *terraform.State) error {
@@ -151,11 +209,11 @@ func testAccCheckGlueCatalogTableExists(name string) resource.TestCheckFunc {
 		}
 
 		if out.Table == nil {
-			return fmt.Errorf("No Glue Database Found")
+			return fmt.Errorf("No Glue Table Found")
 		}
 
-		if *out.Table.Name != dbName {
-			return fmt.Errorf("Glue Database Mismatch - existing: %q, state: %q",
+		if *out.Table.Name != tableName {
+			return fmt.Errorf("Glue Table Mismatch - existing: %q, state: %q",
 				*out.Table.Name, tableName)
 		}
 

From 68cdba76a15660d7242aaf88297d338ca3480b50 Mon Sep 17 00:00:00 2001
From: Tom Hutchinson <tom.hutchinson@beamly.com>
Date: Tue, 24 Apr 2018 18:05:07 +0100
Subject: [PATCH 11/71] add support for remaining config options

---
 aws/resource_aws_glue_catalog_table.go      | 339 +++++++++++++++-----
 aws/resource_aws_glue_catalog_table_test.go |  98 +++---
 2 files changed, 316 insertions(+), 121 deletions(-)

diff --git a/aws/resource_aws_glue_catalog_table.go b/aws/resource_aws_glue_catalog_table.go
index 8db6dde882e..10b26f65b78 100644
--- a/aws/resource_aws_glue_catalog_table.go
+++ b/aws/resource_aws_glue_catalog_table.go
@@ -8,6 +8,8 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/glue"
 	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/fatih/structs"
 )
 
 func resourceAwsGlueCatalogTable() *schema.Resource {
@@ -49,62 +51,127 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 				Optional: true,
 			},
 			"storage_descriptor": {
-				Type:     schema.TypeMap,
+				Type:     schema.TypeList,
 				Optional: true,
+				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						//"columns": {
-						//	Type:     schema.TypeString,
-						//	Required: true,
-						//},
-						//"location": {
-						//	Type:     schema.TypeString,
-						//	Optional: true,
-						//},
-						//"input_format": {
-						//	Type:     schema.TypeString,
-						//	Optional: true,
-						//},
-						//"output_format": {
-						//	Type:     schema.TypeString,
-						//	Optional: true,
-						//},
-						//"compressed": {
-						//	Type:     schema.TypeBool,
-						//	Optional: true,
-						//},
-						//"number_of_buckets": {
-						//	Type:     schema.TypeInt,
-						//	Optional: true,
-						//},
-						//"ser_de_info": {
-						//	Type:     schema.TypeString,
-						//	Optional: true,
-						//},
+						"columns": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"name": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+									"type": {
+										Type:     schema.TypeString,
+										Optional: true,
+									},
+									"comment": {
+										Type:     schema.TypeString,
+										Optional: true,
+									},
+								},
+							},
+						},
+						"location": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"input_format": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"output_format": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"compressed": {
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
+						"number_of_buckets": {
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+						"ser_de_info": {
+							Type:     schema.TypeList,
+							Optional: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"name": {
+										Type:     schema.TypeString,
+										Optional: true,
+									},
+									"parameters": {
+										Type:     schema.TypeMap,
+										Optional: true,
+										Elem:     &schema.Schema{Type: schema.TypeString},
+									},
+									"serialization_library": {
+										Type:     schema.TypeString,
+										Optional: true,
+									},
+								},
+							},
+						},
 						"bucket_columns": {
 							Type:     schema.TypeList,
 							Optional: true,
-							Elem: &schema.Schema{
-								Type: schema.TypeString,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"sort_columns": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"column": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+									"sort_order": {
+										Type:     schema.TypeInt,
+										Required: true,
+									},
+								},
+							},
+						},
+						"parameters": {
+							Type:     schema.TypeMap,
+							Optional: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"skewed_info": {
+							Type:     schema.TypeList,
+							Optional: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"skewed_column_names": {
+										Type:     schema.TypeList,
+										Optional: true,
+										Elem:     &schema.Schema{Type: schema.TypeString},
+									},
+									"skewed_column_value_location_maps": {
+										Type:     schema.TypeMap,
+										Optional: true,
+										Elem:     &schema.Schema{Type: schema.TypeString},
+									},
+									"skewed_column_values": {
+										Type:     schema.TypeList,
+										Optional: true,
+										Elem:     &schema.Schema{Type: schema.TypeString},
+									},
+								},
 							},
 						},
-						//"sort_columns": {
-						//	Type:     schema.TypeString,
-						//	Optional: true,
-						//},
-						//"parameters": {
-						//	Type:     schema.TypeMap,
-						//	Optional: true,
-						//	Elem:     schema.TypeString,
-						//},
-						//"skewed_info": {
-						//	Type:     schema.TypeString,
-						//	Optional: true,
-						//},
-						//"stored_as_sub_directories": {
-						//	Type:     schema.TypeBool,
-						//	Optional: true,
-						//},
+						"stored_as_sub_directories": {
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
 					},
 				},
 			},
@@ -143,6 +210,7 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 			"parameters": {
 				Type:     schema.TypeMap,
 				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 		},
 	}
@@ -186,13 +254,11 @@ func resourceAwsGlueCatalogTableUpdate(t *schema.ResourceData, meta interface{})
 		TableInput:   expandGlueTableInput(t),
 	}
 
-	if t.HasChange("table_input") {
-		if _, err := glueconn.UpdateTable(updateTableInput); err != nil {
-			return fmt.Errorf("Error updating Glue Catalog Table: %s", err)
-		}
+	if _, err := glueconn.UpdateTable(updateTableInput); err != nil {
+		return fmt.Errorf("Error updating Glue Catalog Table: %s", err)
 	}
 
-	return nil
+	return resourceAwsGlueCatalogTableRead(t, meta)
 }
 
 func resourceAwsGlueCatalogTableRead(t *schema.ResourceData, meta interface{}) error {
@@ -223,7 +289,11 @@ func resourceAwsGlueCatalogTableRead(t *schema.ResourceData, meta interface{}) e
 	t.Set("description", out.Table.Description)
 	t.Set("owner", out.Table.Owner)
 	t.Set("retention", out.Table.Retention)
-	t.Set("storage_descriptor", out.Table.StorageDescriptor)
+
+	if out.Table.StorageDescriptor != nil {
+		t.Set("storage_descriptor", flattenStorageDescriptor(out.Table.StorageDescriptor))
+	}
+
 	t.Set("partition_keys", out.Table.PartitionKeys)
 	t.Set("view_original_text", out.Table.ViewOriginalText)
 	t.Set("view_expanded_text", out.Table.ViewExpandedText)
@@ -263,102 +333,124 @@ func expandGlueTableInput(t *schema.ResourceData) *glue.TableInput {
 	}
 
 	if v, ok := t.GetOk("retention"); ok {
-		tableInput.Retention = aws.Int64(v.(int64))
+		tableInput.Retention = aws.Int64(int64(v.(int)))
 	}
 
 	if v, ok := t.GetOk("storage_descriptor"); ok {
-		tableInput.StorageDescriptor = expandGlueStorageDescriptor(v.(*schema.ResourceData))
+		for _, elem := range v.([]interface{}) {
+			tableInput.StorageDescriptor = expandGlueStorageDescriptor(elem.(map[string]interface{}))
+		}
 	}
 
 	if v, ok := t.GetOk("partition_keys"); ok {
-		columns := expandGlueColumns(v.([]*schema.ResourceData))
+		columns := expandGlueColumns(v.([]interface{}))
 		tableInput.PartitionKeys = columns
 	}
 
 	if v, ok := t.GetOk("view_original_text"); ok {
-		tableInput.Owner = aws.String(v.(string))
+		tableInput.ViewOriginalText = aws.String(v.(string))
 	}
 
 	if v, ok := t.GetOk("view_expanded_text"); ok {
-		tableInput.Owner = aws.String(v.(string))
+		tableInput.ViewExpandedText = aws.String(v.(string))
 	}
 
 	if v, ok := t.GetOk("table_type"); ok {
-		tableInput.Owner = aws.String(v.(string))
+		tableInput.TableType = aws.String(v.(string))
 	}
 
 	if v, ok := t.GetOk("parameters"); ok {
-		tableInput.Parameters = aws.StringMap(v.(map[string]string))
+		paramsMap := map[string]string{}
+		for key, value := range v.(map[string]interface{}) {
+			paramsMap[key] = value.(string)
+		}
+		tableInput.Parameters = aws.StringMap(paramsMap)
 	}
 
 	return tableInput
 }
 
-func expandGlueStorageDescriptor(s *schema.ResourceData) *glue.StorageDescriptor {
+func expandGlueStorageDescriptor(s map[string]interface{}) *glue.StorageDescriptor {
 	storageDescriptor := &glue.StorageDescriptor{}
 
-	if v, ok := s.GetOk("columns"); ok {
-		columns := expandGlueColumns(v.([]*schema.ResourceData))
+	if v, ok := s["columns"]; ok {
+		columns := expandGlueColumns(v.([]interface{}))
 		storageDescriptor.Columns = columns
 	}
 
-	if v, ok := s.GetOk("location"); ok {
+	if v, ok := s["location"]; ok {
 		storageDescriptor.Location = aws.String(v.(string))
 	}
 
-	if v, ok := s.GetOk("input_format"); ok {
+	if v, ok := s["input_format"]; ok {
 		storageDescriptor.InputFormat = aws.String(v.(string))
 	}
 
-	if v, ok := s.GetOk("output_format"); ok {
+	if v, ok := s["output_format"]; ok {
 		storageDescriptor.OutputFormat = aws.String(v.(string))
 	}
 
-	if v, ok := s.GetOk("compressed"); ok {
+	if v, ok := s["compressed"]; ok {
 		storageDescriptor.Compressed = aws.Bool(v.(bool))
 	}
 
-	if v, ok := s.GetOk("number_of_buckets"); ok {
-		storageDescriptor.NumberOfBuckets = aws.Int64(v.(int64))
+	if v, ok := s["number_of_buckets"]; ok {
+		storageDescriptor.NumberOfBuckets = aws.Int64(int64(v.(int)))
 	}
 
-	if _, ok := s.GetOk("ser_de_info"); ok { // todo
-		ser_de_info := &glue.SerDeInfo{}
-		storageDescriptor.SerdeInfo = ser_de_info
+	if v, ok := s["ser_de_info"]; ok {
+		for _, elem := range v.([]interface{}) {
+			storageDescriptor.SerdeInfo = expandSerDeInfo(elem.(map[string]interface{}))
+		}
 	}
 
-	if v, ok := s.GetOk("bucket_columns"); ok {
-		storageDescriptor.BucketColumns = aws.StringSlice(v.([]string))
+	if v, ok := s["bucket_columns"]; ok {
+		bucketColumns := make([]string, len(v.([]interface{})))
+		for i, item := range v.([]interface{}) {
+			bucketColumns[i] = fmt.Sprint(item)
+		}
+		storageDescriptor.BucketColumns = aws.StringSlice(bucketColumns)
 	}
 
-	if _, ok := s.GetOk("sort_colums"); ok { // todo
-		sort_columns := []*glue.Order{}
-		storageDescriptor.SortColumns = sort_columns
+	if v, ok := s["sort_colums"]; ok {
+		storageDescriptor.SortColumns = expandSortColumns(v.([]interface{}))
 	}
 
-	if v, ok := s.GetOk("parameters"); ok {
-		storageDescriptor.Parameters = aws.StringMap(v.(map[string]string))
+	if v, ok := s["skewed_info"]; ok {
+		for _, elem := range v.([]interface{}) {
+			storageDescriptor.SkewedInfo = expandSkewedInfo(elem.(map[string]interface{}))
+		}
 	}
 
-	if v, ok := s.GetOk("stored_as_sub_directories"); ok {
+	if v, ok := s["parameters"]; ok {
+		paramsMap := map[string]string{}
+		for key, value := range v.(map[string]interface{}) {
+			paramsMap[key] = value.(string)
+		}
+		storageDescriptor.Parameters = aws.StringMap(paramsMap)
+	}
+
+	if v, ok := s["stored_as_sub_directories"]; ok {
 		storageDescriptor.StoredAsSubDirectories = aws.Bool(v.(bool))
 	}
 
 	return storageDescriptor
 }
 
-func expandGlueColumns(columns []*schema.ResourceData) []*glue.Column {
+func expandGlueColumns(columns []interface{}) []*glue.Column {
 	columnSlice := []*glue.Column{}
 	for _, element := range columns {
+		elementMap := element.(map[string]interface{})
+
 		column := &glue.Column{
-			Name: aws.String(element.Get("name").(string)),
+			Name: aws.String(elementMap["name"].(string)),
 		}
 
-		if v, ok := element.GetOk("comment"); ok {
+		if v, ok := elementMap["comment"]; ok {
 			column.Comment = aws.String(v.(string))
 		}
 
-		if v, ok := element.GetOk("type"); ok {
+		if v, ok := elementMap["type"]; ok {
 			column.Type = aws.String(v.(string))
 		}
 
@@ -367,3 +459,80 @@ func expandGlueColumns(columns []*schema.ResourceData) []*glue.Column {
 
 	return columnSlice
 }
+
+func expandSerDeInfo(s map[string]interface{}) *glue.SerDeInfo {
+	serDeInfo := &glue.SerDeInfo{}
+
+	if v, ok := s["name"]; ok {
+		serDeInfo.Name = aws.String(v.(string))
+	}
+
+	if v, ok := s["parameters"]; ok {
+		paramsMap := map[string]string{}
+		for key, value := range v.(map[string]interface{}) {
+			paramsMap[key] = value.(string)
+		}
+		serDeInfo.Parameters = aws.StringMap(paramsMap)
+	}
+
+	if v, ok := s["serialization_library"]; ok {
+		serDeInfo.SerializationLibrary = aws.String(v.(string))
+	}
+
+	return serDeInfo
+}
+
+func expandSortColumns(columns []interface{}) []*glue.Order {
+	orderSlice := []*glue.Order{}
+	for _, element := range columns {
+		elementMap := element.(map[string]interface{})
+
+		order := &glue.Order{
+			Column: aws.String(elementMap["column"].(string)),
+		}
+
+		if v, ok := elementMap["sort_order"]; ok {
+			order.SortOrder = aws.Int64(int64(v.(int)))
+		}
+
+		orderSlice = append(orderSlice, order)
+	}
+
+	return orderSlice
+}
+
+func expandSkewedInfo(s map[string]interface{}) *glue.SkewedInfo {
+	skewedInfo := &glue.SkewedInfo{}
+
+	if v, ok := s["skewed_column_names"]; ok {
+		columnsSlice := make([]string, len(v.([]interface{})))
+		for i, item := range v.([]interface{}) {
+			columnsSlice[i] = fmt.Sprint(item)
+		}
+		skewedInfo.SkewedColumnNames = aws.StringSlice(columnsSlice)
+	}
+
+	if v, ok := s["skewed_column_value_location_maps"]; ok {
+		typeMap := map[string]string{}
+		for key, value := range v.(map[string]interface{}) {
+			typeMap[key] = value.(string)
+		}
+		skewedInfo.SkewedColumnValueLocationMaps = aws.StringMap(typeMap)
+	}
+
+	if v, ok := s["skewed_column_values"]; ok {
+		columnsSlice := make([]string, len(v.([]interface{})))
+		for i, item := range v.([]interface{}) {
+			columnsSlice[i] = fmt.Sprint(item)
+		}
+		skewedInfo.SkewedColumnValues = aws.StringSlice(columnsSlice)
+	}
+
+	return skewedInfo
+}
+
+func flattenStorageDescriptor(s *glue.StorageDescriptor) []map[string]interface{} {
+	storageDescriptors := make([]map[string]interface{}, 1)
+	storageDescriptors[0] = structs.Map(s)
+	return storageDescriptors
+}
diff --git a/aws/resource_aws_glue_catalog_table_test.go b/aws/resource_aws_glue_catalog_table_test.go
index da35b88a3a0..4a181af7755 100644
--- a/aws/resource_aws_glue_catalog_table_test.go
+++ b/aws/resource_aws_glue_catalog_table_test.go
@@ -15,6 +15,7 @@ import (
 func TestAccAWSGlueCatalogTable_full(t *testing.T) {
 	rInt := acctest.RandInt()
 	description := "A test table from terraform"
+	tableName := "aws_glue_catalog_table.test"
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -32,7 +33,7 @@ func TestAccAWSGlueCatalogTable_full(t *testing.T) {
 						fmt.Sprintf("my_test_catalog_table_%d", rInt),
 					),
 					resource.TestCheckResourceAttr(
-						"aws_glue_catalog_table.test",
+						tableName,
 						"database_name",
 						fmt.Sprintf("my_test_catalog_database_%d", rInt),
 					),
@@ -42,17 +43,44 @@ func TestAccAWSGlueCatalogTable_full(t *testing.T) {
 				Config:  testAccGlueCatalogTable_full(rInt, description),
 				Destroy: false,
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckGlueCatalogTableExists("aws_glue_catalog_table.test"),
-					resource.TestCheckResourceAttr(
-						"aws_glue_catalog_table.test",
-						"name",
-						fmt.Sprintf("my_test_catalog_table_%d", rInt),
-					),
-					resource.TestCheckResourceAttr(
-						"aws_glue_catalog_table.test",
-						"database_name",
-						fmt.Sprintf("my_test_catalog_database_%d", rInt),
-					),
+					testAccCheckGlueCatalogTableExists(tableName),
+					resource.TestCheckResourceAttr(tableName, "name", fmt.Sprintf("my_test_catalog_table_%d", rInt)),
+					resource.TestCheckResourceAttr(tableName, "database_name", fmt.Sprintf("my_test_catalog_database_%d", rInt)),
+					resource.TestCheckResourceAttr(tableName, "description", description),
+					resource.TestCheckResourceAttr(tableName, "owner", "my_owner"),
+					resource.TestCheckResourceAttr(tableName, "retention", "1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.name", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.type", "int"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.comment", "my_column1_comment"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.name", "my_column_2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.type", "string"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.comment", "my_column2_comment"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.location", "my_location"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.input_format", "SequenceFileInputFormat"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.output_format", "SequenceFileInputFormat"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.compressed", "false"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.number_of_buckets", "1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.name", "ser_de_name"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.parameters.param1", "param_val_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.serialization_library", "org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.bucket_columns.0", "bucket_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.sort_columns.0.column", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.sort_columns.0.sort_order", "1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.parameters.param1", "param1_val"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_names.0", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_value_location_maps.my_column_1", "my_column_1_val_loc_map"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_values.0", "skewed_val_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.stored_as_sub_directories", "false"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.name", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.type", "int"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.comment", "my_column_1_comment"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.name", "my_column_2"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.type", "string"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.comment", "my_column_2_comment"),
+					resource.TestCheckResourceAttr(tableName, "view_original_text", "view_original_text_1"),
+					resource.TestCheckResourceAttr(tableName, "view_expanded_text", "view_expanded_text_1"),
+					resource.TestCheckResourceAttr(tableName, "table_type", "VIRTUAL_VIEW"),
+					resource.TestCheckResourceAttr(tableName, "parameters.param1", "param1_val"),
 				),
 			},
 		},
@@ -79,49 +107,47 @@ resource "aws_glue_catalog_database" "test" {
 }
 
 resource "aws_glue_catalog_table" "test" {
-  name = "my_test_table_%d"
+  name = "my_test_catalog_table_%d"
   database_name = "${aws_glue_catalog_database.test.name}"
   description = "%s"
   owner = "my_owner"
   retention = 1
   storage_descriptor {
-    /* columns = [
-      {
-        name = "my_column_1"
-        type = "int"
-        comment = "my_column1_comment"
-      },
-      {
-        name = "my_column_2"
-        type = "string"
-        comment = "my_column2_comment"
-      }
-    ] */
+    columns = [
+     {
+       name = "my_column_1"
+       type = "int"
+       comment = "my_column1_comment"
+     },
+     {
+       name = "my_column_2"
+       type = "string"
+       comment = "my_column2_comment"
+     }
+    ]
 	location = "my_location"
 	input_format = "SequenceFileInputFormat"
 	output_format = "SequenceFileInputFormat"
 	compressed = false
 	number_of_buckets = 1
-	/* ser_de_info {
+	ser_de_info {
       name = "ser_de_name"
       parameters {
         param1 = "param_val_1"
       }
       serialization_library = "org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe"
-	} */
-	bucket_columns = [
-      "bucket_column_1",
-	]
-	/* sort_columns = [
+	}
+	bucket_columns = ["bucket_column_1"]
+	sort_columns = [
       {
         column = "my_column_1"
         sort_order = 1
       }
-	] */
+	]
 	parameters {
       param1 = "param1_val"
 	}
-	/* skewed_info {
+	skewed_info {
       skewed_column_names = [
         "my_column_1"
       ]
@@ -131,19 +157,19 @@ resource "aws_glue_catalog_table" "test" {
       skewed_column_values = [
         "skewed_val_1"
       ]
-	} */
+	}
 	stored_as_sub_directories = false
   }
   partition_keys = [
     {
       name = "my_column_1"
       type = "int"
-      comment = "my_column1_comment"
+      comment = "my_column_1_comment"
     },
     {
       name = "my_column_2"
       type = "string"
-      comment = "my_column2_comment"
+      comment = "my_column_2_comment"
     }
   ]
   view_original_text = "view_original_text_1"

From 2ac0c2d0206c0f39ee58e0fac8dffa5df0aa5276 Mon Sep 17 00:00:00 2001
From: Tom Hutchinson <tom.hutchinson@beamly.com>
Date: Wed, 25 Apr 2018 18:01:38 +0100
Subject: [PATCH 12/71] fix glue table resource read method

---
 aws/resource_aws_glue_catalog_table.go      | 167 +++++++++---
 aws/resource_aws_glue_catalog_table_test.go | 282 ++++++++++++++++++++
 2 files changed, 417 insertions(+), 32 deletions(-)

diff --git a/aws/resource_aws_glue_catalog_table.go b/aws/resource_aws_glue_catalog_table.go
index 10b26f65b78..4185dddd002 100644
--- a/aws/resource_aws_glue_catalog_table.go
+++ b/aws/resource_aws_glue_catalog_table.go
@@ -8,8 +8,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/glue"
 	"github.com/hashicorp/terraform/helper/schema"
-
-	"github.com/fatih/structs"
 )
 
 func resourceAwsGlueCatalogTable() *schema.Resource {
@@ -243,24 +241,6 @@ func resourceAwsGlueCatalogTableCreate(t *schema.ResourceData, meta interface{})
 	return resourceAwsGlueCatalogTableRead(t, meta)
 }
 
-func resourceAwsGlueCatalogTableUpdate(t *schema.ResourceData, meta interface{}) error {
-	glueconn := meta.(*AWSClient).glueconn
-
-	catalogID, dbName, _ := readAwsGlueTableID(t.Id())
-
-	updateTableInput := &glue.UpdateTableInput{
-		CatalogId:    aws.String(catalogID),
-		DatabaseName: aws.String(dbName),
-		TableInput:   expandGlueTableInput(t),
-	}
-
-	if _, err := glueconn.UpdateTable(updateTableInput); err != nil {
-		return fmt.Errorf("Error updating Glue Catalog Table: %s", err)
-	}
-
-	return resourceAwsGlueCatalogTableRead(t, meta)
-}
-
 func resourceAwsGlueCatalogTableRead(t *schema.ResourceData, meta interface{}) error {
 	glueconn := meta.(*AWSClient).glueconn
 
@@ -289,20 +269,34 @@ func resourceAwsGlueCatalogTableRead(t *schema.ResourceData, meta interface{}) e
 	t.Set("description", out.Table.Description)
 	t.Set("owner", out.Table.Owner)
 	t.Set("retention", out.Table.Retention)
-
-	if out.Table.StorageDescriptor != nil {
-		t.Set("storage_descriptor", flattenStorageDescriptor(out.Table.StorageDescriptor))
-	}
-
-	t.Set("partition_keys", out.Table.PartitionKeys)
+	t.Set("storage_descriptor", flattenStorageDescriptor(out.Table.StorageDescriptor))
+	t.Set("partition_keys", flattenGlueColumns(out.Table.PartitionKeys))
 	t.Set("view_original_text", out.Table.ViewOriginalText)
 	t.Set("view_expanded_text", out.Table.ViewExpandedText)
 	t.Set("table_type", out.Table.TableType)
-	t.Set("parameters", out.Table.Parameters)
+	t.Set("parameters", flattenStringParameters(out.Table.Parameters))
 
 	return nil
 }
 
+func resourceAwsGlueCatalogTableUpdate(t *schema.ResourceData, meta interface{}) error {
+	glueconn := meta.(*AWSClient).glueconn
+
+	catalogID, dbName, _ := readAwsGlueTableID(t.Id())
+
+	updateTableInput := &glue.UpdateTableInput{
+		CatalogId:    aws.String(catalogID),
+		DatabaseName: aws.String(dbName),
+		TableInput:   expandGlueTableInput(t),
+	}
+
+	if _, err := glueconn.UpdateTable(updateTableInput); err != nil {
+		return fmt.Errorf("Error updating Glue Catalog Table: %s", err)
+	}
+
+	return resourceAwsGlueCatalogTableRead(t, meta)
+}
+
 func resourceAwsGlueCatalogTableDelete(t *schema.ResourceData, meta interface{}) error {
 	glueconn := meta.(*AWSClient).glueconn
 	catalogID, dbName, name := readAwsGlueTableID(t.Id())
@@ -412,7 +406,7 @@ func expandGlueStorageDescriptor(s map[string]interface{}) *glue.StorageDescript
 		storageDescriptor.BucketColumns = aws.StringSlice(bucketColumns)
 	}
 
-	if v, ok := s["sort_colums"]; ok {
+	if v, ok := s["sort_columns"]; ok {
 		storageDescriptor.SortColumns = expandSortColumns(v.([]interface{}))
 	}
 
@@ -483,8 +477,9 @@ func expandSerDeInfo(s map[string]interface{}) *glue.SerDeInfo {
 }
 
 func expandSortColumns(columns []interface{}) []*glue.Order {
-	orderSlice := []*glue.Order{}
-	for _, element := range columns {
+	orderSlice := make([]*glue.Order, len(columns))
+
+	for i, element := range columns {
 		elementMap := element.(map[string]interface{})
 
 		order := &glue.Order{
@@ -495,7 +490,7 @@ func expandSortColumns(columns []interface{}) []*glue.Order {
 			order.SortOrder = aws.Int64(int64(v.(int)))
 		}
 
-		orderSlice = append(orderSlice, order)
+		orderSlice[i] = order
 	}
 
 	return orderSlice
@@ -532,7 +527,115 @@ func expandSkewedInfo(s map[string]interface{}) *glue.SkewedInfo {
 }
 
 func flattenStorageDescriptor(s *glue.StorageDescriptor) []map[string]interface{} {
+	if s == nil {
+		storageDescriptors := make([]map[string]interface{}, 0)
+		return storageDescriptors
+	}
+
 	storageDescriptors := make([]map[string]interface{}, 1)
-	storageDescriptors[0] = structs.Map(s)
+
+	storageDescriptor := make(map[string]interface{})
+
+	storageDescriptor["columns"] = flattenGlueColumns(s.Columns)
+	storageDescriptor["location"] = *s.Location
+	storageDescriptor["input_format"] = *s.InputFormat
+	storageDescriptor["output_format"] = *s.OutputFormat
+	storageDescriptor["compressed"] = *s.Compressed
+	storageDescriptor["number_of_buckets"] = *s.NumberOfBuckets
+	storageDescriptor["ser_de_info"] = flattenSerDeInfo(s.SerdeInfo)
+	storageDescriptor["bucket_columns"] = flattenStringList(s.BucketColumns)
+	storageDescriptor["sort_columns"] = flattenOrders(s.SortColumns)
+	storageDescriptor["parameters"] = flattenStringParameters(s.Parameters)
+	storageDescriptor["skewed_info"] = flattenSkewedInfo(s.SkewedInfo)
+	storageDescriptor["stored_as_sub_directories"] = *s.StoredAsSubDirectories
+
+	storageDescriptors[0] = storageDescriptor
+
 	return storageDescriptors
 }
+
+func flattenGlueColumns(cs []*glue.Column) []map[string]string {
+	columnsSlice := make([]map[string]string, len(cs))
+	if len(cs) > 0 {
+		for i, v := range cs {
+			columnsSlice[i] = flattenGlueColumn(v)
+		}
+	}
+
+	return columnsSlice
+}
+
+func flattenGlueColumn(c *glue.Column) map[string]string {
+	column := make(map[string]string)
+
+	if v := *c.Name; v != "" {
+		column["name"] = v
+	}
+
+	if v := *c.Type; v != "" {
+		column["type"] = v
+	}
+
+	if v := *c.Comment; v != "" {
+		column["comment"] = v
+	}
+
+	return column
+}
+
+func flattenStringParameters(p map[string]*string) map[string]string {
+	tParams := make(map[string]string)
+	if len(p) > 0 {
+		for key, value := range p {
+			tParams[key] = *value
+		}
+	}
+
+	return tParams
+}
+
+func flattenSerDeInfo(s *glue.SerDeInfo) []map[string]interface{} {
+	if s == nil {
+		serDeInfos := make([]map[string]interface{}, 0)
+		return serDeInfos
+	}
+
+	serDeInfos := make([]map[string]interface{}, 1)
+	serDeInfo := make(map[string]interface{})
+
+	serDeInfo["name"] = *s.Name
+	serDeInfo["parameters"] = flattenStringParameters(s.Parameters)
+	serDeInfo["serialization_library"] = *s.SerializationLibrary
+
+	serDeInfos[0] = serDeInfo
+	return serDeInfos
+}
+
+func flattenOrders(os []*glue.Order) []map[string]interface{} {
+	orders := make([]map[string]interface{}, len(os))
+	for i, v := range os {
+		order := make(map[string]interface{})
+		order["column"] = *v.Column
+		order["sort_order"] = *v.SortOrder
+		orders[i] = order
+	}
+
+	return orders
+}
+
+func flattenSkewedInfo(s *glue.SkewedInfo) []map[string]interface{} {
+	if s == nil {
+		skewedInfoSlice := make([]map[string]interface{}, 0)
+		return skewedInfoSlice
+	}
+
+	skewedInfoSlice := make([]map[string]interface{}, 1)
+
+	skewedInfo := make(map[string]interface{})
+	skewedInfo["skewed_column_names"] = flattenStringList(s.SkewedColumnNames)
+	skewedInfo["skewed_column_value_location_maps"] = flattenStringParameters(s.SkewedColumnValueLocationMaps)
+	skewedInfo["skewed_column_values"] = flattenStringList(s.SkewedColumnValues)
+	skewedInfoSlice[0] = skewedInfo
+
+	return skewedInfoSlice
+}
diff --git a/aws/resource_aws_glue_catalog_table_test.go b/aws/resource_aws_glue_catalog_table_test.go
index 4a181af7755..819eeabeb3d 100644
--- a/aws/resource_aws_glue_catalog_table_test.go
+++ b/aws/resource_aws_glue_catalog_table_test.go
@@ -12,11 +12,99 @@ import (
 	"github.com/hashicorp/terraform/terraform"
 )
 
+func TestAccAWSGlueCatalogTable_basic(t *testing.T) {
+	rInt := acctest.RandInt()
+	tableName := "aws_glue_catalog_table.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGlueTableDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config:  testAccGlueCatalogTable_basic(rInt),
+				Destroy: false,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlueCatalogTableExists("aws_glue_catalog_table.test"),
+					resource.TestCheckResourceAttr(
+						"aws_glue_catalog_table.test",
+						"name",
+						fmt.Sprintf("my_test_catalog_table_%d", rInt),
+					),
+					resource.TestCheckResourceAttr(
+						tableName,
+						"database_name",
+						fmt.Sprintf("my_test_catalog_database_%d", rInt),
+					),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSGlueCatalogTable_full(t *testing.T) {
 	rInt := acctest.RandInt()
 	description := "A test table from terraform"
 	tableName := "aws_glue_catalog_table.test"
 
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGlueTableDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config:  testAccGlueCatalogTable_full(rInt, description),
+				Destroy: false,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlueCatalogTableExists(tableName),
+					resource.TestCheckResourceAttr(tableName, "name", fmt.Sprintf("my_test_catalog_table_%d", rInt)),
+					resource.TestCheckResourceAttr(tableName, "database_name", fmt.Sprintf("my_test_catalog_database_%d", rInt)),
+					resource.TestCheckResourceAttr(tableName, "description", description),
+					resource.TestCheckResourceAttr(tableName, "owner", "my_owner"),
+					resource.TestCheckResourceAttr(tableName, "retention", "1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.name", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.type", "int"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.comment", "my_column1_comment"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.name", "my_column_2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.type", "string"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.comment", "my_column2_comment"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.location", "my_location"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.input_format", "SequenceFileInputFormat"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.output_format", "SequenceFileInputFormat"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.compressed", "false"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.number_of_buckets", "1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.name", "ser_de_name"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.parameters.param1", "param_val_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.serialization_library", "org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.bucket_columns.0", "bucket_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.sort_columns.0.column", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.sort_columns.0.sort_order", "1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.parameters.param1", "param1_val"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_names.0", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_value_location_maps.my_column_1", "my_column_1_val_loc_map"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_values.0", "skewed_val_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.stored_as_sub_directories", "false"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.name", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.type", "int"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.comment", "my_column_1_comment"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.name", "my_column_2"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.type", "string"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.comment", "my_column_2_comment"),
+					resource.TestCheckResourceAttr(tableName, "view_original_text", "view_original_text_1"),
+					resource.TestCheckResourceAttr(tableName, "view_expanded_text", "view_expanded_text_1"),
+					resource.TestCheckResourceAttr(tableName, "table_type", "VIRTUAL_VIEW"),
+					resource.TestCheckResourceAttr(tableName, "parameters.param1", "param1_val"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSGlueCatalogTable_update_addValues(t *testing.T) {
+	rInt := acctest.RandInt()
+	description := "A test table from terraform"
+	tableName := "aws_glue_catalog_table.test"
+
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
@@ -87,6 +175,114 @@ func TestAccAWSGlueCatalogTable_full(t *testing.T) {
 	})
 }
 
+func TestAccAWSGlueCatalogTable_update_replaceValues(t *testing.T) {
+	rInt := acctest.RandInt()
+	description := "A test table from terraform"
+	tableName := "aws_glue_catalog_table.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGlueTableDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config:  testAccGlueCatalogTable_full(rInt, description),
+				Destroy: false,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlueCatalogTableExists(tableName),
+					resource.TestCheckResourceAttr(tableName, "name", fmt.Sprintf("my_test_catalog_table_%d", rInt)),
+					resource.TestCheckResourceAttr(tableName, "database_name", fmt.Sprintf("my_test_catalog_database_%d", rInt)),
+					resource.TestCheckResourceAttr(tableName, "description", description),
+					resource.TestCheckResourceAttr(tableName, "owner", "my_owner"),
+					resource.TestCheckResourceAttr(tableName, "retention", "1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.name", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.type", "int"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.comment", "my_column1_comment"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.name", "my_column_2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.type", "string"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.comment", "my_column2_comment"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.location", "my_location"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.input_format", "SequenceFileInputFormat"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.output_format", "SequenceFileInputFormat"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.compressed", "false"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.number_of_buckets", "1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.name", "ser_de_name"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.parameters.param1", "param_val_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.serialization_library", "org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.bucket_columns.0", "bucket_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.sort_columns.0.column", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.sort_columns.0.sort_order", "1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.parameters.param1", "param1_val"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_names.0", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_value_location_maps.my_column_1", "my_column_1_val_loc_map"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_values.0", "skewed_val_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.stored_as_sub_directories", "false"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.name", "my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.type", "int"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.comment", "my_column_1_comment"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.name", "my_column_2"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.type", "string"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.comment", "my_column_2_comment"),
+					resource.TestCheckResourceAttr(tableName, "view_original_text", "view_original_text_1"),
+					resource.TestCheckResourceAttr(tableName, "view_expanded_text", "view_expanded_text_1"),
+					resource.TestCheckResourceAttr(tableName, "table_type", "VIRTUAL_VIEW"),
+					resource.TestCheckResourceAttr(tableName, "parameters.param1", "param1_val"),
+				),
+			},
+			{
+				Config:  testAccGlueCatalogTable_full_replacedValues(rInt),
+				Destroy: false,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlueCatalogTableExists(tableName),
+					resource.TestCheckResourceAttr(tableName, "name", fmt.Sprintf("my_test_catalog_table_%d", rInt)),
+					resource.TestCheckResourceAttr(tableName, "database_name", fmt.Sprintf("my_test_catalog_database_%d", rInt)),
+					resource.TestCheckResourceAttr(tableName, "description", "A test table from terraform2"),
+					resource.TestCheckResourceAttr(tableName, "owner", "my_owner2"),
+					resource.TestCheckResourceAttr(tableName, "retention", "2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.name", "my_column_12"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.type", "date"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.0.comment", "my_column1_comment2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.name", "my_column_22"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.type", "timestamp"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.columns.1.comment", "my_column2_comment2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.location", "my_location2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.input_format", "TextInputFormat"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.output_format", "TextInputFormat"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.compressed", "true"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.number_of_buckets", "12"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.name", "ser_de_name2"),
+					resource.TestCheckNoResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.parameters.param1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.parameters.param2", "param_val_12"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.ser_de_info.0.serialization_library", "org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.bucket_columns.0", "bucket_column_12"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.bucket_columns.1", "bucket_column_2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.sort_columns.0.column", "my_column_12"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.sort_columns.0.sort_order", "0"),
+					resource.TestCheckNoResourceAttr(tableName, "storage_descriptor.0.parameters.param1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.parameters.param12", "param1_val2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_names.0", "my_column_12"),
+					resource.TestCheckNoResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_value_location_maps.my_column_1"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_value_location_maps.my_column_12", "my_column_1_val_loc_map2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_values.0", "skewed_val_12"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.skewed_info.0.skewed_column_values.1", "skewed_val_2"),
+					resource.TestCheckResourceAttr(tableName, "storage_descriptor.0.stored_as_sub_directories", "true"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.name", "my_column_12"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.type", "date"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.0.comment", "my_column_1_comment2"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.name", "my_column_22"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.type", "timestamp"),
+					resource.TestCheckResourceAttr(tableName, "partition_keys.1.comment", "my_column_2_comment2"),
+					resource.TestCheckResourceAttr(tableName, "view_original_text", "view_original_text_12"),
+					resource.TestCheckResourceAttr(tableName, "view_expanded_text", "view_expanded_text_12"),
+					resource.TestCheckResourceAttr(tableName, "table_type", "EXTERNAL_TABLE"),
+					//resource.TestCheckResourceAttr(tableName, "parameters.param1", "param1_val"),
+					resource.TestCheckResourceAttr(tableName, "parameters.param2", "param1_val2"),
+				),
+			},
+		},
+	})
+}
+
 func testAccGlueCatalogTable_basic(rInt int) string {
 	return fmt.Sprintf(`
 resource "aws_glue_catalog_database" "test" {
@@ -182,6 +378,92 @@ resource "aws_glue_catalog_table" "test" {
 `, rInt, rInt, desc)
 }
 
+func testAccGlueCatalogTable_full_replacedValues(rInt int) string {
+	return fmt.Sprintf(`
+resource "aws_glue_catalog_database" "test" {
+  name = "my_test_catalog_database_%d"
+}
+
+resource "aws_glue_catalog_table" "test" {
+  name = "my_test_catalog_table_%d"
+  database_name = "${aws_glue_catalog_database.test.name}"
+  description = "A test table from terraform2"
+  owner = "my_owner2"
+  retention = 2
+  storage_descriptor {
+    columns = [
+     {
+       name = "my_column_12"
+       type = "date"
+       comment = "my_column1_comment2"
+     },
+     {
+       name = "my_column_22"
+       type = "timestamp"
+       comment = "my_column2_comment2"
+     }
+    ]
+	location = "my_location2"
+	input_format = "TextInputFormat"
+	output_format = "TextInputFormat"
+	compressed = true
+	number_of_buckets = 12
+	ser_de_info {
+      name = "ser_de_name2"
+      parameters {
+        param2 = "param_val_12"
+      }
+      serialization_library = "org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe2"
+	}
+	bucket_columns = [
+      "bucket_column_12",
+      "bucket_column_2"
+	]
+	sort_columns = [
+      {
+        column = "my_column_12"
+        sort_order = 0
+      }
+	]
+	parameters {
+      param12 = "param1_val2"
+	}
+	skewed_info {
+      skewed_column_names = [
+        "my_column_12"
+      ]
+      skewed_column_value_location_maps {
+        my_column_12 = "my_column_1_val_loc_map2"
+      }
+      skewed_column_values = [
+        "skewed_val_12",
+		"skewed_val_2"
+      ]
+	}
+	stored_as_sub_directories = true
+  }
+  partition_keys = [
+    {
+      name = "my_column_12"
+      type = "date"
+      comment = "my_column_1_comment2"
+    },
+    {
+      name = "my_column_22"
+      type = "timestamp"
+      comment = "my_column_2_comment2"
+    }
+  ]
+  view_original_text = "view_original_text_12"
+  view_expanded_text = "view_expanded_text_12"
+  table_type = "EXTERNAL_TABLE"
+  parameters {
+  	param2 = "param1_val2"
+  }
+}
+`, rInt, rInt)
+}
+
 func testAccCheckGlueTableDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).glueconn
 

From 25636548c604ced7361262862fe36cb32a6cc01d Mon Sep 17 00:00:00 2001
From: Tom Hutchinson <tom.hutchinson@beamly.com>
Date: Thu, 26 Apr 2018 16:01:02 +0100
Subject: [PATCH 13/71] add glue table md to documentation

---
 website/aws.erb                               |  3 +
 .../docs/r/glue_catalog_table.html.markdown   | 76 +++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 website/docs/r/glue_catalog_table.html.markdown

diff --git a/website/aws.erb b/website/aws.erb
index 8d4e5e77ebd..e1e5d969945 100644
--- a/website/aws.erb
+++ b/website/aws.erb
@@ -1099,6 +1099,9 @@
                         <li<%= sidebar_current("docs-aws-resource-glue-job") %>>
                             <a href="/docs/providers/aws/r/glue_job.html">aws_glue_job</a>
                         </li>
+                        <li<%= sidebar_current("docs-aws-resource-glue-catalog-table") %>>
+                            <a href="/docs/providers/aws/r/glue_catalog_table.html">aws_glue_catalog_table</a>
+                        </li>
                     </ul>
                  </li>
 
diff --git a/website/docs/r/glue_catalog_table.html.markdown b/website/docs/r/glue_catalog_table.html.markdown
new file mode 100644
index 00000000000..7855d3d9045
--- /dev/null
+++ b/website/docs/r/glue_catalog_table.html.markdown
@@ -0,0 +1,76 @@
+---
+layout: "aws"
+page_title: "AWS: aws_glue_catalog_table"
+sidebar_current: "docs-aws-resource-glue-catalog-table"
+description: |-
+  Provides a Glue Catalog Table.
+---
+
+# aws_glue_catalog_table
+
+Provides a Glue Catalog Table Resource. You can refer to the [Glue Developer Guide](http://docs.aws.amazon.com/glue/latest/dg/populate-data-catalog.html) for a full explanation of the Glue Data Catalog functionality.
+
+## Example Usage
+
+```hcl
+resource "aws_glue_catalog_table" "aws_glue_catalog_table" {
+  name = "MyCatalogTable"
+  database_name = "MyCatalogDatabase"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Name of the table. For Hive compatibility, this must be entirely lowercase.
+* `database_name` - (Required) Name of the metadata database where the table metadata resides. For Hive compatibility, this must be all lowercase.
+* `catalog_id` - (Optional) ID of the Glue Catalog and database to create the table in. If omitted, this defaults to the AWS Account ID plus the database name.
+* `description` - (Optional) Description of the table.
+* `owner` - (Optional) Owner of the table.
+* `retention` - (Optional) Retention time for this table.
+* `storage_descriptor` - (Optional) A [storage descriptor](#storage_descriptor) object containing information about the physical storage of this table. You can refer to the [Glue Developer Guide](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-catalog-tables.html#aws-glue-api-catalog-tables-StorageDescriptor) for a full explanation of this object.
+* `partition_keys` - (Optional) A list of columns by which the table is partitioned. Only primitive types are supported as partition keys.
+* `view_original_text` - (Optional) If the table is a view, the original text of the view; otherwise null.
+* `view_expanded_text` - (Optional) If the table is a view, the expanded text of the view; otherwise null.
+* `table_type` - (Optional) The type of this table (EXTERNAL_TABLE, VIRTUAL_VIEW, etc.).
+* `parameters` - (Optional) Properties associated with this table, as a list of key-value pairs.
+
+##### storage_descriptor
+
+* `columns` - (Optional) A list of the [Columns](#column) in the table.
+* `location` - (Optional) The physical location of the table. By default this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name.
+* `input_format` - (Optional) The input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format.
+* `output_format` - (Optional) The output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format.
+* `compressed` - (Optional) True if the data in the table is compressed, or False if not.
+* `number_of_buckets` - (Optional) Must be specified if the table contains any dimension columns.
+* `ser_de_info` - (Optional) [Serialization/deserialization (SerDe)](#ser_de_info) information.
+* `bucket_columns` - (Optional) A list of reducer grouping columns, clustering columns, and bucketing columns in the table.
+* `sort_columns` - (Optional) A list of [Order](#sort_column) objects specifying the sort order of each bucket in the table.
+* `parameters` - (Optional) User-supplied properties in key-value form.
+* `skewed_info` - (Optional) Information about values that appear very frequently in a column (skewed values).
+* `stored_as_sub_directories` - (Optional) True if the table data is stored in subdirectories, or False if not.
+
+##### column
+
+* `name` - (Required) The name of the Column.
+* `type` - (Optional) The datatype of data in the Column.
+* `comment` - (Optional) Free-form text comment.
+
+##### ser_de_info
+
+* `name` - (Optional) Name of the SerDe.
+* `parameters` - (Optional) Usually the class that implements the SerDe. An example is: org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe.
+* `serialization_library` - (Optional) A list of initialization parameters for the SerDe, in key-value form.
+
+##### sort_column
+
+* `column` - (Required) The name of the column.
+* `sort_order` - (Required) Indicates that the column is sorted in ascending order (== 1), or in descending order (==0).
+
+##### skewed_info
+
+* `skewed_column_names` - (Optional) A list of names of columns that contain skewed values.
+* `skewed_column_value_location_maps` - (Optional) A list of values that appear so frequently as to be considered skewed.
+* `skewed_column_values` - (Optional) A mapping of skewed values to the columns that contain them.
+

From 7862f926730cdb1d4f2edd317579008c59526564 Mon Sep 17 00:00:00 2001
From: Artem Iarmoliuk <koolgen@gmail.com>
Date: Thu, 26 Apr 2018 16:48:49 +0300
Subject: [PATCH 14/71] r/aws_launch_template: Fix address count interface
 attributes

---
 aws/resource_aws_launch_template.go          | 10 ++++++++--
 website/docs/r/launch_template.html.markdown |  4 ++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/aws/resource_aws_launch_template.go b/aws/resource_aws_launch_template.go
index 2497f717ba7..6aa619c26dd 100644
--- a/aws/resource_aws_launch_template.go
+++ b/aws/resource_aws_launch_template.go
@@ -982,9 +982,12 @@ func readNetworkInterfacesFromConfig(ni map[string]interface{}) *ec2.LaunchTempl
 			Ipv6Address: aws.String(address.(string)),
 		})
 	}
-	networkInterface.Ipv6AddressCount = aws.Int64(int64(len(ipv6AddressList)))
 	networkInterface.Ipv6Addresses = ipv6Addresses
 
+	if v := ni["ipv6_address_count"].(int); v > 0 {
+		networkInterface.Ipv6AddressCount = aws.Int64(int64(v))
+	}
+
 	ipv4AddressList := ni["ipv4_addresses"].(*schema.Set).List()
 	for _, address := range ipv4AddressList {
 		privateIp := &ec2.PrivateIpAddressSpecification{
@@ -993,9 +996,12 @@ func readNetworkInterfacesFromConfig(ni map[string]interface{}) *ec2.LaunchTempl
 		}
 		ipv4Addresses = append(ipv4Addresses, privateIp)
 	}
-	networkInterface.SecondaryPrivateIpAddressCount = aws.Int64(int64(len(ipv4AddressList)))
 	networkInterface.PrivateIpAddresses = ipv4Addresses
 
+	if v := ni["ipv4_address_count"].(int); v > 0 {
+		networkInterface.SecondaryPrivateIpAddressCount = aws.Int64(int64(v))
+	}
+
 	return networkInterface
 }
 
diff --git a/website/docs/r/launch_template.html.markdown b/website/docs/r/launch_template.html.markdown
index a4af2a67c97..f858a487836 100644
--- a/website/docs/r/launch_template.html.markdown
+++ b/website/docs/r/launch_template.html.markdown
@@ -200,6 +200,8 @@ The `monitoring` block supports the following:
 
 Attaches one or more [Network Interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) to the instance.
 
+Check limitations for autoscaling group in [Creating an Auto Scaling Group Using a Launch Template Guide](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-launch-template.html#limitations)
+
 Each `network_interfaces` block supports the following:
 
 * `associate_public_ip_address` - Associate a public ip address with the network interface.  Boolean value.
@@ -207,8 +209,10 @@ Each `network_interfaces` block supports the following:
 * `description` - Description of the network interface.
 * `device_index` - The integer index of the network interface attachment.
 * `ipv6_addresses` - One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet.
+* `ipv6_address_count` - The number of IPv6 addresses to assign to a network interface. Conflicts with `ipv6_addresses`
 * `network_interface_id` - The ID of the network interface to attach.
 * `private_ip_address` - The primary private IPv4 address.
+* `ipv4_address_count` - The number of secondary private IPv4 addresses to assign to a network interface.
 * `ipv4_addresses` - One or more private IPv4 addresses to associate.
 * `security_groups` - A list of security group IDs to associate.
 * `subnet_id` - The VPC Subnet ID to associate.

From e55a30ce858a3d8ee31bbd67fc8420fa3c69e68c Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Wed, 2 May 2018 16:34:04 -0400
Subject: [PATCH 15/71] Deps: Bump aws-sdk-go@v1.13.40

---
 .../aws/aws-sdk-go/aws/endpoints/defaults.go  |   33 +-
 .../aws/aws-sdk-go/aws/endpoints/endpoints.go |   18 +-
 .../github.com/aws/aws-sdk-go/aws/version.go  |    2 +-
 .../private/protocol/xml/xmlutil/unmarshal.go |   10 +-
 .../aws/aws-sdk-go/service/acm/api.go         |  107 +-
 .../aws/aws-sdk-go/service/acm/doc.go         |    2 +-
 .../aws/aws-sdk-go/service/codedeploy/api.go  |   11 +-
 .../aws-sdk-go/service/codedeploy/errors.go   |    6 +
 .../aws-sdk-go/service/codepipeline/api.go    | 1466 ++++++++++-
 .../aws-sdk-go/service/codepipeline/doc.go    |   41 +-
 .../aws-sdk-go/service/codepipeline/errors.go |   18 +
 .../aws/aws-sdk-go/service/devicefarm/api.go  |  971 ++++++-
 .../aws-sdk-go/service/devicefarm/errors.go   |    7 +
 .../aws/aws-sdk-go/service/dynamodb/api.go    |  856 +++++-
 .../aws/aws-sdk-go/service/dynamodb/errors.go |    6 +
 .../aws/aws-sdk-go/service/ec2/api.go         | 2320 ++++++++++++++++-
 .../service/elasticbeanstalk/api.go           |   20 +-
 .../aws/aws-sdk-go/service/firehose/api.go    |  994 +++++--
 .../aws/aws-sdk-go/service/firehose/doc.go    |    4 +-
 .../aws/aws-sdk-go/service/firehose/errors.go |    4 +-
 .../aws/aws-sdk-go/service/glacier/api.go     |    2 +-
 .../aws/aws-sdk-go/service/guardduty/api.go   |  117 +-
 .../aws/aws-sdk-go/service/iot/api.go         |  104 +-
 .../aws/aws-sdk-go/service/iot/doc.go         |    6 +-
 .../aws/aws-sdk-go/service/medialive/api.go   |  264 +-
 .../aws/aws-sdk-go/service/rds/api.go         |   13 +
 .../aws/aws-sdk-go/service/sagemaker/api.go   |  115 +
 .../aws-sdk-go/service/secretsmanager/api.go  |  262 +-
 .../aws-sdk-go/service/secretsmanager/doc.go  |   63 +-
 .../service/secretsmanager/errors.go          |    8 +-
 .../aws/aws-sdk-go/service/ssm/api.go         | 1001 ++++++-
 .../aws/aws-sdk-go/service/ssm/errors.go      |   27 +
 .../aws/aws-sdk-go/service/workspaces/api.go  | 1683 +++++++++++-
 .../aws-sdk-go/service/workspaces/errors.go   |   26 +-
 vendor/vendor.json                            |  952 +++----
 35 files changed, 10171 insertions(+), 1368 deletions(-)

diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index cef59d5cf76..55eff20774f 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -295,7 +295,15 @@ var awsPartition = partition{
 				Protocols: []string{"https"},
 			},
 			Endpoints: endpoints{
-				"us-east-1": endpoint{},
+				"ap-northeast-1": endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
 			},
 		},
 		"api.pricing": service{
@@ -646,6 +654,7 @@ var awsPartition = partition{
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
+				"eu-west-3":      endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
@@ -815,6 +824,7 @@ var awsPartition = partition{
 				"eu-west-1":      endpoint{},
 				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
@@ -1231,6 +1241,8 @@ var awsPartition = partition{
 
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
@@ -1559,6 +1571,7 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"eu-west-1": endpoint{},
 				"us-east-1": endpoint{},
+				"us-west-2": endpoint{},
 			},
 		},
 		"monitoring": service{
@@ -1770,6 +1783,7 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"eu-west-1": endpoint{},
 				"us-east-1": endpoint{},
+				"us-west-2": endpoint{},
 			},
 		},
 		"runtime.sagemaker": service{
@@ -1987,6 +2001,7 @@ var awsPartition = partition{
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"sa-east-1":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-east-2":      endpoint{},
 				"us-west-1":      endpoint{},
@@ -2749,6 +2764,16 @@ var awsusgovPartition = partition{
 				"us-gov-west-1": endpoint{},
 			},
 		},
+		"cloudhsmv2": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "cloudhsm",
+				},
+			},
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"cloudtrail": service{
 
 			Endpoints: endpoints{
@@ -2997,6 +3022,12 @@ var awsusgovPartition = partition{
 				"us-gov-west-1": endpoint{},
 			},
 		},
+		"storagegateway": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"streams.dynamodb": service{
 			Defaults: endpoint{
 				CredentialScope: credentialScope{
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
index d6be83c1921..e29c095121d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
@@ -206,10 +206,11 @@ func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (
 // enumerating over the regions in a partition.
 func (p Partition) Regions() map[string]Region {
 	rs := map[string]Region{}
-	for id := range p.p.Regions {
+	for id, r := range p.p.Regions {
 		rs[id] = Region{
-			id: id,
-			p:  p.p,
+			id:   id,
+			desc: r.Description,
+			p:    p.p,
 		}
 	}
 
@@ -240,6 +241,10 @@ type Region struct {
 // ID returns the region's identifier.
 func (r Region) ID() string { return r.id }
 
+// Description returns the region's description. The region description
+// is free text, it can be empty, and it may change between SDK releases.
+func (r Region) Description() string { return r.desc }
+
 // ResolveEndpoint resolves an endpoint from the context of the region given
 // a service. See Partition.EndpointFor for usage and errors that can be returned.
 func (r Region) ResolveEndpoint(service string, opts ...func(*Options)) (ResolvedEndpoint, error) {
@@ -284,10 +289,11 @@ func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (Resolve
 func (s Service) Regions() map[string]Region {
 	rs := map[string]Region{}
 	for id := range s.p.Services[s.id].Endpoints {
-		if _, ok := s.p.Regions[id]; ok {
+		if r, ok := s.p.Regions[id]; ok {
 			rs[id] = Region{
-				id: id,
-				p:  s.p,
+				id:   id,
+				desc: r.Description,
+				p:    s.p,
 			}
 		}
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index 680a5b2ac26..9928c7999f6 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.13.32"
+const SDKVersion = "1.13.40"
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
index 87584628a2b..a6c25ba3772 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
@@ -52,9 +52,15 @@ func parse(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
 	if t == "" {
 		switch rtype.Kind() {
 		case reflect.Struct:
-			t = "structure"
+			// also it can't be a time object
+			if _, ok := r.Interface().(*time.Time); !ok {
+				t = "structure"
+			}
 		case reflect.Slice:
-			t = "list"
+			// also it can't be a byte slice
+			if _, ok := r.Interface().([]byte); !ok {
+				t = "list"
+			}
 		case reflect.Map:
 			t = "map"
 		}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/acm/api.go b/vendor/github.com/aws/aws-sdk-go/service/acm/api.go
index 71e24031620..ebd39034574 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/acm/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/acm/api.go
@@ -71,7 +71,7 @@ func (c *ACM) AddTagsToCertificateRequest(input *AddTagsToCertificateInput) (req
 // if you want to specify a relationship among those resources. For example,
 // you can add the same tag to an ACM certificate and an Elastic Load Balancing
 // load balancer to indicate that they are both used by the same website. For
-// more information, see Tagging ACM certificates (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/tags.html).
+// more information, see Tagging ACM certificates (http://docs.aws.amazon.com/acm/latest/userguide/tags.html).
 //
 // To remove one or more tags, use the RemoveTagsFromCertificate action. To
 // view all of the tags that have been applied to the certificate, use the ListTagsForCertificate
@@ -345,12 +345,13 @@ func (c *ACM) ExportCertificateRequest(input *ExportCertificateInput) (req *requ
 
 // ExportCertificate API operation for AWS Certificate Manager.
 //
-// Exports a certificate for use anywhere. You can export the certificate, the
-// certificate chain, and the encrypted private key associated with the public
-// key embedded in the certificate. You must store the private key securely.
-// The private key is a 2048 bit RSA key. You must provide a passphrase for
-// the private key when exporting it. You can use the following OpenSSL command
-// to decrypt it later. Provide the passphrase when prompted.
+// Exports a private certificate issued by a private certificate authority (CA)
+// for use anywhere. You can export the certificate, the certificate chain,
+// and the encrypted private key associated with the public key embedded in
+// the certificate. You must store the private key securely. The private key
+// is a 2048 bit RSA key. You must provide a passphrase for the private key
+// when exporting it. You can use the following OpenSSL command to decrypt it
+// later. Provide the passphrase when prompted.
 //
 // openssl rsa -in encrypted_key.pem -out decrypted_key.pem
 //
@@ -532,15 +533,15 @@ func (c *ACM) ImportCertificateRequest(input *ImportCertificateInput) (req *requ
 // ImportCertificate API operation for AWS Certificate Manager.
 //
 // Imports a certificate into AWS Certificate Manager (ACM) to use with services
-// that are integrated with ACM. Note that integrated services (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-services.html)
+// that are integrated with ACM. Note that integrated services (http://docs.aws.amazon.com/acm/latest/userguide/acm-services.html)
 // allow only certificate types and keys they support to be associated with
 // their resources. Further, their support differs depending on whether the
 // certificate is imported into IAM or into ACM. For more information, see the
 // documentation for each service. For more information about importing certificates
-// into ACM, see Importing Certificates (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/import-certificate.html)
+// into ACM, see Importing Certificates (http://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html)
 // in the AWS Certificate Manager User Guide.
 //
-// ACM does not provide managed renewal (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-renewal.html)
+// ACM does not provide managed renewal (http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html)
 // for certificates that you import.
 //
 // Note the following guidelines when importing third party certificates:
@@ -569,13 +570,17 @@ func (c *ACM) ImportCertificateRequest(input *ImportCertificateInput) (req *requ
 //    * To import a new certificate, omit the CertificateArn argument. Include
 //    this argument only when you want to replace a previously imported certificate.
 //
-//    * When you import a certificate by using the CLI or one of the SDKs, you
-//    must specify the certificate, the certificate chain, and the private key
-//    by their file names preceded by file://. For example, you can specify
-//    a certificate saved in the C:\temp folder as file://C:\temp\certificate_to_import.pem.
+//    * When you import a certificate by using the CLI, you must specify the
+//    certificate, the certificate chain, and the private key by their file
+//    names preceded by file://. For example, you can specify a certificate
+//    saved in the C:\temp folder as file://C:\temp\certificate_to_import.pem.
 //    If you are making an HTTP or HTTPS Query request, include these arguments
 //    as BLOBs.
 //
+//    * When you import a certificate by using an SDK, you must specify the
+//    certificate, the certificate chain, and the private key files in the manner
+//    required by the programming language you're using.
+//
 // This operation returns the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
 // of the imported certificate.
 //
@@ -975,22 +980,17 @@ func (c *ACM) RequestCertificateRequest(input *RequestCertificateInput) (req *re
 // RequestCertificate API operation for AWS Certificate Manager.
 //
 // Requests an ACM certificate for use with other AWS services. To request an
-// ACM certificate, you must specify the fully qualified domain name (FQDN)
-// for your site in the DomainName parameter. You can also specify additional
-// FQDNs in the SubjectAlternativeNames parameter.
-//
-// Each domain name that you specify must be validated to verify that you own
-// or control the domain. You can use DNS validation (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/gs-acm-validate-dns.html)
-// or email validation (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/gs-acm-validate-email.html).
-// We recommend that you use DNS validation.
-//
-// If you choose email validation, email is sent to the domain owner to request
-// approval to issue the certificate. Email is sent to three registered contact
-// addresses in the WHOIS database and to five common system administration
-// addresses formed from the DomainName you enter or the optional ValidationDomain
-// parameter. For more information, see Validate with Email (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/gs-acm-validate-email.html).
-//
-// After receiving approval from the domain owner, the ACM certificate is issued.
+// ACM certificate, you must specify a fully qualified domain name (FQDN) in
+// the DomainName parameter. You can also specify additional FQDNs in the SubjectAlternativeNames
+// parameter.
+//
+// If you are requesting a private certificate, domain validation is not required.
+// If you are requesting a public certificate, each domain name that you specify
+// must be validated to verify that you own or control the domain. You can use
+// DNS validation (http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html)
+// or email validation (http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html).
+// We recommend that you use DNS validation. ACM issues public certificates
+// after receiving approval from the domain owner.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -1087,7 +1087,7 @@ func (c *ACM) ResendValidationEmailRequest(input *ResendValidationEmailInput) (r
 // more than 72 hours have elapsed since your original request or since your
 // last attempt to resend validation mail, you must request a new certificate.
 // For more information about setting up your contact email addresses, see Configure
-// Email for your Domain (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/setup-email.html).
+// Email for your Domain (http://docs.aws.amazon.com/acm/latest/userguide/setup-email.html).
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -1181,7 +1181,7 @@ func (c *ACM) UpdateCertificateOptionsRequest(input *UpdateCertificateOptionsInp
 // Updates a certificate. Currently, you can use this function to specify whether
 // to opt in to or out of recording your certificate in a certificate transparency
 // log. For more information, see  Opting Out of Certificate Transparency Logging
-// (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-bestpractices.html#best-practices-transparency).
+// (http://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency).
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -1350,7 +1350,7 @@ type CertificateDetail struct {
 
 	// The reason the certificate request failed. This value exists only when the
 	// certificate status is FAILED. For more information, see Certificate Request
-	// Failed (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/troubleshooting.html#troubleshooting-failed)
+	// Failed (http://docs.aws.amazon.com/acm/latest/userguide/troubleshooting.html#troubleshooting-failed)
 	// in the AWS Certificate Manager User Guide.
 	FailureReason *string `type:"string" enum:"FailureReason"`
 
@@ -1394,7 +1394,7 @@ type CertificateDetail struct {
 	// Specifies whether the certificate is eligible for renewal.
 	RenewalEligibility *string `type:"string" enum:"RenewalEligibility"`
 
-	// Contains information about the status of ACM's managed renewal (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-renewal.html)
+	// Contains information about the status of ACM's managed renewal (http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html)
 	// for the certificate. This field exists only when the certificate type is
 	// AMAZON_ISSUED.
 	RenewalSummary *RenewalSummary `type:"structure"`
@@ -1429,10 +1429,10 @@ type CertificateDetail struct {
 
 	// The source of the certificate. For certificates provided by ACM, this value
 	// is AMAZON_ISSUED. For certificates that you imported with ImportCertificate,
-	// this value is IMPORTED. ACM does not provide managed renewal (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-renewal.html)
+	// this value is IMPORTED. ACM does not provide managed renewal (http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html)
 	// for imported certificates. For more information about the differences between
 	// certificates that you import and those that ACM provides, see Importing Certificates
-	// (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/import-certificate.html)
+	// (http://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html)
 	// in the AWS Certificate Manager User Guide.
 	Type *string `type:"string" enum:"CertificateType"`
 }
@@ -1609,7 +1609,7 @@ func (s *CertificateDetail) SetType(v string) *CertificateDetail {
 // be recorded in a log. Certificates that are not logged typically generate
 // a browser error. Transparency makes it possible for you to detect SSL/TLS
 // certificates that have been mistakenly or maliciously issued for your domain.
-// For general information, see Certificate Transparency Logging (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-concepts.html#concept-transparency).
+// For general information, see Certificate Transparency Logging (http://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency).
 type CertificateOptions struct {
 	_ struct{} `type:"structure"`
 
@@ -1815,7 +1815,7 @@ type DomainValidation struct {
 	DomainName *string `min:"1" type:"string" required:"true"`
 
 	// Contains the CNAME record that you add to your DNS database for domain validation.
-	// For more information, see Use DNS to Validate Domain Ownership (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/gs-acm-validate-dns.html).
+	// For more information, see Use DNS to Validate Domain Ownership (http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html).
 	ResourceRecord *ResourceRecord `type:"structure"`
 
 	// The domain name that ACM used to send domain validation emails.
@@ -2647,14 +2647,14 @@ func (s RemoveTagsFromCertificateOutput) GoString() string {
 	return s.String()
 }
 
-// Contains information about the status of ACM's managed renewal (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-renewal.html)
+// Contains information about the status of ACM's managed renewal (http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html)
 // for the certificate. This structure exists only when the certificate type
 // is AMAZON_ISSUED.
 type RenewalSummary struct {
 	_ struct{} `type:"structure"`
 
 	// Contains information about the validation of each domain name in the certificate,
-	// as it pertains to ACM's managed renewal (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-renewal.html).
+	// as it pertains to ACM's managed renewal (http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html).
 	// This is different from the initial validation that occurs as a result of
 	// the RequestCertificate request. This field exists only when the certificate
 	// type is AMAZON_ISSUED.
@@ -2662,7 +2662,7 @@ type RenewalSummary struct {
 	// DomainValidationOptions is a required field
 	DomainValidationOptions []*DomainValidation `min:"1" type:"list" required:"true"`
 
-	// The status of ACM's managed renewal (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-renewal.html)
+	// The status of ACM's managed renewal (http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html)
 	// of the certificate.
 	//
 	// RenewalStatus is a required field
@@ -2695,18 +2695,19 @@ type RequestCertificateInput struct {
 	_ struct{} `type:"structure"`
 
 	// The Amazon Resource Name (ARN) of the private certificate authority (CA)
-	// that will be used to issue the certificate. For more information about private
-	// CAs, see the AWS Certificate Manager Private Certificate Authority (PCA)
-	// (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm-pca/latest/userguide/PcaWelcome.html)
+	// that will be used to issue the certificate. If you do not provide an ARN
+	// and you are trying to request a private certificate, ACM will attempt to
+	// issue a public certificate. For more information about private CAs, see the
+	// AWS Certificate Manager Private Certificate Authority (PCA) (http://docs.aws.amazon.com/acm-pca/latest/userguide/PcaWelcome.html)
 	// user guide. The ARN must have the following form:
 	//
 	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
 	CertificateAuthorityArn *string `min:"20" type:"string"`
 
-	// Fully qualified domain name (FQDN), such as www.example.com, of the site
-	// that you want to secure with an ACM Certificate. Use an asterisk (*) to create
-	// a wildcard certificate that protects several sites in the same domain. For
-	// example, *.example.com protects www.example.com, site.example.com, and images.example.com.
+	// Fully qualified domain name (FQDN), such as www.example.com, that you want
+	// to secure with an ACM certificate. Use an asterisk (*) to create a wildcard
+	// certificate that protects several sites in the same domain. For example,
+	// *.example.com protects www.example.com, site.example.com, and images.example.com.
 	//
 	// The first domain name you enter cannot exceed 63 octets, including periods.
 	// Each subsequent Subject Alternative Name (SAN), however, can be up to 253
@@ -2732,7 +2733,7 @@ type RequestCertificateInput struct {
 	// to detect SSL/TLS certificates that have been mistakenly or maliciously issued.
 	// Certificates that have not been logged typically produce an error message
 	// in a browser. For more information, see Opting Out of Certificate Transparency
-	// Logging (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-bestpractices.html#best-practices-transparency).
+	// Logging (http://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency).
 	Options *CertificateOptions `type:"structure"`
 
 	// Additional FQDNs to be included in the Subject Alternative Name extension
@@ -2741,7 +2742,7 @@ type RequestCertificateInput struct {
 	// site by using either name. The maximum number of domain names that you can
 	// add to an ACM certificate is 100. However, the initial limit is 10 domain
 	// names. If you need more than 10 names, you must request a limit increase.
-	// For more information, see Limits (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/acm-limits.html).
+	// For more information, see Limits (http://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html).
 	//
 	// The maximum length of a SAN DNS name is 253 octets. The name is made up of
 	// multiple labels separated by periods. No label can be longer than 63 octets.
@@ -2759,9 +2760,9 @@ type RequestCertificateInput struct {
 	//    the total length of the DNS name (63+1+63+1+63+1+62) exceeds 253 octets.
 	SubjectAlternativeNames []*string `min:"1" type:"list"`
 
-	// The method you want to use to validate that you own or control domain. You
-	// can validate with DNS (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/gs-acm-validate-dns.html)
-	// or validate with email (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/gs-acm-validate-email.html).
+	// The method you want to use if you are requesting a public certificate to
+	// validate that you own or control domain. You can validate with DNS (http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html)
+	// or validate with email (http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html).
 	// We recommend that you use DNS validation.
 	ValidationMethod *string `type:"string" enum:"ValidationMethod"`
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/service/acm/doc.go b/vendor/github.com/aws/aws-sdk-go/service/acm/doc.go
index a8e67c4240d..8a183a969ee 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/acm/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/acm/doc.go
@@ -7,7 +7,7 @@
 //
 // You can use ACM to manage SSL/TLS certificates for your AWS-based websites
 // and applications. For general information about using ACM, see the AWS Certificate
-// Manager User Guide (http://docs.aws.amazon.com/http:/docs.aws.amazon.comacm/latest/userguide/).
+// Manager User Guide (http://docs.aws.amazon.com/acm/latest/userguide/).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08 for more information on this service.
 //
diff --git a/vendor/github.com/aws/aws-sdk-go/service/codedeploy/api.go b/vendor/github.com/aws/aws-sdk-go/service/codedeploy/api.go
index efec20fcffa..d5169b08161 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/codedeploy/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/codedeploy/api.go
@@ -986,6 +986,9 @@ func (c *CodeDeploy) CreateDeploymentRequest(input *CreateDeploymentInput) (req
 //   The IgnoreApplicationStopFailures value is invalid. For AWS Lambda deployments,
 //   false is expected. For EC2/On-premises deployments, true or false is expected.
 //
+//   * ErrCodeInvalidGitHubAccountTokenException "InvalidGitHubAccountTokenException"
+//   The GitHub token is not valid.
+//
 // See also, https://docs.aws.amazon.com/goto/WebAPI/codedeploy-2014-10-06/CreateDeployment
 func (c *CodeDeploy) CreateDeployment(input *CreateDeploymentInput) (*CreateDeploymentOutput, error) {
 	req, out := c.CreateDeploymentRequest(input)
@@ -6678,10 +6681,10 @@ type DeploymentReadyOption struct {
 	//    after the new application revision is installed on the instances in the
 	//    replacement environment.
 	//
-	//    * STOP_DEPLOYMENT: Do not register new instances with load balancer unless
-	//    traffic is rerouted manually. If traffic is not rerouted manually before
-	//    the end of the specified wait period, the deployment status is changed
-	//    to Stopped.
+	//    * STOP_DEPLOYMENT: Do not register new instances with a load balancer
+	//    unless traffic rerouting is started using ContinueDeployment. If traffic
+	//    rerouting is not started before the end of the specified wait period,
+	//    the deployment status is changed to Stopped.
 	ActionOnTimeout *string `locationName:"actionOnTimeout" type:"string" enum:"DeploymentReadyAction"`
 
 	// The number of minutes to wait before the status of a blue/green deployment
diff --git a/vendor/github.com/aws/aws-sdk-go/service/codedeploy/errors.go b/vendor/github.com/aws/aws-sdk-go/service/codedeploy/errors.go
index 963a57a533f..c3af4b0ddb8 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/codedeploy/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/codedeploy/errors.go
@@ -345,6 +345,12 @@ const (
 	// "DISALLOW", "OVERWRITE", and "RETAIN".
 	ErrCodeInvalidFileExistsBehaviorException = "InvalidFileExistsBehaviorException"
 
+	// ErrCodeInvalidGitHubAccountTokenException for service response error code
+	// "InvalidGitHubAccountTokenException".
+	//
+	// The GitHub token is not valid.
+	ErrCodeInvalidGitHubAccountTokenException = "InvalidGitHubAccountTokenException"
+
 	// ErrCodeInvalidGitHubAccountTokenNameException for service response error code
 	// "InvalidGitHubAccountTokenNameException".
 	//
diff --git a/vendor/github.com/aws/aws-sdk-go/service/codepipeline/api.go b/vendor/github.com/aws/aws-sdk-go/service/codepipeline/api.go
index 9e895f1e144..d308cfb9460 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/codepipeline/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/codepipeline/api.go
@@ -419,8 +419,11 @@ func (c *CodePipeline) DeleteCustomActionTypeRequest(input *DeleteCustomActionTy
 // Marks a custom action as deleted. PollForJobs for the custom action will
 // fail after the action is marked for deletion. Only used for custom actions.
 //
-// You cannot recreate a custom action after it has been deleted unless you
-// increase the version number of the action.
+// To re-create a custom action after it has been deleted you must use a string
+// in the version field that has never been used before. This string can be
+// an incremented version number, for example. To restore a deleted custom action,
+// use a JSON file that is identical to the deleted action, including the original
+// string in the version field.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -536,6 +539,173 @@ func (c *CodePipeline) DeletePipelineWithContext(ctx aws.Context, input *DeleteP
 	return out, req.Send()
 }
 
+const opDeleteWebhook = "DeleteWebhook"
+
+// DeleteWebhookRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteWebhook operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteWebhook for more information on using the DeleteWebhook
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DeleteWebhookRequest method.
+//    req, resp := client.DeleteWebhookRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/DeleteWebhook
+func (c *CodePipeline) DeleteWebhookRequest(input *DeleteWebhookInput) (req *request.Request, output *DeleteWebhookOutput) {
+	op := &request.Operation{
+		Name:       opDeleteWebhook,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DeleteWebhookInput{}
+	}
+
+	output = &DeleteWebhookOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DeleteWebhook API operation for AWS CodePipeline.
+//
+// Deletes a previously created webhook by name. Deleting the webhook stops
+// AWS CodePipeline from starting a pipeline every time an external event occurs.
+// The API will return successfully when trying to delete a webhook that is
+// already deleted. If a deleted webhook is re-created by calling PutWebhook
+// with the same name, it will have a different URL.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS CodePipeline's
+// API operation DeleteWebhook for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeValidationException "ValidationException"
+//   The validation was specified in an invalid format.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/DeleteWebhook
+func (c *CodePipeline) DeleteWebhook(input *DeleteWebhookInput) (*DeleteWebhookOutput, error) {
+	req, out := c.DeleteWebhookRequest(input)
+	return out, req.Send()
+}
+
+// DeleteWebhookWithContext is the same as DeleteWebhook with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteWebhook for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CodePipeline) DeleteWebhookWithContext(ctx aws.Context, input *DeleteWebhookInput, opts ...request.Option) (*DeleteWebhookOutput, error) {
+	req, out := c.DeleteWebhookRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeregisterWebhookWithThirdParty = "DeregisterWebhookWithThirdParty"
+
+// DeregisterWebhookWithThirdPartyRequest generates a "aws/request.Request" representing the
+// client's request for the DeregisterWebhookWithThirdParty operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeregisterWebhookWithThirdParty for more information on using the DeregisterWebhookWithThirdParty
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DeregisterWebhookWithThirdPartyRequest method.
+//    req, resp := client.DeregisterWebhookWithThirdPartyRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/DeregisterWebhookWithThirdParty
+func (c *CodePipeline) DeregisterWebhookWithThirdPartyRequest(input *DeregisterWebhookWithThirdPartyInput) (req *request.Request, output *DeregisterWebhookWithThirdPartyOutput) {
+	op := &request.Operation{
+		Name:       opDeregisterWebhookWithThirdParty,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DeregisterWebhookWithThirdPartyInput{}
+	}
+
+	output = &DeregisterWebhookWithThirdPartyOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DeregisterWebhookWithThirdParty API operation for AWS CodePipeline.
+//
+// Removes the connection between the webhook that was created by CodePipeline
+// and the external tool with events to be detected. Currently only supported
+// for webhooks that target an action type of GitHub.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS CodePipeline's
+// API operation DeregisterWebhookWithThirdParty for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeValidationException "ValidationException"
+//   The validation was specified in an invalid format.
+//
+//   * ErrCodeWebhookNotFoundException "WebhookNotFoundException"
+//   The specified webhook was entered in an invalid format or cannot be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/DeregisterWebhookWithThirdParty
+func (c *CodePipeline) DeregisterWebhookWithThirdParty(input *DeregisterWebhookWithThirdPartyInput) (*DeregisterWebhookWithThirdPartyOutput, error) {
+	req, out := c.DeregisterWebhookWithThirdPartyRequest(input)
+	return out, req.Send()
+}
+
+// DeregisterWebhookWithThirdPartyWithContext is the same as DeregisterWebhookWithThirdParty with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeregisterWebhookWithThirdParty for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CodePipeline) DeregisterWebhookWithThirdPartyWithContext(ctx aws.Context, input *DeregisterWebhookWithThirdPartyInput, opts ...request.Option) (*DeregisterWebhookWithThirdPartyOutput, error) {
+	req, out := c.DeregisterWebhookWithThirdPartyRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDisableStageTransition = "DisableStageTransition"
 
 // DisableStageTransitionRequest generates a "aws/request.Request" representing the
@@ -1375,6 +1545,9 @@ func (c *CodePipeline) ListPipelinesRequest(input *ListPipelinesInput) (req *req
 // API operation ListPipelines for usage and error information.
 //
 // Returned Error Codes:
+//   * ErrCodeValidationException "ValidationException"
+//   The validation was specified in an invalid format.
+//
 //   * ErrCodeInvalidNextTokenException "InvalidNextTokenException"
 //   The next token was specified in an invalid format. Make sure that the next
 //   token you provided is the token returned by a previous call.
@@ -1401,6 +1574,91 @@ func (c *CodePipeline) ListPipelinesWithContext(ctx aws.Context, input *ListPipe
 	return out, req.Send()
 }
 
+const opListWebhooks = "ListWebhooks"
+
+// ListWebhooksRequest generates a "aws/request.Request" representing the
+// client's request for the ListWebhooks operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListWebhooks for more information on using the ListWebhooks
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the ListWebhooksRequest method.
+//    req, resp := client.ListWebhooksRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/ListWebhooks
+func (c *CodePipeline) ListWebhooksRequest(input *ListWebhooksInput) (req *request.Request, output *ListWebhooksOutput) {
+	op := &request.Operation{
+		Name:       opListWebhooks,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &ListWebhooksInput{}
+	}
+
+	output = &ListWebhooksOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListWebhooks API operation for AWS CodePipeline.
+//
+// Gets a listing of all the webhooks in this region for this account. The output
+// lists all webhooks and includes the webhook URL and ARN, as well the configuration
+// for each webhook.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS CodePipeline's
+// API operation ListWebhooks for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeValidationException "ValidationException"
+//   The validation was specified in an invalid format.
+//
+//   * ErrCodeInvalidNextTokenException "InvalidNextTokenException"
+//   The next token was specified in an invalid format. Make sure that the next
+//   token you provided is the token returned by a previous call.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/ListWebhooks
+func (c *CodePipeline) ListWebhooks(input *ListWebhooksInput) (*ListWebhooksOutput, error) {
+	req, out := c.ListWebhooksRequest(input)
+	return out, req.Send()
+}
+
+// ListWebhooksWithContext is the same as ListWebhooks with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListWebhooks for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CodePipeline) ListWebhooksWithContext(ctx aws.Context, input *ListWebhooksInput, opts ...request.Option) (*ListWebhooksOutput, error) {
+	req, out := c.ListWebhooksRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opPollForJobs = "PollForJobs"
 
 // PollForJobsRequest generates a "aws/request.Request" representing the
@@ -1445,7 +1703,10 @@ func (c *CodePipeline) PollForJobsRequest(input *PollForJobsInput) (req *request
 
 // PollForJobs API operation for AWS CodePipeline.
 //
-// Returns information about any jobs for AWS CodePipeline to act upon.
+// Returns information about any jobs for AWS CodePipeline to act upon. PollForJobs
+// is only valid for action types with "Custom" in the owner field. If the action
+// type contains "AWS" or "ThirdParty" in the owner field, the PollForJobs action
+// returns an error.
 //
 // When this API is called, AWS CodePipeline returns temporary credentials for
 // the Amazon S3 bucket used to store artifacts for the pipeline, if the action
@@ -2116,203 +2377,385 @@ func (c *CodePipeline) PutThirdPartyJobSuccessResultWithContext(ctx aws.Context,
 	return out, req.Send()
 }
 
-const opRetryStageExecution = "RetryStageExecution"
+const opPutWebhook = "PutWebhook"
 
-// RetryStageExecutionRequest generates a "aws/request.Request" representing the
-// client's request for the RetryStageExecution operation. The "output" return
+// PutWebhookRequest generates a "aws/request.Request" representing the
+// client's request for the PutWebhook operation. The "output" return
 // value will be populated with the request's response once the request completes
 // successfuly.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See RetryStageExecution for more information on using the RetryStageExecution
+// See PutWebhook for more information on using the PutWebhook
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the RetryStageExecutionRequest method.
-//    req, resp := client.RetryStageExecutionRequest(params)
+//    // Example sending a request using the PutWebhookRequest method.
+//    req, resp := client.PutWebhookRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/RetryStageExecution
-func (c *CodePipeline) RetryStageExecutionRequest(input *RetryStageExecutionInput) (req *request.Request, output *RetryStageExecutionOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/PutWebhook
+func (c *CodePipeline) PutWebhookRequest(input *PutWebhookInput) (req *request.Request, output *PutWebhookOutput) {
 	op := &request.Operation{
-		Name:       opRetryStageExecution,
+		Name:       opPutWebhook,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &RetryStageExecutionInput{}
+		input = &PutWebhookInput{}
 	}
 
-	output = &RetryStageExecutionOutput{}
+	output = &PutWebhookOutput{}
 	req = c.newRequest(op, input, output)
 	return
 }
 
-// RetryStageExecution API operation for AWS CodePipeline.
+// PutWebhook API operation for AWS CodePipeline.
 //
-// Resumes the pipeline execution by retrying the last failed actions in a stage.
+// Defines a webhook and returns a unique webhook URL generated by CodePipeline.
+// This URL can be supplied to third party source hosting providers to call
+// every time there's a code change. When CodePipeline receives a POST request
+// on this URL, the pipeline defined in the webhook is started as long as the
+// POST request satisfied the authentication and filtering requirements supplied
+// when defining the webhook. RegisterWebhookWithThirdParty and DeregisterWebhookWithThirdParty
+// APIs can be used to automatically configure supported third parties to call
+// the generated webhook URL.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for AWS CodePipeline's
-// API operation RetryStageExecution for usage and error information.
+// API operation PutWebhook for usage and error information.
 //
 // Returned Error Codes:
 //   * ErrCodeValidationException "ValidationException"
 //   The validation was specified in an invalid format.
 //
-//   * ErrCodePipelineNotFoundException "PipelineNotFoundException"
-//   The specified pipeline was specified in an invalid format or cannot be found.
+//   * ErrCodeLimitExceededException "LimitExceededException"
+//   The number of pipelines associated with the AWS account has exceeded the
+//   limit allowed for the account.
 //
-//   * ErrCodeStageNotFoundException "StageNotFoundException"
-//   The specified stage was specified in an invalid format or cannot be found.
+//   * ErrCodeInvalidWebhookFilterPatternException "InvalidWebhookFilterPatternException"
+//   The specified event filter rule is in an invalid format.
 //
-//   * ErrCodeStageNotRetryableException "StageNotRetryableException"
-//   The specified stage can't be retried because the pipeline structure or stage
-//   state changed after the stage was not completed; the stage contains no failed
-//   actions; one or more actions are still in progress; or another retry attempt
-//   is already in progress.
+//   * ErrCodeInvalidWebhookAuthenticationParametersException "InvalidWebhookAuthenticationParametersException"
+//   The specified authentication type is in an invalid format.
 //
-//   * ErrCodeNotLatestPipelineExecutionException "NotLatestPipelineExecutionException"
-//   The stage has failed in a later run of the pipeline and the pipelineExecutionId
-//   associated with the request is out of date.
+//   * ErrCodePipelineNotFoundException "PipelineNotFoundException"
+//   The specified pipeline was specified in an invalid format or cannot be found.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/RetryStageExecution
-func (c *CodePipeline) RetryStageExecution(input *RetryStageExecutionInput) (*RetryStageExecutionOutput, error) {
-	req, out := c.RetryStageExecutionRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/PutWebhook
+func (c *CodePipeline) PutWebhook(input *PutWebhookInput) (*PutWebhookOutput, error) {
+	req, out := c.PutWebhookRequest(input)
 	return out, req.Send()
 }
 
-// RetryStageExecutionWithContext is the same as RetryStageExecution with the addition of
+// PutWebhookWithContext is the same as PutWebhook with the addition of
 // the ability to pass a context and additional request options.
 //
-// See RetryStageExecution for details on how to use this API operation.
+// See PutWebhook for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CodePipeline) RetryStageExecutionWithContext(ctx aws.Context, input *RetryStageExecutionInput, opts ...request.Option) (*RetryStageExecutionOutput, error) {
-	req, out := c.RetryStageExecutionRequest(input)
+func (c *CodePipeline) PutWebhookWithContext(ctx aws.Context, input *PutWebhookInput, opts ...request.Option) (*PutWebhookOutput, error) {
+	req, out := c.PutWebhookRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opStartPipelineExecution = "StartPipelineExecution"
+const opRegisterWebhookWithThirdParty = "RegisterWebhookWithThirdParty"
 
-// StartPipelineExecutionRequest generates a "aws/request.Request" representing the
-// client's request for the StartPipelineExecution operation. The "output" return
+// RegisterWebhookWithThirdPartyRequest generates a "aws/request.Request" representing the
+// client's request for the RegisterWebhookWithThirdParty operation. The "output" return
 // value will be populated with the request's response once the request completes
 // successfuly.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See StartPipelineExecution for more information on using the StartPipelineExecution
+// See RegisterWebhookWithThirdParty for more information on using the RegisterWebhookWithThirdParty
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the StartPipelineExecutionRequest method.
-//    req, resp := client.StartPipelineExecutionRequest(params)
+//    // Example sending a request using the RegisterWebhookWithThirdPartyRequest method.
+//    req, resp := client.RegisterWebhookWithThirdPartyRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/StartPipelineExecution
-func (c *CodePipeline) StartPipelineExecutionRequest(input *StartPipelineExecutionInput) (req *request.Request, output *StartPipelineExecutionOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/RegisterWebhookWithThirdParty
+func (c *CodePipeline) RegisterWebhookWithThirdPartyRequest(input *RegisterWebhookWithThirdPartyInput) (req *request.Request, output *RegisterWebhookWithThirdPartyOutput) {
 	op := &request.Operation{
-		Name:       opStartPipelineExecution,
+		Name:       opRegisterWebhookWithThirdParty,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &StartPipelineExecutionInput{}
+		input = &RegisterWebhookWithThirdPartyInput{}
 	}
 
-	output = &StartPipelineExecutionOutput{}
+	output = &RegisterWebhookWithThirdPartyOutput{}
 	req = c.newRequest(op, input, output)
 	return
 }
 
-// StartPipelineExecution API operation for AWS CodePipeline.
+// RegisterWebhookWithThirdParty API operation for AWS CodePipeline.
 //
-// Starts the specified pipeline. Specifically, it begins processing the latest
-// commit to the source location specified as part of the pipeline.
+// Configures a connection between the webhook that was created and the external
+// tool with events to be detected.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for AWS CodePipeline's
-// API operation StartPipelineExecution for usage and error information.
+// API operation RegisterWebhookWithThirdParty for usage and error information.
 //
 // Returned Error Codes:
 //   * ErrCodeValidationException "ValidationException"
 //   The validation was specified in an invalid format.
 //
-//   * ErrCodePipelineNotFoundException "PipelineNotFoundException"
-//   The specified pipeline was specified in an invalid format or cannot be found.
+//   * ErrCodeWebhookNotFoundException "WebhookNotFoundException"
+//   The specified webhook was entered in an invalid format or cannot be found.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/StartPipelineExecution
-func (c *CodePipeline) StartPipelineExecution(input *StartPipelineExecutionInput) (*StartPipelineExecutionOutput, error) {
-	req, out := c.StartPipelineExecutionRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/RegisterWebhookWithThirdParty
+func (c *CodePipeline) RegisterWebhookWithThirdParty(input *RegisterWebhookWithThirdPartyInput) (*RegisterWebhookWithThirdPartyOutput, error) {
+	req, out := c.RegisterWebhookWithThirdPartyRequest(input)
 	return out, req.Send()
 }
 
-// StartPipelineExecutionWithContext is the same as StartPipelineExecution with the addition of
+// RegisterWebhookWithThirdPartyWithContext is the same as RegisterWebhookWithThirdParty with the addition of
 // the ability to pass a context and additional request options.
 //
-// See StartPipelineExecution for details on how to use this API operation.
+// See RegisterWebhookWithThirdParty for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *CodePipeline) StartPipelineExecutionWithContext(ctx aws.Context, input *StartPipelineExecutionInput, opts ...request.Option) (*StartPipelineExecutionOutput, error) {
-	req, out := c.StartPipelineExecutionRequest(input)
+func (c *CodePipeline) RegisterWebhookWithThirdPartyWithContext(ctx aws.Context, input *RegisterWebhookWithThirdPartyInput, opts ...request.Option) (*RegisterWebhookWithThirdPartyOutput, error) {
+	req, out := c.RegisterWebhookWithThirdPartyRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
-const opUpdatePipeline = "UpdatePipeline"
+const opRetryStageExecution = "RetryStageExecution"
 
-// UpdatePipelineRequest generates a "aws/request.Request" representing the
-// client's request for the UpdatePipeline operation. The "output" return
+// RetryStageExecutionRequest generates a "aws/request.Request" representing the
+// client's request for the RetryStageExecution operation. The "output" return
 // value will be populated with the request's response once the request completes
 // successfuly.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See UpdatePipeline for more information on using the UpdatePipeline
+// See RetryStageExecution for more information on using the RetryStageExecution
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the UpdatePipelineRequest method.
-//    req, resp := client.UpdatePipelineRequest(params)
+//    // Example sending a request using the RetryStageExecutionRequest method.
+//    req, resp := client.RetryStageExecutionRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/RetryStageExecution
+func (c *CodePipeline) RetryStageExecutionRequest(input *RetryStageExecutionInput) (req *request.Request, output *RetryStageExecutionOutput) {
+	op := &request.Operation{
+		Name:       opRetryStageExecution,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &RetryStageExecutionInput{}
+	}
+
+	output = &RetryStageExecutionOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// RetryStageExecution API operation for AWS CodePipeline.
+//
+// Resumes the pipeline execution by retrying the last failed actions in a stage.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS CodePipeline's
+// API operation RetryStageExecution for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeValidationException "ValidationException"
+//   The validation was specified in an invalid format.
+//
+//   * ErrCodePipelineNotFoundException "PipelineNotFoundException"
+//   The specified pipeline was specified in an invalid format or cannot be found.
+//
+//   * ErrCodeStageNotFoundException "StageNotFoundException"
+//   The specified stage was specified in an invalid format or cannot be found.
+//
+//   * ErrCodeStageNotRetryableException "StageNotRetryableException"
+//   The specified stage can't be retried because the pipeline structure or stage
+//   state changed after the stage was not completed; the stage contains no failed
+//   actions; one or more actions are still in progress; or another retry attempt
+//   is already in progress.
+//
+//   * ErrCodeNotLatestPipelineExecutionException "NotLatestPipelineExecutionException"
+//   The stage has failed in a later run of the pipeline and the pipelineExecutionId
+//   associated with the request is out of date.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/RetryStageExecution
+func (c *CodePipeline) RetryStageExecution(input *RetryStageExecutionInput) (*RetryStageExecutionOutput, error) {
+	req, out := c.RetryStageExecutionRequest(input)
+	return out, req.Send()
+}
+
+// RetryStageExecutionWithContext is the same as RetryStageExecution with the addition of
+// the ability to pass a context and additional request options.
+//
+// See RetryStageExecution for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CodePipeline) RetryStageExecutionWithContext(ctx aws.Context, input *RetryStageExecutionInput, opts ...request.Option) (*RetryStageExecutionOutput, error) {
+	req, out := c.RetryStageExecutionRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opStartPipelineExecution = "StartPipelineExecution"
+
+// StartPipelineExecutionRequest generates a "aws/request.Request" representing the
+// client's request for the StartPipelineExecution operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StartPipelineExecution for more information on using the StartPipelineExecution
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the StartPipelineExecutionRequest method.
+//    req, resp := client.StartPipelineExecutionRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/StartPipelineExecution
+func (c *CodePipeline) StartPipelineExecutionRequest(input *StartPipelineExecutionInput) (req *request.Request, output *StartPipelineExecutionOutput) {
+	op := &request.Operation{
+		Name:       opStartPipelineExecution,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &StartPipelineExecutionInput{}
+	}
+
+	output = &StartPipelineExecutionOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// StartPipelineExecution API operation for AWS CodePipeline.
+//
+// Starts the specified pipeline. Specifically, it begins processing the latest
+// commit to the source location specified as part of the pipeline.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS CodePipeline's
+// API operation StartPipelineExecution for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeValidationException "ValidationException"
+//   The validation was specified in an invalid format.
+//
+//   * ErrCodePipelineNotFoundException "PipelineNotFoundException"
+//   The specified pipeline was specified in an invalid format or cannot be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/codepipeline-2015-07-09/StartPipelineExecution
+func (c *CodePipeline) StartPipelineExecution(input *StartPipelineExecutionInput) (*StartPipelineExecutionOutput, error) {
+	req, out := c.StartPipelineExecutionRequest(input)
+	return out, req.Send()
+}
+
+// StartPipelineExecutionWithContext is the same as StartPipelineExecution with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StartPipelineExecution for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CodePipeline) StartPipelineExecutionWithContext(ctx aws.Context, input *StartPipelineExecutionInput, opts ...request.Option) (*StartPipelineExecutionOutput, error) {
+	req, out := c.StartPipelineExecutionRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opUpdatePipeline = "UpdatePipeline"
+
+// UpdatePipelineRequest generates a "aws/request.Request" representing the
+// client's request for the UpdatePipeline operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdatePipeline for more information on using the UpdatePipeline
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the UpdatePipelineRequest method.
+//    req, resp := client.UpdatePipelineRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
@@ -2453,7 +2896,7 @@ type AcknowledgeJobInput struct {
 	// response of the PollForJobs request that returned this job.
 	//
 	// Nonce is a required field
-	Nonce *string `locationName:"nonce" type:"string" required:"true"`
+	Nonce *string `locationName:"nonce" min:"1" type:"string" required:"true"`
 }
 
 // String returns the string representation
@@ -2475,6 +2918,9 @@ func (s *AcknowledgeJobInput) Validate() error {
 	if s.Nonce == nil {
 		invalidParams.Add(request.NewErrParamRequired("Nonce"))
 	}
+	if s.Nonce != nil && len(*s.Nonce) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Nonce", 1))
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -2538,7 +2984,7 @@ type AcknowledgeThirdPartyJobInput struct {
 	// response to a GetThirdPartyJobDetails request.
 	//
 	// Nonce is a required field
-	Nonce *string `locationName:"nonce" type:"string" required:"true"`
+	Nonce *string `locationName:"nonce" min:"1" type:"string" required:"true"`
 }
 
 // String returns the string representation
@@ -2569,6 +3015,9 @@ func (s *AcknowledgeThirdPartyJobInput) Validate() error {
 	if s.Nonce == nil {
 		invalidParams.Add(request.NewErrParamRequired("Nonce"))
 	}
+	if s.Nonce != nil && len(*s.Nonce) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Nonce", 1))
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -2955,7 +3404,7 @@ type ActionExecution struct {
 	Status *string `locationName:"status" type:"string" enum:"ActionExecutionStatus"`
 
 	// A summary of the run of the action.
-	Summary *string `locationName:"summary" type:"string"`
+	Summary *string `locationName:"summary" min:"1" type:"string"`
 
 	// The system-generated token used to identify a unique approval request. The
 	// token for each open approval request can be obtained using the GetPipelineState
@@ -3256,7 +3705,7 @@ type ActionTypeId struct {
 	// Provider is a required field
 	Provider *string `locationName:"provider" min:"1" type:"string" required:"true"`
 
-	// A string that identifies the action type.
+	// A string that describes the action version.
 	//
 	// Version is a required field
 	Version *string `locationName:"version" min:"1" type:"string" required:"true"`
@@ -4271,71 +4720,33 @@ func (s DeletePipelineOutput) GoString() string {
 	return s.String()
 }
 
-// Represents the input of a DisableStageTransition action.
-type DisableStageTransitionInput struct {
+type DeleteWebhookInput struct {
 	_ struct{} `type:"structure"`
 
-	// The name of the pipeline in which you want to disable the flow of artifacts
-	// from one stage to another.
-	//
-	// PipelineName is a required field
-	PipelineName *string `locationName:"pipelineName" min:"1" type:"string" required:"true"`
-
-	// The reason given to the user why a stage is disabled, such as waiting for
-	// manual approval or manual tests. This message is displayed in the pipeline
-	// console UI.
-	//
-	// Reason is a required field
-	Reason *string `locationName:"reason" min:"1" type:"string" required:"true"`
-
-	// The name of the stage where you want to disable the inbound or outbound transition
-	// of artifacts.
-	//
-	// StageName is a required field
-	StageName *string `locationName:"stageName" min:"1" type:"string" required:"true"`
-
-	// Specifies whether artifacts will be prevented from transitioning into the
-	// stage and being processed by the actions in that stage (inbound), or prevented
-	// from transitioning from the stage after they have been processed by the actions
-	// in that stage (outbound).
+	// The name of the webhook you want to delete.
 	//
-	// TransitionType is a required field
-	TransitionType *string `locationName:"transitionType" type:"string" required:"true" enum:"StageTransitionType"`
+	// Name is a required field
+	Name *string `locationName:"name" min:"1" type:"string" required:"true"`
 }
 
 // String returns the string representation
-func (s DisableStageTransitionInput) String() string {
+func (s DeleteWebhookInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DisableStageTransitionInput) GoString() string {
+func (s DeleteWebhookInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DisableStageTransitionInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DisableStageTransitionInput"}
-	if s.PipelineName == nil {
-		invalidParams.Add(request.NewErrParamRequired("PipelineName"))
-	}
-	if s.PipelineName != nil && len(*s.PipelineName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("PipelineName", 1))
-	}
-	if s.Reason == nil {
-		invalidParams.Add(request.NewErrParamRequired("Reason"))
-	}
-	if s.Reason != nil && len(*s.Reason) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Reason", 1))
-	}
-	if s.StageName == nil {
-		invalidParams.Add(request.NewErrParamRequired("StageName"))
-	}
-	if s.StageName != nil && len(*s.StageName) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("StageName", 1))
+func (s *DeleteWebhookInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteWebhookInput"}
+	if s.Name == nil {
+		invalidParams.Add(request.NewErrParamRequired("Name"))
 	}
-	if s.TransitionType == nil {
-		invalidParams.Add(request.NewErrParamRequired("TransitionType"))
+	if s.Name != nil && len(*s.Name) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
 	}
 
 	if invalidParams.Len() > 0 {
@@ -4344,28 +4755,171 @@ func (s *DisableStageTransitionInput) Validate() error {
 	return nil
 }
 
-// SetPipelineName sets the PipelineName field's value.
-func (s *DisableStageTransitionInput) SetPipelineName(v string) *DisableStageTransitionInput {
-	s.PipelineName = &v
+// SetName sets the Name field's value.
+func (s *DeleteWebhookInput) SetName(v string) *DeleteWebhookInput {
+	s.Name = &v
 	return s
 }
 
-// SetReason sets the Reason field's value.
-func (s *DisableStageTransitionInput) SetReason(v string) *DisableStageTransitionInput {
-	s.Reason = &v
-	return s
+type DeleteWebhookOutput struct {
+	_ struct{} `type:"structure"`
 }
 
-// SetStageName sets the StageName field's value.
-func (s *DisableStageTransitionInput) SetStageName(v string) *DisableStageTransitionInput {
-	s.StageName = &v
-	return s
+// String returns the string representation
+func (s DeleteWebhookOutput) String() string {
+	return awsutil.Prettify(s)
 }
 
-// SetTransitionType sets the TransitionType field's value.
-func (s *DisableStageTransitionInput) SetTransitionType(v string) *DisableStageTransitionInput {
-	s.TransitionType = &v
-	return s
+// GoString returns the string representation
+func (s DeleteWebhookOutput) GoString() string {
+	return s.String()
+}
+
+type DeregisterWebhookWithThirdPartyInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the webhook you want to deregister.
+	WebhookName *string `locationName:"webhookName" min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s DeregisterWebhookWithThirdPartyInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeregisterWebhookWithThirdPartyInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeregisterWebhookWithThirdPartyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeregisterWebhookWithThirdPartyInput"}
+	if s.WebhookName != nil && len(*s.WebhookName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("WebhookName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetWebhookName sets the WebhookName field's value.
+func (s *DeregisterWebhookWithThirdPartyInput) SetWebhookName(v string) *DeregisterWebhookWithThirdPartyInput {
+	s.WebhookName = &v
+	return s
+}
+
+type DeregisterWebhookWithThirdPartyOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeregisterWebhookWithThirdPartyOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeregisterWebhookWithThirdPartyOutput) GoString() string {
+	return s.String()
+}
+
+// Represents the input of a DisableStageTransition action.
+type DisableStageTransitionInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the pipeline in which you want to disable the flow of artifacts
+	// from one stage to another.
+	//
+	// PipelineName is a required field
+	PipelineName *string `locationName:"pipelineName" min:"1" type:"string" required:"true"`
+
+	// The reason given to the user why a stage is disabled, such as waiting for
+	// manual approval or manual tests. This message is displayed in the pipeline
+	// console UI.
+	//
+	// Reason is a required field
+	Reason *string `locationName:"reason" min:"1" type:"string" required:"true"`
+
+	// The name of the stage where you want to disable the inbound or outbound transition
+	// of artifacts.
+	//
+	// StageName is a required field
+	StageName *string `locationName:"stageName" min:"1" type:"string" required:"true"`
+
+	// Specifies whether artifacts will be prevented from transitioning into the
+	// stage and being processed by the actions in that stage (inbound), or prevented
+	// from transitioning from the stage after they have been processed by the actions
+	// in that stage (outbound).
+	//
+	// TransitionType is a required field
+	TransitionType *string `locationName:"transitionType" type:"string" required:"true" enum:"StageTransitionType"`
+}
+
+// String returns the string representation
+func (s DisableStageTransitionInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DisableStageTransitionInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DisableStageTransitionInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DisableStageTransitionInput"}
+	if s.PipelineName == nil {
+		invalidParams.Add(request.NewErrParamRequired("PipelineName"))
+	}
+	if s.PipelineName != nil && len(*s.PipelineName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("PipelineName", 1))
+	}
+	if s.Reason == nil {
+		invalidParams.Add(request.NewErrParamRequired("Reason"))
+	}
+	if s.Reason != nil && len(*s.Reason) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Reason", 1))
+	}
+	if s.StageName == nil {
+		invalidParams.Add(request.NewErrParamRequired("StageName"))
+	}
+	if s.StageName != nil && len(*s.StageName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("StageName", 1))
+	}
+	if s.TransitionType == nil {
+		invalidParams.Add(request.NewErrParamRequired("TransitionType"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetPipelineName sets the PipelineName field's value.
+func (s *DisableStageTransitionInput) SetPipelineName(v string) *DisableStageTransitionInput {
+	s.PipelineName = &v
+	return s
+}
+
+// SetReason sets the Reason field's value.
+func (s *DisableStageTransitionInput) SetReason(v string) *DisableStageTransitionInput {
+	s.Reason = &v
+	return s
+}
+
+// SetStageName sets the StageName field's value.
+func (s *DisableStageTransitionInput) SetStageName(v string) *DisableStageTransitionInput {
+	s.StageName = &v
+	return s
+}
+
+// SetTransitionType sets the TransitionType field's value.
+func (s *DisableStageTransitionInput) SetTransitionType(v string) *DisableStageTransitionInput {
+	s.TransitionType = &v
+	return s
 }
 
 type DisableStageTransitionOutput struct {
@@ -4540,7 +5094,7 @@ type ErrorDetails struct {
 	Code *string `locationName:"code" type:"string"`
 
 	// The text of the error message.
-	Message *string `locationName:"message" type:"string"`
+	Message *string `locationName:"message" min:"1" type:"string"`
 }
 
 // String returns the string representation
@@ -4579,7 +5133,7 @@ type ExecutionDetails struct {
 	PercentComplete *int64 `locationName:"percentComplete" type:"integer"`
 
 	// The summary of the current status of the actions.
-	Summary *string `locationName:"summary" type:"string"`
+	Summary *string `locationName:"summary" min:"1" type:"string"`
 }
 
 // String returns the string representation
@@ -4598,6 +5152,9 @@ func (s *ExecutionDetails) Validate() error {
 	if s.ExternalExecutionId != nil && len(*s.ExternalExecutionId) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("ExternalExecutionId", 1))
 	}
+	if s.Summary != nil && len(*s.Summary) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Summary", 1))
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -4633,7 +5190,7 @@ type FailureDetails struct {
 	// The message about the failure.
 	//
 	// Message is a required field
-	Message *string `locationName:"message" type:"string" required:"true"`
+	Message *string `locationName:"message" min:"1" type:"string" required:"true"`
 
 	// The type of the failure.
 	//
@@ -4660,6 +5217,9 @@ func (s *FailureDetails) Validate() error {
 	if s.Message == nil {
 		invalidParams.Add(request.NewErrParamRequired("Message"))
 	}
+	if s.Message != nil && len(*s.Message) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Message", 1))
+	}
 	if s.Type == nil {
 		invalidParams.Add(request.NewErrParamRequired("Type"))
 	}
@@ -5178,7 +5738,7 @@ type Job struct {
 	// A system-generated random number that AWS CodePipeline uses to ensure that
 	// the job is being worked on by only one job worker. Use this number in an
 	// AcknowledgeJob request.
-	Nonce *string `locationName:"nonce" type:"string"`
+	Nonce *string `locationName:"nonce" min:"1" type:"string"`
 }
 
 // String returns the string representation
@@ -5234,7 +5794,7 @@ type JobData struct {
 
 	// A system-generated token, such as a AWS CodeDeploy deployment ID, that a
 	// job requires in order to continue the job asynchronously.
-	ContinuationToken *string `locationName:"continuationToken" type:"string"`
+	ContinuationToken *string `locationName:"continuationToken" min:"1" type:"string"`
 
 	// Represents information about the key used to encrypt data in the artifact
 	// store, such as an AWS Key Management Service (AWS KMS) key.
@@ -5613,6 +6173,170 @@ func (s *ListPipelinesOutput) SetPipelines(v []*PipelineSummary) *ListPipelinesO
 	return s
 }
 
+// The detail returned for each webhook after listing webhooks, such as the
+// webhook URL, the webhook name, and the webhook ARN.
+type ListWebhookItem struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the webhook.
+	Arn *string `locationName:"arn" type:"string"`
+
+	// The detail returned for each webhook, such as the webhook authentication
+	// type and filter rules.
+	//
+	// Definition is a required field
+	Definition *WebhookDefinition `locationName:"definition" type:"structure" required:"true"`
+
+	// The number code of the error.
+	ErrorCode *string `locationName:"errorCode" type:"string"`
+
+	// The text of the error message about the webhook.
+	ErrorMessage *string `locationName:"errorMessage" type:"string"`
+
+	// The date and time a webhook was last successfully triggered, in timestamp
+	// format.
+	LastTriggered *time.Time `locationName:"lastTriggered" type:"timestamp" timestampFormat:"unix"`
+
+	// A unique URL generated by CodePipeline. When a POST request is made to this
+	// URL, the defined pipeline is started as long as the body of the post request
+	// satisfies the defined authentication and filtering conditions. Deleting and
+	// re-creating a webhook will make the old URL invalid and generate a new URL.
+	//
+	// Url is a required field
+	Url *string `locationName:"url" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s ListWebhookItem) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListWebhookItem) GoString() string {
+	return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *ListWebhookItem) SetArn(v string) *ListWebhookItem {
+	s.Arn = &v
+	return s
+}
+
+// SetDefinition sets the Definition field's value.
+func (s *ListWebhookItem) SetDefinition(v *WebhookDefinition) *ListWebhookItem {
+	s.Definition = v
+	return s
+}
+
+// SetErrorCode sets the ErrorCode field's value.
+func (s *ListWebhookItem) SetErrorCode(v string) *ListWebhookItem {
+	s.ErrorCode = &v
+	return s
+}
+
+// SetErrorMessage sets the ErrorMessage field's value.
+func (s *ListWebhookItem) SetErrorMessage(v string) *ListWebhookItem {
+	s.ErrorMessage = &v
+	return s
+}
+
+// SetLastTriggered sets the LastTriggered field's value.
+func (s *ListWebhookItem) SetLastTriggered(v time.Time) *ListWebhookItem {
+	s.LastTriggered = &v
+	return s
+}
+
+// SetUrl sets the Url field's value.
+func (s *ListWebhookItem) SetUrl(v string) *ListWebhookItem {
+	s.Url = &v
+	return s
+}
+
+type ListWebhooksInput struct {
+	_ struct{} `type:"structure"`
+
+	// The maximum number of results to return in a single call. To retrieve the
+	// remaining results, make another call with the returned nextToken value.
+	MaxResults *int64 `min:"1" type:"integer"`
+
+	// The token that was returned from the previous ListWebhooks call, which can
+	// be used to return the next set of webhooks in the list.
+	NextToken *string `min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s ListWebhooksInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListWebhooksInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListWebhooksInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListWebhooksInput"}
+	if s.MaxResults != nil && *s.MaxResults < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+	}
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListWebhooksInput) SetMaxResults(v int64) *ListWebhooksInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListWebhooksInput) SetNextToken(v string) *ListWebhooksInput {
+	s.NextToken = &v
+	return s
+}
+
+type ListWebhooksOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If the amount of returned information is significantly large, an identifier
+	// is also returned and can be used in a subsequent ListWebhooks call to return
+	// the next set of webhooks in the list.
+	NextToken *string `min:"1" type:"string"`
+
+	// The JSON detail returned for each webhook in the list output for the ListWebhooks
+	// call.
+	Webhooks []*ListWebhookItem `locationName:"webhooks" type:"list"`
+}
+
+// String returns the string representation
+func (s ListWebhooksOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListWebhooksOutput) GoString() string {
+	return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListWebhooksOutput) SetNextToken(v string) *ListWebhooksOutput {
+	s.NextToken = &v
+	return s
+}
+
+// SetWebhooks sets the Webhooks field's value.
+func (s *ListWebhooksOutput) SetWebhooks(v []*ListWebhookItem) *ListWebhooksOutput {
+	s.Webhooks = v
+	return s
+}
+
 // Represents information about the output of an action.
 type OutputArtifact struct {
 	_ struct{} `type:"structure"`
@@ -5902,6 +6626,8 @@ type PipelineExecutionSummary struct {
 	// The ID of the pipeline execution.
 	PipelineExecutionId *string `locationName:"pipelineExecutionId" type:"string"`
 
+	SourceRevisions []*SourceRevision `locationName:"sourceRevisions" type:"list"`
+
 	// The date and time when the pipeline execution began, in timestamp format.
 	StartTime *time.Time `locationName:"startTime" type:"timestamp" timestampFormat:"unix"`
 
@@ -5941,6 +6667,12 @@ func (s *PipelineExecutionSummary) SetPipelineExecutionId(v string) *PipelineExe
 	return s
 }
 
+// SetSourceRevisions sets the SourceRevisions field's value.
+func (s *PipelineExecutionSummary) SetSourceRevisions(v []*SourceRevision) *PipelineExecutionSummary {
+	s.SourceRevisions = v
+	return s
+}
+
 // SetStartTime sets the StartTime field's value.
 func (s *PipelineExecutionSummary) SetStartTime(v time.Time) *PipelineExecutionSummary {
 	s.StartTime = &v
@@ -6566,7 +7298,7 @@ type PutJobSuccessResultInput struct {
 	// action. It can be reused to return additional information about the progress
 	// of the custom action. When the action is complete, no continuation token
 	// should be supplied.
-	ContinuationToken *string `locationName:"continuationToken" type:"string"`
+	ContinuationToken *string `locationName:"continuationToken" min:"1" type:"string"`
 
 	// The ID of the current revision of the artifact successfully worked upon by
 	// the job.
@@ -6596,6 +7328,9 @@ func (s PutJobSuccessResultInput) GoString() string {
 // Validate inspects the fields of the type to determine if they are valid.
 func (s *PutJobSuccessResultInput) Validate() error {
 	invalidParams := request.ErrInvalidParams{Context: "PutJobSuccessResultInput"}
+	if s.ContinuationToken != nil && len(*s.ContinuationToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ContinuationToken", 1))
+	}
 	if s.JobId == nil {
 		invalidParams.Add(request.NewErrParamRequired("JobId"))
 	}
@@ -6763,7 +7498,7 @@ type PutThirdPartyJobSuccessResultInput struct {
 	// of the action. It can be reused to return additional information about the
 	// progress of the partner action. When the action is complete, no continuation
 	// token should be supplied.
-	ContinuationToken *string `locationName:"continuationToken" type:"string"`
+	ContinuationToken *string `locationName:"continuationToken" min:"1" type:"string"`
 
 	// Represents information about a current revision.
 	CurrentRevision *CurrentRevision `locationName:"currentRevision" type:"structure"`
@@ -6798,6 +7533,9 @@ func (s *PutThirdPartyJobSuccessResultInput) Validate() error {
 	if s.ClientToken != nil && len(*s.ClientToken) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
 	}
+	if s.ContinuationToken != nil && len(*s.ContinuationToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ContinuationToken", 1))
+	}
 	if s.JobId == nil {
 		invalidParams.Add(request.NewErrParamRequired("JobId"))
 	}
@@ -6865,6 +7603,128 @@ func (s PutThirdPartyJobSuccessResultOutput) GoString() string {
 	return s.String()
 }
 
+type PutWebhookInput struct {
+	_ struct{} `type:"structure"`
+
+	// The detail provided in an input file to create the webhook, such as the webhook
+	// name, the pipeline name, and the action name. Give the webhook a unique name
+	// which identifies the webhook being defined. You may choose to name the webhook
+	// after the pipeline and action it targets so that you can easily recognize
+	// what it's used for later.
+	//
+	// Webhook is a required field
+	Webhook *WebhookDefinition `locationName:"webhook" type:"structure" required:"true"`
+}
+
+// String returns the string representation
+func (s PutWebhookInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutWebhookInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutWebhookInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutWebhookInput"}
+	if s.Webhook == nil {
+		invalidParams.Add(request.NewErrParamRequired("Webhook"))
+	}
+	if s.Webhook != nil {
+		if err := s.Webhook.Validate(); err != nil {
+			invalidParams.AddNested("Webhook", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetWebhook sets the Webhook field's value.
+func (s *PutWebhookInput) SetWebhook(v *WebhookDefinition) *PutWebhookInput {
+	s.Webhook = v
+	return s
+}
+
+type PutWebhookOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The detail returned from creating the webhook, such as the webhook name,
+	// webhook URL, and webhook ARN.
+	Webhook *ListWebhookItem `locationName:"webhook" type:"structure"`
+}
+
+// String returns the string representation
+func (s PutWebhookOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutWebhookOutput) GoString() string {
+	return s.String()
+}
+
+// SetWebhook sets the Webhook field's value.
+func (s *PutWebhookOutput) SetWebhook(v *ListWebhookItem) *PutWebhookOutput {
+	s.Webhook = v
+	return s
+}
+
+type RegisterWebhookWithThirdPartyInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of an existing webhook created with PutWebhook to register with
+	// a supported third party.
+	WebhookName *string `locationName:"webhookName" min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s RegisterWebhookWithThirdPartyInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s RegisterWebhookWithThirdPartyInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RegisterWebhookWithThirdPartyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "RegisterWebhookWithThirdPartyInput"}
+	if s.WebhookName != nil && len(*s.WebhookName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("WebhookName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetWebhookName sets the WebhookName field's value.
+func (s *RegisterWebhookWithThirdPartyInput) SetWebhookName(v string) *RegisterWebhookWithThirdPartyInput {
+	s.WebhookName = &v
+	return s
+}
+
+type RegisterWebhookWithThirdPartyOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s RegisterWebhookWithThirdPartyOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s RegisterWebhookWithThirdPartyOutput) GoString() string {
+	return s.String()
+}
+
 // Represents the input of a RetryStageExecution action.
 type RetryStageExecutionInput struct {
 	_ struct{} `type:"structure"`
@@ -7016,6 +7876,53 @@ func (s *S3ArtifactLocation) SetObjectKey(v string) *S3ArtifactLocation {
 	return s
 }
 
+type SourceRevision struct {
+	_ struct{} `type:"structure"`
+
+	// ActionName is a required field
+	ActionName *string `locationName:"actionName" min:"1" type:"string" required:"true"`
+
+	RevisionId *string `locationName:"revisionId" min:"1" type:"string"`
+
+	RevisionSummary *string `locationName:"revisionSummary" min:"1" type:"string"`
+
+	RevisionUrl *string `locationName:"revisionUrl" min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s SourceRevision) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s SourceRevision) GoString() string {
+	return s.String()
+}
+
+// SetActionName sets the ActionName field's value.
+func (s *SourceRevision) SetActionName(v string) *SourceRevision {
+	s.ActionName = &v
+	return s
+}
+
+// SetRevisionId sets the RevisionId field's value.
+func (s *SourceRevision) SetRevisionId(v string) *SourceRevision {
+	s.RevisionId = &v
+	return s
+}
+
+// SetRevisionSummary sets the RevisionSummary field's value.
+func (s *SourceRevision) SetRevisionSummary(v string) *SourceRevision {
+	s.RevisionSummary = &v
+	return s
+}
+
+// SetRevisionUrl sets the RevisionUrl field's value.
+func (s *SourceRevision) SetRevisionUrl(v string) *SourceRevision {
+	s.RevisionUrl = &v
+	return s
+}
+
 // Represents information about a stage to a job worker.
 type StageContext struct {
 	_ struct{} `type:"structure"`
@@ -7334,7 +8241,7 @@ type ThirdPartyJobData struct {
 
 	// A system-generated token, such as a AWS CodeDeploy deployment ID, that a
 	// job requires in order to continue the job asynchronously.
-	ContinuationToken *string `locationName:"continuationToken" type:"string"`
+	ContinuationToken *string `locationName:"continuationToken" min:"1" type:"string"`
 
 	// The encryption key used to encrypt and decrypt data in the artifact store
 	// for the pipeline, such as an AWS Key Management Service (AWS KMS) key. This
@@ -7428,7 +8335,7 @@ type ThirdPartyJobDetails struct {
 	// A system-generated random number that AWS CodePipeline uses to ensure that
 	// the job is being worked on by only one job worker. Use this number in an
 	// AcknowledgeThirdPartyJob request.
-	Nonce *string `locationName:"nonce" type:"string"`
+	Nonce *string `locationName:"nonce" min:"1" type:"string"`
 }
 
 // String returns the string representation
@@ -7580,6 +8487,266 @@ func (s *UpdatePipelineOutput) SetPipeline(v *PipelineDeclaration) *UpdatePipeli
 	return s
 }
 
+type WebhookAuthConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	AllowedIPRange *string `min:"1" type:"string"`
+
+	SecretToken *string `min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s WebhookAuthConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s WebhookAuthConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *WebhookAuthConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "WebhookAuthConfiguration"}
+	if s.AllowedIPRange != nil && len(*s.AllowedIPRange) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("AllowedIPRange", 1))
+	}
+	if s.SecretToken != nil && len(*s.SecretToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("SecretToken", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAllowedIPRange sets the AllowedIPRange field's value.
+func (s *WebhookAuthConfiguration) SetAllowedIPRange(v string) *WebhookAuthConfiguration {
+	s.AllowedIPRange = &v
+	return s
+}
+
+// SetSecretToken sets the SecretToken field's value.
+func (s *WebhookAuthConfiguration) SetSecretToken(v string) *WebhookAuthConfiguration {
+	s.SecretToken = &v
+	return s
+}
+
+// Represents information about a webhook and its definition.
+type WebhookDefinition struct {
+	_ struct{} `type:"structure"`
+
+	// Supported options are GITHUB_HMAC, IP and UNAUTHENTICATED.
+	//
+	//    *  GITHUB_HMAC implements the authentication scheme described here: https://developer.github.com/webhooks/securing/
+	//
+	//    *  IP will reject webhooks trigger requests unless they originate from
+	//    an IP within the IP range whitelisted in the authentication configuration.
+	//
+	//    *  UNAUTHENTICATED will accept all webhook trigger requests regardless
+	//    of origin.
+	//
+	// Authentication is a required field
+	Authentication *string `locationName:"authentication" type:"string" required:"true" enum:"WebhookAuthenticationType"`
+
+	// Properties that configure the authentication applied to incoming webhook
+	// trigger requests. The required properties depend on the authentication type.
+	// For GITHUB_HMAC, only the SecretToken property must be set. For IP, only
+	// the AllowedIPRange property must be set to a valid CIDR range. For UNAUTHENTICATED,
+	// no properties can be set.
+	//
+	// AuthenticationConfiguration is a required field
+	AuthenticationConfiguration *WebhookAuthConfiguration `locationName:"authenticationConfiguration" type:"structure" required:"true"`
+
+	// A list of rules applied to the body/payload sent in the POST request to a
+	// webhook URL. All defined rules must pass for the request to be accepted and
+	// the pipeline started.
+	//
+	// Filters is a required field
+	Filters []*WebhookFilterRule `locationName:"filters" type:"list" required:"true"`
+
+	// The name of the webhook.
+	//
+	// Name is a required field
+	Name *string `locationName:"name" min:"1" type:"string" required:"true"`
+
+	// The name of the action in a pipeline you want to connect to the webhook.
+	// The action must be from the source (first) stage of the pipeline.
+	//
+	// TargetAction is a required field
+	TargetAction *string `locationName:"targetAction" min:"1" type:"string" required:"true"`
+
+	// The name of the pipeline you want to connect to the webhook.
+	//
+	// TargetPipeline is a required field
+	TargetPipeline *string `locationName:"targetPipeline" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s WebhookDefinition) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s WebhookDefinition) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *WebhookDefinition) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "WebhookDefinition"}
+	if s.Authentication == nil {
+		invalidParams.Add(request.NewErrParamRequired("Authentication"))
+	}
+	if s.AuthenticationConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("AuthenticationConfiguration"))
+	}
+	if s.Filters == nil {
+		invalidParams.Add(request.NewErrParamRequired("Filters"))
+	}
+	if s.Name == nil {
+		invalidParams.Add(request.NewErrParamRequired("Name"))
+	}
+	if s.Name != nil && len(*s.Name) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
+	}
+	if s.TargetAction == nil {
+		invalidParams.Add(request.NewErrParamRequired("TargetAction"))
+	}
+	if s.TargetAction != nil && len(*s.TargetAction) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TargetAction", 1))
+	}
+	if s.TargetPipeline == nil {
+		invalidParams.Add(request.NewErrParamRequired("TargetPipeline"))
+	}
+	if s.TargetPipeline != nil && len(*s.TargetPipeline) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TargetPipeline", 1))
+	}
+	if s.AuthenticationConfiguration != nil {
+		if err := s.AuthenticationConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("AuthenticationConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Filters != nil {
+		for i, v := range s.Filters {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAuthentication sets the Authentication field's value.
+func (s *WebhookDefinition) SetAuthentication(v string) *WebhookDefinition {
+	s.Authentication = &v
+	return s
+}
+
+// SetAuthenticationConfiguration sets the AuthenticationConfiguration field's value.
+func (s *WebhookDefinition) SetAuthenticationConfiguration(v *WebhookAuthConfiguration) *WebhookDefinition {
+	s.AuthenticationConfiguration = v
+	return s
+}
+
+// SetFilters sets the Filters field's value.
+func (s *WebhookDefinition) SetFilters(v []*WebhookFilterRule) *WebhookDefinition {
+	s.Filters = v
+	return s
+}
+
+// SetName sets the Name field's value.
+func (s *WebhookDefinition) SetName(v string) *WebhookDefinition {
+	s.Name = &v
+	return s
+}
+
+// SetTargetAction sets the TargetAction field's value.
+func (s *WebhookDefinition) SetTargetAction(v string) *WebhookDefinition {
+	s.TargetAction = &v
+	return s
+}
+
+// SetTargetPipeline sets the TargetPipeline field's value.
+func (s *WebhookDefinition) SetTargetPipeline(v string) *WebhookDefinition {
+	s.TargetPipeline = &v
+	return s
+}
+
+// The event criteria that specify when a webhook notification is sent to your
+// URL.
+type WebhookFilterRule struct {
+	_ struct{} `type:"structure"`
+
+	// A JsonPath expression that will be applied to the body/payload of the webhook.
+	// The value selected by JsonPath expression must match the value specified
+	// in the matchEquals field, otherwise the request will be ignored. More information
+	// on JsonPath expressions can be found here: https://github.com/json-path/JsonPath.
+	//
+	// JsonPath is a required field
+	JsonPath *string `locationName:"jsonPath" min:"1" type:"string" required:"true"`
+
+	// The value selected by the JsonPath expression must match what is supplied
+	// in the MatchEquals field, otherwise the request will be ignored. Properties
+	// from the target action configuration can be included as placeholders in this
+	// value by surrounding the action configuration key with curly braces. For
+	// example, if the value supplied here is "refs/heads/{Branch}" and the target
+	// action has an action configuration property called "Branch" with a value
+	// of "master", the MatchEquals value will be evaluated as "refs/heads/master".
+	// A list of action configuration properties for built-in action types can be
+	// found here: Pipeline Structure Reference Action Requirements (http://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements).
+	MatchEquals *string `locationName:"matchEquals" min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s WebhookFilterRule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s WebhookFilterRule) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *WebhookFilterRule) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "WebhookFilterRule"}
+	if s.JsonPath == nil {
+		invalidParams.Add(request.NewErrParamRequired("JsonPath"))
+	}
+	if s.JsonPath != nil && len(*s.JsonPath) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("JsonPath", 1))
+	}
+	if s.MatchEquals != nil && len(*s.MatchEquals) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("MatchEquals", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetJsonPath sets the JsonPath field's value.
+func (s *WebhookFilterRule) SetJsonPath(v string) *WebhookFilterRule {
+	s.JsonPath = &v
+	return s
+}
+
+// SetMatchEquals sets the MatchEquals field's value.
+func (s *WebhookFilterRule) SetMatchEquals(v string) *WebhookFilterRule {
+	s.MatchEquals = &v
+	return s
+}
+
 const (
 	// ActionCategorySource is a ActionCategory enum value
 	ActionCategorySource = "Source"
@@ -7741,3 +8908,14 @@ const (
 	// StageTransitionTypeOutbound is a StageTransitionType enum value
 	StageTransitionTypeOutbound = "Outbound"
 )
+
+const (
+	// WebhookAuthenticationTypeGithubHmac is a WebhookAuthenticationType enum value
+	WebhookAuthenticationTypeGithubHmac = "GITHUB_HMAC"
+
+	// WebhookAuthenticationTypeIp is a WebhookAuthenticationType enum value
+	WebhookAuthenticationTypeIp = "IP"
+
+	// WebhookAuthenticationTypeUnauthenticated is a WebhookAuthenticationType enum value
+	WebhookAuthenticationTypeUnauthenticated = "UNAUTHENTICATED"
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/codepipeline/doc.go b/vendor/github.com/aws/aws-sdk-go/service/codepipeline/doc.go
index bebd4b1bbe1..ecb1cd86257 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/codepipeline/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/codepipeline/doc.go
@@ -11,10 +11,10 @@
 // see the AWS CodePipeline User Guide (http://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html).
 //
 // You can use the AWS CodePipeline API to work with pipelines, stages, actions,
-// gates, and transitions, as described below.
+// and transitions, as described below.
 //
 // Pipelines are models of automated release processes. Each pipeline is uniquely
-// named, and consists of actions, gates, and stages.
+// named, and consists of stages, actions, and transitions.
 //
 // You can work with pipelines by calling:
 //
@@ -43,24 +43,37 @@
 //    * UpdatePipeline, which updates a pipeline with edits or changes to the
 //    structure of the pipeline.
 //
-// Pipelines include stages, which are logical groupings of gates and actions.
-// Each stage contains one or more actions that must complete before the next
-// stage begins. A stage will result in success or failure. If a stage fails,
-// then the pipeline stops at that stage and will remain stopped until either
-// a new version of an artifact appears in the source location, or a user takes
-// action to re-run the most recent artifact through the pipeline. You can call
-// GetPipelineState, which displays the status of a pipeline, including the
-// status of stages in the pipeline, or GetPipeline, which returns the entire
-// structure of the pipeline, including the stages of that pipeline. For more
-// information about the structure of stages and actions, also refer to the
-// AWS CodePipeline Pipeline Structure Reference (http://docs.aws.amazon.com/codepipeline/latest/userguide/pipeline-structure.html).
+// Pipelines include stages. Each stage contains one or more actions that must
+// complete before the next stage begins. A stage will result in success or
+// failure. If a stage fails, then the pipeline stops at that stage and will
+// remain stopped until either a new version of an artifact appears in the source
+// location, or a user takes action to re-run the most recent artifact through
+// the pipeline. You can call GetPipelineState, which displays the status of
+// a pipeline, including the status of stages in the pipeline, or GetPipeline,
+// which returns the entire structure of the pipeline, including the stages
+// of that pipeline. For more information about the structure of stages and
+// actions, also refer to the AWS CodePipeline Pipeline Structure Reference
+// (http://docs.aws.amazon.com/codepipeline/latest/userguide/pipeline-structure.html).
 //
 // Pipeline stages include actions, which are categorized into categories such
 // as source or build actions performed within a stage of a pipeline. For example,
 // you can use a source action to import artifacts into a pipeline from a source
 // such as Amazon S3. Like stages, you do not work with actions directly in
 // most cases, but you do define and interact with actions when working with
-// pipeline operations such as CreatePipeline and GetPipelineState.
+// pipeline operations such as CreatePipeline and GetPipelineState. Valid action
+// categories are:
+//
+//    * Source
+//
+//    * Build
+//
+//    * Test
+//
+//    * Deploy
+//
+//    * Approval
+//
+//    * Invoke
 //
 // Pipelines also include transitions, which allow the transition of artifacts
 // from one stage to the next in a pipeline after the actions in one stage complete.
diff --git a/vendor/github.com/aws/aws-sdk-go/service/codepipeline/errors.go b/vendor/github.com/aws/aws-sdk-go/service/codepipeline/errors.go
index ca160b26a87..dfdffa34c79 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/codepipeline/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/codepipeline/errors.go
@@ -83,6 +83,18 @@ const (
 	// The specified structure was specified in an invalid format.
 	ErrCodeInvalidStructureException = "InvalidStructureException"
 
+	// ErrCodeInvalidWebhookAuthenticationParametersException for service response error code
+	// "InvalidWebhookAuthenticationParametersException".
+	//
+	// The specified authentication type is in an invalid format.
+	ErrCodeInvalidWebhookAuthenticationParametersException = "InvalidWebhookAuthenticationParametersException"
+
+	// ErrCodeInvalidWebhookFilterPatternException for service response error code
+	// "InvalidWebhookFilterPatternException".
+	//
+	// The specified event filter rule is in an invalid format.
+	ErrCodeInvalidWebhookFilterPatternException = "InvalidWebhookFilterPatternException"
+
 	// ErrCodeJobNotFoundException for service response error code
 	// "JobNotFoundException".
 	//
@@ -149,4 +161,10 @@ const (
 	//
 	// The validation was specified in an invalid format.
 	ErrCodeValidationException = "ValidationException"
+
+	// ErrCodeWebhookNotFoundException for service response error code
+	// "WebhookNotFoundException".
+	//
+	// The specified webhook was entered in an invalid format or cannot be found.
+	ErrCodeWebhookNotFoundException = "WebhookNotFoundException"
 )
diff --git a/vendor/github.com/aws/aws-sdk-go/service/devicefarm/api.go b/vendor/github.com/aws/aws-sdk-go/service/devicefarm/api.go
index aeffc22fa3e..f84b3bd9f3d 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/devicefarm/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/devicefarm/api.go
@@ -539,6 +539,92 @@ func (c *DeviceFarm) CreateUploadWithContext(ctx aws.Context, input *CreateUploa
 	return out, req.Send()
 }
 
+const opCreateVPCEConfiguration = "CreateVPCEConfiguration"
+
+// CreateVPCEConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the CreateVPCEConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateVPCEConfiguration for more information on using the CreateVPCEConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the CreateVPCEConfigurationRequest method.
+//    req, resp := client.CreateVPCEConfigurationRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/CreateVPCEConfiguration
+func (c *DeviceFarm) CreateVPCEConfigurationRequest(input *CreateVPCEConfigurationInput) (req *request.Request, output *CreateVPCEConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opCreateVPCEConfiguration,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &CreateVPCEConfigurationInput{}
+	}
+
+	output = &CreateVPCEConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// CreateVPCEConfiguration API operation for AWS Device Farm.
+//
+// Creates a configuration record in Device Farm for your Amazon Virtual Private
+// Cloud (VPC) endpoint.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Device Farm's
+// API operation CreateVPCEConfiguration for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeArgumentException "ArgumentException"
+//   An invalid argument was specified.
+//
+//   * ErrCodeLimitExceededException "LimitExceededException"
+//   A limit was exceeded.
+//
+//   * ErrCodeServiceAccountException "ServiceAccountException"
+//   There was a problem with the service account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/CreateVPCEConfiguration
+func (c *DeviceFarm) CreateVPCEConfiguration(input *CreateVPCEConfigurationInput) (*CreateVPCEConfigurationOutput, error) {
+	req, out := c.CreateVPCEConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// CreateVPCEConfigurationWithContext is the same as CreateVPCEConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateVPCEConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *DeviceFarm) CreateVPCEConfigurationWithContext(ctx aws.Context, input *CreateVPCEConfigurationInput, opts ...request.Option) (*CreateVPCEConfigurationOutput, error) {
+	req, out := c.CreateVPCEConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDeleteDevicePool = "DeleteDevicePool"
 
 // DeleteDevicePoolRequest generates a "aws/request.Request" representing the
@@ -1160,6 +1246,95 @@ func (c *DeviceFarm) DeleteUploadWithContext(ctx aws.Context, input *DeleteUploa
 	return out, req.Send()
 }
 
+const opDeleteVPCEConfiguration = "DeleteVPCEConfiguration"
+
+// DeleteVPCEConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteVPCEConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteVPCEConfiguration for more information on using the DeleteVPCEConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DeleteVPCEConfigurationRequest method.
+//    req, resp := client.DeleteVPCEConfigurationRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/DeleteVPCEConfiguration
+func (c *DeviceFarm) DeleteVPCEConfigurationRequest(input *DeleteVPCEConfigurationInput) (req *request.Request, output *DeleteVPCEConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opDeleteVPCEConfiguration,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DeleteVPCEConfigurationInput{}
+	}
+
+	output = &DeleteVPCEConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DeleteVPCEConfiguration API operation for AWS Device Farm.
+//
+// Deletes a configuration for your Amazon Virtual Private Cloud (VPC) endpoint.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Device Farm's
+// API operation DeleteVPCEConfiguration for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeArgumentException "ArgumentException"
+//   An invalid argument was specified.
+//
+//   * ErrCodeNotFoundException "NotFoundException"
+//   The specified entity was not found.
+//
+//   * ErrCodeServiceAccountException "ServiceAccountException"
+//   There was a problem with the service account.
+//
+//   * ErrCodeInvalidOperationException "InvalidOperationException"
+//   There was an error with the update request, or you do not have sufficient
+//   permissions to update this VPC endpoint configuration.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/DeleteVPCEConfiguration
+func (c *DeviceFarm) DeleteVPCEConfiguration(input *DeleteVPCEConfigurationInput) (*DeleteVPCEConfigurationOutput, error) {
+	req, out := c.DeleteVPCEConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// DeleteVPCEConfigurationWithContext is the same as DeleteVPCEConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteVPCEConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *DeviceFarm) DeleteVPCEConfigurationWithContext(ctx aws.Context, input *DeleteVPCEConfigurationInput, opts ...request.Option) (*DeleteVPCEConfigurationOutput, error) {
+	req, out := c.DeleteVPCEConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opGetAccountSettings = "GetAccountSettings"
 
 // GetAccountSettingsRequest generates a "aws/request.Request" representing the
@@ -2547,6 +2722,92 @@ func (c *DeviceFarm) GetUploadWithContext(ctx aws.Context, input *GetUploadInput
 	return out, req.Send()
 }
 
+const opGetVPCEConfiguration = "GetVPCEConfiguration"
+
+// GetVPCEConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetVPCEConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetVPCEConfiguration for more information on using the GetVPCEConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetVPCEConfigurationRequest method.
+//    req, resp := client.GetVPCEConfigurationRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/GetVPCEConfiguration
+func (c *DeviceFarm) GetVPCEConfigurationRequest(input *GetVPCEConfigurationInput) (req *request.Request, output *GetVPCEConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opGetVPCEConfiguration,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &GetVPCEConfigurationInput{}
+	}
+
+	output = &GetVPCEConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetVPCEConfiguration API operation for AWS Device Farm.
+//
+// Returns information about the configuration settings for your Amazon Virtual
+// Private Cloud (VPC) endpoint.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Device Farm's
+// API operation GetVPCEConfiguration for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeArgumentException "ArgumentException"
+//   An invalid argument was specified.
+//
+//   * ErrCodeNotFoundException "NotFoundException"
+//   The specified entity was not found.
+//
+//   * ErrCodeServiceAccountException "ServiceAccountException"
+//   There was a problem with the service account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/GetVPCEConfiguration
+func (c *DeviceFarm) GetVPCEConfiguration(input *GetVPCEConfigurationInput) (*GetVPCEConfigurationOutput, error) {
+	req, out := c.GetVPCEConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// GetVPCEConfigurationWithContext is the same as GetVPCEConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetVPCEConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *DeviceFarm) GetVPCEConfigurationWithContext(ctx aws.Context, input *GetVPCEConfigurationInput, opts ...request.Option) (*GetVPCEConfigurationOutput, error) {
+	req, out := c.GetVPCEConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opInstallToRemoteAccessSession = "InstallToRemoteAccessSession"
 
 // InstallToRemoteAccessSessionRequest generates a "aws/request.Request" representing the
@@ -4976,6 +5237,89 @@ func (c *DeviceFarm) ListUploadsPagesWithContext(ctx aws.Context, input *ListUpl
 	return p.Err()
 }
 
+const opListVPCEConfigurations = "ListVPCEConfigurations"
+
+// ListVPCEConfigurationsRequest generates a "aws/request.Request" representing the
+// client's request for the ListVPCEConfigurations operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListVPCEConfigurations for more information on using the ListVPCEConfigurations
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the ListVPCEConfigurationsRequest method.
+//    req, resp := client.ListVPCEConfigurationsRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/ListVPCEConfigurations
+func (c *DeviceFarm) ListVPCEConfigurationsRequest(input *ListVPCEConfigurationsInput) (req *request.Request, output *ListVPCEConfigurationsOutput) {
+	op := &request.Operation{
+		Name:       opListVPCEConfigurations,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &ListVPCEConfigurationsInput{}
+	}
+
+	output = &ListVPCEConfigurationsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListVPCEConfigurations API operation for AWS Device Farm.
+//
+// Returns information about all Amazon Virtual Private Cloud (VPC) endpoint
+// configurations in the AWS account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Device Farm's
+// API operation ListVPCEConfigurations for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeArgumentException "ArgumentException"
+//   An invalid argument was specified.
+//
+//   * ErrCodeServiceAccountException "ServiceAccountException"
+//   There was a problem with the service account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/ListVPCEConfigurations
+func (c *DeviceFarm) ListVPCEConfigurations(input *ListVPCEConfigurationsInput) (*ListVPCEConfigurationsOutput, error) {
+	req, out := c.ListVPCEConfigurationsRequest(input)
+	return out, req.Send()
+}
+
+// ListVPCEConfigurationsWithContext is the same as ListVPCEConfigurations with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListVPCEConfigurations for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *DeviceFarm) ListVPCEConfigurationsWithContext(ctx aws.Context, input *ListVPCEConfigurationsInput, opts ...request.Option) (*ListVPCEConfigurationsOutput, error) {
+	req, out := c.ListVPCEConfigurationsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opPurchaseOffering = "PurchaseOffering"
 
 // PurchaseOfferingRequest generates a "aws/request.Request" representing the
@@ -5883,6 +6227,96 @@ func (c *DeviceFarm) UpdateProjectWithContext(ctx aws.Context, input *UpdateProj
 	return out, req.Send()
 }
 
+const opUpdateVPCEConfiguration = "UpdateVPCEConfiguration"
+
+// UpdateVPCEConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateVPCEConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateVPCEConfiguration for more information on using the UpdateVPCEConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the UpdateVPCEConfigurationRequest method.
+//    req, resp := client.UpdateVPCEConfigurationRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/UpdateVPCEConfiguration
+func (c *DeviceFarm) UpdateVPCEConfigurationRequest(input *UpdateVPCEConfigurationInput) (req *request.Request, output *UpdateVPCEConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opUpdateVPCEConfiguration,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &UpdateVPCEConfigurationInput{}
+	}
+
+	output = &UpdateVPCEConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// UpdateVPCEConfiguration API operation for AWS Device Farm.
+//
+// Updates information about an existing Amazon Virtual Private Cloud (VPC)
+// endpoint configuration.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Device Farm's
+// API operation UpdateVPCEConfiguration for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeArgumentException "ArgumentException"
+//   An invalid argument was specified.
+//
+//   * ErrCodeNotFoundException "NotFoundException"
+//   The specified entity was not found.
+//
+//   * ErrCodeServiceAccountException "ServiceAccountException"
+//   There was a problem with the service account.
+//
+//   * ErrCodeInvalidOperationException "InvalidOperationException"
+//   There was an error with the update request, or you do not have sufficient
+//   permissions to update this VPC endpoint configuration.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/devicefarm-2015-06-23/UpdateVPCEConfiguration
+func (c *DeviceFarm) UpdateVPCEConfiguration(input *UpdateVPCEConfigurationInput) (*UpdateVPCEConfigurationOutput, error) {
+	req, out := c.UpdateVPCEConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// UpdateVPCEConfigurationWithContext is the same as UpdateVPCEConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateVPCEConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *DeviceFarm) UpdateVPCEConfigurationWithContext(ctx aws.Context, input *UpdateVPCEConfigurationInput, opts ...request.Option) (*UpdateVPCEConfigurationOutput, error) {
+	req, out := c.UpdateVPCEConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 // A container for account-level settings within AWS Device Farm.
 type AccountSettings struct {
 	_ struct{} `type:"structure"`
@@ -7042,6 +7476,107 @@ func (s *CreateUploadOutput) SetUpload(v *Upload) *CreateUploadOutput {
 	return s
 }
 
+type CreateVPCEConfigurationInput struct {
+	_ struct{} `type:"structure"`
+
+	// The DNS name of the service running in your VPC that you want Device Farm
+	// to test.
+	//
+	// ServiceDnsName is a required field
+	ServiceDnsName *string `locationName:"serviceDnsName" type:"string" required:"true"`
+
+	// An optional description, providing more details about your VPC endpoint configuration.
+	VpceConfigurationDescription *string `locationName:"vpceConfigurationDescription" type:"string"`
+
+	// The friendly name you give to your VPC endpoint configuration, to manage
+	// your configurations more easily.
+	//
+	// VpceConfigurationName is a required field
+	VpceConfigurationName *string `locationName:"vpceConfigurationName" type:"string" required:"true"`
+
+	// The name of the VPC endpoint service running inside your AWS account that
+	// you want Device Farm to test.
+	//
+	// VpceServiceName is a required field
+	VpceServiceName *string `locationName:"vpceServiceName" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s CreateVPCEConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateVPCEConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateVPCEConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CreateVPCEConfigurationInput"}
+	if s.ServiceDnsName == nil {
+		invalidParams.Add(request.NewErrParamRequired("ServiceDnsName"))
+	}
+	if s.VpceConfigurationName == nil {
+		invalidParams.Add(request.NewErrParamRequired("VpceConfigurationName"))
+	}
+	if s.VpceServiceName == nil {
+		invalidParams.Add(request.NewErrParamRequired("VpceServiceName"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetServiceDnsName sets the ServiceDnsName field's value.
+func (s *CreateVPCEConfigurationInput) SetServiceDnsName(v string) *CreateVPCEConfigurationInput {
+	s.ServiceDnsName = &v
+	return s
+}
+
+// SetVpceConfigurationDescription sets the VpceConfigurationDescription field's value.
+func (s *CreateVPCEConfigurationInput) SetVpceConfigurationDescription(v string) *CreateVPCEConfigurationInput {
+	s.VpceConfigurationDescription = &v
+	return s
+}
+
+// SetVpceConfigurationName sets the VpceConfigurationName field's value.
+func (s *CreateVPCEConfigurationInput) SetVpceConfigurationName(v string) *CreateVPCEConfigurationInput {
+	s.VpceConfigurationName = &v
+	return s
+}
+
+// SetVpceServiceName sets the VpceServiceName field's value.
+func (s *CreateVPCEConfigurationInput) SetVpceServiceName(v string) *CreateVPCEConfigurationInput {
+	s.VpceServiceName = &v
+	return s
+}
+
+type CreateVPCEConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+
+	// An object containing information about your VPC endpoint configuration.
+	VpceConfiguration *VPCEConfiguration `locationName:"vpceConfiguration" type:"structure"`
+}
+
+// String returns the string representation
+func (s CreateVPCEConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateVPCEConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetVpceConfiguration sets the VpceConfiguration field's value.
+func (s *CreateVPCEConfigurationOutput) SetVpceConfiguration(v *VPCEConfiguration) *CreateVPCEConfigurationOutput {
+	s.VpceConfiguration = v
+	return s
+}
+
 // A JSON object specifying the paths where the artifacts generated by the customer's
 // tests, on the device or in the test environment, will be pulled from.
 //
@@ -7399,8 +7934,66 @@ func (s DeleteRunInput) GoString() string {
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteRunInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteRunInput"}
+func (s *DeleteRunInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteRunInput"}
+	if s.Arn == nil {
+		invalidParams.Add(request.NewErrParamRequired("Arn"))
+	}
+	if s.Arn != nil && len(*s.Arn) < 32 {
+		invalidParams.Add(request.NewErrParamMinLen("Arn", 32))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetArn sets the Arn field's value.
+func (s *DeleteRunInput) SetArn(v string) *DeleteRunInput {
+	s.Arn = &v
+	return s
+}
+
+// Represents the result of a delete run request.
+type DeleteRunOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteRunOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteRunOutput) GoString() string {
+	return s.String()
+}
+
+// Represents a request to the delete upload operation.
+type DeleteUploadInput struct {
+	_ struct{} `type:"structure"`
+
+	// Represents the Amazon Resource Name (ARN) of the Device Farm upload you wish
+	// to delete.
+	//
+	// Arn is a required field
+	Arn *string `locationName:"arn" min:"32" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteUploadInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteUploadInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteUploadInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteUploadInput"}
 	if s.Arn == nil {
 		invalidParams.Add(request.NewErrParamRequired("Arn"))
 	}
@@ -7415,31 +8008,30 @@ func (s *DeleteRunInput) Validate() error {
 }
 
 // SetArn sets the Arn field's value.
-func (s *DeleteRunInput) SetArn(v string) *DeleteRunInput {
+func (s *DeleteUploadInput) SetArn(v string) *DeleteUploadInput {
 	s.Arn = &v
 	return s
 }
 
-// Represents the result of a delete run request.
-type DeleteRunOutput struct {
+// Represents the result of a delete upload request.
+type DeleteUploadOutput struct {
 	_ struct{} `type:"structure"`
 }
 
 // String returns the string representation
-func (s DeleteRunOutput) String() string {
+func (s DeleteUploadOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteRunOutput) GoString() string {
+func (s DeleteUploadOutput) GoString() string {
 	return s.String()
 }
 
-// Represents a request to the delete upload operation.
-type DeleteUploadInput struct {
+type DeleteVPCEConfigurationInput struct {
 	_ struct{} `type:"structure"`
 
-	// Represents the Amazon Resource Name (ARN) of the Device Farm upload you wish
+	// The Amazon Resource Name (ARN) of the VPC endpoint configuration you want
 	// to delete.
 	//
 	// Arn is a required field
@@ -7447,18 +8039,18 @@ type DeleteUploadInput struct {
 }
 
 // String returns the string representation
-func (s DeleteUploadInput) String() string {
+func (s DeleteVPCEConfigurationInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteUploadInput) GoString() string {
+func (s DeleteVPCEConfigurationInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteUploadInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteUploadInput"}
+func (s *DeleteVPCEConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteVPCEConfigurationInput"}
 	if s.Arn == nil {
 		invalidParams.Add(request.NewErrParamRequired("Arn"))
 	}
@@ -7473,23 +8065,22 @@ func (s *DeleteUploadInput) Validate() error {
 }
 
 // SetArn sets the Arn field's value.
-func (s *DeleteUploadInput) SetArn(v string) *DeleteUploadInput {
+func (s *DeleteVPCEConfigurationInput) SetArn(v string) *DeleteVPCEConfigurationInput {
 	s.Arn = &v
 	return s
 }
 
-// Represents the result of a delete upload request.
-type DeleteUploadOutput struct {
+type DeleteVPCEConfigurationOutput struct {
 	_ struct{} `type:"structure"`
 }
 
 // String returns the string representation
-func (s DeleteUploadOutput) String() string {
+func (s DeleteVPCEConfigurationOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteUploadOutput) GoString() string {
+func (s DeleteVPCEConfigurationOutput) GoString() string {
 	return s.String()
 }
 
@@ -8163,6 +8754,9 @@ type GetDevicePoolCompatibilityInput struct {
 	// The ARN of the app that is associated with the specified device pool.
 	AppArn *string `locationName:"appArn" min:"32" type:"string"`
 
+	// An object containing information about the settings for a run.
+	Configuration *ScheduleRunConfiguration `locationName:"configuration" type:"structure"`
+
 	// The device pool's ARN.
 	//
 	// DevicePoolArn is a required field
@@ -8229,6 +8823,11 @@ func (s *GetDevicePoolCompatibilityInput) Validate() error {
 	if s.DevicePoolArn != nil && len(*s.DevicePoolArn) < 32 {
 		invalidParams.Add(request.NewErrParamMinLen("DevicePoolArn", 32))
 	}
+	if s.Configuration != nil {
+		if err := s.Configuration.Validate(); err != nil {
+			invalidParams.AddNested("Configuration", err.(request.ErrInvalidParams))
+		}
+	}
 	if s.Test != nil {
 		if err := s.Test.Validate(); err != nil {
 			invalidParams.AddNested("Test", err.(request.ErrInvalidParams))
@@ -8247,6 +8846,12 @@ func (s *GetDevicePoolCompatibilityInput) SetAppArn(v string) *GetDevicePoolComp
 	return s
 }
 
+// SetConfiguration sets the Configuration field's value.
+func (s *GetDevicePoolCompatibilityInput) SetConfiguration(v *ScheduleRunConfiguration) *GetDevicePoolCompatibilityInput {
+	s.Configuration = v
+	return s
+}
+
 // SetDevicePoolArn sets the DevicePoolArn field's value.
 func (s *GetDevicePoolCompatibilityInput) SetDevicePoolArn(v string) *GetDevicePoolCompatibilityInput {
 	s.DevicePoolArn = &v
@@ -9040,6 +9645,71 @@ func (s *GetUploadOutput) SetUpload(v *Upload) *GetUploadOutput {
 	return s
 }
 
+type GetVPCEConfigurationInput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the VPC endpoint configuration you want
+	// to describe.
+	//
+	// Arn is a required field
+	Arn *string `locationName:"arn" min:"32" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s GetVPCEConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetVPCEConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetVPCEConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetVPCEConfigurationInput"}
+	if s.Arn == nil {
+		invalidParams.Add(request.NewErrParamRequired("Arn"))
+	}
+	if s.Arn != nil && len(*s.Arn) < 32 {
+		invalidParams.Add(request.NewErrParamMinLen("Arn", 32))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetArn sets the Arn field's value.
+func (s *GetVPCEConfigurationInput) SetArn(v string) *GetVPCEConfigurationInput {
+	s.Arn = &v
+	return s
+}
+
+type GetVPCEConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+
+	// An object containing information about your VPC endpoint configuration.
+	VpceConfiguration *VPCEConfiguration `locationName:"vpceConfiguration" type:"structure"`
+}
+
+// String returns the string representation
+func (s GetVPCEConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetVPCEConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetVpceConfiguration sets the VpceConfiguration field's value.
+func (s *GetVPCEConfigurationOutput) SetVpceConfiguration(v *VPCEConfiguration) *GetVPCEConfigurationOutput {
+	s.VpceConfiguration = v
+	return s
+}
+
 // Represents information about incompatibility.
 type IncompatibilityMessage struct {
 	_ struct{} `type:"structure"`
@@ -11052,6 +11722,87 @@ func (s *ListUploadsOutput) SetUploads(v []*Upload) *ListUploadsOutput {
 	return s
 }
 
+type ListVPCEConfigurationsInput struct {
+	_ struct{} `type:"structure"`
+
+	// An integer specifying the maximum number of items you want to return in the
+	// API response.
+	MaxResults *int64 `locationName:"maxResults" type:"integer"`
+
+	// An identifier that was returned from the previous call to this operation,
+	// which can be used to return the next set of items in the list.
+	NextToken *string `locationName:"nextToken" min:"4" type:"string"`
+}
+
+// String returns the string representation
+func (s ListVPCEConfigurationsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListVPCEConfigurationsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListVPCEConfigurationsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListVPCEConfigurationsInput"}
+	if s.NextToken != nil && len(*s.NextToken) < 4 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 4))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListVPCEConfigurationsInput) SetMaxResults(v int64) *ListVPCEConfigurationsInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListVPCEConfigurationsInput) SetNextToken(v string) *ListVPCEConfigurationsInput {
+	s.NextToken = &v
+	return s
+}
+
+type ListVPCEConfigurationsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// An identifier that was returned from the previous call to this operation,
+	// which can be used to return the next set of items in the list.
+	NextToken *string `locationName:"nextToken" min:"4" type:"string"`
+
+	// An array of VPCEConfiguration objects containing information about your VPC
+	// endpoint configuration.
+	VpceConfigurations []*VPCEConfiguration `locationName:"vpceConfigurations" type:"list"`
+}
+
+// String returns the string representation
+func (s ListVPCEConfigurationsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListVPCEConfigurationsOutput) GoString() string {
+	return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListVPCEConfigurationsOutput) SetNextToken(v string) *ListVPCEConfigurationsOutput {
+	s.NextToken = &v
+	return s
+}
+
+// SetVpceConfigurations sets the VpceConfigurations field's value.
+func (s *ListVPCEConfigurationsOutput) SetVpceConfigurations(v []*VPCEConfiguration) *ListVPCEConfigurationsOutput {
+	s.VpceConfigurations = v
+	return s
+}
+
 // Represents a latitude and longitude pair, expressed in geographic coordinate
 // system degrees (for example 47.6204, -122.3491).
 //
@@ -12735,6 +13486,9 @@ type ScheduleRunConfiguration struct {
 
 	// Information about the radio states for the run.
 	Radios *Radios `locationName:"radios" type:"structure"`
+
+	// An array of Amazon Resource Names (ARNs) for your VPC endpoint configurations.
+	VpceConfigurationArns []*string `locationName:"vpceConfigurationArns" type:"list"`
 }
 
 // String returns the string representation
@@ -12816,6 +13570,12 @@ func (s *ScheduleRunConfiguration) SetRadios(v *Radios) *ScheduleRunConfiguratio
 	return s
 }
 
+// SetVpceConfigurationArns sets the VpceConfigurationArns field's value.
+func (s *ScheduleRunConfiguration) SetVpceConfigurationArns(v []*string) *ScheduleRunConfiguration {
+	s.VpceConfigurationArns = v
+	return s
+}
+
 // Represents a request to the schedule run operation.
 type ScheduleRunInput struct {
 	_ struct{} `type:"structure"`
@@ -14251,6 +15011,110 @@ func (s *UpdateProjectOutput) SetProject(v *Project) *UpdateProjectOutput {
 	return s
 }
 
+type UpdateVPCEConfigurationInput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the VPC endpoint configuration you want
+	// to update.
+	//
+	// Arn is a required field
+	Arn *string `locationName:"arn" min:"32" type:"string" required:"true"`
+
+	// The DNS (domain) name used to connect to your private service in your Amazon
+	// VPC. The DNS name must not already be in use on the Internet.
+	ServiceDnsName *string `locationName:"serviceDnsName" type:"string"`
+
+	// An optional description, providing more details about your VPC endpoint configuration.
+	VpceConfigurationDescription *string `locationName:"vpceConfigurationDescription" type:"string"`
+
+	// The friendly name you give to your VPC endpoint configuration, to manage
+	// your configurations more easily.
+	VpceConfigurationName *string `locationName:"vpceConfigurationName" type:"string"`
+
+	// The name of the VPC endpoint service running inside your AWS account that
+	// you want Device Farm to test.
+	VpceServiceName *string `locationName:"vpceServiceName" type:"string"`
+}
+
+// String returns the string representation
+func (s UpdateVPCEConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UpdateVPCEConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateVPCEConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "UpdateVPCEConfigurationInput"}
+	if s.Arn == nil {
+		invalidParams.Add(request.NewErrParamRequired("Arn"))
+	}
+	if s.Arn != nil && len(*s.Arn) < 32 {
+		invalidParams.Add(request.NewErrParamMinLen("Arn", 32))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetArn sets the Arn field's value.
+func (s *UpdateVPCEConfigurationInput) SetArn(v string) *UpdateVPCEConfigurationInput {
+	s.Arn = &v
+	return s
+}
+
+// SetServiceDnsName sets the ServiceDnsName field's value.
+func (s *UpdateVPCEConfigurationInput) SetServiceDnsName(v string) *UpdateVPCEConfigurationInput {
+	s.ServiceDnsName = &v
+	return s
+}
+
+// SetVpceConfigurationDescription sets the VpceConfigurationDescription field's value.
+func (s *UpdateVPCEConfigurationInput) SetVpceConfigurationDescription(v string) *UpdateVPCEConfigurationInput {
+	s.VpceConfigurationDescription = &v
+	return s
+}
+
+// SetVpceConfigurationName sets the VpceConfigurationName field's value.
+func (s *UpdateVPCEConfigurationInput) SetVpceConfigurationName(v string) *UpdateVPCEConfigurationInput {
+	s.VpceConfigurationName = &v
+	return s
+}
+
+// SetVpceServiceName sets the VpceServiceName field's value.
+func (s *UpdateVPCEConfigurationInput) SetVpceServiceName(v string) *UpdateVPCEConfigurationInput {
+	s.VpceServiceName = &v
+	return s
+}
+
+type UpdateVPCEConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+
+	// An object containing information about your VPC endpoint configuration.
+	VpceConfiguration *VPCEConfiguration `locationName:"vpceConfiguration" type:"structure"`
+}
+
+// String returns the string representation
+func (s UpdateVPCEConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UpdateVPCEConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetVpceConfiguration sets the VpceConfiguration field's value.
+func (s *UpdateVPCEConfigurationOutput) SetVpceConfiguration(v *VPCEConfiguration) *UpdateVPCEConfigurationOutput {
+	s.VpceConfiguration = v
+	return s
+}
+
 // An app or a set of one or more tests to upload or that have been uploaded.
 type Upload struct {
 	_ struct{} `type:"structure"`
@@ -14397,6 +15261,69 @@ func (s *Upload) SetUrl(v string) *Upload {
 	return s
 }
 
+// Represents an Amazon Virtual Private Cloud (VPC) endpoint configuration.
+type VPCEConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the VPC endpoint configuration.
+	Arn *string `locationName:"arn" min:"32" type:"string"`
+
+	// The DNS name that maps to the private IP address of the service you want
+	// to access.
+	ServiceDnsName *string `locationName:"serviceDnsName" type:"string"`
+
+	// An optional description, providing more details about your VPC endpoint configuration.
+	VpceConfigurationDescription *string `locationName:"vpceConfigurationDescription" type:"string"`
+
+	// The friendly name you give to your VPC endpoint configuration, to manage
+	// your configurations more easily.
+	VpceConfigurationName *string `locationName:"vpceConfigurationName" type:"string"`
+
+	// The name of the VPC endpoint service running inside your AWS account that
+	// you want Device Farm to test.
+	VpceServiceName *string `locationName:"vpceServiceName" type:"string"`
+}
+
+// String returns the string representation
+func (s VPCEConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s VPCEConfiguration) GoString() string {
+	return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *VPCEConfiguration) SetArn(v string) *VPCEConfiguration {
+	s.Arn = &v
+	return s
+}
+
+// SetServiceDnsName sets the ServiceDnsName field's value.
+func (s *VPCEConfiguration) SetServiceDnsName(v string) *VPCEConfiguration {
+	s.ServiceDnsName = &v
+	return s
+}
+
+// SetVpceConfigurationDescription sets the VpceConfigurationDescription field's value.
+func (s *VPCEConfiguration) SetVpceConfigurationDescription(v string) *VPCEConfiguration {
+	s.VpceConfigurationDescription = &v
+	return s
+}
+
+// SetVpceConfigurationName sets the VpceConfigurationName field's value.
+func (s *VPCEConfiguration) SetVpceConfigurationName(v string) *VPCEConfiguration {
+	s.VpceConfigurationName = &v
+	return s
+}
+
+// SetVpceServiceName sets the VpceServiceName field's value.
+func (s *VPCEConfiguration) SetVpceServiceName(v string) *VPCEConfiguration {
+	s.VpceServiceName = &v
+	return s
+}
+
 const (
 	// ArtifactCategoryScreenshot is a ArtifactCategory enum value
 	ArtifactCategoryScreenshot = "SCREENSHOT"
@@ -14531,6 +15458,9 @@ const (
 
 	// DeviceAttributeInstanceLabels is a DeviceAttribute enum value
 	DeviceAttributeInstanceLabels = "INSTANCE_LABELS"
+
+	// DeviceAttributeFleetType is a DeviceAttribute enum value
+	DeviceAttributeFleetType = "FLEET_TYPE"
 )
 
 const (
@@ -14583,6 +15513,9 @@ const (
 const (
 	// ExecutionResultCodeParsingFailed is a ExecutionResultCode enum value
 	ExecutionResultCodeParsingFailed = "PARSING_FAILED"
+
+	// ExecutionResultCodeVpcEndpointSetupFailed is a ExecutionResultCode enum value
+	ExecutionResultCodeVpcEndpointSetupFailed = "VPC_ENDPOINT_SETUP_FAILED"
 )
 
 const (
diff --git a/vendor/github.com/aws/aws-sdk-go/service/devicefarm/errors.go b/vendor/github.com/aws/aws-sdk-go/service/devicefarm/errors.go
index bcb0d460108..2d9e5abdfbf 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/devicefarm/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/devicefarm/errors.go
@@ -16,6 +16,13 @@ const (
 	// An entity with the same name already exists.
 	ErrCodeIdempotencyException = "IdempotencyException"
 
+	// ErrCodeInvalidOperationException for service response error code
+	// "InvalidOperationException".
+	//
+	// There was an error with the update request, or you do not have sufficient
+	// permissions to update this VPC endpoint configuration.
+	ErrCodeInvalidOperationException = "InvalidOperationException"
+
 	// ErrCodeLimitExceededException for service response error code
 	// "LimitExceededException".
 	//
diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go
index fb9dc14927a..bf9d7a4e15a 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go
@@ -569,6 +569,21 @@ func (c *DynamoDB) CreateGlobalTableRequest(input *CreateGlobalTableInput) (req
 //
 //    *  The tables must have DynamoDB Streams enabled (NEW_AND_OLD_IMAGES).
 //
+//
+//    *  The tables must have same provisioned and maximum write capacity units.
+//
+//
+// If global secondary indexes are specified, then the following conditions
+// must also be met:
+//
+//    *  The global secondary indexes must have the same name.
+//
+//    *  The global secondary indexes must have the same hash key and sort key
+//    (if present).
+//
+//    *  The global secondary indexes must have the same provisioned and maximum
+//    write capacity units.
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -1204,8 +1219,7 @@ func (c *DynamoDB) DescribeContinuousBackupsRequest(input *DescribeContinuousBac
 // to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime.
 //
 // LatestRestorableDateTime is typically 5 minutes before the current time.
-// You can restore your table to any point in time during the last 35 days with
-// a 1-minute granularity.
+// You can restore your table to any point in time during the last 35 days.
 //
 // You can call DescribeContinuousBackups at a maximum rate of 10 times per
 // second.
@@ -1329,6 +1343,88 @@ func (c *DynamoDB) DescribeGlobalTableWithContext(ctx aws.Context, input *Descri
 	return out, req.Send()
 }
 
+const opDescribeGlobalTableSettings = "DescribeGlobalTableSettings"
+
+// DescribeGlobalTableSettingsRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeGlobalTableSettings operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeGlobalTableSettings for more information on using the DescribeGlobalTableSettings
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DescribeGlobalTableSettingsRequest method.
+//    req, resp := client.DescribeGlobalTableSettingsRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeGlobalTableSettings
+func (c *DynamoDB) DescribeGlobalTableSettingsRequest(input *DescribeGlobalTableSettingsInput) (req *request.Request, output *DescribeGlobalTableSettingsOutput) {
+	op := &request.Operation{
+		Name:       opDescribeGlobalTableSettings,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DescribeGlobalTableSettingsInput{}
+	}
+
+	output = &DescribeGlobalTableSettingsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DescribeGlobalTableSettings API operation for Amazon DynamoDB.
+//
+// Describes region specific settings for a global table.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon DynamoDB's
+// API operation DescribeGlobalTableSettings for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeGlobalTableNotFoundException "GlobalTableNotFoundException"
+//   The specified global table does not exist.
+//
+//   * ErrCodeInternalServerError "InternalServerError"
+//   An error occurred on the server side.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeGlobalTableSettings
+func (c *DynamoDB) DescribeGlobalTableSettings(input *DescribeGlobalTableSettingsInput) (*DescribeGlobalTableSettingsOutput, error) {
+	req, out := c.DescribeGlobalTableSettingsRequest(input)
+	return out, req.Send()
+}
+
+// DescribeGlobalTableSettingsWithContext is the same as DescribeGlobalTableSettings with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeGlobalTableSettings for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *DynamoDB) DescribeGlobalTableSettingsWithContext(ctx aws.Context, input *DescribeGlobalTableSettingsInput, opts ...request.Option) (*DescribeGlobalTableSettingsOutput, error) {
+	req, out := c.DescribeGlobalTableSettingsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDescribeLimits = "DescribeLimits"
 
 // DescribeLimitsRequest generates a "aws/request.Request" representing the
@@ -2630,9 +2726,26 @@ func (c *DynamoDB) RestoreTableToPointInTimeRequest(input *RestoreTableToPointIn
 //
 // Restores the specified table to the specified point in time within EarliestRestorableDateTime
 // and LatestRestorableDateTime. You can restore your table to any point in
-// time during the last 35 days with a 1-minute granularity. Any number of users
-// can execute up to 4 concurrent restores (any type of restore) in a given
-// account.
+// time during the last 35 days. Any number of users can execute up to 4 concurrent
+// restores (any type of restore) in a given account.
+//
+// When you restore using point in time recovery, DynamoDB restores your table
+// data to the state based on the selected date and time (day:hour:minute:second)
+// to a new table.
+//
+// Along with data, the following are also included on the new restored table
+// using point in time recovery:
+//
+//    * Global secondary indexes (GSIs)
+//
+//    * Local secondary indexes (LSIs)
+//
+//    * Provisioned read and write capacity
+//
+//    * Encryption settings
+//
+//  All these settings come from the current settings of the source table at
+//    the time of restore.
 //
 // You must manually set up the following on the restored table:
 //
@@ -3160,8 +3273,7 @@ func (c *DynamoDB) UpdateContinuousBackupsRequest(input *UpdateContinuousBackups
 // to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime.
 //
 // LatestRestorableDateTime is typically 5 minutes before the current time.
-// You can restore your table to any point in time during the last 35 days with
-// a 1-minute granularity.
+// You can restore your table to any point in time during the last 35 days..
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -3250,12 +3362,24 @@ func (c *DynamoDB) UpdateGlobalTableRequest(input *UpdateGlobalTableInput) (req
 // Adds or removes replicas in the specified global table. The global table
 // must already exist to be able to use this operation. Any replica to be added
 // must be empty, must have the same name as the global table, must have the
-// same key schema, and must have DynamoDB Streams enabled.
+// same key schema, and must have DynamoDB Streams enabled and must have same
+// provisioned and maximum write capacity units.
 //
 // Although you can use UpdateGlobalTable to add replicas and remove replicas
 // in a single request, for simplicity we recommend that you issue separate
 // requests for adding or removing replicas.
 //
+// If global secondary indexes are specified, then the following conditions
+// must also be met:
+//
+//    *  The global secondary indexes must have the same name.
+//
+//    *  The global secondary indexes must have the same hash key and sort key
+//    (if present).
+//
+//    *  The global secondary indexes must have the same provisioned and maximum
+//    write capacity units.
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -3302,6 +3426,113 @@ func (c *DynamoDB) UpdateGlobalTableWithContext(ctx aws.Context, input *UpdateGl
 	return out, req.Send()
 }
 
+const opUpdateGlobalTableSettings = "UpdateGlobalTableSettings"
+
+// UpdateGlobalTableSettingsRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateGlobalTableSettings operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateGlobalTableSettings for more information on using the UpdateGlobalTableSettings
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the UpdateGlobalTableSettingsRequest method.
+//    req, resp := client.UpdateGlobalTableSettingsRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateGlobalTableSettings
+func (c *DynamoDB) UpdateGlobalTableSettingsRequest(input *UpdateGlobalTableSettingsInput) (req *request.Request, output *UpdateGlobalTableSettingsOutput) {
+	op := &request.Operation{
+		Name:       opUpdateGlobalTableSettings,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &UpdateGlobalTableSettingsInput{}
+	}
+
+	output = &UpdateGlobalTableSettingsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// UpdateGlobalTableSettings API operation for Amazon DynamoDB.
+//
+// Updates settings for a global table.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon DynamoDB's
+// API operation UpdateGlobalTableSettings for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeGlobalTableNotFoundException "GlobalTableNotFoundException"
+//   The specified global table does not exist.
+//
+//   * ErrCodeReplicaNotFoundException "ReplicaNotFoundException"
+//   The specified replica is no longer part of the global table.
+//
+//   * ErrCodeIndexNotFoundException "IndexNotFoundException"
+//   The operation tried to access a nonexistent index.
+//
+//   * ErrCodeLimitExceededException "LimitExceededException"
+//   Up to 50 CreateBackup operations are allowed per second, per account. There
+//   is no limit to the number of daily on-demand backups that can be taken.
+//
+//   Up to 10 simultaneous table operations are allowed per account. These operations
+//   include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, RestoreTableFromBackup,
+//   and RestoreTableToPointInTime.
+//
+//   For tables with secondary indexes, only one of those tables can be in the
+//   CREATING state at any point in time. Do not attempt to create more than one
+//   such table simultaneously.
+//
+//   The total limit of tables in the ACTIVE state is 250.
+//
+//   * ErrCodeResourceInUseException "ResourceInUseException"
+//   The operation conflicts with the resource's availability. For example, you
+//   attempted to recreate an existing table, or tried to delete a table currently
+//   in the CREATING state.
+//
+//   * ErrCodeInternalServerError "InternalServerError"
+//   An error occurred on the server side.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateGlobalTableSettings
+func (c *DynamoDB) UpdateGlobalTableSettings(input *UpdateGlobalTableSettingsInput) (*UpdateGlobalTableSettingsOutput, error) {
+	req, out := c.UpdateGlobalTableSettingsRequest(input)
+	return out, req.Send()
+}
+
+// UpdateGlobalTableSettingsWithContext is the same as UpdateGlobalTableSettings with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateGlobalTableSettings for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *DynamoDB) UpdateGlobalTableSettingsWithContext(ctx aws.Context, input *UpdateGlobalTableSettingsInput, opts ...request.Option) (*UpdateGlobalTableSettingsOutput, error) {
+	req, out := c.UpdateGlobalTableSettingsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opUpdateItem = "UpdateItem"
 
 // UpdateItemRequest generates a "aws/request.Request" representing the
@@ -6165,6 +6396,79 @@ func (s *DescribeGlobalTableOutput) SetGlobalTableDescription(v *GlobalTableDesc
 	return s
 }
 
+type DescribeGlobalTableSettingsInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the global table to describe.
+	//
+	// GlobalTableName is a required field
+	GlobalTableName *string `min:"3" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DescribeGlobalTableSettingsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeGlobalTableSettingsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeGlobalTableSettingsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeGlobalTableSettingsInput"}
+	if s.GlobalTableName == nil {
+		invalidParams.Add(request.NewErrParamRequired("GlobalTableName"))
+	}
+	if s.GlobalTableName != nil && len(*s.GlobalTableName) < 3 {
+		invalidParams.Add(request.NewErrParamMinLen("GlobalTableName", 3))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGlobalTableName sets the GlobalTableName field's value.
+func (s *DescribeGlobalTableSettingsInput) SetGlobalTableName(v string) *DescribeGlobalTableSettingsInput {
+	s.GlobalTableName = &v
+	return s
+}
+
+type DescribeGlobalTableSettingsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the global table.
+	GlobalTableName *string `min:"3" type:"string"`
+
+	// The region specific settings for the global table.
+	ReplicaSettings []*ReplicaSettingsDescription `type:"list"`
+}
+
+// String returns the string representation
+func (s DescribeGlobalTableSettingsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeGlobalTableSettingsOutput) GoString() string {
+	return s.String()
+}
+
+// SetGlobalTableName sets the GlobalTableName field's value.
+func (s *DescribeGlobalTableSettingsOutput) SetGlobalTableName(v string) *DescribeGlobalTableSettingsOutput {
+	s.GlobalTableName = &v
+	return s
+}
+
+// SetReplicaSettings sets the ReplicaSettings field's value.
+func (s *DescribeGlobalTableSettingsOutput) SetReplicaSettings(v []*ReplicaSettingsDescription) *DescribeGlobalTableSettingsOutput {
+	s.ReplicaSettings = v
+	return s
+}
+
 // Represents the input of a DescribeLimits operation. Has no content.
 type DescribeLimitsInput struct {
 	_ struct{} `type:"structure"`
@@ -7248,45 +7552,102 @@ func (s *GlobalTableDescription) SetReplicationGroup(v []*ReplicaDescription) *G
 	return s
 }
 
-// Information about item collections, if any, that were affected by the operation.
-// ItemCollectionMetrics is only returned if the request asked for it. If the
-// table does not have any local secondary indexes, this information is not
-// returned in the response.
-type ItemCollectionMetrics struct {
+// Represents the settings of a global secondary index for a global table that
+// will be modified.
+type GlobalTableGlobalSecondaryIndexSettingsUpdate struct {
 	_ struct{} `type:"structure"`
 
-	// The partition key value of the item collection. This value is the same as
-	// the partition key value of the item.
-	ItemCollectionKey map[string]*AttributeValue `type:"map"`
-
-	// An estimate of item collection size, in gigabytes. This value is a two-element
-	// array containing a lower bound and an upper bound for the estimate. The estimate
-	// includes the size of all the items in the table, plus the size of all attributes
-	// projected into all of the local secondary indexes on that table. Use this
-	// estimate to measure whether a local secondary index is approaching its size
-	// limit.
+	// The name of the global secondary index. The name must be unique among all
+	// other indexes on this table.
 	//
-	// The estimate is subject to change over time; therefore, do not rely on the
-	// precision or accuracy of the estimate.
-	SizeEstimateRangeGB []*float64 `type:"list"`
+	// IndexName is a required field
+	IndexName *string `min:"3" type:"string" required:"true"`
+
+	// The maximum number of writes consumed per second before DynamoDB returns
+	// a ThrottlingException.
+	ProvisionedWriteCapacityUnits *int64 `min:"1" type:"long"`
 }
 
 // String returns the string representation
-func (s ItemCollectionMetrics) String() string {
+func (s GlobalTableGlobalSecondaryIndexSettingsUpdate) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s ItemCollectionMetrics) GoString() string {
+func (s GlobalTableGlobalSecondaryIndexSettingsUpdate) GoString() string {
 	return s.String()
 }
 
-// SetItemCollectionKey sets the ItemCollectionKey field's value.
-func (s *ItemCollectionMetrics) SetItemCollectionKey(v map[string]*AttributeValue) *ItemCollectionMetrics {
-	s.ItemCollectionKey = v
-	return s
-}
-
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GlobalTableGlobalSecondaryIndexSettingsUpdate) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GlobalTableGlobalSecondaryIndexSettingsUpdate"}
+	if s.IndexName == nil {
+		invalidParams.Add(request.NewErrParamRequired("IndexName"))
+	}
+	if s.IndexName != nil && len(*s.IndexName) < 3 {
+		invalidParams.Add(request.NewErrParamMinLen("IndexName", 3))
+	}
+	if s.ProvisionedWriteCapacityUnits != nil && *s.ProvisionedWriteCapacityUnits < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("ProvisionedWriteCapacityUnits", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetIndexName sets the IndexName field's value.
+func (s *GlobalTableGlobalSecondaryIndexSettingsUpdate) SetIndexName(v string) *GlobalTableGlobalSecondaryIndexSettingsUpdate {
+	s.IndexName = &v
+	return s
+}
+
+// SetProvisionedWriteCapacityUnits sets the ProvisionedWriteCapacityUnits field's value.
+func (s *GlobalTableGlobalSecondaryIndexSettingsUpdate) SetProvisionedWriteCapacityUnits(v int64) *GlobalTableGlobalSecondaryIndexSettingsUpdate {
+	s.ProvisionedWriteCapacityUnits = &v
+	return s
+}
+
+// Information about item collections, if any, that were affected by the operation.
+// ItemCollectionMetrics is only returned if the request asked for it. If the
+// table does not have any local secondary indexes, this information is not
+// returned in the response.
+type ItemCollectionMetrics struct {
+	_ struct{} `type:"structure"`
+
+	// The partition key value of the item collection. This value is the same as
+	// the partition key value of the item.
+	ItemCollectionKey map[string]*AttributeValue `type:"map"`
+
+	// An estimate of item collection size, in gigabytes. This value is a two-element
+	// array containing a lower bound and an upper bound for the estimate. The estimate
+	// includes the size of all the items in the table, plus the size of all attributes
+	// projected into all of the local secondary indexes on that table. Use this
+	// estimate to measure whether a local secondary index is approaching its size
+	// limit.
+	//
+	// The estimate is subject to change over time; therefore, do not rely on the
+	// precision or accuracy of the estimate.
+	SizeEstimateRangeGB []*float64 `type:"list"`
+}
+
+// String returns the string representation
+func (s ItemCollectionMetrics) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ItemCollectionMetrics) GoString() string {
+	return s.String()
+}
+
+// SetItemCollectionKey sets the ItemCollectionKey field's value.
+func (s *ItemCollectionMetrics) SetItemCollectionKey(v map[string]*AttributeValue) *ItemCollectionMetrics {
+	s.ItemCollectionKey = v
+	return s
+}
+
 // SetSizeEstimateRangeGB sets the SizeEstimateRangeGB field's value.
 func (s *ItemCollectionMetrics) SetSizeEstimateRangeGB(v []*float64) *ItemCollectionMetrics {
 	s.SizeEstimateRangeGB = v
@@ -8144,13 +8505,11 @@ func (s *LocalSecondaryIndexInfo) SetProjection(v *Projection) *LocalSecondaryIn
 type PointInTimeRecoveryDescription struct {
 	_ struct{} `type:"structure"`
 
-	// Specifies the earliest point in time you can restore your table to. It is
-	// equal to the maximum of point in time recovery enabled time and CurrentTime
-	// - PointInTimeRecoveryPeriod.
+	// Specifies the earliest point in time you can restore your table to. It You
+	// can restore your table to any point in time during the last 35 days.
 	EarliestRestorableDateTime *time.Time `type:"timestamp" timestampFormat:"unix"`
 
-	// LatestRestorableDateTime is 5 minutes from now and there is a +/- 1 minute
-	// fuzziness on the restore times.
+	// LatestRestorableDateTime is typically 5 minutes before the current time.
 	LatestRestorableDateTime *time.Time `type:"timestamp" timestampFormat:"unix"`
 
 	// The current state of point in time recovery:
@@ -9359,6 +9718,280 @@ func (s *ReplicaDescription) SetRegionName(v string) *ReplicaDescription {
 	return s
 }
 
+// Represents the properties of a global secondary index.
+type ReplicaGlobalSecondaryIndexSettingsDescription struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the global secondary index. The name must be unique among all
+	// other indexes on this table.
+	//
+	// IndexName is a required field
+	IndexName *string `min:"3" type:"string" required:"true"`
+
+	// The current status of the global secondary index:
+	//
+	//    * CREATING - The global secondary index is being created.
+	//
+	//    * UPDATING - The global secondary index is being updated.
+	//
+	//    * DELETING - The global secondary index is being deleted.
+	//
+	//    * ACTIVE - The global secondary index is ready for use.
+	IndexStatus *string `type:"string" enum:"IndexStatus"`
+
+	// The maximum number of strongly consistent reads consumed per second before
+	// DynamoDB returns a ThrottlingException.
+	ProvisionedReadCapacityUnits *int64 `min:"1" type:"long"`
+
+	// The maximum number of writes consumed per second before DynamoDB returns
+	// a ThrottlingException.
+	ProvisionedWriteCapacityUnits *int64 `min:"1" type:"long"`
+}
+
+// String returns the string representation
+func (s ReplicaGlobalSecondaryIndexSettingsDescription) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ReplicaGlobalSecondaryIndexSettingsDescription) GoString() string {
+	return s.String()
+}
+
+// SetIndexName sets the IndexName field's value.
+func (s *ReplicaGlobalSecondaryIndexSettingsDescription) SetIndexName(v string) *ReplicaGlobalSecondaryIndexSettingsDescription {
+	s.IndexName = &v
+	return s
+}
+
+// SetIndexStatus sets the IndexStatus field's value.
+func (s *ReplicaGlobalSecondaryIndexSettingsDescription) SetIndexStatus(v string) *ReplicaGlobalSecondaryIndexSettingsDescription {
+	s.IndexStatus = &v
+	return s
+}
+
+// SetProvisionedReadCapacityUnits sets the ProvisionedReadCapacityUnits field's value.
+func (s *ReplicaGlobalSecondaryIndexSettingsDescription) SetProvisionedReadCapacityUnits(v int64) *ReplicaGlobalSecondaryIndexSettingsDescription {
+	s.ProvisionedReadCapacityUnits = &v
+	return s
+}
+
+// SetProvisionedWriteCapacityUnits sets the ProvisionedWriteCapacityUnits field's value.
+func (s *ReplicaGlobalSecondaryIndexSettingsDescription) SetProvisionedWriteCapacityUnits(v int64) *ReplicaGlobalSecondaryIndexSettingsDescription {
+	s.ProvisionedWriteCapacityUnits = &v
+	return s
+}
+
+// Represents the settings of a global secondary index for a global table that
+// will be modified.
+type ReplicaGlobalSecondaryIndexSettingsUpdate struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the global secondary index. The name must be unique among all
+	// other indexes on this table.
+	//
+	// IndexName is a required field
+	IndexName *string `min:"3" type:"string" required:"true"`
+
+	// The maximum number of strongly consistent reads consumed per second before
+	// DynamoDB returns a ThrottlingException.
+	ProvisionedReadCapacityUnits *int64 `min:"1" type:"long"`
+}
+
+// String returns the string representation
+func (s ReplicaGlobalSecondaryIndexSettingsUpdate) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ReplicaGlobalSecondaryIndexSettingsUpdate) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicaGlobalSecondaryIndexSettingsUpdate) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ReplicaGlobalSecondaryIndexSettingsUpdate"}
+	if s.IndexName == nil {
+		invalidParams.Add(request.NewErrParamRequired("IndexName"))
+	}
+	if s.IndexName != nil && len(*s.IndexName) < 3 {
+		invalidParams.Add(request.NewErrParamMinLen("IndexName", 3))
+	}
+	if s.ProvisionedReadCapacityUnits != nil && *s.ProvisionedReadCapacityUnits < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("ProvisionedReadCapacityUnits", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetIndexName sets the IndexName field's value.
+func (s *ReplicaGlobalSecondaryIndexSettingsUpdate) SetIndexName(v string) *ReplicaGlobalSecondaryIndexSettingsUpdate {
+	s.IndexName = &v
+	return s
+}
+
+// SetProvisionedReadCapacityUnits sets the ProvisionedReadCapacityUnits field's value.
+func (s *ReplicaGlobalSecondaryIndexSettingsUpdate) SetProvisionedReadCapacityUnits(v int64) *ReplicaGlobalSecondaryIndexSettingsUpdate {
+	s.ProvisionedReadCapacityUnits = &v
+	return s
+}
+
+// Represents the properties of a replica.
+type ReplicaSettingsDescription struct {
+	_ struct{} `type:"structure"`
+
+	// The region name of the replica.
+	//
+	// RegionName is a required field
+	RegionName *string `type:"string" required:"true"`
+
+	// Replica global secondary index settings for the global table.
+	ReplicaGlobalSecondaryIndexSettings []*ReplicaGlobalSecondaryIndexSettingsDescription `type:"list"`
+
+	// The maximum number of strongly consistent reads consumed per second before
+	// DynamoDB returns a ThrottlingException. For more information, see Specifying
+	// Read and Write Requirements (http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#ProvisionedThroughput)
+	// in the Amazon DynamoDB Developer Guide.
+	ReplicaProvisionedReadCapacityUnits *int64 `min:"1" type:"long"`
+
+	// The maximum number of writes consumed per second before DynamoDB returns
+	// a ThrottlingException. For more information, see Specifying Read and Write
+	// Requirements (http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#ProvisionedThroughput)
+	// in the Amazon DynamoDB Developer Guide.
+	ReplicaProvisionedWriteCapacityUnits *int64 `min:"1" type:"long"`
+
+	// The current state of the region:
+	//
+	//    * CREATING - The region is being created.
+	//
+	//    * UPDATING - The region is being updated.
+	//
+	//    * DELETING - The region is being deleted.
+	//
+	//    * ACTIVE - The region is ready for use.
+	ReplicaStatus *string `type:"string" enum:"ReplicaStatus"`
+}
+
+// String returns the string representation
+func (s ReplicaSettingsDescription) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ReplicaSettingsDescription) GoString() string {
+	return s.String()
+}
+
+// SetRegionName sets the RegionName field's value.
+func (s *ReplicaSettingsDescription) SetRegionName(v string) *ReplicaSettingsDescription {
+	s.RegionName = &v
+	return s
+}
+
+// SetReplicaGlobalSecondaryIndexSettings sets the ReplicaGlobalSecondaryIndexSettings field's value.
+func (s *ReplicaSettingsDescription) SetReplicaGlobalSecondaryIndexSettings(v []*ReplicaGlobalSecondaryIndexSettingsDescription) *ReplicaSettingsDescription {
+	s.ReplicaGlobalSecondaryIndexSettings = v
+	return s
+}
+
+// SetReplicaProvisionedReadCapacityUnits sets the ReplicaProvisionedReadCapacityUnits field's value.
+func (s *ReplicaSettingsDescription) SetReplicaProvisionedReadCapacityUnits(v int64) *ReplicaSettingsDescription {
+	s.ReplicaProvisionedReadCapacityUnits = &v
+	return s
+}
+
+// SetReplicaProvisionedWriteCapacityUnits sets the ReplicaProvisionedWriteCapacityUnits field's value.
+func (s *ReplicaSettingsDescription) SetReplicaProvisionedWriteCapacityUnits(v int64) *ReplicaSettingsDescription {
+	s.ReplicaProvisionedWriteCapacityUnits = &v
+	return s
+}
+
+// SetReplicaStatus sets the ReplicaStatus field's value.
+func (s *ReplicaSettingsDescription) SetReplicaStatus(v string) *ReplicaSettingsDescription {
+	s.ReplicaStatus = &v
+	return s
+}
+
+// Represents the settings for a global table in a region that will be modified.
+type ReplicaSettingsUpdate struct {
+	_ struct{} `type:"structure"`
+
+	// The region of the replica to be added.
+	//
+	// RegionName is a required field
+	RegionName *string `type:"string" required:"true"`
+
+	// Represents the settings of a global secondary index for a global table that
+	// will be modified.
+	ReplicaGlobalSecondaryIndexSettingsUpdate []*ReplicaGlobalSecondaryIndexSettingsUpdate `min:"1" type:"list"`
+
+	// The maximum number of strongly consistent reads consumed per second before
+	// DynamoDB returns a ThrottlingException. For more information, see Specifying
+	// Read and Write Requirements (http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#ProvisionedThroughput)
+	// in the Amazon DynamoDB Developer Guide.
+	ReplicaProvisionedReadCapacityUnits *int64 `min:"1" type:"long"`
+}
+
+// String returns the string representation
+func (s ReplicaSettingsUpdate) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ReplicaSettingsUpdate) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicaSettingsUpdate) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ReplicaSettingsUpdate"}
+	if s.RegionName == nil {
+		invalidParams.Add(request.NewErrParamRequired("RegionName"))
+	}
+	if s.ReplicaGlobalSecondaryIndexSettingsUpdate != nil && len(s.ReplicaGlobalSecondaryIndexSettingsUpdate) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ReplicaGlobalSecondaryIndexSettingsUpdate", 1))
+	}
+	if s.ReplicaProvisionedReadCapacityUnits != nil && *s.ReplicaProvisionedReadCapacityUnits < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("ReplicaProvisionedReadCapacityUnits", 1))
+	}
+	if s.ReplicaGlobalSecondaryIndexSettingsUpdate != nil {
+		for i, v := range s.ReplicaGlobalSecondaryIndexSettingsUpdate {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ReplicaGlobalSecondaryIndexSettingsUpdate", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetRegionName sets the RegionName field's value.
+func (s *ReplicaSettingsUpdate) SetRegionName(v string) *ReplicaSettingsUpdate {
+	s.RegionName = &v
+	return s
+}
+
+// SetReplicaGlobalSecondaryIndexSettingsUpdate sets the ReplicaGlobalSecondaryIndexSettingsUpdate field's value.
+func (s *ReplicaSettingsUpdate) SetReplicaGlobalSecondaryIndexSettingsUpdate(v []*ReplicaGlobalSecondaryIndexSettingsUpdate) *ReplicaSettingsUpdate {
+	s.ReplicaGlobalSecondaryIndexSettingsUpdate = v
+	return s
+}
+
+// SetReplicaProvisionedReadCapacityUnits sets the ReplicaProvisionedReadCapacityUnits field's value.
+func (s *ReplicaSettingsUpdate) SetReplicaProvisionedReadCapacityUnits(v int64) *ReplicaSettingsUpdate {
+	s.ReplicaProvisionedReadCapacityUnits = &v
+	return s
+}
+
 // Represents one of the following:
 //
 //    * A new replica to be added to an existing global table.
@@ -11282,6 +11915,137 @@ func (s *UpdateGlobalTableOutput) SetGlobalTableDescription(v *GlobalTableDescri
 	return s
 }
 
+type UpdateGlobalTableSettingsInput struct {
+	_ struct{} `type:"structure"`
+
+	// Represents the settings of a global secondary index for a global table that
+	// will be modified.
+	GlobalTableGlobalSecondaryIndexSettingsUpdate []*GlobalTableGlobalSecondaryIndexSettingsUpdate `min:"1" type:"list"`
+
+	// The name of the global table
+	//
+	// GlobalTableName is a required field
+	GlobalTableName *string `min:"3" type:"string" required:"true"`
+
+	// The maximum number of writes consumed per second before DynamoDB returns
+	// a ThrottlingException.
+	GlobalTableProvisionedWriteCapacityUnits *int64 `min:"1" type:"long"`
+
+	// Represents the settings for a global table in a region that will be modified.
+	ReplicaSettingsUpdate []*ReplicaSettingsUpdate `min:"1" type:"list"`
+}
+
+// String returns the string representation
+func (s UpdateGlobalTableSettingsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UpdateGlobalTableSettingsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateGlobalTableSettingsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "UpdateGlobalTableSettingsInput"}
+	if s.GlobalTableGlobalSecondaryIndexSettingsUpdate != nil && len(s.GlobalTableGlobalSecondaryIndexSettingsUpdate) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("GlobalTableGlobalSecondaryIndexSettingsUpdate", 1))
+	}
+	if s.GlobalTableName == nil {
+		invalidParams.Add(request.NewErrParamRequired("GlobalTableName"))
+	}
+	if s.GlobalTableName != nil && len(*s.GlobalTableName) < 3 {
+		invalidParams.Add(request.NewErrParamMinLen("GlobalTableName", 3))
+	}
+	if s.GlobalTableProvisionedWriteCapacityUnits != nil && *s.GlobalTableProvisionedWriteCapacityUnits < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("GlobalTableProvisionedWriteCapacityUnits", 1))
+	}
+	if s.ReplicaSettingsUpdate != nil && len(s.ReplicaSettingsUpdate) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ReplicaSettingsUpdate", 1))
+	}
+	if s.GlobalTableGlobalSecondaryIndexSettingsUpdate != nil {
+		for i, v := range s.GlobalTableGlobalSecondaryIndexSettingsUpdate {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "GlobalTableGlobalSecondaryIndexSettingsUpdate", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+	if s.ReplicaSettingsUpdate != nil {
+		for i, v := range s.ReplicaSettingsUpdate {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ReplicaSettingsUpdate", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGlobalTableGlobalSecondaryIndexSettingsUpdate sets the GlobalTableGlobalSecondaryIndexSettingsUpdate field's value.
+func (s *UpdateGlobalTableSettingsInput) SetGlobalTableGlobalSecondaryIndexSettingsUpdate(v []*GlobalTableGlobalSecondaryIndexSettingsUpdate) *UpdateGlobalTableSettingsInput {
+	s.GlobalTableGlobalSecondaryIndexSettingsUpdate = v
+	return s
+}
+
+// SetGlobalTableName sets the GlobalTableName field's value.
+func (s *UpdateGlobalTableSettingsInput) SetGlobalTableName(v string) *UpdateGlobalTableSettingsInput {
+	s.GlobalTableName = &v
+	return s
+}
+
+// SetGlobalTableProvisionedWriteCapacityUnits sets the GlobalTableProvisionedWriteCapacityUnits field's value.
+func (s *UpdateGlobalTableSettingsInput) SetGlobalTableProvisionedWriteCapacityUnits(v int64) *UpdateGlobalTableSettingsInput {
+	s.GlobalTableProvisionedWriteCapacityUnits = &v
+	return s
+}
+
+// SetReplicaSettingsUpdate sets the ReplicaSettingsUpdate field's value.
+func (s *UpdateGlobalTableSettingsInput) SetReplicaSettingsUpdate(v []*ReplicaSettingsUpdate) *UpdateGlobalTableSettingsInput {
+	s.ReplicaSettingsUpdate = v
+	return s
+}
+
+type UpdateGlobalTableSettingsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the global table.
+	GlobalTableName *string `min:"3" type:"string"`
+
+	// The region specific settings for the global table.
+	ReplicaSettings []*ReplicaSettingsDescription `type:"list"`
+}
+
+// String returns the string representation
+func (s UpdateGlobalTableSettingsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UpdateGlobalTableSettingsOutput) GoString() string {
+	return s.String()
+}
+
+// SetGlobalTableName sets the GlobalTableName field's value.
+func (s *UpdateGlobalTableSettingsOutput) SetGlobalTableName(v string) *UpdateGlobalTableSettingsOutput {
+	s.GlobalTableName = &v
+	return s
+}
+
+// SetReplicaSettings sets the ReplicaSettings field's value.
+func (s *UpdateGlobalTableSettingsOutput) SetReplicaSettings(v []*ReplicaSettingsDescription) *UpdateGlobalTableSettingsOutput {
+	s.ReplicaSettings = v
+	return s
+}
+
 // Represents the input of an UpdateItem operation.
 type UpdateItemInput struct {
 	_ struct{} `type:"structure"`
@@ -12087,6 +12851,20 @@ const (
 	ProjectionTypeInclude = "INCLUDE"
 )
 
+const (
+	// ReplicaStatusCreating is a ReplicaStatus enum value
+	ReplicaStatusCreating = "CREATING"
+
+	// ReplicaStatusUpdating is a ReplicaStatus enum value
+	ReplicaStatusUpdating = "UPDATING"
+
+	// ReplicaStatusDeleting is a ReplicaStatus enum value
+	ReplicaStatusDeleting = "DELETING"
+
+	// ReplicaStatusActive is a ReplicaStatus enum value
+	ReplicaStatusActive = "ACTIVE"
+)
+
 // Determines the level of detail about provisioned throughput consumption that
 // is returned in the response:
 //
diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go
index 05b8470d2ee..5f6016521b0 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go
@@ -41,6 +41,12 @@ const (
 	// The specified global table does not exist.
 	ErrCodeGlobalTableNotFoundException = "GlobalTableNotFoundException"
 
+	// ErrCodeIndexNotFoundException for service response error code
+	// "IndexNotFoundException".
+	//
+	// The operation tried to access a nonexistent index.
+	ErrCodeIndexNotFoundException = "IndexNotFoundException"
+
 	// ErrCodeInternalServerError for service response error code
 	// "InternalServerError".
 	//
diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
index 28f434bbfff..68d90ad29e5 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
@@ -2272,7 +2272,7 @@ func (c *EC2) CancelSpotInstanceRequestsRequest(input *CancelSpotInstanceRequest
 // that Amazon EC2 starts on your behalf when the maximum price that you specify
 // exceeds the current Spot price. For more information, see Spot Instance Requests
 // (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html) in
-// the Amazon Elastic Compute Cloud User Guide.
+// the Amazon EC2 User Guide for Linux Instances.
 //
 // Canceling a Spot Instance request does not terminate running Spot Instances
 // associated with the request.
@@ -3080,6 +3080,86 @@ func (c *EC2) CreateEgressOnlyInternetGatewayWithContext(ctx aws.Context, input
 	return out, req.Send()
 }
 
+const opCreateFleet = "CreateFleet"
+
+// CreateFleetRequest generates a "aws/request.Request" representing the
+// client's request for the CreateFleet operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateFleet for more information on using the CreateFleet
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the CreateFleetRequest method.
+//    req, resp := client.CreateFleetRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateFleet
+func (c *EC2) CreateFleetRequest(input *CreateFleetInput) (req *request.Request, output *CreateFleetOutput) {
+	op := &request.Operation{
+		Name:       opCreateFleet,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &CreateFleetInput{}
+	}
+
+	output = &CreateFleetOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// CreateFleet API operation for Amazon Elastic Compute Cloud.
+//
+// Launches an EC2 Fleet.
+//
+// You can create a single EC2 Fleet that includes multiple launch specifications
+// that vary by instance type, AMI, Availability Zone, or subnet.
+//
+// For more information, see Launching an EC2 Fleet (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-launch-ec2-fleet.html)
+// in the Amazon Elastic Compute Cloud User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Compute Cloud's
+// API operation CreateFleet for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateFleet
+func (c *EC2) CreateFleet(input *CreateFleetInput) (*CreateFleetOutput, error) {
+	req, out := c.CreateFleetRequest(input)
+	return out, req.Send()
+}
+
+// CreateFleetWithContext is the same as CreateFleet with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateFleet for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) CreateFleetWithContext(ctx aws.Context, input *CreateFleetInput, opts ...request.Option) (*CreateFleetOutput, error) {
+	req, out := c.CreateFleetRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opCreateFlowLogs = "CreateFlowLogs"
 
 // CreateFlowLogsRequest generates a "aws/request.Request" representing the
@@ -4735,7 +4815,7 @@ func (c *EC2) CreateSpotDatafeedSubscriptionRequest(input *CreateSpotDatafeedSub
 // Creates a data feed for Spot Instances, enabling you to view Spot Instance
 // usage logs. You can create one data feed per AWS account. For more information,
 // see Spot Instance Data Feed (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html)
-// in the Amazon Elastic Compute Cloud User Guide.
+// in the Amazon EC2 User Guide for Linux Instances.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -5958,6 +6038,87 @@ func (c *EC2) DeleteEgressOnlyInternetGatewayWithContext(ctx aws.Context, input
 	return out, req.Send()
 }
 
+const opDeleteFleets = "DeleteFleets"
+
+// DeleteFleetsRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteFleets operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteFleets for more information on using the DeleteFleets
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DeleteFleetsRequest method.
+//    req, resp := client.DeleteFleetsRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteFleets
+func (c *EC2) DeleteFleetsRequest(input *DeleteFleetsInput) (req *request.Request, output *DeleteFleetsOutput) {
+	op := &request.Operation{
+		Name:       opDeleteFleets,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DeleteFleetsInput{}
+	}
+
+	output = &DeleteFleetsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DeleteFleets API operation for Amazon Elastic Compute Cloud.
+//
+// Deletes the specified EC2 Fleet.
+//
+// After you delete an EC2 Fleet, the EC2 Fleet launches no new instances. You
+// must specify whether the EC2 Fleet should also terminate its instances. If
+// you terminate the instances, the EC2 Fleet enters the deleted_terminating
+// state. Otherwise, the EC2 Fleet enters the deleted_running state, and the
+// instances continue to run until they are interrupted or you terminate them
+// manually.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Compute Cloud's
+// API operation DeleteFleets for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteFleets
+func (c *EC2) DeleteFleets(input *DeleteFleetsInput) (*DeleteFleetsOutput, error) {
+	req, out := c.DeleteFleetsRequest(input)
+	return out, req.Send()
+}
+
+// DeleteFleetsWithContext is the same as DeleteFleets with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteFleets for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) DeleteFleetsWithContext(ctx aws.Context, input *DeleteFleetsInput, opts ...request.Option) (*DeleteFleetsOutput, error) {
+	req, out := c.DeleteFleetsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDeleteFlowLogs = "DeleteFlowLogs"
 
 // DeleteFlowLogsRequest generates a "aws/request.Request" representing the
@@ -9177,6 +9338,228 @@ func (c *EC2) DescribeExportTasksWithContext(ctx aws.Context, input *DescribeExp
 	return out, req.Send()
 }
 
+const opDescribeFleetHistory = "DescribeFleetHistory"
+
+// DescribeFleetHistoryRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeFleetHistory operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeFleetHistory for more information on using the DescribeFleetHistory
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DescribeFleetHistoryRequest method.
+//    req, resp := client.DescribeFleetHistoryRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFleetHistory
+func (c *EC2) DescribeFleetHistoryRequest(input *DescribeFleetHistoryInput) (req *request.Request, output *DescribeFleetHistoryOutput) {
+	op := &request.Operation{
+		Name:       opDescribeFleetHistory,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DescribeFleetHistoryInput{}
+	}
+
+	output = &DescribeFleetHistoryOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DescribeFleetHistory API operation for Amazon Elastic Compute Cloud.
+//
+// Describes the events for the specified EC2 Fleet during the specified time.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Compute Cloud's
+// API operation DescribeFleetHistory for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFleetHistory
+func (c *EC2) DescribeFleetHistory(input *DescribeFleetHistoryInput) (*DescribeFleetHistoryOutput, error) {
+	req, out := c.DescribeFleetHistoryRequest(input)
+	return out, req.Send()
+}
+
+// DescribeFleetHistoryWithContext is the same as DescribeFleetHistory with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeFleetHistory for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) DescribeFleetHistoryWithContext(ctx aws.Context, input *DescribeFleetHistoryInput, opts ...request.Option) (*DescribeFleetHistoryOutput, error) {
+	req, out := c.DescribeFleetHistoryRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDescribeFleetInstances = "DescribeFleetInstances"
+
+// DescribeFleetInstancesRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeFleetInstances operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeFleetInstances for more information on using the DescribeFleetInstances
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DescribeFleetInstancesRequest method.
+//    req, resp := client.DescribeFleetInstancesRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFleetInstances
+func (c *EC2) DescribeFleetInstancesRequest(input *DescribeFleetInstancesInput) (req *request.Request, output *DescribeFleetInstancesOutput) {
+	op := &request.Operation{
+		Name:       opDescribeFleetInstances,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DescribeFleetInstancesInput{}
+	}
+
+	output = &DescribeFleetInstancesOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DescribeFleetInstances API operation for Amazon Elastic Compute Cloud.
+//
+// Describes the running instances for the specified EC2 Fleet.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Compute Cloud's
+// API operation DescribeFleetInstances for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFleetInstances
+func (c *EC2) DescribeFleetInstances(input *DescribeFleetInstancesInput) (*DescribeFleetInstancesOutput, error) {
+	req, out := c.DescribeFleetInstancesRequest(input)
+	return out, req.Send()
+}
+
+// DescribeFleetInstancesWithContext is the same as DescribeFleetInstances with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeFleetInstances for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) DescribeFleetInstancesWithContext(ctx aws.Context, input *DescribeFleetInstancesInput, opts ...request.Option) (*DescribeFleetInstancesOutput, error) {
+	req, out := c.DescribeFleetInstancesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDescribeFleets = "DescribeFleets"
+
+// DescribeFleetsRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeFleets operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeFleets for more information on using the DescribeFleets
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DescribeFleetsRequest method.
+//    req, resp := client.DescribeFleetsRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFleets
+func (c *EC2) DescribeFleetsRequest(input *DescribeFleetsInput) (req *request.Request, output *DescribeFleetsOutput) {
+	op := &request.Operation{
+		Name:       opDescribeFleets,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DescribeFleetsInput{}
+	}
+
+	output = &DescribeFleetsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DescribeFleets API operation for Amazon Elastic Compute Cloud.
+//
+// Describes the specified EC2 Fleet.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Compute Cloud's
+// API operation DescribeFleets for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFleets
+func (c *EC2) DescribeFleets(input *DescribeFleetsInput) (*DescribeFleetsOutput, error) {
+	req, out := c.DescribeFleetsRequest(input)
+	return out, req.Send()
+}
+
+// DescribeFleetsWithContext is the same as DescribeFleets with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeFleets for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) DescribeFleetsWithContext(ctx aws.Context, input *DescribeFleetsInput, opts ...request.Option) (*DescribeFleetsOutput, error) {
+	req, out := c.DescribeFleetsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDescribeFlowLogs = "DescribeFlowLogs"
 
 // DescribeFlowLogsRequest generates a "aws/request.Request" representing the
@@ -12931,7 +13314,7 @@ func (c *EC2) DescribeSpotDatafeedSubscriptionRequest(input *DescribeSpotDatafee
 //
 // Describes the data feed for Spot Instances. For more information, see Spot
 // Instance Data Feed (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html)
-// in the Amazon Elastic Compute Cloud User Guide.
+// in the Amazon EC2 User Guide for Linux Instances.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -13295,7 +13678,7 @@ func (c *EC2) DescribeSpotInstanceRequestsRequest(input *DescribeSpotInstanceReq
 // are instances that Amazon EC2 launches when the Spot price that you specify
 // exceeds the current Spot price. For more information, see Spot Instance Requests
 // (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html) in
-// the Amazon Elastic Compute Cloud User Guide.
+// the Amazon EC2 User Guide for Linux Instances.
 //
 // You can use DescribeSpotInstanceRequests to find a running Spot Instance
 // by examining the response. If the status of the Spot Instance is fulfilled,
@@ -13303,8 +13686,8 @@ func (c *EC2) DescribeSpotInstanceRequestsRequest(input *DescribeSpotInstanceReq
 // instance. Alternatively, you can use DescribeInstances with a filter to look
 // for instances where the instance lifecycle is spot.
 //
-// Spot Instance requests are deleted 4 hours after they are canceled and their
-// instances are terminated.
+// Spot Instance requests are deleted four hours after they are canceled and
+// their instances are terminated.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -13386,7 +13769,7 @@ func (c *EC2) DescribeSpotPriceHistoryRequest(input *DescribeSpotPriceHistoryInp
 //
 // Describes the Spot price history. For more information, see Spot Instance
 // Pricing History (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances-history.html)
-// in the Amazon Elastic Compute Cloud User Guide.
+// in the Amazon EC2 User Guide for Linux Instances.
 //
 // When you specify a start and end time, this operation returns the prices
 // of the instance types within the time range that you specified and the time
@@ -17426,6 +17809,82 @@ func (c *EC2) ImportVolumeWithContext(ctx aws.Context, input *ImportVolumeInput,
 	return out, req.Send()
 }
 
+const opModifyFleet = "ModifyFleet"
+
+// ModifyFleetRequest generates a "aws/request.Request" representing the
+// client's request for the ModifyFleet operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ModifyFleet for more information on using the ModifyFleet
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the ModifyFleetRequest method.
+//    req, resp := client.ModifyFleetRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyFleet
+func (c *EC2) ModifyFleetRequest(input *ModifyFleetInput) (req *request.Request, output *ModifyFleetOutput) {
+	op := &request.Operation{
+		Name:       opModifyFleet,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &ModifyFleetInput{}
+	}
+
+	output = &ModifyFleetOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ModifyFleet API operation for Amazon Elastic Compute Cloud.
+//
+// Modifies the specified EC2 Fleet.
+//
+// While the EC2 Fleet is being modified, it is in the modifying state.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Compute Cloud's
+// API operation ModifyFleet for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyFleet
+func (c *EC2) ModifyFleet(input *ModifyFleetInput) (*ModifyFleetOutput, error) {
+	req, out := c.ModifyFleetRequest(input)
+	return out, req.Send()
+}
+
+// ModifyFleetWithContext is the same as ModifyFleet with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ModifyFleet for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) ModifyFleetWithContext(ctx aws.Context, input *ModifyFleetInput, opts ...request.Option) (*ModifyFleetOutput, error) {
+	req, out := c.ModifyFleetRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opModifyFpgaImageAttribute = "ModifyFpgaImageAttribute"
 
 // ModifyFpgaImageAttributeRequest generates a "aws/request.Request" representing the
@@ -17910,6 +18369,12 @@ func (c *EC2) ModifyInstanceAttributeRequest(input *ModifyInstanceAttributeInput
 // Modifies the specified attribute of the specified instance. You can specify
 // only one attribute at a time.
 //
+// Note: Using this action to change the security groups associated with an
+// elastic network interface (ENI) attached to an instance in a VPC can result
+// in an error if the instance has more than one ENI. To change the security
+// groups associated with an ENI attached to an instance that has multiple ENIs,
+// we recommend that you use the ModifyNetworkInterfaceAttribute action.
+//
 // To modify some attributes, the instance must be stopped. For more information,
 // see Modifying Attributes of a Stopped Instance (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html)
 // in the Amazon Elastic Compute Cloud User Guide.
@@ -20806,6 +21271,10 @@ func (c *EC2) RequestSpotFleetRequest(input *RequestSpotFleetInput) (req *reques
 //
 // Creates a Spot Fleet request.
 //
+// The Spot Fleet request specifies the total target capacity and the On-Demand
+// target capacity. Amazon EC2 calculates the difference between the total capacity
+// and On-Demand capacity, and launches the difference as Spot capacity.
+//
 // You can submit a single request that includes multiple launch specifications
 // that vary by instance type, AMI, Availability Zone, or subnet.
 //
@@ -20820,10 +21289,11 @@ func (c *EC2) RequestSpotFleetRequest(input *RequestSpotFleetInput) (req *reques
 // pools, you can improve the availability of your fleet.
 //
 // You can specify tags for the Spot Instances. You cannot tag other resource
-// types in a Spot Fleet request; only the instance resource type is supported.
+// types in a Spot Fleet request because only the instance resource type is
+// supported.
 //
 // For more information, see Spot Fleet Requests (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html)
-// in the Amazon Elastic Compute Cloud User Guide.
+// in the Amazon EC2 User Guide for Linux Instances.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -20900,7 +21370,7 @@ func (c *EC2) RequestSpotInstancesRequest(input *RequestSpotInstancesInput) (req
 // Creates a Spot Instance request. Spot Instances are instances that Amazon
 // EC2 launches when the maximum price that you specify exceeds the current
 // Spot price. For more information, see Spot Instance Requests (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html)
-// in the Amazon Elastic Compute Cloud User Guide.
+// in the Amazon EC2 User Guide for Linux Instances.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -26628,9 +27098,9 @@ type CopySnapshotInput struct {
 	// will eventually fail.
 	KmsKeyId *string `locationName:"kmsKeyId" type:"string"`
 
-	// The pre-signed URL parameter is required when copying an encrypted snapshot
-	// with the Amazon EC2 Query API; it is available as an optional parameter in
-	// all other cases. For more information, see Query Requests (http://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html).
+	// When you copy an encrypted source snapshot using the Amazon EC2 Query API,
+	// you must supply a pre-signed URL. This parameter is optional for unencrypted
+	// snapshots. For more information, see Query Requests (http://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html).
 	//
 	// The PresignedUrl should use the snapshot source endpoint, the CopySnapshot
 	// action, and include the SourceRegion, SourceSnapshotId, and DestinationRegion
@@ -27150,6 +27620,205 @@ func (s *CreateEgressOnlyInternetGatewayOutput) SetEgressOnlyInternetGateway(v *
 	return s
 }
 
+type CreateFleetInput struct {
+	_ struct{} `type:"structure"`
+
+	// Unique, case-sensitive identifier you provide to ensure the idempotency of
+	// the request. For more information, see Ensuring Idempotency (http://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html).
+	ClientToken *string `type:"string"`
+
+	// Checks whether you have the required permissions for the action, without
+	// actually making the request, and provides an error response. If you have
+	// the required permissions, the error response is DryRunOperation. Otherwise,
+	// it is UnauthorizedOperation.
+	DryRun *bool `type:"boolean"`
+
+	// Indicates whether running instances should be terminated if the total target
+	// capacity of the EC2 Fleet is decreased below the current size of the EC2
+	// Fleet.
+	ExcessCapacityTerminationPolicy *string `type:"string" enum:"FleetExcessCapacityTerminationPolicy"`
+
+	// The configuration for the EC2 Fleet.
+	//
+	// LaunchTemplateConfigs is a required field
+	LaunchTemplateConfigs []*FleetLaunchTemplateConfigRequest `locationNameList:"item" type:"list" required:"true"`
+
+	// Indicates whether EC2 Fleet should replace unhealthy instances.
+	ReplaceUnhealthyInstances *bool `type:"boolean"`
+
+	// Includes SpotAllocationStrategy and SpotInstanceInterruptionBehavior inside
+	// this structure.
+	SpotOptions *SpotOptionsRequest `type:"structure"`
+
+	// The tags for an EC2 Fleet resource.
+	TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"`
+
+	// The TotalTargetCapacity, OnDemandTargetCapacity, SpotTargetCapacity, and
+	// DefaultCapacityType structure.
+	//
+	// TargetCapacitySpecification is a required field
+	TargetCapacitySpecification *TargetCapacitySpecificationRequest `type:"structure" required:"true"`
+
+	// Indicates whether running instances should be terminated when the EC2 Fleet
+	// expires.
+	TerminateInstancesWithExpiration *bool `type:"boolean"`
+
+	// The type of request. Indicates whether the EC2 Fleet only requests the target
+	// capacity, or also attempts to maintain it. If you request a certain target
+	// capacity, EC2 Fleet only places the required requests. It does not attempt
+	// to replenish instances if capacity is diminished, and does not submit requests
+	// in alternative capacity pools if capacity is unavailable. To maintain a certain
+	// target capacity, EC2 Fleet places the required requests to meet this target
+	// capacity. It also automatically replenishes any interrupted Spot Instances.
+	// Default: maintain.
+	Type *string `type:"string" enum:"FleetType"`
+
+	// The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
+	// The default is to start fulfilling the request immediately.
+	ValidFrom *time.Time `type:"timestamp" timestampFormat:"iso8601"`
+
+	// The end date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
+	// At this point, no new EC2 Fleet requests are placed or able to fulfill the
+	// request. The default end date is 7 days from the current date.
+	ValidUntil *time.Time `type:"timestamp" timestampFormat:"iso8601"`
+}
+
+// String returns the string representation
+func (s CreateFleetInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateFleetInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateFleetInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CreateFleetInput"}
+	if s.LaunchTemplateConfigs == nil {
+		invalidParams.Add(request.NewErrParamRequired("LaunchTemplateConfigs"))
+	}
+	if s.TargetCapacitySpecification == nil {
+		invalidParams.Add(request.NewErrParamRequired("TargetCapacitySpecification"))
+	}
+	if s.LaunchTemplateConfigs != nil {
+		for i, v := range s.LaunchTemplateConfigs {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "LaunchTemplateConfigs", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+	if s.TargetCapacitySpecification != nil {
+		if err := s.TargetCapacitySpecification.Validate(); err != nil {
+			invalidParams.AddNested("TargetCapacitySpecification", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateFleetInput) SetClientToken(v string) *CreateFleetInput {
+	s.ClientToken = &v
+	return s
+}
+
+// SetDryRun sets the DryRun field's value.
+func (s *CreateFleetInput) SetDryRun(v bool) *CreateFleetInput {
+	s.DryRun = &v
+	return s
+}
+
+// SetExcessCapacityTerminationPolicy sets the ExcessCapacityTerminationPolicy field's value.
+func (s *CreateFleetInput) SetExcessCapacityTerminationPolicy(v string) *CreateFleetInput {
+	s.ExcessCapacityTerminationPolicy = &v
+	return s
+}
+
+// SetLaunchTemplateConfigs sets the LaunchTemplateConfigs field's value.
+func (s *CreateFleetInput) SetLaunchTemplateConfigs(v []*FleetLaunchTemplateConfigRequest) *CreateFleetInput {
+	s.LaunchTemplateConfigs = v
+	return s
+}
+
+// SetReplaceUnhealthyInstances sets the ReplaceUnhealthyInstances field's value.
+func (s *CreateFleetInput) SetReplaceUnhealthyInstances(v bool) *CreateFleetInput {
+	s.ReplaceUnhealthyInstances = &v
+	return s
+}
+
+// SetSpotOptions sets the SpotOptions field's value.
+func (s *CreateFleetInput) SetSpotOptions(v *SpotOptionsRequest) *CreateFleetInput {
+	s.SpotOptions = v
+	return s
+}
+
+// SetTagSpecifications sets the TagSpecifications field's value.
+func (s *CreateFleetInput) SetTagSpecifications(v []*TagSpecification) *CreateFleetInput {
+	s.TagSpecifications = v
+	return s
+}
+
+// SetTargetCapacitySpecification sets the TargetCapacitySpecification field's value.
+func (s *CreateFleetInput) SetTargetCapacitySpecification(v *TargetCapacitySpecificationRequest) *CreateFleetInput {
+	s.TargetCapacitySpecification = v
+	return s
+}
+
+// SetTerminateInstancesWithExpiration sets the TerminateInstancesWithExpiration field's value.
+func (s *CreateFleetInput) SetTerminateInstancesWithExpiration(v bool) *CreateFleetInput {
+	s.TerminateInstancesWithExpiration = &v
+	return s
+}
+
+// SetType sets the Type field's value.
+func (s *CreateFleetInput) SetType(v string) *CreateFleetInput {
+	s.Type = &v
+	return s
+}
+
+// SetValidFrom sets the ValidFrom field's value.
+func (s *CreateFleetInput) SetValidFrom(v time.Time) *CreateFleetInput {
+	s.ValidFrom = &v
+	return s
+}
+
+// SetValidUntil sets the ValidUntil field's value.
+func (s *CreateFleetInput) SetValidUntil(v time.Time) *CreateFleetInput {
+	s.ValidUntil = &v
+	return s
+}
+
+type CreateFleetOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the EC2 Fleet.
+	FleetId *string `locationName:"fleetId" type:"string"`
+}
+
+// String returns the string representation
+func (s CreateFleetOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateFleetOutput) GoString() string {
+	return s.String()
+}
+
+// SetFleetId sets the FleetId field's value.
+func (s *CreateFleetOutput) SetFleetId(v string) *CreateFleetOutput {
+	s.FleetId = &v
+	return s
+}
+
 // Contains the parameters for CreateFlowLogs.
 type CreateFlowLogsInput struct {
 	_ struct{} `type:"structure"`
@@ -29542,11 +30211,11 @@ type CreateVolumeInput struct {
 	// in the Amazon Elastic Compute Cloud User Guide.
 	Encrypted *bool `locationName:"encrypted" type:"boolean"`
 
-	// Only valid for Provisioned IOPS SSD volumes. The number of I/O operations
-	// per second (IOPS) to provision for the volume, with a maximum ratio of 50
-	// IOPS/GiB.
+	// The number of I/O operations per second (IOPS) to provision for the volume,
+	// with a maximum ratio of 50 IOPS/GiB. Range is 100 to 32000 IOPS for volumes
+	// in most regions. For exceptions, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html).
 	//
-	// Constraint: Range is 100 to 20000 for Provisioned IOPS SSD volumes
+	// This parameter is valid only for Provisioned IOPS SSD (io1) volumes.
 	Iops *int64 `type:"integer"`
 
 	// An identifier for the AWS Key Management Service (AWS KMS) customer master
@@ -29596,7 +30265,10 @@ type CreateVolumeInput struct {
 	// IOPS SSD, st1 for Throughput Optimized HDD, sc1 for Cold HDD, or standard
 	// for Magnetic volumes.
 	//
-	// Default: standard
+	// Defaults: If no volume type is specified, the default is standard in us-east-1,
+	// eu-west-1, eu-central-1, us-west-2, us-west-1, sa-east-1, ap-northeast-1,
+	// ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, us-gov-west-1,
+	// and cn-north-1. In all other regions, EBS defaults to gp2.
 	VolumeType *string `type:"string" enum:"VolumeType"`
 }
 
@@ -30972,6 +31644,211 @@ func (s *DeleteEgressOnlyInternetGatewayOutput) SetReturnCode(v bool) *DeleteEgr
 	return s
 }
 
+// Describes an EC2 Fleet error.
+type DeleteFleetError struct {
+	_ struct{} `type:"structure"`
+
+	// The error code.
+	Code *string `locationName:"code" type:"string" enum:"DeleteFleetErrorCode"`
+
+	// The description for the error code.
+	Message *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation
+func (s DeleteFleetError) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteFleetError) GoString() string {
+	return s.String()
+}
+
+// SetCode sets the Code field's value.
+func (s *DeleteFleetError) SetCode(v string) *DeleteFleetError {
+	s.Code = &v
+	return s
+}
+
+// SetMessage sets the Message field's value.
+func (s *DeleteFleetError) SetMessage(v string) *DeleteFleetError {
+	s.Message = &v
+	return s
+}
+
+// Describes an EC2 Fleet that was not successfully deleted.
+type DeleteFleetErrorItem struct {
+	_ struct{} `type:"structure"`
+
+	// The error.
+	Error *DeleteFleetError `locationName:"error" type:"structure"`
+
+	// The ID of the EC2 Fleet.
+	FleetId *string `locationName:"fleetId" type:"string"`
+}
+
+// String returns the string representation
+func (s DeleteFleetErrorItem) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteFleetErrorItem) GoString() string {
+	return s.String()
+}
+
+// SetError sets the Error field's value.
+func (s *DeleteFleetErrorItem) SetError(v *DeleteFleetError) *DeleteFleetErrorItem {
+	s.Error = v
+	return s
+}
+
+// SetFleetId sets the FleetId field's value.
+func (s *DeleteFleetErrorItem) SetFleetId(v string) *DeleteFleetErrorItem {
+	s.FleetId = &v
+	return s
+}
+
+// Describes an EC2 Fleet that was successfully deleted.
+type DeleteFleetSuccessItem struct {
+	_ struct{} `type:"structure"`
+
+	// The current state of the EC2 Fleet.
+	CurrentFleetState *string `locationName:"currentFleetState" type:"string" enum:"FleetStateCode"`
+
+	// The ID of the EC2 Fleet.
+	FleetId *string `locationName:"fleetId" type:"string"`
+
+	// The previous state of the EC2 Fleet.
+	PreviousFleetState *string `locationName:"previousFleetState" type:"string" enum:"FleetStateCode"`
+}
+
+// String returns the string representation
+func (s DeleteFleetSuccessItem) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteFleetSuccessItem) GoString() string {
+	return s.String()
+}
+
+// SetCurrentFleetState sets the CurrentFleetState field's value.
+func (s *DeleteFleetSuccessItem) SetCurrentFleetState(v string) *DeleteFleetSuccessItem {
+	s.CurrentFleetState = &v
+	return s
+}
+
+// SetFleetId sets the FleetId field's value.
+func (s *DeleteFleetSuccessItem) SetFleetId(v string) *DeleteFleetSuccessItem {
+	s.FleetId = &v
+	return s
+}
+
+// SetPreviousFleetState sets the PreviousFleetState field's value.
+func (s *DeleteFleetSuccessItem) SetPreviousFleetState(v string) *DeleteFleetSuccessItem {
+	s.PreviousFleetState = &v
+	return s
+}
+
+type DeleteFleetsInput struct {
+	_ struct{} `type:"structure"`
+
+	// Checks whether you have the required permissions for the action, without
+	// actually making the request, and provides an error response. If you have
+	// the required permissions, the error response is DryRunOperation. Otherwise,
+	// it is UnauthorizedOperation.
+	DryRun *bool `type:"boolean"`
+
+	// The IDs of the EC2 Fleets.
+	//
+	// FleetIds is a required field
+	FleetIds []*string `locationName:"FleetId" type:"list" required:"true"`
+
+	// Indicates whether to terminate instances for an EC2 Fleet if it is deleted
+	// successfully.
+	//
+	// TerminateInstances is a required field
+	TerminateInstances *bool `type:"boolean" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteFleetsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteFleetsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteFleetsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteFleetsInput"}
+	if s.FleetIds == nil {
+		invalidParams.Add(request.NewErrParamRequired("FleetIds"))
+	}
+	if s.TerminateInstances == nil {
+		invalidParams.Add(request.NewErrParamRequired("TerminateInstances"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDryRun sets the DryRun field's value.
+func (s *DeleteFleetsInput) SetDryRun(v bool) *DeleteFleetsInput {
+	s.DryRun = &v
+	return s
+}
+
+// SetFleetIds sets the FleetIds field's value.
+func (s *DeleteFleetsInput) SetFleetIds(v []*string) *DeleteFleetsInput {
+	s.FleetIds = v
+	return s
+}
+
+// SetTerminateInstances sets the TerminateInstances field's value.
+func (s *DeleteFleetsInput) SetTerminateInstances(v bool) *DeleteFleetsInput {
+	s.TerminateInstances = &v
+	return s
+}
+
+type DeleteFleetsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Information about the EC2 Fleets that are successfully deleted.
+	SuccessfulFleetDeletions []*DeleteFleetSuccessItem `locationName:"successfulFleetDeletionSet" locationNameList:"item" type:"list"`
+
+	// Information about the EC2 Fleets that are not successfully deleted.
+	UnsuccessfulFleetDeletions []*DeleteFleetErrorItem `locationName:"unsuccessfulFleetDeletionSet" locationNameList:"item" type:"list"`
+}
+
+// String returns the string representation
+func (s DeleteFleetsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteFleetsOutput) GoString() string {
+	return s.String()
+}
+
+// SetSuccessfulFleetDeletions sets the SuccessfulFleetDeletions field's value.
+func (s *DeleteFleetsOutput) SetSuccessfulFleetDeletions(v []*DeleteFleetSuccessItem) *DeleteFleetsOutput {
+	s.SuccessfulFleetDeletions = v
+	return s
+}
+
+// SetUnsuccessfulFleetDeletions sets the UnsuccessfulFleetDeletions field's value.
+func (s *DeleteFleetsOutput) SetUnsuccessfulFleetDeletions(v []*DeleteFleetErrorItem) *DeleteFleetsOutput {
+	s.UnsuccessfulFleetDeletions = v
+	return s
+}
+
 // Contains the parameters for DeleteFlowLogs.
 type DeleteFlowLogsInput struct {
 	_ struct{} `type:"structure"`
@@ -34142,6 +35019,378 @@ func (s *DescribeExportTasksOutput) SetExportTasks(v []*ExportTask) *DescribeExp
 	return s
 }
 
+type DescribeFleetHistoryInput struct {
+	_ struct{} `type:"structure"`
+
+	// Checks whether you have the required permissions for the action, without
+	// actually making the request, and provides an error response. If you have
+	// the required permissions, the error response is DryRunOperation. Otherwise,
+	// it is UnauthorizedOperation.
+	DryRun *bool `type:"boolean"`
+
+	// The type of events to describe. By default, all events are described.
+	EventType *string `type:"string" enum:"FleetEventType"`
+
+	// The ID of the EC2 Fleet.
+	//
+	// FleetId is a required field
+	FleetId *string `type:"string" required:"true"`
+
+	// The maximum number of results to return in a single call. Specify a value
+	// between 1 and 1000. The default value is 1000. To retrieve the remaining
+	// results, make another call with the returned NextToken value.
+	MaxResults *int64 `type:"integer"`
+
+	// The token for the next set of results.
+	NextToken *string `type:"string"`
+
+	// The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
+	//
+	// StartTime is a required field
+	StartTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`
+}
+
+// String returns the string representation
+func (s DescribeFleetHistoryInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeFleetHistoryInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeFleetHistoryInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeFleetHistoryInput"}
+	if s.FleetId == nil {
+		invalidParams.Add(request.NewErrParamRequired("FleetId"))
+	}
+	if s.StartTime == nil {
+		invalidParams.Add(request.NewErrParamRequired("StartTime"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDryRun sets the DryRun field's value.
+func (s *DescribeFleetHistoryInput) SetDryRun(v bool) *DescribeFleetHistoryInput {
+	s.DryRun = &v
+	return s
+}
+
+// SetEventType sets the EventType field's value.
+func (s *DescribeFleetHistoryInput) SetEventType(v string) *DescribeFleetHistoryInput {
+	s.EventType = &v
+	return s
+}
+
+// SetFleetId sets the FleetId field's value.
+func (s *DescribeFleetHistoryInput) SetFleetId(v string) *DescribeFleetHistoryInput {
+	s.FleetId = &v
+	return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *DescribeFleetHistoryInput) SetMaxResults(v int64) *DescribeFleetHistoryInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeFleetHistoryInput) SetNextToken(v string) *DescribeFleetHistoryInput {
+	s.NextToken = &v
+	return s
+}
+
+// SetStartTime sets the StartTime field's value.
+func (s *DescribeFleetHistoryInput) SetStartTime(v time.Time) *DescribeFleetHistoryInput {
+	s.StartTime = &v
+	return s
+}
+
+type DescribeFleetHistoryOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the EC Fleet.
+	FleetId *string `locationName:"fleetId" type:"string"`
+
+	// Information about the events in the history of the EC2 Fleet.
+	HistoryRecords []*HistoryRecordEntry `locationName:"historyRecordSet" locationNameList:"item" type:"list"`
+
+	// The last date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
+	// All records up to this time were retrieved.
+	//
+	// If nextToken indicates that there are more results, this value is not present.
+	LastEvaluatedTime *time.Time `locationName:"lastEvaluatedTime" type:"timestamp" timestampFormat:"iso8601"`
+
+	// The token for the next set of results.
+	NextToken *string `locationName:"nextToken" type:"string"`
+
+	// The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
+	StartTime *time.Time `locationName:"startTime" type:"timestamp" timestampFormat:"iso8601"`
+}
+
+// String returns the string representation
+func (s DescribeFleetHistoryOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeFleetHistoryOutput) GoString() string {
+	return s.String()
+}
+
+// SetFleetId sets the FleetId field's value.
+func (s *DescribeFleetHistoryOutput) SetFleetId(v string) *DescribeFleetHistoryOutput {
+	s.FleetId = &v
+	return s
+}
+
+// SetHistoryRecords sets the HistoryRecords field's value.
+func (s *DescribeFleetHistoryOutput) SetHistoryRecords(v []*HistoryRecordEntry) *DescribeFleetHistoryOutput {
+	s.HistoryRecords = v
+	return s
+}
+
+// SetLastEvaluatedTime sets the LastEvaluatedTime field's value.
+func (s *DescribeFleetHistoryOutput) SetLastEvaluatedTime(v time.Time) *DescribeFleetHistoryOutput {
+	s.LastEvaluatedTime = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeFleetHistoryOutput) SetNextToken(v string) *DescribeFleetHistoryOutput {
+	s.NextToken = &v
+	return s
+}
+
+// SetStartTime sets the StartTime field's value.
+func (s *DescribeFleetHistoryOutput) SetStartTime(v time.Time) *DescribeFleetHistoryOutput {
+	s.StartTime = &v
+	return s
+}
+
+type DescribeFleetInstancesInput struct {
+	_ struct{} `type:"structure"`
+
+	// Checks whether you have the required permissions for the action, without
+	// actually making the request, and provides an error response. If you have
+	// the required permissions, the error response is DryRunOperation. Otherwise,
+	// it is UnauthorizedOperation.
+	DryRun *bool `type:"boolean"`
+
+	// One or more filters.
+	Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
+
+	// The ID of the EC2 Fleet.
+	//
+	// FleetId is a required field
+	FleetId *string `type:"string" required:"true"`
+
+	// The maximum number of results to return in a single call. Specify a value
+	// between 1 and 1000. The default value is 1000. To retrieve the remaining
+	// results, make another call with the returned NextToken value.
+	MaxResults *int64 `type:"integer"`
+
+	// The token for the next set of results.
+	NextToken *string `type:"string"`
+}
+
+// String returns the string representation
+func (s DescribeFleetInstancesInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeFleetInstancesInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeFleetInstancesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeFleetInstancesInput"}
+	if s.FleetId == nil {
+		invalidParams.Add(request.NewErrParamRequired("FleetId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDryRun sets the DryRun field's value.
+func (s *DescribeFleetInstancesInput) SetDryRun(v bool) *DescribeFleetInstancesInput {
+	s.DryRun = &v
+	return s
+}
+
+// SetFilters sets the Filters field's value.
+func (s *DescribeFleetInstancesInput) SetFilters(v []*Filter) *DescribeFleetInstancesInput {
+	s.Filters = v
+	return s
+}
+
+// SetFleetId sets the FleetId field's value.
+func (s *DescribeFleetInstancesInput) SetFleetId(v string) *DescribeFleetInstancesInput {
+	s.FleetId = &v
+	return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *DescribeFleetInstancesInput) SetMaxResults(v int64) *DescribeFleetInstancesInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeFleetInstancesInput) SetNextToken(v string) *DescribeFleetInstancesInput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeFleetInstancesOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The running instances. This list is refreshed periodically and might be out
+	// of date.
+	ActiveInstances []*ActiveInstance `locationName:"activeInstanceSet" locationNameList:"item" type:"list"`
+
+	// The ID of the EC2 Fleet.
+	FleetId *string `locationName:"fleetId" type:"string"`
+
+	// The token for the next set of results.
+	NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation
+func (s DescribeFleetInstancesOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeFleetInstancesOutput) GoString() string {
+	return s.String()
+}
+
+// SetActiveInstances sets the ActiveInstances field's value.
+func (s *DescribeFleetInstancesOutput) SetActiveInstances(v []*ActiveInstance) *DescribeFleetInstancesOutput {
+	s.ActiveInstances = v
+	return s
+}
+
+// SetFleetId sets the FleetId field's value.
+func (s *DescribeFleetInstancesOutput) SetFleetId(v string) *DescribeFleetInstancesOutput {
+	s.FleetId = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeFleetInstancesOutput) SetNextToken(v string) *DescribeFleetInstancesOutput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeFleetsInput struct {
+	_ struct{} `type:"structure"`
+
+	// Checks whether you have the required permissions for the action, without
+	// actually making the request, and provides an error response. If you have
+	// the required permissions, the error response is DryRunOperation. Otherwise,
+	// it is UnauthorizedOperation.
+	DryRun *bool `type:"boolean"`
+
+	// One or more filters.
+	Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
+
+	// The ID of the EC2 Fleets.
+	FleetIds []*string `locationName:"FleetId" type:"list"`
+
+	// The maximum number of results to return in a single call. Specify a value
+	// between 1 and 1000. The default value is 1000. To retrieve the remaining
+	// results, make another call with the returned NextToken value.
+	MaxResults *int64 `type:"integer"`
+
+	// The token for the next set of results.
+	NextToken *string `type:"string"`
+}
+
+// String returns the string representation
+func (s DescribeFleetsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeFleetsInput) GoString() string {
+	return s.String()
+}
+
+// SetDryRun sets the DryRun field's value.
+func (s *DescribeFleetsInput) SetDryRun(v bool) *DescribeFleetsInput {
+	s.DryRun = &v
+	return s
+}
+
+// SetFilters sets the Filters field's value.
+func (s *DescribeFleetsInput) SetFilters(v []*Filter) *DescribeFleetsInput {
+	s.Filters = v
+	return s
+}
+
+// SetFleetIds sets the FleetIds field's value.
+func (s *DescribeFleetsInput) SetFleetIds(v []*string) *DescribeFleetsInput {
+	s.FleetIds = v
+	return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *DescribeFleetsInput) SetMaxResults(v int64) *DescribeFleetsInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeFleetsInput) SetNextToken(v string) *DescribeFleetsInput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeFleetsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The EC2 Fleets.
+	Fleets []*FleetData `locationName:"fleetSet" locationNameList:"item" type:"list"`
+
+	// The token for the next set of results.
+	NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation
+func (s DescribeFleetsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeFleetsOutput) GoString() string {
+	return s.String()
+}
+
+// SetFleets sets the Fleets field's value.
+func (s *DescribeFleetsOutput) SetFleets(v []*FleetData) *DescribeFleetsOutput {
+	s.Fleets = v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeFleetsOutput) SetNextToken(v string) *DescribeFleetsOutput {
+	s.NextToken = &v
+	return s
+}
+
 // Contains the parameters for DescribeFlowLogs.
 type DescribeFlowLogsInput struct {
 	_ struct{} `type:"structure"`
@@ -34699,21 +35948,21 @@ type DescribeHostsInput struct {
 
 	// One or more filters.
 	//
-	//    * instance-type - The instance type size that the Dedicated Host is configured
-	//    to support.
-	//
 	//    * auto-placement - Whether auto-placement is enabled or disabled (on |
 	//    off).
 	//
+	//    * availability-zone - The Availability Zone of the host.
+	//
+	//    * client-token - The idempotency token you provided when you allocated
+	//    the host.
+	//
 	//    * host-reservation-id - The ID of the reservation assigned to this host.
 	//
-	//    * client-token - The idempotency token you provided when you launched
-	//    the instance
+	//    * instance-type - The instance type size that the Dedicated Host is configured
+	//    to support.
 	//
-	//    * state- The allocation state of the Dedicated Host (available | under-assessment
+	//    * state - The allocation state of the Dedicated Host (available | under-assessment
 	//    | permanent-failure | released | released-permanent-failure).
-	//
-	//    * availability-zone - The Availability Zone of the host.
 	Filter []*Filter `locationName:"filter" locationNameList:"Filter" type:"list"`
 
 	// The IDs of the Dedicated Hosts. The IDs are used for targeted instance launches.
@@ -39582,8 +40831,8 @@ func (s *DescribeSpotFleetInstancesInput) SetSpotFleetRequestId(v string) *Descr
 type DescribeSpotFleetInstancesOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The running instances. Note that this list is refreshed periodically and
-	// might be out of date.
+	// The running instances. This list is refreshed periodically and might be out
+	// of date.
 	//
 	// ActiveInstances is a required field
 	ActiveInstances []*ActiveInstance `locationName:"activeInstanceSet" locationNameList:"item" type:"list" required:"true"`
@@ -39924,7 +41173,9 @@ type DescribeSpotInstanceRequestsInput struct {
 	//    for General Purpose SSD, io1 for Provisioned IOPS SSD, st1 for Throughput
 	//    Optimized HDD, sc1for Cold HDD, or standard for Magnetic.
 	//
-	//    * launch.group-id - The security group for the instance.
+	//    * launch.group-id - The ID of the security group for the instance.
+	//
+	//    * launch.group-name - The name of the security group for the instance.
 	//
 	//    * launch.image-id - The ID of the AMI.
 	//
@@ -39975,7 +41226,7 @@ type DescribeSpotInstanceRequestsInput struct {
 	//    | cancelled | failed). Spot request status information can help you track
 	//    your Amazon EC2 Spot Instance requests. For more information, see Spot
 	//    Request Status (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-bid-status.html)
-	//    in the Amazon Elastic Compute Cloud User Guide.
+	//    in the Amazon EC2 User Guide for Linux Instances.
 	//
 	//    * status-code - The short code describing the most recent evaluation of
 	//    your Spot Instance request.
@@ -40093,9 +41344,9 @@ type DescribeSpotPriceHistoryInput struct {
 	//    * spot-price - The Spot price. The value must match exactly (or use wildcards;
 	//    greater than or less than comparison is not supported).
 	//
-	//    * timestamp - The timestamp of the Spot price history, in UTC format (for
-	//    example, YYYY-MM-DDTHH:MM:SSZ). You can use wildcards (* and ?). Greater
-	//    than or less than comparison is not supported.
+	//    * timestamp - The time stamp of the Spot price history, in UTC format
+	//    (for example, YYYY-MM-DDTHH:MM:SSZ). You can use wildcards (* and ?).
+	//    Greater than or less than comparison is not supported.
 	Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
 
 	// Filters the results by the specified instance types.
@@ -40806,8 +42057,7 @@ type DescribeVolumesInput struct {
 	//    * attachment.instance-id - The ID of the instance the volume is attached
 	//    to.
 	//
-	//    * attachment.status - The attachment state (attaching | attached | detaching
-	//    | detached).
+	//    * attachment.status - The attachment state (attaching | attached | detaching).
 	//
 	//    * availability-zone - The Availability Zone in which the volume was created.
 	//
@@ -44434,9 +45684,9 @@ type EventInformation struct {
 	//    * cancelled - The Spot Fleet is canceled and has no running Spot Instances.
 	//    The Spot Fleet will be deleted two days after its instances were terminated.
 	//
-	//    * cancelled_running - The Spot Fleet is canceled and will not launch additional
-	//    Spot Instances, but its existing Spot Instances continue to run until
-	//    they are interrupted or terminated.
+	//    * cancelled_running - The Spot Fleet is canceled and does not launch additional
+	//    Spot Instances. Existing Spot Instances continue to run until they are
+	//    interrupted or terminated.
 	//
 	//    * cancelled_terminating - The Spot Fleet is canceled and its Spot Instances
 	//    are terminating.
@@ -44682,8 +45932,30 @@ func (s *ExportToS3TaskSpecification) SetS3Prefix(v string) *ExportToS3TaskSpeci
 }
 
 // A filter name and value pair that is used to return a more specific list
-// of results. Filters can be used to match a set of resources by various criteria,
-// such as tags, attributes, or IDs.
+// of results from a describe operation. Filters can be used to match a set
+// of resources by specific criteria, such as tags, attributes, or IDs. The
+// filters supported by a describe operation are documented with the describe
+// operation. For example:
+//
+//    * DescribeAvailabilityZones
+//
+//    * DescribeImages
+//
+//    * DescribeInstances
+//
+//    * DescribeKeyPairs
+//
+//    * DescribeSecurityGroups
+//
+//    * DescribeSnapshots
+//
+//    * DescribeSubnets
+//
+//    * DescribeTags
+//
+//    * DescribeVolumes
+//
+//    * DescribeVpcs
 type Filter struct {
 	_ struct{} `type:"structure"`
 
@@ -44716,6 +45988,403 @@ func (s *Filter) SetValues(v []*string) *Filter {
 	return s
 }
 
+// Describes an EC2 Fleet.
+type FleetData struct {
+	_ struct{} `type:"structure"`
+
+	// The progress of the EC2 Fleet. If there is an error, the status is error.
+	// After all requests are placed, the status is pending_fulfillment. If the
+	// size of the EC2 Fleet is equal to or greater than its target capacity, the
+	// status is fulfilled. If the size of the EC2 Fleet is decreased, the status
+	// is pending_termination while instances are terminating.
+	ActivityStatus *string `locationName:"activityStatus" type:"string" enum:"FleetActivityStatus"`
+
+	// Unique, case-sensitive identifier you provide to ensure the idempotency of
+	// the request. For more information, see Ensuring Idempotency (http://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html).
+	//
+	// Constraints: Maximum 64 ASCII characters
+	ClientToken *string `locationName:"clientToken" type:"string"`
+
+	// The creation date and time of the EC2 Fleet.
+	CreateTime *time.Time `locationName:"createTime" type:"timestamp" timestampFormat:"iso8601"`
+
+	// Indicates whether running instances should be terminated if the target capacity
+	// of the EC2 Fleet is decreased below the current size of the EC2 Fleet.
+	ExcessCapacityTerminationPolicy *string `locationName:"excessCapacityTerminationPolicy" type:"string" enum:"FleetExcessCapacityTerminationPolicy"`
+
+	// The ID of the EC2 Fleet.
+	FleetId *string `locationName:"fleetId" type:"string"`
+
+	// The state of the EC2 Fleet.
+	FleetState *string `locationName:"fleetState" type:"string" enum:"FleetStateCode"`
+
+	// The number of units fulfilled by this request compared to the set target
+	// capacity.
+	FulfilledCapacity *float64 `locationName:"fulfilledCapacity" type:"double"`
+
+	// The number of units fulfilled by this request compared to the set target
+	// On-Demand capacity.
+	FulfilledOnDemandCapacity *float64 `locationName:"fulfilledOnDemandCapacity" type:"double"`
+
+	// The launch template and overrides.
+	LaunchTemplateConfigs []*FleetLaunchTemplateConfig `locationName:"launchTemplateConfigs" locationNameList:"item" type:"list"`
+
+	// Indicates whether EC2 Fleet should replace unhealthy instances.
+	ReplaceUnhealthyInstances *bool `locationName:"replaceUnhealthyInstances" type:"boolean"`
+
+	// The configuration of Spot Instances in an EC2 Fleet.
+	SpotOptions *SpotOptions `locationName:"spotOptions" type:"structure"`
+
+	// The tags for an EC2 Fleet resource.
+	Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`
+
+	// The number of units to request. You can choose to set the target capacity
+	// in terms of instances or a performance characteristic that is important to
+	// your application workload, such as vCPUs, memory, or I/O. If the request
+	// type is maintain, you can specify a target capacity of 0 and add capacity
+	// later.
+	TargetCapacitySpecification *TargetCapacitySpecification `locationName:"targetCapacitySpecification" type:"structure"`
+
+	// Indicates whether running instances should be terminated when the EC2 Fleet
+	// expires.
+	TerminateInstancesWithExpiration *bool `locationName:"terminateInstancesWithExpiration" type:"boolean"`
+
+	// The type of request. Indicates whether the EC2 Fleet only requests the target
+	// capacity, or also attempts to maintain it. If you request a certain target
+	// capacity, EC2 Fleet only places the required requests; it does not attempt
+	// to replenish instances if capacity is diminished, and does not submit requests
+	// in alternative capacity pools if capacity is unavailable. To maintain a certain
+	// target capacity, EC2 Fleet places the required requests to meet this target
+	// capacity. It also automatically replenishes any interrupted Spot Instances.
+	// Default: maintain.
+	Type *string `locationName:"type" type:"string" enum:"FleetType"`
+
+	// The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
+	// The default is to start fulfilling the request immediately.
+	ValidFrom *time.Time `locationName:"validFrom" type:"timestamp" timestampFormat:"iso8601"`
+
+	// The end date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
+	// At this point, no new instance requests are placed or able to fulfill the
+	// request. The default end date is 7 days from the current date.
+	ValidUntil *time.Time `locationName:"validUntil" type:"timestamp" timestampFormat:"iso8601"`
+}
+
+// String returns the string representation
+func (s FleetData) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s FleetData) GoString() string {
+	return s.String()
+}
+
+// SetActivityStatus sets the ActivityStatus field's value.
+func (s *FleetData) SetActivityStatus(v string) *FleetData {
+	s.ActivityStatus = &v
+	return s
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *FleetData) SetClientToken(v string) *FleetData {
+	s.ClientToken = &v
+	return s
+}
+
+// SetCreateTime sets the CreateTime field's value.
+func (s *FleetData) SetCreateTime(v time.Time) *FleetData {
+	s.CreateTime = &v
+	return s
+}
+
+// SetExcessCapacityTerminationPolicy sets the ExcessCapacityTerminationPolicy field's value.
+func (s *FleetData) SetExcessCapacityTerminationPolicy(v string) *FleetData {
+	s.ExcessCapacityTerminationPolicy = &v
+	return s
+}
+
+// SetFleetId sets the FleetId field's value.
+func (s *FleetData) SetFleetId(v string) *FleetData {
+	s.FleetId = &v
+	return s
+}
+
+// SetFleetState sets the FleetState field's value.
+func (s *FleetData) SetFleetState(v string) *FleetData {
+	s.FleetState = &v
+	return s
+}
+
+// SetFulfilledCapacity sets the FulfilledCapacity field's value.
+func (s *FleetData) SetFulfilledCapacity(v float64) *FleetData {
+	s.FulfilledCapacity = &v
+	return s
+}
+
+// SetFulfilledOnDemandCapacity sets the FulfilledOnDemandCapacity field's value.
+func (s *FleetData) SetFulfilledOnDemandCapacity(v float64) *FleetData {
+	s.FulfilledOnDemandCapacity = &v
+	return s
+}
+
+// SetLaunchTemplateConfigs sets the LaunchTemplateConfigs field's value.
+func (s *FleetData) SetLaunchTemplateConfigs(v []*FleetLaunchTemplateConfig) *FleetData {
+	s.LaunchTemplateConfigs = v
+	return s
+}
+
+// SetReplaceUnhealthyInstances sets the ReplaceUnhealthyInstances field's value.
+func (s *FleetData) SetReplaceUnhealthyInstances(v bool) *FleetData {
+	s.ReplaceUnhealthyInstances = &v
+	return s
+}
+
+// SetSpotOptions sets the SpotOptions field's value.
+func (s *FleetData) SetSpotOptions(v *SpotOptions) *FleetData {
+	s.SpotOptions = v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *FleetData) SetTags(v []*Tag) *FleetData {
+	s.Tags = v
+	return s
+}
+
+// SetTargetCapacitySpecification sets the TargetCapacitySpecification field's value.
+func (s *FleetData) SetTargetCapacitySpecification(v *TargetCapacitySpecification) *FleetData {
+	s.TargetCapacitySpecification = v
+	return s
+}
+
+// SetTerminateInstancesWithExpiration sets the TerminateInstancesWithExpiration field's value.
+func (s *FleetData) SetTerminateInstancesWithExpiration(v bool) *FleetData {
+	s.TerminateInstancesWithExpiration = &v
+	return s
+}
+
+// SetType sets the Type field's value.
+func (s *FleetData) SetType(v string) *FleetData {
+	s.Type = &v
+	return s
+}
+
+// SetValidFrom sets the ValidFrom field's value.
+func (s *FleetData) SetValidFrom(v time.Time) *FleetData {
+	s.ValidFrom = &v
+	return s
+}
+
+// SetValidUntil sets the ValidUntil field's value.
+func (s *FleetData) SetValidUntil(v time.Time) *FleetData {
+	s.ValidUntil = &v
+	return s
+}
+
+// Describes a launch template and overrides.
+type FleetLaunchTemplateConfig struct {
+	_ struct{} `type:"structure"`
+
+	// The launch template.
+	LaunchTemplateSpecification *FleetLaunchTemplateSpecification `locationName:"launchTemplateSpecification" type:"structure"`
+
+	// Any parameters that you specify override the same parameters in the launch
+	// template.
+	Overrides []*FleetLaunchTemplateOverrides `locationName:"overrides" locationNameList:"item" type:"list"`
+}
+
+// String returns the string representation
+func (s FleetLaunchTemplateConfig) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s FleetLaunchTemplateConfig) GoString() string {
+	return s.String()
+}
+
+// SetLaunchTemplateSpecification sets the LaunchTemplateSpecification field's value.
+func (s *FleetLaunchTemplateConfig) SetLaunchTemplateSpecification(v *FleetLaunchTemplateSpecification) *FleetLaunchTemplateConfig {
+	s.LaunchTemplateSpecification = v
+	return s
+}
+
+// SetOverrides sets the Overrides field's value.
+func (s *FleetLaunchTemplateConfig) SetOverrides(v []*FleetLaunchTemplateOverrides) *FleetLaunchTemplateConfig {
+	s.Overrides = v
+	return s
+}
+
+// Describes a launch template and overrides.
+type FleetLaunchTemplateConfigRequest struct {
+	_ struct{} `type:"structure"`
+
+	// The launch template to use. You must specify either the launch template ID
+	// or launch template name in the request.
+	LaunchTemplateSpecification *FleetLaunchTemplateSpecificationRequest `type:"structure"`
+
+	// Any parameters that you specify override the same parameters in the launch
+	// template.
+	Overrides []*FleetLaunchTemplateOverridesRequest `locationNameList:"item" type:"list"`
+}
+
+// String returns the string representation
+func (s FleetLaunchTemplateConfigRequest) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s FleetLaunchTemplateConfigRequest) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *FleetLaunchTemplateConfigRequest) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "FleetLaunchTemplateConfigRequest"}
+	if s.LaunchTemplateSpecification != nil {
+		if err := s.LaunchTemplateSpecification.Validate(); err != nil {
+			invalidParams.AddNested("LaunchTemplateSpecification", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLaunchTemplateSpecification sets the LaunchTemplateSpecification field's value.
+func (s *FleetLaunchTemplateConfigRequest) SetLaunchTemplateSpecification(v *FleetLaunchTemplateSpecificationRequest) *FleetLaunchTemplateConfigRequest {
+	s.LaunchTemplateSpecification = v
+	return s
+}
+
+// SetOverrides sets the Overrides field's value.
+func (s *FleetLaunchTemplateConfigRequest) SetOverrides(v []*FleetLaunchTemplateOverridesRequest) *FleetLaunchTemplateConfigRequest {
+	s.Overrides = v
+	return s
+}
+
+// Describes overrides for a launch template.
+type FleetLaunchTemplateOverrides struct {
+	_ struct{} `type:"structure"`
+
+	// The Availability Zone in which to launch the instances.
+	AvailabilityZone *string `locationName:"availabilityZone" type:"string"`
+
+	// The instance type.
+	InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"`
+
+	// The maximum price per unit hour that you are willing to pay for a Spot Instance.
+	MaxPrice *string `locationName:"maxPrice" type:"string"`
+
+	// The ID of the subnet in which to launch the instances.
+	SubnetId *string `locationName:"subnetId" type:"string"`
+
+	// The number of units provided by the specified instance type.
+	WeightedCapacity *float64 `locationName:"weightedCapacity" type:"double"`
+}
+
+// String returns the string representation
+func (s FleetLaunchTemplateOverrides) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s FleetLaunchTemplateOverrides) GoString() string {
+	return s.String()
+}
+
+// SetAvailabilityZone sets the AvailabilityZone field's value.
+func (s *FleetLaunchTemplateOverrides) SetAvailabilityZone(v string) *FleetLaunchTemplateOverrides {
+	s.AvailabilityZone = &v
+	return s
+}
+
+// SetInstanceType sets the InstanceType field's value.
+func (s *FleetLaunchTemplateOverrides) SetInstanceType(v string) *FleetLaunchTemplateOverrides {
+	s.InstanceType = &v
+	return s
+}
+
+// SetMaxPrice sets the MaxPrice field's value.
+func (s *FleetLaunchTemplateOverrides) SetMaxPrice(v string) *FleetLaunchTemplateOverrides {
+	s.MaxPrice = &v
+	return s
+}
+
+// SetSubnetId sets the SubnetId field's value.
+func (s *FleetLaunchTemplateOverrides) SetSubnetId(v string) *FleetLaunchTemplateOverrides {
+	s.SubnetId = &v
+	return s
+}
+
+// SetWeightedCapacity sets the WeightedCapacity field's value.
+func (s *FleetLaunchTemplateOverrides) SetWeightedCapacity(v float64) *FleetLaunchTemplateOverrides {
+	s.WeightedCapacity = &v
+	return s
+}
+
+// Describes overrides for a launch template.
+type FleetLaunchTemplateOverridesRequest struct {
+	_ struct{} `type:"structure"`
+
+	// The Availability Zone in which to launch the instances.
+	AvailabilityZone *string `type:"string"`
+
+	// The instance type.
+	InstanceType *string `type:"string" enum:"InstanceType"`
+
+	// The maximum price per unit hour that you are willing to pay for a Spot Instance.
+	MaxPrice *string `type:"string"`
+
+	// The ID of the subnet in which to launch the instances.
+	SubnetId *string `type:"string"`
+
+	// The number of units provided by the specified instance type.
+	WeightedCapacity *float64 `type:"double"`
+}
+
+// String returns the string representation
+func (s FleetLaunchTemplateOverridesRequest) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s FleetLaunchTemplateOverridesRequest) GoString() string {
+	return s.String()
+}
+
+// SetAvailabilityZone sets the AvailabilityZone field's value.
+func (s *FleetLaunchTemplateOverridesRequest) SetAvailabilityZone(v string) *FleetLaunchTemplateOverridesRequest {
+	s.AvailabilityZone = &v
+	return s
+}
+
+// SetInstanceType sets the InstanceType field's value.
+func (s *FleetLaunchTemplateOverridesRequest) SetInstanceType(v string) *FleetLaunchTemplateOverridesRequest {
+	s.InstanceType = &v
+	return s
+}
+
+// SetMaxPrice sets the MaxPrice field's value.
+func (s *FleetLaunchTemplateOverridesRequest) SetMaxPrice(v string) *FleetLaunchTemplateOverridesRequest {
+	s.MaxPrice = &v
+	return s
+}
+
+// SetSubnetId sets the SubnetId field's value.
+func (s *FleetLaunchTemplateOverridesRequest) SetSubnetId(v string) *FleetLaunchTemplateOverridesRequest {
+	s.SubnetId = &v
+	return s
+}
+
+// SetWeightedCapacity sets the WeightedCapacity field's value.
+func (s *FleetLaunchTemplateOverridesRequest) SetWeightedCapacity(v float64) *FleetLaunchTemplateOverridesRequest {
+	s.WeightedCapacity = &v
+	return s
+}
+
 // Describes a launch template.
 type FleetLaunchTemplateSpecification struct {
 	_ struct{} `type:"structure"`
@@ -44774,6 +46443,62 @@ func (s *FleetLaunchTemplateSpecification) SetVersion(v string) *FleetLaunchTemp
 	return s
 }
 
+// The launch template to use. You must specify either the launch template ID
+// or launch template name in the request.
+type FleetLaunchTemplateSpecificationRequest struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the launch template.
+	LaunchTemplateId *string `type:"string"`
+
+	// The name of the launch template.
+	LaunchTemplateName *string `min:"3" type:"string"`
+
+	// The version number of the launch template.
+	Version *string `type:"string"`
+}
+
+// String returns the string representation
+func (s FleetLaunchTemplateSpecificationRequest) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s FleetLaunchTemplateSpecificationRequest) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *FleetLaunchTemplateSpecificationRequest) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "FleetLaunchTemplateSpecificationRequest"}
+	if s.LaunchTemplateName != nil && len(*s.LaunchTemplateName) < 3 {
+		invalidParams.Add(request.NewErrParamMinLen("LaunchTemplateName", 3))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLaunchTemplateId sets the LaunchTemplateId field's value.
+func (s *FleetLaunchTemplateSpecificationRequest) SetLaunchTemplateId(v string) *FleetLaunchTemplateSpecificationRequest {
+	s.LaunchTemplateId = &v
+	return s
+}
+
+// SetLaunchTemplateName sets the LaunchTemplateName field's value.
+func (s *FleetLaunchTemplateSpecificationRequest) SetLaunchTemplateName(v string) *FleetLaunchTemplateSpecificationRequest {
+	s.LaunchTemplateName = &v
+	return s
+}
+
+// SetVersion sets the Version field's value.
+func (s *FleetLaunchTemplateSpecificationRequest) SetVersion(v string) *FleetLaunchTemplateSpecificationRequest {
+	s.Version = &v
+	return s
+}
+
 // Describes a flow log.
 type FlowLog struct {
 	_ struct{} `type:"structure"`
@@ -45835,10 +47560,55 @@ func (s *HistoryRecord) SetTimestamp(v time.Time) *HistoryRecord {
 	return s
 }
 
+// Describes an event in the history of the EC2 Fleet.
+type HistoryRecordEntry struct {
+	_ struct{} `type:"structure"`
+
+	// Information about the event.
+	EventInformation *EventInformation `locationName:"eventInformation" type:"structure"`
+
+	// The event type.
+	EventType *string `locationName:"eventType" type:"string" enum:"FleetEventType"`
+
+	// The date and time of the event, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
+	Timestamp *time.Time `locationName:"timestamp" type:"timestamp" timestampFormat:"iso8601"`
+}
+
+// String returns the string representation
+func (s HistoryRecordEntry) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s HistoryRecordEntry) GoString() string {
+	return s.String()
+}
+
+// SetEventInformation sets the EventInformation field's value.
+func (s *HistoryRecordEntry) SetEventInformation(v *EventInformation) *HistoryRecordEntry {
+	s.EventInformation = v
+	return s
+}
+
+// SetEventType sets the EventType field's value.
+func (s *HistoryRecordEntry) SetEventType(v string) *HistoryRecordEntry {
+	s.EventType = &v
+	return s
+}
+
+// SetTimestamp sets the Timestamp field's value.
+func (s *HistoryRecordEntry) SetTimestamp(v time.Time) *HistoryRecordEntry {
+	s.Timestamp = &v
+	return s
+}
+
 // Describes the properties of the Dedicated Host.
 type Host struct {
 	_ struct{} `type:"structure"`
 
+	// The time that the Dedicated Host was allocated.
+	AllocationTime *time.Time `locationName:"allocationTime" type:"timestamp" timestampFormat:"iso8601"`
+
 	// Whether auto-placement is on or off.
 	AutoPlacement *string `locationName:"autoPlacement" type:"string" enum:"AutoPlacement"`
 
@@ -45866,6 +47636,9 @@ type Host struct {
 	// The IDs and instance type that are currently running on the Dedicated Host.
 	Instances []*HostInstance `locationName:"instances" locationNameList:"item" type:"list"`
 
+	// The time that the Dedicated Host was released.
+	ReleaseTime *time.Time `locationName:"releaseTime" type:"timestamp" timestampFormat:"iso8601"`
+
 	// The Dedicated Host's state.
 	State *string `locationName:"state" type:"string" enum:"AllocationState"`
 }
@@ -45880,6 +47653,12 @@ func (s Host) GoString() string {
 	return s.String()
 }
 
+// SetAllocationTime sets the AllocationTime field's value.
+func (s *Host) SetAllocationTime(v time.Time) *Host {
+	s.AllocationTime = &v
+	return s
+}
+
 // SetAutoPlacement sets the AutoPlacement field's value.
 func (s *Host) SetAutoPlacement(v string) *Host {
 	s.AutoPlacement = &v
@@ -45928,6 +47707,12 @@ func (s *Host) SetInstances(v []*HostInstance) *Host {
 	return s
 }
 
+// SetReleaseTime sets the ReleaseTime field's value.
+func (s *Host) SetReleaseTime(v time.Time) *Host {
+	s.ReleaseTime = &v
+	return s
+}
+
 // SetState sets the State field's value.
 func (s *Host) SetState(v string) *Host {
 	s.State = &v
@@ -50988,7 +52773,7 @@ func (s *LaunchTemplatePlacementRequest) SetTenancy(v string) *LaunchTemplatePla
 }
 
 // The launch template to use. You must specify either the launch template ID
-// or launch template name in the request.
+// or launch template name in the request, but not both.
 type LaunchTemplateSpecification struct {
 	_ struct{} `type:"structure"`
 
@@ -51520,6 +53305,109 @@ func (s *LoadPermissionRequest) SetUserId(v string) *LoadPermissionRequest {
 	return s
 }
 
+type ModifyFleetInput struct {
+	_ struct{} `type:"structure"`
+
+	// Checks whether you have the required permissions for the action, without
+	// actually making the request, and provides an error response. If you have
+	// the required permissions, the error response is DryRunOperation. Otherwise,
+	// it is UnauthorizedOperation.
+	DryRun *bool `type:"boolean"`
+
+	// Indicates whether running instances should be terminated if the total target
+	// capacity of the EC2 Fleet is decreased below the current size of the EC2
+	// Fleet.
+	ExcessCapacityTerminationPolicy *string `type:"string" enum:"FleetExcessCapacityTerminationPolicy"`
+
+	// The ID of the EC2 Fleet.
+	//
+	// FleetId is a required field
+	FleetId *string `type:"string" required:"true"`
+
+	// The size of the EC2 Fleet.
+	//
+	// TargetCapacitySpecification is a required field
+	TargetCapacitySpecification *TargetCapacitySpecificationRequest `type:"structure" required:"true"`
+}
+
+// String returns the string representation
+func (s ModifyFleetInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ModifyFleetInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ModifyFleetInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ModifyFleetInput"}
+	if s.FleetId == nil {
+		invalidParams.Add(request.NewErrParamRequired("FleetId"))
+	}
+	if s.TargetCapacitySpecification == nil {
+		invalidParams.Add(request.NewErrParamRequired("TargetCapacitySpecification"))
+	}
+	if s.TargetCapacitySpecification != nil {
+		if err := s.TargetCapacitySpecification.Validate(); err != nil {
+			invalidParams.AddNested("TargetCapacitySpecification", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDryRun sets the DryRun field's value.
+func (s *ModifyFleetInput) SetDryRun(v bool) *ModifyFleetInput {
+	s.DryRun = &v
+	return s
+}
+
+// SetExcessCapacityTerminationPolicy sets the ExcessCapacityTerminationPolicy field's value.
+func (s *ModifyFleetInput) SetExcessCapacityTerminationPolicy(v string) *ModifyFleetInput {
+	s.ExcessCapacityTerminationPolicy = &v
+	return s
+}
+
+// SetFleetId sets the FleetId field's value.
+func (s *ModifyFleetInput) SetFleetId(v string) *ModifyFleetInput {
+	s.FleetId = &v
+	return s
+}
+
+// SetTargetCapacitySpecification sets the TargetCapacitySpecification field's value.
+func (s *ModifyFleetInput) SetTargetCapacitySpecification(v *TargetCapacitySpecificationRequest) *ModifyFleetInput {
+	s.TargetCapacitySpecification = v
+	return s
+}
+
+type ModifyFleetOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Is true if the request succeeds, and an error otherwise.
+	Return *bool `locationName:"return" type:"boolean"`
+}
+
+// String returns the string representation
+func (s ModifyFleetOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ModifyFleetOutput) GoString() string {
+	return s.String()
+}
+
+// SetReturn sets the Return field's value.
+func (s *ModifyFleetOutput) SetReturn(v bool) *ModifyFleetOutput {
+	s.Return = &v
+	return s
+}
+
 type ModifyFpgaImageAttributeInput struct {
 	_ struct{} `type:"structure"`
 
@@ -58093,13 +59981,13 @@ type RequestSpotInstancesInput struct {
 	// for termination and provides a Spot Instance termination notice, which gives
 	// the instance a two-minute warning before it terminates.
 	//
-	// Note that you can't specify an Availability Zone group or a launch group
-	// if you specify a duration.
+	// You can't specify an Availability Zone group or a launch group if you specify
+	// a duration.
 	BlockDurationMinutes *int64 `locationName:"blockDurationMinutes" type:"integer"`
 
 	// Unique, case-sensitive identifier that you provide to ensure the idempotency
 	// of the request. For more information, see How to Ensure Idempotency (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html)
-	// in the Amazon Elastic Compute Cloud User Guide.
+	// in the Amazon EC2 User Guide for Linux Instances.
 	ClientToken *string `locationName:"clientToken" type:"string"`
 
 	// Checks whether you have the required permissions for the action, without
@@ -60646,6 +62534,7 @@ type RunInstancesInput struct {
 
 	// The launch template to use to launch the instances. Any parameters that you
 	// specify in RunInstances override the same parameters in the launch template.
+	// You can specify either the name or ID of a launch template, but not both.
 	LaunchTemplate *LaunchTemplateSpecification `type:"structure"`
 
 	// The maximum number of instances to launch. If you specify more instances
@@ -63452,8 +65341,8 @@ type SpotFleetRequestConfigData struct {
 	// by the Spot Fleet request. The default is lowestPrice.
 	AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"AllocationStrategy"`
 
-	// A unique, case-sensitive identifier you provide to ensure idempotency of
-	// your listings. This helps avoid duplicate listings. For more information,
+	// A unique, case-sensitive identifier that you provide to ensure the idempotency
+	// of your listings. This helps to avoid duplicate listings. For more information,
 	// see Ensuring Idempotency (http://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html).
 	ClientToken *string `locationName:"clientToken" type:"string"`
 
@@ -63491,6 +65380,17 @@ type SpotFleetRequestConfigData struct {
 	// HS1, M1, M2, M3, and T1.
 	LoadBalancersConfig *LoadBalancersConfig `locationName:"loadBalancersConfig" type:"structure"`
 
+	// The number of On-Demand units fulfilled by this request compared to the set
+	// target On-Demand capacity.
+	OnDemandFulfilledCapacity *float64 `locationName:"onDemandFulfilledCapacity" type:"double"`
+
+	// The number of On-Demand units to request. You can choose to set the target
+	// capacity in terms of instances or a performance characteristic that is important
+	// to your application workload, such as vCPUs, memory, or I/O. If the request
+	// type is maintain, you can specify a target capacity of 0 and add capacity
+	// later.
+	OnDemandTargetCapacity *int64 `locationName:"onDemandTargetCapacity" type:"integer"`
+
 	// Indicates whether Spot Fleet should replace unhealthy instances.
 	ReplaceUnhealthyInstances *bool `locationName:"replaceUnhealthyInstances" type:"boolean"`
 
@@ -63511,14 +65411,13 @@ type SpotFleetRequestConfigData struct {
 	// Fleet request expires.
 	TerminateInstancesWithExpiration *bool `locationName:"terminateInstancesWithExpiration" type:"boolean"`
 
-	// The type of request. Indicates whether the fleet will only request the target
-	// capacity or also attempt to maintain it. When you request a certain target
-	// capacity, the fleet will only place the required requests. It will not attempt
-	// to replenish Spot Instances if capacity is diminished, nor will it submit
-	// requests in alternative Spot pools if capacity is not available. When you
-	// want to maintain a certain target capacity, fleet will place the required
-	// requests to meet this target capacity. It will also automatically replenish
-	// any interrupted instances. Default: maintain.
+	// The type of request. Indicates whether the Spot Fleet only requests the target
+	// capacity or also attempts to maintain it. When this value is request, the
+	// Spot Fleet only places the required requests. It does not attempt to replenish
+	// Spot Instances if capacity is diminished, nor does it submit requests in
+	// alternative Spot pools if capacity is not available. To maintain a certain
+	// target capacity, the Spot Fleet places the required requests to meet capacity
+	// and automatically replenishes any interrupted instances. Default: maintain.
 	Type *string `locationName:"type" type:"string" enum:"FleetType"`
 
 	// The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
@@ -63636,6 +65535,18 @@ func (s *SpotFleetRequestConfigData) SetLoadBalancersConfig(v *LoadBalancersConf
 	return s
 }
 
+// SetOnDemandFulfilledCapacity sets the OnDemandFulfilledCapacity field's value.
+func (s *SpotFleetRequestConfigData) SetOnDemandFulfilledCapacity(v float64) *SpotFleetRequestConfigData {
+	s.OnDemandFulfilledCapacity = &v
+	return s
+}
+
+// SetOnDemandTargetCapacity sets the OnDemandTargetCapacity field's value.
+func (s *SpotFleetRequestConfigData) SetOnDemandTargetCapacity(v int64) *SpotFleetRequestConfigData {
+	s.OnDemandTargetCapacity = &v
+	return s
+}
+
 // SetReplaceUnhealthyInstances sets the ReplaceUnhealthyInstances field's value.
 func (s *SpotFleetRequestConfigData) SetReplaceUnhealthyInstances(v bool) *SpotFleetRequestConfigData {
 	s.ReplaceUnhealthyInstances = &v
@@ -63761,10 +65672,9 @@ type SpotInstanceRequest struct {
 	// The maximum price per hour that you are willing to pay for a Spot Instance.
 	SpotPrice *string `locationName:"spotPrice" type:"string"`
 
-	// The state of the Spot Instance request. Spot status information can help
-	// you track your Spot Instance requests. For more information, see Spot Status
-	// (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-bid-status.html)
-	// in the Amazon Elastic Compute Cloud User Guide.
+	// The state of the Spot Instance request. Spot status information helps track
+	// your Spot Instance requests. For more information, see Spot Status (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-bid-status.html)
+	// in the Amazon EC2 User Guide for Linux Instances.
 	State *string `locationName:"state" type:"string" enum:"SpotInstanceState"`
 
 	// The status code and status message describing the Spot Instance request.
@@ -63950,7 +65860,7 @@ type SpotInstanceStatus struct {
 	_ struct{} `type:"structure"`
 
 	// The status code. For a list of status codes, see Spot Status Codes (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-bid-status.html#spot-instance-bid-status-understand)
-	// in the Amazon Elastic Compute Cloud User Guide.
+	// in the Amazon EC2 User Guide for Linux Instances.
 	Code *string `locationName:"code" type:"string"`
 
 	// The description for the status code.
@@ -64056,6 +65966,74 @@ func (s *SpotMarketOptions) SetValidUntil(v time.Time) *SpotMarketOptions {
 	return s
 }
 
+// Describes the configuration of Spot Instances in an EC2 Fleet.
+type SpotOptions struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates how to allocate the target capacity across the Spot pools specified
+	// by the Spot Fleet request. The default is lowestPrice.
+	AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"SpotAllocationStrategy"`
+
+	// The behavior when a Spot Instance is interrupted. The default is terminate.
+	InstanceInterruptionBehavior *string `locationName:"instanceInterruptionBehavior" type:"string" enum:"SpotInstanceInterruptionBehavior"`
+}
+
+// String returns the string representation
+func (s SpotOptions) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s SpotOptions) GoString() string {
+	return s.String()
+}
+
+// SetAllocationStrategy sets the AllocationStrategy field's value.
+func (s *SpotOptions) SetAllocationStrategy(v string) *SpotOptions {
+	s.AllocationStrategy = &v
+	return s
+}
+
+// SetInstanceInterruptionBehavior sets the InstanceInterruptionBehavior field's value.
+func (s *SpotOptions) SetInstanceInterruptionBehavior(v string) *SpotOptions {
+	s.InstanceInterruptionBehavior = &v
+	return s
+}
+
+// Describes the configuration of Spot Instances in an EC2 Fleet request.
+type SpotOptionsRequest struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates how to allocate the target capacity across the Spot pools specified
+	// by the Spot Fleet request. The default is lowestPrice.
+	AllocationStrategy *string `type:"string" enum:"SpotAllocationStrategy"`
+
+	// The behavior when a Spot Instance is interrupted. The default is terminate.
+	InstanceInterruptionBehavior *string `type:"string" enum:"SpotInstanceInterruptionBehavior"`
+}
+
+// String returns the string representation
+func (s SpotOptionsRequest) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s SpotOptionsRequest) GoString() string {
+	return s.String()
+}
+
+// SetAllocationStrategy sets the AllocationStrategy field's value.
+func (s *SpotOptionsRequest) SetAllocationStrategy(v string) *SpotOptionsRequest {
+	s.AllocationStrategy = &v
+	return s
+}
+
+// SetInstanceInterruptionBehavior sets the InstanceInterruptionBehavior field's value.
+func (s *SpotOptionsRequest) SetInstanceInterruptionBehavior(v string) *SpotOptionsRequest {
+	s.InstanceInterruptionBehavior = &v
+	return s
+}
+
 // Describes Spot Instance placement.
 type SpotPlacement struct {
 	_ struct{} `type:"structure"`
@@ -64942,6 +66920,131 @@ func (s *TagSpecification) SetTags(v []*Tag) *TagSpecification {
 	return s
 }
 
+// The number of units to request. You can choose to set the target capacity
+// in terms of instances or a performance characteristic that is important to
+// your application workload, such as vCPUs, memory, or I/O. If the request
+// type is maintain, you can specify a target capacity of 0 and add capacity
+// later.
+type TargetCapacitySpecification struct {
+	_ struct{} `type:"structure"`
+
+	// The default TotalTargetCapacity, which is either Spot or On-Demand.
+	DefaultTargetCapacityType *string `locationName:"defaultTargetCapacityType" type:"string" enum:"DefaultTargetCapacityType"`
+
+	// The number of On-Demand units to request.
+	OnDemandTargetCapacity *int64 `locationName:"onDemandTargetCapacity" type:"integer"`
+
+	// The maximum number of Spot units to launch.
+	SpotTargetCapacity *int64 `locationName:"spotTargetCapacity" type:"integer"`
+
+	// The number of units to request, filled using DefaultTargetCapacityType.
+	TotalTargetCapacity *int64 `locationName:"totalTargetCapacity" type:"integer"`
+}
+
+// String returns the string representation
+func (s TargetCapacitySpecification) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s TargetCapacitySpecification) GoString() string {
+	return s.String()
+}
+
+// SetDefaultTargetCapacityType sets the DefaultTargetCapacityType field's value.
+func (s *TargetCapacitySpecification) SetDefaultTargetCapacityType(v string) *TargetCapacitySpecification {
+	s.DefaultTargetCapacityType = &v
+	return s
+}
+
+// SetOnDemandTargetCapacity sets the OnDemandTargetCapacity field's value.
+func (s *TargetCapacitySpecification) SetOnDemandTargetCapacity(v int64) *TargetCapacitySpecification {
+	s.OnDemandTargetCapacity = &v
+	return s
+}
+
+// SetSpotTargetCapacity sets the SpotTargetCapacity field's value.
+func (s *TargetCapacitySpecification) SetSpotTargetCapacity(v int64) *TargetCapacitySpecification {
+	s.SpotTargetCapacity = &v
+	return s
+}
+
+// SetTotalTargetCapacity sets the TotalTargetCapacity field's value.
+func (s *TargetCapacitySpecification) SetTotalTargetCapacity(v int64) *TargetCapacitySpecification {
+	s.TotalTargetCapacity = &v
+	return s
+}
+
+// The number of units to request. You can choose to set the target capacity
+// in terms of instances or a performance characteristic that is important to
+// your application workload, such as vCPUs, memory, or I/O. If the request
+// type is maintain, you can specify a target capacity of 0 and add capacity
+// later.
+type TargetCapacitySpecificationRequest struct {
+	_ struct{} `type:"structure"`
+
+	// The default TotalTargetCapacity, which is either Spot or On-Demand.
+	DefaultTargetCapacityType *string `type:"string" enum:"DefaultTargetCapacityType"`
+
+	// The number of On-Demand units to request.
+	OnDemandTargetCapacity *int64 `type:"integer"`
+
+	// The number of Spot units to request.
+	SpotTargetCapacity *int64 `type:"integer"`
+
+	// The number of units to request, filled using DefaultTargetCapacityType.
+	//
+	// TotalTargetCapacity is a required field
+	TotalTargetCapacity *int64 `type:"integer" required:"true"`
+}
+
+// String returns the string representation
+func (s TargetCapacitySpecificationRequest) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s TargetCapacitySpecificationRequest) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TargetCapacitySpecificationRequest) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "TargetCapacitySpecificationRequest"}
+	if s.TotalTargetCapacity == nil {
+		invalidParams.Add(request.NewErrParamRequired("TotalTargetCapacity"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDefaultTargetCapacityType sets the DefaultTargetCapacityType field's value.
+func (s *TargetCapacitySpecificationRequest) SetDefaultTargetCapacityType(v string) *TargetCapacitySpecificationRequest {
+	s.DefaultTargetCapacityType = &v
+	return s
+}
+
+// SetOnDemandTargetCapacity sets the OnDemandTargetCapacity field's value.
+func (s *TargetCapacitySpecificationRequest) SetOnDemandTargetCapacity(v int64) *TargetCapacitySpecificationRequest {
+	s.OnDemandTargetCapacity = &v
+	return s
+}
+
+// SetSpotTargetCapacity sets the SpotTargetCapacity field's value.
+func (s *TargetCapacitySpecificationRequest) SetSpotTargetCapacity(v int64) *TargetCapacitySpecificationRequest {
+	s.SpotTargetCapacity = &v
+	return s
+}
+
+// SetTotalTargetCapacity sets the TotalTargetCapacity field's value.
+func (s *TargetCapacitySpecificationRequest) SetTotalTargetCapacity(v int64) *TargetCapacitySpecificationRequest {
+	s.TotalTargetCapacity = &v
+	return s
+}
+
 // Information about the Convertible Reserved Instance offering.
 type TargetConfiguration struct {
 	_ struct{} `type:"structure"`
@@ -66062,7 +68165,7 @@ type Volume struct {
 	// performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html)
 	// in the Amazon Elastic Compute Cloud User Guide.
 	//
-	// Constraint: Range is 100-20000 IOPS for io1 volumes and 100-10000 IOPS for
+	// Constraint: Range is 100-32000 IOPS for io1 volumes and 100-10000 IOPS for
 	// gp2 volumes.
 	//
 	// Condition: This parameter is required for requests to create io1 volumes;
@@ -67938,6 +70041,28 @@ const (
 	DatafeedSubscriptionStateInactive = "Inactive"
 )
 
+const (
+	// DefaultTargetCapacityTypeSpot is a DefaultTargetCapacityType enum value
+	DefaultTargetCapacityTypeSpot = "spot"
+
+	// DefaultTargetCapacityTypeOnDemand is a DefaultTargetCapacityType enum value
+	DefaultTargetCapacityTypeOnDemand = "on-demand"
+)
+
+const (
+	// DeleteFleetErrorCodeFleetIdDoesNotExist is a DeleteFleetErrorCode enum value
+	DeleteFleetErrorCodeFleetIdDoesNotExist = "fleetIdDoesNotExist"
+
+	// DeleteFleetErrorCodeFleetIdMalformed is a DeleteFleetErrorCode enum value
+	DeleteFleetErrorCodeFleetIdMalformed = "fleetIdMalformed"
+
+	// DeleteFleetErrorCodeFleetNotInDeletableState is a DeleteFleetErrorCode enum value
+	DeleteFleetErrorCodeFleetNotInDeletableState = "fleetNotInDeletableState"
+
+	// DeleteFleetErrorCodeUnexpectedError is a DeleteFleetErrorCode enum value
+	DeleteFleetErrorCodeUnexpectedError = "unexpectedError"
+)
+
 const (
 	// DeviceTypeEbs is a DeviceType enum value
 	DeviceTypeEbs = "ebs"
@@ -68039,6 +70164,62 @@ const (
 	ExportTaskStateCompleted = "completed"
 )
 
+const (
+	// FleetActivityStatusError is a FleetActivityStatus enum value
+	FleetActivityStatusError = "error"
+
+	// FleetActivityStatusPendingFulfillment is a FleetActivityStatus enum value
+	FleetActivityStatusPendingFulfillment = "pending-fulfillment"
+
+	// FleetActivityStatusPendingTermination is a FleetActivityStatus enum value
+	FleetActivityStatusPendingTermination = "pending-termination"
+
+	// FleetActivityStatusFulfilled is a FleetActivityStatus enum value
+	FleetActivityStatusFulfilled = "fulfilled"
+)
+
+const (
+	// FleetEventTypeInstanceChange is a FleetEventType enum value
+	FleetEventTypeInstanceChange = "instance-change"
+
+	// FleetEventTypeFleetChange is a FleetEventType enum value
+	FleetEventTypeFleetChange = "fleet-change"
+
+	// FleetEventTypeServiceError is a FleetEventType enum value
+	FleetEventTypeServiceError = "service-error"
+)
+
+const (
+	// FleetExcessCapacityTerminationPolicyNoTermination is a FleetExcessCapacityTerminationPolicy enum value
+	FleetExcessCapacityTerminationPolicyNoTermination = "no-termination"
+
+	// FleetExcessCapacityTerminationPolicyTermination is a FleetExcessCapacityTerminationPolicy enum value
+	FleetExcessCapacityTerminationPolicyTermination = "termination"
+)
+
+const (
+	// FleetStateCodeSubmitted is a FleetStateCode enum value
+	FleetStateCodeSubmitted = "submitted"
+
+	// FleetStateCodeActive is a FleetStateCode enum value
+	FleetStateCodeActive = "active"
+
+	// FleetStateCodeDeleted is a FleetStateCode enum value
+	FleetStateCodeDeleted = "deleted"
+
+	// FleetStateCodeFailed is a FleetStateCode enum value
+	FleetStateCodeFailed = "failed"
+
+	// FleetStateCodeDeletedRunning is a FleetStateCode enum value
+	FleetStateCodeDeletedRunning = "deleted-running"
+
+	// FleetStateCodeDeletedTerminating is a FleetStateCode enum value
+	FleetStateCodeDeletedTerminating = "deleted-terminating"
+
+	// FleetStateCodeModifying is a FleetStateCode enum value
+	FleetStateCodeModifying = "modifying"
+)
+
 const (
 	// FleetTypeRequest is a FleetType enum value
 	FleetTypeRequest = "request"
@@ -69072,6 +71253,25 @@ const (
 	SnapshotStateError = "error"
 )
 
+const (
+	// SpotAllocationStrategyLowestPrice is a SpotAllocationStrategy enum value
+	SpotAllocationStrategyLowestPrice = "lowest-price"
+
+	// SpotAllocationStrategyDiversified is a SpotAllocationStrategy enum value
+	SpotAllocationStrategyDiversified = "diversified"
+)
+
+const (
+	// SpotInstanceInterruptionBehaviorHibernate is a SpotInstanceInterruptionBehavior enum value
+	SpotInstanceInterruptionBehaviorHibernate = "hibernate"
+
+	// SpotInstanceInterruptionBehaviorStop is a SpotInstanceInterruptionBehavior enum value
+	SpotInstanceInterruptionBehaviorStop = "stop"
+
+	// SpotInstanceInterruptionBehaviorTerminate is a SpotInstanceInterruptionBehavior enum value
+	SpotInstanceInterruptionBehaviorTerminate = "terminate"
+)
+
 const (
 	// SpotInstanceStateOpen is a SpotInstanceState enum value
 	SpotInstanceStateOpen = "open"
diff --git a/vendor/github.com/aws/aws-sdk-go/service/elasticbeanstalk/api.go b/vendor/github.com/aws/aws-sdk-go/service/elasticbeanstalk/api.go
index 178bb2a3abd..5849124ce6e 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/elasticbeanstalk/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/elasticbeanstalk/api.go
@@ -3867,6 +3867,9 @@ func (s AbortEnvironmentUpdateOutput) GoString() string {
 type ApplicationDescription struct {
 	_ struct{} `type:"structure"`
 
+	// The Amazon Resource Name (ARN) of the application.
+	ApplicationArn *string `type:"string"`
+
 	// The name of the application.
 	ApplicationName *string `min:"1" type:"string"`
 
@@ -3899,6 +3902,12 @@ func (s ApplicationDescription) GoString() string {
 	return s.String()
 }
 
+// SetApplicationArn sets the ApplicationArn field's value.
+func (s *ApplicationDescription) SetApplicationArn(v string) *ApplicationDescription {
+	s.ApplicationArn = &v
+	return s
+}
+
 // SetApplicationName sets the ApplicationName field's value.
 func (s *ApplicationDescription) SetApplicationName(v string) *ApplicationDescription {
 	s.ApplicationName = &v
@@ -4080,6 +4089,9 @@ type ApplicationVersionDescription struct {
 	// The name of the application to which the application version belongs.
 	ApplicationName *string `min:"1" type:"string"`
 
+	// The Amazon Resource Name (ARN) of the application version.
+	ApplicationVersionArn *string `type:"string"`
+
 	// Reference to the artifact from the AWS CodeBuild build.
 	BuildArn *string `type:"string"`
 
@@ -4123,6 +4135,12 @@ func (s *ApplicationVersionDescription) SetApplicationName(v string) *Applicatio
 	return s
 }
 
+// SetApplicationVersionArn sets the ApplicationVersionArn field's value.
+func (s *ApplicationVersionDescription) SetApplicationVersionArn(v string) *ApplicationVersionDescription {
+	s.ApplicationVersionArn = &v
+	return s
+}
+
 // SetBuildArn sets the BuildArn field's value.
 func (s *ApplicationVersionDescription) SetBuildArn(v string) *ApplicationVersionDescription {
 	s.BuildArn = &v
@@ -7612,7 +7630,7 @@ type EnvironmentDescription struct {
 	EndpointURL *string `type:"string"`
 
 	// The environment's Amazon Resource Name (ARN), which can be used in other
-	// API reuqests that require an ARN.
+	// API requests that require an ARN.
 	EnvironmentArn *string `type:"string"`
 
 	// The ID of this environment.
diff --git a/vendor/github.com/aws/aws-sdk-go/service/firehose/api.go b/vendor/github.com/aws/aws-sdk-go/service/firehose/api.go
index a7d3333ffe7..90c00729084 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/firehose/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/firehose/api.go
@@ -57,7 +57,7 @@ func (c *Firehose) CreateDeliveryStreamRequest(input *CreateDeliveryStreamInput)
 //
 // Creates a delivery stream.
 //
-// By default, you can create up to 20 delivery streams per region.
+// By default, you can create up to 50 delivery streams per AWS Region.
 //
 // This is an asynchronous operation that immediately returns. The initial status
 // of the delivery stream is CREATING. After the delivery stream is created,
@@ -65,24 +65,25 @@ func (c *Firehose) CreateDeliveryStreamRequest(input *CreateDeliveryStreamInput)
 // delivery stream that is not in the ACTIVE state cause an exception. To check
 // the state of a delivery stream, use DescribeDeliveryStream.
 //
-// A Kinesis Firehose delivery stream can be configured to receive records directly
-// from providers using PutRecord or PutRecordBatch, or it can be configured
-// to use an existing Kinesis stream as its source. To specify a Kinesis stream
-// as input, set the DeliveryStreamType parameter to KinesisStreamAsSource,
-// and provide the Kinesis stream ARN and role ARN in the KinesisStreamSourceConfiguration
-// parameter.
+// A Kinesis Data Firehose delivery stream can be configured to receive records
+// directly from providers using PutRecord or PutRecordBatch, or it can be configured
+// to use an existing Kinesis data stream as its source. To specify a Kinesis
+// data stream as input, set the DeliveryStreamType parameter to KinesisStreamAsSource,
+// and provide the Kinesis data stream Amazon Resource Name (ARN) and role ARN
+// in the KinesisStreamSourceConfiguration parameter.
 //
 // A delivery stream is configured with a single destination: Amazon S3, Amazon
-// ES, or Amazon Redshift. You must specify only one of the following destination
+// ES, Amazon Redshift, or Splunk. Specify only one of the following destination
 // configuration parameters: ExtendedS3DestinationConfiguration, S3DestinationConfiguration,
-// ElasticsearchDestinationConfiguration, or RedshiftDestinationConfiguration.
+// ElasticsearchDestinationConfiguration, RedshiftDestinationConfiguration,
+// or SplunkDestinationConfiguration.
 //
 // When you specify S3DestinationConfiguration, you can also provide the following
 // optional values: BufferingHints, EncryptionConfiguration, and CompressionFormat.
-// By default, if no BufferingHints value is provided, Kinesis Firehose buffers
-// data up to 5 MB or for 5 minutes, whichever condition is satisfied first.
-// Note that BufferingHints is a hint, so there are some cases where the service
-// cannot adhere to these conditions strictly; for example, record boundaries
+// By default, if no BufferingHints value is provided, Kinesis Data Firehose
+// buffers data up to 5 MB or for 5 minutes, whichever condition is satisfied
+// first. BufferingHints is a hint, so there are some cases where the service
+// cannot adhere to these conditions strictly. For example, record boundaries
 // are such that the size is a little over or under the configured buffering
 // size. By default, no encryption is performed. We strongly recommend that
 // you enable encryption to ensure secure data storage in Amazon S3.
@@ -90,23 +91,25 @@ func (c *Firehose) CreateDeliveryStreamRequest(input *CreateDeliveryStreamInput)
 // A few notes about Amazon Redshift as a destination:
 //
 //    * An Amazon Redshift destination requires an S3 bucket as intermediate
-//    location, as Kinesis Firehose first delivers data to S3 and then uses
-//    COPY syntax to load data into an Amazon Redshift table. This is specified
-//    in the RedshiftDestinationConfiguration.S3Configuration parameter.
+//    location. This is because Kinesis Data Firehose first delivers data to
+//    Amazon S3 and then uses COPY syntax to load data into an Amazon Redshift
+//    table. This is specified in the RedshiftDestinationConfiguration.S3Configuration
+//    parameter.
 //
 //    * The compression formats SNAPPY or ZIP cannot be specified in RedshiftDestinationConfiguration.S3Configuration
 //    because the Amazon Redshift COPY operation that reads from the S3 bucket
 //    doesn't support these compression formats.
 //
-//    * We strongly recommend that you use the user name and password you provide
-//    exclusively with Kinesis Firehose, and that the permissions for the account
-//    are restricted for Amazon Redshift INSERT permissions.
+//    * We strongly recommend that you use the user name and password that you
+//    provide exclusively with Kinesis Data Firehose. In addition, the permissions
+//    for the account should be restricted for Amazon Redshift INSERT permissions.
 //
-// Kinesis Firehose assumes the IAM role that is configured as part of the destination.
-// The role should allow the Kinesis Firehose principal to assume the role,
-// and the role should have permissions that allow the service to deliver the
-// data. For more information, see Amazon S3 Bucket Access (http://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-s3)
-// in the Amazon Kinesis Firehose Developer Guide.
+// Kinesis Data Firehose assumes the IAM role that is configured as part of
+// the destination. The role should allow the Kinesis Data Firehose principal
+// to assume the role, and the role should have permissions that allow the service
+// to deliver the data. For more information, see Grant Kinesis Firehose Access
+// to an Amazon S3 Destination (http://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-s3)
+// in the Amazon Kinesis Data Firehose Developer Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -286,8 +289,8 @@ func (c *Firehose) DescribeDeliveryStreamRequest(input *DescribeDeliveryStreamIn
 //
 // Describes the specified delivery stream and gets the status. For example,
 // after your delivery stream is created, call DescribeDeliveryStream to see
-// if the delivery stream is ACTIVE and therefore ready for data to be sent
-// to it.
+// whether the delivery stream is ACTIVE and therefore ready for data to be
+// sent to it.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -404,6 +407,92 @@ func (c *Firehose) ListDeliveryStreamsWithContext(ctx aws.Context, input *ListDe
 	return out, req.Send()
 }
 
+const opListTagsForDeliveryStream = "ListTagsForDeliveryStream"
+
+// ListTagsForDeliveryStreamRequest generates a "aws/request.Request" representing the
+// client's request for the ListTagsForDeliveryStream operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListTagsForDeliveryStream for more information on using the ListTagsForDeliveryStream
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the ListTagsForDeliveryStreamRequest method.
+//    req, resp := client.ListTagsForDeliveryStreamRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/ListTagsForDeliveryStream
+func (c *Firehose) ListTagsForDeliveryStreamRequest(input *ListTagsForDeliveryStreamInput) (req *request.Request, output *ListTagsForDeliveryStreamOutput) {
+	op := &request.Operation{
+		Name:       opListTagsForDeliveryStream,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &ListTagsForDeliveryStreamInput{}
+	}
+
+	output = &ListTagsForDeliveryStreamOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListTagsForDeliveryStream API operation for Amazon Kinesis Firehose.
+//
+// Lists the tags for the specified delivery stream. This operation has a limit
+// of five transactions per second per account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Kinesis Firehose's
+// API operation ListTagsForDeliveryStream for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The specified resource could not be found.
+//
+//   * ErrCodeInvalidArgumentException "InvalidArgumentException"
+//   The specified input parameter has a value that is not valid.
+//
+//   * ErrCodeLimitExceededException "LimitExceededException"
+//   You have already reached the limit for a requested resource.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/ListTagsForDeliveryStream
+func (c *Firehose) ListTagsForDeliveryStream(input *ListTagsForDeliveryStreamInput) (*ListTagsForDeliveryStreamOutput, error) {
+	req, out := c.ListTagsForDeliveryStreamRequest(input)
+	return out, req.Send()
+}
+
+// ListTagsForDeliveryStreamWithContext is the same as ListTagsForDeliveryStream with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListTagsForDeliveryStream for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Firehose) ListTagsForDeliveryStreamWithContext(ctx aws.Context, input *ListTagsForDeliveryStreamInput, opts ...request.Option) (*ListTagsForDeliveryStreamOutput, error) {
+	req, out := c.ListTagsForDeliveryStreamRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opPutRecord = "PutRecord"
 
 // PutRecordRequest generates a "aws/request.Request" representing the
@@ -448,22 +537,22 @@ func (c *Firehose) PutRecordRequest(input *PutRecordInput) (req *request.Request
 
 // PutRecord API operation for Amazon Kinesis Firehose.
 //
-// Writes a single data record into an Amazon Kinesis Firehose delivery stream.
-// To write multiple data records into a delivery stream, use PutRecordBatch.
+// Writes a single data record into an Amazon Kinesis Data Firehose delivery
+// stream. To write multiple data records into a delivery stream, use PutRecordBatch.
 // Applications using these operations are referred to as producers.
 //
 // By default, each delivery stream can take in up to 2,000 transactions per
 // second, 5,000 records per second, or 5 MB per second. Note that if you use
 // PutRecord and PutRecordBatch, the limits are an aggregate across these two
 // operations for each delivery stream. For more information about limits and
-// how to request an increase, see Amazon Kinesis Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
+// how to request an increase, see Amazon Kinesis Data Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
 //
 // You must specify the name of the delivery stream and the data record when
 // using PutRecord. The data record consists of a data blob that can be up to
-// 1,000 KB in size, and any kind of data, for example, a segment from a log
-// file, geographic location data, website clickstream data, and so on.
+// 1,000 KB in size and any kind of data. For example, it can be a segment from
+// a log file, geographic location data, website clickstream data, and so on.
 //
-// Kinesis Firehose buffers records before delivering them to the destination.
+// Kinesis Data Firehose buffers records before delivering them to the destination.
 // To disambiguate the data blobs at the destination, a common solution is to
 // use delimiters in the data, such as a newline (\n) or some other character
 // unique within the data. This allows the consumer application to parse individual
@@ -477,9 +566,9 @@ func (c *Firehose) PutRecordRequest(input *PutRecordInput) (req *request.Request
 // and retry. If the exception persists, it is possible that the throughput
 // limits have been exceeded for the delivery stream.
 //
-// Data records sent to Kinesis Firehose are stored for 24 hours from the time
-// they are added to a delivery stream as it attempts to send the records to
-// the destination. If the destination is unreachable for more than 24 hours,
+// Data records sent to Kinesis Data Firehose are stored for 24 hours from the
+// time they are added to a delivery stream as it attempts to send the records
+// to the destination. If the destination is unreachable for more than 24 hours,
 // the data is no longer available.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -497,10 +586,10 @@ func (c *Firehose) PutRecordRequest(input *PutRecordInput) (req *request.Request
 //   The specified input parameter has a value that is not valid.
 //
 //   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
-//   The service is unavailable, back off and retry the operation. If you continue
+//   The service is unavailable. Back off and retry the operation. If you continue
 //   to see the exception, throughput limits for the delivery stream may have
 //   been exceeded. For more information about limits and how to request an increase,
-//   see Amazon Kinesis Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
+//   see Amazon Kinesis Data Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/PutRecord
 func (c *Firehose) PutRecord(input *PutRecordInput) (*PutRecordOutput, error) {
@@ -577,7 +666,7 @@ func (c *Firehose) PutRecordBatchRequest(input *PutRecordBatchInput) (req *reque
 // second, 5,000 records per second, or 5 MB per second. If you use PutRecord
 // and PutRecordBatch, the limits are an aggregate across these two operations
 // for each delivery stream. For more information about limits, see Amazon Kinesis
-// Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
+// Data Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
 //
 // Each PutRecordBatch request supports up to 500 records. Each record in the
 // request can be as large as 1,000 KB (before 64-bit encoding), up to a limit
@@ -585,11 +674,11 @@ func (c *Firehose) PutRecordBatchRequest(input *PutRecordBatchInput) (req *reque
 //
 // You must specify the name of the delivery stream and the data record when
 // using PutRecord. The data record consists of a data blob that can be up to
-// 1,000 KB in size, and any kind of data. For example, it could be a segment
-// from a log file, geographic location data, web site clickstream data, and
+// 1,000 KB in size and any kind of data. For example, it could be a segment
+// from a log file, geographic location data, website clickstream data, and
 // so on.
 //
-// Kinesis Firehose buffers records before delivering them to the destination.
+// Kinesis Data Firehose buffers records before delivering them to the destination.
 // To disambiguate the data blobs at the destination, a common solution is to
 // use delimiters in the data, such as a newline (\n) or some other character
 // unique within the data. This allows the consumer application to parse individual
@@ -601,7 +690,7 @@ func (c *Firehose) PutRecordBatchRequest(input *PutRecordBatchInput) (req *reque
 // correlates with a record in the request array using the same ordering, from
 // the top to the bottom. The response array always includes the same number
 // of records as the request array. RequestResponses includes both successfully
-// and unsuccessfully processed records. Kinesis Firehose attempts to process
+// and unsuccessfully processed records. Kinesis Data Firehose attempts to process
 // all records in each PutRecordBatch request. A single record failure does
 // not stop the processing of subsequent records.
 //
@@ -622,9 +711,9 @@ func (c *Firehose) PutRecordBatchRequest(input *PutRecordBatchInput) (req *reque
 // If the exception persists, it is possible that the throughput limits have
 // been exceeded for the delivery stream.
 //
-// Data records sent to Kinesis Firehose are stored for 24 hours from the time
-// they are added to a delivery stream as it attempts to send the records to
-// the destination. If the destination is unreachable for more than 24 hours,
+// Data records sent to Kinesis Data Firehose are stored for 24 hours from the
+// time they are added to a delivery stream as it attempts to send the records
+// to the destination. If the destination is unreachable for more than 24 hours,
 // the data is no longer available.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -642,10 +731,10 @@ func (c *Firehose) PutRecordBatchRequest(input *PutRecordBatchInput) (req *reque
 //   The specified input parameter has a value that is not valid.
 //
 //   * ErrCodeServiceUnavailableException "ServiceUnavailableException"
-//   The service is unavailable, back off and retry the operation. If you continue
+//   The service is unavailable. Back off and retry the operation. If you continue
 //   to see the exception, throughput limits for the delivery stream may have
 //   been exceeded. For more information about limits and how to request an increase,
-//   see Amazon Kinesis Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
+//   see Amazon Kinesis Data Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/PutRecordBatch
 func (c *Firehose) PutRecordBatch(input *PutRecordBatchInput) (*PutRecordBatchOutput, error) {
@@ -669,6 +758,198 @@ func (c *Firehose) PutRecordBatchWithContext(ctx aws.Context, input *PutRecordBa
 	return out, req.Send()
 }
 
+const opTagDeliveryStream = "TagDeliveryStream"
+
+// TagDeliveryStreamRequest generates a "aws/request.Request" representing the
+// client's request for the TagDeliveryStream operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See TagDeliveryStream for more information on using the TagDeliveryStream
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the TagDeliveryStreamRequest method.
+//    req, resp := client.TagDeliveryStreamRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/TagDeliveryStream
+func (c *Firehose) TagDeliveryStreamRequest(input *TagDeliveryStreamInput) (req *request.Request, output *TagDeliveryStreamOutput) {
+	op := &request.Operation{
+		Name:       opTagDeliveryStream,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &TagDeliveryStreamInput{}
+	}
+
+	output = &TagDeliveryStreamOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// TagDeliveryStream API operation for Amazon Kinesis Firehose.
+//
+// Adds or updates tags for the specified delivery stream. A tag is a key-value
+// pair (the value is optional) that you can define and assign to AWS resources.
+// If you specify a tag that already exists, the tag value is replaced with
+// the value that you specify in the request. Tags are metadata. For example,
+// you can add friendly names and descriptions or other types of information
+// that can help you distinguish the delivery stream. For more information about
+// tags, see Using Cost Allocation Tags (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
+// in the AWS Billing and Cost Management User Guide.
+//
+// Each delivery stream can have up to 50 tags.
+//
+// This operation has a limit of five transactions per second per account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Kinesis Firehose's
+// API operation TagDeliveryStream for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The specified resource could not be found.
+//
+//   * ErrCodeResourceInUseException "ResourceInUseException"
+//   The resource is already in use and not available for this operation.
+//
+//   * ErrCodeInvalidArgumentException "InvalidArgumentException"
+//   The specified input parameter has a value that is not valid.
+//
+//   * ErrCodeLimitExceededException "LimitExceededException"
+//   You have already reached the limit for a requested resource.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/TagDeliveryStream
+func (c *Firehose) TagDeliveryStream(input *TagDeliveryStreamInput) (*TagDeliveryStreamOutput, error) {
+	req, out := c.TagDeliveryStreamRequest(input)
+	return out, req.Send()
+}
+
+// TagDeliveryStreamWithContext is the same as TagDeliveryStream with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TagDeliveryStream for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Firehose) TagDeliveryStreamWithContext(ctx aws.Context, input *TagDeliveryStreamInput, opts ...request.Option) (*TagDeliveryStreamOutput, error) {
+	req, out := c.TagDeliveryStreamRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opUntagDeliveryStream = "UntagDeliveryStream"
+
+// UntagDeliveryStreamRequest generates a "aws/request.Request" representing the
+// client's request for the UntagDeliveryStream operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UntagDeliveryStream for more information on using the UntagDeliveryStream
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the UntagDeliveryStreamRequest method.
+//    req, resp := client.UntagDeliveryStreamRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/UntagDeliveryStream
+func (c *Firehose) UntagDeliveryStreamRequest(input *UntagDeliveryStreamInput) (req *request.Request, output *UntagDeliveryStreamOutput) {
+	op := &request.Operation{
+		Name:       opUntagDeliveryStream,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &UntagDeliveryStreamInput{}
+	}
+
+	output = &UntagDeliveryStreamOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// UntagDeliveryStream API operation for Amazon Kinesis Firehose.
+//
+// Removes tags from the specified delivery stream. Removed tags are deleted,
+// and you can't recover them after this operation successfully completes.
+//
+// If you specify a tag that doesn't exist, the operation ignores it.
+//
+// This operation has a limit of five transactions per second per account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Kinesis Firehose's
+// API operation UntagDeliveryStream for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The specified resource could not be found.
+//
+//   * ErrCodeResourceInUseException "ResourceInUseException"
+//   The resource is already in use and not available for this operation.
+//
+//   * ErrCodeInvalidArgumentException "InvalidArgumentException"
+//   The specified input parameter has a value that is not valid.
+//
+//   * ErrCodeLimitExceededException "LimitExceededException"
+//   You have already reached the limit for a requested resource.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/UntagDeliveryStream
+func (c *Firehose) UntagDeliveryStream(input *UntagDeliveryStreamInput) (*UntagDeliveryStreamOutput, error) {
+	req, out := c.UntagDeliveryStreamRequest(input)
+	return out, req.Send()
+}
+
+// UntagDeliveryStreamWithContext is the same as UntagDeliveryStream with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UntagDeliveryStream for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *Firehose) UntagDeliveryStreamWithContext(ctx aws.Context, input *UntagDeliveryStreamInput, opts ...request.Option) (*UntagDeliveryStreamOutput, error) {
+	req, out := c.UntagDeliveryStreamRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opUpdateDestination = "UpdateDestination"
 
 // UpdateDestinationRequest generates a "aws/request.Request" representing the
@@ -715,18 +996,18 @@ func (c *Firehose) UpdateDestinationRequest(input *UpdateDestinationInput) (req
 //
 // Updates the specified destination of the specified delivery stream.
 //
-// You can use this operation to change the destination type (for example, to
-// replace the Amazon S3 destination with Amazon Redshift) or change the parameters
+// Use this operation to change the destination type (for example, to replace
+// the Amazon S3 destination with Amazon Redshift) or change the parameters
 // associated with a destination (for example, to change the bucket name of
 // the Amazon S3 destination). The update might not occur immediately. The target
 // delivery stream remains active while the configurations are updated, so data
 // writes to the delivery stream can continue during this process. The updated
 // configurations are usually effective within a few minutes.
 //
-// Note that switching between Amazon ES and other services is not supported.
-// For an Amazon ES destination, you can only update to another Amazon ES destination.
+// Switching between Amazon ES and other services is not supported. For an Amazon
+// ES destination, you can only update to another Amazon ES destination.
 //
-// If the destination type is the same, Kinesis Firehose merges the configuration
+// If the destination type is the same, Kinesis Data Firehose merges the configuration
 // parameters specified with the destination configuration that already exists
 // on the delivery stream. If any of the parameters are not specified in the
 // call, the existing values are retained. For example, in the Amazon S3 destination,
@@ -734,15 +1015,15 @@ func (c *Firehose) UpdateDestinationRequest(input *UpdateDestinationInput) (req
 // is maintained on the destination.
 //
 // If the destination type is not the same, for example, changing the destination
-// from Amazon S3 to Amazon Redshift, Kinesis Firehose does not merge any parameters.
-// In this case, all parameters must be specified.
+// from Amazon S3 to Amazon Redshift, Kinesis Data Firehose does not merge any
+// parameters. In this case, all parameters must be specified.
 //
-// Kinesis Firehose uses CurrentDeliveryStreamVersionId to avoid race conditions
+// Kinesis Data Firehose uses CurrentDeliveryStreamVersionId to avoid race conditions
 // and conflicting merges. This is a required field, and the service updates
 // the configuration only if the existing configuration has a version ID that
 // matches. After the update is applied successfully, the version ID is updated,
-// and can be retrieved using DescribeDeliveryStream. Use the new version ID
-// to set CurrentDeliveryStreamVersionId in the next call.
+// and you can retrieve it using DescribeDeliveryStream. Use the new version
+// ID to set CurrentDeliveryStreamVersionId in the next call.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -788,8 +1069,8 @@ func (c *Firehose) UpdateDestinationWithContext(ctx aws.Context, input *UpdateDe
 }
 
 // Describes hints for the buffering to perform before delivering data to the
-// destination. Please note that these options are treated as hints, and therefore
-// Kinesis Firehose may choose to use different values when it is optimal.
+// destination. These options are treated as hints, and therefore Kinesis Data
+// Firehose might choose to use different values whenever it is optimal.
 type BufferingHints struct {
 	_ struct{} `type:"structure"`
 
@@ -895,7 +1176,7 @@ type CopyCommand struct {
 	// Optional parameters to use with the Amazon Redshift COPY command. For more
 	// information, see the "Optional Parameters" section of Amazon Redshift COPY
 	// command (http://docs.aws.amazon.com/redshift/latest/dg/r_COPY.html). Some
-	// possible examples that would apply to Kinesis Firehose are as follows:
+	// possible examples that would apply to Kinesis Data Firehose are as follows:
 	//
 	// delimiter '\t' lzop; - fields are delimited with "\t" (TAB character) and
 	// compressed using lzop.
@@ -971,8 +1252,8 @@ type CreateDeliveryStreamInput struct {
 	_ struct{} `type:"structure"`
 
 	// The name of the delivery stream. This name must be unique per AWS account
-	// in the same region. If the delivery streams are in different accounts or
-	// different regions, you can have multiple delivery streams with the same name.
+	// in the same Region. If the delivery streams are in different accounts or
+	// different Regions, you can have multiple delivery streams with the same name.
 	//
 	// DeliveryStreamName is a required field
 	DeliveryStreamName *string `min:"1" type:"string" required:"true"`
@@ -981,8 +1262,8 @@ type CreateDeliveryStreamInput struct {
 	//
 	//    * DirectPut: Provider applications access the delivery stream directly.
 	//
-	//    * KinesisStreamAsSource: The delivery stream uses a Kinesis stream as
-	//    a source.
+	//    * KinesisStreamAsSource: The delivery stream uses a Kinesis data stream
+	//    as a source.
 	DeliveryStreamType *string `type:"string" enum:"DeliveryStreamType"`
 
 	// The destination in Amazon ES. You can specify only one destination.
@@ -991,8 +1272,9 @@ type CreateDeliveryStreamInput struct {
 	// The destination in Amazon S3. You can specify only one destination.
 	ExtendedS3DestinationConfiguration *ExtendedS3DestinationConfiguration `type:"structure"`
 
-	// When a Kinesis stream is used as the source for the delivery stream, a KinesisStreamSourceConfiguration
-	// containing the Kinesis stream ARN and the role ARN for the source stream.
+	// When a Kinesis data stream is used as the source for the delivery stream,
+	// a KinesisStreamSourceConfiguration containing the Kinesis data stream Amazon
+	// Resource Name (ARN) and the role ARN for the source stream.
 	KinesisStreamSourceConfiguration *KinesisStreamSourceConfiguration `type:"structure"`
 
 	// The destination in Amazon Redshift. You can specify only one destination.
@@ -1213,8 +1495,8 @@ type DeliveryStreamDescription struct {
 	//
 	//    * DirectPut: Provider applications access the delivery stream directly.
 	//
-	//    * KinesisStreamAsSource: The delivery stream uses a Kinesis stream as
-	//    a source.
+	//    * KinesisStreamAsSource: The delivery stream uses a Kinesis data stream
+	//    as a source.
 	//
 	// DeliveryStreamType is a required field
 	DeliveryStreamType *string `type:"string" required:"true" enum:"DeliveryStreamType"`
@@ -1233,7 +1515,7 @@ type DeliveryStreamDescription struct {
 	LastUpdateTimestamp *time.Time `type:"timestamp" timestampFormat:"unix"`
 
 	// If the DeliveryStreamType parameter is KinesisStreamAsSource, a SourceDescription
-	// object describing the source Kinesis stream.
+	// object describing the source Kinesis data stream.
 	Source *SourceDescription `type:"structure"`
 
 	// Each time the destination is updated for a delivery stream, the version ID
@@ -1324,7 +1606,7 @@ type DescribeDeliveryStreamInput struct {
 	DeliveryStreamName *string `min:"1" type:"string" required:"true"`
 
 	// The ID of the destination to start returning the destination information.
-	// Currently, Kinesis Firehose supports one destination per delivery stream.
+	// Currently, Kinesis Data Firehose supports one destination per delivery stream.
 	ExclusiveStartDestinationId *string `min:"1" type:"string"`
 
 	// The limit on the number of destinations to return. Currently, you can have
@@ -1559,31 +1841,32 @@ type ElasticsearchDestinationConfiguration struct {
 
 	// The Elasticsearch index rotation period. Index rotation appends a time stamp
 	// to the IndexName to facilitate the expiration of old data. For more information,
-	// see Index Rotation for Amazon Elasticsearch Service Destination (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#es-index-rotation).
+	// see Index Rotation for the Amazon ES Destination (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#es-index-rotation).
 	// The default value is OneDay.
 	IndexRotationPeriod *string `type:"string" enum:"ElasticsearchIndexRotationPeriod"`
 
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The retry behavior in case Kinesis Firehose is unable to deliver documents
+	// The retry behavior in case Kinesis Data Firehose is unable to deliver documents
 	// to Amazon ES. The default value is 300 (5 minutes).
 	RetryOptions *ElasticsearchRetryOptions `type:"structure"`
 
-	// The ARN of the IAM role to be assumed by Kinesis Firehose for calling the
-	// Amazon ES Configuration API and for indexing documents. For more information,
-	// see Amazon S3 Bucket Access (http://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-s3).
+	// The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data
+	// Firehose for calling the Amazon ES Configuration API and for indexing documents.
+	// For more information, see Grant Kinesis Data Firehose Access to an Amazon
+	// Destination (http://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-s3).
 	//
 	// RoleARN is a required field
 	RoleARN *string `min:"1" type:"string" required:"true"`
 
 	// Defines how documents should be delivered to Amazon S3. When set to FailedDocumentsOnly,
-	// Kinesis Firehose writes any documents that could not be indexed to the configured
-	// Amazon S3 destination, with elasticsearch-failed/ appended to the key prefix.
-	// When set to AllDocuments, Kinesis Firehose delivers all incoming records
-	// to Amazon S3, and also writes failed documents with elasticsearch-failed/
-	// appended to the prefix. For more information, see Amazon S3 Backup for Amazon
-	// Elasticsearch Service Destination (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#es-s3-backup).
+	// Kinesis Data Firehose writes any documents that could not be indexed to the
+	// configured Amazon S3 destination, with elasticsearch-failed/ appended to
+	// the key prefix. When set to AllDocuments, Kinesis Data Firehose delivers
+	// all incoming records to Amazon S3, and also writes failed documents with
+	// elasticsearch-failed/ appended to the prefix. For more information, see Data
+	// Delivery Failure Handling (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#retry).
 	// Default value is FailedDocumentsOnly.
 	S3BackupMode *string `type:"string" enum:"ElasticsearchS3BackupMode"`
 
@@ -1751,7 +2034,7 @@ type ElasticsearchDestinationDescription struct {
 	// The Amazon ES retry options.
 	RetryOptions *ElasticsearchRetryOptions `type:"structure"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	RoleARN *string `min:"1" type:"string"`
 
 	// The Amazon S3 backup mode.
@@ -1861,20 +2144,21 @@ type ElasticsearchDestinationUpdate struct {
 
 	// The Elasticsearch index rotation period. Index rotation appends a time stamp
 	// to IndexName to facilitate the expiration of old data. For more information,
-	// see Index Rotation for Amazon Elasticsearch Service Destination (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#es-index-rotation).
+	// see Index Rotation for the Amazon ES Destination (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#es-index-rotation).
 	// Default value is OneDay.
 	IndexRotationPeriod *string `type:"string" enum:"ElasticsearchIndexRotationPeriod"`
 
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The retry behavior in case Kinesis Firehose is unable to deliver documents
+	// The retry behavior in case Kinesis Data Firehose is unable to deliver documents
 	// to Amazon ES. The default value is 300 (5 minutes).
 	RetryOptions *ElasticsearchRetryOptions `type:"structure"`
 
-	// The ARN of the IAM role to be assumed by Kinesis Firehose for calling the
-	// Amazon ES Configuration API and for indexing documents. For more information,
-	// see Amazon S3 Bucket Access (http://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-s3).
+	// The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data
+	// Firehose for calling the Amazon ES Configuration API and for indexing documents.
+	// For more information, see Grant Kinesis Data Firehose Access to an Amazon
+	// S3 Destination (http://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-s3).
 	RoleARN *string `min:"1" type:"string"`
 
 	// The Amazon S3 destination.
@@ -1991,16 +2275,16 @@ func (s *ElasticsearchDestinationUpdate) SetTypeName(v string) *ElasticsearchDes
 	return s
 }
 
-// Configures retry behavior in case Kinesis Firehose is unable to deliver documents
-// to Amazon ES.
+// Configures retry behavior in case Kinesis Data Firehose is unable to deliver
+// documents to Amazon ES.
 type ElasticsearchRetryOptions struct {
 	_ struct{} `type:"structure"`
 
 	// After an initial failure to deliver to Amazon ES, the total amount of time
-	// during which Kinesis Firehose re-attempts delivery (including the first attempt).
-	// After this time has elapsed, the failed documents are written to Amazon S3.
-	// Default value is 300 seconds (5 minutes). A value of 0 (zero) results in
-	// no retries.
+	// during which Kinesis Data Firehose re-attempts delivery (including the first
+	// attempt). After this time has elapsed, the failed documents are written to
+	// Amazon S3. Default value is 300 seconds (5 minutes). A value of 0 (zero)
+	// results in no retries.
 	DurationInSeconds *int64 `type:"integer"`
 }
 
@@ -2092,16 +2376,17 @@ type ExtendedS3DestinationConfiguration struct {
 	EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
 
 	// The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered
-	// S3 files. You can specify an extra prefix to be added in front of the time
-	// format prefix. If the prefix ends with a slash, it appears as a folder in
-	// the S3 bucket. For more information, see Amazon S3 Object Name Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html)
-	// in the Amazon Kinesis Firehose Developer Guide.
+	// Amazon S3 files. You can specify an extra prefix to be added in front of
+	// the time format prefix. If the prefix ends with a slash, it appears as a
+	// folder in the S3 bucket. For more information, see Amazon S3 Object Name
+	// Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#s3-object-name)
+	// in the Amazon Kinesis Data Firehose Developer Guide.
 	Prefix *string `type:"string"`
 
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	//
 	// RoleARN is a required field
 	RoleARN *string `min:"1" type:"string" required:"true"`
@@ -2256,14 +2541,14 @@ type ExtendedS3DestinationDescription struct {
 	// The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered
 	// S3 files. You can specify an extra prefix to be added in front of the time
 	// format prefix. If the prefix ends with a slash, it appears as a folder in
-	// the S3 bucket. For more information, see Amazon S3 Object Name Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html)
-	// in the Amazon Kinesis Firehose Developer Guide.
+	// the S3 bucket. For more information, see Amazon S3 Object Name Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#s3-object-name)
+	// in the Amazon Kinesis Data Firehose Developer Guide.
 	Prefix *string `type:"string"`
 
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	//
 	// RoleARN is a required field
 	RoleARN *string `min:"1" type:"string" required:"true"`
@@ -2366,16 +2651,17 @@ type ExtendedS3DestinationUpdate struct {
 	EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
 
 	// The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered
-	// S3 files. You can specify an extra prefix to be added in front of the time
-	// format prefix. If the prefix ends with a slash, it appears as a folder in
-	// the S3 bucket. For more information, see Amazon S3 Object Name Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html)
-	// in the Amazon Kinesis Firehose Developer Guide.
+	// Amazon S3 files. You can specify an extra prefix to be added in front of
+	// the time format prefix. If the prefix ends with a slash, it appears as a
+	// folder in the S3 bucket. For more information, see Amazon S3 Object Name
+	// Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#s3-object-name)
+	// in the Amazon Kinesis Data Firehose Developer Guide.
 	Prefix *string `type:"string"`
 
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	RoleARN *string `min:"1" type:"string"`
 
 	// Enables or disables Amazon S3 backup mode.
@@ -2495,8 +2781,8 @@ func (s *ExtendedS3DestinationUpdate) SetS3BackupUpdate(v *S3DestinationUpdate)
 type KMSEncryptionConfig struct {
 	_ struct{} `type:"structure"`
 
-	// The ARN of the encryption key. Must belong to the same region as the destination
-	// Amazon S3 bucket.
+	// The Amazon Resource Name (ARN) of the encryption key. Must belong to the
+	// same AWS Region as the destination Amazon S3 bucket.
 	//
 	// AWSKMSKeyARN is a required field
 	AWSKMSKeyARN *string `min:"1" type:"string" required:"true"`
@@ -2534,17 +2820,17 @@ func (s *KMSEncryptionConfig) SetAWSKMSKeyARN(v string) *KMSEncryptionConfig {
 	return s
 }
 
-// The stream and role ARNs for a Kinesis stream used as the source for a delivery
-// stream.
+// The stream and role Amazon Resource Names (ARNs) for a Kinesis data stream
+// used as the source for a delivery stream.
 type KinesisStreamSourceConfiguration struct {
 	_ struct{} `type:"structure"`
 
-	// The ARN of the source Kinesis stream.
+	// The ARN of the source Kinesis data stream.
 	//
 	// KinesisStreamARN is a required field
 	KinesisStreamARN *string `min:"1" type:"string" required:"true"`
 
-	// The ARN of the role that provides access to the source Kinesis stream.
+	// The ARN of the role that provides access to the source Kinesis data stream.
 	//
 	// RoleARN is a required field
 	RoleARN *string `min:"1" type:"string" required:"true"`
@@ -2594,19 +2880,19 @@ func (s *KinesisStreamSourceConfiguration) SetRoleARN(v string) *KinesisStreamSo
 	return s
 }
 
-// Details about a Kinesis stream used as the source for a Kinesis Firehose
-// delivery stream.
+// Details about a Kinesis data stream used as the source for a Kinesis Data
+// Firehose delivery stream.
 type KinesisStreamSourceDescription struct {
 	_ struct{} `type:"structure"`
 
-	// Kinesis Firehose starts retrieving records from the Kinesis stream starting
-	// with this time stamp.
+	// Kinesis Data Firehose starts retrieving records from the Kinesis data stream
+	// starting with this time stamp.
 	DeliveryStartTimestamp *time.Time `type:"timestamp" timestampFormat:"unix"`
 
-	// The ARN of the source Kinesis stream.
+	// The Amazon Resource Name (ARN) of the source Kinesis data stream.
 	KinesisStreamARN *string `min:"1" type:"string"`
 
-	// The ARN of the role used by the source Kinesis stream.
+	// The ARN of the role used by the source Kinesis data stream.
 	RoleARN *string `min:"1" type:"string"`
 }
 
@@ -2645,8 +2931,8 @@ type ListDeliveryStreamsInput struct {
 	//
 	//    * DirectPut: Provider applications access the delivery stream directly.
 	//
-	//    * KinesisStreamAsSource: The delivery stream uses a Kinesis stream as
-	//    a source.
+	//    * KinesisStreamAsSource: The delivery stream uses a Kinesis data stream
+	//    as a source.
 	//
 	// This parameter is optional. If this parameter is omitted, delivery streams
 	// of all types are returned.
@@ -2739,6 +3025,114 @@ func (s *ListDeliveryStreamsOutput) SetHasMoreDeliveryStreams(v bool) *ListDeliv
 	return s
 }
 
+type ListTagsForDeliveryStreamInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the delivery stream whose tags you want to list.
+	//
+	// DeliveryStreamName is a required field
+	DeliveryStreamName *string `min:"1" type:"string" required:"true"`
+
+	// The key to use as the starting point for the list of tags. If you set this
+	// parameter, ListTagsForDeliveryStream gets all tags that occur after ExclusiveStartTagKey.
+	ExclusiveStartTagKey *string `min:"1" type:"string"`
+
+	// The number of tags to return. If this number is less than the total number
+	// of tags associated with the delivery stream, HasMoreTags is set to true in
+	// the response. To list additional tags, set ExclusiveStartTagKey to the last
+	// key in the response.
+	Limit *int64 `min:"1" type:"integer"`
+}
+
+// String returns the string representation
+func (s ListTagsForDeliveryStreamInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListTagsForDeliveryStreamInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListTagsForDeliveryStreamInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListTagsForDeliveryStreamInput"}
+	if s.DeliveryStreamName == nil {
+		invalidParams.Add(request.NewErrParamRequired("DeliveryStreamName"))
+	}
+	if s.DeliveryStreamName != nil && len(*s.DeliveryStreamName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("DeliveryStreamName", 1))
+	}
+	if s.ExclusiveStartTagKey != nil && len(*s.ExclusiveStartTagKey) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ExclusiveStartTagKey", 1))
+	}
+	if s.Limit != nil && *s.Limit < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("Limit", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDeliveryStreamName sets the DeliveryStreamName field's value.
+func (s *ListTagsForDeliveryStreamInput) SetDeliveryStreamName(v string) *ListTagsForDeliveryStreamInput {
+	s.DeliveryStreamName = &v
+	return s
+}
+
+// SetExclusiveStartTagKey sets the ExclusiveStartTagKey field's value.
+func (s *ListTagsForDeliveryStreamInput) SetExclusiveStartTagKey(v string) *ListTagsForDeliveryStreamInput {
+	s.ExclusiveStartTagKey = &v
+	return s
+}
+
+// SetLimit sets the Limit field's value.
+func (s *ListTagsForDeliveryStreamInput) SetLimit(v int64) *ListTagsForDeliveryStreamInput {
+	s.Limit = &v
+	return s
+}
+
+type ListTagsForDeliveryStreamOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If this is true in the response, more tags are available. To list the remaining
+	// tags, set ExclusiveStartTagKey to the key of the last tag returned and call
+	// ListTagsForDeliveryStream again.
+	//
+	// HasMoreTags is a required field
+	HasMoreTags *bool `type:"boolean" required:"true"`
+
+	// A list of tags associated with DeliveryStreamName, starting with the first
+	// tag after ExclusiveStartTagKey and up to the specified Limit.
+	//
+	// Tags is a required field
+	Tags []*Tag `type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s ListTagsForDeliveryStreamOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListTagsForDeliveryStreamOutput) GoString() string {
+	return s.String()
+}
+
+// SetHasMoreTags sets the HasMoreTags field's value.
+func (s *ListTagsForDeliveryStreamOutput) SetHasMoreTags(v bool) *ListTagsForDeliveryStreamOutput {
+	s.HasMoreTags = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *ListTagsForDeliveryStreamOutput) SetTags(v []*Tag) *ListTagsForDeliveryStreamOutput {
+	s.Tags = v
+	return s
+}
+
 // Describes a data processing configuration.
 type ProcessingConfiguration struct {
 	_ struct{} `type:"structure"`
@@ -3208,11 +3602,11 @@ type RedshiftDestinationConfiguration struct {
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The retry behavior in case Kinesis Firehose is unable to deliver documents
+	// The retry behavior in case Kinesis Data Firehose is unable to deliver documents
 	// to Amazon Redshift. Default value is 3600 (60 minutes).
 	RetryOptions *RedshiftRetryOptions `type:"structure"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	//
 	// RoleARN is a required field
 	RoleARN *string `min:"1" type:"string" required:"true"`
@@ -3395,11 +3789,11 @@ type RedshiftDestinationDescription struct {
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The retry behavior in case Kinesis Firehose is unable to deliver documents
+	// The retry behavior in case Kinesis Data Firehose is unable to deliver documents
 	// to Amazon Redshift. Default value is 3600 (60 minutes).
 	RetryOptions *RedshiftRetryOptions `type:"structure"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	//
 	// RoleARN is a required field
 	RoleARN *string `min:"1" type:"string" required:"true"`
@@ -3510,11 +3904,11 @@ type RedshiftDestinationUpdate struct {
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The retry behavior in case Kinesis Firehose is unable to deliver documents
+	// The retry behavior in case Kinesis Data Firehose is unable to deliver documents
 	// to Amazon Redshift. Default value is 3600 (60 minutes).
 	RetryOptions *RedshiftRetryOptions `type:"structure"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	RoleARN *string `min:"1" type:"string"`
 
 	// The Amazon S3 backup mode.
@@ -3652,15 +4046,15 @@ func (s *RedshiftDestinationUpdate) SetUsername(v string) *RedshiftDestinationUp
 	return s
 }
 
-// Configures retry behavior in case Kinesis Firehose is unable to deliver documents
-// to Amazon Redshift.
+// Configures retry behavior in case Kinesis Data Firehose is unable to deliver
+// documents to Amazon Redshift.
 type RedshiftRetryOptions struct {
 	_ struct{} `type:"structure"`
 
-	// The length of time during which Kinesis Firehose retries delivery after a
-	// failure, starting from the initial request and including the first attempt.
-	// The default value is 3600 seconds (60 minutes). Kinesis Firehose does not
-	// retry if the value of DurationInSeconds is 0 (zero) or if the first delivery
+	// The length of time during which Kinesis Data Firehose retries delivery after
+	// a failure, starting from the initial request and including the first attempt.
+	// The default value is 3600 seconds (60 minutes). Kinesis Data Firehose does
+	// not retry if the value of DurationInSeconds is 0 (zero) or if the first delivery
 	// attempt takes longer than the current value.
 	DurationInSeconds *int64 `type:"integer"`
 }
@@ -3709,13 +4103,14 @@ type S3DestinationConfiguration struct {
 	EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
 
 	// The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered
-	// S3 files. You can specify an extra prefix to be added in front of the time
-	// format prefix. If the prefix ends with a slash, it appears as a folder in
-	// the S3 bucket. For more information, see Amazon S3 Object Name Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html)
-	// in the Amazon Kinesis Firehose Developer Guide.
+	// Amazon S3 files. You can specify an extra prefix to be added in front of
+	// the time format prefix. If the prefix ends with a slash, it appears as a
+	// folder in the S3 bucket. For more information, see Amazon S3 Object Name
+	// Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#s3-object-name)
+	// in the Amazon Kinesis Data Firehose Developer Guide.
 	Prefix *string `type:"string"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	//
 	// RoleARN is a required field
 	RoleARN *string `min:"1" type:"string" required:"true"`
@@ -3835,13 +4230,14 @@ type S3DestinationDescription struct {
 	EncryptionConfiguration *EncryptionConfiguration `type:"structure" required:"true"`
 
 	// The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered
-	// S3 files. You can specify an extra prefix to be added in front of the time
-	// format prefix. If the prefix ends with a slash, it appears as a folder in
-	// the S3 bucket. For more information, see Amazon S3 Object Name Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html)
-	// in the Amazon Kinesis Firehose Developer Guide.
+	// Amazon S3 files. You can specify an extra prefix to be added in front of
+	// the time format prefix. If the prefix ends with a slash, it appears as a
+	// folder in the S3 bucket. For more information, see Amazon S3 Object Name
+	// Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#s3-object-name)
+	// in the Amazon Kinesis Data Firehose Developer Guide.
 	Prefix *string `type:"string"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	//
 	// RoleARN is a required field
 	RoleARN *string `min:"1" type:"string" required:"true"`
@@ -3925,13 +4321,14 @@ type S3DestinationUpdate struct {
 	EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
 
 	// The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered
-	// S3 files. You can specify an extra prefix to be added in front of the time
-	// format prefix. If the prefix ends with a slash, it appears as a folder in
-	// the S3 bucket. For more information, see Amazon S3 Object Name Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html)
-	// in the Amazon Kinesis Firehose Developer Guide.
+	// Amazon S3 files. You can specify an extra prefix to be added in front of
+	// the time format prefix. If the prefix ends with a slash, it appears as a
+	// folder in the S3 bucket. For more information, see Amazon S3 Object Name
+	// Format (http://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#s3-object-name)
+	// in the Amazon Kinesis Data Firehose Developer Guide.
 	Prefix *string `type:"string"`
 
-	// The ARN of the AWS credentials.
+	// The Amazon Resource Name (ARN) of the AWS credentials.
 	RoleARN *string `min:"1" type:"string"`
 }
 
@@ -4013,12 +4410,12 @@ func (s *S3DestinationUpdate) SetRoleARN(v string) *S3DestinationUpdate {
 	return s
 }
 
-// Details about a Kinesis stream used as the source for a Kinesis Firehose
-// delivery stream.
+// Details about a Kinesis data stream used as the source for a Kinesis Data
+// Firehose delivery stream.
 type SourceDescription struct {
 	_ struct{} `type:"structure"`
 
-	// The KinesisStreamSourceDescription value for the source Kinesis stream.
+	// The KinesisStreamSourceDescription value for the source Kinesis data stream.
 	KinesisStreamSourceDescription *KinesisStreamSourceDescription `type:"structure"`
 }
 
@@ -4045,25 +4442,25 @@ type SplunkDestinationConfiguration struct {
 	// The CloudWatch logging options for your delivery stream.
 	CloudWatchLoggingOptions *CloudWatchLoggingOptions `type:"structure"`
 
-	// The amount of time that Kinesis Firehose waits to receive an acknowledgment
-	// from Splunk after it sends it data. At the end of the timeout period Kinesis
-	// Firehose either tries to send the data again or considers it an error, based
-	// on your retry settings.
+	// The amount of time that Kinesis Data Firehose waits to receive an acknowledgment
+	// from Splunk after it sends it data. At the end of the timeout period, Kinesis
+	// Data Firehose either tries to send the data again or considers it an error,
+	// based on your retry settings.
 	HECAcknowledgmentTimeoutInSeconds *int64 `min:"180" type:"integer"`
 
-	// The HTTP Event Collector (HEC) endpoint to which Kinesis Firehose sends your
-	// data.
+	// The HTTP Event Collector (HEC) endpoint to which Kinesis Data Firehose sends
+	// your data.
 	//
 	// HECEndpoint is a required field
 	HECEndpoint *string `type:"string" required:"true"`
 
-	// This type can be either "Raw" or "Event".
+	// This type can be either "Raw" or "Event."
 	//
 	// HECEndpointType is a required field
 	HECEndpointType *string `type:"string" required:"true" enum:"HECEndpointType"`
 
-	// This is a GUID you obtain from your Splunk cluster when you create a new
-	// HEC endpoint.
+	// This is a GUID that you obtain from your Splunk cluster when you create a
+	// new HEC endpoint.
 	//
 	// HECToken is a required field
 	HECToken *string `type:"string" required:"true"`
@@ -4071,13 +4468,13 @@ type SplunkDestinationConfiguration struct {
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The retry behavior in case Kinesis Firehose is unable to deliver data to
-	// Splunk or if it doesn't receive an acknowledgment of receipt from Splunk.
+	// The retry behavior in case Kinesis Data Firehose is unable to deliver data
+	// to Splunk, or if it doesn't receive an acknowledgment of receipt from Splunk.
 	RetryOptions *SplunkRetryOptions `type:"structure"`
 
 	// Defines how documents should be delivered to Amazon S3. When set to FailedDocumentsOnly,
-	// Kinesis Firehose writes any data that could not be indexed to the configured
-	// Amazon S3 destination. When set to AllDocuments, Kinesis Firehose delivers
+	// Kinesis Data Firehose writes any data that could not be indexed to the configured
+	// Amazon S3 destination. When set to AllDocuments, Kinesis Data Firehose delivers
 	// all incoming records to Amazon S3, and also writes failed documents to Amazon
 	// S3. Default value is FailedDocumentsOnly.
 	S3BackupMode *string `type:"string" enum:"SplunkS3BackupMode"`
@@ -4194,17 +4591,17 @@ type SplunkDestinationDescription struct {
 	// The CloudWatch logging options for your delivery stream.
 	CloudWatchLoggingOptions *CloudWatchLoggingOptions `type:"structure"`
 
-	// The amount of time that Kinesis Firehose waits to receive an acknowledgment
-	// from Splunk after it sends it data. At the end of the timeout period Kinesis
-	// Firehose either tries to send the data again or considers it an error, based
-	// on your retry settings.
+	// The amount of time that Kinesis Data Firehose waits to receive an acknowledgment
+	// from Splunk after it sends it data. At the end of the timeout period, Kinesis
+	// Data Firehose either tries to send the data again or considers it an error,
+	// based on your retry settings.
 	HECAcknowledgmentTimeoutInSeconds *int64 `min:"180" type:"integer"`
 
-	// The HTTP Event Collector (HEC) endpoint to which Kinesis Firehose sends your
-	// data.
+	// The HTTP Event Collector (HEC) endpoint to which Kinesis Data Firehose sends
+	// your data.
 	HECEndpoint *string `type:"string"`
 
-	// This type can be either "Raw" or "Event".
+	// This type can be either "Raw" or "Event."
 	HECEndpointType *string `type:"string" enum:"HECEndpointType"`
 
 	// This is a GUID you obtain from your Splunk cluster when you create a new
@@ -4214,13 +4611,13 @@ type SplunkDestinationDescription struct {
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The retry behavior in case Kinesis Firehose is unable to deliver data to
-	// Splunk or if it doesn't receive an acknowledgment of receipt from Splunk.
+	// The retry behavior in case Kinesis Data Firehose is unable to deliver data
+	// to Splunk or if it doesn't receive an acknowledgment of receipt from Splunk.
 	RetryOptions *SplunkRetryOptions `type:"structure"`
 
 	// Defines how documents should be delivered to Amazon S3. When set to FailedDocumentsOnly,
-	// Kinesis Firehose writes any data that could not be indexed to the configured
-	// Amazon S3 destination. When set to AllDocuments, Kinesis Firehose delivers
+	// Kinesis Data Firehose writes any data that could not be indexed to the configured
+	// Amazon S3 destination. When set to AllDocuments, Kinesis Data Firehose delivers
 	// all incoming records to Amazon S3, and also writes failed documents to Amazon
 	// S3. Default value is FailedDocumentsOnly.
 	S3BackupMode *string `type:"string" enum:"SplunkS3BackupMode"`
@@ -4300,33 +4697,33 @@ type SplunkDestinationUpdate struct {
 	// The CloudWatch logging options for your delivery stream.
 	CloudWatchLoggingOptions *CloudWatchLoggingOptions `type:"structure"`
 
-	// The amount of time that Kinesis Firehose waits to receive an acknowledgment
-	// from Splunk after it sends it data. At the end of the timeout period Kinesis
-	// Firehose either tries to send the data again or considers it an error, based
-	// on your retry settings.
+	// The amount of time that Kinesis Data Firehose waits to receive an acknowledgment
+	// from Splunk after it sends data. At the end of the timeout period, Kinesis
+	// Data Firehose either tries to send the data again or considers it an error,
+	// based on your retry settings.
 	HECAcknowledgmentTimeoutInSeconds *int64 `min:"180" type:"integer"`
 
-	// The HTTP Event Collector (HEC) endpoint to which Kinesis Firehose sends your
-	// data.
+	// The HTTP Event Collector (HEC) endpoint to which Kinesis Data Firehose sends
+	// your data.
 	HECEndpoint *string `type:"string"`
 
-	// This type can be either "Raw" or "Event".
+	// This type can be either "Raw" or "Event."
 	HECEndpointType *string `type:"string" enum:"HECEndpointType"`
 
-	// This is a GUID you obtain from your Splunk cluster when you create a new
-	// HEC endpoint.
+	// A GUID that you obtain from your Splunk cluster when you create a new HEC
+	// endpoint.
 	HECToken *string `type:"string"`
 
 	// The data processing configuration.
 	ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
 
-	// The retry behavior in case Kinesis Firehose is unable to deliver data to
-	// Splunk or if it doesn't receive an acknowledgment of receipt from Splunk.
+	// The retry behavior in case Kinesis Data Firehose is unable to deliver data
+	// to Splunk or if it doesn't receive an acknowledgment of receipt from Splunk.
 	RetryOptions *SplunkRetryOptions `type:"structure"`
 
 	// Defines how documents should be delivered to Amazon S3. When set to FailedDocumentsOnly,
-	// Kinesis Firehose writes any data that could not be indexed to the configured
-	// Amazon S3 destination. When set to AllDocuments, Kinesis Firehose delivers
+	// Kinesis Data Firehose writes any data that could not be indexed to the configured
+	// Amazon S3 destination. When set to AllDocuments, Kinesis Data Firehose delivers
 	// all incoming records to Amazon S3, and also writes failed documents to Amazon
 	// S3. Default value is FailedDocumentsOnly.
 	S3BackupMode *string `type:"string" enum:"SplunkS3BackupMode"`
@@ -4422,15 +4819,15 @@ func (s *SplunkDestinationUpdate) SetS3Update(v *S3DestinationUpdate) *SplunkDes
 	return s
 }
 
-// Configures retry behavior in case Kinesis Firehose is unable to deliver documents
-// to Splunk or if it doesn't receive an acknowledgment from Splunk.
+// Configures retry behavior in case Kinesis Data Firehose is unable to deliver
+// documents to Splunk, or if it doesn't receive an acknowledgment from Splunk.
 type SplunkRetryOptions struct {
 	_ struct{} `type:"structure"`
 
-	// The total amount of time that Kinesis Firehose spends on retries. This duration
-	// starts after the initial attempt to send data to Splunk fails and doesn't
-	// include the periods during which Kinesis Firehose waits for acknowledgment
-	// from Splunk after each attempt.
+	// The total amount of time that Kinesis Data Firehose spends on retries. This
+	// duration starts after the initial attempt to send data to Splunk fails. It
+	// doesn't include the periods during which Kinesis Data Firehose waits for
+	// acknowledgment from Splunk after each attempt.
 	DurationInSeconds *int64 `type:"integer"`
 }
 
@@ -4450,11 +4847,220 @@ func (s *SplunkRetryOptions) SetDurationInSeconds(v int64) *SplunkRetryOptions {
 	return s
 }
 
+// Metadata that you can assign to a delivery stream, consisting of a key-value
+// pair.
+type Tag struct {
+	_ struct{} `type:"structure"`
+
+	// A unique identifier for the tag. Maximum length: 128 characters. Valid characters:
+	// Unicode letters, digits, white space, _ . / = + - % @
+	//
+	// Key is a required field
+	Key *string `min:"1" type:"string" required:"true"`
+
+	// An optional string, which you can use to describe or define the tag. Maximum
+	// length: 256 characters. Valid characters: Unicode letters, digits, white
+	// space, _ . / = + - % @
+	Value *string `type:"string"`
+}
+
+// String returns the string representation
+func (s Tag) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s Tag) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tag) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Tag"}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *Tag) SetKey(v string) *Tag {
+	s.Key = &v
+	return s
+}
+
+// SetValue sets the Value field's value.
+func (s *Tag) SetValue(v string) *Tag {
+	s.Value = &v
+	return s
+}
+
+type TagDeliveryStreamInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the delivery stream to which you want to add the tags.
+	//
+	// DeliveryStreamName is a required field
+	DeliveryStreamName *string `min:"1" type:"string" required:"true"`
+
+	// A set of key-value pairs to use to create the tags.
+	//
+	// Tags is a required field
+	Tags []*Tag `min:"1" type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s TagDeliveryStreamInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s TagDeliveryStreamInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TagDeliveryStreamInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "TagDeliveryStreamInput"}
+	if s.DeliveryStreamName == nil {
+		invalidParams.Add(request.NewErrParamRequired("DeliveryStreamName"))
+	}
+	if s.DeliveryStreamName != nil && len(*s.DeliveryStreamName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("DeliveryStreamName", 1))
+	}
+	if s.Tags == nil {
+		invalidParams.Add(request.NewErrParamRequired("Tags"))
+	}
+	if s.Tags != nil && len(s.Tags) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
+	}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDeliveryStreamName sets the DeliveryStreamName field's value.
+func (s *TagDeliveryStreamInput) SetDeliveryStreamName(v string) *TagDeliveryStreamInput {
+	s.DeliveryStreamName = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *TagDeliveryStreamInput) SetTags(v []*Tag) *TagDeliveryStreamInput {
+	s.Tags = v
+	return s
+}
+
+type TagDeliveryStreamOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s TagDeliveryStreamOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s TagDeliveryStreamOutput) GoString() string {
+	return s.String()
+}
+
+type UntagDeliveryStreamInput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the delivery stream.
+	//
+	// DeliveryStreamName is a required field
+	DeliveryStreamName *string `min:"1" type:"string" required:"true"`
+
+	// A list of tag keys. Each corresponding tag is removed from the delivery stream.
+	//
+	// TagKeys is a required field
+	TagKeys []*string `min:"1" type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s UntagDeliveryStreamInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UntagDeliveryStreamInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UntagDeliveryStreamInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "UntagDeliveryStreamInput"}
+	if s.DeliveryStreamName == nil {
+		invalidParams.Add(request.NewErrParamRequired("DeliveryStreamName"))
+	}
+	if s.DeliveryStreamName != nil && len(*s.DeliveryStreamName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("DeliveryStreamName", 1))
+	}
+	if s.TagKeys == nil {
+		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
+	}
+	if s.TagKeys != nil && len(s.TagKeys) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TagKeys", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDeliveryStreamName sets the DeliveryStreamName field's value.
+func (s *UntagDeliveryStreamInput) SetDeliveryStreamName(v string) *UntagDeliveryStreamInput {
+	s.DeliveryStreamName = &v
+	return s
+}
+
+// SetTagKeys sets the TagKeys field's value.
+func (s *UntagDeliveryStreamInput) SetTagKeys(v []*string) *UntagDeliveryStreamInput {
+	s.TagKeys = v
+	return s
+}
+
+type UntagDeliveryStreamOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s UntagDeliveryStreamOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UntagDeliveryStreamOutput) GoString() string {
+	return s.String()
+}
+
 type UpdateDestinationInput struct {
 	_ struct{} `type:"structure"`
 
 	// Obtain this value from the VersionId result of DeliveryStreamDescription.
-	// This value is required, and helps the service to perform conditional operations.
+	// This value is required, and it helps the service perform conditional operations.
 	// For example, if there is an interleaving update and this value is null, then
 	// the update destination fails. After the update is successful, the VersionId
 	// value is updated. The service then performs a merge of the old configuration
diff --git a/vendor/github.com/aws/aws-sdk-go/service/firehose/doc.go b/vendor/github.com/aws/aws-sdk-go/service/firehose/doc.go
index a183c051c9d..32bec009c2f 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/firehose/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/firehose/doc.go
@@ -3,9 +3,9 @@
 // Package firehose provides the client and types for making API
 // requests to Amazon Kinesis Firehose.
 //
-// Amazon Kinesis Firehose is a fully managed service that delivers real-time
+// Amazon Kinesis Data Firehose is a fully managed service that delivers real-time
 // streaming data to destinations such as Amazon Simple Storage Service (Amazon
-// S3), Amazon Elasticsearch Service (Amazon ES), and Amazon Redshift.
+// S3), Amazon Elasticsearch Service (Amazon ES), Amazon Redshift, and Splunk.
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04 for more information on this service.
 //
diff --git a/vendor/github.com/aws/aws-sdk-go/service/firehose/errors.go b/vendor/github.com/aws/aws-sdk-go/service/firehose/errors.go
index 7854fccd3ff..d70656e3e3e 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/firehose/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/firehose/errors.go
@@ -38,9 +38,9 @@ const (
 	// ErrCodeServiceUnavailableException for service response error code
 	// "ServiceUnavailableException".
 	//
-	// The service is unavailable, back off and retry the operation. If you continue
+	// The service is unavailable. Back off and retry the operation. If you continue
 	// to see the exception, throughput limits for the delivery stream may have
 	// been exceeded. For more information about limits and how to request an increase,
-	// see Amazon Kinesis Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
+	// see Amazon Kinesis Data Firehose Limits (http://docs.aws.amazon.com/firehose/latest/dev/limits.html).
 	ErrCodeServiceUnavailableException = "ServiceUnavailableException"
 )
diff --git a/vendor/github.com/aws/aws-sdk-go/service/glacier/api.go b/vendor/github.com/aws/aws-sdk-go/service/glacier/api.go
index 177764b646d..8087df5f760 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/glacier/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/glacier/api.go
@@ -1030,7 +1030,7 @@ func (c *Glacier) DeleteVaultNotificationsRequest(input *DeleteVaultNotification
 // AWS Identity and Access Management (IAM) users don't have any permissions
 // by default. You must grant them explicit permission to perform specific actions.
 // For more information, see Access Control Using AWS Identity and Access Management
-// (IAM) (http://docs.aws.amazon.com/latest/dev/using-iam-with-amazon-glacier.html).
+// (IAM) (http://docs.aws.amazon.com/amazonglacier/latest/dev/using-iam-with-amazon-glacier.html).
 //
 // For conceptual information and underlying REST API, see Configuring Vault
 // Notifications in Amazon Glacier (http://docs.aws.amazon.com/amazonglacier/latest/dev/configuring-notifications.html)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/guardduty/api.go b/vendor/github.com/aws/aws-sdk-go/service/guardduty/api.go
index 0273d17d1f9..02970d29fae 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/guardduty/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/guardduty/api.go
@@ -3,6 +3,8 @@
 package guardduty
 
 import (
+	"fmt"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awsutil"
 	"github.com/aws/aws-sdk-go/aws/request"
@@ -2955,7 +2957,7 @@ func (c *GuardDuty) StopMonitoringMembersRequest(input *StopMonitoringMembersInp
 //
 // Disables GuardDuty from monitoring findings of the member accounts specified
 // by the account IDs. After running this command, a master GuardDuty account
-// can run StartMonitoringMembers to re-enable GuardDuty to monitor these members'
+// can run StartMonitoringMembers to re-enable GuardDuty to monitor these members’
 // findings.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -3530,10 +3532,14 @@ type AccountDetail struct {
 	_ struct{} `type:"structure"`
 
 	// Member account ID.
-	AccountId *string `locationName:"accountId" type:"string"`
+	//
+	// AccountId is a required field
+	AccountId *string `locationName:"accountId" type:"string" required:"true"`
 
 	// Member account's email address.
-	Email *string `locationName:"email" type:"string"`
+	//
+	// Email is a required field
+	Email *string `locationName:"email" type:"string" required:"true"`
 }
 
 // String returns the string representation
@@ -3546,6 +3552,22 @@ func (s AccountDetail) GoString() string {
 	return s.String()
 }
 
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AccountDetail) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AccountDetail"}
+	if s.AccountId == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccountId"))
+	}
+	if s.Email == nil {
+		invalidParams.Add(request.NewErrParamRequired("Email"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
 // SetAccountId sets the AccountId field's value.
 func (s *AccountDetail) SetAccountId(v string) *AccountDetail {
 	s.AccountId = &v
@@ -4047,6 +4069,16 @@ func (s *CreateMembersInput) Validate() error {
 	if s.DetectorId == nil {
 		invalidParams.Add(request.NewErrParamRequired("DetectorId"))
 	}
+	if s.AccountDetails != nil {
+		for i, v := range s.AccountDetails {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AccountDetails", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -4762,51 +4794,71 @@ type Finding struct {
 
 	// AWS account ID where the activity occurred that prompted GuardDuty to generate
 	// a finding.
-	AccountId *string `locationName:"accountId" type:"string"`
+	//
+	// AccountId is a required field
+	AccountId *string `locationName:"accountId" type:"string" required:"true"`
 
 	// The ARN of a finding described by the action.
-	Arn *string `locationName:"arn" type:"string"`
+	//
+	// Arn is a required field
+	Arn *string `locationName:"arn" type:"string" required:"true"`
 
 	// The confidence level of a finding.
 	Confidence *float64 `locationName:"confidence" type:"double"`
 
 	// The time stamp at which a finding was generated.
-	CreatedAt *string `locationName:"createdAt" type:"string"`
+	//
+	// CreatedAt is a required field
+	CreatedAt *string `locationName:"createdAt" type:"string" required:"true"`
 
 	// The description of a finding.
 	Description *string `locationName:"description" type:"string"`
 
 	// The identifier that corresponds to a finding described by the action.
-	Id *string `locationName:"id" type:"string"`
+	//
+	// Id is a required field
+	Id *string `locationName:"id" type:"string" required:"true"`
 
 	// The AWS resource partition.
 	Partition *string `locationName:"partition" type:"string"`
 
 	// The AWS region where the activity occurred that prompted GuardDuty to generate
 	// a finding.
-	Region *string `locationName:"region" type:"string"`
+	//
+	// Region is a required field
+	Region *string `locationName:"region" type:"string" required:"true"`
 
 	// The AWS resource associated with the activity that prompted GuardDuty to
 	// generate a finding.
-	Resource *Resource `locationName:"resource" type:"structure"`
+	//
+	// Resource is a required field
+	Resource *Resource `locationName:"resource" type:"structure" required:"true"`
 
 	// Findings' schema version.
-	SchemaVersion *string `locationName:"schemaVersion" type:"string"`
+	//
+	// SchemaVersion is a required field
+	SchemaVersion *string `locationName:"schemaVersion" type:"string" required:"true"`
 
 	// Additional information assigned to the generated finding by GuardDuty.
 	Service *Service `locationName:"service" type:"structure"`
 
 	// The severity of a finding.
-	Severity *float64 `locationName:"severity" type:"double"`
+	//
+	// Severity is a required field
+	Severity *float64 `locationName:"severity" type:"double" required:"true"`
 
 	// The title of a finding.
 	Title *string `locationName:"title" type:"string"`
 
 	// The type of a finding described by the action.
-	Type *string `locationName:"type" type:"string"`
+	//
+	// Type is a required field
+	Type *string `locationName:"type" type:"string" required:"true"`
 
 	// The time stamp at which a finding was last updated.
-	UpdatedAt *string `locationName:"updatedAt" type:"string"`
+	//
+	// UpdatedAt is a required field
+	UpdatedAt *string `locationName:"updatedAt" type:"string" required:"true"`
 }
 
 // String returns the string representation
@@ -5825,7 +5877,10 @@ type InviteMembersInput struct {
 	// DetectorId is a required field
 	DetectorId *string `location:"uri" locationName:"detectorId" type:"string" required:"true"`
 
-	// The invitation message that you want to send to the accounts that you're
+	// Indicates whether invite member email notification is disabled
+	DisableEmailNotification *bool `locationName:"disableEmailNotification" type:"boolean"`
+
+	// The invitation message that you want to send to the accounts that you’re
 	// inviting to GuardDuty as members.
 	Message *string `locationName:"message" type:"string"`
 }
@@ -5865,6 +5920,12 @@ func (s *InviteMembersInput) SetDetectorId(v string) *InviteMembersInput {
 	return s
 }
 
+// SetDisableEmailNotification sets the DisableEmailNotification field's value.
+func (s *InviteMembersInput) SetDisableEmailNotification(v bool) *InviteMembersInput {
+	s.DisableEmailNotification = &v
+	return s
+}
+
 // SetMessage sets the Message field's value.
 func (s *InviteMembersInput) SetMessage(v string) *InviteMembersInput {
 	s.Message = &v
@@ -6550,25 +6611,35 @@ type Member struct {
 	_ struct{} `type:"structure"`
 
 	// AWS account ID.
-	AccountId *string `locationName:"accountId" type:"string"`
+	//
+	// AccountId is a required field
+	AccountId *string `locationName:"accountId" type:"string" required:"true"`
 
 	// The unique identifier for a detector.
 	DetectorId *string `locationName:"detectorId" type:"string"`
 
 	// Member account's email address.
-	Email *string `locationName:"email" type:"string"`
+	//
+	// Email is a required field
+	Email *string `locationName:"email" type:"string" required:"true"`
 
 	// Timestamp at which the invitation was sent
 	InvitedAt *string `locationName:"invitedAt" type:"string"`
 
 	// The master account ID.
-	MasterId *string `locationName:"masterId" type:"string"`
+	//
+	// MasterId is a required field
+	MasterId *string `locationName:"masterId" type:"string" required:"true"`
 
 	// The status of the relationship between the member and the master.
-	RelationshipStatus *string `locationName:"relationshipStatus" type:"string"`
+	//
+	// RelationshipStatus is a required field
+	RelationshipStatus *string `locationName:"relationshipStatus" type:"string" required:"true"`
 
 	// The first time a resource was created. The format will be ISO-8601.
-	UpdatedAt *string `locationName:"updatedAt" type:"string"`
+	//
+	// UpdatedAt is a required field
+	UpdatedAt *string `locationName:"updatedAt" type:"string" required:"true"`
 }
 
 // String returns the string representation
@@ -7517,10 +7588,14 @@ type UnprocessedAccount struct {
 	_ struct{} `type:"structure"`
 
 	// AWS Account ID.
-	AccountId *string `locationName:"accountId" type:"string"`
+	//
+	// AccountId is a required field
+	AccountId *string `locationName:"accountId" type:"string" required:"true"`
 
 	// A reason why the account hasn't been processed.
-	Result *string `locationName:"result" type:"string"`
+	//
+	// Result is a required field
+	Result *string `locationName:"result" type:"string" required:"true"`
 }
 
 // String returns the string representation
diff --git a/vendor/github.com/aws/aws-sdk-go/service/iot/api.go b/vendor/github.com/aws/aws-sdk-go/service/iot/api.go
index ef322f6b90e..a86abf00e4b 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/iot/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/iot/api.go
@@ -1804,7 +1804,7 @@ func (c *IoT) CreateThingRequest(input *CreateThingInput) (req *request.Request,
 
 // CreateThing API operation for AWS IoT.
 //
-// Creates a thing record in the thing registry.
+// Creates a thing record in the registry.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -11258,7 +11258,8 @@ func (c *IoT) UpdateThingGroupsForThingWithContext(ctx aws.Context, input *Updat
 type AcceptCertificateTransferInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the certificate.
+	// The ID of the certificate. (The last part of the certificate ARN contains
+	// the certificate ID.)
 	//
 	// CertificateId is a required field
 	CertificateId *string `location:"uri" locationName:"certificateId" min:"64" type:"string" required:"true"`
@@ -11343,6 +11344,9 @@ type Action struct {
 	// Write to an Amazon Kinesis Firehose stream.
 	Firehose *FirehoseAction `locationName:"firehose" type:"structure"`
 
+	// Sends message data to an AWS IoT Analytics channel.
+	IotAnalytics *IotAnalyticsAction `locationName:"iotAnalytics" type:"structure"`
+
 	// Write data to an Amazon Kinesis stream.
 	Kinesis *KinesisAction `locationName:"kinesis" type:"structure"`
 
@@ -11486,6 +11490,12 @@ func (s *Action) SetFirehose(v *FirehoseAction) *Action {
 	return s
 }
 
+// SetIotAnalytics sets the IotAnalytics field's value.
+func (s *Action) SetIotAnalytics(v *IotAnalyticsAction) *Action {
+	s.IotAnalytics = v
+	return s
+}
+
 // SetKinesis sets the Kinesis field's value.
 func (s *Action) SetKinesis(v *KinesisAction) *Action {
 	s.Kinesis = v
@@ -12283,10 +12293,13 @@ type CACertificateDescription struct {
 	// The date the CA certificate was created.
 	CreationDate *time.Time `locationName:"creationDate" type:"timestamp" timestampFormat:"unix"`
 
+	// The customer version of the CA certificate.
 	CustomerVersion *int64 `locationName:"customerVersion" min:"1" type:"integer"`
 
+	// The generation ID of the CA certificate.
 	GenerationId *string `locationName:"generationId" type:"string"`
 
+	// The date the CA certificate was last modified.
 	LastModifiedDate *time.Time `locationName:"lastModifiedDate" type:"timestamp" timestampFormat:"unix"`
 
 	// The owner of the CA certificate.
@@ -12370,7 +12383,8 @@ func (s *CACertificateDescription) SetStatus(v string) *CACertificateDescription
 type CancelCertificateTransferInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the certificate.
+	// The ID of the certificate. (The last part of the certificate ARN contains
+	// the certificate ID.)
 	//
 	// CertificateId is a required field
 	CertificateId *string `location:"uri" locationName:"certificateId" min:"64" type:"string" required:"true"`
@@ -12520,7 +12534,8 @@ type Certificate struct {
 	// The ARN of the certificate.
 	CertificateArn *string `locationName:"certificateArn" type:"string"`
 
-	// The ID of the certificate.
+	// The ID of the certificate. (The last part of the certificate ARN contains
+	// the certificate ID.)
 	CertificateId *string `locationName:"certificateId" min:"64" type:"string"`
 
 	// The date and time the certificate was created.
@@ -12585,8 +12600,10 @@ type CertificateDescription struct {
 	// The date and time the certificate was created.
 	CreationDate *time.Time `locationName:"creationDate" type:"timestamp" timestampFormat:"unix"`
 
+	// The customer version of the certificate.
 	CustomerVersion *int64 `locationName:"customerVersion" min:"1" type:"integer"`
 
+	// The generation ID of the certificate.
 	GenerationId *string `locationName:"generationId" type:"string"`
 
 	// The date and time the certificate was last modified.
@@ -14739,7 +14756,8 @@ func (s DeleteAuthorizerOutput) GoString() string {
 type DeleteCACertificateInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the certificate to delete.
+	// The ID of the certificate to delete. (The last part of the certificate ARN
+	// contains the certificate ID.)
 	//
 	// CertificateId is a required field
 	CertificateId *string `location:"uri" locationName:"caCertificateId" min:"64" type:"string" required:"true"`
@@ -14796,7 +14814,8 @@ func (s DeleteCACertificateOutput) GoString() string {
 type DeleteCertificateInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the certificate.
+	// The ID of the certificate. (The last part of the certificate ARN contains
+	// the certificate ID.)
 	//
 	// CertificateId is a required field
 	CertificateId *string `location:"uri" locationName:"certificateId" min:"64" type:"string" required:"true"`
@@ -15734,7 +15753,8 @@ func (s *DescribeCACertificateOutput) SetRegistrationConfig(v *RegistrationConfi
 type DescribeCertificateInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the certificate.
+	// The ID of the certificate. (The last part of the certificate ARN contains
+	// the certificate ID.)
 	//
 	// CertificateId is a required field
 	CertificateId *string `location:"uri" locationName:"certificateId" min:"64" type:"string" required:"true"`
@@ -17945,13 +17965,16 @@ func (s *GetPolicyInput) SetPolicyName(v string) *GetPolicyInput {
 type GetPolicyOutput struct {
 	_ struct{} `type:"structure"`
 
+	// The date the policy was created.
 	CreationDate *time.Time `locationName:"creationDate" type:"timestamp" timestampFormat:"unix"`
 
 	// The default policy version ID.
 	DefaultVersionId *string `locationName:"defaultVersionId" type:"string"`
 
+	// The generation ID of the policy.
 	GenerationId *string `locationName:"generationId" type:"string"`
 
+	// The date the policy was last modified.
 	LastModifiedDate *time.Time `locationName:"lastModifiedDate" type:"timestamp" timestampFormat:"unix"`
 
 	// The policy ARN.
@@ -18076,13 +18099,16 @@ func (s *GetPolicyVersionInput) SetPolicyVersionId(v string) *GetPolicyVersionIn
 type GetPolicyVersionOutput struct {
 	_ struct{} `type:"structure"`
 
+	// The date the policy version was created.
 	CreationDate *time.Time `locationName:"creationDate" type:"timestamp" timestampFormat:"unix"`
 
+	// The generation ID of the policy version.
 	GenerationId *string `locationName:"generationId" type:"string"`
 
 	// Specifies whether the policy version is the default.
 	IsDefaultVersion *bool `locationName:"isDefaultVersion" type:"boolean"`
 
+	// The date the policy version was last modified.
 	LastModifiedDate *time.Time `locationName:"lastModifiedDate" type:"timestamp" timestampFormat:"unix"`
 
 	// The policy ARN.
@@ -18384,6 +18410,50 @@ func (s *ImplicitDeny) SetPolicies(v []*Policy) *ImplicitDeny {
 	return s
 }
 
+// Sends message data to an AWS IoT Analytics channel.
+type IotAnalyticsAction struct {
+	_ struct{} `type:"structure"`
+
+	// (deprecated) The ARN of the IoT Analytics channel to which message data will
+	// be sent.
+	ChannelArn *string `locationName:"channelArn" type:"string"`
+
+	// The name of the IoT Analytics channel to which message data will be sent.
+	ChannelName *string `locationName:"channelName" type:"string"`
+
+	// The ARN of the role which has a policy that grants IoT permission to send
+	// message data via IoT Analytics (iotanalytics:BatchPutMessage).
+	RoleArn *string `locationName:"roleArn" type:"string"`
+}
+
+// String returns the string representation
+func (s IotAnalyticsAction) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s IotAnalyticsAction) GoString() string {
+	return s.String()
+}
+
+// SetChannelArn sets the ChannelArn field's value.
+func (s *IotAnalyticsAction) SetChannelArn(v string) *IotAnalyticsAction {
+	s.ChannelArn = &v
+	return s
+}
+
+// SetChannelName sets the ChannelName field's value.
+func (s *IotAnalyticsAction) SetChannelName(v string) *IotAnalyticsAction {
+	s.ChannelName = &v
+	return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *IotAnalyticsAction) SetRoleArn(v string) *IotAnalyticsAction {
+	s.RoleArn = &v
+	return s
+}
+
 // The Job object contains details about a job.
 type Job struct {
 	_ struct{} `type:"structure"`
@@ -20030,7 +20100,7 @@ type ListOTAUpdatesInput struct {
 	// The maximum number of results to return at one time.
 	MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
 
-	// A token used to retreive the next set of results.
+	// A token used to retrieve the next set of results.
 	NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
 
 	// The OTA update job status.
@@ -22754,10 +22824,12 @@ func (s *RegisterCertificateOutput) SetCertificateId(v string) *RegisterCertific
 type RegisterThingInput struct {
 	_ struct{} `type:"structure"`
 
-	// The parameters for provisioning a thing.
+	// The parameters for provisioning a thing. See Programmatic Provisioning (http://docs.aws.amazon.com/iot/latest/developerguide/programmatic-provisioning.html)
+	// for more information.
 	Parameters map[string]*string `locationName:"parameters" type:"map"`
 
-	// The provisioning template.
+	// The provisioning template. See Programmatic Provisioning (http://docs.aws.amazon.com/iot/latest/developerguide/programmatic-provisioning.html)
+	// for more information.
 	//
 	// TemplateBody is a required field
 	TemplateBody *string `locationName:"templateBody" type:"string" required:"true"`
@@ -22880,7 +22952,8 @@ func (s *RegistrationConfig) SetTemplateBody(v string) *RegistrationConfig {
 type RejectCertificateTransferInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the certificate.
+	// The ID of the certificate. (The last part of the certificate ARN contains
+	// the certificate ID.)
 	//
 	// CertificateId is a required field
 	CertificateId *string `location:"uri" locationName:"certificateId" min:"64" type:"string" required:"true"`
@@ -23168,6 +23241,7 @@ type RoleAliasDescription struct {
 	// The role alias.
 	RoleAlias *string `locationName:"roleAlias" min:"1" type:"string"`
 
+	// The ARN of the role alias.
 	RoleAliasArn *string `locationName:"roleAliasArn" type:"string"`
 
 	// The role ARN.
@@ -24716,7 +24790,7 @@ type ThingDocument struct {
 	// The attributes.
 	Attributes map[string]*string `locationName:"attributes" type:"map"`
 
-	// The thing shadow.
+	// The shadow.
 	Shadow *string `locationName:"shadow" type:"string"`
 
 	// Thing group names.
@@ -25274,7 +25348,8 @@ func (s *TopicRulePayload) SetSql(v string) *TopicRulePayload {
 type TransferCertificateInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the certificate.
+	// The ID of the certificate. (The last part of the certificate ARN contains
+	// the certificate ID.)
 	//
 	// CertificateId is a required field
 	CertificateId *string `location:"uri" locationName:"certificateId" min:"64" type:"string" required:"true"`
@@ -25636,7 +25711,8 @@ func (s UpdateCACertificateOutput) GoString() string {
 type UpdateCertificateInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the certificate.
+	// The ID of the certificate. (The last part of the certificate ARN contains
+	// the certificate ID.)
 	//
 	// CertificateId is a required field
 	CertificateId *string `location:"uri" locationName:"certificateId" min:"64" type:"string" required:"true"`
diff --git a/vendor/github.com/aws/aws-sdk-go/service/iot/doc.go b/vendor/github.com/aws/aws-sdk-go/service/iot/doc.go
index 92337e2e6ef..c072101851f 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/iot/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/iot/doc.go
@@ -4,11 +4,11 @@
 // requests to AWS IoT.
 //
 // AWS IoT provides secure, bi-directional communication between Internet-connected
-// things (such as sensors, actuators, embedded devices, or smart appliances)
+// devices (such as sensors, actuators, embedded devices, or smart appliances)
 // and the AWS cloud. You can discover your custom IoT-Data endpoint to communicate
 // with, configure rules for data processing and integration with other services,
-// organize resources associated with each thing (Thing Registry), configure
-// logging, and create and manage policies and credentials to authenticate things.
+// organize resources associated with each device (Registry), configure logging,
+// and create and manage policies and credentials to authenticate devices.
 //
 // For more information about how AWS IoT works, see the Developer Guide (http://docs.aws.amazon.com/iot/latest/developerguide/aws-iot-how-it-works.html).
 //
diff --git a/vendor/github.com/aws/aws-sdk-go/service/medialive/api.go b/vendor/github.com/aws/aws-sdk-go/service/medialive/api.go
index fe363406741..f926d2e5977 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/medialive/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/medialive/api.go
@@ -3248,6 +3248,8 @@ type CaptionDestinationSettings struct {
 
 	EmbeddedPlusScte20DestinationSettings *EmbeddedPlusScte20DestinationSettings `locationName:"embeddedPlusScte20DestinationSettings" type:"structure"`
 
+	RtmpCaptionInfoDestinationSettings *RtmpCaptionInfoDestinationSettings `locationName:"rtmpCaptionInfoDestinationSettings" type:"structure"`
+
 	Scte20PlusEmbeddedDestinationSettings *Scte20PlusEmbeddedDestinationSettings `locationName:"scte20PlusEmbeddedDestinationSettings" type:"structure"`
 
 	Scte27DestinationSettings *Scte27DestinationSettings `locationName:"scte27DestinationSettings" type:"structure"`
@@ -3321,6 +3323,12 @@ func (s *CaptionDestinationSettings) SetEmbeddedPlusScte20DestinationSettings(v
 	return s
 }
 
+// SetRtmpCaptionInfoDestinationSettings sets the RtmpCaptionInfoDestinationSettings field's value.
+func (s *CaptionDestinationSettings) SetRtmpCaptionInfoDestinationSettings(v *RtmpCaptionInfoDestinationSettings) *CaptionDestinationSettings {
+	s.RtmpCaptionInfoDestinationSettings = v
+	return s
+}
+
 // SetScte20PlusEmbeddedDestinationSettings sets the Scte20PlusEmbeddedDestinationSettings field's value.
 func (s *CaptionDestinationSettings) SetScte20PlusEmbeddedDestinationSettings(v *Scte20PlusEmbeddedDestinationSettings) *CaptionDestinationSettings {
 	s.Scte20PlusEmbeddedDestinationSettings = v
@@ -7353,7 +7361,7 @@ type InputLocation struct {
 
 	// Uniform Resource Identifier - This should be a path to a file accessible
 	// to the Live system (eg. a http:// URI) depending on the output type. For
-	// example, a rtmpEndpoint should have a uri simliar to: "rtmp://fmsserver/live".
+	// example, a RTMP destination should have a uri simliar to: "rtmp://fmsserver/live".
 	//
 	// Uri is a required field
 	Uri *string `locationName:"uri" type:"string" required:"true"`
@@ -8705,6 +8713,11 @@ type M3u8Settings struct {
 	// When set to passthrough, timed metadata is passed through from input to output.
 	TimedMetadataBehavior *string `locationName:"timedMetadataBehavior" type:"string" enum:"M3u8TimedMetadataBehavior"`
 
+	// Packet Identifier (PID) of the timed metadata stream in the transport stream.
+	// Can be entered as a decimal or hexadecimal value. Valid values are 32 (or
+	// 0x20)..8182 (or 0x1ff6).
+	TimedMetadataPid *string `locationName:"timedMetadataPid" type:"string"`
+
 	// The value of the transport stream ID field in the Program Map Table.
 	TransportStreamId *int64 `locationName:"transportStreamId" type:"integer"`
 
@@ -8801,6 +8814,12 @@ func (s *M3u8Settings) SetTimedMetadataBehavior(v string) *M3u8Settings {
 	return s
 }
 
+// SetTimedMetadataPid sets the TimedMetadataPid field's value.
+func (s *M3u8Settings) SetTimedMetadataPid(v string) *M3u8Settings {
+	s.TimedMetadataPid = &v
+	return s
+}
+
 // SetTransportStreamId sets the TransportStreamId field's value.
 func (s *M3u8Settings) SetTransportStreamId(v int64) *M3u8Settings {
 	s.TransportStreamId = &v
@@ -8869,8 +8888,7 @@ type MsSmoothGroupSettings struct {
 
 	// If set to verifyAuthenticity, verify the https certificate chain to a trusted
 	// Certificate Authority (CA). This will cause https outputs to self-signed
-	// certificates to fail unless those certificates are manually added to the
-	// OS trusted keystore.
+	// certificates to fail.
 	CertificateMode *string `locationName:"certificateMode" type:"string" enum:"SmoothGroupCertificateMode"`
 
 	// Number of seconds to wait before retrying connection to the IIS server if
@@ -9273,6 +9291,9 @@ type OutputDestinationSettings struct {
 	// key used to extract the password from EC2 Parameter store
 	PasswordParam *string `locationName:"passwordParam" type:"string"`
 
+	// Stream name for RTMP destinations (URLs of type rtmp://)
+	StreamName *string `locationName:"streamName" type:"string"`
+
 	// A URL specifying a destination
 	Url *string `locationName:"url" type:"string"`
 
@@ -9296,6 +9317,12 @@ func (s *OutputDestinationSettings) SetPasswordParam(v string) *OutputDestinatio
 	return s
 }
 
+// SetStreamName sets the StreamName field's value.
+func (s *OutputDestinationSettings) SetStreamName(v string) *OutputDestinationSettings {
+	s.StreamName = &v
+	return s
+}
+
 // SetUrl sets the Url field's value.
 func (s *OutputDestinationSettings) SetUrl(v string) *OutputDestinationSettings {
 	s.Url = &v
@@ -9394,6 +9421,8 @@ type OutputGroupSettings struct {
 
 	MsSmoothGroupSettings *MsSmoothGroupSettings `locationName:"msSmoothGroupSettings" type:"structure"`
 
+	RtmpGroupSettings *RtmpGroupSettings `locationName:"rtmpGroupSettings" type:"structure"`
+
 	UdpGroupSettings *UdpGroupSettings `locationName:"udpGroupSettings" type:"structure"`
 }
 
@@ -9425,6 +9454,11 @@ func (s *OutputGroupSettings) Validate() error {
 			invalidParams.AddNested("MsSmoothGroupSettings", err.(request.ErrInvalidParams))
 		}
 	}
+	if s.RtmpGroupSettings != nil {
+		if err := s.RtmpGroupSettings.Validate(); err != nil {
+			invalidParams.AddNested("RtmpGroupSettings", err.(request.ErrInvalidParams))
+		}
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -9450,6 +9484,12 @@ func (s *OutputGroupSettings) SetMsSmoothGroupSettings(v *MsSmoothGroupSettings)
 	return s
 }
 
+// SetRtmpGroupSettings sets the RtmpGroupSettings field's value.
+func (s *OutputGroupSettings) SetRtmpGroupSettings(v *RtmpGroupSettings) *OutputGroupSettings {
+	s.RtmpGroupSettings = v
+	return s
+}
+
 // SetUdpGroupSettings sets the UdpGroupSettings field's value.
 func (s *OutputGroupSettings) SetUdpGroupSettings(v *UdpGroupSettings) *OutputGroupSettings {
 	s.UdpGroupSettings = v
@@ -9488,6 +9528,8 @@ type OutputSettings struct {
 
 	MsSmoothOutputSettings *MsSmoothOutputSettings `locationName:"msSmoothOutputSettings" type:"structure"`
 
+	RtmpOutputSettings *RtmpOutputSettings `locationName:"rtmpOutputSettings" type:"structure"`
+
 	UdpOutputSettings *UdpOutputSettings `locationName:"udpOutputSettings" type:"structure"`
 }
 
@@ -9514,6 +9556,11 @@ func (s *OutputSettings) Validate() error {
 			invalidParams.AddNested("HlsOutputSettings", err.(request.ErrInvalidParams))
 		}
 	}
+	if s.RtmpOutputSettings != nil {
+		if err := s.RtmpOutputSettings.Validate(); err != nil {
+			invalidParams.AddNested("RtmpOutputSettings", err.(request.ErrInvalidParams))
+		}
+	}
 	if s.UdpOutputSettings != nil {
 		if err := s.UdpOutputSettings.Validate(); err != nil {
 			invalidParams.AddNested("UdpOutputSettings", err.(request.ErrInvalidParams))
@@ -9544,6 +9591,12 @@ func (s *OutputSettings) SetMsSmoothOutputSettings(v *MsSmoothOutputSettings) *O
 	return s
 }
 
+// SetRtmpOutputSettings sets the RtmpOutputSettings field's value.
+func (s *OutputSettings) SetRtmpOutputSettings(v *RtmpOutputSettings) *OutputSettings {
+	s.RtmpOutputSettings = v
+	return s
+}
+
 // SetUdpOutputSettings sets the UdpOutputSettings field's value.
 func (s *OutputSettings) SetUdpOutputSettings(v *UdpOutputSettings) *OutputSettings {
 	s.UdpOutputSettings = v
@@ -9636,6 +9689,176 @@ func (s *RemixSettings) SetChannelsOut(v int64) *RemixSettings {
 	return s
 }
 
+type RtmpCaptionInfoDestinationSettings struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s RtmpCaptionInfoDestinationSettings) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s RtmpCaptionInfoDestinationSettings) GoString() string {
+	return s.String()
+}
+
+type RtmpGroupSettings struct {
+	_ struct{} `type:"structure"`
+
+	// Authentication scheme to use when connecting with CDN
+	AuthenticationScheme *string `locationName:"authenticationScheme" type:"string" enum:"AuthenticationScheme"`
+
+	// Controls behavior when content cache fills up. If remote origin server stalls
+	// the RTMP connection and does not accept content fast enough the 'Media Cache'
+	// will fill up. When the cache reaches the duration specified by cacheLength
+	// the cache will stop accepting new content. If set to disconnectImmediately,
+	// the RTMP output will force a disconnect. Clear the media cache, and reconnect
+	// after restartDelay seconds. If set to waitForServer, the RTMP output will
+	// wait up to 5 minutes to allow the origin server to begin accepting data again.
+	CacheFullBehavior *string `locationName:"cacheFullBehavior" type:"string" enum:"RtmpCacheFullBehavior"`
+
+	// Cache length, in seconds, is used to calculate buffer size.
+	CacheLength *int64 `locationName:"cacheLength" min:"30" type:"integer"`
+
+	// Controls the types of data that passes to onCaptionInfo outputs. If set to
+	// 'all' then 608 and 708 carried DTVCC data will be passed. If set to 'field1AndField2608'
+	// then DTVCC data will be stripped out, but 608 data from both fields will
+	// be passed. If set to 'field1608' then only the data carried in 608 from field
+	// 1 video will be passed.
+	CaptionData *string `locationName:"captionData" type:"string" enum:"RtmpCaptionData"`
+
+	// If a streaming output fails, number of seconds to wait until a restart is
+	// initiated. A value of 0 means never restart.
+	RestartDelay *int64 `locationName:"restartDelay" type:"integer"`
+}
+
+// String returns the string representation
+func (s RtmpGroupSettings) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s RtmpGroupSettings) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RtmpGroupSettings) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "RtmpGroupSettings"}
+	if s.CacheLength != nil && *s.CacheLength < 30 {
+		invalidParams.Add(request.NewErrParamMinValue("CacheLength", 30))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAuthenticationScheme sets the AuthenticationScheme field's value.
+func (s *RtmpGroupSettings) SetAuthenticationScheme(v string) *RtmpGroupSettings {
+	s.AuthenticationScheme = &v
+	return s
+}
+
+// SetCacheFullBehavior sets the CacheFullBehavior field's value.
+func (s *RtmpGroupSettings) SetCacheFullBehavior(v string) *RtmpGroupSettings {
+	s.CacheFullBehavior = &v
+	return s
+}
+
+// SetCacheLength sets the CacheLength field's value.
+func (s *RtmpGroupSettings) SetCacheLength(v int64) *RtmpGroupSettings {
+	s.CacheLength = &v
+	return s
+}
+
+// SetCaptionData sets the CaptionData field's value.
+func (s *RtmpGroupSettings) SetCaptionData(v string) *RtmpGroupSettings {
+	s.CaptionData = &v
+	return s
+}
+
+// SetRestartDelay sets the RestartDelay field's value.
+func (s *RtmpGroupSettings) SetRestartDelay(v int64) *RtmpGroupSettings {
+	s.RestartDelay = &v
+	return s
+}
+
+type RtmpOutputSettings struct {
+	_ struct{} `type:"structure"`
+
+	// If set to verifyAuthenticity, verify the tls certificate chain to a trusted
+	// Certificate Authority (CA). This will cause rtmps outputs with self-signed
+	// certificates to fail.
+	CertificateMode *string `locationName:"certificateMode" type:"string" enum:"RtmpOutputCertificateMode"`
+
+	// Number of seconds to wait before retrying a connection to the Flash Media
+	// server if the connection is lost.
+	ConnectionRetryInterval *int64 `locationName:"connectionRetryInterval" min:"1" type:"integer"`
+
+	// The RTMP endpoint excluding the stream name (eg. rtmp://host/appname). For
+	// connection to Akamai, a username and password must be supplied. URI fields
+	// accept format identifiers.
+	//
+	// Destination is a required field
+	Destination *OutputLocationRef `locationName:"destination" type:"structure" required:"true"`
+
+	// Number of retry attempts.
+	NumRetries *int64 `locationName:"numRetries" type:"integer"`
+}
+
+// String returns the string representation
+func (s RtmpOutputSettings) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s RtmpOutputSettings) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RtmpOutputSettings) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "RtmpOutputSettings"}
+	if s.ConnectionRetryInterval != nil && *s.ConnectionRetryInterval < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("ConnectionRetryInterval", 1))
+	}
+	if s.Destination == nil {
+		invalidParams.Add(request.NewErrParamRequired("Destination"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetCertificateMode sets the CertificateMode field's value.
+func (s *RtmpOutputSettings) SetCertificateMode(v string) *RtmpOutputSettings {
+	s.CertificateMode = &v
+	return s
+}
+
+// SetConnectionRetryInterval sets the ConnectionRetryInterval field's value.
+func (s *RtmpOutputSettings) SetConnectionRetryInterval(v int64) *RtmpOutputSettings {
+	s.ConnectionRetryInterval = &v
+	return s
+}
+
+// SetDestination sets the Destination field's value.
+func (s *RtmpOutputSettings) SetDestination(v *OutputLocationRef) *RtmpOutputSettings {
+	s.Destination = v
+	return s
+}
+
+// SetNumRetries sets the NumRetries field's value.
+func (s *RtmpOutputSettings) SetNumRetries(v int64) *RtmpOutputSettings {
+	s.NumRetries = &v
+	return s
+}
+
 type Scte20PlusEmbeddedDestinationSettings struct {
 	_ struct{} `type:"structure"`
 }
@@ -11362,6 +11585,14 @@ const (
 	AudioTypeVisualImpairedCommentary = "VISUAL_IMPAIRED_COMMENTARY"
 )
 
+const (
+	// AuthenticationSchemeAkamai is a AuthenticationScheme enum value
+	AuthenticationSchemeAkamai = "AKAMAI"
+
+	// AuthenticationSchemeCommon is a AuthenticationScheme enum value
+	AuthenticationSchemeCommon = "COMMON"
+)
+
 const (
 	// AvailBlankingStateDisabled is a AvailBlankingState enum value
 	AvailBlankingStateDisabled = "DISABLED"
@@ -12568,6 +12799,33 @@ const (
 	NetworkInputServerValidationCheckCryptographyOnly = "CHECK_CRYPTOGRAPHY_ONLY"
 )
 
+const (
+	// RtmpCacheFullBehaviorDisconnectImmediately is a RtmpCacheFullBehavior enum value
+	RtmpCacheFullBehaviorDisconnectImmediately = "DISCONNECT_IMMEDIATELY"
+
+	// RtmpCacheFullBehaviorWaitForServer is a RtmpCacheFullBehavior enum value
+	RtmpCacheFullBehaviorWaitForServer = "WAIT_FOR_SERVER"
+)
+
+const (
+	// RtmpCaptionDataAll is a RtmpCaptionData enum value
+	RtmpCaptionDataAll = "ALL"
+
+	// RtmpCaptionDataField1608 is a RtmpCaptionData enum value
+	RtmpCaptionDataField1608 = "FIELD1_608"
+
+	// RtmpCaptionDataField1AndField2608 is a RtmpCaptionData enum value
+	RtmpCaptionDataField1AndField2608 = "FIELD1_AND_FIELD2_608"
+)
+
+const (
+	// RtmpOutputCertificateModeSelfSigned is a RtmpOutputCertificateMode enum value
+	RtmpOutputCertificateModeSelfSigned = "SELF_SIGNED"
+
+	// RtmpOutputCertificateModeVerifyAuthenticity is a RtmpOutputCertificateMode enum value
+	RtmpOutputCertificateModeVerifyAuthenticity = "VERIFY_AUTHENTICITY"
+)
+
 const (
 	// Scte20Convert608To708Disabled is a Scte20Convert608To708 enum value
 	Scte20Convert608To708Disabled = "DISABLED"
diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/api.go b/vendor/github.com/aws/aws-sdk-go/service/rds/api.go
index 73996cf63e9..4ec0b408685 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/rds/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/rds/api.go
@@ -21512,6 +21512,13 @@ type ModifyDBClusterInput struct {
 	// Default: false
 	EnableIAMDatabaseAuthentication *bool `type:"boolean"`
 
+	// The version number of the database engine to which you want to upgrade. Changing
+	// this parameter results in an outage. The change is applied during the next
+	// maintenance window unless the ApplyImmediately parameter is set to true.
+	//
+	// For a list of valid engine versions, see CreateDBInstance, or call DescribeDBEngineVersions.
+	EngineVersion *string `type:"string"`
+
 	// The new password for the master database user. This password can contain
 	// any printable ASCII character except "/", """, or "@".
 	//
@@ -21643,6 +21650,12 @@ func (s *ModifyDBClusterInput) SetEnableIAMDatabaseAuthentication(v bool) *Modif
 	return s
 }
 
+// SetEngineVersion sets the EngineVersion field's value.
+func (s *ModifyDBClusterInput) SetEngineVersion(v string) *ModifyDBClusterInput {
+	s.EngineVersion = &v
+	return s
+}
+
 // SetMasterUserPassword sets the MasterUserPassword field's value.
 func (s *ModifyDBClusterInput) SetMasterUserPassword(v string) *ModifyDBClusterInput {
 	s.MasterUserPassword = &v
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sagemaker/api.go b/vendor/github.com/aws/aws-sdk-go/service/sagemaker/api.go
index 1fa9902913c..a2686f952b0 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sagemaker/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sagemaker/api.go
@@ -3813,6 +3813,11 @@ type CreateModelInput struct {
 	// Tags (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html#allocation-what)
 	// in the AWS Billing and Cost Management User Guide.
 	Tags []*Tag `type:"list"`
+
+	// A object that specifies the VPC that you want your model to connect to. Control
+	// access to and from your training container by configuring the VPC. For more
+	// information, see host-vpc.
+	VpcConfig *VpcConfig `type:"structure"`
 }
 
 // String returns the string representation
@@ -3855,6 +3860,11 @@ func (s *CreateModelInput) Validate() error {
 			}
 		}
 	}
+	if s.VpcConfig != nil {
+		if err := s.VpcConfig.Validate(); err != nil {
+			invalidParams.AddNested("VpcConfig", err.(request.ErrInvalidParams))
+		}
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -3886,6 +3896,12 @@ func (s *CreateModelInput) SetTags(v []*Tag) *CreateModelInput {
 	return s
 }
 
+// SetVpcConfig sets the VpcConfig field's value.
+func (s *CreateModelInput) SetVpcConfig(v *VpcConfig) *CreateModelInput {
+	s.VpcConfig = v
+	return s
+}
+
 type CreateModelOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -4349,6 +4365,11 @@ type CreateTrainingJobInput struct {
 	//
 	// TrainingJobName is a required field
 	TrainingJobName *string `min:"1" type:"string" required:"true"`
+
+	// A object that specifies the VPC that you want your training job to connect
+	// to. Control access to and from your training container by configuring the
+	// VPC. For more information, see train-vpc
+	VpcConfig *VpcConfig `type:"structure"`
 }
 
 // String returns the string representation
@@ -4434,6 +4455,11 @@ func (s *CreateTrainingJobInput) Validate() error {
 			}
 		}
 	}
+	if s.VpcConfig != nil {
+		if err := s.VpcConfig.Validate(); err != nil {
+			invalidParams.AddNested("VpcConfig", err.(request.ErrInvalidParams))
+		}
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -4495,6 +4521,12 @@ func (s *CreateTrainingJobInput) SetTrainingJobName(v string) *CreateTrainingJob
 	return s
 }
 
+// SetVpcConfig sets the VpcConfig field's value.
+func (s *CreateTrainingJobInput) SetVpcConfig(v *VpcConfig) *CreateTrainingJobInput {
+	s.VpcConfig = v
+	return s
+}
+
 type CreateTrainingJobOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -5204,6 +5236,10 @@ type DescribeModelOutput struct {
 	//
 	// PrimaryContainer is a required field
 	PrimaryContainer *ContainerDefinition `type:"structure" required:"true"`
+
+	// A object that specifies the VPC that this model has access to. For more information,
+	// see host-vpc
+	VpcConfig *VpcConfig `type:"structure"`
 }
 
 // String returns the string representation
@@ -5246,6 +5282,12 @@ func (s *DescribeModelOutput) SetPrimaryContainer(v *ContainerDefinition) *Descr
 	return s
 }
 
+// SetVpcConfig sets the VpcConfig field's value.
+func (s *DescribeModelOutput) SetVpcConfig(v *VpcConfig) *DescribeModelOutput {
+	s.VpcConfig = v
+	return s
+}
+
 type DescribeNotebookInstanceInput struct {
 	_ struct{} `type:"structure"`
 
@@ -5688,6 +5730,10 @@ type DescribeTrainingJobOutput struct {
 
 	// A timestamp that indicates when training started.
 	TrainingStartTime *time.Time `type:"timestamp" timestampFormat:"unix"`
+
+	// A object that specifies the VPC that this training job has access to. For
+	// more information, see train-vpc.
+	VpcConfig *VpcConfig `type:"structure"`
 }
 
 // String returns the string representation
@@ -5802,6 +5848,12 @@ func (s *DescribeTrainingJobOutput) SetTrainingStartTime(v time.Time) *DescribeT
 	return s
 }
 
+// SetVpcConfig sets the VpcConfig field's value.
+func (s *DescribeTrainingJobOutput) SetVpcConfig(v *VpcConfig) *DescribeTrainingJobOutput {
+	s.VpcConfig = v
+	return s
+}
+
 // Specifies weight and capacity values for a production variant.
 type DesiredWeightAndCapacity struct {
 	_ struct{} `type:"structure"`
@@ -8367,6 +8419,69 @@ func (s UpdateNotebookInstanceOutput) GoString() string {
 	return s.String()
 }
 
+// Specifies a VPC that your training jobs and hosted models have access to.
+// Control access to and from your training and model containers by configuring
+// the VPC. For more information, see host-vpc and train-vpc.
+type VpcConfig struct {
+	_ struct{} `type:"structure"`
+
+	// The VPC security group IDs, in the form sg-xxxxxxxx. Specify the security
+	// groups for the VPC that is specified in the Subnets field.
+	//
+	// SecurityGroupIds is a required field
+	SecurityGroupIds []*string `min:"1" type:"list" required:"true"`
+
+	// The ID of the subnets in the VPC to which you want to connect your training
+	// job or model.
+	//
+	// Subnets is a required field
+	Subnets []*string `min:"1" type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s VpcConfig) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s VpcConfig) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *VpcConfig) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "VpcConfig"}
+	if s.SecurityGroupIds == nil {
+		invalidParams.Add(request.NewErrParamRequired("SecurityGroupIds"))
+	}
+	if s.SecurityGroupIds != nil && len(s.SecurityGroupIds) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("SecurityGroupIds", 1))
+	}
+	if s.Subnets == nil {
+		invalidParams.Add(request.NewErrParamRequired("Subnets"))
+	}
+	if s.Subnets != nil && len(s.Subnets) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Subnets", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetSecurityGroupIds sets the SecurityGroupIds field's value.
+func (s *VpcConfig) SetSecurityGroupIds(v []*string) *VpcConfig {
+	s.SecurityGroupIds = v
+	return s
+}
+
+// SetSubnets sets the Subnets field's value.
+func (s *VpcConfig) SetSubnets(v []*string) *VpcConfig {
+	s.Subnets = v
+	return s
+}
+
 const (
 	// CompressionTypeNone is a CompressionType enum value
 	CompressionTypeNone = "None"
diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go
index 1207a196c7e..eb2d69a707d 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go
@@ -189,9 +189,8 @@ func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *req
 
 // CreateSecret API operation for AWS Secrets Manager.
 //
-// Creates a new secret. A secret in AWS Secrets Manager consists of both the
-// protected secret data and the important information needed to manage the
-// secret.
+// Creates a new secret. A secret in Secrets Manager consists of both the protected
+// secret data and the important information needed to manage the secret.
 //
 // Secrets Manager stores the encrypted secret data in one of a collection of
 // "versions" associated with the secret. Each version contains a copy of the
@@ -201,22 +200,21 @@ func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *req
 // versions of the secret. Versions without a staging label are considered deprecated
 // and are not included in the list.
 //
-// You provide the secret data to be encrypted by putting text in the SecretString
-// parameter or binary data in the SecretBinary parameter. If you include SecretString
-// or SecretBinary then Secrets Manager also creates an initial secret version
-// and, if you don't supply a staging label, automatically maps the new version's
-// ID to the staging label AWSCURRENT.
+// You provide the secret data to be encrypted by putting text in either the
+// SecretString parameter or binary data in the SecretBinary parameter, but
+// not both. If you include SecretString or SecretBinary then Secrets Manager
+// also creates an initial secret version and, if you don't supply a staging
+// label, automatically maps the new version's ID to the staging label AWSCURRENT.
 //
 // If you call an operation that needs to encrypt or decrypt the SecretString
-// and SecretBinary for a secret in the same account as the calling user and
-// that secret doesn't specify a KMS encryption key, AWS Secrets Manager uses
-// the account's default AWS managed customer master key (CMK) with the alias
-// aws/secretsmanager. If this key doesn't already exist in your account then
-// AWS Secrets Manager creates it for you automatically. All users in the same
-// AWS account automatically have access to use the default CMK. Note that if
-// an AWS Secrets Manager API call results in AWS having to create the account's
-// AWS-managed CMK, it can result in a one-time significant delay in returning
-// the result.
+// or SecretBinary for a secret in the same account as the calling user and
+// that secret doesn't specify a KMS encryption key, Secrets Manager uses the
+// account's default AWS managed customer master key (CMK) with the alias aws/secretsmanager.
+// If this key doesn't already exist in your account then Secrets Manager creates
+// it for you automatically. All users in the same AWS account automatically
+// have access to use the default CMK. Note that if an Secrets Manager API call
+// results in AWS having to create the account's AWS-managed CMK, it can result
+// in a one-time significant delay in returning the result.
 //
 // If the secret is in a different AWS account from the credentials calling
 // an API that requires encryption or decryption of the secret value then you
@@ -226,7 +224,7 @@ func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *req
 // it by including it in the KMSKeyId. If you call an API that must encrypt
 // or decrypt SecretString or SecretBinary using credentials from a different
 // account then the KMS key policy must grant cross-account access to that other
-// account's user or role.
+// account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.
 //
 // Minimum permissions
 //
@@ -238,7 +236,7 @@ func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *req
 //    key to encrypt the secret. You do not need this permission to use the
 //    account's default AWS managed CMK for Secrets Manager.
 //
-//    * kms:Encrypt - needed only if you use a customer-created KMS key to encrypt
+//    * kms:Decrypt - needed only if you use a customer-created KMS key to encrypt
 //    the secret. You do not need this permission to use the account's default
 //    AWS managed CMK for Secrets Manager.
 //
@@ -278,11 +276,11 @@ func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *req
 //   in this call.
 //
 //   * ErrCodeLimitExceededException "LimitExceededException"
-//   The request failed because it would exceed one of the AWS Secrets Manager
-//   internal limits.
+//   The request failed because it would exceed one of the Secrets Manager internal
+//   limits.
 //
 //   * ErrCodeEncryptionFailure "EncryptionFailure"
-//   AWS Secrets Manager can't encrypt the protected secret text using the provided
+//   Secrets Manager can't encrypt the protected secret text using the provided
 //   KMS key. Check that the customer master key (CMK) is available, enabled,
 //   and not in an invalid state. For more information, see How Key State Affects
 //   Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).
@@ -366,24 +364,24 @@ func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *req
 // DeleteSecret API operation for AWS Secrets Manager.
 //
 // Deletes an entire secret and all of its versions. You can optionally include
-// a recovery window during which you can restore the secret. If you don't provide
+// a recovery window during which you can restore the secret. If you don't specify
 // a recovery window value, the operation defaults to 30 days. Secrets Manager
 // attaches a DeletionDate stamp to the secret that specifies the end of the
 // recovery window. At the end of the recovery window, Secrets Manager deletes
 // the secret permanently.
 //
-// At any time before recovery period ends, you can use RestoreSecret to remove
+// At any time before recovery window ends, you can use RestoreSecret to remove
 // the DeletionDate and cancel the deletion of the secret.
 //
 // You cannot access the encrypted secret information in any secret that is
-// scheduled for deletion. If you need to access that information, you can cancel
-// the deletion with RestoreSecret and then retrieve the information.
+// scheduled for deletion. If you need to access that information, you must
+// cancel the deletion with RestoreSecret and then retrieve the information.
 //
 // There is no explicit operation to delete a version of a secret. Instead,
 // remove all staging labels from the VersionStage field of a version. That
-// marks the version as deprecated and allows AWS Secrets Manager to delete
-// it as needed. Versions that do not have any staging labels do not show up
-// in ListSecretVersionIds unless you specify IncludeDeprecated.
+// marks the version as deprecated and allows Secrets Manager to delete it as
+// needed. Versions that do not have any staging labels do not show up in ListSecretVersionIds
+// unless you specify IncludeDeprecated.
 //
 // The permanent secret deletion at the end of the waiting period is performed
 // as a background task with low priority. There is no guarantee of a specific
@@ -399,7 +397,7 @@ func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *req
 //
 //    * To create a secret, use CreateSecret.
 //
-//    * To cancel deletion of a version of a secret before the recovery period
+//    * To cancel deletion of a version of a secret before the recovery window
 //    has expired, use RestoreSecret.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -688,8 +686,8 @@ func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req
 
 // GetSecretValue API operation for AWS Secrets Manager.
 //
-// Retrieves the contents of the encrypted fields SecretString and SecretBinary
-// from the specified version of a secret.
+// Retrieves the contents of the encrypted fields SecretString or SecretBinary
+// from the specified version of a secret, whichever contains content.
 //
 // Minimum permissions
 //
@@ -729,7 +727,7 @@ func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req
 //   in this call.
 //
 //   * ErrCodeDecryptionFailure "DecryptionFailure"
-//   AWS Secrets Manager can't decrypt the protected secret text using the provided
+//   Secrets Manager can't decrypt the protected secret text using the provided
 //   KMS key.
 //
 //   * ErrCodeInternalServiceError "InternalServiceError"
@@ -967,11 +965,10 @@ func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) (req *reque
 
 // ListSecrets API operation for AWS Secrets Manager.
 //
-// Lists all of the secrets that are stored by AWS Secrets Manager in the AWS
-// account. To list the versions currently stored for a specific secret, use
-// ListSecretVersionIds. The encrypted fields SecretString and SecretBinary
-// are not included in the output. To get that information, call the GetSecretValue
-// operation.
+// Lists all of the secrets that are stored by Secrets Manager in the AWS account.
+// To list the versions currently stored for a specific secret, use ListSecretVersionIds.
+// The encrypted fields SecretString and SecretBinary are not included in the
+// output. To get that information, call the GetSecretValue operation.
 //
 // Always check the NextToken response parameter when calling any of the List*
 // operations. These operations can occasionally return an empty or shorter
@@ -1126,9 +1123,9 @@ func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req
 // the operation creates a new version and attaches it to the secret. The version
 // can contain a new SecretString value or a new SecretBinary value.
 //
-// The AWS Secrets Manager console uses only the SecretString field. To add
-// binary data to a secret with the SecretBinary field you must use the AWS
-// CLI or one of the AWS SDKs.
+// The Secrets Manager console uses only the SecretString field. To add binary
+// data to a secret with the SecretBinary field you must use the AWS CLI or
+// one of the AWS SDKs.
 //
 //    * If this operation creates the first version for the secret then Secrets
 //    Manager automatically attaches the staging label AWSCURRENT to the new
@@ -1150,15 +1147,14 @@ func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req
 //    version that AWSCURRENT was removed from.
 //
 // If you call an operation that needs to encrypt or decrypt the SecretString
-// and SecretBinary for a secret in the same account as the calling user and
-// that secret doesn't specify a KMS encryption key, AWS Secrets Manager uses
-// the account's default AWS managed customer master key (CMK) with the alias
-// aws/secretsmanager. If this key doesn't already exist in your account then
-// AWS Secrets Manager creates it for you automatically. All users in the same
-// AWS account automatically have access to use the default CMK. Note that if
-// an AWS Secrets Manager API call results in AWS having to create the account's
-// AWS-managed CMK, it can result in a one-time significant delay in returning
-// the result.
+// or SecretBinary for a secret in the same account as the calling user and
+// that secret doesn't specify a KMS encryption key, Secrets Manager uses the
+// account's default AWS managed customer master key (CMK) with the alias aws/secretsmanager.
+// If this key doesn't already exist in your account then Secrets Manager creates
+// it for you automatically. All users in the same AWS account automatically
+// have access to use the default CMK. Note that if an Secrets Manager API call
+// results in AWS having to create the account's AWS-managed CMK, it can result
+// in a one-time significant delay in returning the result.
 //
 // If the secret is in a different AWS account from the credentials calling
 // an API that requires encryption or decryption of the secret value then you
@@ -1168,7 +1164,7 @@ func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req
 // it by including it in the KMSKeyId. If you call an API that must encrypt
 // or decrypt SecretString or SecretBinary using credentials from a different
 // account then the KMS key policy must grant cross-account access to that other
-// account's user or role.
+// account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.
 //
 // Minimum permissions
 //
@@ -1213,11 +1209,11 @@ func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req
 //   in this call.
 //
 //   * ErrCodeLimitExceededException "LimitExceededException"
-//   The request failed because it would exceed one of the AWS Secrets Manager
-//   internal limits.
+//   The request failed because it would exceed one of the Secrets Manager internal
+//   limits.
 //
 //   * ErrCodeEncryptionFailure "EncryptionFailure"
-//   AWS Secrets Manager can't encrypt the protected secret text using the provided
+//   Secrets Manager can't encrypt the protected secret text using the provided
 //   KMS key. Check that the customer master key (CMK) is available, enabled,
 //   and not in an invalid state. For more information, see How Key State Affects
 //   Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).
@@ -1414,7 +1410,7 @@ func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) (req *req
 // clients all immediately begin to use the new version. For more information
 // about rotating secrets and how to configure a Lambda function to rotate the
 // secrets for your protected service, see Rotating Secrets in AWS Secrets Manager
-// (http://docs.aws.amazon.com/http:/docs.aws.amazon.com/;asm-service-name;/latest/userguide/rotating-secrets.html)
+// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html)
 // in the AWS Secrets Manager User Guide.
 //
 // The rotation function must end with the versions of the secret in one of
@@ -1781,10 +1777,10 @@ func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *req
 //
 // To modify the rotation configuration of a secret, use RotateSecret instead.
 //
-// The AWS Secrets Manager console uses only the SecretString parameter and
-// therefore limits you to encrypting and storing only a text string. To encrypt
-// and store binary data as part of the version of a secret, you must use either
-// the AWS CLI or one of the AWS SDKs.
+// The Secrets Manager console uses only the SecretString parameter and therefore
+// limits you to encrypting and storing only a text string. To encrypt and store
+// binary data as part of the version of a secret, you must use either the AWS
+// CLI or one of the AWS SDKs.
 //
 //    * If this update creates the first version of the secret or if you did
 //    not include the VersionStages parameter then Secrets Manager automatically
@@ -1797,15 +1793,14 @@ func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *req
 //    modify an existing version, you can only create new ones.
 //
 // If you call an operation that needs to encrypt or decrypt the SecretString
-// and SecretBinary for a secret in the same account as the calling user and
-// that secret doesn't specify a KMS encryption key, AWS Secrets Manager uses
-// the account's default AWS managed customer master key (CMK) with the alias
-// aws/secretsmanager. If this key doesn't already exist in your account then
-// AWS Secrets Manager creates it for you automatically. All users in the same
-// AWS account automatically have access to use the default CMK. Note that if
-// an AWS Secrets Manager API call results in AWS having to create the account's
-// AWS-managed CMK, it can result in a one-time significant delay in returning
-// the result.
+// or SecretBinary for a secret in the same account as the calling user and
+// that secret doesn't specify a KMS encryption key, Secrets Manager uses the
+// account's default AWS managed customer master key (CMK) with the alias aws/secretsmanager.
+// If this key doesn't already exist in your account then Secrets Manager creates
+// it for you automatically. All users in the same AWS account automatically
+// have access to use the default CMK. Note that if an Secrets Manager API call
+// results in AWS having to create the account's AWS-managed CMK, it can result
+// in a one-time significant delay in returning the result.
 //
 // If the secret is in a different AWS account from the credentials calling
 // an API that requires encryption or decryption of the secret value then you
@@ -1815,7 +1810,7 @@ func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *req
 // it by including it in the KMSKeyId. If you call an API that must encrypt
 // or decrypt SecretString or SecretBinary using credentials from a different
 // account then the KMS key policy must grant cross-account access to that other
-// account's user or role.
+// account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.
 //
 // Minimum permissions
 //
@@ -1859,11 +1854,11 @@ func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *req
 //   in this call.
 //
 //   * ErrCodeLimitExceededException "LimitExceededException"
-//   The request failed because it would exceed one of the AWS Secrets Manager
-//   internal limits.
+//   The request failed because it would exceed one of the Secrets Manager internal
+//   limits.
 //
 //   * ErrCodeEncryptionFailure "EncryptionFailure"
-//   AWS Secrets Manager can't encrypt the protected secret text using the provided
+//   Secrets Manager can't encrypt the protected secret text using the provided
 //   KMS key. Check that the customer master key (CMK) is available, enabled,
 //   and not in an invalid state. For more information, see How Key State Affects
 //   Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).
@@ -1952,7 +1947,7 @@ func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVers
 // a time. If a staging label to be added is already attached to another version,
 // then it is moved--removed from the other version first and then attached
 // to this one. For more information about staging labels, see Staging Labels
-// (http://docs.aws.amazon.com/http:/docs.aws.amazon.com/;asm-service-name;/latest/userguide/terms-concepts.html#term_label)
+// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label)
 // in the AWS Secrets Manager User Guide.
 //
 // The staging labels that you specify in the VersionStage parameter are added
@@ -2001,8 +1996,8 @@ func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVers
 //   in this call.
 //
 //   * ErrCodeLimitExceededException "LimitExceededException"
-//   The request failed because it would exceed one of the AWS Secrets Manager
-//   internal limits.
+//   The request failed because it would exceed one of the Secrets Manager internal
+//   limits.
 //
 //   * ErrCodeInternalServiceError "InternalServiceError"
 //   An error occurred on the server side.
@@ -2127,7 +2122,7 @@ type CreateSecretInput struct {
 	// If you use the AWS CLI or one of the AWS SDK to call this operation, then
 	// you can leave this parameter empty. The CLI or SDK generates a random UUID
 	// for you and includes as the value for this parameter in the request. If you
-	// don't use the SDK and instead generate a raw HTTP request to the AWS Secrets
+	// don't use the SDK and instead generate a raw HTTP request to the Secrets
 	// Manager service endpoint, then you must generate a ClientRequestToken yourself
 	// for the new version and include that value in the request.
 	//
@@ -2155,13 +2150,13 @@ type CreateSecretInput struct {
 	Description *string `type:"string"`
 
 	// (Optional) Specifies the ARN or alias of the AWS KMS customer master key
-	// (CMK) to be used to encrypt the SecretString and SecretBinary values in the
+	// (CMK) to be used to encrypt the SecretString or SecretBinary values in the
 	// versions stored in this secret.
 	//
 	// If you don't specify this value, then Secrets Manager defaults to using the
 	// AWS account's default CMK (the one named aws/secretsmanager). If a KMS CMK
-	// with that name doesn't yet exist, then AWS Secrets Manager creates it for
-	// you automatically the first time it needs to encrypt a version's SecretString
+	// with that name doesn't yet exist, then Secrets Manager creates it for you
+	// automatically the first time it needs to encrypt a version's SecretString
 	// or SecretBinary fields.
 	//
 	// You can use the account's default CMK to encrypt and decrypt only if you
@@ -2170,9 +2165,7 @@ type CreateSecretInput struct {
 	// CMK and specify the ARN in this field.
 	KmsKeyId *string `type:"string"`
 
-	// Specifies the friendly name of the new secret. The secret name can consist
-	// of uppercase letters, lowercase letters, digits, and any of the following
-	// characters: /_+=.@-    Spaces are not permitted.
+	// Specifies the friendly name of the new secret.
 	//
 	// Name is a required field
 	Name *string `min:"1" type:"string" required:"true"`
@@ -2182,11 +2175,8 @@ type CreateSecretInput struct {
 	// we recommend that you store your binary data in a file and then use the appropriate
 	// technique for your tool to pass the contents of the file as a parameter.
 	//
-	// Either SecretString, SecretBinary, or both must have a value. They cannot
-	// both be empty.
-	//
-	// This SecretBinary value is stored separately from the SecretString, but the
-	// two parameters jointly share a maximum size limit.
+	// Either SecretString or SecretBinary must have a value, but not both. They
+	// cannot both be empty.
 	//
 	// This parameter is not available using the Secrets Manager console. It can
 	// be accessed only by using the AWS CLI or one of the AWS SDKs.
@@ -2197,11 +2187,8 @@ type CreateSecretInput struct {
 	// (Optional) Specifies text data that you want to encrypt and store in this
 	// new version of the secret.
 	//
-	// Either SecretString, SecretBinary, or both must have a value. They cannot
-	// both be empty.
-	//
-	// This string value is stored separately from the SecretBinary, but the two
-	// parameters jointly share a maximum size limit.
+	// Either SecretString or SecretBinary must have a value, but not both. They
+	// cannot both be empty.
 	//
 	// If you create a secret by using the Secrets Manager console then Secrets
 	// Manager puts the protected secret text in only the SecretString parameter.
@@ -2225,8 +2212,8 @@ type CreateSecretInput struct {
 	// secret. Each tag is a "Key" and "Value" pair of strings. This operation only
 	// appends tags to the existing list of tags. To remove tags, you must use UntagResource.
 	//
-	// AWS Secrets Manager tag key names are case sensitive. A tag with the key
-	// "ABC" is a different tag from one with key "abc".
+	// Secrets Manager tag key names are case sensitive. A tag with the key "ABC"
+	// is a different tag from one with key "abc".
 	//
 	// If you check tags in IAM policy Condition elements as part of your security
 	// strategy, then adding or removing a tag can change permissions. If the successful
@@ -2353,7 +2340,7 @@ type CreateSecretOutput struct {
 
 	// The Amazon Resource Name (ARN) of the secret that you just created.
 	//
-	// AWS Secrets Manager automatically adds several random characters to the name
+	// Secrets Manager automatically adds several random characters to the name
 	// at the end of the ARN when you initially create a secret. This affects only
 	// the ARN and not the actual friendly name. This ensures that if you create
 	// a new secret with the same name as an old secret that you previously deleted,
@@ -2400,7 +2387,7 @@ func (s *CreateSecretOutput) SetVersionId(v string) *CreateSecretOutput {
 type DeleteSecretInput struct {
 	_ struct{} `type:"structure"`
 
-	// (Optional) Specifies the number of days that AWS Secrets Manager waits before
+	// (Optional) Specifies the number of days that Secrets Manager waits before
 	// it can delete the secret.
 	//
 	// This value can range from 7 to 30 days. The default value is 30.
@@ -2457,9 +2444,9 @@ type DeleteSecretOutput struct {
 	// The ARN of the secret that is now scheduled for deletion.
 	ARN *string `min:"20" type:"string"`
 
-	// The date and time after which this secret will be deleted by AWS Secrets
-	// Manager and is no longer recoverable. This value is the date and time of
-	// the delete request plus the number of days specified in RecoveryWindowInDays.
+	// The date and time after which this secret can be deleted by Secrets Manager
+	// and can no longer be restored. This value is the date and time of the delete
+	// request plus the number of days specified in RecoveryWindowInDays.
 	DeletionDate *time.Time `type:"timestamp" timestampFormat:"unix"`
 
 	// The friendly name of the secret that is now scheduled for deletion.
@@ -2556,9 +2543,9 @@ type DescribeSecretOutput struct {
 	Description *string `type:"string"`
 
 	// The ARN or alias of the AWS KMS customer master key (CMK) that's used to
-	// encrypt the SecretString and SecretBinary fields in each version of the secret.
-	// If you don't provide a key, then AWS Secrets Manager defaults to encrypting
-	// the secret fields with the default KMS CMK (the one named awssecretsmanager)
+	// encrypt the SecretString or SecretBinary fields in each version of the secret.
+	// If you don't provide a key, then Secrets Manager defaults to encrypting the
+	// secret fields with the default KMS CMK (the one named awssecretsmanager)
 	// for this account.
 	KmsKeyId *string `type:"string"`
 
@@ -2582,7 +2569,7 @@ type DescribeSecretOutput struct {
 	// to a value greater than 0. To disable rotation, use CancelRotateSecret.
 	RotationEnabled *bool `type:"boolean"`
 
-	// The ARN of a Lambda function that's invoked by AWS Secrets Manager to rotate
+	// The ARN of a Lambda function that's invoked by Secrets Manager to rotate
 	// the secret either automatically per the schedule or manually by a call to
 	// RotateSecret.
 	RotationLambdaARN *string `type:"string"`
@@ -2944,9 +2931,9 @@ type GetSecretValueOutput struct {
 	// knows how to parse.
 	//
 	// If you store custom information in the secret by using the CreateSecret,
-	// UpdateSecret, or PutSecretValue API operations instead of the AWS Secrets
-	// Manager console, or by using the Other secret type in the console, then you
-	// must code your Lambda rotation function to parse and interpret those values.
+	// UpdateSecret, or PutSecretValue API operations instead of the Secrets Manager
+	// console, or by using the Other secret type in the console, then you must
+	// code your Lambda rotation function to parse and interpret those values.
 	SecretString *string `type:"string"`
 
 	// The unique identifier of this version of the secret.
@@ -3022,8 +3009,8 @@ type ListSecretVersionIdsInput struct {
 	// to the operation. If additional items exist beyond the maximum you specify,
 	// the NextToken response element is present and has a value (isn't null). Include
 	// that value as the NextToken request parameter in the next call to the operation
-	// to get the next part of the results. Note that AWS Secrets Manager might
-	// return fewer results than the maximum even when there are more results available.
+	// to get the next part of the results. Note that Secrets Manager might return
+	// fewer results than the maximum even when there are more results available.
 	// You should check NextToken after every operation to ensure that you receive
 	// all of the results.
 	MaxResults *int64 `min:"1" type:"integer"`
@@ -3103,7 +3090,7 @@ type ListSecretVersionIdsOutput struct {
 
 	// The Amazon Resource Name (ARN) for the secret.
 	//
-	// AWS Secrets Manager automatically adds several random characters to the name
+	// Secrets Manager automatically adds several random characters to the name
 	// at the end of the ARN when you initially create a secret. This affects only
 	// the ARN and not the actual friendly name. This ensures that if you create
 	// a new secret with the same name as an old secret that you previously deleted,
@@ -3169,8 +3156,8 @@ type ListSecretsInput struct {
 	// to the operation. If additional items exist beyond the maximum you specify,
 	// the NextToken response element is present and has a value (isn't null). Include
 	// that value as the NextToken request parameter in the next call to the operation
-	// to get the next part of the results. Note that AWS Secrets Manager might
-	// return fewer results than the maximum even when there are more results available.
+	// to get the next part of the results. Note that Secrets Manager might return
+	// fewer results than the maximum even when there are more results available.
 	// You should check NextToken after every operation to ensure that you receive
 	// all of the results.
 	MaxResults *int64 `min:"1" type:"integer"`
@@ -3266,9 +3253,9 @@ type PutSecretValueInput struct {
 	// If you use the AWS CLI or one of the AWS SDK to call this operation, then
 	// you can leave this parameter empty. The CLI or SDK generates a random UUID
 	// for you and includes that in the request. If you don't use the SDK and instead
-	// generate a raw HTTP request to the AWS Secrets Manager service endpoint,
-	// then you must generate a ClientRequestToken yourself for new versions and
-	// include that value in the request.
+	// generate a raw HTTP request to the Secrets Manager service endpoint, then
+	// you must generate a ClientRequestToken yourself for new versions and include
+	// that value in the request.
 	//
 	// This value helps ensure idempotency. Secrets Manager uses this value to prevent
 	// the accidental creation of duplicate versions if there are failures and retries
@@ -3295,8 +3282,8 @@ type PutSecretValueInput struct {
 	// new version of the secret. To use this parameter in the command-line tools,
 	// we recommend that you store your binary data in a file and then use the appropriate
 	// technique for your tool to pass the contents of the file as a parameter.
-	// Either SecretBinary or SecretString must have a value. They cannot both be
-	// empty.
+	// Either SecretBinary or SecretString must have a value, but not both. They
+	// cannot both be empty.
 	//
 	// This parameter is not accessible if the secret using the Secrets Manager
 	// console.
@@ -3308,15 +3295,12 @@ type PutSecretValueInput struct {
 	// either the Amazon Resource Name (ARN) or the friendly name of the secret.
 	// The secret must already exist.
 	//
-	// The secret name can consist of uppercase letters, lowercase letters, digits,
-	// and any of the following characters: /_+=.@-    Spaces are not permitted.
-	//
 	// SecretId is a required field
 	SecretId *string `min:"1" type:"string" required:"true"`
 
 	// (Optional) Specifies text data that you want to encrypt and store in this
 	// new version of the secret. Either SecretString or SecretBinary must have
-	// a value. They cannot both be empty.
+	// a value, but not both. They cannot both be empty.
 	//
 	// If you create this secret by using the Secrets Manager console then Secrets
 	// Manager puts the protected secret text in only the SecretString parameter.
@@ -3339,8 +3323,8 @@ type PutSecretValueInput struct {
 	// of the same secret then that staging label is automatically removed from
 	// the other version and attached to this version.
 	//
-	// If you do not specify a value for VersionStages then AWS Secrets Manager
-	// automatically moves the staging label AWSCURRENT to this new version.
+	// If you do not specify a value for VersionStages then Secrets Manager automatically
+	// moves the staging label AWSCURRENT to this new version.
 	VersionStages []*string `min:"1" type:"list"`
 }
 
@@ -3543,7 +3527,7 @@ type RotateSecretInput struct {
 	// If you use the AWS CLI or one of the AWS SDK to call this operation, then
 	// you can leave this parameter empty. The CLI or SDK generates a random UUID
 	// for you and includes that in the request for this parameter. If you don't
-	// use the SDK and instead generate a raw HTTP request to the AWS Secrets Manager
+	// use the SDK and instead generate a raw HTTP request to the Secrets Manager
 	// service endpoint, then you must generate a ClientRequestToken yourself for
 	// new versions and include that value in the request.
 	//
@@ -3728,7 +3712,7 @@ type SecretListEntry struct {
 
 	// The Amazon Resource Name (ARN) of the secret.
 	//
-	// For more information about ARNs in AWS Secrets Manager, see Policy Resources
+	// For more information about ARNs in Secrets Manager, see Policy Resources
 	// (http://docs.aws.amazon.com/http:/docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources)
 	// in the AWS Secrets Manager User Guide.
 	ARN *string `min:"20" type:"string"`
@@ -3744,8 +3728,8 @@ type SecretListEntry struct {
 
 	// The ARN or alias of the AWS KMS customer master key (CMK) that's used to
 	// encrypt the SecretString and SecretBinary fields in each version of the secret.
-	// If you don't provide a key, then AWS Secrets Manager defaults to encrypting
-	// the secret fields with the default KMS CMK (the one named awssecretsmanager)
+	// If you don't provide a key, then Secrets Manager defaults to encrypting the
+	// secret fields with the default KMS CMK (the one named awssecretsmanager)
 	// for this account.
 	KmsKeyId *string `type:"string"`
 
@@ -3768,9 +3752,9 @@ type SecretListEntry struct {
 	// Indicated whether automatic, scheduled rotation is enabled for this secret.
 	RotationEnabled *bool `type:"boolean"`
 
-	// The ARN of an AWS Lambda function that's invoked by AWS Secrets Manager to
-	// rotate and expire the secret either automatically per the schedule or manually
-	// by a call to RotateSecret.
+	// The ARN of an AWS Lambda function that's invoked by Secrets Manager to rotate
+	// and expire the secret either automatically per the schedule or manually by
+	// a call to RotateSecret.
 	RotationLambdaARN *string `type:"string"`
 
 	// A structure that defines the rotation configuration for the secret.
@@ -4149,9 +4133,9 @@ type UpdateSecretInput struct {
 	// If you use the AWS CLI or one of the AWS SDK to call this operation, then
 	// you can leave this parameter empty. The CLI or SDK generates a random UUID
 	// for you and includes that in the request. If you don't use the SDK and instead
-	// generate a raw HTTP request to the AWS Secrets Manager service endpoint,
-	// then you must generate a ClientRequestToken yourself for new versions and
-	// include that value in the request.
+	// generate a raw HTTP request to the Secrets Manager service endpoint, then
+	// you must generate a ClientRequestToken yourself for new versions and include
+	// that value in the request.
 	//
 	// You typically only need to interact with this value if you implement your
 	// own retry logic and want to ensure that a given secret is not created twice.
@@ -4184,9 +4168,9 @@ type UpdateSecretInput struct {
 	//
 	// If you don't specify this value, then Secrets Manager defaults to using the
 	// default CMK in the account (the one named aws/secretsmanager). If a KMS CMK
-	// with that name doesn't exist, then AWS Secrets Manager creates it for you
-	// automatically the first time it needs to encrypt a version's Plaintext or
-	// PlaintextString fields.
+	// with that name doesn't exist, then Secrets Manager creates it for you automatically
+	// the first time it needs to encrypt a version's Plaintext or PlaintextString
+	// fields.
 	//
 	// You can only use the account's default CMK to encrypt and decrypt if you
 	// call this operation using credentials from the same account that owns the
@@ -4198,8 +4182,8 @@ type UpdateSecretInput struct {
 	// new version of the secret. To use this parameter in the command-line tools,
 	// we recommend that you store your binary data in a file and then use the appropriate
 	// technique for your tool to pass the contents of the file as a parameter.
-	// Either SecretBinary or SecretString must have a value. They cannot both be
-	// empty.
+	// Either SecretBinary or SecretString must have a value, but not both. They
+	// cannot both be empty.
 	//
 	// This parameter is not accessible using the Secrets Manager console.
 	//
@@ -4215,7 +4199,7 @@ type UpdateSecretInput struct {
 
 	// (Optional) Specifies text data that you want to encrypt and store in this
 	// new version of the secret. Either SecretBinary or SecretString must have
-	// a value. They cannot both be empty.
+	// a value, but not both. They cannot both be empty.
 	//
 	// If you create this secret by using the Secrets Manager console then Secrets
 	// Manager puts the protected secret text in only the SecretString parameter.
@@ -4300,7 +4284,7 @@ type UpdateSecretOutput struct {
 
 	// The ARN of this secret.
 	//
-	// AWS Secrets Manager automatically adds several random characters to the name
+	// Secrets Manager automatically adds several random characters to the name
 	// at the end of the ARN when you initially create a secret. This affects only
 	// the ARN and not the actual friendly name. This ensures that if you create
 	// a new secret with the same name as an old secret that you previously deleted,
diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go
index d5939c85b84..0379c436595 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go
@@ -6,14 +6,13 @@
 // AWS Secrets Manager is a web service that enables you to store, manage, and
 // retrieve, secrets.
 //
-// This guide provides descriptions of the AWS Secrets Manager API. For more
-// information about using this service, see the AWS Secrets Manager User Guide
-// (http://docs.aws.amazon.com/http:/docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html).
+// This guide provides descriptions of the Secrets Manager API. For more information
+// about using this service, see the AWS Secrets Manager User Guide (http://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html).
 //
 // API Version
 //
-// This version of the AWS Secrets Manager API Reference documents the AWS Secrets
-// Manager API version 2017-10-17.
+// This version of the Secrets Manager API Reference documents the Secrets Manager
+// API version 2017-10-17.
 //
 // As an alternative to using the API directly, you can use one of the AWS SDKs,
 // which consist of libraries and sample code for various programming languages
@@ -25,36 +24,15 @@
 // Web Services (http://aws.amazon.com/tools/).
 //
 // We recommend that you use the AWS SDKs to make programmatic API calls to
-// AWS Secrets Manager. However, you also can use the AWS Secrets Manager HTTP
-// Query API to make direct calls to the AWS Secrets Manager web service. To
-// learn more about the AWS Secrets Manager HTTP Query API, see Making Query
-// Requests (http://docs.aws.amazon.com/secretsmanager/latest/userguide/orgs_query-requests.html)
+// Secrets Manager. However, you also can use the Secrets Manager HTTP Query
+// API to make direct calls to the Secrets Manager web service. To learn more
+// about the Secrets Manager HTTP Query API, see Making Query Requests (http://docs.aws.amazon.com/secretsmanager/latest/userguide/query-requests.html)
 // in the AWS Secrets Manager User Guide.
 //
-// AWS Secrets Manager supports GET and POST requests for all actions. That
-// is, the API doesn't require you to use GET for some actions and POST for
-// others. However, GET requests are subject to the limitation size of a URL.
-// Therefore, for operations that require larger sizes, use a POST request.
-//
-// Signing Requests
-//
-// When you send HTTP requests to AWS, you must sign the requests so that AWS
-// can identify who sent them. You sign requests with your AWS access key, which
-// consists of an access key ID and a secret access key. We strongly recommend
-// that you don't create an access key for your root account. Anyone who has
-// the access key for your root account has unrestricted access to all the resources
-// in your account. Instead, create an access key for an IAM user account that
-// has the permissions required for the task at hand. As another option, use
-// AWS Security Token Service to generate temporary security credentials, and
-// use those credentials to sign requests.
-//
-// To sign requests, you must use Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
-// If you have an existing application that uses Signature Version 2, you must
-// update it to use Signature Version 4.
-//
-// When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs
-// to make requests to AWS, these tools automatically sign the requests for
-// you with the access key that you specify when you configure the tools.
+// Secrets Manager supports GET and POST requests for all actions. That is,
+// the API doesn't require you to use GET for some actions and POST for others.
+// However, GET requests are subject to the limitation size of a URL. Therefore,
+// for operations that require larger sizes, use a POST request.
 //
 // Support and Feedback for AWS Secrets Manager
 //
@@ -65,11 +43,12 @@
 //
 // How examples are presented
 //
-// The JSON that AWS Secrets Manager returns as a response to your requests
-// is a single long string without line breaks or white space formatting. Both
-// line breaks and white space are included in the examples in this guide to
-// improve readability. When example input parameters would also result in long
-// strings that extend beyond the screen, we insert line breaks to enhance readability.
+// The JSON that AWS Secrets Manager expects as your request parameters and
+// that the service returns as a response to HTTP query requests are single,
+// long strings without line breaks or white space formatting. The JSON shown
+// in the examples is formatted with both line breaks and white space to improve
+// readability. When example input parameters would also result in long strings
+// that extend beyond the screen, we insert line breaks to enhance readability.
 // You should always submit the input as a single JSON text string.
 //
 // Logging API Requests
@@ -77,10 +56,10 @@
 // AWS Secrets Manager supports AWS CloudTrail, a service that records AWS API
 // calls for your AWS account and delivers log files to an Amazon S3 bucket.
 // By using information that's collected by AWS CloudTrail, you can determine
-// which requests were successfully made to AWS Secrets Manager, who made the
-// request, when it was made, and so on. For more about AWS Secrets Manager
-// and its support for AWS CloudTrail, see Logging AWS Secrets Manager Events
-// with AWS CloudTrail (http://docs.aws.amazon.com/secretsmanager/latest/userguide/orgs_cloudtrail-integration.html)
+// which requests were successfully made to Secrets Manager, who made the request,
+// when it was made, and so on. For more about AWS Secrets Manager and its support
+// for AWS CloudTrail, see Logging AWS Secrets Manager Events with AWS CloudTrail
+// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail)
 // in the AWS Secrets Manager User Guide. To learn more about CloudTrail, including
 // how to turn it on and find your log files, see the AWS CloudTrail User Guide
 // (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go
index 6d05321a04c..46b28d334b9 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go
@@ -7,14 +7,14 @@ const (
 	// ErrCodeDecryptionFailure for service response error code
 	// "DecryptionFailure".
 	//
-	// AWS Secrets Manager can't decrypt the protected secret text using the provided
+	// Secrets Manager can't decrypt the protected secret text using the provided
 	// KMS key.
 	ErrCodeDecryptionFailure = "DecryptionFailure"
 
 	// ErrCodeEncryptionFailure for service response error code
 	// "EncryptionFailure".
 	//
-	// AWS Secrets Manager can't encrypt the protected secret text using the provided
+	// Secrets Manager can't encrypt the protected secret text using the provided
 	// KMS key. Check that the customer master key (CMK) is available, enabled,
 	// and not in an invalid state. For more information, see How Key State Affects
 	// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).
@@ -50,8 +50,8 @@ const (
 	// ErrCodeLimitExceededException for service response error code
 	// "LimitExceededException".
 	//
-	// The request failed because it would exceed one of the AWS Secrets Manager
-	// internal limits.
+	// The request failed because it would exceed one of the Secrets Manager internal
+	// limits.
 	ErrCodeLimitExceededException = "LimitExceededException"
 
 	// ErrCodeMalformedPolicyDocumentException for service response error code
diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go b/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go
index a91bf72b806..f47913f27ac 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go
@@ -1249,6 +1249,101 @@ func (c *SSM) DeleteDocumentWithContext(ctx aws.Context, input *DeleteDocumentIn
 	return out, req.Send()
 }
 
+const opDeleteInventory = "DeleteInventory"
+
+// DeleteInventoryRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteInventory operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteInventory for more information on using the DeleteInventory
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DeleteInventoryRequest method.
+//    req, resp := client.DeleteInventoryRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DeleteInventory
+func (c *SSM) DeleteInventoryRequest(input *DeleteInventoryInput) (req *request.Request, output *DeleteInventoryOutput) {
+	op := &request.Operation{
+		Name:       opDeleteInventory,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DeleteInventoryInput{}
+	}
+
+	output = &DeleteInventoryOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DeleteInventory API operation for Amazon Simple Systems Manager (SSM).
+//
+// Delete a custom inventory type, or the data associated with a custom Inventory
+// type. Deleting a custom inventory type is also referred to as deleting a
+// custom inventory schema.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Systems Manager (SSM)'s
+// API operation DeleteInventory for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInternalServerError "InternalServerError"
+//   An error occurred on the server side.
+//
+//   * ErrCodeInvalidTypeNameException "InvalidTypeNameException"
+//   The parameter type name is not valid.
+//
+//   * ErrCodeInvalidOptionException "InvalidOptionException"
+//   The delete inventory option specified is not valid. Verify the option and
+//   try again.
+//
+//   * ErrCodeInvalidDeleteInventoryParametersException "InvalidDeleteInventoryParametersException"
+//   One or more of the parameters specified for the delete operation is not valid.
+//   Verify all parameters and try again.
+//
+//   * ErrCodeInvalidInventoryRequestException "InvalidInventoryRequestException"
+//   The request is not valid.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DeleteInventory
+func (c *SSM) DeleteInventory(input *DeleteInventoryInput) (*DeleteInventoryOutput, error) {
+	req, out := c.DeleteInventoryRequest(input)
+	return out, req.Send()
+}
+
+// DeleteInventoryWithContext is the same as DeleteInventory with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteInventory for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSM) DeleteInventoryWithContext(ctx aws.Context, input *DeleteInventoryInput, opts ...request.Option) (*DeleteInventoryOutput, error) {
+	req, out := c.DeleteInventoryRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDeleteMaintenanceWindow = "DeleteMaintenanceWindow"
 
 // DeleteMaintenanceWindowRequest generates a "aws/request.Request" representing the
@@ -3425,6 +3520,92 @@ func (c *SSM) DescribeInstancePatchesWithContext(ctx aws.Context, input *Describ
 	return out, req.Send()
 }
 
+const opDescribeInventoryDeletions = "DescribeInventoryDeletions"
+
+// DescribeInventoryDeletionsRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeInventoryDeletions operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeInventoryDeletions for more information on using the DescribeInventoryDeletions
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DescribeInventoryDeletionsRequest method.
+//    req, resp := client.DescribeInventoryDeletionsRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribeInventoryDeletions
+func (c *SSM) DescribeInventoryDeletionsRequest(input *DescribeInventoryDeletionsInput) (req *request.Request, output *DescribeInventoryDeletionsOutput) {
+	op := &request.Operation{
+		Name:       opDescribeInventoryDeletions,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DescribeInventoryDeletionsInput{}
+	}
+
+	output = &DescribeInventoryDeletionsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DescribeInventoryDeletions API operation for Amazon Simple Systems Manager (SSM).
+//
+// Describes a specific delete inventory operation.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Systems Manager (SSM)'s
+// API operation DescribeInventoryDeletions for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInternalServerError "InternalServerError"
+//   An error occurred on the server side.
+//
+//   * ErrCodeInvalidDeletionIdException "InvalidDeletionIdException"
+//   The ID specified for the delete operation does not exist or is not valide.
+//   Verify the ID and try again.
+//
+//   * ErrCodeInvalidNextToken "InvalidNextToken"
+//   The specified token is not valid.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribeInventoryDeletions
+func (c *SSM) DescribeInventoryDeletions(input *DescribeInventoryDeletionsInput) (*DescribeInventoryDeletionsOutput, error) {
+	req, out := c.DescribeInventoryDeletionsRequest(input)
+	return out, req.Send()
+}
+
+// DescribeInventoryDeletionsWithContext is the same as DescribeInventoryDeletions with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeInventoryDeletions for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSM) DescribeInventoryDeletionsWithContext(ctx aws.Context, input *DescribeInventoryDeletionsInput, opts ...request.Option) (*DescribeInventoryDeletionsOutput, error) {
+	req, out := c.DescribeInventoryDeletionsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDescribeMaintenanceWindowExecutionTaskInvocations = "DescribeMaintenanceWindowExecutionTaskInvocations"
 
 // DescribeMaintenanceWindowExecutionTaskInvocationsRequest generates a "aws/request.Request" representing the
@@ -4561,6 +4742,9 @@ func (c *SSM) GetDefaultPatchBaselineRequest(input *GetDefaultPatchBaselineInput
 // creating multiple default patch baselines. For example, you can create a
 // default patch baseline for each operating system.
 //
+// If you do not specify an operating system value, the default patch baseline
+// for Windows is returned.
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -7760,7 +7944,7 @@ func (c *SSM) PutParameterRequest(input *PutParameterInput) (req *request.Reques
 
 // PutParameter API operation for Amazon Simple Systems Manager (SSM).
 //
-// Add one or more parameters to the system.
+// Add a parameter to the system.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -8479,6 +8663,9 @@ func (c *SSM) SendCommandRequest(input *SendCommandInput) (req *request.Request,
 //   * ErrCodeInvalidDocument "InvalidDocument"
 //   The specified document does not exist.
 //
+//   * ErrCodeInvalidDocumentVersion "InvalidDocumentVersion"
+//   The document version is not valid or does not exist.
+//
 //   * ErrCodeInvalidOutputFolder "InvalidOutputFolder"
 //   The S3 bucket does not exist.
 //
@@ -9368,18 +9555,18 @@ func (c *SSM) UpdateMaintenanceWindowTaskRequest(input *UpdateMaintenanceWindowT
 // Modifies a task assigned to a Maintenance Window. You can't change the task
 // type, but you can change the following values:
 //
-// Task ARN. For example, you can change a RUN_COMMAND task from AWS-RunPowerShellScript
-// to AWS-RunShellScript.
+//    * TaskARN. For example, you can change a RUN_COMMAND task from AWS-RunPowerShellScript
+//    to AWS-RunShellScript.
 //
-// Service role ARN.
+//    * ServiceRoleArn
 //
-// Task parameters.
+//    * TaskInvocationParameters
 //
-// Task priority.
+//    * Priority
 //
-// Task MaxConcurrency and MaxErrors.
+//    * MaxConcurrency
 //
-// Log location.
+//    * MaxErrors
 //
 // If a parameter is null, then the corresponding field is not modified. Also,
 // if you set Replace to true, then all fields required by the RegisterTaskWithMaintenanceWindow
@@ -9716,16 +9903,29 @@ type AddTagsToResourceInput struct {
 
 	// The resource ID you want to tag.
 	//
-	// For the ManagedInstance, MaintenanceWindow, and PatchBaseline values, use
-	// the ID of the resource, such as mw-01234361858c9b57b for a Maintenance Window.
+	// Use the ID of the resource. Here are some examples:
+	//
+	// ManagedInstance: mi-012345abcde
+	//
+	// MaintenanceWindow: mw-012345abcde
+	//
+	// PatchBaseline: pb-012345abcde
 	//
 	// For the Document and Parameter values, use the name of the resource.
 	//
+	// The ManagedInstance type for this API action is only for on-premises managed
+	// instances. You must specify the the name of the managed instance in the following
+	// format: mi-ID_number. For example, mi-1a2b3c4d5e6f.
+	//
 	// ResourceId is a required field
 	ResourceId *string `type:"string" required:"true"`
 
 	// Specifies the type of resource you are tagging.
 	//
+	// The ManagedInstance type for this API action is for on-premises managed instances.
+	// You must specify the the name of the managed instance in the following format:
+	// mi-ID_number. For example, mi-1a2b3c4d5e6f.
+	//
 	// ResourceType is a required field
 	ResourceType *string `type:"string" required:"true" enum:"ResourceTypeForTagging"`
 
@@ -9733,6 +9933,8 @@ type AddTagsToResourceInput struct {
 	// the tag to have a value, specify the parameter with no value, and we set
 	// the value to an empty string.
 	//
+	// Do not enter personally identifiable information in this field.
+	//
 	// Tags is a required field
 	Tags []*Tag `type:"list" required:"true"`
 }
@@ -10925,11 +11127,14 @@ type Command struct {
 	// The name of the document requested for execution.
 	DocumentName *string `type:"string"`
 
+	// The SSM document version.
+	DocumentVersion *string `type:"string"`
+
 	// The number of targets for which the status is Failed or Execution Timed Out.
 	ErrorCount *int64 `type:"integer"`
 
 	// If this time is reached and the command has not already started executing,
-	// it will not execute. Calculated based on the ExpiresAfter user input provided
+	// it will not run. Calculated based on the ExpiresAfter user input provided
 	// as part of the SendCommand API.
 	ExpiresAfter *time.Time `type:"timestamp" timestampFormat:"unix"`
 
@@ -11057,6 +11262,12 @@ func (s *Command) SetDocumentName(v string) *Command {
 	return s
 }
 
+// SetDocumentVersion sets the DocumentVersion field's value.
+func (s *Command) SetDocumentVersion(v string) *Command {
+	s.DocumentVersion = &v
+	return s
+}
+
 // SetErrorCount sets the ErrorCount field's value.
 func (s *Command) SetErrorCount(v int64) *Command {
 	s.ErrorCount = &v
@@ -11229,6 +11440,9 @@ type CommandInvocation struct {
 	// The document name that was requested for execution.
 	DocumentName *string `type:"string"`
 
+	// The SSM document version.
+	DocumentVersion *string `type:"string"`
+
 	// The instance ID in which this invocation was requested.
 	InstanceId *string `type:"string"`
 
@@ -11345,6 +11559,12 @@ func (s *CommandInvocation) SetDocumentName(v string) *CommandInvocation {
 	return s
 }
 
+// SetDocumentVersion sets the DocumentVersion field's value.
+func (s *CommandInvocation) SetDocumentVersion(v string) *CommandInvocation {
+	s.DocumentVersion = &v
+	return s
+}
+
 // SetInstanceId sets the InstanceId field's value.
 func (s *CommandInvocation) SetInstanceId(v string) *CommandInvocation {
 	s.InstanceId = &v
@@ -11679,7 +11899,7 @@ type ComplianceItem struct {
 	ExecutionSummary *ComplianceExecutionSummary `type:"structure"`
 
 	// An ID for the compliance item. For example, if the compliance item is a Windows
-	// patch, the ID could be the number of the KB article. Here's an example: KB4010320.
+	// patch, the ID could be the number of the KB article; for example: KB4010320.
 	Id *string `min:"1" type:"string"`
 
 	// An ID for the resource. For a managed instance, this is the instance ID.
@@ -11697,8 +11917,8 @@ type ComplianceItem struct {
 	Status *string `type:"string" enum:"ComplianceStatus"`
 
 	// A title for the compliance item. For example, if the compliance item is a
-	// Windows patch, the title could be the title of the KB article for the patch.
-	// Here's an example: Security Update for Active Directory Federation Services.
+	// Windows patch, the title could be the title of the KB article for the patch;
+	// for example: Security Update for Active Directory Federation Services.
 	Title *string `type:"string"`
 }
 
@@ -11789,8 +12009,8 @@ type ComplianceItemEntry struct {
 	Status *string `type:"string" required:"true" enum:"ComplianceStatus"`
 
 	// The title of the compliance item. For example, if the compliance item is
-	// a Windows patch, the title could be the title of the KB article for the patch.
-	// Here's an example: Security Update for Active Directory Federation Services.
+	// a Windows patch, the title could be the title of the KB article for the patch;
+	// for example: Security Update for Active Directory Federation Services.
 	Title *string `type:"string"`
 }
 
@@ -11994,10 +12214,14 @@ type CreateActivationInput struct {
 
 	// The name of the registered, managed instance as it will appear in the Amazon
 	// EC2 console or when you use the AWS command line tools to list EC2 resources.
+	//
+	// Do not enter personally identifiable information in this field.
 	DefaultInstanceName *string `type:"string"`
 
-	// A userdefined description of the resource that you want to register with
+	// A user-defined description of the resource that you want to register with
 	// Amazon EC2.
+	//
+	// Do not enter personally identifiable information in this field.
 	Description *string `type:"string"`
 
 	// The date by which this activation request should expire. The default value
@@ -12738,12 +12962,16 @@ type CreatePatchBaselineInput struct {
 	ApprovalRules *PatchRuleGroup `type:"structure"`
 
 	// A list of explicitly approved patches for the baseline.
+	//
+	// For information about accepted formats for lists of approved patches and
+	// rejected patches, see Package Name Formats for Approved and Rejected Patch
+	// Lists (http://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html)
+	// in the AWS Systems Manager User Guide.
 	ApprovedPatches []*string `type:"list"`
 
 	// Defines the compliance level for approved patches. This means that if an
 	// approved patch is reported as missing, this is the severity of the compliance
-	// violation. Valid compliance severity levels include the following: CRITICAL,
-	// HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
+	// violation. The default value is UNSPECIFIED.
 	ApprovedPatchesComplianceLevel *string `type:"string" enum:"PatchComplianceLevel"`
 
 	// Indicates whether the list of approved patches includes non-security updates
@@ -12770,6 +12998,11 @@ type CreatePatchBaselineInput struct {
 	OperatingSystem *string `type:"string" enum:"OperatingSystem"`
 
 	// A list of explicitly rejected patches for the baseline.
+	//
+	// For information about accepted formats for lists of approved patches and
+	// rejected patches, see Package Name Formats for Approved and Rejected Patch
+	// Lists (http://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html)
+	// in the AWS Systems Manager User Guide.
 	RejectedPatches []*string `type:"list"`
 
 	// Information about the patches to use to update the instances, including target
@@ -13151,6 +13384,138 @@ func (s DeleteDocumentOutput) GoString() string {
 	return s.String()
 }
 
+type DeleteInventoryInput struct {
+	_ struct{} `type:"structure"`
+
+	// User-provided idempotency token.
+	ClientToken *string `min:"1" type:"string" idempotencyToken:"true"`
+
+	// Use this option to view a summary of the deletion request without deleting
+	// any data or the data type. This option is useful when you only want to understand
+	// what will be deleted. Once you validate that the data to be deleted is what
+	// you intend to delete, you can run the same command without specifying the
+	// DryRun option.
+	DryRun *bool `type:"boolean"`
+
+	// Use the SchemaDeleteOption to delete a custom inventory type (schema). If
+	// you don't choose this option, the system only deletes existing inventory
+	// data associated with the custom inventory type. Choose one of the following
+	// options:
+	//
+	// DisableSchema: If you choose this option, the system ignores all inventory
+	// data for the specified version, and any earlier versions. To enable this
+	// schema again, you must call the PutInventory action for a version greater
+	// than the disbled version.
+	//
+	// DeleteSchema: This option deletes the specified custom type from the Inventory
+	// service. You can recreate the schema later, if you want.
+	SchemaDeleteOption *string `type:"string" enum:"InventorySchemaDeleteOption"`
+
+	// The name of the custom inventory type for which you want to delete either
+	// all previously collected data, or the inventory type itself.
+	//
+	// TypeName is a required field
+	TypeName *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteInventoryInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteInventoryInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteInventoryInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteInventoryInput"}
+	if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+	}
+	if s.TypeName == nil {
+		invalidParams.Add(request.NewErrParamRequired("TypeName"))
+	}
+	if s.TypeName != nil && len(*s.TypeName) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TypeName", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *DeleteInventoryInput) SetClientToken(v string) *DeleteInventoryInput {
+	s.ClientToken = &v
+	return s
+}
+
+// SetDryRun sets the DryRun field's value.
+func (s *DeleteInventoryInput) SetDryRun(v bool) *DeleteInventoryInput {
+	s.DryRun = &v
+	return s
+}
+
+// SetSchemaDeleteOption sets the SchemaDeleteOption field's value.
+func (s *DeleteInventoryInput) SetSchemaDeleteOption(v string) *DeleteInventoryInput {
+	s.SchemaDeleteOption = &v
+	return s
+}
+
+// SetTypeName sets the TypeName field's value.
+func (s *DeleteInventoryInput) SetTypeName(v string) *DeleteInventoryInput {
+	s.TypeName = &v
+	return s
+}
+
+type DeleteInventoryOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Every DeleteInventory action is assigned a unique ID. This option returns
+	// a unique ID. You can use this ID to query the status of a delete operation.
+	// This option is useful for ensuring that a delete operation has completed
+	// before you begin other actions.
+	DeletionId *string `type:"string"`
+
+	// A summary of the delete operation. For more information about this summary,
+	// see Understanding the Delete Inventory Summary (http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-delete.html#sysman-inventory-delete-summary).
+	DeletionSummary *InventoryDeletionSummary `type:"structure"`
+
+	// The name of the inventory data type specified in the request.
+	TypeName *string `min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s DeleteInventoryOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteInventoryOutput) GoString() string {
+	return s.String()
+}
+
+// SetDeletionId sets the DeletionId field's value.
+func (s *DeleteInventoryOutput) SetDeletionId(v string) *DeleteInventoryOutput {
+	s.DeletionId = &v
+	return s
+}
+
+// SetDeletionSummary sets the DeletionSummary field's value.
+func (s *DeleteInventoryOutput) SetDeletionSummary(v *InventoryDeletionSummary) *DeleteInventoryOutput {
+	s.DeletionSummary = v
+	return s
+}
+
+// SetTypeName sets the TypeName field's value.
+func (s *DeleteInventoryOutput) SetTypeName(v string) *DeleteInventoryOutput {
+	s.TypeName = &v
+	return s
+}
+
 type DeleteMaintenanceWindowInput struct {
 	_ struct{} `type:"structure"`
 
@@ -15226,30 +15591,120 @@ func (s *DescribeInstancePatchesOutput) SetPatches(v []*PatchComplianceData) *De
 	return s
 }
 
-type DescribeMaintenanceWindowExecutionTaskInvocationsInput struct {
+type DescribeInventoryDeletionsInput struct {
 	_ struct{} `type:"structure"`
 
-	// Optional filters used to scope down the returned task invocations. The supported
-	// filter key is STATUS with the corresponding values PENDING, IN_PROGRESS,
-	// SUCCESS, FAILED, TIMED_OUT, CANCELLING, and CANCELLED.
-	Filters []*MaintenanceWindowFilter `type:"list"`
+	// Specify the delete inventory ID for which you want information. This ID was
+	// returned by the DeleteInventory action.
+	DeletionId *string `type:"string"`
 
 	// The maximum number of items to return for this call. The call also returns
 	// a token that you can specify in a subsequent call to get the next set of
 	// results.
-	MaxResults *int64 `min:"10" type:"integer"`
+	MaxResults *int64 `min:"1" type:"integer"`
 
-	// The token for the next set of items to return. (You received this token from
-	// a previous call.)
+	// A token to start the list. Use this token to get the next set of results.
 	NextToken *string `type:"string"`
+}
 
-	// The ID of the specific task in the Maintenance Window task that should be
-	// retrieved.
-	//
-	// TaskId is a required field
-	TaskId *string `min:"36" type:"string" required:"true"`
-
-	// The ID of the Maintenance Window execution the task is part of.
+// String returns the string representation
+func (s DescribeInventoryDeletionsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeInventoryDeletionsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeInventoryDeletionsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeInventoryDeletionsInput"}
+	if s.MaxResults != nil && *s.MaxResults < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDeletionId sets the DeletionId field's value.
+func (s *DescribeInventoryDeletionsInput) SetDeletionId(v string) *DescribeInventoryDeletionsInput {
+	s.DeletionId = &v
+	return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *DescribeInventoryDeletionsInput) SetMaxResults(v int64) *DescribeInventoryDeletionsInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeInventoryDeletionsInput) SetNextToken(v string) *DescribeInventoryDeletionsInput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeInventoryDeletionsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A list of status items for deleted inventory.
+	InventoryDeletions []*InventoryDeletionStatusItem `type:"list"`
+
+	// The token for the next set of items to return. Use this token to get the
+	// next set of results.
+	NextToken *string `type:"string"`
+}
+
+// String returns the string representation
+func (s DescribeInventoryDeletionsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeInventoryDeletionsOutput) GoString() string {
+	return s.String()
+}
+
+// SetInventoryDeletions sets the InventoryDeletions field's value.
+func (s *DescribeInventoryDeletionsOutput) SetInventoryDeletions(v []*InventoryDeletionStatusItem) *DescribeInventoryDeletionsOutput {
+	s.InventoryDeletions = v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeInventoryDeletionsOutput) SetNextToken(v string) *DescribeInventoryDeletionsOutput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeMaintenanceWindowExecutionTaskInvocationsInput struct {
+	_ struct{} `type:"structure"`
+
+	// Optional filters used to scope down the returned task invocations. The supported
+	// filter key is STATUS with the corresponding values PENDING, IN_PROGRESS,
+	// SUCCESS, FAILED, TIMED_OUT, CANCELLING, and CANCELLED.
+	Filters []*MaintenanceWindowFilter `type:"list"`
+
+	// The maximum number of items to return for this call. The call also returns
+	// a token that you can specify in a subsequent call to get the next set of
+	// results.
+	MaxResults *int64 `min:"10" type:"integer"`
+
+	// The token for the next set of items to return. (You received this token from
+	// a previous call.)
+	NextToken *string `type:"string"`
+
+	// The ID of the specific task in the Maintenance Window task that should be
+	// retrieved.
+	//
+	// TaskId is a required field
+	TaskId *string `min:"36" type:"string" required:"true"`
+
+	// The ID of the Maintenance Window execution the task is part of.
 	//
 	// WindowExecutionId is a required field
 	WindowExecutionId *string `min:"36" type:"string" required:"true"`
@@ -17210,6 +17665,9 @@ type GetCommandInvocationOutput struct {
 	// The name of the document that was executed. For example, AWS-RunShellScript.
 	DocumentName *string `type:"string"`
 
+	// The SSM document version used in the request.
+	DocumentVersion *string `type:"string"`
+
 	// Duration since ExecutionStartDateTime.
 	ExecutionElapsedTime *string `type:"string"`
 
@@ -17262,8 +17720,7 @@ type GetCommandInvocationOutput struct {
 	// If an Amazon S3 bucket was not specified, then this string is empty.
 	StandardOutputUrl *string `type:"string"`
 
-	// The status of the parent command for this invocation. This status can be
-	// different than StatusDetails.
+	// The status of this invocation plugin. This status can be different than StatusDetails.
 	Status *string `type:"string" enum:"CommandInvocationStatus"`
 
 	// A detailed status of the command execution for an invocation. StatusDetails
@@ -17344,6 +17801,12 @@ func (s *GetCommandInvocationOutput) SetDocumentName(v string) *GetCommandInvoca
 	return s
 }
 
+// SetDocumentVersion sets the DocumentVersion field's value.
+func (s *GetCommandInvocationOutput) SetDocumentVersion(v string) *GetCommandInvocationOutput {
+	s.DocumentVersion = &v
+	return s
+}
+
 // SetExecutionElapsedTime sets the ExecutionElapsedTime field's value.
 func (s *GetCommandInvocationOutput) SetExecutionElapsedTime(v string) *GetCommandInvocationOutput {
 	s.ExecutionElapsedTime = &v
@@ -18358,8 +18821,14 @@ type GetMaintenanceWindowExecutionTaskOutput struct {
 	// was retrieved.
 	TaskExecutionId *string `min:"36" type:"string"`
 
-	// The parameters passed to the task when it was executed. The map has the following
-	// format:
+	// The parameters passed to the task when it was executed.
+	//
+	// TaskParameters has been deprecated. To specify parameters to pass to a task
+	// when it runs, instead use the Parameters option in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+	//
+	// The map has the following format:
 	//
 	// Key: string, between 1 and 255 characters
 	//
@@ -18673,6 +19142,11 @@ type GetMaintenanceWindowTaskOutput struct {
 	Description *string `min:"1" type:"string"`
 
 	// The location in Amazon S3 where the task results are logged.
+	//
+	// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+	// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 	LoggingInfo *LoggingInfo `type:"structure"`
 
 	// The maximum number of targets allowed to run this task in parallel.
@@ -18704,6 +19178,11 @@ type GetMaintenanceWindowTaskOutput struct {
 	TaskInvocationParameters *MaintenanceWindowTaskInvocationParameters `type:"structure"`
 
 	// The parameters to pass to the task when it executes.
+	//
+	// TaskParameters has been deprecated. To specify parameters to pass to a task
+	// when it runs, instead use the Parameters option in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 	TaskParameters map[string]*MaintenanceWindowTaskParameterValueExpression `type:"map"`
 
 	// The type of task to execute.
@@ -19004,6 +19483,8 @@ type GetParametersByPathInput struct {
 	NextToken *string `type:"string"`
 
 	// Filters to limit the request results.
+	//
+	// You can't filter using the parameter name.
 	ParameterFilters []*ParameterStringFilter `type:"list"`
 
 	// The hierarchy for the parameter. Hierarchies start with a forward slash (/)
@@ -19014,6 +19495,12 @@ type GetParametersByPathInput struct {
 	Path *string `min:"1" type:"string" required:"true"`
 
 	// Retrieve all parameters within a hierarchy.
+	//
+	// If a user has access to a path, then the user can access all levels of that
+	// path. For example, if a user has permission to access path /a, then the user
+	// can also access /a/b. Even if a user has explicitly been denied access in
+	// IAM for parameter /a, they can still call the GetParametersByPath API action
+	// recursively and view /a/b.
 	Recursive *bool `type:"boolean"`
 
 	// Retrieve all parameters in a hierarchy with their value decrypted.
@@ -20122,7 +20609,7 @@ type InstancePatchState struct {
 	// OperationStartTime is a required field
 	OperationStartTime *time.Time `type:"timestamp" timestampFormat:"unix" required:"true"`
 
-	// Placeholder information, this field will always be empty in the current release
+	// Placeholder information. This field will always be empty in the current release
 	// of the service.
 	OwnerInformation *string `min:"1" type:"string"`
 
@@ -20359,6 +20846,171 @@ func (s *InventoryAggregator) SetExpression(v string) *InventoryAggregator {
 	return s
 }
 
+// Status information returned by the DeleteInventory action.
+type InventoryDeletionStatusItem struct {
+	_ struct{} `type:"structure"`
+
+	// The deletion ID returned by the DeleteInventory action.
+	DeletionId *string `type:"string"`
+
+	// The UTC timestamp when the delete operation started.
+	DeletionStartTime *time.Time `type:"timestamp" timestampFormat:"unix"`
+
+	// Information about the delete operation. For more information about this summary,
+	// see Understanding the Delete Inventory Summary (http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-delete.html#sysman-inventory-delete-summary).
+	DeletionSummary *InventoryDeletionSummary `type:"structure"`
+
+	// The status of the operation. Possible values are InProgress and Complete.
+	LastStatus *string `type:"string" enum:"InventoryDeletionStatus"`
+
+	// Information about the status.
+	LastStatusMessage *string `type:"string"`
+
+	// The UTC timestamp of when the last status report.
+	LastStatusUpdateTime *time.Time `type:"timestamp" timestampFormat:"unix"`
+
+	// The name of the inventory data type.
+	TypeName *string `min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s InventoryDeletionStatusItem) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s InventoryDeletionStatusItem) GoString() string {
+	return s.String()
+}
+
+// SetDeletionId sets the DeletionId field's value.
+func (s *InventoryDeletionStatusItem) SetDeletionId(v string) *InventoryDeletionStatusItem {
+	s.DeletionId = &v
+	return s
+}
+
+// SetDeletionStartTime sets the DeletionStartTime field's value.
+func (s *InventoryDeletionStatusItem) SetDeletionStartTime(v time.Time) *InventoryDeletionStatusItem {
+	s.DeletionStartTime = &v
+	return s
+}
+
+// SetDeletionSummary sets the DeletionSummary field's value.
+func (s *InventoryDeletionStatusItem) SetDeletionSummary(v *InventoryDeletionSummary) *InventoryDeletionStatusItem {
+	s.DeletionSummary = v
+	return s
+}
+
+// SetLastStatus sets the LastStatus field's value.
+func (s *InventoryDeletionStatusItem) SetLastStatus(v string) *InventoryDeletionStatusItem {
+	s.LastStatus = &v
+	return s
+}
+
+// SetLastStatusMessage sets the LastStatusMessage field's value.
+func (s *InventoryDeletionStatusItem) SetLastStatusMessage(v string) *InventoryDeletionStatusItem {
+	s.LastStatusMessage = &v
+	return s
+}
+
+// SetLastStatusUpdateTime sets the LastStatusUpdateTime field's value.
+func (s *InventoryDeletionStatusItem) SetLastStatusUpdateTime(v time.Time) *InventoryDeletionStatusItem {
+	s.LastStatusUpdateTime = &v
+	return s
+}
+
+// SetTypeName sets the TypeName field's value.
+func (s *InventoryDeletionStatusItem) SetTypeName(v string) *InventoryDeletionStatusItem {
+	s.TypeName = &v
+	return s
+}
+
+// Information about the delete operation.
+type InventoryDeletionSummary struct {
+	_ struct{} `type:"structure"`
+
+	// Remaining number of items to delete.
+	RemainingCount *int64 `type:"integer"`
+
+	// A list of counts and versions for deleted items.
+	SummaryItems []*InventoryDeletionSummaryItem `type:"list"`
+
+	// The total number of items to delete. This count does not change during the
+	// delete operation.
+	TotalCount *int64 `type:"integer"`
+}
+
+// String returns the string representation
+func (s InventoryDeletionSummary) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s InventoryDeletionSummary) GoString() string {
+	return s.String()
+}
+
+// SetRemainingCount sets the RemainingCount field's value.
+func (s *InventoryDeletionSummary) SetRemainingCount(v int64) *InventoryDeletionSummary {
+	s.RemainingCount = &v
+	return s
+}
+
+// SetSummaryItems sets the SummaryItems field's value.
+func (s *InventoryDeletionSummary) SetSummaryItems(v []*InventoryDeletionSummaryItem) *InventoryDeletionSummary {
+	s.SummaryItems = v
+	return s
+}
+
+// SetTotalCount sets the TotalCount field's value.
+func (s *InventoryDeletionSummary) SetTotalCount(v int64) *InventoryDeletionSummary {
+	s.TotalCount = &v
+	return s
+}
+
+// Either a count, remaining count, or a version number in a delete inventory
+// summary.
+type InventoryDeletionSummaryItem struct {
+	_ struct{} `type:"structure"`
+
+	// A count of the number of deleted items.
+	Count *int64 `type:"integer"`
+
+	// The remaining number of items to delete.
+	RemainingCount *int64 `type:"integer"`
+
+	// The inventory type version.
+	Version *string `type:"string"`
+}
+
+// String returns the string representation
+func (s InventoryDeletionSummaryItem) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s InventoryDeletionSummaryItem) GoString() string {
+	return s.String()
+}
+
+// SetCount sets the Count field's value.
+func (s *InventoryDeletionSummaryItem) SetCount(v int64) *InventoryDeletionSummaryItem {
+	s.Count = &v
+	return s
+}
+
+// SetRemainingCount sets the RemainingCount field's value.
+func (s *InventoryDeletionSummaryItem) SetRemainingCount(v int64) *InventoryDeletionSummaryItem {
+	s.RemainingCount = &v
+	return s
+}
+
+// SetVersion sets the Version field's value.
+func (s *InventoryDeletionSummaryItem) SetVersion(v string) *InventoryDeletionSummaryItem {
+	s.Version = &v
+	return s
+}
+
 // One or more filters. Use a filter to return a more specific list of results.
 type InventoryFilter struct {
 	_ struct{} `type:"structure"`
@@ -22069,6 +22721,11 @@ func (s *ListTagsForResourceOutput) SetTagList(v []*Tag) *ListTagsForResourceOut
 }
 
 // Information about an Amazon S3 bucket to write instance-level logs to.
+//
+// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+// structure. For information about how Systems Manager handles these options
+// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 type LoggingInfo struct {
 	_ struct{} `type:"structure"`
 
@@ -22144,6 +22801,22 @@ type MaintenanceWindowAutomationParameters struct {
 	DocumentVersion *string `type:"string"`
 
 	// The parameters for the AUTOMATION task.
+	//
+	// For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow
+	// and UpdateMaintenanceWindowTask.
+	//
+	// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+	// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+	//
+	// TaskParameters has been deprecated. To specify parameters to pass to a task
+	// when it runs, instead use the Parameters option in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+	//
+	// For AUTOMATION task types, Systems Manager ignores any values specified for
+	// these parameters.
 	Parameters map[string][]*string `min:"1" type:"map"`
 }
 
@@ -22586,6 +23259,22 @@ func (s *MaintenanceWindowIdentity) SetWindowId(v string) *MaintenanceWindowIden
 }
 
 // The parameters for a LAMBDA task type.
+//
+// For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow
+// and UpdateMaintenanceWindowTask.
+//
+// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+// structure. For information about how Systems Manager handles these options
+// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+//
+// TaskParameters has been deprecated. To specify parameters to pass to a task
+// when it runs, instead use the Parameters option in the TaskInvocationParameters
+// structure. For information about how Systems Manager handles these options
+// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+//
+// For Lambda tasks, Systems Manager ignores any values specified for TaskParameters
+// and LoggingInfo.
 type MaintenanceWindowLambdaParameters struct {
 	_ struct{} `type:"structure"`
 
@@ -22651,6 +23340,22 @@ func (s *MaintenanceWindowLambdaParameters) SetQualifier(v string) *MaintenanceW
 }
 
 // The parameters for a RUN_COMMAND task type.
+//
+// For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow
+// and UpdateMaintenanceWindowTask.
+//
+// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+// structure. For information about how Systems Manager handles these options
+// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+//
+// TaskParameters has been deprecated. To specify parameters to pass to a task
+// when it runs, instead use the Parameters option in the TaskInvocationParameters
+// structure. For information about how Systems Manager handles these options
+// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+//
+// For Run Command tasks, Systems Manager uses specified values for TaskParameters
+// and LoggingInfo only if no values are specified for TaskInvocationParameters.
 type MaintenanceWindowRunCommandParameters struct {
 	_ struct{} `type:"structure"`
 
@@ -22765,7 +23470,23 @@ func (s *MaintenanceWindowRunCommandParameters) SetTimeoutSeconds(v int64) *Main
 	return s
 }
 
-// The parameters for the STEP_FUNCTION execution.
+// The parameters for a STEP_FUNCTION task.
+//
+// For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow
+// and UpdateMaintenanceWindowTask.
+//
+// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+// structure. For information about how Systems Manager handles these options
+// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+//
+// TaskParameters has been deprecated. To specify parameters to pass to a task
+// when it runs, instead use the Parameters option in the TaskInvocationParameters
+// structure. For information about how Systems Manager handles these options
+// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+//
+// For Step Functions tasks, Systems Manager ignores any values specified for
+// TaskParameters and LoggingInfo.
 type MaintenanceWindowStepFunctionsParameters struct {
 	_ struct{} `type:"structure"`
 
@@ -22899,6 +23620,11 @@ type MaintenanceWindowTask struct {
 	Description *string `min:"1" type:"string"`
 
 	// Information about an Amazon S3 bucket to write task-level logs to.
+	//
+	// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+	// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 	LoggingInfo *LoggingInfo `type:"structure"`
 
 	// The maximum number of targets this task can be run for in parallel.
@@ -22929,6 +23655,11 @@ type MaintenanceWindowTask struct {
 	TaskArn *string `min:"1" type:"string"`
 
 	// The parameters that should be passed to the task when it is executed.
+	//
+	// TaskParameters has been deprecated. To specify parameters to pass to a task
+	// when it runs, instead use the Parameters option in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 	TaskParameters map[string]*MaintenanceWindowTaskParameterValueExpression `type:"map"`
 
 	// The type of task. The type can be one of the following: RUN_COMMAND, AUTOMATION,
@@ -23034,7 +23765,7 @@ func (s *MaintenanceWindowTask) SetWindowTaskId(v string) *MaintenanceWindowTask
 type MaintenanceWindowTaskInvocationParameters struct {
 	_ struct{} `type:"structure"`
 
-	// The parameters for a AUTOMATION task type.
+	// The parameters for an AUTOMATION task type.
 	Automation *MaintenanceWindowAutomationParameters `type:"structure"`
 
 	// The parameters for a LAMBDA task type.
@@ -24180,9 +24911,9 @@ func (s *PatchComplianceData) SetTitle(v string) *PatchComplianceData {
 //
 //    * Low
 //
-// SUSE Linux Enterprise Server (SUSE) Operating Systems
+// SUSE Linux Enterprise Server (SLES) Operating Systems
 //
-// The supported keys for SUSE operating systems are PRODUCT, CLASSIFICATION,
+// The supported keys for SLES operating systems are PRODUCT, CLASSIFICATION,
 // and SEVERITY. See the following lists for valid values for each of these
 // keys.
 //
@@ -24237,6 +24968,62 @@ func (s *PatchComplianceData) SetTitle(v string) *PatchComplianceData {
 //    * Moderate
 //
 //    * Low
+//
+// CentOS Operating Systems
+//
+// The supported keys for CentOS operating systems are PRODUCT, CLASSIFICATION,
+// and SEVERITY. See the following lists for valid values for each of these
+// keys.
+//
+// Supported key:PRODUCT
+//
+// Supported values:
+//
+//    * CentOS6.5
+//
+//    * CentOS6.6
+//
+//    * CentOS6.7
+//
+//    * CentOS6.8
+//
+//    * CentOS6.9
+//
+//    * CentOS7.0
+//
+//    * CentOS7.1
+//
+//    * CentOS7.2
+//
+//    * CentOS7.3
+//
+//    * CentOS7.4
+//
+// Supported key:CLASSIFICATION
+//
+// Supported values:
+//
+//    * Security
+//
+//    * Bugfix
+//
+//    * Enhancement
+//
+//    * Recommended
+//
+//    * Newpackage
+//
+// Supported key:SEVERITY
+//
+// Supported values:
+//
+//    * Critical
+//
+//    * Important
+//
+//    * Medium
+//
+//    * Low
 type PatchFilter struct {
 	_ struct{} `type:"structure"`
 
@@ -24900,6 +25687,9 @@ func (s *PutInventoryInput) SetItems(v []*InventoryItem) *PutInventoryInput {
 
 type PutInventoryOutput struct {
 	_ struct{} `type:"structure"`
+
+	// Information about the request.
+	Message *string `type:"string"`
 }
 
 // String returns the string representation
@@ -24912,6 +25702,12 @@ func (s PutInventoryOutput) GoString() string {
 	return s.String()
 }
 
+// SetMessage sets the Message field's value.
+func (s *PutInventoryOutput) SetMessage(v string) *PutInventoryOutput {
+	s.Message = &v
+	return s
+}
+
 type PutParameterInput struct {
 	_ struct{} `type:"structure"`
 
@@ -24921,6 +25717,8 @@ type PutParameterInput struct {
 	AllowedPattern *string `type:"string"`
 
 	// Information about the parameter that you want to add to the system.
+	//
+	// Do not enter personally identifiable information in this field.
 	Description *string `type:"string"`
 
 	// The KMS Key ID that you want to use to encrypt a parameter when you choose
@@ -25240,8 +26038,17 @@ type RegisterTargetWithMaintenanceWindowInput struct {
 	// ResourceType is a required field
 	ResourceType *string `type:"string" required:"true" enum:"MaintenanceWindowResourceType"`
 
-	// The targets (either instances or tags). Instances are specified using Key=instanceids,Values=<instanceid1>,<instanceid2>.
-	// Tags are specified using Key=<tag name>,Values=<tag value>.
+	// The targets (either instances or tags).
+	//
+	// Specify instances using the following format:
+	//
+	// Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>
+	//
+	// Specify tags using either of the following formats:
+	//
+	// Key=tag:<tag-key>,Values=<tag-value-1>,<tag-value-2>
+	//
+	// Key=tag-key,Values=<tag-key-1>,<tag-key-2>
 	//
 	// Targets is a required field
 	Targets []*Target `type:"list" required:"true"`
@@ -25382,6 +26189,11 @@ type RegisterTaskWithMaintenanceWindowInput struct {
 
 	// A structure containing information about an Amazon S3 bucket to write instance-level
 	// logs to.
+	//
+	// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+	// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 	LoggingInfo *LoggingInfo `type:"structure"`
 
 	// The maximum number of targets this task can be run for in parallel.
@@ -25407,8 +26219,15 @@ type RegisterTaskWithMaintenanceWindowInput struct {
 	// ServiceRoleArn is a required field
 	ServiceRoleArn *string `type:"string" required:"true"`
 
-	// The targets (either instances or tags). Instances are specified using Key=instanceids,Values=<instanceid1>,<instanceid2>.
-	// Tags are specified using Key=<tag name>,Values=<tag value>.
+	// The targets (either instances or Maintenance Window targets).
+	//
+	// Specify instances using the following format:
+	//
+	// Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>
+	//
+	// Specify Maintenance Window targets using the following format:
+	//
+	// Key=<WindowTargetIds>,Values=<window-target-id-1>,<window-target-id-2>
 	//
 	// Targets is a required field
 	Targets []*Target `type:"list" required:"true"`
@@ -25423,6 +26242,11 @@ type RegisterTaskWithMaintenanceWindowInput struct {
 	TaskInvocationParameters *MaintenanceWindowTaskInvocationParameters `type:"structure"`
 
 	// The parameters that should be passed to the task when it is executed.
+	//
+	// TaskParameters has been deprecated. To specify parameters to pass to a task
+	// when it runs, instead use the Parameters option in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 	TaskParameters map[string]*MaintenanceWindowTaskParameterValueExpression `type:"map"`
 
 	// The type of task being registered.
@@ -25430,7 +26254,7 @@ type RegisterTaskWithMaintenanceWindowInput struct {
 	// TaskType is a required field
 	TaskType *string `type:"string" required:"true" enum:"MaintenanceWindowTaskType"`
 
-	// The id of the Maintenance Window the task should be added to.
+	// The ID of the Maintenance Window the task should be added to.
 	//
 	// WindowId is a required field
 	WindowId *string `min:"20" type:"string" required:"true"`
@@ -25628,13 +26452,30 @@ func (s *RegisterTaskWithMaintenanceWindowOutput) SetWindowTaskId(v string) *Reg
 type RemoveTagsFromResourceInput struct {
 	_ struct{} `type:"structure"`
 
-	// The resource ID for which you want to remove tags.
+	// The resource ID for which you want to remove tags. Use the ID of the resource.
+	// Here are some examples:
+	//
+	// ManagedInstance: mi-012345abcde
+	//
+	// MaintenanceWindow: mw-012345abcde
+	//
+	// PatchBaseline: pb-012345abcde
+	//
+	// For the Document and Parameter values, use the name of the resource.
+	//
+	// The ManagedInstance type for this API action is only for on-premises managed
+	// instances. You must specify the the name of the managed instance in the following
+	// format: mi-ID_number. For example, mi-1a2b3c4d5e6f.
 	//
 	// ResourceId is a required field
 	ResourceId *string `type:"string" required:"true"`
 
 	// The type of resource of which you want to remove a tag.
 	//
+	// The ManagedInstance type for this API action is only for on-premises managed
+	// instances. You must specify the the name of the managed instance in the following
+	// format: mi-ID_number. For example, mi-1a2b3c4d5e6f.
+	//
 	// ResourceType is a required field
 	ResourceType *string `type:"string" required:"true" enum:"ResourceTypeForTagging"`
 
@@ -26240,6 +27081,10 @@ type SendCommandInput struct {
 	// DocumentName is a required field
 	DocumentName *string `type:"string" required:"true"`
 
+	// The SSM document version to use in the request. You can specify Default,
+	// Latest, or a specific version number.
+	DocumentVersion *string `type:"string"`
+
 	// The instance IDs where the command should execute. You can specify a maximum
 	// of 50 IDs. If you prefer not to list individual instance IDs, you can instead
 	// send commands to a fleet of instances using the Targets parameter, which
@@ -26288,7 +27133,7 @@ type SendCommandInput struct {
 	Targets []*Target `type:"list"`
 
 	// If this time is reached and the command has not already started executing,
-	// it will not execute.
+	// it will not run.
 	TimeoutSeconds *int64 `min:"30" type:"integer"`
 }
 
@@ -26364,6 +27209,12 @@ func (s *SendCommandInput) SetDocumentName(v string) *SendCommandInput {
 	return s
 }
 
+// SetDocumentVersion sets the DocumentVersion field's value.
+func (s *SendCommandInput) SetDocumentVersion(v string) *SendCommandInput {
+	s.DocumentVersion = &v
+	return s
+}
+
 // SetInstanceIds sets the InstanceIds field's value.
 func (s *SendCommandInput) SetInstanceIds(v []*string) *SendCommandInput {
 	s.InstanceIds = v
@@ -27965,6 +28816,11 @@ type UpdateMaintenanceWindowTaskInput struct {
 	Description *string `min:"1" type:"string"`
 
 	// The new logging location in Amazon S3 to specify.
+	//
+	// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+	// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 	LoggingInfo *LoggingInfo `type:"structure"`
 
 	// The new MaxConcurrency value you want to specify. MaxConcurrency is the number
@@ -28003,7 +28859,14 @@ type UpdateMaintenanceWindowTaskInput struct {
 	// fields that match the task type. All other fields should be empty.
 	TaskInvocationParameters *MaintenanceWindowTaskInvocationParameters `type:"structure"`
 
-	// The parameters to modify. The map has the following format:
+	// The parameters to modify.
+	//
+	// TaskParameters has been deprecated. To specify parameters to pass to a task
+	// when it runs, instead use the Parameters option in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
+	//
+	// The map has the following format:
 	//
 	// Key: string, between 1 and 255 characters
 	//
@@ -28179,6 +29042,11 @@ type UpdateMaintenanceWindowTaskOutput struct {
 	Description *string `min:"1" type:"string"`
 
 	// The updated logging information in Amazon S3.
+	//
+	// LoggingInfo has been deprecated. To specify an S3 bucket to contain logs,
+	// instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 	LoggingInfo *LoggingInfo `type:"structure"`
 
 	// The updated MaxConcurrency value.
@@ -28206,6 +29074,11 @@ type UpdateMaintenanceWindowTaskOutput struct {
 	TaskInvocationParameters *MaintenanceWindowTaskInvocationParameters `type:"structure"`
 
 	// The updated parameter values.
+	//
+	// TaskParameters has been deprecated. To specify parameters to pass to a task
+	// when it runs, instead use the Parameters option in the TaskInvocationParameters
+	// structure. For information about how Systems Manager handles these options
+	// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters.
 	TaskParameters map[string]*MaintenanceWindowTaskParameterValueExpression `type:"map"`
 
 	// The ID of the Maintenance Window that was updated.
@@ -28376,6 +29249,11 @@ type UpdatePatchBaselineInput struct {
 	ApprovalRules *PatchRuleGroup `type:"structure"`
 
 	// A list of explicitly approved patches for the baseline.
+	//
+	// For information about accepted formats for lists of approved patches and
+	// rejected patches, see Package Name Formats for Approved and Rejected Patch
+	// Lists (http://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html)
+	// in the AWS Systems Manager User Guide.
 	ApprovedPatches []*string `type:"list"`
 
 	// Assigns a new compliance severity level to an existing patch baseline.
@@ -28401,6 +29279,11 @@ type UpdatePatchBaselineInput struct {
 	Name *string `min:"3" type:"string"`
 
 	// A list of explicitly rejected patches for the baseline.
+	//
+	// For information about accepted formats for lists of approved patches and
+	// rejected patches, see Package Name Formats for Approved and Rejected Patch
+	// Lists (http://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html)
+	// in the AWS Systems Manager User Guide.
 	RejectedPatches []*string `type:"list"`
 
 	// If True, then all fields that are required by the CreatePatchBaseline action
@@ -29020,6 +29903,14 @@ const (
 	InventoryAttributeDataTypeNumber = "number"
 )
 
+const (
+	// InventoryDeletionStatusInProgress is a InventoryDeletionStatus enum value
+	InventoryDeletionStatusInProgress = "InProgress"
+
+	// InventoryDeletionStatusComplete is a InventoryDeletionStatus enum value
+	InventoryDeletionStatusComplete = "Complete"
+)
+
 const (
 	// InventoryQueryOperatorTypeEqual is a InventoryQueryOperatorType enum value
 	InventoryQueryOperatorTypeEqual = "Equal"
@@ -29037,6 +29928,14 @@ const (
 	InventoryQueryOperatorTypeGreaterThan = "GreaterThan"
 )
 
+const (
+	// InventorySchemaDeleteOptionDisableSchema is a InventorySchemaDeleteOption enum value
+	InventorySchemaDeleteOptionDisableSchema = "DisableSchema"
+
+	// InventorySchemaDeleteOptionDeleteSchema is a InventorySchemaDeleteOption enum value
+	InventorySchemaDeleteOptionDeleteSchema = "DeleteSchema"
+)
+
 const (
 	// LastResourceDataSyncStatusSuccessful is a LastResourceDataSyncStatus enum value
 	LastResourceDataSyncStatusSuccessful = "Successful"
diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go
index 8c932a093c3..3321d99884e 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go
@@ -227,6 +227,20 @@ const (
 	// "InvalidCommandId".
 	ErrCodeInvalidCommandId = "InvalidCommandId"
 
+	// ErrCodeInvalidDeleteInventoryParametersException for service response error code
+	// "InvalidDeleteInventoryParametersException".
+	//
+	// One or more of the parameters specified for the delete operation is not valid.
+	// Verify all parameters and try again.
+	ErrCodeInvalidDeleteInventoryParametersException = "InvalidDeleteInventoryParametersException"
+
+	// ErrCodeInvalidDeletionIdException for service response error code
+	// "InvalidDeletionIdException".
+	//
+	// The ID specified for the delete operation does not exist or is not valide.
+	// Verify the ID and try again.
+	ErrCodeInvalidDeletionIdException = "InvalidDeletionIdException"
+
 	// ErrCodeInvalidDocument for service response error code
 	// "InvalidDocument".
 	//
@@ -315,6 +329,12 @@ const (
 	// Verify the keys and values, and try again.
 	ErrCodeInvalidInventoryItemContextException = "InvalidInventoryItemContextException"
 
+	// ErrCodeInvalidInventoryRequestException for service response error code
+	// "InvalidInventoryRequestException".
+	//
+	// The request is not valid.
+	ErrCodeInvalidInventoryRequestException = "InvalidInventoryRequestException"
+
 	// ErrCodeInvalidItemContentException for service response error code
 	// "InvalidItemContentException".
 	//
@@ -340,6 +360,13 @@ const (
 	// Resource Name (ARN) was provided for an Amazon SNS topic.
 	ErrCodeInvalidNotificationConfig = "InvalidNotificationConfig"
 
+	// ErrCodeInvalidOptionException for service response error code
+	// "InvalidOptionException".
+	//
+	// The delete inventory option specified is not valid. Verify the option and
+	// try again.
+	ErrCodeInvalidOptionException = "InvalidOptionException"
+
 	// ErrCodeInvalidOutputFolder for service response error code
 	// "InvalidOutputFolder".
 	//
diff --git a/vendor/github.com/aws/aws-sdk-go/service/workspaces/api.go b/vendor/github.com/aws/aws-sdk-go/service/workspaces/api.go
index 051c8fe53d9..a108e4bd770 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/workspaces/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/workspaces/api.go
@@ -11,6 +11,297 @@ import (
 	"github.com/aws/aws-sdk-go/aws/request"
 )
 
+const opAssociateIpGroups = "AssociateIpGroups"
+
+// AssociateIpGroupsRequest generates a "aws/request.Request" representing the
+// client's request for the AssociateIpGroups operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AssociateIpGroups for more information on using the AssociateIpGroups
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the AssociateIpGroupsRequest method.
+//    req, resp := client.AssociateIpGroupsRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/AssociateIpGroups
+func (c *WorkSpaces) AssociateIpGroupsRequest(input *AssociateIpGroupsInput) (req *request.Request, output *AssociateIpGroupsOutput) {
+	op := &request.Operation{
+		Name:       opAssociateIpGroups,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &AssociateIpGroupsInput{}
+	}
+
+	output = &AssociateIpGroupsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// AssociateIpGroups API operation for Amazon WorkSpaces.
+//
+// Associates the specified IP access control group with the specified directory.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation AssociateIpGroups for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
+//   One or more parameter values are not valid.
+//
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The resource could not be found.
+//
+//   * ErrCodeResourceLimitExceededException "ResourceLimitExceededException"
+//   Your resource limits have been exceeded.
+//
+//   * ErrCodeInvalidResourceStateException "InvalidResourceStateException"
+//   The state of the resource is not valid for this operation.
+//
+//   * ErrCodeAccessDeniedException "AccessDeniedException"
+//   The user is not authorized to access a resource.
+//
+//   * ErrCodeOperationNotSupportedException "OperationNotSupportedException"
+//   This operation is not supported.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/AssociateIpGroups
+func (c *WorkSpaces) AssociateIpGroups(input *AssociateIpGroupsInput) (*AssociateIpGroupsOutput, error) {
+	req, out := c.AssociateIpGroupsRequest(input)
+	return out, req.Send()
+}
+
+// AssociateIpGroupsWithContext is the same as AssociateIpGroups with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssociateIpGroups for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *WorkSpaces) AssociateIpGroupsWithContext(ctx aws.Context, input *AssociateIpGroupsInput, opts ...request.Option) (*AssociateIpGroupsOutput, error) {
+	req, out := c.AssociateIpGroupsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opAuthorizeIpRules = "AuthorizeIpRules"
+
+// AuthorizeIpRulesRequest generates a "aws/request.Request" representing the
+// client's request for the AuthorizeIpRules operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AuthorizeIpRules for more information on using the AuthorizeIpRules
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the AuthorizeIpRulesRequest method.
+//    req, resp := client.AuthorizeIpRulesRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/AuthorizeIpRules
+func (c *WorkSpaces) AuthorizeIpRulesRequest(input *AuthorizeIpRulesInput) (req *request.Request, output *AuthorizeIpRulesOutput) {
+	op := &request.Operation{
+		Name:       opAuthorizeIpRules,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &AuthorizeIpRulesInput{}
+	}
+
+	output = &AuthorizeIpRulesOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// AuthorizeIpRules API operation for Amazon WorkSpaces.
+//
+// Adds one or more rules to the specified IP access control group.
+//
+// This action gives users permission to access their WorkSpaces from the CIDR
+// address ranges specified in the rules.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation AuthorizeIpRules for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
+//   One or more parameter values are not valid.
+//
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The resource could not be found.
+//
+//   * ErrCodeResourceLimitExceededException "ResourceLimitExceededException"
+//   Your resource limits have been exceeded.
+//
+//   * ErrCodeInvalidResourceStateException "InvalidResourceStateException"
+//   The state of the resource is not valid for this operation.
+//
+//   * ErrCodeAccessDeniedException "AccessDeniedException"
+//   The user is not authorized to access a resource.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/AuthorizeIpRules
+func (c *WorkSpaces) AuthorizeIpRules(input *AuthorizeIpRulesInput) (*AuthorizeIpRulesOutput, error) {
+	req, out := c.AuthorizeIpRulesRequest(input)
+	return out, req.Send()
+}
+
+// AuthorizeIpRulesWithContext is the same as AuthorizeIpRules with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AuthorizeIpRules for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *WorkSpaces) AuthorizeIpRulesWithContext(ctx aws.Context, input *AuthorizeIpRulesInput, opts ...request.Option) (*AuthorizeIpRulesOutput, error) {
+	req, out := c.AuthorizeIpRulesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opCreateIpGroup = "CreateIpGroup"
+
+// CreateIpGroupRequest generates a "aws/request.Request" representing the
+// client's request for the CreateIpGroup operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateIpGroup for more information on using the CreateIpGroup
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the CreateIpGroupRequest method.
+//    req, resp := client.CreateIpGroupRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/CreateIpGroup
+func (c *WorkSpaces) CreateIpGroupRequest(input *CreateIpGroupInput) (req *request.Request, output *CreateIpGroupOutput) {
+	op := &request.Operation{
+		Name:       opCreateIpGroup,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &CreateIpGroupInput{}
+	}
+
+	output = &CreateIpGroupOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// CreateIpGroup API operation for Amazon WorkSpaces.
+//
+// Creates an IP access control group.
+//
+// An IP access control group provides you with the ability to control the IP
+// addresses from which users are allowed to access their WorkSpaces. To specify
+// the CIDR address ranges, add rules to your IP access control group and then
+// associate the group with your directory. You can add rules when you create
+// the group or at any time using AuthorizeIpRules.
+//
+// There is a default IP access control group associated with your directory.
+// If you don't associate an IP access control group with your directory, the
+// default group is used. The default group includes a default rule that allows
+// users to access their WorkSpaces from anywhere. You cannot modify the default
+// IP access control group for your directory.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation CreateIpGroup for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
+//   One or more parameter values are not valid.
+//
+//   * ErrCodeResourceLimitExceededException "ResourceLimitExceededException"
+//   Your resource limits have been exceeded.
+//
+//   * ErrCodeResourceAlreadyExistsException "ResourceAlreadyExistsException"
+//   The specified resource already exists.
+//
+//   * ErrCodeResourceCreationFailedException "ResourceCreationFailedException"
+//   The resource could not be created.
+//
+//   * ErrCodeAccessDeniedException "AccessDeniedException"
+//   The user is not authorized to access a resource.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/CreateIpGroup
+func (c *WorkSpaces) CreateIpGroup(input *CreateIpGroupInput) (*CreateIpGroupOutput, error) {
+	req, out := c.CreateIpGroupRequest(input)
+	return out, req.Send()
+}
+
+// CreateIpGroupWithContext is the same as CreateIpGroup with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateIpGroup for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *WorkSpaces) CreateIpGroupWithContext(ctx aws.Context, input *CreateIpGroupInput, opts ...request.Option) (*CreateIpGroupOutput, error) {
+	req, out := c.CreateIpGroupRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opCreateTags = "CreateTags"
 
 // CreateTagsRequest generates a "aws/request.Request" representing the
@@ -55,7 +346,7 @@ func (c *WorkSpaces) CreateTagsRequest(input *CreateTagsInput) (req *request.Req
 
 // CreateTags API operation for Amazon WorkSpaces.
 //
-// Creates tags for the specified WorkSpace.
+// Creates the specified tags for the specified WorkSpace.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -180,6 +471,96 @@ func (c *WorkSpaces) CreateWorkspacesWithContext(ctx aws.Context, input *CreateW
 	return out, req.Send()
 }
 
+const opDeleteIpGroup = "DeleteIpGroup"
+
+// DeleteIpGroupRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteIpGroup operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteIpGroup for more information on using the DeleteIpGroup
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DeleteIpGroupRequest method.
+//    req, resp := client.DeleteIpGroupRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DeleteIpGroup
+func (c *WorkSpaces) DeleteIpGroupRequest(input *DeleteIpGroupInput) (req *request.Request, output *DeleteIpGroupOutput) {
+	op := &request.Operation{
+		Name:       opDeleteIpGroup,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DeleteIpGroupInput{}
+	}
+
+	output = &DeleteIpGroupOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DeleteIpGroup API operation for Amazon WorkSpaces.
+//
+// Deletes the specified IP access control group.
+//
+// You cannot delete an IP access control group that is associated with a directory.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation DeleteIpGroup for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
+//   One or more parameter values are not valid.
+//
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The resource could not be found.
+//
+//   * ErrCodeResourceAssociatedException "ResourceAssociatedException"
+//   The resource is associated with a directory.
+//
+//   * ErrCodeAccessDeniedException "AccessDeniedException"
+//   The user is not authorized to access a resource.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DeleteIpGroup
+func (c *WorkSpaces) DeleteIpGroup(input *DeleteIpGroupInput) (*DeleteIpGroupOutput, error) {
+	req, out := c.DeleteIpGroupRequest(input)
+	return out, req.Send()
+}
+
+// DeleteIpGroupWithContext is the same as DeleteIpGroup with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteIpGroup for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *WorkSpaces) DeleteIpGroupWithContext(ctx aws.Context, input *DeleteIpGroupInput, opts ...request.Option) (*DeleteIpGroupOutput, error) {
+	req, out := c.DeleteIpGroupRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDeleteTags = "DeleteTags"
 
 // DeleteTagsRequest generates a "aws/request.Request" representing the
@@ -224,7 +605,7 @@ func (c *WorkSpaces) DeleteTagsRequest(input *DeleteTagsInput) (req *request.Req
 
 // DeleteTags API operation for Amazon WorkSpaces.
 //
-// Deletes the specified tags from a WorkSpace.
+// Deletes the specified tags from the specified WorkSpace.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -262,6 +643,88 @@ func (c *WorkSpaces) DeleteTagsWithContext(ctx aws.Context, input *DeleteTagsInp
 	return out, req.Send()
 }
 
+const opDescribeIpGroups = "DescribeIpGroups"
+
+// DescribeIpGroupsRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeIpGroups operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeIpGroups for more information on using the DescribeIpGroups
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DescribeIpGroupsRequest method.
+//    req, resp := client.DescribeIpGroupsRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DescribeIpGroups
+func (c *WorkSpaces) DescribeIpGroupsRequest(input *DescribeIpGroupsInput) (req *request.Request, output *DescribeIpGroupsOutput) {
+	op := &request.Operation{
+		Name:       opDescribeIpGroups,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DescribeIpGroupsInput{}
+	}
+
+	output = &DescribeIpGroupsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DescribeIpGroups API operation for Amazon WorkSpaces.
+//
+// Describes one or more of your IP access control groups.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation DescribeIpGroups for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
+//   One or more parameter values are not valid.
+//
+//   * ErrCodeAccessDeniedException "AccessDeniedException"
+//   The user is not authorized to access a resource.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DescribeIpGroups
+func (c *WorkSpaces) DescribeIpGroups(input *DescribeIpGroupsInput) (*DescribeIpGroupsOutput, error) {
+	req, out := c.DescribeIpGroupsRequest(input)
+	return out, req.Send()
+}
+
+// DescribeIpGroupsWithContext is the same as DescribeIpGroups with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeIpGroups for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *WorkSpaces) DescribeIpGroupsWithContext(ctx aws.Context, input *DescribeIpGroupsInput, opts ...request.Option) (*DescribeIpGroupsOutput, error) {
+	req, out := c.DescribeIpGroupsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDescribeTags = "DescribeTags"
 
 // DescribeTagsRequest generates a "aws/request.Request" representing the
@@ -306,7 +769,7 @@ func (c *WorkSpaces) DescribeTagsRequest(input *DescribeTagsInput) (req *request
 
 // DescribeTags API operation for Amazon WorkSpaces.
 //
-// Describes the tags for the specified WorkSpace.
+// Describes the specified tags for the specified WorkSpace.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -748,87 +1211,175 @@ func (c *WorkSpaces) DescribeWorkspacesPagesWithContext(ctx aws.Context, input *
 		},
 	}
 
-	cont := true
-	for p.Next() && cont {
-		cont = fn(p.Page().(*DescribeWorkspacesOutput), !p.HasNextPage())
-	}
-	return p.Err()
+	cont := true
+	for p.Next() && cont {
+		cont = fn(p.Page().(*DescribeWorkspacesOutput), !p.HasNextPage())
+	}
+	return p.Err()
+}
+
+const opDescribeWorkspacesConnectionStatus = "DescribeWorkspacesConnectionStatus"
+
+// DescribeWorkspacesConnectionStatusRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeWorkspacesConnectionStatus operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeWorkspacesConnectionStatus for more information on using the DescribeWorkspacesConnectionStatus
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DescribeWorkspacesConnectionStatusRequest method.
+//    req, resp := client.DescribeWorkspacesConnectionStatusRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DescribeWorkspacesConnectionStatus
+func (c *WorkSpaces) DescribeWorkspacesConnectionStatusRequest(input *DescribeWorkspacesConnectionStatusInput) (req *request.Request, output *DescribeWorkspacesConnectionStatusOutput) {
+	op := &request.Operation{
+		Name:       opDescribeWorkspacesConnectionStatus,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DescribeWorkspacesConnectionStatusInput{}
+	}
+
+	output = &DescribeWorkspacesConnectionStatusOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DescribeWorkspacesConnectionStatus API operation for Amazon WorkSpaces.
+//
+// Describes the connection status of the specified WorkSpaces.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation DescribeWorkspacesConnectionStatus for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
+//   One or more parameter values are not valid.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DescribeWorkspacesConnectionStatus
+func (c *WorkSpaces) DescribeWorkspacesConnectionStatus(input *DescribeWorkspacesConnectionStatusInput) (*DescribeWorkspacesConnectionStatusOutput, error) {
+	req, out := c.DescribeWorkspacesConnectionStatusRequest(input)
+	return out, req.Send()
+}
+
+// DescribeWorkspacesConnectionStatusWithContext is the same as DescribeWorkspacesConnectionStatus with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeWorkspacesConnectionStatus for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *WorkSpaces) DescribeWorkspacesConnectionStatusWithContext(ctx aws.Context, input *DescribeWorkspacesConnectionStatusInput, opts ...request.Option) (*DescribeWorkspacesConnectionStatusOutput, error) {
+	req, out := c.DescribeWorkspacesConnectionStatusRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
 }
 
-const opDescribeWorkspacesConnectionStatus = "DescribeWorkspacesConnectionStatus"
+const opDisassociateIpGroups = "DisassociateIpGroups"
 
-// DescribeWorkspacesConnectionStatusRequest generates a "aws/request.Request" representing the
-// client's request for the DescribeWorkspacesConnectionStatus operation. The "output" return
+// DisassociateIpGroupsRequest generates a "aws/request.Request" representing the
+// client's request for the DisassociateIpGroups operation. The "output" return
 // value will be populated with the request's response once the request completes
 // successfuly.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
 //
-// See DescribeWorkspacesConnectionStatus for more information on using the DescribeWorkspacesConnectionStatus
+// See DisassociateIpGroups for more information on using the DisassociateIpGroups
 // API call, and error handling.
 //
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
-//    // Example sending a request using the DescribeWorkspacesConnectionStatusRequest method.
-//    req, resp := client.DescribeWorkspacesConnectionStatusRequest(params)
+//    // Example sending a request using the DisassociateIpGroupsRequest method.
+//    req, resp := client.DisassociateIpGroupsRequest(params)
 //
 //    err := req.Send()
 //    if err == nil { // resp is now filled
 //        fmt.Println(resp)
 //    }
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DescribeWorkspacesConnectionStatus
-func (c *WorkSpaces) DescribeWorkspacesConnectionStatusRequest(input *DescribeWorkspacesConnectionStatusInput) (req *request.Request, output *DescribeWorkspacesConnectionStatusOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DisassociateIpGroups
+func (c *WorkSpaces) DisassociateIpGroupsRequest(input *DisassociateIpGroupsInput) (req *request.Request, output *DisassociateIpGroupsOutput) {
 	op := &request.Operation{
-		Name:       opDescribeWorkspacesConnectionStatus,
+		Name:       opDisassociateIpGroups,
 		HTTPMethod: "POST",
 		HTTPPath:   "/",
 	}
 
 	if input == nil {
-		input = &DescribeWorkspacesConnectionStatusInput{}
+		input = &DisassociateIpGroupsInput{}
 	}
 
-	output = &DescribeWorkspacesConnectionStatusOutput{}
+	output = &DisassociateIpGroupsOutput{}
 	req = c.newRequest(op, input, output)
 	return
 }
 
-// DescribeWorkspacesConnectionStatus API operation for Amazon WorkSpaces.
+// DisassociateIpGroups API operation for Amazon WorkSpaces.
 //
-// Describes the connection status of the specified WorkSpaces.
+// Disassociates the specified IP access control group from the specified directory.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
 //
 // See the AWS API reference guide for Amazon WorkSpaces's
-// API operation DescribeWorkspacesConnectionStatus for usage and error information.
+// API operation DisassociateIpGroups for usage and error information.
 //
 // Returned Error Codes:
 //   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
 //   One or more parameter values are not valid.
 //
-// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DescribeWorkspacesConnectionStatus
-func (c *WorkSpaces) DescribeWorkspacesConnectionStatus(input *DescribeWorkspacesConnectionStatusInput) (*DescribeWorkspacesConnectionStatusOutput, error) {
-	req, out := c.DescribeWorkspacesConnectionStatusRequest(input)
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The resource could not be found.
+//
+//   * ErrCodeInvalidResourceStateException "InvalidResourceStateException"
+//   The state of the resource is not valid for this operation.
+//
+//   * ErrCodeAccessDeniedException "AccessDeniedException"
+//   The user is not authorized to access a resource.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/DisassociateIpGroups
+func (c *WorkSpaces) DisassociateIpGroups(input *DisassociateIpGroupsInput) (*DisassociateIpGroupsOutput, error) {
+	req, out := c.DisassociateIpGroupsRequest(input)
 	return out, req.Send()
 }
 
-// DescribeWorkspacesConnectionStatusWithContext is the same as DescribeWorkspacesConnectionStatus with the addition of
+// DisassociateIpGroupsWithContext is the same as DisassociateIpGroups with the addition of
 // the ability to pass a context and additional request options.
 //
-// See DescribeWorkspacesConnectionStatus for details on how to use this API operation.
+// See DisassociateIpGroups for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *WorkSpaces) DescribeWorkspacesConnectionStatusWithContext(ctx aws.Context, input *DescribeWorkspacesConnectionStatusInput, opts ...request.Option) (*DescribeWorkspacesConnectionStatusOutput, error) {
-	req, out := c.DescribeWorkspacesConnectionStatusRequest(input)
+func (c *WorkSpaces) DisassociateIpGroupsWithContext(ctx aws.Context, input *DisassociateIpGroupsInput, opts ...request.Option) (*DisassociateIpGroupsOutput, error) {
+	req, out := c.DisassociateIpGroupsRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
@@ -892,7 +1443,7 @@ func (c *WorkSpaces) ModifyWorkspacePropertiesRequest(input *ModifyWorkspaceProp
 //   One or more parameter values are not valid.
 //
 //   * ErrCodeInvalidResourceStateException "InvalidResourceStateException"
-//   The state of the WorkSpace is not valid for this operation.
+//   The state of the resource is not valid for this operation.
 //
 //   * ErrCodeOperationInProgressException "OperationInProgressException"
 //   The properties of this WorkSpace are currently being modified. Try again
@@ -933,6 +1484,96 @@ func (c *WorkSpaces) ModifyWorkspacePropertiesWithContext(ctx aws.Context, input
 	return out, req.Send()
 }
 
+const opModifyWorkspaceState = "ModifyWorkspaceState"
+
+// ModifyWorkspaceStateRequest generates a "aws/request.Request" representing the
+// client's request for the ModifyWorkspaceState operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ModifyWorkspaceState for more information on using the ModifyWorkspaceState
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the ModifyWorkspaceStateRequest method.
+//    req, resp := client.ModifyWorkspaceStateRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/ModifyWorkspaceState
+func (c *WorkSpaces) ModifyWorkspaceStateRequest(input *ModifyWorkspaceStateInput) (req *request.Request, output *ModifyWorkspaceStateOutput) {
+	op := &request.Operation{
+		Name:       opModifyWorkspaceState,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &ModifyWorkspaceStateInput{}
+	}
+
+	output = &ModifyWorkspaceStateOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ModifyWorkspaceState API operation for Amazon WorkSpaces.
+//
+// Sets the state of the specified WorkSpace.
+//
+// To maintain a WorkSpace without being interrupted, set the WorkSpace state
+// to ADMIN_MAINTENANCE. WorkSpaces in this state do not respond to requests
+// to reboot, stop, start, or rebuild. An AutoStop WorkSpace in this state is
+// not stopped. Users can log into a WorkSpace in the ADMIN_MAINTENANCE state.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation ModifyWorkspaceState for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
+//   One or more parameter values are not valid.
+//
+//   * ErrCodeInvalidResourceStateException "InvalidResourceStateException"
+//   The state of the resource is not valid for this operation.
+//
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The resource could not be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/ModifyWorkspaceState
+func (c *WorkSpaces) ModifyWorkspaceState(input *ModifyWorkspaceStateInput) (*ModifyWorkspaceStateOutput, error) {
+	req, out := c.ModifyWorkspaceStateRequest(input)
+	return out, req.Send()
+}
+
+// ModifyWorkspaceStateWithContext is the same as ModifyWorkspaceState with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ModifyWorkspaceState for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *WorkSpaces) ModifyWorkspaceStateWithContext(ctx aws.Context, input *ModifyWorkspaceStateInput, opts ...request.Option) (*ModifyWorkspaceStateOutput, error) {
+	req, out := c.ModifyWorkspaceStateRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opRebootWorkspaces = "RebootWorkspaces"
 
 // RebootWorkspacesRequest generates a "aws/request.Request" representing the
@@ -979,8 +1620,7 @@ func (c *WorkSpaces) RebootWorkspacesRequest(input *RebootWorkspacesInput) (req
 //
 // Reboots the specified WorkSpaces.
 //
-// You cannot reboot a WorkSpace unless its state is AVAILABLE, IMPAIRED, or
-// INOPERABLE.
+// You cannot reboot a WorkSpace unless its state is AVAILABLE or UNHEALTHY.
 //
 // This operation is asynchronous and returns before the WorkSpaces have rebooted.
 //
@@ -1056,9 +1696,9 @@ func (c *WorkSpaces) RebuildWorkspacesRequest(input *RebuildWorkspacesInput) (re
 
 // RebuildWorkspaces API operation for Amazon WorkSpaces.
 //
-// Rebuilds the specified WorkSpaces.
+// Rebuilds the specified WorkSpace.
 //
-// You cannot rebuild a WorkSpace unless its state is AVAILABLE or ERROR.
+// You cannot rebuild a WorkSpace unless its state is AVAILABLE, ERROR, or UNHEALTHY.
 //
 // Rebuilding a WorkSpace is a potentially destructive action that can result
 // in the loss of data. For more information, see Rebuild a WorkSpace (http://docs.aws.amazon.com/workspaces/latest/adminguide/reset-workspace.html).
@@ -1094,6 +1734,94 @@ func (c *WorkSpaces) RebuildWorkspacesWithContext(ctx aws.Context, input *Rebuil
 	return out, req.Send()
 }
 
+const opRevokeIpRules = "RevokeIpRules"
+
+// RevokeIpRulesRequest generates a "aws/request.Request" representing the
+// client's request for the RevokeIpRules operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See RevokeIpRules for more information on using the RevokeIpRules
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the RevokeIpRulesRequest method.
+//    req, resp := client.RevokeIpRulesRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/RevokeIpRules
+func (c *WorkSpaces) RevokeIpRulesRequest(input *RevokeIpRulesInput) (req *request.Request, output *RevokeIpRulesOutput) {
+	op := &request.Operation{
+		Name:       opRevokeIpRules,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &RevokeIpRulesInput{}
+	}
+
+	output = &RevokeIpRulesOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// RevokeIpRules API operation for Amazon WorkSpaces.
+//
+// Removes one or more rules from the specified IP access control group.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation RevokeIpRules for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
+//   One or more parameter values are not valid.
+//
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The resource could not be found.
+//
+//   * ErrCodeInvalidResourceStateException "InvalidResourceStateException"
+//   The state of the resource is not valid for this operation.
+//
+//   * ErrCodeAccessDeniedException "AccessDeniedException"
+//   The user is not authorized to access a resource.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/RevokeIpRules
+func (c *WorkSpaces) RevokeIpRules(input *RevokeIpRulesInput) (*RevokeIpRulesOutput, error) {
+	req, out := c.RevokeIpRulesRequest(input)
+	return out, req.Send()
+}
+
+// RevokeIpRulesWithContext is the same as RevokeIpRules with the addition of
+// the ability to pass a context and additional request options.
+//
+// See RevokeIpRules for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *WorkSpaces) RevokeIpRulesWithContext(ctx aws.Context, input *RevokeIpRulesInput, opts ...request.Option) (*RevokeIpRulesOutput, error) {
+	req, out := c.RevokeIpRulesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opStartWorkspaces = "StartWorkspaces"
 
 // StartWorkspacesRequest generates a "aws/request.Request" representing the
@@ -1298,39 +2026,263 @@ func (c *WorkSpaces) TerminateWorkspacesRequest(input *TerminateWorkspacesInput)
 // data is destroyed. If you need to archive any user data, contact Amazon Web
 // Services before terminating the WorkSpace.
 //
-// You can terminate a WorkSpace that is in any state except SUSPENDED.
+// You can terminate a WorkSpace that is in any state except SUSPENDED.
+//
+// This operation is asynchronous and returns before the WorkSpaces have been
+// completely terminated.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation TerminateWorkspaces for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/TerminateWorkspaces
+func (c *WorkSpaces) TerminateWorkspaces(input *TerminateWorkspacesInput) (*TerminateWorkspacesOutput, error) {
+	req, out := c.TerminateWorkspacesRequest(input)
+	return out, req.Send()
+}
+
+// TerminateWorkspacesWithContext is the same as TerminateWorkspaces with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TerminateWorkspaces for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *WorkSpaces) TerminateWorkspacesWithContext(ctx aws.Context, input *TerminateWorkspacesInput, opts ...request.Option) (*TerminateWorkspacesOutput, error) {
+	req, out := c.TerminateWorkspacesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opUpdateRulesOfIpGroup = "UpdateRulesOfIpGroup"
+
+// UpdateRulesOfIpGroupRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateRulesOfIpGroup operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateRulesOfIpGroup for more information on using the UpdateRulesOfIpGroup
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the UpdateRulesOfIpGroupRequest method.
+//    req, resp := client.UpdateRulesOfIpGroupRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/UpdateRulesOfIpGroup
+func (c *WorkSpaces) UpdateRulesOfIpGroupRequest(input *UpdateRulesOfIpGroupInput) (req *request.Request, output *UpdateRulesOfIpGroupOutput) {
+	op := &request.Operation{
+		Name:       opUpdateRulesOfIpGroup,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &UpdateRulesOfIpGroupInput{}
+	}
+
+	output = &UpdateRulesOfIpGroupOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// UpdateRulesOfIpGroup API operation for Amazon WorkSpaces.
+//
+// Replaces the current rules of the specified IP access control group with
+// the specified rules.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon WorkSpaces's
+// API operation UpdateRulesOfIpGroup for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterValuesException "InvalidParameterValuesException"
+//   One or more parameter values are not valid.
+//
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   The resource could not be found.
+//
+//   * ErrCodeResourceLimitExceededException "ResourceLimitExceededException"
+//   Your resource limits have been exceeded.
 //
-// This operation is asynchronous and returns before the WorkSpaces have been
-// completely terminated.
+//   * ErrCodeInvalidResourceStateException "InvalidResourceStateException"
+//   The state of the resource is not valid for this operation.
 //
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
+//   * ErrCodeAccessDeniedException "AccessDeniedException"
+//   The user is not authorized to access a resource.
 //
-// See the AWS API reference guide for Amazon WorkSpaces's
-// API operation TerminateWorkspaces for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/TerminateWorkspaces
-func (c *WorkSpaces) TerminateWorkspaces(input *TerminateWorkspacesInput) (*TerminateWorkspacesOutput, error) {
-	req, out := c.TerminateWorkspacesRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-2015-04-08/UpdateRulesOfIpGroup
+func (c *WorkSpaces) UpdateRulesOfIpGroup(input *UpdateRulesOfIpGroupInput) (*UpdateRulesOfIpGroupOutput, error) {
+	req, out := c.UpdateRulesOfIpGroupRequest(input)
 	return out, req.Send()
 }
 
-// TerminateWorkspacesWithContext is the same as TerminateWorkspaces with the addition of
+// UpdateRulesOfIpGroupWithContext is the same as UpdateRulesOfIpGroup with the addition of
 // the ability to pass a context and additional request options.
 //
-// See TerminateWorkspaces for details on how to use this API operation.
+// See UpdateRulesOfIpGroup for details on how to use this API operation.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
-func (c *WorkSpaces) TerminateWorkspacesWithContext(ctx aws.Context, input *TerminateWorkspacesInput, opts ...request.Option) (*TerminateWorkspacesOutput, error) {
-	req, out := c.TerminateWorkspacesRequest(input)
+func (c *WorkSpaces) UpdateRulesOfIpGroupWithContext(ctx aws.Context, input *UpdateRulesOfIpGroupInput, opts ...request.Option) (*UpdateRulesOfIpGroupOutput, error) {
+	req, out := c.UpdateRulesOfIpGroupRequest(input)
 	req.SetContext(ctx)
 	req.ApplyOptions(opts...)
 	return out, req.Send()
 }
 
+type AssociateIpGroupsInput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the directory.
+	//
+	// DirectoryId is a required field
+	DirectoryId *string `type:"string" required:"true"`
+
+	// The IDs of one or more IP access control groups.
+	//
+	// GroupIds is a required field
+	GroupIds []*string `type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s AssociateIpGroupsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s AssociateIpGroupsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssociateIpGroupsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AssociateIpGroupsInput"}
+	if s.DirectoryId == nil {
+		invalidParams.Add(request.NewErrParamRequired("DirectoryId"))
+	}
+	if s.GroupIds == nil {
+		invalidParams.Add(request.NewErrParamRequired("GroupIds"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDirectoryId sets the DirectoryId field's value.
+func (s *AssociateIpGroupsInput) SetDirectoryId(v string) *AssociateIpGroupsInput {
+	s.DirectoryId = &v
+	return s
+}
+
+// SetGroupIds sets the GroupIds field's value.
+func (s *AssociateIpGroupsInput) SetGroupIds(v []*string) *AssociateIpGroupsInput {
+	s.GroupIds = v
+	return s
+}
+
+type AssociateIpGroupsOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s AssociateIpGroupsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s AssociateIpGroupsOutput) GoString() string {
+	return s.String()
+}
+
+type AuthorizeIpRulesInput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the group.
+	//
+	// GroupId is a required field
+	GroupId *string `type:"string" required:"true"`
+
+	// The rules to add to the group.
+	//
+	// UserRules is a required field
+	UserRules []*IpRuleItem `type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s AuthorizeIpRulesInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s AuthorizeIpRulesInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AuthorizeIpRulesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AuthorizeIpRulesInput"}
+	if s.GroupId == nil {
+		invalidParams.Add(request.NewErrParamRequired("GroupId"))
+	}
+	if s.UserRules == nil {
+		invalidParams.Add(request.NewErrParamRequired("UserRules"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGroupId sets the GroupId field's value.
+func (s *AuthorizeIpRulesInput) SetGroupId(v string) *AuthorizeIpRulesInput {
+	s.GroupId = &v
+	return s
+}
+
+// SetUserRules sets the UserRules field's value.
+func (s *AuthorizeIpRulesInput) SetUserRules(v []*IpRuleItem) *AuthorizeIpRulesInput {
+	s.UserRules = v
+	return s
+}
+
+type AuthorizeIpRulesOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s AuthorizeIpRulesOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s AuthorizeIpRulesOutput) GoString() string {
+	return s.String()
+}
+
 // Information about the compute type.
 type ComputeType struct {
 	_ struct{} `type:"structure"`
@@ -1355,15 +2307,94 @@ func (s *ComputeType) SetName(v string) *ComputeType {
 	return s
 }
 
+type CreateIpGroupInput struct {
+	_ struct{} `type:"structure"`
+
+	// The description of the group.
+	GroupDesc *string `type:"string"`
+
+	// The name of the group.
+	//
+	// GroupName is a required field
+	GroupName *string `type:"string" required:"true"`
+
+	// The rules to add to the group.
+	UserRules []*IpRuleItem `type:"list"`
+}
+
+// String returns the string representation
+func (s CreateIpGroupInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateIpGroupInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateIpGroupInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CreateIpGroupInput"}
+	if s.GroupName == nil {
+		invalidParams.Add(request.NewErrParamRequired("GroupName"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGroupDesc sets the GroupDesc field's value.
+func (s *CreateIpGroupInput) SetGroupDesc(v string) *CreateIpGroupInput {
+	s.GroupDesc = &v
+	return s
+}
+
+// SetGroupName sets the GroupName field's value.
+func (s *CreateIpGroupInput) SetGroupName(v string) *CreateIpGroupInput {
+	s.GroupName = &v
+	return s
+}
+
+// SetUserRules sets the UserRules field's value.
+func (s *CreateIpGroupInput) SetUserRules(v []*IpRuleItem) *CreateIpGroupInput {
+	s.UserRules = v
+	return s
+}
+
+type CreateIpGroupOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the group.
+	GroupId *string `type:"string"`
+}
+
+// String returns the string representation
+func (s CreateIpGroupOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateIpGroupOutput) GoString() string {
+	return s.String()
+}
+
+// SetGroupId sets the GroupId field's value.
+func (s *CreateIpGroupOutput) SetGroupId(v string) *CreateIpGroupOutput {
+	s.GroupId = &v
+	return s
+}
+
 type CreateTagsInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the resource.
+	// The ID of the WorkSpace. To find this ID, use DescribeWorkspaces.
 	//
 	// ResourceId is a required field
 	ResourceId *string `min:"1" type:"string" required:"true"`
 
-	// The tags. Each resource can have a maximum of 50 tags.
+	// The tags. Each WorkSpace can have a maximum of 50 tags.
 	//
 	// Tags is a required field
 	Tags []*Tag `type:"list" required:"true"`
@@ -1437,7 +2468,7 @@ func (s CreateTagsOutput) GoString() string {
 type CreateWorkspacesInput struct {
 	_ struct{} `type:"structure"`
 
-	// Information about the WorkSpaces to create.
+	// The WorkSpaces to create. You can specify up to 25 WorkSpaces.
 	//
 	// Workspaces is a required field
 	Workspaces []*WorkspaceRequest `min:"1" type:"list" required:"true"`
@@ -1582,10 +2613,62 @@ func (s *DefaultWorkspaceCreationProperties) SetUserEnabledAsLocalAdministrator(
 	return s
 }
 
+type DeleteIpGroupInput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the IP access control group.
+	//
+	// GroupId is a required field
+	GroupId *string `type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteIpGroupInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteIpGroupInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteIpGroupInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteIpGroupInput"}
+	if s.GroupId == nil {
+		invalidParams.Add(request.NewErrParamRequired("GroupId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGroupId sets the GroupId field's value.
+func (s *DeleteIpGroupInput) SetGroupId(v string) *DeleteIpGroupInput {
+	s.GroupId = &v
+	return s
+}
+
+type DeleteIpGroupOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteIpGroupOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteIpGroupOutput) GoString() string {
+	return s.String()
+}
+
 type DeleteTagsInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the resource.
+	// The ID of the WorkSpace. To find this ID, use DescribeWorkspaces.
 	//
 	// ResourceId is a required field
 	ResourceId *string `min:"1" type:"string" required:"true"`
@@ -1637,24 +2720,116 @@ func (s *DeleteTagsInput) SetTagKeys(v []*string) *DeleteTagsInput {
 	return s
 }
 
-type DeleteTagsOutput struct {
-	_ struct{} `type:"structure"`
+type DeleteTagsOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteTagsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteTagsOutput) GoString() string {
+	return s.String()
+}
+
+type DescribeIpGroupsInput struct {
+	_ struct{} `type:"structure"`
+
+	// The IDs of one or more IP access control groups.
+	GroupIds []*string `type:"list"`
+
+	// The maximum number of items to return.
+	MaxResults *int64 `min:"1" type:"integer"`
+
+	// The token for the next set of results. (You received this token from a previous
+	// call.)
+	NextToken *string `min:"1" type:"string"`
+}
+
+// String returns the string representation
+func (s DescribeIpGroupsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DescribeIpGroupsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeIpGroupsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DescribeIpGroupsInput"}
+	if s.MaxResults != nil && *s.MaxResults < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+	}
+	if s.NextToken != nil && len(*s.NextToken) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGroupIds sets the GroupIds field's value.
+func (s *DescribeIpGroupsInput) SetGroupIds(v []*string) *DescribeIpGroupsInput {
+	s.GroupIds = v
+	return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *DescribeIpGroupsInput) SetMaxResults(v int64) *DescribeIpGroupsInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeIpGroupsInput) SetNextToken(v string) *DescribeIpGroupsInput {
+	s.NextToken = &v
+	return s
+}
+
+type DescribeIpGroupsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The token to use to retrieve the next set of results, or null if there are
+	// no more results available. This token is valid for one day and must be used
+	// within that time frame.
+	NextToken *string `min:"1" type:"string"`
+
+	// Information about the IP access control groups.
+	Result []*IpGroup `type:"list"`
 }
 
 // String returns the string representation
-func (s DeleteTagsOutput) String() string {
+func (s DescribeIpGroupsOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteTagsOutput) GoString() string {
+func (s DescribeIpGroupsOutput) GoString() string {
 	return s.String()
 }
 
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeIpGroupsOutput) SetNextToken(v string) *DescribeIpGroupsOutput {
+	s.NextToken = &v
+	return s
+}
+
+// SetResult sets the Result field's value.
+func (s *DescribeIpGroupsOutput) SetResult(v []*IpGroup) *DescribeIpGroupsOutput {
+	s.Result = v
+	return s
+}
+
 type DescribeTagsInput struct {
 	_ struct{} `type:"structure"`
 
-	// The ID of the resource.
+	// The ID of the WorkSpace. To find this ID, use DescribeWorkspaces.
 	//
 	// ResourceId is a required field
 	ResourceId *string `min:"1" type:"string" required:"true"`
@@ -1903,7 +3078,7 @@ type DescribeWorkspacesConnectionStatusInput struct {
 	// call.)
 	NextToken *string `min:"1" type:"string"`
 
-	// The identifiers of the WorkSpaces.
+	// The identifiers of the WorkSpaces. You can specify up to 25 WorkSpaces.
 	WorkspaceIds []*string `min:"1" type:"list"`
 }
 
@@ -2114,6 +3289,72 @@ func (s *DescribeWorkspacesOutput) SetWorkspaces(v []*Workspace) *DescribeWorksp
 	return s
 }
 
+type DisassociateIpGroupsInput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the directory.
+	//
+	// DirectoryId is a required field
+	DirectoryId *string `type:"string" required:"true"`
+
+	// The IDs of one or more IP access control groups.
+	//
+	// GroupIds is a required field
+	GroupIds []*string `type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s DisassociateIpGroupsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DisassociateIpGroupsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DisassociateIpGroupsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DisassociateIpGroupsInput"}
+	if s.DirectoryId == nil {
+		invalidParams.Add(request.NewErrParamRequired("DirectoryId"))
+	}
+	if s.GroupIds == nil {
+		invalidParams.Add(request.NewErrParamRequired("GroupIds"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDirectoryId sets the DirectoryId field's value.
+func (s *DisassociateIpGroupsInput) SetDirectoryId(v string) *DisassociateIpGroupsInput {
+	s.DirectoryId = &v
+	return s
+}
+
+// SetGroupIds sets the GroupIds field's value.
+func (s *DisassociateIpGroupsInput) SetGroupIds(v []*string) *DisassociateIpGroupsInput {
+	s.GroupIds = v
+	return s
+}
+
+type DisassociateIpGroupsOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DisassociateIpGroupsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DisassociateIpGroupsOutput) GoString() string {
+	return s.String()
+}
+
 // Information about a WorkSpace that could not be created.
 type FailedCreateWorkspaceRequest struct {
 	_ struct{} `type:"structure"`
@@ -2200,6 +3441,90 @@ func (s *FailedWorkspaceChangeRequest) SetWorkspaceId(v string) *FailedWorkspace
 	return s
 }
 
+// Information about an IP access control group.
+type IpGroup struct {
+	_ struct{} `type:"structure"`
+
+	// The description of the group.
+	GroupDesc *string `locationName:"groupDesc" type:"string"`
+
+	// The ID of the group.
+	GroupId *string `locationName:"groupId" type:"string"`
+
+	// The name of the group.
+	GroupName *string `locationName:"groupName" type:"string"`
+
+	// The rules.
+	UserRules []*IpRuleItem `locationName:"userRules" type:"list"`
+}
+
+// String returns the string representation
+func (s IpGroup) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s IpGroup) GoString() string {
+	return s.String()
+}
+
+// SetGroupDesc sets the GroupDesc field's value.
+func (s *IpGroup) SetGroupDesc(v string) *IpGroup {
+	s.GroupDesc = &v
+	return s
+}
+
+// SetGroupId sets the GroupId field's value.
+func (s *IpGroup) SetGroupId(v string) *IpGroup {
+	s.GroupId = &v
+	return s
+}
+
+// SetGroupName sets the GroupName field's value.
+func (s *IpGroup) SetGroupName(v string) *IpGroup {
+	s.GroupName = &v
+	return s
+}
+
+// SetUserRules sets the UserRules field's value.
+func (s *IpGroup) SetUserRules(v []*IpRuleItem) *IpGroup {
+	s.UserRules = v
+	return s
+}
+
+// Information about a rule for an IP access control group.
+type IpRuleItem struct {
+	_ struct{} `type:"structure"`
+
+	// The IP address range, in CIDR notation.
+	IpRule *string `locationName:"ipRule" type:"string"`
+
+	// The description.
+	RuleDesc *string `locationName:"ruleDesc" type:"string"`
+}
+
+// String returns the string representation
+func (s IpRuleItem) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s IpRuleItem) GoString() string {
+	return s.String()
+}
+
+// SetIpRule sets the IpRule field's value.
+func (s *IpRuleItem) SetIpRule(v string) *IpRuleItem {
+	s.IpRule = &v
+	return s
+}
+
+// SetRuleDesc sets the RuleDesc field's value.
+func (s *IpRuleItem) SetRuleDesc(v string) *IpRuleItem {
+	s.RuleDesc = &v
+	return s
+}
+
 // Information about a WorkSpace modification.
 type ModificationState struct {
 	_ struct{} `type:"structure"`
@@ -2299,11 +3624,77 @@ func (s ModifyWorkspacePropertiesOutput) GoString() string {
 	return s.String()
 }
 
+type ModifyWorkspaceStateInput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the WorkSpace.
+	//
+	// WorkspaceId is a required field
+	WorkspaceId *string `type:"string" required:"true"`
+
+	// The WorkSpace state.
+	//
+	// WorkspaceState is a required field
+	WorkspaceState *string `type:"string" required:"true" enum:"TargetWorkspaceState"`
+}
+
+// String returns the string representation
+func (s ModifyWorkspaceStateInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ModifyWorkspaceStateInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ModifyWorkspaceStateInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ModifyWorkspaceStateInput"}
+	if s.WorkspaceId == nil {
+		invalidParams.Add(request.NewErrParamRequired("WorkspaceId"))
+	}
+	if s.WorkspaceState == nil {
+		invalidParams.Add(request.NewErrParamRequired("WorkspaceState"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetWorkspaceId sets the WorkspaceId field's value.
+func (s *ModifyWorkspaceStateInput) SetWorkspaceId(v string) *ModifyWorkspaceStateInput {
+	s.WorkspaceId = &v
+	return s
+}
+
+// SetWorkspaceState sets the WorkspaceState field's value.
+func (s *ModifyWorkspaceStateInput) SetWorkspaceState(v string) *ModifyWorkspaceStateInput {
+	s.WorkspaceState = &v
+	return s
+}
+
+type ModifyWorkspaceStateOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s ModifyWorkspaceStateOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ModifyWorkspaceStateOutput) GoString() string {
+	return s.String()
+}
+
 // Information used to reboot a WorkSpace.
 type RebootRequest struct {
 	_ struct{} `type:"structure"`
 
-	// The identifier of the WorkSpace.
+	// The ID of the WorkSpace.
 	//
 	// WorkspaceId is a required field
 	WorkspaceId *string `type:"string" required:"true"`
@@ -2341,7 +3732,7 @@ func (s *RebootRequest) SetWorkspaceId(v string) *RebootRequest {
 type RebootWorkspacesInput struct {
 	_ struct{} `type:"structure"`
 
-	// The WorkSpaces to reboot.
+	// The WorkSpaces to reboot. You can specify up to 25 WorkSpaces.
 	//
 	// RebootWorkspaceRequests is a required field
 	RebootWorkspaceRequests []*RebootRequest `min:"1" type:"list" required:"true"`
@@ -2416,7 +3807,7 @@ func (s *RebootWorkspacesOutput) SetFailedRequests(v []*FailedWorkspaceChangeReq
 type RebuildRequest struct {
 	_ struct{} `type:"structure"`
 
-	// The identifier of the WorkSpace.
+	// The ID of the WorkSpace.
 	//
 	// WorkspaceId is a required field
 	WorkspaceId *string `type:"string" required:"true"`
@@ -2454,7 +3845,7 @@ func (s *RebuildRequest) SetWorkspaceId(v string) *RebuildRequest {
 type RebuildWorkspacesInput struct {
 	_ struct{} `type:"structure"`
 
-	// The WorkSpaces to rebuild.
+	// The WorkSpace to rebuild. You can specify a single WorkSpace.
 	//
 	// RebuildWorkspaceRequests is a required field
 	RebuildWorkspaceRequests []*RebuildRequest `min:"1" type:"list" required:"true"`
@@ -2505,7 +3896,7 @@ func (s *RebuildWorkspacesInput) SetRebuildWorkspaceRequests(v []*RebuildRequest
 type RebuildWorkspacesOutput struct {
 	_ struct{} `type:"structure"`
 
-	// Information about the WorkSpaces that could not be rebuilt.
+	// Information about the WorkSpace if it could not be rebuilt.
 	FailedRequests []*FailedWorkspaceChangeRequest `type:"list"`
 }
 
@@ -2525,6 +3916,72 @@ func (s *RebuildWorkspacesOutput) SetFailedRequests(v []*FailedWorkspaceChangeRe
 	return s
 }
 
+type RevokeIpRulesInput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the group.
+	//
+	// GroupId is a required field
+	GroupId *string `type:"string" required:"true"`
+
+	// The rules to remove from the group.
+	//
+	// UserRules is a required field
+	UserRules []*string `type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s RevokeIpRulesInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s RevokeIpRulesInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RevokeIpRulesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "RevokeIpRulesInput"}
+	if s.GroupId == nil {
+		invalidParams.Add(request.NewErrParamRequired("GroupId"))
+	}
+	if s.UserRules == nil {
+		invalidParams.Add(request.NewErrParamRequired("UserRules"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGroupId sets the GroupId field's value.
+func (s *RevokeIpRulesInput) SetGroupId(v string) *RevokeIpRulesInput {
+	s.GroupId = &v
+	return s
+}
+
+// SetUserRules sets the UserRules field's value.
+func (s *RevokeIpRulesInput) SetUserRules(v []*string) *RevokeIpRulesInput {
+	s.UserRules = v
+	return s
+}
+
+type RevokeIpRulesOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s RevokeIpRulesOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s RevokeIpRulesOutput) GoString() string {
+	return s.String()
+}
+
 // Information about the root volume for a WorkSpace bundle.
 type RootStorage struct {
 	_ struct{} `type:"structure"`
@@ -2576,7 +4033,7 @@ func (s *StartRequest) SetWorkspaceId(v string) *StartRequest {
 type StartWorkspacesInput struct {
 	_ struct{} `type:"structure"`
 
-	// The WorkSpaces to start.
+	// The WorkSpaces to start. You can specify up to 25 WorkSpaces.
 	//
 	// StartWorkspaceRequests is a required field
 	StartWorkspaceRequests []*StartRequest `min:"1" type:"list" required:"true"`
@@ -2664,7 +4121,7 @@ func (s *StopRequest) SetWorkspaceId(v string) *StopRequest {
 type StopWorkspacesInput struct {
 	_ struct{} `type:"structure"`
 
-	// The WorkSpaces to stop.
+	// The WorkSpaces to stop. You can specify up to 25 WorkSpaces.
 	//
 	// StopWorkspaceRequests is a required field
 	StopWorkspaceRequests []*StopRequest `min:"1" type:"list" required:"true"`
@@ -2780,7 +4237,7 @@ func (s *Tag) SetValue(v string) *Tag {
 type TerminateRequest struct {
 	_ struct{} `type:"structure"`
 
-	// The identifier of the WorkSpace.
+	// The ID of the WorkSpace.
 	//
 	// WorkspaceId is a required field
 	WorkspaceId *string `type:"string" required:"true"`
@@ -2818,7 +4275,7 @@ func (s *TerminateRequest) SetWorkspaceId(v string) *TerminateRequest {
 type TerminateWorkspacesInput struct {
 	_ struct{} `type:"structure"`
 
-	// The WorkSpaces to terminate.
+	// The WorkSpaces to terminate. You can specify up to 25 WorkSpaces.
 	//
 	// TerminateWorkspaceRequests is a required field
 	TerminateWorkspaceRequests []*TerminateRequest `min:"1" type:"list" required:"true"`
@@ -2889,6 +4346,72 @@ func (s *TerminateWorkspacesOutput) SetFailedRequests(v []*FailedWorkspaceChange
 	return s
 }
 
+type UpdateRulesOfIpGroupInput struct {
+	_ struct{} `type:"structure"`
+
+	// The ID of the group.
+	//
+	// GroupId is a required field
+	GroupId *string `type:"string" required:"true"`
+
+	// One or more rules.
+	//
+	// UserRules is a required field
+	UserRules []*IpRuleItem `type:"list" required:"true"`
+}
+
+// String returns the string representation
+func (s UpdateRulesOfIpGroupInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UpdateRulesOfIpGroupInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateRulesOfIpGroupInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "UpdateRulesOfIpGroupInput"}
+	if s.GroupId == nil {
+		invalidParams.Add(request.NewErrParamRequired("GroupId"))
+	}
+	if s.UserRules == nil {
+		invalidParams.Add(request.NewErrParamRequired("UserRules"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGroupId sets the GroupId field's value.
+func (s *UpdateRulesOfIpGroupInput) SetGroupId(v string) *UpdateRulesOfIpGroupInput {
+	s.GroupId = &v
+	return s
+}
+
+// SetUserRules sets the UserRules field's value.
+func (s *UpdateRulesOfIpGroupInput) SetUserRules(v []*IpRuleItem) *UpdateRulesOfIpGroupInput {
+	s.UserRules = v
+	return s
+}
+
+type UpdateRulesOfIpGroupOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s UpdateRulesOfIpGroupOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UpdateRulesOfIpGroupOutput) GoString() string {
+	return s.String()
+}
+
 // Information about the user storage for a WorkSpace bundle.
 type UserStorage struct {
 	_ struct{} `type:"structure"`
@@ -3195,8 +4718,8 @@ func (s *WorkspaceConnectionStatus) SetWorkspaceId(v string) *WorkspaceConnectio
 	return s
 }
 
-// Contains information about an AWS Directory Service directory for use with
-// Amazon WorkSpaces.
+// Information about an AWS Directory Service directory for use with Amazon
+// WorkSpaces.
 type WorkspaceDirectory struct {
 	_ struct{} `type:"structure"`
 
@@ -3222,6 +4745,9 @@ type WorkspaceDirectory struct {
 	// to make calls to other services, such as Amazon EC2, on your behalf.
 	IamRoleId *string `type:"string"`
 
+	// The identifiers of the IP access control groups associated with the directory.
+	IpGroupIds []*string `locationName:"ipGroupIds" type:"list"`
+
 	// The registration code for the directory. This is the code that users enter
 	// in their Amazon WorkSpaces client application to connect to the directory.
 	RegistrationCode *string `min:"1" type:"string"`
@@ -3291,6 +4817,12 @@ func (s *WorkspaceDirectory) SetIamRoleId(v string) *WorkspaceDirectory {
 	return s
 }
 
+// SetIpGroupIds sets the IpGroupIds field's value.
+func (s *WorkspaceDirectory) SetIpGroupIds(v []*string) *WorkspaceDirectory {
+	s.IpGroupIds = v
+	return s
+}
+
 // SetRegistrationCode sets the RegistrationCode field's value.
 func (s *WorkspaceDirectory) SetRegistrationCode(v string) *WorkspaceDirectory {
 	s.RegistrationCode = &v
@@ -3566,6 +5098,14 @@ const (
 	RunningModeAlwaysOn = "ALWAYS_ON"
 )
 
+const (
+	// TargetWorkspaceStateAvailable is a TargetWorkspaceState enum value
+	TargetWorkspaceStateAvailable = "AVAILABLE"
+
+	// TargetWorkspaceStateAdminMaintenance is a TargetWorkspaceState enum value
+	TargetWorkspaceStateAdminMaintenance = "ADMIN_MAINTENANCE"
+)
+
 const (
 	// WorkspaceDirectoryStateRegistering is a WorkspaceDirectoryState enum value
 	WorkspaceDirectoryStateRegistering = "REGISTERING"
@@ -3616,6 +5156,9 @@ const (
 	// WorkspaceStateMaintenance is a WorkspaceState enum value
 	WorkspaceStateMaintenance = "MAINTENANCE"
 
+	// WorkspaceStateAdminMaintenance is a WorkspaceState enum value
+	WorkspaceStateAdminMaintenance = "ADMIN_MAINTENANCE"
+
 	// WorkspaceStateTerminating is a WorkspaceState enum value
 	WorkspaceStateTerminating = "TERMINATING"
 
diff --git a/vendor/github.com/aws/aws-sdk-go/service/workspaces/errors.go b/vendor/github.com/aws/aws-sdk-go/service/workspaces/errors.go
index 78fcbedb2b2..2083335b777 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/workspaces/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/workspaces/errors.go
@@ -19,7 +19,7 @@ const (
 	// ErrCodeInvalidResourceStateException for service response error code
 	// "InvalidResourceStateException".
 	//
-	// The state of the WorkSpace is not valid for this operation.
+	// The state of the resource is not valid for this operation.
 	ErrCodeInvalidResourceStateException = "InvalidResourceStateException"
 
 	// ErrCodeOperationInProgressException for service response error code
@@ -29,6 +29,30 @@ const (
 	// in a moment.
 	ErrCodeOperationInProgressException = "OperationInProgressException"
 
+	// ErrCodeOperationNotSupportedException for service response error code
+	// "OperationNotSupportedException".
+	//
+	// This operation is not supported.
+	ErrCodeOperationNotSupportedException = "OperationNotSupportedException"
+
+	// ErrCodeResourceAlreadyExistsException for service response error code
+	// "ResourceAlreadyExistsException".
+	//
+	// The specified resource already exists.
+	ErrCodeResourceAlreadyExistsException = "ResourceAlreadyExistsException"
+
+	// ErrCodeResourceAssociatedException for service response error code
+	// "ResourceAssociatedException".
+	//
+	// The resource is associated with a directory.
+	ErrCodeResourceAssociatedException = "ResourceAssociatedException"
+
+	// ErrCodeResourceCreationFailedException for service response error code
+	// "ResourceCreationFailedException".
+	//
+	// The resource could not be created.
+	ErrCodeResourceCreationFailedException = "ResourceCreationFailedException"
+
 	// ErrCodeResourceLimitExceededException for service response error code
 	// "ResourceLimitExceededException".
 	//
diff --git a/vendor/vendor.json b/vendor/vendor.json
index 9d33669c403..c4e69d1bac9 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -39,916 +39,916 @@
 			"revisionTime": "2017-07-27T15:54:43Z"
 		},
 		{
-			"checksumSHA1": "Mn7rZP6y2VKFyogE4/J/uvfHR7E=",
+			"checksumSHA1": "7TqQymwKnKWZuiNS62pUG6E7CgY=",
 			"path": "github.com/aws/aws-sdk-go/aws",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "DtuTqKH29YnLjrIJkRYX0HQtXY0=",
 			"path": "github.com/aws/aws-sdk-go/aws/arn",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "Y9W+4GimK4Fuxq+vyIskVYFRnX4=",
 			"path": "github.com/aws/aws-sdk-go/aws/awserr",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "yyYr41HZ1Aq0hWc3J5ijXwYEcac=",
 			"path": "github.com/aws/aws-sdk-go/aws/awsutil",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "hicPtITUionsA+dgs1SpsZUkQu4=",
 			"path": "github.com/aws/aws-sdk-go/aws/client",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "ieAJ+Cvp/PKv1LpUEnUXpc3OI6E=",
 			"path": "github.com/aws/aws-sdk-go/aws/client/metadata",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "vVSUnICaD9IaBQisCfw0n8zLwig=",
 			"path": "github.com/aws/aws-sdk-go/aws/corehandlers",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "Y+cPwQL0dZMyqp3wI+KJWmA9KQ8=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "u3GOAJLmdvbuNUeUEcZSEAOeL/0=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "NUJUTWlc1sV8b7WjfiYc4JZbXl0=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials/endpointcreds",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "JEYqmF83O5n5bHkupAzA6STm0no=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials/stscreds",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "HogDW/Wu6ZKTDrQ2HSzG8/vj9Ag=",
 			"path": "github.com/aws/aws-sdk-go/aws/defaults",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "pDnK93CqjQ4ROSW8Y/RuHXjv52M=",
 			"path": "github.com/aws/aws-sdk-go/aws/ec2metadata",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "n2pGWBtTzupMkJrj1UKU67rU0/c=",
+			"checksumSHA1": "MIYMbcTonoSpdxgGHs7wn2EN3Dc=",
 			"path": "github.com/aws/aws-sdk-go/aws/endpoints",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "CntJM8T3dRgC0e1i66CIbP8uCSY=",
 			"path": "github.com/aws/aws-sdk-go/aws/request",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "J66FLqo++F1PXLUU8XQqYaageSc=",
 			"path": "github.com/aws/aws-sdk-go/aws/session",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "BqDC+Sxo3hrC6WYvwx1U4OObaT4=",
 			"path": "github.com/aws/aws-sdk-go/aws/signer/v4",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "wjxQlU1PYxrDRFoL1Vek8Wch7jk=",
 			"path": "github.com/aws/aws-sdk-go/internal/sdkio",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "MYLldFRnsZh21TfCkgkXCT3maPU=",
 			"path": "github.com/aws/aws-sdk-go/internal/sdkrand",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "04ypv4x12l4q0TksA1zEVsmgpvw=",
 			"path": "github.com/aws/aws-sdk-go/internal/shareddefaults",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "NStHCXEvYqG72GknZyv1jaKaeH0=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "GQuRJY72iGQrufDqIaB50zG27u0=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/ec2query",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "yHfT5DTbeCLs4NE2Rgnqrhe15ls=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "R00RL5jJXRYq1iiK1+PGvMfvXyM=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/jsonrpc",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "SBBVYdLcocjdPzMWgDuR8vcOfDQ=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/query",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "9V1PvtFQ9MObZTc3sa86WcuOtOU=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/query/queryutil",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "pkeoOfZpHRvFG/AOZeTf0lwtsFg=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/rest",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "Rpu8KBtHZgvhkwHxUfaky+qW+G4=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/restjson",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "ODo+ko8D6unAxZuN1jGzMcN4QCc=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/restxml",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "0qYPUga28aQVkxZgBR3Z86AbGUQ=",
+			"checksumSHA1": "6zosteWJqUGM9+t9dkANQymMA9s=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "F6mth+G7dXN1GI+nktaGo8Lx8aE=",
 			"path": "github.com/aws/aws-sdk-go/private/signer/v2",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "krjKYP+Z5qrFgZkHccphnuPdYd0=",
+			"checksumSHA1": "yqQRtxoLmiwe3lUvTx81hxfy+S0=",
 			"path": "github.com/aws/aws-sdk-go/service/acm",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "WliJXTogdly9qe5xEV6Fn2zklcs=",
 			"path": "github.com/aws/aws-sdk-go/service/acmpca",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "rQmpNRto8bpB17qNubhGzRh/Aj8=",
 			"path": "github.com/aws/aws-sdk-go/service/apigateway",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "7o1gMXoE8cemDzkZFUrQknQS4Yo=",
 			"path": "github.com/aws/aws-sdk-go/service/applicationautoscaling",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "s0TQJfF7ZqeS9IH4hdvX5EQk2l8=",
 			"path": "github.com/aws/aws-sdk-go/service/appsync",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "YlKOG1eZClZYmcRwJQO+LfEQrVY=",
 			"path": "github.com/aws/aws-sdk-go/service/athena",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "58ARAtV4EKAIv5zpieVjvJMFjO0=",
 			"path": "github.com/aws/aws-sdk-go/service/autoscaling",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "s6of5mfMFZtYy6BRo/tIafylOUc=",
 			"path": "github.com/aws/aws-sdk-go/service/batch",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "MJPsaJkyrCml4VZOsbNGo9Fl0C8=",
 			"path": "github.com/aws/aws-sdk-go/service/budgets",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "AQGPL+fXjjKhBmyb37QAG05R/Qw=",
 			"path": "github.com/aws/aws-sdk-go/service/cloud9",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "NU6AqUCd5TOrxaqFdWmo8l2oeOI=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudformation",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "hCz5z7QQz1416cCjbhjGjvbrdpY=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudfront",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "8PdtKqSEcLQ1V0Gnl2FAHJoOQy0=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudhsmv2",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "kM7Fxkb1OdCiOOmTlRIadqnsdt0=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudsearch",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "pKJec2iJiKDSY5UKmLSeYxLxucg=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudtrail",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "BD7EvXghMHMw52wtxISIhpJ4CTk=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudwatch",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "6Q9ZHEAsu92jsFOCwJAI+SjYYAk=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudwatchevents",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "YNl9xTPOb1SFVmwXDtmwzyGsx8U=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudwatchlogs",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "p/I/GLsXOoZ0XdhDuSQ+lP4NlYM=",
 			"path": "github.com/aws/aws-sdk-go/service/codebuild",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "4KiQdvEfpTf2g+UF2rWlLg/kgok=",
 			"path": "github.com/aws/aws-sdk-go/service/codecommit",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "mLFFVXyhKLYgoKSJ17URM/GXdNc=",
+			"checksumSHA1": "vT7k8uQ7ZfBVVJIYc/Yxui+yWI8=",
 			"path": "github.com/aws/aws-sdk-go/service/codedeploy",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "bh5IjjK9tKextJTq+gLV+6zhmL8=",
+			"checksumSHA1": "5uQsnuE2bMWQ2ypmll1rzXyNqPw=",
 			"path": "github.com/aws/aws-sdk-go/service/codepipeline",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "cx2wG4c6Q5gSTsAU6D/UZMQN/Kg=",
 			"path": "github.com/aws/aws-sdk-go/service/cognitoidentity",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "k4lfEcz91J29Wax6GPBlUUQb5bk=",
 			"path": "github.com/aws/aws-sdk-go/service/cognitoidentityprovider",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "qrxVu09idcoHIT2HqDJIbV3weUE=",
 			"path": "github.com/aws/aws-sdk-go/service/configservice",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "FEUIC6EG3tPnTuvmIsV4b3r9D+k=",
 			"path": "github.com/aws/aws-sdk-go/service/databasemigrationservice",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "I5sSvXLvlj9Ppv0HCbFXdN4tqn4=",
 			"path": "github.com/aws/aws-sdk-go/service/dax",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "WMCgYV6S5ZeQo6pjIFTStdmBVcg=",
+			"checksumSHA1": "/Wa2paWfntnF+4pRSsgMffedplE=",
 			"path": "github.com/aws/aws-sdk-go/service/devicefarm",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "hurqUivjVxLHaXEd2oS8JrwMGQs=",
 			"path": "github.com/aws/aws-sdk-go/service/directconnect",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "zxX7V0AIU1x2yX5Uyd9RMe0C3ok=",
 			"path": "github.com/aws/aws-sdk-go/service/directoryservice",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "Ae8sc+KEu6BMw89WRwaq4Ol/87g=",
+			"checksumSHA1": "mJR+NQiCTZGMy+eaCzbP4sEnX6w=",
 			"path": "github.com/aws/aws-sdk-go/service/dynamodb",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "12jA2n3aIJzdwvOxl+dvtx5S4CI=",
+			"checksumSHA1": "OYW6KOQn3+mHCHpqhlZOUsFEpUE=",
 			"path": "github.com/aws/aws-sdk-go/service/ec2",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "V3D5pDdtXS0yVShpS/fOqFGxCrA=",
 			"path": "github.com/aws/aws-sdk-go/service/ecr",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "7igFr0esmtcs9V0F9iMs2k5uNDI=",
 			"path": "github.com/aws/aws-sdk-go/service/ecs",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "PQnfXJ0ZQIIMiqUUFs4bkUPHqnc=",
 			"path": "github.com/aws/aws-sdk-go/service/efs",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "pZoO4JKc/TJACuq1n9IHuhovD4k=",
 			"path": "github.com/aws/aws-sdk-go/service/elasticache",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "s0INIDkP10AOmJkmTpCHpazIwUw=",
+			"checksumSHA1": "Z2ql82q2CJ3AXQ/Wi+3jhkpXmt0=",
 			"path": "github.com/aws/aws-sdk-go/service/elasticbeanstalk",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "BSSURh/ALTj0QW5BWPJkW3i+FN0=",
 			"path": "github.com/aws/aws-sdk-go/service/elasticsearchservice",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "JpvcQ+tc0yz2WZ0ne6zzxlbfscI=",
 			"path": "github.com/aws/aws-sdk-go/service/elastictranscoder",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "MgdGxbP8vjCkzkj1ukmU5Uqh3UA=",
 			"path": "github.com/aws/aws-sdk-go/service/elb",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "hgqHUngsP+NPjkZVqevXuioHnkE=",
 			"path": "github.com/aws/aws-sdk-go/service/elbv2",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "OQuas8ovzB34Yb2bCMBDsu8teu4=",
 			"path": "github.com/aws/aws-sdk-go/service/emr",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "hUosfOQhleGpv6UWGnbDf/eB5Ts=",
+			"checksumSHA1": "P9J4eI4+Bde2V4P5SbQ5yrkC4v8=",
 			"path": "github.com/aws/aws-sdk-go/service/firehose",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "4DYLn0HnMhZvXXgx6VjbS/V0srA=",
 			"path": "github.com/aws/aws-sdk-go/service/fms",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "UPwhm+XWgDTDZ4wUziP+9RHOozg=",
 			"path": "github.com/aws/aws-sdk-go/service/gamelift",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "N1F3vRsnxAZyfr4v7iK+MagWuGU=",
+			"checksumSHA1": "pOhtcgvfgH3qPUiqZrBgpawiu8I=",
 			"path": "github.com/aws/aws-sdk-go/service/glacier",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "2bqJtsfs1LDLLhczU/SNtmvkjcw=",
 			"path": "github.com/aws/aws-sdk-go/service/glue",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "YZJXefe33AjqEWaIm8ufdQc0atE=",
+			"checksumSHA1": "cP4Rz6mIrnYIGYX8CKgZlZD0oPA=",
 			"path": "github.com/aws/aws-sdk-go/service/guardduty",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "DHrIPXQ0QzjE+Hnfwk0INR4rUkU=",
 			"path": "github.com/aws/aws-sdk-go/service/iam",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "pvrqgHDeZ3gAHIiZyZfwXOi9GD4=",
 			"path": "github.com/aws/aws-sdk-go/service/inspector",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "TpvdN/5q0qLBHZhQQlB4cyQOxR4=",
+			"checksumSHA1": "lKGIKcPcMErM1NJdXBsHLic1E8w=",
 			"path": "github.com/aws/aws-sdk-go/service/iot",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "zdG3e3bdyNaBuApO06pygeSJsJ4=",
 			"path": "github.com/aws/aws-sdk-go/service/kinesis",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "zmOo5EeLSGFEuIBiRQsVd4+SBJ0=",
 			"path": "github.com/aws/aws-sdk-go/service/kms",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "nlvFlqVKHyuyYHG88H3Yt/OA1e0=",
 			"path": "github.com/aws/aws-sdk-go/service/lambda",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "AO97b1GChOs2geiFc//6YcpVfX8=",
 			"path": "github.com/aws/aws-sdk-go/service/lexmodelbuildingservice",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "jyxQ6TEdSl9/j7qC0LCkVMSXkog=",
 			"path": "github.com/aws/aws-sdk-go/service/lightsail",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "lKyAXJ4S6uXuSR1/pQ9gCGHYSLI=",
 			"path": "github.com/aws/aws-sdk-go/service/mediaconvert",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "eYt7GSKmi5G+h1R+Y1qIbs2Zn4o=",
+			"checksumSHA1": "NVSUO8GRtIWDm7IexnBSmQWvBh8=",
 			"path": "github.com/aws/aws-sdk-go/service/medialive",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "ETmB3lf15r4sn18bB9ilBQVXto4=",
 			"path": "github.com/aws/aws-sdk-go/service/mediapackage",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "I1sxeu8aJOiM3a5/tnJya8blE3A=",
 			"path": "github.com/aws/aws-sdk-go/service/mediastore",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "AnipOpUAJroLkoknx4xacrO0qSA=",
 			"path": "github.com/aws/aws-sdk-go/service/mediastoredata",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "lAweYYdjcZ6acj6oI3HI9hX3eIQ=",
 			"path": "github.com/aws/aws-sdk-go/service/mq",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "X/WdGuHGMxRCvufmQxstVjdbFT4=",
 			"path": "github.com/aws/aws-sdk-go/service/opsworks",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "smOJ/rypXb18/Rjryf2a85paSa4=",
 			"path": "github.com/aws/aws-sdk-go/service/organizations",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "vL235vodhgG61BkUxRD4B7io+zk=",
+			"checksumSHA1": "l3VeRGYSCtkXBvqVNVwRqb03Jko=",
 			"path": "github.com/aws/aws-sdk-go/service/rds",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "kapXC7OZ1fnkZ3N6p19+WUafn40=",
 			"path": "github.com/aws/aws-sdk-go/service/redshift",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "Hi/sxx81pqe+fI5VrS5+UK2DsDU=",
 			"path": "github.com/aws/aws-sdk-go/service/route53",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "KidzwXO5VKKI9zIuTAUsuF7KxIM=",
 			"path": "github.com/aws/aws-sdk-go/service/s3",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "HtsbSppcf5M5q+zrbhJqcFlVN5I=",
+			"checksumSHA1": "OUQpREA6ZLi/zTX4vZc56+ZoZLI=",
 			"path": "github.com/aws/aws-sdk-go/service/sagemaker",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "p1xuYwYaBe6v4ORN6IgBG3zQGrc=",
+			"checksumSHA1": "A4o0zzrS7xtyYrmbeAKvda7Wyco=",
 			"path": "github.com/aws/aws-sdk-go/service/secretsmanager",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "cyCJGeDReKwRq69kTcd4lozkuIg=",
 			"path": "github.com/aws/aws-sdk-go/service/servicecatalog",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "NLj37wyUZIo8/Rp3zp+LDfr878M=",
 			"path": "github.com/aws/aws-sdk-go/service/servicediscovery",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "nXAp7K8BCFvsaSdorGV7swBEQgA=",
 			"path": "github.com/aws/aws-sdk-go/service/ses",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "q4qCE/5OiBJA1k8P0jQRx9UhKvs=",
 			"path": "github.com/aws/aws-sdk-go/service/sfn",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "hAIPfcEcdc8xJ7MseIufmssdE/s=",
 			"path": "github.com/aws/aws-sdk-go/service/simpledb",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "1Fin0tclPDC/+rL7V06GrzXaMXI=",
 			"path": "github.com/aws/aws-sdk-go/service/sns",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "T8ABBS2aS6yRTD6w3kjpgFLe/Zw=",
 			"path": "github.com/aws/aws-sdk-go/service/sqs",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "mS1K6ch7/XVpXDOI5//FqSeI/f0=",
+			"checksumSHA1": "q5ApQXXApBOPXOYOLDOetdC4MNw=",
 			"path": "github.com/aws/aws-sdk-go/service/ssm",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "llx3DydC0nTbF0cZoYUjO9P1eZw=",
 			"path": "github.com/aws/aws-sdk-go/service/sts",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "i1yLjEKjcDxm0rakhcaDuAcQb7I=",
 			"path": "github.com/aws/aws-sdk-go/service/swf",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "Mf9nXjY0+Lq5RxEGEIYCYL8u+Kc=",
 			"path": "github.com/aws/aws-sdk-go/service/waf",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "iRNs3RoLjrzcBsPrSynhbEqY/4s=",
 			"path": "github.com/aws/aws-sdk-go/service/wafregional",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
-			"checksumSHA1": "z1UVKeq050lEoz9dgu/itKRc900=",
+			"checksumSHA1": "LzD/Yb1Xzc4OPKZZadOGV2fpQto=",
 			"path": "github.com/aws/aws-sdk-go/service/workspaces",
-			"revision": "9b0098a71f6d4d473a26ec8ad3c2feaac6eb1da6",
-			"revisionTime": "2018-04-10T22:21:50Z",
-			"version": "v1.13.32",
-			"versionExact": "v1.13.32"
+			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
+			"revisionTime": "2018-05-02T20:08:43Z",
+			"version": "v1.13.40",
+			"versionExact": "v1.13.40"
 		},
 		{
 			"checksumSHA1": "usT4LCSQItkFvFOQT7cBlkCuGaE=",

From e511e1b046e1bbcbadb0e4721d29e40f859be04b Mon Sep 17 00:00:00 2001
From: tf-release-bot <terraform@hashicorp.com>
Date: Wed, 2 May 2018 21:05:23 +0000
Subject: [PATCH 16/71] Cleanup after v1.17.0 release

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e0e0216fb5d..3dbd2bb04b0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,4 @@
+## 1.18.0 (Unreleased)
 ## 1.17.0 (May 02, 2018)
 
 NOTES:

From fc1c70509e07d8998781973798348fb83187906c Mon Sep 17 00:00:00 2001
From: Joshua Carp <jm.carp@gmail.com>
Date: Wed, 2 May 2018 21:59:11 -0400
Subject: [PATCH 17/71] Paginate auto-scaling groups.

[Fixes #4422]
---
 aws/data_source_aws_autoscaling_groups.go | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/aws/data_source_aws_autoscaling_groups.go b/aws/data_source_aws_autoscaling_groups.go
index 012195e1799..fc4154159eb 100644
--- a/aws/data_source_aws_autoscaling_groups.go
+++ b/aws/data_source_aws_autoscaling_groups.go
@@ -65,16 +65,14 @@ func dataSourceAwsAutoscalingGroupsRead(d *schema.ResourceData, meta interface{}
 			raw[i] = *v.ResourceId
 		}
 	} else {
-
-		resp, err := conn.DescribeAutoScalingGroups(&autoscaling.DescribeAutoScalingGroupsInput{})
-		if err != nil {
+		if err := conn.DescribeAutoScalingGroupsPages(&autoscaling.DescribeAutoScalingGroupsInput{}, func(resp *autoscaling.DescribeAutoScalingGroupsOutput, lastPage bool) bool {
+			for _, group := range resp.AutoScalingGroups {
+				raw = append(raw, *group.AutoScalingGroupName)
+			}
+			return true
+		}); err != nil {
 			return fmt.Errorf("Error fetching Autoscaling Groups: %s", err)
 		}
-
-		raw = make([]string, len(resp.AutoScalingGroups))
-		for i, v := range resp.AutoScalingGroups {
-			raw[i] = *v.AutoScalingGroupName
-		}
 	}
 
 	sort.Strings(raw)

From f454f542b6d6576772cfa3f227fab52442506ef2 Mon Sep 17 00:00:00 2001
From: Joshua Carp <jm.carp@gmail.com>
Date: Wed, 2 May 2018 22:59:46 -0400
Subject: [PATCH 18/71] Allow autoscaling group tests to run in multiple
 regions.

---
 ...data_source_aws_autoscaling_groups_test.go | 48 +++++++++++++++----
 1 file changed, 40 insertions(+), 8 deletions(-)

diff --git a/aws/data_source_aws_autoscaling_groups_test.go b/aws/data_source_aws_autoscaling_groups_test.go
index 3a6ba764480..67a478c59bf 100644
--- a/aws/data_source_aws_autoscaling_groups_test.go
+++ b/aws/data_source_aws_autoscaling_groups_test.go
@@ -81,13 +81,29 @@ func testAccCheckAwsAutoscalingGroupsAvailable(attrs map[string]string) ([]strin
 
 func testAccCheckAwsAutoscalingGroupsConfig(rInt1, rInt2, rInt3 int) string {
 	return fmt.Sprintf(`
+data "aws_ami" "test_ami" {
+  most_recent = true
+
+  filter {
+    name   = "owner-alias"
+    values = ["amazon"]
+  }
+
+  filter {
+    name   = "name"
+    values = ["amzn-ami-hvm-*-x86_64-gp2"]
+  }
+}
+
+data "aws_availability_zones" "available" {}
+
 resource "aws_launch_configuration" "foobar" {
-  image_id = "ami-21f78e11"
+  image_id = "${data.aws_ami.test_ami.id}"
   instance_type = "t1.micro"
 }
 
 resource "aws_autoscaling_group" "bar" {
-  availability_zones = ["us-west-2a"]
+  availability_zones = ["${data.aws_availability_zones.available.names[0]}"]
   name = "test-asg-%d"
   max_size = 1
   min_size = 0
@@ -105,7 +121,7 @@ resource "aws_autoscaling_group" "bar" {
 }
 
 resource "aws_autoscaling_group" "foo" {
-  availability_zones = ["us-west-2b"]
+  availability_zones = ["${data.aws_availability_zones.available.names[1]}"]
   name = "test-asg-%d"
   max_size = 1
   min_size = 0
@@ -123,7 +139,7 @@ resource "aws_autoscaling_group" "foo" {
 }
 
 resource "aws_autoscaling_group" "barbaz" {
-  availability_zones = ["us-west-2c"]
+  availability_zones = ["${data.aws_availability_zones.available.names[2]}"]
   name = "test-asg-%d"
   max_size = 1
   min_size = 0
@@ -143,13 +159,29 @@ resource "aws_autoscaling_group" "barbaz" {
 
 func testAccCheckAwsAutoscalingGroupsConfigWithDataSource(rInt1, rInt2, rInt3 int) string {
 	return fmt.Sprintf(`
+data "aws_ami" "test_ami" {
+  most_recent = true
+
+  filter {
+    name   = "owner-alias"
+    values = ["amazon"]
+  }
+
+  filter {
+    name   = "name"
+    values = ["amzn-ami-hvm-*-x86_64-gp2"]
+  }
+}
+
+data "aws_availability_zones" "available" {}
+
 resource "aws_launch_configuration" "foobar" {
-  image_id = "ami-21f78e11"
+  image_id = "${data.aws_ami.test_ami.id}"
   instance_type = "t1.micro"
 }
 
 resource "aws_autoscaling_group" "bar" {
-  availability_zones = ["us-west-2a"]
+  availability_zones = ["${data.aws_availability_zones.available.names[0]}"]
   name = "test-asg-%d"
   max_size = 1
   min_size = 0
@@ -167,7 +199,7 @@ resource "aws_autoscaling_group" "bar" {
 }
 
 resource "aws_autoscaling_group" "foo" {
-  availability_zones = ["us-west-2b"]
+  availability_zones = ["${data.aws_availability_zones.available.names[1]}"]
   name = "test-asg-%d"
   max_size = 1
   min_size = 0
@@ -185,7 +217,7 @@ resource "aws_autoscaling_group" "foo" {
 }
 
 resource "aws_autoscaling_group" "barbaz" {
-  availability_zones = ["us-west-2c"]
+  availability_zones = ["${data.aws_availability_zones.available.names[2]}"]
   name = "test-asg-%d"
   max_size = 1
   min_size = 0

From 02d074b242dd7a03092d936b86131e43299c56d2 Mon Sep 17 00:00:00 2001
From: Tom Elliff <tomelliff@gmail.com>
Date: Thu, 3 May 2018 08:59:57 +0100
Subject: [PATCH 19/71] Add account ID to the SSM document ARN

Without the account ID being specified if the ARN output is used as an allowed resource in an IAM policy then the IAM policy doesn't match the document and you get a permissions error from IAM when executing the document.
---
 aws/resource_aws_ssm_document.go      | 1 +
 aws/resource_aws_ssm_document_test.go | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/aws/resource_aws_ssm_document.go b/aws/resource_aws_ssm_document.go
index 23f7facad9d..ac7e15fc1b6 100644
--- a/aws/resource_aws_ssm_document.go
+++ b/aws/resource_aws_ssm_document.go
@@ -225,6 +225,7 @@ func resourceAwsSsmDocumentRead(d *schema.ResourceData, meta interface{}) error
 		Partition: meta.(*AWSClient).partition,
 		Service:   "ssm",
 		Region:    meta.(*AWSClient).region,
+		AccountID: meta.(*AWSClient).accountid,
 		Resource:  fmt.Sprintf("document/%s", *doc.Name),
 	}.String()
 	if err := d.Set("arn", arn); err != nil {
diff --git a/aws/resource_aws_ssm_document_test.go b/aws/resource_aws_ssm_document_test.go
index c128e5423ca..e11eed96314 100644
--- a/aws/resource_aws_ssm_document_test.go
+++ b/aws/resource_aws_ssm_document_test.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"regexp"
 	"testing"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -24,6 +25,8 @@ func TestAccAWSSSMDocument_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),
 					resource.TestCheckResourceAttr("aws_ssm_document.foo", "document_format", "JSON"),
+					resource.TestMatchResourceAttr("aws_ssm_document.foo", "arn",
+						regexp.MustCompile(`^arn:aws:ssm:[a-z]{2}-[a-z]+-\d{1}:\d{12}:document/.*$`)),
 				),
 			},
 		},

From ac243ab816d93c3aba1643e8e159f371f6786d89 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Thu, 3 May 2018 19:56:02 -0400
Subject: [PATCH 20/71] tests: Bypass missing endpoints and
 UnsupportedOperation for sweepers

---
 aws/import_aws_lambda_function_test.go             |  4 ++++
 aws/provider_test.go                               | 14 ++++++++++++++
 aws/resource_aws_api_gateway_rest_api_test.go      |  4 ++++
 aws/resource_aws_autoscaling_group_test.go         |  4 ++++
 aws/resource_aws_batch_compute_environment_test.go |  4 ++++
 aws/resource_aws_batch_job_queue_test.go           |  4 ++++
 aws/resource_aws_cloudfront_distribution_test.go   |  4 ++++
 aws/resource_aws_dax_cluster_test.go               |  6 ++++++
 aws/resource_aws_db_instance_test.go               |  4 ++++
 aws/resource_aws_db_option_group_test.go           |  4 ++++
 aws/resource_aws_dynamodb_table_test.go            |  4 ++++
 ...ource_aws_elastic_beanstalk_application_test.go |  4 ++++
 ...ource_aws_elastic_beanstalk_environment_test.go |  4 ++++
 aws/resource_aws_elasticache_cluster_test.go       | 10 +++++++++-
 ...ource_aws_elasticache_replication_group_test.go | 10 +++++++++-
 aws/resource_aws_elasticsearch_domain_test.go      |  4 ++++
 aws/resource_aws_elb_test.go                       | 10 +++++++++-
 aws/resource_aws_gamelift_alias_test.go            |  4 ++++
 aws/resource_aws_gamelift_build_test.go            |  4 ++++
 aws/resource_aws_gamelift_fleet_test.go            | 10 +++++++---
 aws/resource_aws_glue_connection_test.go           |  4 ++++
 aws/resource_aws_glue_job_test.go                  |  4 ++++
 aws/resource_aws_iam_server_certificate_test.go    |  4 ++++
 aws/resource_aws_iam_service_linked_role_test.go   |  4 ++++
 aws/resource_aws_internet_gateway_test.go          |  4 ++++
 aws/resource_aws_key_pair_test.go                  |  4 ++++
 aws/resource_aws_kms_key_test.go                   |  4 ++++
 aws/resource_aws_launch_configuration_test.go      |  4 ++++
 aws/resource_aws_mq_broker_test.go                 |  4 ++++
 aws/resource_aws_nat_gateway_test.go               |  4 ++++
 aws/resource_aws_network_acl_test.go               |  4 ++++
 aws/resource_aws_redshift_cluster_test.go          | 10 +++++++++-
 aws/resource_aws_secretsmanager_secret_test.go     | 10 +++++++++-
 aws/resource_aws_security_group_test.go            |  7 +++++++
 aws/resource_aws_spot_fleet_request_test.go        | 10 +++++++++-
 aws/resource_aws_subnet_test.go                    |  4 ++++
 aws/resource_aws_vpc_test.go                       |  4 ++++
 aws/resource_aws_vpn_gateway_test.go               |  4 ++++
 aws/resource_aws_waf_regex_match_set_test.go       |  4 ++++
 aws/resource_aws_waf_rule_group_test.go            |  4 ++++
 ...esource_aws_wafregional_regex_match_set_test.go |  4 ++++
 aws/resource_aws_wafregional_rule_group_test.go    |  4 ++++
 42 files changed, 216 insertions(+), 9 deletions(-)

diff --git a/aws/import_aws_lambda_function_test.go b/aws/import_aws_lambda_function_test.go
index d47a79b7121..903aac30995 100644
--- a/aws/import_aws_lambda_function_test.go
+++ b/aws/import_aws_lambda_function_test.go
@@ -28,6 +28,10 @@ func testSweepLambdaFunctions(region string) error {
 
 	resp, err := lambdaconn.ListFunctions(&lambda.ListFunctionsInput{})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Lambda Function sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving Lambda functions: %s", err)
 	}
 
diff --git a/aws/provider_test.go b/aws/provider_test.go
index 61c206eab08..3a2b7674dbc 100644
--- a/aws/provider_test.go
+++ b/aws/provider_test.go
@@ -146,3 +146,17 @@ func testAccCheckWithProviders(f func(*terraform.State, *schema.Provider) error,
 		return nil
 	}
 }
+
+// Check sweeper API call error for reasons to skip sweeping
+// These include missing API endpoints and unsupported API calls
+func testSweepSkipSweepError(err error) bool {
+	// Ignore missing API endpoints
+	if isAWSErr(err, "RequestError", "send request failed") {
+		return true
+	}
+	// Ignore unsupported API calls
+	if isAWSErr(err, "UnsupportedOperation", "") {
+		return true
+	}
+	return false
+}
diff --git a/aws/resource_aws_api_gateway_rest_api_test.go b/aws/resource_aws_api_gateway_rest_api_test.go
index 51f98c2732f..22b3ad38267 100644
--- a/aws/resource_aws_api_gateway_rest_api_test.go
+++ b/aws/resource_aws_api_gateway_rest_api_test.go
@@ -71,6 +71,10 @@ func testSweepAPIGatewayRestApis(region string) error {
 		return !lastPage
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping API Gateway REST API sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving API Gateway REST APIs: %s", err)
 	}
 
diff --git a/aws/resource_aws_autoscaling_group_test.go b/aws/resource_aws_autoscaling_group_test.go
index 88e2a306683..a3f0df6fed9 100644
--- a/aws/resource_aws_autoscaling_group_test.go
+++ b/aws/resource_aws_autoscaling_group_test.go
@@ -36,6 +36,10 @@ func testSweepAutoscalingGroups(region string) error {
 
 	resp, err := conn.DescribeAutoScalingGroups(&autoscaling.DescribeAutoScalingGroupsInput{})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping AutoScaling Group sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving AutoScaling Groups in Sweeper: %s", err)
 	}
 
diff --git a/aws/resource_aws_batch_compute_environment_test.go b/aws/resource_aws_batch_compute_environment_test.go
index 9225bd67ef0..565e7243958 100644
--- a/aws/resource_aws_batch_compute_environment_test.go
+++ b/aws/resource_aws_batch_compute_environment_test.go
@@ -38,6 +38,10 @@ func testSweepBatchComputeEnvironments(region string) error {
 
 	out, err := conn.DescribeComputeEnvironments(&batch.DescribeComputeEnvironmentsInput{})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Batch Compute Environment sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving Batch Compute Environments: %s", err)
 	}
 	for _, computeEnvironment := range out.ComputeEnvironments {
diff --git a/aws/resource_aws_batch_job_queue_test.go b/aws/resource_aws_batch_job_queue_test.go
index 2af18c8386c..193f7085334 100644
--- a/aws/resource_aws_batch_job_queue_test.go
+++ b/aws/resource_aws_batch_job_queue_test.go
@@ -34,6 +34,10 @@ func testSweepBatchJobQueues(region string) error {
 
 	out, err := conn.DescribeJobQueues(&batch.DescribeJobQueuesInput{})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Batch Job Queue sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving Batch Job Queues: %s", err)
 	}
 	for _, jobQueue := range out.JobQueues {
diff --git a/aws/resource_aws_cloudfront_distribution_test.go b/aws/resource_aws_cloudfront_distribution_test.go
index 494f133866e..7431b752d0c 100644
--- a/aws/resource_aws_cloudfront_distribution_test.go
+++ b/aws/resource_aws_cloudfront_distribution_test.go
@@ -40,6 +40,10 @@ func testSweepCloudFrontDistributions(region string) error {
 		return !lastPage
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping CloudFront Distribution sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error listing CloudFront Distributions: %s", err)
 	}
 
diff --git a/aws/resource_aws_dax_cluster_test.go b/aws/resource_aws_dax_cluster_test.go
index cd5015cb057..d278c951d2f 100644
--- a/aws/resource_aws_dax_cluster_test.go
+++ b/aws/resource_aws_dax_cluster_test.go
@@ -30,6 +30,12 @@ func testSweepDAXClusters(region string) error {
 
 	resp, err := conn.DescribeClusters(&dax.DescribeClustersInput{})
 	if err != nil {
+		// GovCloud (with no DAX support) has an endpoint that responds with:
+		// InvalidParameterValueException: Access Denied to API Version: DAX_V3
+		if testSweepSkipSweepError(err) || isAWSErr(err, "InvalidParameterValueException", "Access Denied to API Version: DAX_V3") {
+			log.Printf("[WARN] Skipping DAX Cluster sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving DAX clusters: %s", err)
 	}
 
diff --git a/aws/resource_aws_db_instance_test.go b/aws/resource_aws_db_instance_test.go
index 73e46704050..f197db8b2f2 100644
--- a/aws/resource_aws_db_instance_test.go
+++ b/aws/resource_aws_db_instance_test.go
@@ -74,6 +74,10 @@ func testSweepDbInstances(region string) error {
 		return !lastPage
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping RDS DB Instance sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving DB instances: %s", err)
 	}
 
diff --git a/aws/resource_aws_db_option_group_test.go b/aws/resource_aws_db_option_group_test.go
index 7031d9bdecf..c509a07ede4 100644
--- a/aws/resource_aws_db_option_group_test.go
+++ b/aws/resource_aws_db_option_group_test.go
@@ -35,6 +35,10 @@ func testSweepDbOptionGroups(region string) error {
 	opts := rds.DescribeOptionGroupsInput{}
 	resp, err := conn.DescribeOptionGroups(&opts)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping RDS DB Option Group sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("error describing DB Option Groups in Sweeper: %s", err)
 	}
 
diff --git a/aws/resource_aws_dynamodb_table_test.go b/aws/resource_aws_dynamodb_table_test.go
index fb97cd497ac..2c687880275 100644
--- a/aws/resource_aws_dynamodb_table_test.go
+++ b/aws/resource_aws_dynamodb_table_test.go
@@ -54,6 +54,10 @@ func testSweepDynamoDbTables(region string) error {
 		return !lastPage
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping DynamoDB Table sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving DynamoDB Tables: %s", err)
 	}
 
diff --git a/aws/resource_aws_elastic_beanstalk_application_test.go b/aws/resource_aws_elastic_beanstalk_application_test.go
index 931adee60c0..1aca0bee270 100644
--- a/aws/resource_aws_elastic_beanstalk_application_test.go
+++ b/aws/resource_aws_elastic_beanstalk_application_test.go
@@ -32,6 +32,10 @@ func testSweepBeanstalkApplications(region string) error {
 
 	resp, err := beanstalkconn.DescribeApplications(&elasticbeanstalk.DescribeApplicationsInput{})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Elastic Beanstalk Application sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving beanstalk application: %s", err)
 	}
 
diff --git a/aws/resource_aws_elastic_beanstalk_environment_test.go b/aws/resource_aws_elastic_beanstalk_environment_test.go
index df2775e9e2d..ee223b59b7b 100644
--- a/aws/resource_aws_elastic_beanstalk_environment_test.go
+++ b/aws/resource_aws_elastic_beanstalk_environment_test.go
@@ -38,6 +38,10 @@ func testSweepBeanstalkEnvironments(region string) error {
 	})
 
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Elastic Beanstalk Environment sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving beanstalk environment: %s", err)
 	}
 
diff --git a/aws/resource_aws_elasticache_cluster_test.go b/aws/resource_aws_elasticache_cluster_test.go
index 5ab85254b03..9dce8a74e37 100644
--- a/aws/resource_aws_elasticache_cluster_test.go
+++ b/aws/resource_aws_elasticache_cluster_test.go
@@ -42,7 +42,7 @@ func testSweepElasticacheClusters(region string) error {
 		"tf-acc-test-",
 	}
 
-	return conn.DescribeCacheClustersPages(&elasticache.DescribeCacheClustersInput{}, func(page *elasticache.DescribeCacheClustersOutput, isLast bool) bool {
+	err = conn.DescribeCacheClustersPages(&elasticache.DescribeCacheClustersInput{}, func(page *elasticache.DescribeCacheClustersOutput, isLast bool) bool {
 		if len(page.CacheClusters) == 0 {
 			log.Print("[DEBUG] No Elasticache Replicaton Groups to sweep")
 			return false
@@ -69,6 +69,14 @@ func testSweepElasticacheClusters(region string) error {
 		}
 		return !isLast
 	})
+	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Elasticache Cluster sweep for %s: %s", region, err)
+			return nil
+		}
+		return fmt.Errorf("Error retrieving Elasticache Clusters: %s", err)
+	}
+	return nil
 }
 
 func TestAccAWSElasticacheCluster_Engine_Memcached_Ec2Classic(t *testing.T) {
diff --git a/aws/resource_aws_elasticache_replication_group_test.go b/aws/resource_aws_elasticache_replication_group_test.go
index 8f5cdfadab8..2cec8898eee 100644
--- a/aws/resource_aws_elasticache_replication_group_test.go
+++ b/aws/resource_aws_elasticache_replication_group_test.go
@@ -36,7 +36,7 @@ func testSweepElasticacheReplicationGroups(region string) error {
 		"tf-acc-test-",
 	}
 
-	return conn.DescribeReplicationGroupsPages(&elasticache.DescribeReplicationGroupsInput{}, func(page *elasticache.DescribeReplicationGroupsOutput, isLast bool) bool {
+	err = conn.DescribeReplicationGroupsPages(&elasticache.DescribeReplicationGroupsInput{}, func(page *elasticache.DescribeReplicationGroupsOutput, isLast bool) bool {
 		if len(page.ReplicationGroups) == 0 {
 			log.Print("[DEBUG] No Elasticache Replicaton Groups to sweep")
 			return false
@@ -63,6 +63,14 @@ func testSweepElasticacheReplicationGroups(region string) error {
 		}
 		return !isLast
 	})
+	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Elasticache Replication Group sweep for %s: %s", region, err)
+			return nil
+		}
+		return fmt.Errorf("Error retrieving Elasticache Replication Groups: %s", err)
+	}
+	return nil
 }
 
 func TestAccAWSElasticacheReplicationGroup_basic(t *testing.T) {
diff --git a/aws/resource_aws_elasticsearch_domain_test.go b/aws/resource_aws_elasticsearch_domain_test.go
index e3c787b59b6..b3bcd5648f7 100644
--- a/aws/resource_aws_elasticsearch_domain_test.go
+++ b/aws/resource_aws_elasticsearch_domain_test.go
@@ -36,6 +36,10 @@ func testSweepElasticSearchDomains(region string) error {
 
 	out, err := conn.ListDomainNames(&elasticsearch.ListDomainNamesInput{})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Elasticsearch Domain sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving Elasticsearch Domains: %s", err)
 	}
 	for _, domain := range out.DomainNames {
diff --git a/aws/resource_aws_elb_test.go b/aws/resource_aws_elb_test.go
index 386c2461493..8f59bebce61 100644
--- a/aws/resource_aws_elb_test.go
+++ b/aws/resource_aws_elb_test.go
@@ -37,7 +37,7 @@ func testSweepELBs(region string) error {
 		"test-elb-",
 	}
 
-	return conn.DescribeLoadBalancersPages(&elb.DescribeLoadBalancersInput{}, func(out *elb.DescribeLoadBalancersOutput, isLast bool) bool {
+	err = conn.DescribeLoadBalancersPages(&elb.DescribeLoadBalancersInput{}, func(out *elb.DescribeLoadBalancersOutput, isLast bool) bool {
 		if len(out.LoadBalancerDescriptions) == 0 {
 			log.Println("[INFO] No ELBs found for sweeping")
 			return false
@@ -71,6 +71,14 @@ func testSweepELBs(region string) error {
 		}
 		return !isLast
 	})
+	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping ELB sweep for %s: %s", region, err)
+			return nil
+		}
+		return fmt.Errorf("Error retrieving ELBs: %s", err)
+	}
+	return nil
 }
 
 func TestAccAWSELB_basic(t *testing.T) {
diff --git a/aws/resource_aws_gamelift_alias_test.go b/aws/resource_aws_gamelift_alias_test.go
index d20b0f03724..2b72854269d 100644
--- a/aws/resource_aws_gamelift_alias_test.go
+++ b/aws/resource_aws_gamelift_alias_test.go
@@ -55,6 +55,10 @@ func testSweepGameliftAliases(region string) error {
 		return nil
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Gamelift Alias sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error listing Gamelift Aliases: %s", err)
 	}
 
diff --git a/aws/resource_aws_gamelift_build_test.go b/aws/resource_aws_gamelift_build_test.go
index c7ccdced152..a8fc84464d1 100644
--- a/aws/resource_aws_gamelift_build_test.go
+++ b/aws/resource_aws_gamelift_build_test.go
@@ -31,6 +31,10 @@ func testSweepGameliftBuilds(region string) error {
 
 	resp, err := conn.ListBuilds(&gamelift.ListBuildsInput{})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Gamelife Build sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error listing Gamelift Builds: %s", err)
 	}
 
diff --git a/aws/resource_aws_gamelift_fleet_test.go b/aws/resource_aws_gamelift_fleet_test.go
index 97e4e4bf192..fbc710690b1 100644
--- a/aws/resource_aws_gamelift_fleet_test.go
+++ b/aws/resource_aws_gamelift_fleet_test.go
@@ -34,7 +34,7 @@ func testSweepGameliftFleets(region string) error {
 	}
 	conn := client.(*AWSClient).gameliftconn
 
-	return testAccGameliftListFleets(conn, nil, func(fleetIds []*string) error {
+	return testAccGameliftListFleets(conn, nil, region, func(fleetIds []*string) error {
 		if len(fleetIds) == 0 {
 			log.Print("[DEBUG] No Gamelift Fleets to sweep")
 			return nil
@@ -83,11 +83,15 @@ func testSweepGameliftFleets(region string) error {
 	})
 }
 
-func testAccGameliftListFleets(conn *gamelift.GameLift, nextToken *string, f func([]*string) error) error {
+func testAccGameliftListFleets(conn *gamelift.GameLift, nextToken *string, region string, f func([]*string) error) error {
 	resp, err := conn.ListFleets(&gamelift.ListFleetsInput{
 		NextToken: nextToken,
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Gamelift Fleet sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error listing Gamelift Fleets: %s", err)
 	}
 
@@ -96,7 +100,7 @@ func testAccGameliftListFleets(conn *gamelift.GameLift, nextToken *string, f fun
 		return err
 	}
 	if nextToken != nil {
-		return testAccGameliftListFleets(conn, nextToken, f)
+		return testAccGameliftListFleets(conn, nextToken, region, f)
 	}
 	return nil
 }
diff --git a/aws/resource_aws_glue_connection_test.go b/aws/resource_aws_glue_connection_test.go
index c1ae88d8676..1757c20a829 100644
--- a/aws/resource_aws_glue_connection_test.go
+++ b/aws/resource_aws_glue_connection_test.go
@@ -63,6 +63,10 @@ func testSweepGlueConnections(region string) error {
 		return !lastPage
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Glue Connection sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving Glue Connections: %s", err)
 	}
 
diff --git a/aws/resource_aws_glue_job_test.go b/aws/resource_aws_glue_job_test.go
index a673696ecdd..32f93ac6025 100644
--- a/aws/resource_aws_glue_job_test.go
+++ b/aws/resource_aws_glue_job_test.go
@@ -61,6 +61,10 @@ func testSweepGlueJobs(region string) error {
 		return !lastPage
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Glue Job sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving Glue Jobs: %s", err)
 	}
 
diff --git a/aws/resource_aws_iam_server_certificate_test.go b/aws/resource_aws_iam_server_certificate_test.go
index 29e00362df7..a52f9b27566 100644
--- a/aws/resource_aws_iam_server_certificate_test.go
+++ b/aws/resource_aws_iam_server_certificate_test.go
@@ -58,6 +58,10 @@ func testSweepIamServerCertificates(region string) error {
 		return !lastPage
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping IAM Server Certificate sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving IAM Server Certificates: %s", err)
 	}
 
diff --git a/aws/resource_aws_iam_service_linked_role_test.go b/aws/resource_aws_iam_service_linked_role_test.go
index f9c7019c15d..a2781f8d114 100644
--- a/aws/resource_aws_iam_service_linked_role_test.go
+++ b/aws/resource_aws_iam_service_linked_role_test.go
@@ -63,6 +63,10 @@ func testSweepIamServiceLinkedRoles(region string) error {
 		return !lastPage
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping IAM Service Role sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving IAM Service Roles: %s", err)
 	}
 
diff --git a/aws/resource_aws_internet_gateway_test.go b/aws/resource_aws_internet_gateway_test.go
index 9fcb937f992..9d75dc1909e 100644
--- a/aws/resource_aws_internet_gateway_test.go
+++ b/aws/resource_aws_internet_gateway_test.go
@@ -38,6 +38,10 @@ func testSweepInternetGateways(region string) error {
 	}
 	resp, err := conn.DescribeInternetGateways(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Internet Gateway sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing Internet Gateways: %s", err)
 	}
 
diff --git a/aws/resource_aws_key_pair_test.go b/aws/resource_aws_key_pair_test.go
index 58b0b00c253..a28770866aa 100644
--- a/aws/resource_aws_key_pair_test.go
+++ b/aws/resource_aws_key_pair_test.go
@@ -38,6 +38,10 @@ func testSweepKeyPairs(region string) error {
 		},
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping EC2 Key Pair sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing key pairs in Sweeper: %s", err)
 	}
 
diff --git a/aws/resource_aws_kms_key_test.go b/aws/resource_aws_kms_key_test.go
index 404ee1761c2..9a98f893cd3 100644
--- a/aws/resource_aws_kms_key_test.go
+++ b/aws/resource_aws_kms_key_test.go
@@ -70,6 +70,10 @@ func testSweepKmsKeys(region string) error {
 		return !lastPage
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping KMS Key sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing KMS keys: %s", err)
 	}
 
diff --git a/aws/resource_aws_launch_configuration_test.go b/aws/resource_aws_launch_configuration_test.go
index fce4096db0f..b0f418a50a3 100644
--- a/aws/resource_aws_launch_configuration_test.go
+++ b/aws/resource_aws_launch_configuration_test.go
@@ -34,6 +34,10 @@ func testSweepLaunchConfigurations(region string) error {
 
 	resp, err := autoscalingconn.DescribeLaunchConfigurations(&autoscaling.DescribeLaunchConfigurationsInput{})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping AutoScaling Launch Configuration sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error retrieving launch configuration: %s", err)
 	}
 
diff --git a/aws/resource_aws_mq_broker_test.go b/aws/resource_aws_mq_broker_test.go
index 55baa9512c9..47b33827a07 100644
--- a/aws/resource_aws_mq_broker_test.go
+++ b/aws/resource_aws_mq_broker_test.go
@@ -81,6 +81,10 @@ func testSweepMqBrokers(region string) error {
 		MaxResults: aws.Int64(100),
 	})
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping MQ Broker sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error listing MQ brokers: %s", err)
 	}
 
diff --git a/aws/resource_aws_nat_gateway_test.go b/aws/resource_aws_nat_gateway_test.go
index f3645dc3080..7dcd2bd6a30 100644
--- a/aws/resource_aws_nat_gateway_test.go
+++ b/aws/resource_aws_nat_gateway_test.go
@@ -39,6 +39,10 @@ func testSweepNatGateways(region string) error {
 	}
 	resp, err := conn.DescribeNatGateways(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping EC2 NAT Gateway sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing NAT Gateways: %s", err)
 	}
 
diff --git a/aws/resource_aws_network_acl_test.go b/aws/resource_aws_network_acl_test.go
index 4021fcb7df2..49b90312944 100644
--- a/aws/resource_aws_network_acl_test.go
+++ b/aws/resource_aws_network_acl_test.go
@@ -38,6 +38,10 @@ func testSweepNetworkAcls(region string) error {
 	}
 	resp, err := conn.DescribeNetworkAcls(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping EC2 Network ACL sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing Network ACLs: %s", err)
 	}
 
diff --git a/aws/resource_aws_redshift_cluster_test.go b/aws/resource_aws_redshift_cluster_test.go
index 1ab874af984..48f344ad8ed 100644
--- a/aws/resource_aws_redshift_cluster_test.go
+++ b/aws/resource_aws_redshift_cluster_test.go
@@ -31,7 +31,7 @@ func testSweepRedshiftClusters(region string) error {
 	}
 	conn := client.(*AWSClient).redshiftconn
 
-	return conn.DescribeClustersPages(&redshift.DescribeClustersInput{}, func(resp *redshift.DescribeClustersOutput, isLast bool) bool {
+	err = conn.DescribeClustersPages(&redshift.DescribeClustersInput{}, func(resp *redshift.DescribeClustersOutput, isLast bool) bool {
 		if len(resp.Clusters) == 0 {
 			log.Print("[DEBUG] No Redshift clusters to sweep")
 			return false
@@ -55,6 +55,14 @@ func testSweepRedshiftClusters(region string) error {
 		}
 		return !isLast
 	})
+	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Redshift Cluster sweep for %s: %s", region, err)
+			return nil
+		}
+		return fmt.Errorf("Error retrieving Redshift Clusters: %s", err)
+	}
+	return nil
 }
 
 func TestValidateRedshiftClusterDbName(t *testing.T) {
diff --git a/aws/resource_aws_secretsmanager_secret_test.go b/aws/resource_aws_secretsmanager_secret_test.go
index 0f37593686d..065b6e27abc 100644
--- a/aws/resource_aws_secretsmanager_secret_test.go
+++ b/aws/resource_aws_secretsmanager_secret_test.go
@@ -28,7 +28,7 @@ func testSweepSecretsManagerSecrets(region string) error {
 	}
 	conn := client.(*AWSClient).secretsmanagerconn
 
-	return conn.ListSecretsPages(&secretsmanager.ListSecretsInput{}, func(page *secretsmanager.ListSecretsOutput, isLast bool) bool {
+	err = conn.ListSecretsPages(&secretsmanager.ListSecretsInput{}, func(page *secretsmanager.ListSecretsOutput, isLast bool) bool {
 		if len(page.SecretList) == 0 {
 			log.Print("[DEBUG] No Secrets Manager Secrets to sweep")
 			return true
@@ -57,6 +57,14 @@ func testSweepSecretsManagerSecrets(region string) error {
 
 		return !isLast
 	})
+	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping Secrets Manager Secret sweep for %s: %s", region, err)
+			return nil
+		}
+		return fmt.Errorf("Error retrieving Secrets Manager Secrets: %s", err)
+	}
+	return nil
 }
 
 func TestAccAwsSecretsManagerSecret_Basic(t *testing.T) {
diff --git a/aws/resource_aws_security_group_test.go b/aws/resource_aws_security_group_test.go
index 3bdc78e4c82..5620239f8ea 100644
--- a/aws/resource_aws_security_group_test.go
+++ b/aws/resource_aws_security_group_test.go
@@ -41,6 +41,13 @@ func testSweepSecurityGroups(region string) error {
 		},
 	}
 	resp, err := conn.DescribeSecurityGroups(req)
+	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping EC2 Security Group sweep for %s: %s", region, err)
+			return nil
+		}
+		return fmt.Errorf("Error retrieving EC2 Security Groups: %s", err)
+	}
 
 	if len(resp.SecurityGroups) == 0 {
 		log.Print("[DEBUG] No aws security groups to sweep")
diff --git a/aws/resource_aws_spot_fleet_request_test.go b/aws/resource_aws_spot_fleet_request_test.go
index c4982a46933..918dbc995de 100644
--- a/aws/resource_aws_spot_fleet_request_test.go
+++ b/aws/resource_aws_spot_fleet_request_test.go
@@ -28,7 +28,7 @@ func testSweepSpotFleetRequests(region string) error {
 	}
 	conn := client.(*AWSClient).ec2conn
 
-	return conn.DescribeSpotFleetRequestsPages(&ec2.DescribeSpotFleetRequestsInput{}, func(page *ec2.DescribeSpotFleetRequestsOutput, isLast bool) bool {
+	err = conn.DescribeSpotFleetRequestsPages(&ec2.DescribeSpotFleetRequestsInput{}, func(page *ec2.DescribeSpotFleetRequestsOutput, isLast bool) bool {
 		if len(page.SpotFleetRequestConfigs) == 0 {
 			log.Print("[DEBUG] No Spot Fleet Requests to sweep")
 			return false
@@ -45,6 +45,14 @@ func testSweepSpotFleetRequests(region string) error {
 		}
 		return !isLast
 	})
+	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping EC2 Spot Fleet Requests sweep for %s: %s", region, err)
+			return nil
+		}
+		return fmt.Errorf("Error retrieving EC2 Spot Fleet Requests: %s", err)
+	}
+	return nil
 }
 
 func TestAccAWSSpotFleetRequest_associatePublicIpAddress(t *testing.T) {
diff --git a/aws/resource_aws_subnet_test.go b/aws/resource_aws_subnet_test.go
index 4d5d49c32c0..156646acaa6 100644
--- a/aws/resource_aws_subnet_test.go
+++ b/aws/resource_aws_subnet_test.go
@@ -55,6 +55,10 @@ func testSweepSubnets(region string) error {
 	}
 	resp, err := conn.DescribeSubnets(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping EC2 Subnet sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing subnets: %s", err)
 	}
 
diff --git a/aws/resource_aws_vpc_test.go b/aws/resource_aws_vpc_test.go
index 54550b86b59..457a542facf 100644
--- a/aws/resource_aws_vpc_test.go
+++ b/aws/resource_aws_vpc_test.go
@@ -47,6 +47,10 @@ func testSweepVPCs(region string) error {
 	}
 	resp, err := conn.DescribeVpcs(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping EC2 VPC sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing vpcs: %s", err)
 	}
 
diff --git a/aws/resource_aws_vpn_gateway_test.go b/aws/resource_aws_vpn_gateway_test.go
index 5e5f94a08e8..6a1753d187e 100644
--- a/aws/resource_aws_vpn_gateway_test.go
+++ b/aws/resource_aws_vpn_gateway_test.go
@@ -40,6 +40,10 @@ func testSweepVPNGateways(region string) error {
 	}
 	resp, err := conn.DescribeVpnGateways(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping EC2 VPN Gateway sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing VPN Gateways: %s", err)
 	}
 
diff --git a/aws/resource_aws_waf_regex_match_set_test.go b/aws/resource_aws_waf_regex_match_set_test.go
index bf3bd8b14dc..3be38d3b66e 100644
--- a/aws/resource_aws_waf_regex_match_set_test.go
+++ b/aws/resource_aws_waf_regex_match_set_test.go
@@ -30,6 +30,10 @@ func testSweepWafRegexMatchSet(region string) error {
 	req := &waf.ListRegexMatchSetsInput{}
 	resp, err := conn.ListRegexMatchSets(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping WAF Regex Match Set sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing WAF Regex Match Sets: %s", err)
 	}
 
diff --git a/aws/resource_aws_waf_rule_group_test.go b/aws/resource_aws_waf_rule_group_test.go
index 7957a13a446..d9aa0ead437 100644
--- a/aws/resource_aws_waf_rule_group_test.go
+++ b/aws/resource_aws_waf_rule_group_test.go
@@ -31,6 +31,10 @@ func testSweepWafRuleGroups(region string) error {
 	req := &waf.ListRuleGroupsInput{}
 	resp, err := conn.ListRuleGroups(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping WAF Rule Group sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing WAF Rule Groups: %s", err)
 	}
 
diff --git a/aws/resource_aws_wafregional_regex_match_set_test.go b/aws/resource_aws_wafregional_regex_match_set_test.go
index 417a7e6ee1c..da23473ab56 100644
--- a/aws/resource_aws_wafregional_regex_match_set_test.go
+++ b/aws/resource_aws_wafregional_regex_match_set_test.go
@@ -31,6 +31,10 @@ func testSweepWafRegionalRegexMatchSet(region string) error {
 	req := &waf.ListRegexMatchSetsInput{}
 	resp, err := conn.ListRegexMatchSets(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping WAF Regional Regex Match Set sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing WAF Regional Regex Match Sets: %s", err)
 	}
 
diff --git a/aws/resource_aws_wafregional_rule_group_test.go b/aws/resource_aws_wafregional_rule_group_test.go
index 41fcbf753c9..7196a0a6cdc 100644
--- a/aws/resource_aws_wafregional_rule_group_test.go
+++ b/aws/resource_aws_wafregional_rule_group_test.go
@@ -31,6 +31,10 @@ func testSweepWafRegionalRuleGroups(region string) error {
 	req := &waf.ListRuleGroupsInput{}
 	resp, err := conn.ListRuleGroups(req)
 	if err != nil {
+		if testSweepSkipSweepError(err) {
+			log.Printf("[WARN] Skipping WAF Regional Rule Group sweep for %s: %s", region, err)
+			return nil
+		}
 		return fmt.Errorf("Error describing WAF Regional Rule Groups: %s", err)
 	}
 

From 0944223ff6451f3b84ec1b6482e8c8a3cae3f0fd Mon Sep 17 00:00:00 2001
From: Sangho Na <microamp@protonmail.com>
Date: Fri, 4 May 2018 12:14:58 +1200
Subject: [PATCH 21/71] Add support for S3 as a DMS target endpoint (continued)

---
 aws/resource_aws_dms_endpoint.go          | 216 +++++++------
 aws/resource_aws_dms_endpoint_test.go     | 366 ++++++++++++++--------
 website/docs/r/dms_endpoint.html.markdown |   5 +-
 3 files changed, 364 insertions(+), 223 deletions(-)

diff --git a/aws/resource_aws_dms_endpoint.go b/aws/resource_aws_dms_endpoint.go
index b5c33e2ac39..bb96a8c9bf0 100644
--- a/aws/resource_aws_dms_endpoint.go
+++ b/aws/resource_aws_dms_endpoint.go
@@ -82,12 +82,11 @@ func resourceAwsDmsEndpoint() *schema.Resource {
 				Optional: true,
 			},
 			"kms_key_arn": {
-				Type:          schema.TypeString,
-				Computed:      true,
-				Optional:      true,
-				ForceNew:      true,
-				ConflictsWith: []string{"bucket_name", "bucket_folder"},
-				ValidateFunc:  validateArn,
+				Type:         schema.TypeString,
+				Computed:     true,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validateArn,
 			},
 			"password": {
 				Type:      schema.TypeString,
@@ -167,13 +166,55 @@ func resourceAwsDmsEndpoint() *schema.Resource {
 					},
 				},
 			},
-			"bucket_name": {
-				Type:     schema.TypeString,
-				Optional: true,
-			},
-			"bucket_folder": {
-				Type:     schema.TypeString,
+			"s3_settings": {
+				Type:     schema.TypeList,
 				Optional: true,
+				MaxItems: 1,
+				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					if old == "1" && new == "0" {
+						return true
+					}
+					return false
+				},
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"service_access_role_arn": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "",
+						},
+						"external_table_definition": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "",
+						},
+						"csv_row_delimiter": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "\\n",
+						},
+						"csv_delimiter": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  ",",
+						},
+						"bucket_folder": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "",
+						},
+						"bucket_name": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "",
+						},
+						"compression_type": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "NONE",
+						},
+					},
+				},
 			},
 		},
 	}
@@ -212,33 +253,14 @@ func resourceAwsDmsEndpointCreate(d *schema.ResourceData, meta interface{}) erro
 		}
 	case "s3":
 		request.S3Settings = &dms.S3Settings{
-			BucketName:           aws.String(d.Get("bucket_name").(string)),
-			BucketFolder:         aws.String(d.Get("bucket_folder").(string)),
-			ServiceAccessRoleArn: aws.String(d.Get("service_access_role").(string)),
-
-			// By default extra variables (should be set):
-			CompressionType: aws.String("GZIP"),
-			CsvDelimiter:    aws.String(","),
-			CsvRowDelimiter: aws.String("\\n"),
+			ServiceAccessRoleArn:    aws.String(d.Get("s3_settings.0.service_access_role_arn").(string)),
+			ExternalTableDefinition: aws.String(d.Get("s3_settings.0.external_table_definition").(string)),
+			CsvRowDelimiter:         aws.String(d.Get("s3_settings.0.csv_row_delimiter").(string)),
+			CsvDelimiter:            aws.String(d.Get("s3_settings.0.csv_delimiter").(string)),
+			BucketFolder:            aws.String(d.Get("s3_settings.0.bucket_folder").(string)),
+			BucketName:              aws.String(d.Get("s3_settings.0.bucket_name").(string)),
+			CompressionType:         aws.String(d.Get("s3_settings.0.compression_type").(string)),
 		}
-
-		// if extra_connection_attributes is set. Then parse the varaiables.
-		if v, ok := d.GetOk("extra_connection_attributes"); ok {
-			elems := strings.Split(v.(string), ";")
-			if len(elems) > 0 {
-				for _, elem := range elems {
-					vals := strings.Split(elem, "=")
-					if strings.Contains(strings.ToLower(vals[0]), "compressiontype") {
-						request.S3Settings.CompressionType = aws.String(vals[1])
-					} else if strings.Contains(strings.ToLower(vals[0]), "csvdelimiter") {
-						request.S3Settings.CsvDelimiter = aws.String(vals[1])
-					} else if strings.Contains(strings.ToLower(vals[0]), "csvrowdelimiter") {
-						request.S3Settings.CsvRowDelimiter = aws.String(vals[1])
-					}
-				}
-			}
-		}
-
 	default:
 		request.Password = aws.String(d.Get("password").(string))
 		request.Port = aws.Int64(int64(d.Get("port").(int)))
@@ -254,14 +276,14 @@ func resourceAwsDmsEndpointCreate(d *schema.ResourceData, meta interface{}) erro
 		if v, ok := d.GetOk("kms_key_arn"); ok {
 			request.KmsKeyId = aws.String(v.(string))
 		}
-		if v, ok := d.GetOk("ssl_mode"); ok {
-			request.SslMode = aws.String(v.(string))
-		}
 	}
 
 	if v, ok := d.GetOk("certificate_arn"); ok {
 		request.CertificateArn = aws.String(v.(string))
 	}
+	if v, ok := d.GetOk("ssl_mode"); ok {
+		request.SslMode = aws.String(v.(string))
+	}
 
 	log.Println("[DEBUG] DMS create endpoint:", request)
 
@@ -356,45 +378,9 @@ func resourceAwsDmsEndpointUpdate(d *schema.ResourceData, meta interface{}) erro
 		hasChanges = true
 	}
 
-	switch d.Get("engine_name").(string) {
-	case "dynamodb":
-		if d.HasChange("service_access_role") {
-			request.DynamoDbSettings = &dms.DynamoDbSettings{
-				ServiceAccessRoleArn: aws.String(d.Get("service_access_role").(string)),
-			}
-			hasChanges = true
-		}
-	case "s3":
-		if d.HasChange("service_access_role") || d.HasChange("bucket_name") || d.HasChange("bucket_folder") || d.HasChange("extra_connection_attributes") {
-			request.S3Settings = &dms.S3Settings{
-				ServiceAccessRoleArn: aws.String(d.Get("service_access_role").(string)),
-				BucketFolder:         aws.String(d.Get("bucket_folder").(string)),
-				BucketName:           aws.String(d.Get("bucket_name").(string)),
-			}
-
-			elems := strings.Split(d.Get("extra_connection_attributes").(string), ";")
-			if len(elems) > 0 {
-				for _, elem := range elems {
-					vals := strings.Split(elem, "=")
-					if strings.Contains(strings.ToLower(vals[0]), "compressiontype") {
-						request.S3Settings.CompressionType = aws.String(vals[1])
-					} else if strings.Contains(strings.ToLower(vals[0]), "csvdelimiter") {
-						request.S3Settings.CsvDelimiter = aws.String(vals[1])
-					} else if strings.Contains(strings.ToLower(vals[0]), "csvrowdelimiter") {
-						request.S3Settings.CsvRowDelimiter = aws.String(vals[1])
-					}
-				}
-			}
-
-			hasChanges = true
-
-			goto DONE
-		}
-	default:
-		if d.HasChange("extra_connection_attributes") {
-			request.ExtraConnectionAttributes = aws.String(d.Get("extra_connection_attributes").(string))
-			hasChanges = true
-		}
+	if d.HasChange("extra_connection_attributes") {
+		request.ExtraConnectionAttributes = aws.String(d.Get("extra_connection_attributes").(string))
+		hasChanges = true
 	}
 
 	if d.HasChange("ssl_mode") {
@@ -410,6 +396,13 @@ func resourceAwsDmsEndpointUpdate(d *schema.ResourceData, meta interface{}) erro
 	}
 
 	switch d.Get("engine_name").(string) {
+	case "dynamodb":
+		if d.HasChange("service_access_role") {
+			request.DynamoDbSettings = &dms.DynamoDbSettings{
+				ServiceAccessRoleArn: aws.String(d.Get("service_access_role").(string)),
+			}
+			hasChanges = true
+		}
 	case "mongodb":
 		if d.HasChange("username") ||
 			d.HasChange("password") ||
@@ -439,6 +432,26 @@ func resourceAwsDmsEndpointUpdate(d *schema.ResourceData, meta interface{}) erro
 			request.EngineName = aws.String(d.Get("engine_name").(string)) // Must be included (should be 'mongodb')
 			hasChanges = true
 		}
+	case "s3":
+		if d.HasChange("s3_settings.0.service_access_role_arn") ||
+			d.HasChange("s3_settings.0.external_table_definition") ||
+			d.HasChange("s3_settings.0.csv_row_delimiter") ||
+			d.HasChange("s3_settings.0.csv_delimiter") ||
+			d.HasChange("s3_settings.0.bucket_folder") ||
+			d.HasChange("s3_settings.0.bucket_name") ||
+			d.HasChange("s3_settings.0.compression_type") {
+			request.S3Settings = &dms.S3Settings{
+				ServiceAccessRoleArn:    aws.String(d.Get("s3_settings.0.service_access_role_arn").(string)),
+				ExternalTableDefinition: aws.String(d.Get("s3_settings.0.external_table_definition").(string)),
+				CsvRowDelimiter:         aws.String(d.Get("s3_settings.0.csv_row_delimiter").(string)),
+				CsvDelimiter:            aws.String(d.Get("s3_settings.0.csv_delimiter").(string)),
+				BucketFolder:            aws.String(d.Get("s3_settings.0.bucket_folder").(string)),
+				BucketName:              aws.String(d.Get("s3_settings.0.bucket_name").(string)),
+				CompressionType:         aws.String(d.Get("s3_settings.0.compression_type").(string)),
+			}
+			request.EngineName = aws.String(d.Get("engine_name").(string)) // Must be included (should be 's3')
+			hasChanges = true
+		}
 	default:
 		if d.HasChange("database_name") {
 			request.DatabaseName = aws.String(d.Get("database_name").(string))
@@ -466,7 +479,6 @@ func resourceAwsDmsEndpointUpdate(d *schema.ResourceData, meta interface{}) erro
 		}
 	}
 
-DONE:
 	if hasChanges {
 		log.Println("[DEBUG] DMS update endpoint:", request)
 
@@ -517,29 +529,18 @@ func resourceAwsDmsEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoi
 			d.Set("server_name", endpoint.MongoDbSettings.ServerName)
 			d.Set("port", endpoint.MongoDbSettings.Port)
 			d.Set("database_name", endpoint.MongoDbSettings.DatabaseName)
-
-			if err := d.Set("mongodb_settings", flattenDmsMongoDbSettings(endpoint.MongoDbSettings)); err != nil {
-				return fmt.Errorf("Error setting mongodb_settings for DMS: %s", err)
-			}
 		} else {
 			d.Set("username", endpoint.Username)
 			d.Set("server_name", endpoint.ServerName)
 			d.Set("port", endpoint.Port)
 			d.Set("database_name", endpoint.DatabaseName)
 		}
+		if err := d.Set("mongodb_settings", flattenDmsMongoDbSettings(endpoint.MongoDbSettings)); err != nil {
+			return fmt.Errorf("Error setting mongodb_settings for DMS: %s", err)
+		}
 	case "s3":
-		if endpoint.S3Settings != nil {
-			d.Set("service_access_role", endpoint.S3Settings.ServiceAccessRoleArn)
-			d.Set("bucket_folder", endpoint.S3Settings.BucketFolder)
-			d.Set("bucket_name", endpoint.S3Settings.BucketName)
-			d.Set("extra_connection_attributes",
-				aws.String(fmt.Sprintf("compressionType=%s;csvDelimiter=%s;csvRowDelimiter=%s",
-					*endpoint.S3Settings.CompressionType, *endpoint.S3Settings.CsvDelimiter, *endpoint.S3Settings.CsvRowDelimiter)))
-		} else {
-			d.Set("service_access_role", "")
-			d.Set("bucket_folder", "")
-			d.Set("bucket_name", "")
-			d.Set("extra_connection_attributes", "")
+		if err := d.Set("s3_settings", flattenDmsS3Settings(endpoint.S3Settings)); err != nil {
+			return fmt.Errorf("Error setting s3_settings for DMS: %s", err)
 		}
 	default:
 		d.Set("database_name", endpoint.DatabaseName)
@@ -548,9 +549,10 @@ func resourceAwsDmsEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoi
 		d.Set("server_name", endpoint.ServerName)
 		d.Set("username", endpoint.Username)
 		d.Set("kms_key_arn", endpoint.KmsKeyId)
-		d.Set("ssl_mode", endpoint.SslMode)
 	}
 
+	d.Set("ssl_mode", endpoint.SslMode)
+
 	return nil
 }
 
@@ -570,3 +572,21 @@ func flattenDmsMongoDbSettings(settings *dms.MongoDbSettings) []map[string]inter
 
 	return []map[string]interface{}{m}
 }
+
+func flattenDmsS3Settings(settings *dms.S3Settings) []map[string]interface{} {
+	if settings == nil {
+		return []map[string]interface{}{}
+	}
+
+	m := map[string]interface{}{
+		"service_access_role_arn":   aws.StringValue(settings.ServiceAccessRoleArn),
+		"external_table_definition": aws.StringValue(settings.ExternalTableDefinition),
+		"csv_row_delimiter":         aws.StringValue(settings.CsvRowDelimiter),
+		"csv_delimiter":             aws.StringValue(settings.CsvDelimiter),
+		"bucket_folder":             aws.StringValue(settings.BucketFolder),
+		"bucket_name":               aws.StringValue(settings.BucketName),
+		"compression_type":          aws.StringValue(settings.CompressionType),
+	}
+
+	return []map[string]interface{}{m}
+}
diff --git a/aws/resource_aws_dms_endpoint_test.go b/aws/resource_aws_dms_endpoint_test.go
index 44dd83468a3..d832843b314 100644
--- a/aws/resource_aws_dms_endpoint_test.go
+++ b/aws/resource_aws_dms_endpoint_test.go
@@ -11,7 +11,7 @@ import (
 	"github.com/hashicorp/terraform/terraform"
 )
 
-func TestAccAWSDmsEndpointBasic(t *testing.T) {
+func TestAccAwsDmsEndpointBasic(t *testing.T) {
 	resourceName := "aws_dms_endpoint.dms_endpoint"
 	randId := acctest.RandString(8) + "-basic"
 
@@ -51,7 +51,7 @@ func TestAccAWSDmsEndpointBasic(t *testing.T) {
 }
 
 func TestAccAwsDmsEndpointS3(t *testing.T) {
-	resourceName := "aws_dms_endpoint.dms_point"
+	resourceName := "aws_dms_endpoint.dms_endpoint"
 	randId := acctest.RandString(8) + "-s3"
 
 	resource.Test(t, resource.TestCase{
@@ -76,6 +76,14 @@ func TestAccAwsDmsEndpointS3(t *testing.T) {
 				Config: dmsEndpointS3ConfigUpdate(randId),
 				Check: resource.ComposeTestCheckFunc(
 					checkDmsEndpointExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "extra_connection_attributes", "key=value;"),
+					resource.TestCheckResourceAttr(resourceName, "s3_settings.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "s3_settings.0.external_table_definition", "new-external_table_definition"),
+					resource.TestCheckResourceAttr(resourceName, "s3_settings.0.csv_row_delimiter", "\\r"),
+					resource.TestCheckResourceAttr(resourceName, "s3_settings.0.csv_delimiter", "."),
+					resource.TestCheckResourceAttr(resourceName, "s3_settings.0.bucket_folder", "new-bucket_folder"),
+					resource.TestCheckResourceAttr(resourceName, "s3_settings.0.bucket_name", "new-bucket_name"),
+					resource.TestCheckResourceAttr(resourceName, "s3_settings.0.compression_type", "GZIP"),
 				),
 			},
 		},
@@ -114,7 +122,7 @@ func TestAccAwsDmsEndpointDynamoDb(t *testing.T) {
 	})
 }
 
-func TestAccAWSDmsEndpointMongoDb(t *testing.T) {
+func TestAccAwsDmsEndpointMongoDb(t *testing.T) {
 	resourceName := "aws_dms_endpoint.dms_endpoint"
 	randId := acctest.RandString(8) + "-mongodb"
 
@@ -133,6 +141,7 @@ func TestAccAWSDmsEndpointMongoDb(t *testing.T) {
 			{
 				ResourceName:            resourceName,
 				ImportState:             true,
+				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"password"},
 			},
 			{
@@ -249,167 +258,280 @@ resource "aws_dms_endpoint" "dms_endpoint" {
 `, randId)
 }
 
-func dmsEndpointTargetConfig(randId string, engineName string, actionList string) string {
+func dmsEndpointDynamoDbConfig(randId string) string {
 	return fmt.Sprintf(`
 resource "aws_dms_endpoint" "dms_endpoint" {
-endpoint_id = "tf-test-dms-endpoint-%[1]s"
-endpoint_type = "target"
-engine_name = "%[2]s"
-service_access_role = "${aws_iam_role.iam_role.arn}"
-ssl_mode = "none"
-tags {
-	Name = "tf-test-%[2]s-endpoint-%[1]s"
-	Update = "to-update"
-	Remove = "to-remove"
-}
+	endpoint_id = "tf-test-dms-endpoint-%[1]s"
+	endpoint_type = "target"
+	engine_name = "dynamodb"
+	service_access_role = "${aws_iam_role.iam_role.arn}"
+	ssl_mode = "none"
+	tags {
+		Name = "tf-test-dynamodb-endpoint-%[1]s"
+		Update = "to-update"
+		Remove = "to-remove"
+	}
 
-depends_on = ["aws_iam_role_policy.dms_%[2]s_access"]
+	depends_on = ["aws_iam_role_policy.dms_dynamodb_access"]
 }
+
 resource "aws_iam_role" "iam_role" {
-name = "tf-test-iam-%[2]s-role-%[1]s"
+	name = "tf-test-iam-dynamodb-role-%[1]s"
 
-assume_role_policy = <<EOF
+	assume_role_policy = <<EOF
 {
-"Version": "2012-10-17",
-"Statement": [
-	{
-		"Action": "sts:AssumeRole",
-		"Principal": {
-			"Service": "dms.amazonaws.com"
-		},
-		"Effect": "Allow"
-	}
-]
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Action": "sts:AssumeRole",
+			"Principal": {
+				"Service": "dms.amazonaws.com"
+			},
+			"Effect": "Allow"
+		}
+	]
 }
 EOF
 }
 
-resource "aws_iam_role_policy" "dms_%[2]s_access" {
-name = "tf-test-iam-%[2]s-role-policy-%[1]s"
-role = "${aws_iam_role.iam_role.name}"
+resource "aws_iam_role_policy" "dms_dynamodb_access" {
+	name = "tf-test-iam-dynamodb-role-policy-%[1]s"
+	role = "${aws_iam_role.iam_role.name}"
 
-policy = <<EOF
-{
-"Version": "2012-10-17",
-"Statement": [
+	policy = <<EOF
 {
-	"Effect": "Allow",
-	"Action": [
-			%[3]s
-	],
-	"Resource": "*"
-}
-]
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Effect": "Allow",
+			"Action": [
+				"dynamodb:PutItem",
+				"dynamodb:CreateTable",
+				"dynamodb:DescribeTable",
+				"dynamodb:DeleteTable",
+				"dynamodb:DeleteItem",
+				"dynamodb:ListTables"
+			],
+			"Resource": "*"
+		}
+	]
 }
 EOF
 }
-
-`, randId, engineName, actionList)
+`, randId)
 }
 
-func dmsEndpointTargetUpdateConfig(randId string, engineName string, actionList string) string {
+func dmsEndpointDynamoDbConfigUpdate(randId string) string {
 	return fmt.Sprintf(`
 resource "aws_dms_endpoint" "dms_endpoint" {
-endpoint_id = "tf-test-dms-endpoint-%[1]s"
-endpoint_type = "target"
-engine_name = "%[2]s"
-service_access_role = "${aws_iam_role.iam_role.arn}"
-ssl_mode = "none"
-tags {
-	Name = "tf-test-%[2]s-endpoint-%[1]s"
-	Update = "updated"
-	Add = "added"
-}
+	endpoint_id = "tf-test-dms-endpoint-%[1]s"
+	endpoint_type = "target"
+	engine_name = "dynamodb"
+	service_access_role = "${aws_iam_role.iam_role.arn}"
+	ssl_mode = "none"
+	tags {
+		Name = "tf-test-dynamodb-endpoint-%[1]s"
+		Update = "updated"
+		Add = "added"
+	}
 }
+
 resource "aws_iam_role" "iam_role" {
-name = "tf-test-iam-%[2]s-role-%[1]s"
+	name = "tf-test-iam-dynamodb-role-%[1]s"
 
-assume_role_policy = <<EOF
+	assume_role_policy = <<EOF
 {
-"Version": "2012-10-17",
-"Statement": [
-	{
-		"Action": "sts:AssumeRole",
-		"Principal": {
-			"Service": "dms.amazonaws.com"
-		},
-		"Effect": "Allow"
-	}
-]
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Action": "sts:AssumeRole",
+			"Principal": {
+				"Service": "dms.amazonaws.com"
+			},
+			"Effect": "Allow"
+		}
+	]
 }
 EOF
 }
 
-resource "aws_iam_role_policy" "dms_%[2]s_access" {
-name = "tf-test-iam-%[2]s-role-policy-%[1]s"
-role = "${aws_iam_role.iam_role.name}"
+resource "aws_iam_role_policy" "dms_dynamodb_access" {
+	name = "tf-test-iam-dynamodb-role-policy-%[1]s"
+	role = "${aws_iam_role.iam_role.name}"
 
-policy = <<EOF
-{
-"Version": "2012-10-17",
-"Statement": [
+	policy = <<EOF
 {
-	"Effect": "Allow",
-	"Action": [
-			%[3]s
-	],
-	"Resource": "*"
-}
-]
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Effect": "Allow",
+			"Action": [
+				"dynamodb:PutItem",
+				"dynamodb:CreateTable",
+				"dynamodb:DescribeTable",
+				"dynamodb:DeleteTable",
+				"dynamodb:DeleteItem",
+				"dynamodb:ListTables"
+			],
+			"Resource": "*"
+		}
+	]
 }
 EOF
 }
-`, randId, engineName, actionList)
+`, randId)
 }
 
-func dmsEndpointDynamoDbConfig(randId string) string {
-	return dmsEndpointTargetConfig(randId, "dynamodb", `
-		"dynamodb:PutItem",
-		"dynamodb:CreateTable",
-		"dynamodb:DescribeTable",
-		"dynamodb:DeleteTable",
-		"dynamodb:DeleteItem",
-		"dynamodb:ListTables"`)
+func dmsEndpointS3Config(randId string) string {
+	return fmt.Sprintf(`
+resource "aws_dms_endpoint" "dms_endpoint" {
+	endpoint_id = "tf-test-dms-endpoint-%[1]s"
+	endpoint_type = "target"
+	engine_name = "s3"
+	ssl_mode = "none"
+	extra_connection_attributes = ""
+	tags {
+		Name = "tf-test-s3-endpoint-%[1]s"
+		Update = "to-update"
+		Remove = "to-remove"
+	}
+	s3_settings {
+		service_access_role_arn = "${aws_iam_role.iam_role.arn}"
+		external_table_definition = ""
+		csv_row_delimiter = "\\n"
+		csv_delimiter = ","
+		bucket_folder = ""
+		bucket_name = ""
+		compression_type = "NONE"
+	}
+
+	depends_on = ["aws_iam_role_policy.dms_s3_access"]
 }
 
-func dmsEndpointDynamoDbConfigUpdate(randId string) string {
-	return dmsEndpointTargetUpdateConfig(randId, "dynamodb", `
-		"dynamodb:PutItem",
-		"dynamodb:CreateTable",
-		"dynamodb:DescribeTable",
-		"dynamodb:DeleteTable",
-		"dynamodb:DeleteItem",
-		"dynamodb:ListTables"`)
+resource "aws_iam_role" "iam_role" {
+	name = "tf-test-iam-s3-role-%[1]s"
+
+	assume_role_policy = <<EOF
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Action": "sts:AssumeRole",
+			"Principal": {
+				"Service": "dms.amazonaws.com"
+			},
+			"Effect": "Allow"
+		}
+	]
+}
+EOF
 }
 
-func dmsEndpointS3Config(randId string) string {
-	return dmsEndpointTargetConfig(randId, "s3", `
-		"s3:CreateBucket",
-		"s3:ListBucket",
-		"s3:DeleteBucket",
-		"s3:GetBucketLocation",
-		"s3:GetObject",
-		"s3:PutObject",
-		"s3:DeleteObject",
-		"s3:GetObjectVersion",
-		"s3:GetBucketPolicy",
-		"s3:PutBucketPolicy",
-		"s3:DeleteBucketPolicy"`)
+resource "aws_iam_role_policy" "dms_s3_access" {
+	name = "tf-test-iam-s3-role-policy-%[1]s"
+	role = "${aws_iam_role.iam_role.name}"
+
+	policy = <<EOF
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Effect": "Allow",
+			"Action": [
+				"s3:CreateBucket",
+				"s3:ListBucket",
+				"s3:DeleteBucket",
+				"s3:GetBucketLocation",
+				"s3:GetObject",
+				"s3:PutObject",
+				"s3:DeleteObject",
+				"s3:GetObjectVersion",
+				"s3:GetBucketPolicy",
+				"s3:PutBucketPolicy",
+				"s3:DeleteBucketPolicy"
+			],
+			"Resource": "*"
+		}
+	]
+}
+EOF
+}
+`, randId)
 }
 
 func dmsEndpointS3ConfigUpdate(randId string) string {
-	return dmsEndpointTargetUpdateConfig(randId, "s3", `
-		"s3:CreateBucket",
-		"s3:ListBucket",
-		"s3:DeleteBucket",
-		"s3:GetBucketLocation",
-		"s3:GetObject",
-		"s3:PutObject",
-		"s3:DeleteObject",
-		"s3:GetObjectVersion",
-		"s3:GetBucketPolicy",
-		"s3:PutBucketPolicy",
-		"s3:DeleteBucketPolicy"`)
+	return fmt.Sprintf(`
+resource "aws_dms_endpoint" "dms_endpoint" {
+	endpoint_id = "tf-test-dms-endpoint-%[1]s"
+	endpoint_type = "target"
+	engine_name = "s3"
+	ssl_mode = "none"
+	extra_connection_attributes = "key=value;"
+	tags {
+		Name = "tf-test-s3-endpoint-%[1]s"
+		Update = "updated"
+		Add = "added"
+	}
+	s3_settings {
+		service_access_role_arn = "${aws_iam_role.iam_role.arn}"
+		external_table_definition = "new-external_table_definition"
+		csv_row_delimiter = "\\r"
+		csv_delimiter = "."
+		bucket_folder = "new-bucket_folder"
+		bucket_name = "new-bucket_name"
+		compression_type = "GZIP"
+	}
+}
+
+resource "aws_iam_role" "iam_role" {
+	name = "tf-test-iam-s3-role-%[1]s"
+
+	assume_role_policy = <<EOF
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Action": "sts:AssumeRole",
+			"Principal": {
+				"Service": "dms.amazonaws.com"
+			},
+			"Effect": "Allow"
+		}
+	]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "dms_s3_access" {
+	name = "tf-test-iam-s3-role-policy-%[1]s"
+	role = "${aws_iam_role.iam_role.name}"
+
+	policy = <<EOF
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Effect": "Allow",
+			"Action": [
+				"s3:CreateBucket",
+				"s3:ListBucket",
+				"s3:DeleteBucket",
+				"s3:GetBucketLocation",
+				"s3:GetObject",
+				"s3:PutObject",
+				"s3:DeleteObject",
+				"s3:GetObjectVersion",
+				"s3:GetBucketPolicy",
+				"s3:PutBucketPolicy",
+				"s3:DeleteBucketPolicy"
+			],
+			"Resource": "*"
+		}
+	]
+}
+EOF
+}
+`, randId)
 }
 
 func dmsEndpointMongoDbConfig(randId string) string {
diff --git a/website/docs/r/dms_endpoint.html.markdown b/website/docs/r/dms_endpoint.html.markdown
index 2e2f17e73f1..bfa11d15f42 100644
--- a/website/docs/r/dms_endpoint.html.markdown
+++ b/website/docs/r/dms_endpoint.html.markdown
@@ -62,10 +62,9 @@ The following arguments are supported:
 * `ssl_mode` - (Optional, Default: none) The SSL mode to use for the connection. Can be one of `none | require | verify-ca | verify-full`
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 * `username` - (Optional) The user name to be used to login to the endpoint database.
-* `service_access_role` - (Optional) The Amazon Resource Name (ARN) used by the service access IAM role for `dynamodb | s3` endpoints.
+* `service_access_role` - (Optional) The Amazon Resource Name (ARN) used by the service access IAM role for dynamodb endpoints.
 * `mongodb_settings` - (Optional) Settings for the source MongoDB endpoint. Available settings are `auth_type` (default: `PASSWORD`), `auth_mechanism` (default: `DEFAULT`), `nesting_level` (default: `NONE`), `extract_doc_id` (default: `false`), `docs_to_investigate` (default: `1000`) and `auth_source` (default: `admin`). For more details, see [Using MongoDB as a Source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.MongoDB.html).
-* `bucket_name` - (Optional) The S3 bucket name.
-* `bucket_folder` - (Optional) If provided, tables are created in the path <bucket_folder>/<schema_name>/<table_name>/.
+* `s3_settings` - (Optional) Settings for the target S3 endpoint. Available settings are `service_access_role_arn`, `external_table_definition`, `csv_row_delimiter` (default: `\\n`), `csv_delimiter` (default: `,`), `bucket_folder`, `bucket_name` and `compression_type` (default: `NONE`). For more details, see [Using Amazon S3 as a Target for AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.S3.html).
 
 ## Attributes Reference
 

From 747a7251ab83d7831f7bc9cd808e49cd5509df3a Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Thu, 3 May 2018 20:32:41 -0400
Subject: [PATCH 22/71] Update CHANGELOG for #4433

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3dbd2bb04b0..4e1f4ab15b5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,9 @@
 ## 1.18.0 (Unreleased)
+
+BUG FIXES:
+
+* data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
+
 ## 1.17.0 (May 02, 2018)
 
 NOTES:

From c209edd18adadc68b44b10e74977b51db86f1132 Mon Sep 17 00:00:00 2001
From: Tom Elliff <tomelliff@gmail.com>
Date: Fri, 4 May 2018 09:12:36 +0100
Subject: [PATCH 23/71] Remove redundant type declarations

---
 aws/resource_aws_ssm_document_test.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/aws/resource_aws_ssm_document_test.go b/aws/resource_aws_ssm_document_test.go
index e11eed96314..685158d78dc 100644
--- a/aws/resource_aws_ssm_document_test.go
+++ b/aws/resource_aws_ssm_document_test.go
@@ -20,7 +20,7 @@ func TestAccAWSSSMDocument_basic(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAWSSSMDocumentDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSSSMDocumentBasicConfig(name),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),
@@ -40,7 +40,7 @@ func TestAccAWSSSMDocument_update(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAWSSSMDocumentDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSSSMDocument20Config(name),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),
@@ -52,7 +52,7 @@ func TestAccAWSSSMDocument_update(t *testing.T) {
 						"aws_ssm_document.foo", "default_version", "1"),
 				),
 			},
-			resource.TestStep{
+			{
 				Config: testAccAWSSSMDocument20UpdatedConfig(name),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),
@@ -73,7 +73,7 @@ func TestAccAWSSSMDocument_permission(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAWSSSMDocumentDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSSSMDocumentPermissionConfig(name),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),
@@ -94,7 +94,7 @@ func TestAccAWSSSMDocument_params(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAWSSSMDocumentDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSSSMDocumentParamConfig(name),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),
@@ -123,7 +123,7 @@ func TestAccAWSSSMDocument_automation(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAWSSSMDocumentDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSSSMDocumentTypeAutomationConfig(name),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),

From 8f78510868714316a1119f57c098b6b140f4eff6 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Fri, 4 May 2018 07:12:20 -0400
Subject: [PATCH 24/71] Update CHANGELOG for #4436

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e1f4ab15b5..f4f33338ec6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
+* resource/aws_ssm_document: Add missing account ID `arn` attribute [GH-4436]
 
 ## 1.17.0 (May 02, 2018)
 

From cd4a9d9b602530d7492be8f1d3981a666d989201 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Fri, 4 May 2018 07:12:56 -0400
Subject: [PATCH 25/71] Fix grammar error :smile:

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f4f33338ec6..e4b2a06123b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,7 @@
 BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
-* resource/aws_ssm_document: Add missing account ID `arn` attribute [GH-4436]
+* resource/aws_ssm_document: Add missing account ID to `arn` attribute [GH-4436]
 
 ## 1.17.0 (May 02, 2018)
 

From 94c5b5ebe656d7d4f6d5d47f2301e31e88c8e694 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Fri, 4 May 2018 08:58:07 -0400
Subject: [PATCH 26/71] GitHub: New Issue and Pull Request Templates

---
 .github/ISSUE_TEMPLATE.md                 | 47 ++-----------
 .github/ISSUE_TEMPLATE/Bug_Report.md      | 81 +++++++++++++++++++++++
 .github/ISSUE_TEMPLATE/Feature_Request.md | 44 ++++++++++++
 .github/ISSUE_TEMPLATE/Question.md        | 15 +++++
 .github/PULL_REQUEST_TEMPLATE.md          |  7 ++
 5 files changed, 152 insertions(+), 42 deletions(-)
 create mode 100644 .github/ISSUE_TEMPLATE/Bug_Report.md
 create mode 100644 .github/ISSUE_TEMPLATE/Feature_Request.md
 create mode 100644 .github/ISSUE_TEMPLATE/Question.md
 create mode 100644 .github/PULL_REQUEST_TEMPLATE.md

diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index 8066d3921e4..b376ed08b0c 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,43 +1,6 @@
-Hi there,
+<!---
+Thanks for filing an issue 😄 ! Before you submit, please read the following:
 
-Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.
-
-### Terraform Version
-Run `terraform -v` to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.
-
-### Affected Resource(s)
-Please list the resources as a list, for example:
-- opc_instance
-- opc_storage_volume
-
-If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.
-
-### Terraform Configuration Files
-```hcl
-# Copy-paste your Terraform configurations here - for large Terraform configs,
-# please use a service like Dropbox and share a link to the ZIP file. For
-# security, you can also encrypt the files using our GPG public key.
-```
-
-### Debug Output
-Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
-
-### Panic Output
-If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the `crash.log`.
-
-### Expected Behavior
-What should have happened?
-
-### Actual Behavior
-What actually happened?
-
-### Steps to Reproduce
-Please list the steps required to reproduce the issue, for example:
-1. `terraform apply`
-
-### Important Factoids
-Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?
-
-### References
-Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:
-- GH-1234
+Check the other issue templates if you are trying to submit a bug report, feature request, or question
+Search open/closed issues before submitting since someone might have asked the same thing before!
+-->
\ No newline at end of file
diff --git a/.github/ISSUE_TEMPLATE/Bug_Report.md b/.github/ISSUE_TEMPLATE/Bug_Report.md
new file mode 100644
index 00000000000..55048ea9389
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/Bug_Report.md
@@ -0,0 +1,81 @@
+---
+name: 🐛 Bug Report
+about: If something isn't working as expected 🤔.
+
+---
+
+<!--- Please keep this note for the community --->
+
+### Community Note
+
+* Please vote on this issue by adding a :+1: reaction to the original issue to help the community and maintainers prioritize this request
+* If you are interested in working on this issue or have submitted a pull request, please leave a comment
+
+<!--- Thank you for keeping this note for the community --->
+
+### Terraform Version
+
+Please run `terraform -v` to show the Terraform core version and provider version(s). If you are not running the latest version of Terraform or the provider, please upgrade because your issue may have already been fixed. [Terraform documentation on provider versioning](https://www.terraform.io/docs/configuration/providers.html#provider-versions).
+
+### Affected Resource(s)
+
+Please note the following potential times when an issue might be in Terraform core:
+
+* [Configuration Language](https://www.terraform.io/docs/configuration/index.html) or resource ordering issues
+* [State](https://www.terraform.io/docs/state/index.html) and [State Backend](https://www.terraform.io/docs/backends/index.html) issues
+* [Provisioner](https://www.terraform.io/docs/provisioners/index.html) issues
+* [Registry](https://registry.terraform.io/) issues
+* Spans resources across multiple providers
+
+If you are running into one of these scenarios, we recommend opening an issue in the [Terraform core repository](https://github.com/hashicorp/terraform/) instead.
+
+If you believe this is still a provider issue, please list the resources and data sources, for example:
+
+* aws_instance
+* aws_rds_cluster
+
+### Terraform Configuration Files
+
+<!--- Information about code formatting: https://help.github.com/articles/basic-writing-and-formatting-syntax/#quoting-code --->
+
+```hcl
+# Copy-paste your Terraform configurations here - for large Terraform configs,
+# please use a service like Dropbox and share a link to the ZIP file. For
+# security, you can also encrypt the files using our GPG public key.
+```
+
+### Debug Output
+
+Please provide a link to a GitHub Gist containing the complete debug output. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
+
+To obtain the debug output, see the [Terraform documentation on debugging](https://www.terraform.io/docs/internals/debugging.html).
+
+### Panic Output
+
+If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the `crash.log`.
+
+### Expected Behavior
+
+What should have happened?
+
+### Actual Behavior
+
+What actually happened?
+
+### Steps to Reproduce
+
+Please list the steps required to reproduce the issue, for example:
+
+1. `terraform apply`
+
+### Important Factoids
+
+Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic?
+
+### References
+
+<!--- Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests --->
+
+Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor documentation? For example:
+
+* #0000
diff --git a/.github/ISSUE_TEMPLATE/Feature_Request.md b/.github/ISSUE_TEMPLATE/Feature_Request.md
new file mode 100644
index 00000000000..08cd2ebcd3e
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/Feature_Request.md
@@ -0,0 +1,44 @@
+---
+name: 🚀 Feature Request
+about: I have a suggestion (and might want to implement myself 🙂)!
+
+---
+
+<!--- Please keep this note for the community --->
+
+### Community Note
+
+* Please vote on this issue by adding a :+1: reaction to the original issue to help the community and maintainers prioritize this request
+* If you are interested in working on this issue or have submitted a pull request, please leave a comment
+
+<!--- Thank you for keeping this note for the community --->
+
+### Description
+
+Please leave a helpful description of the feature request here.
+
+### New or Affected Resource(s)
+
+Please list the resources and data sources, for example:
+
+* aws_instance
+* aws_rds_cluster
+
+### Potential Terraform Configuration
+
+<!--- Information about code formatting: https://help.github.com/articles/basic-writing-and-formatting-syntax/#quoting-code --->
+
+```hcl
+# Copy-paste your Terraform configurations here - for large Terraform configs,
+# please use a service like Dropbox and share a link to the ZIP file. For
+# security, you can also encrypt the files using our GPG public key.
+```
+
+### References
+
+<!--- Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests --->
+
+Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor blog posts or documentation? For example:
+
+* https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-amazon-ec2-fleet/
+* #0000
diff --git a/.github/ISSUE_TEMPLATE/Question.md b/.github/ISSUE_TEMPLATE/Question.md
new file mode 100644
index 00000000000..21a66cfe411
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/Question.md
@@ -0,0 +1,15 @@
+---
+name: 💬 Question
+about: If you have a question, please check out our other community resources!
+
+---
+
+Issues on GitHub are intended to be related to problems with provider codebase,
+so we recommend using our other community resources instead of asking here 👍.
+
+---
+
+If you have a support request or question please submit them to one of this resources:
+
+* [Terraform community resources](https://www.terraform.io/docs/extend/community/index.html)
+* [HashiCorp support](https://support.hashicorp.com) (Terraform Enterprise customers)
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 00000000000..b8136f5579b
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,7 @@
+<!--- Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests --->
+Fixes #0000
+
+Changes proposed in this pull request:
+
+* Change 1
+* Change 2

From 1110914b92c3d693187404471d80797111ad7f6d Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Fri, 4 May 2018 09:15:17 -0400
Subject: [PATCH 27/71] GitHub: Updates to new issue and pull request templates

* Move Bug Report note about Terraform core to the top
* Use unicode thumbs up instead of GitHub markdown syntax
* Add example pull request acceptance testing output
---
 .github/ISSUE_TEMPLATE/Bug_Report.md      | 26 ++++++++++++-----------
 .github/ISSUE_TEMPLATE/Feature_Request.md |  2 +-
 .github/PULL_REQUEST_TEMPLATE.md          |  8 +++++++
 3 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_Report.md b/.github/ISSUE_TEMPLATE/Bug_Report.md
index 55048ea9389..99df0e4dfa1 100644
--- a/.github/ISSUE_TEMPLATE/Bug_Report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_Report.md
@@ -4,11 +4,23 @@ about: If something isn't working as expected 🤔.
 
 ---
 
+Please note the following potential times when an issue might be in Terraform core:
+
+* [Configuration Language](https://www.terraform.io/docs/configuration/index.html) or resource ordering issues
+* [State](https://www.terraform.io/docs/state/index.html) and [State Backend](https://www.terraform.io/docs/backends/index.html) issues
+* [Provisioner](https://www.terraform.io/docs/provisioners/index.html) issues
+* [Registry](https://registry.terraform.io/) issues
+* Spans resources across multiple providers
+
+If you are running into one of these scenarios, we recommend opening an issue in the [Terraform core repository](https://github.com/hashicorp/terraform/) instead.
+
+---
+
 <!--- Please keep this note for the community --->
 
 ### Community Note
 
-* Please vote on this issue by adding a :+1: reaction to the original issue to help the community and maintainers prioritize this request
+* Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
 * If you are interested in working on this issue or have submitted a pull request, please leave a comment
 
 <!--- Thank you for keeping this note for the community --->
@@ -19,17 +31,7 @@ Please run `terraform -v` to show the Terraform core version and provider versio
 
 ### Affected Resource(s)
 
-Please note the following potential times when an issue might be in Terraform core:
-
-* [Configuration Language](https://www.terraform.io/docs/configuration/index.html) or resource ordering issues
-* [State](https://www.terraform.io/docs/state/index.html) and [State Backend](https://www.terraform.io/docs/backends/index.html) issues
-* [Provisioner](https://www.terraform.io/docs/provisioners/index.html) issues
-* [Registry](https://registry.terraform.io/) issues
-* Spans resources across multiple providers
-
-If you are running into one of these scenarios, we recommend opening an issue in the [Terraform core repository](https://github.com/hashicorp/terraform/) instead.
-
-If you believe this is still a provider issue, please list the resources and data sources, for example:
+Please list the resources and data sources, for example:
 
 * aws_instance
 * aws_rds_cluster
diff --git a/.github/ISSUE_TEMPLATE/Feature_Request.md b/.github/ISSUE_TEMPLATE/Feature_Request.md
index 08cd2ebcd3e..492acf2737d 100644
--- a/.github/ISSUE_TEMPLATE/Feature_Request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_Request.md
@@ -8,7 +8,7 @@ about: I have a suggestion (and might want to implement myself 🙂)!
 
 ### Community Note
 
-* Please vote on this issue by adding a :+1: reaction to the original issue to help the community and maintainers prioritize this request
+* Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
 * If you are interested in working on this issue or have submitted a pull request, please leave a comment
 
 <!--- Thank you for keeping this note for the community --->
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index b8136f5579b..448b34f20a5 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -5,3 +5,11 @@ Changes proposed in this pull request:
 
 * Change 1
 * Change 2
+
+Output from acceptance testing:
+
+```
+$ make testacc TESTARGS='-run=TestAccAWSAvailabilityZones'
+
+...
+```

From e0b00be15a7d9ab7e41d2295d1fbdddc11c84898 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Fri, 4 May 2018 09:23:20 -0400
Subject: [PATCH 28/71] GitHub: Fix grammar issue and clarify types of requests
 in Question template

---
 .github/ISSUE_TEMPLATE/Question.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Question.md b/.github/ISSUE_TEMPLATE/Question.md
index 21a66cfe411..a3f9a38394f 100644
--- a/.github/ISSUE_TEMPLATE/Question.md
+++ b/.github/ISSUE_TEMPLATE/Question.md
@@ -4,12 +4,12 @@ about: If you have a question, please check out our other community resources!
 
 ---
 
-Issues on GitHub are intended to be related to problems with provider codebase,
+Issues on GitHub are intended to be related to bugs or feature requests with provider codebase,
 so we recommend using our other community resources instead of asking here 👍.
 
 ---
 
-If you have a support request or question please submit them to one of this resources:
+If you have a support request or question please submit them to one of these resources:
 
 * [Terraform community resources](https://www.terraform.io/docs/extend/community/index.html)
 * [HashiCorp support](https://support.hashicorp.com) (Terraform Enterprise customers)

From 9f15ffb10acf17fe0eb744de34c24146b60231e9 Mon Sep 17 00:00:00 2001
From: John Noss <john.noss@runkeeper.com>
Date: Fri, 4 May 2018 11:21:36 -0400
Subject: [PATCH 29/71] Update docs for ASG wait for capacity with ALBs

This updates the docs for ASG to note that wait for capacity can now be
used for ALBs attached via `target_group_arns` not just ELBs attached
via `load_balancers` (see Terraform issue
https://github.com/hashicorp/terraform/issues/8655 and PR
https://github.com/hashicorp/terraform/pull/10243 for the change to make
this work for ALBs).
---
 website/docs/r/autoscaling_group.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/r/autoscaling_group.html.markdown b/website/docs/r/autoscaling_group.html.markdown
index 2fdb8c6e4f7..f403bd5d829 100644
--- a/website/docs/r/autoscaling_group.html.markdown
+++ b/website/docs/r/autoscaling_group.html.markdown
@@ -300,7 +300,7 @@ Setting `wait_for_capacity_timeout` to `"0"` disables ASG Capacity waiting.
 #### Waiting for ELB Capacity
 
 The second mechanism is optional, and affects ASGs with attached ELBs specified
-via the `load_balancers` attribute.
+via the `load_balancers` attribute or with ALBs specified with `target_group_arns`.
 
 The `min_elb_capacity` parameter causes Terraform to wait for at least the
 requested number of instances to show up `"InService"` in all attached ELBs

From ca51c9e6c64284996c0129d5594de88e9921b297 Mon Sep 17 00:00:00 2001
From: Ken Herner <kherner@navistone.com>
Date: Wed, 24 Jan 2018 17:19:18 -0500
Subject: [PATCH 30/71] resource/aws_redshift_cluster: Send correct values when
 resizing

When resizing a Redshift cluster, the AWS API is expecting the Cluster
Type, Node Type, and Number of Nodes regardless of which value changed.
If not passed it will error out with
`[WARN] Error modifying Redshift Cluster (navistone-public-cluster):
InvalidParameterCombination: Number of nodes for cluster type multi-node
must be greater than or equal to 2`

Now we send all values if any one of them change.

Signed-off-by: Ken Herner <kherner@navistone.com>
---
 aws/resource_aws_redshift_cluster.go      | 14 ++----
 aws/resource_aws_redshift_cluster_test.go | 58 +++++++++++++++++++++++
 2 files changed, 61 insertions(+), 11 deletions(-)

diff --git a/aws/resource_aws_redshift_cluster.go b/aws/resource_aws_redshift_cluster.go
index 32a8253ebbc..1a28ca15a10 100644
--- a/aws/resource_aws_redshift_cluster.go
+++ b/aws/resource_aws_redshift_cluster.go
@@ -642,25 +642,17 @@ func resourceAwsRedshiftClusterUpdate(d *schema.ResourceData, meta interface{})
 		ClusterIdentifier: aws.String(d.Id()),
 	}
 
-	if d.HasChange("cluster_type") {
+	// If the cluster type, node type, or number of nodes changed, then the AWS API expects all three
+	// items to be sent over
+	if d.HasChange("cluster_type") || d.HasChange("node_type") || d.HasChange("number_of_nodes") {
 		req.ClusterType = aws.String(d.Get("cluster_type").(string))
-		requestUpdate = true
-	}
-
-	if d.HasChange("node_type") {
 		req.NodeType = aws.String(d.Get("node_type").(string))
-		requestUpdate = true
-	}
-
-	if d.HasChange("number_of_nodes") {
 		if v := d.Get("number_of_nodes").(int); v > 1 {
 			req.ClusterType = aws.String("multi-node")
 			req.NumberOfNodes = aws.Int64(int64(d.Get("number_of_nodes").(int)))
 		} else {
 			req.ClusterType = aws.String("single-node")
 		}
-
-		req.NodeType = aws.String(d.Get("node_type").(string))
 		requestUpdate = true
 	}
 
diff --git a/aws/resource_aws_redshift_cluster_test.go b/aws/resource_aws_redshift_cluster_test.go
index 1ab874af984..b339a4f8179 100644
--- a/aws/resource_aws_redshift_cluster_test.go
+++ b/aws/resource_aws_redshift_cluster_test.go
@@ -382,6 +382,47 @@ func TestAccAWSRedshiftCluster_updateNodeCount(t *testing.T) {
 					testAccCheckAWSRedshiftClusterExists("aws_redshift_cluster.default", &v),
 					resource.TestCheckResourceAttr(
 						"aws_redshift_cluster.default", "number_of_nodes", "2"),
+					resource.TestCheckResourceAttr(
+						"aws_redshift_cluster.default", "cluster-type", "multi-node"),
+					resource.TestCheckResourceAttr(
+						"aws_redshift_cluster.default", "node-type", "dc1.large"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSRedshiftCluster_updateNodeType(t *testing.T) {
+	var v redshift.Cluster
+
+	ri := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
+	preConfig := testAccAWSRedshiftClusterConfig_basic(ri)
+	postConfig := testAccAWSRedshiftClusterConfig_updateNodeType(ri)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSRedshiftClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: preConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSRedshiftClusterExists("aws_redshift_cluster.default", &v),
+					resource.TestCheckResourceAttr(
+						"aws_redshift_cluster.default", "node-type", "dc1.large"),
+				),
+			},
+
+			{
+				Config: postConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSRedshiftClusterExists("aws_redshift_cluster.default", &v),
+					resource.TestCheckResourceAttr(
+						"aws_redshift_cluster.default", "number_of_nodes", "1"),
+					resource.TestCheckResourceAttr(
+						"aws_redshift_cluster.default", "cluster-type", "single-node"),
+					resource.TestCheckResourceAttr(
+						"aws_redshift_cluster.default", "node-type", "dc1.8xlarge"),
 				),
 			},
 		},
@@ -738,6 +779,23 @@ resource "aws_redshift_cluster" "default" {
 `, rInt)
 }
 
+func testAccAWSRedshiftClusterConfig_updateNodeType(rInt int) string {
+	return fmt.Sprintf(`
+resource "aws_redshift_cluster" "default" {
+  cluster_identifier = "tf-redshift-cluster-%d"
+  availability_zone = "us-west-2a"
+  database_name = "mydb"
+  master_username = "foo_test"
+  master_password = "Mustbe8characters"
+  node_type = "dc1.8xlarge"
+  automated_snapshot_retention_period = 0
+  allow_version_upgrade = false
+  number_of_nodes = 1
+  skip_final_snapshot = true
+}
+`, rInt)
+}
+
 func testAccAWSRedshiftClusterConfig_basic(rInt int) string {
 	return fmt.Sprintf(`
 resource "aws_redshift_cluster" "default" {

From 360ddeabc16556b128324c6650cc6f1e1d814a7a Mon Sep 17 00:00:00 2001
From: Ken Herner <kherner@navistone.com>
Date: Mon, 29 Jan 2018 10:50:18 -0500
Subject: [PATCH 31/71] Fixed recently added redshift tests

Signed-off-by: Ken Herner <kherner@navistone.com>
---
 aws/resource_aws_redshift_cluster_test.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/aws/resource_aws_redshift_cluster_test.go b/aws/resource_aws_redshift_cluster_test.go
index b339a4f8179..d3a05593d57 100644
--- a/aws/resource_aws_redshift_cluster_test.go
+++ b/aws/resource_aws_redshift_cluster_test.go
@@ -383,9 +383,9 @@ func TestAccAWSRedshiftCluster_updateNodeCount(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"aws_redshift_cluster.default", "number_of_nodes", "2"),
 					resource.TestCheckResourceAttr(
-						"aws_redshift_cluster.default", "cluster-type", "multi-node"),
+						"aws_redshift_cluster.default", "cluster_type", "multi-node"),
 					resource.TestCheckResourceAttr(
-						"aws_redshift_cluster.default", "node-type", "dc1.large"),
+						"aws_redshift_cluster.default", "node_type", "dc1.large"),
 				),
 			},
 		},
@@ -409,7 +409,7 @@ func TestAccAWSRedshiftCluster_updateNodeType(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSRedshiftClusterExists("aws_redshift_cluster.default", &v),
 					resource.TestCheckResourceAttr(
-						"aws_redshift_cluster.default", "node-type", "dc1.large"),
+						"aws_redshift_cluster.default", "node_type", "dc1.large"),
 				),
 			},
 
@@ -420,9 +420,9 @@ func TestAccAWSRedshiftCluster_updateNodeType(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"aws_redshift_cluster.default", "number_of_nodes", "1"),
 					resource.TestCheckResourceAttr(
-						"aws_redshift_cluster.default", "cluster-type", "single-node"),
+						"aws_redshift_cluster.default", "cluster_type", "single-node"),
 					resource.TestCheckResourceAttr(
-						"aws_redshift_cluster.default", "node-type", "dc1.8xlarge"),
+						"aws_redshift_cluster.default", "node_type", "dc1.8xlarge"),
 				),
 			},
 		},

From db956b54d5626a446698c1c3dffef6b6b80e1d3f Mon Sep 17 00:00:00 2001
From: Ken Herner <kherner@navistone.com>
Date: Fri, 4 May 2018 11:44:52 -0400
Subject: [PATCH 32/71] Update redshift test udateNodeType

Change the node type from dc2.8xlarge to dc2.large to pass E2E testing.

Signed-off-by: Ken Herner <kherner@navistone.com>
---
 aws/resource_aws_redshift_cluster_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws/resource_aws_redshift_cluster_test.go b/aws/resource_aws_redshift_cluster_test.go
index d3a05593d57..0b594c6fcbb 100644
--- a/aws/resource_aws_redshift_cluster_test.go
+++ b/aws/resource_aws_redshift_cluster_test.go
@@ -422,7 +422,7 @@ func TestAccAWSRedshiftCluster_updateNodeType(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"aws_redshift_cluster.default", "cluster_type", "single-node"),
 					resource.TestCheckResourceAttr(
-						"aws_redshift_cluster.default", "node_type", "dc1.8xlarge"),
+						"aws_redshift_cluster.default", "node_type", "dc2.large"),
 				),
 			},
 		},
@@ -787,7 +787,7 @@ resource "aws_redshift_cluster" "default" {
   database_name = "mydb"
   master_username = "foo_test"
   master_password = "Mustbe8characters"
-  node_type = "dc1.8xlarge"
+  node_type = "dc2.large"
   automated_snapshot_retention_period = 0
   allow_version_upgrade = false
   number_of_nodes = 1

From 15884698ba495371e5d865563204d9fd986ef97c Mon Sep 17 00:00:00 2001
From: Dirk Avery <dirk.avery@gmail.com>
Date: Wed, 2 May 2018 10:28:01 -0400
Subject: [PATCH 33/71] Spot price optional for SIR, SFR

---
 aws/resource_aws_spot_fleet_request.go        |   2 +-
 aws/resource_aws_spot_fleet_request_test.go   | 106 ++++++++++++++++++
 aws/resource_aws_spot_instance_request.go     |   2 +-
 ...resource_aws_spot_instance_request_test.go |  62 ++++++++++
 .../docs/r/launch_configuration.html.markdown |   2 +-
 .../docs/r/spot_fleet_request.html.markdown   |   2 +-
 .../r/spot_instance_request.html.markdown     |   2 +-
 7 files changed, 173 insertions(+), 5 deletions(-)

diff --git a/aws/resource_aws_spot_fleet_request.go b/aws/resource_aws_spot_fleet_request.go
index cadbe2d15bd..6864097ee62 100644
--- a/aws/resource_aws_spot_fleet_request.go
+++ b/aws/resource_aws_spot_fleet_request.go
@@ -294,7 +294,7 @@ func resourceAwsSpotFleetRequest() *schema.Resource {
 			},
 			"spot_price": {
 				Type:     schema.TypeString,
-				Required: true,
+				Optional: true,
 				ForceNew: true,
 			},
 			"terminate_instances_with_expiration": {
diff --git a/aws/resource_aws_spot_fleet_request_test.go b/aws/resource_aws_spot_fleet_request_test.go
index c4982a46933..f259c52dc97 100644
--- a/aws/resource_aws_spot_fleet_request_test.go
+++ b/aws/resource_aws_spot_fleet_request_test.go
@@ -312,6 +312,31 @@ func TestAccAWSSpotFleetRequest_overriddingSpotPrice(t *testing.T) {
 	})
 }
 
+func TestAccAWSSpotFleetRequest_withoutSpotPrice(t *testing.T) {
+	var sfr ec2.SpotFleetRequestConfig
+	rName := acctest.RandString(10)
+	rInt := acctest.RandInt()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSpotFleetRequestDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSSpotFleetRequestConfigWithoutSpotPrice(rName, rInt),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSSpotFleetRequestExists(
+						"aws_spot_fleet_request.foo", &sfr),
+					resource.TestCheckResourceAttr(
+						"aws_spot_fleet_request.foo", "spot_request_state", "active"),
+					resource.TestCheckResourceAttr(
+						"aws_spot_fleet_request.foo", "launch_specification.#", "2"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSSpotFleetRequest_diversifiedAllocation(t *testing.T) {
 	var sfr ec2.SpotFleetRequestConfig
 	rName := acctest.RandString(10)
@@ -1511,6 +1536,87 @@ resource "aws_spot_fleet_request" "foo" {
 `, rName, rInt, rInt, rName)
 }
 
+func testAccAWSSpotFleetRequestConfigWithoutSpotPrice(rName string, rInt int) string {
+	return fmt.Sprintf(`
+resource "aws_key_pair" "debugging" {
+	key_name = "tmp-key-%s"
+	public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 phodgson@thoughtworks.com"
+}
+
+resource "aws_iam_policy" "test-policy" {
+  name = "test-policy-%d"
+  path = "/"
+  description = "Spot Fleet Request ACCTest Policy"
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Effect": "Allow",
+    "Action": [
+       "ec2:DescribeImages",
+       "ec2:DescribeSubnets",
+       "ec2:RequestSpotInstances",
+       "ec2:TerminateInstances",
+       "ec2:DescribeInstanceStatus",
+       "iam:PassRole"
+        ],
+    "Resource": ["*"]
+  }]
+}
+EOF
+}
+
+resource "aws_iam_policy_attachment" "test-attach" {
+    name = "test-attachment-%d"
+    roles = ["${aws_iam_role.test-role.name}"]
+    policy_arn = "${aws_iam_policy.test-policy.arn}"
+}
+
+resource "aws_iam_role" "test-role" {
+    name = "test-role-%s"
+    assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_spot_fleet_request" "foo" {
+    iam_fleet_role = "${aws_iam_role.test-role.arn}"
+    target_capacity = 2
+    valid_until = "2019-11-04T20:44:20Z"
+    terminate_instances_with_expiration = true
+    wait_for_fulfillment = true
+    launch_specification {
+        instance_type = "m1.small"
+        ami = "ami-516b9131"
+        key_name = "${aws_key_pair.debugging.key_name}"
+        availability_zone = "us-west-2a"
+    }
+    launch_specification {
+        instance_type = "m3.large"
+        ami = "ami-d06a90b0"
+        key_name = "${aws_key_pair.debugging.key_name}"
+        availability_zone = "us-west-2a"
+    }
+    depends_on = ["aws_iam_policy_attachment.test-attach"]
+}
+`, rName, rInt, rInt, rName)
+}
+
 func testAccAWSSpotFleetRequestConfigDiversifiedAllocation(rName string, rInt int) string {
 	return fmt.Sprintf(`
 resource "aws_key_pair" "debugging" {
diff --git a/aws/resource_aws_spot_instance_request.go b/aws/resource_aws_spot_instance_request.go
index a3d566d6872..5a0dbeabc84 100644
--- a/aws/resource_aws_spot_instance_request.go
+++ b/aws/resource_aws_spot_instance_request.go
@@ -44,7 +44,7 @@ func resourceAwsSpotInstanceRequest() *schema.Resource {
 
 			s["spot_price"] = &schema.Schema{
 				Type:     schema.TypeString,
-				Required: true,
+				Optional: true,
 				ForceNew: true,
 			}
 			s["spot_type"] = &schema.Schema{
diff --git a/aws/resource_aws_spot_instance_request_test.go b/aws/resource_aws_spot_instance_request_test.go
index 2a79a74733f..09d82f71e48 100644
--- a/aws/resource_aws_spot_instance_request_test.go
+++ b/aws/resource_aws_spot_instance_request_test.go
@@ -152,6 +152,31 @@ func TestAccAWSSpotInstanceRequest_validUntil(t *testing.T) {
 	})
 }
 
+func TestAccAWSSpotInstanceRequest_withoutSpotPrice(t *testing.T) {
+	var sir ec2.SpotInstanceRequest
+	rInt := acctest.RandInt()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSpotInstanceRequestDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSSpotInstanceRequestConfig_withoutSpotPrice(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSpotInstanceRequestExists(
+						"aws_spot_instance_request.foo", &sir),
+					testAccCheckAWSSpotInstanceRequestAttributesCheckSIRWithoutSpot(&sir),
+					resource.TestCheckResourceAttr(
+						"aws_spot_instance_request.foo", "spot_bid_status", "fulfilled"),
+					resource.TestCheckResourceAttr(
+						"aws_spot_instance_request.foo", "spot_request_state", "active"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSSpotInstanceRequest_SubnetAndSGAndPublicIpAddress(t *testing.T) {
 	var sir ec2.SpotInstanceRequest
 	rInt := acctest.RandInt()
@@ -374,6 +399,19 @@ func testAccCheckAWSSpotInstanceRequestAttributesValidUntil(
 	}
 }
 
+func testAccCheckAWSSpotInstanceRequestAttributesCheckSIRWithoutSpot(
+	sir *ec2.SpotInstanceRequest) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if *sir.State != "active" {
+			return fmt.Errorf("Unexpected request state: %s", *sir.State)
+		}
+		if *sir.Status.Code != "fulfilled" {
+			return fmt.Errorf("Unexpected bid status: %s", *sir.State)
+		}
+		return nil
+	}
+}
+
 func testAccCheckAWSSpotInstanceRequest_InstanceAttributes(
 	sir *ec2.SpotInstanceRequest, rInt int) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
@@ -547,6 +585,30 @@ func testAccAWSSpotInstanceRequestConfigValidUntil(rInt int, validUntil string)
 	}`, rInt, validUntil)
 }
 
+func testAccAWSSpotInstanceRequestConfig_withoutSpotPrice(rInt int) string {
+	return fmt.Sprintf(`
+	resource "aws_key_pair" "debugging" {
+		key_name = "tmp-key-%d"
+		public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 phodgson@thoughtworks.com"
+	}
+
+	resource "aws_spot_instance_request" "foo" {
+		ami = "ami-4fccb37f"
+		instance_type = "m1.small"
+		key_name = "${aws_key_pair.debugging.key_name}"
+
+		# no spot price so AWS *should* default max bid to current on-demand price
+
+		# we wait for fulfillment because we want to inspect the launched instance
+		# and verify termination behavior
+		wait_for_fulfillment = true
+
+		tags {
+			Name = "terraform-test"
+		}
+	}`, rInt)
+}
+
 func testAccAWSSpotInstanceRequestConfig_withLaunchGroup(rInt int) string {
 	return fmt.Sprintf(`
 	resource "aws_key_pair" "debugging" {
diff --git a/website/docs/r/launch_configuration.html.markdown b/website/docs/r/launch_configuration.html.markdown
index 2177c67cf1d..5865e1ce6ef 100644
--- a/website/docs/r/launch_configuration.html.markdown
+++ b/website/docs/r/launch_configuration.html.markdown
@@ -158,7 +158,7 @@ The following arguments are supported:
   instance.  See [Block Devices](#block-devices) below for details.
 * `ephemeral_block_device` - (Optional) Customize Ephemeral (also known as
   "Instance Store") volumes on the instance. See [Block Devices](#block-devices) below for details.
-* `spot_price` - (Optional) The price to use for reserving spot instances.
+* `spot_price` - (Optional; Default: On-demand price) The maximum price to use for reserving spot instances.
 * `placement_tenancy` - (Optional) The tenancy of the instance. Valid values are
   `"default"` or `"dedicated"`, see [AWS's Create Launch Configuration](http://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_CreateLaunchConfiguration.html)
   for more details
diff --git a/website/docs/r/spot_fleet_request.html.markdown b/website/docs/r/spot_fleet_request.html.markdown
index 2dd9ef095b4..52a9f3751c3 100644
--- a/website/docs/r/spot_fleet_request.html.markdown
+++ b/website/docs/r/spot_fleet_request.html.markdown
@@ -97,7 +97,7 @@ across different markets and instance types.
     what you can specify. See the list of officially supported inputs in the
     [reference documentation](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotFleetLaunchSpecification.html). Any normal [`aws_instance`](instance.html) parameter that corresponds to those inputs may be used.
 
-* `spot_price` - (Required) The bid price per unit hour.
+* `spot_price` - (Optional; Default: On-demand price) The maximum bid price per unit hour.
 * `wait_for_fulfillment` - (Optional; Default: false) If set, Terraform will
   wait for the Spot Request to be fulfilled, and will throw an error if the
   timeout of 10m is reached.
diff --git a/website/docs/r/spot_instance_request.html.markdown b/website/docs/r/spot_instance_request.html.markdown
index b866cd3b3ad..0819fec0e77 100644
--- a/website/docs/r/spot_instance_request.html.markdown
+++ b/website/docs/r/spot_instance_request.html.markdown
@@ -48,7 +48,7 @@ resource "aws_spot_instance_request" "cheap_worker" {
 Spot Instance Requests support all the same arguments as
 [`aws_instance`](instance.html), with the addition of:
 
-* `spot_price` - (Required) The price to request on the spot market.
+* `spot_price` - (Optional; Default: On-demand price) The maximum price to request on the spot market.
 * `wait_for_fulfillment` - (Optional; Default: false) If set, Terraform will
   wait for the Spot Request to be fulfilled, and will throw an error if the
   timeout of 10m is reached.

From 9075bb5a04933d1d4f0545af229a3a3ac0542ae3 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Fri, 4 May 2018 17:13:14 -0400
Subject: [PATCH 34/71] New Resource and Data Source:
 aws_acmpca_certficate_authority

---
 ...source_aws_acmpca_certificate_authority.go | 176 +++++
 ...e_aws_acmpca_certificate_authority_test.go | 109 +++
 aws/provider.go                               |   2 +
 ...source_aws_acmpca_certificate_authority.go | 736 ++++++++++++++++++
 ...e_aws_acmpca_certificate_authority_test.go | 643 +++++++++++++++
 aws/tagsACMPCA.go                             |  67 ++
 aws/tagsACMPCA_test.go                        |  77 ++
 website/aws.erb                               |  12 +
 ...acmpca_certificate_authority.html.markdown |  46 ++
 ...acmpca_certificate_authority.html.markdown | 160 ++++
 10 files changed, 2028 insertions(+)
 create mode 100644 aws/data_source_aws_acmpca_certificate_authority.go
 create mode 100644 aws/data_source_aws_acmpca_certificate_authority_test.go
 create mode 100644 aws/resource_aws_acmpca_certificate_authority.go
 create mode 100644 aws/resource_aws_acmpca_certificate_authority_test.go
 create mode 100644 aws/tagsACMPCA.go
 create mode 100644 aws/tagsACMPCA_test.go
 create mode 100644 website/docs/d/acmpca_certificate_authority.html.markdown
 create mode 100644 website/docs/r/acmpca_certificate_authority.html.markdown

diff --git a/aws/data_source_aws_acmpca_certificate_authority.go b/aws/data_source_aws_acmpca_certificate_authority.go
new file mode 100644
index 00000000000..b64902e2ef1
--- /dev/null
+++ b/aws/data_source_aws_acmpca_certificate_authority.go
@@ -0,0 +1,176 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/acmpca"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataSourceAwsAcmpcaCertificateAuthority() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsAcmpcaCertificateAuthorityRead,
+
+		Schema: map[string]*schema.Schema{
+			"arn": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"certificate": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"certificate_chain": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"certificate_signing_request": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"not_after": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"not_before": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			// https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevocationConfiguration.html
+			"revocation_configuration": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						// https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
+						"crl_configuration": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"custom_cname": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"enabled": {
+										Type:     schema.TypeBool,
+										Computed: true,
+									},
+									"expiration_in_days": {
+										Type:     schema.TypeInt,
+										Computed: true,
+									},
+									"s3_bucket_name": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			"serial": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"status": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"tags": tagsSchemaComputed(),
+			"type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceAwsAcmpcaCertificateAuthorityRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).acmpcaconn
+	certificateAuthorityArn := d.Get("arn").(string)
+
+	describeCertificateAuthorityInput := &acmpca.DescribeCertificateAuthorityInput{
+		CertificateAuthorityArn: aws.String(certificateAuthorityArn),
+	}
+
+	log.Printf("[DEBUG] Reading ACMPCA Certificate Authority: %s", describeCertificateAuthorityInput)
+
+	describeCertificateAuthorityOutput, err := conn.DescribeCertificateAuthority(describeCertificateAuthorityInput)
+	if err != nil {
+		return fmt.Errorf("error reading ACMPCA Certificate Authority: %s", err)
+	}
+
+	if describeCertificateAuthorityOutput.CertificateAuthority == nil {
+		return fmt.Errorf("error reading ACMPCA Certificate Authority: not found")
+	}
+	certificateAuthority := describeCertificateAuthorityOutput.CertificateAuthority
+
+	d.Set("arn", certificateAuthority.Arn)
+	d.Set("not_after", certificateAuthority.NotAfter)
+	d.Set("not_before", certificateAuthority.NotBefore)
+
+	if err := d.Set("revocation_configuration", flattenAcmpcaRevocationConfiguration(certificateAuthority.RevocationConfiguration)); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
+	}
+
+	d.Set("serial", certificateAuthority.Serial)
+	d.Set("status", certificateAuthority.Status)
+	d.Set("type", certificateAuthority.Type)
+
+	getCertificateAuthorityCertificateInput := &acmpca.GetCertificateAuthorityCertificateInput{
+		CertificateAuthorityArn: aws.String(certificateAuthorityArn),
+	}
+
+	log.Printf("[DEBUG] Reading ACMPCA Certificate Authority Certificate: %s", getCertificateAuthorityCertificateInput)
+
+	getCertificateAuthorityCertificateOutput, err := conn.GetCertificateAuthorityCertificate(getCertificateAuthorityCertificateInput)
+	if err != nil {
+		// Returned when in PENDING_CERTIFICATE status
+		// InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request.
+		if !isAWSErr(err, acmpca.ErrCodeInvalidStateException, "") {
+			return fmt.Errorf("error reading ACMPCA Certificate Authority Certificate: %s", err)
+		}
+	}
+
+	d.Set("certificate", "")
+	d.Set("certificate_chain", "")
+	if getCertificateAuthorityCertificateOutput != nil {
+		d.Set("certificate", getCertificateAuthorityCertificateOutput.Certificate)
+		d.Set("certificate_chain", getCertificateAuthorityCertificateOutput.CertificateChain)
+	}
+
+	getCertificateAuthorityCsrInput := &acmpca.GetCertificateAuthorityCsrInput{
+		CertificateAuthorityArn: aws.String(certificateAuthorityArn),
+	}
+
+	log.Printf("[DEBUG] Reading ACMPCA Certificate Authority Certificate Signing Request: %s", getCertificateAuthorityCsrInput)
+
+	getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsr(getCertificateAuthorityCsrInput)
+	if err != nil {
+		return fmt.Errorf("error reading ACMPCA Certificate Authority Certificate Signing Request: %s", err)
+	}
+
+	d.Set("certificate_signing_request", "")
+	if getCertificateAuthorityCsrOutput != nil {
+		d.Set("certificate_signing_request", getCertificateAuthorityCsrOutput.Csr)
+	}
+
+	tags, err := listAcmpcaTags(conn, certificateAuthorityArn)
+	if err != nil {
+		return fmt.Errorf("error reading ACMPCA Certificate Authority %q tags: %s", certificateAuthorityArn, err)
+	}
+
+	if err := d.Set("tags", tagsToMapACMPCA(tags)); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
+	}
+
+	d.SetId(certificateAuthorityArn)
+
+	return nil
+}
diff --git a/aws/data_source_aws_acmpca_certificate_authority_test.go b/aws/data_source_aws_acmpca_certificate_authority_test.go
new file mode 100644
index 00000000000..b35cf3d31dc
--- /dev/null
+++ b/aws/data_source_aws_acmpca_certificate_authority_test.go
@@ -0,0 +1,109 @@
+package aws
+
+import (
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccDataSourceAwsAcmpcaCertificateAuthority_Basic(t *testing.T) {
+	resourceName := "aws_acmpca_certificate_authority.test"
+	datasourceName := "data.aws_acmpca_certificate_authority.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccDataSourceAwsAcmpcaCertificateAuthorityConfig_NonExistent,
+				ExpectError: regexp.MustCompile(`ResourceNotFoundException`),
+			},
+			{
+				Config: testAccDataSourceAwsAcmpcaCertificateAuthorityConfig_ARN,
+				Check: resource.ComposeTestCheckFunc(
+					testAccDataSourceAwsAcmpcaCertificateAuthorityCheck(datasourceName, resourceName),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAwsAcmpcaCertificateAuthorityCheck(datasourceName, resourceName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		resource, ok := s.RootModule().Resources[datasourceName]
+		if !ok {
+			return fmt.Errorf("root module has no resource called %s", datasourceName)
+		}
+
+		dataSource, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("root module has no resource called %s", resourceName)
+		}
+
+		attrNames := []string{
+			"arn",
+			"certificate",
+			"certificate_chain",
+			"certificate_signing_request",
+			"not_after",
+			"not_before",
+			"revocation_configuration.#",
+			"revocation_configuration.0.crl_configuration.#",
+			"revocation_configuration.0.crl_configuration.0.enabled",
+			"serial",
+			"status",
+			"tags.%",
+			"type",
+		}
+
+		for _, attrName := range attrNames {
+			if resource.Primary.Attributes[attrName] != dataSource.Primary.Attributes[attrName] {
+				return fmt.Errorf(
+					"%s is %s; want %s",
+					attrName,
+					resource.Primary.Attributes[attrName],
+					dataSource.Primary.Attributes[attrName],
+				)
+			}
+		}
+
+		return nil
+	}
+}
+
+const testAccDataSourceAwsAcmpcaCertificateAuthorityConfig_ARN = `
+resource "aws_acmpca_certificate_authority" "wrong" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+}
+
+resource "aws_acmpca_certificate_authority" "test" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+}
+
+data "aws_acmpca_certificate_authority" "test" {
+  arn = "${aws_acmpca_certificate_authority.test.arn}"
+}
+`
+
+const testAccDataSourceAwsAcmpcaCertificateAuthorityConfig_NonExistent = `
+data "aws_acmpca_certificate_authority" "test" {
+  arn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/tf-acc-test-does-not-exist"
+}
+`
diff --git a/aws/provider.go b/aws/provider.go
index c093890c444..31c12dbad7e 100644
--- a/aws/provider.go
+++ b/aws/provider.go
@@ -161,6 +161,7 @@ func Provider() terraform.ResourceProvider {
 
 		DataSourcesMap: map[string]*schema.Resource{
 			"aws_acm_certificate":                  dataSourceAwsAcmCertificate(),
+			"aws_acmpca_certificate_authority":     dataSourceAwsAcmpcaCertificateAuthority(),
 			"aws_ami":                              dataSourceAwsAmi(),
 			"aws_ami_ids":                          dataSourceAwsAmiIds(),
 			"aws_api_gateway_rest_api":             dataSourceAwsApiGatewayRestApi(),
@@ -255,6 +256,7 @@ func Provider() terraform.ResourceProvider {
 		ResourcesMap: map[string]*schema.Resource{
 			"aws_acm_certificate":                          resourceAwsAcmCertificate(),
 			"aws_acm_certificate_validation":               resourceAwsAcmCertificateValidation(),
+			"aws_acmpca_certificate_authority":             resourceAwsAcmpcaCertificateAuthority(),
 			"aws_ami":                                      resourceAwsAmi(),
 			"aws_ami_copy":                                 resourceAwsAmiCopy(),
 			"aws_ami_from_instance":                        resourceAwsAmiFromInstance(),
diff --git a/aws/resource_aws_acmpca_certificate_authority.go b/aws/resource_aws_acmpca_certificate_authority.go
new file mode 100644
index 00000000000..067fe3d69d4
--- /dev/null
+++ b/aws/resource_aws_acmpca_certificate_authority.go
@@ -0,0 +1,736 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/acmpca"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
+)
+
+func resourceAwsAcmpcaCertificateAuthority() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsAcmpcaCertificateAuthorityCreate,
+		Read:   resourceAwsAcmpcaCertificateAuthorityRead,
+		Update: resourceAwsAcmpcaCertificateAuthorityUpdate,
+		Delete: resourceAwsAcmpcaCertificateAuthorityDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(1 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"certificate": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			// https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html
+			"certificate_authority_configuration": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"key_algorithm": {
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+							ValidateFunc: validation.StringInSlice([]string{
+								acmpca.KeyAlgorithmEcPrime256v1,
+								acmpca.KeyAlgorithmEcSecp384r1,
+								acmpca.KeyAlgorithmRsa2048,
+								acmpca.KeyAlgorithmRsa4096,
+							}, false),
+						},
+						"signing_algorithm": {
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+							ValidateFunc: validation.StringInSlice([]string{
+								acmpca.SigningAlgorithmSha256withecdsa,
+								acmpca.SigningAlgorithmSha256withrsa,
+								acmpca.SigningAlgorithmSha384withecdsa,
+								acmpca.SigningAlgorithmSha384withrsa,
+								acmpca.SigningAlgorithmSha512withecdsa,
+								acmpca.SigningAlgorithmSha512withrsa,
+							}, false),
+						},
+						// https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ASN1Subject.html
+						"subject": {
+							Type:     schema.TypeList,
+							Optional: true,
+							ForceNew: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"common_name": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 64),
+									},
+									"country": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 2),
+									},
+									"distinguished_name_qualifier": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 64),
+									},
+									"generation_qualifier": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 3),
+									},
+									"given_name": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 16),
+									},
+									"initials": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 5),
+									},
+									"locality": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 128),
+									},
+									"organization": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 64),
+									},
+									"organizational_unit": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 64),
+									},
+									"pseudonym": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 128),
+									},
+									"state": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 128),
+									},
+									"surname": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 40),
+									},
+									"title": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: validation.StringLenBetween(0, 64),
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			"certificate_chain": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"certificate_signing_request": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+			"not_after": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"not_before": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			// https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevocationConfiguration.html
+			"revocation_configuration": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					if old == "1" && new == "0" {
+						return true
+					}
+					return false
+				},
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						// https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
+						"crl_configuration": {
+							Type:     schema.TypeList,
+							Optional: true,
+							MaxItems: 1,
+							DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+								if old == "1" && new == "0" {
+									return true
+								}
+								return false
+							},
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"custom_cname": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: validation.StringLenBetween(0, 253),
+									},
+									"enabled": {
+										Type:     schema.TypeBool,
+										Optional: true,
+									},
+									// ValidationException: 1 validation error detected: Value null or empty at 'expirationInDays' failed to satisfy constraint: Member must not be null or empty.
+									// InvalidParameter: 1 validation error(s) found. minimum field value of 1, CreateCertificateAuthorityInput.RevocationConfiguration.CrlConfiguration.ExpirationInDays.
+									"expiration_in_days": {
+										Type:         schema.TypeInt,
+										Required:     true,
+										ValidateFunc: validation.IntBetween(1, 5000),
+									},
+									"s3_bucket_name": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: validation.StringLenBetween(0, 255),
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			"serial": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"status": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"tags": tagsSchema(),
+			"type": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  acmpca.CertificateAuthorityTypeSubordinate,
+				ValidateFunc: validation.StringInSlice([]string{
+					acmpca.CertificateAuthorityTypeSubordinate,
+				}, false),
+			},
+		},
+	}
+}
+
+func resourceAwsAcmpcaCertificateAuthorityCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).acmpcaconn
+
+	input := &acmpca.CreateCertificateAuthorityInput{
+		CertificateAuthorityConfiguration: expandAcmpcaCertificateAuthorityConfiguration(d.Get("certificate_authority_configuration").([]interface{})),
+		CertificateAuthorityType:          aws.String(d.Get("type").(string)),
+		RevocationConfiguration:           expandAcmpcaRevocationConfiguration(d.Get("revocation_configuration").([]interface{})),
+	}
+
+	log.Printf("[DEBUG] Creating ACMPCA Certificate Authority: %s", input)
+	var output *acmpca.CreateCertificateAuthorityOutput
+	err := resource.Retry(1*time.Minute, func() *resource.RetryError {
+		var err error
+		output, err = conn.CreateCertificateAuthority(input)
+		if err != nil {
+			// ValidationException: The ACM Private CA service account 'acm-pca-prod-pdx' requires getBucketAcl permissions for your S3 bucket 'tf-acc-test-5224996536060125340'. Check your S3 bucket permissions and try again.
+			if isAWSErr(err, "ValidationException", "Check your S3 bucket permissions and try again") {
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	if err != nil {
+		return fmt.Errorf("error creating ACMPCA Certificate Authority: %s", err)
+	}
+
+	d.SetId(aws.StringValue(output.CertificateAuthorityArn))
+
+	if v, ok := d.GetOk("tags"); ok {
+		input := &acmpca.TagCertificateAuthorityInput{
+			CertificateAuthorityArn: aws.String(d.Id()),
+			Tags: tagsFromMapACMPCA(v.(map[string]interface{})),
+		}
+
+		log.Printf("[DEBUG] Tagging ACMPCA Certificate Authority: %s", input)
+		_, err := conn.TagCertificateAuthority(input)
+		if err != nil {
+			return fmt.Errorf("error tagging ACMPCA Certificate Authority %q: %s", d.Id(), input)
+		}
+	}
+
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{
+			"",
+			acmpca.CertificateAuthorityStatusCreating,
+		},
+		Target: []string{
+			acmpca.CertificateAuthorityStatusActive,
+			acmpca.CertificateAuthorityStatusPendingCertificate,
+		},
+		Refresh: acmpcaCertificateAuthorityRefreshFunc(conn, d.Id()),
+		Timeout: d.Timeout(schema.TimeoutCreate),
+	}
+
+	_, err = stateConf.WaitForState()
+	if err != nil {
+		return fmt.Errorf("error waiting for ACMPCA Certificate Authority %q to be active or pending certificate: %s", d.Id(), err)
+	}
+
+	return resourceAwsAcmpcaCertificateAuthorityRead(d, meta)
+}
+
+func resourceAwsAcmpcaCertificateAuthorityRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).acmpcaconn
+
+	describeCertificateAuthorityInput := &acmpca.DescribeCertificateAuthorityInput{
+		CertificateAuthorityArn: aws.String(d.Id()),
+	}
+
+	log.Printf("[DEBUG] Reading ACMPCA Certificate Authority: %s", describeCertificateAuthorityInput)
+
+	describeCertificateAuthorityOutput, err := conn.DescribeCertificateAuthority(describeCertificateAuthorityInput)
+	if err != nil {
+		if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
+			log.Printf("[WARN] ACMPCA Certificate Authority %q not found - removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("error reading ACMPCA Certificate Authority: %s", err)
+	}
+
+	if describeCertificateAuthorityOutput.CertificateAuthority == nil {
+		log.Printf("[WARN] ACMPCA Certificate Authority %q not found - removing from state", d.Id())
+		d.SetId("")
+		return nil
+	}
+	certificateAuthority := describeCertificateAuthorityOutput.CertificateAuthority
+
+	d.Set("arn", certificateAuthority.Arn)
+
+	if err := d.Set("certificate_authority_configuration", flattenAcmpcaCertificateAuthorityConfiguration(certificateAuthority.CertificateAuthorityConfiguration)); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
+	}
+
+	d.Set("enabled", (aws.StringValue(certificateAuthority.Status) != acmpca.CertificateAuthorityStatusDisabled))
+	d.Set("not_after", certificateAuthority.NotAfter)
+	d.Set("not_before", certificateAuthority.NotBefore)
+
+	if err := d.Set("revocation_configuration", flattenAcmpcaRevocationConfiguration(certificateAuthority.RevocationConfiguration)); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
+	}
+
+	d.Set("serial", certificateAuthority.Serial)
+	d.Set("status", certificateAuthority.Status)
+	d.Set("type", certificateAuthority.Type)
+
+	getCertificateAuthorityCertificateInput := &acmpca.GetCertificateAuthorityCertificateInput{
+		CertificateAuthorityArn: aws.String(d.Id()),
+	}
+
+	log.Printf("[DEBUG] Reading ACMPCA Certificate Authority Certificate: %s", getCertificateAuthorityCertificateInput)
+
+	getCertificateAuthorityCertificateOutput, err := conn.GetCertificateAuthorityCertificate(getCertificateAuthorityCertificateInput)
+	if err != nil {
+		if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
+			log.Printf("[WARN] ACMPCA Certificate Authority %q not found - removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+		// Returned when in PENDING_CERTIFICATE status
+		// InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request.
+		if !isAWSErr(err, acmpca.ErrCodeInvalidStateException, "") {
+			return fmt.Errorf("error reading ACMPCA Certificate Authority Certificate: %s", err)
+		}
+	}
+
+	d.Set("certificate", "")
+	d.Set("certificate_chain", "")
+	if getCertificateAuthorityCertificateOutput != nil {
+		d.Set("certificate", getCertificateAuthorityCertificateOutput.Certificate)
+		d.Set("certificate_chain", getCertificateAuthorityCertificateOutput.CertificateChain)
+	}
+
+	getCertificateAuthorityCsrInput := &acmpca.GetCertificateAuthorityCsrInput{
+		CertificateAuthorityArn: aws.String(d.Id()),
+	}
+
+	log.Printf("[DEBUG] Reading ACMPCA Certificate Authority Certificate Signing Request: %s", getCertificateAuthorityCsrInput)
+
+	getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsr(getCertificateAuthorityCsrInput)
+	if err != nil {
+		if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
+			log.Printf("[WARN] ACMPCA Certificate Authority %q not found - removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("error reading ACMPCA Certificate Authority Certificate Signing Request: %s", err)
+	}
+
+	d.Set("certificate_signing_request", "")
+	if getCertificateAuthorityCsrOutput != nil {
+		d.Set("certificate_signing_request", getCertificateAuthorityCsrOutput.Csr)
+	}
+
+	tags, err := listAcmpcaTags(conn, d.Id())
+	if err != nil {
+		return fmt.Errorf("error reading ACMPCA Certificate Authority %q tags: %s", d.Id(), err)
+	}
+
+	if err := d.Set("tags", tagsToMapACMPCA(tags)); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
+	}
+
+	return nil
+}
+
+func resourceAwsAcmpcaCertificateAuthorityUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).acmpcaconn
+	updateCertificateAuthority := false
+
+	input := &acmpca.UpdateCertificateAuthorityInput{
+		CertificateAuthorityArn: aws.String(d.Id()),
+	}
+
+	if d.HasChange("enabled") {
+		input.Status = aws.String(acmpca.CertificateAuthorityStatusActive)
+		if !d.Get("enabled").(bool) {
+			input.Status = aws.String(acmpca.CertificateAuthorityStatusDisabled)
+		}
+		updateCertificateAuthority = true
+	}
+
+	if d.HasChange("revocation_configuration") {
+		input.RevocationConfiguration = expandAcmpcaRevocationConfiguration(d.Get("revocation_configuration").([]interface{}))
+		updateCertificateAuthority = true
+	}
+
+	if updateCertificateAuthority {
+		log.Printf("[DEBUG] Updating ACMPCA Certificate Authority: %s", input)
+		_, err := conn.UpdateCertificateAuthority(input)
+		if err != nil {
+			return fmt.Errorf("error updating ACMPCA Certificate Authority: %s", err)
+		}
+	}
+
+	if d.HasChange("tags") {
+		oraw, nraw := d.GetChange("tags")
+		o := oraw.(map[string]interface{})
+		n := nraw.(map[string]interface{})
+		create, remove := diffTagsACMPCA(tagsFromMapACMPCA(o), tagsFromMapACMPCA(n))
+
+		if len(remove) > 0 {
+			log.Printf("[DEBUG] Removing ACMPCA Certificate Authority %q tags: %#v", d.Id(), remove)
+			_, err := conn.UntagCertificateAuthority(&acmpca.UntagCertificateAuthorityInput{
+				CertificateAuthorityArn: aws.String(d.Id()),
+				Tags: remove,
+			})
+			if err != nil {
+				return fmt.Errorf("error updating ACMPCA Certificate Authority %q tags: %s", d.Id(), err)
+			}
+		}
+		if len(create) > 0 {
+			log.Printf("[DEBUG] Creating ACMPCA Certificate Authority %q tags: %#v", d.Id(), create)
+			_, err := conn.TagCertificateAuthority(&acmpca.TagCertificateAuthorityInput{
+				CertificateAuthorityArn: aws.String(d.Id()),
+				Tags: create,
+			})
+			if err != nil {
+				return fmt.Errorf("error updating ACMPCA Certificate Authority %q tags: %s", d.Id(), err)
+			}
+		}
+	}
+
+	return resourceAwsAcmpcaCertificateAuthorityRead(d, meta)
+}
+
+func resourceAwsAcmpcaCertificateAuthorityDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).acmpcaconn
+
+	input := &acmpca.DeleteCertificateAuthorityInput{
+		CertificateAuthorityArn: aws.String(d.Id()),
+	}
+
+	log.Printf("[DEBUG] Deleting ACMPCA Certificate Authority: %s", input)
+	_, err := conn.DeleteCertificateAuthority(input)
+	if err != nil {
+		if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
+			return nil
+		}
+		return fmt.Errorf("error deleting ACMPCA Certificate Authority: %s", err)
+	}
+
+	return nil
+}
+
+func acmpcaCertificateAuthorityRefreshFunc(conn *acmpca.ACMPCA, certificateAuthorityArn string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		input := &acmpca.DescribeCertificateAuthorityInput{
+			CertificateAuthorityArn: aws.String(certificateAuthorityArn),
+		}
+
+		log.Printf("[DEBUG] Reading ACMPCA Certificate Authority: %s", input)
+		output, err := conn.DescribeCertificateAuthority(input)
+		if err != nil {
+			if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
+				return nil, "", nil
+			}
+			return nil, "", err
+		}
+
+		if output == nil || output.CertificateAuthority == nil {
+			return nil, "", nil
+		}
+
+		return output.CertificateAuthority, aws.StringValue(output.CertificateAuthority.Status), nil
+	}
+}
+
+func expandAcmpcaASN1Subject(l []interface{}) *acmpca.ASN1Subject {
+	if len(l) == 0 {
+		return nil
+	}
+
+	m := l[0].(map[string]interface{})
+
+	subject := &acmpca.ASN1Subject{}
+	if v, ok := m["common_name"]; ok && v.(string) != "" {
+		subject.CommonName = aws.String(v.(string))
+	}
+	if v, ok := m["country"]; ok && v.(string) != "" {
+		subject.Country = aws.String(v.(string))
+	}
+	if v, ok := m["distinguished_name_qualifier"]; ok && v.(string) != "" {
+		subject.DistinguishedNameQualifier = aws.String(v.(string))
+	}
+	if v, ok := m["generation_qualifier"]; ok && v.(string) != "" {
+		subject.GenerationQualifier = aws.String(v.(string))
+	}
+	if v, ok := m["given_name"]; ok && v.(string) != "" {
+		subject.GivenName = aws.String(v.(string))
+	}
+	if v, ok := m["initials"]; ok && v.(string) != "" {
+		subject.Initials = aws.String(v.(string))
+	}
+	if v, ok := m["locality"]; ok && v.(string) != "" {
+		subject.Locality = aws.String(v.(string))
+	}
+	if v, ok := m["organization"]; ok && v.(string) != "" {
+		subject.Organization = aws.String(v.(string))
+	}
+	if v, ok := m["organizational_unit"]; ok && v.(string) != "" {
+		subject.OrganizationalUnit = aws.String(v.(string))
+	}
+	if v, ok := m["pseudonym"]; ok && v.(string) != "" {
+		subject.Pseudonym = aws.String(v.(string))
+	}
+	if v, ok := m["state"]; ok && v.(string) != "" {
+		subject.State = aws.String(v.(string))
+	}
+	if v, ok := m["surname"]; ok && v.(string) != "" {
+		subject.Surname = aws.String(v.(string))
+	}
+	if v, ok := m["title"]; ok && v.(string) != "" {
+		subject.Title = aws.String(v.(string))
+	}
+
+	return subject
+}
+
+func expandAcmpcaCertificateAuthorityConfiguration(l []interface{}) *acmpca.CertificateAuthorityConfiguration {
+	if len(l) == 0 {
+		return nil
+	}
+
+	m := l[0].(map[string]interface{})
+
+	config := &acmpca.CertificateAuthorityConfiguration{
+		KeyAlgorithm:     aws.String(m["key_algorithm"].(string)),
+		SigningAlgorithm: aws.String(m["signing_algorithm"].(string)),
+		Subject:          expandAcmpcaASN1Subject(m["subject"].([]interface{})),
+	}
+
+	return config
+}
+
+func expandAcmpcaCrlConfiguration(l []interface{}) *acmpca.CrlConfiguration {
+	if len(l) == 0 {
+		return nil
+	}
+
+	m := l[0].(map[string]interface{})
+
+	config := &acmpca.CrlConfiguration{
+		Enabled: aws.Bool(m["enabled"].(bool)),
+	}
+
+	if v, ok := m["custom_cname"]; ok && v.(string) != "" {
+		config.CustomCname = aws.String(v.(string))
+	}
+	if v, ok := m["expiration_in_days"]; ok && v.(int) > 0 {
+		config.ExpirationInDays = aws.Int64(int64(v.(int)))
+	}
+	if v, ok := m["s3_bucket_name"]; ok && v.(string) != "" {
+		config.S3BucketName = aws.String(v.(string))
+	}
+
+	return config
+}
+
+func expandAcmpcaRevocationConfiguration(l []interface{}) *acmpca.RevocationConfiguration {
+	if len(l) == 0 {
+		return nil
+	}
+
+	m := l[0].(map[string]interface{})
+
+	config := &acmpca.RevocationConfiguration{
+		CrlConfiguration: expandAcmpcaCrlConfiguration(m["crl_configuration"].([]interface{})),
+	}
+
+	return config
+}
+
+func flattenAcmpcaASN1Subject(subject *acmpca.ASN1Subject) []interface{} {
+	if subject == nil {
+		return []interface{}{}
+	}
+
+	m := map[string]interface{}{
+		"common_name":                  aws.StringValue(subject.CommonName),
+		"country":                      aws.StringValue(subject.Country),
+		"distinguished_name_qualifier": aws.StringValue(subject.DistinguishedNameQualifier),
+		"generation_qualifier":         aws.StringValue(subject.GenerationQualifier),
+		"given_name":                   aws.StringValue(subject.GivenName),
+		"initials":                     aws.StringValue(subject.Initials),
+		"locality":                     aws.StringValue(subject.Locality),
+		"organization":                 aws.StringValue(subject.Organization),
+		"organizational_unit":          aws.StringValue(subject.OrganizationalUnit),
+		"pseudonym":                    aws.StringValue(subject.Pseudonym),
+		"state":                        aws.StringValue(subject.State),
+		"surname":                      aws.StringValue(subject.Surname),
+		"title":                        aws.StringValue(subject.Title),
+	}
+
+	return []interface{}{m}
+}
+
+func flattenAcmpcaCertificateAuthorityConfiguration(config *acmpca.CertificateAuthorityConfiguration) []interface{} {
+	if config == nil {
+		return []interface{}{}
+	}
+
+	m := map[string]interface{}{
+		"key_algorithm":     aws.StringValue(config.KeyAlgorithm),
+		"signing_algorithm": aws.StringValue(config.SigningAlgorithm),
+		"subject":           flattenAcmpcaASN1Subject(config.Subject),
+	}
+
+	return []interface{}{m}
+}
+
+func flattenAcmpcaCrlConfiguration(config *acmpca.CrlConfiguration) []interface{} {
+	if config == nil {
+		return []interface{}{}
+	}
+
+	m := map[string]interface{}{
+		"custom_cname":       aws.StringValue(config.CustomCname),
+		"enabled":            aws.BoolValue(config.Enabled),
+		"expiration_in_days": int(aws.Int64Value(config.ExpirationInDays)),
+		"s3_bucket_name":     aws.StringValue(config.S3BucketName),
+	}
+
+	return []interface{}{m}
+}
+
+func flattenAcmpcaRevocationConfiguration(config *acmpca.RevocationConfiguration) []interface{} {
+	if config == nil {
+		return []interface{}{}
+	}
+
+	m := map[string]interface{}{
+		"crl_configuration": flattenAcmpcaCrlConfiguration(config.CrlConfiguration),
+	}
+
+	return []interface{}{m}
+}
+
+func listAcmpcaCertificateAuthorities(conn *acmpca.ACMPCA) ([]*acmpca.CertificateAuthority, error) {
+	certificateAuthorities := []*acmpca.CertificateAuthority{}
+	input := &acmpca.ListCertificateAuthoritiesInput{}
+
+	for {
+		output, err := conn.ListCertificateAuthorities(input)
+		if err != nil {
+			return certificateAuthorities, err
+		}
+		for _, certificateAuthority := range output.CertificateAuthorities {
+			certificateAuthorities = append(certificateAuthorities, certificateAuthority)
+		}
+		if output.NextToken == nil {
+			break
+		}
+		input.NextToken = output.NextToken
+	}
+
+	return certificateAuthorities, nil
+}
+
+func listAcmpcaTags(conn *acmpca.ACMPCA, certificateAuthorityArn string) ([]*acmpca.Tag, error) {
+	tags := []*acmpca.Tag{}
+	input := &acmpca.ListTagsInput{
+		CertificateAuthorityArn: aws.String(certificateAuthorityArn),
+	}
+
+	for {
+		output, err := conn.ListTags(input)
+		if err != nil {
+			return tags, err
+		}
+		for _, tag := range output.Tags {
+			tags = append(tags, tag)
+		}
+		if output.NextToken == nil {
+			break
+		}
+		input.NextToken = output.NextToken
+	}
+
+	return tags, nil
+}
diff --git a/aws/resource_aws_acmpca_certificate_authority_test.go b/aws/resource_aws_acmpca_certificate_authority_test.go
new file mode 100644
index 00000000000..ccee6ae9eab
--- /dev/null
+++ b/aws/resource_aws_acmpca_certificate_authority_test.go
@@ -0,0 +1,643 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/acmpca"
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func init() {
+	resource.AddTestSweepers("aws_acmpca_certificate_authority", &resource.Sweeper{
+		Name: "aws_acmpca_certificate_authority",
+		F:    testSweepAcmpcaCertificateAuthorities,
+	})
+}
+
+func testSweepAcmpcaCertificateAuthorities(region string) error {
+	client, err := sharedClientForRegion(region)
+	if err != nil {
+		return fmt.Errorf("error getting client: %s", err)
+	}
+	conn := client.(*AWSClient).acmpcaconn
+
+	certificateAuthorities, err := listAcmpcaCertificateAuthorities(conn)
+	if err != nil {
+		return fmt.Errorf("Error retrieving ACMPCA Certificate Authorities: %s", err)
+	}
+	if len(certificateAuthorities) == 0 {
+		log.Print("[DEBUG] No ACMPCA Certificate Authorities to sweep")
+		return nil
+	}
+
+	for _, certificateAuthority := range certificateAuthorities {
+		arn := aws.StringValue(certificateAuthority.Arn)
+		log.Printf("[INFO] Deleting ACMPCA Certificate Authority: %s", arn)
+		input := &acmpca.DeleteCertificateAuthorityInput{
+			CertificateAuthorityArn: aws.String(arn),
+		}
+
+		_, err := conn.DeleteCertificateAuthority(input)
+		if err != nil {
+			if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
+				continue
+			}
+			log.Printf("[ERROR] Failed to delete ACMPCA Certificate Authority (%s): %s", arn, err)
+		}
+	}
+
+	return nil
+}
+
+func TestAccAwsAcmpcaCertificateAuthority_Basic(t *testing.T) {
+	var certificateAuthority acmpca.CertificateAuthority
+	resourceName := "aws_acmpca_certificate_authority.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsAcmpcaCertificateAuthorityDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Required,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestMatchResourceAttr(resourceName, "arn", regexp.MustCompile(`^arn:[^:]+:acm-pca:[^:]+:[^:]+:certificate-authority/.+$`)),
+					resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.0.key_algorithm", "RSA_4096"),
+					resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.0.signing_algorithm", "SHA512WITHRSA"),
+					resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.0.subject.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.0.subject.0.common_name", "terraformtesting.com"),
+					resource.TestCheckResourceAttr(resourceName, "certificate", ""),
+					resource.TestCheckResourceAttr(resourceName, "certificate_chain", ""),
+					resource.TestCheckResourceAttrSet(resourceName, "certificate_signing_request"),
+					resource.TestCheckResourceAttr(resourceName, "enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "not_after", ""),
+					resource.TestCheckResourceAttr(resourceName, "not_before", ""),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "false"),
+					resource.TestCheckResourceAttr(resourceName, "serial", ""),
+					resource.TestCheckResourceAttr(resourceName, "status", "PENDING_CERTIFICATE"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
+					resource.TestCheckResourceAttr(resourceName, "type", "SUBORDINATE"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAwsAcmpcaCertificateAuthority_Enabled(t *testing.T) {
+	var certificateAuthority acmpca.CertificateAuthority
+	resourceName := "aws_acmpca_certificate_authority.test"
+
+	// error updating ACMPCA Certificate Authority: InvalidStateException: The certificate authority must be in the Active or DISABLED state to be updated
+	t.Skip("We need to fully sign the certificate authority CSR from another CA in order to test this functionality, which requires another resource")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsAcmpcaCertificateAuthorityDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Enabled(true),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "status", "PENDING_CERTIFICATE"),
+				),
+			},
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Enabled(false),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "enabled", "false"),
+					resource.TestCheckResourceAttr(resourceName, "status", "DISABLED"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname(t *testing.T) {
+	var certificateAuthority acmpca.CertificateAuthority
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_acmpca_certificate_authority.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsAcmpcaCertificateAuthorityDestroy,
+		Steps: []resource.TestStep{
+			// Test creating revocation configuration on resource creation
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_CustomCname(rName, "crl.terraformtesting.com"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", "crl.terraformtesting.com"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name", rName),
+				),
+			},
+			// Test importing revocation configuration
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// Test updating revocation configuration
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_CustomCname(rName, "crl2.terraformtesting.com"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", "crl2.terraformtesting.com"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name", rName),
+				),
+			},
+			// Test removing custom cname on resource update
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_Enabled(rName, true),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", ""),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name", rName),
+				),
+			},
+			// Test adding custom cname on resource update
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_CustomCname(rName, "crl.terraformtesting.com"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", "crl.terraformtesting.com"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name", rName),
+				),
+			},
+			// Test removing revocation configuration on resource update
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Required,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "false"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled(t *testing.T) {
+	var certificateAuthority acmpca.CertificateAuthority
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_acmpca_certificate_authority.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsAcmpcaCertificateAuthorityDestroy,
+		Steps: []resource.TestStep{
+			// Test creating revocation configuration on resource creation
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_Enabled(rName, true),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", ""),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name", rName),
+				),
+			},
+			// Test importing revocation configuration
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// Test disabling revocation configuration
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_Enabled(rName, false),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "false"),
+				),
+			},
+			// Test enabling revocation configuration
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_Enabled(rName, true),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", ""),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name", rName),
+				),
+			},
+			// Test removing revocation configuration on resource update
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Required,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "false"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays(t *testing.T) {
+	var certificateAuthority acmpca.CertificateAuthority
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_acmpca_certificate_authority.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsAcmpcaCertificateAuthorityDestroy,
+		Steps: []resource.TestStep{
+			// Test creating revocation configuration on resource creation
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_ExpirationInDays(rName, 1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", ""),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name", rName),
+				),
+			},
+			// Test importing revocation configuration
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// Test updating revocation configuration
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_ExpirationInDays(rName, 2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days", "2"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name", rName),
+				),
+			},
+			// Test removing revocation configuration on resource update
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Required,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "false"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAwsAcmpcaCertificateAuthority_Tags(t *testing.T) {
+	var certificateAuthority acmpca.CertificateAuthority
+	resourceName := "aws_acmpca_certificate_authority.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsAcmpcaCertificateAuthorityDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Tags_Single,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
+					resource.TestCheckResourceAttr(resourceName, "tags.tag1", "tag1value"),
+				),
+			},
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Tags_SingleUpdated,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
+					resource.TestCheckResourceAttr(resourceName, "tags.tag1", "tag1value-updated"),
+				),
+			},
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Tags_Multiple,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "2"),
+					resource.TestCheckResourceAttr(resourceName, "tags.tag1", "tag1value"),
+					resource.TestCheckResourceAttr(resourceName, "tags.tag2", "tag2value"),
+				),
+			},
+			{
+				Config: testAccAwsAcmpcaCertificateAuthorityConfig_Tags_Single,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
+					resource.TestCheckResourceAttr(resourceName, "tags.tag1", "tag1value"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccCheckAwsAcmpcaCertificateAuthorityDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).acmpcaconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_acmpca_certificate_authority" {
+			continue
+		}
+
+		input := &acmpca.DescribeCertificateAuthorityInput{
+			CertificateAuthorityArn: aws.String(rs.Primary.ID),
+		}
+
+		output, err := conn.DescribeCertificateAuthority(input)
+
+		if err != nil {
+			if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
+				return nil
+			}
+			return err
+		}
+
+		if output != nil {
+			return fmt.Errorf("ACMPCA Certificate Authority %q still exists", rs.Primary.ID)
+		}
+	}
+
+	return nil
+
+}
+
+func testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName string, certificateAuthority *acmpca.CertificateAuthority) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceName)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).acmpcaconn
+		input := &acmpca.DescribeCertificateAuthorityInput{
+			CertificateAuthorityArn: aws.String(rs.Primary.ID),
+		}
+
+		output, err := conn.DescribeCertificateAuthority(input)
+
+		if err != nil {
+			return err
+		}
+
+		if output == nil || output.CertificateAuthority == nil {
+			return fmt.Errorf("ACMPCA Certificate Authority %q does not exist", rs.Primary.ID)
+		}
+
+		*certificateAuthority = *output.CertificateAuthority
+
+		return nil
+	}
+}
+
+func testAccAwsAcmpcaCertificateAuthorityConfig_Enabled(enabled bool) string {
+	return fmt.Sprintf(`
+resource "aws_acmpca_certificate_authority" "test" {
+  enabled = %t
+
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+}
+`, enabled)
+}
+
+const testAccAwsAcmpcaCertificateAuthorityConfig_Required = `
+resource "aws_acmpca_certificate_authority" "test" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+}
+`
+
+func testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_CustomCname(rName, customCname string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "aws_acmpca_certificate_authority" "test" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+
+  revocation_configuration {
+    crl_configuration {
+      custom_cname       = "%s"
+      enabled            = true
+      expiration_in_days = 1
+      s3_bucket_name     = "${aws_s3_bucket.test.id}"
+    }
+  }
+
+  depends_on = ["aws_s3_bucket_policy.test"]
+}
+`, testAccAwsAcmpcaCertificateAuthorityConfig_S3Bucket(rName), customCname)
+}
+
+func testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_Enabled(rName string, enabled bool) string {
+	return fmt.Sprintf(`
+%s
+
+resource "aws_acmpca_certificate_authority" "test" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+
+  revocation_configuration {
+    crl_configuration {
+      enabled            = %t
+      expiration_in_days = 1
+      s3_bucket_name     = "${aws_s3_bucket.test.id}"
+    }
+  }
+}
+`, testAccAwsAcmpcaCertificateAuthorityConfig_S3Bucket(rName), enabled)
+}
+
+func testAccAwsAcmpcaCertificateAuthorityConfig_RevocationConfiguration_CrlConfiguration_ExpirationInDays(rName string, expirationInDays int) string {
+	return fmt.Sprintf(`
+%s
+
+resource "aws_acmpca_certificate_authority" "test" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+
+  revocation_configuration {
+    crl_configuration {
+      enabled            = true
+      expiration_in_days = %d
+      s3_bucket_name     = "${aws_s3_bucket.test.id}"
+    }
+  }
+}
+`, testAccAwsAcmpcaCertificateAuthorityConfig_S3Bucket(rName), expirationInDays)
+}
+
+func testAccAwsAcmpcaCertificateAuthorityConfig_S3Bucket(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_s3_bucket" "test" {
+  bucket        = "%s"
+  force_destroy = true
+}
+
+data "aws_iam_policy_document" "acmpca_bucket_access" {
+  statement {
+    actions = [
+      "s3:GetBucketAcl",
+      "s3:GetBucketLocation",
+      "s3:PutObject",
+      "s3:PutObjectAcl",
+    ]
+
+    resources = [
+      "${aws_s3_bucket.test.arn}",
+      "${aws_s3_bucket.test.arn}/*",
+    ]
+
+    principals {
+      identifiers = ["acm-pca.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "test" {
+  bucket = "${aws_s3_bucket.test.id}"
+  policy = "${data.aws_iam_policy_document.acmpca_bucket_access.json}"
+}
+`, rName)
+}
+
+const testAccAwsAcmpcaCertificateAuthorityConfig_Tags_Single = `
+resource "aws_acmpca_certificate_authority" "test" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+
+  tags = {
+    tag1 = "tag1value"
+  }
+}
+`
+
+const testAccAwsAcmpcaCertificateAuthorityConfig_Tags_SingleUpdated = `
+resource "aws_acmpca_certificate_authority" "test" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+
+  tags = {
+    tag1 = "tag1value-updated"
+  }
+}
+`
+
+const testAccAwsAcmpcaCertificateAuthorityConfig_Tags_Multiple = `
+resource "aws_acmpca_certificate_authority" "test" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "terraformtesting.com"
+    }
+  }
+
+  tags = {
+    tag1 = "tag1value"
+    tag2 = "tag2value"
+  }
+}
+`
diff --git a/aws/tagsACMPCA.go b/aws/tagsACMPCA.go
new file mode 100644
index 00000000000..3b72390ff6a
--- /dev/null
+++ b/aws/tagsACMPCA.go
@@ -0,0 +1,67 @@
+package aws
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/acmpca"
+)
+
+// diffTags takes our tags locally and the ones remotely and returns
+// the set of tags that must be created, and the set of tags that must
+// be destroyed.
+func diffTagsACMPCA(oldTags, newTags []*acmpca.Tag) ([]*acmpca.Tag, []*acmpca.Tag) {
+	// First, we're creating everything we have
+	create := make(map[string]interface{})
+	for _, t := range newTags {
+		create[aws.StringValue(t.Key)] = aws.StringValue(t.Value)
+	}
+
+	// Build the list of what to remove
+	var remove []*acmpca.Tag
+	for _, t := range oldTags {
+		old, ok := create[aws.StringValue(t.Key)]
+		if !ok || old != aws.StringValue(t.Value) {
+			// Delete it!
+			remove = append(remove, t)
+		}
+	}
+
+	return tagsFromMapACMPCA(create), remove
+}
+
+func tagsFromMapACMPCA(m map[string]interface{}) []*acmpca.Tag {
+	result := []*acmpca.Tag{}
+	for k, v := range m {
+		result = append(result, &acmpca.Tag{
+			Key:   aws.String(k),
+			Value: aws.String(v.(string)),
+		})
+	}
+
+	return result
+}
+
+func tagsToMapACMPCA(ts []*acmpca.Tag) map[string]string {
+	result := map[string]string{}
+	for _, t := range ts {
+		result[aws.StringValue(t.Key)] = aws.StringValue(t.Value)
+	}
+
+	return result
+}
+
+// compare a tag against a list of strings and checks if it should
+// be ignored or not
+func tagIgnoredACMPCA(t *acmpca.Tag) bool {
+	filter := []string{"^aws:"}
+	for _, v := range filter {
+		log.Printf("[DEBUG] Matching %v with %v\n", v, aws.StringValue(t.Key))
+		if r, _ := regexp.MatchString(v, aws.StringValue(t.Key)); r == true {
+			log.Printf("[DEBUG] Found AWS specific tag %s (val: %s), ignoring.\n", aws.StringValue(t.Key), aws.StringValue(t.Value))
+			return true
+		}
+	}
+	return false
+}
diff --git a/aws/tagsACMPCA_test.go b/aws/tagsACMPCA_test.go
new file mode 100644
index 00000000000..60daf35457a
--- /dev/null
+++ b/aws/tagsACMPCA_test.go
@@ -0,0 +1,77 @@
+package aws
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/acmpca"
+)
+
+func TestDiffTagsACMPCA(t *testing.T) {
+	cases := []struct {
+		Old, New       map[string]interface{}
+		Create, Remove map[string]string
+	}{
+		// Basic add/remove
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"bar": "baz",
+			},
+			Create: map[string]string{
+				"bar": "baz",
+			},
+			Remove: map[string]string{
+				"foo": "bar",
+			},
+		},
+
+		// Modify
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"foo": "baz",
+			},
+			Create: map[string]string{
+				"foo": "baz",
+			},
+			Remove: map[string]string{
+				"foo": "bar",
+			},
+		},
+	}
+
+	for i, tc := range cases {
+		c, r := diffTagsACMPCA(tagsFromMapACMPCA(tc.Old), tagsFromMapACMPCA(tc.New))
+		cm := tagsToMapACMPCA(c)
+		rm := tagsToMapACMPCA(r)
+		if !reflect.DeepEqual(cm, tc.Create) {
+			t.Fatalf("%d: bad create: %#v", i, cm)
+		}
+		if !reflect.DeepEqual(rm, tc.Remove) {
+			t.Fatalf("%d: bad remove: %#v", i, rm)
+		}
+	}
+}
+
+func TestIgnoringTagsACMPCA(t *testing.T) {
+	var ignoredTags []*acmpca.Tag
+	ignoredTags = append(ignoredTags, &acmpca.Tag{
+		Key:   aws.String("aws:cloudformation:logical-id"),
+		Value: aws.String("foo"),
+	})
+	ignoredTags = append(ignoredTags, &acmpca.Tag{
+		Key:   aws.String("aws:foo:bar"),
+		Value: aws.String("baz"),
+	})
+	for _, tag := range ignoredTags {
+		if !tagIgnoredACMPCA(tag) {
+			t.Fatalf("Tag %v with value %v not ignored, but should be!", *tag.Key, *tag.Value)
+		}
+	}
+}
diff --git a/website/aws.erb b/website/aws.erb
index 3e08ecf2ac2..80b0226de43 100644
--- a/website/aws.erb
+++ b/website/aws.erb
@@ -28,6 +28,9 @@
                         <li<%= sidebar_current("docs-aws-datasource-acm-certificate") %>>
                             <a href="/docs/providers/aws/d/acm_certificate.html">aws_acm_certificate</a>
                         </li>
+                        <li<%= sidebar_current("docs-aws-datasource-acmpca-certificate-authority") %>>
+                            <a href="/docs/providers/aws/d/acmpca_certificate_authority.html">aws_acmpca_certificate_authority</a>
+                        </li>
                         <li<%= sidebar_current("docs-aws-datasource-alb-x") %>>
                             <a href="/docs/providers/aws/d/lb.html">aws_alb</a>
                         </li>
@@ -304,6 +307,15 @@
                   </ul>
                 </li>
 
+                <li<%= sidebar_current("docs-aws-resource-acmpca") %>>
+                  <a href="#">ACM PCA Resources</a>
+                  <ul class="nav nav-visible">
+                    <li<%= sidebar_current("docs-aws-resource-acmpca-certificate-authority") %>>
+                      <a href="/docs/providers/aws/r/acmpca_certificate_authority.html">aws_acmpca_certificate_authority</a>
+                    </li>
+                  </ul>
+                </li>
+
                 <li<%= sidebar_current("docs-aws-resource-api-gateway") %>>
                     <a href="#">API Gateway Resources</a>
                     <ul class="nav nav-visible">
diff --git a/website/docs/d/acmpca_certificate_authority.html.markdown b/website/docs/d/acmpca_certificate_authority.html.markdown
new file mode 100644
index 00000000000..6656aff4e14
--- /dev/null
+++ b/website/docs/d/acmpca_certificate_authority.html.markdown
@@ -0,0 +1,46 @@
+---
+layout: "aws"
+page_title: "AWS: aws_acmpca_certificate_authority"
+sidebar_current: "docs-aws-datasource-acmpca-certificate-authority"
+description: |-
+  Get information on a AWS Certificate Manager Private Certificate Authority
+---
+
+# Data Source: aws_acmpca_certificate_authority
+
+Get information on a AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority).
+
+## Example Usage
+
+```hcl
+data "aws_acmpca_certificate_authority" "example" {
+  arn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `arn` - (Required) Amazon Resource Name (ARN) of the certificate authority.
+
+## Attribute Reference
+
+The following additional attributes are exported:
+
+* `id` - Amazon Resource Name (ARN) of the certificate authority.
+* `certificate` - Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
+* `certificate_chain` - Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
+* `certificate_signing_request` - The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
+* `not_after` - Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
+* `not_before` - Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
+* `revocation_configuration` - Nested attribute containing revocation configuration.
+  * `revocation_configuration.0.crl_configuration` - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
+    * `revocation_configuration.0.crl_configuration.0.custom_cname` - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
+    * `revocation_configuration.0.crl_configuration.0.enabled` - Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
+    * `revocation_configuration.0.crl_configuration.0.expiration_in_days` - Number of days until a certificate expires.
+    * `revocation_configuration.0.crl_configuration.0.s3_bucket_name` - Name of the S3 bucket that contains the CRL.
+* `serial` - Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
+* `status` - Status of the certificate authority.
+* `tags` - Specifies a key-value map of user-defined tags that are attached to the certificate authority.
+* `type` - The type of the certificate authority.
diff --git a/website/docs/r/acmpca_certificate_authority.html.markdown b/website/docs/r/acmpca_certificate_authority.html.markdown
new file mode 100644
index 00000000000..22a5167096e
--- /dev/null
+++ b/website/docs/r/acmpca_certificate_authority.html.markdown
@@ -0,0 +1,160 @@
+---
+layout: "aws"
+page_title: "AWS: aws_acmpca_certificate_authority"
+sidebar_current: "docs-aws-resource-acmpca-certificate-authority"
+description: |-
+  Provides a resource to manage AWS Certificate Manager Private Certificate Authorities
+---
+
+# aws_acmpca_certificate_authority
+
+Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).
+
+~> **NOTE:** Creating this resource will leave the certificate authority in a `PENDING_CERTIFICATE` status, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in the `certificate_signing_request` attribute and import the signed certificate outside of Terraform. Terraform can support another resource to manage that workflow automatically in the future.
+
+## Example Usage
+
+### Basic
+
+```hcl
+resource "aws_acmpca_certificate_authority" "example" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "example.com"
+    }
+  }
+}
+```
+
+### Enable Certificate Revocation List
+
+```hcl
+resource "aws_s3_bucket" "example" {
+  bucket = "example"
+}
+
+data "aws_iam_policy_document" "acmpca_bucket_access" {
+  statement {
+    actions = [
+      "s3:GetBucketAcl",
+      "s3:GetBucketLocation",
+      "s3:PutObject",
+      "s3:PutObjectAcl",
+    ]
+
+    resources = [
+      "${aws_s3_bucket.example.arn}",
+      "${aws_s3_bucket.example.arn}/*",
+    ]
+
+    principals {
+      identifiers = ["acm-pca.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "example" {
+  bucket = "${aws_s3_bucket.example.id}"
+  policy = "${data.aws_iam_policy_document.acmpca_bucket_access.json}"
+}
+
+resource "aws_acmpca_certificate_authority" "example" {
+  certificate_authority_configuration {
+    key_algorithm     = "RSA_4096"
+    signing_algorithm = "SHA512WITHRSA"
+
+    subject {
+      common_name = "example.com"
+    }
+  }
+
+  revocation_configuration {
+    crl_configuration {
+      custom_cname       = "crl.example.com"
+      enabled            = true
+      expiration_in_days = 7
+      s3_bucket_name     = "${aws_s3_bucket.example.name}"
+    }
+  }
+
+  depends_on = ["aws_s3_bucket_policy.example"]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `certificate_authority_configuration` - (Required) Nested argument containing algorithms and certificate subject information. Defined below.
+* `enabled` - (Optional) Whether the certificate authority is enabled or disabled. Defaults to `true`.
+* `revocation_configuration` - (Optional) Nested argument containing revocation configuration. Defined below.
+* `tags` - (Optional) Specifies a key-value map of user-defined tags that are attached to the certificate authority.
+* `type` - (Optional) The type of the certificate authority. Currently, this must be `SUBORDINATE`.
+
+### certificate_authority_configuration
+
+* `key_algorithm` - (Required) Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
+* `signing_algorithm` - (Required) Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
+* `subject` - (Required) Nested argument that contains X.500 distinguished name information
+
+#### subject
+
+Contains information about the certificate subject. Identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service.
+
+* `common_name` - (Optional) Fully qualified domain name (FQDN) associated with the certificate subject.
+* `country` - (Optional) Two digit code that specifies the country in which the certificate subject located.
+* `distinguished_name_qualifier` - (Optional) Disambiguating information for the certificate subject.
+* `generation_qualifier` - (Optional) Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
+* `given_name` - (Optional) First name.
+* `initials` - (Optional) Concatenation that typically contains the first letter of the `given_name`, the first letter of the middle name if one exists, and the first letter of the `surname`.
+* `locality` - (Optional) The locality (such as a city or town) in which the certificate subject is located.
+* `organization` - (Optional) Legal name of the organization with which the certificate subject is affiliated.
+* `organizational_unit` - (Optional) A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
+* `pseudonym` - (Optional) Typically a shortened version of a longer `given_name`. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
+* `state` - (Optional) State in which the subject of the certificate is located.
+* `surname` - (Optional) Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
+* `title` - (Optional) A title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject.
+
+### revocation_configuration
+
+* `crl_configuration` - (Optional) Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.
+
+#### crl_configuration
+
+* `custom_cname` - (Optional) Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.
+* `enabled` - (Optional) Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`.
+* `expiration_in_days` - (Required) Number of days until a certificate expires. Must be between 1 and 5000.
+* `s3_bucket_name` - (Optional) Name of the S3 bucket that contains the CRL. If you do not provide a value for the `custom_cname` argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket.
+
+## Attribute Reference
+
+The following additional attributes are exported:
+
+* `id` - Amazon Resource Name (ARN) of the certificate authority.
+* `arn` - Amazon Resource Name (ARN) of the certificate authority.
+* `certificate` - Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
+* `certificate_chain` - Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
+* `certificate_signing_request` - The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
+* `not_after` - Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
+* `not_before` - Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
+* `serial` - Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
+* `status` - Status of the certificate authority.
+
+## Timeouts
+
+`aws_acmpca_certificate_authority` provides the following [Timeouts](/docs/configuration/resources.html#timeouts)
+configuration options:
+
+* `create` - (Default `1m`) How long to wait for a certificate authority to be created.
+
+## Import
+
+`aws_acmpca_certificate_authority` can be imported by using the certificate authority Amazon Resource Name (ARN), e.g.
+
+```
+$ terraform import aws_acmpca_certificate_authority.example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012
+```

From d5e704328fc71e7cecca3027a23b21c006a52480 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Fri, 4 May 2018 22:39:00 -0400
Subject: [PATCH 35/71] provider: Lower retry threshold for DNS resolution
 failures

---
 aws/awserr.go | 16 ++++++++++++++++
 aws/config.go | 20 ++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/aws/awserr.go b/aws/awserr.go
index fb12edd6a0a..ae3cfa242e8 100644
--- a/aws/awserr.go
+++ b/aws/awserr.go
@@ -8,6 +8,10 @@ import (
 	"github.com/hashicorp/terraform/helper/resource"
 )
 
+// Returns true if the error matches all these conditions:
+//  * err is of type awserr.Error
+//  * Error.Code() matches code
+//  * Error.Message() contains message
 func isAWSErr(err error, code string, message string) bool {
 	if err, ok := err.(awserr.Error); ok {
 		return err.Code() == code && strings.Contains(err.Message(), message)
@@ -15,6 +19,18 @@ func isAWSErr(err error, code string, message string) bool {
 	return false
 }
 
+// Returns true if the error matches all these conditions:
+//  * err is of type awserr.Error
+//  * Error.Code() matches code
+//  * Error.Message() contains message
+//  * Error.OrigErr() contains origErrMessage
+func isAWSErrExtended(err error, code string, message string, origErrMessage string) bool {
+	if !isAWSErr(err, code, message) {
+		return false
+	}
+	return strings.Contains(err.(awserr.Error).OrigErr().Error(), origErrMessage)
+}
+
 func retryOnAwsCode(code string, f func() (interface{}, error)) (interface{}, error) {
 	var resp interface{}
 	err := resource.Retry(1*time.Minute, func() *resource.RetryError {
diff --git a/aws/config.go b/aws/config.go
index 604f3301f75..a0db21fb7ac 100644
--- a/aws/config.go
+++ b/aws/config.go
@@ -351,6 +351,26 @@ func (c *Config) Client() (interface{}, error) {
 		sess = sess.Copy(&aws.Config{MaxRetries: aws.Int(c.MaxRetries)})
 	}
 
+	// Generally, we want to configure a lower retry theshold for networking issues
+	// as the session retry threshold is very high by default and can mask permanent
+	// networking failures, such as a non-existent service endpoint.
+	// MaxRetries will override this logic if it has a lower retry threshold.
+	// NOTE: This logic can be fooled by other request errors raising the retry count
+	//       before any networking error occurs
+	sess.Handlers.Retry.PushBack(func(r *request.Request) {
+		// We currently depend on the DefaultRetryer exponential backoff here.
+		// ~10 retries gives a fair backoff of a few seconds.
+		if r.RetryCount < 9 {
+			return
+		}
+		// RequestError: send request failed
+		// caused by: Post https://FQDN/: dial tcp: lookup FQDN: no such host
+		if isAWSErrExtended(r.Error, "RequestError", "send request failed", "no such host") {
+			log.Printf("[WARN] Disabling retries after next request due to networking issue")
+			r.Retryable = aws.Bool(false)
+		}
+	})
+
 	// This restriction should only be used for Route53 sessions.
 	// Other resources that have restrictions should allow the API to fail, rather
 	// than Terraform abstracting the region for the user. This can lead to breaking

From 1775af40b8cc4d7bd95f34897eafe11e3819eb1f Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Sat, 5 May 2018 01:05:31 -0400
Subject: [PATCH 36/71] resource/aws_spot_fleet_request: Only configure
 SpotFleetRequestConfigData.SpotPrice when non-empty

---
 aws/resource_aws_spot_fleet_request.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/aws/resource_aws_spot_fleet_request.go b/aws/resource_aws_spot_fleet_request.go
index 6864097ee62..bd02dcf0c7e 100644
--- a/aws/resource_aws_spot_fleet_request.go
+++ b/aws/resource_aws_spot_fleet_request.go
@@ -582,7 +582,6 @@ func resourceAwsSpotFleetRequestCreate(d *schema.ResourceData, meta interface{})
 	spotFleetConfig := &ec2.SpotFleetRequestConfigData{
 		IamFleetRole:                     aws.String(d.Get("iam_fleet_role").(string)),
 		LaunchSpecifications:             launch_specs,
-		SpotPrice:                        aws.String(d.Get("spot_price").(string)),
 		TargetCapacity:                   aws.Int64(int64(d.Get("target_capacity").(int))),
 		ClientToken:                      aws.String(resource.UniqueId()),
 		TerminateInstancesWithExpiration: aws.Bool(d.Get("terminate_instances_with_expiration").(bool)),
@@ -600,6 +599,10 @@ func resourceAwsSpotFleetRequestCreate(d *schema.ResourceData, meta interface{})
 		spotFleetConfig.AllocationStrategy = aws.String("lowestPrice")
 	}
 
+	if v, ok := d.GetOk("spot_price"); ok && v.(string) != "" {
+		spotFleetConfig.SpotPrice = aws.String(v.(string))
+	}
+
 	if v, ok := d.GetOk("valid_from"); ok {
 		valid_from, err := time.Parse(awsAutoscalingScheduleTimeLayout, v.(string))
 		if err != nil {

From 260bd525bfb82364a26df3abc0cc94b4a6d644eb Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Sat, 5 May 2018 01:20:59 -0400
Subject: [PATCH 37/71] resource/aws_glue_job: Add timeout argument

---
 aws/resource_aws_glue_job.go          |  8 ++++
 aws/resource_aws_glue_job_test.go     | 53 +++++++++++++++++++++++++++
 website/docs/r/glue_job.html.markdown |  1 +
 3 files changed, 62 insertions(+)

diff --git a/aws/resource_aws_glue_job.go b/aws/resource_aws_glue_job.go
index 0c96338abdb..4c5274ebd60 100644
--- a/aws/resource_aws_glue_job.go
+++ b/aws/resource_aws_glue_job.go
@@ -90,6 +90,11 @@ func resourceAwsGlueJob() *schema.Resource {
 				Required:     true,
 				ValidateFunc: validateArn,
 			},
+			"timeout": {
+				Type:     schema.TypeInt,
+				Optional: true,
+				Default:  2880,
+			},
 		},
 	}
 }
@@ -102,6 +107,7 @@ func resourceAwsGlueJobCreate(d *schema.ResourceData, meta interface{}) error {
 		Command: expandGlueJobCommand(d.Get("command").([]interface{})),
 		Name:    aws.String(name),
 		Role:    aws.String(d.Get("role_arn").(string)),
+		Timeout: aws.Int64(int64(d.Get("timeout").(int))),
 	}
 
 	if v, ok := d.GetOk("allocated_capacity"); ok {
@@ -187,6 +193,7 @@ func resourceAwsGlueJobRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("max_retries", int(aws.Int64Value(job.MaxRetries)))
 	d.Set("name", job.Name)
 	d.Set("role_arn", job.Role)
+	d.Set("timeout", int(aws.Int64Value(job.Timeout)))
 
 	return nil
 }
@@ -197,6 +204,7 @@ func resourceAwsGlueJobUpdate(d *schema.ResourceData, meta interface{}) error {
 	jobUpdate := &glue.JobUpdate{
 		Command: expandGlueJobCommand(d.Get("command").([]interface{})),
 		Role:    aws.String(d.Get("role_arn").(string)),
+		Timeout: aws.Int64(int64(d.Get("timeout").(int))),
 	}
 
 	if v, ok := d.GetOk("allocated_capacity"); ok {
diff --git a/aws/resource_aws_glue_job_test.go b/aws/resource_aws_glue_job_test.go
index 32f93ac6025..8ca322fcd76 100644
--- a/aws/resource_aws_glue_job_test.go
+++ b/aws/resource_aws_glue_job_test.go
@@ -91,6 +91,7 @@ func TestAccAWSGlueJob_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "default_arguments.%", "0"),
 					resource.TestCheckResourceAttr(resourceName, "name", rName),
 					resource.TestMatchResourceAttr(resourceName, "role_arn", regexp.MustCompile(fmt.Sprintf("^arn:[^:]+:iam::[^:]+:role/%s", rName))),
+					resource.TestCheckResourceAttr(resourceName, "timeout", "2880"),
 				),
 			},
 			{
@@ -334,6 +335,40 @@ func TestAccAWSGlueJob_MaxRetries(t *testing.T) {
 	})
 }
 
+func TestAccAWSGlueJob_Timeout(t *testing.T) {
+	var job glue.Job
+
+	rName := fmt.Sprintf("tf-acc-test-%s", acctest.RandString(5))
+	resourceName := "aws_glue_job.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSGlueJobDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSGlueJobConfig_Timeout(rName, 1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSGlueJobExists(resourceName, &job),
+					resource.TestCheckResourceAttr(resourceName, "timeout", "1"),
+				),
+			},
+			{
+				Config: testAccAWSGlueJobConfig_Timeout(rName, 2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSGlueJobExists(resourceName, &job),
+					resource.TestCheckResourceAttr(resourceName, "timeout", "2"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckAWSGlueJobExists(resourceName string, job *glue.Job) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[resourceName]
@@ -560,3 +595,21 @@ resource "aws_glue_job" "test" {
 }
 `, testAccAWSGlueJobConfig_Base(rName), rName)
 }
+
+func testAccAWSGlueJobConfig_Timeout(rName string, timeout int) string {
+	return fmt.Sprintf(`
+%s
+
+resource "aws_glue_job" "test" {
+  name        = "%s"
+  role_arn    = "${aws_iam_role.test.arn}"
+  timeout     = %d
+
+  command {
+    script_location = "testscriptlocation"
+  }
+
+  depends_on = ["aws_iam_role_policy_attachment.test"]
+}
+`, testAccAWSGlueJobConfig_Base(rName), rName, timeout)
+}
diff --git a/website/docs/r/glue_job.html.markdown b/website/docs/r/glue_job.html.markdown
index 2d8e6efea77..d8333e36b89 100644
--- a/website/docs/r/glue_job.html.markdown
+++ b/website/docs/r/glue_job.html.markdown
@@ -55,6 +55,7 @@ The following arguments are supported:
 * `max_retries` – (Optional) The maximum number of times to retry this job if it fails.
 * `name` – (Required) The name you assign to this job. It must be unique in your account.
 * `role` – (Required) The ARN of the IAM role associated with this job.
+* `timeout` – (Optional) The job timeout in minutes. The default is 2880 minutes (48 hours).
 
 ### command Argument Reference
 

From e23ce2f400aa62a0d36ac0d16d42a112273dde06 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Sat, 5 May 2018 01:33:54 -0400
Subject: [PATCH 38/71] resource/aws_glue_job: Remove allocated_capacity and
 max_concurrent_runs upper plan time validation limits

---
 aws/resource_aws_glue_job.go          |  4 ++--
 aws/resource_aws_glue_job_test.go     | 16 ++++------------
 website/docs/r/glue_job.html.markdown |  2 +-
 3 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/aws/resource_aws_glue_job.go b/aws/resource_aws_glue_job.go
index 0c96338abdb..980e2dc33eb 100644
--- a/aws/resource_aws_glue_job.go
+++ b/aws/resource_aws_glue_job.go
@@ -25,7 +25,7 @@ func resourceAwsGlueJob() *schema.Resource {
 				Type:         schema.TypeInt,
 				Optional:     true,
 				Default:      10,
-				ValidateFunc: validation.IntBetween(2, 100),
+				ValidateFunc: validation.IntAtLeast(2),
 			},
 			"command": {
 				Type:     schema.TypeList,
@@ -69,7 +69,7 @@ func resourceAwsGlueJob() *schema.Resource {
 							Type:         schema.TypeInt,
 							Optional:     true,
 							Default:      1,
-							ValidateFunc: validation.IntBetween(1, 3),
+							ValidateFunc: validation.IntAtLeast(1),
 						},
 					},
 				},
diff --git a/aws/resource_aws_glue_job_test.go b/aws/resource_aws_glue_job_test.go
index 32f93ac6025..2f5a394a698 100644
--- a/aws/resource_aws_glue_job_test.go
+++ b/aws/resource_aws_glue_job_test.go
@@ -115,11 +115,7 @@ func TestAccAWSGlueJob_AllocatedCapacity(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config:      testAccAWSGlueJobConfig_AllocatedCapacity(rName, 1),
-				ExpectError: regexp.MustCompile(`expected allocated_capacity to be in the range`),
-			},
-			{
-				Config:      testAccAWSGlueJobConfig_AllocatedCapacity(rName, 101),
-				ExpectError: regexp.MustCompile(`expected allocated_capacity to be in the range`),
+				ExpectError: regexp.MustCompile(`expected allocated_capacity to be at least`),
 			},
 			{
 				Config: testAccAWSGlueJobConfig_AllocatedCapacity(rName, 2),
@@ -129,10 +125,10 @@ func TestAccAWSGlueJob_AllocatedCapacity(t *testing.T) {
 				),
 			},
 			{
-				Config: testAccAWSGlueJobConfig_AllocatedCapacity(rName, 100),
+				Config: testAccAWSGlueJobConfig_AllocatedCapacity(rName, 3),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSGlueJobExists(resourceName, &job),
-					resource.TestCheckResourceAttr(resourceName, "allocated_capacity", "100"),
+					resource.TestCheckResourceAttr(resourceName, "allocated_capacity", "3"),
 				),
 			},
 			{
@@ -265,11 +261,7 @@ func TestAccAWSGlueJob_ExecutionProperty(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config:      testAccAWSGlueJobConfig_ExecutionProperty(rName, 0),
-				ExpectError: regexp.MustCompile(`expected execution_property.0.max_concurrent_runs to be in the range`),
-			},
-			{
-				Config:      testAccAWSGlueJobConfig_ExecutionProperty(rName, 4),
-				ExpectError: regexp.MustCompile(`expected execution_property.0.max_concurrent_runs to be in the range`),
+				ExpectError: regexp.MustCompile(`expected execution_property.0.max_concurrent_runs to be at least`),
 			},
 			{
 				Config: testAccAWSGlueJobConfig_ExecutionProperty(rName, 1),
diff --git a/website/docs/r/glue_job.html.markdown b/website/docs/r/glue_job.html.markdown
index 2d8e6efea77..ad9cefe1845 100644
--- a/website/docs/r/glue_job.html.markdown
+++ b/website/docs/r/glue_job.html.markdown
@@ -46,7 +46,7 @@ resource "aws_glue_job" "example" {
 
 The following arguments are supported:
 
-* `allocated_capacity` – (Optional) The number of AWS Glue data processing units (DPUs) to allocate to this Job. From 2 to 100 DPUs can be allocated; the default is 10. A DPU is a relative measure of processing power that consists of 4 vCPUs of compute capacity and 16 GB of memory.
+* `allocated_capacity` – (Optional) The number of AWS Glue data processing units (DPUs) to allocate to this Job. At least 2 DPUs need to be allocated; the default is 10. A DPU is a relative measure of processing power that consists of 4 vCPUs of compute capacity and 16 GB of memory.
 * `command` – (Required) The command of the job. Defined below.
 * `connections` – (Optional) The list of connections used for this job.
 * `default_arguments` – (Optional) The map of default arguments for this job. You can specify arguments here that your own job-execution script consumes, as well as arguments that AWS Glue itself consumes. For information about how to specify and consume your own Job arguments, see the [Calling AWS Glue APIs in Python](http://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-python-calling.html) topic in the developer guide. For information about the key-value pairs that AWS Glue consumes to set up your job, see the [Special Parameters Used by AWS Glue](http://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-python-glue-arguments.html) topic in the developer guide.

From 67333b11e4a03cbfc0b798b1b359b59fd7893397 Mon Sep 17 00:00:00 2001
From: Tim Malone <tdmalone@users.noreply.github.com>
Date: Sun, 6 May 2018 17:28:01 +1000
Subject: [PATCH 39/71] Add import instructions to default VPC

Almost identical to the way non-default VPCs work, but documented here too for completeness.
---
 website/docs/r/default_vpc.html.markdown | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/website/docs/r/default_vpc.html.markdown b/website/docs/r/default_vpc.html.markdown
index f8f63de50f5..82df1dc5fc5 100644
--- a/website/docs/r/default_vpc.html.markdown
+++ b/website/docs/r/default_vpc.html.markdown
@@ -74,3 +74,11 @@ block with a /56 prefix length for the VPC was assigned
 
 
 [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html
+
+## Import
+
+Default VPCs can be imported using the `vpc id`, e.g.
+
+```
+$ terraform import aws_default_vpc.default vpc-a01106c2
+```

From fad8ec3de854b1d8cbf5389bd565ec548676a2b0 Mon Sep 17 00:00:00 2001
From: saravanan30erd <saravanan30erd@gmail.com>
Date: Sun, 6 May 2018 11:45:07 +0400
Subject: [PATCH 40/71] change custom time layout to RFC3339

---
 aws/resource_aws_spot_fleet_request.go        | 28 ++++++++++---------
 .../docs/r/spot_fleet_request.html.markdown   |  5 ++--
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/aws/resource_aws_spot_fleet_request.go b/aws/resource_aws_spot_fleet_request.go
index cadbe2d15bd..014aa8c8c20 100644
--- a/aws/resource_aws_spot_fleet_request.go
+++ b/aws/resource_aws_spot_fleet_request.go
@@ -303,14 +303,16 @@ func resourceAwsSpotFleetRequest() *schema.Resource {
 				ForceNew: true,
 			},
 			"valid_from": {
-				Type:     schema.TypeString,
-				Optional: true,
-				ForceNew: true,
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validateRFC3339TimeString,
 			},
 			"valid_until": {
-				Type:     schema.TypeString,
-				Optional: true,
-				ForceNew: true,
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validateRFC3339TimeString,
 			},
 			"spot_request_state": {
 				Type:     schema.TypeString,
@@ -601,22 +603,22 @@ func resourceAwsSpotFleetRequestCreate(d *schema.ResourceData, meta interface{})
 	}
 
 	if v, ok := d.GetOk("valid_from"); ok {
-		valid_from, err := time.Parse(awsAutoscalingScheduleTimeLayout, v.(string))
+		valid_from, err := time.Parse(time.RFC3339, v.(string))
 		if err != nil {
 			return err
 		}
-		spotFleetConfig.ValidFrom = &valid_from
+		spotFleetConfig.ValidFrom = aws.Time(valid_from)
 	}
 
 	if v, ok := d.GetOk("valid_until"); ok {
-		valid_until, err := time.Parse(awsAutoscalingScheduleTimeLayout, v.(string))
+		valid_until, err := time.Parse(time.RFC3339, v.(string))
 		if err != nil {
 			return err
 		}
-		spotFleetConfig.ValidUntil = &valid_until
+		spotFleetConfig.ValidUntil = aws.Time(valid_until)
 	} else {
 		valid_until := time.Now().Add(24 * time.Hour)
-		spotFleetConfig.ValidUntil = &valid_until
+		spotFleetConfig.ValidUntil = aws.Time(valid_until)
 	}
 
 	if v, ok := d.GetOk("load_balancers"); ok && v.(*schema.Set).Len() > 0 {
@@ -880,12 +882,12 @@ func resourceAwsSpotFleetRequestRead(d *schema.ResourceData, meta interface{}) e
 
 	if config.ValidFrom != nil {
 		d.Set("valid_from",
-			aws.TimeValue(config.ValidFrom).Format(awsAutoscalingScheduleTimeLayout))
+			aws.TimeValue(config.ValidFrom).Format(time.RFC3339))
 	}
 
 	if config.ValidUntil != nil {
 		d.Set("valid_until",
-			aws.TimeValue(config.ValidUntil).Format(awsAutoscalingScheduleTimeLayout))
+			aws.TimeValue(config.ValidUntil).Format(time.RFC3339))
 	}
 
 	d.Set("replace_unhealthy_instances", config.ReplaceUnhealthyInstances)
diff --git a/website/docs/r/spot_fleet_request.html.markdown b/website/docs/r/spot_fleet_request.html.markdown
index 2dd9ef095b4..7345370ad86 100644
--- a/website/docs/r/spot_fleet_request.html.markdown
+++ b/website/docs/r/spot_fleet_request.html.markdown
@@ -115,9 +115,8 @@ lowestPrice.
 * `instance_interruption_behavior` - (Optional) Indicates whether a Spot
   instance stops or terminates when it is interrupted. Default is
   `terminate`.
-* `valid_until` - The end date and time of the request, in UTC ISO8601 format
-  (for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance
-requests are placed or enabled to fulfill the request. Defaults to 24 hours.
+* `valid_until` - (Optional) The end date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request. Defaults to 24 hours.
+* `valid_from` - (Optional) The start date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.
 * `load_balancers` (Optional) A list of elastic load balancer names to add to the Spot fleet.
 * `target_group_arns` (Optional) A list of `aws_alb_target_group` ARNs, for use with
 Application Load Balancing.

From 86bbebe8344e614cd28fb10121de25ac4b8e81f1 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Sun, 6 May 2018 15:59:13 -0400
Subject: [PATCH 41/71] GitHub: Template updates to hide template guidance
 sentences, link to reaction documentation, and link to HashiCorp GPG key

---
 .github/ISSUE_TEMPLATE/Bug_Report.md      | 32 +++++++++++++----------
 .github/ISSUE_TEMPLATE/Feature_Request.md | 15 ++++++-----
 2 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_Report.md b/.github/ISSUE_TEMPLATE/Bug_Report.md
index 99df0e4dfa1..e320d8a9ac0 100644
--- a/.github/ISSUE_TEMPLATE/Bug_Report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_Report.md
@@ -4,6 +4,7 @@ about: If something isn't working as expected 🤔.
 
 ---
 
+<!---
 Please note the following potential times when an issue might be in Terraform core:
 
 * [Configuration Language](https://www.terraform.io/docs/configuration/index.html) or resource ordering issues
@@ -13,28 +14,27 @@ Please note the following potential times when an issue might be in Terraform co
 * Spans resources across multiple providers
 
 If you are running into one of these scenarios, we recommend opening an issue in the [Terraform core repository](https://github.com/hashicorp/terraform/) instead.
-
----
+--->
 
 <!--- Please keep this note for the community --->
 
 ### Community Note
 
-* Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
+* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
+* Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
 * If you are interested in working on this issue or have submitted a pull request, please leave a comment
 
 <!--- Thank you for keeping this note for the community --->
 
 ### Terraform Version
 
-Please run `terraform -v` to show the Terraform core version and provider version(s). If you are not running the latest version of Terraform or the provider, please upgrade because your issue may have already been fixed. [Terraform documentation on provider versioning](https://www.terraform.io/docs/configuration/providers.html#provider-versions).
+<!--- Please run `terraform -v` to show the Terraform core version and provider version(s). If you are not running the latest version of Terraform or the provider, please upgrade because your issue may have already been fixed. [Terraform documentation on provider versioning](https://www.terraform.io/docs/configuration/providers.html#provider-versions). --->
 
 ### Affected Resource(s)
 
-Please list the resources and data sources, for example:
+<!--- Please list the affected resources and data sources. --->
 
-* aws_instance
-* aws_rds_cluster
+* aws_XXXXX
 
 ### Terraform Configuration Files
 
@@ -43,41 +43,45 @@ Please list the resources and data sources, for example:
 ```hcl
 # Copy-paste your Terraform configurations here - for large Terraform configs,
 # please use a service like Dropbox and share a link to the ZIP file. For
-# security, you can also encrypt the files using our GPG public key.
+# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
 ```
 
 ### Debug Output
 
+<!---
 Please provide a link to a GitHub Gist containing the complete debug output. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
 
 To obtain the debug output, see the [Terraform documentation on debugging](https://www.terraform.io/docs/internals/debugging.html).
+--->
 
 ### Panic Output
 
-If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the `crash.log`.
+<!--- If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the `crash.log`. --->
 
 ### Expected Behavior
 
-What should have happened?
+<!--- What should have happened? --->
 
 ### Actual Behavior
 
-What actually happened?
+<!--- What actually happened? --->
 
 ### Steps to Reproduce
 
-Please list the steps required to reproduce the issue, for example:
+<!--- Please list the steps required to reproduce the issue. --->
 
 1. `terraform apply`
 
 ### Important Factoids
 
-Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic?
+<!--- Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? --->
 
 ### References
 
-<!--- Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests --->
+<!---
+Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests
 
 Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor documentation? For example:
+--->
 
 * #0000
diff --git a/.github/ISSUE_TEMPLATE/Feature_Request.md b/.github/ISSUE_TEMPLATE/Feature_Request.md
index 492acf2737d..f52c8ab0956 100644
--- a/.github/ISSUE_TEMPLATE/Feature_Request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_Request.md
@@ -8,21 +8,21 @@ about: I have a suggestion (and might want to implement myself 🙂)!
 
 ### Community Note
 
-* Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
+* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
+* Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
 * If you are interested in working on this issue or have submitted a pull request, please leave a comment
 
 <!--- Thank you for keeping this note for the community --->
 
 ### Description
 
-Please leave a helpful description of the feature request here.
+<!--- Please leave a helpful description of the feature request here. --->
 
 ### New or Affected Resource(s)
 
-Please list the resources and data sources, for example:
+<!--- Please list the new or affected resources and data sources. --->
 
-* aws_instance
-* aws_rds_cluster
+* aws_XXXXX
 
 ### Potential Terraform Configuration
 
@@ -36,9 +36,12 @@ Please list the resources and data sources, for example:
 
 ### References
 
-<!--- Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests --->
+<!---
+Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests
 
 Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor blog posts or documentation? For example:
 
 * https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-amazon-ec2-fleet/
+--->
+
 * #0000

From 4171cd077cd6b7e283c678424697c43330d387b7 Mon Sep 17 00:00:00 2001
From: Joshua Carp <jm.carp@gmail.com>
Date: Sun, 6 May 2018 20:12:01 -0400
Subject: [PATCH 42/71] Handle empty strings in s3 cors settings.

[Fixes #4258]
---
 aws/resource_aws_s3_bucket.go      |  5 ++--
 aws/resource_aws_s3_bucket_test.go | 42 ++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/aws/resource_aws_s3_bucket.go b/aws/resource_aws_s3_bucket.go
index bffcaf499d8..3562c6bf79e 100644
--- a/aws/resource_aws_s3_bucket.go
+++ b/aws/resource_aws_s3_bucket.go
@@ -1259,8 +1259,9 @@ func resourceAwsS3BucketCorsUpdate(s3conn *s3.S3, d *schema.ResourceData) error
 				} else {
 					vMap := make([]*string, len(v.([]interface{})))
 					for i, vv := range v.([]interface{}) {
-						str := vv.(string)
-						vMap[i] = aws.String(str)
+						if str, ok := vv.(string); ok {
+							vMap[i] = aws.String(str)
+						}
 					}
 					switch k {
 					case "allowed_headers":
diff --git a/aws/resource_aws_s3_bucket_test.go b/aws/resource_aws_s3_bucket_test.go
index 4b72922e75b..5eeaf8b6d43 100644
--- a/aws/resource_aws_s3_bucket_test.go
+++ b/aws/resource_aws_s3_bucket_test.go
@@ -587,6 +587,32 @@ func TestAccAWSS3Bucket_Cors(t *testing.T) {
 			},
 		},
 	})
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSS3BucketDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSS3BucketConfigWithCORSEmptyOrigin(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSS3BucketExists("aws_s3_bucket.bucket"),
+					testAccCheckAWSS3BucketCors(
+						"aws_s3_bucket.bucket",
+						[]*s3.CORSRule{
+							{
+								AllowedHeaders: []*string{aws.String("*")},
+								AllowedMethods: []*string{aws.String("PUT"), aws.String("POST")},
+								AllowedOrigins: []*string{aws.String("")},
+								ExposeHeaders:  []*string{aws.String("x-amz-server-side-encryption"), aws.String("ETag")},
+								MaxAgeSeconds:  aws.Int64(3000),
+							},
+						},
+					),
+				),
+			},
+		},
+	})
 }
 
 func TestAccAWSS3Bucket_Logging(t *testing.T) {
@@ -1664,6 +1690,22 @@ resource "aws_s3_bucket" "bucket" {
 `, randInt)
 }
 
+func testAccAWSS3BucketConfigWithCORSEmptyOrigin(randInt int) string {
+	return fmt.Sprintf(`
+resource "aws_s3_bucket" "bucket" {
+	bucket = "tf-test-bucket-%d"
+	acl = "public-read"
+	cors_rule {
+			allowed_headers = ["*"]
+			allowed_methods = ["PUT","POST"]
+			allowed_origins = [""]
+			expose_headers = ["x-amz-server-side-encryption","ETag"]
+			max_age_seconds = 3000
+	}
+}
+`, randInt)
+}
+
 var testAccAWSS3BucketConfigWithAcl = `
 resource "aws_s3_bucket" "bucket" {
 	bucket = "tf-test-bucket-%d"

From e3382568caa67457d2e44fa78210cca4ccf89ae2 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 7 May 2018 07:46:57 -0400
Subject: [PATCH 43/71] Deps: Bump aws-sdk-go@v1.13.42

---
 .../aws/aws-sdk-go/aws/endpoints/defaults.go  |    1 +
 .../github.com/aws/aws-sdk-go/aws/version.go  |    2 +-
 .../aws/aws-sdk-go/service/appsync/api.go     |  321 +++++-
 .../aws/aws-sdk-go/service/appsync/errors.go  |    3 +-
 .../aws-sdk-go/service/configservice/api.go   |   34 +-
 .../aws/aws-sdk-go/service/guardduty/api.go   | 1007 ++++++++++++++++-
 .../aws-sdk-go/service/secretsmanager/api.go  |   29 +-
 vendor/vendor.json                            |  924 +++++++--------
 8 files changed, 1811 insertions(+), 510 deletions(-)

diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index 55eff20774f..fbbfd0184a6 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -2326,6 +2326,7 @@ var awsPartition = partition{
 				"ap-northeast-2": endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index 9928c7999f6..4b7f07a3884 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.13.40"
+const SDKVersion = "1.13.42"
diff --git a/vendor/github.com/aws/aws-sdk-go/service/appsync/api.go b/vendor/github.com/aws/aws-sdk-go/service/appsync/api.go
index 5ed7f6e2a50..e75e8b141ce 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/appsync/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/appsync/api.go
@@ -87,7 +87,8 @@ func (c *AppSync) CreateApiKeyRequest(input *CreateApiKeyInput) (req *request.Re
 //   The API key exceeded a limit. Try your request again.
 //
 //   * ErrCodeApiKeyValidityOutOfBoundsException "ApiKeyValidityOutOfBoundsException"
-//   The API key expiration must be set to a value between 1 and 365 days.
+//   The API key expiration must be set to a value between 1 and 365 days from
+//   creation (for CreateApiKey) or from update (for UpdateApiKey).
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/CreateApiKey
 func (c *AppSync) CreateApiKey(input *CreateApiKeyInput) (*CreateApiKeyOutput, error) {
@@ -276,9 +277,6 @@ func (c *AppSync) CreateGraphqlApiRequest(input *CreateGraphqlApiInput) (req *re
 //   * ErrCodeInternalFailureException "InternalFailureException"
 //   An internal AWS AppSync error occurred. Try your request again.
 //
-//   * ErrCodeLimitExceededException "LimitExceededException"
-//   The request exceeded a limit. Try your request again.
-//
 //   * ErrCodeApiLimitExceededException "ApiLimitExceededException"
 //   The GraphQL API exceeded a limit. Try your request again.
 //
@@ -1543,6 +1541,11 @@ func (c *AppSync) ListApiKeysRequest(input *ListApiKeysInput) (req *request.Requ
 //
 // Lists the API keys for a given API.
 //
+// API keys are deleted automatically sometime after they expire. However, they
+// may still be included in the response until they have actually been deleted.
+// You can safely call DeleteApiKey to manually delete a key before it's automatically
+// deleted.
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -2115,7 +2118,8 @@ func (c *AppSync) UpdateApiKeyRequest(input *UpdateApiKeyInput) (req *request.Re
 //   An internal AWS AppSync error occurred. Try your request again.
 //
 //   * ErrCodeApiKeyValidityOutOfBoundsException "ApiKeyValidityOutOfBoundsException"
-//   The API key expiration must be set to a value between 1 and 365 days.
+//   The API key expiration must be set to a value between 1 and 365 days from
+//   creation (for CreateApiKey) or from update (for UpdateApiKey).
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/UpdateApiKey
 func (c *AppSync) UpdateApiKey(input *UpdateApiKeyInput) (*UpdateApiKeyOutput, error) {
@@ -2512,6 +2516,43 @@ func (c *AppSync) UpdateTypeWithContext(ctx aws.Context, input *UpdateTypeInput,
 }
 
 // Describes an API key.
+//
+// Customers invoke AWS AppSync GraphQL APIs with API keys as an identity mechanism.
+// There are two key versions:
+//
+// da1: This version was introduced at launch in November 2017. These keys always
+// expire after 7 days. Key expiration is managed by DynamoDB TTL. The keys
+// will cease to be valid after Feb 21, 2018 and should not be used after that
+// date.
+//
+//    * ListApiKeys returns the expiration time in milliseconds.
+//
+//    * CreateApiKey returns the expiration time in milliseconds.
+//
+//    * UpdateApiKey is not available for this key version.
+//
+//    * DeleteApiKey deletes the item from the table.
+//
+//    * Expiration is stored in DynamoDB as milliseconds. This results in a
+//    bug where keys are not automatically deleted because DynamoDB expects
+//    the TTL to be stored in seconds. As a one-time action, we will delete
+//    these keys from the table after Feb 21, 2018.
+//
+// da2: This version was introduced in February 2018 when AppSync added support
+// to extend key expiration.
+//
+//    * ListApiKeys returns the expiration time in seconds.
+//
+//    * CreateApiKey returns the expiration time in seconds and accepts a user-provided
+//    expiration time in seconds.
+//
+//    * UpdateApiKey returns the expiration time in seconds and accepts a user-provided
+//    expiration time in seconds. Key expiration can only be updated while the
+//    key has not expired.
+//
+//    * DeleteApiKey deletes the item from the table.
+//
+//    * Expiration is stored in DynamoDB as seconds.
 type ApiKey struct {
 	_ struct{} `type:"structure"`
 
@@ -2565,9 +2606,10 @@ type CreateApiKeyInput struct {
 	// A description of the purpose of the API key.
 	Description *string `locationName:"description" type:"string"`
 
-	// The time after which the API key expires. The date is represented as seconds
-	// since the epoch, rounded down to the nearest hour. The default value for
-	// this parameter is 7 days from creation time.
+	// The time from creation time after which the API key expires. The date is
+	// represented as seconds since the epoch, rounded down to the nearest hour.
+	// The default value for this parameter is 7 days from creation time. For more
+	// information, see .
 	Expires *int64 `locationName:"expires" type:"long"`
 }
 
@@ -2793,11 +2835,17 @@ type CreateGraphqlApiInput struct {
 	// AuthenticationType is a required field
 	AuthenticationType *string `locationName:"authenticationType" type:"string" required:"true" enum:"AuthenticationType"`
 
+	// The Amazon CloudWatch logs configuration.
+	LogConfig *LogConfig `locationName:"logConfig" type:"structure"`
+
 	// A user-supplied name for the GraphqlApi.
 	//
 	// Name is a required field
 	Name *string `locationName:"name" type:"string" required:"true"`
 
+	// The Open Id Connect configuration configuration.
+	OpenIDConnectConfig *OpenIDConnectConfig `locationName:"openIDConnectConfig" type:"structure"`
+
 	// The Amazon Cognito User Pool configuration.
 	UserPoolConfig *UserPoolConfig `locationName:"userPoolConfig" type:"structure"`
 }
@@ -2821,6 +2869,16 @@ func (s *CreateGraphqlApiInput) Validate() error {
 	if s.Name == nil {
 		invalidParams.Add(request.NewErrParamRequired("Name"))
 	}
+	if s.LogConfig != nil {
+		if err := s.LogConfig.Validate(); err != nil {
+			invalidParams.AddNested("LogConfig", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.OpenIDConnectConfig != nil {
+		if err := s.OpenIDConnectConfig.Validate(); err != nil {
+			invalidParams.AddNested("OpenIDConnectConfig", err.(request.ErrInvalidParams))
+		}
+	}
 	if s.UserPoolConfig != nil {
 		if err := s.UserPoolConfig.Validate(); err != nil {
 			invalidParams.AddNested("UserPoolConfig", err.(request.ErrInvalidParams))
@@ -2839,12 +2897,24 @@ func (s *CreateGraphqlApiInput) SetAuthenticationType(v string) *CreateGraphqlAp
 	return s
 }
 
+// SetLogConfig sets the LogConfig field's value.
+func (s *CreateGraphqlApiInput) SetLogConfig(v *LogConfig) *CreateGraphqlApiInput {
+	s.LogConfig = v
+	return s
+}
+
 // SetName sets the Name field's value.
 func (s *CreateGraphqlApiInput) SetName(v string) *CreateGraphqlApiInput {
 	s.Name = &v
 	return s
 }
 
+// SetOpenIDConnectConfig sets the OpenIDConnectConfig field's value.
+func (s *CreateGraphqlApiInput) SetOpenIDConnectConfig(v *OpenIDConnectConfig) *CreateGraphqlApiInput {
+	s.OpenIDConnectConfig = v
+	return s
+}
+
 // SetUserPoolConfig sets the UserPoolConfig field's value.
 func (s *CreateGraphqlApiInput) SetUserPoolConfig(v *UserPoolConfig) *CreateGraphqlApiInput {
 	s.UserPoolConfig = v
@@ -2899,10 +2969,10 @@ type CreateResolverInput struct {
 	// in Apache Velocity Template Language (VTL).
 	//
 	// RequestMappingTemplate is a required field
-	RequestMappingTemplate *string `locationName:"requestMappingTemplate" type:"string" required:"true"`
+	RequestMappingTemplate *string `locationName:"requestMappingTemplate" min:"1" type:"string" required:"true"`
 
 	// The mapping template to be used for responses from the data source.
-	ResponseMappingTemplate *string `locationName:"responseMappingTemplate" type:"string"`
+	ResponseMappingTemplate *string `locationName:"responseMappingTemplate" min:"1" type:"string"`
 
 	// The name of the Type.
 	//
@@ -2935,6 +3005,12 @@ func (s *CreateResolverInput) Validate() error {
 	if s.RequestMappingTemplate == nil {
 		invalidParams.Add(request.NewErrParamRequired("RequestMappingTemplate"))
 	}
+	if s.RequestMappingTemplate != nil && len(*s.RequestMappingTemplate) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("RequestMappingTemplate", 1))
+	}
+	if s.ResponseMappingTemplate != nil && len(*s.ResponseMappingTemplate) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ResponseMappingTemplate", 1))
+	}
 	if s.TypeName == nil {
 		invalidParams.Add(request.NewErrParamRequired("TypeName"))
 	}
@@ -3130,8 +3206,10 @@ type DataSource struct {
 	//
 	//    * AWS_LAMBDA: The data source is an AWS Lambda function.
 	//
-	//    * NONE: There is no data source. This type is used when the required information
-	//    can be computed on the fly without connecting to a back-end data source.
+	//    * NONE: There is no data source. This type is used when when you wish
+	//    to invoke a GraphQL operation without connecting to a data source, such
+	//    as performing data transformation with resolvers or triggering a subscription
+	//    to be invoked from a mutation.
 	Type *string `locationName:"type" type:"string" enum:"DataSourceType"`
 }
 
@@ -4113,9 +4191,15 @@ type GraphqlApi struct {
 	// The authentication type.
 	AuthenticationType *string `locationName:"authenticationType" type:"string" enum:"AuthenticationType"`
 
+	// The Amazon CloudWatch Logs configuration.
+	LogConfig *LogConfig `locationName:"logConfig" type:"structure"`
+
 	// The API name.
 	Name *string `locationName:"name" type:"string"`
 
+	// The Open Id Connect configuration.
+	OpenIDConnectConfig *OpenIDConnectConfig `locationName:"openIDConnectConfig" type:"structure"`
+
 	// The URIs.
 	Uris map[string]*string `locationName:"uris" type:"map"`
 
@@ -4151,12 +4235,24 @@ func (s *GraphqlApi) SetAuthenticationType(v string) *GraphqlApi {
 	return s
 }
 
+// SetLogConfig sets the LogConfig field's value.
+func (s *GraphqlApi) SetLogConfig(v *LogConfig) *GraphqlApi {
+	s.LogConfig = v
+	return s
+}
+
 // SetName sets the Name field's value.
 func (s *GraphqlApi) SetName(v string) *GraphqlApi {
 	s.Name = &v
 	return s
 }
 
+// SetOpenIDConnectConfig sets the OpenIDConnectConfig field's value.
+func (s *GraphqlApi) SetOpenIDConnectConfig(v *OpenIDConnectConfig) *GraphqlApi {
+	s.OpenIDConnectConfig = v
+	return s
+}
+
 // SetUris sets the Uris field's value.
 func (s *GraphqlApi) SetUris(v map[string]*string) *GraphqlApi {
 	s.Uris = v
@@ -4662,6 +4758,147 @@ func (s *ListTypesOutput) SetTypes(v []*Type) *ListTypesOutput {
 	return s
 }
 
+// The CloudWatch Logs configuration.
+type LogConfig struct {
+	_ struct{} `type:"structure"`
+
+	// The service role that AWS AppSync will assume to publish to Amazon CloudWatch
+	// logs in your account.
+	//
+	// CloudWatchLogsRoleArn is a required field
+	CloudWatchLogsRoleArn *string `locationName:"cloudWatchLogsRoleArn" type:"string" required:"true"`
+
+	// The field logging level. Values can be NONE, ERROR, ALL.
+	//
+	//    * NONE: No field-level logs are captured.
+	//
+	//    * ERROR: Logs the following information only for the fields that are in
+	//    error:
+	//
+	// The error section in the server response.
+	//
+	// Field-level errors.
+	//
+	// The generated request/response functions that got resolved for error fields.
+	//
+	//    * ALL: The following information is logged for all fields in the query:
+	//
+	// Field-level tracing information.
+	//
+	// The generated request/response functions that got resolved for each field.
+	//
+	// FieldLogLevel is a required field
+	FieldLogLevel *string `locationName:"fieldLogLevel" type:"string" required:"true" enum:"FieldLogLevel"`
+}
+
+// String returns the string representation
+func (s LogConfig) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s LogConfig) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LogConfig) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "LogConfig"}
+	if s.CloudWatchLogsRoleArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("CloudWatchLogsRoleArn"))
+	}
+	if s.FieldLogLevel == nil {
+		invalidParams.Add(request.NewErrParamRequired("FieldLogLevel"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetCloudWatchLogsRoleArn sets the CloudWatchLogsRoleArn field's value.
+func (s *LogConfig) SetCloudWatchLogsRoleArn(v string) *LogConfig {
+	s.CloudWatchLogsRoleArn = &v
+	return s
+}
+
+// SetFieldLogLevel sets the FieldLogLevel field's value.
+func (s *LogConfig) SetFieldLogLevel(v string) *LogConfig {
+	s.FieldLogLevel = &v
+	return s
+}
+
+// Describes an Open Id Connect configuration.
+type OpenIDConnectConfig struct {
+	_ struct{} `type:"structure"`
+
+	// The number of milliseconds a token is valid after being authenticated.
+	AuthTTL *int64 `locationName:"authTTL" type:"long"`
+
+	// The client identifier of the Relying party at the OpenID Provider. This identifier
+	// is typically obtained when the Relying party is registered with the OpenID
+	// Provider. You can specify a regular expression so the AWS AppSync can validate
+	// against multiple client identifiers at a time
+	ClientId *string `locationName:"clientId" type:"string"`
+
+	// The number of milliseconds a token is valid after being issued to a user.
+	IatTTL *int64 `locationName:"iatTTL" type:"long"`
+
+	// The issuer for the open id connect configuration. The issuer returned by
+	// discovery MUST exactly match the value of iss in the ID Token.
+	//
+	// Issuer is a required field
+	Issuer *string `locationName:"issuer" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s OpenIDConnectConfig) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s OpenIDConnectConfig) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *OpenIDConnectConfig) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "OpenIDConnectConfig"}
+	if s.Issuer == nil {
+		invalidParams.Add(request.NewErrParamRequired("Issuer"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAuthTTL sets the AuthTTL field's value.
+func (s *OpenIDConnectConfig) SetAuthTTL(v int64) *OpenIDConnectConfig {
+	s.AuthTTL = &v
+	return s
+}
+
+// SetClientId sets the ClientId field's value.
+func (s *OpenIDConnectConfig) SetClientId(v string) *OpenIDConnectConfig {
+	s.ClientId = &v
+	return s
+}
+
+// SetIatTTL sets the IatTTL field's value.
+func (s *OpenIDConnectConfig) SetIatTTL(v int64) *OpenIDConnectConfig {
+	s.IatTTL = &v
+	return s
+}
+
+// SetIssuer sets the Issuer field's value.
+func (s *OpenIDConnectConfig) SetIssuer(v string) *OpenIDConnectConfig {
+	s.Issuer = &v
+	return s
+}
+
 // Describes a resolver.
 type Resolver struct {
 	_ struct{} `type:"structure"`
@@ -4673,13 +4910,13 @@ type Resolver struct {
 	FieldName *string `locationName:"fieldName" type:"string"`
 
 	// The request mapping template.
-	RequestMappingTemplate *string `locationName:"requestMappingTemplate" type:"string"`
+	RequestMappingTemplate *string `locationName:"requestMappingTemplate" min:"1" type:"string"`
 
 	// The resolver ARN.
 	ResolverArn *string `locationName:"resolverArn" type:"string"`
 
 	// The response mapping template.
-	ResponseMappingTemplate *string `locationName:"responseMappingTemplate" type:"string"`
+	ResponseMappingTemplate *string `locationName:"responseMappingTemplate" min:"1" type:"string"`
 
 	// The resolver type name.
 	TypeName *string `locationName:"typeName" type:"string"`
@@ -4880,8 +5117,8 @@ type UpdateApiKeyInput struct {
 	// A description of the purpose of the API key.
 	Description *string `locationName:"description" type:"string"`
 
-	// The time after which the API key expires. The date is represented as seconds
-	// since the epoch.
+	// The time from update time after which the API key expires. The date is represented
+	// as seconds since the epoch. For more information, see .
 	Expires *int64 `locationName:"expires" type:"long"`
 
 	// The API key ID.
@@ -5123,11 +5360,17 @@ type UpdateGraphqlApiInput struct {
 	// The new authentication type for the GraphqlApi object.
 	AuthenticationType *string `locationName:"authenticationType" type:"string" enum:"AuthenticationType"`
 
+	// The Amazon CloudWatch logs configuration for the GraphqlApi object.
+	LogConfig *LogConfig `locationName:"logConfig" type:"structure"`
+
 	// The new name for the GraphqlApi object.
 	//
 	// Name is a required field
 	Name *string `locationName:"name" type:"string" required:"true"`
 
+	// The Open Id Connect configuration configuration for the GraphqlApi object.
+	OpenIDConnectConfig *OpenIDConnectConfig `locationName:"openIDConnectConfig" type:"structure"`
+
 	// The new Amazon Cognito User Pool configuration for the GraphqlApi object.
 	UserPoolConfig *UserPoolConfig `locationName:"userPoolConfig" type:"structure"`
 }
@@ -5151,6 +5394,16 @@ func (s *UpdateGraphqlApiInput) Validate() error {
 	if s.Name == nil {
 		invalidParams.Add(request.NewErrParamRequired("Name"))
 	}
+	if s.LogConfig != nil {
+		if err := s.LogConfig.Validate(); err != nil {
+			invalidParams.AddNested("LogConfig", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.OpenIDConnectConfig != nil {
+		if err := s.OpenIDConnectConfig.Validate(); err != nil {
+			invalidParams.AddNested("OpenIDConnectConfig", err.(request.ErrInvalidParams))
+		}
+	}
 	if s.UserPoolConfig != nil {
 		if err := s.UserPoolConfig.Validate(); err != nil {
 			invalidParams.AddNested("UserPoolConfig", err.(request.ErrInvalidParams))
@@ -5175,12 +5428,24 @@ func (s *UpdateGraphqlApiInput) SetAuthenticationType(v string) *UpdateGraphqlAp
 	return s
 }
 
+// SetLogConfig sets the LogConfig field's value.
+func (s *UpdateGraphqlApiInput) SetLogConfig(v *LogConfig) *UpdateGraphqlApiInput {
+	s.LogConfig = v
+	return s
+}
+
 // SetName sets the Name field's value.
 func (s *UpdateGraphqlApiInput) SetName(v string) *UpdateGraphqlApiInput {
 	s.Name = &v
 	return s
 }
 
+// SetOpenIDConnectConfig sets the OpenIDConnectConfig field's value.
+func (s *UpdateGraphqlApiInput) SetOpenIDConnectConfig(v *OpenIDConnectConfig) *UpdateGraphqlApiInput {
+	s.OpenIDConnectConfig = v
+	return s
+}
+
 // SetUserPoolConfig sets the UserPoolConfig field's value.
 func (s *UpdateGraphqlApiInput) SetUserPoolConfig(v *UserPoolConfig) *UpdateGraphqlApiInput {
 	s.UserPoolConfig = v
@@ -5231,10 +5496,10 @@ type UpdateResolverInput struct {
 	// The new request mapping template.
 	//
 	// RequestMappingTemplate is a required field
-	RequestMappingTemplate *string `locationName:"requestMappingTemplate" type:"string" required:"true"`
+	RequestMappingTemplate *string `locationName:"requestMappingTemplate" min:"1" type:"string" required:"true"`
 
 	// The new response mapping template.
-	ResponseMappingTemplate *string `locationName:"responseMappingTemplate" type:"string"`
+	ResponseMappingTemplate *string `locationName:"responseMappingTemplate" min:"1" type:"string"`
 
 	// The new type name.
 	//
@@ -5267,6 +5532,12 @@ func (s *UpdateResolverInput) Validate() error {
 	if s.RequestMappingTemplate == nil {
 		invalidParams.Add(request.NewErrParamRequired("RequestMappingTemplate"))
 	}
+	if s.RequestMappingTemplate != nil && len(*s.RequestMappingTemplate) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("RequestMappingTemplate", 1))
+	}
+	if s.ResponseMappingTemplate != nil && len(*s.ResponseMappingTemplate) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("ResponseMappingTemplate", 1))
+	}
 	if s.TypeName == nil {
 		invalidParams.Add(request.NewErrParamRequired("TypeName"))
 	}
@@ -5522,6 +5793,9 @@ const (
 
 	// AuthenticationTypeAmazonCognitoUserPools is a AuthenticationType enum value
 	AuthenticationTypeAmazonCognitoUserPools = "AMAZON_COGNITO_USER_POOLS"
+
+	// AuthenticationTypeOpenidConnect is a AuthenticationType enum value
+	AuthenticationTypeOpenidConnect = "OPENID_CONNECT"
 )
 
 const (
@@ -5546,6 +5820,17 @@ const (
 	DefaultActionDeny = "DENY"
 )
 
+const (
+	// FieldLogLevelNone is a FieldLogLevel enum value
+	FieldLogLevelNone = "NONE"
+
+	// FieldLogLevelError is a FieldLogLevel enum value
+	FieldLogLevelError = "ERROR"
+
+	// FieldLogLevelAll is a FieldLogLevel enum value
+	FieldLogLevelAll = "ALL"
+)
+
 const (
 	// OutputTypeSdl is a OutputType enum value
 	OutputTypeSdl = "SDL"
diff --git a/vendor/github.com/aws/aws-sdk-go/service/appsync/errors.go b/vendor/github.com/aws/aws-sdk-go/service/appsync/errors.go
index a2a7a0a0ca3..5c109eaba92 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/appsync/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/appsync/errors.go
@@ -13,7 +13,8 @@ const (
 	// ErrCodeApiKeyValidityOutOfBoundsException for service response error code
 	// "ApiKeyValidityOutOfBoundsException".
 	//
-	// The API key expiration must be set to a value between 1 and 365 days.
+	// The API key expiration must be set to a value between 1 and 365 days from
+	// creation (for CreateApiKey) or from update (for UpdateApiKey).
 	ErrCodeApiKeyValidityOutOfBoundsException = "ApiKeyValidityOutOfBoundsException"
 
 	// ErrCodeApiLimitExceededException for service response error code
diff --git a/vendor/github.com/aws/aws-sdk-go/service/configservice/api.go b/vendor/github.com/aws/aws-sdk-go/service/configservice/api.go
index 56e5192db70..1a9272944f1 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/configservice/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/configservice/api.go
@@ -3153,9 +3153,15 @@ func (c *ConfigService) PutConfigurationAggregatorRequest(input *PutConfiguratio
 // PutConfigurationAggregator API operation for AWS Config.
 //
 // Creates and updates the configuration aggregator with the selected source
-// accounts and regions.
+// accounts and regions. The source account can be individual account(s) or
+// an organization.
 //
-// AWS Config should be enabled in accounts and regions you want to aggreagate.
+// AWS Config should be enabled in source accounts and regions you want to aggregate.
+//
+// If your source type is an organization, you must be signed in to the master
+// account and all features must be enabled in your organization. AWS Config
+// calls EnableAwsServiceAccess API to enable integration between AWS Config
+// and AWS Organizations.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -9541,7 +9547,8 @@ type SourceDetail struct {
 	//    when AWS Config delivers a configuration snapshot.
 	//
 	// If you want your custom rule to be triggered by configuration changes, specify
-	// both ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.
+	// two SourceDetail objects, one for ConfigurationItemChangeNotification and
+	// one for OversizedConfigurationItemChangeNotification.
 	MessageType *string `type:"string" enum:"MessageType"`
 }
 
@@ -10034,4 +10041,25 @@ const (
 
 	// ResourceTypeAwsCloudFrontStreamingDistribution is a ResourceType enum value
 	ResourceTypeAwsCloudFrontStreamingDistribution = "AWS::CloudFront::StreamingDistribution"
+
+	// ResourceTypeAwsWafRuleGroup is a ResourceType enum value
+	ResourceTypeAwsWafRuleGroup = "AWS::WAF::RuleGroup"
+
+	// ResourceTypeAwsWafregionalRuleGroup is a ResourceType enum value
+	ResourceTypeAwsWafregionalRuleGroup = "AWS::WAFRegional::RuleGroup"
+
+	// ResourceTypeAwsLambdaFunction is a ResourceType enum value
+	ResourceTypeAwsLambdaFunction = "AWS::Lambda::Function"
+
+	// ResourceTypeAwsElasticBeanstalkApplication is a ResourceType enum value
+	ResourceTypeAwsElasticBeanstalkApplication = "AWS::ElasticBeanstalk::Application"
+
+	// ResourceTypeAwsElasticBeanstalkApplicationVersion is a ResourceType enum value
+	ResourceTypeAwsElasticBeanstalkApplicationVersion = "AWS::ElasticBeanstalk::ApplicationVersion"
+
+	// ResourceTypeAwsElasticBeanstalkEnvironment is a ResourceType enum value
+	ResourceTypeAwsElasticBeanstalkEnvironment = "AWS::ElasticBeanstalk::Environment"
+
+	// ResourceTypeAwsElasticLoadBalancingLoadBalancer is a ResourceType enum value
+	ResourceTypeAwsElasticLoadBalancingLoadBalancer = "AWS::ElasticLoadBalancing::LoadBalancer"
 )
diff --git a/vendor/github.com/aws/aws-sdk-go/service/guardduty/api.go b/vendor/github.com/aws/aws-sdk-go/service/guardduty/api.go
index 02970d29fae..b8cc0dc00f8 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/guardduty/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/guardduty/api.go
@@ -258,6 +258,88 @@ func (c *GuardDuty) CreateDetectorWithContext(ctx aws.Context, input *CreateDete
 	return out, req.Send()
 }
 
+const opCreateFilter = "CreateFilter"
+
+// CreateFilterRequest generates a "aws/request.Request" representing the
+// client's request for the CreateFilter operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateFilter for more information on using the CreateFilter
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the CreateFilterRequest method.
+//    req, resp := client.CreateFilterRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateFilter
+func (c *GuardDuty) CreateFilterRequest(input *CreateFilterInput) (req *request.Request, output *CreateFilterOutput) {
+	op := &request.Operation{
+		Name:       opCreateFilter,
+		HTTPMethod: "POST",
+		HTTPPath:   "/detector/{detectorId}/filter",
+	}
+
+	if input == nil {
+		input = &CreateFilterInput{}
+	}
+
+	output = &CreateFilterOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// CreateFilter API operation for Amazon GuardDuty.
+//
+// Creates a filter using the specified finding criteria.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation CreateFilter for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeBadRequestException "BadRequestException"
+//   Error response object.
+//
+//   * ErrCodeInternalServerErrorException "InternalServerErrorException"
+//   Error response object.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateFilter
+func (c *GuardDuty) CreateFilter(input *CreateFilterInput) (*CreateFilterOutput, error) {
+	req, out := c.CreateFilterRequest(input)
+	return out, req.Send()
+}
+
+// CreateFilterWithContext is the same as CreateFilter with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateFilter for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) CreateFilterWithContext(ctx aws.Context, input *CreateFilterInput, opts ...request.Option) (*CreateFilterOutput, error) {
+	req, out := c.CreateFilterRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opCreateIPSet = "CreateIPSet"
 
 // CreateIPSetRequest generates a "aws/request.Request" representing the
@@ -757,6 +839,88 @@ func (c *GuardDuty) DeleteDetectorWithContext(ctx aws.Context, input *DeleteDete
 	return out, req.Send()
 }
 
+const opDeleteFilter = "DeleteFilter"
+
+// DeleteFilterRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteFilter operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteFilter for more information on using the DeleteFilter
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DeleteFilterRequest method.
+//    req, resp := client.DeleteFilterRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteFilter
+func (c *GuardDuty) DeleteFilterRequest(input *DeleteFilterInput) (req *request.Request, output *DeleteFilterOutput) {
+	op := &request.Operation{
+		Name:       opDeleteFilter,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/detector/{detectorId}/filter/{filterName}",
+	}
+
+	if input == nil {
+		input = &DeleteFilterInput{}
+	}
+
+	output = &DeleteFilterOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DeleteFilter API operation for Amazon GuardDuty.
+//
+// Deletes the filter specified by the filter name.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation DeleteFilter for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeBadRequestException "BadRequestException"
+//   Error response object.
+//
+//   * ErrCodeInternalServerErrorException "InternalServerErrorException"
+//   Error response object.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteFilter
+func (c *GuardDuty) DeleteFilter(input *DeleteFilterInput) (*DeleteFilterOutput, error) {
+	req, out := c.DeleteFilterRequest(input)
+	return out, req.Send()
+}
+
+// DeleteFilterWithContext is the same as DeleteFilter with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteFilter for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) DeleteFilterWithContext(ctx aws.Context, input *DeleteFilterInput, opts ...request.Option) (*DeleteFilterOutput, error) {
+	req, out := c.DeleteFilterRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opDeleteIPSet = "DeleteIPSet"
 
 // DeleteIPSetRequest generates a "aws/request.Request" representing the
@@ -1334,6 +1498,88 @@ func (c *GuardDuty) GetDetectorWithContext(ctx aws.Context, input *GetDetectorIn
 	return out, req.Send()
 }
 
+const opGetFilter = "GetFilter"
+
+// GetFilterRequest generates a "aws/request.Request" representing the
+// client's request for the GetFilter operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetFilter for more information on using the GetFilter
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetFilterRequest method.
+//    req, resp := client.GetFilterRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetFilter
+func (c *GuardDuty) GetFilterRequest(input *GetFilterInput) (req *request.Request, output *GetFilterOutput) {
+	op := &request.Operation{
+		Name:       opGetFilter,
+		HTTPMethod: "GET",
+		HTTPPath:   "/detector/{detectorId}/filter/{filterName}",
+	}
+
+	if input == nil {
+		input = &GetFilterInput{}
+	}
+
+	output = &GetFilterOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetFilter API operation for Amazon GuardDuty.
+//
+// Returns the details of the filter specified by the filter name.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation GetFilter for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeBadRequestException "BadRequestException"
+//   Error response object.
+//
+//   * ErrCodeInternalServerErrorException "InternalServerErrorException"
+//   Error response object.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetFilter
+func (c *GuardDuty) GetFilter(input *GetFilterInput) (*GetFilterOutput, error) {
+	req, out := c.GetFilterRequest(input)
+	return out, req.Send()
+}
+
+// GetFilterWithContext is the same as GetFilter with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetFilter for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) GetFilterWithContext(ctx aws.Context, input *GetFilterInput, opts ...request.Option) (*GetFilterOutput, error) {
+	req, out := c.GetFilterRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opGetFindings = "GetFindings"
 
 // GetFindingsRequest generates a "aws/request.Request" representing the
@@ -2134,6 +2380,144 @@ func (c *GuardDuty) ListDetectorsPagesWithContext(ctx aws.Context, input *ListDe
 	return p.Err()
 }
 
+const opListFilters = "ListFilters"
+
+// ListFiltersRequest generates a "aws/request.Request" representing the
+// client's request for the ListFilters operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListFilters for more information on using the ListFilters
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the ListFiltersRequest method.
+//    req, resp := client.ListFiltersRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListFilters
+func (c *GuardDuty) ListFiltersRequest(input *ListFiltersInput) (req *request.Request, output *ListFiltersOutput) {
+	op := &request.Operation{
+		Name:       opListFilters,
+		HTTPMethod: "GET",
+		HTTPPath:   "/detector/{detectorId}/filter",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"NextToken"},
+			OutputTokens:    []string{"NextToken"},
+			LimitToken:      "MaxResults",
+			TruncationToken: "",
+		},
+	}
+
+	if input == nil {
+		input = &ListFiltersInput{}
+	}
+
+	output = &ListFiltersOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListFilters API operation for Amazon GuardDuty.
+//
+// Returns a paginated list of the current filters.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation ListFilters for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeBadRequestException "BadRequestException"
+//   Error response object.
+//
+//   * ErrCodeInternalServerErrorException "InternalServerErrorException"
+//   Error response object.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListFilters
+func (c *GuardDuty) ListFilters(input *ListFiltersInput) (*ListFiltersOutput, error) {
+	req, out := c.ListFiltersRequest(input)
+	return out, req.Send()
+}
+
+// ListFiltersWithContext is the same as ListFilters with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListFilters for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) ListFiltersWithContext(ctx aws.Context, input *ListFiltersInput, opts ...request.Option) (*ListFiltersOutput, error) {
+	req, out := c.ListFiltersRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// ListFiltersPages iterates over the pages of a ListFilters operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListFilters method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//    // Example iterating over at most 3 pages of a ListFilters operation.
+//    pageNum := 0
+//    err := client.ListFiltersPages(params,
+//        func(page *ListFiltersOutput, lastPage bool) bool {
+//            pageNum++
+//            fmt.Println(page)
+//            return pageNum <= 3
+//        })
+//
+func (c *GuardDuty) ListFiltersPages(input *ListFiltersInput, fn func(*ListFiltersOutput, bool) bool) error {
+	return c.ListFiltersPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListFiltersPagesWithContext same as ListFiltersPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) ListFiltersPagesWithContext(ctx aws.Context, input *ListFiltersInput, fn func(*ListFiltersOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *ListFiltersInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.ListFiltersRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	cont := true
+	for p.Next() && cont {
+		cont = fn(p.Page().(*ListFiltersOutput), !p.HasNextPage())
+	}
+	return p.Err()
+}
+
 const opListFindings = "ListFindings"
 
 // ListFindingsRequest generates a "aws/request.Request" representing the
@@ -3160,6 +3544,88 @@ func (c *GuardDuty) UpdateDetectorWithContext(ctx aws.Context, input *UpdateDete
 	return out, req.Send()
 }
 
+const opUpdateFilter = "UpdateFilter"
+
+// UpdateFilterRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateFilter operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateFilter for more information on using the UpdateFilter
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the UpdateFilterRequest method.
+//    req, resp := client.UpdateFilterRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateFilter
+func (c *GuardDuty) UpdateFilterRequest(input *UpdateFilterInput) (req *request.Request, output *UpdateFilterOutput) {
+	op := &request.Operation{
+		Name:       opUpdateFilter,
+		HTTPMethod: "POST",
+		HTTPPath:   "/detector/{detectorId}/filter/{filterName}",
+	}
+
+	if input == nil {
+		input = &UpdateFilterInput{}
+	}
+
+	output = &UpdateFilterOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// UpdateFilter API operation for Amazon GuardDuty.
+//
+// Updates the filter specified by the filter name.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation UpdateFilter for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeBadRequestException "BadRequestException"
+//   Error response object.
+//
+//   * ErrCodeInternalServerErrorException "InternalServerErrorException"
+//   Error response object.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateFilter
+func (c *GuardDuty) UpdateFilter(input *UpdateFilterInput) (*UpdateFilterOutput, error) {
+	req, out := c.UpdateFilterRequest(input)
+	return out, req.Send()
+}
+
+// UpdateFilterWithContext is the same as UpdateFilter with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateFilter for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) UpdateFilterWithContext(ctx aws.Context, input *UpdateFilterInput, opts ...request.Option) (*UpdateFilterOutput, error) {
+	req, out := c.UpdateFilterRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opUpdateFindingsFeedback = "UpdateFindingsFeedback"
 
 // UpdateFindingsFeedbackRequest generates a "aws/request.Request" representing the
@@ -3941,6 +4407,123 @@ func (s *CreateDetectorOutput) SetDetectorId(v string) *CreateDetectorOutput {
 	return s
 }
 
+// CreateFilter request object.
+type CreateFilterInput struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the action that is to be applied to the findings that match the
+	// filter.
+	Action *string `locationName:"action" type:"string" enum:"FilterAction"`
+
+	// The idempotency token for the create request.
+	ClientToken *string `locationName:"clientToken" type:"string" idempotencyToken:"true"`
+
+	// The description of the filter.
+	Description *string `locationName:"description" type:"string"`
+
+	// DetectorId is a required field
+	DetectorId *string `location:"uri" locationName:"detectorId" type:"string" required:"true"`
+
+	// Represents the criteria to be used in the filter for querying findings.
+	FindingCriteria *FindingCriteria `locationName:"findingCriteria" type:"structure"`
+
+	// The name of the filter.
+	Name *string `locationName:"name" type:"string"`
+
+	// Specifies the position of the filter in the list of current filters. Also
+	// specifies the order in which this filter is applied to the findings.
+	Rank *int64 `locationName:"rank" type:"integer"`
+}
+
+// String returns the string representation
+func (s CreateFilterInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateFilterInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateFilterInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CreateFilterInput"}
+	if s.DetectorId == nil {
+		invalidParams.Add(request.NewErrParamRequired("DetectorId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAction sets the Action field's value.
+func (s *CreateFilterInput) SetAction(v string) *CreateFilterInput {
+	s.Action = &v
+	return s
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateFilterInput) SetClientToken(v string) *CreateFilterInput {
+	s.ClientToken = &v
+	return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *CreateFilterInput) SetDescription(v string) *CreateFilterInput {
+	s.Description = &v
+	return s
+}
+
+// SetDetectorId sets the DetectorId field's value.
+func (s *CreateFilterInput) SetDetectorId(v string) *CreateFilterInput {
+	s.DetectorId = &v
+	return s
+}
+
+// SetFindingCriteria sets the FindingCriteria field's value.
+func (s *CreateFilterInput) SetFindingCriteria(v *FindingCriteria) *CreateFilterInput {
+	s.FindingCriteria = v
+	return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateFilterInput) SetName(v string) *CreateFilterInput {
+	s.Name = &v
+	return s
+}
+
+// SetRank sets the Rank field's value.
+func (s *CreateFilterInput) SetRank(v int64) *CreateFilterInput {
+	s.Rank = &v
+	return s
+}
+
+// CreateFilter response object.
+type CreateFilterOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the successfully created filter.
+	Name *string `locationName:"name" type:"string"`
+}
+
+// String returns the string representation
+func (s CreateFilterOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s CreateFilterOutput) GoString() string {
+	return s.String()
+}
+
+// SetName sets the Name field's value.
+func (s *CreateFilterOutput) SetName(v string) *CreateFilterOutput {
+	s.Name = &v
+	return s
+}
+
 // Create IP Set Request
 type CreateIPSetInput struct {
 	_ struct{} `type:"structure"`
@@ -4332,29 +4915,85 @@ func (s *DeclineInvitationsOutput) SetUnprocessedAccounts(v []*UnprocessedAccoun
 	return s
 }
 
-type DeleteDetectorInput struct {
+type DeleteDetectorInput struct {
+	_ struct{} `type:"structure"`
+
+	// DetectorId is a required field
+	DetectorId *string `location:"uri" locationName:"detectorId" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeleteDetectorInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteDetectorInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteDetectorInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteDetectorInput"}
+	if s.DetectorId == nil {
+		invalidParams.Add(request.NewErrParamRequired("DetectorId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDetectorId sets the DetectorId field's value.
+func (s *DeleteDetectorInput) SetDetectorId(v string) *DeleteDetectorInput {
+	s.DetectorId = &v
+	return s
+}
+
+type DeleteDetectorOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeleteDetectorOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteDetectorOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteFilterInput struct {
 	_ struct{} `type:"structure"`
 
 	// DetectorId is a required field
 	DetectorId *string `location:"uri" locationName:"detectorId" type:"string" required:"true"`
+
+	// FilterName is a required field
+	FilterName *string `location:"uri" locationName:"filterName" type:"string" required:"true"`
 }
 
 // String returns the string representation
-func (s DeleteDetectorInput) String() string {
+func (s DeleteFilterInput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteDetectorInput) GoString() string {
+func (s DeleteFilterInput) GoString() string {
 	return s.String()
 }
 
 // Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteDetectorInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteDetectorInput"}
+func (s *DeleteFilterInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteFilterInput"}
 	if s.DetectorId == nil {
 		invalidParams.Add(request.NewErrParamRequired("DetectorId"))
 	}
+	if s.FilterName == nil {
+		invalidParams.Add(request.NewErrParamRequired("FilterName"))
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -4363,22 +5002,28 @@ func (s *DeleteDetectorInput) Validate() error {
 }
 
 // SetDetectorId sets the DetectorId field's value.
-func (s *DeleteDetectorInput) SetDetectorId(v string) *DeleteDetectorInput {
+func (s *DeleteFilterInput) SetDetectorId(v string) *DeleteFilterInput {
 	s.DetectorId = &v
 	return s
 }
 
-type DeleteDetectorOutput struct {
+// SetFilterName sets the FilterName field's value.
+func (s *DeleteFilterInput) SetFilterName(v string) *DeleteFilterInput {
+	s.FilterName = &v
+	return s
+}
+
+type DeleteFilterOutput struct {
 	_ struct{} `type:"structure"`
 }
 
 // String returns the string representation
-func (s DeleteDetectorOutput) String() string {
+func (s DeleteFilterOutput) String() string {
 	return awsutil.Prettify(s)
 }
 
 // GoString returns the string representation
-func (s DeleteDetectorOutput) GoString() string {
+func (s DeleteFilterOutput) GoString() string {
 	return s.String()
 }
 
@@ -5130,6 +5775,116 @@ func (s *GetDetectorOutput) SetUpdatedAt(v string) *GetDetectorOutput {
 	return s
 }
 
+type GetFilterInput struct {
+	_ struct{} `type:"structure"`
+
+	// DetectorId is a required field
+	DetectorId *string `location:"uri" locationName:"detectorId" type:"string" required:"true"`
+
+	// FilterName is a required field
+	FilterName *string `location:"uri" locationName:"filterName" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s GetFilterInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetFilterInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetFilterInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetFilterInput"}
+	if s.DetectorId == nil {
+		invalidParams.Add(request.NewErrParamRequired("DetectorId"))
+	}
+	if s.FilterName == nil {
+		invalidParams.Add(request.NewErrParamRequired("FilterName"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDetectorId sets the DetectorId field's value.
+func (s *GetFilterInput) SetDetectorId(v string) *GetFilterInput {
+	s.DetectorId = &v
+	return s
+}
+
+// SetFilterName sets the FilterName field's value.
+func (s *GetFilterInput) SetFilterName(v string) *GetFilterInput {
+	s.FilterName = &v
+	return s
+}
+
+// GetFilter response object.
+type GetFilterOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the action that is to be applied to the findings that match the
+	// filter.
+	Action *string `locationName:"action" type:"string" enum:"FilterAction"`
+
+	// The description of the filter.
+	Description *string `locationName:"description" type:"string"`
+
+	// Represents the criteria to be used in the filter for querying findings.
+	FindingCriteria *FindingCriteria `locationName:"findingCriteria" type:"structure"`
+
+	// The name of the filter.
+	Name *string `locationName:"name" type:"string"`
+
+	// Specifies the position of the filter in the list of current filters. Also
+	// specifies the order in which this filter is applied to the findings.
+	Rank *int64 `locationName:"rank" type:"integer"`
+}
+
+// String returns the string representation
+func (s GetFilterOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetFilterOutput) GoString() string {
+	return s.String()
+}
+
+// SetAction sets the Action field's value.
+func (s *GetFilterOutput) SetAction(v string) *GetFilterOutput {
+	s.Action = &v
+	return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *GetFilterOutput) SetDescription(v string) *GetFilterOutput {
+	s.Description = &v
+	return s
+}
+
+// SetFindingCriteria sets the FindingCriteria field's value.
+func (s *GetFilterOutput) SetFindingCriteria(v *FindingCriteria) *GetFilterOutput {
+	s.FindingCriteria = v
+	return s
+}
+
+// SetName sets the Name field's value.
+func (s *GetFilterOutput) SetName(v string) *GetFilterOutput {
+	s.Name = &v
+	return s
+}
+
+// SetRank sets the Rank field's value.
+func (s *GetFilterOutput) SetRank(v int64) *GetFilterOutput {
+	s.Rank = &v
+	return s
+}
+
 // Get Findings Request
 type GetFindingsInput struct {
 	_ struct{} `type:"structure"`
@@ -5711,6 +6466,9 @@ type InstanceDetails struct {
 	// The profile information of the EC2 instance.
 	IamInstanceProfile *IamInstanceProfile `locationName:"iamInstanceProfile" type:"structure"`
 
+	// The image description of the EC2 instance.
+	ImageDescription *string `locationName:"imageDescription" type:"string"`
+
 	// The image ID of the EC2 instance.
 	ImageId *string `locationName:"imageId" type:"string"`
 
@@ -5761,6 +6519,12 @@ func (s *InstanceDetails) SetIamInstanceProfile(v *IamInstanceProfile) *Instance
 	return s
 }
 
+// SetImageDescription sets the ImageDescription field's value.
+func (s *InstanceDetails) SetImageDescription(v string) *InstanceDetails {
+	s.ImageDescription = &v
+	return s
+}
+
 // SetImageId sets the ImageId field's value.
 func (s *InstanceDetails) SetImageId(v string) *InstanceDetails {
 	s.ImageId = &v
@@ -5877,7 +6641,8 @@ type InviteMembersInput struct {
 	// DetectorId is a required field
 	DetectorId *string `location:"uri" locationName:"detectorId" type:"string" required:"true"`
 
-	// Indicates whether invite member email notification is disabled
+	// A boolean value that specifies whether you want to disable email notification
+	// to the accounts that you’re inviting to GuardDuty as members.
 	DisableEmailNotification *bool `locationName:"disableEmailNotification" type:"boolean"`
 
 	// The invitation message that you want to send to the accounts that you’re
@@ -6038,6 +6803,99 @@ func (s *ListDetectorsOutput) SetNextToken(v string) *ListDetectorsOutput {
 	return s
 }
 
+type ListFiltersInput struct {
+	_ struct{} `type:"structure"`
+
+	// DetectorId is a required field
+	DetectorId *string `location:"uri" locationName:"detectorId" type:"string" required:"true"`
+
+	// You can use this parameter to indicate the maximum number of items that you
+	// want in the response.
+	MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
+
+	NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation
+func (s ListFiltersInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListFiltersInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListFiltersInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListFiltersInput"}
+	if s.DetectorId == nil {
+		invalidParams.Add(request.NewErrParamRequired("DetectorId"))
+	}
+	if s.MaxResults != nil && *s.MaxResults < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDetectorId sets the DetectorId field's value.
+func (s *ListFiltersInput) SetDetectorId(v string) *ListFiltersInput {
+	s.DetectorId = &v
+	return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListFiltersInput) SetMaxResults(v int64) *ListFiltersInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListFiltersInput) SetNextToken(v string) *ListFiltersInput {
+	s.NextToken = &v
+	return s
+}
+
+// ListFilters response object.
+type ListFiltersOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A list of filter names
+	FilterNames []*string `locationName:"filterNames" type:"list"`
+
+	// You can use this parameter when paginating results. Set the value of this
+	// parameter to null on your first call to the list action. For subsequent calls
+	// to the action fill nextToken in the request with the value of NextToken from
+	// the previous response to continue listing data.
+	NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation
+func (s ListFiltersOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListFiltersOutput) GoString() string {
+	return s.String()
+}
+
+// SetFilterNames sets the FilterNames field's value.
+func (s *ListFiltersOutput) SetFilterNames(v []*string) *ListFiltersOutput {
+	s.FilterNames = v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListFiltersOutput) SetNextToken(v string) *ListFiltersOutput {
+	s.NextToken = &v
+	return s
+}
+
 // List Findings Request
 type ListFindingsInput struct {
 	_ struct{} `type:"structure"`
@@ -6770,6 +7628,9 @@ type NetworkInterface struct {
 	// A list of EC2 instance IPv6 address information.
 	Ipv6Addresses []*string `locationName:"ipv6Addresses" type:"list"`
 
+	// The ID of the network interface
+	NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"`
+
 	// Private DNS name of the EC2 instance.
 	PrivateDnsName *string `locationName:"privateDnsName" type:"string"`
 
@@ -6811,6 +7672,12 @@ func (s *NetworkInterface) SetIpv6Addresses(v []*string) *NetworkInterface {
 	return s
 }
 
+// SetNetworkInterfaceId sets the NetworkInterfaceId field's value.
+func (s *NetworkInterface) SetNetworkInterfaceId(v string) *NetworkInterface {
+	s.NetworkInterfaceId = &v
+	return s
+}
+
 // SetPrivateDnsName sets the PrivateDnsName field's value.
 func (s *NetworkInterface) SetPrivateDnsName(v string) *NetworkInterface {
 	s.PrivateDnsName = &v
@@ -7681,6 +8548,117 @@ func (s UpdateDetectorOutput) GoString() string {
 	return s.String()
 }
 
+// UpdateFilter request object.
+type UpdateFilterInput struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the action that is to be applied to the findings that match the
+	// filter.
+	Action *string `locationName:"action" type:"string" enum:"FilterAction"`
+
+	// The description of the filter.
+	Description *string `locationName:"description" type:"string"`
+
+	// DetectorId is a required field
+	DetectorId *string `location:"uri" locationName:"detectorId" type:"string" required:"true"`
+
+	// FilterName is a required field
+	FilterName *string `location:"uri" locationName:"filterName" type:"string" required:"true"`
+
+	// Represents the criteria to be used in the filter for querying findings.
+	FindingCriteria *FindingCriteria `locationName:"findingCriteria" type:"structure"`
+
+	// Specifies the position of the filter in the list of current filters. Also
+	// specifies the order in which this filter is applied to the findings.
+	Rank *int64 `locationName:"rank" type:"integer"`
+}
+
+// String returns the string representation
+func (s UpdateFilterInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UpdateFilterInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateFilterInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "UpdateFilterInput"}
+	if s.DetectorId == nil {
+		invalidParams.Add(request.NewErrParamRequired("DetectorId"))
+	}
+	if s.FilterName == nil {
+		invalidParams.Add(request.NewErrParamRequired("FilterName"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAction sets the Action field's value.
+func (s *UpdateFilterInput) SetAction(v string) *UpdateFilterInput {
+	s.Action = &v
+	return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *UpdateFilterInput) SetDescription(v string) *UpdateFilterInput {
+	s.Description = &v
+	return s
+}
+
+// SetDetectorId sets the DetectorId field's value.
+func (s *UpdateFilterInput) SetDetectorId(v string) *UpdateFilterInput {
+	s.DetectorId = &v
+	return s
+}
+
+// SetFilterName sets the FilterName field's value.
+func (s *UpdateFilterInput) SetFilterName(v string) *UpdateFilterInput {
+	s.FilterName = &v
+	return s
+}
+
+// SetFindingCriteria sets the FindingCriteria field's value.
+func (s *UpdateFilterInput) SetFindingCriteria(v *FindingCriteria) *UpdateFilterInput {
+	s.FindingCriteria = v
+	return s
+}
+
+// SetRank sets the Rank field's value.
+func (s *UpdateFilterInput) SetRank(v int64) *UpdateFilterInput {
+	s.Rank = &v
+	return s
+}
+
+// UpdateFilter response object.
+type UpdateFilterOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the filter.
+	Name *string `locationName:"name" type:"string"`
+}
+
+// String returns the string representation
+func (s UpdateFilterOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UpdateFilterOutput) GoString() string {
+	return s.String()
+}
+
+// SetName sets the Name field's value.
+func (s *UpdateFilterOutput) SetName(v string) *UpdateFilterOutput {
+	s.Name = &v
+	return s
+}
+
 // Update findings feedback body
 type UpdateFindingsFeedbackInput struct {
 	_ struct{} `type:"structure"`
@@ -7959,6 +8937,15 @@ const (
 	FeedbackNotUseful = "NOT_USEFUL"
 )
 
+// The action associated with a filter.
+const (
+	// FilterActionNoop is a FilterAction enum value
+	FilterActionNoop = "NOOP"
+
+	// FilterActionArchive is a FilterAction enum value
+	FilterActionArchive = "ARCHIVE"
+)
+
 // The types of finding statistics.
 const (
 	// FindingStatisticTypeCountBySeverity is a FindingStatisticType enum value
diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go
index eb2d69a707d..6ef706faee2 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go
@@ -203,8 +203,8 @@ func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *req
 // You provide the secret data to be encrypted by putting text in either the
 // SecretString parameter or binary data in the SecretBinary parameter, but
 // not both. If you include SecretString or SecretBinary then Secrets Manager
-// also creates an initial secret version and, if you don't supply a staging
-// label, automatically maps the new version's ID to the staging label AWSCURRENT.
+// also creates an initial secret version and automatically attaches the staging
+// label AWSCURRENT to the new version.
 //
 // If you call an operation that needs to encrypt or decrypt the SecretString
 // or SecretBinary for a secret in the same account as the calling user and
@@ -1121,7 +1121,8 @@ func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req
 //
 // Stores a new encrypted secret value in the specified secret. To do this,
 // the operation creates a new version and attaches it to the secret. The version
-// can contain a new SecretString value or a new SecretBinary value.
+// can contain a new SecretString value or a new SecretBinary value. You can
+// also specify the staging labels that are initially attached to the new version.
 //
 // The Secrets Manager console uses only the SecretString field. To add binary
 // data to a secret with the SecretBinary field you must use the AWS CLI or
@@ -1133,7 +1134,12 @@ func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req
 //
 //    * If another version of this secret already exists, then this operation
 //    does not automatically move any staging labels other than those that you
-//    specify in the VersionStages parameter.
+//    explicitly specify in the VersionStages parameter.
+//
+//    * If this operation moves the staging label AWSCURRENT from another version
+//    to this version (because you included it in the StagingLabels parameter)
+//    then Secrets Manager also automatically moves the staging label AWSPREVIOUS
+//    to the version that AWSCURRENT was removed from.
 //
 //    * This operation is idempotent. If a version with a SecretVersionId with
 //    the same value as the ClientRequestToken parameter already exists and
@@ -1141,11 +1147,6 @@ func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req
 //    However, if the secret data is different, then the operation fails because
 //    you cannot modify an existing version; you can only create new ones.
 //
-//    * If this operation moves the staging label AWSCURRENT to this version
-//    (because you included it in the StagingLabels parameter) then Secrets
-//    Manager also automatically moves the staging label AWSPREVIOUS to the
-//    version that AWSCURRENT was removed from.
-//
 // If you call an operation that needs to encrypt or decrypt the SecretString
 // or SecretBinary for a secret in the same account as the calling user and
 // that secret doesn't specify a KMS encryption key, Secrets Manager uses the
@@ -1782,16 +1783,14 @@ func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *req
 // binary data as part of the version of a secret, you must use either the AWS
 // CLI or one of the AWS SDKs.
 //
-//    * If this update creates the first version of the secret or if you did
-//    not include the VersionStages parameter then Secrets Manager automatically
-//    attaches the staging label AWSCURRENT to the new version and removes it
-//    from any version that had it previously. The previous version (if any)
-//    is then given the staging label AWSPREVIOUS.
-//
 //    * If a version with a SecretVersionId with the same value as the ClientRequestToken
 //    parameter already exists, the operation generates an error. You cannot
 //    modify an existing version, you can only create new ones.
 //
+//    * If you include SecretString or SecretBinary to create a new secret version,
+//    Secrets Manager automatically attaches the staging label AWSCURRENT to
+//    the new version.
+//
 // If you call an operation that needs to encrypt or decrypt the SecretString
 // or SecretBinary for a secret in the same account as the calling user and
 // that secret doesn't specify a KMS encryption key, Secrets Manager uses the
diff --git a/vendor/vendor.json b/vendor/vendor.json
index c4e69d1bac9..e1e387a73c5 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -39,916 +39,916 @@
 			"revisionTime": "2017-07-27T15:54:43Z"
 		},
 		{
-			"checksumSHA1": "7TqQymwKnKWZuiNS62pUG6E7CgY=",
+			"checksumSHA1": "Chrl+rJ8+nI3K8BcLIaVqKdUgTw=",
 			"path": "github.com/aws/aws-sdk-go/aws",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "DtuTqKH29YnLjrIJkRYX0HQtXY0=",
 			"path": "github.com/aws/aws-sdk-go/aws/arn",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "Y9W+4GimK4Fuxq+vyIskVYFRnX4=",
 			"path": "github.com/aws/aws-sdk-go/aws/awserr",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "yyYr41HZ1Aq0hWc3J5ijXwYEcac=",
 			"path": "github.com/aws/aws-sdk-go/aws/awsutil",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "hicPtITUionsA+dgs1SpsZUkQu4=",
 			"path": "github.com/aws/aws-sdk-go/aws/client",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "ieAJ+Cvp/PKv1LpUEnUXpc3OI6E=",
 			"path": "github.com/aws/aws-sdk-go/aws/client/metadata",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "vVSUnICaD9IaBQisCfw0n8zLwig=",
 			"path": "github.com/aws/aws-sdk-go/aws/corehandlers",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "Y+cPwQL0dZMyqp3wI+KJWmA9KQ8=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "u3GOAJLmdvbuNUeUEcZSEAOeL/0=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "NUJUTWlc1sV8b7WjfiYc4JZbXl0=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials/endpointcreds",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "JEYqmF83O5n5bHkupAzA6STm0no=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials/stscreds",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "HogDW/Wu6ZKTDrQ2HSzG8/vj9Ag=",
 			"path": "github.com/aws/aws-sdk-go/aws/defaults",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "pDnK93CqjQ4ROSW8Y/RuHXjv52M=",
 			"path": "github.com/aws/aws-sdk-go/aws/ec2metadata",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
-			"checksumSHA1": "MIYMbcTonoSpdxgGHs7wn2EN3Dc=",
+			"checksumSHA1": "EIW1Cy3S1YvIXRfUSLoW7YuDUPc=",
 			"path": "github.com/aws/aws-sdk-go/aws/endpoints",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "CntJM8T3dRgC0e1i66CIbP8uCSY=",
 			"path": "github.com/aws/aws-sdk-go/aws/request",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "J66FLqo++F1PXLUU8XQqYaageSc=",
 			"path": "github.com/aws/aws-sdk-go/aws/session",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "BqDC+Sxo3hrC6WYvwx1U4OObaT4=",
 			"path": "github.com/aws/aws-sdk-go/aws/signer/v4",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "wjxQlU1PYxrDRFoL1Vek8Wch7jk=",
 			"path": "github.com/aws/aws-sdk-go/internal/sdkio",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "MYLldFRnsZh21TfCkgkXCT3maPU=",
 			"path": "github.com/aws/aws-sdk-go/internal/sdkrand",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "04ypv4x12l4q0TksA1zEVsmgpvw=",
 			"path": "github.com/aws/aws-sdk-go/internal/shareddefaults",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "NStHCXEvYqG72GknZyv1jaKaeH0=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "GQuRJY72iGQrufDqIaB50zG27u0=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/ec2query",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "yHfT5DTbeCLs4NE2Rgnqrhe15ls=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "R00RL5jJXRYq1iiK1+PGvMfvXyM=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/jsonrpc",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "SBBVYdLcocjdPzMWgDuR8vcOfDQ=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/query",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "9V1PvtFQ9MObZTc3sa86WcuOtOU=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/query/queryutil",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "pkeoOfZpHRvFG/AOZeTf0lwtsFg=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/rest",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "Rpu8KBtHZgvhkwHxUfaky+qW+G4=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/restjson",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "ODo+ko8D6unAxZuN1jGzMcN4QCc=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/restxml",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "6zosteWJqUGM9+t9dkANQymMA9s=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "F6mth+G7dXN1GI+nktaGo8Lx8aE=",
 			"path": "github.com/aws/aws-sdk-go/private/signer/v2",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "yqQRtxoLmiwe3lUvTx81hxfy+S0=",
 			"path": "github.com/aws/aws-sdk-go/service/acm",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "WliJXTogdly9qe5xEV6Fn2zklcs=",
 			"path": "github.com/aws/aws-sdk-go/service/acmpca",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "rQmpNRto8bpB17qNubhGzRh/Aj8=",
 			"path": "github.com/aws/aws-sdk-go/service/apigateway",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "7o1gMXoE8cemDzkZFUrQknQS4Yo=",
 			"path": "github.com/aws/aws-sdk-go/service/applicationautoscaling",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
-			"checksumSHA1": "s0TQJfF7ZqeS9IH4hdvX5EQk2l8=",
+			"checksumSHA1": "DtAllf3BfE0Z5JOhcdYHQnv1jnY=",
 			"path": "github.com/aws/aws-sdk-go/service/appsync",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "YlKOG1eZClZYmcRwJQO+LfEQrVY=",
 			"path": "github.com/aws/aws-sdk-go/service/athena",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "58ARAtV4EKAIv5zpieVjvJMFjO0=",
 			"path": "github.com/aws/aws-sdk-go/service/autoscaling",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "s6of5mfMFZtYy6BRo/tIafylOUc=",
 			"path": "github.com/aws/aws-sdk-go/service/batch",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "MJPsaJkyrCml4VZOsbNGo9Fl0C8=",
 			"path": "github.com/aws/aws-sdk-go/service/budgets",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "AQGPL+fXjjKhBmyb37QAG05R/Qw=",
 			"path": "github.com/aws/aws-sdk-go/service/cloud9",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "NU6AqUCd5TOrxaqFdWmo8l2oeOI=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudformation",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "hCz5z7QQz1416cCjbhjGjvbrdpY=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudfront",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "8PdtKqSEcLQ1V0Gnl2FAHJoOQy0=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudhsmv2",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "kM7Fxkb1OdCiOOmTlRIadqnsdt0=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudsearch",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "pKJec2iJiKDSY5UKmLSeYxLxucg=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudtrail",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "BD7EvXghMHMw52wtxISIhpJ4CTk=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudwatch",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "6Q9ZHEAsu92jsFOCwJAI+SjYYAk=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudwatchevents",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "YNl9xTPOb1SFVmwXDtmwzyGsx8U=",
 			"path": "github.com/aws/aws-sdk-go/service/cloudwatchlogs",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "p/I/GLsXOoZ0XdhDuSQ+lP4NlYM=",
 			"path": "github.com/aws/aws-sdk-go/service/codebuild",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "4KiQdvEfpTf2g+UF2rWlLg/kgok=",
 			"path": "github.com/aws/aws-sdk-go/service/codecommit",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "vT7k8uQ7ZfBVVJIYc/Yxui+yWI8=",
 			"path": "github.com/aws/aws-sdk-go/service/codedeploy",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "5uQsnuE2bMWQ2ypmll1rzXyNqPw=",
 			"path": "github.com/aws/aws-sdk-go/service/codepipeline",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "cx2wG4c6Q5gSTsAU6D/UZMQN/Kg=",
 			"path": "github.com/aws/aws-sdk-go/service/cognitoidentity",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "k4lfEcz91J29Wax6GPBlUUQb5bk=",
 			"path": "github.com/aws/aws-sdk-go/service/cognitoidentityprovider",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
-			"checksumSHA1": "qrxVu09idcoHIT2HqDJIbV3weUE=",
+			"checksumSHA1": "Pib86kjnYwOlLwU/98ITXtAXA0g=",
 			"path": "github.com/aws/aws-sdk-go/service/configservice",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "FEUIC6EG3tPnTuvmIsV4b3r9D+k=",
 			"path": "github.com/aws/aws-sdk-go/service/databasemigrationservice",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "I5sSvXLvlj9Ppv0HCbFXdN4tqn4=",
 			"path": "github.com/aws/aws-sdk-go/service/dax",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "/Wa2paWfntnF+4pRSsgMffedplE=",
 			"path": "github.com/aws/aws-sdk-go/service/devicefarm",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "hurqUivjVxLHaXEd2oS8JrwMGQs=",
 			"path": "github.com/aws/aws-sdk-go/service/directconnect",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "zxX7V0AIU1x2yX5Uyd9RMe0C3ok=",
 			"path": "github.com/aws/aws-sdk-go/service/directoryservice",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "mJR+NQiCTZGMy+eaCzbP4sEnX6w=",
 			"path": "github.com/aws/aws-sdk-go/service/dynamodb",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "OYW6KOQn3+mHCHpqhlZOUsFEpUE=",
 			"path": "github.com/aws/aws-sdk-go/service/ec2",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "V3D5pDdtXS0yVShpS/fOqFGxCrA=",
 			"path": "github.com/aws/aws-sdk-go/service/ecr",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "7igFr0esmtcs9V0F9iMs2k5uNDI=",
 			"path": "github.com/aws/aws-sdk-go/service/ecs",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "PQnfXJ0ZQIIMiqUUFs4bkUPHqnc=",
 			"path": "github.com/aws/aws-sdk-go/service/efs",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "pZoO4JKc/TJACuq1n9IHuhovD4k=",
 			"path": "github.com/aws/aws-sdk-go/service/elasticache",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "Z2ql82q2CJ3AXQ/Wi+3jhkpXmt0=",
 			"path": "github.com/aws/aws-sdk-go/service/elasticbeanstalk",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "BSSURh/ALTj0QW5BWPJkW3i+FN0=",
 			"path": "github.com/aws/aws-sdk-go/service/elasticsearchservice",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "JpvcQ+tc0yz2WZ0ne6zzxlbfscI=",
 			"path": "github.com/aws/aws-sdk-go/service/elastictranscoder",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "MgdGxbP8vjCkzkj1ukmU5Uqh3UA=",
 			"path": "github.com/aws/aws-sdk-go/service/elb",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "hgqHUngsP+NPjkZVqevXuioHnkE=",
 			"path": "github.com/aws/aws-sdk-go/service/elbv2",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "OQuas8ovzB34Yb2bCMBDsu8teu4=",
 			"path": "github.com/aws/aws-sdk-go/service/emr",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "P9J4eI4+Bde2V4P5SbQ5yrkC4v8=",
 			"path": "github.com/aws/aws-sdk-go/service/firehose",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "4DYLn0HnMhZvXXgx6VjbS/V0srA=",
 			"path": "github.com/aws/aws-sdk-go/service/fms",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "UPwhm+XWgDTDZ4wUziP+9RHOozg=",
 			"path": "github.com/aws/aws-sdk-go/service/gamelift",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "pOhtcgvfgH3qPUiqZrBgpawiu8I=",
 			"path": "github.com/aws/aws-sdk-go/service/glacier",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "2bqJtsfs1LDLLhczU/SNtmvkjcw=",
 			"path": "github.com/aws/aws-sdk-go/service/glue",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
-			"checksumSHA1": "cP4Rz6mIrnYIGYX8CKgZlZD0oPA=",
+			"checksumSHA1": "yMGyjJHSsK+Mb+SbNxGIcXhl67o=",
 			"path": "github.com/aws/aws-sdk-go/service/guardduty",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "DHrIPXQ0QzjE+Hnfwk0INR4rUkU=",
 			"path": "github.com/aws/aws-sdk-go/service/iam",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "pvrqgHDeZ3gAHIiZyZfwXOi9GD4=",
 			"path": "github.com/aws/aws-sdk-go/service/inspector",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "lKGIKcPcMErM1NJdXBsHLic1E8w=",
 			"path": "github.com/aws/aws-sdk-go/service/iot",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "zdG3e3bdyNaBuApO06pygeSJsJ4=",
 			"path": "github.com/aws/aws-sdk-go/service/kinesis",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "zmOo5EeLSGFEuIBiRQsVd4+SBJ0=",
 			"path": "github.com/aws/aws-sdk-go/service/kms",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "nlvFlqVKHyuyYHG88H3Yt/OA1e0=",
 			"path": "github.com/aws/aws-sdk-go/service/lambda",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "AO97b1GChOs2geiFc//6YcpVfX8=",
 			"path": "github.com/aws/aws-sdk-go/service/lexmodelbuildingservice",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "jyxQ6TEdSl9/j7qC0LCkVMSXkog=",
 			"path": "github.com/aws/aws-sdk-go/service/lightsail",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "lKyAXJ4S6uXuSR1/pQ9gCGHYSLI=",
 			"path": "github.com/aws/aws-sdk-go/service/mediaconvert",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "NVSUO8GRtIWDm7IexnBSmQWvBh8=",
 			"path": "github.com/aws/aws-sdk-go/service/medialive",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "ETmB3lf15r4sn18bB9ilBQVXto4=",
 			"path": "github.com/aws/aws-sdk-go/service/mediapackage",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "I1sxeu8aJOiM3a5/tnJya8blE3A=",
 			"path": "github.com/aws/aws-sdk-go/service/mediastore",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "AnipOpUAJroLkoknx4xacrO0qSA=",
 			"path": "github.com/aws/aws-sdk-go/service/mediastoredata",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "lAweYYdjcZ6acj6oI3HI9hX3eIQ=",
 			"path": "github.com/aws/aws-sdk-go/service/mq",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "X/WdGuHGMxRCvufmQxstVjdbFT4=",
 			"path": "github.com/aws/aws-sdk-go/service/opsworks",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "smOJ/rypXb18/Rjryf2a85paSa4=",
 			"path": "github.com/aws/aws-sdk-go/service/organizations",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "l3VeRGYSCtkXBvqVNVwRqb03Jko=",
 			"path": "github.com/aws/aws-sdk-go/service/rds",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "kapXC7OZ1fnkZ3N6p19+WUafn40=",
 			"path": "github.com/aws/aws-sdk-go/service/redshift",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "Hi/sxx81pqe+fI5VrS5+UK2DsDU=",
 			"path": "github.com/aws/aws-sdk-go/service/route53",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "KidzwXO5VKKI9zIuTAUsuF7KxIM=",
 			"path": "github.com/aws/aws-sdk-go/service/s3",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "OUQpREA6ZLi/zTX4vZc56+ZoZLI=",
 			"path": "github.com/aws/aws-sdk-go/service/sagemaker",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
-			"checksumSHA1": "A4o0zzrS7xtyYrmbeAKvda7Wyco=",
+			"checksumSHA1": "PfOnZISLrj6QcD+BpZH0EAeawQU=",
 			"path": "github.com/aws/aws-sdk-go/service/secretsmanager",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "cyCJGeDReKwRq69kTcd4lozkuIg=",
 			"path": "github.com/aws/aws-sdk-go/service/servicecatalog",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "NLj37wyUZIo8/Rp3zp+LDfr878M=",
 			"path": "github.com/aws/aws-sdk-go/service/servicediscovery",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "nXAp7K8BCFvsaSdorGV7swBEQgA=",
 			"path": "github.com/aws/aws-sdk-go/service/ses",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "q4qCE/5OiBJA1k8P0jQRx9UhKvs=",
 			"path": "github.com/aws/aws-sdk-go/service/sfn",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "hAIPfcEcdc8xJ7MseIufmssdE/s=",
 			"path": "github.com/aws/aws-sdk-go/service/simpledb",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "1Fin0tclPDC/+rL7V06GrzXaMXI=",
 			"path": "github.com/aws/aws-sdk-go/service/sns",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "T8ABBS2aS6yRTD6w3kjpgFLe/Zw=",
 			"path": "github.com/aws/aws-sdk-go/service/sqs",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "q5ApQXXApBOPXOYOLDOetdC4MNw=",
 			"path": "github.com/aws/aws-sdk-go/service/ssm",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "llx3DydC0nTbF0cZoYUjO9P1eZw=",
 			"path": "github.com/aws/aws-sdk-go/service/sts",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "i1yLjEKjcDxm0rakhcaDuAcQb7I=",
 			"path": "github.com/aws/aws-sdk-go/service/swf",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "Mf9nXjY0+Lq5RxEGEIYCYL8u+Kc=",
 			"path": "github.com/aws/aws-sdk-go/service/waf",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "iRNs3RoLjrzcBsPrSynhbEqY/4s=",
 			"path": "github.com/aws/aws-sdk-go/service/wafregional",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "LzD/Yb1Xzc4OPKZZadOGV2fpQto=",
 			"path": "github.com/aws/aws-sdk-go/service/workspaces",
-			"revision": "4f810fa5d8869fcfca0a0a7f6a834ee9cfa22095",
-			"revisionTime": "2018-05-02T20:08:43Z",
-			"version": "v1.13.40",
-			"versionExact": "v1.13.40"
+			"revision": "4f5d298bd2dcb34b06d944594f458d1f77ac4d66",
+			"revisionTime": "2018-05-04T20:21:19Z",
+			"version": "v1.13.42",
+			"versionExact": "v1.13.42"
 		},
 		{
 			"checksumSHA1": "usT4LCSQItkFvFOQT7cBlkCuGaE=",

From 05d0f9a227704df04c17665aa0523034593990de Mon Sep 17 00:00:00 2001
From: Douglas <dmachado@objective.com.br>
Date: Mon, 7 May 2018 09:28:38 -0300
Subject: [PATCH 44/71] moved test, updated doc and added update to terraform
 attribute

---
 aws/resource_aws_lb_target_group.go          | 11 ++++++++
 aws/resource_aws_lb_target_group_test.go     | 27 +++++++++++++++++---
 website/docs/r/lb_target_group.html.markdown |  1 +
 3 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/aws/resource_aws_lb_target_group.go b/aws/resource_aws_lb_target_group.go
index 687dea742dd..78d9be0053a 100644
--- a/aws/resource_aws_lb_target_group.go
+++ b/aws/resource_aws_lb_target_group.go
@@ -493,6 +493,17 @@ func flattenAwsLbTargetGroupResource(d *schema.ResourceData, meta interface{}, t
 		return errwrap.Wrapf("Error retrieving Target Group Attributes: {{err}}", err)
 	}
 
+	for _, attr := range attrResp.Attributes {
+		switch *attr.Key {
+		case "proxy_protocol_v2.enabled":
+			enabled, err := strconv.ParseBool(*attr.Value)
+			if err != nil {
+				return fmt.Errorf("Error converting proxy_protocol_v2.enabled to bool: %s", *attr.Value)
+			}
+			d.Set("proxy_protocol_v2", enabled)
+		}
+	}
+
 	// We only read in the stickiness attributes if the target group is not
 	// TCP-based. This ensures we don't end up causing a spurious diff if someone
 	// has defined the stickiness block on a TCP target group (albeit with
diff --git a/aws/resource_aws_lb_target_group_test.go b/aws/resource_aws_lb_target_group_test.go
index b8580558333..ea5654a58c9 100644
--- a/aws/resource_aws_lb_target_group_test.go
+++ b/aws/resource_aws_lb_target_group_test.go
@@ -157,10 +157,31 @@ func TestAccAWSLBTargetGroup_networkLB_TargetGroup(t *testing.T) {
 				ExpectNonEmptyPlan: true,
 				ExpectError:        regexp.MustCompile("Health check interval cannot be updated"),
 			},
+		},
+	})
+}
+
+func TestAccAWSLBTargetGroup_networkLB_TargetGroupWithProxy(t *testing.T) {
+	var confBefore, confAfter elbv2.TargetGroup
+	targetGroupName := fmt.Sprintf("test-target-group-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t) },
+		IDRefreshName: "aws_lb_target_group.test",
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccCheckAWSLBTargetGroupDestroy,
+		Steps: []resource.TestStep{
 			{
-				Config: testAccAWSLBTargetGroupConfig_typeTCP_withProxyProtocol(targetGroupName),
+				Config: testAccAWSLBTargetGroupConfig_typeTCP(targetGroupName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSLBTargetGroupExists("aws_lb_target_group.test", &confBefore),
+					resource.TestCheckResourceAttr("aws_lb_target_group.test", "proxy_protocol_v2", "false"),
+				),
+			},
+			{
+				Config: testAccAWSLBTargetGroupConfig_typeTCP_withProxyProtocol(targetGroupName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSLBTargetGroupExists("aws_lb_target_group.test", &confAfter),
 					resource.TestCheckResourceAttr("aws_lb_target_group.test", "proxy_protocol_v2", "true"),
 				),
 			},
@@ -1250,8 +1271,8 @@ func testAccAWSLBTargetGroupConfig_typeTCP_withProxyProtocol(targetGroupName str
   protocol = "TCP"
   vpc_id = "${aws_vpc.test.id}"
 	
-	proxy_protocol_v2 = "true"
-  deregistration_delay = 200
+	proxy_protocol_v2 = "true"    
+	deregistration_delay = 200
 
   health_check {
     interval = 10
diff --git a/website/docs/r/lb_target_group.html.markdown b/website/docs/r/lb_target_group.html.markdown
index 5ed67d91b75..15caa63f244 100644
--- a/website/docs/r/lb_target_group.html.markdown
+++ b/website/docs/r/lb_target_group.html.markdown
@@ -37,6 +37,7 @@ The following arguments are supported:
 * `protocol` - (Required) The protocol to use for routing traffic to the targets.
 * `vpc_id` - (Required) The identifier of the VPC in which to create the target group.
 * `deregistration_delay` - (Optional) The amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.
+* `proxy_protocol_v2` - (Optional) Boolean to enable / disable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information.
 * `stickiness` - (Optional) A Stickiness block. Stickiness blocks are documented below. `stickiness` is only valid if used with Load Balancers of type `Application`
 * `health_check` - (Optional) A Health Check block. Health Check blocks are documented below.
 * `target_type` - (Optional) The type of target that you must specify when registering targets with this target group.

From 6ac75676aef27eac4a2e3dc5e8f2a7ce7bcf0b00 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 7 May 2018 08:43:49 -0400
Subject: [PATCH 45/71] Update CHANGELOG for #4424

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e4b2a06123b..ef4712004ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 ## 1.18.0 (Unreleased)
 
+ENHANCEMENTS:
+
+* resource/aws_spot_fleet_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]
+* resource/aws_spot_instance_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]
+
 BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]

From f1eefc61b7133119bc4f6a830558c16b9ca9eecc Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 7 May 2018 08:55:26 -0400
Subject: [PATCH 46/71] Update CHANGELOG for #4463

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef4712004ec..f2dd268563a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ENHANCEMENTS:
 
 * resource/aws_spot_fleet_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]
+* resource/aws_spot_fleet_request: Add plan time validation for `valid_from` and `valid_until` arguments [GH-4463]
 * resource/aws_spot_instance_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]
 
 BUG FIXES:

From befddbbf2df43fac6263268e8af0d69a3053e24a Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 7 May 2018 09:08:26 -0400
Subject: [PATCH 47/71] Update CHANGELOG for #4465

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f2dd268563a..35a07120dbe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ ENHANCEMENTS:
 BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
+* resource/aws_s3_bucket: Prevent crash from empty string CORS arguments [GH-4465]
 * resource/aws_ssm_document: Add missing account ID to `arn` attribute [GH-4436]
 
 ## 1.17.0 (May 02, 2018)

From 2668456de0143f818b63d1efce86d829ca17f2da Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 7 May 2018 10:13:00 -0400
Subject: [PATCH 48/71] Update CHANGELOG for #3127

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 35a07120dbe..039e2d5602d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ ENHANCEMENTS:
 BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
+* resource/aws_redshift_cluster: Properly send all required parameters when resizing [GH-3127]
 * resource/aws_s3_bucket: Prevent crash from empty string CORS arguments [GH-4465]
 * resource/aws_ssm_document: Add missing account ID to `arn` attribute [GH-4436]
 

From fac71b822053cec442830fc52a539feb3325bd99 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 7 May 2018 11:12:51 -0400
Subject: [PATCH 49/71] Update CHANGELOG for #4365

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 039e2d5602d..b8c724a1b40 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ENHANCEMENTS:
 
+* resource/aws_lb_target_group: Add `proxy_protocol_v2` argument [GH-4365]
 * resource/aws_spot_fleet_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]
 * resource/aws_spot_fleet_request: Add plan time validation for `valid_from` and `valid_until` arguments [GH-4463]
 * resource/aws_spot_instance_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]

From f2ae6f9184b8cee2b4a68999b7454386134429f4 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 7 May 2018 13:54:00 -0400
Subject: [PATCH 50/71] Update CHANGELOG for #4344

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8c724a1b40..52a34597065 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,11 @@ ENHANCEMENTS:
 BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
+* resource/aws_launch_template: Prevent `parameter iops is not supported for gp2 volumes` error [GH-4344]
+* resource/aws_launch_template: Prevent `'iamInstanceProfile.name' may not be used in combination with 'iamInstanceProfile.arn'` error [GH-4344]
+* resource/aws_launch_template: Prevent `parameter groupName cannot be used with the parameter subnet` error [GH-4344]
+* resource/aws_launch_template: Allow `network_interface` `device_index` to be 0 [GH-4344]
+* resource/aws_launch_template: Separate usage of `ipv4_address_count`/`ipv6_address_count` from `ipv4_addresses`/`ipv6_addresses` [GH-4344]
 * resource/aws_redshift_cluster: Properly send all required parameters when resizing [GH-3127]
 * resource/aws_s3_bucket: Prevent crash from empty string CORS arguments [GH-4465]
 * resource/aws_ssm_document: Add missing account ID to `arn` attribute [GH-4436]

From f0046bf04ce4e0804828d2a67bba9e07ca9687a7 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 7 May 2018 13:54:57 -0400
Subject: [PATCH 51/71] Remove extraneous CHANGELOG entry for #4344

---
 CHANGELOG.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 52a34597065..58242192e1b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,7 +13,6 @@ BUG FIXES:
 * resource/aws_launch_template: Prevent `parameter iops is not supported for gp2 volumes` error [GH-4344]
 * resource/aws_launch_template: Prevent `'iamInstanceProfile.name' may not be used in combination with 'iamInstanceProfile.arn'` error [GH-4344]
 * resource/aws_launch_template: Prevent `parameter groupName cannot be used with the parameter subnet` error [GH-4344]
-* resource/aws_launch_template: Allow `network_interface` `device_index` to be 0 [GH-4344]
 * resource/aws_launch_template: Separate usage of `ipv4_address_count`/`ipv6_address_count` from `ipv4_addresses`/`ipv6_addresses` [GH-4344]
 * resource/aws_redshift_cluster: Properly send all required parameters when resizing [GH-3127]
 * resource/aws_s3_bucket: Prevent crash from empty string CORS arguments [GH-4465]

From d81b7239a1c47c85c36c7da626ac01a50c27bf7a Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 7 May 2018 14:40:24 -0400
Subject: [PATCH 52/71] Update CHANGELOG for #1685 and #4447

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 58242192e1b..d2f029104f2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ENHANCEMENTS:
 
+* resource/aws_dms_endpoint: Support `s3` `engine_name` and add `s3_settings` argument [GH-1685] and [GH-4447]
 * resource/aws_lb_target_group: Add `proxy_protocol_v2` argument [GH-4365]
 * resource/aws_spot_fleet_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]
 * resource/aws_spot_fleet_request: Add plan time validation for `valid_from` and `valid_until` arguments [GH-4463]

From a7753638a70aec7fe4ccfcd2e62985acc532a0a6 Mon Sep 17 00:00:00 2001
From: James Beavers <jamesjbeavers@gmail.com>
Date: Mon, 7 May 2018 15:57:55 -0400
Subject: [PATCH 53/71] resource/aws_sns_platform_application: documentation -
 fix inconsistent key name

---
 website/docs/r/sns_platform_application.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/r/sns_platform_application.html.markdown b/website/docs/r/sns_platform_application.html.markdown
index 9b4e1cbf6be..10935979551 100644
--- a/website/docs/r/sns_platform_application.html.markdown
+++ b/website/docs/r/sns_platform_application.html.markdown
@@ -43,7 +43,7 @@ The following arguments are supported:
 * `event_delivery_failure_topic_arn` - (Optional) SNS Topic triggered when a delivery to any of the platform endpoints associated with your platform application encounters a permanent failure.
 * `event_endpoint_created_topic_arn` - (Optional) SNS Topic triggered when a new platform endpoint is added to your platform application.
 * `event_endpoint_deleted_topic_arn` - (Optional) SNS Topic triggered when an existing platform endpoint is deleted from your platform application.
-* `event_endpoint_updated_topic` - (Optional) SNS Topic triggered when an existing platform endpoint is changed from your platform application.
+* `event_endpoint_updated_topic_arn` - (Optional) SNS Topic triggered when an existing platform endpoint is changed from your platform application.
 * `failure_feedback_role_arn` - (Optional) The IAM role permitted to receive failure feedback for this application.
 * `platform_principal` - (Optional) Application Platform principal. See [Principal][2] for type of principal required for platform. The value of this attribute when stored into the Terraform state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources.
 * `success_feedback_role_arn` - (Optional) The IAM role permitted to receive success feedback for this application.

From a56d0cfa458fae34642ef96ed60e5e9ba472673b Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Tue, 8 May 2018 07:30:59 -0400
Subject: [PATCH 54/71] docs/resource/aws_ecs_service: Clarify
 ordered_placement_strategy maximum

---
 website/docs/r/ecs_service.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/r/ecs_service.html.markdown b/website/docs/r/ecs_service.html.markdown
index eb3bc3c41ef..1939b77f6a8 100644
--- a/website/docs/r/ecs_service.html.markdown
+++ b/website/docs/r/ecs_service.html.markdown
@@ -74,7 +74,7 @@ The following arguments are supported:
 * `deployment_maximum_percent` - (Optional) The upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment.
 * `deployment_minimum_healthy_percent` - (Optional) The lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.
 * `placement_strategy` - (Optional) **Deprecated**, use `ordered_placement_strategy` instead.
-* `ordered_placement_strategy` - (Optional) Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of `placement_strategy` blocks is `5`. Defined below.
+* `ordered_placement_strategy` - (Optional) Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of `ordered_placement_strategy` blocks is `5`. Defined below.
 * `health_check_grace_period_seconds` - (Optional) Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers.
 * `load_balancer` - (Optional) A load balancer block. Load balancers documented below.
 * `placement_constraints` - (Optional) rules that are taken into consideration during task placement. Maximum number of

From 32dc74d4f8004204a26cd4c2b23ff53498447843 Mon Sep 17 00:00:00 2001
From: TomHutch <t.f.hutchinson@gmail.com>
Date: Tue, 8 May 2018 16:24:41 +0100
Subject: [PATCH 55/71] address pr feedback

---
 aws/provider.go                        |   2 +-
 aws/resource_aws_glue_catalog_table.go | 301 +++++++++++++------------
 website/aws.erb                        |   6 +-
 3 files changed, 165 insertions(+), 144 deletions(-)

diff --git a/aws/provider.go b/aws/provider.go
index 65b91b459d1..e08debcc2cf 100644
--- a/aws/provider.go
+++ b/aws/provider.go
@@ -391,9 +391,9 @@ func Provider() terraform.ResourceProvider {
 			"aws_gamelift_fleet":                           resourceAwsGameliftFleet(),
 			"aws_glacier_vault":                            resourceAwsGlacierVault(),
 			"aws_glue_catalog_database":                    resourceAwsGlueCatalogDatabase(),
+			"aws_glue_catalog_table":                       resourceAwsGlueCatalogTable(),
 			"aws_glue_connection":                          resourceAwsGlueConnection(),
 			"aws_glue_job":                                 resourceAwsGlueJob(),
-			"aws_glue_catalog_table":                       resourceAwsGlueCatalogTable(),
 			"aws_guardduty_detector":                       resourceAwsGuardDutyDetector(),
 			"aws_guardduty_ipset":                          resourceAwsGuardDutyIpset(),
 			"aws_guardduty_member":                         resourceAwsGuardDutyMember(),
diff --git a/aws/resource_aws_glue_catalog_table.go b/aws/resource_aws_glue_catalog_table.go
index 4185dddd002..cceb6c1e9c7 100644
--- a/aws/resource_aws_glue_catalog_table.go
+++ b/aws/resource_aws_glue_catalog_table.go
@@ -27,10 +27,6 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
-			"name": {
-				Type:     schema.TypeString,
-				Required: true,
-			},
 			"database_name": {
 				Type:     schema.TypeString,
 				ForceNew: true,
@@ -40,10 +36,40 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"name": {
+				Type:     schema.TypeString,
+				ForceNew: true,
+				Required: true,
+			},
 			"owner": {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"parameters": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"partition_keys": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"comment": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"type": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+			},
 			"retention": {
 				Type:     schema.TypeInt,
 				Optional: true,
@@ -54,11 +80,20 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"bucket_columns": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
 						"columns": {
 							Type:     schema.TypeList,
 							Optional: true,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
+									"comment": {
+										Type:     schema.TypeString,
+										Optional: true,
+									},
 									"name": {
 										Type:     schema.TypeString,
 										Required: true,
@@ -67,33 +102,34 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 										Type:     schema.TypeString,
 										Optional: true,
 									},
-									"comment": {
-										Type:     schema.TypeString,
-										Optional: true,
-									},
 								},
 							},
 						},
-						"location": {
-							Type:     schema.TypeString,
+						"compressed": {
+							Type:     schema.TypeBool,
 							Optional: true,
 						},
 						"input_format": {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
-						"output_format": {
+						"location": {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
-						"compressed": {
-							Type:     schema.TypeBool,
-							Optional: true,
-						},
 						"number_of_buckets": {
 							Type:     schema.TypeInt,
 							Optional: true,
 						},
+						"output_format": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"parameters": {
+							Type:     schema.TypeMap,
+							Optional: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
 						"ser_de_info": {
 							Type:     schema.TypeList,
 							Optional: true,
@@ -116,32 +152,6 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 								},
 							},
 						},
-						"bucket_columns": {
-							Type:     schema.TypeList,
-							Optional: true,
-							Elem:     &schema.Schema{Type: schema.TypeString},
-						},
-						"sort_columns": {
-							Type:     schema.TypeList,
-							Optional: true,
-							Elem: &schema.Resource{
-								Schema: map[string]*schema.Schema{
-									"column": {
-										Type:     schema.TypeString,
-										Required: true,
-									},
-									"sort_order": {
-										Type:     schema.TypeInt,
-										Required: true,
-									},
-								},
-							},
-						},
-						"parameters": {
-							Type:     schema.TypeMap,
-							Optional: true,
-							Elem:     &schema.Schema{Type: schema.TypeString},
-						},
 						"skewed_info": {
 							Type:     schema.TypeList,
 							Optional: true,
@@ -153,19 +163,35 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 										Optional: true,
 										Elem:     &schema.Schema{Type: schema.TypeString},
 									},
-									"skewed_column_value_location_maps": {
-										Type:     schema.TypeMap,
+									"skewed_column_values": {
+										Type:     schema.TypeList,
 										Optional: true,
 										Elem:     &schema.Schema{Type: schema.TypeString},
 									},
-									"skewed_column_values": {
-										Type:     schema.TypeList,
+									"skewed_column_value_location_maps": {
+										Type:     schema.TypeMap,
 										Optional: true,
 										Elem:     &schema.Schema{Type: schema.TypeString},
 									},
 								},
 							},
 						},
+						"sort_columns": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"column": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+									"sort_order": {
+										Type:     schema.TypeInt,
+										Required: true,
+									},
+								},
+							},
+						},
 						"stored_as_sub_directories": {
 							Type:     schema.TypeBool,
 							Optional: true,
@@ -173,25 +199,9 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 					},
 				},
 			},
-			"partition_keys": {
-				Type:     schema.TypeList,
+			"table_type": {
+				Type:     schema.TypeString,
 				Optional: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"name": {
-							Type:     schema.TypeString,
-							Required: true,
-						},
-						"type": {
-							Type:     schema.TypeString,
-							Optional: true,
-						},
-						"comment": {
-							Type:     schema.TypeString,
-							Optional: true,
-						},
-					},
-				},
 			},
 			"view_original_text": {
 				Type:     schema.TypeString,
@@ -201,34 +211,28 @@ func resourceAwsGlueCatalogTable() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
-			"table_type": {
-				Type:     schema.TypeString,
-				Optional: true,
-			},
-			"parameters": {
-				Type:     schema.TypeMap,
-				Optional: true,
-				Elem:     &schema.Schema{Type: schema.TypeString},
-			},
 		},
 	}
 }
 
-func readAwsGlueTableID(id string) (catalogID string, dbName string, name string) {
+func readAwsGlueTableID(id string) (catalogID string, dbName string, name string, error error) {
 	idParts := strings.Split(id, ":")
-	return idParts[0], idParts[1], idParts[2]
+	if len(idParts) != 3 {
+		return "", "", "", fmt.Errorf("expected ID in format catalog-id:database-name:table-name, received: %s", id)
+	}
+	return idParts[0], idParts[1], idParts[2], nil
 }
 
-func resourceAwsGlueCatalogTableCreate(t *schema.ResourceData, meta interface{}) error {
+func resourceAwsGlueCatalogTableCreate(d *schema.ResourceData, meta interface{}) error {
 	glueconn := meta.(*AWSClient).glueconn
-	catalogID := createAwsGlueCatalogID(t, meta.(*AWSClient).accountid)
-	dbName := t.Get("database_name").(string)
-	name := t.Get("name").(string)
+	catalogID := createAwsGlueCatalogID(d, meta.(*AWSClient).accountid)
+	dbName := d.Get("database_name").(string)
+	name := d.Get("name").(string)
 
 	input := &glue.CreateTableInput{
 		CatalogId:    aws.String(catalogID),
 		DatabaseName: aws.String(dbName),
-		TableInput:   expandGlueTableInput(t),
+		TableInput:   expandGlueTableInput(d),
 	}
 
 	_, err := glueconn.CreateTable(input)
@@ -236,15 +240,18 @@ func resourceAwsGlueCatalogTableCreate(t *schema.ResourceData, meta interface{})
 		return fmt.Errorf("Error creating Catalog Table: %s", err)
 	}
 
-	t.SetId(fmt.Sprintf("%s:%s:%s", catalogID, dbName, name))
+	d.SetId(fmt.Sprintf("%s:%s:%s", catalogID, dbName, name))
 
-	return resourceAwsGlueCatalogTableRead(t, meta)
+	return resourceAwsGlueCatalogTableRead(d, meta)
 }
 
-func resourceAwsGlueCatalogTableRead(t *schema.ResourceData, meta interface{}) error {
+func resourceAwsGlueCatalogTableRead(d *schema.ResourceData, meta interface{}) error {
 	glueconn := meta.(*AWSClient).glueconn
 
-	catalogID, dbName, name := readAwsGlueTableID(t.Id())
+	catalogID, dbName, name, err := readAwsGlueTableID(d.Id())
+	if err != nil {
+		return err
+	}
 
 	input := &glue.GetTableInput{
 		CatalogId:    aws.String(catalogID),
@@ -256,50 +263,67 @@ func resourceAwsGlueCatalogTableRead(t *schema.ResourceData, meta interface{}) e
 	if err != nil {
 
 		if isAWSErr(err, glue.ErrCodeEntityNotFoundException, "") {
-			log.Printf("[WARN] Glue Catalog Table (%s) not found, removing from state", t.Id())
-			t.SetId("")
+			log.Printf("[WARN] Glue Catalog Table (%s) not found, removing from state", d.Id())
+			d.SetId("")
 		}
 
 		return fmt.Errorf("Error reading Glue Catalog Table: %s", err)
 	}
 
-	t.Set("name", out.Table.Name)
-	t.Set("catalog_id", catalogID)
-	t.Set("database_name", dbName)
-	t.Set("description", out.Table.Description)
-	t.Set("owner", out.Table.Owner)
-	t.Set("retention", out.Table.Retention)
-	t.Set("storage_descriptor", flattenStorageDescriptor(out.Table.StorageDescriptor))
-	t.Set("partition_keys", flattenGlueColumns(out.Table.PartitionKeys))
-	t.Set("view_original_text", out.Table.ViewOriginalText)
-	t.Set("view_expanded_text", out.Table.ViewExpandedText)
-	t.Set("table_type", out.Table.TableType)
-	t.Set("parameters", flattenStringParameters(out.Table.Parameters))
+	d.Set("name", out.Table.Name)
+	d.Set("catalog_id", catalogID)
+	d.Set("database_name", dbName)
+	d.Set("description", out.Table.Description)
+	d.Set("owner", out.Table.Owner)
+	d.Set("retention", out.Table.Retention)
+
+	if err := d.Set("storage_descriptor", flattenGlueStorageDescriptor(out.Table.StorageDescriptor)); err != nil {
+		return fmt.Errorf("error setting storage_descriptor: %s", err)
+	}
+
+	if err := d.Set("partition_keys", flattenGlueColumns(out.Table.PartitionKeys)); err != nil {
+		return fmt.Errorf("error setting partition_keys: %s", err)
+	}
+
+	d.Set("view_original_text", out.Table.ViewOriginalText)
+	d.Set("view_expanded_text", out.Table.ViewExpandedText)
+	d.Set("table_type", out.Table.TableType)
+
+	if err := d.Set("parameters", flattenStringParameters(out.Table.Parameters)); err != nil {
+		return fmt.Errorf("error setting parameters: %s", err)
+	}
 
 	return nil
 }
 
-func resourceAwsGlueCatalogTableUpdate(t *schema.ResourceData, meta interface{}) error {
+func resourceAwsGlueCatalogTableUpdate(d *schema.ResourceData, meta interface{}) error {
 	glueconn := meta.(*AWSClient).glueconn
 
-	catalogID, dbName, _ := readAwsGlueTableID(t.Id())
+	catalogID, dbName, _, err := readAwsGlueTableID(d.Id())
+	if err != nil {
+		return err
+	}
 
 	updateTableInput := &glue.UpdateTableInput{
 		CatalogId:    aws.String(catalogID),
 		DatabaseName: aws.String(dbName),
-		TableInput:   expandGlueTableInput(t),
+		TableInput:   expandGlueTableInput(d),
 	}
 
 	if _, err := glueconn.UpdateTable(updateTableInput); err != nil {
 		return fmt.Errorf("Error updating Glue Catalog Table: %s", err)
 	}
 
-	return resourceAwsGlueCatalogTableRead(t, meta)
+	return resourceAwsGlueCatalogTableRead(d, meta)
 }
 
-func resourceAwsGlueCatalogTableDelete(t *schema.ResourceData, meta interface{}) error {
+func resourceAwsGlueCatalogTableDelete(d *schema.ResourceData, meta interface{}) error {
 	glueconn := meta.(*AWSClient).glueconn
-	catalogID, dbName, name := readAwsGlueTableID(t.Id())
+
+	catalogID, dbName, name, tableIdErr := readAwsGlueTableID(d.Id())
+	if tableIdErr != nil {
+		return tableIdErr
+	}
 
 	log.Printf("[DEBUG] Glue Catalog Table: %s:%s:%s", catalogID, dbName, name)
 	_, err := glueconn.DeleteTable(&glue.DeleteTableInput{
@@ -313,47 +337,46 @@ func resourceAwsGlueCatalogTableDelete(t *schema.ResourceData, meta interface{})
 	return nil
 }
 
-func expandGlueTableInput(t *schema.ResourceData) *glue.TableInput {
+func expandGlueTableInput(d *schema.ResourceData) *glue.TableInput {
 	tableInput := &glue.TableInput{
-		Name: aws.String(t.Get("name").(string)),
+		Name: aws.String(d.Get("name").(string)),
 	}
 
-	if v, ok := t.GetOk("description"); ok {
+	if v, ok := d.GetOk("description"); ok {
 		tableInput.Description = aws.String(v.(string))
 	}
 
-	if v, ok := t.GetOk("owner"); ok {
+	if v, ok := d.GetOk("owner"); ok {
 		tableInput.Owner = aws.String(v.(string))
 	}
 
-	if v, ok := t.GetOk("retention"); ok {
+	if v, ok := d.GetOk("retention"); ok {
 		tableInput.Retention = aws.Int64(int64(v.(int)))
 	}
 
-	if v, ok := t.GetOk("storage_descriptor"); ok {
-		for _, elem := range v.([]interface{}) {
-			tableInput.StorageDescriptor = expandGlueStorageDescriptor(elem.(map[string]interface{}))
-		}
+	if v, ok := d.GetOk("storage_descriptor"); ok {
+		list := v.([]interface{})
+		tableInput.StorageDescriptor = expandGlueStorageDescriptor(list[0].(map[string]interface{}))
 	}
 
-	if v, ok := t.GetOk("partition_keys"); ok {
+	if v, ok := d.GetOk("partition_keys"); ok {
 		columns := expandGlueColumns(v.([]interface{}))
 		tableInput.PartitionKeys = columns
 	}
 
-	if v, ok := t.GetOk("view_original_text"); ok {
+	if v, ok := d.GetOk("view_original_text"); ok {
 		tableInput.ViewOriginalText = aws.String(v.(string))
 	}
 
-	if v, ok := t.GetOk("view_expanded_text"); ok {
+	if v, ok := d.GetOk("view_expanded_text"); ok {
 		tableInput.ViewExpandedText = aws.String(v.(string))
 	}
 
-	if v, ok := t.GetOk("table_type"); ok {
+	if v, ok := d.GetOk("table_type"); ok {
 		tableInput.TableType = aws.String(v.(string))
 	}
 
-	if v, ok := t.GetOk("parameters"); ok {
+	if v, ok := d.GetOk("parameters"); ok {
 		paramsMap := map[string]string{}
 		for key, value := range v.(map[string]interface{}) {
 			paramsMap[key] = value.(string)
@@ -393,9 +416,8 @@ func expandGlueStorageDescriptor(s map[string]interface{}) *glue.StorageDescript
 	}
 
 	if v, ok := s["ser_de_info"]; ok {
-		for _, elem := range v.([]interface{}) {
-			storageDescriptor.SerdeInfo = expandSerDeInfo(elem.(map[string]interface{}))
-		}
+		list := v.([]interface{})
+		storageDescriptor.SerdeInfo = expandGlueSerDeInfo(list[0].(map[string]interface{}))
 	}
 
 	if v, ok := s["bucket_columns"]; ok {
@@ -407,13 +429,12 @@ func expandGlueStorageDescriptor(s map[string]interface{}) *glue.StorageDescript
 	}
 
 	if v, ok := s["sort_columns"]; ok {
-		storageDescriptor.SortColumns = expandSortColumns(v.([]interface{}))
+		storageDescriptor.SortColumns = expandGlueSortColumns(v.([]interface{}))
 	}
 
 	if v, ok := s["skewed_info"]; ok {
-		for _, elem := range v.([]interface{}) {
-			storageDescriptor.SkewedInfo = expandSkewedInfo(elem.(map[string]interface{}))
-		}
+		list := v.([]interface{})
+		storageDescriptor.SkewedInfo = expandGlueSkewedInfo(list[0].(map[string]interface{}))
 	}
 
 	if v, ok := s["parameters"]; ok {
@@ -454,7 +475,7 @@ func expandGlueColumns(columns []interface{}) []*glue.Column {
 	return columnSlice
 }
 
-func expandSerDeInfo(s map[string]interface{}) *glue.SerDeInfo {
+func expandGlueSerDeInfo(s map[string]interface{}) *glue.SerDeInfo {
 	serDeInfo := &glue.SerDeInfo{}
 
 	if v, ok := s["name"]; ok {
@@ -476,7 +497,7 @@ func expandSerDeInfo(s map[string]interface{}) *glue.SerDeInfo {
 	return serDeInfo
 }
 
-func expandSortColumns(columns []interface{}) []*glue.Order {
+func expandGlueSortColumns(columns []interface{}) []*glue.Order {
 	orderSlice := make([]*glue.Order, len(columns))
 
 	for i, element := range columns {
@@ -496,7 +517,7 @@ func expandSortColumns(columns []interface{}) []*glue.Order {
 	return orderSlice
 }
 
-func expandSkewedInfo(s map[string]interface{}) *glue.SkewedInfo {
+func expandGlueSkewedInfo(s map[string]interface{}) *glue.SkewedInfo {
 	skewedInfo := &glue.SkewedInfo{}
 
 	if v, ok := s["skewed_column_names"]; ok {
@@ -526,7 +547,7 @@ func expandSkewedInfo(s map[string]interface{}) *glue.SkewedInfo {
 	return skewedInfo
 }
 
-func flattenStorageDescriptor(s *glue.StorageDescriptor) []map[string]interface{} {
+func flattenGlueStorageDescriptor(s *glue.StorageDescriptor) []map[string]interface{} {
 	if s == nil {
 		storageDescriptors := make([]map[string]interface{}, 0)
 		return storageDescriptors
@@ -537,17 +558,17 @@ func flattenStorageDescriptor(s *glue.StorageDescriptor) []map[string]interface{
 	storageDescriptor := make(map[string]interface{})
 
 	storageDescriptor["columns"] = flattenGlueColumns(s.Columns)
-	storageDescriptor["location"] = *s.Location
-	storageDescriptor["input_format"] = *s.InputFormat
-	storageDescriptor["output_format"] = *s.OutputFormat
-	storageDescriptor["compressed"] = *s.Compressed
-	storageDescriptor["number_of_buckets"] = *s.NumberOfBuckets
-	storageDescriptor["ser_de_info"] = flattenSerDeInfo(s.SerdeInfo)
+	storageDescriptor["location"] = aws.StringValue(s.Location)
+	storageDescriptor["input_format"] = aws.StringValue(s.InputFormat)
+	storageDescriptor["output_format"] = aws.StringValue(s.OutputFormat)
+	storageDescriptor["compressed"] = aws.BoolValue(s.Compressed)
+	storageDescriptor["number_of_buckets"] = aws.Int64Value(s.NumberOfBuckets)
+	storageDescriptor["ser_de_info"] = flattenGlueSerDeInfo(s.SerdeInfo)
 	storageDescriptor["bucket_columns"] = flattenStringList(s.BucketColumns)
-	storageDescriptor["sort_columns"] = flattenOrders(s.SortColumns)
+	storageDescriptor["sort_columns"] = flattenGlueOrders(s.SortColumns)
 	storageDescriptor["parameters"] = flattenStringParameters(s.Parameters)
-	storageDescriptor["skewed_info"] = flattenSkewedInfo(s.SkewedInfo)
-	storageDescriptor["stored_as_sub_directories"] = *s.StoredAsSubDirectories
+	storageDescriptor["skewed_info"] = flattenGlueSkewedInfo(s.SkewedInfo)
+	storageDescriptor["stored_as_sub_directories"] = aws.BoolValue(s.StoredAsSubDirectories)
 
 	storageDescriptors[0] = storageDescriptor
 
@@ -594,7 +615,7 @@ func flattenStringParameters(p map[string]*string) map[string]string {
 	return tParams
 }
 
-func flattenSerDeInfo(s *glue.SerDeInfo) []map[string]interface{} {
+func flattenGlueSerDeInfo(s *glue.SerDeInfo) []map[string]interface{} {
 	if s == nil {
 		serDeInfos := make([]map[string]interface{}, 0)
 		return serDeInfos
@@ -611,7 +632,7 @@ func flattenSerDeInfo(s *glue.SerDeInfo) []map[string]interface{} {
 	return serDeInfos
 }
 
-func flattenOrders(os []*glue.Order) []map[string]interface{} {
+func flattenGlueOrders(os []*glue.Order) []map[string]interface{} {
 	orders := make([]map[string]interface{}, len(os))
 	for i, v := range os {
 		order := make(map[string]interface{})
@@ -623,7 +644,7 @@ func flattenOrders(os []*glue.Order) []map[string]interface{} {
 	return orders
 }
 
-func flattenSkewedInfo(s *glue.SkewedInfo) []map[string]interface{} {
+func flattenGlueSkewedInfo(s *glue.SkewedInfo) []map[string]interface{} {
 	if s == nil {
 		skewedInfoSlice := make([]map[string]interface{}, 0)
 		return skewedInfoSlice
diff --git a/website/aws.erb b/website/aws.erb
index e1e5d969945..70bfc88db46 100644
--- a/website/aws.erb
+++ b/website/aws.erb
@@ -1093,15 +1093,15 @@
                         <li<%= sidebar_current("docs-aws-resource-glue-catalog-database") %>>
                             <a href="/docs/providers/aws/r/glue_catalog_database.html">aws_glue_catalog_database</a>
                         </li>
+                        <li<%= sidebar_current("docs-aws-resource-glue-catalog-table") %>>
+                            <a href="/docs/providers/aws/r/glue_catalog_table.html">aws_glue_catalog_table</a>
+                        </li>
                         <li<%= sidebar_current("docs-aws-resource-glue-connection") %>>
                             <a href="/docs/providers/aws/r/glue_connection.html">aws_glue_connection</a>
                         </li>
                         <li<%= sidebar_current("docs-aws-resource-glue-job") %>>
                             <a href="/docs/providers/aws/r/glue_job.html">aws_glue_job</a>
                         </li>
-                        <li<%= sidebar_current("docs-aws-resource-glue-catalog-table") %>>
-                            <a href="/docs/providers/aws/r/glue_catalog_table.html">aws_glue_catalog_table</a>
-                        </li>
                     </ul>
                  </li>
 

From bf3feeb35f61daf483a1f057ca59036bee60308e Mon Sep 17 00:00:00 2001
From: TomHutch <t.f.hutchinson@gmail.com>
Date: Tue, 8 May 2018 16:33:25 +0100
Subject: [PATCH 56/71] update use of readAwsGlueTableID in tests

---
 aws/resource_aws_glue_catalog_table_test.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/aws/resource_aws_glue_catalog_table_test.go b/aws/resource_aws_glue_catalog_table_test.go
index 819eeabeb3d..ae80ef55c2b 100644
--- a/aws/resource_aws_glue_catalog_table_test.go
+++ b/aws/resource_aws_glue_catalog_table_test.go
@@ -472,7 +472,10 @@ func testAccCheckGlueTableDestroy(s *terraform.State) error {
 			continue
 		}
 
-		catalogId, dbName, tableName := readAwsGlueTableID(rs.Primary.ID)
+		catalogId, dbName, tableName, err := readAwsGlueTableID(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
 
 		input := &glue.GetTableInput{
 			DatabaseName: aws.String(dbName),
@@ -503,7 +506,10 @@ func testAccCheckGlueCatalogTableExists(name string) resource.TestCheckFunc {
 			return fmt.Errorf("No ID is set")
 		}
 
-		catalogId, dbName, tableName := readAwsGlueTableID(rs.Primary.ID)
+		catalogId, dbName, tableName, err := readAwsGlueTableID(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
 
 		glueconn := testAccProvider.Meta().(*AWSClient).glueconn
 		out, err := glueconn.GetTable(&glue.GetTableInput{

From 59b75d931f6c61bebf12bce448c66b9570b7883b Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Tue, 8 May 2018 12:25:44 -0400
Subject: [PATCH 57/71] Update CHANGELOG for #4368

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d2f029104f2..b4a0c8729a8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## 1.18.0 (Unreleased)
 
+FEATURES:
+
+* **New Resource:** `aws_glue_catalog_table` [GH-4368]
+
 ENHANCEMENTS:
 
 * resource/aws_dms_endpoint: Support `s3` `engine_name` and add `s3_settings` argument [GH-1685] and [GH-4447]

From d9f3cffb4cf8346bb610adb693934840fb3a87ea Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Tue, 8 May 2018 12:30:16 -0400
Subject: [PATCH 58/71] Add import documentation

---
 website/docs/r/glue_catalog_table.html.markdown | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/website/docs/r/glue_catalog_table.html.markdown b/website/docs/r/glue_catalog_table.html.markdown
index 7855d3d9045..0ed5fcb16b9 100644
--- a/website/docs/r/glue_catalog_table.html.markdown
+++ b/website/docs/r/glue_catalog_table.html.markdown
@@ -74,3 +74,10 @@ The following arguments are supported:
 * `skewed_column_value_location_maps` - (Optional) A list of values that appear so frequently as to be considered skewed.
 * `skewed_column_values` - (Optional) A mapping of skewed values to the columns that contain them.
 
+## Import
+
+Glue Tables can be imported with their catalog ID (usually AWS account ID), database name, and table name, e.g.
+
+```
+$ terraform import aws_glue_catalog_table.MyTable 123456789012:MyDatabase:MyTable
+```

From c16d13d3954767d920b9b246f6ee35ae895b57ac Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Tue, 8 May 2018 15:18:00 -0400
Subject: [PATCH 59/71] docs/resource/aws_ssm_patch_baseline: Add CENTOS to
 operating_system valid values

---
 website/docs/r/ssm_patch_baseline.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/r/ssm_patch_baseline.html.markdown b/website/docs/r/ssm_patch_baseline.html.markdown
index 647ba6aa9b7..6464a3846fa 100644
--- a/website/docs/r/ssm_patch_baseline.html.markdown
+++ b/website/docs/r/ssm_patch_baseline.html.markdown
@@ -78,7 +78,7 @@ The following arguments are supported:
 
 * `name` - (Required) The name of the patch baseline.
 * `description` - (Optional) The description of the patch baseline.
-* `operating_system` - (Optional) Defines the operating system the patch baseline applies to. Supported operating systems include `WINDOWS`, `AMAZON_LINUX`, `UBUNTU` and `REDHAT_ENTERPRISE_LINUX`. The Default value is `WINDOWS`.
+* `operating_system` - (Optional) Defines the operating system the patch baseline applies to. Supported operating systems include `WINDOWS`, `AMAZON_LINUX`, `UBUNTU`, `CENTOS`, and `REDHAT_ENTERPRISE_LINUX`. The Default value is `WINDOWS`.
 * `approved_patches_compliance_level` - (Optional) Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFORMATIONAL`, `UNSPECIFIED`. The default value is `UNSPECIFIED`.
 * `approved_patches` - (Optional) A list of explicitly approved patches for the baseline.
 * `rejected_patches` - (Optional) A list of rejected patches.

From 8ae7c1fda4fedef1e31fb1473ee9a1ccb315cacc Mon Sep 17 00:00:00 2001
From: Pang-Yen Chou <pang-yen.chou@tngtech.com>
Date: Tue, 8 May 2018 21:42:34 +0200
Subject: [PATCH 60/71] Fixes an issue where the `cname_prefix` attribute isn't
 correctly read in China.

---
 aws/resource_aws_elastic_beanstalk_environment.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws/resource_aws_elastic_beanstalk_environment.go b/aws/resource_aws_elastic_beanstalk_environment.go
index 48f20587c78..1f1579f9538 100644
--- a/aws/resource_aws_elastic_beanstalk_environment.go
+++ b/aws/resource_aws_elastic_beanstalk_environment.go
@@ -584,7 +584,7 @@ func resourceAwsElasticBeanstalkEnvironmentRead(d *schema.ResourceData, meta int
 	}
 
 	if env.CNAME != nil {
-		beanstalkCnamePrefixRegexp := regexp.MustCompile(`(^[^.]+)(.\w{2}-\w{4,9}-\d)?.elasticbeanstalk.com$`)
+		beanstalkCnamePrefixRegexp := regexp.MustCompile(`(^[^.]+)(.\w{2}-\w{4,9}-\d)?.(elasticbeanstalk.com|eb.amazonaws.com.cn)$`)
 		var cnamePrefix string
 		cnamePrefixMatch := beanstalkCnamePrefixRegexp.FindStringSubmatch(*env.CNAME)
 

From 40e0738434f70c2a49433d3fc312af9cfe023d06 Mon Sep 17 00:00:00 2001
From: Joshua Carp <jm.carp@gmail.com>
Date: Tue, 8 May 2018 23:03:08 -0400
Subject: [PATCH 61/71] Fix root volume lookup.

[Fixes #4469]
---
 aws/resource_aws_instance.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws/resource_aws_instance.go b/aws/resource_aws_instance.go
index ce867c5a9c5..609baf3b830 100644
--- a/aws/resource_aws_instance.go
+++ b/aws/resource_aws_instance.go
@@ -1335,7 +1335,7 @@ func fetchRootDeviceName(ami string, conn *ec2.EC2) (*string, error) {
 	// BlockDeviceMapping entry serves as the root device.
 	rootDeviceNameInMapping := false
 	for _, bdm := range image.BlockDeviceMappings {
-		if bdm.DeviceName == image.RootDeviceName {
+		if aws.StringValue(bdm.DeviceName) == aws.StringValue(image.RootDeviceName) {
 			rootDeviceNameInMapping = true
 		}
 	}

From 307be1eb60232f420e04556c3f84e1f543eb4f0d Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Wed, 9 May 2018 08:46:29 -0400
Subject: [PATCH 62/71] Update CHANGELOG for #4485

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b4a0c8729a8..7572f701c9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ ENHANCEMENTS:
 BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
+* resource/aws_elastic_beanstalk_environment: Correctly handle `cname_prefix` attribute China partition [GH-4485]
 * resource/aws_launch_template: Prevent `parameter iops is not supported for gp2 volumes` error [GH-4344]
 * resource/aws_launch_template: Prevent `'iamInstanceProfile.name' may not be used in combination with 'iamInstanceProfile.arn'` error [GH-4344]
 * resource/aws_launch_template: Prevent `parameter groupName cannot be used with the parameter subnet` error [GH-4344]

From 98439e81f41d7113d048c0e2f0f58686dbf89a19 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Wed, 9 May 2018 08:46:54 -0400
Subject: [PATCH 63/71] Update CHANGELOG for #4485

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7572f701c9f..dbcd1dffaa8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,7 +15,7 @@ ENHANCEMENTS:
 BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
-* resource/aws_elastic_beanstalk_environment: Correctly handle `cname_prefix` attribute China partition [GH-4485]
+* resource/aws_elastic_beanstalk_environment: Correctly handle `cname_prefix` attribute in China partition [GH-4485]
 * resource/aws_launch_template: Prevent `parameter iops is not supported for gp2 volumes` error [GH-4344]
 * resource/aws_launch_template: Prevent `'iamInstanceProfile.name' may not be used in combination with 'iamInstanceProfile.arn'` error [GH-4344]
 * resource/aws_launch_template: Prevent `parameter groupName cannot be used with the parameter subnet` error [GH-4344]

From 53fb1ce2b1ec6e267cfef9e3be41d7491e30984e Mon Sep 17 00:00:00 2001
From: Joshua Carp <jm.carp@gmail.com>
Date: Wed, 9 May 2018 11:10:02 -0400
Subject: [PATCH 64/71] Add regression tests for #4469.

---
 aws/resource_aws_instance_test.go | 59 +++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/aws/resource_aws_instance_test.go b/aws/resource_aws_instance_test.go
index a9356dc5f9a..151483fcb30 100644
--- a/aws/resource_aws_instance_test.go
+++ b/aws/resource_aws_instance_test.go
@@ -8,6 +8,8 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/hashicorp/terraform/helper/acctest"
 	"github.com/hashicorp/terraform/helper/resource"
@@ -15,6 +17,63 @@ import (
 	"github.com/hashicorp/terraform/terraform"
 )
 
+func TestFetchRootDevice(t *testing.T) {
+	cases := []struct {
+		label  string
+		images []*ec2.Image
+		name   string
+	}{
+		{
+			"device name in mappings",
+			[]*ec2.Image{{
+				RootDeviceType: aws.String("ebs"),
+				RootDeviceName: aws.String("/dev/xvda"),
+				BlockDeviceMappings: []*ec2.BlockDeviceMapping{
+					{DeviceName: aws.String("/dev/xvdb")},
+					{DeviceName: aws.String("/dev/xvda")},
+				},
+			}},
+			"/dev/xvda",
+		},
+		{
+			"device name not in mappings",
+			[]*ec2.Image{{
+				RootDeviceType: aws.String("ebs"),
+				RootDeviceName: aws.String("/dev/xvda"),
+				BlockDeviceMappings: []*ec2.BlockDeviceMapping{
+					{DeviceName: aws.String("/dev/xvdb")},
+					{DeviceName: aws.String("/dev/xvdc")},
+				},
+			}},
+			"/dev/xvdb",
+		},
+		{
+			"no images",
+			[]*ec2.Image{},
+			"",
+		},
+	}
+
+	conn := ec2.New(session.New(nil))
+
+	for _, tc := range cases {
+		t.Run(fmt.Sprintf(tc.label), func(t *testing.T) {
+			conn.Handlers.Clear()
+			conn.Handlers.Send.PushBack(func(r *request.Request) {
+				data := r.Data.(*ec2.DescribeImagesOutput)
+				data.Images = tc.images
+			})
+			name, err := fetchRootDeviceName("ami-123", conn)
+			if err != nil {
+				t.Errorf("Error fetching device name: %s", err)
+			}
+			if tc.name != aws.StringValue(name) {
+				t.Errorf("Expected name %s, got %s", tc.name, aws.StringValue(name))
+			}
+		})
+	}
+}
+
 func TestAccAWSInstance_basic(t *testing.T) {
 	var v ec2.Instance
 	var vol *ec2.Volume

From c01b933d54906e08972c20d8b8fdb1a837026385 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Wed, 9 May 2018 11:36:15 -0400
Subject: [PATCH 65/71] Update CHANGELOG for #4489

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dbcd1dffaa8..35c09a11f8d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
 * resource/aws_elastic_beanstalk_environment: Correctly handle `cname_prefix` attribute in China partition [GH-4485]
+* resource/aws_instance: Fix `root_device_mapping` matching of expected root device name with multiple block devices. [GH-4489]
 * resource/aws_launch_template: Prevent `parameter iops is not supported for gp2 volumes` error [GH-4344]
 * resource/aws_launch_template: Prevent `'iamInstanceProfile.name' may not be used in combination with 'iamInstanceProfile.arn'` error [GH-4344]
 * resource/aws_launch_template: Prevent `parameter groupName cannot be used with the parameter subnet` error [GH-4344]

From 1c683760b964e0854c661971e1cbcfed0549b415 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Wed, 9 May 2018 15:21:57 -0400
Subject: [PATCH 66/71] resource/aws_acmpca_certificate_authority: Set
 Required: true on certificate_authority_configuration and subject, clarify
 subject requirement in documentation

---
 aws/resource_aws_acmpca_certificate_authority.go          | 4 ++--
 website/docs/r/acmpca_certificate_authority.html.markdown | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/aws/resource_aws_acmpca_certificate_authority.go b/aws/resource_aws_acmpca_certificate_authority.go
index 067fe3d69d4..81bc3479f41 100644
--- a/aws/resource_aws_acmpca_certificate_authority.go
+++ b/aws/resource_aws_acmpca_certificate_authority.go
@@ -37,7 +37,7 @@ func resourceAwsAcmpcaCertificateAuthority() *schema.Resource {
 			// https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html
 			"certificate_authority_configuration": {
 				Type:     schema.TypeList,
-				Optional: true,
+				Required: true,
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -68,7 +68,7 @@ func resourceAwsAcmpcaCertificateAuthority() *schema.Resource {
 						// https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ASN1Subject.html
 						"subject": {
 							Type:     schema.TypeList,
-							Optional: true,
+							Required: true,
 							ForceNew: true,
 							MaxItems: 1,
 							Elem: &schema.Resource{
diff --git a/website/docs/r/acmpca_certificate_authority.html.markdown b/website/docs/r/acmpca_certificate_authority.html.markdown
index 22a5167096e..7f2f83e774f 100644
--- a/website/docs/r/acmpca_certificate_authority.html.markdown
+++ b/website/docs/r/acmpca_certificate_authority.html.markdown
@@ -99,7 +99,7 @@ The following arguments are supported:
 
 * `key_algorithm` - (Required) Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
 * `signing_algorithm` - (Required) Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
-* `subject` - (Required) Nested argument that contains X.500 distinguished name information
+* `subject` - (Required) Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.
 
 #### subject
 

From 1712f92be0b3a8c609f680084e3bfb78878521ca Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Wed, 9 May 2018 15:29:12 -0400
Subject: [PATCH 67/71] Update CHANGELOG for #4458

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 35c09a11f8d..7ff3f52bf7c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 FEATURES:
 
+* **New Data Source:** `aws_acmpca_certificate_authority` [GH-4458]
+* **New Resource:** `aws_acmpca_certificate_authority` [GH-4458]
 * **New Resource:** `aws_glue_catalog_table` [GH-4368]
 
 ENHANCEMENTS:

From fc309ae74debd6d045274e040be58205980bfa2a Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Wed, 9 May 2018 15:59:09 -0400
Subject: [PATCH 68/71] Update CHANGELOG for #4460

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7ff3f52bf7c..2a38d6bee65 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ FEATURES:
 ENHANCEMENTS:
 
 * resource/aws_dms_endpoint: Support `s3` `engine_name` and add `s3_settings` argument [GH-1685] and [GH-4447]
+* resource/aws_glue_job: Add `timeout` argument [GH-4460]
 * resource/aws_lb_target_group: Add `proxy_protocol_v2` argument [GH-4365]
 * resource/aws_spot_fleet_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]
 * resource/aws_spot_fleet_request: Add plan time validation for `valid_from` and `valid_until` arguments [GH-4463]

From 6f5236e18d322f4e00a8b026ba68557399f8a8cc Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Wed, 9 May 2018 16:01:42 -0400
Subject: [PATCH 69/71] Update CHANGELOG for #4461

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2a38d6bee65..fd29817bf35 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ BUG FIXES:
 
 * data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
 * resource/aws_elastic_beanstalk_environment: Correctly handle `cname_prefix` attribute in China partition [GH-4485]
+* resource/aws_glue_job: Remove `allocated_capacity` and `max_concurrent_runs` upper plan time validation limits [GH-4461]
 * resource/aws_instance: Fix `root_device_mapping` matching of expected root device name with multiple block devices. [GH-4489]
 * resource/aws_launch_template: Prevent `parameter iops is not supported for gp2 volumes` error [GH-4344]
 * resource/aws_launch_template: Prevent `'iamInstanceProfile.name' may not be used in combination with 'iamInstanceProfile.arn'` error [GH-4344]

From e7d9b8bcbe21cbd4cd2279aab3b99471cef76801 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Wed, 9 May 2018 16:17:22 -0400
Subject: [PATCH 70/71] Update CHANGELOG for #4459

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fd29817bf35..0a42bb95457 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ FEATURES:
 
 ENHANCEMENTS:
 
+* provider: Lower retry threshold for DNS resolution failures [GH-4459]
 * resource/aws_dms_endpoint: Support `s3` `engine_name` and add `s3_settings` argument [GH-1685] and [GH-4447]
 * resource/aws_glue_job: Add `timeout` argument [GH-4460]
 * resource/aws_lb_target_group: Add `proxy_protocol_v2` argument [GH-4365]

From 5f91304b426b9de296937c9504a3e7d88e5a85d7 Mon Sep 17 00:00:00 2001
From: tf-release-bot <terraform@hashicorp.com>
Date: Thu, 10 May 2018 14:24:06 +0000
Subject: [PATCH 71/71] v1.18.0

---
 CHANGELOG.md | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a42bb95457..9a98043ad66 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,34 +1,34 @@
-## 1.18.0 (Unreleased)
+## 1.18.0 (May 10, 2018)
 
 FEATURES:
 
-* **New Data Source:** `aws_acmpca_certificate_authority` [GH-4458]
-* **New Resource:** `aws_acmpca_certificate_authority` [GH-4458]
-* **New Resource:** `aws_glue_catalog_table` [GH-4368]
+* **New Data Source:** `aws_acmpca_certificate_authority` ([#4458](https://github.com/terraform-providers/terraform-provider-aws/issues/4458))
+* **New Resource:** `aws_acmpca_certificate_authority` ([#4458](https://github.com/terraform-providers/terraform-provider-aws/issues/4458))
+* **New Resource:** `aws_glue_catalog_table` ([#4368](https://github.com/terraform-providers/terraform-provider-aws/issues/4368))
 
 ENHANCEMENTS:
 
-* provider: Lower retry threshold for DNS resolution failures [GH-4459]
-* resource/aws_dms_endpoint: Support `s3` `engine_name` and add `s3_settings` argument [GH-1685] and [GH-4447]
-* resource/aws_glue_job: Add `timeout` argument [GH-4460]
-* resource/aws_lb_target_group: Add `proxy_protocol_v2` argument [GH-4365]
-* resource/aws_spot_fleet_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]
-* resource/aws_spot_fleet_request: Add plan time validation for `valid_from` and `valid_until` arguments [GH-4463]
-* resource/aws_spot_instance_request: Mark `spot_price` optional (defaults to on-demand price) [GH-4424]
+* provider: Lower retry threshold for DNS resolution failures ([#4459](https://github.com/terraform-providers/terraform-provider-aws/issues/4459))
+* resource/aws_dms_endpoint: Support `s3` `engine_name` and add `s3_settings` argument ([#1685](https://github.com/terraform-providers/terraform-provider-aws/issues/1685)] and [[#4447](https://github.com/terraform-providers/terraform-provider-aws/issues/4447))
+* resource/aws_glue_job: Add `timeout` argument ([#4460](https://github.com/terraform-providers/terraform-provider-aws/issues/4460))
+* resource/aws_lb_target_group: Add `proxy_protocol_v2` argument ([#4365](https://github.com/terraform-providers/terraform-provider-aws/issues/4365))
+* resource/aws_spot_fleet_request: Mark `spot_price` optional (defaults to on-demand price) ([#4424](https://github.com/terraform-providers/terraform-provider-aws/issues/4424))
+* resource/aws_spot_fleet_request: Add plan time validation for `valid_from` and `valid_until` arguments ([#4463](https://github.com/terraform-providers/terraform-provider-aws/issues/4463))
+* resource/aws_spot_instance_request: Mark `spot_price` optional (defaults to on-demand price) ([#4424](https://github.com/terraform-providers/terraform-provider-aws/issues/4424))
 
 BUG FIXES:
 
-* data-source/aws_autoscaling_groups: Correctly paginate through over 50 results [GH-4433]
-* resource/aws_elastic_beanstalk_environment: Correctly handle `cname_prefix` attribute in China partition [GH-4485]
-* resource/aws_glue_job: Remove `allocated_capacity` and `max_concurrent_runs` upper plan time validation limits [GH-4461]
-* resource/aws_instance: Fix `root_device_mapping` matching of expected root device name with multiple block devices. [GH-4489]
-* resource/aws_launch_template: Prevent `parameter iops is not supported for gp2 volumes` error [GH-4344]
-* resource/aws_launch_template: Prevent `'iamInstanceProfile.name' may not be used in combination with 'iamInstanceProfile.arn'` error [GH-4344]
-* resource/aws_launch_template: Prevent `parameter groupName cannot be used with the parameter subnet` error [GH-4344]
-* resource/aws_launch_template: Separate usage of `ipv4_address_count`/`ipv6_address_count` from `ipv4_addresses`/`ipv6_addresses` [GH-4344]
-* resource/aws_redshift_cluster: Properly send all required parameters when resizing [GH-3127]
-* resource/aws_s3_bucket: Prevent crash from empty string CORS arguments [GH-4465]
-* resource/aws_ssm_document: Add missing account ID to `arn` attribute [GH-4436]
+* data-source/aws_autoscaling_groups: Correctly paginate through over 50 results ([#4433](https://github.com/terraform-providers/terraform-provider-aws/issues/4433))
+* resource/aws_elastic_beanstalk_environment: Correctly handle `cname_prefix` attribute in China partition ([#4485](https://github.com/terraform-providers/terraform-provider-aws/issues/4485))
+* resource/aws_glue_job: Remove `allocated_capacity` and `max_concurrent_runs` upper plan time validation limits ([#4461](https://github.com/terraform-providers/terraform-provider-aws/issues/4461))
+* resource/aws_instance: Fix `root_device_mapping` matching of expected root device name with multiple block devices. ([#4489](https://github.com/terraform-providers/terraform-provider-aws/issues/4489))
+* resource/aws_launch_template: Prevent `parameter iops is not supported for gp2 volumes` error ([#4344](https://github.com/terraform-providers/terraform-provider-aws/issues/4344))
+* resource/aws_launch_template: Prevent `'iamInstanceProfile.name' may not be used in combination with 'iamInstanceProfile.arn'` error ([#4344](https://github.com/terraform-providers/terraform-provider-aws/issues/4344))
+* resource/aws_launch_template: Prevent `parameter groupName cannot be used with the parameter subnet` error ([#4344](https://github.com/terraform-providers/terraform-provider-aws/issues/4344))
+* resource/aws_launch_template: Separate usage of `ipv4_address_count`/`ipv6_address_count` from `ipv4_addresses`/`ipv6_addresses` ([#4344](https://github.com/terraform-providers/terraform-provider-aws/issues/4344))
+* resource/aws_redshift_cluster: Properly send all required parameters when resizing ([#3127](https://github.com/terraform-providers/terraform-provider-aws/issues/3127))
+* resource/aws_s3_bucket: Prevent crash from empty string CORS arguments ([#4465](https://github.com/terraform-providers/terraform-provider-aws/issues/4465))
+* resource/aws_ssm_document: Add missing account ID to `arn` attribute ([#4436](https://github.com/terraform-providers/terraform-provider-aws/issues/4436))
 
 ## 1.17.0 (May 02, 2018)