1 files changed, 175 insertions, 142 deletions
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
index e5c105f..6f89a79 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@@ -14,19 +14,18 @@ const opAssumeRole = "AssumeRole"
 // AssumeRoleRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRole operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request completes
-// is called.
+// successfuly.
 //
-// See AssumeRole for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See AssumeRole for more information on using the AssumeRole
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the AssumeRole method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the AssumeRoleRequest method.
 //    req, resp := client.AssumeRoleRequest(params)
@@ -36,7 +35,7 @@ const opAssumeRole = "AssumeRole"
 //        fmt.Println(resp)
 //    }
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
 func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, output *AssumeRoleOutput) {
        op := &request.Operation{
                Name:       opAssumeRole,
@@ -89,9 +88,18 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // Scenarios for Temporary Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#sts-introduction)
 // in the IAM User Guide.
 //
-// The temporary security credentials are valid for the duration that you specified
+// By default, the temporary security credentials created by AssumeRole last
-// when calling AssumeRole, which can be from 900 seconds (15 minutes) to a
+// for one hour. However, you can use the optional DurationSeconds parameter
-// maximum of 3600 seconds (1 hour). The default is 1 hour.
+// to specify the duration of your session. You can provide a value from 900
+// seconds (15 minutes) up to the maximum session duration setting for the role.
+// This setting can have a value from 1 hour to 12 hours. To learn how to view
+// the maximum value for your role, see View the Maximum Session Duration Setting
+// for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI operations but
+// does not apply when you use those operations to create a console URL. For
+// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide.
 //
 // The temporary security credentials created by AssumeRole can be used to make
 // API calls to any AWS service with the following exception: you cannot call
@@ -122,7 +130,12 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // the user to call AssumeRole on the ARN of the role in the other account.
 // If the user is in the same account as the role, then you can either attach
 // a policy to the user (identical to the previous different account user),
-// or you can add the user as a principal directly in the role's trust policy
+// or you can add the user as a principal directly in the role's trust policy.
+// In this case, the trust policy acts as the only resource-based policy in
+// IAM, and users in the same account as the role do not need explicit permission
+// to assume the role. For more information about trust policies and resource-based
+// policies, see IAM Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
+// in the IAM User Guide.
 //
 // Using MFA with AssumeRole
 //
@@ -169,7 +182,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
 func (c *STS) AssumeRole(input *AssumeRoleInput) (*AssumeRoleOutput, error) {
        req, out := c.AssumeRoleRequest(input)
        return out, req.Send()
@@ -195,19 +208,18 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
 // AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithSAML operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request completes
-// is called.
+// successfuly.
 //
-// See AssumeRoleWithSAML for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See AssumeRoleWithSAML for more information on using the AssumeRoleWithSAML
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the AssumeRoleWithSAML method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the AssumeRoleWithSAMLRequest method.
 //    req, resp := client.AssumeRoleWithSAMLRequest(params)
@@ -217,7 +229,7 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
 //        fmt.Println(resp)
 //    }
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
 func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *request.Request, output *AssumeRoleWithSAMLOutput) {
        op := &request.Operation{
                Name:       opAssumeRoleWithSAML,
@@ -249,11 +261,20 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // an access key ID, a secret access key, and a security token. Applications
 // can use these temporary security credentials to sign calls to AWS services.
 //
-// The temporary security credentials are valid for the duration that you specified
+// By default, the temporary security credentials created by AssumeRoleWithSAML
-// when calling AssumeRole, or until the time specified in the SAML authentication
+// last for one hour. However, you can use the optional DurationSeconds parameter
-// response's SessionNotOnOrAfter value, whichever is shorter. The duration
+// to specify the duration of your session. Your role session lasts for the
-// can be from 900 seconds (15 minutes) to a maximum of 3600 seconds (1 hour).
+// duration that you specify, or until the time specified in the SAML authentication
-// The default is 1 hour.
+// response's SessionNotOnOrAfter value, whichever is shorter. You can provide
+// a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
+// duration setting for the role. This setting can have a value from 1 hour
+// to 12 hours. To learn how to view the maximum value for your role, see View
+// the Maximum Session Duration Setting for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI operations but
+// does not apply when you use those operations to create a console URL. For
+// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide.
 //
 // The temporary security credentials created by AssumeRoleWithSAML can be used
 // to make API calls to any AWS service with the following exception: you cannot
@@ -343,7 +364,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
 func (c *STS) AssumeRoleWithSAML(input *AssumeRoleWithSAMLInput) (*AssumeRoleWithSAMLOutput, error) {
        req, out := c.AssumeRoleWithSAMLRequest(input)
        return out, req.Send()
@@ -369,19 +390,18 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
 // AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithWebIdentity operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request completes
-// is called.
+// successfuly.
 //
-// See AssumeRoleWithWebIdentity for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See AssumeRoleWithWebIdentity for more information on using the AssumeRoleWithWebIdentity
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the AssumeRoleWithWebIdentity method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the AssumeRoleWithWebIdentityRequest method.
 //    req, resp := client.AssumeRoleWithWebIdentityRequest(params)
@@ -391,7 +411,7 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
 //        fmt.Println(resp)
 //    }
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
 func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityInput) (req *request.Request, output *AssumeRoleWithWebIdentityOutput) {
        op := &request.Operation{
                Name:       opAssumeRoleWithWebIdentity,
@@ -441,9 +461,18 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // key ID, a secret access key, and a security token. Applications can use these
 // temporary security credentials to sign calls to AWS service APIs.
 //
-// The credentials are valid for the duration that you specified when calling
+// By default, the temporary security credentials created by AssumeRoleWithWebIdentity
-// AssumeRoleWithWebIdentity, which can be from 900 seconds (15 minutes) to
+// last for one hour. However, you can use the optional DurationSeconds parameter
-// a maximum of 3600 seconds (1 hour). The default is 1 hour.
+// to specify the duration of your session. You can provide a value from 900
+// seconds (15 minutes) up to the maximum session duration setting for the role.
+// This setting can have a value from 1 hour to 12 hours. To learn how to view
+// the maximum value for your role, see View the Maximum Session Duration Setting
+// for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI operations but
+// does not apply when you use those operations to create a console URL. For
+// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide.
 //
 // The temporary security credentials created by AssumeRoleWithWebIdentity can
 // be used to make API calls to any AWS service with the following exception:
@@ -495,7 +524,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 //    the information from these providers to get and use temporary security
 //    credentials.
 //
-//    * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/4617974389850313).
+//    * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
 //    This article discusses web identity federation and shows an example of
 //    how to use web identity federation to get access to content in Amazon
 //    S3.
@@ -546,7 +575,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
 func (c *STS) AssumeRoleWithWebIdentity(input *AssumeRoleWithWebIdentityInput) (*AssumeRoleWithWebIdentityOutput, error) {
        req, out := c.AssumeRoleWithWebIdentityRequest(input)
        return out, req.Send()
@@ -572,19 +601,18 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
 // DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
 // client's request for the DecodeAuthorizationMessage operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request completes
-// is called.
+// successfuly.
 //
-// See DecodeAuthorizationMessage for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See DecodeAuthorizationMessage for more information on using the DecodeAuthorizationMessage
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the DecodeAuthorizationMessage method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the DecodeAuthorizationMessageRequest method.
 //    req, resp := client.DecodeAuthorizationMessageRequest(params)
@@ -594,7 +622,7 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
 //        fmt.Println(resp)
 //    }
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
 func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessageInput) (req *request.Request, output *DecodeAuthorizationMessageOutput) {
        op := &request.Operation{
                Name:       opDecodeAuthorizationMessage,
@@ -659,7 +687,7 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
 //   invalid. This can happen if the token contains invalid characters, such as
 //   linebreaks.
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
 func (c *STS) DecodeAuthorizationMessage(input *DecodeAuthorizationMessageInput) (*DecodeAuthorizationMessageOutput, error) {
        req, out := c.DecodeAuthorizationMessageRequest(input)
        return out, req.Send()
@@ -685,19 +713,18 @@ const opGetCallerIdentity = "GetCallerIdentity"
 // GetCallerIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the GetCallerIdentity operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request completes
-// is called.
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// See GetCallerIdentity for usage and error information.
+// See GetCallerIdentity for more information on using the GetCallerIdentity
+// API call, and error handling.
 //
-// Creating a request object using this method should be used when you want to inject
+// This method is useful when you want to inject custom logic or configuration
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-// access properties on the request object before or after sending the request. If
-// you just want the service response, call the GetCallerIdentity method directly
-// instead.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the GetCallerIdentityRequest method.
 //    req, resp := client.GetCallerIdentityRequest(params)
@@ -707,7 +734,7 @@ const opGetCallerIdentity = "GetCallerIdentity"
 //        fmt.Println(resp)
 //    }
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
 func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *request.Request, output *GetCallerIdentityOutput) {
        op := &request.Operation{
                Name:       opGetCallerIdentity,
@@ -735,7 +762,7 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
 //
 // See the AWS API reference guide for AWS Security Token Service's
 // API operation GetCallerIdentity for usage and error information.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
 func (c *STS) GetCallerIdentity(input *GetCallerIdentityInput) (*GetCallerIdentityOutput, error) {
        req, out := c.GetCallerIdentityRequest(input)
        return out, req.Send()
@@ -761,19 +788,18 @@ const opGetFederationToken = "GetFederationToken"
 // GetFederationTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetFederationToken operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request completes
-// is called.
+// successfuly.
 //
-// See GetFederationToken for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
+// See GetFederationToken for more information on using the GetFederationToken
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// API call, and error handling.
-// access properties on the request object before or after sending the request. If
+//
-// you just want the service response, call the GetFederationToken method directly
+// This method is useful when you want to inject custom logic or configuration
-// instead.
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the GetFederationTokenRequest method.
 //    req, resp := client.GetFederationTokenRequest(params)
@@ -783,7 +809,7 @@ const opGetFederationToken = "GetFederationToken"
 //        fmt.Println(resp)
 //    }
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
 func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *request.Request, output *GetFederationTokenOutput) {
        op := &request.Operation{
                Name:       opGetFederationToken,
@@ -905,7 +931,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
 func (c *STS) GetFederationToken(input *GetFederationTokenInput) (*GetFederationTokenOutput, error) {
        req, out := c.GetFederationTokenRequest(input)
        return out, req.Send()
@@ -931,19 +957,18 @@ const opGetSessionToken = "GetSessionToken"
 // GetSessionTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetSessionToken operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
+// value will be populated with the request's response once the request completes
-// is called.
+// successfuly.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// See GetSessionToken for usage and error information.
+// See GetSessionToken for more information on using the GetSessionToken
+// API call, and error handling.
 //
-// Creating a request object using this method should be used when you want to inject
+// This method is useful when you want to inject custom logic or configuration
-// custom logic into the request's lifecycle using a custom handler, or if you want to
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-// access properties on the request object before or after sending the request. If
-// you just want the service response, call the GetSessionToken method directly
-// instead.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the GetSessionTokenRequest method.
 //    req, resp := client.GetSessionTokenRequest(params)
@@ -953,7 +978,7 @@ const opGetSessionToken = "GetSessionToken"
 //        fmt.Println(resp)
 //    }
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
 func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.Request, output *GetSessionTokenOutput) {
        op := &request.Operation{
                Name:       opGetSessionToken,
@@ -1034,7 +1059,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
 func (c *STS) GetSessionToken(input *GetSessionTokenInput) (*GetSessionTokenOutput, error) {
        req, out := c.GetSessionTokenRequest(input)
        return out, req.Send()
@@ -1056,20 +1081,27 @@ func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionToken
        return out, req.Send()
 }
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest
 type AssumeRoleInput struct {
        _ struct{} `type:"structure"`
        // The duration, in seconds, of the role session. The value can range from 900
-        // seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set
+        // seconds (15 minutes) up to the maximum session duration setting for the role.
-        // to 3600 seconds.
+        // This setting can have a value from 1 hour to 12 hours. If you specify a value
+        // higher than this setting, the operation fails. For example, if you specify
+        // a session duration of 12 hours, but your administrator set the maximum session
+        // duration to 6 hours, your operation fails. To learn how to view the maximum
+        // value for your role, see View the Maximum Session Duration Setting for a
+        // Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+        // in the IAM User Guide.
        //
-        // This is separate from the duration of a console session that you might request
+        // By default, the value is set to 3600 seconds.
-        // using the returned credentials. The request to the federation endpoint for
+        //
-        // a console sign-in token takes a SessionDuration parameter that specifies
+        // The DurationSeconds parameter is separate from the duration of a console
-        // the maximum length of the console session, separately from the DurationSeconds
+        // session that you might request using the returned credentials. The request
-        // parameter on this API. For more information, see Creating a URL that Enables
+        // to the federation endpoint for a console sign-in token takes a SessionDuration
-        // Federated Users to Access the AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+        // parameter that specifies the maximum length of the console session. For more
+        // information, see Creating a URL that Enables Federated Users to Access the
+        // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
        // in the IAM User Guide.
        DurationSeconds *int64 `min:"900" type:"integer"`
@@ -1248,7 +1280,6 @@ func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput {
 // Contains the response to a successful AssumeRole request, including temporary
 // AWS credentials that can be used to make AWS requests.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleResponse
 type AssumeRoleOutput struct {
        _ struct{} `type:"structure"`
@@ -1302,22 +1333,30 @@ func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput {
        return s
 }
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLRequest
 type AssumeRoleWithSAMLInput struct {
        _ struct{} `type:"structure"`
-        // The duration, in seconds, of the role session. The value can range from 900
+        // The duration, in seconds, of the role session. Your role session lasts for
-        // seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set
+        // the duration that you specify for the DurationSeconds parameter, or until
-        // to 3600 seconds. An expiration can also be specified in the SAML authentication
+        // the time specified in the SAML authentication response's SessionNotOnOrAfter
-        // response's SessionNotOnOrAfter value. The actual expiration time is whichever
+        // value, whichever is shorter. You can provide a DurationSeconds value from
-        // value is shorter.
+        // 900 seconds (15 minutes) up to the maximum session duration setting for the
+        // role. This setting can have a value from 1 hour to 12 hours. If you specify
+        // a value higher than this setting, the operation fails. For example, if you
+        // specify a session duration of 12 hours, but your administrator set the maximum
+        // session duration to 6 hours, your operation fails. To learn how to view the
+        // maximum value for your role, see View the Maximum Session Duration Setting
+        // for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+        // in the IAM User Guide.
+        //
+        // By default, the value is set to 3600 seconds.
        //
-        // This is separate from the duration of a console session that you might request
+        // The DurationSeconds parameter is separate from the duration of a console
-        // using the returned credentials. The request to the federation endpoint for
+        // session that you might request using the returned credentials. The request
-        // a console sign-in token takes a SessionDuration parameter that specifies
+        // to the federation endpoint for a console sign-in token takes a SessionDuration
-        // the maximum length of the console session, separately from the DurationSeconds
+        // parameter that specifies the maximum length of the console session. For more
-        // parameter on this API. For more information, see Enabling SAML 2.0 Federated
+        // information, see Creating a URL that Enables Federated Users to Access the
-        // Users to Access the AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html)
+        // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
        // in the IAM User Guide.
        DurationSeconds *int64 `min:"900" type:"integer"`
@@ -1443,7 +1482,6 @@ func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAML
 // Contains the response to a successful AssumeRoleWithSAML request, including
 // temporary AWS credentials that can be used to make AWS requests.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLResponse
 type AssumeRoleWithSAMLOutput struct {
        _ struct{} `type:"structure"`
@@ -1555,20 +1593,27 @@ func (s *AssumeRoleWithSAMLOutput) SetSubjectType(v string) *AssumeRoleWithSAMLO
        return s
 }
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityRequest
 type AssumeRoleWithWebIdentityInput struct {
        _ struct{} `type:"structure"`
        // The duration, in seconds, of the role session. The value can range from 900
-        // seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set
+        // seconds (15 minutes) up to the maximum session duration setting for the role.
-        // to 3600 seconds.
+        // This setting can have a value from 1 hour to 12 hours. If you specify a value
+        // higher than this setting, the operation fails. For example, if you specify
+        // a session duration of 12 hours, but your administrator set the maximum session
+        // duration to 6 hours, your operation fails. To learn how to view the maximum
+        // value for your role, see View the Maximum Session Duration Setting for a
+        // Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+        // in the IAM User Guide.
+        //
+        // By default, the value is set to 3600 seconds.
        //
-        // This is separate from the duration of a console session that you might request
+        // The DurationSeconds parameter is separate from the duration of a console
-        // using the returned credentials. The request to the federation endpoint for
+        // session that you might request using the returned credentials. The request
-        // a console sign-in token takes a SessionDuration parameter that specifies
+        // to the federation endpoint for a console sign-in token takes a SessionDuration
-        // the maximum length of the console session, separately from the DurationSeconds
+        // parameter that specifies the maximum length of the console session. For more
-        // parameter on this API. For more information, see Creating a URL that Enables
+        // information, see Creating a URL that Enables Federated Users to Access the
-        // Federated Users to Access the AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+        // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
        // in the IAM User Guide.
        DurationSeconds *int64 `min:"900" type:"integer"`
@@ -1718,7 +1763,6 @@ func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRo
 // Contains the response to a successful AssumeRoleWithWebIdentity request,
 // including temporary AWS credentials that can be used to make AWS requests.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityResponse
 type AssumeRoleWithWebIdentityOutput struct {
        _ struct{} `type:"structure"`
@@ -1811,7 +1855,6 @@ func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v strin
 // The identifiers for the temporary security credentials that the operation
 // returns.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser
 type AssumedRoleUser struct {
        _ struct{} `type:"structure"`
@@ -1854,7 +1897,6 @@ func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser {
 }
 // AWS credentials for API authentication.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Credentials
 type Credentials struct {
        _ struct{} `type:"structure"`
@@ -1866,7 +1908,7 @@ type Credentials struct {
        // The date on which the current credentials expire.
        //
        // Expiration is a required field
-        Expiration *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`
+        Expiration *time.Time `type:"timestamp" required:"true"`
        // The secret access key that can be used to sign requests.
        //
@@ -1913,7 +1955,6 @@ func (s *Credentials) SetSessionToken(v string) *Credentials {
        return s
 }
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageRequest
 type DecodeAuthorizationMessageInput struct {
        _ struct{} `type:"structure"`
@@ -1958,7 +1999,6 @@ func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAut
 // A document that contains additional information about the authorization status
 // of a request from an encoded message that is returned in response to an AWS
 // request.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse
 type DecodeAuthorizationMessageOutput struct {
        _ struct{} `type:"structure"`
@@ -1983,7 +2023,6 @@ func (s *DecodeAuthorizationMessageOutput) SetDecodedMessage(v string) *DecodeAu
 }
 // Identifiers for the federated user that is associated with the credentials.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/FederatedUser
 type FederatedUser struct {
        _ struct{} `type:"structure"`
@@ -2024,7 +2063,6 @@ func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser {
        return s
 }
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityRequest
 type GetCallerIdentityInput struct {
        _ struct{} `type:"structure"`
 }
@@ -2041,7 +2079,6 @@ func (s GetCallerIdentityInput) GoString() string {
 // Contains the response to a successful GetCallerIdentity request, including
 // information about the entity making the request.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityResponse
 type GetCallerIdentityOutput struct {
        _ struct{} `type:"structure"`
@@ -2087,7 +2124,6 @@ func (s *GetCallerIdentityOutput) SetUserId(v string) *GetCallerIdentityOutput {
        return s
 }
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest
 type GetFederationTokenInput struct {
        _ struct{} `type:"structure"`
@@ -2196,7 +2232,6 @@ func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput {
 // Contains the response to a successful GetFederationToken request, including
 // temporary AWS credentials that can be used to make AWS requests.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenResponse
 type GetFederationTokenOutput struct {
        _ struct{} `type:"structure"`
@@ -2249,7 +2284,6 @@ func (s *GetFederationTokenOutput) SetPackedPolicySize(v int64) *GetFederationTo
        return s
 }
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenRequest
 type GetSessionTokenInput struct {
        _ struct{} `type:"structure"`
@@ -2334,7 +2368,6 @@ func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput {
 // Contains the response to a successful GetSessionToken request, including
 // temporary AWS credentials that can be used to make AWS requests.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenResponse
 type GetSessionTokenOutput struct {
        _ struct{} `type:"structure"`