Upgrade to 0.12

86 files changed, 8078 insertions, 898 deletions

diff --git a/vendor/github.com/aws/aws-sdk-go/NOTICE.txt b/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
index 5f14d11..899129e 100644
--- a/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
+++ b/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
@@ -1,3 +1,3 @@
 AWS SDK for Go
-Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved. 
+Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 Copyright 2014-2015 Stripe, Inc.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
index 59fa4a5..142a7a0 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
@@ -15,7 +15,7 @@ func DeepEqual(a, b interface{}) bool {
         rb := reflect.Indirect(reflect.ValueOf(b))
 
         if raValid, rbValid := ra.IsValid(), rb.IsValid(); !raValid && !rbValid {
-                // If the elements are both nil, and of the same type the are equal
+                // If the elements are both nil, and of the same type they are equal
                 // If they are of different types they are not equal
                 return reflect.TypeOf(a) == reflect.TypeOf(b)
         } else if raValid != rbValid {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
index b6432f1..645df24 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
@@ -23,28 +23,27 @@ func stringValue(v reflect.Value, indent int, buf *bytes.Buffer) {
         case reflect.Struct:
                 buf.WriteString("{\n")
 
-                names := []string{}
                 for i := 0; i < v.Type().NumField(); i++ {
-                        name := v.Type().Field(i).Name
-                        f := v.Field(i)
-                        if name[0:1] == strings.ToLower(name[0:1]) {
+                        ft := v.Type().Field(i)
+                        fv := v.Field(i)
+
+                        if ft.Name[0:1] == strings.ToLower(ft.Name[0:1]) {
                                 continue // ignore unexported fields
                         }
-                        if (f.Kind() == reflect.Ptr || f.Kind() == reflect.Slice) && f.IsNil() {
+                        if (fv.Kind() == reflect.Ptr || fv.Kind() == reflect.Slice) && fv.IsNil() {
                                 continue // ignore unset fields
                         }
-                        names = append(names, name)
-                }
 
-                for i, n := range names {
-                        val := v.FieldByName(n)
                         buf.WriteString(strings.Repeat(" ", indent+2))
-                        buf.WriteString(n + ": ")
-                        stringValue(val, indent+2, buf)
+                        buf.WriteString(ft.Name + ": ")
 
-                        if i < len(names)-1 {
-                                buf.WriteString(",\n")
+                        if tag := ft.Tag.Get("sensitive"); tag == "true" {
+                                buf.WriteString("<sensitive>")
+                        } else {
+                                stringValue(fv, indent+2, buf)
                         }
+
+                        buf.WriteString(",\n")
                 }
 
                 buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
index 212fe25..7096053 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
@@ -18,7 +18,7 @@ type Config struct {
 
         // States that the signing name did not come from a modeled source but
         // was derived based on other data. Used by service client constructors
-        // to determine if the signin name can be overriden based on metadata the
+        // to determine if the signin name can be overridden based on metadata the
         // service has.
         SigningNameDerived bool
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
index ce9fb89..7b5e127 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
@@ -118,6 +118,12 @@ var LogHTTPResponseHandler = request.NamedHandler{
 func logResponse(r *request.Request) {
         lw := &logWriter{r.Config.Logger, bytes.NewBuffer(nil)}
 
+        if r.HTTPResponse == nil {
+                lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
+                        r.ClientInfo.ServiceName, r.Operation.Name, "request's HTTPResponse is nil"))
+                return
+        }
+
         logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
         if logBody {
                 r.HTTPResponse.Body = &teeReaderCloser{
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go
index 5421b5d..10634d1 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go
@@ -18,7 +18,7 @@ const UseServiceDefaultRetries = -1
 type RequestRetryer interface{}
 
 // A Config provides service configuration for service clients. By default,
-// all clients will use the defaults.DefaultConfig tructure.
+// all clients will use the defaults.DefaultConfig structure.
 //
 //     // Create Session with MaxRetry configuration to be shared by multiple
 //     // service clients.
@@ -45,8 +45,8 @@ type Config struct {
         // that overrides the default generated endpoint for a client. Set this
         // to `""` to use the default generated endpoint.
         //
-        // @note You must still provide a `Region` value when specifying an
-        //   endpoint for a client.
+        // Note: You must still provide a `Region` value when specifying an
+        // endpoint for a client.
         Endpoint *string
 
         // The resolver to use for looking up endpoints for AWS service clients
@@ -65,8 +65,8 @@ type Config struct {
         // noted. A full list of regions is found in the "Regions and Endpoints"
         // document.
         //
-        // @see http://docs.aws.amazon.com/general/latest/gr/rande.html
-        //   AWS Regions and Endpoints
+        // See http://docs.aws.amazon.com/general/latest/gr/rande.html for AWS
+        // Regions and Endpoints.
         Region *string
 
         // Set this to `true` to disable SSL when sending requests. Defaults
@@ -120,9 +120,10 @@ type Config struct {
         // will use virtual hosted bucket addressing when possible
         // (`http://BUCKET.s3.amazonaws.com/KEY`).
         //
-        // @note This configuration option is specific to the Amazon S3 service.
-        // @see http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
-        //   Amazon S3: Virtual Hosting of Buckets
+        // Note: This configuration option is specific to the Amazon S3 service.
+        //
+        // See http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
+        // for Amazon S3: Virtual Hosting of Buckets
         S3ForcePathStyle *bool
 
         // Set this to `true` to disable the SDK adding the `Expect: 100-Continue`
@@ -223,6 +224,28 @@ type Config struct {
         //      Key: aws.String("//foo//bar//moo"),
         //    })
         DisableRestProtocolURICleaning *bool
+
+        // EnableEndpointDiscovery will allow for endpoint discovery on operations that
+        // have the definition in its model. By default, endpoint discovery is off.
+        //
+        // Example:
+        //    sess := session.Must(session.NewSession(&aws.Config{
+        //         EnableEndpointDiscovery: aws.Bool(true),
+        //    }))
+        //
+        //    svc := s3.New(sess)
+        //    out, err := svc.GetObject(&s3.GetObjectInput {
+        //      Bucket: aws.String("bucketname"),
+        //      Key: aws.String("/foo/bar/moo"),
+        //    })
+        EnableEndpointDiscovery *bool
+
+        // DisableEndpointHostPrefix will disable the SDK's behavior of prefixing
+        // request endpoint hosts with modeled information.
+        //
+        // Disabling this feature is useful when you want to use local endpoints
+        // for testing that do not support the modeled host prefix pattern.
+        DisableEndpointHostPrefix *bool
 }
 
 // NewConfig returns a new Config pointer that can be chained with builder
@@ -377,6 +400,19 @@ func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config {
         return c
 }
 
+// WithEndpointDiscovery will set whether or not to use endpoint discovery.
+func (c *Config) WithEndpointDiscovery(t bool) *Config {
+        c.EnableEndpointDiscovery = &t
+        return c
+}
+
+// WithDisableEndpointHostPrefix will set whether or not to use modeled host prefix
+// when making requests.
+func (c *Config) WithDisableEndpointHostPrefix(t bool) *Config {
+        c.DisableEndpointHostPrefix = &t
+        return c
+}
+
 // MergeIn merges the passed in configs into the existing config object.
 func (c *Config) MergeIn(cfgs ...*Config) {
         for _, other := range cfgs {
@@ -476,6 +512,14 @@ func mergeInConfig(dst *Config, other *Config) {
         if other.EnforceShouldRetryCheck != nil {
                 dst.EnforceShouldRetryCheck = other.EnforceShouldRetryCheck
         }
+
+        if other.EnableEndpointDiscovery != nil {
+                dst.EnableEndpointDiscovery = other.EnableEndpointDiscovery
+        }
+
+        if other.DisableEndpointHostPrefix != nil {
+                dst.DisableEndpointHostPrefix = other.DisableEndpointHostPrefix
+        }
 }
 
 // Copy will return a shallow copy of the Config object. If any additional
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
index 79f4268..2866f9a 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/context.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
@@ -1,8 +1,8 @@
+// +build !go1.9
+
 package aws
 
-import (
-        "time"
-)
+import "time"
 
 // Context is an copy of the Go v1.7 stdlib's context.Context interface.
 // It is represented as a SDK interface to enable you to use the "WithContext"
@@ -35,37 +35,3 @@ type Context interface {
         // functions.
         Value(key interface{}) interface{}
 }
-
-// BackgroundContext returns a context that will never be canceled, has no
-// values, and no deadline. This context is used by the SDK to provide
-// backwards compatibility with non-context API operations and functionality.
-//
-// Go 1.6 and before:
-// This context function is equivalent to context.Background in the Go stdlib.
-//
-// Go 1.7 and later:
-// The context returned will be the value returned by context.Background()
-//
-// See https://golang.org/pkg/context for more information on Contexts.
-func BackgroundContext() Context {
-        return backgroundCtx
-}
-
-// SleepWithContext will wait for the timer duration to expire, or the context
-// is canceled. Which ever happens first. If the context is canceled the Context's
-// error will be returned.
-//
-// Expects Context to always return a non-nil error if the Done channel is closed.
-func SleepWithContext(ctx Context, dur time.Duration) error {
-        t := time.NewTimer(dur)
-        defer t.Stop()
-
-        select {
-        case <-t.C:
-                break
-        case <-ctx.Done():
-                return ctx.Err()
-        }
-
-        return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_7.go
deleted file mode 100644
index 064f75c..0000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_7.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// +build go1.7
-
-package aws
-
-import "context"
-
-var (
-        backgroundCtx = context.Background()
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
new file mode 100644
index 0000000..3718b26
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
@@ -0,0 +1,11 @@
+// +build go1.9
+
+package aws
+
+import "context"
+
+// Context is an alias of the Go stdlib's context.Context interface.
+// It can be used within the SDK's API operation "WithContext" methods.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context = context.Context
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
index 8fdda53..66c5945 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_6.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
@@ -39,3 +39,18 @@ func (e *emptyCtx) String() string {
 var (
         backgroundCtx = new(emptyCtx)
 )
+
+// BackgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func BackgroundContext() Context {
+        return backgroundCtx
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
new file mode 100644
index 0000000..9c29f29
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
@@ -0,0 +1,20 @@
+// +build go1.7
+
+package aws
+
+import "context"
+
+// BackgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func BackgroundContext() Context {
+        return context.Background()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go b/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
new file mode 100644
index 0000000..304fd15
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
@@ -0,0 +1,24 @@
+package aws
+
+import (
+        "time"
+)
+
+// SleepWithContext will wait for the timer duration to expire, or the context
+// is canceled. Which ever happens first. If the context is canceled the Context's
+// error will be returned.
+//
+// Expects Context to always return a non-nil error if the Done channel is closed.
+func SleepWithContext(ctx Context, dur time.Duration) error {
+        t := time.NewTimer(dur)
+        defer t.Stop()
+
+        select {
+        case <-t.C:
+                break
+        case <-ctx.Done():
+                return ctx.Err()
+        }
+
+        return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
index cfcddf3..f8853d7 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
@@ -72,9 +72,9 @@ var ValidateReqSigHandler = request.NamedHandler{
                         signedTime = r.LastSignedAt
                 }
 
-                // 10 minutes to allow for some clock skew/delays in transmission.
+                // 5 minutes to allow for some clock skew/delays in transmission.
                 // Would be improved with aws/aws-sdk-go#423
-                if signedTime.Add(10 * time.Minute).After(time.Now()) {
+                if signedTime.Add(5 * time.Minute).After(time.Now()) {
                         return
                 }
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
index a15f496..ab69c7a 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
@@ -17,7 +17,7 @@ var SDKVersionUserAgentHandler = request.NamedHandler{
 }
 
 const execEnvVar = `AWS_EXECUTION_ENV`
-const execEnvUAKey = `exec_env`
+const execEnvUAKey = `exec-env`
 
 // AddHostExecEnvUserAgentHander is a request handler appending the SDK's
 // execution environment to the user agent.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
index f298d65..3ad1e79 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
@@ -9,9 +9,7 @@ var (
         // providers in the ChainProvider.
         //
         // This has been deprecated. For verbose error messaging set
-        // aws.Config.CredentialsChainVerboseErrors to true
-        //
-        // @readonly
+        // aws.Config.CredentialsChainVerboseErrors to true.
         ErrNoValidProvidersFoundInChain = awserr.New("NoCredentialProviders",
                 `no valid providers in chain. Deprecated.
         For verbose messaging see aws.Config.CredentialsChainVerboseErrors`,
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
index ed08699..894bbc7 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
@@ -49,6 +49,8 @@
 package credentials
 
 import (
+        "fmt"
+        "github.com/aws/aws-sdk-go/aws/awserr"
         "sync"
         "time"
 )
@@ -64,8 +66,6 @@ import (
 //       Credentials: credentials.AnonymousCredentials,
 //     })))
 //     // Access public S3 buckets.
-//
-// @readonly
 var AnonymousCredentials = NewStaticCredentials("", "", "")
 
 // A Value is the AWS credentials value for individual credential fields.
@@ -99,6 +99,14 @@ type Provider interface {
         IsExpired() bool
 }
 
+// An Expirer is an interface that Providers can implement to expose the expiration
+// time, if known.  If the Provider cannot accurately provide this info,
+// it should not implement this interface.
+type Expirer interface {
+        // The time at which the credentials are no longer valid
+        ExpiresAt() time.Time
+}
+
 // An ErrorProvider is a stub credentials provider that always returns an error
 // this is used by the SDK when construction a known provider is not possible
 // due to an error.
@@ -158,13 +166,19 @@ func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
 
 // IsExpired returns if the credentials are expired.
 func (e *Expiry) IsExpired() bool {
-        if e.CurrentTime == nil {
-                e.CurrentTime = time.Now
+        curTime := e.CurrentTime
+        if curTime == nil {
+                curTime = time.Now
         }
-        return e.expiration.Before(e.CurrentTime())
+        return e.expiration.Before(curTime())
 }
 
-// A Credentials provides synchronous safe retrieval of AWS credentials Value.
+// ExpiresAt returns the expiration time of the credential
+func (e *Expiry) ExpiresAt() time.Time {
+        return e.expiration
+}
+
+// A Credentials provides concurrency safe retrieval of AWS credentials Value.
 // Credentials will cache the credentials value until they expire. Once the value
 // expires the next Get will attempt to retrieve valid credentials.
 //
@@ -256,3 +270,23 @@ func (c *Credentials) IsExpired() bool {
 func (c *Credentials) isExpired() bool {
         return c.forceRefresh || c.provider.IsExpired()
 }
+
+// ExpiresAt provides access to the functionality of the Expirer interface of
+// the underlying Provider, if it supports that interface.  Otherwise, it returns
+// an error.
+func (c *Credentials) ExpiresAt() (time.Time, error) {
+        c.m.RLock()
+        defer c.m.RUnlock()
+
+        expirer, ok := c.provider.(Expirer)
+        if !ok {
+                return time.Time{}, awserr.New("ProviderNotExpirer",
+                        fmt.Sprintf("provider %s does not support ExpiresAt()", c.creds.ProviderName),
+                        nil)
+        }
+        if c.forceRefresh {
+                // set expiration time to the distant past
+                return time.Time{}, nil
+        }
+        return expirer.ExpiresAt(), nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
index a4cec5c..ace5131 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
@@ -65,6 +65,10 @@ type Provider struct {
         //
         // If ExpiryWindow is 0 or less it will be ignored.
         ExpiryWindow time.Duration
+
+        // Optional authorization token value if set will be used as the value of
+        // the Authorization header of the endpoint credential request.
+        AuthorizationToken string
 }
 
 // NewProviderClient returns a credentials Provider for retrieving AWS credentials
@@ -152,6 +156,9 @@ func (p *Provider) getCredentials() (*getCredentialsOutput, error) {
         out := &getCredentialsOutput{}
         req := p.Client.NewRequest(op, nil, out)
         req.HTTPRequest.Header.Set("Accept", "application/json")
+        if authToken := p.AuthorizationToken; len(authToken) != 0 {
+                req.HTTPRequest.Header.Set("Authorization", authToken)
+        }
 
         return out, req.Send()
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
index c14231a..54c5cf7 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
@@ -12,14 +12,10 @@ const EnvProviderName = "EnvProvider"
 var (
         // ErrAccessKeyIDNotFound is returned when the AWS Access Key ID can't be
         // found in the process's environment.
-        //
-        // @readonly
         ErrAccessKeyIDNotFound = awserr.New("EnvAccessKeyNotFound", "AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment", nil)
 
         // ErrSecretAccessKeyNotFound is returned when the AWS Secret Access Key
         // can't be found in the process's environment.
-        //
-        // @readonly
         ErrSecretAccessKeyNotFound = awserr.New("EnvSecretNotFound", "AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environment", nil)
 )
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
new file mode 100644
index 0000000..1980c8c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
@@ -0,0 +1,425 @@
+/*
+Package processcreds is a credential Provider to retrieve `credential_process`
+credentials.
+
+WARNING: The following describes a method of sourcing credentials from an external
+process. This can potentially be dangerous, so proceed with caution. Other
+credential providers should be preferred if at all possible. If using this
+option, you should make sure that the config file is as locked down as possible
+using security best practices for your operating system.
+
+You can use credentials from a `credential_process` in a variety of ways.
+
+One way is to setup your shared config file, located in the default
+location, with the `credential_process` key and the command you want to be
+called. You also need to set the AWS_SDK_LOAD_CONFIG environment variable
+(e.g., `export AWS_SDK_LOAD_CONFIG=1`) to use the shared config file.
+
+    [default]
+    credential_process = /command/to/call
+
+Creating a new session will use the credential process to retrieve credentials.
+NOTE: If there are credentials in the profile you are using, the credential
+process will not be used.
+
+    // Initialize a session to load credentials.
+    sess, _ := session.NewSession(&aws.Config{
+        Region: aws.String("us-east-1")},
+    )
+
+    // Create S3 service client to use the credentials.
+    svc := s3.New(sess)
+
+Another way to use the `credential_process` method is by using
+`credentials.NewCredentials()` and providing a command to be executed to
+retrieve credentials:
+
+    // Create credentials using the ProcessProvider.
+    creds := processcreds.NewCredentials("/path/to/command")
+
+    // Create service client value configured for credentials.
+    svc := s3.New(sess, &aws.Config{Credentials: creds})
+
+You can set a non-default timeout for the `credential_process` with another
+constructor, `credentials.NewCredentialsTimeout()`, providing the timeout. To
+set a one minute timeout:
+
+    // Create credentials using the ProcessProvider.
+    creds := processcreds.NewCredentialsTimeout(
+        "/path/to/command",
+        time.Duration(500) * time.Millisecond)
+
+If you need more control, you can set any configurable options in the
+credentials using one or more option functions. For example, you can set a two
+minute timeout, a credential duration of 60 minutes, and a maximum stdout
+buffer size of 2k.
+
+    creds := processcreds.NewCredentials(
+        "/path/to/command",
+        func(opt *ProcessProvider) {
+            opt.Timeout = time.Duration(2) * time.Minute
+            opt.Duration = time.Duration(60) * time.Minute
+            opt.MaxBufSize = 2048
+        })
+
+You can also use your own `exec.Cmd`:
+
+        // Create an exec.Cmd
+        myCommand := exec.Command("/path/to/command")
+
+        // Create credentials using your exec.Cmd and custom timeout
+        creds := processcreds.NewCredentialsCommand(
+                myCommand,
+                func(opt *processcreds.ProcessProvider) {
+                        opt.Timeout = time.Duration(1) * time.Second
+                })
+*/
+package processcreds
+
+import (
+        "bytes"
+        "encoding/json"
+        "fmt"
+        "io"
+        "io/ioutil"
+        "os"
+        "os/exec"
+        "runtime"
+        "strings"
+        "time"
+
+        "github.com/aws/aws-sdk-go/aws/awserr"
+        "github.com/aws/aws-sdk-go/aws/credentials"
+)
+
+const (
+        // ProviderName is the name this credentials provider will label any
+        // returned credentials Value with.
+        ProviderName = `ProcessProvider`
+
+        // ErrCodeProcessProviderParse error parsing process output
+        ErrCodeProcessProviderParse = "ProcessProviderParseError"
+
+        // ErrCodeProcessProviderVersion version error in output
+        ErrCodeProcessProviderVersion = "ProcessProviderVersionError"
+
+        // ErrCodeProcessProviderRequired required attribute missing in output
+        ErrCodeProcessProviderRequired = "ProcessProviderRequiredError"
+
+        // ErrCodeProcessProviderExecution execution of command failed
+        ErrCodeProcessProviderExecution = "ProcessProviderExecutionError"
+
+        // errMsgProcessProviderTimeout process took longer than allowed
+        errMsgProcessProviderTimeout = "credential process timed out"
+
+        // errMsgProcessProviderProcess process error
+        errMsgProcessProviderProcess = "error in credential_process"
+
+        // errMsgProcessProviderParse problem parsing output
+        errMsgProcessProviderParse = "parse failed of credential_process output"
+
+        // errMsgProcessProviderVersion version error in output
+        errMsgProcessProviderVersion = "wrong version in process output (not 1)"
+
+        // errMsgProcessProviderMissKey missing access key id in output
+        errMsgProcessProviderMissKey = "missing AccessKeyId in process output"
+
+        // errMsgProcessProviderMissSecret missing secret acess key in output
+        errMsgProcessProviderMissSecret = "missing SecretAccessKey in process output"
+
+        // errMsgProcessProviderPrepareCmd prepare of command failed
+        errMsgProcessProviderPrepareCmd = "failed to prepare command"
+
+        // errMsgProcessProviderEmptyCmd command must not be empty
+        errMsgProcessProviderEmptyCmd = "command must not be empty"
+
+        // errMsgProcessProviderPipe failed to initialize pipe
+        errMsgProcessProviderPipe = "failed to initialize pipe"
+
+        // DefaultDuration is the default amount of time in minutes that the
+        // credentials will be valid for.
+        DefaultDuration = time.Duration(15) * time.Minute
+
+        // DefaultBufSize limits buffer size from growing to an enormous
+        // amount due to a faulty process.
+        DefaultBufSize = 1024
+
+        // DefaultTimeout default limit on time a process can run.
+        DefaultTimeout = time.Duration(1) * time.Minute
+)
+
+// ProcessProvider satisfies the credentials.Provider interface, and is a
+// client to retrieve credentials from a process.
+type ProcessProvider struct {
+        staticCreds bool
+        credentials.Expiry
+        originalCommand []string
+
+        // Expiry duration of the credentials. Defaults to 15 minutes if not set.
+        Duration time.Duration
+
+        // ExpiryWindow will allow the credentials to trigger refreshing prior to
+        // the credentials actually expiring. This is beneficial so race conditions
+        // with expiring credentials do not cause request to fail unexpectedly
+        // due to ExpiredTokenException exceptions.
+        //
+        // So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
+        // 10 seconds before the credentials are actually expired.
+        //
+        // If ExpiryWindow is 0 or less it will be ignored.
+        ExpiryWindow time.Duration
+
+        // A string representing an os command that should return a JSON with
+        // credential information.
+        command *exec.Cmd
+
+        // MaxBufSize limits memory usage from growing to an enormous
+        // amount due to a faulty process.
+        MaxBufSize int
+
+        // Timeout limits the time a process can run.
+        Timeout time.Duration
+}
+
+// NewCredentials returns a pointer to a new Credentials object wrapping the
+// ProcessProvider. The credentials will expire every 15 minutes by default.
+func NewCredentials(command string, options ...func(*ProcessProvider)) *credentials.Credentials {
+        p := &ProcessProvider{
+                command:    exec.Command(command),
+                Duration:   DefaultDuration,
+                Timeout:    DefaultTimeout,
+                MaxBufSize: DefaultBufSize,
+        }
+
+        for _, option := range options {
+                option(p)
+        }
+
+        return credentials.NewCredentials(p)
+}
+
+// NewCredentialsTimeout returns a pointer to a new Credentials object with
+// the specified command and timeout, and default duration and max buffer size.
+func NewCredentialsTimeout(command string, timeout time.Duration) *credentials.Credentials {
+        p := NewCredentials(command, func(opt *ProcessProvider) {
+                opt.Timeout = timeout
+        })
+
+        return p
+}
+
+// NewCredentialsCommand returns a pointer to a new Credentials object with
+// the specified command, and default timeout, duration and max buffer size.
+func NewCredentialsCommand(command *exec.Cmd, options ...func(*ProcessProvider)) *credentials.Credentials {
+        p := &ProcessProvider{
+                command:    command,
+                Duration:   DefaultDuration,
+                Timeout:    DefaultTimeout,
+                MaxBufSize: DefaultBufSize,
+        }
+
+        for _, option := range options {
+                option(p)
+        }
+
+        return credentials.NewCredentials(p)
+}
+
+type credentialProcessResponse struct {
+        Version         int
+        AccessKeyID     string `json:"AccessKeyId"`
+        SecretAccessKey string
+        SessionToken    string
+        Expiration      *time.Time
+}
+
+// Retrieve executes the 'credential_process' and returns the credentials.
+func (p *ProcessProvider) Retrieve() (credentials.Value, error) {
+        out, err := p.executeCredentialProcess()
+        if err != nil {
+                return credentials.Value{ProviderName: ProviderName}, err
+        }
+
+        // Serialize and validate response
+        resp := &credentialProcessResponse{}
+        if err = json.Unmarshal(out, resp); err != nil {
+                return credentials.Value{ProviderName: ProviderName}, awserr.New(
+                        ErrCodeProcessProviderParse,
+                        fmt.Sprintf("%s: %s", errMsgProcessProviderParse, string(out)),
+                        err)
+        }
+
+        if resp.Version != 1 {
+                return credentials.Value{ProviderName: ProviderName}, awserr.New(
+                        ErrCodeProcessProviderVersion,
+                        errMsgProcessProviderVersion,
+                        nil)
+        }
+
+        if len(resp.AccessKeyID) == 0 {
+                return credentials.Value{ProviderName: ProviderName}, awserr.New(
+                        ErrCodeProcessProviderRequired,
+                        errMsgProcessProviderMissKey,
+                        nil)
+        }
+
+        if len(resp.SecretAccessKey) == 0 {
+                return credentials.Value{ProviderName: ProviderName}, awserr.New(
+                        ErrCodeProcessProviderRequired,
+                        errMsgProcessProviderMissSecret,
+                        nil)
+        }
+
+        // Handle expiration
+        p.staticCreds = resp.Expiration == nil
+        if resp.Expiration != nil {
+                p.SetExpiration(*resp.Expiration, p.ExpiryWindow)
+        }
+
+        return credentials.Value{
+                ProviderName:    ProviderName,
+                AccessKeyID:     resp.AccessKeyID,
+                SecretAccessKey: resp.SecretAccessKey,
+                SessionToken:    resp.SessionToken,
+        }, nil
+}
+
+// IsExpired returns true if the credentials retrieved are expired, or not yet
+// retrieved.
+func (p *ProcessProvider) IsExpired() bool {
+        if p.staticCreds {
+                return false
+        }
+        return p.Expiry.IsExpired()
+}
+
+// prepareCommand prepares the command to be executed.
+func (p *ProcessProvider) prepareCommand() error {
+
+        var cmdArgs []string
+        if runtime.GOOS == "windows" {
+                cmdArgs = []string{"cmd.exe", "/C"}
+        } else {
+                cmdArgs = []string{"sh", "-c"}
+        }
+
+        if len(p.originalCommand) == 0 {
+                p.originalCommand = make([]string, len(p.command.Args))
+                copy(p.originalCommand, p.command.Args)
+
+                // check for empty command because it succeeds
+                if len(strings.TrimSpace(p.originalCommand[0])) < 1 {
+                        return awserr.New(
+                                ErrCodeProcessProviderExecution,
+                                fmt.Sprintf(
+                                        "%s: %s",
+                                        errMsgProcessProviderPrepareCmd,
+                                        errMsgProcessProviderEmptyCmd),
+                                nil)
+                }
+        }
+
+        cmdArgs = append(cmdArgs, p.originalCommand...)
+        p.command = exec.Command(cmdArgs[0], cmdArgs[1:]...)
+        p.command.Env = os.Environ()
+
+        return nil
+}
+
+// executeCredentialProcess starts the credential process on the OS and
+// returns the results or an error.
+func (p *ProcessProvider) executeCredentialProcess() ([]byte, error) {
+
+        if err := p.prepareCommand(); err != nil {
+                return nil, err
+        }
+
+        // Setup the pipes
+        outReadPipe, outWritePipe, err := os.Pipe()
+        if err != nil {
+                return nil, awserr.New(
+                        ErrCodeProcessProviderExecution,
+                        errMsgProcessProviderPipe,
+                        err)
+        }
+
+        p.command.Stderr = os.Stderr    // display stderr on console for MFA
+        p.command.Stdout = outWritePipe // get creds json on process's stdout
+        p.command.Stdin = os.Stdin      // enable stdin for MFA
+
+        output := bytes.NewBuffer(make([]byte, 0, p.MaxBufSize))
+
+        stdoutCh := make(chan error, 1)
+        go readInput(
+                io.LimitReader(outReadPipe, int64(p.MaxBufSize)),
+                output,
+                stdoutCh)
+
+        execCh := make(chan error, 1)
+        go executeCommand(*p.command, execCh)
+
+        finished := false
+        var errors []error
+        for !finished {
+                select {
+                case readError := <-stdoutCh:
+                        errors = appendError(errors, readError)
+                        finished = true
+                case execError := <-execCh:
+                        err := outWritePipe.Close()
+                        errors = appendError(errors, err)
+                        errors = appendError(errors, execError)
+                        if errors != nil {
+                                return output.Bytes(), awserr.NewBatchError(
+                                        ErrCodeProcessProviderExecution,
+                                        errMsgProcessProviderProcess,
+                                        errors)
+                        }
+                case <-time.After(p.Timeout):
+                        finished = true
+                        return output.Bytes(), awserr.NewBatchError(
+                                ErrCodeProcessProviderExecution,
+                                errMsgProcessProviderTimeout,
+                                errors) // errors can be nil
+                }
+        }
+
+        out := output.Bytes()
+
+        if runtime.GOOS == "windows" {
+                // windows adds slashes to quotes
+                out = []byte(strings.Replace(string(out), `\"`, `"`, -1))
+        }
+
+        return out, nil
+}
+
+// appendError conveniently checks for nil before appending slice
+func appendError(errors []error, err error) []error {
+        if err != nil {
+                return append(errors, err)
+        }
+        return errors
+}
+
+func executeCommand(cmd exec.Cmd, exec chan error) {
+        // Start the command
+        err := cmd.Start()
+        if err == nil {
+                err = cmd.Wait()
+        }
+
+        exec <- err
+}
+
+func readInput(r io.Reader, w io.Writer, read chan error) {
+        tee := io.TeeReader(r, w)
+
+        _, err := ioutil.ReadAll(tee)
+
+        if err == io.EOF {
+                err = nil
+        }
+
+        read <- err // will only arrive here when write end of pipe is closed
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
index 51e21e0..e155149 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
@@ -4,9 +4,8 @@ import (
         "fmt"
         "os"
 
-        "github.com/go-ini/ini"
-
         "github.com/aws/aws-sdk-go/aws/awserr"
+        "github.com/aws/aws-sdk-go/internal/ini"
         "github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 
@@ -77,36 +76,37 @@ func (p *SharedCredentialsProvider) IsExpired() bool {
 // The credentials retrieved from the profile will be returned or error. Error will be
 // returned if it fails to read from the file, or the data is invalid.
 func loadProfile(filename, profile string) (Value, error) {
-        config, err := ini.Load(filename)
+        config, err := ini.OpenFile(filename)
         if err != nil {
                 return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to load shared credentials file", err)
         }
-        iniProfile, err := config.GetSection(profile)
-        if err != nil {
-                return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to get profile", err)
+
+        iniProfile, ok := config.GetSection(profile)
+        if !ok {
+                return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to get profile", nil)
         }
 
-        id, err := iniProfile.GetKey("aws_access_key_id")
-        if err != nil {
+        id := iniProfile.String("aws_access_key_id")
+        if len(id) == 0 {
                 return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsAccessKey",
                         fmt.Sprintf("shared credentials %s in %s did not contain aws_access_key_id", profile, filename),
-                        err)
+                        nil)
         }
 
-        secret, err := iniProfile.GetKey("aws_secret_access_key")
-        if err != nil {
+        secret := iniProfile.String("aws_secret_access_key")
+        if len(secret) == 0 {
                 return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsSecret",
                         fmt.Sprintf("shared credentials %s in %s did not contain aws_secret_access_key", profile, filename),
                         nil)
         }
 
         // Default to empty string if not found
-        token := iniProfile.Key("aws_session_token")
+        token := iniProfile.String("aws_session_token")
 
         return Value{
-                AccessKeyID:     id.String(),
-                SecretAccessKey: secret.String(),
-                SessionToken:    token.String(),
+                AccessKeyID:     id,
+                SecretAccessKey: secret,
+                SessionToken:    token,
                 ProviderName:    SharedCredsProviderName,
         }, nil
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
index 4f5dab3..531139e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
@@ -9,8 +9,6 @@ const StaticProviderName = "StaticProvider"
 
 var (
         // ErrStaticCredentialsEmpty is emitted when static credentials are empty.
-        //
-        // @readonly
         ErrStaticCredentialsEmpty = awserr.New("EmptyStaticCreds", "static credentials are empty", nil)
 )
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
index 4108e43..b6dbfd2 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
@@ -80,16 +80,18 @@ package stscreds
 
 import (
         "fmt"
+        "os"
         "time"
 
         "github.com/aws/aws-sdk-go/aws"
         "github.com/aws/aws-sdk-go/aws/awserr"
         "github.com/aws/aws-sdk-go/aws/client"
         "github.com/aws/aws-sdk-go/aws/credentials"
+        "github.com/aws/aws-sdk-go/internal/sdkrand"
         "github.com/aws/aws-sdk-go/service/sts"
 )
 
-// StdinTokenProvider will prompt on stdout and read from stdin for a string value.
+// StdinTokenProvider will prompt on stderr and read from stdin for a string value.
 // An error is returned if reading from stdin fails.
 //
 // Use this function go read MFA tokens from stdin. The function makes no attempt
@@ -102,7 +104,7 @@ import (
 // Will wait forever until something is provided on the stdin.
 func StdinTokenProvider() (string, error) {
         var v string
-        fmt.Printf("Assume Role MFA token code: ")
+        fmt.Fprintf(os.Stderr, "Assume Role MFA token code: ")
         _, err := fmt.Scanln(&v)
 
         return v, err
@@ -193,6 +195,18 @@ type AssumeRoleProvider struct {
         //
         // If ExpiryWindow is 0 or less it will be ignored.
         ExpiryWindow time.Duration
+
+        // MaxJitterFrac reduces the effective Duration of each credential requested
+        // by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must
+        // have a value between 0 and 1. Any other value may lead to expected behavior.
+        // With a MaxJitterFrac value of 0, default) will no jitter will be used.
+        // 
+        // For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the
+        // AssumeRole call will be made with an arbitrary Duration between 27m and
+        // 30m.
+        //
+        // MaxJitterFrac should not be negative.
+        MaxJitterFrac float64
 }
 
 // NewCredentials returns a pointer to a new Credentials object wrapping the
@@ -254,8 +268,9 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
                 // Expire as often as AWS permits.
                 p.Duration = DefaultDuration
         }
+        jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration))
         input := &sts.AssumeRoleInput{
-                DurationSeconds: aws.Int64(int64(p.Duration / time.Second)),
+                DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)),
                 RoleArn:         aws.String(p.RoleARN),
                 RoleSessionName: aws.String(p.RoleSessionName),
                 ExternalId:      p.ExternalID,
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
index 4b0d630..5bacc79 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
@@ -3,6 +3,8 @@ package csm
 import (
         "strconv"
         "time"
+
+        "github.com/aws/aws-sdk-go/aws"
 )
 
 type metricTime time.Time
@@ -39,6 +41,12 @@ type metric struct {
         SDKException        *string `json:"SdkException,omitempty"`
         SDKExceptionMessage *string `json:"SdkExceptionMessage,omitempty"`
 
+        FinalHTTPStatusCode      *int    `json:"FinalHttpStatusCode,omitempty"`
+        FinalAWSException        *string `json:"FinalAwsException,omitempty"`
+        FinalAWSExceptionMessage *string `json:"FinalAwsExceptionMessage,omitempty"`
+        FinalSDKException        *string `json:"FinalSdkException,omitempty"`
+        FinalSDKExceptionMessage *string `json:"FinalSdkExceptionMessage,omitempty"`
+
         DestinationIP    *string `json:"DestinationIp,omitempty"`
         ConnectionReused *int    `json:"ConnectionReused,omitempty"`
 
@@ -48,4 +56,54 @@ type metric struct {
         DNSLatency               *int `json:"DnsLatency,omitempty"`
         TCPLatency               *int `json:"TcpLatency,omitempty"`
         SSLLatency               *int `json:"SslLatency,omitempty"`
+
+        MaxRetriesExceeded *int `json:"MaxRetriesExceeded,omitempty"`
+}
+
+func (m *metric) TruncateFields() {
+        m.ClientID = truncateString(m.ClientID, 255)
+        m.UserAgent = truncateString(m.UserAgent, 256)
+
+        m.AWSException = truncateString(m.AWSException, 128)
+        m.AWSExceptionMessage = truncateString(m.AWSExceptionMessage, 512)
+
+        m.SDKException = truncateString(m.SDKException, 128)
+        m.SDKExceptionMessage = truncateString(m.SDKExceptionMessage, 512)
+
+        m.FinalAWSException = truncateString(m.FinalAWSException, 128)
+        m.FinalAWSExceptionMessage = truncateString(m.FinalAWSExceptionMessage, 512)
+
+        m.FinalSDKException = truncateString(m.FinalSDKException, 128)
+        m.FinalSDKExceptionMessage = truncateString(m.FinalSDKExceptionMessage, 512)
+}
+
+func truncateString(v *string, l int) *string {
+        if v != nil && len(*v) > l {
+                nv := (*v)[:l]
+                return &nv
+        }
+
+        return v
+}
+
+func (m *metric) SetException(e metricException) {
+        switch te := e.(type) {
+        case awsException:
+                m.AWSException = aws.String(te.exception)
+                m.AWSExceptionMessage = aws.String(te.message)
+        case sdkException:
+                m.SDKException = aws.String(te.exception)
+                m.SDKExceptionMessage = aws.String(te.message)
+        }
+}
+
+func (m *metric) SetFinalException(e metricException) {
+        switch te := e.(type) {
+        case awsException:
+                m.FinalAWSException = aws.String(te.exception)
+                m.FinalAWSExceptionMessage = aws.String(te.message)
+        case sdkException:
+                m.FinalSDKException = aws.String(te.exception)
+                m.FinalSDKExceptionMessage = aws.String(te.message)
+        }
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
new file mode 100644
index 0000000..54a9928
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
@@ -0,0 +1,26 @@
+package csm
+
+type metricException interface {
+        Exception() string
+        Message() string
+}
+
+type requestException struct {
+        exception string
+        message   string
+}
+
+func (e requestException) Exception() string {
+        return e.exception
+}
+func (e requestException) Message() string {
+        return e.message
+}
+
+type awsException struct {
+        requestException
+}
+
+type sdkException struct {
+        requestException
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
index 11082e5..0b5571a 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
@@ -82,14 +82,15 @@ func (rep *Reporter) sendAPICallAttemptMetric(r *request.Request) {
 
         if r.Error != nil {
                 if awserr, ok := r.Error.(awserr.Error); ok {
-                        setError(&m, awserr)
+                        m.SetException(getMetricException(awserr))
                 }
         }
 
+        m.TruncateFields()
         rep.metricsCh.Push(m)
 }
 
-func setError(m *metric, err awserr.Error) {
+func getMetricException(err awserr.Error) metricException {
         msg := err.Error()
         code := err.Code()
 
@@ -97,11 +98,13 @@ func setError(m *metric, err awserr.Error) {
         case "RequestError",
                 "SerializationError",
                 request.CanceledErrorCode:
-                m.SDKException = &code
-                m.SDKExceptionMessage = &msg
+                return sdkException{
+                        requestException{exception: code, message: msg},
+                }
         default:
-                m.AWSException = &code
-                m.AWSExceptionMessage = &msg
+                return awsException{
+                        requestException{exception: code, message: msg},
+                }
         }
 }
 
@@ -112,16 +115,31 @@ func (rep *Reporter) sendAPICallMetric(r *request.Request) {
 
         now := time.Now()
         m := metric{
-                ClientID:      aws.String(rep.clientID),
-                API:           aws.String(r.Operation.Name),
-                Service:       aws.String(r.ClientInfo.ServiceID),
-                Timestamp:     (*metricTime)(&now),
-                Type:          aws.String("ApiCall"),
-                AttemptCount:  aws.Int(r.RetryCount + 1),
-                Latency:       aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)),
-                XAmzRequestID: aws.String(r.RequestID),
+                ClientID:           aws.String(rep.clientID),
+                API:                aws.String(r.Operation.Name),
+                Service:            aws.String(r.ClientInfo.ServiceID),
+                Timestamp:          (*metricTime)(&now),
+                UserAgent:          aws.String(r.HTTPRequest.Header.Get("User-Agent")),
+                Type:               aws.String("ApiCall"),
+                AttemptCount:       aws.Int(r.RetryCount + 1),
+                Region:             r.Config.Region,
+                Latency:            aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)),
+                XAmzRequestID:      aws.String(r.RequestID),
+                MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())),
+        }
+
+        if r.HTTPResponse != nil {
+                m.FinalHTTPStatusCode = aws.Int(r.HTTPResponse.StatusCode)
         }
 
+        if r.Error != nil {
+                if awserr, ok := r.Error.(awserr.Error); ok {
+                        m.SetFinalException(getMetricException(awserr))
+                }
+        }
+
+        m.TruncateFields()
+
         // TODO: Probably want to figure something out for logging dropped
         // metrics
         rep.metricsCh.Push(m)
@@ -221,11 +239,22 @@ func (rep *Reporter) InjectHandlers(handlers *request.Handlers) {
                 return
         }
 
-        apiCallHandler := request.NamedHandler{Name: APICallMetricHandlerName, Fn: rep.sendAPICallMetric}
-        apiCallAttemptHandler := request.NamedHandler{Name: APICallAttemptMetricHandlerName, Fn: rep.sendAPICallAttemptMetric}
+        handlers.Complete.PushFrontNamed(request.NamedHandler{
+                Name: APICallMetricHandlerName,
+                Fn:   rep.sendAPICallMetric,
+        })
 
-        handlers.Complete.PushFrontNamed(apiCallHandler)
-        handlers.Complete.PushFrontNamed(apiCallAttemptHandler)
+        handlers.CompleteAttempt.PushFrontNamed(request.NamedHandler{
+                Name: APICallAttemptMetricHandlerName,
+                Fn:   rep.sendAPICallAttemptMetric,
+        })
+}
+
+// boolIntValue return 1 for true and 0 for false.
+func boolIntValue(b bool) int {
+        if b {
+                return 1
+        }
 
-        handlers.AfterRetry.PushFrontNamed(apiCallAttemptHandler)
+        return 0
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
index 5040a2f..23bb639 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
@@ -24,6 +24,7 @@ import (
         "github.com/aws/aws-sdk-go/aws/ec2metadata"
         "github.com/aws/aws-sdk-go/aws/endpoints"
         "github.com/aws/aws-sdk-go/aws/request"
+        "github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 
 // A Defaults provides a collection of default values for SDK clients.
@@ -112,8 +113,8 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro
 }
 
 const (
-        httpProviderEnvVar     = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
-        ecsCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+        httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
+        httpProviderEnvVar              = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
 )
 
 // RemoteCredProvider returns a credentials provider for the default remote
@@ -123,8 +124,8 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P
                 return localHTTPCredProvider(cfg, handlers, u)
         }
 
-        if uri := os.Getenv(ecsCredsProviderEnvVar); len(uri) > 0 {
-                u := fmt.Sprintf("http://169.254.170.2%s", uri)
+        if uri := os.Getenv(shareddefaults.ECSCredsProviderEnvVar); len(uri) > 0 {
+                u := fmt.Sprintf("%s%s", shareddefaults.ECSContainerCredentialsURI, uri)
                 return httpCredProvider(cfg, handlers, u)
         }
 
@@ -187,6 +188,7 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede
         return endpointcreds.NewProviderClient(cfg, handlers, u,
                 func(p *endpointcreds.Provider) {
                         p.ExpiryWindow = 5 * time.Minute
+                        p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
                 },
         )
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
index c215cd3..d57a1af 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
@@ -24,8 +24,9 @@ func (c *EC2Metadata) GetMetadata(p string) (string, error) {
 
         output := &metadataOutput{}
         req := c.NewRequest(op, nil, output)
+        err := req.Send()
 
-        return output.Content, req.Send()
+        return output.Content, err
 }
 
 // GetUserData returns the userdata that was configured for the service. If
@@ -45,8 +46,9 @@ func (c *EC2Metadata) GetUserData() (string, error) {
                         r.Error = awserr.New("NotFoundError", "user-data not found", r.Error)
                 }
         })
+        err := req.Send()
 
-        return output.Content, req.Send()
+        return output.Content, err
 }
 
 // GetDynamicData uses the path provided to request information from the EC2
@@ -61,8 +63,9 @@ func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
 
         output := &metadataOutput{}
         req := c.NewRequest(op, nil, output)
+        err := req.Send()
 
-        return output.Content, req.Send()
+        return output.Content, err
 }
 
 // GetInstanceIdentityDocument retrieves an identity document describing an
@@ -118,6 +121,10 @@ func (c *EC2Metadata) Region() (string, error) {
                 return "", err
         }
 
+        if len(resp) == 0 {
+                return "", awserr.New("EC2MetadataError", "invalid Region response", nil)
+        }
+
         // returns region without the suffix. Eg: us-west-2a becomes us-west-2
         return resp[:len(resp)-1], nil
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
index ef5f732..f4438ea 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
@@ -4,7 +4,7 @@
 // This package's client can be disabled completely by setting the environment
 // variable "AWS_EC2_METADATA_DISABLED=true". This environment variable set to
 // true instructs the SDK to disable the EC2 Metadata client. The client cannot
-// be used while the environemnt variable is set to true, (case insensitive).
+// be used while the environment variable is set to true, (case insensitive).
 package ec2metadata
 
 import (
@@ -72,6 +72,7 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
                         cfg,
                         metadata.ClientInfo{
                                 ServiceName: ServiceName,
+                                ServiceID:   ServiceName,
                                 Endpoint:    endpoint,
                                 APIVersion:  "latest",
                         },
@@ -91,6 +92,9 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
                 svc.Handlers.Send.SwapNamed(request.NamedHandler{
                         Name: corehandlers.SendHandler.Name,
                         Fn: func(r *request.Request) {
+                                r.HTTPResponse = &http.Response{
+                                        Header: http.Header{},
+                                }
                                 r.Error = awserr.New(
                                         request.CanceledErrorCode,
                                         "EC2 IMDS access disabled via "+disableServiceEnvVar+" env var",
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
index 74f72de..87b9ff3 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
@@ -84,6 +84,8 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
                 custAddEC2Metadata(p)
                 custAddS3DualStack(p)
                 custRmIotDataService(p)
+                custFixAppAutoscalingChina(p)
+                custFixAppAutoscalingUsGov(p)
         }
 
         return ps, nil
@@ -94,7 +96,12 @@ func custAddS3DualStack(p *partition) {
                 return
         }
 
-        s, ok := p.Services["s3"]
+        custAddDualstack(p, "s3")
+        custAddDualstack(p, "s3-control")
+}
+
+func custAddDualstack(p *partition, svcName string) {
+        s, ok := p.Services[svcName]
         if !ok {
                 return
         }
@@ -102,7 +109,7 @@ func custAddS3DualStack(p *partition) {
         s.Defaults.HasDualStack = boxedTrue
         s.Defaults.DualStackHostname = "{service}.dualstack.{region}.{dnsSuffix}"
 
-        p.Services["s3"] = s
+        p.Services[svcName] = s
 }
 
 func custAddEC2Metadata(p *partition) {
@@ -122,6 +129,54 @@ func custRmIotDataService(p *partition) {
         delete(p.Services, "data.iot")
 }
 
+func custFixAppAutoscalingChina(p *partition) {
+        if p.ID != "aws-cn" {
+                return
+        }
+
+        const serviceName = "application-autoscaling"
+        s, ok := p.Services[serviceName]
+        if !ok {
+                return
+        }
+
+        const expectHostname = `autoscaling.{region}.amazonaws.com`
+        if e, a := s.Defaults.Hostname, expectHostname; e != a {
+                fmt.Printf("custFixAppAutoscalingChina: ignoring customization, expected %s, got %s\n", e, a)
+                return
+        }
+
+        s.Defaults.Hostname = expectHostname + ".cn"
+        p.Services[serviceName] = s
+}
+
+func custFixAppAutoscalingUsGov(p *partition) {
+        if p.ID != "aws-us-gov" {
+                return
+        }
+
+        const serviceName = "application-autoscaling"
+        s, ok := p.Services[serviceName]
+        if !ok {
+                return
+        }
+
+        if a := s.Defaults.CredentialScope.Service; a != "" {
+                fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty credential scope service, got %s\n", a)
+                return
+        }
+
+        if a := s.Defaults.Hostname; a != "" {
+                fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty hostname, got %s\n", a)
+                return
+        }
+
+        s.Defaults.CredentialScope.Service = "application-autoscaling"
+        s.Defaults.Hostname = "autoscaling.{region}.amazonaws.com"
+
+        p.Services[serviceName] = s
+}
+
 type decodeModelError struct {
         awsError
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index 8e823be..50e170e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -15,6 +15,7 @@ const (
 
 // AWS Standard partition's regions.
 const (
+        ApEast1RegionID      = "ap-east-1"      // Asia Pacific (Hong Kong).
         ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo).
         ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul).
         ApSouth1RegionID     = "ap-south-1"     // Asia Pacific (Mumbai).
@@ -22,6 +23,7 @@ const (
         ApSoutheast2RegionID = "ap-southeast-2" // Asia Pacific (Sydney).
         CaCentral1RegionID   = "ca-central-1"   // Canada (Central).
         EuCentral1RegionID   = "eu-central-1"   // EU (Frankfurt).
+        EuNorth1RegionID     = "eu-north-1"     // EU (Stockholm).
         EuWest1RegionID      = "eu-west-1"      // EU (Ireland).
         EuWest2RegionID      = "eu-west-2"      // EU (London).
         EuWest3RegionID      = "eu-west-3"      // EU (Paris).
@@ -40,140 +42,10 @@ const (
 
 // AWS GovCloud (US) partition's regions.
 const (
+        UsGovEast1RegionID = "us-gov-east-1" // AWS GovCloud (US-East).
         UsGovWest1RegionID = "us-gov-west-1" // AWS GovCloud (US).
 )
 
-// Service identifiers
-const (
-        A4bServiceID                          = "a4b"                          // A4b.
-        AcmServiceID                          = "acm"                          // Acm.
-        AcmPcaServiceID                       = "acm-pca"                      // AcmPca.
-        ApiMediatailorServiceID               = "api.mediatailor"              // ApiMediatailor.
-        ApiPricingServiceID                   = "api.pricing"                  // ApiPricing.
-        ApigatewayServiceID                   = "apigateway"                   // Apigateway.
-        ApplicationAutoscalingServiceID       = "application-autoscaling"      // ApplicationAutoscaling.
-        Appstream2ServiceID                   = "appstream2"                   // Appstream2.
-        AthenaServiceID                       = "athena"                       // Athena.
-        AutoscalingServiceID                  = "autoscaling"                  // Autoscaling.
-        AutoscalingPlansServiceID             = "autoscaling-plans"            // AutoscalingPlans.
-        BatchServiceID                        = "batch"                        // Batch.
-        BudgetsServiceID                      = "budgets"                      // Budgets.
-        CeServiceID                           = "ce"                           // Ce.
-        Cloud9ServiceID                       = "cloud9"                       // Cloud9.
-        ClouddirectoryServiceID               = "clouddirectory"               // Clouddirectory.
-        CloudformationServiceID               = "cloudformation"               // Cloudformation.
-        CloudfrontServiceID                   = "cloudfront"                   // Cloudfront.
-        CloudhsmServiceID                     = "cloudhsm"                     // Cloudhsm.
-        Cloudhsmv2ServiceID                   = "cloudhsmv2"                   // Cloudhsmv2.
-        CloudsearchServiceID                  = "cloudsearch"                  // Cloudsearch.
-        CloudtrailServiceID                   = "cloudtrail"                   // Cloudtrail.
-        CodebuildServiceID                    = "codebuild"                    // Codebuild.
-        CodecommitServiceID                   = "codecommit"                   // Codecommit.
-        CodedeployServiceID                   = "codedeploy"                   // Codedeploy.
-        CodepipelineServiceID                 = "codepipeline"                 // Codepipeline.
-        CodestarServiceID                     = "codestar"                     // Codestar.
-        CognitoIdentityServiceID              = "cognito-identity"             // CognitoIdentity.
-        CognitoIdpServiceID                   = "cognito-idp"                  // CognitoIdp.
-        CognitoSyncServiceID                  = "cognito-sync"                 // CognitoSync.
-        ComprehendServiceID                   = "comprehend"                   // Comprehend.
-        ConfigServiceID                       = "config"                       // Config.
-        CurServiceID                          = "cur"                          // Cur.
-        DatapipelineServiceID                 = "datapipeline"                 // Datapipeline.
-        DaxServiceID                          = "dax"                          // Dax.
-        DevicefarmServiceID                   = "devicefarm"                   // Devicefarm.
-        DirectconnectServiceID                = "directconnect"                // Directconnect.
-        DiscoveryServiceID                    = "discovery"                    // Discovery.
-        DmsServiceID                          = "dms"                          // Dms.
-        DsServiceID                           = "ds"                           // Ds.
-        DynamodbServiceID                     = "dynamodb"                     // Dynamodb.
-        Ec2ServiceID                          = "ec2"                          // Ec2.
-        Ec2metadataServiceID                  = "ec2metadata"                  // Ec2metadata.
-        EcrServiceID                          = "ecr"                          // Ecr.
-        EcsServiceID                          = "ecs"                          // Ecs.
-        ElasticacheServiceID                  = "elasticache"                  // Elasticache.
-        ElasticbeanstalkServiceID             = "elasticbeanstalk"             // Elasticbeanstalk.
-        ElasticfilesystemServiceID            = "elasticfilesystem"            // Elasticfilesystem.
-        ElasticloadbalancingServiceID         = "elasticloadbalancing"         // Elasticloadbalancing.
-        ElasticmapreduceServiceID             = "elasticmapreduce"             // Elasticmapreduce.
-        ElastictranscoderServiceID            = "elastictranscoder"            // Elastictranscoder.
-        EmailServiceID                        = "email"                        // Email.
-        EntitlementMarketplaceServiceID       = "entitlement.marketplace"      // EntitlementMarketplace.
-        EsServiceID                           = "es"                           // Es.
-        EventsServiceID                       = "events"                       // Events.
-        FirehoseServiceID                     = "firehose"                     // Firehose.
-        FmsServiceID                          = "fms"                          // Fms.
-        GameliftServiceID                     = "gamelift"                     // Gamelift.
-        GlacierServiceID                      = "glacier"                      // Glacier.
-        GlueServiceID                         = "glue"                         // Glue.
-        GreengrassServiceID                   = "greengrass"                   // Greengrass.
-        GuarddutyServiceID                    = "guardduty"                    // Guardduty.
-        HealthServiceID                       = "health"                       // Health.
-        IamServiceID                          = "iam"                          // Iam.
-        ImportexportServiceID                 = "importexport"                 // Importexport.
-        InspectorServiceID                    = "inspector"                    // Inspector.
-        IotServiceID                          = "iot"                          // Iot.
-        KinesisServiceID                      = "kinesis"                      // Kinesis.
-        KinesisanalyticsServiceID             = "kinesisanalytics"             // Kinesisanalytics.
-        KinesisvideoServiceID                 = "kinesisvideo"                 // Kinesisvideo.
-        KmsServiceID                          = "kms"                          // Kms.
-        LambdaServiceID                       = "lambda"                       // Lambda.
-        LightsailServiceID                    = "lightsail"                    // Lightsail.
-        LogsServiceID                         = "logs"                         // Logs.
-        MachinelearningServiceID              = "machinelearning"              // Machinelearning.
-        MarketplacecommerceanalyticsServiceID = "marketplacecommerceanalytics" // Marketplacecommerceanalytics.
-        MediaconvertServiceID                 = "mediaconvert"                 // Mediaconvert.
-        MedialiveServiceID                    = "medialive"                    // Medialive.
-        MediapackageServiceID                 = "mediapackage"                 // Mediapackage.
-        MediastoreServiceID                   = "mediastore"                   // Mediastore.
-        MeteringMarketplaceServiceID          = "metering.marketplace"         // MeteringMarketplace.
-        MghServiceID                          = "mgh"                          // Mgh.
-        MobileanalyticsServiceID              = "mobileanalytics"              // Mobileanalytics.
-        ModelsLexServiceID                    = "models.lex"                   // ModelsLex.
-        MonitoringServiceID                   = "monitoring"                   // Monitoring.
-        MturkRequesterServiceID               = "mturk-requester"              // MturkRequester.
-        NeptuneServiceID                      = "neptune"                      // Neptune.
-        OpsworksServiceID                     = "opsworks"                     // Opsworks.
-        OpsworksCmServiceID                   = "opsworks-cm"                  // OpsworksCm.
-        OrganizationsServiceID                = "organizations"                // Organizations.
-        PinpointServiceID                     = "pinpoint"                     // Pinpoint.
-        PollyServiceID                        = "polly"                        // Polly.
-        RdsServiceID                          = "rds"                          // Rds.
-        RedshiftServiceID                     = "redshift"                     // Redshift.
-        RekognitionServiceID                  = "rekognition"                  // Rekognition.
-        ResourceGroupsServiceID               = "resource-groups"              // ResourceGroups.
-        Route53ServiceID                      = "route53"                      // Route53.
-        Route53domainsServiceID               = "route53domains"               // Route53domains.
-        RuntimeLexServiceID                   = "runtime.lex"                  // RuntimeLex.
-        RuntimeSagemakerServiceID             = "runtime.sagemaker"            // RuntimeSagemaker.
-        S3ServiceID                           = "s3"                           // S3.
-        SagemakerServiceID                    = "sagemaker"                    // Sagemaker.
-        SdbServiceID                          = "sdb"                          // Sdb.
-        SecretsmanagerServiceID               = "secretsmanager"               // Secretsmanager.
-        ServerlessrepoServiceID               = "serverlessrepo"               // Serverlessrepo.
-        ServicecatalogServiceID               = "servicecatalog"               // Servicecatalog.
-        ServicediscoveryServiceID             = "servicediscovery"             // Servicediscovery.
-        ShieldServiceID                       = "shield"                       // Shield.
-        SmsServiceID                          = "sms"                          // Sms.
-        SnowballServiceID                     = "snowball"                     // Snowball.
-        SnsServiceID                          = "sns"                          // Sns.
-        SqsServiceID                          = "sqs"                          // Sqs.
-        SsmServiceID                          = "ssm"                          // Ssm.
-        StatesServiceID                       = "states"                       // States.
-        StoragegatewayServiceID               = "storagegateway"               // Storagegateway.
-        StreamsDynamodbServiceID              = "streams.dynamodb"             // StreamsDynamodb.
-        StsServiceID                          = "sts"                          // Sts.
-        SupportServiceID                      = "support"                      // Support.
-        SwfServiceID                          = "swf"                          // Swf.
-        TaggingServiceID                      = "tagging"                      // Tagging.
-        TranslateServiceID                    = "translate"                    // Translate.
-        WafServiceID                          = "waf"                          // Waf.
-        WafRegionalServiceID                  = "waf-regional"                 // WafRegional.
-        WorkdocsServiceID                     = "workdocs"                     // Workdocs.
-        WorkmailServiceID                     = "workmail"                     // Workmail.
-        WorkspacesServiceID                   = "workspaces"                   // Workspaces.
-        XrayServiceID                         = "xray"                         // Xray.
-)
-
 // DefaultResolver returns an Endpoint resolver that will be able
 // to resolve endpoints for: AWS Standard, AWS China, and AWS GovCloud (US).
 //
@@ -220,6 +92,9 @@ var awsPartition = partition{
                 SignatureVersions: []string{"v4"},
         },
         Regions: regions{
+                "ap-east-1": region{
+                        Description: "Asia Pacific (Hong Kong)",
+                },
                 "ap-northeast-1": region{
                         Description: "Asia Pacific (Tokyo)",
                 },
@@ -241,6 +116,9 @@ var awsPartition = partition{
                 "eu-central-1": region{
                         Description: "EU (Frankfurt)",
                 },
+                "eu-north-1": region{
+                        Description: "EU (Stockholm)",
+                },
                 "eu-west-1": region{
                         Description: "EU (Ireland)",
                 },
@@ -276,6 +154,7 @@ var awsPartition = partition{
                 "acm": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -283,6 +162,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -299,16 +179,129 @@ var awsPartition = partition{
                         },
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
                                 "us-west-2":      endpoint{},
                         },
                 },
+                "api.ecr": service{
+
+                        Endpoints: endpoints{
+                                "ap-east-1": endpoint{
+                                        Hostname: "api.ecr.ap-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-east-1",
+                                        },
+                                },
+                                "ap-northeast-1": endpoint{
+                                        Hostname: "api.ecr.ap-northeast-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-northeast-1",
+                                        },
+                                },
+                                "ap-northeast-2": endpoint{
+                                        Hostname: "api.ecr.ap-northeast-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-northeast-2",
+                                        },
+                                },
+                                "ap-south-1": endpoint{
+                                        Hostname: "api.ecr.ap-south-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-south-1",
+                                        },
+                                },
+                                "ap-southeast-1": endpoint{
+                                        Hostname: "api.ecr.ap-southeast-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-southeast-1",
+                                        },
+                                },
+                                "ap-southeast-2": endpoint{
+                                        Hostname: "api.ecr.ap-southeast-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-southeast-2",
+                                        },
+                                },
+                                "ca-central-1": endpoint{
+                                        Hostname: "api.ecr.ca-central-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ca-central-1",
+                                        },
+                                },
+                                "eu-central-1": endpoint{
+                                        Hostname: "api.ecr.eu-central-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-central-1",
+                                        },
+                                },
+                                "eu-north-1": endpoint{
+                                        Hostname: "api.ecr.eu-north-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-north-1",
+                                        },
+                                },
+                                "eu-west-1": endpoint{
+                                        Hostname: "api.ecr.eu-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-west-1",
+                                        },
+                                },
+                                "eu-west-2": endpoint{
+                                        Hostname: "api.ecr.eu-west-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-west-2",
+                                        },
+                                },
+                                "eu-west-3": endpoint{
+                                        Hostname: "api.ecr.eu-west-3.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-west-3",
+                                        },
+                                },
+                                "sa-east-1": endpoint{
+                                        Hostname: "api.ecr.sa-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "sa-east-1",
+                                        },
+                                },
+                                "us-east-1": endpoint{
+                                        Hostname: "api.ecr.us-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
+                                "us-east-2": endpoint{
+                                        Hostname: "api.ecr.us-east-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-2",
+                                        },
+                                },
+                                "us-west-1": endpoint{
+                                        Hostname: "api.ecr.us-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-1",
+                                        },
+                                },
+                                "us-west-2": endpoint{
+                                        Hostname: "api.ecr.us-west-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-2",
+                                        },
+                                },
+                        },
+                },
                 "api.mediatailor": service{
 
                         Endpoints: endpoints{
@@ -317,6 +310,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "us-east-1":      endpoint{},
+                                "us-west-2":      endpoint{},
                         },
                 },
                 "api.pricing": service{
@@ -330,9 +324,52 @@ var awsPartition = partition{
                                 "us-east-1":  endpoint{},
                         },
                 },
+                "api.sagemaker": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-1-fips": endpoint{
+                                        Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
+                                "us-east-2": endpoint{},
+                                "us-east-2-fips": endpoint{
+                                        Hostname: "api-fips.sagemaker.us-east-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-2",
+                                        },
+                                },
+                                "us-west-1": endpoint{},
+                                "us-west-1-fips": endpoint{
+                                        Hostname: "api-fips.sagemaker.us-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-1",
+                                        },
+                                },
+                                "us-west-2": endpoint{},
+                                "us-west-2-fips": endpoint{
+                                        Hostname: "api-fips.sagemaker.us-west-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-2",
+                                        },
+                                },
+                        },
+                },
                 "apigateway": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -340,6 +377,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -359,6 +397,7 @@ var awsPartition = partition{
                                 },
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -366,6 +405,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -385,19 +425,43 @@ var awsPartition = partition{
                         },
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-west-2":      endpoint{},
                         },
                 },
+                "appsync": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
                 "athena": service{
 
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
                                 "us-west-2":      endpoint{},
@@ -408,6 +472,7 @@ var awsPartition = partition{
                                 Protocols: []string{"http", "https"},
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -415,6 +480,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -434,10 +500,18 @@ var awsPartition = partition{
                                 },
                         },
                         Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
+                                "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
                                 "us-west-2":      endpoint{},
                         },
                 },
@@ -451,8 +525,11 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
+                                "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
                                 "us-west-1":      endpoint{},
@@ -485,9 +562,27 @@ var awsPartition = partition{
                                 },
                         },
                 },
+                "chime": service{
+                        PartitionEndpoint: "aws-global",
+                        IsRegionalized:    boxedFalse,
+                        Defaults: endpoint{
+                                SSLCommonName: "service.chime.aws.amazon.com",
+                                Protocols:     []string{"https"},
+                        },
+                        Endpoints: endpoints{
+                                "aws-global": endpoint{
+                                        Hostname:  "service.chime.aws.amazon.com",
+                                        Protocols: []string{"https"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
+                        },
+                },
                 "cloud9": service{
 
                         Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "us-east-1":      endpoint{},
@@ -500,6 +595,7 @@ var awsPartition = partition{
                         Endpoints: endpoints{
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
@@ -511,6 +607,7 @@ var awsPartition = partition{
                 "cloudformation": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -518,6 +615,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -565,13 +663,16 @@ var awsPartition = partition{
                         },
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
                                 "us-west-1":      endpoint{},
@@ -596,6 +697,7 @@ var awsPartition = partition{
                 "cloudtrail": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -603,6 +705,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -670,11 +773,17 @@ var awsPartition = partition{
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
-                                "sa-east-1":      endpoint{},
-                                "us-east-1":      endpoint{},
-                                "us-east-2":      endpoint{},
-                                "us-west-1":      endpoint{},
-                                "us-west-2":      endpoint{},
+                                "fips": endpoint{
+                                        Hostname: "codecommit-fips.ca-central-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ca-central-1",
+                                        },
+                                },
+                                "sa-east-1": endpoint{},
+                                "us-east-1": endpoint{},
+                                "us-east-2": endpoint{},
+                                "us-west-1": endpoint{},
+                                "us-west-2": endpoint{},
                         },
                 },
                 "codedeploy": service{
@@ -687,14 +796,39 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
                                 "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
-                                "us-east-2":      endpoint{},
-                                "us-west-1":      endpoint{},
-                                "us-west-2":      endpoint{},
+                                "us-east-1-fips": endpoint{
+                                        Hostname: "codedeploy-fips.us-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
+                                "us-east-2": endpoint{},
+                                "us-east-2-fips": endpoint{
+                                        Hostname: "codedeploy-fips.us-east-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-2",
+                                        },
+                                },
+                                "us-west-1": endpoint{},
+                                "us-west-1-fips": endpoint{
+                                        Hostname: "codedeploy-fips.us-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-1",
+                                        },
+                                },
+                                "us-west-2": endpoint{},
+                                "us-west-2-fips": endpoint{
+                                        Hostname: "codedeploy-fips.us-west-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-2",
+                                        },
+                                },
                         },
                 },
                 "codepipeline": service{
@@ -742,6 +876,7 @@ var awsPartition = partition{
                                 "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
@@ -758,6 +893,7 @@ var awsPartition = partition{
                                 "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
@@ -787,6 +923,20 @@ var awsPartition = partition{
                                 Protocols: []string{"https"},
                         },
                         Endpoints: endpoints{
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
+                "comprehendmedical": service{
+
+                        Endpoints: endpoints{
                                 "eu-west-1": endpoint{},
                                 "us-east-1": endpoint{},
                                 "us-east-2": endpoint{},
@@ -796,6 +946,7 @@ var awsPartition = partition{
                 "config": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -803,6 +954,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -829,6 +981,21 @@ var awsPartition = partition{
                                 "us-west-2":      endpoint{},
                         },
                 },
+                "datasync": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
                 "dax": service{
 
                         Endpoints: endpoints{
@@ -836,6 +1003,7 @@ var awsPartition = partition{
                                 "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
@@ -860,6 +1028,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -879,6 +1048,7 @@ var awsPartition = partition{
                 "dms": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -886,6 +1056,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -896,6 +1067,41 @@ var awsPartition = partition{
                                 "us-west-2":      endpoint{},
                         },
                 },
+                "docdb": service{
+
+                        Endpoints: endpoints{
+                                "eu-central-1": endpoint{
+                                        Hostname: "rds.eu-central-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-central-1",
+                                        },
+                                },
+                                "eu-west-1": endpoint{
+                                        Hostname: "rds.eu-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-west-1",
+                                        },
+                                },
+                                "us-east-1": endpoint{
+                                        Hostname: "rds.us-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
+                                "us-east-2": endpoint{
+                                        Hostname: "rds.us-east-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-2",
+                                        },
+                                },
+                                "us-west-2": endpoint{
+                                        Hostname: "rds.us-west-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-2",
+                                        },
+                                },
+                        },
+                },
                 "ds": service{
 
                         Endpoints: endpoints{
@@ -920,6 +1126,7 @@ var awsPartition = partition{
                                 Protocols: []string{"http", "https"},
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -927,6 +1134,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -949,6 +1157,7 @@ var awsPartition = partition{
                                 Protocols: []string{"http", "https"},
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -956,6 +1165,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -977,29 +1187,10 @@ var awsPartition = partition{
                                 },
                         },
                 },
-                "ecr": service{
-
-                        Endpoints: endpoints{
-                                "ap-northeast-1": endpoint{},
-                                "ap-northeast-2": endpoint{},
-                                "ap-south-1":     endpoint{},
-                                "ap-southeast-1": endpoint{},
-                                "ap-southeast-2": endpoint{},
-                                "ca-central-1":   endpoint{},
-                                "eu-central-1":   endpoint{},
-                                "eu-west-1":      endpoint{},
-                                "eu-west-2":      endpoint{},
-                                "eu-west-3":      endpoint{},
-                                "sa-east-1":      endpoint{},
-                                "us-east-1":      endpoint{},
-                                "us-east-2":      endpoint{},
-                                "us-west-1":      endpoint{},
-                                "us-west-2":      endpoint{},
-                        },
-                },
                 "ecs": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1007,6 +1198,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1020,6 +1212,7 @@ var awsPartition = partition{
                 "elasticache": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1027,14 +1220,21 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
-                                "sa-east-1":      endpoint{},
-                                "us-east-1":      endpoint{},
-                                "us-east-2":      endpoint{},
-                                "us-west-1":      endpoint{},
-                                "us-west-2":      endpoint{},
+                                "fips": endpoint{
+                                        Hostname: "elasticache-fips.us-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-1",
+                                        },
+                                },
+                                "sa-east-1": endpoint{},
+                                "us-east-1": endpoint{},
+                                "us-east-2": endpoint{},
+                                "us-west-1": endpoint{},
+                                "us-west-2": endpoint{},
                         },
                 },
                 "elasticbeanstalk": service{
@@ -1047,6 +1247,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1060,10 +1261,13 @@ var awsPartition = partition{
                 "elasticfilesystem": service{
 
                         Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
+                                "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
                                 "us-west-1":      endpoint{},
@@ -1075,6 +1279,7 @@ var awsPartition = partition{
                                 Protocols: []string{"https"},
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1082,6 +1287,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1095,9 +1301,10 @@ var awsPartition = partition{
                 "elasticmapreduce": service{
                         Defaults: endpoint{
                                 SSLCommonName: "{region}.{service}.{dnsSuffix}",
-                                Protocols:     []string{"http", "https"},
+                                Protocols:     []string{"https"},
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1107,10 +1314,11 @@ var awsPartition = partition{
                                 "eu-central-1": endpoint{
                                         SSLCommonName: "{service}.{region}.{dnsSuffix}",
                                 },
-                                "eu-west-1": endpoint{},
-                                "eu-west-2": endpoint{},
-                                "eu-west-3": endpoint{},
-                                "sa-east-1": endpoint{},
+                                "eu-north-1": endpoint{},
+                                "eu-west-1":  endpoint{},
+                                "eu-west-2":  endpoint{},
+                                "eu-west-3":  endpoint{},
+                                "sa-east-1":  endpoint{},
                                 "us-east-1": endpoint{
                                         SSLCommonName: "{service}.{region}.{dnsSuffix}",
                                 },
@@ -1135,9 +1343,10 @@ var awsPartition = partition{
                 "email": service{
 
                         Endpoints: endpoints{
-                                "eu-west-1": endpoint{},
-                                "us-east-1": endpoint{},
-                                "us-west-2": endpoint{},
+                                "eu-central-1": endpoint{},
+                                "eu-west-1":    endpoint{},
+                                "us-east-1":    endpoint{},
+                                "us-west-2":    endpoint{},
                         },
                 },
                 "entitlement.marketplace": service{
@@ -1153,6 +1362,7 @@ var awsPartition = partition{
                 "es": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1160,19 +1370,27 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
-                                "sa-east-1":      endpoint{},
-                                "us-east-1":      endpoint{},
-                                "us-east-2":      endpoint{},
-                                "us-west-1":      endpoint{},
-                                "us-west-2":      endpoint{},
+                                "fips": endpoint{
+                                        Hostname: "es-fips.us-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-1",
+                                        },
+                                },
+                                "sa-east-1": endpoint{},
+                                "us-east-1": endpoint{},
+                                "us-east-2": endpoint{},
+                                "us-west-1": endpoint{},
+                                "us-west-2": endpoint{},
                         },
                 },
                 "events": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1180,6 +1398,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1195,11 +1414,15 @@ var awsPartition = partition{
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
+                                "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
                                 "us-west-1":      endpoint{},
@@ -1211,9 +1434,24 @@ var awsPartition = partition{
                                 Protocols: []string{"https"},
                         },
                         Endpoints: endpoints{
-                                "eu-west-1": endpoint{},
-                                "us-east-1": endpoint{},
-                                "us-west-2": endpoint{},
+                                "ap-northeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
+                "fsx": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-2":      endpoint{},
                         },
                 },
                 "gamelift": service{
@@ -1240,6 +1478,7 @@ var awsPartition = partition{
                                 Protocols: []string{"http", "https"},
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1247,9 +1486,11 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
+                                "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
                                 "us-west-1":      endpoint{},
@@ -1264,11 +1505,14 @@ var awsPartition = partition{
                                 "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
                                 "us-west-2":      endpoint{},
                         },
                 },
@@ -1281,6 +1525,7 @@ var awsPartition = partition{
                                 "ap-northeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-west-2":      endpoint{},
                         },
@@ -1377,9 +1622,21 @@ var awsPartition = partition{
                                 "us-west-2":      endpoint{},
                         },
                 },
+                "iotanalytics": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
                 "kinesis": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1387,6 +1644,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1400,15 +1658,18 @@ var awsPartition = partition{
                 "kinesisanalytics": service{
 
                         Endpoints: endpoints{
-                                "eu-west-1": endpoint{},
-                                "us-east-1": endpoint{},
-                                "us-west-2": endpoint{},
+                                "eu-central-1": endpoint{},
+                                "eu-west-1":    endpoint{},
+                                "us-east-1":    endpoint{},
+                                "us-east-2":    endpoint{},
+                                "us-west-2":    endpoint{},
                         },
                 },
                 "kinesisvideo": service{
 
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "us-east-1":      endpoint{},
@@ -1418,6 +1679,13 @@ var awsPartition = partition{
                 "kms": service{
 
                         Endpoints: endpoints{
+                                "ProdFips": endpoint{
+                                        Hostname: "kms-fips.ca-central-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ca-central-1",
+                                        },
+                                },
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1425,6 +1693,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1438,6 +1707,7 @@ var awsPartition = partition{
                 "lambda": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1445,6 +1715,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1455,6 +1726,22 @@ var awsPartition = partition{
                                 "us-west-2":      endpoint{},
                         },
                 },
+                "license-manager": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
                 "lightsail": service{
 
                         Endpoints: endpoints{
@@ -1476,6 +1763,7 @@ var awsPartition = partition{
                 "logs": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1483,6 +1771,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1506,6 +1795,25 @@ var awsPartition = partition{
                                 "us-east-1": endpoint{},
                         },
                 },
+                "mediaconnect": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
+                                "sa-east-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
                 "mediaconvert": service{
 
                         Endpoints: endpoints{
@@ -1518,6 +1826,7 @@ var awsPartition = partition{
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
                                 "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
@@ -1530,6 +1839,7 @@ var awsPartition = partition{
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "eu-central-1":   endpoint{},
@@ -1544,6 +1854,7 @@ var awsPartition = partition{
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "eu-central-1":   endpoint{},
@@ -1551,6 +1862,7 @@ var awsPartition = partition{
                                 "eu-west-3":      endpoint{},
                                 "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
+                                "us-west-1":      endpoint{},
                                 "us-west-2":      endpoint{},
                         },
                 },
@@ -1558,6 +1870,7 @@ var awsPartition = partition{
 
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
@@ -1572,6 +1885,7 @@ var awsPartition = partition{
                                 },
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1579,6 +1893,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1618,6 +1933,7 @@ var awsPartition = partition{
                                 Protocols: []string{"http", "https"},
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1625,6 +1941,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1635,6 +1952,22 @@ var awsPartition = partition{
                                 "us-west-2":      endpoint{},
                         },
                 },
+                "mq": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
                 "mturk-requester": service{
                         IsRegionalized: boxedFalse,
 
@@ -1648,12 +1981,48 @@ var awsPartition = partition{
                 "neptune": service{
 
                         Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{
+                                        Hostname: "rds.ap-northeast-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-northeast-1",
+                                        },
+                                },
+                                "ap-south-1": endpoint{
+                                        Hostname: "rds.ap-south-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-south-1",
+                                        },
+                                },
+                                "ap-southeast-1": endpoint{
+                                        Hostname: "rds.ap-southeast-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-southeast-1",
+                                        },
+                                },
+                                "ap-southeast-2": endpoint{
+                                        Hostname: "rds.ap-southeast-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-southeast-2",
+                                        },
+                                },
+                                "eu-central-1": endpoint{
+                                        Hostname: "rds.eu-central-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-central-1",
+                                        },
+                                },
                                 "eu-west-1": endpoint{
                                         Hostname: "rds.eu-west-1.amazonaws.com",
                                         CredentialScope: credentialScope{
                                                 Region: "eu-west-1",
                                         },
                                 },
+                                "eu-west-2": endpoint{
+                                        Hostname: "rds.eu-west-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-west-2",
+                                        },
+                                },
                                 "us-east-1": endpoint{
                                         Hostname: "rds.us-east-1.amazonaws.com",
                                         CredentialScope: credentialScope{
@@ -1728,7 +2097,12 @@ var awsPartition = partition{
                                 },
                         },
                         Endpoints: endpoints{
-                                "us-east-1": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-west-2":      endpoint{},
                         },
                 },
                 "polly": service{
@@ -1741,6 +2115,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1754,6 +2129,7 @@ var awsPartition = partition{
                 "rds": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1761,6 +2137,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1776,6 +2153,7 @@ var awsPartition = partition{
                 "redshift": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1783,6 +2161,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -1797,6 +2176,8 @@ var awsPartition = partition{
 
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "us-east-1":      endpoint{},
@@ -1807,6 +2188,7 @@ var awsPartition = partition{
                 "resource-groups": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -1814,8 +2196,10 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
                                 "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
@@ -1823,6 +2207,15 @@ var awsPartition = partition{
                                 "us-west-2":      endpoint{},
                         },
                 },
+                "robomaker": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
                 "route53": service{
                         PartitionEndpoint: "aws-global",
                         IsRegionalized:    boxedFalse,
@@ -1842,6 +2235,27 @@ var awsPartition = partition{
                                 "us-east-1": endpoint{},
                         },
                 },
+                "route53resolver": service{
+                        Defaults: endpoint{
+                                Protocols: []string{"https"},
+                        },
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
                 "runtime.lex": service{
                         Defaults: endpoint{
                                 CredentialScope: credentialScope{
@@ -1858,9 +2272,17 @@ var awsPartition = partition{
 
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
+                                "eu-central-1":   endpoint{},
                                 "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
                                 "us-west-2":      endpoint{},
                         },
                 },
@@ -1875,6 +2297,7 @@ var awsPartition = partition{
                                 DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
                         },
                         Endpoints: endpoints{
+                                "ap-east-1": endpoint{},
                                 "ap-northeast-1": endpoint{
                                         Hostname:          "s3.ap-northeast-1.amazonaws.com",
                                         SignatureVersions: []string{"s3", "s3v4"},
@@ -1891,6 +2314,7 @@ var awsPartition = partition{
                                 },
                                 "ca-central-1": endpoint{},
                                 "eu-central-1": endpoint{},
+                                "eu-north-1":   endpoint{},
                                 "eu-west-1": endpoint{
                                         Hostname:          "s3.eu-west-1.amazonaws.com",
                                         SignatureVersions: []string{"s3", "s3v4"},
@@ -1923,15 +2347,155 @@ var awsPartition = partition{
                                 },
                         },
                 },
-                "sagemaker": service{
+                "s3-control": service{
+                        Defaults: endpoint{
+                                Protocols:         []string{"https"},
+                                SignatureVersions: []string{"s3v4"},
 
+                                HasDualStack:      boxedTrue,
+                                DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
+                        },
                         Endpoints: endpoints{
-                                "ap-northeast-1": endpoint{},
-                                "ap-northeast-2": endpoint{},
-                                "eu-west-1":      endpoint{},
-                                "us-east-1":      endpoint{},
-                                "us-east-2":      endpoint{},
-                                "us-west-2":      endpoint{},
+                                "ap-northeast-1": endpoint{
+                                        Hostname:          "s3-control.ap-northeast-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-northeast-1",
+                                        },
+                                },
+                                "ap-northeast-2": endpoint{
+                                        Hostname:          "s3-control.ap-northeast-2.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-northeast-2",
+                                        },
+                                },
+                                "ap-south-1": endpoint{
+                                        Hostname:          "s3-control.ap-south-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-south-1",
+                                        },
+                                },
+                                "ap-southeast-1": endpoint{
+                                        Hostname:          "s3-control.ap-southeast-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-southeast-1",
+                                        },
+                                },
+                                "ap-southeast-2": endpoint{
+                                        Hostname:          "s3-control.ap-southeast-2.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-southeast-2",
+                                        },
+                                },
+                                "ca-central-1": endpoint{
+                                        Hostname:          "s3-control.ca-central-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "ca-central-1",
+                                        },
+                                },
+                                "eu-central-1": endpoint{
+                                        Hostname:          "s3-control.eu-central-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-central-1",
+                                        },
+                                },
+                                "eu-north-1": endpoint{
+                                        Hostname:          "s3-control.eu-north-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-north-1",
+                                        },
+                                },
+                                "eu-west-1": endpoint{
+                                        Hostname:          "s3-control.eu-west-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-west-1",
+                                        },
+                                },
+                                "eu-west-2": endpoint{
+                                        Hostname:          "s3-control.eu-west-2.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-west-2",
+                                        },
+                                },
+                                "eu-west-3": endpoint{
+                                        Hostname:          "s3-control.eu-west-3.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "eu-west-3",
+                                        },
+                                },
+                                "sa-east-1": endpoint{
+                                        Hostname:          "s3-control.sa-east-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "sa-east-1",
+                                        },
+                                },
+                                "us-east-1": endpoint{
+                                        Hostname:          "s3-control.us-east-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
+                                "us-east-1-fips": endpoint{
+                                        Hostname:          "s3-control-fips.us-east-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
+                                "us-east-2": endpoint{
+                                        Hostname:          "s3-control.us-east-2.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-2",
+                                        },
+                                },
+                                "us-east-2-fips": endpoint{
+                                        Hostname:          "s3-control-fips.us-east-2.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-2",
+                                        },
+                                },
+                                "us-west-1": endpoint{
+                                        Hostname:          "s3-control.us-west-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-1",
+                                        },
+                                },
+                                "us-west-1-fips": endpoint{
+                                        Hostname:          "s3-control-fips.us-west-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-1",
+                                        },
+                                },
+                                "us-west-2": endpoint{
+                                        Hostname:          "s3-control.us-west-2.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-2",
+                                        },
+                                },
+                                "us-west-2-fips": endpoint{
+                                        Hostname:          "s3-control-fips.us-west-2.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-2",
+                                        },
+                                },
                         },
                 },
                 "sdb": service{
@@ -1962,8 +2526,54 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
+                                "sa-east-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-1-fips": endpoint{
+                                        Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
+                                "us-east-2": endpoint{},
+                                "us-east-2-fips": endpoint{
+                                        Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-2",
+                                        },
+                                },
+                                "us-west-1": endpoint{},
+                                "us-west-1-fips": endpoint{
+                                        Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-1",
+                                        },
+                                },
+                                "us-west-2": endpoint{},
+                                "us-west-2-fips": endpoint{
+                                        Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-2",
+                                        },
+                                },
+                        },
+                },
+                "securityhub": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
                                 "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
@@ -1997,12 +2607,18 @@ var awsPartition = partition{
                                 "eu-central-1": endpoint{
                                         Protocols: []string{"https"},
                                 },
+                                "eu-north-1": endpoint{
+                                        Protocols: []string{"https"},
+                                },
                                 "eu-west-1": endpoint{
                                         Protocols: []string{"https"},
                                 },
                                 "eu-west-2": endpoint{
                                         Protocols: []string{"https"},
                                 },
+                                "eu-west-3": endpoint{
+                                        Protocols: []string{"https"},
+                                },
                                 "sa-east-1": endpoint{
                                         Protocols: []string{"https"},
                                 },
@@ -2030,30 +2646,65 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
                                 "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
-                                "us-east-2":      endpoint{},
-                                "us-west-1":      endpoint{},
-                                "us-west-2":      endpoint{},
+                                "us-east-1-fips": endpoint{
+                                        Hostname: "servicecatalog-fips.us-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
+                                "us-east-2": endpoint{},
+                                "us-east-2-fips": endpoint{
+                                        Hostname: "servicecatalog-fips.us-east-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-2",
+                                        },
+                                },
+                                "us-west-1": endpoint{},
+                                "us-west-1-fips": endpoint{
+                                        Hostname: "servicecatalog-fips.us-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-1",
+                                        },
+                                },
+                                "us-west-2": endpoint{},
+                                "us-west-2-fips": endpoint{
+                                        Hostname: "servicecatalog-fips.us-west-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-2",
+                                        },
+                                },
                         },
                 },
                 "servicediscovery": service{
 
                         Endpoints: endpoints{
-                                "eu-west-1": endpoint{},
-                                "us-east-1": endpoint{},
-                                "us-east-2": endpoint{},
-                                "us-west-1": endpoint{},
-                                "us-west-2": endpoint{},
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
+                                "sa-east-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
+                                "us-west-2":      endpoint{},
                         },
                 },
                 "shield": service{
                         IsRegionalized: boxedFalse,
                         Defaults: endpoint{
-                                SSLCommonName: "Shield.us-east-1.amazonaws.com",
+                                SSLCommonName: "shield.us-east-1.amazonaws.com",
                                 Protocols:     []string{"https"},
                         },
                         Endpoints: endpoints{
@@ -2070,6 +2721,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -2104,6 +2756,7 @@ var awsPartition = partition{
                                 Protocols: []string{"http", "https"},
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -2111,6 +2764,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -2127,6 +2781,7 @@ var awsPartition = partition{
                                 Protocols:     []string{"http", "https"},
                         },
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -2134,6 +2789,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -2173,6 +2829,7 @@ var awsPartition = partition{
                 "ssm": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -2180,6 +2837,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -2193,14 +2851,19 @@ var awsPartition = partition{
                 "states": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
                                 "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
+                                "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
                                 "us-west-1":      endpoint{},
@@ -2217,6 +2880,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -2242,6 +2906,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -2268,6 +2933,12 @@ var awsPartition = partition{
                                 },
                         },
                         Endpoints: endpoints{
+                                "ap-east-1": endpoint{
+                                        Hostname: "sts.ap-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "ap-east-1",
+                                        },
+                                },
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{
                                         Hostname: "sts.ap-northeast-2.amazonaws.com",
@@ -2281,6 +2952,7 @@ var awsPartition = partition{
                                 "aws-global":     endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -2324,6 +2996,7 @@ var awsPartition = partition{
                 "swf": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -2331,6 +3004,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -2344,6 +3018,7 @@ var awsPartition = partition{
                 "tagging": service{
 
                         Endpoints: endpoints{
+                                "ap-east-1":      endpoint{},
                                 "ap-northeast-1": endpoint{},
                                 "ap-northeast-2": endpoint{},
                                 "ap-south-1":     endpoint{},
@@ -2351,6 +3026,7 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
                                 "eu-west-3":      endpoint{},
@@ -2361,15 +3037,54 @@ var awsPartition = partition{
                                 "us-west-2":      endpoint{},
                         },
                 },
+                "transfer": service{
+
+                        Endpoints: endpoints{
+                                "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-south-1":     endpoint{},
+                                "ap-southeast-1": endpoint{},
+                                "ap-southeast-2": endpoint{},
+                                "ca-central-1":   endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-2":      endpoint{},
+                                "us-west-1":      endpoint{},
+                                "us-west-2":      endpoint{},
+                        },
+                },
                 "translate": service{
                         Defaults: endpoint{
                                 Protocols: []string{"https"},
                         },
                         Endpoints: endpoints{
-                                "eu-west-1": endpoint{},
-                                "us-east-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "eu-central-1":   endpoint{},
+                                "eu-west-1":      endpoint{},
+                                "us-east-1":      endpoint{},
+                                "us-east-1-fips": endpoint{
+                                        Hostname: "translate-fips.us-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-1",
+                                        },
+                                },
                                 "us-east-2": endpoint{},
+                                "us-east-2-fips": endpoint{
+                                        Hostname: "translate-fips.us-east-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-east-2",
+                                        },
+                                },
                                 "us-west-2": endpoint{},
+                                "us-west-2-fips": endpoint{
+                                        Hostname: "translate-fips.us-west-2.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-west-2",
+                                        },
+                                },
                         },
                 },
                 "waf": service{
@@ -2389,9 +3104,13 @@ var awsPartition = partition{
 
                         Endpoints: endpoints{
                                 "ap-northeast-1": endpoint{},
+                                "ap-northeast-2": endpoint{},
+                                "ap-southeast-1": endpoint{},
                                 "ap-southeast-2": endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
+                                "eu-west-2":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
                                 "us-west-1":      endpoint{},
@@ -2445,8 +3164,10 @@ var awsPartition = partition{
                                 "ap-southeast-2": endpoint{},
                                 "ca-central-1":   endpoint{},
                                 "eu-central-1":   endpoint{},
+                                "eu-north-1":     endpoint{},
                                 "eu-west-1":      endpoint{},
                                 "eu-west-2":      endpoint{},
+                                "eu-west-3":      endpoint{},
                                 "sa-east-1":      endpoint{},
                                 "us-east-1":      endpoint{},
                                 "us-east-2":      endpoint{},
@@ -2486,6 +3207,23 @@ var awscnPartition = partition{
                 },
         },
         Services: services{
+                "api.ecr": service{
+
+                        Endpoints: endpoints{
+                                "cn-north-1": endpoint{
+                                        Hostname: "api.ecr.cn-north-1.amazonaws.com.cn",
+                                        CredentialScope: credentialScope{
+                                                Region: "cn-north-1",
+                                        },
+                                },
+                                "cn-northwest-1": endpoint{
+                                        Hostname: "api.ecr.cn-northwest-1.amazonaws.com.cn",
+                                        CredentialScope: credentialScope{
+                                                Region: "cn-northwest-1",
+                                        },
+                                },
+                        },
+                },
                 "apigateway": service{
 
                         Endpoints: endpoints{
@@ -2495,7 +3233,7 @@ var awscnPartition = partition{
                 },
                 "application-autoscaling": service{
                         Defaults: endpoint{
-                                Hostname:  "autoscaling.{region}.amazonaws.com",
+                                Hostname:  "autoscaling.{region}.amazonaws.com.cn",
                                 Protocols: []string{"http", "https"},
                                 CredentialScope: credentialScope{
                                         Service: "application-autoscaling",
@@ -2522,6 +3260,20 @@ var awscnPartition = partition{
                                 "cn-northwest-1": endpoint{},
                         },
                 },
+                "cloudfront": service{
+                        PartitionEndpoint: "aws-cn-global",
+                        IsRegionalized:    boxedFalse,
+
+                        Endpoints: endpoints{
+                                "aws-cn-global": endpoint{
+                                        Hostname:  "cloudfront.cn-northwest-1.amazonaws.com.cn",
+                                        Protocols: []string{"http", "https"},
+                                        CredentialScope: credentialScope{
+                                                Region: "cn-northwest-1",
+                                        },
+                                },
+                        },
+                },
                 "cloudtrail": service{
 
                         Endpoints: endpoints{
@@ -2529,6 +3281,13 @@ var awscnPartition = partition{
                                 "cn-northwest-1": endpoint{},
                         },
                 },
+                "codebuild": service{
+
+                        Endpoints: endpoints{
+                                "cn-north-1":     endpoint{},
+                                "cn-northwest-1": endpoint{},
+                        },
+                },
                 "codedeploy": service{
 
                         Endpoints: endpoints{
@@ -2556,6 +3315,13 @@ var awscnPartition = partition{
                                 "cn-northwest-1": endpoint{},
                         },
                 },
+                "dms": service{
+
+                        Endpoints: endpoints{
+                                "cn-north-1":     endpoint{},
+                                "cn-northwest-1": endpoint{},
+                        },
+                },
                 "ds": service{
 
                         Endpoints: endpoints{
@@ -2592,13 +3358,6 @@ var awscnPartition = partition{
                                 },
                         },
                 },
-                "ecr": service{
-
-                        Endpoints: endpoints{
-                                "cn-north-1":     endpoint{},
-                                "cn-northwest-1": endpoint{},
-                        },
-                },
                 "ecs": service{
 
                         Endpoints: endpoints{
@@ -2631,7 +3390,7 @@ var awscnPartition = partition{
                 },
                 "elasticmapreduce": service{
                         Defaults: endpoint{
-                                Protocols: []string{"http", "https"},
+                                Protocols: []string{"https"},
                         },
                         Endpoints: endpoints{
                                 "cn-north-1":     endpoint{},
@@ -2641,6 +3400,7 @@ var awscnPartition = partition{
                 "es": service{
 
                         Endpoints: endpoints{
+                                "cn-north-1":     endpoint{},
                                 "cn-northwest-1": endpoint{},
                         },
                 },
@@ -2651,6 +3411,19 @@ var awscnPartition = partition{
                                 "cn-northwest-1": endpoint{},
                         },
                 },
+                "firehose": service{
+
+                        Endpoints: endpoints{
+                                "cn-north-1":     endpoint{},
+                                "cn-northwest-1": endpoint{},
+                        },
+                },
+                "gamelift": service{
+
+                        Endpoints: endpoints{
+                                "cn-north-1": endpoint{},
+                        },
+                },
                 "glacier": service{
                         Defaults: endpoint{
                                 Protocols: []string{"http", "https"},
@@ -2704,6 +3477,12 @@ var awscnPartition = partition{
                                 "cn-northwest-1": endpoint{},
                         },
                 },
+                "mediaconvert": service{
+
+                        Endpoints: endpoints{
+                                "cn-northwest-1": endpoint{},
+                        },
+                },
                 "monitoring": service{
                         Defaults: endpoint{
                                 Protocols: []string{"http", "https"},
@@ -2713,6 +3492,12 @@ var awscnPartition = partition{
                                 "cn-northwest-1": endpoint{},
                         },
                 },
+                "polly": service{
+
+                        Endpoints: endpoints{
+                                "cn-northwest-1": endpoint{},
+                        },
+                },
                 "rds": service{
 
                         Endpoints: endpoints{
@@ -2737,6 +3522,28 @@ var awscnPartition = partition{
                                 "cn-northwest-1": endpoint{},
                         },
                 },
+                "s3-control": service{
+                        Defaults: endpoint{
+                                Protocols:         []string{"https"},
+                                SignatureVersions: []string{"s3v4"},
+                        },
+                        Endpoints: endpoints{
+                                "cn-north-1": endpoint{
+                                        Hostname:          "s3-control.cn-north-1.amazonaws.com.cn",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "cn-north-1",
+                                        },
+                                },
+                                "cn-northwest-1": endpoint{
+                                        Hostname:          "s3-control.cn-northwest-1.amazonaws.com.cn",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "cn-northwest-1",
+                                        },
+                                },
+                        },
+                },
                 "sms": service{
 
                         Endpoints: endpoints{
@@ -2776,6 +3583,13 @@ var awscnPartition = partition{
                                 "cn-northwest-1": endpoint{},
                         },
                 },
+                "states": service{
+
+                        Endpoints: endpoints{
+                                "cn-north-1":     endpoint{},
+                                "cn-northwest-1": endpoint{},
+                        },
+                },
                 "storagegateway": service{
 
                         Endpoints: endpoints{
@@ -2839,6 +3653,9 @@ var awsusgovPartition = partition{
                 SignatureVersions: []string{"v4"},
         },
         Regions: regions{
+                "us-gov-east-1": region{
+                        Description: "AWS GovCloud (US-East)",
+                },
                 "us-gov-west-1": region{
                         Description: "AWS GovCloud (US)",
                 },
@@ -2847,26 +3664,77 @@ var awsusgovPartition = partition{
                 "acm": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "api.ecr": service{
+
+                        Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{
+                                        Hostname: "api.ecr.us-gov-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-east-1",
+                                        },
+                                },
+                                "us-gov-west-1": endpoint{
+                                        Hostname: "api.ecr.us-gov-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-west-1",
+                                        },
+                                },
+                        },
+                },
+                "api.sagemaker": service{
+
+                        Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "apigateway": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "application-autoscaling": service{
+                        Defaults: endpoint{
+                                Hostname: "autoscaling.{region}.amazonaws.com",
+                                CredentialScope: credentialScope{
+                                        Service: "application-autoscaling",
+                                },
+                        },
+                        Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "athena": service{
+
+                        Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "autoscaling": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{
                                         Protocols: []string{"http", "https"},
                                 },
                         },
                 },
+                "clouddirectory": service{
+
+                        Endpoints: endpoints{
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
                 "cloudformation": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
@@ -2883,42 +3751,81 @@ var awsusgovPartition = partition{
                                 },
                         },
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "cloudtrail": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "codecommit": service{
+
+                        Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "codedeploy": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-east-1-fips": endpoint{
+                                        Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-east-1",
+                                        },
+                                },
+                                "us-gov-west-1": endpoint{},
+                                "us-gov-west-1-fips": endpoint{
+                                        Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-west-1",
+                                        },
+                                },
+                        },
+                },
+                "comprehend": service{
+                        Defaults: endpoint{
+                                Protocols: []string{"https"},
+                        },
+                        Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "config": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "directconnect": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "dms": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "ds": service{
+
+                        Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "dynamodb": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                                 "us-gov-west-1-fips": endpoint{
                                         Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
@@ -2931,6 +3838,7 @@ var awsusgovPartition = partition{
                 "ec2": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
@@ -2945,25 +3853,34 @@ var awsusgovPartition = partition{
                                 },
                         },
                 },
-                "ecr": service{
+                "ecs": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
-                "ecs": service{
+                "elasticache": service{
 
                         Endpoints: endpoints{
+                                "fips": endpoint{
+                                        Hostname: "elasticache-fips.us-gov-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-west-1",
+                                        },
+                                },
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
-                "elasticache": service{
+                "elasticbeanstalk": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
-                "elasticbeanstalk": service{
+                "elasticfilesystem": service{
 
                         Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
@@ -2972,6 +3889,7 @@ var awsusgovPartition = partition{
                 "elasticloadbalancing": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{
                                         Protocols: []string{"http", "https"},
                                 },
@@ -2980,31 +3898,62 @@ var awsusgovPartition = partition{
                 "elasticmapreduce": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{
-                                        Protocols: []string{"http", "https"},
+                                        Protocols: []string{"https"},
                                 },
                         },
                 },
                 "es": service{
 
                         Endpoints: endpoints{
+                                "fips": endpoint{
+                                        Hostname: "es-fips.us-gov-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-west-1",
+                                        },
+                                },
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "events": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "firehose": service{
+
+                        Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "glacier": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{
                                         Protocols: []string{"http", "https"},
                                 },
                         },
                 },
+                "glue": service{
+
+                        Endpoints: endpoints{
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "guardduty": service{
+                        IsRegionalized: boxedTrue,
+                        Defaults: endpoint{
+                                Protocols: []string{"https"},
+                        },
+                        Endpoints: endpoints{
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
                 "iam": service{
                         PartitionEndpoint: "aws-us-gov-global",
                         IsRegionalized:    boxedFalse,
@@ -3021,30 +3970,64 @@ var awsusgovPartition = partition{
                 "inspector": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "iot": service{
+                        Defaults: endpoint{
+                                CredentialScope: credentialScope{
+                                        Service: "execute-api",
+                                },
+                        },
+                        Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "kinesis": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "kms": service{
 
                         Endpoints: endpoints{
+                                "ProdFips": endpoint{
+                                        Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-west-1",
+                                        },
+                                },
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "lambda": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "license-manager": service{
+
+                        Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "logs": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "mediaconvert": service{
+
+                        Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
                         },
                 },
@@ -3061,6 +4044,7 @@ var awsusgovPartition = partition{
                 "monitoring": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
@@ -3073,12 +4057,14 @@ var awsusgovPartition = partition{
                 "rds": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "redshift": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
@@ -3088,6 +4074,12 @@ var awsusgovPartition = partition{
                                 "us-gov-west-1": endpoint{},
                         },
                 },
+                "runtime.sagemaker": service{
+
+                        Endpoints: endpoints{
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
                 "s3": service{
                         Defaults: endpoint{
                                 SignatureVersions: []string{"s3", "s3v4"},
@@ -3099,27 +4091,70 @@ var awsusgovPartition = partition{
                                                 Region: "us-gov-west-1",
                                         },
                                 },
+                                "us-gov-east-1": endpoint{
+                                        Hostname:  "s3.us-gov-east-1.amazonaws.com",
+                                        Protocols: []string{"http", "https"},
+                                },
                                 "us-gov-west-1": endpoint{
                                         Hostname:  "s3.us-gov-west-1.amazonaws.com",
                                         Protocols: []string{"http", "https"},
                                 },
                         },
                 },
+                "s3-control": service{
+                        Defaults: endpoint{
+                                Protocols:         []string{"https"},
+                                SignatureVersions: []string{"s3v4"},
+                        },
+                        Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{
+                                        Hostname:          "s3-control.us-gov-east-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-east-1",
+                                        },
+                                },
+                                "us-gov-east-1-fips": endpoint{
+                                        Hostname:          "s3-control-fips.us-gov-east-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-east-1",
+                                        },
+                                },
+                                "us-gov-west-1": endpoint{
+                                        Hostname:          "s3-control.us-gov-west-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-west-1",
+                                        },
+                                },
+                                "us-gov-west-1-fips": endpoint{
+                                        Hostname:          "s3-control-fips.us-gov-west-1.amazonaws.com",
+                                        SignatureVersions: []string{"s3v4"},
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-west-1",
+                                        },
+                                },
+                        },
+                },
                 "sms": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "snowball": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "sns": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{
                                         Protocols: []string{"http", "https"},
                                 },
@@ -3128,6 +4163,7 @@ var awsusgovPartition = partition{
                 "sqs": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{
                                         SSLCommonName: "{region}.queue.{dnsSuffix}",
                                         Protocols:     []string{"http", "https"},
@@ -3137,6 +4173,14 @@ var awsusgovPartition = partition{
                 "ssm": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "states": service{
+
+                        Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
@@ -3153,6 +4197,7 @@ var awsusgovPartition = partition{
                                 },
                         },
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                                 "us-gov-west-1-fips": endpoint{
                                         Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
@@ -3165,18 +4210,21 @@ var awsusgovPartition = partition{
                 "sts": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "swf": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
                 "tagging": service{
 
                         Endpoints: endpoints{
+                                "us-gov-east-1": endpoint{},
                                 "us-gov-west-1": endpoint{},
                         },
                 },
@@ -3186,6 +4234,24 @@ var awsusgovPartition = partition{
                         },
                         Endpoints: endpoints{
                                 "us-gov-west-1": endpoint{},
+                                "us-gov-west-1-fips": endpoint{
+                                        Hostname: "translate-fips.us-gov-west-1.amazonaws.com",
+                                        CredentialScope: credentialScope{
+                                                Region: "us-gov-west-1",
+                                        },
+                                },
+                        },
+                },
+                "waf-regional": service{
+
+                        Endpoints: endpoints{
+                                "us-gov-west-1": endpoint{},
+                        },
+                },
+                "workspaces": service{
+
+                        Endpoints: endpoints{
+                                "us-gov-west-1": endpoint{},
                         },
                 },
         },
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
new file mode 100644
index 0000000..000dd79
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
@@ -0,0 +1,141 @@
+package endpoints
+
+// Service identifiers
+//
+// Deprecated: Use client package's EndpointID value instead of these
+// ServiceIDs. These IDs are not maintained, and are out of date.
+const (
+        A4bServiceID                          = "a4b"                          // A4b.
+        AcmServiceID                          = "acm"                          // Acm.
+        AcmPcaServiceID                       = "acm-pca"                      // AcmPca.
+        ApiMediatailorServiceID               = "api.mediatailor"              // ApiMediatailor.
+        ApiPricingServiceID                   = "api.pricing"                  // ApiPricing.
+        ApiSagemakerServiceID                 = "api.sagemaker"                // ApiSagemaker.
+        ApigatewayServiceID                   = "apigateway"                   // Apigateway.
+        ApplicationAutoscalingServiceID       = "application-autoscaling"      // ApplicationAutoscaling.
+        Appstream2ServiceID                   = "appstream2"                   // Appstream2.
+        AppsyncServiceID                      = "appsync"                      // Appsync.
+        AthenaServiceID                       = "athena"                       // Athena.
+        AutoscalingServiceID                  = "autoscaling"                  // Autoscaling.
+        AutoscalingPlansServiceID             = "autoscaling-plans"            // AutoscalingPlans.
+        BatchServiceID                        = "batch"                        // Batch.
+        BudgetsServiceID                      = "budgets"                      // Budgets.
+        CeServiceID                           = "ce"                           // Ce.
+        ChimeServiceID                        = "chime"                        // Chime.
+        Cloud9ServiceID                       = "cloud9"                       // Cloud9.
+        ClouddirectoryServiceID               = "clouddirectory"               // Clouddirectory.
+        CloudformationServiceID               = "cloudformation"               // Cloudformation.
+        CloudfrontServiceID                   = "cloudfront"                   // Cloudfront.
+        CloudhsmServiceID                     = "cloudhsm"                     // Cloudhsm.
+        Cloudhsmv2ServiceID                   = "cloudhsmv2"                   // Cloudhsmv2.
+        CloudsearchServiceID                  = "cloudsearch"                  // Cloudsearch.
+        CloudtrailServiceID                   = "cloudtrail"                   // Cloudtrail.
+        CodebuildServiceID                    = "codebuild"                    // Codebuild.
+        CodecommitServiceID                   = "codecommit"                   // Codecommit.
+        CodedeployServiceID                   = "codedeploy"                   // Codedeploy.
+        CodepipelineServiceID                 = "codepipeline"                 // Codepipeline.
+        CodestarServiceID                     = "codestar"                     // Codestar.
+        CognitoIdentityServiceID              = "cognito-identity"             // CognitoIdentity.
+        CognitoIdpServiceID                   = "cognito-idp"                  // CognitoIdp.
+        CognitoSyncServiceID                  = "cognito-sync"                 // CognitoSync.
+        ComprehendServiceID                   = "comprehend"                   // Comprehend.
+        ConfigServiceID                       = "config"                       // Config.
+        CurServiceID                          = "cur"                          // Cur.
+        DatapipelineServiceID                 = "datapipeline"                 // Datapipeline.
+        DaxServiceID                          = "dax"                          // Dax.
+        DevicefarmServiceID                   = "devicefarm"                   // Devicefarm.
+        DirectconnectServiceID                = "directconnect"                // Directconnect.
+        DiscoveryServiceID                    = "discovery"                    // Discovery.
+        DmsServiceID                          = "dms"                          // Dms.
+        DsServiceID                           = "ds"                           // Ds.
+        DynamodbServiceID                     = "dynamodb"                     // Dynamodb.
+        Ec2ServiceID                          = "ec2"                          // Ec2.
+        Ec2metadataServiceID                  = "ec2metadata"                  // Ec2metadata.
+        EcrServiceID                          = "ecr"                          // Ecr.
+        EcsServiceID                          = "ecs"                          // Ecs.
+        ElasticacheServiceID                  = "elasticache"                  // Elasticache.
+        ElasticbeanstalkServiceID             = "elasticbeanstalk"             // Elasticbeanstalk.
+        ElasticfilesystemServiceID            = "elasticfilesystem"            // Elasticfilesystem.
+        ElasticloadbalancingServiceID         = "elasticloadbalancing"         // Elasticloadbalancing.
+        ElasticmapreduceServiceID             = "elasticmapreduce"             // Elasticmapreduce.
+        ElastictranscoderServiceID            = "elastictranscoder"            // Elastictranscoder.
+        EmailServiceID                        = "email"                        // Email.
+        EntitlementMarketplaceServiceID       = "entitlement.marketplace"      // EntitlementMarketplace.
+        EsServiceID                           = "es"                           // Es.
+        EventsServiceID                       = "events"                       // Events.
+        FirehoseServiceID                     = "firehose"                     // Firehose.
+        FmsServiceID                          = "fms"                          // Fms.
+        GameliftServiceID                     = "gamelift"                     // Gamelift.
+        GlacierServiceID                      = "glacier"                      // Glacier.
+        GlueServiceID                         = "glue"                         // Glue.
+        GreengrassServiceID                   = "greengrass"                   // Greengrass.
+        GuarddutyServiceID                    = "guardduty"                    // Guardduty.
+        HealthServiceID                       = "health"                       // Health.
+        IamServiceID                          = "iam"                          // Iam.
+        ImportexportServiceID                 = "importexport"                 // Importexport.
+        InspectorServiceID                    = "inspector"                    // Inspector.
+        IotServiceID                          = "iot"                          // Iot.
+        IotanalyticsServiceID                 = "iotanalytics"                 // Iotanalytics.
+        KinesisServiceID                      = "kinesis"                      // Kinesis.
+        KinesisanalyticsServiceID             = "kinesisanalytics"             // Kinesisanalytics.
+        KinesisvideoServiceID                 = "kinesisvideo"                 // Kinesisvideo.
+        KmsServiceID                          = "kms"                          // Kms.
+        LambdaServiceID                       = "lambda"                       // Lambda.
+        LightsailServiceID                    = "lightsail"                    // Lightsail.
+        LogsServiceID                         = "logs"                         // Logs.
+        MachinelearningServiceID              = "machinelearning"              // Machinelearning.
+        MarketplacecommerceanalyticsServiceID = "marketplacecommerceanalytics" // Marketplacecommerceanalytics.
+        MediaconvertServiceID                 = "mediaconvert"                 // Mediaconvert.
+        MedialiveServiceID                    = "medialive"                    // Medialive.
+        MediapackageServiceID                 = "mediapackage"                 // Mediapackage.
+        MediastoreServiceID                   = "mediastore"                   // Mediastore.
+        MeteringMarketplaceServiceID          = "metering.marketplace"         // MeteringMarketplace.
+        MghServiceID                          = "mgh"                          // Mgh.
+        MobileanalyticsServiceID              = "mobileanalytics"              // Mobileanalytics.
+        ModelsLexServiceID                    = "models.lex"                   // ModelsLex.
+        MonitoringServiceID                   = "monitoring"                   // Monitoring.
+        MturkRequesterServiceID               = "mturk-requester"              // MturkRequester.
+        NeptuneServiceID                      = "neptune"                      // Neptune.
+        OpsworksServiceID                     = "opsworks"                     // Opsworks.
+        OpsworksCmServiceID                   = "opsworks-cm"                  // OpsworksCm.
+        OrganizationsServiceID                = "organizations"                // Organizations.
+        PinpointServiceID                     = "pinpoint"                     // Pinpoint.
+        PollyServiceID                        = "polly"                        // Polly.
+        RdsServiceID                          = "rds"                          // Rds.
+        RedshiftServiceID                     = "redshift"                     // Redshift.
+        RekognitionServiceID                  = "rekognition"                  // Rekognition.
+        ResourceGroupsServiceID               = "resource-groups"              // ResourceGroups.
+        Route53ServiceID                      = "route53"                      // Route53.
+        Route53domainsServiceID               = "route53domains"               // Route53domains.
+        RuntimeLexServiceID                   = "runtime.lex"                  // RuntimeLex.
+        RuntimeSagemakerServiceID             = "runtime.sagemaker"            // RuntimeSagemaker.
+        S3ServiceID                           = "s3"                           // S3.
+        S3ControlServiceID                    = "s3-control"                   // S3Control.
+        SagemakerServiceID                    = "api.sagemaker"                // Sagemaker.
+        SdbServiceID                          = "sdb"                          // Sdb.
+        SecretsmanagerServiceID               = "secretsmanager"               // Secretsmanager.
+        ServerlessrepoServiceID               = "serverlessrepo"               // Serverlessrepo.
+        ServicecatalogServiceID               = "servicecatalog"               // Servicecatalog.
+        ServicediscoveryServiceID             = "servicediscovery"             // Servicediscovery.
+        ShieldServiceID                       = "shield"                       // Shield.
+        SmsServiceID                          = "sms"                          // Sms.
+        SnowballServiceID                     = "snowball"                     // Snowball.
+        SnsServiceID                          = "sns"                          // Sns.
+        SqsServiceID                          = "sqs"                          // Sqs.
+        SsmServiceID                          = "ssm"                          // Ssm.
+        StatesServiceID                       = "states"                       // States.
+        StoragegatewayServiceID               = "storagegateway"               // Storagegateway.
+        StreamsDynamodbServiceID              = "streams.dynamodb"             // StreamsDynamodb.
+        StsServiceID                          = "sts"                          // Sts.
+        SupportServiceID                      = "support"                      // Support.
+        SwfServiceID                          = "swf"                          // Swf.
+        TaggingServiceID                      = "tagging"                      // Tagging.
+        TransferServiceID                     = "transfer"                     // Transfer.
+        TranslateServiceID                    = "translate"                    // Translate.
+        WafServiceID                          = "waf"                          // Waf.
+        WafRegionalServiceID                  = "waf-regional"                 // WafRegional.
+        WorkdocsServiceID                     = "workdocs"                     // Workdocs.
+        WorkmailServiceID                     = "workmail"                     // Workmail.
+        WorkspacesServiceID                   = "workspaces"                   // Workspaces.
+        XrayServiceID                         = "xray"                         // Xray.
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
index e29c095..f82babf 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
@@ -35,7 +35,7 @@ type Options struct {
         //
         // If resolving an endpoint on the partition list the provided region will
         // be used to determine which partition's domain name pattern to the service
-        // endpoint ID with. If both the service and region are unkonwn and resolving
+        // endpoint ID with. If both the service and region are unknown and resolving
         // the endpoint on partition list an UnknownEndpointError error will be returned.
         //
         // If resolving and endpoint on a partition specific resolver that partition's
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
index 05e92df..0fdfcc5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
@@ -16,6 +16,10 @@ import (
 type CodeGenOptions struct {
         // Options for how the model will be decoded.
         DecodeModelOptions DecodeModelOptions
+
+        // Disables code generation of the service endpoint prefix IDs defined in
+        // the model.
+        DisableGenerateServiceIDs bool
 }
 
 // Set combines all of the option functions together
@@ -39,8 +43,16 @@ func CodeGenModel(modelFile io.Reader, outFile io.Writer, optFns ...func(*CodeGe
                 return err
         }
 
+        v := struct {
+                Resolver
+                CodeGenOptions
+        }{
+                Resolver:       resolver,
+                CodeGenOptions: opts,
+        }
+
         tmpl := template.Must(template.New("tmpl").Funcs(funcMap).Parse(v3Tmpl))
-        if err := tmpl.ExecuteTemplate(outFile, "defaults", resolver); err != nil {
+        if err := tmpl.ExecuteTemplate(outFile, "defaults", v); err != nil {
                 return fmt.Errorf("failed to execute template, %v", err)
         }
 
@@ -166,15 +178,17 @@ import (
         "regexp"
 )
 
-        {{ template "partition consts" . }}
+        {{ template "partition consts" $.Resolver }}
 
-        {{ range $_, $partition := . }}
+        {{ range $_, $partition := $.Resolver }}
                 {{ template "partition region consts" $partition }}
         {{ end }}
 
-        {{ template "service consts" . }}
+        {{ if not $.DisableGenerateServiceIDs -}}
+        {{ template "service consts" $.Resolver }}
+        {{- end }}
         
-        {{ template "endpoint resolvers" . }}
+        {{ template "endpoint resolvers" $.Resolver }}
 {{- end }}
 
 {{ define "partition consts" }}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/errors.go b/vendor/github.com/aws/aws-sdk-go/aws/errors.go
index 5766361..fa06f7a 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/errors.go
@@ -5,13 +5,9 @@ import "github.com/aws/aws-sdk-go/aws/awserr"
 var (
         // ErrMissingRegion is an error that is returned if region configuration is
         // not found.
-        //
-        // @readonly
         ErrMissingRegion = awserr.New("MissingRegion", "could not find region configuration", nil)
 
         // ErrMissingEndpoint is an error that is returned if an endpoint cannot be
         // resolved for a service.
-        //
-        // @readonly
         ErrMissingEndpoint = awserr.New("MissingEndpoint", "'Endpoint' configuration is required for this service", nil)
 )
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
index 605a72d..8ef8548 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
@@ -19,6 +19,7 @@ type Handlers struct {
         UnmarshalError   HandlerList
         Retry            HandlerList
         AfterRetry       HandlerList
+        CompleteAttempt  HandlerList
         Complete         HandlerList
 }
 
@@ -36,6 +37,7 @@ func (h *Handlers) Copy() Handlers {
                 UnmarshalMeta:    h.UnmarshalMeta.copy(),
                 Retry:            h.Retry.copy(),
                 AfterRetry:       h.AfterRetry.copy(),
+                CompleteAttempt:  h.CompleteAttempt.copy(),
                 Complete:         h.Complete.copy(),
         }
 }
@@ -53,6 +55,7 @@ func (h *Handlers) Clear() {
         h.ValidateResponse.Clear()
         h.Retry.Clear()
         h.AfterRetry.Clear()
+        h.CompleteAttempt.Clear()
         h.Complete.Clear()
 }
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
index 75f0fe0..8f2eb3e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
@@ -4,7 +4,6 @@ import (
         "bytes"
         "fmt"
         "io"
-        "net"
         "net/http"
         "net/url"
         "reflect"
@@ -122,7 +121,6 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
                 Handlers:   handlers.Copy(),
 
                 Retryer:     retryer,
-                AttemptTime: time.Now(),
                 Time:        time.Now(),
                 ExpireTime:  0,
                 Operation:   operation,
@@ -266,7 +264,9 @@ func (r *Request) SetReaderBody(reader io.ReadSeeker) {
 }
 
 // Presign returns the request's signed URL. Error will be returned
-// if the signing fails.
+// if the signing fails. The expire parameter is only used for presigned Amazon
+// S3 API requests. All other AWS services will use a fixed expiration
+// time of 15 minutes.
 //
 // It is invalid to create a presigned URL with a expire duration 0 or less. An
 // error is returned if expire duration is 0 or less.
@@ -283,7 +283,9 @@ func (r *Request) Presign(expire time.Duration) (string, error) {
 }
 
 // PresignRequest behaves just like presign, with the addition of returning a
-// set of headers that were signed.
+// set of headers that were signed. The expire parameter is only used for
+// presigned Amazon S3 API requests. All other AWS services will use a fixed
+// expiration time of 15 minutes.
 //
 // It is invalid to create a presigned URL with a expire duration 0 or less. An
 // error is returned if expire duration is 0 or less.
@@ -462,80 +464,78 @@ func (r *Request) Send() error {
                 r.Handlers.Complete.Run(r)
         }()
 
+        if err := r.Error; err != nil {
+                return err
+        }
+
         for {
+                r.Error = nil
                 r.AttemptTime = time.Now()
-                if aws.BoolValue(r.Retryable) {
-                        if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
-                                r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
-                                        r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
-                        }
-
-                        // The previous http.Request will have a reference to the r.Body
-                        // and the HTTP Client's Transport may still be reading from
-                        // the request's body even though the Client's Do returned.
-                        r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
-                        r.ResetBody()
-
-                        // Closing response body to ensure that no response body is leaked
-                        // between retry attempts.
-                        if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
-                                r.HTTPResponse.Body.Close()
-                        }
-                }
 
-                r.Sign()
-                if r.Error != nil {
-                        return r.Error
+                if err := r.Sign(); err != nil {
+                        debugLogReqError(r, "Sign Request", false, err)
+                        return err
                 }
 
-                r.Retryable = nil
-
-                r.Handlers.Send.Run(r)
-                if r.Error != nil {
-                        if !shouldRetryCancel(r) {
-                                return r.Error
-                        }
-
-                        err := r.Error
+                if err := r.sendRequest(); err == nil {
+                        return nil
+                } else if !shouldRetryCancel(r.Error) {
+                        return err
+                } else {
                         r.Handlers.Retry.Run(r)
                         r.Handlers.AfterRetry.Run(r)
-                        if r.Error != nil {
-                                debugLogReqError(r, "Send Request", false, err)
-                                return r.Error
-                        }
-                        debugLogReqError(r, "Send Request", true, err)
-                        continue
-                }
-                r.Handlers.UnmarshalMeta.Run(r)
-                r.Handlers.ValidateResponse.Run(r)
-                if r.Error != nil {
-                        r.Handlers.UnmarshalError.Run(r)
-                        err := r.Error
 
-                        r.Handlers.Retry.Run(r)
-                        r.Handlers.AfterRetry.Run(r)
-                        if r.Error != nil {
-                                debugLogReqError(r, "Validate Response", false, err)
+                        if r.Error != nil || !aws.BoolValue(r.Retryable) {
                                 return r.Error
                         }
-                        debugLogReqError(r, "Validate Response", true, err)
-                        continue
-                }
 
-                r.Handlers.Unmarshal.Run(r)
-                if r.Error != nil {
-                        err := r.Error
-                        r.Handlers.Retry.Run(r)
-                        r.Handlers.AfterRetry.Run(r)
-                        if r.Error != nil {
-                                debugLogReqError(r, "Unmarshal Response", false, err)
-                                return r.Error
-                        }
-                        debugLogReqError(r, "Unmarshal Response", true, err)
+                        r.prepareRetry()
                         continue
                 }
+        }
+}
+
+func (r *Request) prepareRetry() {
+        if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
+                r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
+                        r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
+        }
+
+        // The previous http.Request will have a reference to the r.Body
+        // and the HTTP Client's Transport may still be reading from
+        // the request's body even though the Client's Do returned.
+        r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
+        r.ResetBody()
+
+        // Closing response body to ensure that no response body is leaked
+        // between retry attempts.
+        if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
+                r.HTTPResponse.Body.Close()
+        }
+}
+
+func (r *Request) sendRequest() (sendErr error) {
+        defer r.Handlers.CompleteAttempt.Run(r)
+
+        r.Retryable = nil
+        r.Handlers.Send.Run(r)
+        if r.Error != nil {
+                debugLogReqError(r, "Send Request", r.WillRetry(), r.Error)
+                return r.Error
+        }
 
-                break
+        r.Handlers.UnmarshalMeta.Run(r)
+        r.Handlers.ValidateResponse.Run(r)
+        if r.Error != nil {
+                r.Handlers.UnmarshalError.Run(r)
+                debugLogReqError(r, "Validate Response", r.WillRetry(), r.Error)
+                return r.Error
+        }
+
+        r.Handlers.Unmarshal.Run(r)
+        if r.Error != nil {
+                debugLogReqError(r, "Unmarshal Response", r.WillRetry(), r.Error)
+                return r.Error
         }
 
         return nil
@@ -561,30 +561,46 @@ func AddToUserAgent(r *Request, s string) {
         r.HTTPRequest.Header.Set("User-Agent", s)
 }
 
-func shouldRetryCancel(r *Request) bool {
-        awsErr, ok := r.Error.(awserr.Error)
-        timeoutErr := false
-        errStr := r.Error.Error()
-        if ok {
-                if awsErr.Code() == CanceledErrorCode {
+type temporary interface {
+        Temporary() bool
+}
+
+func shouldRetryCancel(err error) bool {
+        switch err := err.(type) {
+        case awserr.Error:
+                if err.Code() == CanceledErrorCode {
                         return false
                 }
-                err := awsErr.OrigErr()
-                netErr, netOK := err.(net.Error)
-                timeoutErr = netOK && netErr.Temporary()
-                if urlErr, ok := err.(*url.Error); !timeoutErr && ok {
-                        errStr = urlErr.Err.Error()
+                return shouldRetryCancel(err.OrigErr())
+        case *url.Error:
+                if strings.Contains(err.Error(), "connection refused") {
+                        // Refused connections should be retried as the service may not yet
+                        // be running on the port. Go TCP dial considers refused
+                        // connections as not temporary.
+                        return true
+                }
+                // *url.Error only implements Temporary after golang 1.6 but since
+                // url.Error only wraps the error:
+                return shouldRetryCancel(err.Err)
+        case temporary:
+                // If the error is temporary, we want to allow continuation of the
+                // retry process
+                return err.Temporary()
+        case nil:
+                // `awserr.Error.OrigErr()` can be nil, meaning there was an error but
+                // because we don't know the cause, it is marked as retriable. See
+                // TestRequest4xxUnretryable for an example.
+                return true
+        default:
+                switch err.Error() {
+                case "net/http: request canceled",
+                        "net/http: request canceled while waiting for connection":
+                        // known 1.5 error case when an http request is cancelled
+                        return false
                 }
+                // here we don't know the error; so we allow a retry.
+                return true
         }
-
-        // There can be two types of canceled errors here.
-        // The first being a net.Error and the other being an error.
-        // If the request was timed out, we want to continue the retry
-        // process. Otherwise, return the canceled error.
-        return timeoutErr ||
-                (errStr != "net/http: request canceled" &&
-                        errStr != "net/http: request canceled while waiting for connection")
-
 }
 
 // SanitizeHostForHeader removes default port from host and updates request.Host
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
index 7d52702..d0aa54c 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
@@ -38,8 +38,10 @@ var throttleCodes = map[string]struct{}{
         "ThrottlingException":                    {},
         "RequestLimitExceeded":                   {},
         "RequestThrottled":                       {},
+        "RequestThrottledException":              {},
         "TooManyRequestsException":               {}, // Lambda functions
         "PriorRequestNotComplete":                {}, // Route53
+        "TransactionInProgressException":         {},
 }
 
 // credsExpiredCodes is a collection of error codes which signify the credentials
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go b/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
index 4012462..8630683 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
@@ -17,6 +17,12 @@ const (
         ParamMinValueErrCode = "ParamMinValueError"
         // ParamMinLenErrCode is the error code for fields without enough elements.
         ParamMinLenErrCode = "ParamMinLenError"
+        // ParamMaxLenErrCode is the error code for value being too long.
+        ParamMaxLenErrCode = "ParamMaxLenError"
+
+        // ParamFormatErrCode is the error code for a field with invalid
+        // format or characters.
+        ParamFormatErrCode = "ParamFormatInvalidError"
 )
 
 // Validator provides a way for types to perform validation logic on their
@@ -232,3 +238,49 @@ func NewErrParamMinLen(field string, min int) *ErrParamMinLen {
 func (e *ErrParamMinLen) MinLen() int {
         return e.min
 }
+
+// An ErrParamMaxLen represents a maximum length parameter error.
+type ErrParamMaxLen struct {
+        errInvalidParam
+        max int
+}
+
+// NewErrParamMaxLen creates a new maximum length parameter error.
+func NewErrParamMaxLen(field string, max int, value string) *ErrParamMaxLen {
+        return &ErrParamMaxLen{
+                errInvalidParam: errInvalidParam{
+                        code:  ParamMaxLenErrCode,
+                        field: field,
+                        msg:   fmt.Sprintf("maximum size of %v, %v", max, value),
+                },
+                max: max,
+        }
+}
+
+// MaxLen returns the field's required minimum length.
+func (e *ErrParamMaxLen) MaxLen() int {
+        return e.max
+}
+
+// An ErrParamFormat represents a invalid format parameter error.
+type ErrParamFormat struct {
+        errInvalidParam
+        format string
+}
+
+// NewErrParamFormat creates a new invalid format parameter error.
+func NewErrParamFormat(field string, format, value string) *ErrParamFormat {
+        return &ErrParamFormat{
+                errInvalidParam: errInvalidParam{
+                        code:  ParamFormatErrCode,
+                        field: field,
+                        msg:   fmt.Sprintf("format %v, %v", format, value),
+                },
+                format: format,
+        }
+}
+
+// Format returns the field's required format.
+func (e *ErrParamFormat) Format() string {
+        return e.format
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go
new file mode 100644
index 0000000..ea9ebb6
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go
@@ -0,0 +1,26 @@
+// +build go1.7
+
+package session
+
+import (
+        "net"
+        "net/http"
+        "time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCABundleTransport() *http.Transport {
+        return &http.Transport{
+                Proxy: http.ProxyFromEnvironment,
+                DialContext: (&net.Dialer{
+                        Timeout:   30 * time.Second,
+                        KeepAlive: 30 * time.Second,
+                        DualStack: true,
+                }).DialContext,
+                MaxIdleConns:          100,
+                IdleConnTimeout:       90 * time.Second,
+                TLSHandshakeTimeout:   10 * time.Second,
+                ExpectContinueTimeout: 1 * time.Second,
+        }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go
new file mode 100644
index 0000000..fec39df
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go
@@ -0,0 +1,22 @@
+// +build !go1.6,go1.5
+
+package session
+
+import (
+        "net"
+        "net/http"
+        "time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCABundleTransport() *http.Transport {
+        return &http.Transport{
+                Proxy: http.ProxyFromEnvironment,
+                Dial: (&net.Dialer{
+                        Timeout:   30 * time.Second,
+                        KeepAlive: 30 * time.Second,
+                }).Dial,
+                TLSHandshakeTimeout: 10 * time.Second,
+        }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go
new file mode 100644
index 0000000..1c5a539
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go
@@ -0,0 +1,23 @@
+// +build !go1.7,go1.6
+
+package session
+
+import (
+        "net"
+        "net/http"
+        "time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCABundleTransport() *http.Transport {
+        return &http.Transport{
+                Proxy: http.ProxyFromEnvironment,
+                Dial: (&net.Dialer{
+                        Timeout:   30 * time.Second,
+                        KeepAlive: 30 * time.Second,
+                }).Dial,
+                TLSHandshakeTimeout:   10 * time.Second,
+                ExpectContinueTimeout: 1 * time.Second,
+        }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
index 98d420f..38a7b05 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
@@ -99,7 +99,7 @@ handler logs every request and its payload made by a service client:
 
         sess.Handlers.Send.PushFront(func(r *request.Request) {
                 // Log every request made and its payload
-                logger.Println("Request: %s/%s, Payload: %s",
+                logger.Printf("Request: %s/%s, Payload: %s",
                         r.ClientInfo.ServiceName, r.Operation, r.Params)
         })
 
@@ -183,7 +183,7 @@ be returned when creating the session.
     // from assumed role.
     svc := s3.New(sess)
 
-To setup assume role outside of a session see the stscrds.AssumeRoleProvider
+To setup assume role outside of a session see the stscreds.AssumeRoleProvider
 documentation.
 
 Environment Variables
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
index 82e04d7..e3959b9 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
@@ -4,6 +4,7 @@ import (
         "os"
         "strconv"
 
+        "github.com/aws/aws-sdk-go/aws"
         "github.com/aws/aws-sdk-go/aws/credentials"
         "github.com/aws/aws-sdk-go/aws/defaults"
 )
@@ -79,7 +80,7 @@ type envConfig struct {
         //      AWS_CONFIG_FILE=$HOME/my_shared_config
         SharedConfigFile string
 
-        // Sets the path to a custom Credentials Authroity (CA) Bundle PEM file
+        // Sets the path to a custom Credentials Authority (CA) Bundle PEM file
         // that the SDK will use instead of the system's root CA bundle.
         // Only use this if you want to configure the SDK to use a custom set
         // of CAs.
@@ -101,6 +102,12 @@ type envConfig struct {
         CSMEnabled  bool
         CSMPort     string
         CSMClientID string
+
+        enableEndpointDiscovery string
+        // Enables endpoint discovery via environment variables.
+        //
+        //      AWS_ENABLE_ENDPOINT_DISCOVERY=true
+        EnableEndpointDiscovery *bool
 }
 
 var (
@@ -125,6 +132,10 @@ var (
                 "AWS_SESSION_TOKEN",
         }
 
+        enableEndpointDiscoveryEnvKey = []string{
+                "AWS_ENABLE_ENDPOINT_DISCOVERY",
+        }
+
         regionEnvKeys = []string{
                 "AWS_REGION",
                 "AWS_DEFAULT_REGION", // Only read if AWS_SDK_LOAD_CONFIG is also set
@@ -194,6 +205,12 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
         setFromEnvVal(&cfg.Region, regionKeys)
         setFromEnvVal(&cfg.Profile, profileKeys)
 
+        // endpoint discovery is in reference to it being enabled.
+        setFromEnvVal(&cfg.enableEndpointDiscovery, enableEndpointDiscoveryEnvKey)
+        if len(cfg.enableEndpointDiscovery) > 0 {
+                cfg.EnableEndpointDiscovery = aws.Bool(cfg.enableEndpointDiscovery != "false")
+        }
+
         setFromEnvVal(&cfg.SharedCredentialsFile, sharedCredsFileEnvKey)
         setFromEnvVal(&cfg.SharedConfigFile, sharedConfigFileEnvKey)
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
index 51f3055..be4b5f0 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
@@ -14,13 +14,32 @@ import (
         "github.com/aws/aws-sdk-go/aws/client"
         "github.com/aws/aws-sdk-go/aws/corehandlers"
         "github.com/aws/aws-sdk-go/aws/credentials"
+        "github.com/aws/aws-sdk-go/aws/credentials/processcreds"
         "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
         "github.com/aws/aws-sdk-go/aws/csm"
         "github.com/aws/aws-sdk-go/aws/defaults"
         "github.com/aws/aws-sdk-go/aws/endpoints"
         "github.com/aws/aws-sdk-go/aws/request"
+        "github.com/aws/aws-sdk-go/internal/shareddefaults"
 )
 
+const (
+        // ErrCodeSharedConfig represents an error that occurs in the shared
+        // configuration logic
+        ErrCodeSharedConfig = "SharedConfigErr"
+)
+
+// ErrSharedConfigSourceCollision will be returned if a section contains both
+// source_profile and credential_source
+var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only source profile or credential source can be specified, not both", nil)
+
+// ErrSharedConfigECSContainerEnvVarEmpty will be returned if the environment
+// variables are empty and Environment was set as the credential source
+var ErrSharedConfigECSContainerEnvVarEmpty = awserr.New(ErrCodeSharedConfig, "EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set", nil)
+
+// ErrSharedConfigInvalidCredSource will be returned if an invalid credential source was provided
+var ErrSharedConfigInvalidCredSource = awserr.New(ErrCodeSharedConfig, "credential source values must be EcsContainer, Ec2InstanceMetadata, or Environment", nil)
+
 // A Session provides a central location to create service clients from and
 // store configurations and request handlers for those services.
 //
@@ -388,7 +407,10 @@ func loadCustomCABundle(s *Session, bundle io.Reader) error {
                 }
         }
         if t == nil {
-                t = &http.Transport{}
+                // Nil transport implies `http.DefaultTransport` should be used. Since
+                // the SDK cannot modify, nor copy the `DefaultTransport` specifying
+                // the values the next closest behavior.
+                t = getCABundleTransport()
         }
 
         p, err := loadCertPool(bundle)
@@ -434,8 +456,67 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
                 }
         }
 
+        if cfg.EnableEndpointDiscovery == nil {
+                if envCfg.EnableEndpointDiscovery != nil {
+                        cfg.WithEndpointDiscovery(*envCfg.EnableEndpointDiscovery)
+                } else if envCfg.EnableSharedConfig && sharedCfg.EnableEndpointDiscovery != nil {
+                        cfg.WithEndpointDiscovery(*sharedCfg.EnableEndpointDiscovery)
+                }
+        }
+
         // Configure credentials if not already set
         if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
+
+                // inspect the profile to see if a credential source has been specified.
+                if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 {
+
+                        // if both credential_source and source_profile have been set, return an error
+                        // as this is undefined behavior.
+                        if len(sharedCfg.AssumeRole.SourceProfile) > 0 {
+                                return ErrSharedConfigSourceCollision
+                        }
+
+                        // valid credential source values
+                        const (
+                                credSourceEc2Metadata  = "Ec2InstanceMetadata"
+                                credSourceEnvironment  = "Environment"
+                                credSourceECSContainer = "EcsContainer"
+                        )
+
+                        switch sharedCfg.AssumeRole.CredentialSource {
+                        case credSourceEc2Metadata:
+                                cfgCp := *cfg
+                                p := defaults.RemoteCredProvider(cfgCp, handlers)
+                                cfgCp.Credentials = credentials.NewCredentials(p)
+
+                                if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
+                                        // AssumeRole Token provider is required if doing Assume Role
+                                        // with MFA.
+                                        return AssumeRoleTokenProviderNotSetError{}
+                                }
+
+                                cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
+                        case credSourceEnvironment:
+                                cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
+                                        envCfg.Creds,
+                                )
+                        case credSourceECSContainer:
+                                if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
+                                        return ErrSharedConfigECSContainerEnvVarEmpty
+                                }
+
+                                cfgCp := *cfg
+                                p := defaults.RemoteCredProvider(cfgCp, handlers)
+                                creds := credentials.NewCredentials(p)
+
+                                cfg.Credentials = creds
+                        default:
+                                return ErrSharedConfigInvalidCredSource
+                        }
+
+                        return nil
+                }
+
                 if len(envCfg.Creds.AccessKeyID) > 0 {
                         cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
                                 envCfg.Creds,
@@ -445,36 +526,22 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
                         cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds(
                                 sharedCfg.AssumeRoleSource.Creds,
                         )
+
                         if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
                                 // AssumeRole Token provider is required if doing Assume Role
                                 // with MFA.
                                 return AssumeRoleTokenProviderNotSetError{}
                         }
-                        cfg.Credentials = stscreds.NewCredentials(
-                                &Session{
-                                        Config:   &cfgCp,
-                                        Handlers: handlers.Copy(),
-                                },
-                                sharedCfg.AssumeRole.RoleARN,
-                                func(opt *stscreds.AssumeRoleProvider) {
-                                        opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName
-
-                                        // Assume role with external ID
-                                        if len(sharedCfg.AssumeRole.ExternalID) > 0 {
-                                                opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID)
-                                        }
-
-                                        // Assume role with MFA
-                                        if len(sharedCfg.AssumeRole.MFASerial) > 0 {
-                                                opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial)
-                                                opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
-                                        }
-                                },
-                        )
+
+                        cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
                 } else if len(sharedCfg.Creds.AccessKeyID) > 0 {
                         cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
                                 sharedCfg.Creds,
                         )
+                } else if len(sharedCfg.CredentialProcess) > 0 {
+                        cfg.Credentials = processcreds.NewCredentials(
+                                sharedCfg.CredentialProcess,
+                        )
                 } else {
                         // Fallback to default credentials provider, include mock errors
                         // for the credential chain so user can identify why credentials
@@ -493,6 +560,30 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
         return nil
 }
 
+func assumeRoleCredentials(cfg aws.Config, handlers request.Handlers, sharedCfg sharedConfig, sessOpts Options) *credentials.Credentials {
+        return stscreds.NewCredentials(
+                &Session{
+                        Config:   &cfg,
+                        Handlers: handlers.Copy(),
+                },
+                sharedCfg.AssumeRole.RoleARN,
+                func(opt *stscreds.AssumeRoleProvider) {
+                        opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName
+
+                        // Assume role with external ID
+                        if len(sharedCfg.AssumeRole.ExternalID) > 0 {
+                                opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID)
+                        }
+
+                        // Assume role with MFA
+                        if len(sharedCfg.AssumeRole.MFASerial) > 0 {
+                                opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial)
+                                opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
+                        }
+                },
+        )
+}
+
 // AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the
 // MFAToken option is not set when shared config is configured load assume a
 // role with an MFA token.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
index 09c8e5b..7cb4402 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
@@ -2,11 +2,11 @@ package session
 
 import (
         "fmt"
-        "io/ioutil"
 
         "github.com/aws/aws-sdk-go/aws/awserr"
         "github.com/aws/aws-sdk-go/aws/credentials"
-        "github.com/go-ini/ini"
+
+        "github.com/aws/aws-sdk-go/internal/ini"
 )
 
 const (
@@ -16,15 +16,21 @@ const (
         sessionTokenKey = `aws_session_token`     // optional
 
         // Assume Role Credentials group
-        roleArnKey         = `role_arn`          // group required
-        sourceProfileKey   = `source_profile`    // group required
-        externalIDKey      = `external_id`       // optional
-        mfaSerialKey       = `mfa_serial`        // optional
-        roleSessionNameKey = `role_session_name` // optional
+        roleArnKey          = `role_arn`          // group required
+        sourceProfileKey    = `source_profile`    // group required (or credential_source)
+        credentialSourceKey = `credential_source` // group required (or source_profile)
+        externalIDKey       = `external_id`       // optional
+        mfaSerialKey        = `mfa_serial`        // optional
+        roleSessionNameKey  = `role_session_name` // optional
 
         // Additional Config fields
         regionKey = `region`
 
+        // endpoint discovery group
+        enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional
+        // External Credential Process
+        credentialProcessKey = `credential_process`
+
         // DefaultSharedConfigProfile is the default profile to be used when
         // loading configuration from the config files if another profile name
         // is not provided.
@@ -32,11 +38,12 @@ const (
 )
 
 type assumeRoleConfig struct {
-        RoleARN         string
-        SourceProfile   string
-        ExternalID      string
-        MFASerial       string
-        RoleSessionName string
+        RoleARN          string
+        SourceProfile    string
+        CredentialSource string
+        ExternalID       string
+        MFASerial        string
+        RoleSessionName  string
 }
 
 // sharedConfig represents the configuration fields of the SDK config files.
@@ -55,16 +62,25 @@ type sharedConfig struct {
         AssumeRole       assumeRoleConfig
         AssumeRoleSource *sharedConfig
 
+        // An external process to request credentials
+        CredentialProcess string
+
         // Region is the region the SDK should use for looking up AWS service endpoints
         // and signing requests.
         //
         //      region
         Region string
+
+        // EnableEndpointDiscovery can be enabled in the shared config by setting
+        // endpoint_discovery_enabled to true
+        //
+        //      endpoint_discovery_enabled = true
+        EnableEndpointDiscovery *bool
 }
 
 type sharedConfigFile struct {
         Filename string
-        IniData  *ini.File
+        IniData  ini.Sections
 }
 
 // loadSharedConfig retrieves the configuration from the list of files
@@ -105,19 +121,16 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
         files := make([]sharedConfigFile, 0, len(filenames))
 
         for _, filename := range filenames {
-                b, err := ioutil.ReadFile(filename)
-                if err != nil {
+                sections, err := ini.OpenFile(filename)
+                if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ini.ErrCodeUnableToReadFile {
                         // Skip files which can't be opened and read for whatever reason
                         continue
-                }
-
-                f, err := ini.Load(b)
-                if err != nil {
+                } else if err != nil {
                         return nil, SharedConfigLoadError{Filename: filename, Err: err}
                 }
 
                 files = append(files, sharedConfigFile{
-                        Filename: filename, IniData: f,
+                        Filename: filename, IniData: sections,
                 })
         }
 
@@ -127,6 +140,13 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
 func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedConfigFile) error {
         var assumeRoleSrc sharedConfig
 
+        if len(cfg.AssumeRole.CredentialSource) > 0 {
+                // setAssumeRoleSource is only called when source_profile is found.
+                // If both source_profile and credential_source are set, then
+                // ErrSharedConfigSourceCollision will be returned
+                return ErrSharedConfigSourceCollision
+        }
+
         // Multiple level assume role chains are not support
         if cfg.AssumeRole.SourceProfile == origProfile {
                 assumeRoleSrc = *cfg
@@ -171,45 +191,59 @@ func (cfg *sharedConfig) setFromIniFiles(profile string, files []sharedConfigFil
 // if a config file only includes aws_access_key_id but no aws_secret_access_key
 // the aws_access_key_id will be ignored.
 func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) error {
-        section, err := file.IniData.GetSection(profile)
-        if err != nil {
+        section, ok := file.IniData.GetSection(profile)
+        if !ok {
                 // Fallback to to alternate profile name: profile <name>
-                section, err = file.IniData.GetSection(fmt.Sprintf("profile %s", profile))
-                if err != nil {
-                        return SharedConfigProfileNotExistsError{Profile: profile, Err: err}
+                section, ok = file.IniData.GetSection(fmt.Sprintf("profile %s", profile))
+                if !ok {
+                        return SharedConfigProfileNotExistsError{Profile: profile, Err: nil}
                 }
         }
 
         // Shared Credentials
-        akid := section.Key(accessKeyIDKey).String()
-        secret := section.Key(secretAccessKey).String()
+        akid := section.String(accessKeyIDKey)
+        secret := section.String(secretAccessKey)
         if len(akid) > 0 && len(secret) > 0 {
                 cfg.Creds = credentials.Value{
                         AccessKeyID:     akid,
                         SecretAccessKey: secret,
-                        SessionToken:    section.Key(sessionTokenKey).String(),
+                        SessionToken:    section.String(sessionTokenKey),
                         ProviderName:    fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
                 }
         }
 
         // Assume Role
-        roleArn := section.Key(roleArnKey).String()
-        srcProfile := section.Key(sourceProfileKey).String()
-        if len(roleArn) > 0 && len(srcProfile) > 0 {
+        roleArn := section.String(roleArnKey)
+        srcProfile := section.String(sourceProfileKey)
+        credentialSource := section.String(credentialSourceKey)
+        hasSource := len(srcProfile) > 0 || len(credentialSource) > 0
+        if len(roleArn) > 0 && hasSource {
                 cfg.AssumeRole = assumeRoleConfig{
-                        RoleARN:         roleArn,
-                        SourceProfile:   srcProfile,
-                        ExternalID:      section.Key(externalIDKey).String(),
-                        MFASerial:       section.Key(mfaSerialKey).String(),
-                        RoleSessionName: section.Key(roleSessionNameKey).String(),
+                        RoleARN:          roleArn,
+                        SourceProfile:    srcProfile,
+                        CredentialSource: credentialSource,
+                        ExternalID:       section.String(externalIDKey),
+                        MFASerial:        section.String(mfaSerialKey),
+                        RoleSessionName:  section.String(roleSessionNameKey),
                 }
         }
 
+        // `credential_process`
+        if credProc := section.String(credentialProcessKey); len(credProc) > 0 {
+                cfg.CredentialProcess = credProc
+        }
+
         // Region
-        if v := section.Key(regionKey).String(); len(v) > 0 {
+        if v := section.String(regionKey); len(v) > 0 {
                 cfg.Region = v
         }
 
+        // Endpoint discovery
+        if section.Has(enableEndpointDiscoveryKey) {
+                v := section.Bool(enableEndpointDiscoveryKey)
+                cfg.EnableEndpointDiscovery = &v
+        }
+
         return nil
 }
 
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
index 8aa0681..523db79 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
@@ -134,6 +134,7 @@ var requiredSignedHeaders = rules{
                         "X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
                         "X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
                         "X-Amz-Storage-Class":                                         struct{}{},
+                        "X-Amz-Tagging":                                               struct{}{},
                         "X-Amz-Website-Redirect-Location":                             struct{}{},
                         "X-Amz-Content-Sha256":                                        struct{}{},
                 },
@@ -181,7 +182,7 @@ type Signer struct {
         // http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
         DisableURIPathEscaping bool
 
-        // Disales the automatical setting of the HTTP request's Body field with the
+        // Disables the automatical setting of the HTTP request's Body field with the
         // io.ReadSeeker passed in to the signer. This is useful if you're using a
         // custom wrapper around the body for the io.ReadSeeker and want to preserve
         // the Body value on the Request.Body.
@@ -421,7 +422,7 @@ var SignRequestHandler = request.NamedHandler{
 // If the credentials of the request's config are set to
 // credentials.AnonymousCredentials the request will not be signed.
 func SignSDKRequest(req *request.Request) {
-        signSDKRequestWithCurrTime(req, time.Now)
+        SignSDKRequestWithCurrentTime(req, time.Now)
 }
 
 // BuildNamedHandler will build a generic handler for signing.
@@ -429,12 +430,15 @@ func BuildNamedHandler(name string, opts ...func(*Signer)) request.NamedHandler
         return request.NamedHandler{
                 Name: name,
                 Fn: func(req *request.Request) {
-                        signSDKRequestWithCurrTime(req, time.Now, opts...)
+                        SignSDKRequestWithCurrentTime(req, time.Now, opts...)
                 },
         }
 }
 
-func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time, opts ...func(*Signer)) {
+// SignSDKRequestWithCurrentTime will sign the SDK's request using the time
+// function passed in. Behaves the same as SignSDKRequest with the exception
+// the request is signed with the value returned by the current time function.
+func SignSDKRequestWithCurrentTime(req *request.Request, curTimeFn func() time.Time, opts ...func(*Signer)) {
         // If the request does not need to be signed ignore the signing of the
         // request if the AnonymousCredentials object is used.
         if req.Config.Credentials == credentials.AnonymousCredentials {
@@ -470,13 +474,9 @@ func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time
                 opt(v4)
         }
 
-        signingTime := req.Time
-        if !req.LastSignedAt.IsZero() {
-                signingTime = req.LastSignedAt
-        }
-
+        curTime := curTimeFn()
         signedHeaders, err := v4.signWithBody(req.HTTPRequest, req.GetBody(),
-                name, region, req.ExpireTime, req.ExpireTime > 0, signingTime,
+                name, region, req.ExpireTime, req.ExpireTime > 0, curTime,
         )
         if err != nil {
                 req.Error = err
@@ -485,7 +485,7 @@ func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time
         }
 
         req.SignedHeaderVals = signedHeaders
-        req.LastSignedAt = curTimeFn()
+        req.LastSignedAt = curTime
 }
 
 const logSignInfoMsg = `DEBUG: Request Signature:
@@ -739,14 +739,22 @@ func makeSha256Reader(reader io.ReadSeeker) []byte {
         start, _ := reader.Seek(0, sdkio.SeekCurrent)
         defer reader.Seek(start, sdkio.SeekStart)
 
-        io.Copy(hash, reader)
+        // Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies
+        // smaller than 32KB. Fall back to io.Copy if we fail to determine the size.
+        size, err := aws.SeekerLen(reader)
+        if err != nil {
+                io.Copy(hash, reader)
+        } else {
+                io.CopyN(hash, reader, size)
+        }
+
         return hash.Sum(nil)
 }
 
 const doubleSpace = "  "
 
 // stripExcessSpaces will rewrite the passed in slice's string values to not
-// contain muliple side-by-side spaces.
+// contain multiple side-by-side spaces.
 func stripExcessSpaces(vals []string) {
         var j, k, l, m, spaces int
         for i, str := range vals {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index c4d155c..15ad9cf 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.14.31"
+const SDKVersion = "1.19.18"
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
new file mode 100644
index 0000000..e83a998
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
@@ -0,0 +1,120 @@
+package ini
+
+// ASTKind represents different states in the parse table
+// and the type of AST that is being constructed
+type ASTKind int
+
+// ASTKind* is used in the parse table to transition between
+// the different states
+const (
+        ASTKindNone = ASTKind(iota)
+        ASTKindStart
+        ASTKindExpr
+        ASTKindEqualExpr
+        ASTKindStatement
+        ASTKindSkipStatement
+        ASTKindExprStatement
+        ASTKindSectionStatement
+        ASTKindNestedSectionStatement
+        ASTKindCompletedNestedSectionStatement
+        ASTKindCommentStatement
+        ASTKindCompletedSectionStatement
+)
+
+func (k ASTKind) String() string {
+        switch k {
+        case ASTKindNone:
+                return "none"
+        case ASTKindStart:
+                return "start"
+        case ASTKindExpr:
+                return "expr"
+        case ASTKindStatement:
+                return "stmt"
+        case ASTKindSectionStatement:
+                return "section_stmt"
+        case ASTKindExprStatement:
+                return "expr_stmt"
+        case ASTKindCommentStatement:
+                return "comment"
+        case ASTKindNestedSectionStatement:
+                return "nested_section_stmt"
+        case ASTKindCompletedSectionStatement:
+                return "completed_stmt"
+        case ASTKindSkipStatement:
+                return "skip"
+        default:
+                return ""
+        }
+}
+
+// AST interface allows us to determine what kind of node we
+// are on and casting may not need to be necessary.
+//
+// The root is always the first node in Children
+type AST struct {
+        Kind      ASTKind
+        Root      Token
+        RootToken bool
+        Children  []AST
+}
+
+func newAST(kind ASTKind, root AST, children ...AST) AST {
+        return AST{
+                Kind:     kind,
+                Children: append([]AST{root}, children...),
+        }
+}
+
+func newASTWithRootToken(kind ASTKind, root Token, children ...AST) AST {
+        return AST{
+                Kind:      kind,
+                Root:      root,
+                RootToken: true,
+                Children:  children,
+        }
+}
+
+// AppendChild will append to the list of children an AST has.
+func (a *AST) AppendChild(child AST) {
+        a.Children = append(a.Children, child)
+}
+
+// GetRoot will return the root AST which can be the first entry
+// in the children list or a token.
+func (a *AST) GetRoot() AST {
+        if a.RootToken {
+                return *a
+        }
+
+        if len(a.Children) == 0 {
+                return AST{}
+        }
+
+        return a.Children[0]
+}
+
+// GetChildren will return the current AST's list of children
+func (a *AST) GetChildren() []AST {
+        if len(a.Children) == 0 {
+                return []AST{}
+        }
+
+        if a.RootToken {
+                return a.Children
+        }
+
+        return a.Children[1:]
+}
+
+// SetChildren will set and override all children of the AST.
+func (a *AST) SetChildren(children []AST) {
+        if a.RootToken {
+                a.Children = children
+        } else {
+                a.Children = append(a.Children[:1], children...)
+        }
+}
+
+// Start is used to indicate the starting state of the parse table.
+var Start = newAST(ASTKindStart, AST{})
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
new file mode 100644
index 0000000..0895d53
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
@@ -0,0 +1,11 @@
+package ini
+
+var commaRunes = []rune(",")
+
+func isComma(b rune) bool {
+        return b == ','
+}
+
+func newCommaToken() Token {
+        return newToken(TokenComma, commaRunes, NoneType)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
new file mode 100644
index 0000000..0b76999
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
@@ -0,0 +1,35 @@
+package ini
+
+// isComment will return whether or not the next byte(s) is a
+// comment.
+func isComment(b []rune) bool {
+        if len(b) == 0 {
+                return false
+        }
+
+        switch b[0] {
+        case ';':
+                return true
+        case '#':
+                return true
+        }
+
+        return false
+}
+
+// newCommentToken will create a comment token and
+// return how many bytes were read.
+func newCommentToken(b []rune) (Token, int, error) {
+        i := 0
+        for ; i < len(b); i++ {
+                if b[i] == '\n' {
+                        break
+                }
+
+                if len(b)-i > 2 && b[i] == '\r' && b[i+1] == '\n' {
+                        break
+                }
+        }
+
+        return newToken(TokenComment, b[:i], NoneType), i, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
new file mode 100644
index 0000000..25ce0fe
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
@@ -0,0 +1,29 @@
+// Package ini is an LL(1) parser for configuration files.
+//
+//      Example:
+//      sections, err := ini.OpenFile("/path/to/file")
+//      if err != nil {
+//              panic(err)
+//      }
+//
+//      profile := "foo"
+//      section, ok := sections.GetSection(profile)
+//      if !ok {
+//              fmt.Printf("section %q could not be found", profile)
+//      }
+//
+// Below is the BNF that describes this parser
+//      Grammar:
+//      stmt -> value stmt'
+//      stmt' -> epsilon | op stmt
+//      value -> number | string | boolean | quoted_string
+//
+//      section -> [ section'
+//      section' -> value section_close
+//      section_close -> ]
+//
+//      SkipState will skip (NL WS)+
+//
+//      comment -> # comment' | ; comment'
+//      comment' -> epsilon | value
+package ini
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
new file mode 100644
index 0000000..04345a5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
@@ -0,0 +1,4 @@
+package ini
+
+// emptyToken is used to satisfy the Token interface
+var emptyToken = newToken(TokenNone, []rune{}, NoneType)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
new file mode 100644
index 0000000..91ba2a5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
@@ -0,0 +1,24 @@
+package ini
+
+// newExpression will return an expression AST.
+// Expr represents an expression
+//
+//      grammar:
+//      expr -> string | number
+func newExpression(tok Token) AST {
+        return newASTWithRootToken(ASTKindExpr, tok)
+}
+
+func newEqualExpr(left AST, tok Token) AST {
+        return newASTWithRootToken(ASTKindEqualExpr, tok, left)
+}
+
+// EqualExprKey will return a LHS value in the equal expr
+func EqualExprKey(ast AST) string {
+        children := ast.GetChildren()
+        if len(children) == 0 || ast.Kind != ASTKindEqualExpr {
+                return ""
+        }
+
+        return string(children[0].Root.Raw())
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
new file mode 100644
index 0000000..8d462f7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
@@ -0,0 +1,17 @@
+// +build gofuzz
+
+package ini
+
+import (
+        "bytes"
+)
+
+func Fuzz(data []byte) int {
+        b := bytes.NewReader(data)
+
+        if _, err := Parse(b); err != nil {
+                return 0
+        }
+
+        return 1
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
new file mode 100644
index 0000000..3b0ca7a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
@@ -0,0 +1,51 @@
+package ini
+
+import (
+        "io"
+        "os"
+
+        "github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// OpenFile takes a path to a given file, and will open  and parse
+// that file.
+func OpenFile(path string) (Sections, error) {
+        f, err := os.Open(path)
+        if err != nil {
+                return Sections{}, awserr.New(ErrCodeUnableToReadFile, "unable to open file", err)
+        }
+        defer f.Close()
+
+        return Parse(f)
+}
+
+// Parse will parse the given file using the shared config
+// visitor.
+func Parse(f io.Reader) (Sections, error) {
+        tree, err := ParseAST(f)
+        if err != nil {
+                return Sections{}, err
+        }
+
+        v := NewDefaultVisitor()
+        if err = Walk(tree, v); err != nil {
+                return Sections{}, err
+        }
+
+        return v.Sections, nil
+}
+
+// ParseBytes will parse the given bytes and return the parsed sections.
+func ParseBytes(b []byte) (Sections, error) {
+        tree, err := ParseASTBytes(b)
+        if err != nil {
+                return Sections{}, err
+        }
+
+        v := NewDefaultVisitor()
+        if err = Walk(tree, v); err != nil {
+                return Sections{}, err
+        }
+
+        return v.Sections, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
new file mode 100644
index 0000000..582c024
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
@@ -0,0 +1,165 @@
+package ini
+
+import (
+        "bytes"
+        "io"
+        "io/ioutil"
+
+        "github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+const (
+        // ErrCodeUnableToReadFile is used when a file is failed to be
+        // opened or read from.
+        ErrCodeUnableToReadFile = "FailedRead"
+)
+
+// TokenType represents the various different tokens types
+type TokenType int
+
+func (t TokenType) String() string {
+        switch t {
+        case TokenNone:
+                return "none"
+        case TokenLit:
+                return "literal"
+        case TokenSep:
+                return "sep"
+        case TokenOp:
+                return "op"
+        case TokenWS:
+                return "ws"
+        case TokenNL:
+                return "newline"
+        case TokenComment:
+                return "comment"
+        case TokenComma:
+                return "comma"
+        default:
+                return ""
+        }
+}
+
+// TokenType enums
+const (
+        TokenNone = TokenType(iota)
+        TokenLit
+        TokenSep
+        TokenComma
+        TokenOp
+        TokenWS
+        TokenNL
+        TokenComment
+)
+
+type iniLexer struct{}
+
+// Tokenize will return a list of tokens during lexical analysis of the
+// io.Reader.
+func (l *iniLexer) Tokenize(r io.Reader) ([]Token, error) {
+        b, err := ioutil.ReadAll(r)
+        if err != nil {
+                return nil, awserr.New(ErrCodeUnableToReadFile, "unable to read file", err)
+        }
+
+        return l.tokenize(b)
+}
+
+func (l *iniLexer) tokenize(b []byte) ([]Token, error) {
+        runes := bytes.Runes(b)
+        var err error
+        n := 0
+        tokenAmount := countTokens(runes)
+        tokens := make([]Token, tokenAmount)
+        count := 0
+
+        for len(runes) > 0 && count < tokenAmount {
+                switch {
+                case isWhitespace(runes[0]):
+                        tokens[count], n, err = newWSToken(runes)
+                case isComma(runes[0]):
+                        tokens[count], n = newCommaToken(), 1
+                case isComment(runes):
+                        tokens[count], n, err = newCommentToken(runes)
+                case isNewline(runes):
+                        tokens[count], n, err = newNewlineToken(runes)
+                case isSep(runes):
+                        tokens[count], n, err = newSepToken(runes)
+                case isOp(runes):
+                        tokens[count], n, err = newOpToken(runes)
+                default:
+                        tokens[count], n, err = newLitToken(runes)
+                }
+
+                if err != nil {
+                        return nil, err
+                }
+
+                count++
+
+                runes = runes[n:]
+        }
+
+        return tokens[:count], nil
+}
+
+func countTokens(runes []rune) int {
+        count, n := 0, 0
+        var err error
+
+        for len(runes) > 0 {
+                switch {
+                case isWhitespace(runes[0]):
+                        _, n, err = newWSToken(runes)
+                case isComma(runes[0]):
+                        _, n = newCommaToken(), 1
+                case isComment(runes):
+                        _, n, err = newCommentToken(runes)
+                case isNewline(runes):
+                        _, n, err = newNewlineToken(runes)
+                case isSep(runes):
+                        _, n, err = newSepToken(runes)
+                case isOp(runes):
+                        _, n, err = newOpToken(runes)
+                default:
+                        _, n, err = newLitToken(runes)
+                }
+
+                if err != nil {
+                        return 0
+                }
+
+                count++
+                runes = runes[n:]
+        }
+
+        return count + 1
+}
+
+// Token indicates a metadata about a given value.
+type Token struct {
+        t         TokenType
+        ValueType ValueType
+        base      int
+        raw       []rune
+}
+
+var emptyValue = Value{}
+
+func newToken(t TokenType, raw []rune, v ValueType) Token {
+        return Token{
+                t:         t,
+                raw:       raw,
+                ValueType: v,
+        }
+}
+
+// Raw return the raw runes that were consumed
+func (tok Token) Raw() []rune {
+        return tok.raw
+}
+
+// Type returns the token type
+func (tok Token) Type() TokenType {
+        return tok.t
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
new file mode 100644
index 0000000..f997033
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
@@ -0,0 +1,347 @@
+package ini
+
+import (
+        "fmt"
+        "io"
+)
+
+// State enums for the parse table
+const (
+        InvalidState = iota
+        // stmt -> value stmt'
+        StatementState
+        // stmt' -> MarkComplete | op stmt
+        StatementPrimeState
+        // value -> number | string | boolean | quoted_string
+        ValueState
+        // section -> [ section'
+        OpenScopeState
+        // section' -> value section_close
+        SectionState
+        // section_close -> ]
+        CloseScopeState
+        // SkipState will skip (NL WS)+
+        SkipState
+        // SkipTokenState will skip any token and push the previous
+        // state onto the stack.
+        SkipTokenState
+        // comment -> # comment' | ; comment'
+        // comment' -> MarkComplete | value
+        CommentState
+        // MarkComplete state will complete statements and move that
+        // to the completed AST list
+        MarkCompleteState
+        // TerminalState signifies that the tokens have been fully parsed
+        TerminalState
+)
+
+// parseTable is a state machine to dictate the grammar above.
+var parseTable = map[ASTKind]map[TokenType]int{
+        ASTKindStart: map[TokenType]int{
+                TokenLit:     StatementState,
+                TokenSep:     OpenScopeState,
+                TokenWS:      SkipTokenState,
+                TokenNL:      SkipTokenState,
+                TokenComment: CommentState,
+                TokenNone:    TerminalState,
+        },
+        ASTKindCommentStatement: map[TokenType]int{
+                TokenLit:     StatementState,
+                TokenSep:     OpenScopeState,
+                TokenWS:      SkipTokenState,
+                TokenNL:      SkipTokenState,
+                TokenComment: CommentState,
+                TokenNone:    MarkCompleteState,
+        },
+        ASTKindExpr: map[TokenType]int{
+                TokenOp:      StatementPrimeState,
+                TokenLit:     ValueState,
+                TokenSep:     OpenScopeState,
+                TokenWS:      ValueState,
+                TokenNL:      SkipState,
+                TokenComment: CommentState,
+                TokenNone:    MarkCompleteState,
+        },
+        ASTKindEqualExpr: map[TokenType]int{
+                TokenLit: ValueState,
+                TokenWS:  SkipTokenState,
+                TokenNL:  SkipState,
+        },
+        ASTKindStatement: map[TokenType]int{
+                TokenLit:     SectionState,
+                TokenSep:     CloseScopeState,
+                TokenWS:      SkipTokenState,
+                TokenNL:      SkipTokenState,
+                TokenComment: CommentState,
+                TokenNone:    MarkCompleteState,
+        },
+        ASTKindExprStatement: map[TokenType]int{
+                TokenLit:     ValueState,
+                TokenSep:     OpenScopeState,
+                TokenOp:      ValueState,
+                TokenWS:      ValueState,
+                TokenNL:      MarkCompleteState,
+                TokenComment: CommentState,
+                TokenNone:    TerminalState,
+                TokenComma:   SkipState,
+        },
+        ASTKindSectionStatement: map[TokenType]int{
+                TokenLit: SectionState,
+                TokenOp:  SectionState,
+                TokenSep: CloseScopeState,
+                TokenWS:  SectionState,
+                TokenNL:  SkipTokenState,
+        },
+        ASTKindCompletedSectionStatement: map[TokenType]int{
+                TokenWS:      SkipTokenState,
+                TokenNL:      SkipTokenState,
+                TokenLit:     StatementState,
+                TokenSep:     OpenScopeState,
+                TokenComment: CommentState,
+                TokenNone:    MarkCompleteState,
+        },
+        ASTKindSkipStatement: map[TokenType]int{
+                TokenLit:     StatementState,
+                TokenSep:     OpenScopeState,
+                TokenWS:      SkipTokenState,
+                TokenNL:      SkipTokenState,
+                TokenComment: CommentState,
+                TokenNone:    TerminalState,
+        },
+}
+
+// ParseAST will parse input from an io.Reader using
+// an LL(1) parser.
+func ParseAST(r io.Reader) ([]AST, error) {
+        lexer := iniLexer{}
+        tokens, err := lexer.Tokenize(r)
+        if err != nil {
+                return []AST{}, err
+        }
+
+        return parse(tokens)
+}
+
+// ParseASTBytes will parse input from a byte slice using
+// an LL(1) parser.
+func ParseASTBytes(b []byte) ([]AST, error) {
+        lexer := iniLexer{}
+        tokens, err := lexer.tokenize(b)
+        if err != nil {
+                return []AST{}, err
+        }
+
+        return parse(tokens)
+}
+
+func parse(tokens []Token) ([]AST, error) {
+        start := Start
+        stack := newParseStack(3, len(tokens))
+
+        stack.Push(start)
+        s := newSkipper()
+
+loop:
+        for stack.Len() > 0 {
+                k := stack.Pop()
+
+                var tok Token
+                if len(tokens) == 0 {
+                        // this occurs when all the tokens have been processed
+                        // but reduction of what's left on the stack needs to
+                        // occur.
+                        tok = emptyToken
+                } else {
+                        tok = tokens[0]
+                }
+
+                step := parseTable[k.Kind][tok.Type()]
+                if s.ShouldSkip(tok) {
+                        // being in a skip state with no tokens will break out of
+                        // the parse loop since there is nothing left to process.
+                        if len(tokens) == 0 {
+                                break loop
+                        }
+
+                        step = SkipTokenState
+                }
+
+                switch step {
+                case TerminalState:
+                        // Finished parsing. Push what should be the last
+                        // statement to the stack. If there is anything left
+                        // on the stack, an error in parsing has occurred.
+                        if k.Kind != ASTKindStart {
+                                stack.MarkComplete(k)
+                        }
+                        break loop
+                case SkipTokenState:
+                        // When skipping a token, the previous state was popped off the stack.
+                        // To maintain the correct state, the previous state will be pushed
+                        // onto the stack.
+                        stack.Push(k)
+                case StatementState:
+                        if k.Kind != ASTKindStart {
+                                stack.MarkComplete(k)
+                        }
+                        expr := newExpression(tok)
+                        stack.Push(expr)
+                case StatementPrimeState:
+                        if tok.Type() != TokenOp {
+                                stack.MarkComplete(k)
+                                continue
+                        }
+
+                        if k.Kind != ASTKindExpr {
+                                return nil, NewParseError(
+                                        fmt.Sprintf("invalid expression: expected Expr type, but found %T type", k),
+                                )
+                        }
+
+                        k = trimSpaces(k)
+                        expr := newEqualExpr(k, tok)
+                        stack.Push(expr)
+                case ValueState:
+                        // ValueState requires the previous state to either be an equal expression
+                        // or an expression statement.
+                        //
+                        // This grammar occurs when the RHS is a number, word, or quoted string.
+                        // equal_expr -> lit op equal_expr'
+                        // equal_expr' -> number | string | quoted_string
+                        // quoted_string -> " quoted_string'
+                        // quoted_string' -> string quoted_string_end
+                        // quoted_string_end -> "
+                        //
+                        // otherwise
+                        // expr_stmt -> equal_expr (expr_stmt')*
+                        // expr_stmt' -> ws S | op S | MarkComplete
+                        // S -> equal_expr' expr_stmt'
+                        switch k.Kind {
+                        case ASTKindEqualExpr:
+                                // assiging a value to some key
+                                k.AppendChild(newExpression(tok))
+                                stack.Push(newExprStatement(k))
+                        case ASTKindExpr:
+                                k.Root.raw = append(k.Root.raw, tok.Raw()...)
+                                stack.Push(k)
+                        case ASTKindExprStatement:
+                                root := k.GetRoot()
+                                children := root.GetChildren()
+                                if len(children) == 0 {
+                                        return nil, NewParseError(
+                                                fmt.Sprintf("invalid expression: AST contains no children %s", k.Kind),
+                                        )
+                                }
+
+                                rhs := children[len(children)-1]
+
+                                if rhs.Root.ValueType != QuotedStringType {
+                                        rhs.Root.ValueType = StringType
+                                        rhs.Root.raw = append(rhs.Root.raw, tok.Raw()...)
+
+                                }
+
+                                children[len(children)-1] = rhs
+                                k.SetChildren(children)
+
+                                stack.Push(k)
+                        }
+                case OpenScopeState:
+                        if !runeCompare(tok.Raw(), openBrace) {
+                                return nil, NewParseError("expected '['")
+                        }
+
+                        stmt := newStatement()
+                        stack.Push(stmt)
+                case CloseScopeState:
+                        if !runeCompare(tok.Raw(), closeBrace) {
+                                return nil, NewParseError("expected ']'")
+                        }
+
+                        k = trimSpaces(k)
+                        stack.Push(newCompletedSectionStatement(k))
+                case SectionState:
+                        var stmt AST
+
+                        switch k.Kind {
+                        case ASTKindStatement:
+                                // If there are multiple literals inside of a scope declaration,
+                                // then the current token's raw value will be appended to the Name.
+                                //
+                                // This handles cases like [ profile default ]
+                                //
+                                // k will represent a SectionStatement with the children representing
+                                // the label of the section
+                                stmt = newSectionStatement(tok)
+                        case ASTKindSectionStatement:
+                                k.Root.raw = append(k.Root.raw, tok.Raw()...)
+                                stmt = k
+                        default:
+                                return nil, NewParseError(
+                                        fmt.Sprintf("invalid statement: expected statement: %v", k.Kind),
+                                )
+                        }
+
+                        stack.Push(stmt)
+                case MarkCompleteState:
+                        if k.Kind != ASTKindStart {
+                                stack.MarkComplete(k)
+                        }
+
+                        if stack.Len() == 0 {
+                                stack.Push(start)
+                        }
+                case SkipState:
+                        stack.Push(newSkipStatement(k))
+                        s.Skip()
+                case CommentState:
+                        if k.Kind == ASTKindStart {
+                                stack.Push(k)
+                        } else {
+                                stack.MarkComplete(k)
+                        }
+
+                        stmt := newCommentStatement(tok)
+                        stack.Push(stmt)
+                default:
+                        return nil, NewParseError(fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", k, tok))
+                }
+
+                if len(tokens) > 0 {
+                        tokens = tokens[1:]
+                }
+        }
+
+        // this occurs when a statement has not been completed
+        if stack.top > 1 {
+                return nil, NewParseError(fmt.Sprintf("incomplete expression: %v", stack.container))
+        }
+
+        // returns a sublist which excludes the start symbol
+        return stack.List(), nil
+}
+
+// trimSpaces will trim spaces on the left and right hand side of
+// the literal.
+func trimSpaces(k AST) AST {
+        // trim left hand side of spaces
+        for i := 0; i < len(k.Root.raw); i++ {
+                if !isWhitespace(k.Root.raw[i]) {
+                        break
+                }
+
+                k.Root.raw = k.Root.raw[1:]
+                i--
+        }
+
+        // trim right hand side of spaces
+        for i := len(k.Root.raw) - 1; i >= 0; i-- {
+                if !isWhitespace(k.Root.raw[i]) {
+                        break
+                }
+
+                k.Root.raw = k.Root.raw[:len(k.Root.raw)-1]
+        }
+
+        return k
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
new file mode 100644
index 0000000..24df543
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
@@ -0,0 +1,324 @@
+package ini
+
+import (
+        "fmt"
+        "strconv"
+        "strings"
+)
+
+var (
+        runesTrue  = []rune("true")
+        runesFalse = []rune("false")
+)
+
+var literalValues = [][]rune{
+        runesTrue,
+        runesFalse,
+}
+
+func isBoolValue(b []rune) bool {
+        for _, lv := range literalValues {
+                if isLitValue(lv, b) {
+                        return true
+                }
+        }
+        return false
+}
+
+func isLitValue(want, have []rune) bool {
+        if len(have) < len(want) {
+                return false
+        }
+
+        for i := 0; i < len(want); i++ {
+                if want[i] != have[i] {
+                        return false
+                }
+        }
+
+        return true
+}
+
+// isNumberValue will return whether not the leading characters in
+// a byte slice is a number. A number is delimited by whitespace or
+// the newline token.
+//
+// A number is defined to be in a binary, octal, decimal (int | float), hex format,
+// or in scientific notation.
+func isNumberValue(b []rune) bool {
+        negativeIndex := 0
+        helper := numberHelper{}
+        needDigit := false
+
+        for i := 0; i < len(b); i++ {
+                negativeIndex++
+
+                switch b[i] {
+                case '-':
+                        if helper.IsNegative() || negativeIndex != 1 {
+                                return false
+                        }
+                        helper.Determine(b[i])
+                        needDigit = true
+                        continue
+                case 'e', 'E':
+                        if err := helper.Determine(b[i]); err != nil {
+                                return false
+                        }
+                        negativeIndex = 0
+                        needDigit = true
+                        continue
+                case 'b':
+                        if helper.numberFormat == hex {
+                                break
+                        }
+                        fallthrough
+                case 'o', 'x':
+                        needDigit = true
+                        if i == 0 {
+                                return false
+                        }
+
+                        fallthrough
+                case '.':
+                        if err := helper.Determine(b[i]); err != nil {
+                                return false
+                        }
+                        needDigit = true
+                        continue
+                }
+
+                if i > 0 && (isNewline(b[i:]) || isWhitespace(b[i])) {
+                        return !needDigit
+                }
+
+                if !helper.CorrectByte(b[i]) {
+                        return false
+                }
+                needDigit = false
+        }
+
+        return !needDigit
+}
+
+func isValid(b []rune) (bool, int, error) {
+        if len(b) == 0 {
+                // TODO: should probably return an error
+                return false, 0, nil
+        }
+
+        return isValidRune(b[0]), 1, nil
+}
+
+func isValidRune(r rune) bool {
+        return r != ':' && r != '=' && r != '[' && r != ']' && r != ' ' && r != '\n'
+}
+
+// ValueType is an enum that will signify what type
+// the Value is
+type ValueType int
+
+func (v ValueType) String() string {
+        switch v {
+        case NoneType:
+                return "NONE"
+        case DecimalType:
+                return "FLOAT"
+        case IntegerType:
+                return "INT"
+        case StringType:
+                return "STRING"
+        case BoolType:
+                return "BOOL"
+        }
+
+        return ""
+}
+
+// ValueType enums
+const (
+        NoneType = ValueType(iota)
+        DecimalType
+        IntegerType
+        StringType
+        QuotedStringType
+        BoolType
+)
+
+// Value is a union container
+type Value struct {
+        Type ValueType
+        raw  []rune
+
+        integer int64
+        decimal float64
+        boolean bool
+        str     string
+}
+
+func newValue(t ValueType, base int, raw []rune) (Value, error) {
+        v := Value{
+                Type: t,
+                raw:  raw,
+        }
+        var err error
+
+        switch t {
+        case DecimalType:
+                v.decimal, err = strconv.ParseFloat(string(raw), 64)
+        case IntegerType:
+                if base != 10 {
+                        raw = raw[2:]
+                }
+
+                v.integer, err = strconv.ParseInt(string(raw), base, 64)
+        case StringType:
+                v.str = string(raw)
+        case QuotedStringType:
+                v.str = string(raw[1 : len(raw)-1])
+        case BoolType:
+                v.boolean = runeCompare(v.raw, runesTrue)
+        }
+
+        // issue 2253
+        //
+        // if the value trying to be parsed is too large, then we will use
+        // the 'StringType' and raw value instead.
+        if nerr, ok := err.(*strconv.NumError); ok && nerr.Err == strconv.ErrRange {
+                v.Type = StringType
+                v.str = string(raw)
+                err = nil
+        }
+
+        return v, err
+}
+
+// Append will append values and change the type to a string
+// type.
+func (v *Value) Append(tok Token) {
+        r := tok.Raw()
+        if v.Type != QuotedStringType {
+                v.Type = StringType
+                r = tok.raw[1 : len(tok.raw)-1]
+        }
+        if tok.Type() != TokenLit {
+                v.raw = append(v.raw, tok.Raw()...)
+        } else {
+                v.raw = append(v.raw, r...)
+        }
+}
+
+func (v Value) String() string {
+        switch v.Type {
+        case DecimalType:
+                return fmt.Sprintf("decimal: %f", v.decimal)
+        case IntegerType:
+                return fmt.Sprintf("integer: %d", v.integer)
+        case StringType:
+                return fmt.Sprintf("string: %s", string(v.raw))
+        case QuotedStringType:
+                return fmt.Sprintf("quoted string: %s", string(v.raw))
+        case BoolType:
+                return fmt.Sprintf("bool: %t", v.boolean)
+        default:
+                return "union not set"
+        }
+}
+
+func newLitToken(b []rune) (Token, int, error) {
+        n := 0
+        var err error
+
+        token := Token{}
+        if b[0] == '"' {
+                n, err = getStringValue(b)
+                if err != nil {
+                        return token, n, err
+                }
+
+                token = newToken(TokenLit, b[:n], QuotedStringType)
+        } else if isNumberValue(b) {
+                var base int
+                base, n, err = getNumericalValue(b)
+                if err != nil {
+                        return token, 0, err
+                }
+
+                value := b[:n]
+                vType := IntegerType
+                if contains(value, '.') || hasExponent(value) {
+                        vType = DecimalType
+                }
+                token = newToken(TokenLit, value, vType)
+                token.base = base
+        } else if isBoolValue(b) {
+                n, err = getBoolValue(b)
+
+                token = newToken(TokenLit, b[:n], BoolType)
+        } else {
+                n, err = getValue(b)
+                token = newToken(TokenLit, b[:n], StringType)
+        }
+
+        return token, n, err
+}
+
+// IntValue returns an integer value
+func (v Value) IntValue() int64 {
+        return v.integer
+}
+
+// FloatValue returns a float value
+func (v Value) FloatValue() float64 {
+        return v.decimal
+}
+
+// BoolValue returns a bool value
+func (v Value) BoolValue() bool {
+        return v.boolean
+}
+
+func isTrimmable(r rune) bool {
+        switch r {
+        case '\n', ' ':
+                return true
+        }
+        return false
+}
+
+// StringValue returns the string value
+func (v Value) StringValue() string {
+        switch v.Type {
+        case StringType:
+                return strings.TrimFunc(string(v.raw), isTrimmable)
+        case QuotedStringType:
+                // preserve all characters in the quotes
+                return string(removeEscapedCharacters(v.raw[1 : len(v.raw)-1]))
+        default:
+                return strings.TrimFunc(string(v.raw), isTrimmable)
+        }
+}
+
+func contains(runes []rune, c rune) bool {
+        for i := 0; i < len(runes); i++ {
+                if runes[i] == c {
+                        return true
+                }
+        }
+
+        return false
+}
+
+func runeCompare(v1 []rune, v2 []rune) bool {
+        if len(v1) != len(v2) {
+                return false
+        }
+
+        for i := 0; i < len(v1); i++ {
+                if v1[i] != v2[i] {
+                        return false
+                }
+        }
+
+        return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
new file mode 100644
index 0000000..e52ac39
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
@@ -0,0 +1,30 @@
+package ini
+
+func isNewline(b []rune) bool {
+        if len(b) == 0 {
+                return false
+        }
+
+        if b[0] == '\n' {
+                return true
+        }
+
+        if len(b) < 2 {
+                return false
+        }
+
+        return b[0] == '\r' && b[1] == '\n'
+}
+
+func newNewlineToken(b []rune) (Token, int, error) {
+        i := 1
+        if b[0] == '\r' && isNewline(b[1:]) {
+                i++
+        }
+
+        if !isNewline([]rune(b[:i])) {
+                return emptyToken, 0, NewParseError("invalid new line token")
+        }
+
+        return newToken(TokenNL, b[:i], NoneType), i, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
new file mode 100644
index 0000000..a45c0bc
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
@@ -0,0 +1,152 @@
+package ini
+
+import (
+        "bytes"
+        "fmt"
+        "strconv"
+)
+
+const (
+        none = numberFormat(iota)
+        binary
+        octal
+        decimal
+        hex
+        exponent
+)
+
+type numberFormat int
+
+// numberHelper is used to dictate what format a number is in
+// and what to do for negative values. Since -1e-4 is a valid
+// number, we cannot just simply check for duplicate negatives.
+type numberHelper struct {
+        numberFormat numberFormat
+
+        negative         bool
+        negativeExponent bool
+}
+
+func (b numberHelper) Exists() bool {
+        return b.numberFormat != none
+}
+
+func (b numberHelper) IsNegative() bool {
+        return b.negative || b.negativeExponent
+}
+
+func (b *numberHelper) Determine(c rune) error {
+        if b.Exists() {
+                return NewParseError(fmt.Sprintf("multiple number formats: 0%v", string(c)))
+        }
+
+        switch c {
+        case 'b':
+                b.numberFormat = binary
+        case 'o':
+                b.numberFormat = octal
+        case 'x':
+                b.numberFormat = hex
+        case 'e', 'E':
+                b.numberFormat = exponent
+        case '-':
+                if b.numberFormat != exponent {
+                        b.negative = true
+                } else {
+                        b.negativeExponent = true
+                }
+        case '.':
+                b.numberFormat = decimal
+        default:
+                return NewParseError(fmt.Sprintf("invalid number character: %v", string(c)))
+        }
+
+        return nil
+}
+
+func (b numberHelper) CorrectByte(c rune) bool {
+        switch {
+        case b.numberFormat == binary:
+                if !isBinaryByte(c) {
+                        return false
+                }
+        case b.numberFormat == octal:
+                if !isOctalByte(c) {
+                        return false
+                }
+        case b.numberFormat == hex:
+                if !isHexByte(c) {
+                        return false
+                }
+        case b.numberFormat == decimal:
+                if !isDigit(c) {
+                        return false
+                }
+        case b.numberFormat == exponent:
+                if !isDigit(c) {
+                        return false
+                }
+        case b.negativeExponent:
+                if !isDigit(c) {
+                        return false
+                }
+        case b.negative:
+                if !isDigit(c) {
+                        return false
+                }
+        default:
+                if !isDigit(c) {
+                        return false
+                }
+        }
+
+        return true
+}
+
+func (b numberHelper) Base() int {
+        switch b.numberFormat {
+        case binary:
+                return 2
+        case octal:
+                return 8
+        case hex:
+                return 16
+        default:
+                return 10
+        }
+}
+
+func (b numberHelper) String() string {
+        buf := bytes.Buffer{}
+        i := 0
+
+        switch b.numberFormat {
+        case binary:
+                i++
+                buf.WriteString(strconv.Itoa(i) + ": binary format\n")
+        case octal:
+                i++
+                buf.WriteString(strconv.Itoa(i) + ": octal format\n")
+        case hex:
+                i++
+                buf.WriteString(strconv.Itoa(i) + ": hex format\n")
+        case exponent:
+                i++
+                buf.WriteString(strconv.Itoa(i) + ": exponent format\n")
+        default:
+                i++
+                buf.WriteString(strconv.Itoa(i) + ": integer format\n")
+        }
+
+        if b.negative {
+                i++
+                buf.WriteString(strconv.Itoa(i) + ": negative format\n")
+        }
+
+        if b.negativeExponent {
+                i++
+                buf.WriteString(strconv.Itoa(i) + ": negative exponent format\n")
+        }
+
+        return buf.String()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
new file mode 100644
index 0000000..8a84c7c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
@@ -0,0 +1,39 @@
+package ini
+
+import (
+        "fmt"
+)
+
+var (
+        equalOp      = []rune("=")
+        equalColonOp = []rune(":")
+)
+
+func isOp(b []rune) bool {
+        if len(b) == 0 {
+                return false
+        }
+
+        switch b[0] {
+        case '=':
+                return true
+        case ':':
+                return true
+        default:
+                return false
+        }
+}
+
+func newOpToken(b []rune) (Token, int, error) {
+        tok := Token{}
+
+        switch b[0] {
+        case '=':
+                tok = newToken(TokenOp, equalOp, NoneType)
+        case ':':
+                tok = newToken(TokenOp, equalColonOp, NoneType)
+        default:
+                return tok, 0, NewParseError(fmt.Sprintf("unexpected op type, %v", b[0]))
+        }
+        return tok, 1, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
new file mode 100644
index 0000000..4572870
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
@@ -0,0 +1,43 @@
+package ini
+
+import "fmt"
+
+const (
+        // ErrCodeParseError is returned when a parsing error
+        // has occurred.
+        ErrCodeParseError = "INIParseError"
+)
+
+// ParseError is an error which is returned during any part of
+// the parsing process.
+type ParseError struct {
+        msg string
+}
+
+// NewParseError will return a new ParseError where message
+// is the description of the error.
+func NewParseError(message string) *ParseError {
+        return &ParseError{
+                msg: message,
+        }
+}
+
+// Code will return the ErrCodeParseError
+func (err *ParseError) Code() string {
+        return ErrCodeParseError
+}
+
+// Message returns the error's message
+func (err *ParseError) Message() string {
+        return err.msg
+}
+
+// OrigError return nothing since there will never be any
+// original error.
+func (err *ParseError) OrigError() error {
+        return nil
+}
+
+func (err *ParseError) Error() string {
+        return fmt.Sprintf("%s: %s", err.Code(), err.Message())
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
new file mode 100644
index 0000000..7f01cf7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
@@ -0,0 +1,60 @@
+package ini
+
+import (
+        "bytes"
+        "fmt"
+)
+
+// ParseStack is a stack that contains a container, the stack portion,
+// and the list which is the list of ASTs that have been successfully
+// parsed.
+type ParseStack struct {
+        top       int
+        container []AST
+        list      []AST
+        index     int
+}
+
+func newParseStack(sizeContainer, sizeList int) ParseStack {
+        return ParseStack{
+                container: make([]AST, sizeContainer),
+                list:      make([]AST, sizeList),
+        }
+}
+
+// Pop will return and truncate the last container element.
+func (s *ParseStack) Pop() AST {
+        s.top--
+        return s.container[s.top]
+}
+
+// Push will add the new AST to the container
+func (s *ParseStack) Push(ast AST) {
+        s.container[s.top] = ast
+        s.top++
+}
+
+// MarkComplete will append the AST to the list of completed statements
+func (s *ParseStack) MarkComplete(ast AST) {
+        s.list[s.index] = ast
+        s.index++
+}
+
+// List will return the completed statements
+func (s ParseStack) List() []AST {
+        return s.list[:s.index]
+}
+
+// Len will return the length of the container
+func (s *ParseStack) Len() int {
+        return s.top
+}
+
+func (s ParseStack) String() string {
+        buf := bytes.Buffer{}
+        for i, node := range s.list {
+                buf.WriteString(fmt.Sprintf("%d: %v\n", i+1, node))
+        }
+
+        return buf.String()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
new file mode 100644
index 0000000..f82095b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
@@ -0,0 +1,41 @@
+package ini
+
+import (
+        "fmt"
+)
+
+var (
+        emptyRunes = []rune{}
+)
+
+func isSep(b []rune) bool {
+        if len(b) == 0 {
+                return false
+        }
+
+        switch b[0] {
+        case '[', ']':
+                return true
+        default:
+                return false
+        }
+}
+
+var (
+        openBrace  = []rune("[")
+        closeBrace = []rune("]")
+)
+
+func newSepToken(b []rune) (Token, int, error) {
+        tok := Token{}
+
+        switch b[0] {
+        case '[':
+                tok = newToken(TokenSep, openBrace, NoneType)
+        case ']':
+                tok = newToken(TokenSep, closeBrace, NoneType)
+        default:
+                return tok, 0, NewParseError(fmt.Sprintf("unexpected sep type, %v", b[0]))
+        }
+        return tok, 1, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
new file mode 100644
index 0000000..6bb6964
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
@@ -0,0 +1,45 @@
+package ini
+
+// skipper is used to skip certain blocks of an ini file.
+// Currently skipper is used to skip nested blocks of ini
+// files. See example below
+//
+//      [ foo ]
+//      nested = ; this section will be skipped
+//              a=b
+//              c=d
+//      bar=baz ; this will be included
+type skipper struct {
+        shouldSkip bool
+        TokenSet   bool
+        prevTok    Token
+}
+
+func newSkipper() skipper {
+        return skipper{
+                prevTok: emptyToken,
+        }
+}
+
+func (s *skipper) ShouldSkip(tok Token) bool {
+        if s.shouldSkip &&
+                s.prevTok.Type() == TokenNL &&
+                tok.Type() != TokenWS {
+
+                s.Continue()
+                return false
+        }
+        s.prevTok = tok
+
+        return s.shouldSkip
+}
+
+func (s *skipper) Skip() {
+        s.shouldSkip = true
+        s.prevTok = emptyToken
+}
+
+func (s *skipper) Continue() {
+        s.shouldSkip = false
+        s.prevTok = emptyToken
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
new file mode 100644
index 0000000..18f3fe8
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
@@ -0,0 +1,35 @@
+package ini
+
+// Statement is an empty AST mostly used for transitioning states.
+func newStatement() AST {
+        return newAST(ASTKindStatement, AST{})
+}
+
+// SectionStatement represents a section AST
+func newSectionStatement(tok Token) AST {
+        return newASTWithRootToken(ASTKindSectionStatement, tok)
+}
+
+// ExprStatement represents a completed expression AST
+func newExprStatement(ast AST) AST {
+        return newAST(ASTKindExprStatement, ast)
+}
+
+// CommentStatement represents a comment in the ini definition.
+//
+//      grammar:
+//      comment -> #comment' | ;comment'
+//      comment' -> epsilon | value
+func newCommentStatement(tok Token) AST {
+        return newAST(ASTKindCommentStatement, newExpression(tok))
+}
+
+// CompletedSectionStatement represents a completed section
+func newCompletedSectionStatement(ast AST) AST {
+        return newAST(ASTKindCompletedSectionStatement, ast)
+}
+
+// SkipStatement is used to skip whole statements
+func newSkipStatement(ast AST) AST {
+        return newAST(ASTKindSkipStatement, ast)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
new file mode 100644
index 0000000..305999d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
@@ -0,0 +1,284 @@
+package ini
+
+import (
+        "fmt"
+)
+
+// getStringValue will return a quoted string and the amount
+// of bytes read
+//
+// an error will be returned if the string is not properly formatted
+func getStringValue(b []rune) (int, error) {
+        if b[0] != '"' {
+                return 0, NewParseError("strings must start with '\"'")
+        }
+
+        endQuote := false
+        i := 1
+
+        for ; i < len(b) && !endQuote; i++ {
+                if escaped := isEscaped(b[:i], b[i]); b[i] == '"' && !escaped {
+                        endQuote = true
+                        break
+                } else if escaped {
+                        /*c, err := getEscapedByte(b[i])
+                        if err != nil {
+                                return 0, err
+                        }
+
+                        b[i-1] = c
+                        b = append(b[:i], b[i+1:]...)
+                        i--*/
+
+                        continue
+                }
+        }
+
+        if !endQuote {
+                return 0, NewParseError("missing '\"' in string value")
+        }
+
+        return i + 1, nil
+}
+
+// getBoolValue will return a boolean and the amount
+// of bytes read
+//
+// an error will be returned if the boolean is not of a correct
+// value
+func getBoolValue(b []rune) (int, error) {
+        if len(b) < 4 {
+                return 0, NewParseError("invalid boolean value")
+        }
+
+        n := 0
+        for _, lv := range literalValues {
+                if len(lv) > len(b) {
+                        continue
+                }
+
+                if isLitValue(lv, b) {
+                        n = len(lv)
+                }
+        }
+
+        if n == 0 {
+                return 0, NewParseError("invalid boolean value")
+        }
+
+        return n, nil
+}
+
+// getNumericalValue will return a numerical string, the amount
+// of bytes read, and the base of the number
+//
+// an error will be returned if the number is not of a correct
+// value
+func getNumericalValue(b []rune) (int, int, error) {
+        if !isDigit(b[0]) {
+                return 0, 0, NewParseError("invalid digit value")
+        }
+
+        i := 0
+        helper := numberHelper{}
+
+loop:
+        for negativeIndex := 0; i < len(b); i++ {
+                negativeIndex++
+
+                if !isDigit(b[i]) {
+                        switch b[i] {
+                        case '-':
+                                if helper.IsNegative() || negativeIndex != 1 {
+                                        return 0, 0, NewParseError("parse error '-'")
+                                }
+
+                                n := getNegativeNumber(b[i:])
+                                i += (n - 1)
+                                helper.Determine(b[i])
+                                continue
+                        case '.':
+                                if err := helper.Determine(b[i]); err != nil {
+                                        return 0, 0, err
+                                }
+                        case 'e', 'E':
+                                if err := helper.Determine(b[i]); err != nil {
+                                        return 0, 0, err
+                                }
+
+                                negativeIndex = 0
+                        case 'b':
+                                if helper.numberFormat == hex {
+                                        break
+                                }
+                                fallthrough
+                        case 'o', 'x':
+                                if i == 0 && b[i] != '0' {
+                                        return 0, 0, NewParseError("incorrect base format, expected leading '0'")
+                                }
+
+                                if i != 1 {
+                                        return 0, 0, NewParseError(fmt.Sprintf("incorrect base format found %s at %d index", string(b[i]), i))
+                                }
+
+                                if err := helper.Determine(b[i]); err != nil {
+                                        return 0, 0, err
+                                }
+                        default:
+                                if isWhitespace(b[i]) {
+                                        break loop
+                                }
+
+                                if isNewline(b[i:]) {
+                                        break loop
+                                }
+
+                                if !(helper.numberFormat == hex && isHexByte(b[i])) {
+                                        if i+2 < len(b) && !isNewline(b[i:i+2]) {
+                                                return 0, 0, NewParseError("invalid numerical character")
+                                        } else if !isNewline([]rune{b[i]}) {
+                                                return 0, 0, NewParseError("invalid numerical character")
+                                        }
+
+                                        break loop
+                                }
+                        }
+                }
+        }
+
+        return helper.Base(), i, nil
+}
+
+// isDigit will return whether or not something is an integer
+func isDigit(b rune) bool {
+        return b >= '0' && b <= '9'
+}
+
+func hasExponent(v []rune) bool {
+        return contains(v, 'e') || contains(v, 'E')
+}
+
+func isBinaryByte(b rune) bool {
+        switch b {
+        case '0', '1':
+                return true
+        default:
+                return false
+        }
+}
+
+func isOctalByte(b rune) bool {
+        switch b {
+        case '0', '1', '2', '3', '4', '5', '6', '7':
+                return true
+        default:
+                return false
+        }
+}
+
+func isHexByte(b rune) bool {
+        if isDigit(b) {
+                return true
+        }
+        return (b >= 'A' && b <= 'F') ||
+                (b >= 'a' && b <= 'f')
+}
+
+func getValue(b []rune) (int, error) {
+        i := 0
+
+        for i < len(b) {
+                if isNewline(b[i:]) {
+                        break
+                }
+
+                if isOp(b[i:]) {
+                        break
+                }
+
+                valid, n, err := isValid(b[i:])
+                if err != nil {
+                        return 0, err
+                }
+
+                if !valid {
+                        break
+                }
+
+                i += n
+        }
+
+        return i, nil
+}
+
+// getNegativeNumber will return a negative number from a
+// byte slice. This will iterate through all characters until
+// a non-digit has been found.
+func getNegativeNumber(b []rune) int {
+        if b[0] != '-' {
+                return 0
+        }
+
+        i := 1
+        for ; i < len(b); i++ {
+                if !isDigit(b[i]) {
+                        return i
+                }
+        }
+
+        return i
+}
+
+// isEscaped will return whether or not the character is an escaped
+// character.
+func isEscaped(value []rune, b rune) bool {
+        if len(value) == 0 {
+                return false
+        }
+
+        switch b {
+        case '\'': // single quote
+        case '"': // quote
+        case 'n': // newline
+        case 't': // tab
+        case '\\': // backslash
+        default:
+                return false
+        }
+
+        return value[len(value)-1] == '\\'
+}
+
+func getEscapedByte(b rune) (rune, error) {
+        switch b {
+        case '\'': // single quote
+                return '\'', nil
+        case '"': // quote
+                return '"', nil
+        case 'n': // newline
+                return '\n', nil
+        case 't': // table
+                return '\t', nil
+        case '\\': // backslash
+                return '\\', nil
+        default:
+                return b, NewParseError(fmt.Sprintf("invalid escaped character %c", b))
+        }
+}
+
+func removeEscapedCharacters(b []rune) []rune {
+        for i := 0; i < len(b); i++ {
+                if isEscaped(b[:i], b[i]) {
+                        c, err := getEscapedByte(b[i])
+                        if err != nil {
+                                return b
+                        }
+
+                        b[i-1] = c
+                        b = append(b[:i], b[i+1:]...)
+                        i--
+                }
+        }
+
+        return b
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
new file mode 100644
index 0000000..94841c3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
@@ -0,0 +1,166 @@
+package ini
+
+import (
+        "fmt"
+        "sort"
+)
+
+// Visitor is an interface used by walkers that will
+// traverse an array of ASTs.
+type Visitor interface {
+        VisitExpr(AST) error
+        VisitStatement(AST) error
+}
+
+// DefaultVisitor is used to visit statements and expressions
+// and ensure that they are both of the correct format.
+// In addition, upon visiting this will build sections and populate
+// the Sections field which can be used to retrieve profile
+// configuration.
+type DefaultVisitor struct {
+        scope    string
+        Sections Sections
+}
+
+// NewDefaultVisitor return a DefaultVisitor
+func NewDefaultVisitor() *DefaultVisitor {
+        return &DefaultVisitor{
+                Sections: Sections{
+                        container: map[string]Section{},
+                },
+        }
+}
+
+// VisitExpr visits expressions...
+func (v *DefaultVisitor) VisitExpr(expr AST) error {
+        t := v.Sections.container[v.scope]
+        if t.values == nil {
+                t.values = values{}
+        }
+
+        switch expr.Kind {
+        case ASTKindExprStatement:
+                opExpr := expr.GetRoot()
+                switch opExpr.Kind {
+                case ASTKindEqualExpr:
+                        children := opExpr.GetChildren()
+                        if len(children) <= 1 {
+                                return NewParseError("unexpected token type")
+                        }
+
+                        rhs := children[1]
+
+                        if rhs.Root.Type() != TokenLit {
+                                return NewParseError("unexpected token type")
+                        }
+
+                        key := EqualExprKey(opExpr)
+                        v, err := newValue(rhs.Root.ValueType, rhs.Root.base, rhs.Root.Raw())
+                        if err != nil {
+                                return err
+                        }
+
+                        t.values[key] = v
+                default:
+                        return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
+                }
+        default:
+                return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
+        }
+
+        v.Sections.container[v.scope] = t
+        return nil
+}
+
+// VisitStatement visits statements...
+func (v *DefaultVisitor) VisitStatement(stmt AST) error {
+        switch stmt.Kind {
+        case ASTKindCompletedSectionStatement:
+                child := stmt.GetRoot()
+                if child.Kind != ASTKindSectionStatement {
+                        return NewParseError(fmt.Sprintf("unsupported child statement: %T", child))
+                }
+
+                name := string(child.Root.Raw())
+                v.Sections.container[name] = Section{}
+                v.scope = name
+        default:
+                return NewParseError(fmt.Sprintf("unsupported statement: %s", stmt.Kind))
+        }
+
+        return nil
+}
+
+// Sections is a map of Section structures that represent
+// a configuration.
+type Sections struct {
+        container map[string]Section
+}
+
+// GetSection will return section p. If section p does not exist,
+// false will be returned in the second parameter.
+func (t Sections) GetSection(p string) (Section, bool) {
+        v, ok := t.container[p]
+        return v, ok
+}
+
+// values represents a map of union values.
+type values map[string]Value
+
+// List will return a list of all sections that were successfully
+// parsed.
+func (t Sections) List() []string {
+        keys := make([]string, len(t.container))
+        i := 0
+        for k := range t.container {
+                keys[i] = k
+                i++
+        }
+
+        sort.Strings(keys)
+        return keys
+}
+
+// Section contains a name and values. This represent
+// a sectioned entry in a configuration file.
+type Section struct {
+        Name   string
+        values values
+}
+
+// Has will return whether or not an entry exists in a given section
+func (t Section) Has(k string) bool {
+        _, ok := t.values[k]
+        return ok
+}
+
+// ValueType will returned what type the union is set to. If
+// k was not found, the NoneType will be returned.
+func (t Section) ValueType(k string) (ValueType, bool) {
+        v, ok := t.values[k]
+        return v.Type, ok
+}
+
+// Bool returns a bool value at k
+func (t Section) Bool(k string) bool {
+        return t.values[k].BoolValue()
+}
+
+// Int returns an integer value at k
+func (t Section) Int(k string) int64 {
+        return t.values[k].IntValue()
+}
+
+// Float64 returns a float value at k
+func (t Section) Float64(k string) float64 {
+        return t.values[k].FloatValue()
+}
+
+// String returns the string value at k
+func (t Section) String(k string) string {
+        _, ok := t.values[k]
+        if !ok {
+                return ""
+        }
+        return t.values[k].StringValue()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
new file mode 100644
index 0000000..99915f7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
@@ -0,0 +1,25 @@
+package ini
+
+// Walk will traverse the AST using the v, the Visitor.
+func Walk(tree []AST, v Visitor) error {
+        for _, node := range tree {
+                switch node.Kind {
+                case ASTKindExpr,
+                        ASTKindExprStatement:
+
+                        if err := v.VisitExpr(node); err != nil {
+                                return err
+                        }
+                case ASTKindStatement,
+                        ASTKindCompletedSectionStatement,
+                        ASTKindNestedSectionStatement,
+                        ASTKindCompletedNestedSectionStatement:
+
+                        if err := v.VisitStatement(node); err != nil {
+                                return err
+                        }
+                }
+        }
+
+        return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
new file mode 100644
index 0000000..7ffb4ae
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
@@ -0,0 +1,24 @@
+package ini
+
+import (
+        "unicode"
+)
+
+// isWhitespace will return whether or not the character is
+// a whitespace character.
+//
+// Whitespace is defined as a space or tab.
+func isWhitespace(c rune) bool {
+        return unicode.IsSpace(c) && c != '\n' && c != '\r'
+}
+
+func newWSToken(b []rune) (Token, int, error) {
+        i := 0
+        for ; i < len(b); i++ {
+                if !isWhitespace(b[i]) {
+                        break
+                }
+        }
+
+        return newToken(TokenWS, b[:i], NoneType), i, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3err/error.go b/vendor/github.com/aws/aws-sdk-go/internal/s3err/error.go
new file mode 100644
index 0000000..0b9b0df
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/s3err/error.go
@@ -0,0 +1,57 @@
+package s3err
+
+import (
+        "fmt"
+
+        "github.com/aws/aws-sdk-go/aws/awserr"
+        "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// RequestFailure provides additional S3 specific metadata for the request
+// failure.
+type RequestFailure struct {
+        awserr.RequestFailure
+
+        hostID string
+}
+
+// NewRequestFailure returns a request failure error decordated with S3
+// specific metadata.
+func NewRequestFailure(err awserr.RequestFailure, hostID string) *RequestFailure {
+        return &RequestFailure{RequestFailure: err, hostID: hostID}
+}
+
+func (r RequestFailure) Error() string {
+        extra := fmt.Sprintf("status code: %d, request id: %s, host id: %s",
+                r.StatusCode(), r.RequestID(), r.hostID)
+        return awserr.SprintError(r.Code(), r.Message(), extra, r.OrigErr())
+}
+func (r RequestFailure) String() string {
+        return r.Error()
+}
+
+// HostID returns the HostID request response value.
+func (r RequestFailure) HostID() string {
+        return r.hostID
+}
+
+// RequestFailureWrapperHandler returns a handler to rap an
+// awserr.RequestFailure with the  S3 request ID 2 from the response.
+func RequestFailureWrapperHandler() request.NamedHandler {
+        return request.NamedHandler{
+                Name: "awssdk.s3.errorHandler",
+                Fn: func(req *request.Request) {
+                        reqErr, ok := req.Error.(awserr.RequestFailure)
+                        if !ok || reqErr == nil {
+                                return
+                        }
+
+                        hostID := req.HTTPResponse.Header.Get("X-Amz-Id-2")
+                        if req.Error == nil {
+                                return
+                        }
+
+                        req.Error = NewRequestFailure(reqErr, hostID)
+                },
+        }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
new file mode 100644
index 0000000..7da8a49
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
@@ -0,0 +1,12 @@
+package shareddefaults
+
+const (
+        // ECSCredsProviderEnvVar is an environmental variable key used to
+        // determine which path needs to be hit.
+        ECSCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+)
+
+// ECSContainerCredentialsURI is the endpoint to retrieve container
+// credentials. This can be overridden to test to ensure the credential process
+// is behaving correctly.
+var ECSContainerCredentialsURI = "http://169.254.170.2"
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
new file mode 100644
index 0000000..d7d42db
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
@@ -0,0 +1,68 @@
+package protocol
+
+import (
+        "strings"
+
+        "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// ValidateEndpointHostHandler is a request handler that will validate the
+// request endpoint's hosts is a valid RFC 3986 host.
+var ValidateEndpointHostHandler = request.NamedHandler{
+        Name: "awssdk.protocol.ValidateEndpointHostHandler",
+        Fn: func(r *request.Request) {
+                err := ValidateEndpointHost(r.Operation.Name, r.HTTPRequest.URL.Host)
+                if err != nil {
+                        r.Error = err
+                }
+        },
+}
+
+// ValidateEndpointHost validates that the host string passed in is a valid RFC
+// 3986 host. Returns error if the host is not valid.
+func ValidateEndpointHost(opName, host string) error {
+        paramErrs := request.ErrInvalidParams{Context: opName}
+        labels := strings.Split(host, ".")
+
+        for i, label := range labels {
+                if i == len(labels)-1 && len(label) == 0 {
+                        // Allow trailing dot for FQDN hosts.
+                        continue
+                }
+
+                if !ValidHostLabel(label) {
+                        paramErrs.Add(request.NewErrParamFormat(
+                                "endpoint host label", "[a-zA-Z0-9-]{1,63}", label))
+                }
+        }
+
+        if len(host) > 255 {
+                paramErrs.Add(request.NewErrParamMaxLen(
+                        "endpoint host", 255, host,
+                ))
+        }
+
+        if paramErrs.Len() > 0 {
+                return paramErrs
+        }
+        return nil
+}
+
+// ValidHostLabel returns if the label is a valid RFC 3986 host label.
+func ValidHostLabel(label string) bool {
+        if l := len(label); l == 0 || l > 63 {
+                return false
+        }
+        for _, r := range label {
+                switch {
+                case r >= '0' && r <= '9':
+                case r >= 'A' && r <= 'Z':
+                case r >= 'a' && r <= 'z':
+                case r == '-':
+                default:
+                        return false
+                }
+        }
+
+        return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
new file mode 100644
index 0000000..915b0fc
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
@@ -0,0 +1,54 @@
+package protocol
+
+import (
+        "strings"
+
+        "github.com/aws/aws-sdk-go/aws"
+        "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// HostPrefixHandlerName is the handler name for the host prefix request
+// handler.
+const HostPrefixHandlerName = "awssdk.endpoint.HostPrefixHandler"
+
+// NewHostPrefixHandler constructs a build handler
+func NewHostPrefixHandler(prefix string, labelsFn func() map[string]string) request.NamedHandler {
+        builder := HostPrefixBuilder{
+                Prefix:   prefix,
+                LabelsFn: labelsFn,
+        }
+
+        return request.NamedHandler{
+                Name: HostPrefixHandlerName,
+                Fn:   builder.Build,
+        }
+}
+
+// HostPrefixBuilder provides the request handler to expand and prepend
+// the host prefix into the operation's request endpoint host.
+type HostPrefixBuilder struct {
+        Prefix   string
+        LabelsFn func() map[string]string
+}
+
+// Build updates the passed in Request with the HostPrefix template expanded.
+func (h HostPrefixBuilder) Build(r *request.Request) {
+        if aws.BoolValue(r.Config.DisableEndpointHostPrefix) {
+                return
+        }
+
+        var labels map[string]string
+        if h.LabelsFn != nil {
+                labels = h.LabelsFn()
+        }
+
+        prefix := h.Prefix
+        for name, value := range labels {
+                prefix = strings.Replace(prefix, "{"+name+"}", value, -1)
+        }
+
+        r.HTTPRequest.URL.Host = prefix + r.HTTPRequest.URL.Host
+        if len(r.HTTPRequest.Host) > 0 {
+                r.HTTPRequest.Host = prefix + r.HTTPRequest.Host
+        }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
index e0f4d5a..3495c73 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
@@ -23,7 +23,11 @@ func Unmarshal(r *request.Request) {
                 decoder := xml.NewDecoder(r.HTTPResponse.Body)
                 err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result")
                 if err != nil {
-                        r.Error = awserr.New("SerializationError", "failed decoding Query response", err)
+                        r.Error = awserr.NewRequestFailure(
+                                awserr.New("SerializationError", "failed decoding Query response", err),
+                                r.HTTPResponse.StatusCode,
+                                r.RequestID,
+                        )
                         return
                 }
         }
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
index f214296..46d354e 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
@@ -28,7 +28,11 @@ func UnmarshalError(r *request.Request) {
 
         bodyBytes, err := ioutil.ReadAll(r.HTTPResponse.Body)
         if err != nil {
-                r.Error = awserr.New("SerializationError", "failed to read from query HTTP response body", err)
+                r.Error = awserr.NewRequestFailure(
+                        awserr.New("SerializationError", "failed to read from query HTTP response body", err),
+                        r.HTTPResponse.StatusCode,
+                        r.RequestID,
+                )
                 return
         }
 
@@ -61,6 +65,10 @@ func UnmarshalError(r *request.Request) {
         }
 
         // Failed to retrieve any error message from the response body
-        r.Error = awserr.New("SerializationError",
-                "failed to decode query XML error response", decodeErr)
+        r.Error = awserr.NewRequestFailure(
+                awserr.New("SerializationError",
+                        "failed to decode query XML error response", decodeErr),
+                r.HTTPResponse.StatusCode,
+                r.RequestID,
+        )
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
index b34f525..b80f84f 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
@@ -155,6 +155,9 @@ func buildHeader(header *http.Header, v reflect.Value, name string, tag reflect.
                 return awserr.New("SerializationError", "failed to encode REST request", err)
         }
 
+        name = strings.TrimSpace(name)
+        str = strings.TrimSpace(str)
+
         header.Add(name, str)
 
         return nil
@@ -170,8 +173,10 @@ func buildHeaderMap(header *http.Header, v reflect.Value, tag reflect.StructTag)
                         return awserr.New("SerializationError", "failed to encode REST request", err)
 
                 }
+                keyStr := strings.TrimSpace(key.String())
+                str = strings.TrimSpace(str)
 
-                header.Add(prefix+key.String(), str)
+                header.Add(prefix+keyStr, str)
         }
         return nil
 }
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
index 7bdf4c8..b0f4e24 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
@@ -36,7 +36,11 @@ func Build(r *request.Request) {
                 var buf bytes.Buffer
                 err := xmlutil.BuildXML(r.Params, xml.NewEncoder(&buf))
                 if err != nil {
-                        r.Error = awserr.New("SerializationError", "failed to encode rest XML request", err)
+                        r.Error = awserr.NewRequestFailure(
+                                awserr.New("SerializationError", "failed to encode rest XML request", err),
+                                r.HTTPResponse.StatusCode,
+                                r.RequestID,
+                        )
                         return
                 }
                 r.SetBufferBody(buf.Bytes())
@@ -50,7 +54,11 @@ func Unmarshal(r *request.Request) {
                 decoder := xml.NewDecoder(r.HTTPResponse.Body)
                 err := xmlutil.UnmarshalXML(r.Data, decoder, "")
                 if err != nil {
-                        r.Error = awserr.New("SerializationError", "failed to decode REST XML response", err)
+                        r.Error = awserr.NewRequestFailure(
+                                awserr.New("SerializationError", "failed to decode REST XML response", err),
+                                r.HTTPResponse.StatusCode,
+                                r.RequestID,
+                        )
                         return
                 }
         } else {
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
index 07764c8..cf981fe 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
@@ -87,15 +87,13 @@ func (b *xmlBuilder) buildValue(value reflect.Value, current *XMLNode, tag refle
         }
 }
 
-// buildStruct adds a struct and its fields to the current XMLNode. All fields any any nested
+// buildStruct adds a struct and its fields to the current XMLNode. All fields and any nested
 // types are converted to XMLNodes also.
 func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
         if !value.IsValid() {
                 return nil
         }
 
-        fieldAdded := false
-
         // unwrap payloads
         if payload := tag.Get("payload"); payload != "" {
                 field, _ := value.Type().FieldByName(payload)
@@ -123,6 +121,8 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
                 child.Attr = append(child.Attr, ns)
         }
 
+        var payloadFields, nonPayloadFields int
+
         t := value.Type()
         for i := 0; i < value.NumField(); i++ {
                 member := elemOf(value.Field(i))
@@ -137,8 +137,10 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
 
                 mTag := field.Tag
                 if mTag.Get("location") != "" { // skip non-body members
+                        nonPayloadFields++
                         continue
                 }
+                payloadFields++
 
                 if protocol.CanSetIdempotencyToken(value.Field(i), field) {
                         token := protocol.GetIdempotencyToken()
@@ -153,11 +155,11 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
                 if err := b.buildValue(member, child, mTag); err != nil {
                         return err
                 }
-
-                fieldAdded = true
         }
 
-        if fieldAdded { // only append this child if we have one ore more valid members
+        // Only case where the child shape is not added is if the shape only contains
+        // non-payload fields, e.g headers/query.
+        if !(payloadFields == 0 && nonPayloadFields > 0) {
                 current.AddChild(child)
         }
 
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
index 0e999ca..83a42d2 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
@@ -27,7 +27,7 @@ const opAbortMultipartUpload = "AbortMultipartUpload"
 // AbortMultipartUploadRequest generates a "aws/request.Request" representing the
 // client's request for the AbortMultipartUpload operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -110,7 +110,7 @@ const opCompleteMultipartUpload = "CompleteMultipartUpload"
 // CompleteMultipartUploadRequest generates a "aws/request.Request" representing the
 // client's request for the CompleteMultipartUpload operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -184,7 +184,7 @@ const opCopyObject = "CopyObject"
 // CopyObjectRequest generates a "aws/request.Request" representing the
 // client's request for the CopyObject operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -264,7 +264,7 @@ const opCreateBucket = "CreateBucket"
 // CreateBucketRequest generates a "aws/request.Request" representing the
 // client's request for the CreateBucket operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -346,7 +346,7 @@ const opCreateMultipartUpload = "CreateMultipartUpload"
 // CreateMultipartUploadRequest generates a "aws/request.Request" representing the
 // client's request for the CreateMultipartUpload operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -426,7 +426,7 @@ const opDeleteBucket = "DeleteBucket"
 // DeleteBucketRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucket operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -460,8 +460,7 @@ func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request
 
         output = &DeleteBucketOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -503,7 +502,7 @@ const opDeleteBucketAnalyticsConfiguration = "DeleteBucketAnalyticsConfiguration
 // DeleteBucketAnalyticsConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketAnalyticsConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -537,8 +536,7 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt
 
         output = &DeleteBucketAnalyticsConfigurationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -580,7 +578,7 @@ const opDeleteBucketCors = "DeleteBucketCors"
 // DeleteBucketCorsRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketCors operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -614,14 +612,13 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request
 
         output = &DeleteBucketCorsOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
 // DeleteBucketCors API operation for Amazon Simple Storage Service.
 //
-// Deletes the cors configuration information set for the bucket.
+// Deletes the CORS configuration information set for the bucket.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -656,7 +653,7 @@ const opDeleteBucketEncryption = "DeleteBucketEncryption"
 // DeleteBucketEncryptionRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketEncryption operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -690,8 +687,7 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) (
 
         output = &DeleteBucketEncryptionOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -732,7 +728,7 @@ const opDeleteBucketInventoryConfiguration = "DeleteBucketInventoryConfiguration
 // DeleteBucketInventoryConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketInventoryConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -766,8 +762,7 @@ func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInvent
 
         output = &DeleteBucketInventoryConfigurationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -809,7 +804,7 @@ const opDeleteBucketLifecycle = "DeleteBucketLifecycle"
 // DeleteBucketLifecycleRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketLifecycle operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -843,8 +838,7 @@ func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (re
 
         output = &DeleteBucketLifecycleOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -885,7 +879,7 @@ const opDeleteBucketMetricsConfiguration = "DeleteBucketMetricsConfiguration"
 // DeleteBucketMetricsConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketMetricsConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -919,8 +913,7 @@ func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsC
 
         output = &DeleteBucketMetricsConfigurationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -962,7 +955,7 @@ const opDeleteBucketPolicy = "DeleteBucketPolicy"
 // DeleteBucketPolicyRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketPolicy operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -996,8 +989,7 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req
 
         output = &DeleteBucketPolicyOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -1038,7 +1030,7 @@ const opDeleteBucketReplication = "DeleteBucketReplication"
 // DeleteBucketReplicationRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketReplication operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1072,14 +1064,15 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput)
 
         output = &DeleteBucketReplicationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
 // DeleteBucketReplication API operation for Amazon Simple Storage Service.
 //
-// Deletes the replication configuration from the bucket.
+// Deletes the replication configuration from the bucket. For information about
+// replication configuration, see Cross-Region Replication (CRR) ( https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html)
+// in the Amazon S3 Developer Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -1114,7 +1107,7 @@ const opDeleteBucketTagging = "DeleteBucketTagging"
 // DeleteBucketTaggingRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketTagging operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1148,8 +1141,7 @@ func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *r
 
         output = &DeleteBucketTaggingOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -1190,7 +1182,7 @@ const opDeleteBucketWebsite = "DeleteBucketWebsite"
 // DeleteBucketWebsiteRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteBucketWebsite operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1224,8 +1216,7 @@ func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *r
 
         output = &DeleteBucketWebsiteOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -1266,7 +1257,7 @@ const opDeleteObject = "DeleteObject"
 // DeleteObjectRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteObject operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1342,7 +1333,7 @@ const opDeleteObjectTagging = "DeleteObjectTagging"
 // DeleteObjectTaggingRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteObjectTagging operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1416,7 +1407,7 @@ const opDeleteObjects = "DeleteObjects"
 // DeleteObjectsRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteObjects operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1486,12 +1477,87 @@ func (c *S3) DeleteObjectsWithContext(ctx aws.Context, input *DeleteObjectsInput
         return out, req.Send()
 }
 
+const opDeletePublicAccessBlock = "DeletePublicAccessBlock"
+
+// DeletePublicAccessBlockRequest generates a "aws/request.Request" representing the
+// client's request for the DeletePublicAccessBlock operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeletePublicAccessBlock for more information on using the DeletePublicAccessBlock
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the DeletePublicAccessBlockRequest method.
+//    req, resp := client.DeletePublicAccessBlockRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlock
+func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput) (req *request.Request, output *DeletePublicAccessBlockOutput) {
+        op := &request.Operation{
+                Name:       opDeletePublicAccessBlock,
+                HTTPMethod: "DELETE",
+                HTTPPath:   "/{Bucket}?publicAccessBlock",
+        }
+
+        if input == nil {
+                input = &DeletePublicAccessBlockInput{}
+        }
+
+        output = &DeletePublicAccessBlockOutput{}
+        req = c.newRequest(op, input, output)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+        return
+}
+
+// DeletePublicAccessBlock API operation for Amazon Simple Storage Service.
+//
+// Removes the PublicAccessBlock configuration from an Amazon S3 bucket.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeletePublicAccessBlock for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlock
+func (c *S3) DeletePublicAccessBlock(input *DeletePublicAccessBlockInput) (*DeletePublicAccessBlockOutput, error) {
+        req, out := c.DeletePublicAccessBlockRequest(input)
+        return out, req.Send()
+}
+
+// DeletePublicAccessBlockWithContext is the same as DeletePublicAccessBlock with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeletePublicAccessBlock for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeletePublicAccessBlockWithContext(ctx aws.Context, input *DeletePublicAccessBlockInput, opts ...request.Option) (*DeletePublicAccessBlockOutput, error) {
+        req, out := c.DeletePublicAccessBlockRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
 const opGetBucketAccelerateConfiguration = "GetBucketAccelerateConfiguration"
 
 // GetBucketAccelerateConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketAccelerateConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1565,7 +1631,7 @@ const opGetBucketAcl = "GetBucketAcl"
 // GetBucketAclRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketAcl operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1639,7 +1705,7 @@ const opGetBucketAnalyticsConfiguration = "GetBucketAnalyticsConfiguration"
 // GetBucketAnalyticsConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketAnalyticsConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1714,7 +1780,7 @@ const opGetBucketCors = "GetBucketCors"
 // GetBucketCorsRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketCors operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1753,7 +1819,7 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque
 
 // GetBucketCors API operation for Amazon Simple Storage Service.
 //
-// Returns the cors configuration for the bucket.
+// Returns the CORS configuration for the bucket.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -1788,7 +1854,7 @@ const opGetBucketEncryption = "GetBucketEncryption"
 // GetBucketEncryptionRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketEncryption operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1862,7 +1928,7 @@ const opGetBucketInventoryConfiguration = "GetBucketInventoryConfiguration"
 // GetBucketInventoryConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketInventoryConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1937,7 +2003,7 @@ const opGetBucketLifecycle = "GetBucketLifecycle"
 // GetBucketLifecycleRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketLifecycle operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1958,6 +2024,8 @@ const opGetBucketLifecycle = "GetBucketLifecycle"
 //    }
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycle
+//
+// Deprecated: GetBucketLifecycle has been deprecated
 func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *request.Request, output *GetBucketLifecycleOutput) {
         if c.Client.Config.Logger != nil {
                 c.Client.Config.Logger.Log("This operation, GetBucketLifecycle, has been deprecated")
@@ -1979,7 +2047,7 @@ func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *req
 
 // GetBucketLifecycle API operation for Amazon Simple Storage Service.
 //
-// Deprecated, see the GetBucketLifecycleConfiguration operation.
+// No longer used, see the GetBucketLifecycleConfiguration operation.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -1988,6 +2056,8 @@ func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *req
 // See the AWS API reference guide for Amazon Simple Storage Service's
 // API operation GetBucketLifecycle for usage and error information.
 // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycle
+//
+// Deprecated: GetBucketLifecycle has been deprecated
 func (c *S3) GetBucketLifecycle(input *GetBucketLifecycleInput) (*GetBucketLifecycleOutput, error) {
         req, out := c.GetBucketLifecycleRequest(input)
         return out, req.Send()
@@ -2002,6 +2072,8 @@ func (c *S3) GetBucketLifecycle(input *GetBucketLifecycleInput) (*GetBucketLifec
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
+//
+// Deprecated: GetBucketLifecycleWithContext has been deprecated
 func (c *S3) GetBucketLifecycleWithContext(ctx aws.Context, input *GetBucketLifecycleInput, opts ...request.Option) (*GetBucketLifecycleOutput, error) {
         req, out := c.GetBucketLifecycleRequest(input)
         req.SetContext(ctx)
@@ -2014,7 +2086,7 @@ const opGetBucketLifecycleConfiguration = "GetBucketLifecycleConfiguration"
 // GetBucketLifecycleConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketLifecycleConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2088,7 +2160,7 @@ const opGetBucketLocation = "GetBucketLocation"
 // GetBucketLocationRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketLocation operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2162,7 +2234,7 @@ const opGetBucketLogging = "GetBucketLogging"
 // GetBucketLoggingRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketLogging operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2237,7 +2309,7 @@ const opGetBucketMetricsConfiguration = "GetBucketMetricsConfiguration"
 // GetBucketMetricsConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketMetricsConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2312,7 +2384,7 @@ const opGetBucketNotification = "GetBucketNotification"
 // GetBucketNotificationRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketNotification operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2333,6 +2405,8 @@ const opGetBucketNotification = "GetBucketNotification"
 //    }
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotification
+//
+// Deprecated: GetBucketNotification has been deprecated
 func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurationRequest) (req *request.Request, output *NotificationConfigurationDeprecated) {
         if c.Client.Config.Logger != nil {
                 c.Client.Config.Logger.Log("This operation, GetBucketNotification, has been deprecated")
@@ -2354,7 +2428,7 @@ func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurat
 
 // GetBucketNotification API operation for Amazon Simple Storage Service.
 //
-// Deprecated, see the GetBucketNotificationConfiguration operation.
+// No longer used, see the GetBucketNotificationConfiguration operation.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -2363,6 +2437,8 @@ func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurat
 // See the AWS API reference guide for Amazon Simple Storage Service's
 // API operation GetBucketNotification for usage and error information.
 // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotification
+//
+// Deprecated: GetBucketNotification has been deprecated
 func (c *S3) GetBucketNotification(input *GetBucketNotificationConfigurationRequest) (*NotificationConfigurationDeprecated, error) {
         req, out := c.GetBucketNotificationRequest(input)
         return out, req.Send()
@@ -2377,6 +2453,8 @@ func (c *S3) GetBucketNotification(input *GetBucketNotificationConfigurationRequ
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
+//
+// Deprecated: GetBucketNotificationWithContext has been deprecated
 func (c *S3) GetBucketNotificationWithContext(ctx aws.Context, input *GetBucketNotificationConfigurationRequest, opts ...request.Option) (*NotificationConfigurationDeprecated, error) {
         req, out := c.GetBucketNotificationRequest(input)
         req.SetContext(ctx)
@@ -2389,7 +2467,7 @@ const opGetBucketNotificationConfiguration = "GetBucketNotificationConfiguration
 // GetBucketNotificationConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketNotificationConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2463,7 +2541,7 @@ const opGetBucketPolicy = "GetBucketPolicy"
 // GetBucketPolicyRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketPolicy operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2532,12 +2610,87 @@ func (c *S3) GetBucketPolicyWithContext(ctx aws.Context, input *GetBucketPolicyI
         return out, req.Send()
 }
 
+const opGetBucketPolicyStatus = "GetBucketPolicyStatus"
+
+// GetBucketPolicyStatusRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketPolicyStatus operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketPolicyStatus for more information on using the GetBucketPolicyStatus
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetBucketPolicyStatusRequest method.
+//    req, resp := client.GetBucketPolicyStatusRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatus
+func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (req *request.Request, output *GetBucketPolicyStatusOutput) {
+        op := &request.Operation{
+                Name:       opGetBucketPolicyStatus,
+                HTTPMethod: "GET",
+                HTTPPath:   "/{Bucket}?policyStatus",
+        }
+
+        if input == nil {
+                input = &GetBucketPolicyStatusInput{}
+        }
+
+        output = &GetBucketPolicyStatusOutput{}
+        req = c.newRequest(op, input, output)
+        return
+}
+
+// GetBucketPolicyStatus API operation for Amazon Simple Storage Service.
+//
+// Retrieves the policy status for an Amazon S3 bucket, indicating whether the
+// bucket is public.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketPolicyStatus for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatus
+func (c *S3) GetBucketPolicyStatus(input *GetBucketPolicyStatusInput) (*GetBucketPolicyStatusOutput, error) {
+        req, out := c.GetBucketPolicyStatusRequest(input)
+        return out, req.Send()
+}
+
+// GetBucketPolicyStatusWithContext is the same as GetBucketPolicyStatus with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketPolicyStatus for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketPolicyStatusWithContext(ctx aws.Context, input *GetBucketPolicyStatusInput, opts ...request.Option) (*GetBucketPolicyStatusOutput, error) {
+        req, out := c.GetBucketPolicyStatusRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
 const opGetBucketReplication = "GetBucketReplication"
 
 // GetBucketReplicationRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketReplication operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2578,6 +2731,10 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req
 //
 // Returns the replication configuration of a bucket.
 //
+// It can take a while to propagate the put or delete a replication configuration
+// to all Amazon S3 systems. Therefore, a get request soon after put or delete
+// can return a wrong result.
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -2611,7 +2768,7 @@ const opGetBucketRequestPayment = "GetBucketRequestPayment"
 // GetBucketRequestPaymentRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketRequestPayment operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2685,7 +2842,7 @@ const opGetBucketTagging = "GetBucketTagging"
 // GetBucketTaggingRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketTagging operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2759,7 +2916,7 @@ const opGetBucketVersioning = "GetBucketVersioning"
 // GetBucketVersioningRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketVersioning operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2833,7 +2990,7 @@ const opGetBucketWebsite = "GetBucketWebsite"
 // GetBucketWebsiteRequest generates a "aws/request.Request" representing the
 // client's request for the GetBucketWebsite operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2907,7 +3064,7 @@ const opGetObject = "GetObject"
 // GetObjectRequest generates a "aws/request.Request" representing the
 // client's request for the GetObject operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -2986,7 +3143,7 @@ const opGetObjectAcl = "GetObjectAcl"
 // GetObjectAclRequest generates a "aws/request.Request" representing the
 // client's request for the GetObjectAcl operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3060,12 +3217,236 @@ func (c *S3) GetObjectAclWithContext(ctx aws.Context, input *GetObjectAclInput,
         return out, req.Send()
 }
 
+const opGetObjectLegalHold = "GetObjectLegalHold"
+
+// GetObjectLegalHoldRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectLegalHold operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectLegalHold for more information on using the GetObjectLegalHold
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetObjectLegalHoldRequest method.
+//    req, resp := client.GetObjectLegalHoldRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHold
+func (c *S3) GetObjectLegalHoldRequest(input *GetObjectLegalHoldInput) (req *request.Request, output *GetObjectLegalHoldOutput) {
+        op := &request.Operation{
+                Name:       opGetObjectLegalHold,
+                HTTPMethod: "GET",
+                HTTPPath:   "/{Bucket}/{Key+}?legal-hold",
+        }
+
+        if input == nil {
+                input = &GetObjectLegalHoldInput{}
+        }
+
+        output = &GetObjectLegalHoldOutput{}
+        req = c.newRequest(op, input, output)
+        return
+}
+
+// GetObjectLegalHold API operation for Amazon Simple Storage Service.
+//
+// Gets an object's current Legal Hold status.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectLegalHold for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHold
+func (c *S3) GetObjectLegalHold(input *GetObjectLegalHoldInput) (*GetObjectLegalHoldOutput, error) {
+        req, out := c.GetObjectLegalHoldRequest(input)
+        return out, req.Send()
+}
+
+// GetObjectLegalHoldWithContext is the same as GetObjectLegalHold with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectLegalHold for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectLegalHoldWithContext(ctx aws.Context, input *GetObjectLegalHoldInput, opts ...request.Option) (*GetObjectLegalHoldOutput, error) {
+        req, out := c.GetObjectLegalHoldRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
+const opGetObjectLockConfiguration = "GetObjectLockConfiguration"
+
+// GetObjectLockConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectLockConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectLockConfiguration for more information on using the GetObjectLockConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetObjectLockConfigurationRequest method.
+//    req, resp := client.GetObjectLockConfigurationRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfiguration
+func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfigurationInput) (req *request.Request, output *GetObjectLockConfigurationOutput) {
+        op := &request.Operation{
+                Name:       opGetObjectLockConfiguration,
+                HTTPMethod: "GET",
+                HTTPPath:   "/{Bucket}?object-lock",
+        }
+
+        if input == nil {
+                input = &GetObjectLockConfigurationInput{}
+        }
+
+        output = &GetObjectLockConfigurationOutput{}
+        req = c.newRequest(op, input, output)
+        return
+}
+
+// GetObjectLockConfiguration API operation for Amazon Simple Storage Service.
+//
+// Gets the Object Lock configuration for a bucket. The rule specified in the
+// Object Lock configuration will be applied by default to every new object
+// placed in the specified bucket.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectLockConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfiguration
+func (c *S3) GetObjectLockConfiguration(input *GetObjectLockConfigurationInput) (*GetObjectLockConfigurationOutput, error) {
+        req, out := c.GetObjectLockConfigurationRequest(input)
+        return out, req.Send()
+}
+
+// GetObjectLockConfigurationWithContext is the same as GetObjectLockConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectLockConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectLockConfigurationWithContext(ctx aws.Context, input *GetObjectLockConfigurationInput, opts ...request.Option) (*GetObjectLockConfigurationOutput, error) {
+        req, out := c.GetObjectLockConfigurationRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
+const opGetObjectRetention = "GetObjectRetention"
+
+// GetObjectRetentionRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectRetention operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectRetention for more information on using the GetObjectRetention
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetObjectRetentionRequest method.
+//    req, resp := client.GetObjectRetentionRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetention
+func (c *S3) GetObjectRetentionRequest(input *GetObjectRetentionInput) (req *request.Request, output *GetObjectRetentionOutput) {
+        op := &request.Operation{
+                Name:       opGetObjectRetention,
+                HTTPMethod: "GET",
+                HTTPPath:   "/{Bucket}/{Key+}?retention",
+        }
+
+        if input == nil {
+                input = &GetObjectRetentionInput{}
+        }
+
+        output = &GetObjectRetentionOutput{}
+        req = c.newRequest(op, input, output)
+        return
+}
+
+// GetObjectRetention API operation for Amazon Simple Storage Service.
+//
+// Retrieves an object's retention settings.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectRetention for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetention
+func (c *S3) GetObjectRetention(input *GetObjectRetentionInput) (*GetObjectRetentionOutput, error) {
+        req, out := c.GetObjectRetentionRequest(input)
+        return out, req.Send()
+}
+
+// GetObjectRetentionWithContext is the same as GetObjectRetention with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectRetention for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectRetentionWithContext(ctx aws.Context, input *GetObjectRetentionInput, opts ...request.Option) (*GetObjectRetentionOutput, error) {
+        req, out := c.GetObjectRetentionRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
 const opGetObjectTagging = "GetObjectTagging"
 
 // GetObjectTaggingRequest generates a "aws/request.Request" representing the
 // client's request for the GetObjectTagging operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3139,7 +3520,7 @@ const opGetObjectTorrent = "GetObjectTorrent"
 // GetObjectTorrentRequest generates a "aws/request.Request" representing the
 // client's request for the GetObjectTorrent operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3208,12 +3589,86 @@ func (c *S3) GetObjectTorrentWithContext(ctx aws.Context, input *GetObjectTorren
         return out, req.Send()
 }
 
+const opGetPublicAccessBlock = "GetPublicAccessBlock"
+
+// GetPublicAccessBlockRequest generates a "aws/request.Request" representing the
+// client's request for the GetPublicAccessBlock operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetPublicAccessBlock for more information on using the GetPublicAccessBlock
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the GetPublicAccessBlockRequest method.
+//    req, resp := client.GetPublicAccessBlockRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlock
+func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req *request.Request, output *GetPublicAccessBlockOutput) {
+        op := &request.Operation{
+                Name:       opGetPublicAccessBlock,
+                HTTPMethod: "GET",
+                HTTPPath:   "/{Bucket}?publicAccessBlock",
+        }
+
+        if input == nil {
+                input = &GetPublicAccessBlockInput{}
+        }
+
+        output = &GetPublicAccessBlockOutput{}
+        req = c.newRequest(op, input, output)
+        return
+}
+
+// GetPublicAccessBlock API operation for Amazon Simple Storage Service.
+//
+// Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetPublicAccessBlock for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlock
+func (c *S3) GetPublicAccessBlock(input *GetPublicAccessBlockInput) (*GetPublicAccessBlockOutput, error) {
+        req, out := c.GetPublicAccessBlockRequest(input)
+        return out, req.Send()
+}
+
+// GetPublicAccessBlockWithContext is the same as GetPublicAccessBlock with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetPublicAccessBlock for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetPublicAccessBlockWithContext(ctx aws.Context, input *GetPublicAccessBlockInput, opts ...request.Option) (*GetPublicAccessBlockOutput, error) {
+        req, out := c.GetPublicAccessBlockRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
 const opHeadBucket = "HeadBucket"
 
 // HeadBucketRequest generates a "aws/request.Request" representing the
 // client's request for the HeadBucket operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3247,8 +3702,7 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou
 
         output = &HeadBucketOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -3295,7 +3749,7 @@ const opHeadObject = "HeadObject"
 // HeadObjectRequest generates a "aws/request.Request" representing the
 // client's request for the HeadObject operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3374,7 +3828,7 @@ const opListBucketAnalyticsConfigurations = "ListBucketAnalyticsConfigurations"
 // ListBucketAnalyticsConfigurationsRequest generates a "aws/request.Request" representing the
 // client's request for the ListBucketAnalyticsConfigurations operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3448,7 +3902,7 @@ const opListBucketInventoryConfigurations = "ListBucketInventoryConfigurations"
 // ListBucketInventoryConfigurationsRequest generates a "aws/request.Request" representing the
 // client's request for the ListBucketInventoryConfigurations operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3522,7 +3976,7 @@ const opListBucketMetricsConfigurations = "ListBucketMetricsConfigurations"
 // ListBucketMetricsConfigurationsRequest generates a "aws/request.Request" representing the
 // client's request for the ListBucketMetricsConfigurations operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3596,7 +4050,7 @@ const opListBuckets = "ListBuckets"
 // ListBucketsRequest generates a "aws/request.Request" representing the
 // client's request for the ListBuckets operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3670,7 +4124,7 @@ const opListMultipartUploads = "ListMultipartUploads"
 // ListMultipartUploadsRequest generates a "aws/request.Request" representing the
 // client's request for the ListMultipartUploads operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3800,7 +4254,7 @@ const opListObjectVersions = "ListObjectVersions"
 // ListObjectVersionsRequest generates a "aws/request.Request" representing the
 // client's request for the ListObjectVersions operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -3930,7 +4384,7 @@ const opListObjects = "ListObjects"
 // ListObjectsRequest generates a "aws/request.Request" representing the
 // client's request for the ListObjects operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4067,7 +4521,7 @@ const opListObjectsV2 = "ListObjectsV2"
 // ListObjectsV2Request generates a "aws/request.Request" representing the
 // client's request for the ListObjectsV2 operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4205,7 +4659,7 @@ const opListParts = "ListParts"
 // ListPartsRequest generates a "aws/request.Request" representing the
 // client's request for the ListParts operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4335,7 +4789,7 @@ const opPutBucketAccelerateConfiguration = "PutBucketAccelerateConfiguration"
 // PutBucketAccelerateConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketAccelerateConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4369,8 +4823,7 @@ func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateC
 
         output = &PutBucketAccelerateConfigurationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -4411,7 +4864,7 @@ const opPutBucketAcl = "PutBucketAcl"
 // PutBucketAclRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketAcl operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4445,8 +4898,7 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request
 
         output = &PutBucketAclOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -4487,7 +4939,7 @@ const opPutBucketAnalyticsConfiguration = "PutBucketAnalyticsConfiguration"
 // PutBucketAnalyticsConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketAnalyticsConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4521,8 +4973,7 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon
 
         output = &PutBucketAnalyticsConfigurationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -4564,7 +5015,7 @@ const opPutBucketCors = "PutBucketCors"
 // PutBucketCorsRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketCors operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4598,14 +5049,13 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque
 
         output = &PutBucketCorsOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
 // PutBucketCors API operation for Amazon Simple Storage Service.
 //
-// Sets the cors configuration for a bucket.
+// Sets the CORS configuration for a bucket.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -4640,7 +5090,7 @@ const opPutBucketEncryption = "PutBucketEncryption"
 // PutBucketEncryptionRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketEncryption operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4674,8 +5124,7 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r
 
         output = &PutBucketEncryptionOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -4717,7 +5166,7 @@ const opPutBucketInventoryConfiguration = "PutBucketInventoryConfiguration"
 // PutBucketInventoryConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketInventoryConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4751,8 +5200,7 @@ func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryCon
 
         output = &PutBucketInventoryConfigurationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -4794,7 +5242,7 @@ const opPutBucketLifecycle = "PutBucketLifecycle"
 // PutBucketLifecycleRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketLifecycle operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4815,6 +5263,8 @@ const opPutBucketLifecycle = "PutBucketLifecycle"
 //    }
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycle
+//
+// Deprecated: PutBucketLifecycle has been deprecated
 func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *request.Request, output *PutBucketLifecycleOutput) {
         if c.Client.Config.Logger != nil {
                 c.Client.Config.Logger.Log("This operation, PutBucketLifecycle, has been deprecated")
@@ -4831,14 +5281,13 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req
 
         output = &PutBucketLifecycleOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
 // PutBucketLifecycle API operation for Amazon Simple Storage Service.
 //
-// Deprecated, see the PutBucketLifecycleConfiguration operation.
+// No longer used, see the PutBucketLifecycleConfiguration operation.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -4847,6 +5296,8 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req
 // See the AWS API reference guide for Amazon Simple Storage Service's
 // API operation PutBucketLifecycle for usage and error information.
 // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycle
+//
+// Deprecated: PutBucketLifecycle has been deprecated
 func (c *S3) PutBucketLifecycle(input *PutBucketLifecycleInput) (*PutBucketLifecycleOutput, error) {
         req, out := c.PutBucketLifecycleRequest(input)
         return out, req.Send()
@@ -4861,6 +5312,8 @@ func (c *S3) PutBucketLifecycle(input *PutBucketLifecycleInput) (*PutBucketLifec
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
+//
+// Deprecated: PutBucketLifecycleWithContext has been deprecated
 func (c *S3) PutBucketLifecycleWithContext(ctx aws.Context, input *PutBucketLifecycleInput, opts ...request.Option) (*PutBucketLifecycleOutput, error) {
         req, out := c.PutBucketLifecycleRequest(input)
         req.SetContext(ctx)
@@ -4873,7 +5326,7 @@ const opPutBucketLifecycleConfiguration = "PutBucketLifecycleConfiguration"
 // PutBucketLifecycleConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketLifecycleConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4907,8 +5360,7 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon
 
         output = &PutBucketLifecycleConfigurationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -4950,7 +5402,7 @@ const opPutBucketLogging = "PutBucketLogging"
 // PutBucketLoggingRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketLogging operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -4984,8 +5436,7 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request
 
         output = &PutBucketLoggingOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -5028,7 +5479,7 @@ const opPutBucketMetricsConfiguration = "PutBucketMetricsConfiguration"
 // PutBucketMetricsConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketMetricsConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5062,8 +5513,7 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu
 
         output = &PutBucketMetricsConfigurationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -5105,7 +5555,7 @@ const opPutBucketNotification = "PutBucketNotification"
 // PutBucketNotificationRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketNotification operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5126,6 +5576,8 @@ const opPutBucketNotification = "PutBucketNotification"
 //    }
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotification
+//
+// Deprecated: PutBucketNotification has been deprecated
 func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (req *request.Request, output *PutBucketNotificationOutput) {
         if c.Client.Config.Logger != nil {
                 c.Client.Config.Logger.Log("This operation, PutBucketNotification, has been deprecated")
@@ -5142,14 +5594,13 @@ func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (re
 
         output = &PutBucketNotificationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
 // PutBucketNotification API operation for Amazon Simple Storage Service.
 //
-// Deprecated, see the PutBucketNotificationConfiguraiton operation.
+// No longer used, see the PutBucketNotificationConfiguration operation.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -5158,6 +5609,8 @@ func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (re
 // See the AWS API reference guide for Amazon Simple Storage Service's
 // API operation PutBucketNotification for usage and error information.
 // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotification
+//
+// Deprecated: PutBucketNotification has been deprecated
 func (c *S3) PutBucketNotification(input *PutBucketNotificationInput) (*PutBucketNotificationOutput, error) {
         req, out := c.PutBucketNotificationRequest(input)
         return out, req.Send()
@@ -5172,6 +5625,8 @@ func (c *S3) PutBucketNotification(input *PutBucketNotificationInput) (*PutBucke
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
+//
+// Deprecated: PutBucketNotificationWithContext has been deprecated
 func (c *S3) PutBucketNotificationWithContext(ctx aws.Context, input *PutBucketNotificationInput, opts ...request.Option) (*PutBucketNotificationOutput, error) {
         req, out := c.PutBucketNotificationRequest(input)
         req.SetContext(ctx)
@@ -5184,7 +5639,7 @@ const opPutBucketNotificationConfiguration = "PutBucketNotificationConfiguration
 // PutBucketNotificationConfigurationRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketNotificationConfiguration operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5218,8 +5673,7 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat
 
         output = &PutBucketNotificationConfigurationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -5260,7 +5714,7 @@ const opPutBucketPolicy = "PutBucketPolicy"
 // PutBucketPolicyRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketPolicy operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5294,8 +5748,7 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R
 
         output = &PutBucketPolicyOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -5337,7 +5790,7 @@ const opPutBucketReplication = "PutBucketReplication"
 // PutBucketReplicationRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketReplication operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5371,15 +5824,15 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req
 
         output = &PutBucketReplicationOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
 // PutBucketReplication API operation for Amazon Simple Storage Service.
 //
-// Creates a new replication configuration (or replaces an existing one, if
-// present).
+// Creates a replication configuration or replaces an existing one. For more
+// information, see Cross-Region Replication (CRR) ( https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html)
+// in the Amazon S3 Developer Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -5414,7 +5867,7 @@ const opPutBucketRequestPayment = "PutBucketRequestPayment"
 // PutBucketRequestPaymentRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketRequestPayment operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5448,8 +5901,7 @@ func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput)
 
         output = &PutBucketRequestPaymentOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -5494,7 +5946,7 @@ const opPutBucketTagging = "PutBucketTagging"
 // PutBucketTaggingRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketTagging operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5528,8 +5980,7 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request
 
         output = &PutBucketTaggingOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -5570,7 +6021,7 @@ const opPutBucketVersioning = "PutBucketVersioning"
 // PutBucketVersioningRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketVersioning operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5604,8 +6055,7 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r
 
         output = &PutBucketVersioningOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -5647,7 +6097,7 @@ const opPutBucketWebsite = "PutBucketWebsite"
 // PutBucketWebsiteRequest generates a "aws/request.Request" representing the
 // client's request for the PutBucketWebsite operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5681,8 +6131,7 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request
 
         output = &PutBucketWebsiteOutput{}
         req = c.newRequest(op, input, output)
-        req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler)
-        req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
         return
 }
 
@@ -5723,7 +6172,7 @@ const opPutObject = "PutObject"
 // PutObjectRequest generates a "aws/request.Request" representing the
 // client's request for the PutObject operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5797,7 +6246,7 @@ const opPutObjectAcl = "PutObjectAcl"
 // PutObjectAclRequest generates a "aws/request.Request" representing the
 // client's request for the PutObjectAcl operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5872,12 +6321,236 @@ func (c *S3) PutObjectAclWithContext(ctx aws.Context, input *PutObjectAclInput,
         return out, req.Send()
 }
 
+const opPutObjectLegalHold = "PutObjectLegalHold"
+
+// PutObjectLegalHoldRequest generates a "aws/request.Request" representing the
+// client's request for the PutObjectLegalHold operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutObjectLegalHold for more information on using the PutObjectLegalHold
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the PutObjectLegalHoldRequest method.
+//    req, resp := client.PutObjectLegalHoldRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHold
+func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *request.Request, output *PutObjectLegalHoldOutput) {
+        op := &request.Operation{
+                Name:       opPutObjectLegalHold,
+                HTTPMethod: "PUT",
+                HTTPPath:   "/{Bucket}/{Key+}?legal-hold",
+        }
+
+        if input == nil {
+                input = &PutObjectLegalHoldInput{}
+        }
+
+        output = &PutObjectLegalHoldOutput{}
+        req = c.newRequest(op, input, output)
+        return
+}
+
+// PutObjectLegalHold API operation for Amazon Simple Storage Service.
+//
+// Applies a Legal Hold configuration to the specified object.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutObjectLegalHold for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHold
+func (c *S3) PutObjectLegalHold(input *PutObjectLegalHoldInput) (*PutObjectLegalHoldOutput, error) {
+        req, out := c.PutObjectLegalHoldRequest(input)
+        return out, req.Send()
+}
+
+// PutObjectLegalHoldWithContext is the same as PutObjectLegalHold with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutObjectLegalHold for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutObjectLegalHoldWithContext(ctx aws.Context, input *PutObjectLegalHoldInput, opts ...request.Option) (*PutObjectLegalHoldOutput, error) {
+        req, out := c.PutObjectLegalHoldRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
+const opPutObjectLockConfiguration = "PutObjectLockConfiguration"
+
+// PutObjectLockConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the PutObjectLockConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutObjectLockConfiguration for more information on using the PutObjectLockConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the PutObjectLockConfigurationRequest method.
+//    req, resp := client.PutObjectLockConfigurationRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfiguration
+func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfigurationInput) (req *request.Request, output *PutObjectLockConfigurationOutput) {
+        op := &request.Operation{
+                Name:       opPutObjectLockConfiguration,
+                HTTPMethod: "PUT",
+                HTTPPath:   "/{Bucket}?object-lock",
+        }
+
+        if input == nil {
+                input = &PutObjectLockConfigurationInput{}
+        }
+
+        output = &PutObjectLockConfigurationOutput{}
+        req = c.newRequest(op, input, output)
+        return
+}
+
+// PutObjectLockConfiguration API operation for Amazon Simple Storage Service.
+//
+// Places an Object Lock configuration on the specified bucket. The rule specified
+// in the Object Lock configuration will be applied by default to every new
+// object placed in the specified bucket.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutObjectLockConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfiguration
+func (c *S3) PutObjectLockConfiguration(input *PutObjectLockConfigurationInput) (*PutObjectLockConfigurationOutput, error) {
+        req, out := c.PutObjectLockConfigurationRequest(input)
+        return out, req.Send()
+}
+
+// PutObjectLockConfigurationWithContext is the same as PutObjectLockConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutObjectLockConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutObjectLockConfigurationWithContext(ctx aws.Context, input *PutObjectLockConfigurationInput, opts ...request.Option) (*PutObjectLockConfigurationOutput, error) {
+        req, out := c.PutObjectLockConfigurationRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
+const opPutObjectRetention = "PutObjectRetention"
+
+// PutObjectRetentionRequest generates a "aws/request.Request" representing the
+// client's request for the PutObjectRetention operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutObjectRetention for more information on using the PutObjectRetention
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the PutObjectRetentionRequest method.
+//    req, resp := client.PutObjectRetentionRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetention
+func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *request.Request, output *PutObjectRetentionOutput) {
+        op := &request.Operation{
+                Name:       opPutObjectRetention,
+                HTTPMethod: "PUT",
+                HTTPPath:   "/{Bucket}/{Key+}?retention",
+        }
+
+        if input == nil {
+                input = &PutObjectRetentionInput{}
+        }
+
+        output = &PutObjectRetentionOutput{}
+        req = c.newRequest(op, input, output)
+        return
+}
+
+// PutObjectRetention API operation for Amazon Simple Storage Service.
+//
+// Places an Object Retention configuration on an object.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutObjectRetention for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetention
+func (c *S3) PutObjectRetention(input *PutObjectRetentionInput) (*PutObjectRetentionOutput, error) {
+        req, out := c.PutObjectRetentionRequest(input)
+        return out, req.Send()
+}
+
+// PutObjectRetentionWithContext is the same as PutObjectRetention with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutObjectRetention for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutObjectRetentionWithContext(ctx aws.Context, input *PutObjectRetentionInput, opts ...request.Option) (*PutObjectRetentionOutput, error) {
+        req, out := c.PutObjectRetentionRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
 const opPutObjectTagging = "PutObjectTagging"
 
 // PutObjectTaggingRequest generates a "aws/request.Request" representing the
 // client's request for the PutObjectTagging operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -5946,12 +6619,88 @@ func (c *S3) PutObjectTaggingWithContext(ctx aws.Context, input *PutObjectTaggin
         return out, req.Send()
 }
 
+const opPutPublicAccessBlock = "PutPublicAccessBlock"
+
+// PutPublicAccessBlockRequest generates a "aws/request.Request" representing the
+// client's request for the PutPublicAccessBlock operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutPublicAccessBlock for more information on using the PutPublicAccessBlock
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the PutPublicAccessBlockRequest method.
+//    req, resp := client.PutPublicAccessBlockRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlock
+func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req *request.Request, output *PutPublicAccessBlockOutput) {
+        op := &request.Operation{
+                Name:       opPutPublicAccessBlock,
+                HTTPMethod: "PUT",
+                HTTPPath:   "/{Bucket}?publicAccessBlock",
+        }
+
+        if input == nil {
+                input = &PutPublicAccessBlockInput{}
+        }
+
+        output = &PutPublicAccessBlockOutput{}
+        req = c.newRequest(op, input, output)
+        req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+        return
+}
+
+// PutPublicAccessBlock API operation for Amazon Simple Storage Service.
+//
+// Creates or modifies the PublicAccessBlock configuration for an Amazon S3
+// bucket.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutPublicAccessBlock for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlock
+func (c *S3) PutPublicAccessBlock(input *PutPublicAccessBlockInput) (*PutPublicAccessBlockOutput, error) {
+        req, out := c.PutPublicAccessBlockRequest(input)
+        return out, req.Send()
+}
+
+// PutPublicAccessBlockWithContext is the same as PutPublicAccessBlock with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutPublicAccessBlock for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutPublicAccessBlockWithContext(ctx aws.Context, input *PutPublicAccessBlockInput, opts ...request.Option) (*PutPublicAccessBlockOutput, error) {
+        req, out := c.PutPublicAccessBlockRequest(input)
+        req.SetContext(ctx)
+        req.ApplyOptions(opts...)
+        return out, req.Send()
+}
+
 const opRestoreObject = "RestoreObject"
 
 // RestoreObjectRequest generates a "aws/request.Request" representing the
 // client's request for the RestoreObject operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -6030,7 +6779,7 @@ const opSelectObjectContent = "SelectObjectContent"
 // SelectObjectContentRequest generates a "aws/request.Request" representing the
 // client's request for the SelectObjectContent operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -6112,7 +6861,7 @@ const opUploadPart = "UploadPart"
 // UploadPartRequest generates a "aws/request.Request" representing the
 // client's request for the UploadPart operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -6192,7 +6941,7 @@ const opUploadPartCopy = "UploadPartCopy"
 // UploadPartCopyRequest generates a "aws/request.Request" representing the
 // client's request for the UploadPartCopy operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -6322,6 +7071,9 @@ func (s *AbortMultipartUploadInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -6467,7 +7219,7 @@ func (s *AccessControlPolicy) SetOwner(v *Owner) *AccessControlPolicy {
         return s
 }
 
-// Container for information regarding the access control for replicas.
+// A container for information about access control for replicas.
 type AccessControlTranslation struct {
         _ struct{} `type:"structure"`
 
@@ -7072,11 +7824,11 @@ type CSVInput struct {
         // to TRUE may lower performance.
         AllowQuotedRecordDelimiter *bool `type:"boolean"`
 
-        // Single character used to indicate a row should be ignored when present at
-        // the start of a row.
+        // The single character used to indicate a row should be ignored when present
+        // at the start of a row.
         Comments *string `type:"string"`
 
-        // Value used to separate individual fields in a record.
+        // The value used to separate individual fields in a record.
         FieldDelimiter *string `type:"string"`
 
         // Describes the first line of input. Valid values: None, Ignore, Use.
@@ -7085,11 +7837,11 @@ type CSVInput struct {
         // Value used for escaping where the field delimiter is part of the value.
         QuoteCharacter *string `type:"string"`
 
-        // Single character used for escaping the quote character inside an already
+        // The single character used for escaping the quote character inside an already
         // escaped value.
         QuoteEscapeCharacter *string `type:"string"`
 
-        // Value used to separate individual records.
+        // The value used to separate individual records.
         RecordDelimiter *string `type:"string"`
 }
 
@@ -7149,20 +7901,20 @@ func (s *CSVInput) SetRecordDelimiter(v string) *CSVInput {
 type CSVOutput struct {
         _ struct{} `type:"structure"`
 
-        // Value used to separate individual fields in a record.
+        // The value used to separate individual fields in a record.
         FieldDelimiter *string `type:"string"`
 
-        // Value used for escaping where the field delimiter is part of the value.
+        // The value used for escaping where the field delimiter is part of the value.
         QuoteCharacter *string `type:"string"`
 
-        // Single character used for escaping the quote character inside an already
+        // Th single character used for escaping the quote character inside an already
         // escaped value.
         QuoteEscapeCharacter *string `type:"string"`
 
         // Indicates whether or not all output fields should be quoted.
         QuoteFields *string `type:"string" enum:"QuoteFields"`
 
-        // Value used to separate individual records.
+        // The value used to separate individual records.
         RecordDelimiter *string `type:"string"`
 }
 
@@ -7211,12 +7963,14 @@ type CloudFunctionConfiguration struct {
 
         CloudFunction *string `type:"string"`
 
-        // Bucket event for which to send notifications.
+        // The bucket event for which to send notifications.
+        //
+        // Deprecated: Event has been deprecated
         Event *string `deprecated:"true" type:"string" enum:"Event"`
 
         Events []*string `locationName:"Event" type:"list" flattened:"true"`
 
-        // Optional unique identifier for configurations in a notification configuration.
+        // An optional unique identifier for configurations in a notification configuration.
         // If you don't provide one, Amazon S3 will assign an ID.
         Id *string `type:"string"`
 
@@ -7322,6 +8076,9 @@ func (s *CompleteMultipartUploadInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -7397,7 +8154,7 @@ type CompleteMultipartUploadOutput struct {
 
         // If present, specifies the ID of the AWS Key Management Service (KMS) master
         // encryption key that was used for the object.
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -7652,7 +8409,7 @@ type CopyObjectInput struct {
         // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
         // the source object. The encryption key provided in this header must be one
         // that was used when the source object was created.
-        CopySourceSSECustomerKey *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string"`
+        CopySourceSSECustomerKey *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
         // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
         // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -7684,6 +8441,15 @@ type CopyObjectInput struct {
         // with metadata provided in the request.
         MetadataDirective *string `location:"header" locationName:"x-amz-metadata-directive" type:"string" enum:"MetadataDirective"`
 
+        // Specifies whether you want to apply a Legal Hold to the copied object.
+        ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+        // The Object Lock mode that you want to apply to the copied object.
+        ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+        // The date and time when you want the copied object's Object Lock to expire.
+        ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
         // Confirms that the requester knows that she or he will be charged for the
         // request. Bucket owners need not specify this parameter in their requests.
         // Documentation on downloading objects from requester pays buckets can be found
@@ -7698,7 +8464,7 @@ type CopyObjectInput struct {
         // does not store the encryption key. The key must be appropriate for use with
         // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
         // header.
-        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string"`
+        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
         // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
         // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -7709,7 +8475,7 @@ type CopyObjectInput struct {
         // requests for an object protected by AWS KMS will fail if not made via SSL
         // or using SigV4. Documentation on configuring any of the officially supported
         // AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -7749,6 +8515,9 @@ func (s *CopyObjectInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.CopySource == nil {
                 invalidParams.Add(request.NewErrParamRequired("CopySource"))
         }
@@ -7917,6 +8686,24 @@ func (s *CopyObjectInput) SetMetadataDirective(v string) *CopyObjectInput {
         return s
 }
 
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *CopyObjectInput) SetObjectLockLegalHoldStatus(v string) *CopyObjectInput {
+        s.ObjectLockLegalHoldStatus = &v
+        return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *CopyObjectInput) SetObjectLockMode(v string) *CopyObjectInput {
+        s.ObjectLockMode = &v
+        return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *CopyObjectInput) SetObjectLockRetainUntilDate(v time.Time) *CopyObjectInput {
+        s.ObjectLockRetainUntilDate = &v
+        return s
+}
+
 // SetRequestPayer sets the RequestPayer field's value.
 func (s *CopyObjectInput) SetRequestPayer(v string) *CopyObjectInput {
         s.RequestPayer = &v
@@ -8010,7 +8797,7 @@ type CopyObjectOutput struct {
 
         // If present, specifies the ID of the AWS Key Management Service (KMS) master
         // encryption key that was used for the object.
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -8150,7 +8937,7 @@ type CreateBucketConfiguration struct {
         _ struct{} `type:"structure"`
 
         // Specifies the region where the bucket will be created. If you don't specify
-        // a region, the bucket will be created in US Standard.
+        // a region, the bucket is created in US East (N. Virginia) Region (us-east-1).
         LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"`
 }
 
@@ -8196,6 +8983,9 @@ type CreateBucketInput struct {
 
         // Allows grantee to write the ACL for the applicable bucket.
         GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+
+        // Specifies whether you want S3 Object Lock to be enabled for the new bucket.
+        ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"`
 }
 
 // String returns the string representation
@@ -8214,6 +9004,9 @@ func (s *CreateBucketInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -8276,6 +9069,12 @@ func (s *CreateBucketInput) SetGrantWriteACP(v string) *CreateBucketInput {
         return s
 }
 
+// SetObjectLockEnabledForBucket sets the ObjectLockEnabledForBucket field's value.
+func (s *CreateBucketInput) SetObjectLockEnabledForBucket(v bool) *CreateBucketInput {
+        s.ObjectLockEnabledForBucket = &v
+        return s
+}
+
 type CreateBucketOutput struct {
         _ struct{} `type:"structure"`
 
@@ -8345,6 +9144,15 @@ type CreateMultipartUploadInput struct {
         // A map of metadata to store with the object in S3.
         Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
 
+        // Specifies whether you want to apply a Legal Hold to the uploaded object.
+        ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+        // Specifies the Object Lock mode that you want to apply to the uploaded object.
+        ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+        // Specifies the date and time when you want the Object Lock to expire.
+        ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
         // Confirms that the requester knows that she or he will be charged for the
         // request. Bucket owners need not specify this parameter in their requests.
         // Documentation on downloading objects from requester pays buckets can be found
@@ -8359,7 +9167,7 @@ type CreateMultipartUploadInput struct {
         // does not store the encryption key. The key must be appropriate for use with
         // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
         // header.
-        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string"`
+        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
         // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
         // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -8370,7 +9178,7 @@ type CreateMultipartUploadInput struct {
         // requests for an object protected by AWS KMS will fail if not made via SSL
         // or using SigV4. Documentation on configuring any of the officially supported
         // AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -8404,6 +9212,9 @@ func (s *CreateMultipartUploadInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -8508,6 +9319,24 @@ func (s *CreateMultipartUploadInput) SetMetadata(v map[string]*string) *CreateMu
         return s
 }
 
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *CreateMultipartUploadInput) SetObjectLockLegalHoldStatus(v string) *CreateMultipartUploadInput {
+        s.ObjectLockLegalHoldStatus = &v
+        return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *CreateMultipartUploadInput) SetObjectLockMode(v string) *CreateMultipartUploadInput {
+        s.ObjectLockMode = &v
+        return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *CreateMultipartUploadInput) SetObjectLockRetainUntilDate(v time.Time) *CreateMultipartUploadInput {
+        s.ObjectLockRetainUntilDate = &v
+        return s
+}
+
 // SetRequestPayer sets the RequestPayer field's value.
 func (s *CreateMultipartUploadInput) SetRequestPayer(v string) *CreateMultipartUploadInput {
         s.RequestPayer = &v
@@ -8601,7 +9430,7 @@ type CreateMultipartUploadOutput struct {
 
         // If present, specifies the ID of the AWS Key Management Service (KMS) master
         // encryption key that was used for the object.
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -8688,6 +9517,50 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo
         return s
 }
 
+// The container element for specifying the default Object Lock retention settings
+// for new objects placed in the specified bucket.
+type DefaultRetention struct {
+        _ struct{} `type:"structure"`
+
+        // The number of days that you want to specify for the default retention period.
+        Days *int64 `type:"integer"`
+
+        // The default Object Lock retention mode you want to apply to new objects placed
+        // in the specified bucket.
+        Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
+
+        // The number of years that you want to specify for the default retention period.
+        Years *int64 `type:"integer"`
+}
+
+// String returns the string representation
+func (s DefaultRetention) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DefaultRetention) GoString() string {
+        return s.String()
+}
+
+// SetDays sets the Days field's value.
+func (s *DefaultRetention) SetDays(v int64) *DefaultRetention {
+        s.Days = &v
+        return s
+}
+
+// SetMode sets the Mode field's value.
+func (s *DefaultRetention) SetMode(v string) *DefaultRetention {
+        s.Mode = &v
+        return s
+}
+
+// SetYears sets the Years field's value.
+func (s *DefaultRetention) SetYears(v int64) *DefaultRetention {
+        s.Years = &v
+        return s
+}
+
 type Delete struct {
         _ struct{} `type:"structure"`
 
@@ -8774,6 +9647,9 @@ func (s *DeleteBucketAnalyticsConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Id == nil {
                 invalidParams.Add(request.NewErrParamRequired("Id"))
         }
@@ -8840,6 +9716,9 @@ func (s *DeleteBucketCorsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -8900,6 +9779,9 @@ func (s *DeleteBucketEncryptionInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -8957,6 +9839,9 @@ func (s *DeleteBucketInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -9007,6 +9892,9 @@ func (s *DeleteBucketInventoryConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Id == nil {
                 invalidParams.Add(request.NewErrParamRequired("Id"))
         }
@@ -9073,6 +9961,9 @@ func (s *DeleteBucketLifecycleInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -9137,6 +10028,9 @@ func (s *DeleteBucketMetricsConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Id == nil {
                 invalidParams.Add(request.NewErrParamRequired("Id"))
         }
@@ -9217,6 +10111,9 @@ func (s *DeleteBucketPolicyInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -9254,6 +10151,11 @@ func (s DeleteBucketPolicyOutput) GoString() string {
 type DeleteBucketReplicationInput struct {
         _ struct{} `type:"structure"`
 
+        // The bucket name.
+        //
+        // It can take a while to propagate the deletion of a replication configuration
+        // to all Amazon S3 systems.
+        //
         // Bucket is a required field
         Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
 }
@@ -9274,6 +10176,9 @@ func (s *DeleteBucketReplicationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -9331,6 +10236,9 @@ func (s *DeleteBucketTaggingInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -9388,6 +10296,9 @@ func (s *DeleteBucketWebsiteInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -9481,12 +10392,43 @@ func (s *DeleteMarkerEntry) SetVersionId(v string) *DeleteMarkerEntry {
         return s
 }
 
+// Specifies whether Amazon S3 should replicate delete makers.
+type DeleteMarkerReplication struct {
+        _ struct{} `type:"structure"`
+
+        // The status of the delete marker replication.
+        //
+        // In the current implementation, Amazon S3 doesn't replicate the delete markers.
+        // The status must be Disabled.
+        Status *string `type:"string" enum:"DeleteMarkerReplicationStatus"`
+}
+
+// String returns the string representation
+func (s DeleteMarkerReplication) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeleteMarkerReplication) GoString() string {
+        return s.String()
+}
+
+// SetStatus sets the Status field's value.
+func (s *DeleteMarkerReplication) SetStatus(v string) *DeleteMarkerReplication {
+        s.Status = &v
+        return s
+}
+
 type DeleteObjectInput struct {
         _ struct{} `type:"structure"`
 
         // Bucket is a required field
         Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
 
+        // Indicates whether S3 Object Lock should bypass Governance-mode restrictions
+        // to process this operation.
+        BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
+
         // Key is a required field
         Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
 
@@ -9520,6 +10462,9 @@ func (s *DeleteObjectInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -9546,6 +10491,12 @@ func (s *DeleteObjectInput) getBucket() (v string) {
         return *s.Bucket
 }
 
+// SetBypassGovernanceRetention sets the BypassGovernanceRetention field's value.
+func (s *DeleteObjectInput) SetBypassGovernanceRetention(v bool) *DeleteObjectInput {
+        s.BypassGovernanceRetention = &v
+        return s
+}
+
 // SetKey sets the Key field's value.
 func (s *DeleteObjectInput) SetKey(v string) *DeleteObjectInput {
         s.Key = &v
@@ -9643,6 +10594,9 @@ func (s *DeleteObjectTaggingInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -9710,6 +10664,11 @@ type DeleteObjectsInput struct {
         // Bucket is a required field
         Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
 
+        // Specifies whether you want to delete this object even if it has a Governance-type
+        // Object Lock in place. You must have sufficient permissions to perform this
+        // operation.
+        BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
+
         // Delete is a required field
         Delete *Delete `locationName:"Delete" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
 
@@ -9740,6 +10699,9 @@ func (s *DeleteObjectsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Delete == nil {
                 invalidParams.Add(request.NewErrParamRequired("Delete"))
         }
@@ -9768,6 +10730,12 @@ func (s *DeleteObjectsInput) getBucket() (v string) {
         return *s.Bucket
 }
 
+// SetBypassGovernanceRetention sets the BypassGovernanceRetention field's value.
+func (s *DeleteObjectsInput) SetBypassGovernanceRetention(v bool) *DeleteObjectsInput {
+        s.BypassGovernanceRetention = &v
+        return s
+}
+
 // SetDelete sets the Delete field's value.
 func (s *DeleteObjectsInput) SetDelete(v *Delete) *DeleteObjectsInput {
         s.Delete = v
@@ -9826,6 +10794,68 @@ func (s *DeleteObjectsOutput) SetRequestCharged(v string) *DeleteObjectsOutput {
         return s
 }
 
+type DeletePublicAccessBlockInput struct {
+        _ struct{} `type:"structure"`
+
+        // The Amazon S3 bucket whose PublicAccessBlock configuration you want to delete.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s DeletePublicAccessBlockInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeletePublicAccessBlockInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeletePublicAccessBlockInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "DeletePublicAccessBlockInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeletePublicAccessBlockInput) SetBucket(v string) *DeletePublicAccessBlockInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *DeletePublicAccessBlockInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+type DeletePublicAccessBlockOutput struct {
+        _ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s DeletePublicAccessBlockOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s DeletePublicAccessBlockOutput) GoString() string {
+        return s.String()
+}
+
 type DeletedObject struct {
         _ struct{} `type:"structure"`
 
@@ -9872,27 +10902,43 @@ func (s *DeletedObject) SetVersionId(v string) *DeletedObject {
         return s
 }
 
-// Container for replication destination information.
+// A container for information about the replication destination.
 type Destination struct {
         _ struct{} `type:"structure"`
 
-        // Container for information regarding the access control for replicas.
+        // A container for information about access control for replicas.
+        //
+        // Use this element only in a cross-account scenario where source and destination
+        // bucket owners are not the same to change replica ownership to the AWS account
+        // that owns the destination bucket. If you don't add this element to the replication
+        // configuration, the replicas are owned by same AWS account that owns the source
+        // object.
         AccessControlTranslation *AccessControlTranslation `type:"structure"`
 
-        // Account ID of the destination bucket. Currently this is only being verified
-        // if Access Control Translation is enabled
+        // The account ID of the destination bucket. Currently, Amazon S3 verifies this
+        // value only if Access Control Translation is enabled.
+        //
+        // In a cross-account scenario, if you change replica ownership to the AWS account
+        // that owns the destination bucket by adding the AccessControlTranslation element,
+        // this is the account ID of the owner of the destination bucket.
         Account *string `type:"string"`
 
-        // Amazon resource name (ARN) of the bucket where you want Amazon S3 to store
-        // replicas of the object identified by the rule.
+        // The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to
+        // store replicas of the object identified by the rule.
+        //
+        // If there are multiple rules in your replication configuration, all rules
+        // must specify the same bucket as the destination. A replication configuration
+        // can replicate objects to only one destination bucket.
         //
         // Bucket is a required field
         Bucket *string `type:"string" required:"true"`
 
-        // Container for information regarding encryption based configuration for replicas.
+        // A container that provides information about encryption. If SourceSelectionCriteria
+        // is specified, you must specify this element.
         EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
 
-        // The class of storage used to store the object.
+        // The class of storage used to store the object. By default Amazon S3 uses
+        // storage class of the source object when creating a replica.
         StorageClass *string `type:"string" enum:"StorageClass"`
 }
 
@@ -9978,7 +11024,7 @@ type Encryption struct {
 
         // If the encryption type is aws:kms, this optional value specifies the AWS
         // KMS key ID to use for encryption of job results.
-        KMSKeyId *string `type:"string"`
+        KMSKeyId *string `type:"string" sensitive:"true"`
 }
 
 // String returns the string representation
@@ -10022,11 +11068,13 @@ func (s *Encryption) SetKMSKeyId(v string) *Encryption {
         return s
 }
 
-// Container for information regarding encryption based configuration for replicas.
+// A container for information about the encryption-based configuration for
+// replicas.
 type EncryptionConfiguration struct {
         _ struct{} `type:"structure"`
 
-        // The id of the KMS key used to encrypt the replica object.
+        // The ID of the AWS KMS key for the AWS Region where the destination bucket
+        // resides. Amazon S3 uses this key to encrypt the replica object.
         ReplicaKmsKeyID *string `type:"string"`
 }
 
@@ -10159,14 +11207,15 @@ func (s *ErrorDocument) SetKey(v string) *ErrorDocument {
         return s
 }
 
-// Container for key value pair that defines the criteria for the filter rule.
+// A container for a key value pair that defines the criteria for the filter
+// rule.
 type FilterRule struct {
         _ struct{} `type:"structure"`
 
-        // Object key name prefix or suffix identifying one or more objects to which
-        // the filtering rule applies. Maximum prefix length can be up to 1,024 characters.
+        // The object key name prefix or suffix identifying one or more objects to which
+        // the filtering rule applies. The maximum prefix length is 1,024 characters.
         // Overlapping prefixes and suffixes are not supported. For more information,
-        // go to Configuring Event Notifications (http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+        // see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
         // in the Amazon Simple Storage Service Developer Guide.
         Name *string `type:"string" enum:"FilterRuleName"`
 
@@ -10220,6 +11269,9 @@ func (s *GetBucketAccelerateConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -10286,6 +11338,9 @@ func (s *GetBucketAclInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -10367,6 +11422,9 @@ func (s *GetBucketAnalyticsConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Id == nil {
                 invalidParams.Add(request.NewErrParamRequired("Id"))
         }
@@ -10442,6 +11500,9 @@ func (s *GetBucketCorsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -10510,6 +11571,9 @@ func (s *GetBucketEncryptionInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -10584,6 +11648,9 @@ func (s *GetBucketInventoryConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Id == nil {
                 invalidParams.Add(request.NewErrParamRequired("Id"))
         }
@@ -10659,6 +11726,9 @@ func (s *GetBucketLifecycleConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -10724,6 +11794,9 @@ func (s *GetBucketLifecycleInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -10789,6 +11862,9 @@ func (s *GetBucketLocationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -10854,6 +11930,9 @@ func (s *GetBucketLoggingInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -10929,6 +12008,9 @@ func (s *GetBucketMetricsConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Id == nil {
                 invalidParams.Add(request.NewErrParamRequired("Id"))
         }
@@ -11006,6 +12088,9 @@ func (s *GetBucketNotificationConfigurationRequest) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -11049,6 +12134,9 @@ func (s *GetBucketPolicyInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -11092,6 +12180,77 @@ func (s *GetBucketPolicyOutput) SetPolicy(v string) *GetBucketPolicyOutput {
         return s
 }
 
+type GetBucketPolicyStatusInput struct {
+        _ struct{} `type:"structure"`
+
+        // The name of the Amazon S3 bucket whose policy status you want to retrieve.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s GetBucketPolicyStatusInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetBucketPolicyStatusInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketPolicyStatusInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "GetBucketPolicyStatusInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketPolicyStatusInput) SetBucket(v string) *GetBucketPolicyStatusInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *GetBucketPolicyStatusInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+type GetBucketPolicyStatusOutput struct {
+        _ struct{} `type:"structure" payload:"PolicyStatus"`
+
+        // The policy status for the specified bucket.
+        PolicyStatus *PolicyStatus `type:"structure"`
+}
+
+// String returns the string representation
+func (s GetBucketPolicyStatusOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetBucketPolicyStatusOutput) GoString() string {
+        return s.String()
+}
+
+// SetPolicyStatus sets the PolicyStatus field's value.
+func (s *GetBucketPolicyStatusOutput) SetPolicyStatus(v *PolicyStatus) *GetBucketPolicyStatusOutput {
+        s.PolicyStatus = v
+        return s
+}
+
 type GetBucketReplicationInput struct {
         _ struct{} `type:"structure"`
 
@@ -11115,6 +12274,9 @@ func (s *GetBucketReplicationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -11138,8 +12300,8 @@ func (s *GetBucketReplicationInput) getBucket() (v string) {
 type GetBucketReplicationOutput struct {
         _ struct{} `type:"structure" payload:"ReplicationConfiguration"`
 
-        // Container for replication rules. You can add as many as 1,000 rules. Total
-        // replication configuration size can be up to 2 MB.
+        // A container for replication rules. You can add up to 1,000 rules. The maximum
+        // size of a replication configuration is 2 MB.
         ReplicationConfiguration *ReplicationConfiguration `type:"structure"`
 }
 
@@ -11182,6 +12344,9 @@ func (s *GetBucketRequestPaymentInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -11248,6 +12413,9 @@ func (s *GetBucketTaggingInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -11314,6 +12482,9 @@ func (s *GetBucketVersioningInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -11391,6 +12562,9 @@ func (s *GetBucketWebsiteInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -11492,6 +12666,9 @@ func (s *GetObjectAclInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -11643,7 +12820,7 @@ type GetObjectInput struct {
         // does not store the encryption key. The key must be appropriate for use with
         // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
         // header.
-        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string"`
+        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
         // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
         // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -11670,6 +12847,9 @@ func (s *GetObjectInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -11811,6 +12991,186 @@ func (s *GetObjectInput) SetVersionId(v string) *GetObjectInput {
         return s
 }
 
+type GetObjectLegalHoldInput struct {
+        _ struct{} `type:"structure"`
+
+        // The bucket containing the object whose Legal Hold status you want to retrieve.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+        // The key name for the object whose Legal Hold status you want to retrieve.
+        //
+        // Key is a required field
+        Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+        // Confirms that the requester knows that she or he will be charged for the
+        // request. Bucket owners need not specify this parameter in their requests.
+        // Documentation on downloading objects from requester pays buckets can be found
+        // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+        RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+        // The version ID of the object whose Legal Hold status you want to retrieve.
+        VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation
+func (s GetObjectLegalHoldInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetObjectLegalHoldInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectLegalHoldInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "GetObjectLegalHoldInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+        if s.Key == nil {
+                invalidParams.Add(request.NewErrParamRequired("Key"))
+        }
+        if s.Key != nil && len(*s.Key) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectLegalHoldInput) SetBucket(v string) *GetObjectLegalHoldInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *GetObjectLegalHoldInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+// SetKey sets the Key field's value.
+func (s *GetObjectLegalHoldInput) SetKey(v string) *GetObjectLegalHoldInput {
+        s.Key = &v
+        return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetObjectLegalHoldInput) SetRequestPayer(v string) *GetObjectLegalHoldInput {
+        s.RequestPayer = &v
+        return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectLegalHoldInput) SetVersionId(v string) *GetObjectLegalHoldInput {
+        s.VersionId = &v
+        return s
+}
+
+type GetObjectLegalHoldOutput struct {
+        _ struct{} `type:"structure" payload:"LegalHold"`
+
+        // The current Legal Hold status for the specified object.
+        LegalHold *ObjectLockLegalHold `type:"structure"`
+}
+
+// String returns the string representation
+func (s GetObjectLegalHoldOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetObjectLegalHoldOutput) GoString() string {
+        return s.String()
+}
+
+// SetLegalHold sets the LegalHold field's value.
+func (s *GetObjectLegalHoldOutput) SetLegalHold(v *ObjectLockLegalHold) *GetObjectLegalHoldOutput {
+        s.LegalHold = v
+        return s
+}
+
+type GetObjectLockConfigurationInput struct {
+        _ struct{} `type:"structure"`
+
+        // The bucket whose Object Lock configuration you want to retrieve.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s GetObjectLockConfigurationInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetObjectLockConfigurationInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectLockConfigurationInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "GetObjectLockConfigurationInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectLockConfigurationInput) SetBucket(v string) *GetObjectLockConfigurationInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *GetObjectLockConfigurationInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+type GetObjectLockConfigurationOutput struct {
+        _ struct{} `type:"structure" payload:"ObjectLockConfiguration"`
+
+        // The specified bucket's Object Lock configuration.
+        ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"`
+}
+
+// String returns the string representation
+func (s GetObjectLockConfigurationOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetObjectLockConfigurationOutput) GoString() string {
+        return s.String()
+}
+
+// SetObjectLockConfiguration sets the ObjectLockConfiguration field's value.
+func (s *GetObjectLockConfigurationOutput) SetObjectLockConfiguration(v *ObjectLockConfiguration) *GetObjectLockConfigurationOutput {
+        s.ObjectLockConfiguration = v
+        return s
+}
+
 type GetObjectOutput struct {
         _ struct{} `type:"structure" payload:"Body"`
 
@@ -11871,6 +13231,16 @@ type GetObjectOutput struct {
         // you can create metadata whose values are not legal HTTP headers.
         MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"`
 
+        // Indicates whether this object has an active legal hold. This field is only
+        // returned if you have permission to view an object's legal hold status.
+        ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+        // The Object Lock mode currently in place for this object.
+        ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+        // The date and time when this object's Object Lock will expire.
+        ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
         // The count of parts this object has.
         PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"`
 
@@ -11896,7 +13266,7 @@ type GetObjectOutput struct {
 
         // If present, specifies the ID of the AWS Key Management Service (KMS) master
         // encryption key that was used for the object.
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -12022,6 +13392,24 @@ func (s *GetObjectOutput) SetMissingMeta(v int64) *GetObjectOutput {
         return s
 }
 
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *GetObjectOutput) SetObjectLockLegalHoldStatus(v string) *GetObjectOutput {
+        s.ObjectLockLegalHoldStatus = &v
+        return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *GetObjectOutput) SetObjectLockMode(v string) *GetObjectOutput {
+        s.ObjectLockMode = &v
+        return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *GetObjectOutput) SetObjectLockRetainUntilDate(v time.Time) *GetObjectOutput {
+        s.ObjectLockRetainUntilDate = &v
+        return s
+}
+
 // SetPartsCount sets the PartsCount field's value.
 func (s *GetObjectOutput) SetPartsCount(v int64) *GetObjectOutput {
         s.PartsCount = &v
@@ -12094,6 +13482,115 @@ func (s *GetObjectOutput) SetWebsiteRedirectLocation(v string) *GetObjectOutput
         return s
 }
 
+type GetObjectRetentionInput struct {
+        _ struct{} `type:"structure"`
+
+        // The bucket containing the object whose retention settings you want to retrieve.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+        // The key name for the object whose retention settings you want to retrieve.
+        //
+        // Key is a required field
+        Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+        // Confirms that the requester knows that she or he will be charged for the
+        // request. Bucket owners need not specify this parameter in their requests.
+        // Documentation on downloading objects from requester pays buckets can be found
+        // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+        RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+        // The version ID for the object whose retention settings you want to retrieve.
+        VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation
+func (s GetObjectRetentionInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetObjectRetentionInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectRetentionInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "GetObjectRetentionInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+        if s.Key == nil {
+                invalidParams.Add(request.NewErrParamRequired("Key"))
+        }
+        if s.Key != nil && len(*s.Key) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectRetentionInput) SetBucket(v string) *GetObjectRetentionInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *GetObjectRetentionInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+// SetKey sets the Key field's value.
+func (s *GetObjectRetentionInput) SetKey(v string) *GetObjectRetentionInput {
+        s.Key = &v
+        return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetObjectRetentionInput) SetRequestPayer(v string) *GetObjectRetentionInput {
+        s.RequestPayer = &v
+        return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectRetentionInput) SetVersionId(v string) *GetObjectRetentionInput {
+        s.VersionId = &v
+        return s
+}
+
+type GetObjectRetentionOutput struct {
+        _ struct{} `type:"structure" payload:"Retention"`
+
+        // The container element for an object's retention settings.
+        Retention *ObjectLockRetention `type:"structure"`
+}
+
+// String returns the string representation
+func (s GetObjectRetentionOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetObjectRetentionOutput) GoString() string {
+        return s.String()
+}
+
+// SetRetention sets the Retention field's value.
+func (s *GetObjectRetentionOutput) SetRetention(v *ObjectLockRetention) *GetObjectRetentionOutput {
+        s.Retention = v
+        return s
+}
+
 type GetObjectTaggingInput struct {
         _ struct{} `type:"structure"`
 
@@ -12122,6 +13619,9 @@ func (s *GetObjectTaggingInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -12223,6 +13723,9 @@ func (s *GetObjectTorrentInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -12293,6 +13796,79 @@ func (s *GetObjectTorrentOutput) SetRequestCharged(v string) *GetObjectTorrentOu
         return s
 }
 
+type GetPublicAccessBlockInput struct {
+        _ struct{} `type:"structure"`
+
+        // The name of the Amazon S3 bucket whose PublicAccessBlock configuration you
+        // want to retrieve.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s GetPublicAccessBlockInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetPublicAccessBlockInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetPublicAccessBlockInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "GetPublicAccessBlockInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetPublicAccessBlockInput) SetBucket(v string) *GetPublicAccessBlockInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *GetPublicAccessBlockInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+type GetPublicAccessBlockOutput struct {
+        _ struct{} `type:"structure" payload:"PublicAccessBlockConfiguration"`
+
+        // The PublicAccessBlock configuration currently in effect for this Amazon S3
+        // bucket.
+        PublicAccessBlockConfiguration *PublicAccessBlockConfiguration `type:"structure"`
+}
+
+// String returns the string representation
+func (s GetPublicAccessBlockOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s GetPublicAccessBlockOutput) GoString() string {
+        return s.String()
+}
+
+// SetPublicAccessBlockConfiguration sets the PublicAccessBlockConfiguration field's value.
+func (s *GetPublicAccessBlockOutput) SetPublicAccessBlockConfiguration(v *PublicAccessBlockConfiguration) *GetPublicAccessBlockOutput {
+        s.PublicAccessBlockConfiguration = v
+        return s
+}
+
 type GlacierJobParameters struct {
         _ struct{} `type:"structure"`
 
@@ -12474,6 +14050,9 @@ func (s *HeadBucketInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -12557,7 +14136,7 @@ type HeadObjectInput struct {
         // does not store the encryption key. The key must be appropriate for use with
         // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
         // header.
-        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string"`
+        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
         // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
         // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -12584,6 +14163,9 @@ func (s *HeadObjectInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -12743,6 +14325,15 @@ type HeadObjectOutput struct {
         // you can create metadata whose values are not legal HTTP headers.
         MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"`
 
+        // The Legal Hold status for the specified object.
+        ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+        // The Object Lock mode currently in place for this object.
+        ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+        // The date and time when this object's Object Lock will expire.
+        ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
         // The count of parts this object has.
         PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"`
 
@@ -12768,7 +14359,7 @@ type HeadObjectOutput struct {
 
         // If present, specifies the ID of the AWS Key Management Service (KMS) master
         // encryption key that was used for the object.
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -12879,6 +14470,24 @@ func (s *HeadObjectOutput) SetMissingMeta(v int64) *HeadObjectOutput {
         return s
 }
 
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *HeadObjectOutput) SetObjectLockLegalHoldStatus(v string) *HeadObjectOutput {
+        s.ObjectLockLegalHoldStatus = &v
+        return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *HeadObjectOutput) SetObjectLockMode(v string) *HeadObjectOutput {
+        s.ObjectLockMode = &v
+        return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *HeadObjectOutput) SetObjectLockRetainUntilDate(v time.Time) *HeadObjectOutput {
+        s.ObjectLockRetainUntilDate = &v
+        return s
+}
+
 // SetPartsCount sets the PartsCount field's value.
 func (s *HeadObjectOutput) SetPartsCount(v int64) *HeadObjectOutput {
         s.PartsCount = &v
@@ -13032,6 +14641,9 @@ type InputSerialization struct {
 
         // Specifies JSON as object's input serialization format.
         JSON *JSONInput `type:"structure"`
+
+        // Specifies Parquet as object's input serialization format.
+        Parquet *ParquetInput `type:"structure"`
 }
 
 // String returns the string representation
@@ -13062,6 +14674,12 @@ func (s *InputSerialization) SetJSON(v *JSONInput) *InputSerialization {
         return s
 }
 
+// SetParquet sets the Parquet field's value.
+func (s *InputSerialization) SetParquet(v *ParquetInput) *InputSerialization {
+        s.Parquet = v
+        return s
+}
+
 type InventoryConfiguration struct {
         _ struct{} `type:"structure"`
 
@@ -13239,10 +14857,10 @@ func (s *InventoryDestination) SetS3BucketDestination(v *InventoryS3BucketDestin
 type InventoryEncryption struct {
         _ struct{} `type:"structure"`
 
-        // Specifies the use of SSE-KMS to encrypt delievered Inventory reports.
+        // Specifies the use of SSE-KMS to encrypt delivered Inventory reports.
         SSEKMS *SSEKMS `locationName:"SSE-KMS" type:"structure"`
 
-        // Specifies the use of SSE-S3 to encrypt delievered Inventory reports.
+        // Specifies the use of SSE-S3 to encrypt delivered Inventory reports.
         SSES3 *SSES3 `locationName:"SSE-S3" type:"structure"`
 }
 
@@ -13498,12 +15116,12 @@ func (s *JSONOutput) SetRecordDelimiter(v string) *JSONOutput {
         return s
 }
 
-// Container for object key name prefix and suffix filtering rules.
+// A container for object key name prefix and suffix filtering rules.
 type KeyFilter struct {
         _ struct{} `type:"structure"`
 
-        // A list of containers for key value pair that defines the criteria for the
-        // filter rule.
+        // A list of containers for the key value pair that defines the criteria for
+        // the filter rule.
         FilterRules []*FilterRule `locationName:"FilterRule" type:"list" flattened:"true"`
 }
 
@@ -13523,24 +15141,24 @@ func (s *KeyFilter) SetFilterRules(v []*FilterRule) *KeyFilter {
         return s
 }
 
-// Container for specifying the AWS Lambda notification configuration.
+// A container for specifying the configuration for AWS Lambda notifications.
 type LambdaFunctionConfiguration struct {
         _ struct{} `type:"structure"`
 
         // Events is a required field
         Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"`
 
-        // Container for object key name filtering rules. For information about key
-        // name filtering, go to Configuring Event Notifications (http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+        // A container for object key name filtering rules. For information about key
+        // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
         // in the Amazon Simple Storage Service Developer Guide.
         Filter *NotificationConfigurationFilter `type:"structure"`
 
-        // Optional unique identifier for configurations in a notification configuration.
+        // An optional unique identifier for configurations in a notification configuration.
         // If you don't provide one, Amazon S3 will assign an ID.
         Id *string `type:"string"`
 
-        // Lambda cloud function ARN that Amazon S3 can invoke when it detects events
-        // of the specified type.
+        // The Amazon Resource Name (ARN) of the Lambda cloud function that Amazon S3
+        // can invoke when it detects events of the specified type.
         //
         // LambdaFunctionArn is a required field
         LambdaFunctionArn *string `locationName:"CloudFunction" type:"string" required:"true"`
@@ -13714,7 +15332,9 @@ type LifecycleRule struct {
         NoncurrentVersionTransitions []*NoncurrentVersionTransition `locationName:"NoncurrentVersionTransition" type:"list" flattened:"true"`
 
         // Prefix identifying one or more objects to which the rule applies. This is
-        // deprecated; use Filter instead.
+        // No longer used; use Filter instead.
+        //
+        // Deprecated: Prefix has been deprecated
         Prefix *string `deprecated:"true" type:"string"`
 
         // If 'Enabled', the rule is currently being applied. If 'Disabled', the rule
@@ -13957,6 +15577,9 @@ func (s *ListBucketAnalyticsConfigurationsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -14068,6 +15691,9 @@ func (s *ListBucketInventoryConfigurationsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -14179,6 +15805,9 @@ func (s *ListBucketMetricsConfigurationsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -14357,6 +15986,9 @@ func (s *ListMultipartUploadsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -14593,6 +16225,9 @@ func (s *ListObjectVersionsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -14825,6 +16460,9 @@ func (s *ListObjectsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -15042,6 +16680,9 @@ func (s *ListObjectsV2Input) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -15287,6 +16928,9 @@ func (s *ListPartsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -15980,8 +17624,8 @@ type NoncurrentVersionExpiration struct {
         // Specifies the number of days an object is noncurrent before Amazon S3 can
         // perform the associated action. For information about the noncurrent days
         // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent
-        // (http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) in
-        // the Amazon Simple Storage Service Developer Guide.
+        // (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+        // in the Amazon Simple Storage Service Developer Guide.
         NoncurrentDays *int64 `type:"integer"`
 }
 
@@ -16002,19 +17646,20 @@ func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVers
 }
 
 // Container for the transition rule that describes when noncurrent objects
-// transition to the STANDARD_IA, ONEZONE_IA or GLACIER storage class. If your
-// bucket is versioning-enabled (or versioning is suspended), you can set this
-// action to request that Amazon S3 transition noncurrent object versions to
-// the STANDARD_IA, ONEZONE_IA or GLACIER storage class at a specific period
-// in the object's lifetime.
+// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER or
+// DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning
+// is suspended), you can set this action to request that Amazon S3 transition
+// noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
+// GLACIER or DEEP_ARCHIVE storage class at a specific period in the object's
+// lifetime.
 type NoncurrentVersionTransition struct {
         _ struct{} `type:"structure"`
 
         // Specifies the number of days an object is noncurrent before Amazon S3 can
         // perform the associated action. For information about the noncurrent days
         // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent
-        // (http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) in
-        // the Amazon Simple Storage Service Developer Guide.
+        // (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+        // in the Amazon Simple Storage Service Developer Guide.
         NoncurrentDays *int64 `type:"integer"`
 
         // The class of storage used to store the object.
@@ -16043,8 +17688,8 @@ func (s *NoncurrentVersionTransition) SetStorageClass(v string) *NoncurrentVersi
         return s
 }
 
-// Container for specifying the notification configuration of the bucket. If
-// this element is empty, notifications are turned off on the bucket.
+// A container for specifying the notification configuration of the bucket.
+// If this element is empty, notifications are turned off for the bucket.
 type NotificationConfiguration struct {
         _ struct{} `type:"structure"`
 
@@ -16161,13 +17806,13 @@ func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConf
         return s
 }
 
-// Container for object key name filtering rules. For information about key
-// name filtering, go to Configuring Event Notifications (http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// A container for object key name filtering rules. For information about key
+// name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
 // in the Amazon Simple Storage Service Developer Guide.
 type NotificationConfigurationFilter struct {
         _ struct{} `type:"structure"`
 
-        // Container for object key name prefix and suffix filtering rules.
+        // A container for object key name prefix and suffix filtering rules.
         Key *KeyFilter `locationName:"S3Key" type:"structure"`
 }
 
@@ -16300,6 +17945,121 @@ func (s *ObjectIdentifier) SetVersionId(v string) *ObjectIdentifier {
         return s
 }
 
+// The container element for Object Lock configuration parameters.
+type ObjectLockConfiguration struct {
+        _ struct{} `type:"structure"`
+
+        // Indicates whether this bucket has an Object Lock configuration enabled.
+        ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"`
+
+        // The Object Lock rule in place for the specified object.
+        Rule *ObjectLockRule `type:"structure"`
+}
+
+// String returns the string representation
+func (s ObjectLockConfiguration) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ObjectLockConfiguration) GoString() string {
+        return s.String()
+}
+
+// SetObjectLockEnabled sets the ObjectLockEnabled field's value.
+func (s *ObjectLockConfiguration) SetObjectLockEnabled(v string) *ObjectLockConfiguration {
+        s.ObjectLockEnabled = &v
+        return s
+}
+
+// SetRule sets the Rule field's value.
+func (s *ObjectLockConfiguration) SetRule(v *ObjectLockRule) *ObjectLockConfiguration {
+        s.Rule = v
+        return s
+}
+
+// A Legal Hold configuration for an object.
+type ObjectLockLegalHold struct {
+        _ struct{} `type:"structure"`
+
+        // Indicates whether the specified object has a Legal Hold in place.
+        Status *string `type:"string" enum:"ObjectLockLegalHoldStatus"`
+}
+
+// String returns the string representation
+func (s ObjectLockLegalHold) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ObjectLockLegalHold) GoString() string {
+        return s.String()
+}
+
+// SetStatus sets the Status field's value.
+func (s *ObjectLockLegalHold) SetStatus(v string) *ObjectLockLegalHold {
+        s.Status = &v
+        return s
+}
+
+// A Retention configuration for an object.
+type ObjectLockRetention struct {
+        _ struct{} `type:"structure"`
+
+        // Indicates the Retention mode for the specified object.
+        Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
+
+        // The date on which this Object Lock Retention will expire.
+        RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`
+}
+
+// String returns the string representation
+func (s ObjectLockRetention) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ObjectLockRetention) GoString() string {
+        return s.String()
+}
+
+// SetMode sets the Mode field's value.
+func (s *ObjectLockRetention) SetMode(v string) *ObjectLockRetention {
+        s.Mode = &v
+        return s
+}
+
+// SetRetainUntilDate sets the RetainUntilDate field's value.
+func (s *ObjectLockRetention) SetRetainUntilDate(v time.Time) *ObjectLockRetention {
+        s.RetainUntilDate = &v
+        return s
+}
+
+// The container element for an Object Lock rule.
+type ObjectLockRule struct {
+        _ struct{} `type:"structure"`
+
+        // The default retention period that you want to apply to new objects placed
+        // in the specified bucket.
+        DefaultRetention *DefaultRetention `type:"structure"`
+}
+
+// String returns the string representation
+func (s ObjectLockRule) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ObjectLockRule) GoString() string {
+        return s.String()
+}
+
+// SetDefaultRetention sets the DefaultRetention field's value.
+func (s *ObjectLockRule) SetDefaultRetention(v *DefaultRetention) *ObjectLockRule {
+        s.DefaultRetention = v
+        return s
+}
+
 type ObjectVersion struct {
         _ struct{} `type:"structure"`
 
@@ -16487,6 +18247,20 @@ func (s *Owner) SetID(v string) *Owner {
         return s
 }
 
+type ParquetInput struct {
+        _ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s ParquetInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ParquetInput) GoString() string {
+        return s.String()
+}
+
 type Part struct {
         _ struct{} `type:"structure"`
 
@@ -16500,7 +18274,7 @@ type Part struct {
         // 10,000.
         PartNumber *int64 `type:"integer"`
 
-        // Size of the uploaded part data.
+        // Size in bytes of the uploaded part data.
         Size *int64 `type:"integer"`
 }
 
@@ -16538,16 +18312,41 @@ func (s *Part) SetSize(v int64) *Part {
         return s
 }
 
+// The container element for a bucket's policy status.
+type PolicyStatus struct {
+        _ struct{} `type:"structure"`
+
+        // The policy status for this bucket. TRUE indicates that this bucket is public.
+        // FALSE indicates that the bucket is not public.
+        IsPublic *bool `locationName:"IsPublic" type:"boolean"`
+}
+
+// String returns the string representation
+func (s PolicyStatus) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PolicyStatus) GoString() string {
+        return s.String()
+}
+
+// SetIsPublic sets the IsPublic field's value.
+func (s *PolicyStatus) SetIsPublic(v bool) *PolicyStatus {
+        s.IsPublic = &v
+        return s
+}
+
 type Progress struct {
         _ struct{} `type:"structure"`
 
-        // Current number of uncompressed object bytes processed.
+        // The current number of uncompressed object bytes processed.
         BytesProcessed *int64 `type:"long"`
 
-        // Current number of bytes of records payload data returned.
+        // The current number of bytes of records payload data returned.
         BytesReturned *int64 `type:"long"`
 
-        // Current number of object bytes scanned.
+        // The current number of object bytes scanned.
         BytesScanned *int64 `type:"long"`
 }
 
@@ -16619,6 +18418,81 @@ func (s *ProgressEvent) UnmarshalEvent(
         return nil
 }
 
+type PublicAccessBlockConfiguration struct {
+        _ struct{} `type:"structure"`
+
+        // Specifies whether Amazon S3 should block public access control lists (ACLs)
+        // for this bucket and objects in this bucket. Setting this element to TRUE
+        // causes the following behavior:
+        //
+        //    * PUT Bucket acl and PUT Object acl calls fail if the specified ACL is
+        //    public.
+        //
+        //    * PUT Object calls fail if the request includes a public ACL.
+        //
+        // Enabling this setting doesn't affect existing policies or ACLs.
+        BlockPublicAcls *bool `locationName:"BlockPublicAcls" type:"boolean"`
+
+        // Specifies whether Amazon S3 should block public bucket policies for this
+        // bucket. Setting this element to TRUE causes Amazon S3 to reject calls to
+        // PUT Bucket policy if the specified bucket policy allows public access.
+        //
+        // Enabling this setting doesn't affect existing bucket policies.
+        BlockPublicPolicy *bool `locationName:"BlockPublicPolicy" type:"boolean"`
+
+        // Specifies whether Amazon S3 should ignore public ACLs for this bucket and
+        // objects in this bucket. Setting this element to TRUE causes Amazon S3 to
+        // ignore all public ACLs on this bucket and objects in this bucket.
+        //
+        // Enabling this setting doesn't affect the persistence of any existing ACLs
+        // and doesn't prevent new public ACLs from being set.
+        IgnorePublicAcls *bool `locationName:"IgnorePublicAcls" type:"boolean"`
+
+        // Specifies whether Amazon S3 should restrict public bucket policies for this
+        // bucket. Setting this element to TRUE restricts access to this bucket to only
+        // AWS services and authorized users within this account if the bucket has a
+        // public policy.
+        //
+        // Enabling this setting doesn't affect previously stored bucket policies, except
+        // that public and cross-account access within any public bucket policy, including
+        // non-public delegation to specific accounts, is blocked.
+        RestrictPublicBuckets *bool `locationName:"RestrictPublicBuckets" type:"boolean"`
+}
+
+// String returns the string representation
+func (s PublicAccessBlockConfiguration) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PublicAccessBlockConfiguration) GoString() string {
+        return s.String()
+}
+
+// SetBlockPublicAcls sets the BlockPublicAcls field's value.
+func (s *PublicAccessBlockConfiguration) SetBlockPublicAcls(v bool) *PublicAccessBlockConfiguration {
+        s.BlockPublicAcls = &v
+        return s
+}
+
+// SetBlockPublicPolicy sets the BlockPublicPolicy field's value.
+func (s *PublicAccessBlockConfiguration) SetBlockPublicPolicy(v bool) *PublicAccessBlockConfiguration {
+        s.BlockPublicPolicy = &v
+        return s
+}
+
+// SetIgnorePublicAcls sets the IgnorePublicAcls field's value.
+func (s *PublicAccessBlockConfiguration) SetIgnorePublicAcls(v bool) *PublicAccessBlockConfiguration {
+        s.IgnorePublicAcls = &v
+        return s
+}
+
+// SetRestrictPublicBuckets sets the RestrictPublicBuckets field's value.
+func (s *PublicAccessBlockConfiguration) SetRestrictPublicBuckets(v bool) *PublicAccessBlockConfiguration {
+        s.RestrictPublicBuckets = &v
+        return s
+}
+
 type PutBucketAccelerateConfigurationInput struct {
         _ struct{} `type:"structure" payload:"AccelerateConfiguration"`
 
@@ -16652,6 +18526,9 @@ func (s *PutBucketAccelerateConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
 
         if invalidParams.Len() > 0 {
                 return invalidParams
@@ -16736,6 +18613,9 @@ func (s *PutBucketAclInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.AccessControlPolicy != nil {
                 if err := s.AccessControlPolicy.Validate(); err != nil {
                         invalidParams.AddNested("AccessControlPolicy", err.(request.ErrInvalidParams))
@@ -16855,6 +18735,9 @@ func (s *PutBucketAnalyticsConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Id == nil {
                 invalidParams.Add(request.NewErrParamRequired("Id"))
         }
@@ -16935,6 +18818,9 @@ func (s *PutBucketCorsInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.CORSConfiguration == nil {
                 invalidParams.Add(request.NewErrParamRequired("CORSConfiguration"))
         }
@@ -17015,6 +18901,9 @@ func (s *PutBucketEncryptionInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.ServerSideEncryptionConfiguration == nil {
                 invalidParams.Add(request.NewErrParamRequired("ServerSideEncryptionConfiguration"))
         }
@@ -17098,6 +18987,9 @@ func (s *PutBucketInventoryConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Id == nil {
                 invalidParams.Add(request.NewErrParamRequired("Id"))
         }
@@ -17180,6 +19072,9 @@ func (s *PutBucketLifecycleConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.LifecycleConfiguration != nil {
                 if err := s.LifecycleConfiguration.Validate(); err != nil {
                         invalidParams.AddNested("LifecycleConfiguration", err.(request.ErrInvalidParams))
@@ -17250,6 +19145,9 @@ func (s *PutBucketLifecycleInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.LifecycleConfiguration != nil {
                 if err := s.LifecycleConfiguration.Validate(); err != nil {
                         invalidParams.AddNested("LifecycleConfiguration", err.(request.ErrInvalidParams))
@@ -17321,6 +19219,9 @@ func (s *PutBucketLoggingInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.BucketLoggingStatus == nil {
                 invalidParams.Add(request.NewErrParamRequired("BucketLoggingStatus"))
         }
@@ -17404,6 +19305,9 @@ func (s *PutBucketMetricsConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Id == nil {
                 invalidParams.Add(request.NewErrParamRequired("Id"))
         }
@@ -17467,8 +19371,8 @@ type PutBucketNotificationConfigurationInput struct {
         // Bucket is a required field
         Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
 
-        // Container for specifying the notification configuration of the bucket. If
-        // this element is empty, notifications are turned off on the bucket.
+        // A container for specifying the notification configuration of the bucket.
+        // If this element is empty, notifications are turned off for the bucket.
         //
         // NotificationConfiguration is a required field
         NotificationConfiguration *NotificationConfiguration `locationName:"NotificationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
@@ -17490,6 +19394,9 @@ func (s *PutBucketNotificationConfigurationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.NotificationConfiguration == nil {
                 invalidParams.Add(request.NewErrParamRequired("NotificationConfiguration"))
         }
@@ -17564,6 +19471,9 @@ func (s *PutBucketNotificationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.NotificationConfiguration == nil {
                 invalidParams.Add(request.NewErrParamRequired("NotificationConfiguration"))
         }
@@ -17639,6 +19549,9 @@ func (s *PutBucketPolicyInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Policy == nil {
                 invalidParams.Add(request.NewErrParamRequired("Policy"))
         }
@@ -17694,8 +19607,8 @@ type PutBucketReplicationInput struct {
         // Bucket is a required field
         Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
 
-        // Container for replication rules. You can add as many as 1,000 rules. Total
-        // replication configuration size can be up to 2 MB.
+        // A container for replication rules. You can add up to 1,000 rules. The maximum
+        // size of a replication configuration is 2 MB.
         //
         // ReplicationConfiguration is a required field
         ReplicationConfiguration *ReplicationConfiguration `locationName:"ReplicationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
@@ -17717,6 +19630,9 @@ func (s *PutBucketReplicationInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.ReplicationConfiguration == nil {
                 invalidParams.Add(request.NewErrParamRequired("ReplicationConfiguration"))
         }
@@ -17791,6 +19707,9 @@ func (s *PutBucketRequestPaymentInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.RequestPaymentConfiguration == nil {
                 invalidParams.Add(request.NewErrParamRequired("RequestPaymentConfiguration"))
         }
@@ -17865,6 +19784,9 @@ func (s *PutBucketTaggingInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Tagging == nil {
                 invalidParams.Add(request.NewErrParamRequired("Tagging"))
         }
@@ -17943,6 +19865,9 @@ func (s *PutBucketVersioningInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.VersioningConfiguration == nil {
                 invalidParams.Add(request.NewErrParamRequired("VersioningConfiguration"))
         }
@@ -18018,6 +19943,9 @@ func (s *PutBucketWebsiteInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.WebsiteConfiguration == nil {
                 invalidParams.Add(request.NewErrParamRequired("WebsiteConfiguration"))
         }
@@ -18122,6 +20050,9 @@ func (s *PutObjectAclInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -18269,7 +20200,8 @@ type PutObjectInput struct {
         // body cannot be determined automatically.
         ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
 
-        // The base64-encoded 128-bit MD5 digest of the part data.
+        // The base64-encoded 128-bit MD5 digest of the part data. This parameter is
+        // auto-populated when using the command from the CLI
         ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
 
         // A standard MIME type describing the format of the object data.
@@ -18298,6 +20230,15 @@ type PutObjectInput struct {
         // A map of metadata to store with the object in S3.
         Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
 
+        // The Legal Hold status that you want to apply to the specified object.
+        ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+        // The Object Lock mode that you want to apply to this object.
+        ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+        // The date and time when you want this object's Object Lock to expire.
+        ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
         // Confirms that the requester knows that she or he will be charged for the
         // request. Bucket owners need not specify this parameter in their requests.
         // Documentation on downloading objects from requester pays buckets can be found
@@ -18312,7 +20253,7 @@ type PutObjectInput struct {
         // does not store the encryption key. The key must be appropriate for use with
         // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
         // header.
-        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string"`
+        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
         // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
         // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -18323,7 +20264,7 @@ type PutObjectInput struct {
         // requests for an object protected by AWS KMS will fail if not made via SSL
         // or using SigV4. Documentation on configuring any of the officially supported
         // AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -18332,7 +20273,8 @@ type PutObjectInput struct {
         // The type of storage to use for the object. Defaults to 'STANDARD'.
         StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
 
-        // The tag-set for the object. The tag-set must be encoded as URL Query parameters
+        // The tag-set for the object. The tag-set must be encoded as URL Query parameters.
+        // (For example, "Key1=Value1")
         Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
 
         // If the bucket is configured as a website, redirects requests for this object
@@ -18357,6 +20299,9 @@ func (s *PutObjectInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -18479,6 +20424,24 @@ func (s *PutObjectInput) SetMetadata(v map[string]*string) *PutObjectInput {
         return s
 }
 
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *PutObjectInput) SetObjectLockLegalHoldStatus(v string) *PutObjectInput {
+        s.ObjectLockLegalHoldStatus = &v
+        return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *PutObjectInput) SetObjectLockMode(v string) *PutObjectInput {
+        s.ObjectLockMode = &v
+        return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *PutObjectInput) SetObjectLockRetainUntilDate(v time.Time) *PutObjectInput {
+        s.ObjectLockRetainUntilDate = &v
+        return s
+}
+
 // SetRequestPayer sets the RequestPayer field's value.
 func (s *PutObjectInput) SetRequestPayer(v string) *PutObjectInput {
         s.RequestPayer = &v
@@ -18540,6 +20503,228 @@ func (s *PutObjectInput) SetWebsiteRedirectLocation(v string) *PutObjectInput {
         return s
 }
 
+type PutObjectLegalHoldInput struct {
+        _ struct{} `type:"structure" payload:"LegalHold"`
+
+        // The bucket containing the object that you want to place a Legal Hold on.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+        // The key name for the object that you want to place a Legal Hold on.
+        //
+        // Key is a required field
+        Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+        // Container element for the Legal Hold configuration you want to apply to the
+        // specified object.
+        LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+        // Confirms that the requester knows that she or he will be charged for the
+        // request. Bucket owners need not specify this parameter in their requests.
+        // Documentation on downloading objects from requester pays buckets can be found
+        // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+        RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+        // The version ID of the object that you want to place a Legal Hold on.
+        VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation
+func (s PutObjectLegalHoldInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutObjectLegalHoldInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutObjectLegalHoldInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "PutObjectLegalHoldInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+        if s.Key == nil {
+                invalidParams.Add(request.NewErrParamRequired("Key"))
+        }
+        if s.Key != nil && len(*s.Key) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutObjectLegalHoldInput) SetBucket(v string) *PutObjectLegalHoldInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *PutObjectLegalHoldInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+// SetKey sets the Key field's value.
+func (s *PutObjectLegalHoldInput) SetKey(v string) *PutObjectLegalHoldInput {
+        s.Key = &v
+        return s
+}
+
+// SetLegalHold sets the LegalHold field's value.
+func (s *PutObjectLegalHoldInput) SetLegalHold(v *ObjectLockLegalHold) *PutObjectLegalHoldInput {
+        s.LegalHold = v
+        return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *PutObjectLegalHoldInput) SetRequestPayer(v string) *PutObjectLegalHoldInput {
+        s.RequestPayer = &v
+        return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *PutObjectLegalHoldInput) SetVersionId(v string) *PutObjectLegalHoldInput {
+        s.VersionId = &v
+        return s
+}
+
+type PutObjectLegalHoldOutput struct {
+        _ struct{} `type:"structure"`
+
+        // If present, indicates that the requester was successfully charged for the
+        // request.
+        RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation
+func (s PutObjectLegalHoldOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutObjectLegalHoldOutput) GoString() string {
+        return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *PutObjectLegalHoldOutput) SetRequestCharged(v string) *PutObjectLegalHoldOutput {
+        s.RequestCharged = &v
+        return s
+}
+
+type PutObjectLockConfigurationInput struct {
+        _ struct{} `type:"structure" payload:"ObjectLockConfiguration"`
+
+        // The bucket whose Object Lock configuration you want to create or replace.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+        // The Object Lock configuration that you want to apply to the specified bucket.
+        ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+        // Confirms that the requester knows that she or he will be charged for the
+        // request. Bucket owners need not specify this parameter in their requests.
+        // Documentation on downloading objects from requester pays buckets can be found
+        // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+        RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+        // A token to allow Object Lock to be enabled for an existing bucket.
+        Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"`
+}
+
+// String returns the string representation
+func (s PutObjectLockConfigurationInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutObjectLockConfigurationInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutObjectLockConfigurationInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "PutObjectLockConfigurationInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutObjectLockConfigurationInput) SetBucket(v string) *PutObjectLockConfigurationInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *PutObjectLockConfigurationInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+// SetObjectLockConfiguration sets the ObjectLockConfiguration field's value.
+func (s *PutObjectLockConfigurationInput) SetObjectLockConfiguration(v *ObjectLockConfiguration) *PutObjectLockConfigurationInput {
+        s.ObjectLockConfiguration = v
+        return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *PutObjectLockConfigurationInput) SetRequestPayer(v string) *PutObjectLockConfigurationInput {
+        s.RequestPayer = &v
+        return s
+}
+
+// SetToken sets the Token field's value.
+func (s *PutObjectLockConfigurationInput) SetToken(v string) *PutObjectLockConfigurationInput {
+        s.Token = &v
+        return s
+}
+
+type PutObjectLockConfigurationOutput struct {
+        _ struct{} `type:"structure"`
+
+        // If present, indicates that the requester was successfully charged for the
+        // request.
+        RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation
+func (s PutObjectLockConfigurationOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutObjectLockConfigurationOutput) GoString() string {
+        return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *PutObjectLockConfigurationOutput) SetRequestCharged(v string) *PutObjectLockConfigurationOutput {
+        s.RequestCharged = &v
+        return s
+}
+
 type PutObjectOutput struct {
         _ struct{} `type:"structure"`
 
@@ -18566,7 +20751,7 @@ type PutObjectOutput struct {
 
         // If present, specifies the ID of the AWS Key Management Service (KMS) master
         // encryption key that was used for the object.
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -18634,6 +20819,137 @@ func (s *PutObjectOutput) SetVersionId(v string) *PutObjectOutput {
         return s
 }
 
+type PutObjectRetentionInput struct {
+        _ struct{} `type:"structure" payload:"Retention"`
+
+        // The bucket that contains the object you want to apply this Object Retention
+        // configuration to.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+        // Indicates whether this operation should bypass Governance-mode restrictions.j
+        BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
+
+        // The key name for the object that you want to apply this Object Retention
+        // configuration to.
+        //
+        // Key is a required field
+        Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+        // Confirms that the requester knows that she or he will be charged for the
+        // request. Bucket owners need not specify this parameter in their requests.
+        // Documentation on downloading objects from requester pays buckets can be found
+        // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+        RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+        // The container element for the Object Retention configuration.
+        Retention *ObjectLockRetention `locationName:"Retention" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+        // The version ID for the object that you want to apply this Object Retention
+        // configuration to.
+        VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation
+func (s PutObjectRetentionInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutObjectRetentionInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutObjectRetentionInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "PutObjectRetentionInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+        if s.Key == nil {
+                invalidParams.Add(request.NewErrParamRequired("Key"))
+        }
+        if s.Key != nil && len(*s.Key) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutObjectRetentionInput) SetBucket(v string) *PutObjectRetentionInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *PutObjectRetentionInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+// SetBypassGovernanceRetention sets the BypassGovernanceRetention field's value.
+func (s *PutObjectRetentionInput) SetBypassGovernanceRetention(v bool) *PutObjectRetentionInput {
+        s.BypassGovernanceRetention = &v
+        return s
+}
+
+// SetKey sets the Key field's value.
+func (s *PutObjectRetentionInput) SetKey(v string) *PutObjectRetentionInput {
+        s.Key = &v
+        return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *PutObjectRetentionInput) SetRequestPayer(v string) *PutObjectRetentionInput {
+        s.RequestPayer = &v
+        return s
+}
+
+// SetRetention sets the Retention field's value.
+func (s *PutObjectRetentionInput) SetRetention(v *ObjectLockRetention) *PutObjectRetentionInput {
+        s.Retention = v
+        return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *PutObjectRetentionInput) SetVersionId(v string) *PutObjectRetentionInput {
+        s.VersionId = &v
+        return s
+}
+
+type PutObjectRetentionOutput struct {
+        _ struct{} `type:"structure"`
+
+        // If present, indicates that the requester was successfully charged for the
+        // request.
+        RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation
+func (s PutObjectRetentionOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutObjectRetentionOutput) GoString() string {
+        return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *PutObjectRetentionOutput) SetRequestCharged(v string) *PutObjectRetentionOutput {
+        s.RequestCharged = &v
+        return s
+}
+
 type PutObjectTaggingInput struct {
         _ struct{} `type:"structure" payload:"Tagging"`
 
@@ -18665,6 +20981,9 @@ func (s *PutObjectTaggingInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -18739,25 +21058,107 @@ func (s *PutObjectTaggingOutput) SetVersionId(v string) *PutObjectTaggingOutput
         return s
 }
 
-// Container for specifying an configuration when you want Amazon S3 to publish
-// events to an Amazon Simple Queue Service (Amazon SQS) queue.
+type PutPublicAccessBlockInput struct {
+        _ struct{} `type:"structure" payload:"PublicAccessBlockConfiguration"`
+
+        // The name of the Amazon S3 bucket whose PublicAccessBlock configuration you
+        // want to set.
+        //
+        // Bucket is a required field
+        Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+        // The PublicAccessBlock configuration that you want to apply to this Amazon
+        // S3 bucket. You can enable the configuration options in any combination. For
+        // more information about when Amazon S3 considers a bucket or object public,
+        // see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+        // in the Amazon Simple Storage Service Developer Guide.
+        //
+        // PublicAccessBlockConfiguration is a required field
+        PublicAccessBlockConfiguration *PublicAccessBlockConfiguration `locationName:"PublicAccessBlockConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation
+func (s PutPublicAccessBlockInput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutPublicAccessBlockInput) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutPublicAccessBlockInput) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "PutPublicAccessBlockInput"}
+        if s.Bucket == nil {
+                invalidParams.Add(request.NewErrParamRequired("Bucket"))
+        }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
+        if s.PublicAccessBlockConfiguration == nil {
+                invalidParams.Add(request.NewErrParamRequired("PublicAccessBlockConfiguration"))
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutPublicAccessBlockInput) SetBucket(v string) *PutPublicAccessBlockInput {
+        s.Bucket = &v
+        return s
+}
+
+func (s *PutPublicAccessBlockInput) getBucket() (v string) {
+        if s.Bucket == nil {
+                return v
+        }
+        return *s.Bucket
+}
+
+// SetPublicAccessBlockConfiguration sets the PublicAccessBlockConfiguration field's value.
+func (s *PutPublicAccessBlockInput) SetPublicAccessBlockConfiguration(v *PublicAccessBlockConfiguration) *PutPublicAccessBlockInput {
+        s.PublicAccessBlockConfiguration = v
+        return s
+}
+
+type PutPublicAccessBlockOutput struct {
+        _ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s PutPublicAccessBlockOutput) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s PutPublicAccessBlockOutput) GoString() string {
+        return s.String()
+}
+
+// A container for specifying the configuration for publication of messages
+// to an Amazon Simple Queue Service (Amazon SQS) queue.when Amazon S3 detects
+// specified events.
 type QueueConfiguration struct {
         _ struct{} `type:"structure"`
 
         // Events is a required field
         Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"`
 
-        // Container for object key name filtering rules. For information about key
-        // name filtering, go to Configuring Event Notifications (http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+        // A container for object key name filtering rules. For information about key
+        // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
         // in the Amazon Simple Storage Service Developer Guide.
         Filter *NotificationConfigurationFilter `type:"structure"`
 
-        // Optional unique identifier for configurations in a notification configuration.
+        // An optional unique identifier for configurations in a notification configuration.
         // If you don't provide one, Amazon S3 will assign an ID.
         Id *string `type:"string"`
 
-        // Amazon SQS queue ARN to which Amazon S3 will publish a message when it detects
-        // events of specified type.
+        // The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3
+        // will publish a message when it detects events of the specified type.
         //
         // QueueArn is a required field
         QueueArn *string `locationName:"Queue" type:"string" required:"true"`
@@ -18816,12 +21217,14 @@ func (s *QueueConfiguration) SetQueueArn(v string) *QueueConfiguration {
 type QueueConfigurationDeprecated struct {
         _ struct{} `type:"structure"`
 
-        // Bucket event for which to send notifications.
+        // The bucket event for which to send notifications.
+        //
+        // Deprecated: Event has been deprecated
         Event *string `deprecated:"true" type:"string" enum:"Event"`
 
         Events []*string `locationName:"Event" type:"list" flattened:"true"`
 
-        // Optional unique identifier for configurations in a notification configuration.
+        // An optional unique identifier for configurations in a notification configuration.
         // If you don't provide one, Amazon S3 will assign an ID.
         Id *string `type:"string"`
 
@@ -19017,19 +21420,19 @@ func (s *RedirectAllRequestsTo) SetProtocol(v string) *RedirectAllRequestsTo {
         return s
 }
 
-// Container for replication rules. You can add as many as 1,000 rules. Total
-// replication configuration size can be up to 2 MB.
+// A container for replication rules. You can add up to 1,000 rules. The maximum
+// size of a replication configuration is 2 MB.
 type ReplicationConfiguration struct {
         _ struct{} `type:"structure"`
 
-        // Amazon Resource Name (ARN) of an IAM role for Amazon S3 to assume when replicating
-        // the objects.
+        // The Amazon Resource Name (ARN) of the AWS Identity and Access Management
+        // (IAM) role that Amazon S3 can assume when replicating the objects.
         //
         // Role is a required field
         Role *string `type:"string" required:"true"`
 
-        // Container for information about a particular replication rule. Replication
-        // configuration must have at least one rule and can contain up to 1,000 rules.
+        // A container for one or more replication rules. A replication configuration
+        // must have at least one rule and can contain a maximum of 1,000 rules.
         //
         // Rules is a required field
         Rules []*ReplicationRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
@@ -19083,29 +21486,57 @@ func (s *ReplicationConfiguration) SetRules(v []*ReplicationRule) *ReplicationCo
         return s
 }
 
-// Container for information about a particular replication rule.
+// A container for information about a specific replication rule.
 type ReplicationRule struct {
         _ struct{} `type:"structure"`
 
-        // Container for replication destination information.
+        // Specifies whether Amazon S3 should replicate delete makers.
+        DeleteMarkerReplication *DeleteMarkerReplication `type:"structure"`
+
+        // A container for information about the replication destination.
         //
         // Destination is a required field
         Destination *Destination `type:"structure" required:"true"`
 
-        // Unique identifier for the rule. The value cannot be longer than 255 characters.
+        // A filter that identifies the subset of objects to which the replication rule
+        // applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
+        Filter *ReplicationRuleFilter `type:"structure"`
+
+        // A unique identifier for the rule. The maximum value is 255 characters.
         ID *string `type:"string"`
 
-        // Object keyname prefix identifying one or more objects to which the rule applies.
-        // Maximum prefix length can be up to 1,024 characters. Overlapping prefixes
-        // are not supported.
+        // An object keyname prefix that identifies the object or objects to which the
+        // rule applies. The maximum prefix length is 1,024 characters.
         //
-        // Prefix is a required field
-        Prefix *string `type:"string" required:"true"`
+        // Deprecated: Prefix has been deprecated
+        Prefix *string `deprecated:"true" type:"string"`
 
-        // Container for filters that define which source objects should be replicated.
+        // The priority associated with the rule. If you specify multiple rules in a
+        // replication configuration, Amazon S3 prioritizes the rules to prevent conflicts
+        // when filtering. If two or more rules identify the same object based on a
+        // specified filter, the rule with higher priority takes precedence. For example:
+        //
+        //    * Same object quality prefix based filter criteria If prefixes you specified
+        //    in multiple rules overlap
+        //
+        //    * Same object qualify tag based filter criteria specified in multiple
+        //    rules
+        //
+        // For more information, see Cross-Region Replication (CRR) ( https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html)
+        // in the Amazon S3 Developer Guide.
+        Priority *int64 `type:"integer"`
+
+        // A container that describes additional filters for identifying the source
+        // objects that you want to replicate. You can choose to enable or disable the
+        // replication of these objects. Currently, Amazon S3 supports only the filter
+        // that you can specify for objects created with server-side encryption using
+        // an AWS KMS-Managed Key (SSE-KMS).
+        //
+        // If you want Amazon S3 to replicate objects created with server-side encryption
+        // using AWS KMS-Managed Keys.
         SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"`
 
-        // The rule is ignored if status is not Enabled.
+        // If status isn't enabled, the rule is ignored.
         //
         // Status is a required field
         Status *string `type:"string" required:"true" enum:"ReplicationRuleStatus"`
@@ -19127,9 +21558,6 @@ func (s *ReplicationRule) Validate() error {
         if s.Destination == nil {
                 invalidParams.Add(request.NewErrParamRequired("Destination"))
         }
-        if s.Prefix == nil {
-                invalidParams.Add(request.NewErrParamRequired("Prefix"))
-        }
         if s.Status == nil {
                 invalidParams.Add(request.NewErrParamRequired("Status"))
         }
@@ -19138,6 +21566,11 @@ func (s *ReplicationRule) Validate() error {
                         invalidParams.AddNested("Destination", err.(request.ErrInvalidParams))
                 }
         }
+        if s.Filter != nil {
+                if err := s.Filter.Validate(); err != nil {
+                        invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
+                }
+        }
         if s.SourceSelectionCriteria != nil {
                 if err := s.SourceSelectionCriteria.Validate(); err != nil {
                         invalidParams.AddNested("SourceSelectionCriteria", err.(request.ErrInvalidParams))
@@ -19150,12 +21583,24 @@ func (s *ReplicationRule) Validate() error {
         return nil
 }
 
+// SetDeleteMarkerReplication sets the DeleteMarkerReplication field's value.
+func (s *ReplicationRule) SetDeleteMarkerReplication(v *DeleteMarkerReplication) *ReplicationRule {
+        s.DeleteMarkerReplication = v
+        return s
+}
+
 // SetDestination sets the Destination field's value.
 func (s *ReplicationRule) SetDestination(v *Destination) *ReplicationRule {
         s.Destination = v
         return s
 }
 
+// SetFilter sets the Filter field's value.
+func (s *ReplicationRule) SetFilter(v *ReplicationRuleFilter) *ReplicationRule {
+        s.Filter = v
+        return s
+}
+
 // SetID sets the ID field's value.
 func (s *ReplicationRule) SetID(v string) *ReplicationRule {
         s.ID = &v
@@ -19168,6 +21613,12 @@ func (s *ReplicationRule) SetPrefix(v string) *ReplicationRule {
         return s
 }
 
+// SetPriority sets the Priority field's value.
+func (s *ReplicationRule) SetPriority(v int64) *ReplicationRule {
+        s.Priority = &v
+        return s
+}
+
 // SetSourceSelectionCriteria sets the SourceSelectionCriteria field's value.
 func (s *ReplicationRule) SetSourceSelectionCriteria(v *SourceSelectionCriteria) *ReplicationRule {
         s.SourceSelectionCriteria = v
@@ -19180,6 +21631,130 @@ func (s *ReplicationRule) SetStatus(v string) *ReplicationRule {
         return s
 }
 
+type ReplicationRuleAndOperator struct {
+        _ struct{} `type:"structure"`
+
+        Prefix *string `type:"string"`
+
+        Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
+}
+
+// String returns the string representation
+func (s ReplicationRuleAndOperator) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ReplicationRuleAndOperator) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicationRuleAndOperator) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "ReplicationRuleAndOperator"}
+        if s.Tags != nil {
+                for i, v := range s.Tags {
+                        if v == nil {
+                                continue
+                        }
+                        if err := v.Validate(); err != nil {
+                                invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+                        }
+                }
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ReplicationRuleAndOperator) SetPrefix(v string) *ReplicationRuleAndOperator {
+        s.Prefix = &v
+        return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *ReplicationRuleAndOperator) SetTags(v []*Tag) *ReplicationRuleAndOperator {
+        s.Tags = v
+        return s
+}
+
+// A filter that identifies the subset of objects to which the replication rule
+// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
+type ReplicationRuleFilter struct {
+        _ struct{} `type:"structure"`
+
+        // A container for specifying rule filters. The filters determine the subset
+        // of objects to which the rule applies. This element is required only if you
+        // specify more than one filter. For example:
+        //
+        //    * If you specify both a Prefix and a Tag filter, wrap these filters in
+        //    an And tag.
+        //
+        //    * If you specify a filter based on multiple tags, wrap the Tag elements
+        //    in an And tag.
+        And *ReplicationRuleAndOperator `type:"structure"`
+
+        // An object keyname prefix that identifies the subset of objects to which the
+        // rule applies.
+        Prefix *string `type:"string"`
+
+        // A container for specifying a tag key and value.
+        //
+        // The rule applies only to objects that have the tag in their tag set.
+        Tag *Tag `type:"structure"`
+}
+
+// String returns the string representation
+func (s ReplicationRuleFilter) String() string {
+        return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ReplicationRuleFilter) GoString() string {
+        return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicationRuleFilter) Validate() error {
+        invalidParams := request.ErrInvalidParams{Context: "ReplicationRuleFilter"}
+        if s.And != nil {
+                if err := s.And.Validate(); err != nil {
+                        invalidParams.AddNested("And", err.(request.ErrInvalidParams))
+                }
+        }
+        if s.Tag != nil {
+                if err := s.Tag.Validate(); err != nil {
+                        invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
+                }
+        }
+
+        if invalidParams.Len() > 0 {
+                return invalidParams
+        }
+        return nil
+}
+
+// SetAnd sets the And field's value.
+func (s *ReplicationRuleFilter) SetAnd(v *ReplicationRuleAndOperator) *ReplicationRuleFilter {
+        s.And = v
+        return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ReplicationRuleFilter) SetPrefix(v string) *ReplicationRuleFilter {
+        s.Prefix = &v
+        return s
+}
+
+// SetTag sets the Tag field's value.
+func (s *ReplicationRuleFilter) SetTag(v *Tag) *ReplicationRuleFilter {
+        s.Tag = v
+        return s
+}
+
 type RequestPaymentConfiguration struct {
         _ struct{} `type:"structure"`
 
@@ -19279,6 +21854,9 @@ func (s *RestoreObjectInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -19484,7 +22062,7 @@ type RoutingRule struct {
 
         // Container for redirect information. You can redirect requests to another
         // host, to another page, or with another protocol. In the event of an error,
-        // you can can specify a different error code to return.
+        // you can specify a different error code to return.
         //
         // Redirect is a required field
         Redirect *Redirect `type:"structure" required:"true"`
@@ -19545,11 +22123,12 @@ type Rule struct {
         NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"`
 
         // Container for the transition rule that describes when noncurrent objects
-        // transition to the STANDARD_IA, ONEZONE_IA or GLACIER storage class. If your
-        // bucket is versioning-enabled (or versioning is suspended), you can set this
-        // action to request that Amazon S3 transition noncurrent object versions to
-        // the STANDARD_IA, ONEZONE_IA or GLACIER storage class at a specific period
-        // in the object's lifetime.
+        // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER or
+        // DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning
+        // is suspended), you can set this action to request that Amazon S3 transition
+        // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
+        // GLACIER or DEEP_ARCHIVE storage class at a specific period in the object's
+        // lifetime.
         NoncurrentVersionTransition *NoncurrentVersionTransition `type:"structure"`
 
         // Prefix identifying one or more objects to which the rule applies.
@@ -19640,7 +22219,7 @@ func (s *Rule) SetTransition(v *Transition) *Rule {
         return s
 }
 
-// Specifies the use of SSE-KMS to encrypt delievered Inventory reports.
+// Specifies the use of SSE-KMS to encrypt delivered Inventory reports.
 type SSEKMS struct {
         _ struct{} `locationName:"SSE-KMS" type:"structure"`
 
@@ -19648,7 +22227,7 @@ type SSEKMS struct {
         // key to use for encrypting Inventory reports.
         //
         // KeyId is a required field
-        KeyId *string `type:"string" required:"true"`
+        KeyId *string `type:"string" required:"true" sensitive:"true"`
 }
 
 // String returns the string representation
@@ -19680,7 +22259,7 @@ func (s *SSEKMS) SetKeyId(v string) *SSEKMS {
         return s
 }
 
-// Specifies the use of SSE-S3 to encrypt delievered Inventory reports.
+// Specifies the use of SSE-S3 to encrypt delivered Inventory reports.
 type SSES3 struct {
         _ struct{} `locationName:"SSE-S3" type:"structure"`
 }
@@ -19797,7 +22376,7 @@ type SelectObjectContentEventStreamReader interface {
         // HTTP this will also close the HTTP connection.
         Close() error
 
-        // Returns any error that has occured while reading from the event stream.
+        // Returns any error that has occurred while reading from the event stream.
         Err() error
 }
 
@@ -19917,15 +22496,15 @@ func (r *readSelectObjectContentEventStream) unmarshalerForEventType(
 
 // Request to filter the contents of an Amazon S3 object based on a simple Structured
 // Query Language (SQL) statement. In the request, along with the SQL expression,
-// you must also specify a data serialization format (JSON or CSV) of the object.
-// Amazon S3 uses this to parse object data into records, and returns only records
+// you must specify a data serialization format (JSON or CSV) of the object.
+// Amazon S3 uses this to parse object data into records. It returns only records
 // that match the specified SQL expression. You must also specify the data serialization
-// format for the response. For more information, go to S3Select API Documentation
-// (http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectSELECTContent.html).
+// format for the response. For more information, see S3Select API Documentation
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectSELECTContent.html).
 type SelectObjectContentInput struct {
         _ struct{} `locationName:"SelectObjectContentRequest" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
 
-        // The S3 Bucket.
+        // The S3 bucket.
         //
         // Bucket is a required field
         Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -19935,7 +22514,7 @@ type SelectObjectContentInput struct {
         // Expression is a required field
         Expression *string `type:"string" required:"true"`
 
-        // The type of the provided expression (e.g., SQL).
+        // The type of the provided expression (for example., SQL).
         //
         // ExpressionType is a required field
         ExpressionType *string `type:"string" required:"true" enum:"ExpressionType"`
@@ -19945,7 +22524,7 @@ type SelectObjectContentInput struct {
         // InputSerialization is a required field
         InputSerialization *InputSerialization `type:"structure" required:"true"`
 
-        // The Object Key.
+        // The object key.
         //
         // Key is a required field
         Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
@@ -19958,16 +22537,16 @@ type SelectObjectContentInput struct {
         // Specifies if periodic request progress information should be enabled.
         RequestProgress *RequestProgress `type:"structure"`
 
-        // The SSE Algorithm used to encrypt the object. For more information, go to
-        //  Server-Side Encryption (Using Customer-Provided Encryption Keys (http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
+        // The SSE Algorithm used to encrypt the object. For more information, see
+        // Server-Side Encryption (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
         SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
 
-        // The SSE Customer Key. For more information, go to  Server-Side Encryption
-        // (Using Customer-Provided Encryption Keys (http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
-        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string"`
+        // The SSE Customer Key. For more information, see  Server-Side Encryption (Using
+        // Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
+        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
-        // The SSE Customer Key MD5. For more information, go to  Server-Side Encryption
-        // (Using Customer-Provided Encryption Keys (http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
+        // The SSE Customer Key MD5. For more information, see  Server-Side Encryption
+        // (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
         SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
 }
 
@@ -19987,6 +22566,9 @@ func (s *SelectObjectContentInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Expression == nil {
                 invalidParams.Add(request.NewErrParamRequired("Expression"))
         }
@@ -20217,7 +22799,7 @@ type ServerSideEncryptionByDefault struct {
 
         // KMS master key ID to use for the default encryption. This parameter is allowed
         // if SSEAlgorithm is aws:kms.
-        KMSMasterKeyID *string `type:"string"`
+        KMSMasterKeyID *string `type:"string" sensitive:"true"`
 
         // Server-side encryption algorithm to use for the default encryption.
         //
@@ -20353,11 +22935,13 @@ func (s *ServerSideEncryptionRule) SetApplyServerSideEncryptionByDefault(v *Serv
         return s
 }
 
-// Container for filters that define which source objects should be replicated.
+// A container for filters that define which source objects should be replicated.
 type SourceSelectionCriteria struct {
         _ struct{} `type:"structure"`
 
-        // Container for filter information of selection of KMS Encrypted S3 objects.
+        // A container for filter information for the selection of S3 objects encrypted
+        // with AWS KMS. If you include SourceSelectionCriteria in the replication configuration,
+        // this element is required.
         SseKmsEncryptedObjects *SseKmsEncryptedObjects `type:"structure"`
 }
 
@@ -20392,12 +22976,13 @@ func (s *SourceSelectionCriteria) SetSseKmsEncryptedObjects(v *SseKmsEncryptedOb
         return s
 }
 
-// Container for filter information of selection of KMS Encrypted S3 objects.
+// A container for filter information for the selection of S3 objects encrypted
+// with AWS KMS.
 type SseKmsEncryptedObjects struct {
         _ struct{} `type:"structure"`
 
-        // The replication for KMS encrypted S3 objects is disabled if status is not
-        // Enabled.
+        // If the status is not Enabled, replication for S3 objects encrypted with AWS
+        // KMS is disabled.
         //
         // Status is a required field
         Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"`
@@ -20435,13 +23020,13 @@ func (s *SseKmsEncryptedObjects) SetStatus(v string) *SseKmsEncryptedObjects {
 type Stats struct {
         _ struct{} `type:"structure"`
 
-        // Total number of uncompressed object bytes processed.
+        // The total number of uncompressed object bytes processed.
         BytesProcessed *int64 `type:"long"`
 
-        // Total number of bytes of records payload data returned.
+        // The total number of bytes of records payload data returned.
         BytesReturned *int64 `type:"long"`
 
-        // Total number of object bytes scanned.
+        // The total number of object bytes scanned.
         BytesScanned *int64 `type:"long"`
 }
 
@@ -20756,25 +23341,26 @@ func (s *TargetGrant) SetPermission(v string) *TargetGrant {
         return s
 }
 
-// Container for specifying the configuration when you want Amazon S3 to publish
-// events to an Amazon Simple Notification Service (Amazon SNS) topic.
+// A container for specifying the configuration for publication of messages
+// to an Amazon Simple Notification Service (Amazon SNS) topic.when Amazon S3
+// detects specified events.
 type TopicConfiguration struct {
         _ struct{} `type:"structure"`
 
         // Events is a required field
         Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"`
 
-        // Container for object key name filtering rules. For information about key
-        // name filtering, go to Configuring Event Notifications (http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+        // A container for object key name filtering rules. For information about key
+        // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
         // in the Amazon Simple Storage Service Developer Guide.
         Filter *NotificationConfigurationFilter `type:"structure"`
 
-        // Optional unique identifier for configurations in a notification configuration.
+        // An optional unique identifier for configurations in a notification configuration.
         // If you don't provide one, Amazon S3 will assign an ID.
         Id *string `type:"string"`
 
-        // Amazon SNS topic ARN to which Amazon S3 will publish a message when it detects
-        // events of specified type.
+        // The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3
+        // will publish a message when it detects events of the specified type.
         //
         // TopicArn is a required field
         TopicArn *string `locationName:"Topic" type:"string" required:"true"`
@@ -20834,11 +23420,13 @@ type TopicConfigurationDeprecated struct {
         _ struct{} `type:"structure"`
 
         // Bucket event for which to send notifications.
+        //
+        // Deprecated: Event has been deprecated
         Event *string `deprecated:"true" type:"string" enum:"Event"`
 
         Events []*string `locationName:"Event" type:"list" flattened:"true"`
 
-        // Optional unique identifier for configurations in a notification configuration.
+        // An optional unique identifier for configurations in a notification configuration.
         // If you don't provide one, Amazon S3 will assign an ID.
         Id *string `type:"string"`
 
@@ -20953,7 +23541,7 @@ type UploadPartCopyInput struct {
         // the form bytes=first-last, where the first and last are the zero-based byte
         // offsets to copy. For example, bytes=0-9 indicates that you want to copy the
         // first ten bytes of the source. You can copy a range only if the source object
-        // is greater than 5 GB.
+        // is greater than 5 MB.
         CopySourceRange *string `location:"header" locationName:"x-amz-copy-source-range" type:"string"`
 
         // Specifies the algorithm to use when decrypting the source object (e.g., AES256).
@@ -20962,7 +23550,7 @@ type UploadPartCopyInput struct {
         // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
         // the source object. The encryption key provided in this header must be one
         // that was used when the source object was created.
-        CopySourceSSECustomerKey *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string"`
+        CopySourceSSECustomerKey *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
         // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
         // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -20993,7 +23581,7 @@ type UploadPartCopyInput struct {
         // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
         // header. This must be the same encryption key specified in the initiate multipart
         // upload request.
-        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string"`
+        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
         // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
         // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -21022,6 +23610,9 @@ func (s *UploadPartCopyInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.CopySource == nil {
                 invalidParams.Add(request.NewErrParamRequired("CopySource"))
         }
@@ -21192,7 +23783,7 @@ type UploadPartCopyOutput struct {
 
         // If present, specifies the ID of the AWS Key Management Service (KMS) master
         // encryption key that was used for the object.
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -21295,7 +23886,7 @@ type UploadPartInput struct {
         // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
         // header. This must be the same encryption key specified in the initiate multipart
         // upload request.
-        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string"`
+        SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
 
         // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
         // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -21324,6 +23915,9 @@ func (s *UploadPartInput) Validate() error {
         if s.Bucket == nil {
                 invalidParams.Add(request.NewErrParamRequired("Bucket"))
         }
+        if s.Bucket != nil && len(*s.Bucket) < 1 {
+                invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+        }
         if s.Key == nil {
                 invalidParams.Add(request.NewErrParamRequired("Key"))
         }
@@ -21445,7 +24039,7 @@ type UploadPartOutput struct {
 
         // If present, specifies the ID of the AWS Key Management Service (KMS) master
         // encryption key that was used for the object.
-        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string"`
+        SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
 
         // The Server-side encryption algorithm used when storing this object in S3
         // (e.g., AES256, aws:kms).
@@ -21705,6 +24299,14 @@ const (
         CompressionTypeBzip2 = "BZIP2"
 )
 
+const (
+        // DeleteMarkerReplicationStatusEnabled is a DeleteMarkerReplicationStatus enum value
+        DeleteMarkerReplicationStatusEnabled = "Enabled"
+
+        // DeleteMarkerReplicationStatusDisabled is a DeleteMarkerReplicationStatus enum value
+        DeleteMarkerReplicationStatusDisabled = "Disabled"
+)
+
 // Requests Amazon S3 to encode the object keys in the response and specifies
 // the encoding method to use. An object key may contain any Unicode character;
 // however, XML 1.0 parser cannot parse some characters, such as characters
@@ -21716,7 +24318,7 @@ const (
         EncodingTypeUrl = "url"
 )
 
-// Bucket event for which to send notifications.
+// The bucket event for which to send notifications.
 const (
         // EventS3ReducedRedundancyLostObject is a Event enum value
         EventS3ReducedRedundancyLostObject = "s3:ReducedRedundancyLostObject"
@@ -21744,6 +24346,12 @@ const (
 
         // EventS3ObjectRemovedDeleteMarkerCreated is a Event enum value
         EventS3ObjectRemovedDeleteMarkerCreated = "s3:ObjectRemoved:DeleteMarkerCreated"
+
+        // EventS3ObjectRestorePost is a Event enum value
+        EventS3ObjectRestorePost = "s3:ObjectRestore:Post"
+
+        // EventS3ObjectRestoreCompleted is a Event enum value
+        EventS3ObjectRestoreCompleted = "s3:ObjectRestore:Completed"
 )
 
 const (
@@ -21784,6 +24392,9 @@ const (
 
         // InventoryFormatOrc is a InventoryFormat enum value
         InventoryFormatOrc = "ORC"
+
+        // InventoryFormatParquet is a InventoryFormat enum value
+        InventoryFormatParquet = "Parquet"
 )
 
 const (
@@ -21823,6 +24434,15 @@ const (
 
         // InventoryOptionalFieldEncryptionStatus is a InventoryOptionalField enum value
         InventoryOptionalFieldEncryptionStatus = "EncryptionStatus"
+
+        // InventoryOptionalFieldObjectLockRetainUntilDate is a InventoryOptionalField enum value
+        InventoryOptionalFieldObjectLockRetainUntilDate = "ObjectLockRetainUntilDate"
+
+        // InventoryOptionalFieldObjectLockMode is a InventoryOptionalField enum value
+        InventoryOptionalFieldObjectLockMode = "ObjectLockMode"
+
+        // InventoryOptionalFieldObjectLockLegalHoldStatus is a InventoryOptionalField enum value
+        InventoryOptionalFieldObjectLockLegalHoldStatus = "ObjectLockLegalHoldStatus"
 )
 
 const (
@@ -21881,6 +24501,35 @@ const (
 )
 
 const (
+        // ObjectLockEnabledEnabled is a ObjectLockEnabled enum value
+        ObjectLockEnabledEnabled = "Enabled"
+)
+
+const (
+        // ObjectLockLegalHoldStatusOn is a ObjectLockLegalHoldStatus enum value
+        ObjectLockLegalHoldStatusOn = "ON"
+
+        // ObjectLockLegalHoldStatusOff is a ObjectLockLegalHoldStatus enum value
+        ObjectLockLegalHoldStatusOff = "OFF"
+)
+
+const (
+        // ObjectLockModeGovernance is a ObjectLockMode enum value
+        ObjectLockModeGovernance = "GOVERNANCE"
+
+        // ObjectLockModeCompliance is a ObjectLockMode enum value
+        ObjectLockModeCompliance = "COMPLIANCE"
+)
+
+const (
+        // ObjectLockRetentionModeGovernance is a ObjectLockRetentionMode enum value
+        ObjectLockRetentionModeGovernance = "GOVERNANCE"
+
+        // ObjectLockRetentionModeCompliance is a ObjectLockRetentionMode enum value
+        ObjectLockRetentionModeCompliance = "COMPLIANCE"
+)
+
+const (
         // ObjectStorageClassStandard is a ObjectStorageClass enum value
         ObjectStorageClassStandard = "STANDARD"
 
@@ -21895,6 +24544,12 @@ const (
 
         // ObjectStorageClassOnezoneIa is a ObjectStorageClass enum value
         ObjectStorageClassOnezoneIa = "ONEZONE_IA"
+
+        // ObjectStorageClassIntelligentTiering is a ObjectStorageClass enum value
+        ObjectStorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+        // ObjectStorageClassDeepArchive is a ObjectStorageClass enum value
+        ObjectStorageClassDeepArchive = "DEEP_ARCHIVE"
 )
 
 const (
@@ -22019,6 +24674,15 @@ const (
 
         // StorageClassOnezoneIa is a StorageClass enum value
         StorageClassOnezoneIa = "ONEZONE_IA"
+
+        // StorageClassIntelligentTiering is a StorageClass enum value
+        StorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+        // StorageClassGlacier is a StorageClass enum value
+        StorageClassGlacier = "GLACIER"
+
+        // StorageClassDeepArchive is a StorageClass enum value
+        StorageClassDeepArchive = "DEEP_ARCHIVE"
 )
 
 const (
@@ -22054,6 +24718,12 @@ const (
 
         // TransitionStorageClassOnezoneIa is a TransitionStorageClass enum value
         TransitionStorageClassOnezoneIa = "ONEZONE_IA"
+
+        // TransitionStorageClassIntelligentTiering is a TransitionStorageClass enum value
+        TransitionStorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+        // TransitionStorageClassDeepArchive is a TransitionStorageClass enum value
+        TransitionStorageClassDeepArchive = "DEEP_ARCHIVE"
 )
 
 const (
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
index a55beab..95f2456 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
@@ -3,6 +3,7 @@ package s3
 import (
         "github.com/aws/aws-sdk-go/aws/client"
         "github.com/aws/aws-sdk-go/aws/request"
+        "github.com/aws/aws-sdk-go/internal/s3err"
 )
 
 func init() {
@@ -21,6 +22,7 @@ func defaultInitClientFn(c *client.Client) {
         // S3 uses custom error unmarshaling logic
         c.Handlers.UnmarshalError.Clear()
         c.Handlers.UnmarshalError.PushBack(unmarshalError)
+        c.Handlers.UnmarshalError.PushBackNamed(s3err.RequestFailureWrapperHandler())
 }
 
 func defaultInitRequestFn(r *request.Request) {
@@ -31,6 +33,7 @@ func defaultInitRequestFn(r *request.Request) {
         switch r.Operation.Name {
         case opPutBucketCors, opPutBucketLifecycle, opPutBucketPolicy,
                 opPutBucketTagging, opDeleteObjects, opPutBucketLifecycleConfiguration,
+                opPutObjectLegalHold, opPutObjectRetention, opPutObjectLockConfiguration,
                 opPutBucketReplication:
                 // These S3 operations require Content-MD5 to be set
                 r.Handlers.Build.PushBack(contentMD5)
@@ -42,6 +45,7 @@ func defaultInitRequestFn(r *request.Request) {
                 r.Handlers.Validate.PushFront(populateLocationConstraint)
         case opCopyObject, opUploadPartCopy, opCompleteMultipartUpload:
                 r.Handlers.Unmarshal.PushFront(copyMultipartStatusOKUnmarhsalError)
+                r.Handlers.Unmarshal.PushBackNamed(s3err.RequestFailureWrapperHandler())
         case opPutObject, opUploadPart:
                 r.Handlers.Build.PushBack(computeBodyHashes)
                 // Disabled until #1837 root issue is resolved.
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
index 20de53f..d17dcc9 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
@@ -67,7 +67,9 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
         }
 
         // Handlers
-        svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+        svc.Handlers.Sign.PushBackNamed(v4.BuildNamedHandler(v4.SignRequestHandler.Name, func(s *v4.Signer) {
+                s.DisableURIPathEscaping = true
+        }))
         svc.Handlers.Build.PushBackNamed(restxml.BuildHandler)
         svc.Handlers.Unmarshal.PushBackNamed(restxml.UnmarshalHandler)
         svc.Handlers.UnmarshalMeta.PushBackNamed(restxml.UnmarshalMetaHandler)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
index 9f33efc..fde3050 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
@@ -13,7 +13,11 @@ import (
 func copyMultipartStatusOKUnmarhsalError(r *request.Request) {
         b, err := ioutil.ReadAll(r.HTTPResponse.Body)
         if err != nil {
-                r.Error = awserr.New("SerializationError", "unable to read response body", err)
+                r.Error = awserr.NewRequestFailure(
+                        awserr.New("SerializationError", "unable to read response body", err),
+                        r.HTTPResponse.StatusCode,
+                        r.RequestID,
+                )
                 return
         }
         body := bytes.NewReader(b)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
index bcca862..1db7e13 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
@@ -23,22 +23,22 @@ func unmarshalError(r *request.Request) {
         defer r.HTTPResponse.Body.Close()
         defer io.Copy(ioutil.Discard, r.HTTPResponse.Body)
 
-        hostID := r.HTTPResponse.Header.Get("X-Amz-Id-2")
-
         // Bucket exists in a different region, and request needs
         // to be made to the correct region.
         if r.HTTPResponse.StatusCode == http.StatusMovedPermanently {
-                r.Error = requestFailure{
-                        RequestFailure: awserr.NewRequestFailure(
-                                awserr.New("BucketRegionError",
-                                        fmt.Sprintf("incorrect region, the bucket is not in '%s' region",
-                                                aws.StringValue(r.Config.Region)),
-                                        nil),
-                                r.HTTPResponse.StatusCode,
-                                r.RequestID,
-                        ),
-                        hostID: hostID,
+                msg := fmt.Sprintf(
+                        "incorrect region, the bucket is not in '%s' region at endpoint '%s'",
+                        aws.StringValue(r.Config.Region),
+                        aws.StringValue(r.Config.Endpoint),
+                )
+                if v := r.HTTPResponse.Header.Get("x-amz-bucket-region"); len(v) != 0 {
+                        msg += fmt.Sprintf(", bucket is in '%s' region", v)
                 }
+                r.Error = awserr.NewRequestFailure(
+                        awserr.New("BucketRegionError", msg, nil),
+                        r.HTTPResponse.StatusCode,
+                        r.RequestID,
+                )
                 return
         }
 
@@ -63,14 +63,11 @@ func unmarshalError(r *request.Request) {
                 errMsg = statusText
         }
 
-        r.Error = requestFailure{
-                RequestFailure: awserr.NewRequestFailure(
-                        awserr.New(errCode, errMsg, err),
-                        r.HTTPResponse.StatusCode,
-                        r.RequestID,
-                ),
-                hostID: hostID,
-        }
+        r.Error = awserr.NewRequestFailure(
+                awserr.New(errCode, errMsg, err),
+                r.HTTPResponse.StatusCode,
+                r.RequestID,
+        )
 }
 
 // A RequestFailure provides access to the S3 Request ID and Host ID values
@@ -83,21 +80,3 @@ type RequestFailure interface {
         // Host ID is the S3 Host ID needed for debug, and contacting support
         HostID() string
 }
-
-type requestFailure struct {
-        awserr.RequestFailure
-
-        hostID string
-}
-
-func (r requestFailure) Error() string {
-        extra := fmt.Sprintf("status code: %d, request id: %s, host id: %s",
-                r.StatusCode(), r.RequestID(), r.hostID)
-        return awserr.SprintError(r.Code(), r.Message(), extra, r.OrigErr())
-}
-func (r requestFailure) String() string {
-        return r.Error()
-}
-func (r requestFailure) HostID() string {
-        return r.hostID
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
index 6f89a79..8113089 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@@ -7,6 +7,7 @@ import (
 
         "github.com/aws/aws-sdk-go/aws"
         "github.com/aws/aws-sdk-go/aws/awsutil"
+        "github.com/aws/aws-sdk-go/aws/credentials"
         "github.com/aws/aws-sdk-go/aws/request"
 )
 
@@ -15,7 +16,7 @@ const opAssumeRole = "AssumeRole"
 // AssumeRoleRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRole operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -209,7 +210,7 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
 // AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithSAML operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -243,6 +244,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 
         output = &AssumeRoleWithSAMLOutput{}
         req = c.newRequest(op, input, output)
+        req.Config.Credentials = credentials.AnonymousCredentials
         return
 }
 
@@ -391,7 +393,7 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
 // AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithWebIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -425,6 +427,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 
         output = &AssumeRoleWithWebIdentityOutput{}
         req = c.newRequest(op, input, output)
+        req.Config.Credentials = credentials.AnonymousCredentials
         return
 }
 
@@ -602,7 +605,7 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
 // DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
 // client's request for the DecodeAuthorizationMessage operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -714,7 +717,7 @@ const opGetCallerIdentity = "GetCallerIdentity"
 // GetCallerIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the GetCallerIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -789,7 +792,7 @@ const opGetFederationToken = "GetFederationToken"
 // GetFederationTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetFederationToken operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -958,7 +961,7 @@ const opGetSessionToken = "GetSessionToken"
 // GetSessionTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetSessionToken operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
deleted file mode 100644
index 4010cc7..0000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package sts
-
-import "github.com/aws/aws-sdk-go/aws/request"
-
-func init() {
-        initRequest = func(r *request.Request) {
-                switch r.Operation.Name {
-                case opAssumeRoleWithSAML, opAssumeRoleWithWebIdentity:
-                        r.Handlers.Sign.Clear() // these operations are unsigned
-                }
-        }
-}